manualshive.com logo in svg

Siemens SCALANCE W1750D CLI, Function Manual

Share
Download
Siemens SCALANCE W1750D CLI Function Manual Download Page 164

CLI Commands 

 

4.9 I 

 

SCALANCE W1750D CLI 

164

 

Function Manual, 03/2019, C79000-G8976-C452-04 

Parameter 

Description 

Range 

Default 

detect-malformed-

htie

 

Enables detection of malformed HT infor-

mation elements. 

— 

— 

detect-malformed-

large- duration

 

Enables detection of unusually large dura-

tions in frames. 

— 

— 

detect-omerta-

attack

 

Enables detection of Omerta attack. 

— 

— 

detect-overflow-

eapol-key

 

Enables detection of overflow EAPOL key 

requests. 

— 

— 

detect-overflow-ie

 

Enables detection of overflow Information 

Elements. 

— 

— 

detect-power-save-

dos- attack

 

Enables detection of Power Save DoS at-

tack. 

— 

— 

detect-rate-

anomalies

 

Enables detection of rate anomalies. 

— 

— 

detect-rts-rate-

anomaly

 

Enables detection of RTS rate anomaly. 

— 

— 

detect-tkip-replay-

attack

 

Enables detection of TKIP replay attack. 

— 

— 

detect-unencrypted-

valid

 

Enables detection of unencrypted valid 

clients. 

— 

— 

detect-valid- cli-

entmisassociation

 

Enables detection of misassociation be-

tween a valid client and an unsafe AP. This 

setting can detect the following misassocia-

tion types: 

 

MisassociationToRogueAP 

 

MisassociationToExternalAPl 

 

MisassociationToHoneypotAP 

 

MisassociationToAdhocAP 

 

MisassociationToHostedAP 

— 

— 

detect-valid-ssid-

misuse

 

Enables detection of interfering or Neighbor 

APs using valid or protected SSIDs. 

— 

— 

detect-windows-

bridge

 

Enables detection of Windows station bridg-

ing. 

— 

— 

detect-wireless-

bridge

 

Enables detection of wireless bridging. 

— 

— 

detect-wpa-ft-

attack

 

Enables or disables detection ofWPA FT 

attacks. 

— 

— 

infrastructure-

detection- level 

<type>

 

Sets the infrastructure detection level. 

off, low, me-

dium, high 

off 

infrastructure-

protection- level 

<type>

 

Sets the infrastructure protection level. 

off, low, me-

dium, high 

off 

protect-adhoc-

network

 

Enables protection from adhoc networks. 

When adhoc networks are detected, they 

are disabled using a denial of service attack 

— 

— 

protect-ap-

impersonation

 

Enables protection from AP impersonation 

attacks. When AP impersonation is detect-

ed, both the legitimate and impersonating 

AP are disabled using a denial of service 

attack. 

— 

— 

protect-ssid

 

Enables use of SSID by valid APs only. 

— 

— 

Summary of Contents for SCALANCE W1750D CLI

Page 1: ...______________ ___________________ ___________________ SIMATIC NET Industrial Wireless LAN SCALANCE W1750D CLI Function Manual 03 2019 C79000 G8976 C452 04 About this guide 1 Security recommendations 2 SCALANCE W CLI 3 CLI Commands 4 Appendix A A ...

Page 2: ...ion may be operated only by personnel qualified for the specific task in accordance with the relevant documentation in particular its warning notices and safety instructions Qualified personnel are those who based on their training and experience are capable of identifying risks and avoiding potential hazards when working with these products systems Proper use of Siemens products Note the followin...

Page 3: ...ttributes 29 4 1 4 aaa radius modifier 30 4 1 5 aaa test server 31 4 1 6 a ant pol 31 4 1 7 advanced zone 32 4 1 8 aeroscout rtls 33 4 1 9 airgroup 34 4 1 10 airgroupservice 36 4 1 11 airwave rtls 37 4 1 12 ale report interval 38 4 1 13 ale server 39 4 1 14 alg 40 4 1 15 allowed ap 41 4 1 16 allow new aps 42 4 1 17 a max clients 42 4 1 18 ams backup ip 43 4 1 19 ams identity 44 4 1 20 ams ip 45 4 ...

Page 4: ...y logging 77 4 3 13 commit 78 4 3 14 configure terminal 79 4 3 15 console 79 4 3 16 content filtering 80 4 3 17 convert aos ap 81 4 3 18 copy 82 4 3 19 custom_var 84 4 4 D 85 4 4 1 debug rtls logs 85 4 4 2 deny inter user bridging 85 4 4 3 deny local routing 86 4 4 4 device id 87 4 4 5 dhcp 88 4 4 6 disable prov ssid 89 4 4 7 disconnect user 89 4 4 8 dot 11a radio disable 90 4 4 9 dot 11g radio di...

Page 5: ...21 4 8 5 hotspot anqp 3 gpp profile 122 4 8 6 hotspot anqp domain name profile 123 4 8 7 hotspot anqp ip addr avail profile 124 4 8 8 hotspot anqp nai realm profile 126 4 8 9 hotspot anqp nwk auth profile 130 4 8 10 hotspot anqp roam cons profile 132 4 8 11 hotspot anqp venue name profile 133 4 8 12 hotspot h2qp conn cap profile 137 4 8 13 hotspot h2qp oper class profile 138 4 8 14 hotspot h2qp op...

Page 6: ...1 8 mgmt auth server 202 4 11 9 mgmt auth server load balancing 203 4 11 10 mgmt auth server local backup 204 4 11 11 mgmt user 205 4 11 12 mtu 206 4 12 N 207 4 12 1 name 207 4 12 2 ntp server 207 4 13 O 209 4 13 1 opendns 209 4 13 2 openflow server 210 4 13 3 organization 211 4 13 4 out of service hold on time 212 4 14 P 213 4 14 1 pcap 213 4 14 2 per ap ssid 214 4 14 3 per ap vlan 214 4 14 4 pin...

Page 7: ... ap association 283 4 16 22 show ap bss table 284 4 16 23 show ap cacert 286 4 16 24 show ap mesh cluster 288 4 16 25 show ap mpskcache 290 4 16 26 show ap checksum 291 4 16 27 show ap client match live 292 4 16 28 show ap client match history 293 4 16 29 show ap client match refused 294 4 16 30 show ap client match ssid table radio mac 296 4 16 31 show ap client match triggers 297 4 16 32 show ap...

Page 8: ...dio stats 356 4 16 67 show ap debug radius statistics 359 4 16 68 show ap debug rfc3576 radius statistics 360 4 16 69 show ap debug shaping table 362 4 16 70 show ap debug spanning tree 364 4 16 71 show ap debug stm config 365 4 16 72 show ap debug stm role 366 4 16 73 show ap debug stystem status 366 4 16 74 show ap debug tacas statistics 367 4 16 75 show ap dot11k beacon report 368 4 16 76 show ...

Page 9: ...config 475 4 16 121 show dhcpc opts 477 4 16 122 show dhcp 478 4 16 123 show distributed dhcp branch counts 480 4 16 124 show domain names 482 4 16 125 show dpi 482 4 16 126 show dpi error page urls 489 4 16 127 show dpi stats 490 4 16 128 show drt state 494 4 16 129 show election 495 4 16 130 show esl 497 4 16 131 show esl radio 497 4 16 132 show facebook 498 4 16 133 show fault 499 4 16 134 show...

Page 10: ...stem 540 4 16 173 show log upgrade 541 4 16 174 show log user 541 4 16 175 show log user debug 542 4 16 176 show log vpn tunnel primary 542 4 16 177 show log vpn tunnel backup 543 4 16 178 show log vpn tunnel 544 4 16 179 show log wireless 545 4 16 180 show memory 545 4 16 181 show mgmt user 547 4 16 182 show network 548 4 16 183 show network summary 550 4 16 184 show openflow 551 4 16 185 show op...

Page 11: ...ity 602 4 16 222 show user 604 4 16 223 show valid channels 605 4 16 224 show vlan 607 4 16 225 show version 607 4 16 226 show vpn 608 4 16 227 show vpn tunnels 611 4 16 228 show walled garden 612 4 16 229 show wifi uplink 613 4 16 230 show wired port 615 4 16 231 show wired port settings 617 4 16 232 show wispr config 619 4 16 233 show xml api server 620 4 16 234 sesimagotag esl channel 621 4 16 ...

Page 12: ...9 12 vpn reconnect user on failover 658 4 19 13 vpn reconnect time on failure 659 4 19 14 vpn preemption 660 4 19 15 vpn primary 660 4 20 W 662 4 20 1 wlan walled garden 662 4 20 2 web server 663 4 20 3 wlan captive portal 664 4 20 4 wlan ssid profile 667 4 20 5 wlan external captive portal 690 4 20 6 wlan auth server 693 4 20 7 wlan access rule 696 4 20 8 wifi1 mode 701 4 20 9 wificall dns patter...

Page 13: ...plement and continuously maintain a holistic state of the art industrial security concept Siemens products and solutions constitute one element of such a concept Customers are responsible for preventing unauthorized access to their plants systems machines and networks Such systems machines and components should only be connected to an enterprise network or the internet if and to the extent such a ...

Page 14: ...About this guide SCALANCE W1750D CLI 14 Function Manual 03 2019 C79000 G8976 C452 04 ...

Page 15: ...tions Keep the software up to date Check regularly for security updates of the product You will find information on this on the Internet pages Industrial Security https www siemens com industrialsecurity Inform yourself regularly about security advisories and bulletins published by Siemens ProductCERT https www siemens com cert en cert security advisories htm Only activate protocols that you reall...

Page 16: ...tes you require to set up HTTPS Hypertext Transfer Protocol Secured Socket Layer We strongly recommend that you create your own HTTPS certificates and make them available There are preset certificates and keys on the device The preset and automatically created HTTPS certificates are self signed We recommend that you use HTTPS certificates signed either by a reliable external or by an internal cert...

Page 17: ...h passwords HTTP HTTPS Telnet SSH SNTP NTP Use secure protocols when access to the device is not prevented by physical protection measures To prevent unauthorized access to the device or network take suitable protective measures against non secure protocols If you require non secure protocols and services operate the device only within a protected network area Restrict the services and protocols a...

Page 18: ... DHCP UDP 1067 Open Open No UDP 4011 Open Open No DTLS UDP 4433 Open Open Yes HTTP redirect 4343 TCP 80 Open Open No TCP 4343 Open Open Yes HTTPS TCP 4343 Open Open Yes TCP 443 Open Open Yes mDNS UDP 5353 Open Open No NTP UDP 123 Open Open No Proprietary UDP 8209 Open Open No UDP 8211 Open Open No Proprietary dTable UDP 8612 Open Open No RADIUS UDP 1616 Open Open No UDP 1892 Open Open No SNMPv1 UD...

Page 19: ...nce The privileged mode provides access to show clear ping traceroute and commit commands The configuration commands are available in the configuration config mode To move from privileged mode to the configuration mode enter the following command at the command prompt scalance configure terminal The configure terminal command allows you to enter the basic configuration mode and the command prompt ...

Page 20: ...ommand in the privileged mode scalance commit apply To apply the configuration changes to the cluster without saving the configuration use the following command in the privileged mode scalance commit apply no save To view the changes that are yet to be applied use the following command in the privileged mode scalance show uncommitted config To revert to the earlier configuration use the following ...

Page 21: ...sting configuration before adding or modifying the configuration details for sequence sensitive commands You can either delete an existing profile or remove a specific configuration by using the no commands The following table lists the sequence sensitive commands and the corresponding no command to remove the configuration Table 3 1 Sequence Sensitive Commands Sequence Sensitive Command Correspon...

Page 22: ...t the current running configuration only To save your configuration changes use the following command in the privileged Exec mode scalance write memory Commands that Reset the AP If you use the CLI to modify a currently provisioned radio profile the changes take place immediately A reboot of the AP is not required to apply the configuration changes Certain commands however automatically force AP t...

Page 23: ... key shortcuts press and hold the Ctrl button while you press a letter key Table 3 2 Line Editing Keys Key Effect Description Ctrl A Home Move the cursor to the beginning of the line Ctrl B or the left ar row Back Move the cursor one character left Ctrl D Delete Right Delete the character to the right of the cursor Ctrl E End Move the cursor to the end of the line Ctrl F or the right arrow Forward...

Page 24: ... 192 0 2 1 Netmask address For subnet addresses specify a subnet mask in dotted decimal notation for example 255 255 255 0 MAC address For any command that requires entry of a device s hardware ad dress use the hexadecimal format for example 00 05 4e 50 14 aa SSID A unique character string sometimes referred to as a network name consisting of no more than 32 characters The SSID is case sensitive f...

Page 25: ...ing at the system prompt exactly as shown followed by the IP address of the system to which ICMP echo packets are to be sent Do not type the angle brackets square brackets In the command syntax items enclosed in brackets are optional Do not type the brackets Item_A Item_B In the command examples single items within curled braces and separated by a vertical bar represent the available choices Enter...

Page 26: ... you will also find Project information Manuals FAQs downloads application examples etc Contacts Technical Forum The option submitting a support query https support industry siemens com My ww en requests Our service offer Right across our products and systems we provide numerous services that support you in every phase of the life of your machine or system from planning and implementation to commi...

Page 27: ...5 GHz channel The valid channels for a band are determined by the AP regulatory domain tx power Configures the specified transmission power values It also supports 0 1 dBm and negative values 51 dBm to 51 dBm Usage Guidelines Use this command to configure radio channels for the 5 GHz band for a specific AP Example The following example configures the 5 GHz radio channel scalance a channel 44 18 Co...

Page 28: ... interval Parameter Description Range Default interval The time interval at which the query must be sent The inter val is ranged in minutes 0 60 mins 15 mins Usage Guidelines Use this command to configure the time interval for sending out dns queries Example The following example shows the output of the aaa dns query interval command 20 4c 03 24 89 18 config aaa dns query interval 15 Command Infor...

Page 29: ...type date integer IP address or string date Adds a date attribute integer Adds an integer attribute ipaddr Adds an ip address attribute string Adds a date attribute vendor Optional Display attributes for a specific vendor name and vendor ID Usage Guidelines Add RADIUS attributes for use in SDRs Use the show aaa radius attributes command to display a list of the current RADIUS attributes recognized...

Page 30: ... aaa radius modifier command to display a list of RADIUS modifier profiles To create a RADIUS modifier profile with customized attributes use the aaa radius attributes command Example Example for Included attribute scalance md config aaa radius attributes add BW Area Code 18 integer vendor Boingo 22472 scalance md Radius Modifier Profile radmodifier1 include BW Area Code static 212 scalance md Rad...

Page 31: ... be run username username Username to use to test the authentication server password passwd Password to use to test the authentication server auth type type Authentication protocol type Use PAP as the authentication type Usage Guidelines This command verifies the status of RADIUS authentication between the AP and RADIUS or AAA server Example The following example shows the output of the aaa test s...

Page 32: ...d Mode All platforms Privileged EXEC mode 4 1 7 advanced zone Description This command is used to enable or disable the advanced zone feature that can configure up to 32 SSIDs Since the mapping method of the WLAN index and BSSID index are different when you change the advanced zone configuration the BSSID is removed and created again When advanced zone is enabled The WLAN SSID profile will remain ...

Page 33: ...erver to which the location reports are sent include unassoc sta Includes the client stations not associated to any AP when mobile unit reports are sent to the Aeroscout RTLS server Disabled no Removes the Aeroscout RTLS configuration Usage Guidelines This command allows you to integrate Aeroscout RTLS server with Scalance W by specifying the IP address and port number of the Aeroscout RTLS server...

Page 34: ...er will be discov ered by Bonjour or DLNA devices based on the ClearPass Policy Manager policy configured Enabled cppm query interval interval Configures a time interval at which Scal ance W sends a query to ClearPass Policy Manager for mapping the access privileges of each device to the available services 1 24 10 hours cppm server server name Configures the ClearPass Policy Manager server informa...

Page 35: ...l Control lers specified for L3 Mobility Disabled no Removes the configuration settings for parameters under the airgroup command no airgroup Removes the AirGroup configuration Usage Guidelines Use this command to configure the AirGroup the availability of the AirGroup services and ClearPass Policy Manager servers Example The following example configures an AirGroup profile scalance config airgrou...

Page 36: ...ctly to any AirPrint compatible printers iTunes iTunes service is used by iTunes Wi Fi sync and iTunes home sharing applications across all Apple devices RemoteMgmt Use this service for remote login remote man agement and FTP utilities on Apple devices Sharing Applications such as disk sharing and file sharing use the service ID that are part of this service on one or more Ap ple devices ChromeCas...

Page 37: ...ines Use this command to enforce AirGroup service policies and define the availability of a services for an AirGroup profile When configuring AirGroup service for an AirGroup profile you can also restrict specific user roles and VLANs from availing the AirGroup services Example The following example configures AirGroup services scalance config airgroupservice AirPlay scalance airgroup service desc...

Page 38: ...at are not associated to any AP unassociated stations Disabled no Removes the specified configuration parameter Usage Guidelines Use this command to send the RFID tag information to AirWave RTLS Specify the IP address and port number of the AirWave server to which the location reports must be sent You can also send reports of the unassociated clients to the RTLS server for tracking purposes Exampl...

Page 39: ...r communication Example The following example configures the ALE server details scalance config ale report interval 60 Command Information AP Platform Command Mode All platforms Configuration mode 4 1 13 ale server Description This command configures ALE server details for AP integration with ALE Syntax ale server server no Parameter Description ale server serv er Allows you to specify the FQDN or...

Page 40: ...l or NAT used in a network Syntax alg sccp disable sip disable vocera disable no Com mand Parameter Description Default sccp disable Disables the SCCP Enabled sip disable Disables the SIP for VOIP and other text and multimedia sessions Enabled vocera disable Disables the VOCERA protocol Enabled no Removes the specified configuration parameter Usage Guidelines Use this command to functions such as ...

Page 41: ...llows an AP to join the AP cluster Syntax allowed ap MAC address no Parameter Description allowed ap MAC address Specifies the MAC address of the AP that is allowed to join the cluster no Removes the specified configuration parameter Usage Guidelines Use this command to allow an AP to join the cluster Example The following command configures an allowed AP scalance config allowed ap 01 23 45 67 89 ...

Page 42: ...d configuration parameter Usage Guidelines Use this command to allow the new access points to join the AP cluster When this command is enabled only the licensed slave APs can join the cluster Example The following command allows the new APs to join the cluster scalance config allow new aps Command Information AP Platform Command Mode All platforms Configuration mode 4 1 17 a max clients Descriptio...

Page 43: ... to 5 GHz radio channels for a specific SSID profile This is a per AP and per Radio configuration Example The following example configures the maximum number of clients for a 5 GHz radio channel scalance a max clients test1 35 Command Information AP Platform Command Mode All Platforms Privileged EXEC mode 4 1 18 ams backup ip Description This command adds the IP address or domain name of the backu...

Page 44: ...ation AP Platform Command Mode All platforms Configuration mode 4 1 19 ams identity Description This command uniquely identifies the group of APs managed or monitored by the AirWave Management console The name can be a location vendor department or any other identifier Syntax ams identity Name Parameter Description Name Configures a name that uniquely identifies the AP on the AirWave Man agement s...

Page 45: ...omain name no Parameter Description IP address or domain name Configures the IP address or domain name of an AirWave Manage ment server for an AP Usage Guidelines Use this command to configure the IP address or domain name of the AMS console for an AP Example The following command configures the AirWave Management Server scalance config ams ip 192 0 1 2 Command Information AP Platform Command Mode...

Page 46: ...gures the shared key for the AirWave management server scalance config ams key key 789 Command Information AP Platform Command Mode All platforms Configuration mode 4 1 22 ap1x Description This command sets the 802 1X authentication type on the uplink ports of AP Syntax ap1x peap tls tpm user validate server no Parameter Description peap Configures PEAP based 802 1X authentication type tls Configu...

Page 47: ...yntax ap1x peap user ap1xuser password no Parameter Description ap1xuser Configures the user name variable for AP to authenticate against the wired uplink ports with 802 1X authentication enabled password Configures the password variable for AP to authenticate against the wired uplink ports with 802 1X authentication enabled no Removes the configuration Usage Guidelines Use this command to configu...

Page 48: ...conds when the frequent scanning is in progress The connection is re established after the scanning is complete Typically a frequent scanning session lasts for less than 10 seconds 2 4 5 0 all Usage Guidelines Execute this command to enable the AP to perform frequent scanning of transmission signals and to select a valid channel for transmission The following checks must be performed before scanni...

Page 49: ...nes Use this command to provision an outdoor AP into an indoor AP or vice versa The AP needs to be rebooted for the configuration to take effect Example The following example changes the installation type of the AP from default to outdoor scalance ap installation outdoor Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 1 26 apply Description This command is used to...

Page 50: ...ollowing example uninstalls the captive portal logo on an AP scalance config apply cplogo inistall http cp logo com Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 1 27 arm Description This command assigns an ARM profile for an AP and configures ARM features such as band steering spectrum load balancing airtime fairness mode and access control features Syntax arm ...

Page 51: ...ort a VHT NOTE Only the APs that support 802 11ac can be configured with 80 MHz channels a channels a channel Configures 5 GHz channels air time fairness mode default access fair access preferred access Allows equal access to all clients on the wire less medium regardless of client type capa bility or operating system and prevents the clients from monopolizing resources You can configure any of th...

Page 52: ...e allowed to use only the 5 GHz channels disable To allow the clients to select the bands balance bands prefer 5ghz force 5ghz disable balance bands channel quality aware arm disable With this parameter ARM ignores the inter nally calculated channel quality metric and initiates channel changes based on thresh olds defined in the profile ARM chooses the channel based on the calculated interference ...

Page 53: ...s a threshold that takes acceptance client count difference among all the channels of Client match into account When the client load on an AP reaches or exceeds the threshold in compariso n client match is ena bled on that AP 1 255 5 client thresh thresh When the number of clients on a radio ex ceeds the value SLB algorithm will be trig gered 0 255 30 debug level Displays information required for ...

Page 54: ...hannel change The error rate must be equal to or more than the error rate threshold to trigger a channel change 1 3600 90 free channel index idx Checks the difference in threshold in the channel interference index between the new channel and the existing channel An AP will only move to a new channel if the new chan nel has a lower interference index value than the current channel This parameter sp...

Page 55: ...or high performanc e enter 5 GHz If the AP density is low enter 2 4 GHz none all 2 4 and 5 5 no Removes the current value for that parameter and return it to its default setting Usage Guidelines Use this command to configure ARM features on an AP ARM ensures low latency roaming consistently high performance and maximum client compatibility in a multi channel environment By ensuring the fair distri...

Page 56: ...tack Description This command enables firewall settings to protect the network against wired attacks such as ARP attacks or malformed DHCP packets and notify the administrator when these attacks are detected Syntax attack drop bad arp enable fix dhcp enable no poison check enable Parameter Description drop bad arp enable Enables the AP to block the bad ARP request fix dhcp enable Enables the AP to...

Page 57: ...m Command Mode All platforms Configuration and Attack configuration sub mode 4 1 29 auth failure blacklist time Description This command allows the APs to dynamically blacklist the clients when they exceed the authentication failure threshold Syntax auth failure blacklist time seconds Parameter Description Default seconds Configures the duration in seconds for which the clients that exceed the max...

Page 58: ...ticate again Syntax auth failure blacklist time seconds Parameter Description Range Default seconds Indicates the duration after which the authenticated credentials in the cache expire 1 99 hours 24 hours Usage Guidelines Use this command when the authentication survivability is enabled on a network profile to set a duration after which the authentication credentials stored in the cache expires To...

Page 59: ... is displayed at the login prompt of the AP The banner is specific to the AP on which you configure it The configured banner is displayed at the CLI login prompt of the AP SCALANCE W supports up to 16 lines text and each line accepts a maximum of 255 characters including spaces Example The following example configures a banner scalance config banner motd welcome to login instant scalance config ba...

Page 60: ...the MAC address of the client to the blacklist no Removes the specified configuration parameter Usage Guidelines Use this command to blacklist the MAC addresses of clients Example The following command blacklists an AP client scalance config blacklist client 01 23 45 67 89 AB Command Information AP Platform Command Mode All platforms Configuration mode 4 2 3 blacklist time Description This command...

Page 61: ...ommand to configure the duration in seconds for which the clients can be blacklisted when the blacklisting rule is triggered Example The following command configures the duration for blacklisting clients scalance config blacklist time 30 Command Information AP Platform Command Mode All platforms Configuration mode 4 2 4 ble Description This command enables BLE beacon management by BMC and configur...

Page 62: ...ps URL or IP address of the HTTPS endpoint This pa rameter is highly recommended for meridian load balance ws URL of the WebSocket endpoint mode op mode Configures the operation modes for the built in Bluetooth Low Energy BLE chip in the AP APs support the following BLE operation modes Beaconing The built in BLE chip of the AP functions as an iBeacon combined with the beacon manage ment functional...

Page 63: ...rmine the functions of the built in BLE chip in the AP Example The following example enables BLE beacon management scalance config ble config MmZjYzkyNTZlYzExODY2MjU3OTBlNTkyZjA0MjdmNjU6OWVkNjdlMjk3MDAxYzFjZjA2ZTQ3Y2UxYWExMmMwY TE https edit meridianapps com api beacons manage scalance config end scalance config commit apply The following example enables the beaconing BLE operation mode scalance c...

Page 64: ...ip IP address Configures the IP address of the CALEA server on an AP ip mtu size Configures the Maximum Transmission Unit size to use 68 1500 1500 no Disables the parameters configured under the calea command no calea Removes the CALEA configuration Usage Guidelines Use this command to configure an AP to support LI LI allows the LEA to conduct an authorized electronic surveillance Depending on the...

Page 65: ...ommand Information AP platform Command Mode All platforms Configuration mode and access rule configuration sub mode 4 3 2 cellular uplink profile Description This command provisions the cellular 3G or 4G uplink profiles on an AP Syntax cellular uplink profile profile 4g usb type 4G usb type modem country modem country modem isp modem_isp usb auth type usb_authentication_type usb dev usb dev usb di...

Page 66: ... as sociated with the subscriber of the selected ISP usb modeswitch usb modeswitch Specifies the parameter used to switch mo dem from storage mode to modem mode usb type usb type Configures the driver type for the 3G modem acm airprime hso option pantech 3g sierra evdo sierra gsm none usb tty usb tty Specifies the modem tty port usb user usb user Specifies the username of subscriber of the selecte...

Page 67: ... cellular uplink profile scalance config cellular uplink profile scalance cellular uplink profile usb type sierra net scalance cellular uplink profile usb dev 0x0f3d68aa scalance cellular uplink profile usb init 3 broadband scalance cellular uplink profile end scalance commit apply Example 2 The following example configures a cellular uplink profile for UML295 Country US and ISP Pantech scalance c...

Page 68: ...ed inline dns stats Enables the DNS statistics on the AP Disabled inline sta stats Enables the station passive monitor statistics on the AP Disabled no Removes the configuration and returns the values to its default setting Usage Guidelines Use this command to configure the AP to generate authentication dhcp dns and station passive monitor statistics by using inline monitoring These statistics are...

Page 69: ...istics debug ap trace ip mac Parameter Description airgroup blocked queries blocked service id Clears all AirGroup blocked queries and service IDs ap env backup Clears all information from a backup AP ap ip address Clears all AP related information arp ip address Clears all ARP table information for an AP client mac Clears all information pertaining to an AP client datapath session all statistics ...

Page 70: ...uidelines Use this command to remove AirGroup details from the AP database Example The following command clears AirGroup statistics scalance config clear airgroup state statistics Command Information AP Platform Command Mode All platforms Configruation Mode 4 3 6 clear dhcpoption82 Description This command is used to delete the DHCP option 82 XML file from the AP This command must be executed only...

Page 71: ...h Example The following command shows an example for clearing DHCP option 82 scalance clear dhcpoption82 xml Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 3 7 clear cert Description This command clears client and server customized CA certificates from the AP database Syntax clear cert airwaveca ap1x ap1xca ca clearpassca cp datatunnel datatunnelca default clearp...

Page 72: ...A cp Clears the captive portal server certificate default clearpassca Clears all the default ClearPass Policy Manager CA radsec Clears the RadSec server certificate radsecca Clears the RadSec CA certificate server Clears all server certificates ui Clears the WebUI certificate Usage Guidelines Use this command to clear the certificates from the AP database Example The following command shows an exa...

Page 73: ...uidelines You can configure the year month day and time Specify the time using a 24 hour clock with hours minutes and seconds separated by spaces Example The following example sets the clock to 21 May 2013 1 03 52 AM scalance clock set 2013 5 21 1 3 52 Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 3 9 clock summer time Description This command configures dayligh...

Page 74: ... 1 24 eweek Indicates the week in which the daylight saving configuration ends eday Indicates the day on which daylight saving configuration ends emonth Indicates the month in which daylight saving configuration ends ehour Indicates the hour at which daylight saving configuration ends 1 24 no Removes the configuration Usage Guidelines Use this command to configure daylight saving for the timezones...

Page 75: ...om the UTC minute offset Specifies the hours offset from the UTC no Removes the timezone configuration Usage Guidelines Use this command to set the timezone on an AP Example The following example configures the PST timezone scalance config clock timezone PST 8 0 scalance config end scalance commit apply Command Information AP Platform Command Mode All platforms Configuration mode 4 3 11 cluster se...

Page 76: ...ing Usage Guidelines Use this command to configure cluster security using DTLS for securing control plane messages exchanged between the APs in a cluster Example The following example configures a cluster security profile scalance config cluster security scalance cluster security dtls scalance cluster security end scalance commit apply The following example configures DTLS connection for low assur...

Page 77: ...iption Range cluster security logging Allows you to change the per module logging level for cluster security module mod ule_name Allows you to set the following core modules for debugging peer The peer module helps in logging the connection initiation renegotiation collision and active connection up dates conn The connection module helps in logging connection creation establishment data transfer a...

Page 78: ...he cluster but does not save the configuration To save the configuration run the write memory or commit apply command revert Reverts the changes committed to the current configuration of an AP Usage Guidelines Each command processed by the Virtual Controller is applied on all the slave AP in a cluster The changes configured in a CLI session are saved in the CLI context The CLI does not support the...

Page 79: ... allows you to enter configuration commands Syntax configure terminal No parameters Usage Guidelines Upon entering this command the enable mode prompt changes to scalance config To return to EXEC mode enter Ctrl Z end or exit Example The following command allows you to enter configuration commands scalance configure terminal Command Information AP Platform Command Mode All platforms Privileged EXE...

Page 80: ...the AP console and thus allow users to configure AP settings or debug system errors By default the console access to the AP is enabled Example The following example disables console access to the AP scalance config console scalance console disable scalance console end scalance commit apply Command Information AP Platform Command Mode All platforms Console configuration sub mode 4 3 16 content filt...

Page 81: ...tivity by limiting access to certain websites Reduce bandwidth consumption significantly You can enable content filtering on an SSID When enabled all DNS requests to non corporate domains on this SSID are sent to the open DNS server Example The following example enables content filtering c a3 1e cd 7b d6 config content filtering ac a3 1e cd 7b d6 config end ac a3 1e cd 7b d6 commit apply Command I...

Page 82: ...onverted to a Campus AP and Remote AP only if the controller is running ArubaOS 6 1 4 or later versions For more information see the Converting an AP to a Remote AP and Campus AP topic in Configuration manual SCALANCE W UI Example The following command allows you to convert an AP to a remote AP scalance convert aos ap RAP 192 0 2 5 Command Information AP Platform Command Mode All platforms Privile...

Page 83: ...e from the TFTP server to the AP portal logo Copies customized logo for the internal captive portal server radsec ca cert password Copies RadSec server or CA certificates system Copies the file to the system partition 1xca Copies the CA certificate used for 802 1X authentication from the TFTP server der pem Indicates the system partition file extensions 1xcert Copies the server certificate used fo...

Page 84: ... length that is set will be valid until the AP is factory reset Syntax custom_var text no Parameter Description Range text Indicates the custom variable string 1 32 no Disables the custom string length that has been set Example The following example sets the custom string length scalance custom_var 12 Command Information AP Platform Command Mode All platforms Privileged EXEC mode ...

Page 85: ...ated logs can be viewed by using the show rtls logs command Example The following example disables the default provisioning SSID scalance debug rtls logs Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 4 2 deny inter user bridging Description This command disables bridging traffic between two clients of an AP on the same VLAN Bridging traffic between the clients w...

Page 86: ...isables inter user bridging scalance config deny inter user bridging scalance config end scalance commit apply Command Information AP Platform Command Mode All platforms Configuration mode 4 4 3 deny local routing Description This command disables routing traffic between two clients of an AP on different VLANs Routing traffic between the clients will be sent to the upstream device to make the forw...

Page 87: ...g deny local routing scalance config end scalance commit apply Command Information AP Platform Command Mode All platforms Configuration mode 4 4 4 device id Description This command assigns an ID for the AP device Syntax device id device Parameter Description device id device Configures an ID for the AP device Usage Guidelines Use this command to configure a device identification Example The follo...

Page 88: ...ent in the XML file into the datapath Syntax dhcp option82 xml string no Parameter Description dhcp option82 xml string Indicates the XML file from which DHCP option 82 needs to be configured no Removes the DHCP option 82 XML based configuration Example The following command configures DPI support scalance config dhcp option82 xml file scalance config end scalance commit apply Command Information ...

Page 89: ...P if the automatic provisioning of the AP fails and if AirWave are not reachable Example The following example disables the default provisioning SSID scalance disable prov ssid Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 4 7 disconnect user Description This command disconnects the clients from an AP Syntax disconnect user addr all mac mac network name Paramete...

Page 90: ...ation AP Platform Command Mode All platforms Privileged EXEC mode 4 4 8 dot 11a radio disable Description This command disables the 5 GHz or 802 11a radio profile for an AP Disabling the radio profile using this command will not delete the SSID profiles Syntax dot 11a radio disable no Parameter Description dot11a radio disable Disables the 5 GHz or 802 11a radio profile no Removes the radio profil...

Page 91: ...ameter Description dot11g radio disable Disables the 2 4 GHz or 802 11g radio profile no Removes the radio profile from the disabled mode Usage Guidelines Use this command to disable a 2 4 GHz radio profile on an AP Example The following example disables the 2 4 GHz radio profile scalance dot11g radio disable Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 4 10 do...

Page 92: ...erver identity to the client radsec Downloads RadSec certificates for mutual authentication between the AP and the client radsecca Downloads RadSec CA certificates for authentication between the AP and the client server Downloads authentication server certificates for validating the identity of the server to the client ui Downloads the WebUI certificates url Allows you to specify the FTP TFTP or H...

Page 93: ... this command to download the DHCP option 82 XML file in the mydhcpopt82 xml format regardless of what name is given to the XML file The AP validates if the XML file is in correct format and load it into AP flash If the validation fails the error type is displayed in the output of the show dhcp opt82 xml config The maximum size limit of the XML buffer is 1 KB The XML buffer will be filled from the...

Page 94: ... filtering service that allows creating firewall policies based on types of application AppRF includes the following capabilities Access control QoS and bandwidth contract rules based on application and application categories Content filters based on web categories and reputation scores security ratings For more information on access rule configuration and web filtering options see the Configurati...

Page 95: ...se this command to create a custom list of URLs The URLs configured by this command are used for defining an access rule using the wlan access rule rule dpi error page url command to redirect users to a specific URL when they access a blocked website Example scalance config dpi error page url 0 http www NoExample com scalance config end scalance commit apply Command Information AP Platform Command...

