3Com WX1200 manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of 3Com WX1200, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of 3Com WX1200 one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of 3Com WX1200. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of 3Com WX1200 should contain:
- informations concerning technical data of 3Com WX1200
- name of the manufacturer and a year of construction of the 3Com WX1200 item
- rules of operation, control and maintenance of the 3Com WX1200 item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of 3Com WX1200 alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of 3Com WX1200, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the 3Com service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of 3Com WX1200.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the 3Com WX1200 item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    http://www.3com.com/ Part No. 10015086 Published April 200 6 Wir eless LAN Mobility System W ir eless LAN Switch and Contr oller Command Refer ence WX4400 3CRWX440095A WX1200 3CRWX120695A WXR100 3CRWXR10095A[...]

  • Page 2

    3Com Corporati on 350 Campus Drive Marlborough, MA USA 01752-3064 Copyright © 2 006, 3Com Corporation. All rights r eserved . No part of this documen tation may be repr oduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without writt en permission fr om 3Com Corporatio n. 3Co[...]

  • Page 3

    C ONTENTS A BOUT T HIS G UIDE Conventions 19 Documentation 20 Documentation Comments 21 1 U SING THE C OMMAND -L INE I NTERFACE Overview 23 CLI Conventions 24 Command Prompt s 24 Syntax Notation 24 T ext Entry Conventions and Allowed Characters 25 MAC Addres s Notation 25 IP Addres s and Mask Notation 26 User Globs, MAC Address Globs, and VLAN Glob[...]

  • Page 4

    3 S YSTEM S ERVICE C OMMANDS Commands by Usage 37 clear banner motd 38 clear history 39 clear promp t 39 clear system 40 display banner mo td 41 display base-information 41 display license 42 display load 43 display system 43 help 46 history 47 quickstart 48 set auto-config 48 set banner motd 51 set confirm 52 set length 53 set license 53 set promp[...]

  • Page 5

    display port-gr oup 70 display port poe 71 display port pr eference 72 display port status 73 display port media-type 75 monitor port counters 76 reset port 81 set dap 81 set port 83 set port-group 84 set port media-typ e 85 set port name 86 set port negotiation 8 6 set port poe 87 set port preference 88 set port speed 89 set port trap 90 set port [...]

  • Page 6

    set vlan name 116 set vlan port 117 set vlan tunnel -affinity 118 6 Q UALITY OF S ERVICE C OMMANDS Commands by Usage 119 clear qos 120 set qos cos-to-dscp-m ap 121 set qos dscp-to-cos-map 122 display qos 123 display qos dscp-table 124 7 IP S ERVICES C OMMANDS Commands by Usage 125 clear interface 12 7 clear ip alias 128 clear ip dns domain 129 clea[...]

  • Page 7

    display ip telnet 148 display ntp 149 display snmp community 151 display snmp counters 152 display snmp notify pr ofile 152 display snmp notify target 152 display snmp stat us 153 display snmp usm 154 display summertime 154 display timedate 155 display timezone 155 ping 156 set arp 158 set arp agingt ime 159 set interface 160 set interface dhcp- cl[...]

  • Page 8

    SNMPv2c with T raps 184 SNMPv1 with T raps 184 set snmp protocol 186 set snmp security 187 set snmp usm 188 set summertime 191 set system ip-addr ess 192 set timedate 193 set timezone 194 telnet 195 traceroute 197 8 AAA C OMMANDS Commands by Usage 201 clear accounting 203 clear authentication admin 204 clear authentication console 205 clear authent[...]

  • Page 9

    display mobility-profile 224 set accounting {admin | console} 225 set accounting {d ot1x | mac | web | last-resort} 227 set authentication admin 229 set authentication cons ole 231 set authentication dot 1x 233 set authentication last-resort 236 set authentication mac 239 set authentication proxy 241 set authentication web 2 42 set location policy [...]

  • Page 10

    clear network-domain seed-ip 277 display network-do main 278 set network-do main mo de member seed-ip 280 set network-do main peer 2 81 set network-do main mode seed domain-name 28 2 11 M ANAGED A CCESS P OINT C OMMANDS MAP Access Point Commands by Usage 283 clear {ap | dap} radio 286 clear radio-profile 288 clear service-pr ofile 289 display {ap |[...]

  • Page 11

    set {ap | dap} radio auto-tune min-clien t-rate 340 set {ap | da p} radio mode 341 set {ap | da p} radio radio- profile 343 set {ap | da p} radio tx-power 344 set dap security 34 5 set {ap | da p} upgrade-firmwar e 346 set radio-pr ofile 11g-only 347 set radio-pr ofile active-scan 348 set radio-pr ofile aut o-tune channel-config 349 set radio-pr of[...]

  • Page 12

    set service-pr ofile rsn-ie 383 set service-profile shar ed-key-auth 384 set service-profile ssid-name 384 set service-profile ssid-type 385 set service-profile tkip-mc-time 386 set service-pr ofile web-portal-form 387 set service-profile wep active-multicast-index 38 8 set service-profile wep active-unicast-index 389 set service-profile wep key-in[...]

  • Page 13

    13 IGMP S NOOPING C OMMANDS Commands by usage 421 clear igmp statistics 422 display igmp 422 display igmp mrouter 426 display igmp querier 427 display igmp receiver -table 429 display igmp statistics 431 set igmp 433 set igmp lmqi 434 set igmp mr outer 435 set igmp mrsol 436 set igmp mrsol mrsi 436 set igmp oqi 437 set igmp pr oxy-r eport 438 set i[...]

  • Page 14

    15 C RYPTOGRAPHY C OMMANDS Commands by Usage 469 crypto ca-certificate 470 crypto certificate 471 crypto generate key 473 crypto generate request 474 crypto generate self-signed 476 crypto otp 478 crypto pkcs12 479 display crypto ca-certificate 481 display crypto certificate 482 display crypto key ssh 483 16 RADIUS AND S ERVER G RO UP C OMMANDS Com[...]

  • Page 15

    clear dot1x reauth-period 503 clear dot1x timeout auth -server 504 clear dot1x timeout supplicant 504 clear dot1x tx-period 505 display dot1x 505 set dot1x au thcontr ol 508 set dot1x bonded- period 509 set dot1x key-tx 510 set dot1x max-req 51 1 set dot1x port- contr ol 512 set dot1x quiet-perio d 513 set dot1x reauth 513 set dot1x reauth-max 514 [...]

  • Page 16

    display rfdetect countermeasures 541 display rfdetect counters 542 display rfdetect data 544 display rfdetect ignor e 546 display rfdetect mobility-domain 546 display rfdetect ssid-list 550 display rfdetect vendor -list 551 display rfdetect visible 552 set rfdetect active-scan 554 set rfdetect attack-list 554 set rfdetect black-list 55 5 set rf det[...]

  • Page 17

    set boot backu p-configuration 585 set boot conf iguration-file 586 set boot partitio n 587 21 T RACE C OMMANDS Commands by Usage 589 clear log trace 590 clear trace 590 display trace 591 save trace 592 set trace authentication 592 set trace authorization 593 set trace dot1x 594 set trace sm 595 22 S NOOP C OMMANDS Commands by Usage 597 clear snoop[...]

  • Page 18

    24 B OOT P ROM PT C OMMANDS Boot Pr ompt Commands by Usage 619 autoboot 620 boot 621 change 623 create 624 delete 625 dhcp 626 diag 627 dir 627 display 628 fver 630 help 631 ls 632 next 633 re set 6 34 test 635 version 636 A O BTAINING S UPPORT FOR YOUR P RODUCT Register Y our Pr oduct 637 Purchase V alue-Added Services 637 T roubleshoot Online 638[...]

  • Page 19

    Conventions 19 A BOUT T HIS G UIDE This command refer ence explains Mobility System Softwar e (MSS™) command line interface (CLI) that you enter on a 3Com WXR100 or WX1200 W ir eless Switch or WX4400 W ir eless LAN Controller to configure and manage the Mobility System™ wir eless LAN (WLAN). Read this refer ence if you ar e a network administra[...]

  • Page 20

    20 A BOUT T HIS G UIDE This manual uses the follo wi ng text and syntax conventions: Documentation The MSS documentation set includ es the following documents.  Wireless LAN Switch Manage r (3WXM) Release Notes These notes provide information about the system software release, including new features and bug fixes.  Wireless LAN Switch and Con[...]

  • Page 21

    Documentation Comments 21  Wireless LAN Switch Ma nager Refere nce Manual This manual shows you how to plan , configure, deploy , and manage a Mobility System wireless LAN (WL AN) using the 3Com Wireless LAN Switch Manage r (3WXM).  Wireless LAN Switch Manager User’ s Guide This manual shows you how to plan, con figure, deploy , and manage [...]

  • Page 22

    22 A BOUT T HIS G UIDE Please note that we can only r esp ond to comments and questions about 3Com product documentation at this e-mail address. Qu estions related to T echnical Support or sales should be di rected in the first insta nce to your network supplier .[...]

  • Page 23

    1 U SING THE C OMMAND -L INE I NTERFACE This chapter discusse s the 3Com W ireless Switch Manager (3WXM) command-line interface (CLI). Described ar e:  CLI conventions (see “CLI Conventions” on page 24)  Editing on the command line (see “Command-Line Editing” on page 29)  Using the CLI help feature (see “Using CLI Help” o n pag[...]

  • Page 24

    24 C HAPTER 1: U SING THE C OMMAND -L INE I NTERFACE CLI Conventions Be awar e of the following MSS CL I conventions for command entry:  “Command Prompts” on page 24  “Syntax Notation” on page 24  “T ext Entry Conventions and A llowed Characters” on page 25  “User Globs, MAC Address Gl obs, and VLAN Globs” on page 26 [...]

  • Page 25

    CLI Conventions 25  A vertical bar ( | ) separates mutually exclusive options within a list of possibilities. For example , you enter either enable or disable , not both, in the following command: set port { enable | disable } port-list T ext Entry Conventions and Allowed Characters Unless otherwise indicated, the MSS CLI accepts standard ASCII [...]

  • Page 26

    26 C HAPTER 1: U SING THE C OMMAND -L INE I NTERFACE IP Addr ess and Mask Notation MSS displays IP addresses in dotte d d ecimal notation — for example, 192.168.1.111. MSS makes use of both s ubnet masks and wildcard masks. Subnet Masks Unless otherwise noted, use classless interdomain routing (CIDR) format to express subnet masks — for exampl [...]

  • Page 27

    CLI Conventions 27 T able 3 gives exa mples of use r globs. MAC Address Globs A media access control (MAC) address glob is a similar method for matching some authentication, aut horization, and accounting (AAA) and forwarding database (FDB) commands to one or more 6-byte MAC addresses. In a MAC addr ess glob, you can use a single asterisk (*) as a [...]

  • Page 28

    28 C HAPTER 1: U SING THE C OMMAND -L INE I NTERFACE VLAN Globs A VLAN glob is a method for matching one of a set of local rules on an wireless LAN switch, known as th e location policy , to one or more users. MSS compares the VLAN glob, which can optionally contain wildcard characters, against the VLAN-Name att ribute r eturned by AAA, to determin[...]

  • Page 29

    Command-Line Editing 29  A hyphen-separated ran ge of port numbers, with no spaces. For example: WX1200# reset port 1-3  Any combination of single numbers, lists, and ranges. Hyphens take prec edence over commas. For example: WX1200# display port status 1-3,6 Virtual LAN Identification The names of virtual L ANs (VLANs), which are used in Mob[...]

  • Page 30

    30 C HAPTER 1: U SING THE C OMMAND -L INE I NTERFACE History Buffer Th e history buffer stores the last 63 commands you entered during a terminal session . Y ou can use the Up Arr ow and Down Arr ow keys to select a command that yo u want to repeat fr om the history buffer . Ta b s The MS S CLI uses the T ab key for command completion. Y ou can typ[...]

  • Page 31

    Using CLI Help 31 Using CLI Help The CLI provides online help. T o see the full rang e of commands available at your access level, type the help command. For example: WX1200# help Commands: ------------------------------------ ------------------------------------- clear Clear, use 'clear help' for more inform ation commit Commit the conte[...]

  • Page 32

    32 C HAPTER 1: U SING THE C OMMAND -L INE I NTERFACE T o see all the variations, type one of the co mmands followed by a question mark (?). For exampl e: WX1200# display ip ? alias display ip aliases dns display DNS status https display ip https route display ip route table telnet display ip telnet T o determine the port on which T elnet is running[...]

  • Page 33

    2 A CCESS C OMMANDS This chapter describes access comma nds used to control access to the Mobility Software System (MSS) command-line interface (CLI). Commands by Usage This chapter presents access services comma nds alphabetically . Use T able 5 to located commands in this chapter based on their use. disable Changes the CLI session fr om enab led [...]

  • Page 34

    34 C HAPTER 2: A CCESS C OMMAND S enable Places the CLI session in enabled mo de, which pr ovides access to all commands requir ed for configur ing and monitoring the system. Syntax — enable Access — All. History — Introduced in MSS V ersion 3.0. Usage — MSS displays a password pr om pt to challenge you with the enable password. T o enable [...]

  • Page 35

    set enablepass 35 set enablepass Sets the password that provides enabled access (for configuratio n and monitoring) to the WX switch. Syntax — set enablepass Defaults — None. Access — Enabled. History — Introduced in MSS V er sion 3.0. Usage — After typing the set enablepa ss comman d, pr ess Enter . If you are entering the first enable p[...]

  • Page 36

    36 C HAPTER 2: A CCESS C OMMAND S[...]

  • Page 37

    3 S YSTEM S ERVICE C OMMANDS Use system services commands to configur e and monito r system information for a WX switch. Commands by Usage This chapter pr esents system service comman ds alphabetically . Use T able 6 to locate commands in this chapt er based on their use. Ta b l e 6 System Services Commands by Usage Type Command Configur ation quic[...]

  • Page 38

    38 C HAPTER 3: S YSTEM S ERVICE C OMMANDS clear banner motd Deletes the message-of-the-day (MOTD) banner t hat is displayed before the login prompt for each CLI se ssion on the wir eless LAN switch. Syntax — clear banner motd Defaults — None. Access — Enabled. History — Introduced in MSS V ersion 3.0. Examples — T o clear a banner , type [...]

  • Page 39

    clear history 39 clear history Deletes the command history buffer for the current CLI session. Syntax — clear history Defaults — None. Access — All. History — Introduced in MSS V er sion 3.0. Examples — T o clear the history buffer , type the following command: WX4400# clear history success: command buffer was flushed. See Also  histor[...]

  • Page 40

    40 C HAPTER 3: S YSTEM S ERVICE C OMMANDS clear system Clears the system config uration of the specified information. CAUTION: If you change the IP address, any currently configured Mobility Domain operations cease. Y ou must reset the Mobility Domain. Syntax — clear system [ contact | countrycode | idle-timeout | ip-address | location | name ] ?[...]

  • Page 41

    display banner motd 41 display banner motd Shows the banner that was configured with the set banner motd command. Syntax — display banner motd Defaults — None. Access — Enabled. History — Introduced in MSS V er sion 3.0. Examples — T o show the banner with the message of the day , type the following command: WX4400# display banner motd he[...]

  • Page 42

    42 C HAPTER 3: S YSTEM S ERVICE C OMMANDS See Also  display boot on page 573  display config on page 574  display license on page 42  display system on page 43  display version on pag e 576 display license Displays information about the license curr ently installed on the WX switch. Syntax — display license Defaults — None. Acces[...]

  • Page 43

    display load 43 display load Displays CPU usa ge on a WX switch. Syntax — display load Defaults — None. Access — Enabled. History — Introduced in MSS V er sion 4.1. Examples — T o display the CPU load recorded from the time the WX switch was booted, as well as fr om the previous time the display load command was run, type the following co[...]

  • Page 44

    44 C HAPTER 3: S YSTEM S ERVICE C OMMANDS Examples — T o show system information, type the following command: WX4400# display system ==================================== ========================================= == Product Name: WX4400 System Name: WX-bldg3 System Countrycode: US System Location: first-floor-bld g3 System Contact: tamara@example.[...]

