3Com OfficeConnect WX1200 Скачать руководство пользователя страница 460

Страница: 460 / 646

460

HAPTER

14: S

ECURITY

ACL C

OMMANDS

By ICMP packets

Syntax

—

set security acl ip

acl-name

{

permit

[

cos

cos

] |

deny

}

icmp

{

source-ip-addr

mask

destination-ip-addr

mask

[

type

icmp-type

] [

code

icmp-code

] [

precedence

precedence

] [

tos

tos

]

[

before

editbuffer-index

modify

editbuffer-index

] [

hits

]

By TCP packets

Syntax

—

set

security

acl

acl-name

{

permit

[

cos

cos

] |

deny

}

tcp

{

source-ip-addr

mask

[

operator

port

[port2

]]

destination-ip-addr

mask

[

operator

port

[port2

]]}

[precedence

precedence

] [

tos

tos

] [

established

] [

before

editbuffer-index

modify

editbuffer-index

] [

hits

]

By UDP packets

Syntax

—

set

security

acl

acl-name

{

permit

[

cos

cos

]

deny

}

udp

{

source-ip-addr

mask

[

operator port

[

port2

]]

destination-ip-addr

mask

[

operator port

[

port2

]]}

[

precedence

precedence

]

[

tos

tos

]

[

before

editbuffer-index

modify

editbuffer-index

]

[

hits

]

acl-name

— Security ACL name. ACL names must be unique within

the WX switch, must start with a letter, and are case-insensitive.
Specify an ACL name of up to 32 of the following characters:

Letters

through

and

through

Numbers 0 through 9

Hyphen (-), underscore (_), and period (.)

3Com recommends that you do not use the same name with different
capitalizations for ACLs. For example, do not configure two separate
ACLs with the names

acl_123

and

ACL_123

In an ACL name, do not include the term

all, default-action, map,

help

, or

editbuffer

permit

— Allows traffic that matches the conditions in the ACE.

cos

cos

—

For permitted packets, a class-of-service (CoS) level for

packet handling. Specify a value from 0 through 7:

1 or 2—Background. Packets are queued in MAP forwarding
queue 4.

Содержание OfficeConnect WX1200

Страница 1: ...http www 3com com Part No 10015086 Published April 2006 Wireless LAN Mobility System Wireless LAN Switch and Controller Command Reference WX4400 3CRWX440095A WX1200 3CRWX120695A WXR100 3CRWXR10095A...

Страница 2: ...une 1987 whichever is applicable You agree not to remove or deface any portion of any legend provided on any licensed program or documentation contained in or delivered to you in conjunction with this...

Страница 3: ...MAC Address Notation 25 IP Address and Mask Notation 26 User Globs MAC Address Globs and VLAN Globs 26 Port Lists 28 Virtual LAN Identification 29 Command Line Editing 29 Keyboard Shortcuts 29 History...

Страница 4: ...t 48 set auto config 48 set banner motd 51 set confirm 52 set length 53 set license 53 set prompt 54 set system contact 55 set system countrycode 56 set system idle timeout 58 set system ip address 59...

Страница 5: ...preference 88 set port speed 89 set port trap 90 set port type ap 91 set port type wired auth 94 5 VLAN COMMANDS Commands by usage 97 clear fdb 98 clear security 12 restrict 99 clear security 12 restr...

Страница 6: ...clear ip alias 128 clear ip dns domain 129 clear ip dns server 129 clear ip route 130 clear ip telnet 131 clear ntp server 131 clear ntp update interval 132 clear snmp community 133 clear snmp notify...

Страница 7: ...e 160 set interface dhcp client 161 set interface dhcp server 162 set interface status 163 set ip alias 164 set ip dns 164 set ip dns domain 165 set ip dns server 166 set ip https server 167 set ip ro...

Страница 8: ...console 205 clear authentication dot1x 206 clear authentication last resort 207 clear authentication mac 208 clear authentication proxy 209 clear authentication web 209 clear location policy 210 clear...

Страница 9: ...tr 254 set mobility profile 255 set mobility profile mode 257 set user 258 set user attr 259 set user group 260 set usergroup 261 set web portal 262 9 MOBILITY DOMAIN COMMANDS Commands by Usage 265 cl...

Страница 10: ...p dap etherstats 301 display ap dap group 303 display ap dap status 304 display auto tune attributes 309 display auto tune neighbors 311 display dap connection 313 display dap global 314 display dap u...

Страница 11: ...o profile countermeasures 355 set radio profile dtim interval 357 set radio profile frag threshold 358 set radio profile long retry 359 set radio profile max rx lifetime 360 set radio profile max tx l...

Страница 12: ...394 clear spantree portpri 395 clear spantree portvlancost 395 clear spantree portvlanpri 396 clear spantree statistics 397 display spantree 398 display spantree backbonefast 400 display spantree bloc...

Страница 13: ...et igmp proxy report 438 set igmp qi 439 set igmp qri 440 set igmp querier 441 set igmp receiver 441 set igmp rv 442 14 SECURITY ACL COMMANDS Security ACL Commands by Usage 445 clear security acl 446...

Страница 14: ...mands by Usage 485 clear radius 486 clear radius client system ip 487 clear radius proxy client 488 clear radius proxy port 488 clear radius server 489 clear server group 489 set radius 490 set radius...

Страница 15: ...t1x timeout auth server 515 set dot1x timeout supplicant 516 set dot1x tx period 516 set dot1x wep rekey 517 set dot1x wep rekey period 518 18 SESSION MANAGEMENT COMMANDS Commands by Usage 519 clear s...

Страница 16: ...fdetect black list 555 set rf detect countermeasures 556 set rfdetect countermeasures mac 557 set rfdetect ignore 558 set rfdetect log 559 set rfdetect signature 560 set rfdetect ssid list 560 set rfd...

Страница 17: ...trace authorization 593 set trace dot1x 594 set trace sm 595 22 SNOOP COMMANDS Commands by Usage 597 clear snoop 598 clear snoop map 598 set snoop 599 set snoop map 602 set snoop mode 603 display snoo...

Страница 18: ...cp 626 diag 627 dir 627 display 628 fver 630 help 631 ls 632 next 633 reset 634 test 635 version 636 A OBTAINING SUPPORT FOR YOUR PRODUCT Register Your Product 637 Purchase Value Added Services 637 Tr...

Страница 19: ...release notes are shipped with your product and the information there differs from the information in this guide follow the instructions in the release notes Most user guides and release notes are ava...

Страница 20: ...n 3WXM for advanced configuration and management Table 2 Text Conventions Convention Description Monospace text Sets off command syntax or sample commands and system responses Bold text Highlights com...

Страница 21: ...r installing a WX wireless switch in a Mobility System WLAN Wireless LAN Switch and Controller Configuration Guide This guide provides instructions for configuring and managing the system through the...

Страница 22: ...note that we can only respond to comments and questions about 3Com product documentation at this e mail address Questions related to Technical Support or sales should be directed in the first instanc...

Страница 23: ...d 3Com Wireless LAN Managed Access Point MAP hardware There is a command line interface CLI on the WX switch that you can use to configure and manage the WX and its attached access points You configur...

Страница 24: ...trative user by typing enable and supplying a suitable password MSS displays the following prompt WXmmmm For information about changing the CLI prompt on a wireless LAN switch see set prompt on page 5...

Страница 25: ...example do not configure two separate VLANs with the names red and RED The CLI does not support the use of special characters including the following in any named elements such as SSIDs and VLANs ampe...

Страница 26: ...y the wildcard mask in dotted decimal notation For example the address 10 0 0 0 and mask 0 255 255 255 match all IP addresses that begin with 10 in the first octet User Globs MAC Address Globs and VLA...

Страница 27: ...of a MAC address allows you to apply commands to MAC addresses based on an organizationally unique identity OUI Table 3 User Globs User Glob User s Designated jose example com User jose at example com...

Страница 28: ...AA commands determines the order in which MSS matches the user MAC address or VLAN to a glob To verify the order view the output of the display aaa or display config command MSS checks globs that appe...

Страница 29: ...the VLAN within the WX Command Line Editing MSS editing functions are similar to those of many other network operating systems Keyboard Shortcuts The following table lists the keyboard shortcuts for...

Страница 30: ...nterface display interfaces ip display ip information Single Asterisk Wildcard Character You can use the single asterisk wildcard character in globbing For details see User Globs MAC Address Globs and...

Страница 31: ...help for more information logout Exit from the Admin session monitor Monitor use monitor help for more information ping Send echo packets to hosts quit Exit from the Admin session reset Reset use res...

Страница 32: ...e following command name appears at the top of a command description and in the index set ap dap name The set ap dap name command has the following complete syntax set ap port list dap dap num name na...

Страница 33: ...his chapter based on their use disable Changes the CLI session from enabled mode to restricted access Syntax disable Defaults None Access Enabled History Introduced in MSS Version 3 0 Examples The fol...

Страница 34: ...our or another administrator must have configured the enable password to this WX switch with the set enablepass command Examples The following command plus the enable password provides enabled access...

Страница 35: ...of up to 32 alphanumeric characters with no spaces and reenter it at the Retype new password prompt CAUTION Be sure to use a password that you will remember If you lose the enable password the only wa...

Страница 36: ...36 CHAPTER 2 ACCESS COMMANDS...

Страница 37: ...nfiguration quickstart on page 48 Auto Config set auto config on page 48 Display clear banner motd on page 38 quickstart on page 48 display banner motd on page 41 set confirm on page 52 set length on...

Страница 38: ...WX4400 clear banner motd success change accepted As an alternative to clearing the banner you can overwrite the existing banner with an empty banner by typing the following command set banner motd Se...

Страница 39: ...shed See Also history on page 47 clear prompt Resets the system prompt to its previously configured value If the prompt was not configured previously this command resets the prompt to its default Synt...

Страница 40: ...n remain idle to the default value 3600 seconds ip address Resets the IP address of the WX switch to null location Resets the location of the WX switch to null name Resets the name of the WX switch to...

Страница 41: ...snapshot of the status of the wireless LAN switch which includes details about the boot image the version ports and other configuration values This command also displays the last 100 log messages Synt...

Страница 42: ...d on the WX switch Syntax display license Defaults None Access All Examples To view the WX switch license type the following command WX4400 display license Serial Number M8XE4IBB8DB10 License Number 2...

Страница 43: ...he previous time the display load command was run type the following command WX4400 display load System Load overall 2 delta 5 The overall field shows the CPU load as a percentage from the time the WX...

Страница 44: ...r Over Ethernet 29 000 Table 7 describes the fields of display system output Table 7 display system output Field Description Product Name Switch model number System Name System name factory default or...

Страница 45: ...o the system log every 5 minutes until this condition is corrected Fan 1 is located nearest the front of the chassis and fan 3 is located nearest the back Temperature Status of temperature sensors at...

Страница 46: ...n if you have enabled access To show a list of CLI commands available at the enabled access level type the following command at the enabled access level WX4400 help Commands clear Clear use clear help...

Страница 47: ...ng Send echo packets to hosts quit Exit from the Admin session reset Reset use reset help for more information rollback Remove changes to the edited ACL table save Save the running configuration to pe...

Страница 48: ...auto config Enables a WX switch to contact a 3WXM server for its configuration Syntax set auto config enable disable enable Enables the switch to contact a 3WXM server to request a configuration disab...

Страница 49: ...WXR100 insert a paperclip or similar object into the WXR100 s factory reset hole to press the switch The factory reset switch must be held for about 3 seconds while the factory reset LED the right LED...

Страница 50: ...option WX 1200 set auto config enable success change accepted 4 Create a self signed administrative certificate to enable the WX to communicate with the 3WXM server WX 1200 crypto generate key admin...

Страница 51: ...that begins and ends the message text Up to 2000 alphanumeric characters including tabs and carriage returns but not the delimiting character The maximum number of characters is approximately 24 lines...

Страница 52: ...ssages off Disables confirmation messages Defaults Configuration messages are enabled Access Enabled History Introduced in MSS Version 3 0 Usage This command remains in effect for the duration of the...

Страница 53: ...sion 3 0 Usage Use this command if the output of a CLI command is greater than the number of lines allowed by default for a terminal type Examples To set the number of lines displayed to 100 type the...

Страница 54: ...076E 93E9 62DA 54D8 Activation key WXA 3E04 4CC2 430D B508 Feature 24 additional ports Expires Never 48 ports are enabled success license was installed The additional ports refers to the number of ad...

Страница 55: ...example sets the prompt from WX4400 to happy_days WX4400 set prompt happy_days success change accepted happy_days See Also clear prompt on page 39 display config on page 574 set system name on page 60...

Страница 56: ...s to enforce on the WX switch Syntax set system countrycode code code Two letter code for the country of operation for the WX switch You can specify one of the codes listed in Table 8 Table 8 Country...

Страница 57: ...set ap commands to configure a MAP Japan JP Liechtenstein LI Luxembourg LU Malaysia MY Mexico MX Netherlands NL New Zealand NZ Norway NO Poland PL Portugal PT Saudi Arabia SA Singapore SG Slovakia SK...

Страница 58: ...conds a CLI management session can remain idle before MSS terminates the session You can specify from 0 to 86400 seconds one day If you specify 0 the idle timeout is disabled Defaults 3600 seconds one...

Страница 59: ...ess Enabled History Introduced in MSS Version 3 0 Examples The following command sets the IP address of the WX switch to 192 168 253 1 WX4400 set system ip address 192 168 253 1 success change accepte...

Страница 60: ...a prompt Syntax set system name string string Alphanumeric string up to 256 characters long with no blank spaces Use a unique name for each WX switch Defaults By default the system name and command pr...

Страница 61: ...set system name 61 See Also clear system on page 40 display system on page 43 set prompt on page 54 set system contact on page 55 set system location on page 59...

Страница 62: ...62 CHAPTER 3 SYSTEM SERVICE COMMANDS...

Страница 63: ...dap on page 81 set port type wired auth on page 94 clear port type on page 68 clear dap on page 64 Name set port name on page 86 clear port name on page 66 State set port on page 83 reset port on pag...

Страница 64: ...in MSS Version 3 0 Examples The following command clears Distributed MAP 1 WX4400 clear dap 1 This will clear specified DAP devices Would you like to continue y n n y See Also set dap on page 81 set...

Страница 65: ...00 clear port counters success cleared port counters See Also display port counters on page 69 monitor port counters on page 76 clear port group Removes a port group Syntax clear port group name name...

Страница 66: ...ss Enabled History Introduced in MSS Version 4 0 Usage This command applies only to the WX4400 This command does not affect a link that is already active on the port Examples The following command dis...

Страница 67: ...clears the preference on all the specified ports Defaults When both the copper and fiber interfaces of a gigabit Ethernet port are connected the GBIC fiber interface is the active link The RJ 45 coppe...

Страница 68: ...ion settings specific to the port type are removed For example if you clear a MAP access point port all MAP specific settings are removed Table 10 lists the default network port settings that MSS appl...

Страница 69: ...rstats transmit etherstats port port list octets Shows octet statistics packets Shows packet statistics receive errors Shows errors in received packets transmit errors Shows errors in transmitted pack...

Страница 70: ...ows port group information Syntax display port group all name group name all Shows information for all port groups name group name Shows information for the specified port group Defaults None Access A...

Страница 71: ...Access All History Introduced in MSS Version 3 0 Examples The following command displays PoE information for all ports on a WX1200 switch WX1200 display port poe Link Port PoE PoE Port Name Status Typ...

Страница 72: ...ngs on all four ports of a WX4400 switch WX4400 display port preference Link status Link status of the port up The port is connected down The port is not connected Port type Port type MAP The port is...