Page 96: ...orks This setting protects the user experience enable Enables the CPU management feature When configured the client and network management functions are protected This setting helps in large networks with a high client density Usage Guidelines Use this command to enable or disable resource management across different functions performed by an AP Example The following example enables the automatic ...

Page 97: ...ame keyname keystr ing Configures a TSIG shared secret key to secure the dynamic updates The following algorithm names are supported hmac md5 used by default if algo name is not specified hmac sha1 hmac sha256 NOTE When a key is configured the update is successful only if AP and DNS server clocks are in sync hmac sha1 arubaddns 16YuLPdH21rQ6PuK9ud sVLtJw3Y Usage Guidelines Use this command to perf...

Page 98: ...onfigures a TSIG shared secret key to secure the dynamic updates The following algorithm names are supported hmac md5 used by default if algo name is not specified hmac sha1 hmac sha256 NOTE When a key is configured the update is successful only if AP and DNS server clocks are in sync hmac sha1 ddns key asdafsdfasdfsgdsgs server ddns server Denotes the IP address of the DNS server 10 17 132 85 Usa...

Page 99: ...nced to the server Syntax dynamic dns interval ddns_interval Parameter Description dynamic dns interval ddns_interval Configures the time interval in seconds at which the DNS up dates are synced to the server The default value is 12 hours Usage Guidelines Use this command to set a time interval during which the DNS are periodically updated on the server Example The following example configures a D...

Page 100: ...er when communicating with the external RADIUS servers no Removes the configuration Usage Guidelines Ensure that you set the Virtual Controller IP address as a NAS client in the RADIUS server when Dynamic RADIUS proxy is enabled Example The following example enables the dynamic RADIUS proxy feature scalance config dynamic radius proxy scalance config end scalance commit apply Command Information A...

Page 101: ...ed on the AP the TACACS server cannot identify the slave AP that generates the TACACS traffic as the source IP address is changed no Removes the configuration Usage Guidelines Use this command to enable the Virtual Controller to channel all TACACS related traffic from the slave APs to the external TACACS server Example The following example enables the dynamic TACACS proxy feature scalance config ...

Page 102: ...is command to configure VLAN settings for upstream switch to which the AP is connected By default the value is set to 1 The VLAN setting configured by this command is used for restricting the AP from sending out tagged frames to clients connected on the SSID that has the same VLAN as the native VLAN of the upstream switch to which the AP is connected Example The following example configures a non ...

Page 103: ...plink for each AP is mesh link Wi Fi or 3G or 4G Example The following command enables Eth0 bridging scalance enet0 bridging Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 5 3 enet0 port profile Description This command assigns a wired profile to the ENET 0 port on an AP Syntax enet0 port profile profile Parameter Description enet0 port profile pro file Assigns a...

Page 104: ...n This command assigns a wired profile to the Ethernet 1 port on an AP Syntax enet1 port profile profile Parameter Description enet1 port profile pro file Assigns a wired profile to the Ethernet 1 interface port Usage Guidelines Use this command to assign a wired profile to the Ethernet 1 port to activate the wired profile Example The following command assigns a wired profile to the Ethernet 1 por...

Page 105: ...command to assign a wired profile to the ENET 3 port to activate the wired profile Example The following command assigns a wired profile to the ENET 3 port scalance config enet3 port profile name scalance config end scalance commit apply Command Information AP Platform Command Mode All platforms Configuration mode 4 5 6 enet2 port profile Description This command assigns a wired profile to the ENE...

Page 106: ...mation AP Platform Command Mode All platforms Configuration mode 4 5 7 enet4 port profile Description This command assigns a wired profile to the ENET 4 port on an AP Syntax enet4 port profile profile Parameter Description enet4 port profile pro file Assigns a wired profile to the ENET 4 interface port Usage Guidelines Use this command to assign a wired profile to the ENET 4 port to activate the w...

Page 107: ... AP Syntax enhanced mesh role detect no Parameter Description no Removes the enhanced mesh role detection configuration Usage Guidelines Use this command to enhance mesh role detection during AP boot up and AP running time Example Thq following example enables the configuration of extended SSIDs scalance config enhanced mesh role detect scalance config end scalance commit apply Command Information...

Page 108: ...ect Syntax extended ssid no Parameter Description extended ssid Enables the users to configure additional SSIDs no Removes the configuration Usage Guidelines Use this command to create additional SSIDs By default you can create up to six WLAN SSIDs With the Extended SSID option enabled you can create up to 16 WLANs Example The following example enables the configuration of extended SSIDs scalance ...

Page 109: ...istered with Facebook secret Indicates the secret key that is returned after a successful registra tion of an AP with Facebook Usage Guidelines Use this command to verify the ID and secret text generated after the successful integration of an AP with Facebook Command Information AP Platform Command Mode All platforms Configuration mode 4 6 2 factory ssid enable Description This command resets the ...

Page 110: ... firewall disable auto topology rules no Parameter Description firewall Opens the firewall configuration mode disable auto topology rules Disables the default auto topology rule that is created for prede fined ACLs and WLAN Access Rules no Removes the specified configuration parameter Usage Guidelines Use this command to remove the default auto topology rules created for predefined ACLs and WLAN A...

Page 111: ... Description This command configures external firewall details such as Palo Alto Networks PAN firewall to enable integration with the AP Syntax firewall external enforcement pan disable enable domain name name ip address port port user name password no Parameter Description Range Default firewall external enforcement pan PAN firewall configuration sub mode disable Disables PAN firewall enable Enab...

Page 112: ...ser information for those clients in the network and provides the required information for the user ID feature on PAN firewall To enable AP integration with PAN firewall a global profile configured on AP with PAN firewall information such as IP address port user name password firewall enabled or disabled status Example The following example configures PAN firewall information on an AP scalance con...

Page 113: ...mined by the AP regulatory domain tx power Configures the specified transmission power values It also supports 0 1 dBm and negative values 51 dBm to 51 dBm Usage Guidelines Use this command to configure radio channels for the 2 4 GHz band for a specific AP Example The following example configures the 2 4 GHz radio channel scalance g channel 11 18 Command Information AP Platform Command Mode All pl...

Page 114: ...figures the antenna polarization value for a 2 4 GHz radio channel scalance g ant pol 0 Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 7 3 g max clients Description This command configures the maximum number of clients allowed for an SSID profile on a 2 4 GHz radio channel Syntax g max clients ssid_profile max clients Parameter Description Range ssid_profile Deno...

Page 115: ...mple configures the maximum number of clients for a 2 4 GHz radio channel scalance g max clients 35 Command Information AP Platform Command Mode All Platforms Privileged EXEC mode 4 7 4 gre Description This command allows you to manually configure an IPv4 or IPv6 GRE tunnel on an AP Syntax gre primary name backup name disable preemption disable reconnect user on failover hold time hold_time per ap...

Page 116: ... by the Master AP in the clus ter The slave APs will sync its GRE tunnel end point to the same endpoint as the master AP to ensure uniformity in the tunnel endpoint across the cluster ping frequency freq Denotes the ping interval 10 60 seconds 15 seconds ping retry count new_count Denotes the number of ping packets missed to mark the tunnel down status 2 10 3 reconnect time on failover down time D...

Page 117: ... Manual 03 2019 C79000 G8976 C452 04 117 scalance config gre reconnect time on failover down_time scalance config gre type 25944 scalance config end scalance commit apply Command Information AP Platform Command Mode All platforms Configuration mode ...

Page 118: ... user command will no longer be available to add modify or remove management users You will be redirected to the hash mgmt user command to add modify or remove management users Example The following example enables password hashing for management users scalance config hash mgmt password scalance config end scalance commit apply Command Information AP Platform Command Mode All platforms Configurati...

Page 119: ... management user For example users with guest management local or read only privilege no Removes the management user configuration Usage Guidelines Use this command to configure management user credentials to access and configure the AP After you configure the hash mgmt password command the mgmt user command will no longer be valid You will be directed to this command for management user configura...

Page 120: ... of a command or abbreviation the question mark lists possible commands that match When typed in place of a parameter the question mark lists available options Example The following example shows the output of the help command HELP Special keys BS delete previous character Ctrl A go to beginning of line Ctrl E go to end of line Ctrl F go forward one character Ctrl B go backward one character Ctrl ...

Page 121: ...escribes each possible argument 2 Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input e g show w Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 8 4 hostname Description This command changes the hostname of the Virtual Controller Syntax hostname name Parameter Description name Configures a hostname f...

Page 122: ...a 3GPP profile 3gpp plmn1 3gpp plmn6 PLMN ID Configures the PLMN value of the network The PLMN value can be specified for first second third fourth fifth and sixth highest priority network The PLMN ID consists of a 12 bit MCC and the 12 bit MNC enable Activates the configuration profile no Removes the configuration Usage Guidelines Use this command to configure a 3GPP Cellular Network hotspot prof...

Page 123: ...nd Information AP Platform Command Mode All platforms Configuration mode and the 3GPP hotspot profile configuration sub mode 4 8 6 hotspot anqp domain name profile Description This command defines the domain name to be sent in an ANQP information element in a GAS query response Syntax hotspot anqp domain name profile profile name domain name domain name enable no Parameter Description hotspot anqp...

Page 124: ...rofile domain1 scalance domain name domain1 domain name example com scalance domain name domain1 enable scalance domain name domain1 end scalance commit apply Command Information AP Platform Command Mode All platforms Configuration mode and the ANQP domain profile configuration sub mode 4 8 7 hotspot anqp ip addr avail profile Description This command defines the available IP address types to be s...

Page 125: ...he existing configuration Usage Guidelines Use this command to configure the IP Address availability information and IP address types which could be allocated to the clients after they associate to the hotspot AP Example The following command configures an AP using this profile to advertise a public IPv4 network scalance config hotspot anqp ip addr avail profile default scalance IP addr avail defa...

Page 126: ... 2 auth value nai realm eap method eap method nai realm encoding encoding nai realm name name no Parameter Description Range hotspot anqp nai realm profile profile name Configures a NAI realm hotspot profile enable Enables the NAI realm profile nai home realm Sets the realm in this profile as the NAI Home Realm nai realm auth id 1 nai realm auth id 2 Configures the NAI realm authentication ID Use ...

Page 127: ...authentication method non eap inner auth Uses non EAP inner authentication type reserved Uses the reserved authentication method credential eap inner auth exp inner auth expanded eap non eap inner auth reserved nai realm auth value 1 nai realm auth value 2 Configures a value for NAI realm authentication Use the nai realm auth value 1 command to select an authentication value for the authentication...

Page 128: ...r eap inner auth aut ID specify the following values reserved pap chap mschap mschapv2 For exp inner eap auth ID specify exp inner eap as the authentication value For expanded eap auth ID specify expanded eap as the authentication value For non eap inner auth auth ID specify any of the following values reserved pap chap mschap mschapv2 sim usim nfc secure hw token softoken certificate uname passwo...

Page 129: ...sim eap tls eap ttls generic token card identity notification one time password peap peapmschapv2 nai realm encoding encoding Configures a UTF 8 or rfc4282 formatted character string for NAI realm encoding rfc4282 utf8 nai realm name nai realm name Configures a name for the NAI realm The realm name is often the domain name of the service pro vider no Removes any existing configuration Usage Guidel...

Page 130: ...lm profile configuration sub mode 4 8 9 hotspot anqp nwk auth profile Description This command configures an ANQP network authentication profile to define authentication type being used by the hotspot network Syntax hotspot anqp nwk auth profile profile name enable nwk auth type auth type url url no Parameter Description Range hotspot anqp nwk auth profile profile name Configures an ANQP network a...

Page 131: ...or URL accept term and cond online enrollment http redirect dns redirect url Configures URL IP address or FQDN used by the hotspot network for the accept term and cond or dns redirect network authentication types no Removes any existing configuration Usage Guidelines When the asra option is enabled in the hotspot profile associated with a WLAN SSID the settings configured for the network authentic...

Page 132: ...umber 3 5 octets in length roam cons oi len roam cons oi len Indicates the length of the OI The value of the roam cons oi len parameter must equal upon the number of octets of the roam cons oi field 0 0 Octets in the OI Null 3 OI length is 24 bit 3 Octets 5 OI length is 36 bit 5 Octets no Removes any existing configuration Usage Guidelines Use this command to configure the roaming consortium OIs a...

Page 133: ...tion mode and the ANQP roaming consortium profile configuration sub mode 4 8 11 hotspot anqp venue name profile Description his command defines venue information be sent in an ANQP information element in a GAS query response Syntax hotspot anqp venue name profile profile name enable venue group group venue lang code language venue name name venue type type no Parameter Description Range Default ho...

Page 134: ...cantile outdoor residential stor age unspecified utility and misc vehicular unspecified venue lang code language Configures an ISO 639 language code that identifies the language used in the Venue Name field venue name name Configures the venue name to be advertised in the ANQP IEs If the venue name includes spaces the name must be enclosed in quotation marks e g Midtown Shopping Center venue type ...

Page 135: ... park place of worship convention center library museum restaurant theater bar coffee shop zoo or aquarium emergency cord center unspecified business doctor bank fire station police station post office professional office research and dev facility attorney office unspecified educational school primary school secondary univ or college unspecified factory and industrial factory unspecified instituti...

Page 136: ...y boarding house unspecified storage unspecified utility and misc unspecified vehicular unspecified automobile or truck airplane bus ferry ship train motor bike Examples The following command defines an ANQP Venue Name profile for a shopping mall scalance config hotspot anqp venue name profile Mall1 scalance venue name Mall1 venue name ShoppingCenter1 scalance venue name Mall1 venue group mercanti...

Page 137: ...at advertises hotspot protocol and port capabilities Syntax hotspot h2qp conn cap profile profile name enable esp port icmp tcp ftp tcp http tcp pptp vpn tcp ssh tcp tls vpn tcp voip udp ike2 udp ipsec vpn udp voip no Parameter Description hotspot h2qp conn cap profile profile name Creates a connection capability profile enable Enables the connection capability H2QP profile esp port Enables the ES...

Page 138: ... an ANQP IE to provide information about the IP protocols and associated port numbers that are available and open for communication Example The following example allows the H2QP connection capability profile to advertise the availability of ICMP and HTTP ports scalance config hotspot h2qp conn cap profile Wan1 scalance connection capabilities Wan1 icmp scalance connection capabilities Wan1 tcp htt...

Page 139: ...configuration Usage Guidelines Use this command to configure values for the H2QP Operating Class profile that lists the channels on which the hotspot is capable of operating Example The following example configures and enables a profile with the default operating class value scalance config hotspot h2qp oper class profile Profile1 scalance operator class Profile1 op class 1 scalance operator class...

Page 140: ...otation marks include a backslash charac ter before each quotation mark e g example 1 64 alphanumeric characters op lang code lan guage Configures an ISO 639 language code that identifies the language used in the op fr name command no Removes any existing configuration Usage Guidelines Use this command to configure an operator friendly name that can identify the operator and also provides informat...

Page 141: ... provider details to be sent in the H2QP IE Syntax hotspot h2qp osu provider profile profile disable enable frnd name count count frnd name1 OSU Friendly name frnd name1 hex OSU Friendly name frnd name1 lang code lang code frnd name2 OSU Friendly name frnd name2 hex OSU Friendly name frnd name2 lang code lang code icon1 file idx File Name icon1 height height icon1 lang code lang code icon1 type fi...

Page 142: ...xa decimal format for language codes other than English frnd name1 lang code The language code used for configur ing the first OSU friendly name frnd name2 The second OSU friendly name if the language code chosen is English Astring value of maximum 64 charac ters frnd name2 hex The second OSU friendly name in hexadecimal format for language codes other than English frnd name2 lang code The languag...

Page 143: ...sion the HS2 client OMA DM SOAP XM osu server uri The URI of the OSU Server that is used for OSU with the service pro viderconfigured in the frnd name1 parameter srvc desc1 The first service description if you selected the language code as Eng lish srvc desc1 hex The first service description in hexa decimal format for language codes other than English srvc desc1 lang code The language code used f...

Page 144: ...der OSU icon1 lang code zxx scalance osu provider OSU icon1 type image png scalance osu provider OSU icon1 file 1 icon_red_zxx png scalance osu provider OSU icon2 width 160 scalance osu provider OSU icon2 height 76 scalance osu provider OSU icon2 lang code eng scalance osu provider OSU icon2 type image png scalance osu provider OSU icon2 file 2 icon_red_eng png scalance osu provider OSU srvcdesc c...

Page 145: ...k speed speed enable load duration duration symm symm link uplink load load uplink speed speed wan metrics link status status no Parameter Description Range Default hotspot h2qp wan metrics profile profile name Creates a H2QP WAN metric profile at capacity Indicates if the WAN Link has reached its maximum capacity If this parameter is enabled no additional mobile devices will be permitted to assoc...

Page 146: ...unspecified 1 100 0 unspecified uplink spead speed Use the uplink speed parameter to indicate the current WAN backhaul uplink speed in Kbps If no value is set this parameter will show a default value of 0 to indicate that the uplink speed is unknown or unspecified 0 2 147 483 647 kbps 0 unspecified wan metrics link status Define the status of the WAN Link by configuring one of the following values...

Page 147: ...mand Information AP Platform Command Mode All platforms Configuration mode and the H2QP WAN metrics profile configuration sub mode 4 8 17 hotspot hs profile Description This command configures a hotspot profile for an 802 11u public access service provider Syntax hotspot hs profile profile name access network type type addtl roam cons ois addtl roam cons ois advertisement profile anqp 3gpp profile...

Page 148: ...delay delay group frame block hessid id internet no osen osu nai osu nai osu ssid ssid p2p cross connect p2p dev mgmt pame bi qos map excp qos map range query response length limit len roam cons len 1 0 3 5 roam cons len 2 0 3 5 roam cons len 3 0 3 5 roam cons oi 1 roam cons oi 1 roam cons oi 2 roam cons oi 1 roam cons oi 3 roam cons oi 1 venue group venue group venue type venue type no ...

Page 149: ... is accessible to all with out any charges applied For example a hotspot in airport or other public places that provide Inter net access with no additional cost The corre sponding integer value for this network type is 3 personal device This network is accessible for personal devices For example a laptop or camera configured with a printer for the purpose of printing The corresponding integer valu...

Page 150: ...QP advertisement protocol anqp asra Indicates if any additional steps are required for network access comeback mode By default ANQP information is obtained from a GAS Request and Response If you enable the comeback mode option advertisement information is obtained using a GAS Request and Response as well as a Comeback Request and Comeback Response This option is disabled by default enable Enables ...

Page 151: ...dvertisement Server can return a query response that is independent of the BSSID used for the GAS Frame exchange qos map excp Includes the DSCP exceptions in the QoS map set You can configure a maximum of 21 sets of DSCP exception fields It must be entered in Hexadecimal format It is in the format value up separated by where value can be 0 3F or FF and user priority up can be 0 7 qos map range Con...

Page 152: ...cons oi 1 roam cons oi 2 roam cons oi 3 Configures the roaming consortium OI to assign to one of the service provider s top three roaming part ners This additional OI will only be sent to a client if the addtl roam cons oisaddtl roam cons ois pa rameter is set to 1 or higher NOTE The service provider s own roaming consortium OI is configured using the hotspot anqp roam cons profile command venue g...

Page 153: ...nformation through the management frames For network discovery and selection GAS and ANQP are used QOS Mapping Provides a mapping between the network layer QoS packet marking and over the air QoS frame marking based on user priority When a hotspot is configured in a network The clients search for available hotspots using the beacon management frame When a hotspot is found the client sends queries ...

Page 154: ...ly Name Defined using the hotspot h2qp operator friendly name profile command WAN Metrics Defined using the hotspot h2qp wan metrics profile command Roaming Consortium OIs Organization Identifiers OIs are assigned to service providers when they register with the IEEE registration authority You can specify the OI for the hotspot s service provider in the ANQP Roaming Consortium profile using the ho...

Page 155: ...ue is 2 unspecified The associated numeric value is 0 doctor The associated numeric value is 1 bank The associated numeric value is 2 fire station The associated numeric value is 3 police station The associated numeric value is 4 post office The associated numeric value is 6 professional office The associated numeric value is 7 research and dev facility The associated numeric value is 8 attorney o...

Page 156: ...eric value is 9 unspecified The associated numeric value is 0 vehicular The associated numeric value is 10 unspecified The associated numeric value is 0 automobile or truck The associated numeric value is 1 airplane The associated numeric value is 2 bus The associated numeric value is 3 ferry The associated numeric value is 4 l ship The associated numeric value is 5 l train The associated numeric ...

Page 157: ...rch and dev facility scalance Hotspot2 0 hs1 pame bi scalance Hotspot2 0 hs1 group frame block scalance Hotspot2 0 hs1 p2p dev mgmt scalance Hotspot2 0 hs1 p2p cross connect scalance Hotspot2 0 hs1 end scalance commit apply The following commands associate anqp 3gpp advertisement profile with a hotspot profile scalance config hotspot hs profile hs1 scalance Hotspot2 0 hs1 advertisement protocol an...

Page 158: ... Mode All platforms Privileged EXEC mode 4 8 19 hs2 osu icon download Description This command downloads the OSU provider s icon file to the AP Syntax hs2 osu icon download idx ftp tftp http URL syntax Parameter Description Range Default idx Indicates the index of the file which can take values from 1 to 10 1 10 url The location from which the icon file can be downloaded The location can be FTP TF...

Page 159: ...9 C79000 G8976 C452 04 159 Example To download the icon file to the AP execute the following command scalance hs2 osu icon download idx ftp tftp http URL syntax scalance commit apply Command Information AP Platform Command Mode All platforms Privileged EXEC mode ...

Page 160: ...er Description iap master Provisions the AP as a master AP no Removes the configuration Usage Guidelines Use this command to manually provision an AP as a master AP Example The following example provisions a master AP scalance iap master Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 9 2 ids Description This command configures an IDS policy for an AP Syntax ids ...

Page 161: ...ts rate anomaly detect disconnect sta detect eap rate anomaly detect fatajack detect hotspotter attack detect ht 40mhz intolerance detect ht greenfield detect invalid addresscombination detect invalid mac oui detect malformed assoc req detect malformed frame auth detect malformed htie detect malformed large duration detect omerta attack detect overflow eapol key detect overflow ie detect power sav...

Page 162: ...ge Default ids Creates an IDS policy client detection level type Sets the client detection level off low me dium high off client protection level type Sets the client protection level off low me dium high off detect adhoc network Enables detection of adhoc networks detect ap flood Enables detection of flooding with fake AP beacons to confuse the legitimate users and to increase the amount of proce...

Page 163: ...The attacker then sends deau thenticate frames to the target device caus ing it to lose its active association detect eap rate anomaly Enables EAP handshake analysisto detect an abnormal number ofauthentication pro cedures on achannel and generate an alarmwhen this condition is detected detect fatajack Enables detection of fatjack attacks detect hotspotter attack Enables detection of hotspot attac...

Page 164: ... client and an unsafe AP This setting can detect the following misassocia tion types MisassociationToRogueAP MisassociationToExternalAPl MisassociationToHoneypotAP MisassociationToAdhocAP MisassociationToHostedAP detect valid ssid misuse Enables detection of interfering or Neighbor APs using valid or protected SSIDs detect windows bridge Enables detection of Windows station bridg ing detect wirele...

Page 165: ... for the deauth broadcast frame type wired containment Controls Wired attacks wired containment ap adj mac Enables a wired containment to Rogue APs whose wired interface MAC address is offset by one from its BSSID wired containment susp l3 rogue Enables the user to identify and contain an AP with a preset wired MAC address that is different from the BSSID of the AP if the MAC address that the AP p...

Page 166: ...e the following policies Infrastructure Detection Policies Specifies the policy for detecting wireless attacks on access points Client Detection Policies Specifies the policy for detecting wireless attacks on clients Infrastructure Protection Policies Specifies the policy for protecting access points from wireless attacks Client Protection Policies Specifies the policy for protecting clients from ...

Page 167: ...etect ap flood scalance IDS detect client flood scalance IDS detect bad wep scalance IDS detect cts rate anomaly scalance IDS detect rts rate anomaly scalance IDS detect invalid addresscombination scalance IDS detect malformed htie scalance IDS detect malformed assoc req scalance IDS detect malformed frame auth scalance IDS detect overflow ie scalance IDS detect overflow eapol key scalance IDS det...

Page 168: ...nce IDS protect windows bridge scalance IDS end scalance commit apply Command Information AP Platform Command Mode All platforms Configuration mode and IDS configuration sub mode 4 9 3 ignore image check Description This command ignores the automatic image check feature The automatic image check feature automatically checks for a new version of Scalance W on the image server once after the AP boot...

Page 169: ...out seconds no Parameter Description Range Default inactivity ap timeout seconds Configures the inactivity timeout interval in seconds 1 1000 1000 no Removes any existing configuration Usage Guidelines Use this command to configure an inactivity timeout interval for an AP Example The following example configures the inactivity timeout interval scalance config inactivity ap timeout 180 scalance con...

Page 170: ...the source subnet IP address smask Specifies the subnet mask of the source IP address dest Allows you to specify the destination IP address mask Specifies the subnet mask for the destination IP address match invert match Indicates if the rule specific to the destination IP address and subnet mask matches the value specified for protocol invert Indicates if the rule allows or denies traffic with an...

Page 171: ...SCP tag Specifies a DSCP value to priori tize traffic when this rule is triggered 802 1p priority Sets an 802 1p priority no Removes the configuration Usage Guidelines Use this command to configure inbound firewall rules for the inbound traffic coming through the uplink ports of an AP The rules defined for the inbound traffic are applied if the destination is not a user connected to the AP If the ...

Page 172: ...1 631 permit scalance inbound firewall end scalance commit apply Command Information AP Platform Command Mode All platforms Configuration mode and inbound firewall configu ration sub mode 4 9 6 internal domains Description This command configures valid domain names for the enterprise network Syntax internal domains domain name domain name no Parameter Description Range Default internal domains Ena...

Page 173: ...fig internal domains scalance domain domain name www example com scalance domain end scalance commit apply Command Information AP Platform Command Mode All platforms Configuration mode and domains configuration sub mode 4 9 7 iot transportProfile Description This command configures an IoT transport profile on an Scalance W network An IoT transport profile is a global profile that is created for tr...

Page 174: ...rval username user no Parameter Description Range Default ageFilter ageout Devices without recent activity will not be reported 0 to 3600 sec onds 0 authenticationURL url Denotes the server URL used for authentication cellSizeFilter cellsize This is a proximity filter Devices outside the cell will not be reported Size is specified in meters Setting to 0 disables the cell size filter 0 to 255 meter...

Page 175: ...ian API However the payload encoding adheres to the published Aruba Telemetry JSON schema telemetry websocket Stream data to meridian Web Socket server However the pay load encoding adheres to the published Aruba Telemetry proto format Meridian Beacon Management endpointURL url Endpoint URL of the IoT manage ment server movementFilter threshold Filters devices that do not change distance Specified...

Page 176: ...tone Eddystone device data rssiReporting type Sets the preferred format for RSSI reporting average uidNamespaceFilter filter A list of UID namespaces to filter devices included in the reports Applies only Eddystone UID devic es You can specify a maximum of 10 namespaces urlFilter filter A list of URL strings to filter devices included in the reports Applies only to Eddystone URL devices The string...

Page 177: ...ple endpointToken MzkxMTZlMWYtYTgzYS00YWUxLTkzYWEtYjQyNzE1MGMyMjAxOjBiZWJjYWViLTRjNjItNGEwNC1hMGIyLWYzZ TM5ZDFlNGVkNg scalance IoT Transport Profile sample end scalance commit apply Command Information AP Platform Command Mode All platforms Configuration mode and iot transport profile con figuration sub mode 4 9 8 iot usetransportProfile Description This command sets an IoT management server profi...

Page 178: ...ameter Description ip address Assigns an IP address to the AP subnet mask Specifies the subnet mask nexthop ip address Specifies the gateway IP address dns ip address Specifies the DNS server IP address domain name Specifies the domain name Usage Guidelines Use this command to assign a static IP address to the AP Example The following example configures an IP address for the AP scalance ip address...

Page 179: ...r default_router dhcp relay dhcp server dhcp_server disable split tunnel dns cache dns server dns_server domain name domain name dynamic dns key algo name keyname keystring exclude address exclude_address host mac ip range start_IP end_IP lease time lease_time option option_type option_value option82 alu xml reserve first count last count server type server_type server vlan idx subnet subnet subne...

Page 180: ...m this range will be used and allocated to a branch The AP does not allow the administrators to assign the remaining IP addresses to anoth er branch although a lower value is config ured for the client count default router default_router Defines the IP address of the default router for the Distributed L2 Local Local L2 and Local L3 DHCP scopes dhcp relay Enables the APs to intercept the broadcast ...

Page 181: ...rk connection When split tunnel is disabled all the traffic including the corporate and Internet traffic is tunneled irrespective of the routing profile specifications If the GRE tunnel is down and when the corporate network is not reachable the client traffic is dropped dns cache Enables DNS caching onthe AP which al lows the AP to respond to DNS requests from cache or deny the request immediatel...

Page 182: ... same subnet as the default router and subnet mask The configured IP range is divided into blocks based on the configured client count For Distributed L3 mode you can con figure any discontiguou s IP ranges The configured IP range is divided into multiple IP subnets that are sufficient to accommodat e the configured client count lease time lease_ time Defines a lease time for the client in sec ond...

Page 183: ...ual Controller acts as the DHCP server but the default gateway is in the data center Based on the number of clients specified for each branch the range of IP addresses is divided Based on the IP address range and client count configuration the DHCP server in the Virtual Controller controls a scope that is a subset of the complete IP Address range for the subnet distributed across all the branches ...

Page 184: ...DHCP server located either in the corporate or local network The centralized L3 VLAN IP is used as the source IP The IP address is obtained from the DHCP server Example The following example configures a Distributed L2 DHCP scope scalance config ip dhcp corpNetwork1 scalance DHCP Profile corpNetwork1 ip dhcp server type distributed l2 scalance DHCP Profile corpNetwork1 server vlan 1 scalance DHCP ...

Page 185: ...rofile name end scalance commit apply To configure VLAN in a Local DHCP profile scalance config ip dhcp profile name scalance DHCP Profile profile name vlan ip VLAN_IP mask VLAN mask scalance DHCP Profile profile name end scalance commit apply To configure a default router in a Local DHCP profile scalance config ip dhcp profile name scalance DHCP Profile profile name default router default_router ...

Page 186: ...net Defines IP address of the subnet subnet mask Subnet Mask Defines the subnet mask of the IP address Usage Guidelines Use this command to configure a DHCP pool The DHCP server is a built in server used for networks in which clients are assigned IP address by the Virtual Controller You can customize the DHCP pool subnet and address range to provide simultaneous access to more number of clients Th...

Page 187: ...s globally Syntax ip mode v4 only v4 prefer no Parameter Description ip mode Configures the IP mode to process IPv6 or IPv4 packets v4 only Enables global processing of IPv4 packets v4 prefer TBU no Removes the configuration Usage Guidelines Use this command to configure IP modes to enable global processing of IPv4 packets Example The following example configures the IPv4 mode scalance config ip m...

Page 188: ...power resources Disabled disable Disables IPM on the AP enable Enables IPM on the AP ipm power reduction step prio Sets IPM power reduction steps and specifies their priorities no Removes the IPM configuration Usage Guidelines Use this command to enable or disable IPM on the AP and also to set power reduction steps and specify their priorities Example The following example enables IPM scalance con...

Page 189: ... receive requests from a RADIUS server NOTE This parameter can only be used on Virtual Controller udp port Indicates the UDP port to receive server requests port Indicates the port number 1 65535 3799 Usage Guidelines This command configures global RADIUS server parameters The rfc3576 parameter must be enabled in the wlan auth server command for the global RADIUS server configuration to take effec...

Page 190: ...tsis uniformly dis tributed across the AP cluster Disabled IP address Configures the IP address for the subnets support in an APcluster subnet subnet mask Specifies the subnet mask vlan Assigns the VLAN applicable to the AP cluster 1 4093 virtual controller IP Specifies the IP address of the Virtual Controller in an AP cluster virtual controller IP address Adds the IP address of a Virtua lControll...

Page 191: ...calance commit apply Command Information AP Platform Command Mode All platforms Configuration mode and L3 mobility configuration sub mode 4 10 2 lacp mode Description This command is introduced to support the static LACP configuration Syntax lacp mode enable disable no Parameter Description enable This parameter enables the static LACP configuration The AP will work on LACP mode irrespective of wh...

Page 192: ... configures the static LACP for the AP scalance lacp mode enable scalance lacp mode disable Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 10 3 led off Description This command disables LED display on an AP Syntax led off no Command Parameter Description led off Disables LED display no Re enables LED display Usage Guidelines Use this command to disable the LED di...

Page 193: ...ult timeout Number of seconds or minutes that a management session remains active without any user activity 5 60 minutes or 1 3600 sec onds 0 to disable 5 minutes Usage Guidelines The management user must re login to the AP after a Telnet or SSH session times out If you set the timeout value to 0 sessions do not time out Example The following example configures management sessions on the AP to not...

Page 194: ...2 04 4 10 5 logout Description This command logs you out of the current CLI session Syntax logout Usage Guidelines Use this command to log out of the current CLI session and return to the user login prompt Command Information AP Platform Command Mode All platforms Privileged EXEC mode ...

Page 195: ...ity Access Switch The Mobility Access Switch blacklists the MAC address of the rogue AP and turns off the PoE on the port PoE prioritization When an AP is connected directly into the Mobility Access Switch port the Mobility Access Switch port increases the PoE priority of the port This is done only if the PoE priority is set by default in the Mobility Access Switch Note The PoE Prioritization and ...

Page 196: ...APs are connected Example The following example enables Mobility Access Switch integration for an AP scalance config mas integration scalance config end scalance commit apply Command Information AP Platform Command Mode All platforms Configuration mode 4 11 2 managed mode profile Description This command is used to enable auto configuration of the APs in the management mode Syntax managed mode pro...

Page 197: ...yday enter 00 hour hh Indicates hour within the range of 0 23 min mm Indicates minutes within the range of 0 59 window hh Defines a window for synchronization of the configura tion file The default value is 3 hours retry poll period time in sync Configures the time interval in minutes between two retries after which APs can retry downloading the configuration file username username password passwo...

Page 198: ...ion This command is used to retrieve a new set of configuration from the server ahead of the next scheduled sync time Syntax managed mode sync server Parameter Description managed mode sync server Initiates the fetching of a new set of configuration from the server for the APs in the management mode Usage Guidelines Use this command for a real time retrieve and apply of the configuration from the ...

Page 199: ...as mesh nodes a generic term used to describe APs configured for mesh Mesh APs detect the environment when they boot up locate and associate with their nearest neighbor to determine the best path to the mesh portal SCALANCE W mesh functionality is supported only on dual radio APs only On dual radio APs the 5 GHz radio is always used for both mesh backhaul and client traffic while the 2 4 GHz radio...

Page 200: ...o act as a Virtual Controller A mesh portal uses its uplink connection to reach the Virtual Controller a mesh point or establishes an all wireless path to the mesh portal Mesh portals and mesh points are also known as mesh nodes a generic term used to describe APs configured as mesh Mesh APs detect the environment when they boot up and locate and associate with their nearest neighbor to determine ...