  • Page 45

    display system 45 System idle timeout Number of seconds MSS allows a CLI management session (console, Telnet, or SSH) to re main idle before terminating the session. (The system idle timeout can be configured using the set system idle-timeou t command.) System MAC WX switch’s media access co ntrol (MAC) machine address set at the factory, in 6-by[...]

  • Page 46

    46 C HAPTER 3: S YSTEM S ERVICE C OMMANDS See Also  clear system on page 40  set system contact on page 55  set system countrycode on page 56  set system idle-t imeout on page 58  set system location on page 59  set system name on page 60 help Displays a list of commands that ca n be used to configure and monitor the WX switch. Sy[...]

  • Page 47

    history 47 crypto Crypto, use 'crypto help' for more inf ormation delete Delete url dir Show list of files on flash device disable Disable privileged mode display Display, use 'display help' for more i nformation exit Exit from the Admin session help Show this help screen history Show contents of history substitution buffer hit-[...]

  • Page 48

    48 C HAPTER 3: S YSTEM S ERVICE C OMMANDS See Also  clear history on page 39 quickstart Runs a script that interactively helps you configure a new switch. (For more information, see the “CLI quickstart Command” section of the “WX Setup Methods” chapter in the W ireless LAN Switch and Controller Configuration Guide .) CAUTION: The quickst[...]

  • Page 49

    set auto-config 49 When the 3WXM server in the corporate ne twork receives the configuration request, the server looks in the curr ently open network plan for a switch configuration with the same model and serial number as the one in the configuration request.  If the network plan contains a configuration with a matching mo del and serial number[...]

  • Page 50

    50 C HAPTER 3: S YSTEM S ERVICE C OMMANDS Examples — The following commands stage a WX switch to use the auto-config option. The net work where the switch is installed has a DHCP server , so the switch is configured to use the MSS DHCP client to obtain an IP address, defaul t gateway address, DNS domain name, and DNS server IP addresses: 1 Config[...]

  • Page 51

    set banner motd 51 See Also  crypto generate key on page 473  crypto generate self-signed on page 476  save config on page 584  set interface dhcp-client on page 161  set vlan port on page 117 set banner motd Configures the banner string that is displayed before the beginning of each login prompt for each CLI session on the WX switch[...]

  • Page 52

    52 C HAPTER 3: S YSTEM S ERVICE C OMMANDS Examples — T o create a banner that says Update meeting at 3 p.m., type the following command: WX4400# set banner motd ^Update meet ing at 3 p.m.^ success: change accepted. See Also  clear banner motd on page 38  display banner motd on page 41 set confirm Ena bles or disables the di splay of confirm[...]

  • Page 53

    set length 53 set length Defines the number of lines of CLI output to display between paging pr ompts. MSS di splays the set n umber of lines and waits for you to press any key to display another set, or type q to quit the display . Syntax — set length number-of-lines  number-of-lines — Number of lines of text to display between paging promp[...]

  • Page 54

    54 C HAPTER 3: S YSTEM S ERVICE C OMMANDS Usage — The license key is shipped with the switch. T o obtain the activation key , access the 3Com web si te. Each license a nd activation key pair allows the switch to actively manage an additional 24 MAPs. Y ou can install up to three upgrade license a nd activation key pa irs, to actively manage up to[...]

  • Page 55

    set system contact 55 Usage — When you first log in for the initial configuration of the WX switch, the CLI provides a WX1200> or WX4400> pr ompt, depending on your model. After you be come enabled by typing enable and giving a suitable password, the WX1200# or WX4400# prompt is displayed. If you use the se t system name command to change t[...]

  • Page 56

    56 C HAPTER 3: S YSTEM S ERVICE C OMMANDS See Also  clear system on page 40  display system on page 43  set system location on page 59  set system name on page 60 set system countrycode Defines the country-specific IEEE 802.11 regulations to enfor ce on the WX switch. Syntax — set system countrycode code  code — T wo-letter code [...]

  • Page 57

    set system countrycode 57 Defaults — The factory default country code is None. Access — Enabled. History — Introduced in MSS V er sion 3.0. Usage — Y ou must set the system count y code to a valid value before using any set ap commands to configure a MAP . Japan JP Liechtenstein LI Luxembourg LU Malaysia MY Mexico MX Netherlands NL New Zeal[...]

  • Page 58

    58 C HAPTER 3: S YSTEM S ERVICE C OMMANDS Examples — T o set the country code to Canada, type the following command: WX1200# set system country code CA success: change accepted. See Also  display config on page 574 set system idle-timeout Specifies the maximum number of seconds a CLI management session with the switch can remain idle befor e M[...]

  • Page 59

    set system ip-address 59 set system ip-address Sets the system IP address so that it can be u sed by various services in the WX switch. CAUTION: Any currently configured Mobilit y Domain operations cease if you change the IP address. If you ch ange the addre ss, you must reset the Mobility Domain. Syntax — set system ip-address ip-addr  ip-add[...]

  • Page 60

    60 C HAPTER 3: S YSTEM S ERVICE C OMMANDS T o view the system location string, type the disp lay system command. Examples — T o store the location of the WX switch in the WX’ s configuration, type the following command: WX4400# set system location first-floor-bldg3 success: change accepted. See Also  clear system on page 40  display syste[...]

  • Page 61

    set system name 61 See Also  clear system on page 40  display system on page 43  set prompt on page 54  set system contact on page 55  set system location on page 59[...]

  • Page 62

    62 C HAPTER 3: S YSTEM S ERVICE C OMMANDS[...]

  • Page 63

    4 P ORT C OMMANDS Use port commands to configure a nd manage individual ports and load-sharing port groups. Commands by Usage This chapter presents port command s alphabetically . Use T able 9 to locate commands in this chapter based on their use. Ta b l e 9 Port Commands by Usage Type Command Port T ype set port typ e ap on page 91 set dap on page[...]

  • Page 64

    64 C HAPTER 4: P ORT C OMMANDS clear dap Removes a Distributed MAP . CAUTION: When you clear a Distributed MAP , MSS ends user sessions that are using the MAP . Syntax — clear dap dap-num  dap-num — Number of the Distributed MAP(s) you want to remove. Defaults — None. Access — Enabled. History — Introduced in MSS V ersion 3.0. Examples[...]

  • Page 65

    clear port counters 65 clear port counters Clears port statistics counters and resets them to 0. Syntax — clear port counters Defaults — None. Access — Enabled. History — Introduced in MSS V er sion 3.0. Examples — The following co mmand clears all port statistics counters and resets them to 0: WX4400# clear port counters success: cleared[...]

  • Page 66

    66 C HAPTER 4: P ORT C OMMANDS clear port media-type Disables the copper interface and r e enables the fiber interface on an WX4400 gigabit Ether net port. Syntax — clear port media-type port-list  port-list — List of physical ports. MSS disables the copper interface and reenables the fiber interface on all the specified ports. Defaults — [...]

  • Page 67

    clear port preference 67 Examples — The following co mmand clears the names of ports 1 through 3: WX4400# clear port 1-3 name See Also  display port status on page 73  set port name on page 86 clear port prefer e nce Resets a gigabit Ethernet port on a WX4400 to use the GBIC (fiber) interface for the active link. Syntax — clear port prefe[...]

  • Page 68

    68 C HAPTER 4: P ORT C OMMANDS clear port type Removes all configuration settings fr om a port and resets the port as a network port. CAUTION: When you clear a port, MSS ends user sessions that are using the port. Syntax — clear port type port-list  port-list — List of physical ports. MSS r esets and removes the configuration from a ll the s[...]

  • Page 69

    display port counters 69 Examples — The following co mmand clears port 5: WX1200# clear port type 5 This may disrupt currently authentic ated users. Are you sure? (y/n) [n] y success: change accepted. See Also  set port type ap on p age 91  set port type wired-auth on page 94 display port counters Displays port statistics. Syntax — displa[...]

  • Page 70

    70 C HAPTER 4: P ORT C OMMANDS Examples — The following co mmand shows octet statistics for port 3: WX1200> display port counters octets port 3 Port Status Rx Octets Tx Octets ==================================== ========================================= 3 Up 27965420 34886544 This command’ s output has the same fields as the monitor port co[...]

  • Page 71

    display po rt poe 71 See Also  clear port-group on page 65  set port-group on page 84 display port poe Displays status information for ports on which Power over Ethernet (PoE) is enabled. Syntax — display port poe [ port-list ]  port-list — List of physical ports. If you do not specify a port list, PoE information is displayed for all [...]

  • Page 72

    72 C HAPTER 4: P ORT C OMMANDS See Also  set port poe on page 87 display port prefer e nce Displays the interface prefer ences set on WX4400 gigabit Ethernet port s. Syntax — display port preference [ port-list ]  port-list — List of physical ports. MSS displays the prefer ence for all the specified ports. Defaults — None. Access — Al[...]

  • Page 73

    display port st atus 73 Port Preference ==================================== ======================= 1 GBIC 2 RJ45 3 GBIC 4 GBIC T able 13 describes th e fields in this display . See Also  clear port prefer ence on page 67  set port prefer ence on page 88 display port status Displays configuration and status information for ports. Syntax — [...]

  • Page 74

    74 C HAPTER 4: P ORT C OMMANDS Examples — The following co mmand displa ys information for all ports on a WX1200 switch: WX1200# display port status Port Name Admin Oper Config Actual Type Media ==================================== ========================================= == 1 1 up up auto 100/full network 10/100Bas eTx 2 2 up up auto 100/full a[...]

  • Page 75

    display port media-type 75 See Also  clear port type on page 68  set port on page 83  set port name on page 86  set port negotiation on page 86  set port speed on page 89  set port type ap on p age 91  set port type wired-auth on page 94 display port media-type Displays the enabled interface types on a WX4400 switch’ s gigabi[...]

  • Page 76

    76 C HAPTER 4: P ORT C OMMANDS ==================================== ======================= 1 GBIC 2 RJ45 3 GBIC 4 GBIC T able describes the fields in this disp lay . See Also  clear port media-type on page 66  set port media-type on page 85 monitor port counters Displays and continually updates port statistics. Syntax — monitor port counte[...]

  • Page 77

    monitor port counters 77 Defaults — All types of statistics ar e displayed for all ports. MSS refr eshes the statistics every 5 seconds. This interval cannot be configured. Statistics types are displayed in the following or der by default:  Octets  Packets  Receive err ors  T ransmit errors  Collisions  Receive Ethernet statisti[...]

  • Page 78

    78 C HAPTER 4: P ORT C OMMANDS Examples — The following command starts the port statistics monitor beginning with octet st at istics (the default): WX4400# monitor port counters As soon as you press Enter , MSS clears the window an d displays statistics at the top of th e window . Port Status Rx Octets Tx Oct ets =================================[...]

  • Page 79

    monitor port counters 79 packets Rx Unicast Number of unicast packets received. This number does not include packets that contain errors. Rx NonUnicast Number of broadcast and multicast packets received. This number does not include packets that contain errors. Tx Unicast Number of unicast packets transmitted. This number does not include packets t[...]

  • Page 80

    80 C HAPTER 4: P ORT C OMMANDS See Also  display port counters on page 69 collisions Single Co ll Total number of frames transmitted that experienced one collision before 64 bytes of the frame were transmitted on the network. Multiple Coll Total number of frames transmitted that experienced more than one collision before 64 bytes of the frame we[...]

  • Page 81

    reset port 81 reset port Resets a port by toggling its link state and Power over Ethe rnet (PoE) state. Syntax — reset port port-list  port-list — List of physical ports. MSS r esets all the specified ports. Defaults — None. Access — Enabled. History — Introduced in MSS V er sion 3.0. Usage — The r eset command disables the port’ s[...]

  • Page 82

    82 C HAPTER 4: P ORT C OMMANDS  dap-num — Number for the Distributed MAP . The range of valid connection numbers depends on the WX switch model:  For a WX4400, you can specify a number from 1 to 256.  For a WX1200, you can specify a number from 1 to 30.  serial-id serial-ID — MAP access point serial ID. The serial ID is listed on th[...]

  • Page 83

    set port 83  clear port type on page 68  set port type ap on p age 91  set radio-profile 11g-only on page 347  set system countrycode on page 56 set port Admin istratively disabl es or reenables a port. Syntax — set port { enable | disable } port-list  enable — Enables the specified ports.  disable — Disables the specifie d [...]

  • Page 84

    84 C HAPTER 4: P ORT C OMMANDS set port-group Configur es a load-sharing port group. All ports in the group function as a single logical link. Syntax — set port-group name group-name port-list mode { on | off }  name group-name — Alphanumeric string of up to 255 characters , with no spaces.  port-list — List of physical ports. All the p[...]

  • Page 85

    set port media-type 85 See Also  clear port-group on page 65  display port-group on pa ge 70 set port media-type Disables the fiber interface and en ables the coppe r interface on an WX4400 gigabit Ether net port. Syntax — set port media-type port-list rj45  port-list —List of physical p orts. MSS sets the preference on all the specifi[...]

  • Page 86

    86 C HAPTER 4: P ORT C OMMANDS set port name Assigns a name to a port. After na ming a port, you can use the port name or number in other CLI commands. Syntax — set port port name name  port — Number of a physical port. Y ou can specify only one port.  name name — Alphanumeric string of up to 16 characters, with no spaces. Defaults — [...]

  • Page 87

    set port poe 87 Access — Enabled. History — Introduced in MSS V er sion 3.0. Usage — WX1200 10/100 Ethernet ports supp ort half-duplex and full-duplex operation. Examples — The following co mmand disables autonegotiation on ports 3 and 5: WX1200# set port negotiation 3,5 dis able The following command enables autonegotiation on port 2: WX12[...]

  • Page 88

    88 C HAPTER 4: P ORT C OMMANDS Examples — The following co mmand disa bles PoE on ports 4 and 5, which are connected to a MAP access point: WX1200# set port poe 4,5 disable If you are enabling power on these ports, they must be connected only to approved PoE devices with the correct wiring. Do you wish to continue? (y/n) [n] y The following comma[...]

  • Page 89

    set port speed 89 Examples — The follo wing command sets the pr eference of port 2 on a WX4400 to RJ-45 (copper): WX4400# set port preference 2 rj45 See Also  clear port prefer ence on page 67  display port prefer ence on page 72 set port speed Changes the speed of a port. Syntax — set port speed port-list { 10 | 100 | 10 00 | auto }  [...]

  • Page 90

    90 C HAPTER 4: P ORT C OMMANDS set port trap Enables or disab les Simple Networ k Management Prot ocol (SNMP) link up and linkdown traps on an individu al port. Syntax — set port trap port-list { enable | disab le }  port-list — List of physical ports.  enable — Enables the T elnet server .  disable — Disables the T elnet server . [...]

  • Page 91

    set port type ap 91 set port type ap Configures an WX switch port for a MAP access point. CAUTION: When you set the po rt type for MAP use, you must specify the PoE state (ena ble or disable) of the port. Use the WX switch’ s PoE to power 3Com MAP access points only . If you enable PoE on a port connected to another device, physical damage to the[...]

  • Page 92

    92 C HAPTER 4: P ORT C OMMANDS MAP access point models AP2750, MP -2 41, and MP-341 have a single radio that can be configured for 802.11a or 802.11b/g. Other MAP models have two radios. On two-ra dio models, one radio is always 802.11a. The other radio is 802.11b/g, but can be configur ed for 802.11b or 802.11g exclusively . If th e country of ope[...]

  • Page 93

    set port type ap 93 This command does not apply to any gigabit Ether net ports or to ports 7 and 8 on the WX1200 switch. T o manage a MAP access point on a switch model that does not have 10/100 Ethernet port s, use the set dap command to configure a Distributed MAP connection o n the switch. Examples — The following co mmand sets ports 1 through[...]

  • Page 94

    94 C HAPTER 4: P ORT C OMMANDS The following command resets port 5 by clearing it: WX1200# clear port type 5 This may disrupt currently authentic ated users. Are you sure? (y/n) [n] y success: change accepted. See Also  clear dap on page 6 4  clear port type on page 68  set {ap | dap} radio antennatype on page 334  set dap on page 81 ?[...]