Страница 73: ...ports Syntax display port status port list port list List of physical ports If you do not specify a port list information is displayed for all ports Defaults None Access All History Introduced in MSS...

Страница 74: ...up down auto network 10 100BaseTx Table 14 describes the fields in this display Table 14 Output for display port status Field Description Port Port number Name Port name If the port does not have a na...

Страница 75: ...rt list port list List of physical ports MSS displays the enabled interface types for all the specified ports Defaults None Access All History Introduced in MSS Version 4 0 Usage This command applies...

Страница 76: ...ays octet statistics first packets Displays packet statistics first receive errors Displays errors in received packets first transmit errors Displays errors in transmitted packets first collisions Dis...

Страница 77: ...that statistic type You can use one statistic option with the command Use the keys listed in Table 16 to control the monitor display For error reporting the cyclic redundancy check CRC errors include...

Страница 78: ...tus Rx Unicast Rx NonUnicast Tx Unicast Tx NonUnicast 1 Up 54620 62144 68318 62556 Table 17 describes the port statistics displayed by each statistics option The Port and Status fields are displayed f...

Страница 79: ...c includes frames with misalignment errors Rx Error Total number of frames received in which the Physical layer PHY detected an error Rx Short Number of frames received by the port that were fewer tha...

Страница 80: ...at were from 65 through 127 bytes long Rx 255 Number of packets received that were from 128 through 255 bytes long Rx 511 Number of packets received that were from 256 through 511 bytes long Rx 1023 N...

Страница 81: ...ollowing command resets port 5 WX1200 reset port 5 See Also set port on page 83 set dap Configures a Distributed MAP for a MAP access point that is indirectly connected to the WX switch through an int...

Страница 82: ...a 11b 802 11b 11g 802 11g This option applies only to single radio models Defaults The default values are the same as the defaults for the set port type ap command Access Enabled History Introduced in...

Страница 83: ...ist of physical ports MSS disables or reenables all the specified ports Defaults All ports are enabled Access Enabled History Introduced in MSS Version 3 0 Usage A port that is administratively disabl...

Страница 84: ...us and you can use 10 100 Ethernet ports and gigabit Ethernet ports in the same port group After you add a port to a port group you cannot configure port parameters on the individual port Instead chan...

Страница 85: ...erface Defaults The GBIC fiber interface is enabled and the copper interface is disabled by default Access Enabled History Introduced in MSS Version 4 0 Usage This command applies only to the WX4400 I...

Страница 86: ...s that you do not use numbers as port names Examples The following command sets the name of port 7 to adminpool WX1200 set port 7 name adminpool success change accepted See Also clear port name on pag...

Страница 87: ...port Use the WX switch s PoE to power 3Com MAP access points only If you enable PoE on ports connected to other devices damage can result Syntax set port poe port list enable disable port list List of...

Страница 88: ...1 set port type wired auth on page 94 set port preference Configures a gigabit Ethernet port on a WX4400 to use the RJ 45 copper interface when available as the active link instead of the fiber interf...

Страница 89: ...port to 10 Mbps and sets the operating mode to full duplex 100 Sets the port speed of a 10 100 Ethernet port to 100 Mbps and sets the operating mode to full duplex 1000 Sets the port speed of a gigab...

Страница 90: ...ion 3 0 Usage The set port trap command overrides the global setting of the set snmp trap command The set port type command does not affect the global trap information displayed by the display snmp co...

Страница 91: ...through an intermediate Layer 2 or Layer 3 network use the set dap command to configure a Distributed MAP Before changing the port type from ap to wired auth or from wired auth to ap you must reset th...

Страница 92: ...s and model MP 262 requires an external antenna for the 802 11b g radio The following models have internal antennas but also have connectors for optional use of external antennas instead AP2750 AP3750...

Страница 93: ...like to continue y n n y The following command sets ports 1 through 3 and port 5 for MAP access point model AP8250 and enables PoE on the ports WX1200 set port type ap 1 3 5 model ap8250 poe enable T...

Страница 94: ...port type from ap to wired auth or from wired auth to ap you must reset the port with the clear port type command Syntax set port type wired auth port list tag tag list max sessions num auth fall thr...

Страница 95: ...tly attached to the wired authentication port or are attached through a hub that does not block forwarding of packets from the client to the PAE group address 01 80 c2 00 00 03 Wired authentication wo...

Страница 96: ...tication wired authentication works if the clients are directly attached or indirectly attached Examples The following command sets port 2 for a wired authentication user WX1200 set port type wired au...

Страница 97: ...117 clear security 12 restrict on page 99 display vlan config on page 111 Roaming and Tunnels display roaming station on page 106 display roaming vlan on page 108 display security 12 restrict on page...

Страница 98: ...c entries that match destination ports in the port list You are not required to specify a VLAN name or number with this option vlan vlan id VLAN name or number required for removing permanent and stat...

Страница 99: ...at Layer 2 Syntax clear security 12 restrict vlan vlan id permit mac mac addr mac addr all vlan id VLAN name or number permit mac List of MAC addresses MSS no longer allows clients mac addr in the VLA...

Страница 100: ...tax clear security 12 restrict counters vlan vlan id all vlan id VLAN name or number all Clears Layer 2 forwarding restriction counters for all VLANs Defaults If you do not specify a VLAN or all count...

Страница 101: ...value Tag number that identifies a virtual port MSS removes only the specified virtual port from the specified physical ports Defaults None Access Enabled History Introduced in MSS Version 3 0 Usage I...

Страница 102: ...e 27 vlan vlan id Name or number of a VLAN for which to display entries perm Displays permanent entries A permanent entry does not age out and remains in the database even after a reboot reset or powe...

Страница 103: ...f 3 ALL 1 00 0b 0e 02 76 f5 1 ALL Total Matching FDB Entries Displayed 3 The top line of the display identifies the characters to distinguish among the entry types The following command displays all e...

Страница 104: ...time 300 sec Because the forwarding database aging timeout period can be configured only on an individual VLAN basis the command lists the aging timeout period for each VLAN separately CoS Type of en...

Страница 105: ...tries A static entry does not age out but is removed from the database after a reboot reset or power cycle dynamic Lists the number of dynamic entries A dynamic entry is automatically removed through...

Страница 106: ...1 Usage The output displays roaming stations within the previous 1 second Examples To display all stations roaming to the WX switch type the following command WX4400 display roaming station User Name...

Страница 107: ...in the process of accepting a reassociation request from the roaming peer WX switch for a station currently roaming to the peer switch TChck This WX switch is in the process of accepting a reassociat...

Страница 108: ...cs 192 168 14 2 5 vlan eng 192 168 14 4 5 vlan fin 192 168 14 2 5 vlan it 192 168 14 4 5 vlan it 192 168 14 2 5 vlan pm 192 168 14 2 5 vlan sm 192 168 14 2 5 vlan tp 192 168 14 4 5 vlan tp 192 168 14...

Страница 109: ...VLANs VLAN Name En Drops Permit MAC Hits 1 default Y 0 00 0b 0e 02 53 3e 5947 00 30 b6 3e 5c a8 9 2 vlan 2 Y 0 04 04 04 04 04 04 0 Table 24 describes the fields in the display Table 24 Output for dis...

Страница 110: ...ype the following command WX4400 display tunnel VLAN Local Address Remote Address State Port LVID RVID vlan eng 192 168 14 2 192 168 14 4 DORMANT 1024 4096 130 Table 25 describes the fields in the dis...

Страница 111: ...isplays information for VLAN burgundy WX1200 display vlan config burgundy Admin VLAN Tunl Port VLAN Name Status State Affin Port Tag State 2 burgundy Up Up 5 2 none Up 3 none Up 4 none Up 6 none Up 40...

Страница 112: ...nnel affinity value assigned to the VLAN Port Member port of the VLAN The port can be a physical port or a virtual port Physical ports are 10 100 Ethernet or gigabit Ethernet ports on the WX switch an...

Страница 113: ...which the port is a member The entry is added only for the specified VLAN tag tag value VLAN tag value that identifies a virtual port You can specify a number from 1 through 4095 If you do not specif...

Страница 114: ...MSS Version 3 0 Examples The following command changes the aging timeout period to 600 seconds for entries that match VLAN orange WX4400 set fdb agingtime orange age 600 success change accepted See A...

Страница 115: ...he clear security 12 restrict command to remove it then use the set security 12 restrict command to add the correct address Restriction of client traffic does not begin until you enable the permitted...

Страница 116: ...fault VLAN You cannot use a number as the first character in a VLAN name 3Com recommends that you do not use the same name with different capitalizations for VLANs For example do not configure two sep...

Страница 117: ...e set port name command to assign the name and add the ports at the same time If you do not specify a tag value the WX switch sends untagged frames for the VLAN If you do specify a tag value the WX se...

Страница 118: ...can specify a value from 1 through 10 A higher number indicates a greater preference Defaults Each VLAN on a WX switch s network ports has an affinity value of 5 by default Access Enabled History Int...

Страница 119: ...for specific traffic use access controls lists ACLs to set the Class of Service CoS for the packets See Security ACL Commands on page 445 Commands by Usage This chapter presents QOS commands alphabeti...

Страница 120: ...os dscp to cos map from dscp cos to dscp map Resets the mapping between the specified internal QoS value and the DSCP values with which MSS marks outbound packets QoS values are from 0 to 7 dscp to co...

Страница 121: ...faults are listed by the display qos command Access Enabled History Introduced in MSS Version 4 1 Examples The following command maps internal CoS value 5 to DSCP value 50 WX1200 set qos cos to dscp m...

Страница 122: ...QoS value You can specify a number from 0 to 7 Defaults The defaults are listed by the display qos command Access Enabled History Introduced in MSS Version 4 1 Examples The following command maps DSC...

Страница 123: ...WX1200 display qos default Ingress QoS Classification Map dscp to cos Ingress DSCP CoS Level 00 09 0 0 0 0 0 0 0 0 1 1 10 19 1 1 1 1 1 1 2 2 2 2 20 29 2 2 2 2 3 3 3 3 3 3 30 39 3 3 4 4 4 4 4 4 4 4 40...

Страница 124: ...values Syntax display qos dscp table Defaults None Access Enabled History Introduced in MSS Version 4 0 as the display security acl dscp command and renamed in MSS Version 4 1 Examples The following...

Страница 125: ...Type Command IP Interface set interface on page 160 set interface dhcp client on page 161 set interface status on page 163 display interface on page 142 display dhcp client on page 138 clear interface...

Страница 126: ...on page 194 set summertime on page 191 display timedate on page 155 display timezone on page 155 display summertime on page 154 clear timezone on page 136 clear summertime on page 135 NTP set ntp on...

Страница 127: ...et snmp notify target on page 181 set ip snmp server on page 169 display snmp status on page 153 display snmp community on page 151 display snmp usm on page 154 display snmp notify profile on page 152...

Страница 128: ...erface mauve ip success cleared ip on vlan mauve See Also set interface on page 160 set interface dhcp client on page 161 display interface on page 142 clear ip alias Removes an alias which is a strin...

Страница 129: ...See Also clear ip dns server on page 129 display ip dns on page 144 set ip dns on page 164 set ip dns domain on page 165 set ip dns server on page 166 clear ip dns server Removes a DNS server from a W...

Страница 130: ...IP address and subnet mask for the route destination in dotted decimal notation for example 10 10 10 10 255 255 255 0 ip addr mask length IP address and subnet mask length in CIDR format for example 1...

Страница 131: ...umber for Telnet management traffic to its default WX4400 clear ip telnet success change accepted See Also display ip https on page 145 display ip telnet on page 148 set ip https server on page 167 se...

Страница 132: ...interval on page 175 clear ntp update interval Resets the NTP update interval to the default value Syntax clear ntp update interval Defaults The default NTP update interval is 64 seconds Access Enabl...

Страница 133: ...ar snmp community name setswitch2 success change accepted See Also set snmp community on page 175 display snmp community on page 151 clear snmp notify profile Clears an SNMP notification profile Synta...

Страница 134: ...lts None Access Enabled History Introduced in MSS Version 4 0 Examples The following command clears notification target 3 WX1200 clear snmp notify target 3 success change accepted See Also set snmp no...

Страница 135: ...a wireless LAN switch Syntax clear summertime Defaults None Access Enabled History Introduced in MSS Version 3 0 Examples To clear the summertime setting from a WX switch type the following command W...

Страница 136: ...g Mobility Domain operations Topology reporting for dual homed MAP access points Default source IP address used in unsolicited communications such as AAA accounting reports and SNMP traps Examples To...

Страница 137: ...summertime on page 154 display timedate on page 155 display timezone on page 155 display arp Shows the ARP table Syntax display arp ip addr ip addr IP address Defaults If you do not specify an IP addr...

Страница 138: ...om the ARP table Host IP address hostname or alias HW Address MAC address mapped to the IP address hostname or alias VLAN VLAN the entry is for Type Entry type DYNAMIC Entry was learned from network t...

Страница 139: ...iption Interface VLAN name and number Configuration Status Status of the DHCP client on this VLAN Enabled Disabled DHCP State State of the IP interface IF_UP IF_DOWN Lease Allocation Duration of the a...

Страница 140: ...ame Address MAC Lease Remaining sec 1 default 10 10 20 2 00 01 02 03 04 05 12345 1 default 10 10 20 3 00 01 03 04 06 07 2103 2 red vlan 192 168 1 5 00 01 03 04 06 08 102 2 red vlan 192 168 1 7 00 01 0...

Страница 141: ...h the server can lease addresses Hardware Address MAC address of the DHCP client Lease Remaining Number of seconds remaining before the address lease expires State State of the address lease SUSPEND M...

Страница 142: ...nterface VLAN Name Address Mask Enabled State RIB 1 default 10 10 10 10 255 255 255 0 YES Up ipv4 2 mauve 10 10 20 10 255 255 255 0 NO Down ipv4 4094 web aaa 10 10 10 1 255 255 255 0 YES Up ipv4 Table...

Страница 143: ...are displayed Access Enabled History Introduced in MSS Version 3 0 Examples The following command displays all the aliases configured on a WX switch WX4400 display ip alias Name IP Address HR1 192 16...

Страница 144: ...MSS Version 3 0 Examples The following command displays the DNS information WX4400 display ip dns Domain Name example com DNS Status enabled IP Address Type 10 1 1 1 PRIMARY 10 1 1 2 SECONDARY 10 1 2...

Страница 145: ...Examples The following command shows the status and port number for the HTTPS management interface to the WX switch WX4400 display ip https HTTPS is enabled HTTPS is set to use port 443 Last 10 Connec...

Страница 146: ...e of the HTTPS server Enabled Disabled HTTPS is set to use port TCP port number on which the WX switch listens for HTTPS connections Last 10 connections List of the last 10 devices to establish connec...

Страница 147: ...f the VLAN s ports Examples The following command shows all routes in a WX switch s IP route table WX4400 display ip route Router table for IPv4 Destination Mask Proto Metric NH Type Gateway VLAN Inte...

Страница 148: ...r Route is for a remote destination A WX switch forwards traffic for the destination to the gateway router Gateway Next hop router for reaching the route destination This field applies only to static...

Страница 149: ...lnet on page 131 display ip https on page 145 set ip https server on page 167 set ip telnet on page 171 set ip telnet server on page 172 display ntp Shows NTP client information Syntax display ntp Def...

Страница 150: ...Current update interval Number of seconds between queries sent by the WX switch to the NTP servers for updates Current time System time that was current on the WX switch when you pressed Enter after t...