Page 201: ...functionality in an AP Syntax mesh disable no Parameter Description no Removes the configuration settings Example The following example disables the mesh functionality AP scalance mesh disable Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 11 7 mgmt accounting Description This command is used to enable accounting privileges on TACACS servers for management users ...

Page 202: ...ge of the authorized network services Example The following example configures a TACACS server for management accounting Access Point config mgmt accounting command all tacacs1 Access Point config end Access Point commit apply Command Information AP Platform Command Mode All platforms Configuration mode 4 11 8 mgmt auth server Description This command configures authentication servers for manageme...

Page 203: ...d Mode All platforms Configuration mode 4 11 9 mgmt auth server load balancing Description This command enables load balancing when two authentication servers are configured for management user authentication Syntax mgmt auth server load balancing no Parameter Description mgmt auth server load balancing Enables load balancing between the primary and the backup authentica tion servers no Removes th...

Page 204: ... auth server local backup no Parameter Description mgmt auth server local backup Configures a backup internal server for management user authentication When enabled the authentication switches to Internal if there is no response from the RADIUS server RADIUS server timeout no Removes the configuration Usage Guidelines Use this command to configure a backup authentication server for the Virtual Con...

Page 205: ...es a User name for the administrator user password Creates a password for the administrator user type Indicates the type of the user For example users with read only privilege or the guest management user no Removes the configuration Usage Guidelines Use this command to configure administrator credentials to access and configure the AP Example The following example configures administrator login c...

Page 206: ...es MTU size no Removes the configuration Usage Guidelines Use this command to configures the MTU size for tunnel and br0 interfaces and uplink interfaces such as 3G or 4G The configured MTU size is applied when the uplink changes Example The following example sets the MTU size to 1200 bytes scalance config mtu 1200 scalance config end scalance commit apply Command Information AP Platform Command M...

Page 207: ...ription name name Configures a name for the AP or the Virtual Controller Usage Guidelines Use this command to configure a name for the AP Example The following example configures a name for the AP scalance hostname system name Command Information AP Platform Command Mode All platforms Configuration mode 4 12 2 ntp server Description This command configures NTP server for an AP Syntax ntp server Na...

Page 208: ...on Usage Guidelines The NTP helps obtain the precise time from a server and regulate the local time in each network element If NTP server is not configured in the Scalance W network an AP reboot may lead to variation in time dat Example The following command configures an NTP server for an AP scalance config ntp server name scalance config end scalance commit apply Command Information AP Platform ...

Page 209: ...ndns Configures user credentials to enable access to OpenDNS to provide enterprise level content filtering user Configures user name to access OpenDNS password Configures password to access OpenDNS no Removes the configuration Usage Guidelines Use this command to configure OpenDNS credentials to allow Scalance W to filter content at the enterprise level Example The following example configures Ope...

Page 210: ...33 tls enable Indicates the status of TLS encryption between the OpenFlow agent and OpenFow controller no Removes the OpenFlow configuration Usage Guidelines Use this command to enable TCP configuration and TLS authentication to an OpenFlow controller Example The following example shows how to configure a TCP connection in an OpenFlow controller scalance config openflow server host 1 1 1 1 tcp por...

Page 211: ... in AMP Configuration Group Org You can also assign additional strings to create a hierarchy of sub folders under the folder named Org For example subfolder1 for a folder under the Org folder subfolder2 for a folder under subfolder1 no Removes the configuration set tings Usage Guidelines Use this command to specify an organization string for integrating the AirWave Management Server with the AP Th...

Page 212: ...pacts the SSID availability after the configured hold on time Syntax out of service hold on time time no Command Parameter Description Range Default time Configures the hold on time of out of service operations 30 300 sec onds 30 seconds no Removes the configuration Usage Guidelines Use this command to configure a hold time after which the out of service operation is triggered Example The followin...

Page 213: ...ps the packet capture configuration id Indicates the ID of the PCAP session Usage Guidelines These commands direct an AP to send Wi Fi packet captures to a client packet analyzer utility such as Airmagnet Wireshark and so on on a remote client Before using these commands you need to start the packet analyzer utility on the client and open a capture window for the port from which you are capturing ...

Page 214: ... Description essid Denotes the environment variable configured in apboot no Removes the environment variable Usage Guidelines This command enables every AP in a cluster to assign a unique value to a given SSID profile Users can connect to the defined SSID Example The following example sets the environment variable scalance per ap ssid essid Command Information AP Platform Command Mode All platform...

Page 215: ...AN Example The following example sets the environment variable scalance per ap vlan vlan Command Information AP Platform Command Mode All platforms Privileged Exec mode 4 14 4 pin enable Description This command enables locking of the SIM PIN for the 3G or 4G modems Syntax pin enable pin_current_used no Parameter Description pin enable pin_ cur rent_used Enables locking of the SIM To enable SIM PI...

Page 216: ...cks the cellular modems using the PUK code The SIM PIN of a modem is locked if a user enters incorrect PIN code for three consecutive attempts Syntax pin puk pin_puk Parameter Description pin puk pin_puk pin_new Unlocks the SIM PIN using the PUK code provided by the ISP and by entering a new PIN code Usage Guidelines Use this command to unlock a cellular modem using the PUK code provided by your I...

Page 217: ...rms Privileged Exec mode 4 14 7 ping Description This command sends ICMP echo packets frame count packet size source address and interface information to the specified IP address Syntax ping host count count packet size size interface interface source address address Parameter Description Default host Indicates the host name count Indicates the frame count packet size Indicates the packet size dat...

Page 218: ... a user name to allow a user to log into the DSL net work pppoe passwd password Configures a password for the user to log into the DSL network pppoe svcname svcname Specifies the PPPoE service provided by your service provider pppoe chapsecret password Configures a secret key used for Challenge Handshake Authenti cation Protocol CHAP authentication You can use a maximum of 34 characters for the CH...

Page 219: ...uplink profile configuration sub mode 4 14 9 proxy Description This command configures HTTP proxy settings Syntax proxy exception host server host port username password Parameter Description exception hostname Sets the IP address or the domain name of the host to be added under the exception list server hostname port number username pass word Sets the HTTP proxy server s IP address or domain name...

Page 220: ...le The following example configures an HTTP proxy settings in an AP scalance config proxy exception 10 15 107 214 scalance config proxy server 10 15 107 210 1337 user1 passwd1 scalance config end scalance commit apply Command Information AP Platform Command Mode All platforms Configuration mode ...

Page 221: ...e AP URL Enter the URL of the website count Allows you to add the number of clients Usage Guidelines Use this command to manually add the VSA redirect URL for debugging purpose Example The following output is displayed for radius vsa redirect url add client MAC address URL count command c8 b5 ad c3 af 16 radius vsa redirect url add 0e 00 32 f8 ef 10 https 172 10 10 10 guest 1 c8 b5 ad c3 af 16 sh ...

Page 222: ...you can access it via a local console connected to the serial port or through an SSH Telnet or UI session If you need to troubleshoot the AP during a reboot use a local console connection After you use the reload command the AP prompts you to confirm this action If you have not saved your configuration the AP returns the following message Do you want to save the configuration y n Enter y to save t...

Page 223: ...on This command allows you to delete the clients that are blacklisted Syntax a remove blacklist client MAC_address AP_name Parameter Description MAC address Adds the MAC address of the blacklisted client AP_name Adds the access point name to which the client is connected to no Removes the specified configuration parameter Usage Guidelines Use this command to remove the entries for the clients that...

Page 224: ...default DRT file Example The following command shows how to reset the DRT version scalance reset drt The AP returns the following message if the AP is using the default DRT version DRT is already in default status Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 15 5 restrict corp access Description This command configures restricted access to the corporate network...

Page 225: ... access scalance config end scalance commit apply Command Information All platforms Configuration mode All platforms Privileged EXEC mode 4 15 6 restrict mgmt access Description This command configures management subnet on an AP Syntax restricted mgmt access subnet mask no Parameter Description subnet Configures a management subnet address mask Configures the subnet mask for the management subnet ...

Page 226: ...he RF band for an AP Syntax rf band 2 4 5 0 all Parameter Description Range Default rf band 2 4 5 all Configures a radio frequency band for an AP You can configure any of the following options 2 4 For 2 4 GHz band or 802 11g configura tion 5 For 5 GHz and 802 11a configuration all For a mixed configuration of 2 4 GHz and 5 GHz If you do not specify any value by default both 5 GHz and 2 4 GHz bands...

Page 227: ...er Description zone Configures the RF zone and maps the RF zone to a radio profile no Removes the RF zone configuration Usage Guidelines Use this command to configure the RF zone for an AP Example The following example configures the RF zone of a guest SSID scalance rf zone guest Command Information AP Platform Command Mode All platforms Privileged Exec mode 4 15 9 rf dot11g radio profile Descript...

Page 228: ... level legacy mode max distance count max tx power power min tx power power smart antenna spectrum monitor zone zone no Parameter Description Range Default rf dot11g radio pro file Enables the 2 4 GHz RF configuration sub mode 40MHZ intolerance Controls whether or not APs using this radio profile willadvertise intolerance of 40 MHzoperation Disabled beacon interval interval Enter the Beacon period...

Page 229: ...ations are sent through multiple antennas using CSD When you enable the CSD Override parameter CSD is disabled and only one antenna transmits data even if they are being sent to high throughput stations This enables interoperabil ity for legacy or high throughput stations that cannot decode 802 11n CDD data This option is disabled by default and should only be enabled underthe supervi sion of tech...

Page 230: ... settings and weak OFDM immunity This level minimizes false detects on the radio due to interference but may also reduce ra dio sensitivity This level is recommended for environments with a high level of interference re lated to 2 4 GHz appliances such as cordless phones Level 4 Level 3 settings and FIR immunity At this level the AP adjusts its sensitivity to in band power which can improve perfor...

Page 231: ...nt At the end of the training se quence the AP selects the best antenna polarization based on these collected statistics The smart antenna feature does not support optimized antenna polariza tion for clients using SU or MU transmit beamforming and will use default polarization values for these cli ents Disabled zone zone Configures a zone name for the radio profile NOTE This parameter cannot be co...

Page 232: ...tion This command configures a 5 GHz or 802 11a radio profile for an AP Syntax rf dot11a radio profile profile_name 40MHZ intolerance beacon interval interval cell size reduction reduction csa count count csd override disable arm wids functions dot11h honor 40MHZ intolerance disable interference immunity level free channel index idx legacy mode max distance count max tx power power min tx power po...

Page 233: ...uce the power level that the radio can hear by that amount If you configure this feature to use a non default value you must also reduce the radio s Tx power to match its new Rx power level Failure to match a device s Tx power level to its Rx power level can result in a configuration that allows the radio to send messages to a device that it cannot hear 1 55 0 csa count count Configures the number...

Page 234: ...ynamic off on Dynamic interference immunity level Configures the immunity level to improve perfor mance in high interference environments You can specify any of the following immunity levels Level 0 no ANI adaptation Level 1 Noise immunity only This level enables power based packet detection by controlling the amount of power increase that makes a radio aware that it has received a packet Level 2 ...

Page 235: ...ce between a client and an AP or between a mesh point and a mesh portal in meters This value is used to derive ACK and CTS timeout times A value of 0 specifies the default settings for this parameter where timeouts are only modified for outdoor mesh radios which use a distance of 16km 600 1000 0 spectrum band type Allows you to specify the portion of the channel to monitor for 5 GHz configuration ...

Page 236: ...ofile spectrum monitor scalance RF dot11a Radio Profile end Command Information AP Platform Command Mode All platforms Configuration mode and RF dot11a Radio Profile configuration sub mode 4 15 11 routing profile Description This command configures a routing profile for a specific destination address or destination subnet Syntax routing profile route destination mask gateway metric no no routing p...

Page 237: ...s 15 no Removes configuration settings for parameters under the routing profile command no routing profile Removes the routing profile configuration Usage Guidelines Use this command to configure a routing profile for a specific destination address or destination subnet Example The following example configures a routing profile scalance config routing profile scalance Routing profile route 192 0 1...

Page 238: ...or client authentication Syntax show 1xcert Usage Guidelines Use this command to view information server and CA certificates used for validating the authentication server to which AP authenticates as a 802 1X supplicant Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 2 show aaa Description This command displays the AAA profile details Syntax show aaa dns query ...

Page 239: ...RADIUS modifier profiles Example The following example shows the output of show aaa dns query interval command 20 4c 03 24 89 18 show aaa dns query interval DNS QUERY Interval 15 The following example shows the output of show aaa fqdn server names command 20 4c 03 24 89 18 show aaa fqdn server names Auth Server FQDN names FQDN IP Address IPv6 Address Refcount Command Information AP Platform Comman...

Page 240: ...nd Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 4 show access rule Description This command displays the details of access rules configured for the wired or wireless clients associated with an AP Syntax show access rule name Parameter Description name Displays the access rule configuration details based the name specified for this parameter Usage Guidelines Use this...

Page 241: ...le upstream disable The output of this command displays information about the access rule parameters configured for a specific wired or wireless profile It indicates whether a particular type of traffic is allowed to a particular destination and the service and protocol in use and if options such as logging and prioritizing traffic are enabled when the rule is triggered If the DPI access rules are...

Page 242: ... Access Rule Name default_wired_port_profile In Use Yes Access Rules Dest IP Dest Mask Dest Match Protocol id sport eport Application any any match any masterip 0 0 0 0 match http masterip 0 0 0 0 match 6 4343 4343 any any match dhcp Action Log TOS 802 1P Blacklist App Throttle Up Down Mirror DisScan ClassifyMedia permit permit permit Vlan Id 0 ACL Captive Portal disable ACL ECP Profile default CA...

Page 243: ...escription Access Rule Name Displays the name of the access rule In use Indicates if the access rules are in use Access Rules Displays the access rules parameter for each rule configured for the SSID or Wired profile users VLAN Id Indicates the VLAN ID associated with the SSID or wired profile access rules ACL Captive Portal Indicates if the ACL rules are applicable to the captive portal users Com...

Page 244: ...tax show airgroup blocked queries dlna mdns blocked service id dlna mdns cache MAC address entries dlna mdns cppm auth server coa capable non coa only entries query interval server cppm entry MAC address debug statistics internal state statistics servers dlna mdns verbose status swarm info users dlna mdns verbose Parameter Description blocked queries dlna mdns Displays blocked queries if any block...

Page 245: ...rs dlna mdns ver bose Displays the list of AirGroup users Usage Guidelines Use the show airgroup commands to view the AirGroup configuration details on an AP Example Example outputs for some of the show airgroup commands are as follows show airgroup blocked queries The show airgroup blocked queries command output displays the blocked queries if any AirGroup dropped Query IDs Service ID query hits ...

Page 246: ... of this command includes the following information Column Description Name Indicates the name of AirGroup server Type Indicates the AirGroup model Class Indicates the class of the mDNS record TTL Indicates the duration after which the cache entries expire Origin Indicates the origin IP address of the cache entries Expiry Indicates the expiration details Last Update Indicates when the entries were...

Page 247: ...up cppm entries The following output is displayed for the show airgroup cppm entries command swarm id fc6520ad018ee6eb13bdc6b985e0fe6361bd37f7d25212a77e ap id d8 c7 c8 c4 42 98 ap ip 192 0 2 0 update no 0 Device device owner shared location id AP name shared location id AP FQLN shared location id AP group shared user list shared role list Num CPPM Entries 0 The output of this command provides the ...

Page 248: ...value 0x7f My ip address 192 168 10 251 My VC address 192 168 10 2 Peer VC address 192 168 10 2 Peer VC address 192 168 20 2 Peer VC address 192 168 30 2 Peer VC address 192 168 40 2 Peer VC address 0 0 0 0 Peer VC address 0 0 0 0 Peer VC address 0 0 0 0 Peer VC address 0 0 0 0 AirGroup Debug Statistics Key Value network cache init counter 2 2 mdns apdb init counter 7 7 mdns apdb destroy counter 1...

Page 249: ...iguration status on the slave AP Airgroup master sta tus Indicates the AirGroup configuration status on the slave AP Airgroup multi swarm status Indicates the status of the inter cluster mobility status value Indicates the status value Key and Value Displays details of AirGroup counters show airgroup internal state statistics The following output is displayed for the show airgroup internal state s...

Page 250: ...Hit Count Since Last Read Hit Count Total Average Time in microsec since last read Average Time in microsec alltime Response Cache Update 0 0 0 0 Response 0 0 0 0 Query prepare records Policy 0 0 0 0 Query Policy 0 0 0 0 0 0 0 Query resp pkt gen send 0 0 0 0 Query Response packet send 0 0 0 0 Query 0 0 0 0 The output of this command displays information about queries and responses and RADIUS clien...

Page 251: ... Indicates if AirGroup services such as AirPlay or AirPrint are configured VLAN Displays VLAN details of the AirGroup servers Wired Wireless Displays if the AirGroup server is connected to a wired or wireless inter face Role Displays the user role details Group Displays the server group Username Displays the username details AP name Displays the name of the AP Num servers Displays the total number...

Page 252: ...led CPPM Parameters Parameter Value CPPM Enforce Registration Disabled CPPM Server query interval 10 Hours CPPM Server dead time 100 Seconds AirGroup Service Information Service Status airplay Disabled airprint Disabled itunes Disabled remotemgmt Disabled sharing Disabled chat Disabled Chromecast Disabled DLNA Media Disabled DLNA Print Disabled allowall Disabled ...

Page 253: ...igura tion show airgroup swarm info The following output is displayed for show airgroup swarm info command AirGroup Swarm info Swarm id ef7501af01cd098223100f6d02733552765515ffcd7712c41c AirGroup Swarm AP info Ap MAC Ap Name Ap Ip Update no 6c f3 7f c3 5c 12 6c f3 7f c3 5c 12 10 17 141 140 0x3 d8 c7 c8 cb d3 b8 d8 c7 c8 cb d3 b8 10 17 141 138 0x0 d8 c7 c8 cb d3 9c d8 c7 c8 cb d3 9c 10 17 141 139 0...

Page 254: ...anged between the AirGroup user and the AirGroup server Num Users Indicates the number of AirGroup users Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 8 show airgroupservice Description This command displays the AirGroup service configuration details for an AP Syntax show airgroupservice disallow role vlan Parameter Description show airgroupservice Displays a...

Page 255: ...l datastream _tcp _prin ter _tcp _scan ner _tcp _univ ersal _sub _ipp _tcp _univ ersal _sub _ipps _tcp _prin ter _sub _http _tcp _http _tcp _http alt _tcp _ipp tls _tcp _fax ipp _tcp _riou sbprint _tcp _cups _sub _ipp _tcp _cups _sub _fax ipp _tcp _ica networking _tcp _ptp _tcp _cano n bjnp1 _tcp _ipps _tcp _ica networking2 _tcp itunes iTunes Disabled _home sharing_tcp _appl e mobdev _tcp _daap _t...

Page 256: ...upnp org device MediaServer 3 urn schemas upnp org device MediaServer 4 urn schemas upnp org device MediaRenderer 1 urn schemas upnp org device MediaRenderer 2 urn schemas upnp org device MediaRenderer 3 urn schemas upnp org device MediaPlayer 1 DLNA Print Print Disabled urn schemas upnp org device Printer 1 urn schemas upnp org service PrintBasic 1 urn schemas upnp org service PrintEnhanced 1 all...

Page 257: ... displays the AirGroup service IDs configured on an AP for its AirGroup clients Syntax show airgroupservice ids service Parameter Description service Indicates the name of the service and displays the service ID details of specified AirGroup service Usage Guidelines Use the show airgroupservice command to view the IDs of the AirGroup services configured on an AP Example The following output is dis...

Page 258: ...C mode 4 16 10 show ale Description This command displays the ALE configuration details Syntax show ale config stats status Parameter Description config Displays the ALE configuration details stats Displays the number of times a specific message type such as AppRF statistics and uplink bandwidth report was sent to the ALE server status Displays the status of ALE server Usage Guidelines Use this co...

Page 259: ...le shows the output of the show ale stats command scalance show ale stats ALE Stats Type Value VC package 0 RSSI package 0 APPRF package 0 URLv package 0 STATE packag 0 STAT package 0 UPLINK BW package 0 Total 0 The following example shows the output of the show ale status command scalance show ale status ALE Status Type Value ale login status False ale login status code ale fail times 0 ale reque...

Page 260: ...r of times a specific message type such as AppRF statistics and uplink bandwidth report was sent to the ALE server Syntax show ale stats Usage Guidelines Use this command to view the ALE statistics Example The following example shows the output of the show ale stats command scalance show ale stats ALE Stats Type Value VC package 0 RSSI package 0 APPRF package 0 URLv package 0 STATE package 0 STAT ...

Page 261: ...are generated when a client encounters problems while accessing or connecting to the AP network Example The show alerts global command displays information about the clients for which alerts if any are generated The following example shows the output for the show alerts global command Client Alerts Timestamp Type MAC Address Description Access Point 10 45 42 5 80 86 f2 85 51 6f 11 rno04 api 2 10 5...

Page 262: ... cannot allow this client to associate because it does not support the 802 11 rate requested by this client 5 Maximum capacity reached on AP The AP has reached maximum capacity and cannot accommodate any more clients 2 6 Invalid MAC Address The AP cannot authenticate this client because its MAC address is not valid 3 7 Client blocked due to repeated authentication failures The AP is temporarily bl...

Page 263: ...ream device can be upstream switch or RADIUS server Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 13 show alg Description This command displays the ALG protocol information configured on an AP Syntax show alg Usage Guidelines Use this command to view configuration details for the ALG protocols An application level gateway consists of a security component that...

Page 264: ...Description active laser beams Show active laser beam generators The output of this command shows a list of all APs that are actively per forming policy enforcement containment such as rogue containment This command can tell us which AP is sending out deauthorization frames although it does not specify which AP is being contained Usage Guidelines Use this command to view the information on AMs Exa...

Page 265: ...llowing example shows the output of the show allowed aps command Allow New APs enable AP Whitelist MAC Address d8 c7 c8 cb d4 20 d8 c7 c8 cb d3 98 d8 c7 c8 cb d3 b4 d8 c7 c8 cb d3 d4 The output of this command provides the following information Parameter Description Allow New APs Indicates if the new APs are allowed to join the network MAC Address Displays the MAC address of the APs that are allow...

Page 266: ...configured Usage Guidelines Use this command to view the maximum number of clients allowed for a 5 GHz radio channel SSID profile Example The following show a max clients command output displays the maximum number of clients allowed to connect to the each SSID scalance show a max clients test1 30 test2 200 test3 64 The following show a max clients ssid_profile command output displays the maximum n...

Page 267: ...h any any any deny wlan access rule ssid1 index 3 rule any any match any any any deny hotspot anqp nai realm profile name1 enable nai realm name nai realm eap method eap ttls nai realm auth id 1 non eap inner auth nai realm auth value 1 mschapv2 nai realm auth id 2 credential nai realm auth value 2 uname password nai realm encoding utf8 no nai home realm hotspot anqp nai realm profile nr1 enable n...

Page 268: ...e group business venue type research and dev facility venue lang code eng venue name vn1 hotspot anqp nwk auth profile na1 enable nwk auth type accept term and cond url www nwkauth com hotspot anqp roam cons profile rc1 enable roam cons oi len 3 roam cons oi 888888 hotspot anqp 3gpp profile 3g enable 3gpp plmn1 40486 3gpp plmn2 3gpp plmn3 3gpp plmn4 3gpp plmn5 3gpp plmn6 hotspot anqp ip addr avail...

Page 269: ... p2p dev mgmt no p2p cross connect addtl roam cons ois 0 gas comeback delay 10 query response length limit 20 access network type chargeable public venue group business venue type research and dev facility roam cons len 1 3 roam cons oi 1 123456 roam cons len 2 3 roam cons oi 2 223355 roam cons len 3 0 roam cons oi 3 advertisement profile anqp nai realm nr1 wlan ssid profile test enable index 0 ty...

Page 270: ...e ssid1 enable index 1 type employee essid hsProf opmode wpa2 aes max authentication failures 0 vlan 200 rf band all captive portal disable mac authentication l2 auth failthrough dtim period 1 inactivity timeout 1000 broadcast filter none radius accounting blacklist dmo channel utilization threshold 90 local probe req thresh 0 max clients threshold 64 hotspot profile hs1 auth survivability cache t...

Page 271: ...ired instant speed auto duplex auto no poe type guest captive portal disable no dot1x wired port profile default_wired_port_profile switchport mode trunk allowed vlan all native vlan 1 shutdown access rule name default_wired_port_profile speed auto duplex full no poe type employee captive portal disable no dot1x enet0 port profile default_wired_port_profile uplink preemption enforce none failover ...

Page 272: ...ifi1 mode access g channel 0 0 a channel 0 0 uplink vlan 0 g external antenna 0 a external antenna 0 The output of this command provides the following information Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 18 show ap allowed channels Description This command displays a list of allowed channels for an AP Syntax show ap allowed channels Usage Guidelines Spec...

Page 273: ... indoor 36 40 44 48 149 153 157 161 802 11g 40MHz outdoor 1 5 2 6 3 7 4 8 5 9 6 10 7 11 802 11a 40MHz outdoor 149 153 157 161 802 11a 80MHz indoor 36 48 149 161 802 11a 80MHz outdoor 149 161 802 11a DFS The output of this command includes the following information Parameter Description PHY Type Indicates the PHY type Allowed Channels Displays the list of allowed channels for a specific regulatory ...

Page 274: ...untry Code US Country United States and AP type AP 105 Channel 1 2 3 4 5 6 7 8 9 10 11 12 13 14 36 40 44 48 52 56 60 64 100 104 108 112 116 120 124 128 132 136 140 149 153 157 161 165 b 20 20 20 20 20 20 20 20 20 20 20 g a 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 24 24 24 24 22 22 22 22 22 22 22 22 23 23 23 23 23 HT 20 22 22 22 22 22 22 22 22 22 22 22 21 21 21 21 24 24 24 24 22 22 22 22 22 22 ...

Page 275: ...f time neighbors Displays details about the ARM neighbors rf summary Displays a summary of RF configuration information for an AP scan times Displays ARM channel scanning details for an AP Usage Guidelines Use this command to view information about the ARM bandwidth configuration historical statistics AP neighbors RF summary and scanning details on an AP Example show ap arm bandwidth management Th...

Page 276: ...history of channel and power changes due to ARM ARM can automatically change channel and power levels based on a number of factors such as noise levels and radio interference The following example shows the output of the show ap arm history command Interface wifi0 ARM History Time of Change Old Channel New Channel Old Power New Power Reason 2013 05 11 04 24 31 149 161 27 27 I 2013 05 11 02 54 34 1...

Page 277: ... I 2013 05 10 19 28 09 6 1 24 24 I 2013 05 10 19 02 08 11 6 24 24 I 2013 05 10 18 23 32 1 11 24 24 I 2013 05 10 17 40 55 6 1 24 24 I 2013 05 10 17 28 40 11 6 24 24 I 2013 05 10 17 01 24 1 11 24 24 I 2013 05 10 15 10 19 6 1 24 24 I 2013 05 10 15 03 41 11 6 24 24 I 2013 05 10 14 45 39 6 11 24 24 I 2013 05 10 14 19 32 11 6 24 24 I 2013 05 10 13 37 30 1 11 24 24 I 2013 05 10 11 34 27 6 1 24 24 I 2013 ...

Page 278: ...4 91 11 NTT SPOT 1 9 0 0 Passive 00 24 6c 2b fd e8 qa mv vap3 161 5 9 98 Passive 00 24 6c 80 4d 62 docomo 1 10 0 0 Passive Total updates Neighbor Summary One hop 232 Two hop 0 Current Time 2013 05 11 04 31 33 The output of this command includes the following information Column Description bssid Indicates the BSSID of the AP neighbors essid Indicates the ESSID of the AP neighbors Channel Indicates ...

Page 279: ...1 0 0 5 93 3 2 0 0 99 9 0 9 115 66 0 0 181 165 0 0 0 0 10 10 0 0 100 0 0 0 99 38 0 0 137 1 0 0 12 78 60 50 3 0 79 8 0 8 448 79 0 0 527 6 0 0 0 78 2 11 0 0 81 0 0 0 483 227 0 0 710 11 0 0 8 78 71 54 3 16 86 0 0 0 703 126 0 0 829 Columns util Qual ch util rx tx ext ch util quality HT Channel Summary channel_pair Pairwise_intf_index 149 153 346 36 40 339 157 161 357 44 48 465 Interface Name wifi0 Cur...

Page 280: ...nel interference details The AP uses this metric to measure co channel and adjacent channel interference The Interfer ence Index is calculated as a b c d where Metric value a is the channel interference the AP sees on its selected channel Metric value b is the interference the AP sees on the adjacent channel Metric value c is the channel interference the AP s neighbors see on the selected channel ...

Page 281: ... channel assign time ms scans attempted scans rejected dos scans flags timer tick 36 2483300 1530 0 0 DVACFT 172120 40 576170 1547 0 0 DVACPT 172139 44 9945940 1454 0 0 DVACFT 172145 48 170500 1550 0 0 DVACPT 172158 52 167420 1522 0 0 DVACT 172046 56 65450 595 0 0 DVCT 171880 60 169840 1544 0 0 DVACT 172052 64 170390 1549 0 0 DVACT 172063 149 68631720 952 0 0 DVACFT 172074 153 32278480 1268 0 0 DV...

Page 282: ...udes the following information Column Description channel Displays the list of channels configured on the AP assign time ms Displays the time since AP is assigned a channel scans attempted Indicates the number times an AP has attempted to scan another channel scans rejected Displays the number of times an AP was unable to scan a channel because the scan was halted due to other ARM settings dos sca...

Page 283: ...splays the association table for an AP group or for an individual AP Syntax show ap association Usage Guidelines Use this command to view information about the clients associated with an AP Example The following example shows the output of show ap association command The phy column shows client s operational capabilities for current association Flags A Active B Band Steerable H Hotspot 802 11u cli...

Page 284: ...cia tion ID when it associates to an AP 1 int Indicates the number of beacons in the 802 11 listen interval There are ten beacons sent per second so a ten beacon listen interval indicates a listening interval time of 1 second essid Indicates the name that uniquely identifies the AP s Extended Service Set Identifier ESSID vlan id Indicates the VLAN ID associated with the AP tunnel id Indicates the ...

Page 285: ...8 cb d4 20 0 18h 13m 59s d8 c7 c8 3d 42 02 example1 10 17 88 188 g HT ap 7 21 5 21 5 0 d8 c7 c8 cb d4 20 0 18h 13m 58s d8 c7 c8 3d 42 03 example local nw 10 17 88 188 g HT ap 7 21 5 21 5 0 d8 c7 c8 cb d4 20 0 18h 13m 58s Channel followed by indicates channel selected due to unsupported configured channel Spectrum followed by indicates Local Spectrum Override in effect Num APs 5 Num Associations 1 ...

Page 286: ... the show ap cacert command Local CA Certificates Version 3 Serial Number 16 90 C3 29 B6 78 06 07 51 1F 05 B0 34 48 46 CB Issuer C SE O AddTrust AB OU AddTrust External TTP Network CN AddTrust External CA Root Subject C GB ST Greater Manchester L Salford O COMODO CA Limited CN COMODO High Assurance Secure Server CA Issued On Apr 16 00 00 00 2010 GMT Expires On May 30 10 48 38 2020 GMT Signed Using...

Page 287: ...riSign Class 3 Secure Server CA G3 Issued On Feb 8 00 00 00 2010 GMT Expires On Feb 7 23 59 59 2020 GMT Signed Using SHA1 RSA RSA Key size 2048 bits Version 3 Serial Number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A Issuer C US O VeriSign Inc OU VeriSign Trust Network OU c 2006 VeriSign Inc For authorized use only CN VeriSign Class 3 Public Primary Certification Authority G5 Subject C US O Ve...

Page 288: ...APs Syntax show ap mesh cluster configuration status topology Example The following example shows the output of show ap mesh cluster configuration command Mesh cluster name mesh_clusterl Mesh cluster key Manual The following example shows the output of show ap mesh cluster status command Mesh cluster Enabled Mesh cluster name mesh_clusterl Mesh role Mesh Portal The following example shows the outp...

Page 289: ...elated to the number of children on the specified node Link Cost Represents the quality of the link to an active neighbor The higher the RSSI the better the path to the neighbor and the mesh portal If the RSSI value is below the configured threshold the link cost is penalized to filter marginal links A less direct higher quality link may be preferred over the marginal link The following factors al...

Page 290: ... Role VLAN ESSID 74 23 44 2d 33 84 1AF366D5AB1D 4m 41s 00000 mpsk test 1 00000 mpsk test The output of the above commands includes the following information Parameter Description Client MAC Indicates the MAC address of the client from which multiple PSK is de rived Key Displays the cached key for the client Expiry Displays the multiple PSK cache expiration details in HH MM SS format Role Indicates...

Page 291: ...he output of show ap checksum command Cfg 3418616819 Radius Cert 0 Radius Psk 0 Radius CA 0 Radsec Cert 3634990680 Radsec Psk 724802778 Radsec CA 1010414991 Web UI cert 0 Web UI key 0 CP cert 0 CP key 0 CP logo 0 Datatunnel Cert 0 Datatunnel Psk 0 Datatunnel CA 0 Custom AWC CA from Activate 0 DHCP Option82 XML 0 Custom AWC CA from Airwave 0 Default clearpass ca 749098642 clearpass ca 0 Resource fi...

Page 292: ...ches 00 24 6c c8 74 4c show ap client match his Client Match Action Table Station Old State New State Reason Radio Time 00 db df 0a 57 4e Normal Normal Client associated 1 18h 32m 5s 00 db df 0a 57 4e Normal Normal Client associated 0 15h 20m 1s 00 db df 0a 57 4e Normal Normal Client associated 0 9h 48m 57s 00 db df 0a 57 4e Normal Target I am the better AP 0 7m 9s 00 db df 0a 57 4e Normal Deny I ...

Page 293: ... to the specified client is displayed Usage Guidelines Use this command to view the history of clients match actions for the clients associated with an AP Example The following example shows the output of show ap client match history command Client Match Action Table Station Old State New State Reason Radio Time 00 db df 0a 57 4e Normal Normal Client associated 1 18h 32m 5s 00 db df 0a 57 4e Norma...

Page 294: ...l Client associated 0 15h 20m 1s Normal Normal Client associated 0 9h 48m 57s Normal Target I am the better AP 0 7m 9s Normal Deny I am not the better AP 1 7m 9s Target Adopted Client match succeed 0 5m 17s Deny Normal Client match succeed 1 5m 17s Total 7 Records Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 29 show ap client match refused Description This c...

Page 295: ... BALANCING Associated 1 Threshold 1 Leaving 0 Coming 0 Last Refused Clients Table MAC RSSI Refused Count Last Refused Time 02 99 00 00 01 33 27 2 3 7e 17 7b 2c f5 e2 5 4 6 00 27 10 c5 96 54 22 1 0 18 3d a2 0a 48 3c 33 2 1 02 21 00 00 00 14 28 2 5 00 27 10 cf ef b4 32 2 7 7e 17 7b 27 6b af 6 2 3 00 db df 0a 6a db 21 2 4 00 24 6c c8 74 4c show ap client match ref 1 Client Match Status RUNNING Associ...

Page 296: ... AP and all its neighboring APs Usage Guidelines Use this command to view the SSID details stored in the client match database for a specific radio belonging to the current AP and all its neighboring APs Example The following example shows the output of the show ap client match ssid table radio mac command scalance show ap client match ssid table radio mac f0 5c 19 1c 92 50 Client Match SSID Table...