  • Page 95

    set port type wired-auth 95 Defaults — The default tag-list is null (no tag values). The default number of sessions is 1. The default fa llthru authentication type is none. Access — Enabled. History —Introduced in MSS V ersion 3.0. Op tion for W ebAAA fallthru authentication type changed from web-auth to web-portal in MSS V ersion 4.0. Usage [...]

  • Page 96

    96 C HAPTER 4: P ORT C OMMANDS The 802.1X specification prohibits ne tworking devices from forwar ding P AE group address packets, because this would make it possible fo r multiple authenticators to acquire the same client. For non-802.1X clients, who use MAC authentication, WebAAA, or last-resort authentication, wired authentication works if the c[...]

  • Page 97

    5 VLAN C OMMANDS Use virtual LAN (VLAN) c ommands to configure and manage parameters for individual por t VLANs on network ports, and to display information about clients roaming within a mobility domain. Commands by usage This chapter presents VLAN commands alphabet ically . Use T able 20 to locate commands in this chapter based on their use. T ab[...]

  • Page 98

    98 C HAPTER 5: VLAN C OMMANDS clear fdb Deletes an entry fr om the forwarding database (FDB). Syntax — clear fdb { perm | static | dynamic | port port-list } [ vlan vlan-id ] [ tag tag-valu e ]  perm — Clears permanent entries. A permanent entry does not age out and remains in the database even after a r eb oot, r eset, or power cycle. Y ou [...]

  • Page 99

    clear security 12-restrict 99 The following command clears all dynamic forwarding database entries that match all VLANs: WX4400# clear fdb dynamic success: change accepted. The following command clears all dynamic forwarding database entries that match ports 3 and 5: WX4400# clear fdb port 3,5 success: change accepted. See Also  display fdb on p[...]

  • Page 100

    100 C HAPTER 5: VLAN C OMMANDS Examples — The follow ing comma nd removes MAC addr ess aa:bb:cc:dd:ee:ff fr om the list of a ddr esses to which clients in VLAN abc_air are allowed to send traffic at Layer 2: WX4400# clear security 12-restrict v lan abc_air permit-mac aa:bb:cc:dd:ee:ff success: change accepted. See Also  clear security 12-re st[...]

  • Page 101

    clear vlan 101 clear vlan Removes physical or virtual ports from a VLAN or r emoves a VLAN entirely . CAUTION: When you remove a VLAN, MSS co mpletely removes the VLAN from the co nfiguration and also remove s all configuration information that uses the VLAN. If you want to remove only a specific port from the VLAN, make sure you specify the po rt [...]

  • Page 102

    102 C HAPTER 5: VLAN C OMMANDS The following command co mpletely removes VLAN marigold : WX4400# clear vlan marigold This may disrupt user connectivity. Do you wish to continue? (y/n) [n] y success: change accepted. See Also  set vlan port on page 117  display vlan config on page 111 display fdb Displays entries in the forwarding database. Sy[...]

  • Page 103

    display fdb 103 Access — All. History —Introduced in MSS V ersion 3.0. Usage — T o display the entire forwarding database, enter t he display fdb command without option s. T o display only a portion of the d atabase, use optional parameters to specify the types of entries you want to display . Examples — The following co mmand displays all [...]

  • Page 104

    104 C HAPTER 5: VLAN C OMMANDS See Also  clear fdb on page 98  set fdb on page 113 display fdb agingtime Displays the aging timeout period for forwarding database entries. Syntax — display fdb agingtime [ vlan vlan-id]  vlan vlan-id — VLAN name or number . If you do not specify a VLAN, the aging timeout period for each VLAN is displaye[...]

  • Page 105

    display fdb cou nt 105 See Also  set fdb agingtime on page 114 display fdb count Lists the number of entries in the forwarding database. Syntax — display fdb count { perm | static | dyna mic } [ vlan vlan-id ]  perm — Lists the number of permanent entries. A permanent entry does not age out and remains in th e database even after a r e bo[...]

  • Page 106

    106 C HAPTER 5: VLAN C OMMANDS display roaming station Shows a list of the stations roaming to the wireless LAN switch thr ough a VLAN tunnel. Syntax — display roaming station [ vlan vlan-id ] [ peer ip-addr ]  vlan vlan-id — Output is r estricted to stations using this VLAN.  peer ip-addr — Output is r estricted to stations tunnelling [...]

  • Page 107

    display roaming station 10 7 See Also  display roaming vlan on page 108 State State of the session:  Setup — Station is attempting to roam to this WX switch. This switch has asked the WX from which the station is roaming for the station’s session info rmation and is waiting for a reply.  Up — MSS has established a tunn el between the[...]

  • Page 108

    108 C HAPTER 5: VLAN C OMMANDS display roaming vlan Shows all VLANs in the mobility doma in, the WX switches servicing the VLANs, and their tunnel affinity values configured on each switch for the VLANs. Syntax — display roaming vlan Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Examples — The following co mm[...]

  • Page 109

    display security 12-restrict 109 display security 12-restrict Displays configuration in formation and statistics for Layer 2 forwar ding restriction. Syntax — display security 12-restrict [v lan vlan-id | all] vlan-id — VLAN name or number . all — Displays information for all VLANs. Defaults — If you do not specify a VLAN name or all , info[...]

  • Page 110

    110 C HAPTER 5: VLAN C OMMANDS See Also  clear security 12-restrict on page 99  clear security 12-re strict counters on page 100  set security l2-restrict on page 114 display tunnel Shows the tunnels from the wir e less LAN switch wher e you type the command. Syntax — display tunnel Defaults — None. Access — Enabled History —Introd[...]

  • Page 111

    display vlan config 111 See Also  display vlan config on page 111 display vlan config Shows VLAN information. Syntax — display vlan config [ vlan-id ]  vlan-id — VLAN name or number . If you do not specify a VLAN, information for all VLANs is displayed. Defaults — None. Access — All. History —Introduced in MSS V ersion 3.0. Examples[...]

  • Page 112

    112 C HAPTER 5: VLAN C OMMANDS T able 26 describes th e fields in this display . See Also  clear security 12-restrict on page 99  set security l2-restrict on page 114  set vlan port on page 117  set vlan tunnel-affinity on page 118 T able 26 Output for display vlan config Field Description VLAN VLAN number. Name VLAN name. Admin Status [...]

  • Page 113

    set fdb 11 3 set fdb Adds a permanent or static en t ry to the forwar ding database. Syntax — set fdb { perm | static } mac-addr port port-list vlan vlan-id [ tag tag-value ]  perm — Adds a permanent entry . A permanent entry does not age out and remains in the database even af ter a r eboot, reset, or power cycle.  static — Adds a stat[...]

  • Page 114

    114 C HAPTER 5: VLAN C OMMANDS See Also  clear fdb on page 98  display fdb on page 102 set fdb agingtime Changes th e aging timeout period for dynamic entries in the forwarding database. Syntax — set fdb agingtime vlan-id age seconds  vlan-id — VLAN name or number . The timeout period change applies only to entries that match the speci[...]

  • Page 115

    set security l2-restrict 115  mode — Enables or disables r estriction of Layer 2 forwarding. {enable | disable}  permit-mac mac-addr — MAC addr esses to which clients are [ mac-addr ] allowed to forward data at Layer 2. Y ou can specify up to four a ddre sses. Defaults — Layer 2 restriction is disabled by default. Access — Enabled. Hi[...]

  • Page 116

    116 C HAPTER 5: VLAN C OMMANDS set vlan name Creates a VLAN and assigns a number and name to it. Syntax — set vlan vlan-num name name  vlan-num — VLAN number . Y ou can specify a number fr om 2 through 4093.  name — String up to 16 alpha betic characters long. Defaults — VLAN 1 is named default by default. No other VLANs have default [...]

  • Page 117

    set vlan port 117 set vlan port Assigns one or more network ports to a VLAN. Y ou also can add a virtual port to each network port by addi ng a tag value to the networ k port. Syntax — set vlan vlan-id port port-list [ tag ta g-value ]  vlan-id — VLAN name or number .  port port-list — List of physical ports.  tag tag-value — T ag [...]

  • Page 118

    118 C HAPTER 5: VLAN C OMMANDS set vlan tunnel-affinity Changes a wir eless LAN switch’ s pref erability within a mobility domain for tunneling user traffic for a VLAN. When a user r oams to a WX switch that is not a member of the user’ s VLAN, the WX can forward the user traffic by tunneling to another WX switch that is a member of the VLAN. S[...]

  • Page 119

    6 Q UALITY OF S ERVICE C OMMANDS Use Quality of Service (QoS) commands to configure packet prioritization in MSS. Packet prioritization ensures that WX switches and MAP access points give prefer ential treatment to high-priority traf fic such as voice and video. (T o override the prioritization for specific traffic, use access controls lists [ACLs][...]

  • Page 120

    120 C HAPTER 6: Q UALITY OF S ERVICE C OMM ANDS clear qos Resets the switch’ s mapping of Dif fer entiated Services Code Point (DSCP) values to internal QoS values. The switch’ s inter nal QoS map ensur es that prioritized traffic remains prioritized while transiting through the W X switch. A WX switch uses the QoS map to do the following:  [...]

  • Page 121

    set qos cos-to-dscp-map 121 set qos cos-to-dscp-map Changes the value to which MSS maps an inter nal QoS value when marking outbound packets. Syntax — set qos cos-to-dscp-map level dscp dscp -value  level — Internal CoS value. Y ou can specify a number from 0 to 7.  dscp dscp-value — DSCP value. Y ou ca n specify the value as a decimal [...]

  • Page 122

    122 C HAPTER 6: Q UALITY OF S ERVICE C OMM ANDS set qos dscp-to-cos-map Changes the inter nal QoS value to which MSS maps a packet’ s DS CP value when classifying inbound packets. Syntax — set qos dscp-to-cos-map dscp-range cos level  dscp-range — Y ou can specify the values as decimal numbers. V alid decimal values ar e 0 to 63. T o speci[...]

  • Page 123

    display qos 123 display qos Displays the switch’ s QoS settings. Syntax — display qos [default]  default — Displays the default mappings. Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 4.1. Examples — The following co mmand disp lays the default QoS settings: WX1200# display qos default Ingress QoS Classific[...]

  • Page 124

    124 C HAPTER 6: Q UALITY OF S ERVICE C OMM ANDS display qos dscp-table Displays a table that m aps Dif ferentiated Services Code Point (DS CP) values to their equivalent combinations of IP pr ecedence values and IP To S v a l u e s . Syntax — display qos dscp-table Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 4.0 a[...]

  • Page 125

    7 IP S ERVICES C OMMANDS Use IP services commands to conf igur e and manage IP interfaces, management services, the Domain Name Service (DNS), Network Ti me Protocol (NTP), and aliases, and to ping a host or trace a route. Commands by Usage This chapter presents IP services commands alphabe tically . Use T able 28 to locate t he commands in this ch[...]

  • Page 126

    126 C HAPTER 7: I P S ERVICES C OMMANDS HTTPS Management set ip https server on page 167 display ip https on page 145 DNS set ip dns on page 164 set ip dns domain on page 165 set ip dns serve r on page 166 display ip dns on page 144 clear ip dns domain on page 129 clear ip dns se rver on page 129 IP Alias set ip alias on page 164 display ip alias o[...]

  • Page 127

    clear interface 127 clear interface Removes an IP interface. Syntax — clear interface vlan-id ip  vlan-id — VLAN name or number Defaults — None. Access — Enabled. History — Introduced in MSS V er sion 3.0. Usage — If the interf ace you want t o re move is configured as the system IP address, r emoving the address can interfere with s[...]

  • Page 128

    128 C HAPTER 7: I P S ERVICES C OMMANDS  T opology reporting for dual-homed MAP access points  Default source IP addr ess used in unsolicited communications such as AAA accounting reports and SNMP traps Examples — The following co mmand r emoves the IP interface configured on VLAN mauve : WX1200# clear interface mauve ip success: cleared ip[...]

  • Page 129

    clear ip dns domain 129 clear ip dns domain Removes the default DNS domain name. Syntax — clear ip dns domain Defaults — None. Access — Enabled. History — Introduced in MSS V er sion 3.0. Examples — The following co mmand r emo ves the default DNS domain name from a WX switch: WX1200# clear ip dns domain Default DNS domain name cleared. S[...]

  • Page 130

    130 C HAPTER 7: I P S ERVICES C OMMANDS See Also  clear ip dns domain on page 129  display ip dns on page 144  set ip dns on page 164  set ip dns domain on page 165  set ip dns server on page 166 clear ip r oute Removes a r oute from the IP r oute table. Syntax — clear ip route { default | ip-addr mask | ip-addr/mask-length } gatew[...]

  • Page 131

    clear ip telnet 13 1 clear ip telnet Resets the T elnet server’ s TCP port number to its default value. A WX switch listens for T elnet management traffic on the T elnet server port. Syntax — clear ip telnet Defaults — The default T elnet port number is 23. Access — Enabled. History — Introduced in MSS V er sion 3.0. Examples — The foll[...]

  • Page 132

    132 C HAPTER 7: I P S ERVICES C OMMANDS Examples — The following co mmand r emoves NTP server 192.168.40.240 from a WX switch configuration: WX4400# clear ntp server 192.168.40. 240 success: change accepted. See Also  clear ntp update-interval on pag e 132  display ntp on page 149  set ntp on page 173  set ntp serve r on page 174  [...]

  • Page 133

    clear snmp community 133 clear snmp community Clears an SNMP community string. Syntax — clear snmp community name comm-string  comm-string — Name of the SNMP community you want to clear . Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 4.0. Examples — The following co mmand clears community string setswitch2 : [...]

  • Page 134

    134 C HAPTER 7: I P S ERVICES C OMMANDS See Also  set snmp notify profile on page 177  display snmp notify pr ofile on page 152 clear snmp notify target Clears an SNMP notifi cation target. Syntax — clear snmp notify target target-num  target-num — ID of the target. Defaults — None. Access — Enabled. History —Introduced in MSS V [...]

  • Page 135

    clear summertime 135 Examples — The following co mmand clears SNMPv3 user snmpmgr1 : WX1200# clear snmp usm snmpmgr1 success: change accepted. See Also  set snmp usm on page 188  display snmp usm on page 154 clear summertime Cl ears the summert ime setting fr om a wireless LAN switch. Syntax — clear summertime Defaults — None. Access ?[...]

  • Page 136

    136 C HAPTER 7: I P S ERVICES C OMMANDS clear system ip-address Clears the system IP addr ess. CAUTION: Clearing the system IP ad dress disrupts the system tasks that use the address. Syntax — clear system ip-address Defaults — None. Access — Enabled. History — Introduced in MSS V ersion 3.0. Usage — Clearing the system IP addre ss can in[...]

  • Page 137

    display arp 137 History — Introduced in MSS V er sion 3.0. Examples — T o return the WX switch’ s real-time clock to UTC, type the following command: WX4400# clear timezone success: change accepted. See Also  clear summertime on page 135  set summertime on page 191  set timedate on page 193  set timezone on pag e 194  display s[...]

  • Page 138

    138 C HAPTER 7: I P S ERVICES C OMMANDS T able 29 describes th e fields in this display . See Also  set arp on page 158  set arp agingtime on page 159 display dhcp-client Displays DHCP client in formation for all VL ANs. Syntax — display dhcp-client Defaults — None. Access — All. History — Introduced in MSS V ersion 4.0. T able 29 Out[...]

  • Page 139

    display dhcp-client 13 9 Examples — The following co mmand displa ys DHCP client information: WX1200# display dhcp-client Interface: corpvlan(4) Configuration Status: Enabled DHCP State: IF_UP Lease Allocation: 65535 seconds Lease Remaining: 65532 seconds IP Address: 10.3.1.110 Subnet Mask: 255.255.255.0 Default Gateway: 10.3.1.1 DHCP Server: 10.[...]

  • Page 140

    140 C HAPTER 7: I P S ERVICES C OMMANDS display dhcp-server Displays MSS DHCP server information. Syntax — display dhcp-server [interface vlan-i d ] [verbose]  interface vlan-id — Displays the IP addresses leased by the specified VLAN.  verbose — Displays configuration and status information for the MSS DHCP server . Defaults — None. [...]