Страница 151: ...splay snmp community Displays the configured SNMP community strings Syntax display snmp community Defaults None Access Enabled History Introduced in MSS Version 4 0 Peer state State of the NTP session...

Страница 152: ...uced in MSS Version 4 0 display snmp notify profile Displays SNMP notification profiles Syntax display snmp notify profile Defaults None Access Enabled History Introduced in MSS Version 4 0 See Also c...

Страница 153: ...Enabled History Introduced in MSS Version 4 0 See Also set snmp community on page 175 set snmp notify target on page 181 set snmp notify profile on page 177 set snmp protocol on page 186 set snmp secu...

Страница 154: ...ertime offset by default Access All History Introduced in MSS Version 3 0 Examples To display the summertime setting on a WX switch type the following command WX1200 display summertime Summertime is e...

Страница 155: ...et on a WX switch s real time clock type the following command WX1200 display timedate Sun Feb 29 2004 23 59 02 PST See Also clear summertime on page 135 clear timezone on page 136 display summertime...

Страница 156: ...t num packets dnf flood interval time size size source ip ip addr vlan name host IP address MAC address hostname alias or user to ping count num packets Number of ping packets to send You can specify...

Страница 157: ...ed History Introduced in MSS Version 3 0 Usage To stop a ping command that is in progress press Ctrl C Examples The following command pings a WX switch that has IP address 10 1 1 1 WX1200 ping 10 1 1...

Страница 158: ...ntry is automatically removed if the entry ages out or after a reboot reset or power cycle ip addr IP address of the entry in dotted decimal notation mac addr MAC address to map to the IP address Use...

Страница 159: ...ess Enabled History Introduced in MSS Version 3 0 Usage Aging applies only to dynamic entries To reset the ARP aging timeout to its default value use the set arp agingtime 1200 command Examples The fo...

Страница 160: ...rface If you replace an interface that is in use as the system IP address replacing the interface can interfere with system tasks that use the system IP address including the following Mobility domain...

Страница 161: ...efault on all other switch models and is disabled on a WXR100 if the switch is already configured or the factory reset switch is not pressed and held during power on Access Enabled History Introduced...

Страница 162: ...dress range also called the address pool stop ip addr2 Specifies the ending address of the address range Defaults The DHCP server is enabled by default on a new unconfigured WXR100 in order to provide...

Страница 163: ...status Administratively disables or reenables an IP interface Syntax set interface vlan id status up down vlan id VLAN name or number up Enables the interface down Disables the interface Defaults IP...

Страница 164: ...MSS Version 3 0 Examples The following command configures the alias HR1 for IP address 192 168 1 2 WX4400 set ip alias HR1 192 168 1 2 success change accepted See Also clear ip alias on page 128 displ...

Страница 165: ...ccess Enabled Usage To override the default domain name when entering a hostname in a CLI command enter a period at the end of the hostname For example if the default domain name is example com enter...

Страница 166: ...primary server does not reply Defaults None Access Enabled Usage You can configure a WX switch to use one primary DNS server and up to five secondary DNS servers Examples The following commands config...

Страница 167: ...to disabled in 3 1 In addition the HTTPS server is no longer required for WebAAA Examples The following command enables the HTTPS server on a WX switch WX1200 set ip https server enable success change...

Страница 168: ...you add a static route use the display interface command to verify that the WX switch has an IP interface in the same subnet as the route s next hop router If not the VLAN Interface field of the disp...

Страница 169: ...te from a WX switch to any host on the 192 168 4 x subnet through the local router 10 5 4 2 and gives the route a cost of 1 WX4400 set ip route 192 168 4 0 255 255 255 0 10 5 4 2 1 success change acce...

Страница 170: ...re Shell SSH management traffic CAUTION If you change the SSH port number from an SSH session MSS immediately ends the session To open a new management session you must configure the SSH client to use...

Страница 171: ...s supported on a WX switch is eight If Telnet is also enabled the WX switch can have up to eight Telnet or SSH sessions in any combination and one Console session See Also crypto generate key on page...

Страница 172: ...ch CAUTION If you disable the Telnet server Telnet access to the WX switch is also disabled Syntax set ip telnet server enable disable enable Enables the Telnet server disable Disables the Telnet serv...

Страница 173: ...n 3 0 Usage If NTP is configured on a system whose current time differs from the NTP server time by more than 10 minutes convergence of the WX time can take many NTP update intervals 3Com recommends t...

Страница 174: ...queries all the servers and selects the best response based on the method described in RFC 1305 Network Time Protocol Version 3 Specification Implementation and Analysis To use NTP you also must enab...

Страница 175: ...nge accepted See Also clear ntp server on page 131 clear ntp update interval on page 132 display ntp on page 149 set ntp on page 173 set ntp server on page 174 set snmp community Configures a communit...

Страница 176: ...nd private for read write to blank in MSS Version 3 1 Default strings removed and new access types added for SNMPv3 read notify notify only notify read write in MSS Version 4 0 Usage SNMP community st...

Страница 177: ...e Name of the notification profile you are creating or modifying The profile name can be up to 32 alphanumeric characters long with no spaces To modify the default notification profile specify default...

Страница 178: ...ted when a client experiences an 802 1X failure ClientRoamingTraps Generated when a client roams CounterMeasureStartTraps Generated when MSS begins countermeasures against a rogue access point Counter...

Страница 179: ...th a third party AP RFDetectDoSPortTraps Generated when MSS detects an associate request flood reassociate request flood or disassociate request flood RFDetectDoSTraps Generated when MSS detects a DoS...

Страница 180: ...r all RF detection notification types WX1200 set snmp notify profile snmpprof_rfdetect send RFDetectAdhocUserTraps success change accepted WX1200 set snmp notify profile snmpprof_rfdetect send RFDetec...

Страница 181: ...otify profile on page 133 set ip snmp server on page 169 set snmp community on page 175 set snmp notify target on page 181 set snmp protocol on page 186 set snmp security on page 187 set snmp usm on p...

Страница 182: ...arget Specify ip if the ip hex hex string target s SNMP engine ID is based on its IP address If the target s SNMP engine ID is a hexadecimal value use hex hex string to specify the value profile profi...

Страница 183: ...name Notification profile this SNMP user will use to specify the notification types to send or drop security Specifies the security level and is applicable only unsecured when the SNMP version is usm...

Страница 184: ...ile profile name target num ID for the target This ID is local to the WX switch and does not need to correspond to a value on the target itself You can specify a number from 1 to 10 ip addr udp port n...

Страница 185: ...cknowledgements The inform option is applicable to SNMP version v2c or usm only Examples The following command configures a notification target for acknowledged notifications WX1200 set snmp notify ta...

Страница 186: ...versions of SNMP enable Enables the specified SNMP version s disable Disables the specified SNMP version s Defaults All SNMP versions are disabled by default Access Enabled History Introduced in MSS V...

Страница 187: ...not encrypted encrypted SNMP message exchanges are authenticated and encrypted auth req unsec notify SNMP message exchanges are authenticated but are not encrypted and notifications are neither authe...

Страница 188: ...e auth type none md5 sha auth pass phrase string auth key hex string encrypt type none des 3des aes encrypt pass phrase string encrypt key hex string usm username Name of the SNMPv3 user Specify betwe...

Страница 189: ...h type none md5 sha auth pass phrase string auth key hex string Specifies the authentication type used to authenticate communications with the remote SNMP engine You can specify one of the following n...

Страница 190: ...ssociated with the local SNMP engine ID This user can send traps to notification receivers WX 1200 set snmp usm snmpmgr1 snmp engine id local success change accepted The following command creates USM...

Страница 191: ...of the year to start or end the time change Valid values are jan feb mar apr may jun jul aug sep oct nov and dec hour Hour to start or end the time change a value between 0 and 23 on the 24 hour cloc...

Страница 192: ...The system IP address determines the interface or source IP address MSS uses for system tasks including the following Mobility domain operations Topology reporting for dual homed MAP access points De...

Страница 193: ...tch Syntax set timedate date mmm dd yyyy time hh mm ss date mmm dd yyyy System date mmm month dd day yyyy year time hh mm ss System time in hours minutes and seconds Defaults None Access Enabled Histo...

Страница 194: ...minutes that the wireless LAN switch s real time clock is offset from Coordinated Universal Time UTC These values are also used by Network Time Protocol NTP if it is enabled Syntax set timezone zone...

Страница 195: ...of the remote device hostname Hostname of the remote device port port num TCP port number on which the TCP server on the remote device listens for Telnet connections Defaults MSS attempts to establis...

Страница 196: ...oration All rights reserved Username username Password password WX1200 remote display vlan Admin VLAN Tunl Port VLAN Name Status State Affin Port Tag State 1 default Up Up 5 3 none Up 3 red Up Up 5 10...

Страница 197: ...rforming a DNS lookup for each hop to the destination host port port num TCP port number listening for the traceroute probes queries num Number of probes per hop size size Probe packet size in bytes Y...

Страница 198: ...host An exclamation point following any of these values indicates that the Port Unreachable message returned by the destination has a maximum hop count of 0 or 1 This can occur if the destination use...

Страница 199: ...on page 156 F Fragmentation needed but Do Not Fragment DNF bit was set S Source route failed A Communication administratively prohibited Unknown error occurred Table 40 Error messages for traceroute...

Страница 200: ...200 CHAPTER 7 IP SERVICES COMMANDS...

Страница 201: ...y Use Table 41 to locate commands in this chapter based on their use Table 41 AAA Commands by Usage Type Command Authentication set authentication console on page 231 set authentication admin on page...

Страница 202: ...r mac usergroup attr on page 214 clear mac user group on page 212 clear mac usergroup on page 213 Web authorization set web portal on page 262 Accounting set accounting admin console on page 225 set a...

Страница 203: ...control MAC address user glob Single user or set of users with administrative access or network access Specify a username use the double asterisk wildcard character to specify all usernames or use the...

Страница 204: ...to or following the first delimiter character either an at sign or a period For details see User Globs on page 26 Defaults None Access Enabled History Introduced in MSS Version 3 0 Examples The follow...

Страница 205: ...ge 26 Defaults None Access Enabled History Introduced in MSS Version 3 0 The syntax descriptions for the clear authentication commands have been separated for clarity However the options and behavior...

Страница 206: ...racter to specify a set of usernames up to or following the first delimiter character either an at sign or a period For details see User Globs on page 26 Defaults None Access Enabled History Introduce...

Страница 207: ...entication port Defaults None Access Enabled History Introduced in MSS Version 3 0 Examples The following command removes a last resort authentication rule for wired authentication access WX4400 clear...

Страница 208: ...character to specify a set of MAC addresses For details see MAC Address Globs on page 27 Defaults None Access Enabled History Introduced in MSS Version 3 0 Examples The following command removes a MAC...

Страница 209: ...The following command removes the proxy rule for SSID mycorp and userglob WX4400 clear authentication proxy ssid mycorp See Also set authentication proxy on page 241 display aaa on page 219 clearauthe...

Страница 210: ...ay aaa on page 219 clear location policy Removes a rule from the location policy on a WX switch Syntax clear location policy rule number rule number Index number of a location policy rule to remove fr...

Страница 211: ...MAC address of the user in hexadecimal numbers separated by colons You can omit leading zeros Defaults None Access Enabled History Introduced in MSS Version 3 0 Usage Deleting a MAC user s profile fro...

Страница 212: ...ization attributes see Table 44 on page 249 Defaults None Access Enabled History Introduced in MSS Version 3 0 Examples The following command removes an access control list ACL from the profile of a u...

Страница 213: ...usergroup on page 213 display aaa on page 219 set mac user on page 248 clear mac usergroup Removes a user group from the local database on the WX switch for a group of users who are authenticated by a...

Страница 214: ...ing MAC user group attribute name Name of an attribute used to authorize the MAC users in the user group for a particular service or session characteristic For a list of authorization attributes see T...

Страница 215: ...d See Also set mobility profile on page 255 set mobility profile mode on page 257 display mobility profile on page 224 clear user Removes a user profile from the local database on the WX switch for a...

Страница 216: ...e the documentation for your RADIUS server Syntax clear user username attr attribute name username Username of a user with a password attribute name Name of an attribute used to authorize the user for...

Страница 217: ...me from the user s profile but does not delete either the user or the user group from the local WX database To remove the group use clear usergroup Examples The following command removes the user Nin...

Страница 218: ...display aaa on page 219 set usergroup on page 261 clear usergroup attr Removes an authorization attribute from a user group in the local database on the WX switch To remove an authorization attribute...

Страница 219: ...x display aaa Defaults None Access Enabled History Introduced in MSS Version 3 0 Web Portal section added to indicate the state of the WebAAA feature in MSS Version 4 0 Examples To display all current...

Страница 220: ...oup eastcoasters session timeout 99 Table 42 describes the fields that can appear in display aaa output Table 42 display aaa Output Field Description Default Values RADIUS default values for all param...

Страница 221: ...ervers Information about active RADIUS servers Server Name of each RADIUS server currently active Addr IP address of each RADIUS server currently active Ports UDP ports that the WX switch uses for aut...

Страница 222: ...stored accounting records type the following command WX4400 display accounting statistics Sep 26 11 01 48 Acct Status Type START Acct Authentic 2 User Name geetha AAA_TTY_ATTR 2 Event Timestamp 106459...

Страница 223: ...anuary 1 1970 at which the event was triggered See RFC 2869 for more information Acct Session Time Number of seconds that the session has been online Acct Output Octets Number of octets the WX switch...

Страница 224: ...ocation policy Id Clauses 1 deny if user eq theirfirm com 2 permit vlan guest_1 if vlan neq wodefirm com 3 permit vlan bld4 tac inacl tac_24 in if user eq ny wodefirm com See Also clear location polic...

Страница 225: ...access to the WX switch through Telnet or Web Manager console Users with administrative access to the WX switch through a console connection user glob Single user or set of users with administrative...

Страница 226: ...mote Authentication Dial In User Service RADIUS servers You can also enter the names of existing RADIUS server groups as methods Defaults Accounting is disabled for all users by default Access Enabled...

Страница 227: ...le specifically to users who are authenticated on a wired authentication port user glob Single user or set of users with administrative access or network access Specify a username use the double aster...

Страница 228: ...ecords on one or more Remote Authentication Dial In User Service RADIUS servers You can also enter the names of existing RADIUS server groups as methods Defaults Accounting is disabled for all users b...

Страница 229: ...r them A method can be one of the following local Uses the local database of usernames and user groups on the WX switch for authentication server group name Uses the defined group of RADIUS servers fo...

Страница 230: ...n However if local appears first followed by a RADIUS server group MSS ignores any failed searches in the local WX database and sends an authentication request to the RADIUS server group If a AAA rule...

Страница 231: ...at MSS uses to handle authentication Specify one or more of the following methods in priority order MSS applies multiple methods in the order you enter them A method can be one of the following local...

Страница 232: ...ods in the set authentication console command MSS applies them in the order in which they appear in the command with these results If the first method responds with pass or fail the evaluation is fina...

Страница 233: ...fy a username use the double asterisk wildcard character to specify all usernames or use the single asterisk wildcard character to specify a set of usernames up to or following the first delimiter cha...

Страница 234: ...rver EAP MD5 does not work with Microsoft wired authentication clients method1 method2 method3 method4 At least one and up to four methods that MSS uses to handle authentication Specify one or more of...

Страница 235: ...mand MSS applies them in the order in which they appear in the command with these results If the first method responds with pass or fail the evaluation is final If the first method does not respond MS...

Страница 236: ...1x on page 206 display aaa on page 219 set authentication admin on page 229 set authentication console on page 231 set authentication last resort on page 236 set authentication mac on page 239 set aut...