Page 297: ...moved from one AP to another for better performance and client experience Dynamic Load Balancing Sticky Clients Band Steering Channel Utilization Client Capability Match For more information on client match and client match trigger conditions see onfiguration Manual SCALANCE W UI Example The following example shows the output of the show ap client match triggers command Client Match Triggers Stati...

Page 298: ...so on Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 32 show ap client probe report Description This command displays the client probe report for an AP Syntax show ap client probe report radio Parameter Description radio Allows you to filter the output based the ID number of the radio for ex ample 0 or 1 Usage Guidelines Use this command to view a probe report...

Page 299: ... information about the clients in an AP s neighborhood Syntax show ap client view Usage Guidelines Use this command to view information about the clients associated with the neighboring APs Example The following example shows the output of show ap client view command Client Match Neighbor Table MAC Channel RSSI Clients Threshold Channel Util VC Key Flags d8 c7 c8 44 50 c 0 8m 27s 6 13 1 d8 c7 c8 4...

Page 300: ... 9 0 2m 34s 48 17 2 VR 6c f3 7f ee dc 2 0 11 32 2 3 0 847face0 3m 6s d8 c7 c8 44 4c 8 0 2m 27s 6 24 1 VR d8 c7 c8 44 4c 9 0 2m 34s 36 20 11 VR 6c f3 7f e7 5d 4 0 14m 24s 1 59 1 3 0 847face0 Neighbor Flags V Valid R In RF Neighborhood S Same Channel B Balancing C Client Match Enabled I In Same Swarm Total 21 Neighbors 00 24 6c c8 74 4c show ap client match live Client Match Table Station CM State R...

Page 301: ... Server List Domain IP Address Type Mode Con fig only Rap ids mode Sta tus securelogin arubanetworks com Primary No Airwave Server List Domain IP Address Type Mode Con fig only Rap ids mode Status 70 3a 0e cc ee b2 70 3a 0e cc ee b2 show ap debug am config Radio Configu ration for wifi0 Parameter Value Preferred Channel 108 Tx Power 27 0 VHT Enabled 1 Radio Configuration for wifi1 Parameter Value ...

Page 302: ... thresh noise wait time 75 120 Aggressive scans 0 Frequent scan action 0 Client Match Upd intvl 0 0 Sticky Intvl SNR SNR thr Min Sig 0 0 0 0 Bandsteer g max sig a min sig 0 0 Ideal Coverage Index 10 Acceptable Coverage Index 4 Free Channel Index 25 Backoff Time 240 Intf AP Weight 25 ARM Configuration for wifi1 Parameter Value Assignment 0 Client Aware 1 Mode Aware 0 OTA Updates 0 Scanning 1 Scan I...

Page 303: ...ptable Coverage Index 4 Free Channel Index 25 Backoff Time 240 Intf AP Weight 25 Scanning Configuration for wifi0 Parameter Value Scan mode all reg domain Dwell Time Active Channel 500 Dwell Time Reg Domain Channel 250 Dwell Time Other Reg Domain Channel 200 Dwell Time Rare Channel 100 Scanning Configuration for wifi1 Parameter Value Scan mode all reg domain Dwell Time Active Channel 500 Dwell Tim...

Page 304: ...6 140 144 149 153 157 161 165 G Band 40MHz Channels Reg Info Type Channels Reg Domain Profile Downloadable Reg Table 1 7 AP Cert Info 1 2 3 4 5 6 7 Valid Assignment Channels 1 7 A Band 40MHz Channels Reg Info Type Channels Reg Domain Profile Downloadable Reg Table 36 44 52 60 100 108 116 124 132 140 149 157 AP Cert Info 36 40 44 48 52 56 60 64 100 104 108 112 116 120 124 128 132 136 140 144 149 15...

Page 305: ...meter Value Detect Frame Rate Anomalies Disable Bandwidth Rate High Watermark 0 Bandwidth Rate Low Watermark 0 Frame Error Rate High Watermark 0 Frame Error Rate Low Watermark 0 Frame Fragmentation Rate High Watermark 0 Frame Fragmentation Rate Low Watermark 0 Frame Low Speed Rate High Water mark 0 Frame Low Speed Rate Low Water mark 0 Frame Non Unicast Rate High Wa termark 0 Frame Non Unicast Rat...

Page 306: ... Wired Containment Disable Wired Containment of AP s Adj MACs Disable Wired Containment of Sus pected L3 Rogue Disable Mobility Manager RTLS Disa ble AP Event Generation traps only Send Adhoc Info to Controller Disable WMS Client Monitoring none Packet SNR Threshold 0 Frame Type for RSSI calculation ba pr dlow mgmt ctrl null Max Monitored Devices Max Unassociated Stations 256 Unclassified AP Updat...

Page 307: ...e Interval 5 CTS Rate Quiet Time 900 Detect RTS Rate Anomaly Disable RTS Rate Threshold 5000 RTS Rate Time Interval 5 RTS Rate Quiet Time 900 Detect Rate Anomalies Disable Detect 802 11n 40MHz Intolerance Disable Client 40MHz Intolerance Quiet Time 900 Detect Omerta Attack Disable Omerta Attack Rate Threshold 10 Omerta Quiet Time 900 Detect FATA Jack Attack Disable FATA Jack Quiet Time 900 Detect ...

Page 308: ...old 45 WPA FT Attack Detection Quiet Time 900 IDS Rate Parameters FrameType ChThreshold ChTim e ChQui etTim e NodeT hresh old No deTim e NodeQ ui etTim e assoc 300 15 900 200 15 900 disassoc 300 15 900 200 15 900 deauth 300 15 900 200 15 900 probe request 300 15 900 200 15 900 probe response 300 15 900 200 15 900 auth 300 15 900 200 15 900 IDS Impersonation Configuration Parameter Value Detect AP ...

Page 309: ...ment Disable Suspect Rogue Confidence Level 100 Allow Well Known MACs Protect Valid Stations Disable Detect Bad WEP Disable Detect Misconfigured AP Disable Protect Misconfigured AP Disable Protect SSID Disable Privacy Disable Require WPA Disable Detect Unencrypted Valid Clients Disable Unencrypted Valid Clients Quiet Time 900 Protect 802 11n High Throughput Devices Disable Protect 802 11n High Thr...

Page 310: ...ormation Airwave Server List Domain IP Address Type Mode Con fig only Rap ids mode Status 10 65 6 213 Primary Manage Yes Login done Airwave server 10 65 6 213 Airwave proxy server None Airwave Protocol wss Airwave uptimes 3s Airwave status Login done Server Debug Statistics Key Value Connect establish success 3 3 Authentication failed 3 3 Login done times 1 1 Connect retry times 3 3 Last connect s...

Page 311: ...rWave can be configured to operate in the Manage Read Write or Monitor only Firmware Upgrades modes Config only Indicates whether AirWave is in the configuration mode If yes the AP simplifies the report for AirWave Rapids mode Indicates whether AirWave is in RAPIDS mode RAPIDS is a powerful tool used for monitoring and managing security on wireless networks The AP can perform different actions whe...

Page 312: ...t Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 36 show ap debug airwave data sent Description This command displays information about data exchange between the AirWave server and the AP Syntax show ap debug airwave data sent Usage Guidelines Use this command to view information about the data sent to the AirWave server Example The following example shows the...

Page 313: ...uidelines Use this command to view the pending AirWave server events Example The following example shows the partial output of the show ap debug airwave events pending command t11 e61 1106 e61 e62 654 e62 e1005 6c f3 7f 56 7f 60 e1005 e1006 7SPOT e1006 e1001 d8 c7 c8 cb d4 20 e1001 e1056 2 e1056 e1017 d8 c7 c8 cb d4 20 e1017 e1018 1 e1018 e1058 Varbind deprecated e1058 t11 Command Information AP P...

Page 314: ...er five minutes This command displays the restoration status of the AP configuration for the APs managed by AirWave Example The output of the show ap debug airwave restore status command displays the restoration flag and time The following example shows the output of this command Airwave Config Restore Restore flag Time No N A Command Information AP Platform Command Mode All platforms Privileged E...

Page 315: ...7781e2 Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 40 show ap debug airwave state Description This command displays the configuration details and status of AirWave events associated with an AP Syntax show ap debug airwave state Usage Guidelines Use this command to view the current state of AirWave events associated with the AP Example The following example ...

Page 316: ...4 e25 test e25 e26 2 e26 e27 e27 e28 64 e28 e29 1 e29 e30 2 e30 t4 t4 e25 test123 e25 e26 3 e26 e27 e27 e28 64 e28 e29 1 e29 e30 2 e30 t4 t2 e1 d8 c7 c8 c4 42 98 e1 e6 BE0000315 e6 e2 d8 c7 c8 c4 42 98 e2 e7 1 3 6 1 4 1 14823 1 2 34 e7 e18 e18 e5 10 17 88 59 e5 e15 10 e15 e16 129183744 e16 e17 71094272 e17 e13 1 e13 e14 257137 e14 e65 0 e65 t3 e1 d8 c7 c8 c4 29 88 e1 ...

Page 317: ...47 80 e47 e46 61 e46 t3 t2 Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 41 show ap debug airwave stats Description This command displays the configuration statistics associated with an AP managed or monitored by the AirWave server Syntax show ap debug airwave stats def Usage Guidelines Use this command to view configuration details of an AP managed or monito...

Page 318: ...d t7 e1 d8 c7 c8 3d 3a 83 e1 e25 test_wep e25 e23 1 e23 e22 1 e22 e21 1 e21 e19 2 e19 e20 1 e20 t7 t7 e1 6c f3 7f a5 df 32 e1 e25 sw san rapng l3 e25 e23 153 e23 e22 1 e22 e21 1 e21 e19 1 e19 e20 1 e20 t7 t7 e1 d8 c7 c8 3d 46 d2 e1 e25 test_1x_term e25 e23 48 e23 e22 1 e22 e21 1 e21 e19 1 e19 e20 2 e20 t7 Command Information AP Platform Command Mode All platforms Privileged EXEC mode ...

Page 319: ...ut 600 Min Potential AP Beacon Rate 25 Min Potential AP Monitor Time 2 Signature Quiet Time 900 Containment Confirmation Enable Wireless Containment deauth only Debug Wireless Containment Disable Wired Containment Wired Containment of AP s Adj MACs Wired Containment of Suspected L3 Rogue Disable Mobility Manager RTLS Disable Disable Disable Disable AP Event Generation traps only Send Adhoc Info to...

Page 320: ...information for a specific MAC address Usage Guidelines Use the output of this command to troubleshoot authentication errors Include the MAC parameter to filter data by the MAC address of the client to view specific details Example The following example shows the output of show ap debug auth trace buf count command Auth Trace Buffer May 10 13 05 09 station up ac 81 12 59 5c 12 d8 c7 c8 3d 42 13 wp...

Page 321: ...w in the output of this table may include some or all of the following information A timestamp that indicates when the entry was created The type of exchange that was made The direction the packet was sent The source MAC address The destination MAC address The packet number The packet length Additional information such as encryption and WPA type Command Information AP Platform Command Mode All pla...

Page 322: ...e Beaconing APB Beaconing AP USB Power Override Disabled 1 Uplink Status Up APB NA APB Connection Status 0 Last BLE Device Update Attempted 8c 8b 83 3d 72 6c Last AP to APB Message Time 2017 09 06 03 07 59 Last Update to Endpoint Time No Update Sent Log Levels Available All 0xffff Info 0x04 Warning 0x02 Error 0x01 Ageout 0x08 BMReq 0x10 FW Upgrade 0x20 FW UpgradeErr 0x40 CfgUpdate 0x80 CfgUpdateEr...

Page 323: ...and displays a log showing the BLE counter details Syntax show ap debug ble counters Usage Guidelines Use this command to view the BLE counter details Command Information AP Platform Command Mode All platforms Privileged Exec mode 4 16 46 show ap debug ble daemon Description This command displays the BLE daemon log messages Syntax show ap debug ble daemon Usage Guidelines Use this command to view ...

Page 324: ...isp attr WebSocket Connect Request Yes WebSocket Connect Status 3 WebSocket Connection Established Yes WebSocket LogLevel 0 Tag Logging Off Websocket Address beacons meridianapps com WebSocket Host beacons meridianapps com WebSocket Path ingestion ingest Note Websocket Loglevel List Error 0x1 Warn 0x2 Notice 0x4 Info 0x8 Debug 0x10 Parser 0x20 Header 0x40 Ext 0x80 Client 0x100 Latency 0x200 The fo...

Page 325: ... 18 libwebsocket_client_connect_2 address tags meridianapps com WS 2017 03 03 08 17 48 Unable to get host name from tags meridianapps com WS 2017 03 03 08 18 04 Initial logging level 65535 WS 2017 03 03 08 18 04 Library version 1 3 unknown build hash WS 2017 03 03 08 18 04 LWS_MAX_HEADER_LEN 1024 WS 2017 03 03 08 18 04 LWS_MAX_PROTOCOLS 5 WS 2017 03 03 08 18 04 LWS_MAX_EXTENSIONS_ACTIVE 3 WS 2017 ...

Page 326: ... success 6059 failed 301 last curl result code 1 Timeout 1 20 Jobs added 6360 Request to Server Last Curl logs Trying 54 255 165 205 TCP_NODELAY set Connected to edit meridianapps com 54 255 165 205 port 443 0 SSL connected POST api beacons manage HTTP 1 1 Host edit meridianapps com Content Type application json Authorization MERIDIAN MzkxMTZlMWYtYTgzYS00YWUxLTkzYWEtYjQyNzE1MGMyMjAxOjBiZWJjYWViLTR...

Page 327: ...e shows the output of the show ap debug ble table command BLE Device Table MAC HW_Type FW_Ver Flags Status Batt RSSI Major Minor UUID Tx_Power Last Update Uptime Total beacons 0 Note Battery level for LS BT1USB devices is indicated as USB Note Uptime is shown as Days hour minute second Note Last Update is time in seconds since last heard update Status Flags L AP s local beacon I iBeacon A Aruba Be...

Page 328: ... OAD E 7 14 254 0x0001 T 100 82 0000 0000 0000 12s 23h 59m 30s a0 e6 f8 38 1d 54 AT BT10 OAD E 7 5 7 0x0001 T 100 76 0000 0000 0000 25s 1h 46m 30s Command Information AP Platform Command Mode All platforms Privileged Exec mode 4 16 49 show ap debug ble table assettags Description This command displays beacon details for the BLE tags detected by the AP Syntax show ap debug ble table assettags Usage...

Page 329: ...T 100 76 0000 0000 0000 25s 1h 46m 30s Command Information AP Platform Command Mode All platforms Privileged Exec mode 4 16 50 show ap debug client frame history Description This command displays the latest RSSI information about the incoming packets for a client connected to an AP Syntax show ap debug client frame history client mac mac address radio 0 1 Parameter Description client mac mac addre...

Page 330: ...ption This command displays the information about the client match configuration status on an AP radio interface Syntax a channel channel tx power Parameter Description radio Allows you to specify the ID number of the radio for example 0 or 1 for which you want to view client match configuration status Usage Guidelines Use this command to view the status of client match configuration for a specifi...

Page 331: ...he client s BSSID Usage Guidelines Use this command to view information about an AP client Example The following example displays the output of the show ap debug client stats mac bssid command displays statistics for packets received from and transmitted to the specified client Parameter Value General Per radio Statistics Last TX Antenna 0 Last RX Antenna 0 Transmit Specific Statistics Tx Frames R...

Page 332: ...s Mon 883 Tx Data Frames 36 Mbps Mon 99 Tx Data Frames 54 Mbps Mon 8 Tx Data Frames 72 Mbps Mon 0 Tx Data Frames 108 Mbps Mon 11 Tx Data Frames 300 Mbps Mon 8 Tx Data Frames 450 Mbps Mon 0 Tx Data Frames 1300 Mbps Mon 0 Tx Data Frames 1300 Mbps Mon 0 Tx Data Bytes 12 Mbps Mon 4577 Tx Data Bytes 24 Mbps Mon 216157 Tx Data Bytes 36 Mbps Mon 26594 Tx Data Bytes 54 Mbps Mon 2177 Tx Data Bytes 72 Mbps ...

Page 333: ...Tx Data Frames 300 Mbps Mon 8 Tx Data Frames 450 Mbps Mon 0 Tx Data Frames 1300 Mbps Mon 0 Tx Data Frames 1300 Mbps Mon 0 Tx Data Bytes 12 Mbps Mon 4577 Tx Data Bytes 24 Mbps Mon 216157 Tx Data Bytes 36 Mbps Mon 26594 Tx Data Bytes 54 Mbps Mon 2177 Tx Data Bytes 72 Mbps Mon 0 Tx Data Bytes 108 Mbps Mon 3915 Tx Data Bytes 300 Mbps Mon 2334 Tx Data Bytes 450 Mbps Mon 0 Tx Data Bytes 1300 Mbps Mon 0 ...

Page 334: ... 404264 Rx PS Poll Frames 0 Rx EAPOL Frames 16 Rx STBC Frames 0 Rx LDPC Frames 0 Rx Data Priority BE 1860 Rx Data Frames 12 Mbps Mon 29 Rx Data Frames 54 Mbps Mon 1275 Rx Data Frames 108 Mbps Mon 556 Rx Data Frames 300 Mbps Mon 0 Rx Data Frames 450 Mbps Mon 0 Rx Data Frames 1300 Mbps Mon 0 Rx Data Frames 1300 Mbps Mon 0 Rx Data Bytes 12 Mbps Mon 3825 Rx Data Bytes 54 Mbps Mon 244496 Rx Data Bytes ...

Page 335: ...ssfully transmitted Success With Retry Shows the number of frames that were transmitted after being retried Tx Mgmt Frames Shows the number of management frames transmitted Tx Probe Responses Shows the number of transmitted probe responses Tx Data Frames Shows the number of transmitted data frames Tx CTS Frames Shows the number of clear to sent CTS frames transmitted Dropped After Retry Shows the ...

Page 336: ... received ACK packet on the primary control channel 1 This parameter is only displayed for APs operating in 40 MHz mode Last ACK SNR CTL2 Indicates the signal to noise ratio for the last received ACK packet on the primary control channel 2 This parameter is only displayed for APs operating in 40 MHz mode Last ACK SNR EXT0 Indicates the signal to noise ratio for the last received ACK packet on the ...

Page 337: ...P clients Example The following example shows the output of show ap debug client table command Client Table MAC ESSID BSSID Assoc_State HT_State AID PS_State 08 ed b9 e1 51 7d example1 d8 c7 c8 3d 42 12 Associated WSsM 0x1 Awake UAPSD Tx_Pkts Rx_Pkts PS_Qlen Tx_Retries Tx_Rate Rx_Rate Last_ACK_SNR 0 0 0 0 N A 0 101 12888 0 0 300 300 45 Last_Rx_SNR TX_Chains Tx_Timestamp Rx_Timestamp MFP Status C R...

Page 338: ...tion ID when it associates to an AP UAPSD Shows the following values for Unscheduled Automatic Power Save Delivery UAPSD in comma separated format VO VI BK BE Max SP Q Len VO If 1 UAPSD is enabled for the VoIP access category If UAPSD is disabled for this access category this value is 0 VI If 1 UAPSD is enabled for the Video access category If UAPSD is disabled for this access category this value ...

Page 339: ...20171122_182303 f05c19ca1a92 meshd 8793 Hercules_62273 3 tgz core 20171122_182352 f05c19ca1a92 meshd 8974 Hercules_62273 4 tgz core 20171122_182442 f05c19ca1a92 meshd 9084 Hercules_62273 5 tgz core 20171122_182532 f05c19ca1a92 meshd 9280 Hercules_62273 6 tgz core 20171122_182621 f05c19ca1a92 meshd 9460 Hercules_62273 7 tgz core 20171122_182711 f05c19ca1a92 meshd 9647 Hercules_62273 8 tgz core 2017...

Page 340: ... Command Mode All platforms Privileged EXEC mode 4 16 55 show ap debug crash info Description This command displays log information for an AP that crashed The stored crash information is cleared from the flash after the AP reboots Syntax show ap debug crash info Usage Guidelines Use this command to view the AP crash information for debugging purpose Command Information AP Platform Command Mode All...

Page 341: ... dhcp packets command Traced Dhcp Packets Timestamp Mtype Htype Hops TID Cip Yip Sip Gip Cmac The output of this command includes the following parameters Column Description Timestamp Displays the timestamp for DHCP packets Mtype Indicates the message type Htype Indicates the hardware address type Hops Shows the number of hops TID Shows the transaction ID Cip Indicates the client IP address Yip In...

Page 342: ...debug dot1x statistics command 802 1X Statistics Mac Name AP Auth Succs Auth Fails Auth Tmout Re Auths 08 ed b9 e1 51 7d d8 c7 c8 3d 42 12 0 0 0 0 Total 0 0 0 0 Supp Naks UKeyRot MKeyRot 0 0 0 0 0 0 802 1x Counters WPA2 Message 1 3 Message 2 2 Message 3 2 Message 4 2 The output of this command includes the following parameters Parameter Description Mac Displays the MAC address of the authenticated...

Page 343: ... Displays the 802 1X authentication counters Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 58 show ap debug driver config Description This command displays AP driver configuration Syntax show ap debug driver config Usage Guidelines Use this command to review configuration changes made since the AP driver was last reset Example The show ap debug driver config ...

Page 344: ...ad Balancing Mode channel Spectrum Load Balancing Update Interval sec 30 seconds Spectrum Load Balancing Threshold 2 percent Infrastructure assisted client association management Disabled Beacon Period 100 msec Beacon Regulate Disabled Advertized regulatory max EIRP 0 ARM WIDS Override Dynamic Reduce Cell Size Rx Sensitivity 0 dB Management Frame Throttle interval 0 sec Management Frame Throttle L...

Page 345: ...eature Disabled Advertise Enabled Capabilities IE Disabled Advertise Country IE Disabled Advertise Power Constraint IE Disabled Advertise TPC Report IE Disabled Advertise QBSS Load IE Disabled Advertise BSS AAC IE Disabled Advertise Quiet IE Disabled Advertise Fast BSS Transition 802 11r Capability Disabled Fast BSS Transition Mobility Domain ID 0 Country Code IN ESSID example1 Encryption wpa2 psk...

Page 346: ...Enabled Advertise Location Info Disabled Advertise AP Name Disabled 40 MHz channel usage Enabled BA AMSDU Enable Disabled Temporal Diversity Enable Enabled High throughput enable SSID Enabled Low density Parity Check Enabled Maximum number of spatial streams usable for STBC reception 1 Maximum number of spatial streams usable for STBC transmission 1 MPDU Aggregation Enabled Max received A MPDU siz...

Page 347: ...ed A MPDU size 65535 bytes Min MPDU start spacing 16 usec Short guard interval in 20 MHz mode Enabled Short guard interval in 40 MHz mode Enabled Supported MCS set Explicit Transmit Beamforming Disabled Transmit Beamforming Compressed Steering Disabled Transmit Beamforming non Compressed Steering Disabled Transmit Beamforming delayed feedback support Disabled Transmit Beamforming immediate feedbac...

Page 348: ...erface sending or receiving LLDP PDUs detail Displays details about the interface and number of neighbors state This command displays the LLDP interfaces information sending or receiving LLDP PDUs Example The following example shows the output of show ap debug lldp counters command scalance show ap debug lldp counters Interface Received Unknown TLVs Malformed Overflow Transmitted eth0 3259 0 0 0 3...

Page 349: ... Access Point P Phone O Other Remote Inter face Indicates the interface name on a peer device to which the AP port is connected Expiry Time Secs Indicates the maximum time limit for sending and receiving LLDP PDUs The following example shows the output of show ap debug lldp state command scalance show ap debug lldp state LLDP Interface Information Interface LLDP TX LLDP RX LLDP MED TX interval Hol...

Page 350: ...ighbors Usage Guidelines By default this command displays LLDP neighbors for the entire list of LLDP interfaces Include the IP address of an AP to display neighbor information only for that one device Example The following example shows the output of show ap debug lldp neighbor command scalance show ap debug lldp neighbor Capability codes R Router B Bridge A Access Point P Phone O Other LLDP Neigh...

Page 351: ...piry Time Secs Indicates the maximum time limit for sending and receiving LLDP PDUs Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 61 show ap debug lldp state Description This command displays the LLDP interfaces information Syntax show ap debug lldp state Example The following example shows the output of show ap debug lldp state command scalance show ap debug...

Page 352: ...ode All platforms Privileged EXEC mode 4 16 62 show ap debug mgmt frames Description This command displays the trace information for the 802 11 management frames Syntax show ap debug mgmt frames mac Parameter Description mac Displays trace information for an AP based on MAC address Example The following example shows the partial output of show ap debug mgmt frames command Traced 802 11 Management ...

Page 353: ...icates the signal level Misc Indicates miscellaneous information such as status and other relevant de tails Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 63 show ap debug network bssid Description This command displays the mapping of WLAN index and BSSID for an AP When this command is executed on a master AP it displays the mapping details of the slave AP Syn...

Page 354: ...ows the output of show ap debug persistent clients command Persistent Clients MAC Address ESSID State Expired Update Time Expiration Time The output of this command includes the following information Column Description MAC Address Shows the MAC address of the client ESSID Shows the ESSID used by the client State Indicates the connection status of the client Expired Indicates if the client session ...

Page 355: ... debug power table command scalance show ap debug power table 1 Combined CONDUCTED Limits dBm 11 Antenna 1 NSS 1 CCK CDD 18 0 18 0 18 0 18 0 CDD CRPOL 18 0 18 0 18 0 18 0 TXBF TXBF CRPOL OFDM CDD 18 0 18 0 18 0 18 0 18 0 18 0 18 0 18 0 CDD CRPOL 18 0 18 0 18 0 18 0 18 0 18 0 18 0 18 0 TXBF TXBF CRPOL Mode HT VHT 20 CDD 18 0 18 0 18 0 18 0 18 0 18 0 18 0 17 0 16 0 15 0 CDD CRPOL 15 0 18 0 18 0 18 0...

Page 356: ... correlation gain Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 66 show ap debug radio stats Description This command displays the aggregate radio debug statistics of an AP Syntax show ap debug radio stats radio ID Parameter Description radio ID Allows you to specify the ID number of the radio for example 0 or 1 for which you want to view statistics Usage Gui...

Page 357: ...s 780044 Tx FIFO Underrun 0 Tx Allocated Desc 557660 Tx Freed Desc 557660 Tx EAPOL Frames 15 TX STBC Frames 0 TX LDPC Frames 0 Tx AGGR Good 0 Tx AGGR Unaggr 0 Tx Data Priority BE 125 Tx Data 6 Mbps Mon 125 Tx Data 12 Mbps Mon 0 Tx Data 24 Mbps Mon 0 Tx Data 36 Mbps Mon 0 Tx Data 54 Mbps Mon 0 Tx Data 108 Mbps Mon 0 Tx Data 108 Mbps Mon 0 Tx Data Bytes 6 Mbps Mon 16648 Tx Data Bytes 12 Mbps Mon 0 T...

Page 358: ...s IMM WAR 0 Tx HT40 Dfs HT20 WAR 0 Tx MAC BB Hang Stuck 0 Tx Mgmt Bytes 1434583125 Tx Beacons Bytes 1202571538 Receive Specific Statistics Rx Last SNR 16 Rx Last SNR CTL0 14 Rx Last SNR CTL1 13 Rx Last ACK SNR 0 Rx Frames Received 5622989 Rx Good Frames 4517471 Rx Bad Frames 1105518 Rx Total Data Frames Recvd 518806 Rx Total Mgmt Frames Recvd 3261635 Rx Total Control Frames Recvd 736829 Rx Total B...

Page 359: ...s the RADIUS statistics for the authentication servers configured on an AP Syntax show ap debug radius statistics termination Usage Guidelines Use this command to view the authentication server details Example The following example displays the output of the show ap debug radius statistics command RADIUS Statistics Statistics TerminationServer InternalServer testserver test1234 In Service Manageme...

Page 360: ...ommand Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 68 show ap debug rfc3576 radius statistics Description This command displays the CoA statistics for the servers configured on an AP Syntax show ap debug rfc3576 radius statistics termination Parameter Description termination Displays termination details Usage Guidelines Use this command to view the CoA details for ...

Page 361: ...e output of the show ap debug rfc3576 radius statistics termination command RADIUS RFC3576 Statistics Statistics t_cppm t_HOVCLEARPASS LDAP none free LDAP In Service OCSPTEST Not used Not used Not used Not used In Service Management Auth Not used Not used Not used Not used In Service IPFHUNTV Not used Not used Not used Not used In Service wired eth1 Not used Not used Not used Not used In Service I...

Page 362: ...ets received from unknown clients 0 Packets received with unknown request 0 Total RFC3576 packets Received 0 Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 69 show ap debug shaping table Description This command displays the shaping information for clients associated to an AP Syntax show ap debug shaping table Usage Guidelines Use this command to view the shap...

Page 363: ...e AP out Shows the number of packets sent by the AP drop Shows the number of packets dropped by the AP fail Shows the number of packets failed Numcl Shows the number of CCK 802 11b and OFDM 802 11a g packets dropped TotCl Shows the total number of clients associated with the AP Bwmgmt Displays 1 if the bandwidth management feature has been enabled Other wise it displays a 0 idx Shows the associati...

Page 364: ...rates on all downlink ports regardless of forwarding mode STP will not operate on the uplink port and is supported only on APs with three or more ports Example The following example shows the output displayed for the show ap debug spanning tree command when there are no STP devices found stpdev bridge id f000 000000000000 designated root f000 000000000000 root port 0 path cost 0 max age 20 00 brid...

Page 365: ...disable SSID wired eth1 Server Load Balancing disable MAC Authentication disable RADIUS Accounting disable SSID wireless local nw Server Load Balancing disable MAC Authentication disable RADIUS Accounting disable Associated RADIUS Server InternalServer The output of this command provides the following information for each SSID Column Description SSID Indicates the name of the SSID Server Load Bala...

Page 366: ...the user roles configured for the AP STM This includes details of the VLANs assigned to each SSID and also shows if the Calea feature is enabled or disabled Example The following example shows the output of show ap debug stm role command User Role Name Index Vlan Calea Test 4 0 OFF wired instant 2 0 OFF ssid1 3 0 OFF default wired port profile 1 0 OFF Command Information AP Platform Command Mode A...

Page 367: ...Usage Encryption statistics Tunnel heartbeat stats Interface counters AP uptime Boot version MTU discovery memory usage LMS information ARP cache Kernel slab statistics Power status Route table Interrupts CPU type Interface Information Crash Information CPU usage statistics Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 74 show ap debug tacas statistics Descri...

Page 368: ...id1 Accounting Requests Authen Requests Author Requests Authen Response Pass Authen Response Fail Author Response Pass Author Response Fail Accounting Response Pass Accounting Response Fail Login Success Login Failure Timeouts AvgRespTime ms Outstanding Auths SEQ first last free Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 75 show ap dot11k beacon report Des...

Page 369: ...w ap dot11k beacon report 70 11 24 56 02 72 Client 70 11 24 56 02 72 Status Success Nbr count 4 Last received 31s Client 11k Beacon Report BSSID Channel RSSI Antenna 6c f3 7f b6 62 f0 38 92 0 6c f3 7f b6 69 30 38 94 0 6c f3 7f 4a 43 d0 46 94 0 6c f3 7f b6 66 30 46 92 0 The output of this command displays information on the number of 802 11k neighbors connection status and the channel RSSI and ante...

Page 370: ...Update 6c f3 7f b6 62 e0 6c f3 7f b6 66 20 6c f3 7f b6 69 20 1 6 6 13s 33s 33s The output of this command displays information on the number of 802 11k neighbors on each radio of the AP Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 77 show ap flash config Description This command shows the statistics of the AP configuration stored in flash memory Syntax show ...

Page 371: ...the network Gateway IP Displays the Gateway IP address to which traffic is sent DNS Server Displays the IP address of the DNS server Domain Name Displays the Domain name of the server Name Displays the name of the AP Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 78 show ap mesh counters Description This command displays the mesh counters for an AP Syntax show...

Page 372: ...Assoc Req Assoc Resp Assoc Fail Link up down Resel Switch Other Mgmt Parent 0 0 770 770 770 HT 0 0 0 0 0 Received Packet Statistics Total 7016747 Mgmt 7016747 dropped non mesh 0 Data 0 dropped unassociated 0 HT pns 770 ans 0 pnr 0 ars 0 arr 0 anr 0 Recovery Profile Usage Counters Item Value Enter recovery mode 0 Exit recovery mode 0 Total connections to switch 0 Mesh loop prevention Sequence No 37...

Page 373: ...n state has changed Resel Number of times a mesh point attempted to reselect a different mesh portal Switch Number of times a mesh point successfully switched to a different mesh portal Other Mgmt Management frames of any type other than association and probe frames either received on child interface or sent on parent interface Command Information AP Platform Command Mode All platforms Privileged ...

Page 374: ... the number of hops it takes traffic from the mesh node to get to the mesh portal The mesh portal advertises a hop count of 0 while all other mesh nodes advertise a cumulative count based on the parent mesh node Cost A relative measure of the quality of the path from the AP to the controller A lower number indicates a better quality path where a higher number indi cates a less favorable path For e...

Page 375: ...d AP or BSSID Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 80 show ap mesh neighbors Description This command shows all mesh neighbors for an AP Syntax show ap mesh neighbors Example The following example shows the output of show ap mesh neighbors command Neighbor list MAC Por tal Channel Age Hops Cost Relation 6c f3 7f a5 df 90 Yes 157 23 0 5 00 N 23s 6c f3...

Page 376: ...nt of 0 while all other mesh nodes advertise a cumulative count based on the parent mesh node Cost A relative measure of the quality of the path from the AP to the Virtual Con troller A lower number indicates a better quality path where a higher num ber indicates a less favorable path e g a path which may be longer or more congested than a path with a lower value For a mesh point the path cost is ...

Page 377: ...ap mac routers scan info sta list state mac stats mac status swarm radio list Parameter Description active laser beams Shows active laser beam generators The output of this command shows a list of all APs that are actively performing policy enforcement contain ment such as rogue containment This command can tell us which AP is sending out deauthorization frames although it does not specify which A...

Page 378: ...Deauth frames to Client Last Tarpit Timer Tick Tarpit Frames Probe Response Tarpit Frames Association Response Tarpit Frames Authentication Tarpit Frames Data from AP Tarpit Frames Data from Client Last Enhanced Adhoc Containment Timer Tick Enhanced Adhoc Containment Frames To Data Sender Enhanced Adhoc Containment Frames To Data Receiver Enhanced Adhoc Containment Response to Request Enhanced Adh...

Page 379: ...ratio For example a value of 30 would indicate that the power of the received signal is 30 dBm above the signal noise threshold pot sta list Shows the Potential client table The Potential Client table shows the following values last bssid the Last BSSID to which the client associated from bssid to bssid mt Monitor time the number of timer ticks elapsed since the first client is recognized it Clien...

Page 380: ...interfering interfering 6c f3 7f 77 b6 c2 155 1 interfering interfering d0 bf 9c 3d 1f 0e HP Print 0E Deskjet 4640 series 11 interfering interfering c8 b5 ad ba f9 90 345 36E valid valid confirmed phy type dos dt mt ut it encr no 80211b g HT 20 disable 12182 12182 0 0 open yes 80211a VHT 80 disable 12177 12177 0 0 open no 80211a VHT 20 disable 12177 12177 0 0 wpa2 8021x aes no 80211a VHT 20 disabl...