  • Page 141

    display dhcp -server 14 1 Default Gateway: 10.10.20.1 DNS Servers: 10.10.20.4 10.10.20 .5 DNS Domain Name: mycorp.com T able 31 and T able 32 describe the fields in these displays. T able 31 Output for display dhcp-server Field Description VLAN VLAN number Name VLAN name Address IP address leased by the server. MAC Address MAC address of the device[...]

  • Page 142

    142 C HAPTER 7: I P S ERVICES C OMMANDS See Also  set interface dhcp-server on page 162 display interface Shows the IP interfaces configured on the wireless LAN switch. Syntax — display interface [ vlan-id ]  vlan-id — VLAN name or number . Defaults — If you do not specify a VLAN ID, interfaces for all VLANs are displayed. Usage — All[...]

  • Page 143

    display ip alias 143 See Also  clear interface on pag e 127  set interface on page 160  set interface dhcp-client on page 161 display ip alias Shows the IP aliases configur ed on the wireless LAN switch. Syntax — display ip alias [ name ]  name — Alias string. Defaults — If you do not specify an alia s name, all aliase s ar e disp[...]

  • Page 144

    144 C HAPTER 7: I P S ERVICES C OMMANDS T able 34 describes th e fields in this display . See Also  clear ip alias on page 128  set ip alias on page 164 display ip dns Shows the DNS servers the wir eless LA N switch is configur ed to use. Syntax — display ip dns Defaults — None. Access — All. History —Introduced in MSS V ersion 3.0. E[...]

  • Page 145

    display ip https 145 See Also  clear ip dns domain on page 129  clear ip dns server on page 129  set ip dns on page 164  set ip dns domain on page 165  set ip dns server on pa ge 166 display ip https Shows information about the HTTPS management port. Syntax — display ip https Defaults — None. Access — All. History —Introduced[...]

  • Page 146

    146 C HAPTER 7: I P S ERVICES C OMMANDS See Also  clear ip telnet on page 131  display ip telnet on page 148  set ip https server on page 167  set ip telnet on page 171  set ip telnet server on page 172 display ip route Shows the IP route table. Syntax — display ip route [ destination ]  destination — Route destination IP addr[...]

  • Page 147

    display ip ro ute 147 Usage — When you add an IP inte rface to a VLAN tha t is up, MSS adds direct and local r outes for the interface to the route table. If the VLAN is down, MSS does not add the routes. If you add an interface to a VLAN but the routes for that interface do not appear in the route table, use the display vlan config command to ch[...]

  • Page 148

    148 C HAPTER 7: I P S ERVICES C OMMANDS See Also  clear ip route on page 130  display interface on page 142  display vlan config on page 111  set interface on page 160  set ip rou te on page 167 display ip telnet Shows information about the T elnet management port. Syntax — display ip telnet Defaults — None. Access — All. Histo[...]

  • Page 149

    display ntp 149 Examples — The following comman d shows the status and port number for the T eln et management interface to the WX switch: WX4400> display ip telnet Server Status Port ---------------------------------- Enabled 23 T able 38 describes th e fields in this display . See Also  clear ip telnet on page 131  display ip https on [...]

  • Page 150

    150 C HAPTER 7: I P S ERVICES C OMMANDS Examples — T o display NTP information for a WX switch , type the following command: WX4400> display ntp NTP client: enabled Current update-interval: 20(secs) Current time: Fri Feb 06 2004, 12:02 :57 Timezone is set to 'PST', offset fro m UTC is -8:0 hours. Summertime is enabled. Last NTP updat[...]

  • Page 151

    display snmp community 151 See Also  clear ntp server on page 131  clear summertime on page 135  clear timezone on pa ge 136  display timezone on page 155  set ntp on page 173  set ntp serve r on page 174  set summertime on page 191  set timezone on pag e 194 display snmp community Displays the configured SNMP community stri[...]

  • Page 152

    152 C HAPTER 7: I P S ERVICES C OMMANDS See Also  clear snmp community on page 133  set snmp community on page 175 display snmp counters Displays SNMP statistics counters . Syntax — display snmp counters Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 4.0. display snmp notify profile Displays SNMP notification p[...]

  • Page 153

    display snmp status 153 See Also  clear snmp notify target on page 134  set snmp notify target on page 181 display snmp status Displays SNMP version and status infor mation. Syntax — display snmp status Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 4.0. See Also  set snmp community on page 175  set snmp [...]

  • Page 154

    154 C HAPTER 7: I P S ERVICES C OMMANDS display snmp usm Displays information about SNMPv3 users. Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 4.0. See Also  clear snmp usm on page 134  display snmp usm on page 154 display summertime Shows a wireless LAN switch’ s offs et from its r eal-time clock. Syntax —[...]

  • Page 155

    display timedate 155  set timedate on page 193  set timezone on pag e 194 display timedate Shows the date and time of day currently set on a wireless LAN switch’ s real-time clock. Syntax — display timedate Defaults — None. Access — All. History —Introduced in MSS V ersion 3.0. Examples — T o display the time and date set on a WX [...]

  • Page 156

    156 C HAPTER 7: I P S ERVICES C OMMANDS Examples — T o display the offset from UTC, type the following command: WX4400# display timezone Timezone set to 'pst', offset from U TC is -8 hours See Also  clear summertime on page 135  clear timezone on pa ge 136  display summertime on page 154  display timedate on page 155  set[...]

  • Page 157

    ping 157 Because the WX switch adds header in formation, the ICMP packet size is 8 bytes larger than the size you specify .  source-ip ip-addr — IP address, in dotted decimal notation, to use as the source IP addr ess in the ping packets.  source-ip vlan-name — VLAN name to use as the ping sour ce. MSS uses the IP address configured on th[...]

  • Page 158

    158 C HAPTER 7: I P S ERVICES C OMMANDS set arp Adds an ARP entry to the ARP table. Syntax — set arp { permanent | static | dyn amic } ip-addr mac-addr  permanent — Adds a permanent entry . A permanent entry does not age out and remains in the database even after a reboot, re set, or power cycle.  static — Adds a static entry . A static[...]

  • Page 159

    set arp agingtime 15 9 set arp agingtime Changes the aging timeout for dynamic ARP en tries. Syntax — set arp agingtime seconds  seconds — Number of seconds an entry can r emain unused before MSS removes the entry . Y o u can sp ecify fr om 0 through 1,000,000. T o disable aging, specify 0. Defaults — None. Access — Enabled. History — [...]

  • Page 160

    160 C HAPTER 7: I P S ERVICES C OMMANDS set interface Configures an IP interface on a VLAN. Syntax — set interface vlan-id ip { ip-addr mask | ip-addr/mask-length }  vlan-id — VLAN name or number .  ip-addr mask — IP addr ess and subnet mask in dotted decimal notation (for example, 10.10 .10.10 255.255.255.0).  ip-addr/mask-length ?[...]

  • Page 161

    set interface dhcp-client 161 See Also  clear interface on pag e 127  display interface on page 142  set interface dhcp-client on page 161 set interface dhcp-client Configures the DHCP client on a VLAN, to allow the VLAN to obtain its IP interface from a DHCP server . Syntax — set interface vlan-id ip dhcp-clien t {enable | disable}  [...]

  • Page 162

    162 C HAPTER 7: I P S ERVICES C OMMANDS See Also  clear interface on pag e 127  display dhcp-client on page 138  display interface on page 142 set interface dhcp-server Configures the MSS DHCP server . Use of the MSS DHCP ser ver to allocate client addresses is intended for temporary , demonstration deployments and not for production netwo[...]

  • Page 163

    set interface status 163 Examples — The following command enable s the DHCP server on VLAN red-vlan to s erve addr esses from the 19 2.168.1.5 to 192.168.1.25 range: WX1200# set interface red-vlan ip dh cp-server enable start 192.168.1.5 stop 192.168.1.25 success: change accepted. See Also  display dhcp-server on page 140 set interface status [...]

  • Page 164

    164 C HAPTER 7: I P S ERVICES C OMMANDS set ip alias Configures an alias, which maps a na m e to an IP ad dress. Y ou can use aliases as shortcuts in CLI commands. Syntax — set ip alias name ip-addr  name — String of up to 32 alphanumeric characters, with no spaces.  ip-addr — IP addr ess in dotted decimal notation. Defaults — None. A[...]

  • Page 165

    set ip dns domain 165 See Also  clear ip dns domain on page 129  clear ip dns server on page 129  display ip dns on page 1 44  set ip dns domain on page 165  set ip dns server on pa ge 166 set ip dns domain Configures a default domain name fo r DNS queries. The wireless LAN switch appends the default domain name to domain names or ho[...]

  • Page 166

    166 C HAPTER 7: I P S ERVICES C OMMANDS set ip dns server Specifies a DNS server to use for re solving hostnames you enter in CLI commands. Syntax — set ip dns server ip-addr { primary | se condary }  ip-addr — IP addr ess of a DNS server , in dot ted decimal or CIDR notation.  primary — Makes the se rver the primary server , which MSS [...]

  • Page 167

    set ip https server 167 set ip https server En ables the HTTPS server on a wireless LAN switch. The HTTPS server is requir ed for Web Manager access to the switch. CAUTION: If you disable the HTTPS ser ver , Web Manager access to the WX switch is also disabled. Syntax — set ip https server { enable | disable }  enable — Enables the HTTPS ser[...]

  • Page 168

    168 C HAPTER 7: I P S ERVICES C OMMANDS  ip-addr mask — IP address and subnet mask for the r oute destination, in dotted decimal not ation (for example, 10 .10.10.10 255.255.255.0 ).  ip-addr/mask-length — IP address and subnet mask length in CIDR format (for example, 10.10.10.10/24).  gateway — IP addr ess, DNS hostname, or alias of[...]

  • Page 169

    set ip snmp server 169 Examples — The following co mmand adds a default r oute that uses gateway 10.5.4.1 and gives the route a cost of 1: WX4400# set ip route default 10.5.4. 1 1 success: change accepted. The following commands add two default routes, and configure MSS to always use the route through 10.2.4. 69 when the interface to that gateway[...]

  • Page 170

    170 C HAPTER 7: I P S ERVICES C OMMANDS History — Introduced in MSS V ersion 3.0. Examples — The following command enables th e SNMP server on a WX switch: WX4400# set ip snmp server enable success: change accepted. See Also  set port trap on page 90  set snmp community on page 175 set ip ssh Changes the TCP port number on which a wir ele[...]

  • Page 171

    set ip ssh server 17 1 set ip ssh server Disables or reenables the SSH server on a wir eless LAN switch. CAUTION: If you disable the SSH server , SS H access to the WX switch is also disabled. Syntax — set ip ssh server { enable | disable }  enable — Enables the SSH server .  disable — Disables the SSH server . Defaults — The SSH serv[...]

  • Page 172

    172 C HAPTER 7: I P S ERVICES C OMMANDS History —Introduced in MSS V ersion 3.0. Examples — The following co mmand changes the T elnet port number on a WX switch to 5000: WX4400# set ip telnet 5000 success: change accepted. See Also  clear ip telnet on page 131  display ip https on page 145  display ip telnet on page 148  set ip htt[...]

  • Page 173

    set ntp 173  display ip https on page 145  display ip telnet on page 148  set ip https server on page 167  set ip telnet on page 171 set ntp Enables or disables the NTP c lient on a wireless LAN switch. Syntax — set ntp { enable | disable }  enable — Enables the NTP cli ent.  disable — Disables the NTP client. Defaults — T[...]

  • Page 174

    174 C HAPTER 7: I P S ERVICES C OMMANDS set ntp server Configures a wir eless LAN switch to use an NTP server . Syntax — set ntp server ip-addr  ip-addr — IP addr ess of the NTP server , in dotted decimal not ation. Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — Y ou can configure up to three NTP [...]

  • Page 175

    set ntp update-interval 175 set ntp update-interval Changes how often MSS sends queries to the NTP servers for updates. Syntax — set ntp update-interval seconds  seconds — Number of seconds between queries. Y ou can specify from 16 thr ough 1,024 seconds. Defaults — The default NTP update interval is 64 seconds. Access — Enabled. History[...]

  • Page 176

    176 C HAPTER 7: I P S ERVICES C OMMANDS  read-notify — Allows an SNMP management application using the string to get object values on the switch but not to set them. The switch can use the string to send notifications.  notify-only — Allows the switch to u se the string to send notifications.  read-write — Allows an SNMP management a[...]

  • Page 177

    set snmp notify profile 177  set ip snmp server on page 169  set snmp notify target on page 181  set snmp notify profile on page 177  set snmp protocol on page 186  set snmp security on page 187  set snmp usm on page 188  display snmp community on page 151 set snmp notify profile Configures an SNMP notification pr ofile. A noti[...]

  • Page 178

    178 C HAPTER 7: I P S ERVICES C OMMANDS  AutoT uneRadioPowerChangeT raps— Gen erated when the RF Auto- T uning feature changes the power set ting on a radio.  ClientAssociationFailureT raps— G enerated when a client’ s attempt to associate with a radio fails.  ClientAuthorizationSuccessT raps— Generated when a client is successfull[...]

  • Page 179

    set snmp notify profile 179  MobilityDomainJoinT raps— Gen erated when the WX switch is initially able to contact a mob ility domain seed member , or can contact the seed member after a timeout.  MobilityDomainTimeoutT raps— Generated when a timeout occurs after a WX switch has un successfully tried to commu nicate with a seed member . ?[...]

  • Page 180

    180 C HAPTER 7: I P S ERVICES C OMMANDS  RFDetectUnAuthorizedSsidT raps —Generated when an SSID that is not on the permitted SSID list is detected.  all — Sends or drops all notifications. Defaults — A default notification profile (named default ) is alr eady configured in MSS. All notifications in the default profile ar e dr opped by d[...]

  • Page 181

    set snmp notify target 181 WX1200# set snmp notify profile snmp prof_rfdetect send RFDetectSpoofedMacAPTraps success: change accepted. WX1200# set snmp notify profile snmp prof_rfdetect send RFDetectSpoofedSsidAPTraps success: change accepted. WX1200# set snmp notify profile snmp prof_rfdetect send RFDetectUnAuthorizedAPTraps success: change accept[...]

  • Page 182

    182 C HAPTER 7: I P S ERVICES C OMMANDS Syntax — set snmp notify target target-num ip-addr [ : udp-port-number ] usm inform user username snmp-engine-id {ip | hex hex-string } [profile profile-name ] [security {unsecured | authenticated | encrypted}] [retries num ] [timeout num ]  target-num — ID for the target. This ID is local to the WX sw[...]

  • Page 183

    set snmp notify target 183 SNMPv3 with T raps T o configure a notification target for traps from SNMPv3, use the following command: Syntax — set snmp notify t arget target-num ip -addr [ :udp-port-numbe r ] usm trap user username [profile profile-name ] [security {unsecured | authenticated | encrypted}]  target-num — ID for the target. This [...]

  • Page 184

    184 C HAPTER 7: I P S ERVICES C OMMANDS  ip-addr [ :udp-port-number ] — IP address of the server . Y ou also can specify the UDP port number to send notifications to.  community-string — Community string.  profile profile-name — Notification pr ofile this SNMP user will use to specify the notification types to send or dr op.  retr[...]

  • Page 185

    set snmp notify target 185  community-string — Community string.  profile profile-name — Notification pr ofile this SNMP user will use to specify the notification types to send or dr op. Defaults — The default UDP port number on the target is 162. The default minimum requir ed security level is unsecured . The default number of retries [...]

  • Page 186

    186 C HAPTER 7: I P S ERVICES C OMMANDS  set snmp protocol on page 186  set snmp security on page 187  set snmp usm on page 188  display snmp notify target on page 152 set snmp protocol Enables an SNMP pr otocol. MSS supports SNMPv1, SNMPv2c, and SNMPv3. Syntax — set snmp protocol {v1 | v2c | usm | all} {enable | disable}  v1 — S[...]