Страница 237: ...unting are also disabled for these users When using RADIUS for authentication a last resort user s default authorization password is 3Com Access Enabled History Introduced in MSS Version 3 0 Usage You...

Страница 238: ...name to the user name last resort For example if the requested SSID is mycorp MSS attempts to authenticate the user last resort mycorp If the RADIUS server or local database used as the authenticatio...

Страница 239: ...Globs on page 27 method1 method2 method3 method4 At least one of up to four methods that MSS uses to handle authentication Specify one or more of the following methods in priority order MSS applies mu...

Страница 240: ...nfiguration contains a set authentication mac command that matches the SSID the user is attempting to access and the user s MAC address MSS uses the method specified by the command Otherwise MSS uses...

Страница 241: ...AN Globs on page 26 radius server group A group of RADIUS servers used for authentication Defaults None Access Enabled History Introduced in MSS 4 0 Usage AAA for third party AP users has additional c...

Страница 242: ...all SSIDs type any wired Applies this authentication rule specifically to users connected to a wired authentication port method1 method2 method3 method4 At least one and up to four methods that MSS us...

Страница 243: ...not respond MSS tries the second method and so on However if local appears first followed by a RADIUS server group MSS overrides any failed searches in the local WX database and sends an authenticatio...

Страница 244: ...lob user operator user glob port port list dap dap num before rule number modify rule number deny Denies access to the network to users with characteristics that match the location policy rule permit...

Страница 245: ...se the double asterisk wildcard character to specify all VLAN names or use the single asterisk wildcard character to specify a set of VLAN names up to or following the first delimiter character either...

Страница 246: ...ANDed All conditions in the rule must match for MSS to take the specified action If the location policy contains multiple rules MSS compares the user information to the rules one at a time in the ord...

Страница 247: ...tac_24 to the traffic they receive WX4400 set location policy permit vlan bld4 tac outacl tac_24 if user eq ny ourfirm com The following command authorizes access to users on VLANs with names matchin...

Страница 248: ...leading zeros group name Name of an existing MAC user group Defaults None Access Enabled History Introduced in MSS Version 3 0 Usage MSS does not require MAC users to belong to user groups Users auth...

Страница 249: ...at you can assign to local users see Table 44 Table 44 Authentication Attributes for Local Users Attribute Description Valid Value s encryption type Type of encryption required for access by the clien...

Страница 250: ...are valid filter id Profile acl1 filter id OutboundACL acl2 filter id Profile acl1 OutboundACL acl2 Each example goes on a single line on the server The format in which to specify the values depends o...

Страница 251: ...mpt access and network users receive Framed access session timeout network access mode only Maximum number of seconds for the user s session Number between 0 and 4 294 967 296 seconds approximately 13...

Страница 252: ...onal mo Monday tu Tuesday we Wednesday th Thursday fr Friday sa Saturday su Sunday wk Any day between Monday and Friday Separate values or a series of ranges except time ranges with commas or a vertic...

Страница 253: ...in as soon as the user start date The MAC user does not need to wait for the MAC user group s start date url network access mode only URL to which the user is redirected after successful WebAAA Web UR...

Страница 254: ...212 display aaa on page 219 set mac usergroup attr Creates a user group in the local database on the WX switch for users who are authenticated by a MAC address and assigns authorization attributes fo...

Страница 255: ...LAN orange WX4400 set mac usergroup eastcoasters attr vlan name orange success change accepted See Also clear mac usergroup attr on page 214 display aaa on page 219 set mobility profile Creates a Mobi...

Страница 256: ...ty profile name set mac usergroup attr mobility profile name To enable the use of the Mobility Profile feature on the WX switch use the set mobility profile mode command CAUTION When the Mobility Prof...

Страница 257: ...e on the WX switch CAUTION When the Mobility Profile feature is enabled a user is denied access if assigned a Mobility Profile attribute in the local WX switch database or RADIUS server when no Mobili...

Страница 258: ...SS does not encrypt the displayed form of the password string and instead displays the string exactly as you entered it If you omit this option MSS does encrypt the displayed form of the string passwo...

Страница 259: ...rd To assign authorization attributes in RADIUS see the documentation for your RADIUS server Syntax set user username attr attribute name value username Username of a user with a password attribute na...

Страница 260: ...change accepted The following command assigns Tamara to the Mobility Profile tulip WX4400 set user Tamara attr mobility profile tulip success change accepted The following command limits the days and...

Страница 261: ...ization attributes in RADIUS see the documentation for your RADIUS server Syntax set usergroup group name attr attribute name value group name Name of a group for password users Specify a name of up t...

Страница 262: ...rdiology attr vlan name crimson success change accepted See Also clear usergroup on page 217 clear usergroup attr on page 218 display aaa on page 219 set web portal Globally enables or disables WebAAA...

Страница 263: ...set web portal 263 See Also clear authentication proxy on page 209 set service profile auth fallthru on page 374 set user on page 258...

Страница 264: ...264 CHAPTER 8 AAA COMMANDS...

Страница 265: ...ersion on all the WX switches in a Mobility Domain Commands by Usage This chapter presents Mobility Domain commands alphabetically Use Table 45 to locate commands in this chapter based on their use Ta...

Страница 266: ...r a Mobility Domain from a WX switch within the domain type the following command WX1200 clear mobility domain success change accepted See Also clear mobility domain member on page 266 set mobility do...

Страница 267: ...ig Displays the configuration of the Mobility Domain Syntax display mobility domain config Defaults None Access Enabled History Introduced in MSS Version 3 0 Examples The following command displays th...

Страница 268: ...4 STATE_UP SEED Table 46 describes the fields in the display See Also clear mobility domain on page 266 set mobility domain member on page 269 set mobility domain mode member seed ip on page 270 Table...

Страница 269: ...ge This command must be entered from the seed WX switch Examples The following commands add three WX switches with the IP addresses 192 168 1 8 192 168 1 9 and 192 168 1 10 as members of a Mobility Do...

Страница 270: ...ation Syntax set mobility domain mode member seed ip ip addr ip addr IP address of the Mobility Domain member in dotted decimal notation Defaults None Access Enabled History Introduced in MSS Version...

Страница 271: ...current WX switch must have its IP address set with the set system ip address command After you enter this command all Mobility Domain traffic is sent and received from the specified IP address You mu...

Страница 272: ...272 CHAPTER 9 MOBILITY DOMAIN COMMANDS...

Страница 273: ...X switches serve as a seed switch At least one of the Network Domain seeds maintains a connection with each of the member WX switches in the Network Domain The Network Domain seeds share information a...

Страница 274: ...rt of a Network Domain To clear a Network Domain from a WX switch within the domain type the following command WX1200 clear network domain This will clear all network domain configuration Would you li...

Страница 275: ...History Introduced in MSS 4 1 Usage This command has no effect if the WX switch is not configured as part of a Network Domain Examples The following command clears the Network Domain member configurat...

Страница 276: ...WX switch Defaults None Access Enabled History Introduced in MSS 4 1 Usage This command has no effect if the WX switch is not configured as a Network Domain seed Examples The following command clears...

Страница 277: ...n seed in dotted decimal notation Defaults None Access Enabled History Introduced in MSS 4 1 Usage This command has no effect if the WX switch is not configured as part of a Network Domain or if the W...

Страница 278: ...itch that is a Network Domain member the following output is displayed WX1200 display network domain Member Network Domain name California Member State Mode 10 8 107 1 UP SEED On a WX switch that is a...

Страница 279: ...f the other seeds in the Network Domain State State of the connection between the WX switch and the peer Network Domain seeds UP DOWN Member IP addresses of the seed WX switch and members in the Netwo...

Страница 280: ...on the WX switch When the WX switch needs to connect to a Network Domain seed it first attempts to connect to the seed with the highest affinity If that seed is unavailable the WX attempts to connect...

Страница 281: ...that all the Network Domain seeds have the same database of VLAN information Syntax set network domain peer ip addr ip addr IP address of the Network Domain seed to specify as a peer in dotted decimal...

Страница 282: ...e WX switches as Network Domain seeds If you do this you must identify them as peers by using the set network domain peer command Examples The following command creates a Network Domain named Californ...

Страница 283: ...ountry code after MAP configuration disables MAP access points and deletes their configuration If you change the country code on a WX switch you must reconfigure all MAP access points MAP Access Point...

Страница 284: ...page 376 Radio Properties set radio profile 11g only on page 347 set radio profile beacon interval on page 355 set radio profile rts threshold on page 365 set radio profile frag threshold on page 358...

Страница 285: ...90 set service profile shared key auth on page 384 display service profile on page 321 clear service profile on page 289 RF Auto Tuning set radio profile auto tune channel config on page 349 set radio...

Страница 286: ...set ap dap radio mode on page 341 Dual Homing set ap dap bias on page 328 Load Balancing set ap dap group on page 332 display ap dap group on page 303 MAP Administration and Maintenance set ap dap na...

Страница 287: ...3 WX1200 clear ap 3 radio 2 Table 50 Radio Specific Parameters Parameter Default Value Description channel 802 11b 6 802 11a Lowest valid channel number for the country of operation Number of the chan...

Страница 288: ...threshold service profile short retry For information about these parameters see the set radio profile commands that use them Defaults If you reset an individual parameter the parameter is returned to...

Страница 289: ...400 clear radio profile rptest success change accepted See Also display radio profile on page 317 set ap dap radio radio profile on page 343 set radio profile mode on page 362 clear service profile Re...

Страница 290: ...de on page 362 display ap dap config Displays global and radio specific settings for a MAP access point Syntax display ap config port list radio 1 2 Syntax display dap config dap num radio 1 2 port li...

Страница 291: ...DAP1 boot download enable YES Radio 1 type 802 11a mode disabled channel dynamic tx pwr 11 profile default auto tune max power default min client rate 24 max retransmissions 10 Table 51 describes the...

Страница 292: ...channel Channel number antennatype External antenna model if applicable tx pwr Transmit power in dBm profile Radio profile that manages the radio Until you assign the radio to a radio profile MSS assi...

Страница 293: ...set ap dap radio antennatype on page 334 set ap dap radio channel on page 339 set ap dap radio radio profile on page 343 set ap dap radio tx power on page 344 auto tune max retransmissions Maximum per...

Страница 294: ...d MAP for which to display statistics counters radio 1 Shows statistics counters for radio 1 radio 2 Shows statistics counters for radio 2 This option does not apply to single radio models Defaults No...

Страница 295: ...v Phy Err Ct 0 Transmit Retries 60501 Radio Adjusted Tx Pwr 15 Noise Floor 93 802 3 Packet Tx Ct 0 802 3 Packet Rx Ct 0 No Receive Descriptor 0 TxUniPkt TxUniByte RxPkt RxByte UndcrptPkt TxMultiPkt Tx...

Страница 296: ...te a problem in the RF environment TKIP Pkt Transfer Ct Total number of TKIP packets sent and received by the radio TKIP Pkt Replays Number of TKIP packets that were resent to the MAP by a client A lo...

Страница 297: ...MAP could not create a descriptor A descriptor describes a received packet s size and its location in MAP memory The MAP buffers descriptors and clears them during interframe spaces This counter incre...

Страница 298: ...hould always be 0 If the value is not 0 check the system log for MIC error messages and contact 3Com TAC TKIP Decrypt Err Number of times a decryption error occurred with a packet encrypted with TKIP...

Страница 299: ...cast packets transmitted by the radio TxUniByte Number of unicast bytes transmitted by the radio TxMultiByte Number of multicast bytes transmitted by the radio RxPkt Number of packets received by the...

Страница 300: ...tics counters port list List of ports connected to the MAP access point s for which to display QoS statistics counters Defaults None Access Enabled History Introduced in MSS Version 4 0 Examples The f...

Страница 301: ...ng command displays Ethernet statistics for the Ethernet ports on Distributed MAP 1 WX4400 display dap etherstats 1 DAP 1 ether 1 RxUnicast 75432 TxGoodFrames 55210 RxMulticast 18789 TxSingleColl 32 R...

Страница 302: ...es known to be lost due to a temporary lack of software resources TxGoodFrames Number of frames transmitted properly on the link TxSingleColl Number of transmitted frames that encountered a single col...

Страница 303: ...oadbalance1 6 6 Refusing 2 Table 55 describes the fields in this display See Also set ap dap group on page 332 Table 55 Output for display ap group Field Description Load Balance Grp Name of the MAP a...

Страница 304: ...information for radio 2 This option does not apply to single radio models Defaults None Access Enabled History Introduced in MSS Version 3 0 True base MAC addresses of radios are displayed in MSS Ver...

Страница 305: ...led operational channel 64 operational power 14 base mac 00 0b 0e 00 d2 c1 bssid1 00 0b 0e 00 d2 94 ssid private The following command displays the status of a directly connected MAP WX1200 display ap...

Страница 306: ...Field Description DAP Connection ID for the Distributed MAP Note This field is applicable only if the MAP is configured on the WX switch as a Distributed MAP Port WX port number Note This field is ap...

Страница 307: ...ved from the WX is invalid For Distributed MAPs this field also indicates whether the MAP s management traffic with the WX is encrypted and whether the MAP s fingerprint has been verified on the WX no...

Страница 308: ...the radio is sending countermeasures packets to combat a rogue The following information appears for external antennas External antenna detected configured as antenna model Indicates that an external...

Страница 309: ...models radio all Shows RF attribute information for both radios Defaults None Table 57 Output for display ap status terse and display dap status terse Field Description Port WX port number connected t...

Страница 310: ...display auto tune attributes Field Description Noise Noise threshold on the active channel RF Auto Tuning prefers channels with low noise levels over channels with higher noise levels Utilization Numb...

Страница 311: ...for which to display neighbors radio 1 Shows neighbor information for radio 1 radio 2 Shows neighbor information for radio 2 This option does not apply to single radio models radio all Shows neighbor...

Страница 312: ...317 set ap dap radio auto tune max power on page 335 set ap dap radio auto tune max retransmissions on page 337 set radio profile auto tune channel config on page 349 set radio profile auto tune chann...

Страница 313: ...ormation only if the Distributed MAP is configured on the switch where you use the command The switch does not need to be the one that booted the MAP but it must have the MAP in its configuration Also...

Страница 314: ...ed on a WX switch Syntax display dap global dap num serial id serial ID dap num Number of a Distributed MAP for which to display configuration settings serial id serial ID MAP access point serial ID D...

Страница 315: ...LOW M9DE48B123400 10 4 3 2 HIGH 17 M9DE48B123600 10 3 8 111 HIGH M9DE48B123600 10 4 3 2 LOW 18 M9DE48B123700 10 3 8 111 LOW M9DE48B123700 10 4 3 2 HIGH Table 61 describes the fields in this display Ta...

Страница 316: ...ected is configured as a network port instead of a MAP access port and if the network port is a member of a VLAN If a Distributed MAP is configured on a WX switch in another Mobility Domain the MAP ca...

Страница 317: ...and new fields added in MSS Version 4 0 Countermeasures Active Scan WMM enabled Table 62 Output for display dap unconfigured Field Description Serial Id Serial ID of the Distributed MAP Model MAP mod...

Страница 318: ...eacon Interval Rate in milliseconds at which each MAP radio in the profile advertises the beaconed SSID DTIM Interval Number of times after every beacon that each MAP radio in the radio profile sends...

Страница 319: ...e Channel Interval Interval in seconds at which RF Auto Tuning decides whether to change the channels on radios in a radio profile At the end of each interval MSS processes the results of the RF scans...