Page 381: ...22 0 no 0 0 0 46 0 49 0 no 0 0 51 52 44 43 0 no 0 0 69 69 25 26 0 no 0 0 0 57 0 38 0 no 0 1 25 25 70 70 2 no 0 0 59 59 36 36 0 no 0 Start 0 Length 24 Total 24 345 c8 b5 ad c3 af 98 show ap monitor ap wired mac mac The following example shows the output of show ap monitor ap wired mac mac command Wired MAC Table mac age show ap monitor arp cache The following example shows the output of show ap mon...

Page 382: ...utput of show ap monitor containment info command br0 10 17 88 188 ARP Cache Table mac ip vlanid age d8 c7 c8 cb d4 20 10 17 88 188 0 1s d8 c7 c8 cb d3 d4 10 17 88 186 0 1s 00 0b 86 40 1c a0 10 17 88 129 0 1m 18s show ap monitor enet wired mac The following example shows the output of show ap monitor enet wired mac command Wired MAC Table mac age show ap monitor ids state Use this command to view ...

Page 383: ... c8 3d 3b 03 1 80211b 0 9 0 4 363 1 disable 43 00 24 6c 81 64 a8 36 80211a 0 9 0 3 185 2 disable 17 00 24 6c 81 64 a9 36 80211a 0 9 0 1 45 1 disable 17 00 24 6c 80 7a a2 6 80211b 0 0 0 1 1 1 disable 30 Num Potential APs 5 show ap monitor pot sta list The following example shows the output of show ap monitor pot sta list command Potential Client Table mac last bssid from bssid to bssid mt it channe...

Page 384: ...0 00 00 00 00 00 00 42 41 7 0 24 77 03 ce a5 fc 00 24 6c 80 4f 80 00 00 00 00 00 00 00 00 00 00 00 00 143 16 7 0 00 23 14 9d ba f0 00 1a 1e 17 d4 a1 00 00 00 00 00 00 00 00 00 00 00 00 158 36 7 0 24 77 03 cf 09 2c 00 24 6c 80 4f 81 00 00 00 00 00 00 00 00 00 00 00 00 117 57 7 22 24 77 03 d1 05 b0 00 1a 1e 17 dc 62 00 00 00 00 00 00 00 00 00 00 00 00 169 33 7 37 24 77 03 7a 89 50 00 24 6c 80 a3 91 ...

Page 385: ...44 0 0 0 show ap monitor state The following example shows the output of show ap monitor state command DoS State tx old tx rx old rx last dos time ap ev time sta ev time last enhanced cm time enhanced cm ev time 0 0 0 0 0 0 0 0 0 show ap monitor stats The following example shows the output of show ap monitor stats command scalance show ap monitor stats d8 c7 c8 cb d4 22 Aggregate Stats retry low s...

Page 386: ...0 0 0 0 2662202 0 Frame Type Stats type mgmt pkt mgmt byte ctrl pkt ctrl byte data pkt data byte tx 2662202 830665629 0 0 0 0 rx 0 0 31438 440132 0 0 Dest Addr Type Stats bcast pkt bcast byte mcast pkt mcast byte ucast pkt ucast byte 0 0 0 0 0 0 Frame Size Packet Stats type 0 63 64 127 128 255 256 511 512 1023 1024 tx 0 0 0 0 0 0 rx 0 0 0 0 0 0 Frame Rate Stats type pkt 6m byte 6m pkt 9m byte 9m p...

Page 387: ... 40 40 40 40 40 40 40 40 40 40 40 40 count 110 638 638 638 638 638 649 649 638 638 429 649 638 528 649 Monitored Time 233496 Last Packet Time 233528 Uptime 233529 DoS State tx old tx rx old rx last dos time ap ev time sta ev time last enhanced cm time enhanced cm ev time 0 0 0 0 0 0 0 0 0 show ap monitor status The following example shows the output of show ap monitor status command AP Info key va...

Page 388: ... WLAN packet counters Interface Packets Read Bytes Read Interrupts Buffer Overflows Max PPS Cur PPS Max PPI Cur PPI Invalid OTA msg d8 c7 c8 3d 42 10 wifi0 17332616 401055780 12288142 703 1445 216 20 3 0 d8 c7 c8 3d 42 00 wifi1 56090990 3565742575 50110266 13315 1024 275 20 1 0 Data Structures ap sta pap psta ch msg hash ap l 256 288 45 136 26 2 256 Other Parameters key value Classification enable...

Page 389: ...nitored by the AP Containment details for the AP List of potential APs for the AP List of potential clients for the AP Information about the potential wireless devices Scanned information for the AP Configuration and status of monitor information of the AP Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 82 show ap pmkcache Description This command displays the ...

Page 390: ...ed Expiry Displays the PMK cache expiration details in HH MM SS format Name Indicates the name of client Role Indicates the user role assigned to the client VLAN Indicates the VLAN to which the client is assigned ESSID Displays the ESSID details to which the client is connected Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 83 show ap virtual beacon report Des...

Page 391: ... 13s a0 88 b4 41 64 18 Normal 1 0 No 00 24 6c 07 44 c8 Local 0 34 20s Normal No 00 24 6c 07 44 c0 Local 1 40 18s No 6c f3 7f ef 12 c0 43 18s No 6c f3 7f ee f7 80 48 11s No 6c f3 7f ee f7 90 35 13s Yes 6c f3 7f ef 12 d0 36 13s Normal Working well Home Current AP found a better AP for the client Deny Current AP is not the better AP Target Current AP is the better AP Voice Ready to move but client is...

Page 392: ...er Description config Shows the 802 1X supplicant configuration details debug logs Displays debug logs pertaining to the 802 1X supplicant configuration status Shows the status of the 802 1X supplicant configuration Usage Guidelines Use this command to view the 802 1X supplicant configuration details on an AP Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 85 s...

Page 393: ...ecified APs Syntax show ap alert count Usage Guidelines Use this command to check all the alerts received for all the APs specified Example The following example shows the output of show ap alert command AP Alerts Timestamp Type MAC Address IP Address Description The output of this command includes the following information Column Description Timestamp Indicates the time at which the alert was rec...

Page 394: ...visioned as a master AP Syntax show ap env addr Usage Guidelines Use this command to view the antenna configuration details for an AP Example The following output is displayed for the show ap env command show ap env Antenna Type External Need USB field Yes name 344 radio_0_5ghz_ant_gain 5 0 radio_1_5ghz_ant_gain 5 0 radio_0_5ghz_ant_pol 1 radio_1_5ghz_ant_pol 1 uap_controller_less 1 dual_5g_mode e...

Page 395: ...ing details power monitor Displays the power consumption information of an AP aps sync Displays AP synchronization details Usage Guidelines Use this command to view the list of active APs AP scanning and synchronization details Example The following output is displayed for the show aps command c8 b5 ad c3 ac 5c show aps 1 Access Point Name IP Address Mode Spectrum Clients Type IPv6 Address Mesh Ro...

Page 396: ...nel Channels used by the AP in the 2 4 GHz band 2 4 Power dB Transmission power allocated for 2 4 Ghz band channels 2 4 Utilization Percentage of utilization of 2 4 GHz channels 2 4 Noise Floor Noise floor of the 2 4 GHz channels 5 0 Channel Channels used by the AP in the 5 GHz band 5 0 Power dB Transmission power allocated for 5 GHz band channels 5 0 Utilization Percentage of utilization of 5 GHz...

Page 397: ...or command scalance show aps power monitor AP Power Monitoring information Name IP Address Current mW Average mW Minimum mW Maximum mW 70 3a 0e cc ef 02 10 65 72 14 11564 11569 11516 11840 70 3a 0e cc ec b8 10 65 72 13 11603 11581 11488 12286 The output of this command includes the following information Column Description Name Host name of the AP IP Address IP Address of the AP Current mW The curr...

Page 398: ...mmand Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 89 show app services Description This command displays the list of application services available on an AP Syntax show app services Usage Guidelines Use this command to view the list of application services available on an AP Example The following example shows the output of the show app services command Application...

Page 399: ...3 6 110 110 pptp 6 1723 1723 rtsp 6 554 554 sccp 6 2000 2000 sips 6 5061 5061 sip tcp 6 5060 5060 sip udp 17 5060 5060 smb tcp 6 445 445 smb udp 17 445 445 smtp 6 25 25 snmp 17 161 161 snmp trap 17 162 162 ssh 6 22 22 svp 119 0 65535 syslog 17 514 514 telnet 6 23 23 tftp 17 69 69 vocera 17 5002 5002 The output of this command provides the following information Parameter Description Name Indicates ...

Page 400: ...ails for an AP Example The following example shows the output of show arm config command Minimum Transmit Power 18 Maximum Transmit Power 127 Band Steering Mode prefer 5ghz Client Aware enable Scanning enable Wide Channel Bands 5ghz Air Time Fairness Mode fair access Spectrum Load Balancing disable SLB NB Matching Percent 75 SLB Calculating Interval 30 SLB Threshold 2 Custom Channels No 2 4 GHz Ch...

Page 401: ... 10 disable 11 enable 12 disable 13 disable 1 enable 2 disable 3 disable 4 disable 5 disable 6 disable 7 enable 5 0 GHz Channels Channel Status 36 enable 40 enable 44 enable 48 enable 52 enable 56 enable 60 enable 64 enable 149 enable 153 enable 157 enable 161 enable 165 enable 36 enable 44 enable 52 disable 60 disable ...

Page 402: ... 5 GHz band Air Time Fairness Mode Displays configuration details for the Airtime Fairness Mode feature Spectrum Load Balancing Indicates if the Spectrum load balancing feature is enabled or disa bled SLB NB Matching Percent Indicates the percentage for comparing client density of AP neighbors for spectrum load balancing SLB Calculating Interval Indicates the frequency at which the client density ...

Page 403: ...igured on an AP Example The following example shows the output of show arm channels command 2 4 GHz Channel Status 1 disable 2 disable 3 disable 4 disable 5 disable 6 disable 7 disable 8 disable 9 disable 10 disable 11 enable 12 disable disable 1 enable 2 disable 3 disable 4 disable 5 disable 6 disable 7 enable 5 0 GHz Channel Status 36 disable 40 disable ...

Page 404: ...able 157 enable The output of this command provides the following information Parameter Description Channel Displays the list of channels available in the 2 4 GHz and 5 GHz bands Status Indicates if the channels in the 2 4 GHz and 5 GHz bands are enabled or disabled Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 92 show arp Description This command displays th...

Page 405: ... the device HW Type Displays the type of the device Flags Displays any flags for this AP HW address Displays the MAC address of the device Mask Displays the network mask or the IP address range Device Displays the device used to send ARP requests and replies Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 93 show attack Description This command displays informa...

Page 406: ... if the firewall settings to block invalid ARP packets and fix malformed DHCP packets are enabled You can also view the status of the Poison check parameter which triggers an alert to notify the user about the ARP poisoning when enabled The following example output for the show attack stats command shows the attack counters attack counters Counter Value arp packet counter 0 drop bad arp packet cou...

Page 407: ... explicit ageout client successfully f0 5c 19 c9 f9 6c config exit successfully f0 5c 19 c9 f9 6c Access Rule liying TP2 1 wlan access rule liying TP2 1 successfully f0 5c 19 c9 f9 6c Access Rule liying TP2 1 no rule successfully f0 5c 19 c9 f9 6c Access Rule liying TP2 1 bandwidth limit peruser downstream 1500 successfully f0 5c 19 c9 f9 6c Access Rule liying TP2 1 rule any any match any any any ...

Page 408: ... is enabled The authentication survivability feature supports a survivable authentication framework against the remote link failure when working with the external authentication servers When enabled this feature allows the APs to authenticate the previously connected clients against the cached credentials if the connection to the authentication server is temporarily lost Example The following exam...

Page 409: ...he current configuration information stored in the AP flash memory Example The following text provides an example for the show backup config command output version 6 4 0 0 4 1 0 virtual controller country IN virtual controller key 0cb5770401cdeb6e4363c25fdfde17d907c4b095a9be5e4258 name instant C4 42 98 terminal access clock timezone none 00 00 rf band all allow new aps allowed ap d8 c7 c8 c4 42 98...

Page 410: ...lt_wired_port_profile index 1 rule any any match any any any permit wlan access rule wired instant index 2 rule masterip 0 0 0 0 match tcp 80 80 permit rule masterip 0 0 0 0 match tcp 4343 4343 permit rule any any match udp 67 68 permit rule any any match udp 53 53 permit wlan access rule test index 3 rule any any match any any any deny wlan external captive portal server localhost port 80 url aut...

Page 411: ...97 show banner Description This command displays the current login banner of an AP Syntax show banner Usage Guidelines Use this command to review the banner message that appears when you first log in to the CLI of the AP Example The following output is displayed for the show banner command scalance show banner welcome to login instant please start to input admin and password Don t leak the passwor...

Page 412: ... AP Example The following output is displayed for the show blacklist client command Blacklisted Clients MAC Reason Timestamp Remaining time sec AP name 00 24 6c ca 41 51 user defined 14 46 18 Permanent The output of this command provides information on the MAC address of client that is blacklisted the reason for blacklisting timestamp the associated AP name and the duration until which the client ...

Page 413: ...ist ed clients Displays the details of clients that are blacklisted manually Dynamically Black listed Clients Displays the list of clients that dynamically blacklisted due to multiple au thentication rules or an ACL rule trigger Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 99 show ble config Description This command displays the BLE configuration details Syn...

Page 414: ...date Attempt 00 00 00 00 00 00 Last Update Sent Time No Update Sent Command Information AP Platform Command Mode All platforms Privileged Exec mode 4 16 100 show calea config Description This command displays the details configured for CALEA server integration on an AP Syntax show calea config Usage Guidelines Use this command to CALEA configuration details Example The following example shows the ...

Page 415: ...r an AP Syntax show calea statistics Usage Guidelines Use this command to view the GRE encapsulation statistics for the APs with CALEA server integration feature enabled Example The following example shows the output of the show calea statistics command scalance show calea statistics Rt resolve fail 0 Dst resolve fail 0 Alloc failure 0 Fragged packets 0 Jumbo packets 263 Total Tx fail 0 Total Tx o...

Page 416: ...on details available for the AP show cellular status Displays the status of the cellular configuration for the AP Usage Guidelines Use these commands to view the details of the cellular configuration and status Example The following example shows the partial output of the show cellular config command No Comm USB Plugged in Cellular configuration Type Value 4g usb type usb type usb dev usb tty usb ...

Page 417: ...sierra evdo sierra gsm sierra gsm pantech uml290 pantech 3g novatal mc551 ether 3g sierra net sierra net franklin u770 rndis u770 rndis l800 rndis l800 huawei cdc huawei cdc novatel u620 novatel u620 pantech uml295 rndis uml295 sierra gobi sierra gobi Supported Country list Country list France NZ Israel HK Sweden Spain China UK Norway Germany Croatia Saudi Arabia US Japan ...

Page 418: ...eployment ISP List Lists the service providers that support cellular connections The following output is displayed for show cellular status command Cellular Status card detect link SIM PIN Present detect ok Linkup N A USB Modem Information Parameter Value Manufacturer Linux Product OHCI Host Controller Serial Number 0000 00 04 0 Driver hub Vendor ID 1d6b Product ID 0001 Manufacturer Product USB2 0...

Page 419: ...es the following parameters Parameters Description card Indicates if the cellular cards are currently configured on the AP detect Indicates if cellular modems are detected on the AP Link Indicates the current status of cellular link SIM PIN Displays the SIM PIN of the model Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 103 show cert all Description This comma...

Page 420: ...59 Signed Using SHA1 RSA Key size 2048 bits Default CP Server Certificate Version 3 Serial Number 01 DA 52 Issuer C US O GeoTrust Inc OU Domain Validated SSL CN GeoTrust DV SSL CA Subject 0x05 lLUge2fRPkWcJe7boLSVdsKOFK8wv3MF C US O securelogin arubanetworks com OU GT28470348 OU See www geotrust com resources cps c 11 OU Domain Control Validated QuickSSL R Premium CN securelogin arubanetworks com ...

Page 421: ...ated by inline monitoring Usage Guidelines Use this command to view the status of the inline monitoring statistics and the history of the configured APs Example The following example shows the output of show clarity config command Clarity config Parameter Value inline Sta stats enabled inline Auth stats enabled inline DHCP stats enabled inline DNS stats enabled The following example shows the outp...

Page 422: ...ry 10 65 6 33 7758 7758 7758 1 0 0 0 0 0 107870 4799346 1 1 10 65 66 110 1 0 0 0 0 0 Total dns servers in transaction 1 DNS Server Stats Table In Pending Send Server Ip Max Delay Min Delay Avg Delay RCODE0 RCODE1 RCODE2 RCODE3 RCODE4 RCODE5 Last Query Last Resp Samples Anomaly Cnt Anomaly Ip RCODE History Total pending send 0 The following example shows the output of show clarity history dhcp comm...

Page 423: ...inline DNS stats Indicates the status of the DNS statistics Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 105 show clearpassca Description This command displays the details of the customized ClearPass Policy Manager certificate uploaded on an AP Syntax show clearpassca Usage Guidelines Use this command to view the details of the ClearPass Policy Manager certi...

Page 424: ...t of clients connected to wired or Ethernet interface You can also use the optional debug parameter to view the end to end infor mation of the wired clients for debugging purpose Usage Guidelines Use this command to view information about the AP clients The AP client table provides basic information about the clients For detailed information of each client use the required parameter and specify th...

Page 425: ...bps Indicates the current speed at which data is transmitted When the client is associated with an AP it constantly negotiates the speed of data transfer A value of 0 means that the AP has not received any packets from the client for some time show clients diff The show clients diff command displays the change in the clients table data that occurred during the specified interval For example if the...

Page 426: ... e8 00 00 checksum 02 ec ba ec The show checksum mac command displays the checksum errors associated with the AP clients show clients debug and show clients wired debug The show clients debug command displays detailed information about the clients MAC and IP addresses client role authentication aging time and accounting intervals ESSID and BSSID details VLAN and multicast groups to which the clien...

Page 427: ...null null 2001 470 36 5c3 406b 7c14 9d1d 142d fe80 9198 30aa 5217 d22a DHCP Status DHCP v6 Status Completed Soliciting show clients status The show clients status mac command displays the status of an AP client show clients roaming The show clients roaming command displays the MAC address and IP address details of AP from which the client has roamed and IP address of the AP to which the client is ...

Page 428: ...TC 11 Coordinated Universal Time 11 UTC 11 Hawaii UTC 10 Alaska UTC 09 AKDT second sunday march 02 00 first sunday november 02 00 Baja California UTC 08 MDT first sunday april 02 00 last sunday october 02 00 Pacific Time UTC 08 PDT second sunday march 02 00 first sunday november 02 00 Arizona UTC 07 Chihuahua UTC 07 MDT first sunday april 02 00 last sunday october 02 00 La Paz UTC 07 MDT first sun...

Page 429: ...mple shows the partial output of show clock summer time command Summer Time DST Name Start Week Start Day Start Month Start Hour End Week End Day End Month End Hour PST recurring 2 Sun Mar 2 00 first Sun Nov 3 00 8 The output of this command includes the following information Parameter Description DST Name Name of the DST Start Week Enter the week number when the time change begins Start Day Enter...

Page 430: ...ax show cluster security connections peers stats Parameter Description cluster security Displays the status of the DTLS configuration and DTLS state whether enabled or disabled connections Displays the total number of connections monitored in the swarm by cluster security dtls peers Displays the details and status of the peers monitored by cluster security dtls stats Displays the cluster security ...

Page 431: ...7 4434 80788 02h 58m 17s 01m 53s 04h 21m 06s 10 17 142 73 4434 394516 19bb00b2 1f6e0024 connected R 10 17 142 77 4434 74632 02h 44m 18s 01m 57s 03h 55m 52s 10 17 142 76 4434 354332 19bb00b3 7d6f0024 connected I 10 17 142 77 4434 57304 02h 09m 39s 01m 57s 04h 33m 12s 10 17 142 71 4434 269882 19bb00b4 57fd0024 connected R 10 17 142 77 4434 18544 40m 59s 01m 52s 05h 56m 43s 10 17 142 75 4434 90933 To...

Page 432: ...Retrieve date time fail 0 Inits retried 3 Connection timeouts 0 Connection timeouts inactivity 0 Connection responses timeouts 0 Handshake fail after retransmit 0 Handshake fail after signing in retries 0 Signing module op attempts success fail busy 180 180 0 1 Socket msgs rx suc cess fail 1221386 0 Discovery msg tx success fail 0 0 Discovery msg rx allowed 0 Msg rx on old ports dropped 0 Unsecure...

Page 433: ...g tx rx 1825 2575 Cluster Security Connections Statistics for Local Idx 19bb00b1 Statistic Name Counts IO Send success fail 1082 0 IO Receive success fail 1522 0 IO Receive peek fail 0 Peer connection mismatch 0 Handshake success after signing in retries 0 Signing still in progress dropped 0 Negotiate msg rx success fail 5 0 Peer init request tx response rx 0 0 Sign ing mod ule op at tempts su cce...

Page 434: ...ail out of resources 0 SSL msg write fail error 0 SSL msg read fail out of resources 0 SSL msg read fail error 0 Total DTLS msg tx rx 991 1416 Cluster Security Connections Statistics for Local Idx 19bb00b3 Statistic Name Counts IO Send success fail 772 0 IO Receive success fail 1086 0 IO Receive peek fail 0 Peer connection mismatch 0 Handshake success after signing in retries 0 Signing still in pr...

Page 435: ...ac address fail 0 Verify peer certificate fail 0 Retransmitted handshakes 0 SSL msg write fail out of resources 0 SSL msg write fail error 0 SSL msg read fail out of resources 0 SSL msg read fail error 0 Total DTLS msg tx rx 253 376 18 64 72 cf ec 9a show cluster security peers stats Cluster Security Peers Statistics for Remote Address 10 17 142 76 Statistic Name Counts Peer collisions occurred re...

Page 436: ... Peer collisions occurred resolved 0 0 Peer connections active connected recv da ta close notify shutdown 36 18 0 1 8 0 Peer connec tions being renegoti ated 17 Cluster Security Peers Statistics for Remote Address 10 17 142 71 Statistic Name Counts Peer collisions occurred resolved 0 0 Peer connections active connected recv da ta close notify shutdown 36 16 0 20 0 Peer connections being renegotiat...

Page 437: ...tion indicates that the configuration file has been compressed if the file size is large Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 110 show configuration Description This command displays the configuration saved on the AP Syntax show configuration Usage Guidelines Use this command to view the entire configuration saved on the AP including all wireless and...

Page 438: ...36 44 149 157 g channels 11 1 7 min tx power 18 max tx power 127 band steering mode prefer 5ghz air time fairness mode fair access client aware scanning syslog level debug ap debug syslog level debug network syslog level debug security syslog level debug system syslog level debug user syslog level debug user debug syslog level debug wireless mgmt user admin 16e8d1cbd13f13a18cd1adb8b0d23022 wlan ac...

Page 439: ... auth id 1 non eap inner auth nai realm auth value 1 mschapv2 nai realm auth id 2 credential nai realm auth value 2 uname passward nai realm encoding utf8 no nai home realm hotspot anqp nwk auth profile test enable nwk auth type http redirect url http hotspot anqp 3gpp profile test enable 3gpp plmn1 3gpp plmn2 3gpp plmn3 3gpp plmn4 3gpp plmn5 3gpp plmn6 hotspot anqp ip addr avail profile test enab...

Page 440: ... cross connect query response length limit 127 access network type private venue group business venue type research and dev facility roam cons len 1 0 roam cons oi 1 roam cons len 2 0 roam cons oi 2 roam cons len 3 0 roam cons oi 3 wlan ssid profile profile 1 enable index 0 type employee essid profile 1 wpa passphrase c52acfeb3e59ef254a6d14fe2ad565382e46f7eecde33af3 opmode wpa2 psk aes max authent...

Page 441: ...nw wpa passphrase dd4da86c25c31bf83417024a338982ed4f01e1751e7a4502 opmode wpa2 psk aes max authentication failures 0 vlan 2 auth server InternalServer rf band all captive portal disable dtim period 1 inactivity timeout 1000 broadcast filter none dmo channel utilization threshold 90 local probe req thresh 0 max clients threshold 64 auth survivability cache time out 24 wlan external captive portal s...

Page 442: ... 0 wired port profile wired instant switchport mode access allowed vlan all native vlan guest no shutdown access rule name wired instant speed auto duplex auto no poe type guest captive portal disable no dot1x wired port profile default_wired_port_profile switchport mode trunk allowed vlan all native vlan 1 shutdown access rule name default_wired_port_profile speed auto duplex full no poe type emp...

Page 443: ...service airprint disable description AirPrint Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 111 show console setttings Description This command displays the details about the console settings of an AP Syntax show console settings Usage Guidelines Use this command to view if the access to AP console is enabled or disabled Example The following example shows th...

Page 444: ...escription Use this command to view a list of the supported country codes Syntax show country codes Usage Guidelines This command shows the list of supported country codes for the AP Example The following example shows a partial output of the show country codes command CA Canada DE Germany NL Netherlands IT Italy PT Portugal LU Luxembourg NO Norway SE Sweden FI Finland DK Denmark CH Switzerland CZ...

Page 445: ...R France HK Hong Kong SG Singapore TW Taiwan MY Malaysia BR Brazil SA Saudi Arabia LB Lebanon AE United Arab Emirates ZA South Africa AR Argentina AU Australia AT Austria BO Bolivia CL Chile GR Greece HU Hungary IS Iceland IN India IE Ireland KW Kuwait LV Latvia LI Liechtenstein LT Lithuania MX Mexico MA Morocco NZ New Zealand PL Poland PR Puerto Rico SK Slovak Republic ...

Page 446: ...nidad and Tobago TR Turkey CR Costa Rica EC Ecuador HN Honduras KE Kenya UA Ukraine VN Vietnam BG Bulgaria CY Cyprus EE Estonia MT Malta MU Mauritius RO Romania CS Serbia and Montenegro ID Indonesia PE Peru VE Venezuela JM Jamaica BH Bahrain OM Oman JO Jordan BM Bermuda CO Colombia DO Dominican Republic GT Guatemala PH Philippines LK Sri Lanka SV El Salvador ...

Page 447: ... ML Mali The following output of the show country codes command displays the country codes of the US and its territories US United States PR Puerto Rico GU Guam MH Marshall Islands FM Federated States of Micronesia MP Northern Mariana Islands VI US Virgin Islands AS American Samoa Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 113 show cpcert Description This ...

Page 448: ...DV SSL CA Subject 0x05 lLUge2fRPkWcJe7boLSVdsKOFK8wv3MF C US O securelogin arubanetworks com OU GT28470348 OU See www geotrust com resources cps c 11 OU Domain Control Validated QuickSSL R Premium CN securelogin arubanetworks com Issued On 2011 05 11 01 22 10 Expires On 2017 08 11 04 40 59 Signed Using SHA1 RSA Key size 2048 bits The output of this command describes details such as the version ser...

Page 449: ...leeping R running W waiting PID USER STATUS RSS PPID CPU MEM COMMAND 1434 root R N 5540 1377 8 3 4 3 sapd 13137 root R 356 12694 2 3 0 2 top 1430 root R 7256 1377 0 0 5 7 cli 12694 root S 2880 12685 0 0 2 2 cli 1682 root S 2392 1377 0 0 1 8 radiusd term 1699 root S 2384 1377 0 0 1 8 radiusd 1442 root S 2092 1377 0 0 1 6 snmpd 1436 root S 1804 1377 0 0 1 4 stm 1449 root S 1472 1377 0 0 1 1 meshd 14...

Page 450: ...ociated with all ACLs acl allocation Displays ACL table allocation details acl rule rule Displays the name of the ACL acl rule detail acl Displays the ACL rule details bridge Shows bridge table entry statistics including MAC address VLAN as signed VLAN Destination and flag information for anAP bwm table Displays the configured bandwidth contracts and the allocated bandwidth contracts counters Disp...

Page 451: ...cation failures inva lid users and maximum link length vlan Displays VLAN table information such as VLAN memberships inside the datapath including L2 tunnels which tunnel L2 traffic vlan mcast Displays the multicast table statistics for the AP vlan port mapping Displays the user VLAN details for the AP Usage Guidelines Use this command to display various datapath statistics for debugging purposes ...

Page 452: ...92 168 10 0 255 255 254 0 6 0 65535 8081 8081 P4 14 00 192 168 10 0 255 255 254 0 224 0 0 0 224 0 0 0 6 0 65535 8081 8081 P4 15 00 192 168 10 0 255 255 254 0 any 6 0 65535 8081 8081 PS4 16 00 any any 6 0 65535 8081 8081 P4 17 00 any any any 4 ACL Name external cp magic Number 108 01 00 any 192 168 10 1 255 255 255 25 5 6 0 65535 80 80 PSD4 02 00 any 192 168 10 1 255 255 255 25 5 6 0 65535 443 443 ...

Page 453: ...52 4 143 3360 8 145 3372 8 130 3380 16 131 3412 16 132 3444 16 133 3476 16 137 3508 8 139 3520 8 141 3532 8 146 3540 4 147 3544 8 148 3552 4 149 3556 8 150 3564 4 151 3568 4 152 3572 4 153 3576 4 138 3580 8 140 3588 8 142 3596 8 144 3604 8 106 3612 8 show datapath acl rule The following example shows the output of show datapath acl rule command Datapath SSID test ACL Entries Flags P permit L log E...

Page 454: ...5 8209 8211 P4 2 192 168 10 0 255 255 254 0 192 168 10 0 255 255 254 0 any PT4 3 192 168 10 0 255 255 254 0 224 0 0 0 224 0 0 0 any PT4 4 192 168 10 0 255 255 254 0 any any PST4 5 any any any PT4 ACL Name test 3 Number 145 1 any any 17 0 65535 8209 8211 P4 2 192 168 10 0 255 255 254 0 192 168 10 0 255 255 254 0 any PT4 3 192 168 10 0 255 255 254 0 224 0 0 0 224 0 0 0 any PT4 4 192 168 10 0 255 255...

Page 455: ...s Bridge Role ACL 00 1A 1E 0D 7E D3 1 1 dev3 0 D8 C7 C8 C4 42 98 1 1 local P 0 D8 C7 C8 C4 42 98 3333 3333 local P 0 00 0B 86 40 1C A0 1 1 dev3 0 6C F3 7F C3 5C 12 64 64 dev3 0 show datapath bwm table The following example shows the output of show datapath bwm table command Received BWM Config ACL DIR Contract ID PerUser UseCount Rate 135 up 2 1 1 1000000 135 down 1 1 1 1000000 139 up 4 0 2 500000...

Page 456: ... 0 3 5000000 2 0 0 19532 19532 0 0 0 0 4 5000000 2 0 0 19532 19532 0 0 0 0 5 4555000 1 0 0 17793 17793 0 0 0 0 6 4555000 1 0 0 17793 17793 0 0 0 0 7 1111000 1 0 0 4340 4340 0 0 0 0 8 1111000 1 0 0 4340 4340 0 0 0 0 9 1111000 1 0 0 4340 4340 0 0 0 0 10 1111000 1 0 0 4340 4340 0 0 0 0 11 1111000 1 0 0 4340 4340 0 0 0 0 12 1111000 1 0 0 4340 4340 0 0 0 0 13 1111000 1 0 0 4340 4340 0 0 0 0 14 1111000 ...

Page 457: ...192 bps policed 0 dropped 0 queued 0 0 avail 3907 pktq 0 0 0 0 r 4555000 t 0 6 cpu 0 flags 0 1000192 bps policed 0 dropped 0 queued 0 0 avail 3907 pktq 0 0 0 0 r 4555000 t 0 7 cpu 0 flags 0 1000192 bps policed 0 dropped 0 queued 0 0 avail 3907 pktq 0 0 0 0 r 1111000 t 0 8 cpu 0 flags 0 1000192 bps policed 0 dropped 0 queued 0 0 avail 3907 pktq 0 0 0 0 r 1111000 t 0 9 cpu 0 flags 0 1000192 bps poli...

Page 458: ...111000 t 0 22 cpu 0 flags 0 1000192 bps policed 0 dropped 0 queued 0 0 avail 3907 pktq 0 0 0 0 r 1111000 t 0 23 cpu 0 flags 0 1000192 bps policed 0 dropped 0 queued 0 0 avail 3907 pktq 0 0 0 0 r 1111000 t 0 Bandwidth Contracts for cpu type 0 has 0 cp contracts total queued in CPU 0 total queing fail 0 Queued pkts in cpus show datapath counters The following example shows the output of show datapat...

Page 459: ...assembly Statistics cpu cur high max tot full ageidx IPv6 Reverse Fragment Statistics cpu cur high max tot full ctx_w_buf aged WiFi Reassembly Statistics cpu cur high max tot full ageidx 0 0000 0000 0000 0000 0000 0000 1 0000 0000 0000 0000 0000 0000 Route Cache Statistics Cur Entries v4 v6 00000003 00000000 High Entries 00000007 Max Entries 00001000 Total Entries 00000003 Overflows 00000000 Stale...

Page 460: ...0000000 Max Entries 000007ff Total Entries 00000002 show datapath device statistics The following example shows the output of show datapath device statistics command dev IP UDP InPkts DHCP FAST TCP IP UDP DHCP ARP MCAST UCAST TCP ARP MCAST UCAST OutPkts FAST eth1 0 0 0 0 0 0 0 0 0 448 0 36 36 36 0 0 448 0 bond0 638 0 225 37 36 178 1 448 190 168 0 167 11 0 156 1 0 168 br0 167 0 167 11 0 156 0 0 167...

Page 461: ...6608 fe80 3e97 eff fe48 9e45 ff02 16 58 59459 36608 fe80 aea3 1eff fecd 4694 ff02 16 58 5968 36608 fe80 aea3 1eff fecd 471a ff02 16 58 1289 36608 Cntr Prio ToS Age Destination TAge Flags 0 0 0 1 dev8 6e C 0 0 0 1 dev8 63 C 0 0 0 1 dev8 60 C 0 0 0 0 dev8 8 C 0 0 0 1 dev8 88 C 0 0 0 1 dev8 82 C 0 0 0 1 dev8 6c C 0 0 0 1 dev8 59 C 0 0 0 1 dev8 62 C 0 0 0 1 local 76 C show datapath ipv6 user The follo...

Page 462: ...s show datapath dmo station The following example shows the output of show datapath dmo station command Group Ref_count Position show datapath dns id map The following example shows the output of show datapath dns id map command entry 0 id 1 www google com 93 46 8 89 173 252 71 184 entry 1 id 2 facebook com 93 46 8 89 173 252 120 6 entry 2 id 3 twitter com 104 244 42 129 104 244 42 1 74 117 182 19...

Page 463: ... shows the output of show datapath route command Route Table Entries Flags L Local P Permanent T Tunnel I IPsec M Mobile A ARP D Drop IP Mask Gateway Cost VLAN Flags 0 0 0 0 0 0 0 0 10 17 88 2 0 0 192 168 10 0 255 255 254 0 192 168 10 1 0 3333 D 0 0 0 0 255 255 255 192 10 17 88 59 0 1 L Route Cache Entries Flags L local P Permanent T Tunnel I IPsec M Mobile A ARP D Drop IP MAC VLAN Flags 10 17 88 ...