  • Page 187

    set snmp security 18 7  set snmp notify target on page 181  set snmp security on page 187  set snmp usm on page 188  display snmp status on page 153 set snmp security Sets the minimum level of securi ty MSS r equires for SNMP message exchanges. Syntax — set snmp security {unsecured | authenticate d | encrypted | au th-req-unsec-notify[...]

  • Page 188

    188 C HAPTER 7: I P S ERVICES C OMMANDS See Also  set ip snmp server on page 169  set snmp community on page 175  set snmp notify target on page 181  set snmp notify profile on page 177  set snmp protocol on page 186  set snmp usm on page 188  display snmp status on page 153 set snmp usm Creates a USM user for SNMPv3. This comm[...]

  • Page 189

    set snmp usm 18 9  access {read-only | read-not ify | notify-only | read-write | notify-read-write} — Specifies the access level of the user:  read-only —An SNMP mana gement appl ication using the str ing can get (read) object values on the switch but cannot set (write) them.  read-notify —An SNMP management application using the str[...]

  • Page 190

    190 C HAPTER 7: I P S ERVICES C OMMANDS If the encryption type is des , 3des , or aes , you can specify a passphrase or a hexadecimal key .  T o specify a passphrase, use the encrypt-pass-phrase string option. The string can be from 8 to 32 alphanumeric charact ers long, with no spaces.  T o specify a key , use the encrypt-key hex-string opti[...]

  • Page 191

    set summertime 191 set summertime Offsets the real-time clock of a wir eless LAN switch by +1 hou r and re turns it to standar d time for da ylight savings time or a similar summertime period that you set. Syntax — set summertime summer-name [ start wee k weekday month hour min end week weekday mont h hour min ]  summer-name — Name of up to [...]

  • Page 192

    192 C HAPTER 7: I P S ERVICES C OMMANDS Examples — T o enable summertime and set the summertime time zone to PDT (Pacific Daylight Time ), type the following command: WX1200# set summertime PDT success: change accepted See Also  clear summertime on page 135  clear timezone on pa ge 136  display summertime on page 154  display timedate[...]

  • Page 193

    set timedate 193 Examples — The following co mmands configur e an IP interface on VLAN taupe and configure the interface to be the system IP address: WX4400# set interface taupe ip 10.10 .20.20/24 success: set ip address 10.10.20.20 netmask 255.255.255.0 on vlan taupe WX4400# set system ip-address 10.10. 20.20 success: change accepted. See Also ?[...]

  • Page 194

    194 C HAPTER 7: I P S ERVICES C OMMANDS Examples — The following co mmand sets the date to Mar ch 13, 2003 and time to 11:11:12: WX4400# set timedate date feb 29 200 4 time 23:58:00 Time now is: Sun Feb 29 2004, 23:58:02 PST See Also  clear summertime on page 135  clear timezone on pa ge 136  display summertime on page 154  display ti[...]

  • Page 195

    telnet 195 Examples — T o set the time zone for Paci fic Standard T ime (PST), type the following command: WX1200# set timezone PST -8 Timezone is set to 'PST', offset fro m UTC is -8:0 hours. See Also  clear summertime on page 135  clear timezone on pa ge 136  display summertime on page 154  display timedate on page 155 [...]

  • Page 196

    196 C HAPTER 7: I P S ERVICES C OMMANDS Examples — In the following example, an administrator estab lishes a T elnet session with another device and enters a command on the remote device: WX4400# telnet 10.10.10.90 Session 0 pty tty2.d Trying 10.10.10 .90... Connected to 10.10.10.90 Disconnect character is '^t' Copyright (c) 2004 3Com C[...]

  • Page 197

    traceroute 197 traceroute T races the route to an IP host. Syntax — traceroute host [ dnf ] [ no-dns ] [ port port-num ] [ queries num ] [ size size ] [ ttl hops ] [ wait ms ]  host — IP address, hostname, or alias of the destination h ost. Specify the IP addr ess in dotted decimal notation.  dnf — Sets the Do Not Fragme nt bit in the p[...]

  • Page 198

    198 C HAPTER 7: I P S ERVICES C OMMANDS Examples — The followin g example traces the route to host server1: WX4400# traceroute server1 traceroute to server1.example.com (1 92.168.22.7), 30 hops max, 38 byte packet s 1 engineering-1.example.com (192.168 .192.206) 2 ms 1 ms 1 ms 2 engineering-2.example.com (192.168 .196.204) 2 ms 3 ms 2 ms 3 gatewa[...]

  • Page 199

    traceroute 199 See Also  ping on page 156 !F Fragmentation needed but Do Not Fragment (DNF) bit was set. !S Source route failed. !A Communication administratively prohibited. ? Unknown error occurred. T able 40 Error messages for traceroute (continued) Field Description[...]

  • Page 200

    200 C HAPTER 7: I P S ERVICES C OMMANDS[...]

  • Page 201

    8 AAA C OMMANDS Use authentication, authorization, and accounting (AAA) commands to provide a secur e network connection and a r ecord of user activity . Location policy commands override an y virtual LAN (VLAN) or security ACL assignment by AAA or the local WX database to help you control access locally . (Security ACLs are packet filters. For com[...]

  • Page 202

    202 C HAPTER 8: AAA C OMMANDS Local Authorization for Password Users set user on page 258 clear user on page 215 set user attr on page 259 clear user attr on page 216 set usergroup on page 261 clear usergr oup on page 217 set user group on page 26 0 clear user gr oup on page 21 7 clear usergr oup attr on page 218 Local Authorization for MAC Users s[...]

  • Page 203

    clear accounting 203 clear accounting Removes accountin g services for specified wir eless users with administrat ive acce ss or network access. Syntax — clear accounting { admin | dot1x } { user- glob }  admin — Users with administrative access to the WX switch through a console connection or through a T elnet or Web Manager connection. [...]

  • Page 204

    204 C HAPTER 8: AAA C OMMANDS clear authentication admin Removes an authentication rule for administrative access through T elnet or Web Manager . Syntax — clear authentication admin user-glob  user-glob — A single user or set of users. Specify a username, use the doub le-asterisk wildcar d character ( ** ) to specify all user names, or use [...]

  • Page 205

    clear authentication console 205 clear authentication console Removes an authentication rule fo r administ rative access thr ough the Console. Syntax — clear authentication console user-glob  user-glob — A single user or set of users. Specify a username, use the doub le-asterisk wildcar d character ( ** ) to specify all user names, or use th[...]

  • Page 206

    206 C HAPTER 8: AAA C OMMANDS clear authentication dot1x Removes an 802.1X authenti cation rule. Syntax — clear authentication dot1x { ssid ssid-name | wired } user-glob  ssid ssid-name — SSID name to which th is authentication rule applies.  wired — Clears a rule used for access over a WX switc h’ s wired-authentication port.  use[...]

  • Page 207

    clear authentication last-resort 207 clear authentication last-resort Removes a last-resort authentication rule. Syntax — clear authentication last-resor t { ssid ssid-name | wired }  ssid ssid-name —SSID name to which this authentication rule applies.  wired — Clears a rule used for access over a WX switc h’ s wired-authentication po[...]

  • Page 208

    208 C HAPTER 8: AAA C OMMANDS clear authentication mac Removes a MAC authentication rule. Syntax — clear authentication mac { ssid ssid-name | wired } mac-addr-glob  ssid ssid-name — SSID name to which th is authentication rule applies.  wired — Clears a rule used for access over a WX switc h’ s wired-authentication port.  mac-addr[...]

  • Page 209

    clear authentication proxy 209 clear authentication proxy Removes a proxy rule for thir d-party AP users. Syntax — clear authentication proxy ssid ssid-na me user-glob  ssid ssid-name — SSID name to which th is authentication rule applies.  user-glob — User -glob associat ed with the rule you ar e removing. Defaults — None. Access —[...]

  • Page 210

    210 C HAPTER 8: AAA C OMMANDS Examples — The following co mmand r emoves W ebAAA for SSID research and usergl ob temp*@thiscorp.com : WX4400# clear authentication web ssi d research temp*@thiscorp.com See Also  clear authentication admin on page 204  clear authentication console on pag e 205  clear authentication dot1x on page 206  cl[...]

  • Page 211

    clear mac-user 211 See Also  display location policy on page 224  set location policy on page 244 clear mac-user Removes a user profile from the loca l database on the WX switch, fo r a user who is authenticated by a MAC address. (T o remove a user pr ofile in RADIUS, see the documentation for your RADIUS server .) Syntax — clear mac-user m[...]

  • Page 212

    212 C HAPTER 8: AAA C OMMANDS clear mac-user attr Removes an authorization attribute from the user profile in the local database on the WX switch, for a user who is authenticated by a MAC addr ess. (T o remove an authorization attribute in RADIUS, see the documentation for your RADIUS server .) Syntax — clear mac-user mac-addr attr attribute- nam[...]

  • Page 213

    clear mac-usergroup 213 Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — Removing a MAC user fr om a MAC user group r emoves the group name fr om the user’ s profile, but does not delete the user group from the local WX database. T o r emove the group, use clear mac-usergroup . Examples — The following co mmand delete s [...]

  • Page 214

    214 C HAPTER 8: AAA C OMMANDS See Also  clear mac-usergroup attr on page 214  display aaa on page 219  set mac-usergroup attr on page 254 clear mac-usergroup attr Removes an authorization attribute fr om a MAC user gr oup in the local database on the WX switch, for a group of users who ar e authenticated by a MAC address. (T o unconfigure [...]

  • Page 215

    clear mobility-profile 215 clear mobility-profile Removes a Mobility Profile entir ely . Syntax — clear mobility-profile name  name — Name of an existing Mobility Profile. Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Examples — The following command re mo ves the Mobility Profile for user Nin: WX1200# c[...]

  • Page 216

    216 C HAPTER 8: AAA C OMMANDS Examples — The following co mmand delete s the user pr ofile for user Nin: WX4400# clear user Nin success: change accepted. See Also  display aaa on page 219  set user on page 258 clear user attr Removes an authorization attribute fr om the user profile in the local database on the WX switch, for a user with a [...]

  • Page 217

    clear user group 217 clear user group Removes a user with a p asswor d from membership in a user group in the local database on the WX switch. (T o remove a user fr om a user group in RADIUS, see the documentation for your RADIUS server .) Syntax — clear user username group  username — Username of a user with a password. Defaults — None. A[...]

  • Page 218

    218 C HAPTER 8: AAA C OMMANDS Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — Removing a user group fr om the local WX database does not remove the user pr ofiles of the group’ s members from the database. Examples — The follow ing co mmand deletes the cardiology user group from the local database: WX[...]

  • Page 219

    display aaa 21 9 Examples — The following command r emoves the members of the user group cardiology fr om a network access time r estriction by deleting the T ime-Of-Day attribute from the gr oup: WX4400# clear usergroup cardiology a ttr time-of-day success: change accepted. See Also  clear usergroup on page 217  display aaa on page 219 [...]

  • Page 220

    220 C HAPTER 8: AAA C OMMANDS set authentication admin Jose sg3 set authentication console * none set authentication mac ssid mycorp * local set authentication dot1x ssid mycorp Geetha eap-tls set authentication dot1x ssid mycorp * peap-mschapv2 sg1 sg2 sg3 set authentication dot1x ssid any ** peap-mschapv2 sg1 sg2 sg3 set accounting dot1x Nin ssid[...]

  • Page 221

    display aaa 22 1 See Also  set accounting {admin | console} on page 225  set authentication admin on page 229  set authentication console on page 231  set authentication dot1x on page 233 deadtime Number of minutes the WX switch waits after determining a RADIUS server is unresponsive before trying to reconnect with this server. During t[...]

  • Page 222

    222 C HAPTER 8: AAA C OMMANDS  set authentication last-resort on page 236  set authentication mac on page 239  set authentication web on page 242 display accounting statistics Displays the AAA accounting r ecords for wir eless users. The r ecords a re stored in the local database on the WX switch. (T o display RADIUS accounting record s, s[...]

  • Page 223

    display accounting s tatistics 22 3 See Also  clear accounting on page 203  display aaa on page 219  set accounting {admin | console} on page 225 Acct-Status-Type Type of accounting record:  START  STOP  UPDATE Acct-Authentic Location where the user was authenticated (if authentication took pl ace) for the session:  1 — RADIU[...]

  • Page 224

    224 C HAPTER 8: AAA C OMMANDS display location policy Displays the list of location policy ru les that make up the location policy on an WX switch. Syntax — display location policy Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Examples — The following co mmand displays the list of location policy rules in the[...]

  • Page 225

    set accounting {admin | cons ole} 225 Examples — The following co mmand displays the Mobility Profile magnolia : WX1200# display mobility-profile mag nolia Mobility Profiles Name Ports ========================= magnolia AP 2 See Also  clear mobility-profile on page 215  set mobility-profile on page 255 set accounting {admin | console} Sets [...]

  • Page 226

    226 C HAPTER 8: AAA C OMMANDS  method1, method2, method3, method4 — At least one of up to four methods that MSS uses to process accounting r ecords. Specify one or more of the following methods in priority order . If the first method does not succeed, MSS tries the second method, and so on. A method can be one o f the following:  local — [...]

  • Page 227

    set accounting {dot1x | mac | web | last-resort} 227 set accounting {dot1x | mac | web | last-resort} Sets up accounting services for spec ified wireless users with network access, and defines the accounting recor ds and wher e they are sent. Syntax — set accounting { dot1x | mac | web | last-resort } { ssid ssid-name | wired } { user-glob | mac-[...]

  • Page 228

    228 C HAPTER 8: AAA C OMMANDS  method1, method2, method3, method4 — At least one of up to four methods that MSS uses to process accounting r ecords. Specify one or more of the following methods in priority order . If the first method does not succeed, MSS tries the second method, and so on. A method can be one o f the following:  local — [...]

  • Page 229

    set authentication admin 229 set authentication admin Configures authentication and defines where it is performed for specified users with administrat ive access through T elnet or Web Manager . Syntax — set authentication admin user-glob method1 [ method2 ] [ method3 ] [ metho d4 ]  user-glob — Single user or set of user s with administrati[...]

  • Page 230

    230 C HAPTER 8: AAA C OMMANDS History —Introduced in MSS V ersion 3.0. The syntax descriptions for the set authentication commands have been separated for clarity . However , the options and behavior for the set authentication admin command are th e same as in previous releases. Usage — Y ou can configure dif ferent authentication methods for d[...]

  • Page 231

    set authentication console 231  set authentication mac on page 239  set authentication web on page 242 set authentication console Configures authentication and defines where it is performed for specified users with administrative acce ss through a console connection. Syntax — set authentication console user-glob method1 [ method2 ] [ method[...]

  • Page 232

    232 C HAPTER 8: AAA C OMMANDS Defaults — By default, authentication is deactivated for all console users, and the default authenticat ion method in a console authentication rule is none . MSS requir es no username or password, by default. These users can press Enter at the prompts for administrative access. 3Com recommends that you change the def[...]

  • Page 233

    set authenticatio n dot1x 233  set authentication mac on page 239  set authentication web on page 242 set authentication dot1x Configures authentication and defines how and where it is performed for specified wireless or wir ed authenticati on clients who use an IEEE 80 2.1X authentication protocol to access the network thr ough the WX switch[...]

  • Page 234

    234 C HAPTER 8: AAA C OMMANDS Provides encryption and integrity checking for the connection Cannot be used with RADIUS serv er authentication (requires user information to be in the switch’ s local dat abase)  peap-mschapv2 — Protected EAP (PEAP) with Microsoft Challenge Handshake Authentication Prot ocol version 2 (MS-CHAP-V2). For wireless[...]

  • Page 235

    set authenticatio n dot1x 235 Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — Y ou can configure dif ferent authentication methods for differ ent groups of users by “globbing.” (For details, see “User Globs” on page 26.) Y ou can configure a rule either for wireless access to an SSID, or for wired access through a W[...]

  • Page 236

    236 C HAPTER 8: AAA C OMMANDS Examples — The following command configures EAP-TLS authentication in the local WX database for SSID mycorp an d 802.1X c lient Geet ha: WX4400# set authentication dot1x ssi d mycorp Geetha eap-tls local success: change accepted. The following command co nfigur es PEAP-MS-CHAP-V2 authentication at RADIUS server group[...]