Страница 320: ...page 359 set radio profile max rx lifetime on page 360 set radio profile max tx lifetime on page 361 set radio profile mode on page 362 set radio profile preamble length on page 364 set radio profile...

Страница 321: ...rvice profile wpa_clients ssid name private ssid type crypto beacon yes auth fallthru web auth WEP Key 1 value none WEP Key 2 value none WEP Key 3 value none WEP Key 4 value none WEP Unicast Index 1 W...

Страница 322: ...his key to encrypt traffic with static Wired Equivalent Privacy WEP none T he key is not configured preset The key is configured Note The WEP parameters apply to traffic only on the encrypted SSID WEP...

Страница 323: ...iphers Lists the WPA cipher suites advertised by radios in the radio profile mapped to this service profile authentication Lists the authentication methods supported for WPA clients 802 1X dynamic aut...

Страница 324: ...ts a MAP access point Syntax reset ap port list dap dap num ap port list List of ports connected to the MAP access points to restart dap dap num Number of a Distributed MAP to reset Defaults None Acce...

Страница 325: ...mode enable command The profile uses the default radio profile by default You can change the profile using the set dap auto radio radio profile command You can use set dap auto commands to change sett...

Страница 326: ...on page 340 set ap dap radio mode on page 341 set ap dap radio radio profile on page 343 set ap dap upgrade firmware on page 346 set dap auto radiotype Sets the radio type for single MAP radios that...

Страница 327: ...ile 11g only command on the radio profile that contains the radio Examples The following command sets the radio type to 802 11b WX4400 set dap auto radiotype 11b success change accepted See Also set d...

Страница 328: ...p dap radio auto tune min client rate on page 340 set ap dap radio mode on page 341 set ap dap radio radio profile on page 343 set ap dap upgrade firmware on page 346 set ap dap bias Changes the bias...

Страница 329: ...ame the MAP selects the switch that has the greatest capacity to add more active MAPs For example if a MAP is dual homed to two WX4400 wireless LAN switches and one of the switches has 50 active MAPs...

Страница 330: ...Power LED flashes green orange The Ethernet LED does not change When blink mode is enabled on other models MP xxx the health and radio LEDs alternately blink green and amber By default blink mode is...

Страница 331: ...he Distributed MAP whose fingerprint you are verifying hex The 16 digit hexadecimal number of the fingerprint Use a colon between each digit Make sure the fingerprint you enter matches the fingerprint...

Страница 332: ...active sessions than the radio of the same type with the least number of active sessions within the group Syntax set ap port list dap dap num auto group name ap port list List of MAP access ports to a...

Страница 333: ...dap group on page 303 set ap dap name Changes a MAP name Syntax set ap port list dap dap num name name ap port list List of ports connected to the MAP access point to rename dap dap num Number of a Di...

Страница 334: ...rt list List of ports connected to the MAP access points on which to set the channel dap dap num Number of a Distributed MAP on which to set the channel radio 1 Radio 1 of the MAP radio 2 Radio 2 of t...

Страница 335: ...ess Enabled History Introduced in MSS Version 3 0 Model numbers added for 802 11a external antennas and the default changed to internal except for the MP 262 in MSS Version 3 2 Model numbers added for...

Страница 336: ...fault maximum power setting that RF Auto Tuning can set on a radio is the highest setting allowed for the country of operation or highest setting supported on the hardware whichever is lower Access En...

Страница 337: ...option does not apply to single radio models retransmissions Percentage of packets that can result in retransmissions without resulting in a channel change You can specify from 1 to 100 Defaults The d...

Страница 338: ...ases power by 1 dBm The radio continues increasing the power in 1 dBm increments until the retransmissions fall below the threshold After the retransmissions fall below the threshold the radio reduces...

Страница 339: ...type The default channel number for 802 11b g is 6 The default channel number for 802 11a is the lowest valid channel number for the country of operation Access Enabled History Introduced in MSS Versi...

Страница 340: ...n which to set the channel dap auto Sets the radio mode for MAPs managed by the MAP configuration profile See set dap auto on page 325 radio 1 Radio 1 of the MAP radio 2 Radio 2 of the MAP This option...

Страница 341: ...the minimum data rate or higher and the maximum retransmissions must be within the allowed percentile before the radio begins reducing power again Examples The following command increases the minimum...

Страница 342: ...which a profile is assigned use the set ap radio radio profile command To enable or disable all radios that use a specific radio profile use the set radio profile command Examples The following comman...

Страница 343: ...rs with no spaces mode enable Enables radios on the specified ports with the parameter settings in the specified radio profile mode disable Disables radios on the specified ports Defaults None Access...

Страница 344: ...ransmit power you can configure on any 3Com radio is the maximum allowed for the country in which you plan to operate the radio or one of the following values if that value is less than the country ma...

Страница 345: ...n MAP access ports The maximum transmission unit MTU for encrypted MAP management traffic is 1498 bytes whereas the MTU for unencrypted management traffic is 1474 bytes Make sure the devices in the in...

Страница 346: ...following command configures a WX to require Distributed MAPs to have encryption keys WX4400 set dap security require See Also set dap fingerprint on page 331 set service profile cipher wep40 on page...

Страница 347: ...ware disable See Also display ap dap config on page 290 set radio profile 11g only Configures each 802 11b g radio in a radio profile to allow associations with 802 11g clients only Syntax set radio p...

Страница 348: ...1g only enable success change accepted See Also display ap dap config on page 290 display radio profile on page 317 set port type ap on page 91 set radio profile mode on page 362 set radio profile act...

Страница 349: ...he MAP radios in a radio profile Syntax set radio profile name auto tune channel config enable disable name Radio profile name enable Configures radios to dynamically select their channels when the ra...

Страница 350: ...hannel interval on page 351 set radio profile auto tune power config on page 353 set radio profile auto tune channel holddown Sets the minimum number of seconds a radio in a radio profile must remain...

Страница 351: ...performed during the previous interval and changes radio channels if needed Syntax set radio profile name auto tune channel interval seconds name Radio profile name seconds Number of seconds RF Auto T...

Страница 352: ...orarily increased their power reduce it by 1 dBm The power backoff continues in 1 dBm increments after each interval until the power returns to expected setting Syntax set radio profile name auto tune...

Страница 353: ...lt power levels if unassigned when the radios are started Defaults Dynamic power assignment is disabled by default Access Enabled History Introduced in MSS Version 3 0 Usage When RF Auto Tuning for po...

Страница 354: ...st to RF changes if needed You can specify from 1 to 65535 seconds Defaults The default power tuning interval is 300 seconds Access Enabled History Introduced in MSS Version 3 0 Usage RF Auto Tuning a...

Страница 355: ...change parameters in the profile Use the set radio profile mode command Examples The following command changes the beacon interval for radio profile rp1 to 200 ms WX4400 set radio profile rp1 beacon...

Страница 356: ...nly configured Configures radios to attack only devices in the attack list on the WX switch on demand countermeasures When this option is specified devices found to be rogues by other means such as po...

Страница 357: ...ulticast and broadcast frames stored in its buffers to clients who request them in response to the DTIM The DTIM interval applies to both the beaconed SSID and the nonbeaconed SSID Syntax set radio pr...

Страница 358: ...adio profile name threshold Maximum frame length in bytes You can enter a value from 256 through 2346 Defaults The default fragmentation threshold for MAP radios is 2346 bytes Access Enabled History I...

Страница 359: ...times the radio can send the same long unicast frame You can enter a value from 1 through 15 Defaults The default long unicast retry threshold for MAP radios is 5 attempts Access Enabled History Intr...

Страница 360: ...econd through 250 000 250 seconds Defaults The default maximum receive threshold for MAP radios is 2000 ms 2 seconds Access Enabled History Introduced in MSS Version 3 0 Usage You must disable all rad...

Страница 361: ...0 5 second through 250 000 250 seconds Defaults The default maximum transmit threshold for MAP radios is 2000 ms 2 seconds Access Enabled History Introduced in MSS Version 3 0 Usage You must disable...

Страница 362: ...arameters controlled by a radio profile and their default values Table 66 Defaults for Radio Profile Parameters Parameter Default Value Radio Behavior When Parameter Set to Default Value 11g only disa...

Страница 363: ...000 ms 2 seconds max tx lifetime 2000 Allows a frame that is scheduled for transmission to stay in the buffer for up to 2000 ms 2 seconds preamble length short Advertises support for short 802 11b pre...

Страница 364: ...p1 mode enable The following command enables the WPA IE on MAP radios in radio profile rp2 WX4400 set radio profile rp2 wpa ie enable success change accepted See Also display ap dap config on page 290...

Страница 365: ...e profile Use the set radio profile mode command Examples The following command configures 802 11b g radios that use the radio profile rp_long to advertise support for long preambles instead of short...

Страница 366: ...g SSID and encryption settings in the service profile Syntax set radio profile name service profile name radio profile name Radio profile name of up to 16 alphanumeric characters with no spaces servic...

Страница 367: ...s not use WEP with 40 bit keys to encrypt traffic sent to WPA clients psk phrase No passphrase defined Uses dynamically generated keys rather than statically configured keys to authenticate WPA client...

Страница 368: ...e auth fallthru on page 374 set service profile auth psk on page 375 set service profile beacon on page 376 web aaa form Not configured For WebAAA users serves the default login web page or if configu...

Страница 369: ...7 set service profile wep active multicast index on page 388 set service profile wep active unicast index on page 389 set service profile wep key index on page 390 set service profile wpa ie on page 3...

Страница 370: ...WMM on the MAP radios in a radio profile Syntax set radio profile name wmm enable disable name Radio profile name enable Enables WMM disable Disables WMM Defaults WMM is enabled by default Access Enab...

Страница 371: ...g the SSID managed by the service profile These SSID default attributes are applied in addition to any supplied by the RADIUS server or from the local database Syntax set service profile name attr att...

Страница 372: ...configured with the vlan name attribute set to blue and the RADIUS server returns the vlan name attribute set to orange then the attribute from the RADIUS server takes precedence the user is placed in...

Страница 373: ...the WPA IE is disabled the auth dot1x setting has no effect Access Enabled History Introduced in MSS Version 3 0 Usage This command does not disable dynamic WEP for non WPA clients To disable dynamic...

Страница 374: ...l last resort Automatically authenticates the user and allows access to the SSID requested by the user without requiring a username and password none Denies authentication and prohibits the user from...

Страница 375: ...e Examples The following command sets the fallthru authentication for SSIDS managed by the service profile rnd_lab to none WX4400 set service profile rnd_lab auth fallthru none success change accepted...

Страница 376: ...following command enables PSK authentication for service profile wpa_clients WX4400 set service profile wpa_clients auth psk enable success change accepted See Also display service profile on page 32...

Страница 377: ...ice profile on page 321 set radio profile beacon interval on page 355 set service profile ssid name on page 384 set service profile ssid type on page 385 set service profile cipher ccmp Enables Counte...

Страница 378: ...ption in a service profile Syntax set service profile name cipher tkip enable disable name Service profile name enable Enables TKIP encryption for WPA clients disable Disables TKIP encryption for WPA...

Страница 379: ...WPA IE When 104 bit WEP in WPA is enabled in the service profile radios managed by a radio profile that is mapped to the service profile can also support non WPA clients that use dynamic WEP To suppor...

Страница 380: ...is disabled by default Access Enabled History Introduced in MSS Version 3 0 Usage To use 40 bit WEP with WPA clients you must also enable the WPA IE When 40 bit WEP in WPA is enabled in the service p...

Страница 381: ...nts in a service profile Radios use the PSK as a pairwise master key PMK to derive unique pairwise session keys for individual WPA clients Syntax set service profile name psk phrase passphrase name Se...

Страница 382: ...to use for authenticating WPA clients in a service profile Radios use the PSK as a pairwise master key PMK to derive unique pairwise session keys for individual WPA clients Syntax set service profile...

Страница 383: ...sn ie Enables the Robust Security Network RSN Information Element IE The RSN IE advertises the RSN authentication methods and cipher suites supported by radios in the radio profile mapped to the servi...

Страница 384: ...is disabled by default Access Enabled History Introduced in MSS Version 3 0 Examples The following command enables shared key authentication in service profile sp4 WX4400 set service profile sp4 share...

Страница 385: ...pecifies whether the SSID managed by a service profile is encrypted or unencrypted Syntax set service profile name ssid type clear crypto name Service profile name clear Wireless traffic for the servi...

Страница 386: ...ds ms countermeasures remain in effect You can specify from 0 to 60 000 Defaults The default countermeasures wait time is 60 000 ms 60 seconds Access Enabled History Introduced in MSS Version 3 0 Usag...

Страница 387: ...switch s user file area If the custom login page includes gif or jpg images their path names are interpreted relative to the directory from which the page is served To use WebAAA the fallthru authent...

Страница 388: ...the static Wired Equivalent Privacy WEP key one of four to use for encrypting multicast frames Syntax set service profile name wep active multicast index num name Service profile name num WEP key numb...

Страница 389: ...om 1 through 4 Defaults If WEP encryption is enabled and WEP keys are defined MAP radios use WEP key 1 to encrypt unicast frames by default Access Enabled History Introduced in MSS Version 3 0 Usage B...

Страница 390: ...numbers or letters ASCII characters in the following ranges are supported 0 to 9 A to F a to f Defaults By default no static WEP keys are defined Access Enabled History Introduced in MSS Version 3 0...

Страница 391: ...ess Enabled History Introduced in MSS Version 3 0 Usage When the WPA IE is enabled the default authentication method is 802 1X There is no default cipher suite You must enable the cipher suites you wa...

Страница 392: ...392 CHAPTER 11 MANAGED ACCESS POINT COMMANDS...

Страница 393: ...page 398 display spantree blockedports on page 401 Bridge Priority set spantree priority on page 419 Port Cost set spantree portcost on page 414 set spantree portvlancost on page 417 display spantree...

Страница 394: ...st command Examples The following command resets the STP port cost on ports 5 and 6 to the default value WX1200 clear spantree portcost 5 6 success change accepted See Also clear spantree portvlancost...

Страница 395: ...or only specific VLANs use the clear spantree portvlanpri command Examples The following command resets the STP priority on port 6 to the default WX1200 clear spantree portpri 6 success change accepte...

Страница 396: ...tcost on page 394 display spantree on page 398 display spantree portvlancost on page 403 set spantree portcost on page 414 set spantree portvlancost on page 417 clear spantree portvlanpri Resets to th...

Страница 397: ...anpri on page 418 clear spantree statistics Clears STP statistics counters for a network port or ports and resets them to 0 Syntax clear spantree statistics port list vlan vlan id port list List of po...

Страница 398: ...ys STP information for VLAN default WX1200 display spantree vlan default VLAN 1 Spanning tree mode PVST Spanning tree type IEEE Spanning tree enabled Designated Root 00 02 4a 70 49 f7 Designated Root...

Страница 399: ...tch is the root bridge then the root cost is 0 Designated Root Port Port through which this WX switch reaches the root bridge If this WX switch is the root bridge this field says We are the root Root...

Страница 400: ...y traffic including STP control traffic The port might be administratively disabled or the link might be disconnected Forwarding The port is forwarding Layer 2 traffic Learning The port is learning th...

Страница 401: ...or number If you do not specify a VLAN MSS displays information for blocked ports on all VLANs Defaults None Access All History Introduced in MSS Version 3 0 Usage The command lists information separa...

Страница 402: ...cess All History Introduced in MSS Version 3 0 Examples The following command shows uplink fast convergence information for all ports WX1200 display spantree portfast Port Vlan Portfast 1 1 disable 2...