Page 464: ... Cntr Prio ToS Age Destination TAge Flags 10 17 88 59 10 13 110 198 6 22 62719 0 0 0 0 dev3 733 10 17 88 59 10 0 0 1 6 64104 443 0 0 0 1 local 5b YC 10 13 110 198 10 17 88 59 6 62719 22 0 0 0 0 dev3 733 C 10 13 23 237 10 17 88 59 6 55302 22 0 0 0 0 dev3 8be C 10 17 88 59 10 13 23 237 6 22 55302 0 0 0 0 dev3 8be 10 0 0 1 10 17 88 59 6 443 64104 0 0 0 1 local 5b Y The following example shows the par...

Page 465: ...rect Y no syn H high prio P set prio T set ToS C client M mirror V VOIP I Deep inspect U Locally destined s media signal m media mon a rtp analysis E Media Deep Inspect G media signal A Application Firewall Inspect L ALG session RAP Flags 0 Q0 1 Q1 2 Q2 r redirect to master t time based DPI Flags a app extraction done b URL extraction done c copied to dpimgr d dropped reverse session on bca cache ...

Page 466: ... abcefg computer and intern 5 5 10 20 50 10 6 55956 135 epm 37 category unknown 0 0 1 FC acef 172 217 26 78 6 56432 443 google 54 shop ping 5 1 29 1 CGs abcefg 63 5 10 44 96 64 6 62236 44591 App Not Class 0 Web Not Class 0 0 0 0 C 10 20 12 0 198 6 443 54673 of fice365 1448 computer and 0 0 abcefg 6 56463 445 incom plete 6 category unknown 6 FC ace 6 37685 8080 incom plete 6 category unknown 3 C ac...

Page 467: ...0 20 12 0 173 0 0 1 FC acef 17 60658 53 incom plete 6 Web Not Class 1 FCIA ac 10 20 120 252 6 139 63390 incom plete 6 cate gory unknown 84 7 0 show datapath statistics The following example shows the partial output of show datapath statistics command Datapath Counters Counter Value Tagged frames dropped on untagged interface 0 Frames dropped for being too short 0 Frames received on port not in VLA...

Page 468: ...e 0 Frames dropped due to ARP processing failure 0 Frames dropped due to illegal device index 0 Frames dropped due to interface being down 0 Unicast frames not bridged due to split tunnel destination 0 Unicast frames from bridge role user dropped 0 Unicast frames that could not be bridged to split tunnel 0 Frames dropped due to missing PPP device 0 Frames dropped due to pullup failure 0 Frames dro...

Page 469: ...ally needing flooding 637659 show datapath user The following example shows the partial output of show datapath user command Datapath User Table Entries Flags P Permanent W WEP T TKIP A AESCCM R ProxyARP to User N VPN L local FM Forward Mode S Split B Bridge N N A IP MAC ACLs Contract Location Age Sessions Flags Vlan FM 10 17 88 59 D8 C7 C8 C4 42 98 105 0 0 0 0 0 1 65535 1 N 0 0 0 0 D8 C7 C8 C4 42...

Page 470: ...ample shows the partial output of the show datapath vlan port mapping command Datapath VLAN Port Mapping Table Entries VLAN Port Users The outputs of the show datapath command indicates the following ACL table allocation details for the AP AP Datapath ACL Tables List of ACL rules configured for the SSID and Ethernet port profiles Bridge table entry statistics including MAC address VLAN assigned VL...

Page 471: ...d displays the DDNS status of the AP and the list of DDNS clients Syntax show ddns clients Usage Guidelines Use this command to view information about the DDNS clients Example The following output is displayed for the show ddns command DDNS Enabled Enabled DDNS Server 10 17 132 85 DDNS Key hmac sha1 ddns key asdafsdfasdfsgdsgs DDNS Interval 900 The following output is displayed for the show ddns c...

Page 472: ...es the profile name of the DHCP server Success Count Indicates the number of times the update sent to the DNS server succeeded Failure Count Indicates the number of times the update sent to the DNS server got failed Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 117 show delta config Description This command displays the difference between the current configur...

Page 473: ...vation rules Description This command displays the list of role and VLAN derivation rules configured for the WLAN SSIDs and wired profiles in an AP Syntax show derivation rules Usage Guidelines Use this command to view the derivation rules configured for a network profile Example The following example shows the output of the show derivation rules command SSID Example1 Role Derivation Rules Attribu...

Page 474: ... displays information about the DHCP address allocation Syntax show dhcp allocation Usage Guidelines Use this command to view DHCP address allocation for network address translated clients to allow mobility of the clients across APs Example The following example shows the output of show dhcp allocation command scalance show dhcp allocation etc dnsmasq conf listen address 127 0 0 1 addn hosts etc l...

Page 475: ...CP scopes configured for an AP Syntax show dhcps config Usage Guidelines Use this command to view configuration details associated with the DHCP scopes enabled on an AP Example The following example shows the output of the show dhcps config command Distributed DHCP Scopes Name Type VLAN Netmask Default Router DNS Server Domain Name Instnt DL2 Distributed L2 100 0 0 0 0 0 0 0 0 0 0 0 0 Lease Time I...

Page 476: ...cal DHCP Scopes Name Type VLAN Network Netmask Exclude Address Mask local 112 Local L2 112 112 112 112 0 255 255 255 0 1 2 3 4 Default Router DNS Server Domain Name Lease Time DHCP Option DHCP Host 0 0 0 0 43200 0 Disabled DNS Cache Available Address Range VLAN IP VLAN 112 112 112 0 112 112 112 255 0 0 0 0 0 0 0 0 The output of this command displays the following information Parameter Description ...

Page 477: ...ranch subnet mask Branch Router Displays the IP address if the branch router Exclude IP address Displays the excluded IP address The value displayed in this determines the exclusion range of the subnet Based on the size of the subnet the IP addresses that come before or after the IP address value specified in this field are excluded DHCP Relay Displays the DHCP relay information that enables the A...

Page 478: ...utput of this command displays the vendor specific DHCP option configured for a DHCP scope and the current status of the DHCP option Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 122 show dhcp Description This command displays the subnet details and the gateway IP for Distributed L2 and Distributed L3 networks and also displays the status of option 82 configu...

Page 479: ...s of the tunnel mode Rolemap Displays the role assigned to the clients The following example shows the output of the show dhcp opt82 xml config command This is in a scenario where the XML file is not uploaded in flash and the DHCP option 82 parameters are not configured DHCP Option82 XML XML File Downloaded in Flash No XML based DHCP Option82 Configured No The following example shows the output of...

Page 480: ...n Flash XML File Load Command XML File Load Status Displays the downloaded URL that is utilized XML File Load Error Displays the status of the XML file download If the XML file is uploaded in flash then the file upload status is successful When the file upload status is unsuccessful a new parameter is added to display the error occurred XML based DHCP Option82 Con figured This is visible only when...

Page 481: ...and ending IP address parameters You can specify up to four different ranges of IP addresses to filter the command output Usage Guidelines Use this command to view branch details for the distributed DHCP scopes Example The following example shows the output of the show distributed dhcp branch counts command Branch Count Table Client Count Upto Branch Count 1 2 3 7 10 4 3 1 The output of this comma...

Page 482: ...hat are valid on the enterprise network This list is used to determine how client DNS requests should be routed When Content Filtering is enabled the DNS request of the clients is verified and the domain names that do not match the names in the list are sent to the open DNS server Example The following example shows the output of the show domain names command example1 com example com Command Infor...

Page 483: ...r debugging qsessions detail session id Displays advanced debug statistics for troubleshooting the DPI issues webcategory name all Displays the list of web categories webcategory lookup URL Displays the details for a given URL and the reputation score based on security rating Run this command twice to fetch information from the cloud server Usage Guidelines Use this command to view the DPI configu...

Page 484: ...ies 23 The output of this command displays all application categories show dpi debug statistics The following example shows the output of the show dpi debug statistics command DPI Engine Version 4 20 0 34 build date Aug 21 2016 API Version 1 190 0 Protocol Bundle Version 1 230 0 20 build date Aug 21 2016 Dpimgr Debug Statistics Key Value dpimgr total pkt handled 2043 1961 dpimgr total classified 5...

Page 485: ...r cloud lookups 0 230000 number of local database hits 0 number of uncategorized responses 1 number of cache entries 16 maximum queue depth reached 1 trusted user rep average 91 guest user rep average 0 total number of lookup errors 0 net 0 http 0 proto 00 current minor version 0 DPI datapath stats number of pkts send to dpimgr 1691 number of msg prepare failure 0 number of visibility stats cpy to...

Page 486: ...e number of times the DPIMGR process has restarted and completed initialization Dpimgr Agent Displays the DPIMGR components that are currently running Dpimgr Status value Denotes the DPIMGR configuration flags set Dpimgr Platform Status Denotes the DPIMGR configuration that the current platform can support Dpimgr Visibility Status Displays the DPIMGR components that are configured for visibility D...

Page 487: ...g example shows the output of the show dpi webcategory all command scalance show dpi webcategory all Pre defined BrightCloud Web Categories Name Web Category ID real estate 1 computer and internet security 2 financial services 3 business and economy 4 computer and internet info 5 auctions 6 shopping 7 cult and occult 8 travel 9 abused drugs 10 adult and pornography 11 home and garden 12 military 1...

Page 488: ...ets 67 abortion 68 health and medicine 69 spam urls 71 dynamically generated content 74 parked domains 75 alcohol and tobacco 76 private ip addresses 77 image and video search 78 fashion and beauty 79 recreation and hobbies 80 motor vehicles 81 web hosting 82 category incomplete 83 category unknown 84 Total web categories 81 The output of this command displays the list of web categories and the ID...

Page 489: ... blocked by the AppRF policies Syntax show dpi error page urls Usage Guidelines Use this command to view the list of custom error page URLs The error page URLs are displayed when client access to certain websites is blocked by the AppRF policies configured on the AP The custom error page URLs are configured using dpi error page urls command Example The following example shows the output of the sho...

Page 490: ...Displays application statistics appcategory Displays the DPI statistics for application category session Displays datapath session details for DPI webcategory Displays the DPI statistics for web category webreputation Displays the DPI statistics for web reputation score ssid Displays the DPI statistics for the last 15 minutes from each AP connected to the SSID in the network ssid name Displays DPI...

Page 491: ...fied 0 160 Total bytes 10610 Classication percentage 98 show dpi stats appcategory The following example shows the output of the show dpi stats appcategory full command Last snapshot timestamp 17 10 47 Dpi Top Application category list App AppId Total bytes apple 306 10172 apns 1118 278 Not Classified 0 160 Total bytes 10610 Classication percentage 98 show dpi stats appcategory The following examp...

Page 492: ...5 97 Not Classified 0 Not Classified 0 8237 5998 172 31 98 189 smb 185 Not Classified 0 0 886 0 Not Classified 172 31 98 103 http 67 Not Classified 0 0 507 4074 Not Classified 172 31 98 103 https 68 computer and internet info 5 trustworthy sites 5 449597 64440 1 172 31 98 103 yahoo 1294 web based email 55 tes 5 604 10818 trustworthy si 172 31 98 103 gtalk 1441 Not Classified 0 0 3375 5904 Not Clas...

Page 493: ...webcategory The following example shows the output of the show dpi stats webcategory full command Last snapshot timestamp 17 25 43 Dpi Top Web Category list Web Category Web Category Id Total bytes computer and internet info 5 740 Total bytes 740 show dpi stats webreputation The following example shows the output of the show dpi stats webreputation full command Last snapshot timestamp 15 39 32 Dpi...

Page 494: ... 240 Vela drt ok ac a3 1e c5 c5 58 192 168 100 238 Centaurus drt ok 20 4c 03 0e c4 74 192 168 100 248 Vela drt ok 94 b4 0f c1 bc 84 192 168 100 249 Centaurus drt ok 00 0b 86 8f 54 12 192 168 100 254 Aries drt ok 94 b4 0f ca ba e4 192 168 100 241 Centaurus drt ok 40 e3 d6 cf f4 de 192 168 100 252 Ursa drt ok 94 b4 0f ca d7 38 192 168 100 243 Centaurus drt ok 20 4c 03 17 d7 84 192 168 100 135 Ursa d...

Page 495: ...mand Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 129 show election Description This command shows master AP election statistics Syntax show election statistics Parameter Description statistics Shows master election statistics Usage Guidelines Use this command to view the statistics of the AP selected as Virtual Controller Example The following example shows the out...

Page 496: ...s waited longer than expected and that the timer slow is caused by a CPU overload master high cpu Indicates the CPU usage of the master AP The allowed limit is 85 ap cpu usage Indicates the CPU usage of the existing AP Slave Pot Master Displays a count of transitions from slave to pot master state Pot master Master Displays a count of transitions from pot master to master state Pot master Slave Di...

Page 497: ...Value ESL Server 10 65 39 210 ESL Channel 8 CONFIG State CONFIG UPDATE END The output of this command provides the following information Parameter Description ESL Server Displays the IP address of the ESL server ESL Channel Displays the ESL radio channel CONFIG State Displays the configuration status of the specified ESL profile Command Information AP Platform Command Mode All platforms Privileged...

Page 498: ...0 b4 5d 50 c5 46 80 b4 5d 50 c5 46 80 Plugged 0x10c4ea60 b4 5d 50 c5 46 46 b4 5d 50 c5 46 46 Not Plugged The output of this command provides the following information Parameter Description NAME Displays the AP device name MAC Displays the AP s MAC address ESL Radio Status Shows if the USB dongle is plugged to the AP ESL Radio Device ID Shows the USB dongle s device ID The following output is displ...

Page 499: ... configuration URL if the AP registration with Facebook is successful Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 133 show fault Description This command displays the list of active faults that occur in the event of a system fault and the faults that were cleared from the system Syntax show fault history Parameter Description history Displays the list of fa...

Page 500: ...mands provide the following information Parameter Description Timestamp Displays the system time at which an event occurs Number Indicates the sequence Cleared By Displays the module which cleared this fault Description Provides a short description of the event details Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 134 show fiewall Description This command dis...

Page 501: ...the maximum number of clients allowed for an SSID profile on a 2 4 GHz radio channel Syntax show g max clients ssid_profile Parameter Description Range ssid_profile Denotes the SSID profile for which the maximum clients limit is to be configured Usage Guidelines Use this command to view the maximum number of clients allowed for a 2 4 GHz radio channel SSID profile Example The following show g max ...

Page 502: ... displays the various parameters configured for the GRE tunnel Syntax show gre config Usage Guidelines Use this command to view the GRE configuration information for an AP Example The following example shows the output of show gre config command GRE Primary Server pgre arubanetworks GRE Primary Server pgre arubanetworks com GRE Primary IP 2000 172 16 168 1 GRE Backup Server sgre arubanetworks com ...

Page 503: ... down time in seconds before which the GRE tunnel recovers from the backup to the primary tunnel GRE Failover type Displays the GRE failover type GRE Ping Interval Displays the ping interval configured GRE Allowed Inactive Time Displays the time for tunnel inactivity check GRE Ping Retry Count Displays the ping count for bringing the tunnel DOWN GRE Reconnect User On Failover Displays the time in ...

Page 504: ...which indicates when to start another counter for next ping to send If there is no reply its value is 0 if there is reply its value is 10 This starts from 10 and decreases to 0 When the value is 0 the counter Next Ping packet after starts to decrease from 10 to 0 Total Ping sent Denotes the ping packets sent Total Ping missed Denotes the number of ping packets missed out of ping packets sent Next ...

Page 505: ...cted by the AP rogue ap mac Displays the list of rogue APs detected by the master AP in the AP clus ter Usage Guidelines Use this command to view the intrusion detection details Example The following output is displayed for the show ids aps command Unknown Access Points Detected MAC Address Network Classification Chan Type Last Seen 6c f3 7f 56 6d 01 NTT SPOT Interfering 1 G 17 32 19 6c f3 7f 56 6...

Page 506: ...Ps are detected the radio configuration type and recent timestamp of the interference The following output is displayed for the show ids clients command Unknown Clients Detected MAC Address Network Classification Chan Type Last Seen 00 26 c6 4d 2b 74 ethersphere wpa2 Interfering 1 GN 20MZ 17 26 48 00 24 d7 40 a8 64 akvoice1 Interfering 6 G 17 38 49 00 24 d7 40 ca 88 akvoice1 Interfering 6 G 17 39 ...

Page 507: ...ed for an AP Example The following output is displayed for the show ids detection command infrastructure detection level off Policies Status Low Medium High detect ap spoofing disable enable enable enable detect windows bridge disable enable enable enable signature deauth broadcast disable enable enable enable signature deassociation broadcast disable enable enable enable detect adhoc using valid ...

Page 508: ...isable disable enable enable detect omerta attack disable disable enable enable detect fatajack disable disable enable enable detect block ack attack disable disable enable enable detect hotspotter attack disable disable enable enable detect unencrypted valid disable disable enable enable detect power save dos attack disable disable enable enable detect eap rate anomaly disable disable disable ena...

Page 509: ...protection level off Policies Status Low High protect ssid disable enable enable rogue containment disable enable enable protect adhoc network disable disable enable protect ap impersonation disable disable enable client protection level off Policies Status Low High protect valid sta disable enable enable protect windows bridge disable disable enable Parameter Description Infrastructure protection...

Page 510: ...l rules configured for an AP network Example The following output is displayed for the show inbound firewall rules command Access Rules Src IP Src Mask Dest IP Dest Mask Dest Match Protocol id sport eport Application Action Log TOS 802 1P Blacklist App Throttle Up Down Mirror DisScan ClassifyMedia any any any any match h323 tcp permit any any 192 0 2 0 255 255 255 0 match h323 udp permit The outpu...

Page 511: ...mmand to view table of L2 interface counters Example The following example shows the partial output of show interface counters command bond0 is up line protocol is up Hardware is Gigabit Ethernet address is d8 c7 c8 c4 42 98 Speed 1000Mb s duplex full Received packets 9441 Received bytes 1134064 Receive dropped 0 Receive errors 0 Receive missed errors 0 Receive overrun errors 0 Receive frame error...

Page 512: ...otal number of CRC errors during packet receive Receive length er rors Shows total length of the error Transmitted packets Shows total number of transmitted packets Transmitted bytes Shows total number of transmitted bytes Transmitted dropped Shows total number of packets dropped Transmission errors Shows total number of errors during packet transmit Lost carrier Shows total number of lost carrier...

Page 513: ...me Primary Partition Build Ver sion Shows the AP build version AP Image Class Indicates the AP class Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 144 show iot transportProfile Description This command displays the IoT profile status information Syntax show iot transportProfile profile name Example The following example shows the output of show iot transportP...

Page 514: ...rtProfile test3 IoT Data Profile test3 Parameter Value EndpointURL https app detagtive com EndpointType ZF PayloadContent zf tags TransportInterval 10s Token N A ID N A Username ankur kamthe gmail com Password It2GbjTXFAYEpHg43VOK2_2KrWePwmVPKwSHBTEj jM Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 145 show ip dhcp database Description This command displays t...

Page 515: ... Column Description DHCP subnet Indicates the network range for the client IP addresses DHCP Netmask Indicates the subnet mask specified for the IP address range for the DHCP subnet DHCP Lease Time m Indicates the duration of DHCP lease The lease time refers to the duration of lease that a DHCP enabled client has obtained for an IP address from a DHCP server DHCP Domain Name Indicates the domain n...

Page 516: ...33 siemens002 15 The output of this command includes the following parameters Paramter Description IGMP Group Table Displays details for the IGMP multicast group Group Indicates the IP addresses for the multicast group Members Indicates the number of members assigned to the multicast group VLAN Indicates the VLAN ID associated with the multicast group IGMP Group multicast address Table Displays th...

Page 517: ...following output is displayed for the show ip interface brief command Interface IP Address IP Netmask Admin Protocol br0 10 17 88 188 255 255 255 192 up up The output of the show ip interface brief command provides the following information Column Description Interface Lists the interface and interface identification where applicable IP Address IP Netmask Lists the IP address and subnet mask for t...

Page 518: ...ommand Mode All platforms Privileged EXEC mode 4 16 148 show ip route Description This command displays the AP routing table Syntax show ip route Usage Guidelines Use this command to view the IP routes configured for an AP Example The following output shows the ip address of routers and the VLANs to which they are connected Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt ...

Page 519: ...efault window size for TCP connections over this route irrt Indicates the initial RTT The kernel uses this to determine the best TCP protocol parameters instead of relying on slow responses Iface Indicates the Interface to which packets are routed Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 149 show ipv6 interface Description Shows IPv6 related information ...

Page 520: ... lo LOOPBACK UP 10000 mtu 16436 inet6 1 128 scope host valid_lft forever preferred_lft forever 15 br0 BROADCAST MULTICAST UP 10200 mtu 1300 qlen 1000 inet6 2001 470 36 5c3 ffff ffff ffff 5b 64 scope global valid_lft forever preferred_lft foreve inet6 2001 470 36 5c3 aea3 1eff fecd 471a 64 scope global dynamic valid_lft 2963sec preferred_lft 1963sec inet6 2001 470 36 5c3 ffff ffff ffff 1001 128 sco...

Page 521: ... 5cff fe65 ee19 UGDA 1024 1 128 U 0 2001 470 36 5c3 aea3 1eff fecd 471a 128 U 0 2001 470 36 5c3 ffff ffff ffff 5b 128 U 0 2001 470 36 5c3 ffff ffff ffff 1001 128 U 0 fe80 aea3 1eff fecd 471a 128 U 0 ff02 d 128 ff02 d UC 0 ff02 1 2 128 ff02 1 2 UC 0 ff00 8 U 256 Ref Use Iface 0 0 br0 0 0 br0 0 0 br0 0 0 br0 0 1 lo 0 1 lo 2800 1 lo 6 1 lo 6602 1 lo 12194 0 br0 2 0 br0 0 0 br0 Command Information AP ...

Page 522: ... MAC address status Displays the L3 mobility status for an AP Usage Guidelines Use this command to view the L3 mobility information for an AP Example show l3 mobility config The following example shows the output of the show l3 mobility config command Flags Type Value Home Agent Load Balancing enable Virtual Controller Table VirtualRoaming Client Table Client MAC Home Vlan VAP Vlan Tunnel ID Statu...

Page 523: ...m seamlessly among all the APs Subnet Indicates the IP address for the mobility domain Netmask Displays the subnet mask configuration details VLAN Displays the VLAN ID configured for the mobility domain Virtual Controller Displays the Virtual Controller configuration associated with the mobility domain show l3 mobility datapath The following example shows the output of show l3 mobility datapath co...

Page 524: ...e ID Remote Protocol Indicates the remote protocol used by the roaming clients Dest IP Indicates the destination IP address to which the packets are routed Clients Displays the list of clients Idle Time Displays the idle time Rx Packets Displays information about packets received Tx Packets Displays information about packets transmitted Rx Mcasts Displays information about multicast packets receiv...

Page 525: ... a description of the mobility event IP Indicates the IP address of the roaming client Dir Indicates if the client has roamed in or out of the mobility subnet Peer IP Displays the peer IP address if any peer clients are configured Home Vlan Displays the VLAN ID associated with the home subnet VAP Vlan Displays the VLAN ID associated with the Virtual AP Tunnel ID Indicates the tunnel interface used...

Page 526: ...P IP address local tunnel ID and remote tunnel ID Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 152 show lacp status Description This command displays the LACP configuration status on an AP Syntax show lacp status Usage Guidelines LACP provides a standardized means for exchanging information with partner systems to form a dynamic LAG The LACP feature is autom...

Page 527: ...e link status number of ports AP partner MAC address and the interface status Command Information AP Platform Command Mode AP 220 Series Privileged EXEC mode 4 16 153 show ldap servers Description This command displays the LDAP servers configured for user authentication on the Virtual Controller Syntax show radius servers Usage Guidelines Use this command to view the LDAP server configuration info...

Page 528: ...can attempt to connect to the server Admin DN Displays distinguished name for the administrator Admin Password Displays the password for LDAP administrator Base DN Displays a distinguished name for the node which contains the entire user database Filter Shows the filter to apply when searching for a user in the LDAP data base Key Attribute Displays the attribute to use as a key when searching for ...

Page 529: ...onfigured on an AP The policies are configured from the Clarity Health Check page Example The show lhm status command displays the number of times the policies configured on an AP have run As there are no policies configured on the AP the status shows up as Empty in this command output Periodic Policy Statistics Last Policy Table Flush Time 00 00 00 Pending Periodic Policy Status Available Tokens ...

Page 530: ...13 53 33 awc 4594 awc_read 1518 receive http redirect location wss amps ip wss Jul 25 13 53 34 awc 4594 awc_read 1525 send CLI_AWC_REDIRECT location wss 10 17 139 177 ws Jul 25 13 53 34 awc 4594 awc_close_conn 852 disconnected Jul 25 13 53 34 awc 4594 wsc receive message from cli len 202 Jul 25 13 53 34 awc 4594 wsc receive message type CONNECT_REQUEST 1 payload_type 1 Jul 25 13 53 34 awc 4594 wsc...

Page 531: ...count Starts displaying the log output from the specified number of lines from the end of the log Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 157 show log convert Description This command shows image conversion details for the AP Syntax show log convert Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 158 show log debug D...

Page 532: ...es from the end of the log Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 159 show log drive Description This command displays the status of drivers configured on the AP Syntax show log driver count Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 160 show log kernel Description This command shows AP s kernel logs Syntax sho...

Page 533: ...ility command May 9 21 23 07 Potential Foreign Client Information mac c4 85 08 de 06 d4 rcvd from self vlan 0 1 tid 255 oldapip 0 0 0 0 fapip 10 17 88 59 hapip 0 0 0 0 vcip 0 0 0 0 info l2 timed out test May 9 01 43 22 Station Offline mac 08 ed b9 e1 51 87 rcvd from self vlan 0 0 tid 255 oldapip 0 0 0 0 fapip 0 0 0 0 hapip 0 0 0 0 vcip 0 0 0 0 info May 9 01 25 53 This Client is Normal mac 08 ed b9...

Page 534: ...nel interface used for routing packets Old AP IP Indicates the IP address of the AP from which the client has roamed FAP IP Indicates the IP address of the AP in the foreign subnet HAP IP Indicates the IP address of the AP in the home subnet to which the client is currently connected VC IP Indicates the IP address of the Virtual Controller Additional Info Displays additional information if any Com...

Page 535: ... Privileged EXEC mode 4 16 164 show log papi handler Description This command shows the cluster security debugging logs Syntax show log papi handler count Parameter Description count Starts displaying the log output from the specified number of lines from the end of the log Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 165 show log pppd Description Shows the ...

Page 536: ...atforms Privileged EXEC mode 4 16 166 show log rapper Description This command show details the VPN connection logs in detail Syntax show log rapper Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 167 show log rapper brief Description This command provides brief information about IKE message transactions with the exact message and timestamp details Syntax show ...

Page 537: ...306 22 02 SEND 70947477257fa7e3 eaca9e0d1af43efb np 46 EXHG CREATE CHILD SA 2017 05 0306 22 02 RECV 70947477257fa7e3 eaca9e0d1af43efb np 46 EXHG CREATE CHILD SA 2017 05 0306 22 02 ESP spi 56b60c00 10 17 140 252 10 17 140 226 udp encap 2017 05 0306 22 02 ESP spi e2920a00 10 17 140 226 10 17 140 252 udp encap 2017 05 0308 02 55 SEND 70947477257fa7e3 eaca9e0d1af43efb np 46 EXHG CREATE CHILD SA 2017 0...

Page 538: ...CHILD_SA SUCCESS 2017 05 02 11 52 18 10 17 140 252 6904164c4f81ce9d e37903823fa5ca58 0xb2dd5100 0x1dad7500 CREATE_CHILD_SA SUCCESS 2017 05 02 13 33 11 10 17 140 252 8048813ca5b1eef9 af50609e79ce0102 0x2e3d9b00 0x76928b00 CREATE_CHILD_SA SUCCESS 2017 05 02 15 14 04 10 17 140 252 8048813ca5b1eef9 af50609e79ce0102 0x6b0f4400 0x61f8bf00 CREATE_CHILD_SA SUCCESS Command Information AP Platform Command M...

Page 539: ...unt of the SCD requests Example The following example displays the output of the show log scd command 5998 2018 05 24 07 21 21 ReplyBatch packetLength 1833 data length 1837 templateLength 114 requestCount 16 5998 2018 05 24 07 21 22 Received slot request 353 replyStatus 0 5998 2018 05 24 07 21 22 Received slot request 354 replyStatus 0 5998 2018 05 24 07 21 22 Got Alive Ping message header 5998 20...

Page 540: ...ription count Starts displaying the log output from the specified number of lines from the end of the log Example The following example configures the 5 GHz radio channel scalance a channel 44 18 Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 172 show log system Description This command shows system logs of AP Syntax show log system count Parameter Description...

Page 541: ...rade details for both local image file and URL for the AP Syntax show log upgrade Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 174 show log user Description This command shows the AP user logs Syntax show log user count Parameter Description count Starts displaying the log output from the specified number of lines from the end of the log Command Information ...

Page 542: ...leged EXEC mode 4 16 176 show log vpn tunnel primary Description This command shows the primary VPN tunnel status for the AP Syntax show log vpn tunnel primary Parameter Description primary tunnel Displays the log output from the primary VPN tunnel Usage Guidelines Use this command to view a table of a primary VPN tunnel status Example The following example shows the output of show log vpn tunnel ...

Page 543: ...us for the AP Syntax show log vpn tunnel backup Parameter Description backup tunnel Displays the log output from the backup VPN tunnel Usage Guidelines Use this command to view a table of a backup VPN tunnel status Example The following example shows the output of show log vpn tunnel backup command 2017 05 02 06 49 53 backup tunnel tunnel_config_remove 2896 configure remove tunnel backup tunnel ty...

Page 544: ...y status for the specified count of VPN tunnels Example The following example shows the output of show log vpn tunnel command 2017 05 0206 49 16 tunnel_profile_init 2644 init tunnel profile default 2017 05 0206 49 18 tunnel_uplink_change 3552 uplink changed the new uplink de vice br0 2017 05 0206 49 18 tunnel_stop_check_primary_timer 995 current using tun nel unselected tunnel 2017 05 0206 49 36 a...

Page 545: ...05 02 06 49 53 tunnel psk config 3124 config cert 2017 05 02 06 49 53 Manual GRE primary endpoint 0 0 0 0 2017 05 02 06 49 55 tunnel sysctl set lmsip Set LMSIP 172 16 0 254 Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 179 show log wireless Description This command shows wireless logs of the AP Syntax show log wireless count Parameter Description count Starts...

Page 546: ...2 kB Inactive 12640 kB Active anon 15948 kB Inactive anon 0 kB Active file 5524 kB Inactive file 12640 kB Unevictable 0 kB Mlocked 0 kB SwapTotal 0 kB SwapFree 0 kB Dirty 0 kB Writeback 0 kB AnonPages 15972 kB Mapped 7728 kB Shmem 0 kB Slab 32252 kB SReclaimable 884 kB SUnreclaim 31368 kB KernelStack 816 kB PageTables 512 kB NFS Unstable 0 kB Bounce 0 kB WritebackTmp 0 kB CommitLimit 124024 kB Com...

Page 547: ...yed for the show mgmt user command Server Load Balancing Disabled Local User DB Backup Disabled Hash Management Password Enabled RADIUS Servers Name IP Address Port Key Timeout Retry Count Server1 192 0 2 2 1616 23567aea01cb66d354d2b1f5d13df7f85d4a d1d1f181fb4827 5 NAS IP Address NAS Identifier In Use RFC3576 Yes Management User Table Name Password Type admin admin Admin The output of this command...

Page 548: ...s Displays the IP address of the NAS if NAS is configured NAS Identifier Indicates the NAS identifier to be sent with the RADIUS requests if NAS is configured In Use Indicates if the server is in use RFC3576 ndicates if the APs are configured to process RFC 3576 compli ant CoA NAS IP address Displays the IP address of the NAS if NAS is configured Name Management User Table Indicates the username o...

Page 549: ...through Disabled Captive Portal Disabled Exclude Uplink none Hide SSID Disabled Content Filtering Disabled Auth Survivability Disabled Auth Survivability time out 24 RADIUS Accounting Disabled Interim Accounting Interval 0 Radius Reauth Interval 0 DTIM Interval 1 Inactivity Timeout 1000 Legacy Mode Bands all G Minimum Transmit Rate 1 G Maximum Transmit Rate 54 A Minimum Transmit Rate 6 A Maximum T...

Page 550: ...t reachable Detection disabled Active uplink eth0 Primary VPN Not configured Secondary VPN Not configured AirWave Not configured The output of this command provides the following information Column Description Internet Reachable Indicates the status of the WLAN network Active uplink Indicates the uplink that is currently active on the AP Primary VPN Indicates the status of the Primary VPN configu ...

Page 551: ...yslog packets sent to the cloud server Example The following example displays the output of the show openflow clickstream statistics command Last CS feed flush timestamp 08 43 16 Last CS data flush count 16 Last CS data flush size 16275 CS ring buffer size threshold limit 16384 bytes OFALD CS debug disabled Datapath CPU throttle stats max percent 60 current drop 0 Kernel SKB total count 51 Kernel ...

Page 552: ... limit 16384 bytes SYSLOG Total packet_ins 0 Total Syslog packets generated 4 Syslog IP 15 184 8 6 Syslog Level warn Current SYSLOG data count 4 Current SYSLOG data size 839 bytes Current SYSLOG free space 15545 bytes Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 185 show opendns Description This command displays the open DNS configuration details for an AP S...

Page 553: ... for the OpenDNS account OpenDNS Status Indicates if the AP is connected to the OpenDNS server OpenDNS Error Message Displays OpenDNS error message Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 186 show out of service Description This command displays the details of the out of service operations triggered on the AP Syntax show out of service Usage Guidelines ...

Page 554: ...how pppoe Description This command shows PPPoE debug logs and uplink status Syntax show pppoe config debug logs debug status Parameter Description config Displays PPPoE configuration details debug logs Displays PPPoE debug logs debug status Displays the uplink status Example show pppoe config The following example shows the configuration of the PPPoE show pppoe config command PPPoE Configuration T...

Page 555: ...formation AP Platform Command Mode All platforms Privileged EXEC mode 4 16 188 show port status Description Displays the activity statistics on each of the port on the controller Syntax show port status details Example The following example shows the output of the show port status command Port Status Port Type Admin State Oper State STP State Dot3az eth0 GE up up Off Disable eth1 GE up up Off Disa...

Page 556: ...ils command Swarm Port Stats Mac Address AP IF Index Frames in Frames out 20 4c 03 0e c6 cf 20 4c 03 0e c6 cf 0 10732 88696 20 4c 03 0e c6 d0 20 4c 03 0e c6 cf 1 310513 213194 20 4c 03 0e c6 d1 20 4c 03 0e c6 cf 2 271365 1682 Bytes in Bytes out Speed Duplex Link 1413854 3584848 100 full up 14283598 14585336 100 full up 12482790 120570 0 full down The output of this command provides the following i...

Page 557: ...ugging purpose Example The following example shows the partial output for the show process command PID Uid VmSize Stat Command 1 root 332 S init 2 root SWN ksoftirqd 0 3 root SW events 0 4 root SW khelper 5 root SW kthread 6 root SW kblockd 0 7 root SW pdflush 8 root SW pdflush 10 root SW aio 0 9 root SW kswapd0 992 root 348 S sbin udhcpc i br0 b 1343 root 744 S aruba bin tinyproxy 1344 root 476 S...