  • Page 237

    set authentication last-resort 237  method1, method2, method3, method4 — At least one of up to four methods that MSS uses to handle authentication. Sp ecify one or mor e of the following methods in priori ty order . MSS applies multiple methods in the order you enter them. A method can be one o f the following:  local — Uses the local dat[...]

  • Page 238

    238 C HAPTER 8: AAA C OMMANDS However , if local appears first, followed by a RADIUS server gr oup, MSS overrides any failed searches in the local WX d atabase and sends an authentication request to the server group. MSS uses a last-resort authentication rule under the following con ditions:  The client is not denied access by 802.1X or do es no[...]

  • Page 239

    set authentication mac 239 set authentication mac Configures authentication and defines where it is performed for specified non-802. 1X users with network ac cess thr ough a media access cont rol (MAC) addr ess. Syntax — set authentication mac { ssid ssid-name | wired } mac-addr-gl ob method1 [ method2 ] [ method3 ] [ method4 ]  ssid ssid-name[...]

  • Page 240

    240 C HAPTER 8: AAA C OMMANDS Usage — Y ou can configure dif ferent authentication methods for differ ent groups of MAC addr esses by “globbing .” (For details, see “User Globs, MAC Address Globs, and VLAN Globs” on page 26.) If you specify multiple au thentication methods in th e set authentication mac command, MSS applies th em in the o[...]

  • Page 241

    set authentication proxy 241 set authentication proxy Configures a proxy authentication ru le for a third-party AP’ s wire less users. Syntax — set authentication proxy ssid ssid-name user-glob radius-server-group  ssid ssid-name — SSID name to which this authentication rule applies.  user-glob — A single user or a set of users. Speci[...]

  • Page 242

    242 C HAPTER 8: AAA C OMMANDS set authentication web Configures an authentication rule to allow a user to log in to the network using a web page served by the WX sw itch. The rule can be activated if the user is not otherwise gran ted or denied access by 802.1X, or granted access by MAC authentication. Syntax — set authentication web { ssid ssid-[...]

  • Page 243

    set authentication web 243 Usage — Y ou can configure dif ferent authentication methods for differ ent groups of users by “globbing.” (For details, see “User Globs” on page 26.) Y ou can configure a rule either for wireless access to an SSID, or for wired access through a WX switch’ s wired auth entication port. If the rule is for wirel[...]

  • Page 244

    244 C HAPTER 8: AAA C OMMANDS  display aaa on page 219  set authentication admin on page 229  set authentication console on page 231  set authentication dot1x on page 233  set authentication last-resort on page 236 set location policy Creates and enables a location policy on an WX switch. The location policy enables you to locally se[...]

  • Page 245

    set location policy 24 5 Optionally , you can add the suffix .out to the name.  Condition options — MSS takes the action specified by the rule if all conditions in the rule are met. Y ou can specify one or more of the following conditions:  ssid operator ssid-name — SSID with which the user is associated. The operator must be eq , which a[...]

  • Page 246

    246 C HAPTER 8: AAA C OMMANDS  modify rule-number — Replaces the rule in the location policy with the new rule. Specify the numbe r of the existing loca tion policy rule. (T o determine the numb er , use the display location policy command.)  port port-list — List of physical port(s) by which to determine if the location policy rule appli[...]

  • Page 247

    set location policy 24 7 Y ou can optionally add the suffixes .in and .out to inacl-na me and outacl-name so that they match the n ames of security ACLs stored in the local WX database. Examples — The following command denies network access to all users at *.theirfir m.com, causing them to fail authorizatio n: WX4400# set location policy deny if [...]

  • Page 248

    248 C HAPTER 8: AAA C OMMANDS set mac-user Configures a user profile in the local database on the WX switch for a user who can be authenticated by a MAC address, and optionally adds the user to a MAC u ser gr oup. (T o configure a MAC user profile in RADIUS, see the documentation for your RADIUS server .) Syntax — set mac-user mac-addr [ group gr[...]

  • Page 249

    set mac-user attr 249 set mac-user attr Assigns an authorization attribute in the local database on the WX switch to a user who is authenticated by a MAC address. (T o assign authorization attributes through RADIUS, see the documentation for your RADIUS server .) Syntax — set mac-user mac-addr attr attrib ute-name value  mac-addr — MAC addre[...]

  • Page 250

    250 C HAPTER 8: AAA C OMMANDS end-date Date and time after which the user is no longer allowed to be on the network. Date and time, in the following format: YY/MM/DD-HH:MM You can use end-date alone or with start-date . You also can use start-date , end-date , or both in conjunction with time-of-day . filter-id Inbound or outb ound ACL to apply to [...]

  • Page 251

    set mac-user attr 251 service-type Type of access the user is requesting. One of the following numbers: 2 —Framed; for network user access 6 —Administrative; for administrative access to the WX switch, with authorization to access the enabled (configuration) mode. The u ser must enter the enable command to access the enabled mode. 7 —NAS-Prom[...]

  • Page 252

    252 C HAPTER 8: AAA C OMMANDS time-of-day (network access mode only) Day(s) and time(s) during which the user is permitted to log into the network. After authorization, the user’s session can last until either the Time-Of-Day range or the Session-Timeout duration (if set) expires, whichever is shorter. One of the following:  never —Access is[...]

  • Page 253

    set mac-user attr 253 Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — T o change the value of an at tribute, enter set mac-user attr with the new valu e. T o delete an attr ibute, use clear mac-user attr . Y ou can assign attributes to individual MAC users and to MAC user groups. If attributes are configu[...]

  • Page 254

    254 C HAPTER 8: AAA C OMMANDS Examples — The following co mmand assigns input access contr ol list (ACL) acl-03 to filter the pack ets from a user at MAC address 01:02:03:04:05:06: WX4400# set mac-user 01:02:03:04:05: 06 attr filter-id acl-03.in success: change accepted. The following command restri cts a user at MAC address 06:05:04:03:02:01 to [...]

  • Page 255

    set mobility-profile 255 Usage — T o change the value of an attribute, enter set mac-usergroup attr with the new valu e. T o delete an attribute, use clea r mac-usergroup attr . Y ou can assign attributes to individual MAC users and to MAC user groups. If attributes are configur ed for a MAC user and also for the group the MAC user is in, the att[...]

  • Page 256

    256 C HAPTER 8: AAA C OMMANDS  dap-num — List of Distributed MAP connections through which any user assigned this pr ofile is allowed access. The same Distributed MAP can be used in multiple Mobility Profile port lists. Defaults — No default Mobility Profile exists on the WX switch. If you do not assign Mobility Profile attributes , all user[...]

  • Page 257

    set mobility-profile mode 257 The following comma nd adds port 3 to the magnolia Mobility Pr ofile (which is already assigned to port 2): WX1200# set mobility-profile name ma gnolia port 3 success: change accepted. See Also  clear mobility-profile on page 215  display mobility-pr ofile on page 224  set mac-user attr on page 249  set mac[...]

  • Page 258

    258 C HAPTER 8: AAA C OMMANDS See Also  clear mobility-profile on page 215  display mobility-pr ofile on page 224  set mobility-profile on page 255 set user Configures a user profile in the local database on the WX switch for a user with a password. (T o configure a user profile in RADIUS, see the documentation for your RADIUS server .) Sy[...]

  • Page 259

    set user attr 25 9 The following command assigns the passwor d chey3nne to the admin user: WX4400# set user admin password chey 3nne success: User admin created The following command change s Nin’ s passwor d fr om goody to 29Jan04: WX4400# set user Nin password 29Jan0 4 See Also  clear user on page 215  display aaa on page 219 set user att[...]

  • Page 260

    260 C HAPTER 8: AAA C OMMANDS Y ou can assign attributes to individual users and to user gr o ups. If attributes are configured for a user and also for the group the user is in, the attributes assigned to the individual user take precedence for that user . For example, if the start-date attribute configu r ed for a user is sooner than the start-dat[...]

  • Page 261

    set usergroup 261 Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — MSS does not requir e users to belong to user groups. To create a u ser gr oup, user the command set usergr oup . Examples — The following co mmand adds user Hosni to the cardiology user group: WX4400# set user Hosni group cardiol ogy success: change accept[...]

  • Page 262

    262 C HAPTER 8: AAA C OMMANDS Y ou can assign attributes to individual users and to user gr o ups. If attributes are configured for a user and also for the group the user is in, the attributes assigned to the individual user take precedence for that user . For example, if the start-date attribute configu r ed for a user is sooner than the start-dat[...]

  • Page 263

    set web-portal 263 See Also  clear authentication proxy on page 209  set service-profile auth-fallthru on page 374  set user on page 258[...]

  • Page 264

    264 C HAPTER 8: AAA C OMMANDS[...]

  • Page 265

    9 M OBILITY D OMAIN C OMMANDS Use Mobility Domain commands to configure and manage Mobility Domain groups. A Mobility Domain is a system of WX switches and MAP access points working together to support a roaming user (client). One WX swit ch acts as a seed switch, which maintains and distributes a list of IP addresses of the domain members. 3Com re[...]

  • Page 266

    266 C HAPTER 9: M OBIL ITY D OMAIN C OMMANDS clear mobility-domain Clears all Mobility Domain configur ation and information fr om a WX switch, regar dless of whether the WX switch is a seed or a member of a Mobility Domain. Syntax — clear mobility-domain Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — [...]

  • Page 267

    display mobility -domain config 26 7 Usage — This command has no effect if the WX switch member is not configured as part of a Mobility Domain or the current WX switch is not the seed. Examples — The following command clea rs a Mobility Domain member with the IP address 192.168.0.1: WX1200# clear mobility-domain member 192.168.0.1 See Also  [...]

  • Page 268

    268 C HAPTER 9: M OBIL ITY D OMAIN C OMMANDS History —Introduced in MSS V ersion 3.0. Examples — T o display Mobility Domain status, type the following command: WX4400# display mobility-domain stat us Mobility Domain name: Pleasanton Member State Status --------------- ------------- -------------- 192.168.253.11 STATE_UP MEMBER 192.168.253.12 S[...]

  • Page 269

    set mobility-domain member 269 set mobility-domain member On the seed WX switch, adds a memb er to the list of Mobi lity Domain members. If the current WX switch is not configur ed as a seed, this command is re jected. Syntax — set mobility-domain member ip-addr  ip-addr — IP addr ess of the Mobility Domain member in dotted decimal notation.[...]

  • Page 270

    270 C HAPTER 9: M OBIL ITY D OMAIN C OMMANDS set mobility-domain mode member seed-ip On a nonseed WX switch, sets the IP addr ess of the seed WX switch. This command is used on a member WX to configure it as a member . If the WX switch is currently part of another Mobility Domain or using another seed, this command overwrites that configuration. Sy[...]

  • Page 271

    set mobility-domain mode seed domain-name 271 set mobility-domain mode seed domain-name Creates a Mobility Domain by setting the curr ent WX switch as the seed device and naming the Mobility Domain. Syntax — set mobility-domain mode seed d omain-name mob-domain-name  mob-domain-name — Name of the Mobility Domain. Specify between 1 and 16 cha[...]

  • Page 272

    272 C HAPTER 9: M OBIL ITY D OMAIN C OMMANDS[...]

  • Page 273

    1 0 N ETWORK D OMAIN C OMMANDS Use Network Domain comman ds to configu re an d manage Net work Domain groups. A Network Domain is a group of geographically dispersed Mobility Domains that share information among themselves over a W AN link. This shared information allows a user configured on a WX switch in one Mobility Domain to establish connectiv[...]

  • Page 274

    274 C HAPTER 10: N ETWORK D OMAIN C OMMANDS clear network-domain Clears all Network Domain configuration and information from a WX switch, regar dless of whether the WX switch is a seed or a member of a Network Domain. Syntax — clear network-domain Defaults — None. Access — Enabled. History —Introduced in MSS 4.1. Examples — This command [...]

  • Page 275

    clear network-domain mode 275 clear network-domain mode Removes the Network Domain seed or member configuration from the WX switch. Syntax — clear network-domain mode {seed | member}  seed — Clears the Network Domain seed configuration from the WX switch.  member — Clears the Network Domain member configuration from the WX switch. Defau[...]

  • Page 276

    276 C HAPTER 10: N ETWORK D OMAIN C OMMANDS clear network-domain peer Removes the configuration of a Network Domain peer from a WX switch configured as a Network Domain seed. Syntax — clear network-domain peer { ip-addr | al l}  ip-addr — IP address of the Network Domain peer in dotted d ecimal notation.  all — Clears the Network Domain[...]

  • Page 277

    clear network-domain seed-ip 277 clear network-domain seed-ip Removes the specified Network Doma in seed fr om the WX switch’ s configuration. When you enter th is command, the Network Dom ain TCP connections between the WX switch and the specified Network Domain seed ar e closed. Syntax — clear network-domain seed-ip ip-addr  ip-addr — IP[...]

  • Page 278

    278 C HAPTER 10: N ETWORK D OMAIN C OMMANDS display network-domain Displays the status of Networ k Doma in seeds and members. Syntax — display network-domain Defaults — None. Access — Enabled. History —Introduced in MSS 4.1. Examples — T o display Network Domain status, type the following command. The output of the command differs based o[...]

  • Page 279

    display network-domain 279 T able 48 describes th e fields in the display . See Also  clear network-domain on page 274  set network-domain m ode member seed- ip on page 280  set network-domain m ode seed domain-name on page 282  set network-domain peer on page 281 T able 48 Radio-Spe cific Parameters Parameter Descripti on Output if WX [...]

  • Page 280

    280 C HAPTER 10: N ETWORK D OMAIN C OMMANDS set network-domain mode member seed-ip Sets the IP a ddr ess of a Network Doma in seed. This command is used for configuring a WX switch as a memb er of a Network Domain. Y ou can specify multiple Network Domain seeds and configur e one as the primary seed. Syntax — set network-domain mode member seed-i[...]

  • Page 281

    set network-domain peer 281 WX1200# se t network-domain mode member seed-i p 192.168.9.254 affinity 7 success: change accepted. See Also  clear network-domain on page 274  display network-domain on page 278 set network-domain peer On a Network Domain seed, configures one or mor e WX switches as redundant Network Domain se eds. Th e seeds in a[...]

  • Page 282

    282 C HAPTER 10: N ETWORK D OMAIN C OMMANDS set network-domain mode seed domain-name Creates a Network Domain by setting the current WX switch as a seed device and naming the Network Domain. Syntax — set network-domain mode seed do main-name net-domain-name  net-domain-name — Name of the Network Domain. Spec ify between 1 and 16 characters w[...]

  • Page 283

    11 M ANAGED A CCESS P OINT C OMMANDS Use MAP access point commands to configur e an d manage MAP acce ss points. Be sure to do the follo wing before using the commands:  Define the country-speci fic IEEE 802.1 1 r egulations on the WX switch. (See set system countrycode on page 56.)  Install the MAP access point and co nnect it to a port on t[...]

  • Page 284

    284 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set {ap | dap} radio auto -tune min-client-rate on page 340 set {ap | dap} rad io mode on page 341 set {ap | dap} rad io radio-profile on page 343 set dap auto radiotype on page 326 set {ap | dap} up grade-firmware on page 346 Externa l Antenna se t {ap | dap} radio antennatype on page 334 Radio P[...]

  • Page 285

    MAP Access Point Commands by Usage 28 5 set service-pr ofile wpa-ie on page 391 set service-pr ofile rsn-i e on page 383 set service-pr ofile cipher -ccmp on pa ge 377 set service-pr ofile cipher -tkip on pa ge 378 set service-pr ofile cipher -wep104 on page 379 set service-pr ofile cipher -wep40 on page 380 set service-pr ofile psk-p hrase on page[...]

  • Page 286

    286 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS clear {ap | dap} radio Disables a MAP radio and resets it to it s factory default settings. Syntax — clear { ap port-list | dap dap-num } radio { 1 | 2 | all }  ap port-list — List of ports connected to th e MAP access point(s) on which to reset a radio.  dap da p-num — Number of a Dis[...]