Страница 403: ...path cost 19 See Also clear spantree portcost on page 394 clear spantree portvlancost on page 395 display spantree on page 398 set spantree portcost on page 414 set spantree portvlancost on page 417...

Страница 404: ...ed cost 0x0 designated_bridge 00 0b 0e 00 04 30 designated_port 38 top_change_ack FALSE config_pending FALSE port_inconsistency none Port based information statistics config BPDU s xmitted port VLAN 0...

Страница 405: ...15 topology change initiator 0 last topology change occured Tue Jul 01 2003 22 33 36 topology change FALSE topology change time 35 topology change detected FALSE topology change count 1 topology chan...

Страница 406: ...information with information in STP control packets received by the port to compute the spanning tree and change state to blocking or forwarding port_id STP port ID port_number STP port number path c...

Страница 407: ...ontrol point SCP failures root inc trans count Number of times the root bridge changed inhibit loopguard State of the loop guard In the current release the state is always FALSE loop inc trans count N...

Страница 408: ...ridge forward delay Value of the forwarding delay interval in seconds when this WX switch is the root or is attempting to become the root topology change initiator Port number that initiated the most...

Страница 409: ...umber of expired messages link loading Indicates whether the link is oversubscribed BPDU in processing Indicates whether BPDUs are currently being processed num of similar BPDU s to process Number of...

Страница 410: ...able Enables STP disable Disables STP all Enables or disables STP on all VLANs vlan vlan id VLAN name or number MSS enables or disables STP on only the specified VLAN on all ports within the VLAN port...

Страница 411: ...e backbone fast convergence feature is not compatible with switches that are running standard IEEE 802 1D Spanning Tree implementations This includes switches running Rapid Spanning Tree or Multiple S...

Страница 412: ...ame or number MSS changes the forwarding delay on only the specified VLAN Defaults The default forwarding delay is 15 seconds Access Enabled History Introduced in MSS Version 3 0 Examples The followin...

Страница 413: ...idge hello packet that is acceptable to a wireless LAN switch acting as a designated bridge on one or all of its VLANs After waiting this period of time for a new hello packet the WX switch determines...

Страница 414: ...cost port list List of ports MSS applies the cost change to all the specified ports cost cost Numeric value You can specify a value from 1 through 65 535 STP selects lower cost paths over higher cost...

Страница 415: ...play spantree on page 398 display spantree portvlancost on page 403 set spantree portvlancost on page 417 set spantree portfast Enables or disables STP port fast convergence on one or more ports on a...

Страница 416: ...priority on the specified ports priority value Priority value You can specify a value from 0 highest priority through 255 lowest priority Defaults The default STP priority for all network ports is 12...

Страница 417: ...her cost paths all Changes the cost on all VLANs vlan vlan id VLAN name or number MSS changes the cost on only the specified VLAN Defaults The default port cost depends on the port speed and link type...

Страница 418: ...est priority through 255 lowest priority all Changes the priority on all VLANs vlan vlan id VLAN name or number MSS changes the priority on only the specified VLAN Defaults The default STP priority fo...

Страница 419: ...ault root bridge priority for the switch on all VLANs is 32 768 Access Enabled History Introduced in MSS Version 3 0 Examples The following command sets the bridge priority of VLAN pink to 69 WX4400 s...

Страница 420: ...cting as access switches to the network core distribution layer but are not in the core themselves Do not enable the feature on WX switches that are in the network core Examples The following command...

Страница 421: ...page 422 Proxy Reporting set igmp proxy report on page 438 Pseudo querier set igmp querier on page 441 display igmp querier on page 427 Timers set igmp qi on page 439 set igmp oqi on page 437 set igm...

Страница 422: ...ar igmp statistics IGMP statistics cleared for all vlans See Also display igmp statistics on page 431 display igmp Displays IGMP configuration information and statistics Syntax display igmp vlan vlan...

Страница 423: ...0 00 02 04 06 08 0a 258 Querier information Querier for vlan orange Port Querier IP Querier MAC TTL 1 193 122 135 178 00 0b cc d2 e9 b4 23 IGMP vlan member ports 1 2 3 IGMP static ports none IGMP stat...

Страница 424: ...ration values rvalue Robustness value Multicast router information List of multicast routers and active multicast groups The fields containing this information are described separately The display igm...

Страница 425: ...t general query message If IGMP snooping does not detect a querier the output indicates this The display igmp querier command shows the same information Querier for vlan VLAN containing the querier In...

Страница 426: ...mrouter vlan vlan id vlan vlan id VLAN name or number If you do not specify a VLAN MSS displays the multicast routers in all VLANs Defaults None Access All History Introduced in MSS Version 3 0 Examp...

Страница 427: ...uters for vlan VLAN containing the multicast routers Ports are listed separately for each VLAN Port Number of the physical port through which the WX can reach the router Mrouter IPaddr IP address of t...

Страница 428: ...the multicast all systems group If IGMP snooping does not detect a querier the output indicates this finding as shown in the following example WX1200 display igmp querier vlan red Querier for vlan red...

Страница 429: ...ddress and subnet mask of a multicast group in CIDR format for example 239 20 20 10 24 If you do not specify a group address MSS displays the multicast receivers for all groups Defaults None Access Al...

Страница 430: ...0 05 09 0c 0a 01 111 Table 78 describes the fields in this display See Also set igmp receiver on page 441 Table 78 Output for display igmp receiver table Field Description VLAN VLAN that contains the...

Страница 431: ...displays IGMP statistics for VLAN orange WX1200 display igmp statistics vlan orange IGMP statistics for vlan orange IGMP message type Received Transmitted Dropped General Queries 0 0 0 GS Queries 0 0...

Страница 432: ...dvertise the IP address of the sending interface as a multicast router interface Mrouter Term Multicast router termination messages A multicast router sends this type of message when multicast forward...

Страница 433: ...ing on VLAN orange WX1200 set igmp disable vlan orange success change accepted See Also set igmp rv on page 442 Topology notifications Number of Layer 2 topology change notifications received by the W...

Страница 434: ...p If there are no more receivers for the group the WX switch also sends a leave message for the group to multicast routers You can specify a value from 1 through 65 535 vlan vlan id VLAN name or numbe...

Страница 435: ...ort from the list of static multicast router ports Defaults By default no ports are static multicast router ports Access Enabled History Introduced in MSS Version 3 0 Usage You cannot add MAP access p...

Страница 436: ...e following command enables multicast router solicitation on VLAN orange WX1200 set igmp mrsol enable vlan orange success change accepted See Also set igmp mrsol mrsi on page 436 set igmp mrsol mrsi C...

Страница 437: ...electing itself the querier You can specify a value from 1 through 65 535 vlan vlan id VLAN name or number If you do not specify a VLAN the timer change applies to all VLANs Defaults The default other...

Страница 438: ...le Enables proxy reporting disable Disables proxy reporting Defaults Proxy reporting is enabled on all VLANs by default Access Enabled History Introduced in MSS Version 3 0 Usage Proxy reporting reduc...

Страница 439: ...Introduced in MSS Version 3 0 Usage The query interval is applicable only when the WX is querier for the subnet For the WX switch to become the querier the pseudo querier feature must be enabled on t...

Страница 440: ...sponse interval is 100 tenths of a second 10 seconds Access Enabled History Introduced in MSS Version 3 0 Usage The query response interval is applicable only when the WX is querier for the subnet For...

Страница 441: ...and no multicast router is servicing the subnet Examples The following example enables the pseudo querier on the orange VLAN WX1200 set igmp querier enable vlan orange success change accepted See Als...

Страница 442: ...oves port 7 from the list of static multicast receiver ports WX1200 set igmp receiver port 7 disable success change accepted See Also display igmp receiver table on page 429 set igmp rv Changes the ro...

Страница 443: ...set igmp rv 443 See Also set igmp oqi on page 437 set igmp qi on page 439 set igmp qri on page 440...

Страница 444: ...444 CHAPTER 13 IGMP SNOOPING COMMANDS...

Страница 445: ...ds by Usage This chapter presents security ACL commands alphabetically Use Table 80 to locate commands in this chapter based on their use Table 80 Security ACL Commands by Usage Type Command Create Se...

Страница 446: ...efaults None Access Enabled History Introduced in MSS Version 3 0 Usage This command deletes security ACLs only in the edit buffer You must use the commit security acl command with this command to del...

Страница 447: ...any enable hits set security acl ip acl_135 hits 2 0 1 deny IP source IP 192 168 1 1 0 0 0 0 destination IP any enable hits See Also clear security acl map on page 447 commit security acl on page 449...

Страница 448: ...ap num One or more Distributed MAPs based on their connection IDs Specify a single connection ID or specify a comma separated list of connection IDs a hyphen separated range or any combination with no...

Страница 449: ...Ls from the running configuration and nonvolatile storage Syntax commit security acl acl name all acl name Name of an existing security ACL to commit ACL names must start with a letter and are case in...

Страница 450: ...acl_124 IP Static WX4400 display security acl info all editbuffer acl editbuffer information for all See Also clear security acl on page 446 display security acl on page 450 display security acl info...

Страница 451: ...ACL Type Status acl_122 IP Not committed acl_132 IP Not committed acl 144 IP Not committed See Also clear security acl on page 446 display security acl info on page 452 set security acl on page 459 di...

Страница 452: ...ACLs in the edit buffer before they are committed Syntax display security acl info acl name all editbuffer acl name Name of an existing security ACL to display ACL names must start with a letter and a...

Страница 453: ...he edit buffer including the committed ACE rules 1 and 2 and the uncommitted rule 3 WX4400 display security acl info acl_123 editbuffer ACL edit buffer information for acl_123 set security acl ip acl_...

Страница 454: ...ap on page 447 display security acl map on page 453 set security acl map on page 464 display security acl resource usage Displays statistics about the resources used by security ACL filtering on the W...

Страница 455: ...ary memory 0 max 512 PSCBs in secondary memory 0 max 9728 Leaves in primary 2 max 151 Leaves in secondary 0 max 12096 Sum node depth 1 Information on Network Processor status Fragmentation control 0 U...

Страница 456: ...ecurity ACL data entries PSCBs in primary memory Number of pattern search control blocks PSCBs stored in primary node memory PSCBs in secondary memory Number of PSCBs stored in secondary node memory L...

Страница 457: ...ts security ACEs for IP only Root in first Leaf buffer allocation True Enough primary leaf buffers are allocated in nonvolatile memory to accommodate all leaves False Insufficient primary leaf buffers...

Страница 458: ...d ACEs Defaults None Access Enabled History Introduced in MSS Version 3 0 In mapping Application of security ACLs to incoming traffic on the WX switch True Security ACLs are mapped to incoming traffic...

Страница 459: ...rity acl on page 450 set security acl In the edit buffer creates a security access control list ACL adds one access control entry ACE to a security ACL and or reorders ACEs in the ACL The ACEs in an A...

Страница 460: ...sk operator port port2 precedence precedence tos tos before editbuffer index modify editbuffer index hits acl name Security ACL name ACL names must be unique within the WX switch must start with a let...

Страница 461: ...mask IP address and wildcard mask of the network or host from which the packet is being sent Specify both address and mask in dotted decimal notation For more information see Wildcard Masks on page 26...

Страница 462: ...0 through 255 For a list of ICMP message type and code numbers see www iana org assignments icmp parameters precedence precedence Filters packets by precedence level Specify a value from 0 through 7...

Страница 463: ...activate them with the commit security acl command and map them to a VLAN port or virtual port or to a user If the WX switch is reset or restarted any ACLs in the edit buffer are lost You cannot perf...

Страница 464: ...estination port 80 only and counts the hits WX4400 set security acl ip acl_125 deny tcp 192 168 1 1 0 0 0 0 192 168 1 2 0 0 0 0 eq 80 hits Finally the following command commits the security ACLs in th...

Страница 465: ...connection ID or specify a comma separated list of connection IDs a hyphen separated range or any combination with no spaces MSS assigns the security ACL to the specified Distributed MAPs in Assigns t...

Страница 466: ...counter counts the number of packets filtered by the security ACL or hits Syntax set security acl hit sample rate seconds seconds Number of seconds between samples A sample rate of 0 zero disables th...

Страница 467: ...the ACL was mapped WX4400 set security acl hit sample rate 15 WX4400 display security acl info acl_153 ACL information for acl_153 set security acl ip acl_153 hits 3 916 1 permit IP source IP 20 1 1...

Страница 468: ...468 CHAPTER 14 SECURITY ACL COMMANDS...

Страница 469: ...sage This chapter presents cryptography commands alphabetically Use Table 82 to locate commands in this chapter based on their use Table 82 Cryptography Commands by Usage Type Command Encryption Keys...

Страница 470: ...te authenticates the WX to 802 1X supplicants clients web Stores the certificate authority s certificate that signed the WebAAA certificate for the WX switch The Web certificate authenticates the WX t...

Страница 471: ...i wpoer0QWNFNkj90044mbdrl1277SWQ8G7DiwYUtrqoQplKJvxz Lm8wmVYxP56M CUAm908C2foYgOY40 END CERTIFICATE See Also display crypto ca certificate on page 481 crypto certificate Installs one of the WX switch...

Страница 472: ...text editor such as Notepad or vi 2 Enter the crypto certificate command on the CLI command line 3 When MSS prompts you for the PEM formatted certificate paste the PKCS 7 object file onto the command...

Страница 473: ...e key pair for authenticating the WX switch to WebAAA clients 512 1024 2048 Length of the key pair in bits The minimum key size for SSH is 1024 Defaults None Access Enabled History Introduced in MSS V...

Страница 474: ...the WX switch to WebAAA clients After you type the command you are prompted for the following variables Country Name string Optional Specify the abbreviation for the country in which the WX switch is...

Страница 475: ...u must enter a common name for the WX switch This command outputs a PKCS 10 text string in Privacy Enhanced Mail protocol PEM format that you paste to another location for submission to the certificat...

Страница 476: ...ntax crypto generate self signed admin eap web admin Generates an administrative certificate to authenticate the WX switch to 3WXM or Web Manager eap Generates an EAP certificate to authenticate the W...

Страница 477: ...domain name It simply needs to be formatted like one Email Address string Optional Specify your email address in up to 80 alphanumeric characters with no spaces Unstructured Name string Optional Speci...

Страница 478: ...thority s own certificate to authenticate the WX switch to 802 1X supplicants clients web Creates a one time password for installing a PKCS 12 object file for a WebAAA certificate and key pair and opt...

Страница 479: ...ject file into the certificate and key storage area on the WX switch This object file contains a public private key pair an WX certificate signed by a certificate authority and the certificate authori...

Страница 480: ...P from a remote location to the local nonvolatile storage system on the WX switch Examples The following commands copy a PKCS 12 object file for an EAP certificate and key pair and optionally the cert...

Страница 481: ...rtificate authenticates the WX switch to 802 1X supplicants clients web Displays information about the certificate authority s certificate that signed the WebAAA certificate for the WX switch The WebA...

Страница 482: ...e that authenticates the WX switch to WebAAA clients Defaults None Access Enabled History Introduced in MSS Version 3 0 Webaaa option renamed to web in MSS Version 4 1 Usage You must have generated a...

Страница 483: ...key after the first connection so you need to check the key only once Syntax display crypto key ssh Defaults None Access Enabled History Introduced in MSS Version 3 0 Examples To display SSH key infor...

Страница 484: ...484 CHAPTER 15 CRYPTOGRAPHY COMMANDS...

Страница 485: ...e RADIUS appendix in the Wireless LAN Switch and Controller Configuration Guide Table 85 RADIUS Commands by Usage Type Command RADIUS Client set radius client system ip on page 491 clear radius client...