Page 558: ...ess ID user ID of the user running the process virtual memory consumed by the process statistics and the command associated with the processes running on the AP Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 190 show proxy config Description This command displays the HTTP proxy configuration settings on an AP Syntax show proxy config Example The following exam...

Page 559: ...oxy password Displays the password set to authenticate the proxy server in the encrypted format Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 191 show radio config Description This command displays the 2 4 GHz and 5 GHz radio configuration details for an AP Syntax show radio config Usage Guidelines Use this command to view the 2 4 GHz and 5 GHz radio configur...

Page 560: ... AP in milliseconds When beacon interval is configured the 802 11 beacon management frames are transmitted by the access point at the specified interval 802 11d 802 11h Displays if the AP is allowed advertise its 802 11d country information and 802 11h capabilities Interference Immunity Level Displays the immunity level configured for anAP radio profile to improve performance in high interference ...

Page 561: ...cates the Rx sensitivity values configured on the 2 4 GHz and 5 0 GHz radio profiles Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 192 show radio profile Description This command displays the 2 4 GHz and 5 GHz radio profile details for an AP Syntax show radio profile profile_name Usage Guidelines Use this command to view the 2 4 GHz and 5 GHz radio profile de...

Page 562: ...able 0 0 0 disable test1 dynamic No disable enable 5 0G Radio profile Name Legacy Mode Single Chain Legacy Beacon Interval 802 11d 802 11h Interference Immunity Level CSA Count MAX Distance Channel Reuse Type Channel Reuse Threshold Spectrum Monitor Standalone Spectrum Band Max Tx Power Min Tx Power Cell Size Reduction Smart Antenna VHT zone WIDS Override Active 40M intolerance Honor 40 intoleranc...

Page 563: ...leged EXEC mode 4 16 193 show radius redirect url Description This command displays the RADIUS redirection url received from a CPPM or any authentication server Syntax show radius redirect url Usage Guidelines Use this command to view the RADIUS redirection url received from any authentication server Example The following example shows the output of show radius redirect url command c8 b5 ad c3 af ...

Page 564: ...s the output of show radius servers support command RADIUS Servers Name IP Address Port Acctport Key InternalServer 127 0 0 1 1616 1813 596ff8d50a0662b542e96567bb87db331 208cc412bfb4aade8033ca9b46e5f09f933f89bb374bdd80b9acadcc981fdf5ea5ea13e33e43378f 56913cd3e76dc7a test test abc com 1812 1813 testServer test test com 1812 1813 Timeout Retry Count NAS IP Address NAS Identifier In Use RFC3576 5 3 Y...

Page 565: ...ntifier Indicates the NAS identifier to be sent with the RADIUS requests In Use Indicates if the server is in use RFC3576 Indicates if the APs are configured to process RFC 3576 compliant Change of Authorization CoA Airgroup RFC3576 ONLY Indicates if APs are configured to be RFC 3576 compliant only Airgroup RFC3576 port Indicates the port number used for sending AirGroup CoA Deadtime Indicates the...

Page 566: ... Not Applicable 2015 07 07 00 00 00 00000 0 2015 07 07 00 00 05 5000000 Not Applicable 2015 07 07 00 00 00 00000 0 2015 07 07 00 00 05 5000000 Not Applicable 2015 07 07 00 00 00 00000 0 2015 07 07 00 00 05 5000000 Not Applicable 2015 07 07 00 00 00 00000 0 2015 07 07 00 00 05 5000000 The output of this command provides the following information Parameter Description Name Indicates the name of the ...

Page 567: ...output of the show radseccert command Current radsec CA Certificate Version 3 Serial Number DE DF 11 F6 AC C0 91 00 Issuer C GB ST Berkshire O My Company Ltd OU Leon CN Leon emailAddress lzheng arubanetworks com Subject C GB ST Berkshire O My Company Ltd OU Leon CN Leon emailAddress lzheng arubanetworks com Issued On Mar 24 15 14 41 2011 GMT Expires On Mar 21 15 14 41 2021 GMT Signed Using SHA1 RS...

Page 568: ...bugging logs generated for the RTLS tags by the AP Syntax show rtls logs Usage Guidelines Use this command to view the debugging logs generated for the RTLS tags Example The following example shows the output of the show rtls logs command 2018 04 13 07 49 33 AS aeroscout Config 2018 04 13 07 49 33 AP f0 5c 19 c9 c5 18 IP 10 65 65 221 Port 15407 2018 04 13 07 49 33 TOUT 0 TAG ADDR 00 00 00 00 00 00...

Page 569: ... BSSID Batt Data Rate TX Power Channel Vendor ID Last Update 00 0c cc 55 73 8e 10 a8 bd 27 18 49 c0 0 10 0 6 0 10s 00 0c cc 02 b4 eb 30 a8 bd 27 18 49 c0 0 10 0 6 0 107s 00 0c cc 55 73 7c 41 a8 bd 27 18 49 c0 0 10 0 6 0 213s Total devices 3 Report Tag Off Report Interval 60 Debug Logs On Last Send Time 2018 04 13 15 32 21 Tags Chirps 8223 Command Information AP Platform Command Mode All platforms ...

Page 570: ...l controller key 0cb5770401cdeb6e4363c25fdfde17d907c4b095a9be5e name instant C4 42 98 terminal access clock timezone none 00 00 rf band all allow new aps allowed ap d8 c7 c8 c4 42 98 arm wide bands 5ghz 80mhz support min tx power 18 max tx power 127 band steering mode prefer 5ghz air time fairness mode fair access client aware scanning client match syslog level warn ap debug syslog level warn netw...

Page 571: ...68 permit rule any any match udp 53 53 permit wlan access rule test index 3 rule any any match any any any deny wlan ssid profile test enable index 1 type employee essid instant opmode opensystem max authentication failures 0 rf band all captive portal disable dtim period 1 inactivity timeout 1000 broadcast filter none dmo channel utilization threshold 90 local probe req thresh 0 max clients thres...

Page 572: ...l native vlan guest no shutdown access rule name wired instant speed auto duplex auto no poe type guest captive portal disable no dot1x wired port profile default_wired_port_profile switchport mode trunk allowed vlan all native vlan 1 shutdown access rule name default_wired_port_profile speed auto duplex full no poe type employee captive portal disable no dot1x enet0 port profile default_wired_por...

Page 573: ...rint Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 200 show snmp configuration Description This command displays the SNMP configuration details for a Virtual Controller Syntax show snmp configuration Usage Guidelines Use this command to view the SNMP information configured on a Virtual Controller Example The following example shows the output of show snmp con...

Page 574: ... authentication protocol configured for the SNMP users Encryption Type Indicates the encryption type for example CBC DES Symmetric Encryp tion Protocol configured for SNMP users SNMP Trap Hosts Displays the traps generated by the host system IP Address Indicates the host IP address generating the SNMP trap Version Displays the SNMP version for which the trap is generated Name Indicates the name of...

Page 575: ...TT SPOT on CHANNEL 1 2013 05 12 14 09 53 An AP NAME d8 c7 c8 cb d4 20 and MAC d8 c7 c8 cb d4 20 on RADIO 2 detected an interfering access point BSSID 6c f3 7f 45 5d 20 and SSID 7SPOT on CHANNEL 1 2013 05 12 14 10 36 An AP NAME d8 c7 c8 cb d4 20 and MAC d8 c7 c8 cb d4 20 RADIO 2 changed its channel from channel 1 secchan offset 1 to channel 7 secchan offset 1 due to reason 12 Command Information AP...

Page 576: ...the spectrum alerts for an AP When a new non Wi Fi device is found an alert is reported to the Virtual Controller The spectrum alert messages provide information about the device ID device type IP address of the spectrum monitor or hybrid AP and the timestamp The Virtual Controller reports the detailed device information to AirWave Management server Example The following example shows the output f...

Page 577: ...ained from the Virtual Controller speed test client Syntax show speed test Usage Guidelines Use this command to view the traffic details obtained from the last speed test run from the Virtual Controller client Example The following output is displayed for the show speed test command Speed Test Data for traffic From Client to Server Time of Execution Mon 02 Nov 2015 09 18 07 GMT Server IP 10 17 138...

Page 578: ...ode All platforms Privileged EXEC mode 4 16 205 show stats Description This command displays the aggregate statistics for APs AP clients AP cluster and network profiles configured on an AP Syntax show stats ap IP address client MAC address global network network name count Parameter Description ap IP address Displays information on AP utilization RF trends and client details for a specific AP clie...

Page 579: ...an AP Virtual Controller or the AP network over the last 15 minutes RF trends Displays information the utilization noise or error threshold for an AP It also shows the current speed or signal strength for the clients in the network and the RF information for the APs to which the clients are connected Mobility Trail Shows duration of the client is association with an AP and the name of the AP to wh...

Page 580: ...GHz Frames In fps 2 4 GHz Frames Drops fps 5 0 GHz Frames Drops fps 2 4 GHz Mgmt Frames In fps 5 0 GHz Mgmt Frames In fps 2 4 GHz Mgmt Frames Out fps 5 0 GHz Mgmt Frames Out fps 00 34 46 59 4 91 93 41 0 0 0 68 18 1 1 403 265 1 0 00 34 17 61 5 92 93 45 0 0 1 78 21 1 1 408 287 1 1 Client Heatmap Clients Signal Speed IP Address AP List Name IP Address Mode Spectrum Clients Type CPU Utilization Memory...

Page 581: ...Type AN OS Swarm Client Stats Timestamp Signal dB Frames In fps Frames Out fps Throughput In bps Throughput Out bps Frames Retries In fps Frames Retries Out fps Speed mbps 00 32 46 47 0 0 0 170 0 0 6 00 32 16 47 0 0 0 170 0 0 6 00 31 46 47 0 1 0 5946 0 0 6 00 31 16 49 0 0 0 316 0 0 6 Mobility Trail Association Time Access Point 11 04 56 d8 c7 c8 cb d4 20 Client Heatmap Client Signal Speed IP Addre...

Page 582: ... Frames Out fps Frames In fps Throughput Out bps Throughput In bps 00 38 05 1 0 0 294 380 00 37 35 1 0 0 98 101 00 37 04 1 0 0 0 0 00 36 33 1 0 0 0 0 00 36 03 1 0 0 0 0 00 35 32 1 0 0 46 49 00 35 01 1 0 0 93 99 00 34 31 1 0 0 186 199 00 34 00 1 0 0 0 0 00 33 29 1 0 0 0 0 00 32 59 1 0 0 0 170 00 32 28 1 0 0 0 170 00 31 58 1 0 1 2961 5946 00 31 27 1 0 0 196 316 00 30 56 1 0 0 196 202 Access Point He...

Page 583: ...0 0 0 0 0 16 37 54 0 0 0 0 0 16 37 24 0 0 0 0 0 16 36 54 0 0 0 0 0 16 36 24 0 0 0 0 0 16 35 54 0 0 0 0 0 16 35 23 0 0 0 0 0 16 34 53 0 0 0 0 0 16 34 23 0 0 0 0 0 Access Point Heatmap Access Points Utilization Noise Errors d8 c7 c8 c4 42 98 poor good good Client Heatmap Clients Signal Speed IP Address Name test123 ESSID test123 Status Enabled Mode wpa2 aes Band all Type employee Termination Disable...

Page 584: ...Interval 1 Inactivity Timeout 1000 Legacy Mode Bands all G Minimum Transmit Rate 1 G Maximum Transmit Rate 54 A Minimum Transmit Rate 6 A Maximum Transmit Rate 54 Multicast Rate Optimization Disabled LEAP Use Session Key Disabled Broadcast filter none Max Authentication Failures 0 Blacklisting Disabled WISPr Disabled Accounting mode Authentication Work without usable uplink Disabled Percentage of ...

Page 585: ...rivation Rules Attribue Operation Operand Role Name Index Vlan Derivation Rules Attribue Operation Operand Vlan Id RADIUS Servers Name IP Address Port Key Timeout Retry Count NAS IP Address NAS Identifier RFC3576 test 10 0 0 1 1812 test123 5 3 test123 10 0 0 0 1812 test123 5 3 LDAP Servers Name IP Address Port Timeout Retry Count Admin DN Admin Password Base DN test 0 0 0 0 0 5 3 Access Rules Dest...

Page 586: ...Terms of Use This network is not secure and use is at your own risk Internal Captive Portal Redirect URL Captive Portal Mode Acknowledged External Captive Portal Configuration Server localhost Port 80 URL Authentication Text Authenticated External Captive Portal Redirect URL Server Fail Through No Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 206 show subscri...

Page 587: ... ACTIVE Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 207 show summary Description This command shows the current configuration details Syntax show summary difference support Parameter Description difference Shows the difference in configuration support Shows the summary support containing the configuration details used by support Command Information AP Platf...

Page 588: ...formats Usage Guidelines Use this command to view the list certificate formats supported by the AP Example The following example shows the output of show supported cert formats command Server Certificate Formats Name PEM CA Certificate Formats Name PEM DER Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 209 show swarm Description This command displays the vario...

Page 589: ...nc_complete mesh auto eth0 bridging no Config in flash yes factory SSID in flash no extended ssid configured yes extended ssid active yes Factory default stat no Source of system time Image file Config load cnt 1 VC Channel index 1 IDS Client Gateway Detect yes Config Init success cnt for heartbeat 0 Config Init success cnt for register 0 Config Init skipping cnt for heartbeat 0 Config Init skippi...

Page 590: ...debug system debug user debug user debug debug wireless debug The output of this command provides the following information Parameter Description Facility Displays the list of logging facilities configured on the AP ap debug Generates a log for the AP device for debugging purposes network Generates a log when there is a change in the network for example when a new AP is added to a network security...

Page 591: ... Notice Significant events of a non critical and normal nature The default value for all Syslog facilities Informational Messages of general interest to system users Debug Messages containing information useful for debugging Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 211 show tacas servers Description This command displays all the tacacs servers configured...

Page 592: ...er key Indicates the shared secret key used to authenticate and access tacacs server Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 212 show tech support Description This command displays the complete AP information and the associated configuration details which can be used by the technical support representatives for debugging Syntax show tech support Usage G...

Page 593: ...time profile command Time Range SSID Profile Time Profile Name SSID profile Name Enable Disable Lunch Break Test123 Enable Time Range ACL Profile Time Profile Name Access Role Name Rule Evening_5_7 sandeepy any any match any any any permit time range hel lo world The output of this command provides the following information Parameter Description Time Profile Name Name of the time profile SSID Prof...

Page 594: ...e following information Parameter Description Profile Name Indicates the name of Time Profiles created on the AP Type Indicates the type of time profile created Start Day Indicates the date on which the time profile is enabled on the SSID Start Time Indicates the time at which the time profile is made active on the SSID End Day Indicates the date on which the time profile is disabled on the SSID E...

Page 595: ...he TSPEC statistics Example The following example shows the output of the show tspec calls command TSPEC Stats SSID Total ADDTS Accepted calls Refused calls DELTS Received DELTS Sent scalance ap 0 0 0 0 0 scalance ap 0 0 0 0 0 TSPEC SSIDs SSID Radio Max Bandwidth Available Bandwidth scalance ap 1 0 00 0 00 TSPEC Calls Client Client MAC Allocated Bandwidth Active flows TSPEC SSIDs SSID Radio Max Ba...

Page 596: ...command displays the status of the cellular modem link on the AP Syntax show usb status Usage Guidelines The USB devices connected to anAP can be enabled or disabled according to uplink configuration settings The show usb status command displays the status of the USB connected to the AP Example The following example shows the output of the show usb status command scalance config show usb status Ce...

Page 597: ...CDMA GSM Firmware Version BD_MF831HDV1 0 0B02 ESN Number 8 62828E 14 Cellular Link Status Parameter Value USB Modem State Active USB Uplink RSSI in dBm 69 Current Network Service4G LTE plugin counter 0 plugout counter 0 The output of this command includes the following parameters Parameter Description card Indicates if the cellular cards are currently configured on the AP detect Indicates if cellu...

Page 598: ...committed configuration details Use the commit apply command to commit the configuration changes Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 218 show upgrade info Description This command displays the image upgrade details for an AP Syntax show upgrade info Usage Guidelines This command displays the image upgrade details for an AP Example The following exam...

Page 599: ... Indicates the source of image Error Detail Displays errors generated when an upgrade fails Auto Reboot Indicates if automatic rebooting of AP is enabled on a successful upgrade Use External URL Indicates if an external URL can be used for loading an image file Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 219 show uplink Description This command displays upl...

Page 600: ... if Ethernet uplink is configured Max allowed test packet loss Indicates an allowed number of test packets that can be lost verifying the Internet availability Secs between test packets Indicates the frequency at which the test packets are sent to verify the Internet availability VPN failover timeout secs Indicates the number of seconds to wait before trying a differ ent uplink when a VPN tunnel i...

Page 601: ...ets that can be lost verifying the Internet availability Secs between test packets Indicates the frequency at which the test packets are sent to verify the Internet availability VPN failover timeout secs Indicates the number of seconds to wait before trying a different uplink when a VPN tunnel is down ICMP pkt sent Indicates the number of ICMP packets sent to verify the Internet availability for u...

Page 602: ... 0 Uplink Vlan Provisioned The output of this command provides the following information Column Description Uplink Vlan Current Indicates if the VLAN ID Uplink Vlan Provisioned Indicates if the uplink VLAN is provisioned Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 221 show url visibility Description This command displays the url visibility status of the out...

Page 603: ...12 1 172 16 40 254 198 35 26 96 wikipedia org 13 1 172 16 40 254 206 190 36 45 yahoo com 9 1 Num of Entries 12 Last URL flash timestamp 00 00 00 Last flash URL session count 0 Max URL table size 2097152 bytes Current URL count 12 Current URL size 426 bytes The output of this command provides the following information Column Description SrcIP Indicates the source IP DstIP Indicates the destination ...

Page 604: ... Guidelines Use this command to view the AP user credentials Example The following output is displayed for the show user command show user User Table Name Password Attribute d8 c7 c8 cb d4 20 show user portal Portal User Table Name Password d8 c7 c8 cb d4 20 show user radius Radius User Table Name Password The output of this command provides the following information Column Description Name Indica...

Page 605: ...w valid channels Description This command displays the list of channels that are valid for an AP serving a specific regulatory domain Syntax show valid channels Usage Guidelines Use this command to view the list of valid channels that can be configured on your AP Example The following example shows the output of show valid channels command 2 4 GHz 1 2 3 4 5 6 7 8 9 10 11 12 13 1 2 ...

Page 606: ...157 161 165 36 44 52 60 149 157 The output of this command provides the following information Parameter Description 2 4 GHz Displays the list of channels valid for an AP in the 2 4 GHz band 5 0 GHz Displays the list of channels valid for an AP in the 5 GHz band Command Information AP Platform Command Mode All platforms Privileged EXEC mode ...

Page 607: ...t of show vlan mapping command Vlan Mapping Table VLAN Name VLAN ID myvlan 30 The output of this command provides the following information Parameter Description VLAN Name Displays the configured VLAN name for an SSID profile VLAN ID Displays the configured VLAN ID for an SSID profile Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 225 show version Description ...

Page 608: ... of this command provides the following information Parameter Description Version Indicates the version of AP software Reboot Time and Cause Indicates the reason for which the AP was last rebooted and the reboot time Model Indicates the AP model Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 226 show vpn Description This command displays the status and configu...

Page 609: ... Cnt 2 VPN Ikepsk VPN Username VPN Password 95a5624fbf08dfb3e794ac2c6686e330 GRE outside vpn disable GRE Server GRE IP Address 0 0 0 0 GRE Type 1 GRE Per AP Tunnel disable Reconnect User On Failover disable Reconnect Time On Failover 60 Routing Table Destination Netmask Gateway Type The output displayed for this command provides information on the parameters configured for the VPN concentrator For...

Page 610: ...nel crypto type Cert ipsec primary tunnel peer address N A ipsec primary tunnel peer tunnel ip N A ipsec primary tunnel ap tunnel ip N A ipsec primary tunnel current sm status Init ipsec primary tunnel tunnel status Down ipsec primary tunnel tunnel retry times 0 ipsec primary tunnel tunnel uptime 0 ipsec backup tunnel crypto type Cert ipsec backup tunnel peer address N A ipsec backup tunnel peer t...

Page 611: ... tunnel Use count Displays the use count value Ifindex Displays the VPN index value Ifname Displays the VPN tunnel name Flags Displays the VPN flag type Retry count for Register Request Displays the retry count for the registration request GRE Encap Decap Displays the encapsulation or decapsulation counters of GRE tunnel Old Subnet Status Displays the VLAN addition request count Existing Subnet St...

Page 612: ...den Usage Guidelines Use this command to view the walled garden configuration details for an AP A walled garden typically controls access to web content and services The Walled garden access is required when an external captive portal is used For example a hotel environment where the unauthenticated users are allowed to navigate to a designated login page for example a hotel website and all its co...

Page 613: ... command White List Domain Name example com Black List Domain Name example2 com The output of this command provides the following information Parameter Description Domain Name Displays the blacklisted or whitelisted domain names and URLs Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 229 show wifi uplink Description This command displays the configuration deta...

Page 614: ...fi uplink auth log command wifi uplink auth configuration wifi uplink auth log 1536 2013 05 08 23 42 06 647 Global control interface tmp supp_gbl show wifi uplink config The following output is displayed for the show wifi uplink config command ESSID Wifi Cipher Suite wpa tkip psk Passphrase test1234 Band dot11a The output for this command displays the following information Parameter Description ES...

Page 615: ...e 4 16 230 show wired port Description This command displays the configuration details associated with a wired profile configured on an AP Syntax show wired port profile name Parameter Description profile name Displays the current configuration details for a specific wired profile Usage Guidelines This command displays the configuration details associated with a wired profile configured on an AP E...

Page 616: ...sabled Captive Portal disable Exclude Uplink none Access Control Type Network Uplink enable Disabled Certificate Installed No Internal Radius Users 0 Internal Guest Users 0 Role Derivation Rules Attribue Operation Operand Role Name Index Vlan Derivation Rules Attribue Operation Operand Vlan Id RADIUS Servers Name IP Address Port Key Timeout Retry Count NAS IP Address NAS Identifier RFC3576 LDAP Se...

Page 617: ...k Terms of Use This network is not secure and use is at your own risk Internal Captive Portal Redirect URL Captive Portal Mode Acknowledged Custom Logo External Captive Portal Configuration Server localhost Port 80 URL Authentication Text Authenticated External Captive Portal Redirect URL Server Fail Through No The output of this command shows the configuration parameters associated with the selec...

Page 618: ...iredProf2 Trunk all 1 Down WiredProf2 auto Duplex POE In Use Authentication Method Trusted auto Yes Yes None full No Yes None Port Profile Assignments Port Profile Name 0 default_wired_port_profile 1 example1 crash 2 wired instant 3 wired instant 4 wired instant The output of this command provides the following information Column Description Name Indicates the name of the wired port profile VLAN M...

Page 619: ...es if the wired profile is in use Authentication Meth od Indicates the authentication method configured for the wired profile Trusted Indicates if a trusted port is supported in an AP Port Indicates the port number to which a wired profile is assigned Profile Indicates the name of wired profile assigned to a wired port Command Information AP Platform Command Mode All platforms Privileged EXEC mode...

Page 620: ...r SSID Indicates the SSID for which the WISPr authentication profile is config ured WISPr Operator Name Indicates the hotspot operator profile associated with the WISPr authen tication profile WISPr Location Name Indicates Hotspot location associated with the WISPr profile Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 233 show xml api server Description This ...

Page 621: ...nel Parameter Description Range sesimagotag esl channel channel Configures the static channel number of the ESL radio 0 10 Example The following example configures a static ESL radio channel number scalance sesimagotag esl channel 6 Command Information AP Platform Command Mode All platforms Privileged Exec mode 4 16 235 sesimagotag esl profile Description This command is used to configure SES imag...

Page 622: ...sl serverip 10 62 39 210 scalance sesimagotag esl profile sesimagotag esl channel 9 scalance sesimagotag esl profile end Command Information AP Platform Command Mode All platforms Configuration mode and sesimagotag esl profile sub configuration mode 4 16 236 snmp server Description This command configures SNMP parameters Syntax snmp server community address engine id engineID host ipaddr version 1...

Page 623: ...MD5 98 Digest Authentication Protocol or HMAC SHA 98 Digest Authentication Protocol and the password touse with the designated protocol MD5 SHA SHA priv prot Indicates the privacy protocol for the user and the pass wordto use with the designated protocol CBC DES Sym metric Encryption Protocol is the default option DES DES Usage Guidelines This command configures SNMP on the APs only Example The fo...

Page 624: ...nitial seconds to omit 1 5 on boot Configures the AP to run the speed test during boot up parallel Enter the number of parallel client streams 1 30 protocol tcp udp Configures the speed test profile to be executed using the UDP or TCP protocol tcp sec to measure secs Configures the duration of the speed test 0 20 secs 10 secs server ip server Denotes the IP address of the Iperf server which is use...

Page 625: ...st include reverse scalance speed test omit 5 scalance speed test parallel 10 scalance speed test protocol udp scalance speed test bandwidth 100 scalance speed test time interval 600 scalance speed test window 1 scalance speed test end scalance speed test commit apply Command Information AP Platform Command Mode All platforms Configuration mode and speed test configuration sub mode 4 16 238 speed ...

Page 626: ...st for an extended duration omit Enter the number of initial seconds to omit 1 5 parallel Enter the number of parallel client streams 1 30 sec to measure secs Specify a duration in secs for the speed test 0 20 secs 10 secs server port port Enter the server port that the client needs to connect to execute the speed test 5201 window Indicates the TCP window size or socket buffer size sent to the ser...

Page 627: ...ES CBC encryption no Enables the disabled cipher encryptions on the SSH server Usage Guidelines The SSH server supports AES CBC and AEC CTR ciphers Use this command if you want to disable one of the ciphers This configuration is applicable only to non FIPS builds Example The following command enables AES CBC and disables AES CTR on the SSH server scalance config ssh disable ciphers aes ctr The fol...

Page 628: ...this command to subscribe the AP based on its MAC address Example scalance config subscription ap a1 b2 c3 d4 42 98 status Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 16 241 subscription ap enable Description This command enables the subscription of an AP Syntax subscription ap enable no Command Parameter Description subscription ap enable Enables the subscrip...

Page 629: ...r cluster mode The swarm mode standalone command converts the AP to the standalone mode whereas the swarm mode cluster com mand converts it to the cluster mode standalone or cluster Usage Guidelines When an AP is converted to the standalone mode it cannot join a cluster of APs even if the AP is in the same VLAN If the AP is in the cluster mode it can form a cluster with other Virtual Controller AP...

Page 630: ...Error conditions Warning Warning messages Notice Significant events of a non critical and normal nature The default value for all Syslog facilities Informational Messages of general interest to system users Debug Messages containing information useful for debugging Emergency Alert Critical Errors Warn ing Notice Informational Debug Notice ap debug Generates a log for the AP device for debugging pu...

Page 631: ...calance config end scalance commit apply Command Information AP Platform Command Mode All platforms Configuration mode 4 16 244 syslocation Description This command allows you to define the physical location for the AP Syntax syslocation syslocation no Command Parameter Description syslocation Allows you to specify a physical location no Removes the configuration Usage Guidelines Use this command ...

Page 632: ...rver IP address no Parameter Description syslog server IP ad dress Specifies the IP address to configure the syslog server no Removes the configuration Usage Guidelines Use this command to configure syslog server for an AP Example The following command configures the IP address of the syslog server for an AP scalance config syslog server 192 0 2 9 scalance config end scalance commit apply Command ...

Page 633: ...nation server telnet port The physical port number of the server to which a connection needs to be established through Telnet Usage Guidelines Use this command to Telnet an external server using the SCALANCE W CLI Example The following example initiates a telnet session with external servers scalance telnet 10 0 0 1 23 Command Information AP Platform Command Mode All platforms Privileged EXEC mode...

Page 634: ...lowing example enables Telnet access to the AP scalance config telnet server scalance config end scalance commit apply Command Information AP Platform Command Mode All platforms Configuration mode 4 17 3 terminal access Description This command enables SSH access to SCALANCE W CLI Syntax terminal access no Command Parameter Description terminal access Enables terminal access to the SCALANCE W CLI ...

Page 635: ...uration mode 4 17 4 tftp dump server Description This command configures TFTP dump server for an AP Syntax tftp dump server IP address no Parameter Description tftp dump server IP address Configures TFTP dump server IP address no Removes the configuration Usage Guidelines Use this command to configure TFTP dump server for storing core dump files Example The following example configures a TFTP dump...

Page 636: ...ameter Description ipaddr Displays the destination IP address Usage Guidelines Use this command to identify points of failure in your network Example The following example shows the output of traceroute command scalance traceroute 10 1 2 3 Command Information AP Platform Command Mode All platforms Privileged EXEC mode 4 17 6 time range Description This command allows you to create time range profi...

Page 637: ...me Enter the start time in the hh mm format endday Enter the end day for the time range profile endtime Enter the end time in the hh mm format periodic daily start time to endtime daily The time range profile is applied on the SSID on a daily basis starttime Enter the start time in the hh mm format endtime Enter the end time in the hh mm format periodic weekday starttime to endtime weekday The tim...

Page 638: ...lowing example creates a periodic time range profile that executes daily scalance config time range testhshs12 periodic daily 10 20 to 10 35 The following example creates a periodic time range profile that executes during the weekday scalance config time range test123 periodic weekday 10 20 to 10 35 The following example creates a periodic time range profile that executes during the weekend scalan...

Page 639: ...oaded from the FTP or the TFTP server or by using an HTTP URL Before uploading the DRT file ensure that you have the latest DRT file for your AP Example The following example shows how to upgrade an AP by using a DRT file from the FTP server scalance upgrade drt ftp 192 0 2 7 reg data 1 0_62178 dat The following example shows how to upgrade an AP by using a DRT file from the TFTP server scalance u...

Page 640: ...n additional image file into the backup partition url Allows you to specify the FTP TFTP or HTTP URL Usage Guidelines Use these commands to upgrade an AP to use an image file uploaded from the FTP or TFTP server or by using an HTTP URL Before uploading an image file ensure that you have the appropriate image file for your AP For SCALANCE W Siemens_Hercules_8 4 0 x_xxxx Example The following exampl...

Page 641: ...meout failover internet pkt lost cnt count failover internet pkt send freq frequency failover vpn timeout seconds preemption interval interval uplink priority cellular priority ethernet priority port Interface number priority wifi priority no no uplink Parameter Description Range Default uplink Enables the uplink configuration sub mode enforce ethernet cellular wifi none Enforces the specified upl...

Page 642: ...for a cellular 3G 4G uplink Any IP ad dress failover internet check timeout Configures the number of seconds after which the Internet based uplink verification times out 0 3600 10 failover internet pkt lost cnt count Configures the number of packets that are to be lost when verifying the uplink availability using the Internet 1 1000 10 failover internet pkt send freq frequency Configures the frequ...

Page 643: ...es to use a higher priority uplink and switches to the higher priority uplink even if the current uplink is active Uplink Priority When uplink priority is configured the AP tries to get a higher priority link every ten minutes even if the current uplink is up This does not affect the current uplink connection If the higher uplink is usable the AP switches over to that uplink Preemption is enabled ...

Page 644: ...iority ethernet port 0 1 scalance uplink end scalance commit apply Command Information AP Platform Command Mode All platforms Configuration mode and uplink configuration sub mode 4 18 4 uplink vlan Description This command configures uplink VLAN for management traffic on an AP Syntax uplink vlan vlan ID Parameter Description Range Default vlan ID Assigns a VLAN ID for the uplink management traffic...

Page 645: ...yntax usb port disable no Usage Guidelines Use this command to disable the USB port To re enable the port run the no usb port disable command Reboot the AP after changing the USB port status Example The following example shows how to disable the USB port on the AP scalance usb port disable Remind Command takes effect after AP reboot Command Information AP Platform Command Mode All platforms Privil...

Page 646: ... the internal network and the Intranet you can segregate the guest traffic from the enterprise traffic by creating a guest WLAN and specifying the required authentication encryption and access rules An employee user is the employee who is using the enterprise network for official tasks You can create Employee WLANs specify the required authentication encryption and access rules and allow the emplo...

Page 647: ...uidelines Use this command to determine the frequency of hits on a specific URL To verify if the configuration has been applied correctly use the show dpi debug status command Example The following example enables url visibility scalance config url visibility scalance config end scalance commit apply The following example shows the output of the show dpi debug status command Dpimgr Running TRUE Dp...

Page 648: ...CLI Commands 4 18 U SCALANCE W1750D CLI 648 Function Manual 03 2019 C79000 G8976 C452 04 ...

Page 649: ...ge Guidelines Use this command to configure a version number for the AP Example The following example configures a version number for the AP scalance config version 2 scalance config end scalance commit apply Command Information AP Platform Command Mode All platforms Configuration mode 4 19 2 virtual controller Description This command configures the virtual controller settings such as country cod...

Page 650: ... virtual controller vlan virtual controller vlan Associates a VLAN ID with the virtual controller virtual controller mask Configures a subnet mask for the virtual controller virtual controller gateway Configures a gateway for the virtual controller no Removes the configuration Example The following example configures a country code for an AP scalance config virtual controller country US scalance c...

Page 651: ...rameter Description Range vlan_name Configures the AP s VLAN name 1 32 vlan id Configures the AP s VLAN ID no Removes the configuration Usage Guidelines Use this command to define the mapping of the VLAN name and VLAN ID VLAN names are not case sensitive Example The following example configures VLAN ID mapping to a specific VLAN name scalance config vlan myvlan 30 scalance config end scalance comm...

Page 652: ...file no Removes the configuration Usage Guidelines Use this command to configure a named VLAN in a WLAN SSID profile Example The following example configures a VLAN name scalance config vlan name name scalance config end scalance commit apply Command Information AP Platform Command Mode All platforms Configuration mode 4 19 5 vpn backup Description This command configures a secondary or backup VPN...

Page 653: ...ch to the available VPN connection when a the primary VPN server is not available Example The following example configures a backup server for VPN connections scalance config vpn backup name scalance config end scalance commit apply Command Information AP Platform Command Mode All platforms Configuration mode 4 19 6 vpn fast failover Description This command configures fast failover feature for VP...

Page 654: ...r time to less than one minute Example The following example configures the VPN fast failover feature scalance config fast failover scalance config end scalance commit apply Command Information AP Platform Command Mode All platforms Configuration mode 4 19 7 vpn gre outside Description This command enables automatic configuration of the GRE tunnel between the AP and the controller Syntax vpn gre o...

Page 655: ... seconds no Parameter Description vpn hold time sec onds Configures a time period in seconds after which the APs can switch to primary VPN server no Removes the configuration Usage Guidelines Use this command to configure a period to hold on switching to the primary server when pre emption is enabled Example The following example configures a hold time to switch to the primary host server scalance...

Page 656: ...password password Defines a password that enables access to VPN no Removes the configuration Usage Guidelines Use this command to configure user credentials to establish VPN connection Example The following commands enable user access to VPN connection scalance config vpn ikepsk secretKey username User1 password password123 scalance config end scalance commit apply Command Information AP Platform ...

Page 657: ...ilable Example The following example configures a count for the lost packets scalance config vpn monitor pkt lost cnt count scalance config end scalance commit apply Command Information AP Platform Command Mode All platforms Configuration mode 4 19 11 vpn monitor pkt send freq Description This command configures the frequency at which the AP can verify if the active VPN connection is available Syn...