  • Page 287

    clear {ap | dap} radio 287 Defaults — The clear ap radio command resets the radio to the default settings listed in T able 50 and in T able 66 on page 362. Access — Enabled History —Introduced in MSS V ersion 3.0. Usage — When you clear a radio, MSS performs the following actions:  Clears the transmit power , chan nel, and external ante [...]

  • Page 288

    288 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS See Also  set {ap | dap} radio mode on page 341  set {ap | dap} radio radio-pr ofile on page 343  set port type ap on page 91 clear radio-profile Removes a radio profile or resets one of the profile’ s parameters to its default value. Syntax — clear radio-profile name [ parameter ] ?[...]

  • Page 289

    clear service-profile 289 Examples — The following co mmands disable the radios that ar e using radio profile rp1 and reset the beaconed-interval parameter to its default value: WX4400# set radio-profile rp1 mode d isable WX4400# clear radio-profile rp1 beac on-interval success: change accepted. The following comma nds disable the radi os that ar[...]

  • Page 290

    290 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Examples — The following co mmands disable the radios that ar e using radio profile rp6 , re move service-pr ofile svcprof6 from rp6 , then clear svcprof6 from the config uration. WX4400# set radio-profile rp6 mode d isable WX4400# clear radio-profile rp6 serv ice-profile svcprof6 success: chang[...]

  • Page 291

    display {ap | dap} config 291 Examples — The following example shows configuration inf ormation for a MAP access point on WX port 2: WX1200# display ap config 2 Port 1: AP model: AP2750, POE: ena ble, bias: high, name: MAP01 boot-download-enable: YES load balancing group: non e Radio 1: type: 802.11g, mode: ena bled, channel: dynamic tx pwr: dyna[...]

  • Page 292

    292 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS name MAP access point name. boot-download- enable State of the firmware upgrade option:  YES (automatic upgrades are enabled)  NO (automatic upgrades are disabled) load balancing group Names of the MAP load-balancing grou ps to which the MAP access point belongs. If the value is None , the a[...]

  • Page 293

    display {ap | dap} config 293 See Also  display dap connection on page 313  display dap global on page 314  display dap unconfigur ed on page 31 6  display radio-profile on page 317  set dap on page 81  set port type ap on p age 91  set {ap | dap} bias on page 328  set {ap | dap} gr oup on page 332  set {ap | dap} name on[...]

  • Page 294

    294 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS display {ap | dap} counters Displays MAP access point and radio statistics counters. Syntax — display ap counters [ port-list [ radio { 1 | 2 }]] Syntax — display dap counters [ dap-num [ radio { 1 | 2 }]]  port-list — List of ports connected to the MAP access point(s) for which to displa[...]

  • Page 295

    display {ap | dap} counters 295 Examples — The following co mmand shows statistics counters for Distributed MAP 7: WX1200# display dap counters 7 Port: 6 radio: 1 ================================= LastPktXferRate 2 Pkt TxCount 91594255 NumCntInPwrSave 4294966683Mul tiPktDrop 0 LastPktRxSigStrength -54 Mul tiBytDrop 0 LastPktSigNoiseRatio 40 Use r[...]

  • Page 296

    296 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS T able 52 describes the fields in this display . T able 52 Output for display ap counters Field Description DAP Distributed MAP number. Port WX port number (if the MAP is directly connected to the WX and the WX port is configured as a MAP access point). radio Radio number. LastPktXferRate Data tra[...]

  • Page 297

    display {ap | dap} counters 297 CCMP Pkt Transfer Ct Total number of CCMP packets sent and received by the radio. Radio Recv Phy Err Ct Number of times radar caused packet errors. If this counter increments rapidly, there is a problem in the RF environment. This counter increments only when radar is detected. Rate-specific Phy errors are instead co[...]

  • Page 298

    298 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS User Sessions Number of clients currently associated with the radio. Generally, this counter is equ al to the number of sess ions listed for the radio in display se ssions output. However, the counter can differ from the counter in disp lay sessions output if a client is a ssociated with the radio[...]

  • Page 299

    display {ap | dap} counters 299 Noise Floor Received signal strength at which the MAP can no longer distinguish 802.11 packets from ambient RF no ise. A value around -90 or higher is goo d for an 802.11b/g radio. A value around -80 or higher is good for an 802.11a radio. Val ues near 0 can indicate RF interference. 802.3 Packet Rx Ct Number of raw [...]

  • Page 300

    300 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS See Also  display sessions network on page 525 display {ap | dap} qos-stats Displays statistics fo r MAP forwarding queues. Syntax — display dap qos-stats [ dap-num ] Syntax — display ap qos-stats [ port-list ]  dap-num — Number of a Distributed MAP for which to display QoS statistics [...]

  • Page 301

    display {ap | dap} etherstats 301 T able 53 describes th e fields in this display . display {ap | dap} etherstats Displays Ethernet statistics for a MAP’ s Ethernet ports. Syntax — display { ap | dap } etherstats [ port-list | dap-num ]  port-list — List of WX switch ports directly connected to t he MAPs for which to d isplay counters. [...]

  • Page 302

    302 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS T able 54 describes the fields in this display . T able 54 Output of display ap etherstats Field Descri ption RxUnicast Number of unicast frames rece ived. RxMulticast Number of multicast frames received. RxBroadcast Number of broadcast frames received. RxGoodFrames Number of frames received prope[...]

  • Page 303

    display {ap | dap} group 303 display {ap | dap} group Displays configuration in formation and load-balancing status for MAP access point groups. Syntax — display { ap | dap } group [ name ]  name — Name of a MAP gr oup or Distributed MAP group. Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Examples — The[...]

  • Page 304

    304 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS display {ap | dap} status Displays MAP access point and radio status information. Syntax — display ap status [terse] [ port-l ist | all [ radio { 1 | 2 }]] Syntax — display dap status [terse] [ dap-n um [ radio { 1 | 2 }]]  terse — Displays a brief line of essent ial status information fo[...]

  • Page 305

    display {ap | dap} status 305 Examples — The follow ing command displays the status of a Distributed MAP: WX4400# display dap status 1 Dap: 1, IP-addr: 10.2.34.56 (vlan 'v lan-corp'), MAP model: AP2750, manufacturer: 3Com, name: DA P01 fingerprint: b4 : f9:2a:52:37:58:f4:d0:10 :75:43:2f:45:c9:52:c3 ==================================== =[...]

  • Page 306

    306 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS The following command uses the terse option to display brief information for Distributed MAPs: WX4400# display dap status terse Total number of entries: 4 Operational: 1, Image Downloading: 0 , Unknown: 3, Other: 0 Flags: o = operational, b = booting, d = image downloading c = configuring, f = con[...]

  • Page 307

    display {ap | dap} status 307 MAP port MAP port number connec ted to this WX port. State State of the MAP:  init — The MAP has been recognized by the WX but has not yet begun booting.  booting — The MAP has asked the WX for a boot image.  image down loading — The MAP is receiving a boot image from the WX.  image do wnloaded — Th[...]

  • Page 308

    308 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Radio 1 type Radio 2 type 802.11 type and configur ation state of the radio.  The configure succeed state indicates that the MAP has received configuration parameters for the radio and t he radio is ready to accept client connections.  802.11b protect indic ates that the 802.11b/g radio is s[...]

  • Page 309

    display auto-tune attributes 309 display auto-tune attributes Displays the current values of the RF attributes RF Auto-T uning uses to decide whether to change channel or po wer settings. Syntax — display auto-tune attributes [ ap map-num [ radio { 1 | 2 | all }]] Syntax — display auto-tune attributes [ dap dap-num [ radio { 1 | 2 | all }]] [...]

  • Page 310

    310 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Access — Enabled. History —Introduced in MSS V ersion 3.0. Examples — The following co mmand displa ys RF attribute information for radio 1 on the directly conne cted MAP access point on port 2: WX1200# display auto-tune attributes ap 2 radio 1 Auto-tune attributes for port 2 radi o 1: Noise[...]

  • Page 311

    display auto-tune neighbors 311  set radio-profile auto-tune channel-interval on page 351  set radio-profile auto-tune power -backoff- timer on page 352  set radio-profile auto-tune power -config on page 353  set radio-profile auto-tune power -interval on page 354 display auto-tune neighbors Displays the other 3Com radios an d third-par[...]

  • Page 312

    312 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Examples — The following co mmand displa ys neighbor information for radio 1 on the directly connected MAP access point on port 2: WX1200# display auto-tune neighbors ap 2 radio 1 Total number of entries for port 2 r adio 1: 5 Channel Neighbor BSS/MAC RSSI ------- ----------------- ---- 1 00:0b:[...]

  • Page 313

    display dap connection 313 display dap connection Displays the system IP address of the WX switch that booted a Distributed MAP . Syntax — display dap connection [ dap-num | serial-id serial-ID ]  dap-num — Number of a Distributed MAP for which to display information about it s active connect ion.  serial-id serial-ID — MAP access point[...]

  • Page 314

    314 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS The following command displays connec tion information specifically for a Distributed MAP with serial ID M9DE48B6EAD00 : WX1200# display dap connection seria l-id M9DE48B6EAD00 Total number of entries: 1 DAP Serial Id DAP IP Address WX IP Address --- ----------- --------------- --------------- 9 M[...]

  • Page 315

    display dap glob al 315 Usage — Connections are shown only for the Distribu ted MAPs that ar e configured on the WX switch fr om which you enter the command, and only for the Mobility Domain the switch is in. T o show information only for Distributed MAPs that have active connections, use the display dap connection command. Examples — The follo[...]

  • Page 316

    316 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS See Also  display {ap | dap} config on page 2 90  display dap connection on page 313  display dap unconfigur ed on page 31 6  set dap on page 81  set {ap | dap} bias on page 328 display dap unconfigured Displays Distributed MAPs that are physically connected to the network but that [...]

  • Page 317

    display radio-profile 317 T able 62 describes th e fields in this display . See Also  display dap connection on page 313  display dap global on page 314 display radio-profile Displays radio pr ofile information. Syntax — display radio-profile { name | ? }  name — Displays information ab out the named rad io pr ofile.  ? — Displays[...]

  • Page 318

    318 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Usage — MSS contains a default radio profile. 3Com recommends that you do not change this profile but instead keep the profile for r eference. Examples — The following co mmand shows radio pr ofile information for the default radio pr ofile: WX4400# display radio-profile defaul t Beacon Interv[...]

  • Page 319

    display radio-profile 319 Long Retry Limit Number of times a radio in the radio profile can send a long unicast frame without receiving an acknowl edgment. A long unicast frame is a frame that is equal to or longer than the RTS threshold. Long Preamble Indicates whether an 802.11b radio that uses th is radio profile advertises support for frames wi[...]

  • Page 320

    320 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS See Also  set radio-profile 11g-only on page 347  set radio-profile auto -tune channel-config on page 349  set radio-profile auto -tune channel-holddown on page 350  set radio-profile auto-tune ch annel-interval on page 351  set radio-profile auto-tune power -backoff- timer on page [...]

  • Page 321

    display service-profile 321 display service-profile Displays service profi le information. Syntax — display service-profile { name | ? }  name — Displays information about the named service profile.  ? — Displays a list of service profil es. Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. New fields add[...]

  • Page 322

    322 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS beacon Indicates whether the radio se nds beacons, to advertise the SSID:  no  yes auth-fallthru Secondary (fallthru) encryption type when a user tries to authenticate but the WX swit ch managing the radio does not have an authentication rule with a userglob that matches the username.  la[...]

  • Page 323

    display service-profile 323 See Also  set service-profile auth-dot1x on page 373  set service-profile auth-fallthru on page 374  set service-profile auth-psk on page 375  set service-profile beacon on page 376  set service-profile cipher -ccmp on page 377  set service-profile cipher -tkip on page 378  set service-profile cipher[...]

  • Page 324

    324 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS  set service-profile ssid-name on page 384  set service-profile ssid-type on page 385  set service-profile tkip-mc-time on page 386  set service-profile web-portal-form on page 387  set service-profile wep active-multicast- index on page 388  set service-profile we p active-unica[...]

  • Page 325

    set dap auto 32 5 set dap auto Creates a pr ofile for automatic configuration of Distribut ed MAPs. Syntax — set dap auto Defaults — None. Access — Enabled. History — Introduced in MSS 4.0. Usage — T able 65 lists the config urable pr ofile parameters and their defaults. The only parameter that requires configuration is the profile mode. [...]

  • Page 326

    326 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Examples — The following command creates a profile for automatic Distributed MAP configuration: WX1200# set dap auto success: change accepted. See Also  set dap aut o mode on page 327  set dap auto radiotype on page 326  set {ap | dap} bias on page 328  set {ap | dap} blink on page 3[...]

  • Page 327

    set dap auto mode 327  11a — 802.11a  11b — 802.11b  11g — 802.11g Defaults — The default radio type fo r models AP2750, MP-241, and MP-341, and for the 802.11b /g radios in other models is 802.11g in regulatory domains that support 802.11g, or 802.11b in regulatory domains that do not support 802.11g. MAP radios configured for 802[...]

  • Page 328

    328 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Examples — The following co mmand enables the pr ofile for automatic Distributed MAP configuration: WX4400# set dap auto mode enable success: change accepted. See Also  set dap auto on page 325  set dap auto radiotype on page 326  set {ap | dap} bias on page 328  set {ap | dap} blink[...]

  • Page 329

    set {ap | dap} bias 329 Access — Enabled. History —Introduced in MSS V ersion 3.0. Option auto added for configuration of the MAP configuration profile. Usage — High bias is preferr ed over low bias. Bias applies only to WX switches that are indir ect ly attached to the MAP thr ough an intermediate Layer 2 or Layer 3 network. A MA P always at[...]

  • Page 330

    330 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set {ap | dap} blink Enables or disables LED blink mode on a MAP access point to make it easy to identify . When blink mode is enabled on an AP2750, the 11a LED blinks on and off. When blink mode is enabled on an AP7250, the Radio LED flashes r ed and the Power LED flashes green/or ange. The Ether[...]

  • Page 331

    set dap fingerprint 33 1 Usage — Changing the LED blink mode does not alter operation of the MAP access point. Only the behavior of the LEDs is affecte d. Examples — The following co mmand enables LED blink mode on the MAP access points connected to por ts 3 and 4: WX1200# set ap 3-4 blink enable success: change accepted. set dap fingerprint V [...]

  • Page 332

    332 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Examples — The following example verifies the fingerprint for Distributed MAP 8: WX4400# set dap 8 fingerprint b4:f9:2a:52:37:58:f4:d0:10:75:43:2f: 45:c9:52:c3 success: change accepted. See Also  set dap security on page 345  set service-profile ci pher -wep40 on page 380 on page 391  d[...]

  • Page 333

    set {ap | d ap} name 333 If you use the name none , spelled in any combination of capital or lowercase letters, the specified MAP ac cess point is clear ed fr om all MAP access point groups. Examples — The following co mmand configur es a MAP access point group named loadbalance1 that contains the MAP access poin ts on ports 1, 3, and 5: WX1200# [...]

  • Page 334

    334 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Examples — The following co mmand ch anges the name of the MAP access point on port 1 to techp ubs : WX1200# set ap 1 name techpubs success: change accepted. See Also  display {ap | dap} config on page 2 90 set {ap | dap} radio antennatype Sets the model number for an external antenna. Syntax[...]

  • Page 335

    set {ap | dap} radio auto-tune max-power 335  antennatype { ANT-1360-OUT | ANT5360-OUT | ANT5060 | ANT51 20-OUT | internal } — 802.11a external antenna models:  ANT1360-OUT — 360° 802.11b/g antenna  ANT5360-OUT — 360° 802.11a antenna  ANT5060-OUT — 60° 802.11a antenna  ANT5120-OUT — 120° 802.11a antenna  internal —[...]

  • Page 336

    336 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS  dap auto — Sets the ma ximum power fo r radios conf igure d by the MAP configur ation pr ofile. (See set dap auto on page 325.)  radio 1 — Radio 1 of the MAP .  radio 2 — Radio 2 of the MAP . (This option does not apply to single-radio models.)  power-level — Maximum power set[...]