Страница 486: ...ait for the RADIUS server to respond before retransmitting Defaults Global RADIUS parameters have the following default values deadtime 0 zero minutes The WX switch does not designate unresponsive RAD...

Страница 487: ...y Introduced in MSS Version 3 0 Usage The clear radius client system ip command causes the WX switch to use the IP address of the interface through which it sends a RADIUS client request as the source...

Страница 488: ...tries from the switch WX4400 clear radius proxy client all success change accepted See Also set radius proxy client on page 492 clear radius proxy port Removes RADIUS proxy ports configured for third...

Страница 489: ...rs42 success change accepted See Also display aaa on page 219 set radius server on page 494 clear server group Removes a RADIUS server group from the configuration or disables load balancing for the g...

Страница 490: ...of minutes the WX switch waits after declaring an unresponsive RADIUS server unavailable before retrying the RADIUS server You can specify from 0 to 1440 minutes key string Password shared secret key...

Страница 491: ...y success change accepted WX1200 set radius retransmit 1 success change accepted WX1200 set radius timeout 21 success change accepted See Also clear radius server on page 489 display aaa on page 219 s...

Страница 492: ...mber key string address ip address IP address of the third party AP Enter the address in dotted decimal notation port udp port number UDP port on which the WX switch listens for RADIUS access requests...

Страница 493: ...ADIUS proxy for the SSID supported by the AP Syntax set radius proxy port port list tag tag value ssid ssid name port port list WX port s connected to the third party AP tag tag value 802 1Q tag value...

Страница 494: ...his RADIUS server Enter an alphanumeric string of up to 32 characters with no blanks address ip address IP address of the RADIUS server Enter the address in dotted decimal notation auth port port numb...

Страница 495: ...esignate unresponsive RADIUS servers as unavailable key No key author password When using RADIUS for authentication a MAC user s MAC address is also used as the default authorization password for that...

Страница 496: ...uthentication last resort on page 236 set authentication mac on page 239 set authentication web on page 242 set radius on page 490 set server group on page 496 set server group Configures a group of o...

Страница 497: ...32 characters load balance enable disable Enables or disables load balancing of authentication requests among the servers in the group Defaults Load balancing is disabled by default Access Enabled His...

Страница 498: ...server group shorebirds load balance enable success change accepted To disable load balancing between shorebirds server group members type the following command WX1200 set server group shorebirds loa...

Страница 499: ...ased on their use For information about configuring 802 1X commands for user authentication see AAA Commands on page 201 Table 86 802 1X Commands by Usage Type Command Wired Authentication Port Contro...

Страница 500: ...eature Access Enabled History Introduced in MSS Version 3 0 Examples To reset the Bonded period to its default type the following command WX4400 clear dot1x bonded period success change accepted Reaut...

Страница 501: ...mples To reset the number of 802 1X requests the WX can send to the default setting type the following command WX4400 clear dot1x max req success change accepted See Also display dot1x on page 505 set...

Страница 502: ...dot1x port control success change accepted See Also display dot1x on page 505 set dot1x port control on page 512 clear dot1x quiet period Resets the quiet period after a failed authentication to the...

Страница 503: ...eauth max success change accepted See Also display dot1x on page 505 set dot1x reauth max on page 514 clear dot1x reauth period Resets the time period that must elapse before a reauthentication attemp...

Страница 504: ...s change accepted See Also display dot1x on page 505 set dot1x timeout auth server on page 515 clear dot1x timeout supplicant Resets to the default setting the number of seconds that must elapse befor...

Страница 505: ...oL retransmission time WX4400 clear dot1x tx period success change accepted See Also display dot1x on page 505 set dot1x tx period on page 516 display dot1x Displays 802 1X client information for stat...

Страница 506: ...EXAMPLE havel 00 05 5d 7e 98 1a Authenticated vlan eng EXAMPLE nash 00 0b be a9 dc 4e Authenticated vlan pm xalik xmple com 00 05 5d 7e 96 e3 Authenticated vlan eng EXAMPLE mishan 00 02 2d 6f 44 77 A...

Страница 507: ...authcontrol auto max sessions 1 port 8 authcontrol auto max sessions 1 Type the following command to display 802 1X statistics WX4400 display dot1x stats 802 1X statistic value Enters Connecting 709...

Страница 508: ...ss While Authenticating Number of times the WX switch state transitions from AUTHENTICATING from AUTHENTICATED as a result of an EAP Response Identity message being received from the supplicant client...

Страница 509: ...e Bonded Auth bonded authentication period which is the number of seconds MSS retains session information for an authenticated machine while waiting for the 802 1X client on the machine to start re au...

Страница 510: ...ntication rules that contain the bonded option Examples To set the bonded authentication period to 60 seconds type the following command WX4400 set dot1x bonded period 60 success change accepted See A...

Страница 511: ...ecify a value between 0 and 10 Defaults The default number of EAP retransmissions is 2 Access Enabled History Introduced in MSS Version 3 0 Usage To support SSIDs that have both 802 1X and static WEP...

Страница 512: ...with an EAP failure message auto Allows the specified wired authentication ports to process 802 1X authentication normally as determined for the user by the set authentication dot1X command port list...

Страница 513: ...00 set dot1x quiet period 90 success dot1x quiet period set to 90 See Also clear dot1x quiet period on page 502 set dot1x wep rekey period on page 518 set dot1x reauth Determines whether the WX switch...

Страница 514: ...reauthentication attempts is 2 Access Enabled History Introduced in MSS Version 3 0 Usage If the number of reauthentications for a wired authentication client is greater than the maximum number of rea...

Страница 515: ...WX4400 set dot1x reauth period 100 success dot1x auth server timeout set to 100 See Also display dot1x on page 505 clear dot1x reauth period on page 503 set dot1x timeout auth server Sets the number o...

Страница 516: ...ccess Enabled History Introduced in MSS Version 3 0 Examples Type the following command to set the number of seconds for authentication session timeout to 300 WX4400 set dot1x timeout supplicant 300 s...

Страница 517: ...iod for each radio associated VLAN and encryption type The WX generates the new broadcast and multicast keys and pushes the keys to the clients via EAPoL key messages disable WEP broadcast and multica...

Страница 518: ...conds Specify a value between 30 and 1 641 600 19 days Defaults The default is 1800 seconds 30 minutes Access Enabled History Introduced in MSS Version 3 0 Examples Type the following command to set t...

Страница 519: ...s to the WX switch through a Telnet or SSH connection or a console plugged into the switch console Clears sessions for all users with administrative access to the WX switch through a console plugged i...

Страница 520: ...lear all administrative sessions through the console type the following command WX4400 clear sessions console This will terminate manager sessions do you wish to continue y n n y To clear all administ...

Страница 521: ...all network sessions for a MAC address Specify a MAC address in hexadecimal numbers separated by colons or use the wildcard character to specify a set of MAC addresses For details see MAC Address Glo...

Страница 522: ...users whose name begins with the characters Jo type the following command WX1200 clear sessions network user Jo To clear the sessions of all users on VLAN red type the following command WX1200 clear s...

Страница 523: ...3 0 Examples To view information about sessions of administrative users type the following command WX4400 display sessions admin Tty Username Time s Type tty0 3644 Console tty2 tech 6 Telnet tty3 ssha...

Страница 524: ...y sessions admin display sessions console and display sessions telnet Output Field Description Tty The Telnet terminal number or console for administrative users connected through the console port Use...

Страница 525: ...ess Specify a MAC address in hexadecimal numbers separated by colons Or use the wildcard character to specify a set of MAC addresses For details see MAC Address Globs on page 27 ssid ssid name Display...

Страница 526: ...play sessions network User Sess IP or MAC VLAN Port Name ID Address Name Radio EXAMPLE Natasha 4 10 10 40 17 vlan eng 3 1 host laptop11 exmpl com 6 10 10 40 16 vlan eng 3 2 nin exmpl com 539 10 10 40...

Страница 527: ...on WX 192 168 12 7 AP radio 1 1 AP 00 0b 0e 00 05 fe as of 00 23 32 ago 1 sessions match criteria of 10 total The following command displays verbose output about the sessions of all current network u...

Страница 528: ...bytes in 10144 Number of packets with encryption errors 0 Number of bytes with encryption errors 0 Last packet data rate 2 Last packet signal strength 67 dBm Last packet data S N ratio 55 Table 91 de...

Страница 529: ...to transfer the user who is roaming to another WX switch STATUS UPDATED WX switch is receiving a final update from a MAP access point about the user who has roamed away WEB_AUTHING User is being authe...

Страница 530: ...sociated with one of the current WX switch s MAP access points has appeared at another WX switch in the Mobility Domain ROAMING AWAY The WX switch has been sent a request to transfer the user who is r...

Страница 531: ...64 bit counter Unicast bytes out Total number of unicast bytes sent by the WX to the user 64 bit counter Multicast packets in Total number of multicast packets received from the user by the WX 64 bit...

Страница 532: ...532 CHAPTER 18 SESSION MANAGEMENT COMMANDS...

Страница 533: ...prevent clients from being able to use them You can configure RF detection parameters only on the seed switch of a Mobility Domain Commands by Usage This chapter presents RF detection commands alphab...

Страница 534: ...ge 551 clear rfdetect vendor list on page 537 Permitted SSID List set rfdetect ssid list on page 560 display rfdetect ssid list on page 550 clear rfdetect ssid list on page 536 Client Black List set r...

Страница 535: ...C address 11 22 33 44 55 66 from the black list WX1200 clear rfdetect black list 11 22 33 44 55 66 success 11 22 33 44 55 66 is no longer blacklisted See Also set rfdetect black list on page 555 displ...

Страница 536: ...age 558 clear rfdetect ssid list Removes an SSID from the permitted SSID list Syntax clear rfdetect ssid list ssid name ssid name SSID name you want to remove from the permitted SSID list Defaults Non...

Страница 537: ...ry Introduced in MSS Version 4 0 Examples The following command removes client OUI aa bb cc 00 00 00 from the permitted vendor list WX4400 clear rfdetect vendor list client aa bb cc 00 00 00 success a...

Страница 538: ...st on page 554 display rfdetect black list Displays information abut the clients in the client black list Syntax display rfdetect black list Defaults None Access Enabled History Introduced in MSS Vers...

Страница 539: ...ntel Unknown dap 1 1 2 1 intfr 155 00 05 5d 79 ce 0f D Link Unknown dap 1 1 149 1 intfr 87 00 05 5d 7e 96 a7 D Link Unknown dap 1 1 149 1 intfr 117 00 05 5d 7e 96 ce D Link Unknown dap 1 1 157 1 intfr...

Страница 540: ...rogue device rogue Wireless device that is on the network but is not supposed to be on the network intfr Wireless device that is not part of your network and is not a rogue but might be causing RF in...

Страница 541: ...1 23 dap 4 1 6 00 0b 0e 03 00 80 rogue 00 0b 0e 11 22 33 10 1 1 23 dap 2 1 11 Typ Classification of the rogue device rogue Wireless device that is on the network but is not supposed to be on the netwo...

Страница 542: ...on of the rogue device rogue Wireless device that is on the network but is not supposed to be on the network intfr Wireless device that is not part of your network and is not a rogue but might be caus...

Страница 543: ...d 0 0 802 11 mgmt type f flood 0 0 802 11 association flood 0 0 802 11 reassociation flood 0 0 802 11 disassociation flood 0 0 Weak wep initialization vectors 0 0 Spoofed access point mac address atta...

Страница 544: ...s managed by another WX switch use the display rfdetect visible command To display rogue information for the entire Mobility Domain use the display rfdetect mobility domain command on the seed switch...

Страница 545: ...e network but might be causing RF interference with MAP radios known Device that is a legitimate member of the network Port Radio Channel Port number radio number and channel number of the radio that...

Страница 546: ...umber of entries 2 Ignore MAC aa bb cc 11 22 33 aa bb cc 44 55 66 See Also clear rfdetect ignore on page 535 set rfdetect ignore on page 558 display rfdetect mobility domain Displays the rogues detect...

Страница 547: ...00 2 00 09 b7 7b 8a 54 Cisco intfr i 00 0a 5e 4b 4a c0 3Com intfr i public 00 0a 5e 4b 4a c2 3Com intfr i w 3Comwlan 00 0a 5e 4b 4a c4 3Com intfr ic 3Com ccmp 00 0a 5e 4b 4a c6 3Com intfr i w 3Com tki...

Страница 548: ...adios that detected the SSID Each set of indented lines is for a separate MAP listener In this example two BSSIDs are mapped to the SSID Separate sets of information is shown for each of the BSSIDs an...

Страница 549: ...n and encryption information for the rogue The i a or u flag indicates the classification The other flags indicate the encryption used by the rogue For flag definitions see the key in the command outp...

Страница 550: ...e rogue Port Radio Channel Port number radio number and channel number of the radio that detected the rogue For a Distributed MAP the connection number is labeled dap This stands for distributed ap Ma...

Страница 551: ...age 560 display rfdetect vendor list Displays the entries in the permitted vendor list Syntax display rfdetect vendor list Defaults None Access Enabled History Introduced in MSS Version 4 0 Examples T...

Страница 552: ...ed MAP for which to display neighboring BSSIDs radio 1 Shows neighbor information for radio 1 radio 2 Shows neighbor information for radio 2 This option does not apply to single radio models Defaults...

Страница 553: ...gue device that sent the 802 11 packet detected by the MAP radio Vendor Company that manufactures or sells the rogue device Type Classification of the rogue device rogue Wireless device that is on the...

Страница 554: ...n any WX switch in the Mobility Domain The command takes effect only on that switch Examples The following command disables active scanning on a WX switch WX1200 set rfdetect active scan disable succe...

Страница 555: ...34 display rfdetect attack list on page 537 set radio profile countermeasures on page 355 set rfdetect black list Adds an entry to the client black list The client black list specifies clients that ar...

Страница 556: ...adio When a MAP radio is sending countermeasures the radio is disabled for use by network traffic until the radio finishes sending the countermeasures Syntax set rfdetect countermeasures enable disabl...

Страница 557: ...fdetect countermeasures mac commands After you type the first set rfdetect countermeasures mac command MSS does not issue countermeasures against any devices except the ones you specify using this com...

Страница 558: ...ans If you try to initiate countermeasures against a device on the ignore list the ignore list takes precedence and MSS does not issue the countermeasures Countermeasures apply only to rogue devices I...

Страница 559: ...gging of rogues disable Disables logging of rogues Defaults RF detection logging is enabled by default Access Enabled History Introduced in MSS Version 3 0 Usage This command is valid only on the seed...

Страница 560: ...and To enable signatures on all MAPs in a Mobility Domain enter the command on each WX switch in the Mobility Domain You must use the same MAP signature setting enabled or disabled on all WX switches...

Страница 561: ...allowed SSID However to cause MSS to stop classifying the device as a rogue you must add the device s MAC address to the ignore list Examples The following command adds SSID mycorp to the list of perm...

Страница 562: ...to the permitted vendor list but not to the ignore list MSS can still classify the device as a rogue Adding an entry to the permitted vendor list merely indicates that the device is from an allowed v...

Страница 563: ...e Command Software Version reset system on page 582 display version on page 576 Boot Settings set boot partition on page 587 set boot configuration file on page 586 set boot backup configuration on pa...

Страница 564: ...pages backup configuration files image files and any other files stored in the user files area of nonvolatile storage The maximum supported file size is 32 MB If the file size of the tarball is too la...