Page 658: ...de 4 19 12 vpn reconnect user on failover Description This command enables the users to reconnect to the VPN when the primary VPN tunnel fails Syntax vpn reconnect user on failover no Parameter Description vpn reconnect user on failover Enables users to reconnect to the VPN during a VPN failover no Removes the configuration Usage Guidelines Use this command to allow the users to reconnect to the V...

Page 659: ...ription vpn reconnect time on failover down time Configures a time period in minutes after which the VPN is reconnected when the primary VPN tunnel fails no Removes the configuration Usage Guidelines Use this command to configure a time period for reestablishing VPN connections When configured the AP reconnects the user session when the interval specified for this command expires Example The follo...

Page 660: ... tunnel to switch to the primary VPN server when it becomes available after a failover no Removes the VPN pre emption configuration Usage Guidelines Use this command to enable pre emption when both primary and secondary servers are configured and fast failover feature is enabled Example The following example enables VPN pre emption Command Information AP Platform Command Mode All platforms Configu...

Page 661: ...VPN connections When a secondary VPN server is configured along with the primary server you can enable the fast failover feature that allows the AP to create a backup VPN tunnel to the controller along with the primary tunnel and maintain both the primary and backup tunnels separately Example The following example configures a primary VPN server scalance config vpn primary name scalance config end...

Page 662: ...ss To allow access to various sites in the same domain you can specify a POSIX regular expression regex 7 For example yahoo com to provide access to various domains such as news yahoo com travel yahoo com and fi nance yahoo com Similarly the www apple com library test is only allow a subset of www apple com site corresponding to path library test URLs URLs with POSIX regular expression regex 7 bla...

Page 663: ...or client devices with or without HTTP proxy settings When a user attempts to navigate to other websites not in the whitelist of the walled garden profile the user is redirected to the login page Similarly a blacklisted walled garden profile blocks the users from accessing some websites Example The following example configures a walled garden profile scalance config wlan walled garden scalance Wal...

Page 664: ...n with the web server tlsv1 Enables TLS v1 protocol tlsv1 1 Enables TLS v1 1 protocol tlsv1 2 Enables TLS v1 2 protocol no Removes the configuration Usage Guidelines Use the web server command to enable secure communication with the web server through the TLS protocol Example The following example shows how to enable TLS v1 0 scalance config web server scalance web server ssl protocol tlsv1 scalan...

Page 665: ...n tials The users allowed to access the Internet only if they complete the authentication success fully background color background color Configures the color code for the internal captive portal splash page Web color codes 134217772 banner color ban ner color Configures the color code for the banner on the splash page Web color codes 16750848 banner text ban ner text Configures the text displayed...

Page 666: ...he captive portal configuration Usage Guidelines Use this command to customize the appearance of internal captive portal splash page for the guest users Example The following example configures the contents of the internal captive portal splash page scalance config wlan captive portal scalance Captive Portal authenticated scalance Captive Portal background color 13421772 scalance Captive Portal ba...

Page 667: ...in tx rate rate b a tx rates rate accounting server name advertise ap name air time limit limit auth pkt mac format delimiter upper case auth req thresh threshold auth server name auth survivability bandwidth limit limit blacklist broadcast filter All ARP Unicast ARP Only Disabled called station id type ap group ap name ipaddr macaddr clan id include ssid delimiter captive portal type exclude upli...

Page 668: ...orce dhcp essid essid explicit ageout client external server g basic rates g min tx rate rate g max tx rate rate g tx rates hide ssid high efficiency enable high efficiency disable hotspot profile name inactivity timeout interval index idx key duration duration l2 auth failthrough leap use session key legacy support local probe req thresh threshold mac authentication mac authentication delimiter d...

Page 669: ...iation user authentication radius interim accounting interval minutes radius reauth interval minutes rf band band rrm quiet ie rts threshold rx ampdu agg disable server load balancing set role attribute contains ends with equals matches regular expression not equals starts with operand role value of set role by ssid set role mac auth mac_only set role machine auth machine_only user_only set role p...

Page 670: ...dscp dscp wmm background share share wmm best effort dscp dscp wmm best effort share share wmm uapsd disable wmm video dscp dscp wmm video share share wmm voice dscp dscp wmm voice share share work without uplink wpa passphrase wpa passphrase wpa3 transition wpa3 transition disable zone zone no wlan ssid profile ssid_profile Command Parameter Description Range Default wlan ssid profile ssid profil...

Page 671: ...acket or the username and password of the client The delimiter and upper case parame ters in this command are available for all authentication methods And without the mac authentication delimiter and mac authentication upper case configuration it works on the username and password for MAC Authentication auth req thresh Allows you to set a threshold for authen tication requests for the SSID profile...

Page 672: ...et to Disabled the AP routes all the broadcast and multicast frames to the wireless in terfaces All ARP Disabled Disabled called station id type ap group ap name ipaddr macaddr v l an id include ssid delimiter Configures the following called station id types ap group The VC name is used as the called station id ap name The AP hostname is used as the called station id vlan id The VLAN ID of the cli...

Page 673: ...nts can connect to the Internet but cannot communicate with each other and the bridging traffic between the clients is sent to the upstream device to make the forwarding decision deny local routing Disables the routing traffic between two clients connected to the same SSID on different VLANs When local routing is disabled the clients can connect to the Internet but cannot communicate with each oth...

Page 674: ...d Interval in milliseconds between each WPA key exchange dot1x wpa key retries key messages are retried dtim period value Configures the Delivery Traffic Indica tion Message DTIM interval for the SSID profile The DTIM interval determines how often the AP should deliver the buffered broadcast and multicast frames to asso ciated clients in the powersaving mode When configured the client checks for b...

Page 675: ...2 5 6 9 11 12 18 24 36 48 54 All hide ssid Hides the SSID When enabled the SSID will not be visible for the users Disabled high efficiecny enable Enables the high effiency feature on 802 11ax devices Enabled high efficiecny disable Disables the high effiency feature on 802 11ax devices hotspot profile name Associates a hotspot profile with the WLAN SSID profile inactivity timeout interval Configur...

Page 676: ...ter the MAC addresses in the xx xx xx xx xx xx format are used colon or dash mac authentication upper case Enables the AP to use uppercase letters in MAC address string for MAC authen tication max authentication failures limit Configures the maximum number of authentication failures to dynamically blacklist the users The users who exceed the number of authentication failures configured through thi...

Page 677: ...0 GHz is 6 Mbps Disabled mpdu agg disable Disables MAC Protocol Data Unit MPDU aggregation okc Enables opportunistic key caching OKC In the OKC based roaming the AP stores one pairwise master key PMK per client which is derived from last 802 1X authentication completed by the client in the network The cached PMK is used when a client roams to a new AP to allow faster roaming of clients NOTE If the...

Page 678: ...static keys dynamic wep WEP with dynamic keys opensystem wpa2 aes wpa2 psk aes wpa tkip wpa psk tkip wpa tkip wpa2 aes wpa psk tkip wpa2 psk aes static wep dynamic wep opensys tem opmode transition Enables backward compatibility for enhanced open and wpa3 sae aes opmodes Enabled opmode transition disable Disables opmode transition for en hanced open or wpa3 sae aes op modes out of service def name...

Page 679: ...ti cation Configures an accounting mode for the captive portal users You can configure any of the following modes for accounting user authentication when config ured the accounting starts only after client authentication is successful and stops when the client logs out of the network When configured the accounting starts when the client associates to the network successfully and stops when the cli...

Page 680: ...on and has a pre authenti cation role assigned to the client the client will get a post authentication role only after a successful reau thentication If reauthentication fails the client retains the pre authentica tion role On an SSID performing both L2 and L3 authentication MAC with captive portal authentication When reau thentication succeeds the client re tains the role that is Any integer valu...

Page 681: ...t retains the pre authentica tion role On an SSID performing both L2 and L3 authentication MAC with captive portal authentication When reau thentication succeeds the client re tains the role that is already assigned If reauthentication fails a pre authentication role is assigned to the client On an SSID performing only L3 authentication captive portal au thentication When reauthentication succeeds...

Page 682: ...andshake and the transmitter station sends an RTS frame to the receiver station The receiver station responds with a CTS frame Typically the RTS CTS frames are not sent unless the packet size exceeds the RTS threshold By default the RTS threshold is set to 2333 octets When the size of the packets sent by the transmitter exceeds the configured threshold RTS frames are sent 0 2347 2333 rx ampdu agg ...

Page 683: ...only if the attribute value begins with the specified string value of This rule sets the user role to the value of the attribute returned To set a user role the value of the attribute must already be configured on the AP matches regular expression The rule is applied only if the attribute value matches the regular expres sion pattern specified in Operand This operator is available only if the mac ...

Page 684: ...equal to the specified string not equals The rule is applied only if the attribute value is not equal to the specified string starts with The rule is applied only if the attribute value begins with the specified string value of This rule sets the VLAN to the value of the attribute returned To set a user role the value of the attribute must already be configured on the AP matches regular expression...

Page 685: ...0000 Kbps 2000 Kbps temporal diversity Shows if the temporal diversity feature has been enabled or disabled When this feature is enabled and the client is not responding to 802 11 packets the AP attempts two hardware retries If the hardware retries are not successful it attempts software retries When this feature is disabled the AP attempts only hardware retries enable disable disable termination ...

Page 686: ...lient will be used as the calling station id utf8 Encodes the SSID When enabled the SSID name is displayed in the UTF 8 format SSIDs are not encoded by default very high throughput disable Disables very high throughput VHT for clients connecting the WLAN SSID profile time range name enable disable Specify the time range profile name to apply l When a time range profile is enabled on SSID the SSID ...

Page 687: ... access points vlan vlan Allows you to assign a unique VLAN ID or a VLAN name to a specified SSID user The AP takes this parameter from its per AP vlan specific configuration 1 4095 very high throughput disable Disables very high throughput VHT for clients connecting the WLAN SSID profile wep key wep key Static WEP key associated with the key index The WEP keyvalues can be 10 or 26 hexadecimal cha...

Page 688: ... to specify a zone for SSID If an SSID belongs to a zone it is not broadcast on any AP which does not belong to the zone Usage Guidelines Use this command to configure a WLAN SSID profile to set up an employee voice or guest network Example The following example configures an employee WLAN SSID profile scalance config wlan ssid profile employee1 scalance SSID Profile employee1 type employee scalan...

Page 689: ... video dscp scalance SSID Profile employee1 wmm voice dscp 46 44 42 41 scalance SSID Profile employee1 zone Zone1 scalance SSID Profile employee1 end scalance commit apply The following example configures a guest WLAN SSID profile scalance config wlan ssid profile guestNetwork scalance SSID Profile guestNetwork type guest scalance SSID Profile guestNetwork essid guestNetwork scalance SSID Profile ...

Page 690: ...rofile guestNetwork auth server server1 scalance SSID Profile guestNetwork set role by ssid scalance SSID Profile guestNetwork set role pre auth test1 scalance SSID Profile guestNetwork end Command Information AP Platform Command Mode All platforms Configuration mode and WLAN SSID profile configuration sub mode 4 20 5 wlan external captive portal Description This command configures profiles for ex...

Page 691: ... users after a successful authentication NOTE By default after entering the requested info at the splash page the users are redirected to the URL that was originally requested When a URL is configured for redirection it overrides the user s original request and redirects them to URL configured for redirection out of service page url Configures a URL to redirect the users when the internet uplink i...

Page 692: ...d a role with the captive portal rule You can create up to 8 external captive portal profiles Example The following example configures external captive portal splash page scalance config wlan external captive portal AuthText1 scalance External Captive Portal AuthText1 auth text authenticated scalance External Captive Portal AuthText1 port 80 scalance External Captive Portal AuthText1 redirect url ...

Page 693: ...external RADIUS and CPPM server for user authentication Syntax wlan auth server auth_profile_name acct modifier acctport accounting port auth modifier cppm username username password password cppm rfc3576 only cppm rfc3576 port rfc3576 port deadtime time drp ip IP mask vlan vlan gateway gateway ip host key key nas id ID nas ip IP address port port radsec port port retry count count rfc3576 rfc5997...

Page 694: ...e configured on the AP and a server is unavailable the dead time configuration deter mines the duration for which the authentication server would be available if the server is marked as unavailable 1 1440 minutes 5 drp ip IP address mask vlan vlan gateway gateway IP ad dress Configures the IP address net mask and VLAN which will be used as source address and VLAN for RADIUS packets Before configur...

Page 695: ...ly acct only RFC5997 support enabled for account ing onlyno rfc5997 Disables RFC5997 support for the authentication server Disabled service type framed user 1x cp mac Changes the service type to frame for the follow ing RADIUS authentication methods 1x Changes Service Type to Framed for 802 1X authentication cp Changes Service Type to Framed for Captive Portal authentication mac Changes Service Ty...

Page 696: ...p 192 0 2 11 255 255 255 255 vlan 200 gateway 192 0 2 15 scalance Auth Server RADIUS1 timeout 10 scalance Auth Server RADIUS1 retry count 3 scalance Auth Server RADIUS1 service type framed user cp scalance Auth Server RADIUS1 end scalance commit apply Command Information AP Platform Command Mode All platforms Configuration mode and authentication server profile sub mode 4 20 7 wlan access rule Des...

Page 697: ...user traffic on the bridged out same subnet destina tions NOTE In the earlier releases bandwidth contract could be assigned per SSID In the current release the band width contract can also be assigned per SSID user If the bandwidth contract is assigned for an SSID in 6 2 1 0 3 4 0 0 image and when the AP is upgraded to 6 3 1 1 4 0 0 0 release version the bandwidth configuration per SSID will be tr...

Page 698: ...terface IP address implied NAT pool or from the pool configured manual NAT pool vlan All client based traffic will be directed to the specified uplink VLAN using the IP address of the interface that AP has on that VLAN if the interface is not found this option has no effect tunnel The traffic from the Network Assigned clients is directed to the VPN tunnel dst nat IP address Specifies the destinati...

Page 699: ...tical traf fic Disable scanning Disables ARM scanning when this rule is triggered DSCP tag Specifies a DSCP value to prioritize traffic when this rule is triggered 802 1p priority Sets an 802 1p priority Application throttling To set a bandwidth limit based on application application category web category or website reputation you can configure application throttling by using the throttle down str...

Page 700: ... 255 0 192 0 2 7 255 255 255 0 match tcp 21 21 deny scalance Access Rule WirelessRule rule 192 0 2 2 255 255 255 0 192 0 2 7 255 255 255 0 match udp 21 21 deny scalance Access Rule WirelessRule rule any any match app youtube permit throttle downstream 256 throttle up 256 scalance Access Rule WirelessRule rule any any match appcategory webmail permit throttle downstream 256 throttle up 256 scalance...

Page 701: ... rogue APs and clients Spectrum Monitor In Spectrum Monitor mode the AP functions as a dedicated full spectrum RF moni tor scanning all channels to detect interference whether from neighboring APs or from non WiFi de vices such as microwaves and cordless phones NOTE In Monitor and Spectrum Monitor modes the AP does not provide access services to clients access moni tor spectrum monitor access Usag...

Page 702: ...ers epdg epc mnc720 mcc302 pub 3gppnetwork or g SmarTone epdg epc mnc006 mcc454 pub 3gppnetwork or g Sprint primgw vowifi2 spcsdns net T Mobile ss epdg epc mnc260 mcc310 pub 3gppnetwork org Verizon wo vzwwo com If the ePDG FQDN of the carrier does not match with the default patterns use this option to con figure the DNS pattern for the carrier NOTE The DNS IP address that AP learns for Wi Fi calli...

Page 703: ...ocation name operator name operator name no no wlan wispr profile Command Parameter Description wlan wispr profile Creates a WISPr authentication profile wispr location id ac ac Configures an E 164 Area Code for the WISPr Location ID wispr location id cc cc Configures an E 164 Country Code for the WISPr Location ID wispr location id isocc is soc Configures an ISO Country Code for the WISPr Locatio...

Page 704: ...SP to determine the parameter values for WISPr profile configuration You can find a list of ISO and ITU country and area codes at the ISO and ITU websites www iso org and http www itu int Example The following commands configure a WISPr authentication profile scalance config wlan wispr profile scalance WISPr wispr location id ac 408 scalance WISPr wispr location id cc 1 scalance WISPr wispr locati...

Page 705: ...ct interference whether from neighboring APs or from non WiFi devices such as mi crowaves and cordless phones NOTE In Monitor and Spectrum Monitor modes the AP does not provide access services to clients access moni tor spectrum monitor access Usage Guidelines Use this command to configure a Wi Fi interface of an AP to function in the access monitor or spectrum monitor mode Example The following e...

Page 706: ... for the node which contains the entire user database deadtime time Configures a dead time interval for the authenti cation server When two or more authentication servers are configured on the AP and a server is unavailable the dead time configuration determines the dura tion for which the authentication server would be available if the server is marked as unavailable 1 1440 minutes 5 filter filte...

Page 707: ...LDAP session after connecting to the LDAP server and server sends its responses Example The following example configures an LDAP server scalance config wlan ldap server Server1 scalance LDAP Server name ip 192 0 1 5 scalance LDAP Server name port 389 scalance LDAP Server name admin dn cn admin scalance LDAP Server name admin password password123 scalance LDAP Server name base dn dc example dc com ...

Page 708: ...n You must save your changes for them to be retained across system reboots Changes are lost if the system reboots before saving the changes The following command assumes you have already saved your configuration Reboot the AP The AP returns the following messages Do you really want to reset the system y n y System will now restart Restarting system Example The following command saves your changes ...

Page 709: ...ivity timeout interval loop detection interval interval loop protect l2 auth failthrough mac authentication native vlan vlan no poe radius accounting radius accounting mode user association user authentication radius interim accounting interval minutes radius reauth interval minutes server load balancing set role attribute equals not equal starts with ends with contains operator role value of set ...

Page 710: ...llowed vlan vlan Configures a list of allowed VLANs The Allowed VLAN refers to the VLANs carried by the port in Access mode You can configure the list of comma separated digits or ranges 1 2 5 or 1 4 or all auth server name Configures the authentication server for the wired profile auto recovery Enables automatic recovery of the port in the AP that is shut down because of loop protection After the...

Page 711: ... the type of current uplink If the ex ternal captive profiles are created you can specify the profile name by using the external and profile keywords and associated parameters content filtering Enables content filtering dot1x Enables 802 11X authentication for the Wired profile users Disabled dot1x timer idrequest period Interval in seconds 802 1X identity request retries dot3bz Enables 802 3bz au...

Page 712: ...ny of the following modes for account ing user authentication when con figured the accounting starts only after client authentication is suc cessful and stops when the client logs out of the network user association When config ured the accounting starts when the client associates to the network successfully and stops when the client is disconnected user authen tication radius interim accounting i...

Page 713: ... attribute value is not equal to the specified string starts with The rule is applied only if the attribute value begins with the specified string value of This rule sets the user role to the value of the attribute re turned To set a user role the value of the attribute must already be configured on the AP set role machine auth machine only user only Configures a machine authentication rule You ca...

Page 714: ...urned To set a user role the value of the attribute must already be configured on the AP shutdown Shuts down the admin status port up down up spanning tree Enables Spanning Tree Protocol on the wired profile STP ensures that there are no loops in any bridged Ethernet network and operates on all downlink ports regard less of forwarding mode STP will not operate on the uplink port and is sup ported ...

Page 715: ...Enables uplink for the wired profile use ip for calling station The IP address of the client will be used as the calling station id no wired port profile port Removes the wired portprofile configu ration no Removes any existing configuration Usage Guidelines Use this command to create a wired profile for employee and guest users The Ethernet ports allow third party devices such as VoIP phones or p...

Page 716: ...ed1 access rule name wiredACL scalance wired ap profile employeeWired1 set role Group Name contains wired wired instant scalance wired ap profile employeeWired1 set vlan ap name equals test 400 scalance wired ap profile employeeWired1 trusted scalance wired ap profile employeeWired1 end scalance commit apply The following example configures a guest wired profile scalance config wired port profile ...

Page 717: ... scalance wired ap profile guestWired1 trusted scalance wired ap profile guestWired1 end scalance commit apply Command Information AP Platform Command Mode All platforms Configuration mode and Wired port profile con figuration sub mode 4 20 15 wlan sta profile Description This command enables Wi Fi uplink on an AP Syntax wlan sta profile essid ESSID cipher suite cipher suite string wpa passphrase ...

Page 718: ...d band Configures the band for uplink connection The valid options are 802 11a and 802 11g no Removes the configuration of the wpa passphrase parame ter no wlan sta profile Removes the WLAN sta profile configuration Usage Guidelines Use this command to configure Wi Fi uplink for a client station connected to an AP Example The following commands configure the Wi Fi uplink profile scalance config wl...

Page 719: ... server timeout seconds Configures a timeout value for TACACS requests from the management users 20 retry count number Configures the maximum number of authentication requests that are sent to the server 3 session authorization Enables session authorization for the admin users By default session authorization is disabled no Removes the specified configuration parameter Usage Guidelines Use this co...

Page 720: ...calance TACACS Server Server1 timeout 30 scalance TACACS Server Server1 retry count 4 scalance TACACS Server Server1 deadtime 30 AP TACACS Server Server1 end scalance commit apply Command Information AP Platform Command Mode All platforms Configuration mode and TACACS server profile sub mode ...

Page 721: ...nfigures the subnet of the XML API server You can optionally configure the subnet mask for the XML API server key shared key Configures the key required for accessing the XML API inter face no Removes the parameter definition configured under the xml api server command no xml api server xml_ api server profile Removes the XML API configuration Usage Guidelines Use this command to integrate an AP w...

Page 722: ...CLI Commands 4 21 X SCALANCE W1750D CLI 722 Function Manual 03 2019 C79000 G8976 C452 04 Command Information AP Platform Command Mode All platforms Configuration mode ...

Page 723: ...authorized removal of FIPS based APs evidence of tampering and so on Example The following example configures a zone name on an AP scalance zeroize tpm keys WARNING The effect of the action you are about to execute is not reversible Do you really want to zeroise the TPM keys y n y This action will void the warranty on the AP and nullify the RMA Are you still sure you want to do this y n y You are ...

Page 724: ...when listing multiple zones no Removes the configuration Usage Guidelines Use this command to configure anAP zone To assign an SSID to a specific AP the AP zone name must be configured on the WLAN SSID profile The following constraints apply to the AP zone configuration An AP can belong to six zones and only six zones can be configured on an SSID If an SSID belongs to a zone all APs in this zone c...

Page 725: ...ve to 802 11i The difference between bSec and standard 802 11i is that bSec implements Suite B algorithms wherever pos sible Notably Advanced Encryption Standard Counter with CBC MAC is replaced by Advanced Encryption Standard Galois Counter Mode and the Key Derivation Function KDF of 802 11i is upgraded to support SHA 256 and SHA 384 802 11a 802 11a provides specifications for wireless systems Ne...

Page 726: ...work 802 11h 802 11h is intended to resolve interference issues introduced by the use of 802 11a in some locations particularly with military Radar systems and med ical devices Dynamic Frequency Selection DFS detects the presence of other devices on a channel and automatically switches the network to anoth er channel if and when such signals are detected Transmit Power Control TPC reduces the radi...

Page 727: ...t supplies up to 25 5W of DC power See PoE AAA Authentication Authorization and Accounting AAA is a security framework to authenticate users authorize the type of access based on user creden tials and record authentication events and information about the network access and network resource consumption ABR Area Border Router ABR is used for establishing connection between the backbone networks and...

Page 728: ...Data Access Components MDACs that enables client applications to access data sources through an Object Linking and Embedding Database OLE DB provider ADO supports key features for building client server and Web based applications ADP Aruba Discovery Protocol ADP is an Aruba proprietary Layer 2 protocol It is used by the APs to obtain the IP address of the TFTP server from which it downloads the AP...

Page 729: ...a Unit A MSDU is a structure containing multiple MSDUs transported within a single unfragmented data MAC MPDU ANQP Access Network Query Protocol ANQP is a query and a response protocol for Wi Fi hotspot services ANQP includes information Elements IEs that can be sent from the AP to the client to identify the AP network and service provider The IEs typically include information about the domain nam...

Page 730: ...ks the BSSID is the MAC address of the AP In independent BSS or ad hoc networks the BSSID is generated ran domly BYOD Bring Your Own Device BYOD refers to the use of personal mobile devices within an enterprise network infrastructure CA Certificate Authority or Certification Authority Entity in a public key infrastruc ture system that issues certificates to clients A certificate signing request re...

Page 731: ...iers for networks and devices The CIDR IP address ing scheme is used as a replacement for the older IP addressing scheme based on classes A B and C With CIDR a single IP address can be used to designate many unique IP addresses A CIDR IP address ends with a slash followed by the IP network prefix for example 192 0 2 0 24 ClearPass ClearPass is an access management system for creating and enforcing...

Page 732: ...r and server CSA Channel Switch Announcement The CSA element enables an AP to adver tise that it is switching to a new channel before it begins transmitting on that channel This allows the clients which support CSA to transition to the new channel with minimal downtime CSMA CA Carrier Sense Multiple Access Collision Avoidance CSMA CA is a protocol for carrier transmission in networks using the 802...

Page 733: ... a process of translating the destination IP address of an end route packet in a network Destination NAT is used for redirecting the traffic destined to a virtual host to the real host where the virtual host is identified by the destination IP address and the real host is identified by the translated IP address DFS Dynamic Frequency Selection DFS is a mandate for radio systems operating in the 5 G...

Page 734: ... address A record name server NS and mail exchanger MX records The Address A record is the most im portant record that is stored in a DNS server because it provides the re quired IP address for a network peripheral or element DOCSIS Data over Cable Service Interface Specification A telecommunication stand ard for Internet access through cable modem DoS Denial of Service DoS is any type of attack w...

Page 735: ...dress Translation Dynamic NAT maps multiple public IP addresses and uses these addresses with an internal or private IP ad dress Dynamic NAT helps to secure a network by masking the internal con figuration of a private network EAP Extensible Authentication Protocol An authentication protocol for wireless networks that extends the methods used by the PPP a protocol often used when connecting a comp...

Page 736: ...g security solutions that solve interior network problems such as viruses worms spyware and corporate compliance ESS Extended Service Set An ESS is a set of one or more interconnected BSSs that form a single sub network ESSID Extended Service Set Identifier ESSID refers to the ID used for identifying an extended service set Ethernet Ethernet is a network protocol for data transmission over LAN EUL...

Page 737: ...astructure before associating clients and allows clients to send que ries to multiple 802 11 networks in parallel gateway Gateway is a network node that allows traffic to flow in and out of the net work Gbps Gigabits per second GBps Gigabytes per second GET GET refers HTTP request method or an SNMP operation method The GET HTTP request method submits data to be processed to a specified resource Th...

Page 738: ...ation authorization and accounting ICMP Internet Control Message Protocol ICMP is an error reporting protocol It is used by network devices such as routers to send error messages and opera tional information to the source IP address when network problems prevent delivery of IP packets IDS Intrusion Detection System IDS monitors a network or systems for malicious activity or policy violations and r...

Page 739: ...ress from untrusted interface by filtering traffic based on list of addresses in the DHCP binding database or manually configured IP source bindings It prevents IP spoofing attacks IrDA An industry sponsored organization set up in 1993 to create international standards for the hardware and software used in infrared communication links In this special form of radio transmission a focused ray of lig...

Page 740: ... Protocol LEAP is a Cisco proprietary version of EAP used in wireless networks and Point to Point connections LED Light Emitting Diode LED is a semiconductor light source that emits light when an electric current passes through it LEEF Log Event Extended Format LEEF is a type of customizable syslog event format An extended log file contains a sequence of lines containing ASCII characters terminate...

Page 741: ...he data input MDAC Microsoft Data Access Components MDAC is a framework of interrelated Microsoft technologies that provides a standard database for Windows OS MDM Mobile Device Management MDM is an administrative software to manage monitor and secure mobile devices of the employees in a network mDNS Multicast Domain Name System mDNS provides the ability to perform DNS like operations on the local...

Page 742: ...he MS CHAP protocol that supports mutual authentication MSS Maximum Segment Size MSS is a parameter of the options field in the TCP header that specifies the largest amount of data specified in bytes that a computer or communications device can receive in a single TCP segment MSSID Mesh Service Set Identifier MSSID is the SSID used by the client to access a wireless mesh network MSTP Multiple Span...

Page 743: ... wireless connectivity standard ECMA 340 ISO IEC 18092 that uses magnetic field induction to enable communication between devices when they touch or are brought closer within a few centimeters of distance The standard specifies a way for the devices to establish a peer to peer P2P network to exchange data NIC Network Interface Card NIC is a hardware component that allows a device to connect to the...

Page 744: ...requency wireless and optical fiber for telecommunication Long range links are provided by using optical fibers the links from the long range endpoints to end users are accomplished by RF wireless or laser systems RF wireless at Ultra High Frequencies and microwave frequencies can carry broadband signals to individual computers at substantial data speeds OSI Open Systems Interconnection OSI is a r...

Page 745: ... also known as PEFNG provides context based controls to enforce application layer security and prioritization The customers using Aruba mobility controllers can avail PEF features and ser vices by obtaining a PEF license PEF for VPN users Customers with PEF for VPN license can apply firewall policies to the user traffic routed to a con troller through a VPN tunnel PEFV Policy Enforcement Firewall ...

Page 746: ...ient connects to the DSL modem PPTP Point to Point Tunneling Protocol PPTP is a method for implementing virtual private networks It uses a control channel over TCP and a GRE tunnel oper ating to encapsulate PPP packets private key The part of a public private key pair that is always kept private The private key encrypts the signature of a message to authenticate the sender The private key also dec...

Page 747: ...thority to sign and issue the certifi cate Remote AP Remote APs extend corporate network to the users working from home or at temporary work sites Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link REST Representational State Transfer REST is a simple and stateless architecture that the web services use for providing interoperability between comput...

Page 748: ...ers to the data transmission and protection mecha nism used by the 802 11 wireless networking protocol to prevent frame colli sion occurrences See CTS RTSP Real Time Streaming Protocol RTSP is a network control protocol designed for use in entertainment and communications systems to control streaming media servers RVI Routed VLAN Interface RVI is a switch interface that forwards packets be tween V...

Page 749: ...ional Mobile Subscriber Identity IMSI number and its related key which are used for identifying and authenticating subscribers on mobile telephony devices SIP Session Initiation Protocol SIP is used for signaling and controlling multime dia communication session such as voice and video calls SIRT Security Incident Response Team SIRT is responsible for reviewing as well as responding to computer se...

Page 750: ...ds of time SOAP Simple Object Access Protocol SOAP enables communication between the applications running on different operating systems with different technolo gies and programming languages SOAP is an XML based messaging proto col for exchanging structured information between the systems that support web services SoC System on a Chip SoC is an Integrated Circuit that integrates all compo nents o...

Page 751: ...ls that handles remote authentication and related services for network access control through a centralized server TACACS Terminal Access Controller Access Control System TACACS provides separate authentication authorization and accounting services It is derived from but not backward compatible with TACACS TCP Transmission Control Protocol TCP is a communication protocol that defines the standards...

Page 752: ... hard of hearing as well as trans mit voice communication TXOP Transmission Opportunity TXOP is used in wireless networks supporting the IEEE 802 11e Quality of Service QoS standard Used in both EDCA and HCF Controlled Channel Access modes of operation TXOP is a bounded time interval in which stations supporting QoS are permitted to transfer a series of frames TXOP is defined by a start time and a...

Page 753: ...mitting large amounts of digital data over a wide spectrum of frequency bands with very low power for a short distance VA Virtual Appliance VA is a pre configured virtual machine image ready to run on a hypervisor VBR Virtual Beacon Report VBR displays a report with the MAC address details and RSSI information of an AP VHT Very High Throughput IEEE 802 11ac is an emerging VHT WLAN standard that co...

Page 754: ...ific information between NASs and RADIUS servers VTP VLAN Trunking Protocol VTP is a Cisco proprietary protocol for propagating VLANs on a LAN walled garden Walled garden is a feature that allows blocking of unauthorized users from accessing network resources WAN Wide Area Network WAN is a telecommunications network or computer net work that extends over a large geographical distance WASP Wireless...

Page 755: ...one of coverage provided by the server antenna usually a region with a radius of several kilometers WISPr Wireless Internet Service Provider Roaming The WISPr framework enables the client devices to roam between the wireless hotspots using different ISPs WLAN Wireless Local Area Network WLAN is a 802 11 standards based LAN that the users access through a wireless connection WME Wireless Multimedia...

Page 756: ...tended Authentication XAuth provides a mechanism for requesting indi vidual authentication information from the user and a local user database or an external authentication server It provides a method for storing the authen tication information centrally in the local network XML Extensible Markup Language XML is a markup language that defines a set of rules for encoding documents in a format that ...

Page 757: ...4 cellular uplink profile 65 clarity 68 clear 69 clear airgroup state statistics 70 clear cert 71 clear dhcpoption82 70 clock set 72 clock summer time 73 clock timezone 75 cluster security 75 cluster security logging 77 commit 78 configure terminal 79 console 79 content filtering 80 convert aos ap 81 copy 82 custom_var 84 D debug rtls logs 85 deny inter user bridging 85 deny local routing 86 devic...

Page 758: ...e 140 141 hotspot h2qp wan metrics profile 145 hotspot hs profile 147 hs2 osu icon delete 157 hs2 osu icon download 158 I iap master 160 ids 160 ignore image check 168 inactivity ap timeout 169 inbound firewall 170 internal domains 172 iot transportProfile 173 iot usetransportProfile 177 ip dhcp 179 ip dhcp pool 185 ip radius 189 ip address 178 ipm 188 ip mode 187 L l3 mobility 190 lacp mode 191 l...

Page 759: ... debug airwave restore status 314 show ap debug airwave signon key 314 show ap debug airwave state 315 show ap debug airwave stats 317 show ap debug am config 319 show ap debug auth trace buf 320 show ap debug ble config 321 show ap debug ble counters 323 show ap debug ble daemon 323 show ap debug ble relay 324 show ap debug ble table 327 show ap debug ble table assettags 328 show ap debug client ...

Page 760: ...ebook 498 show fault 499 show firewall 500 show g max clients 501 show gre config 502 show gre status 503 show ids 505 show ids detection config 507 show ids protection config 509 show image 512 show inbound firewall rules 510 show interface counters 511 show iot transportProfile 513 show ip dhcp database 514 show ip igmp group 515 show ip interface brief 517 show ip route 518 show ipv6 interface ...

Page 761: ...607 show vpn 608 show vpn tunnels 611 show walled garden 612 show wifi uplink 613 show wired port 615 show wired port settings 617 show wispr config 619 show xml api server config 620 show access rule all 242 snmp server 622 speed test 623 spped test server 625 ssh 627 subscription ap 627 subscription ap enable 628 swarm mode 629 syslocation 631 syslog level 630 syslog server 632 T telnet 633 teln...

Page 762: ...76 C452 04 wlan captive portal 664 wlan external captive portal 690 wlan ldap server 705 wlan ssid profile 667 wlan sta profle 717 wlan tacacs server 718 wlan walled garden 662 wlan wispr rpofile 703 write 708 X xml api serer 721 Z zeroize tpm keys 723 zonename 724 ...

Reviews:

No comments

Brands by name

Popular brands

Load more brands