Страница 565: ...y to a TFTP server The filename in this example includes a TFTP server IP address so the archive is not stored locally on the switch WX1200 backup system tftp 10 10 20 9 sysa_bak critical success sent...

Страница 566: ...WX4400 clear boot backup configuration success Backup boot config filename was cleared See Also set boot backup configuration on page 585 display boot on page 573 clear boot config Resets to the facto...

Страница 567: ...niform resource locator URL can be one of the following subdirname filename file subdirname filename tftp ip addr subdirname filename tmp filename For the filename specify between 1 and 128 alphanumer...

Страница 568: ...e must be preceded by the boot partition name which can be boot0 or boot1 Enter the filename as boot0 filename or boot1 filename You must specify the boot partition that was not used to load the curre...

Страница 569: ...569 dir on page 570 delete Deletes a file CAUTION MSS does not prompt you to verify whether you want to delete a file When you press Enter after typing a delete command MSS immediately deletes the sp...

Страница 570: ...storage and temporary files Syntax dir subdirname file core boot0 boot1 subdirname Subdirectory name If you specify a subdirectory name the command lists the files in that subdirectory Otherwise the...

Страница 571: ...005 16 37 18 Total 159 Kbytes used 207663 Kbytes free Boot Filename Size Created boot0 mx040100 020 9780 KB Aug 23 2005 15 54 08 boot1 mx040100 020 9796 KB Aug 28 2005 21 09 56 Boot0 Total 9780 Kbytes...

Страница 572: ...005 21 08 30 file sysa_bak 12 KB Mar 15 2005 19 18 44 file testback 28 KB Apr 19 2005 16 37 18 Total 159 Kbytes used 207663 Kbytes free The following command limits the output to the contents of the t...

Страница 573: ...on file configuration Backup boot configuration file backup cfg Booted version 4 1 0 65 Booted image boot1 mx040100 020 Table 104 Output for dir Field Description Filename Filename or subdirectory nam...

Страница 574: ...h will run next time the software is rebooted Configured boot image Boot partition and image filename MSS will use to boot next time the software is rebooted Configured boot configuration Configuratio...

Страница 575: ...efault values Defaults None Access Enabled History Introduced in MSS Version 3 0 New options added for remote traffic monitoring snoop and rfdevice changed to rfdetect in MSS Version 4 0 Usage If you...

Страница 576: ...attached MAP access points Syntax display version details details Includes additional software build information and information about the MAP access points configured on the WX switch Defaults None...

Страница 577: ...ix d O1 Model WX Hardware Mainboard version 24 revision 3 FPGA version 24 CPU Model 750 Revision 3 1 PoE board version 1 FPGA version 6 Serial number 0321300013 Flash 4 1 0 14 md0a Kernel 3 0 0 20 Fri...

Страница 578: ...n a subdirectory specify the subdirectory name followed by a forward slash in front of the filename For example backup_configs config_c Defaults The default file location is nonvolatile storage The cu...

Страница 579: ...sion 3 0 Usage This command completely replaces the running configuration with the configuration in the file Examples The following command reloads the configuration from the most recently loaded conf...

Страница 580: ...ame If you specify only the filename the CLI displays a message stating that the file does not exist Examples The following command calculates the checksum for image file WX040003 020 in boot partitio...

Страница 581: ...2 bytes May 21 2004 19 15 48 file dangcfg 13 KB May 16 2004 18 30 44 dangdir 512 bytes May 16 2004 17 23 44 old 512 bytes Sep 23 2003 21 58 48 Total 33 Kbytes used 207822 Kbytes free Boot Filename Siz...

Страница 582: ...S does not restart the WX switch but instead displays a message advising you to either save the configuration changes or use the force option Examples The following command restarts an WX switch that...

Страница 583: ...he switch the restore operation fails 3Com recommends deleting unneeded image files before creating or restoring an archive The backup command stores the MAC address of the switch in the archive By de...

Страница 584: ...pting to remove it Examples The following example removes subdirectory corp2 WX4400 rmdir corp2 success change accepted See Also dir on page 570 mkdir on page 580 save config Saves the running configu...

Страница 585: ...filename used during the most recent reboot is configuration WX4400 save config Configuration saved to configuration The following command saves the running configuration to a file named testconfig1...

Страница 586: ...fter rebooting Syntax set boot configuration file filename filename Filename Specify between 1 and 128 alphanumeric characters with no spaces To load the file from a subdirectory specify the subdirect...

Страница 587: ...same boot partition for the next software reload that was used to boot the currently running image Access Enabled History Introduced in MSS Version 3 0 Usage To determine the boot partition that was u...

Страница 588: ...588 CHAPTER 20 FILE MANAGEMENT COMMANDS...

Страница 589: ...e 3Com recommends that you use the lowest levels possible for initial trace commands and slowly increase the levels to get the data you need Commands by Usage This chapter presents trace commands alph...

Страница 590: ...ng trace commands and ends trace processes Syntax clear trace trace area all trace area Ends a particular trace process Specify one of the following keywords to end the traces documented in this chapt...

Страница 591: ...ured on the WX switch or all possible trace options Syntax display trace all all Displays all possible trace options and their configuration Defaults None Access Enabled History Introduced in MSS Vers...

Страница 592: ...cation information Syntax set trace authentication mac addr mac address port port num user username level level mac addr mac address Traces a MAC address Specify a MAC address using colons to separate...

Страница 593: ...22 aa bb cc port port num Traces on a WX a port number user username Traces a user Specify a username of up to 80 alphanumeric characters with no spaces level level Determines the quantity of informat...

Страница 594: ...alphanumeric characters with no spaces level level Determines the quantity of information included in the output You can set the level with an integer from 1 to 10 where level 10 provides the most inf...

Страница 595: ...aces level level Determines the quantity of information included in the output You can set the level with an integer from 1 to 10 where level 10 provides the most information Levels 1 through 5 provid...

Страница 596: ...596 CHAPTER 21 TRACE COMMANDS...

Страница 597: ...n the Troubleshooting a WX Switch chapter of the Wireless LAN Switch and Controller Configuration Guide Commands by Usage This chapter presents snoop commands alphabetically Use the following table to...

Страница 598: ...splay snoop info on page 604 clear snoop map Removes a snoop filter from a MAP radio Syntax clear snoop map filter name dap dap num radio 1 2 filter name Name of the snoop filter dap dap num Number of...

Страница 599: ...ddr snap length num filter name Name for the filter The name can be up to 32 alphanumeric characters with no spaces condition list Match criteria for packets Conditions in the list are ANDed Therefore...

Страница 600: ...If you do not specify an observer the MAP radio still counts the packets that match the filter snap length num Specifies the maximum number of bytes to capture If you do not specify a length the entir...

Страница 601: ...med snoop1 that matches on all traffic and copies the traffic to the device that has IP address 10 10 30 2 WX1200 set snoop snoop1 observer 10 10 30 2 snap length 100 The following command configures...

Страница 602: ...r to more than one radio You can map up to eight filters to the same radio If more than one filter has the same observer the MAP sends only one copy of a packet that matches a filter to the observer A...

Страница 603: ...t or until the MAP is restarted disable Disables the snoop filter Defaults Snoop filters are disabled by default Access Enabled History Introduced in MSS Version 4 0 Usage The filter mode is not retai...

Страница 604: ...mmand Examples The following command shows the MAP radio mappings for all snoop filters configured on a WX switch WX1200 display snoop Dap 3 Radio 2 snoop1 snoop2 Dap 2 Radio 2 snoop2 See Also clear s...

Страница 605: ...page 599 display snoop map Shows the MAP radios that are mapped to a specific snoop filter Syntax display snoop map filter name filter name Name of the snoop filter Defaults None Access Enabled Histor...

Страница 606: ...io 1 of the MAP radio 2 Radio 2 of the MAP This option does not apply to single radio models Defaults None Access Enabled History Introduced in MSS Version 4 0 Usage The MAP retains statistics for a s...

Страница 607: ...ckets received by the radio that match the filter Tx Match Number of packets sent by the radio that match the filter Dropped Number of packets that matched the filter but that were not copied to the o...

Страница 608: ...608 CHAPTER 22 SNOOP COMMANDS...

Страница 609: ...es the configuration for a syslog server and stops sending log messages to that server Syntax clear log buffer server ip addr buffer Deletes the log messages stored in nonvolatile storage server ip ad...

Страница 610: ...the trace buffer Syntax display log buffer number of messages facility facility name matching string severity severity level buffer Displays the log messages in nonvolatile storage number of messages...

Страница 611: ...ed in MSS Version 3 0 Usage The debug level produces a lot of messages many of which can appear to be somewhat cryptic Debug messages are used primarily by 3Com for troubleshooting and are not intende...

Страница 612: ...command WX4400 display log config Logging console disabled Logging console severity DEBUG Logging sessions disabled Logging sessions severity INFO Logging buffer enabled Logging buffer severity DEBUG...

Страница 613: ...ecent facility facility name Area of MSS that is sending the log message Type a space and a question mark after display log trace facility for a list of valid facilities matching string Displays messa...

Страница 614: ...WX and MAP events to the WX log buffer or other logging destination and sets the level of the events logged For logging to a syslog server only you can also set the facility logged Syntax set log buf...

Страница 615: ...rred These are logged for diagnostic purposes No action is required info Informational messages only No problem exists debug Output from debugging local facility facility level For messages sent to a...

Страница 616: ...Entering set log buffer disable with no other keywords turns off all logging to the buffer Examples To log only emergency alert and critical system events to the console type the following command WX...

Страница 617: ...47483647 seconds Defaults Mark messages are disabled by default When they are enabled MSS generates a message at the notice level once every 300 seconds by default Access Enabled History Introduced in...

Страница 618: ...618 CHAPTER 23 SYSTEM LOG COMMANDS...

Страница 619: ...you use these commands only when working with 3Com Technical Support to diagnose a system issue In particular commands that change boot parameters can interfere with a WX switch s ability to boot succ...

Страница 620: ...e autoboot option off Same effect as OFF Defaults The autoboot option is enabled by default Access Boot prompt History Introduced in MSS Version 3 0 Examples The following command displays the current...

Страница 621: ...ter applies only when the boot type is n network FL num Number representing the bit settings of boot flags to pass to the booted system image Use this parameter only if advised to do so by 3Com OPT op...

Страница 622: ...ht c 1996 1997 1998 1999 2000 2001 2002 2003 2004 The NetBSD Foundation Inc All rights reserved Copyright c 1982 1986 1989 1991 1993 The Regents of the University of California All rights reserved Det...

Страница 623: ...er you type the change command the system interactively displays the current setting of each parameter and prompts you for the new setting When prompted type the new setting press Enter to accept the...

Страница 624: ...E default bootfile HOST IP 0 0 0 0 172 16 0 1 LOCAL IP 0 0 0 0 172 16 0 21 GATEWAY IP 0 0 0 0 172 16 0 20 IP MASK 0 0 0 0 255 255 255 0 FLAGS 0x00000000 OPTIONS run nos boot 0 See Also boot on page 62...

Страница 625: ...ly active boot profile use the next command To change boot parameter settings use the change command Examples The following command creates a new boot profile in slot 1 on a WX switch that currently h...

Страница 626: ...delete BOOT Index 1 BOOT TYPE c DEVICE boot1 FILENAME default FLAGS 00000000 OPTIONS run nos boot 0 See Also change on page 623 create on page 624 display on page 628 next on page 633 dhcp Displays or...

Страница 627: ...Introduced in MSS Version 3 0 Usage Access to the diagnostic mode requires a password which is not user configurable Use this mode only if advised to do so by 3Com dir Displays the boot code and syst...

Страница 628: ...8863722 bytes Internal Compact Flash Directory Secondary WXA30001 Rel 8862885 bytes See Also fver on page 630 version on page 636 display Displays the currently active boot profile A boot profile is...

Страница 629: ...duced in MSS Version 3 0 Examples To display the currently active boot profile type the following command at the boot prompt boot display BOOT Index 0 BOOT TYPE c DEVICE boot1 FILENAME default FLAGS 0...

Страница 630: ...the flash card slot boot0 Boot partition 0 boot1 Boot partition 1 filename System image filename DEVICE Location of the system image file c Nonvolatile storage area containing boot partition 0 d Nonv...

Страница 631: ...led in boot partition 1 boot fver boot1 File boot1 default version is 3 0 1 See Also dir on page 627 version on page 636 help Displays a list of all the boot prompt commands or detailed information fo...

Страница 632: ...file f file boot0 file boot1 file boot2 file boot3 file Command to display the version of the compressed image file associated with the given device filename See Also ls on page 632 ls Displays a list...

Страница 633: ...ofile dir Display the contents of the specified boot partition fver Display the version of the loadable image specified by device filename version Display HW and Bootstrap Bootloader version informati...

Страница 634: ...display on page 628 reset Resets a WX switch s hardware Syntax reset Defaults None Access Boot prompt History Introduced in MSS Version 3 0 Usage After resetting the hardware the reset command attempt...

Страница 635: ...0 BOOT TYPE c DEVICE boot0 FILENAME default FLAGS 00000000 OPTIONS run nos root md0a See Also boot on page 621 test Displays or changes the state of the poweron test flag The poweron test flag control...

Страница 636: ...does not list the system image file versions installed in the boot partitions To display system image file versions use the dir or fver command Examples To display hardware and boot code version info...

Страница 637: ...Request If you have trouble registering your product please contact 3Com Global Services for assistance Purchase Value Added Services To enhance response times or extend warranty benefits contact 3Co...

Страница 638: ...uct Support heading at http www 3com com Software Upgrades are the software releases that follow the software version included with your original product In order to access upgrades and related docume...

Страница 639: ...f publication Find a current directory of contact information posted on the 3Com web site at http csoweb4 3com com contactus Country Telephone Number Country Telephone Number Asia Pacific Rim Telephon...

Страница 640: ...1 800 998 2112 1 800 998 2112 1 800 998 2112 52 5 201 0010 1 800 998 2112 1 800 998 2112 0800 13 3COM 1 800 998 2112 AT T 800 998 2112 AT T 800 998 2112 AT T 800 998 2112 1 800 998 2112 AT T 800 998...

Страница 641: ...user 211 clear mac user attr 212 clear mac user group 212 clear mac usergroup 213 clear mac usergroup attr 214 clear mobility domain 266 clear mobility domain member 266 clear mobility profile 215 cle...

Страница 642: ...display aaa 219 display accounting statistics 222 display arp 137 display auto tune attributes 309 display auto tune neighbors 311 display banner motd 41 display base information 41 display boot 573...

Страница 643: ...snoop map 605 display snoop stats 606 display spantree 398 display spantree backbonefast 400 display spantree blockedports 401 display spantree portfast 402 display spantree portvlancost 403 display s...

Страница 644: ...set ip https server 167 set ip route 167 set ip snmp server 169 set ip ssh 170 set ip ssh server 171 set ip telnet 171 set ip telnet server 172 set length 53 set license 53 set location policy 244 set...

Страница 645: ...et service profile rsn ie 383 set service profile shared key auth 384 set service profile ssid name 384 set service profile ssid type 385 set service profile tkip mc time 386 set service profile web a...

Страница 646: ...646 INDEX set usergroup 261 set usergroup attr 261 set vlan name 116 set vlan port 117 set vlan tunnel affinity 118 set web portal 262 T telnet 195 test 635 traceroute 197 V version 636...

Результаты поиска

Содержание OfficeConnect WX1200

Отзывы:

Бренды по названию

Популярные бренды

3Com OfficeConnect WX1200, Справочник по командам

Результаты поиска

Содержание OfficeConnect WX1200

Отзывы:

Бренды по названию

Популярные бренды