  • Page 337

    set {ap | dap} radio auto-tune max- retransmissions 337 set {ap | dap} radio auto-tune max- retransmissions Sets the maximum percentage of c lient retransmissions a radio can experience before RF Auto-T uning considers changing the channel on the radio. A high percentage of retransmissions is a symptom of interference on the channel. Syntax — set[...]

  • Page 338

    338 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS The interval is 1000 pack ets. If mor e than the specified percentage of packets within a group of 1000 pa ckets received by the radio are retransmissions, the radio incr eases power . When the percentage of r e transmissions exceeds the max-retransmissions thre shold, the r adio does not im media[...]

  • Page 339

    set {ap | dap} radio channel 339 set {ap | dap} radio channel Sets a MAP radio’ s channel. Syntax — set { ap port-list | dap dap-num } radio { 1 | 2 } channel channel-number  ap port-list — List of ports connected to the MAP access points on which to set the channel.  dap dap-num — Number of a Distributed MAP on which to set the chann[...]

  • Page 340

    340 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS See Also  display {ap | dap} config on page 2 90  set {ap | dap} radio tx-power on page 344 set {ap | dap} radio auto-tune min-client-rate Sets the minimum rate at which a radi o is allowed to transmit traf fic to clients. The radio automatically in cr eases its transmit power when necessary[...]

  • Page 341

    set {ap | dap} radio mode 341 Usage — If the data rate for traffic sent by a radio to an ass ociated client falls below the default minimum ra te, the radio increases power , in 1 dBm increments, until all clients ar e at or above the minimum ra te. After all clients are at or above the minimum data t ransmit rate, the radio reduces power by 1 dB[...]

  • Page 342

    342 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS  radio 2 — Radio 2 of the MAP . (This option does not apply to single-radio models.)  mode enable — Enables a radio.  mode disable — Disables a radio. Defaults — MAP access point radios are disabled by default. Access — Enabled. History —Introduced in MSS V ersion 3.0. Option [...]

  • Page 343

    set {ap | dap} radio radio-profile 343 set {ap | dap} radio radio-profile Assigns a radio profile to a MAP radi o and enables or disables the radio. Syntax — set { ap port-list | dap dap-num | auto } radio { 1 | 2 } radio-profile name mode { enable | disable }  ap port-list — List of ports.  dap dap-num — Number of a Distributed MAP . ?[...]

  • Page 344

    344 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS  set {ap | dap} radio mode on page 341  set radio-profile mode on page 362 set {ap | dap} radio tx-power Sets a MAP r adio’ s transmit power . Syntax — set { ap port-list | dap dap-num } radio { 1 | 2 } tx-power power-level  ap port-list — List of ports connected to the MAP access p[...]

  • Page 345

    set dap security 345 Examples — The following command configures the transmit power on the 802.11a radio on the MAP access point connected to port 5: WX1200# set ap 5 radio 1 tx-power 10 success: change accepted. The following command configures the channel and tran smit power on the 802.11b/g radio on the MAP access point connected to port 1: WX[...]

  • Page 346

    346 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS History —Introduced in MSS 4.0. Usage — This parameter applies to all Distributed MAPs managed by the switch. If you change the set ting to req ui red , th e s wit ch req uire s Distributed MAPs to have encryption keys. The switch also requir es their fingerprints to be verified in MSS. When M[...]

  • Page 347

    set radio-profile 11g-only 347 Defaults — Automatic firmware upgrades of MAP access points ar e enabled by default. Access — Enabled. History —Introduced in MSS V ersion 3.0. Option auto added for configuration of the MAP configuration profile. Usage — When the feature is enabled on an WX port, a MAP access point connected to that port upgr[...]

  • Page 348

    348 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Even when association of 802.11b clients is disabled, if an 802.11b/g radio detects a beacon from an 802.11b network, the radio enters protection mode to guard against interfer ence. The set radio-profile 11g-only command does not affect the radio support configured with the set port type ap comma[...]

  • Page 349

    set radio-profile auto-tune channel-config 349 Defaults — Active scanning is enabled by default. Access — Enabled. History —Introduced in MSS V ersion 4.0. Usage — Y ou can enter this command on any WX switch in the Mobility Domain. The command ta kes ef fect only on that switch. Examples — The following command disables active scan in ra[...]

  • Page 350

    350 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS RF Auto-T uning of channels on 802.11a radios uses only the bot tom eight channels in the band (36, 40, 44, 48, 52, 56, 60, and 64). T o use a higher channel number , you must disable RF Auto-T un ing of channels on the radio profile the radio is in, and use the set {ap | dap} radio channel comman[...]

  • Page 351

    set radio-profile auto-tune channel-interval 351 Usage — The channel holddown applies ev en if RF anomalies occur that normally cause an immediate channel change. Examples — The following co mmand changes the channel holddown for radios in radio profile rp2 to 600 seconds: WX4400# set radio-profile rp2 auto-t une channel-holddown 600 success: c[...]

  • Page 352

    352 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Examples — The following command sets the channel interval for radios in radio pr ofile rp2 to 2700 seconds (45 minutes): WX4400# set radio-profile rp2 auto-tune channel-interval 2700 success: change accepted. See Also  set radio-profile auto -tune channel-config on page 349  set radio-pro[...]

  • Page 353

    set radio-profile auto-tune power-config 353  set {ap | dap} radio auto-tune max- r etransmissions on page 337  set radio-profile auto-tune power -config on page 353  set radio-profile auto-tune power -interval on page 354 set radio-profile auto-tune power -config Enables or disables dynamic p ower tuning (RF Auto-T uning) for the MAP radi[...]

  • Page 354

    354 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS  set radio-profile auto-tune power -backoff- timer on page 352  set radio-profile auto-tune power -interval on page 354 set radio-profile auto-tune power -interval Sets the interval at which RF Auto-T uning decid es whether to change the power level on radios in a radio profil e. At the end [...]

  • Page 355

    set radio-profile beacon-interval 35 5 set radio-profile beacon-interval Changes the rate at which each MAP radio in a radio profile advertises its service set identifier (SS ID). Syntax — set radio-profile name beacon-interva l interval  name — Radio profile name.  interval — Number of milliseconds (ms) between beacons. Y ou can specif[...]

  • Page 356

    356 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS MAP radios can also issue countermeasures against interfering devices. An interfering device is not part of the 3Com network but also is not a ro gue. No client conne cted to the device has been detected communicating with any network entity listed in the forwarding database (FDD) of any WX switch[...]

  • Page 357

    set radio-profile dtim-interval 357 The following command causes ra d ios managed by radio pr ofile radprof3 to issue countermeasures against device s in the WX switch’ s attack list: WX1200# set radio-profile radprof3 countermeasures configu red success: change accepted. Note that when you issue this command, countermeasures are then issued only[...]

  • Page 358

    358 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS See Also  display radio-profile on page 317  set radio-profile mode on page 362 set radio-profile frag-threshold Changes the fragmentation threshold for th e MAP radios in a radio pr ofile. The fragmentation threshold specifies the ma ximum length a frame is allowed to be without being broke[...]

  • Page 359

    set radio-profile long-retry 359 set radio-profile long-retry Changes the long retry threshold for the MAP radios in a radio pr ofile. The long retry threshold specifies th e number of times a radio can send a long unicast frame without receiving an acknowledgment. A long unicast frame is a frame that is equal to or longer than the Request-to-Sen d[...]

  • Page 360

    360 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set radio-profile max-rx-lifetime Changes the maximu m r eceive threshold for the MAP radios in a radio profile. The maximum r eceive thre shold specifies the number of milliseconds that a frame received by a radio can remain in buffer memory . Syntax — set radio-profile name max-rx-l ifetime ti[...]

  • Page 361

    set radio-profile max-tx-lifetime 361 set radio-profile max-tx-lifetime Changes the maximum transmit threshold for the MAP radios in a radio profile. The maximum transmit threshold specifies the number of milliseconds that a frame scheduled to be transmitted by a radio can remain in buf fer memory . Syntax — set radio-profile name max-tx-lifetime[...]

  • Page 362

    362 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set radio-profile mode Creates a new radio profile, or disabl es or reena bles all MAP radios that are using a specific pr ofile. Syntax — set radio-profile name [ mode { enable | disable }]  radio-profile name — Radio pr ofile name of up to 16 alphanumer ic characters, with no spaces. Use [...]

  • Page 363

    set radio-profile mode 363 Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — Use the command without any optional parameters to cr eate new profile. If the radio profile does not alr eady exist, MSS creates a new radio profile. Use the enable or disable option to enable or disable all the radios using a profile. T o assign t [...]

  • Page 364

    364 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Examples — The following command config ur es a new radio profile named rp1 : WX4400# set radio-profile rp1 success: change accepted. The following command enables the radios that use radio profile rp1 : WX4400# set radio-profile rp1 mode e nable The following comma nds disable the radios t hat [...]

  • Page 365

    set radio-profile rts-threshold 365 Usage — Changing the preamble length value af fects only the support advertised by the radio. Regardless of the preamble length setting ( short or long ), an 802.11b/g radio accepts a nd can generat e 802.11b/g frames with either short or long preambles. If a client associated with an 802.11b/g radio uses long [...]

  • Page 366

    366 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS History —Introduced in MSS V ersion 3.0. Usage — Y ou must disable all radios that are using a radio profile befor e you can change pa rameters in t he pr ofile. Use the set radio-profile mode command . Examples — The following co mmand changes the RTS threshold for radio profile rp1 to 1500[...]

  • Page 367

    set radio-profile service-profile 367 auth-fallthru web-auth Uses WebAAA for users who do not match an 802.1X or MAC authentication rule for the SSID requeste d by the user. auth-psk disable Does not suppo rt using a preshared key (PSK) to authenticate WPA clients. beacon enable Sends beacons to advertise the SSID managed by the servic e profile. c[...]

  • Page 368

    368 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — Y ou must configure the service profile before you can map it to a radio profile. Y ou can map the same service profile to mor e than one radio profile. Y ou must disable all radios that use a radio profile before you can cha[...]

  • Page 369

    set radio-profile short-retry 369  set service-profile cipher -ccmp on page 377  set service-profile cipher -tkip on page 378  set service-profile cipher -wep104 on page 379  set service-profile cipher -wep40 on page 380  set service-profile psk-phrase on page 381  set service-profile psk-raw on page 382  set service-profile rs[...]

  • Page 370

    370 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Usage — Y ou must disable all radios that are using a radio profile befor e you can change pa rameters in t he pr ofile. Use the set radio-profile mode command . Examples — The following co mmand changes the short retry threshold for radio profile rp1 to 3: WX4400# set radio-profile rp1 short-[...]

  • Page 371

    set service-profile attr 371 If you plan to use SVP or another non-WMM type of prioritizatio n, you must configure ACLs to tag the packets. (See the “Enabling Prioritization for Legacy V oice over IP” section in the “Configuring and Managing Security ACLs” chapter of the W ireless LAN Switch and Controller Configuration Guide .) Examples ?[...]

  • Page 372

    372 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS The SSID default attributes ar e applied in addition to any attributes supplied for the user by the RADIUS server or the local database. Wh en the same attribute is specifie d both as an SSID default attribute and thr ough AAA, then the attribute supplied by the RADIUS server or the local database[...]

  • Page 373

    set service-profile auth-dot1x 37 3 See Also  display service-profile on page 321  display sessions network on page 525 set service-profile auth-dot1x Disables or reenables 802.1X authentication of Wi-Fi Protected Access (WP A) clients by MAP radios, when th e WP A information element (IE) is enabled in the service profile that is mapped to t[...]

  • Page 374

    374 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS See Also  display service-profile on page 321  set service-profile auth-psk on page 375  set service-profile psk-phrase on page 381  set service-profile wpa-ie on page 391 set service-profile auth-fallthru Specifies the au thentication type for users w ho do not match an 802.1X or MAC [...]

  • Page 375

    set service-profile auth-psk 375 Access — Enabled. History —Introduced in MSS V e rsion 3.0. Option for W ebAAA fallthru authentication type changed from web-auth to web-portal in MSS V ersion 4.1. Usage — The last-resort fallthru authentication type allows any user to access any SSID managed by the service profile. This method does not requi[...]

  • Page 376

    376 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — This command affects authentication of WP A clients only . T o use PSK au thentication, you also must configure a passphrase or key . In addition, you must enable the WP A IE. The WebAAA fallthru authentication type is not su[...]

  • Page 377

    set service-profile cipher-ccmp 37 7  enable — Enables beaconing of the SSID managed by the service profile.  disable — Disables beaconing of the SSID managed by the service profile. Defaults — Beaconing is e nabled by default. Access — Enabled. History —Introduced in MSS V ersion 3.0. Examples — The following co mmand disa bles b[...]

  • Page 378

    378 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Examples — The following co mmand c onfigures service profile sp2 to use CCMP encryption: WX4400# set service-profile sp2 cipher-ccmp enable success: change accepted. See Also  set service-profile cipher -tkip on page 378  set service-profile cipher -wep104 on page 379  set service-prof[...]

  • Page 379

    set service-profile cipher-wep104 379  set service-profile tkip-mc-time on page 386  set service-profile wpa-ie on page 391 set service-profile cipher -wep104 Enables dynamic W ir ed Equivalent Privacy (WEP) with 104-bit keys, in a service profile. Syntax — set service-profile name cipher-w ep104 { enable | disable }  name — Service pr[...]

  • Page 380

    380 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS See Also  set service-profile cipher -ccmp on page 377  set service-profile cipher -tkip on page 378  set service-profile cipher -wep40 on page 380  set service-profile wep key-index on page 390  set service-profile wpa-ie on page 391 set service-profile cipher -wep40 Enables dyna m[...]

  • Page 381

    set service-profile psk-phrase 381 Examples — The following co mmand c onfigures service profile sp2 to use 40-bit WEP encryp tion: WX4400# set service-profile sp2 cipher-wep40 enable success: change accepted. See Also  set service-profile cipher -ccmp on page 377  set service-profile cipher -tkip on page 378  set service-profile cipher [...]

  • Page 382

    382 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS Examples — The following co mmand c onfigures service profile sp3 to use passphrase “123456789 0123<>?=+&% The quick brown fox jumps over the lazy sl”: WX4400# set service-profile sp3 psk-phrase "1234567890123<> ?=+&% The quick brown fox jumps over the lazy sl" [...]

  • Page 383

    set service-profile rsn-ie 383 Examples — The following co mmand c onfigures service profile sp3 to use a raw PSK with PSK clients: WX4400# set service-profile sp3 psk-raw c25d3fe4483e867 d1df96eaacdf8b02451fa0836162e758100f 5f6b87965e59d success: change accepted. See Also  set mac-user attr on page 249  set service-profile auth-psk on page[...]

  • Page 384

    384 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set service-profile shar ed-key-auth Enables shared-key authentication, in a service profile. Use this command only if advised to do so by 3Com. This command does not enable preshare d key (PSK) authentication for W i-Fi Protected Access (WP A). T o enable PSK encryption for WP A, use the set serv[...]

  • Page 385

    set service-profile ssid-type 385 Access — Enabled. History —Introduced in MSS V e rsion 3.0. Support added for blank spaces in the SSID name in MSS V ersion 4.0. Examples — The following co mmand applies the name guest to the SSID managed by service profile clear_wlan : WX4400# set service-profile clear_wlan ssid-name guest success: change a[...]

  • Page 386

    386 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set service-profile tkip-mc-time Changes the length of time that MA P radios use countermeasures if two message integrity code (MIC) f ailur es occur within 60 secon ds. When countermeasures ar e in effect, MAP radios dissociate all TKIP and WP A WEP clients and refuse all association and reassoci[...]

  • Page 387

    set service-profile web-portal-form 387 set service-profile web-portal-form Specifies a custom login page to serve to WebAAA users who r equest the SSID managed by the service profile. Syntax — set service-profile name web-portal- form url  name — Service pr ofile name.  url — WX subdirectory name and HT ML page name of the login page. [...]

  • Page 388

    388 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS file:corpa-login.html 637 bytes Aug 12 2004, 15:42 :26 file:corpa-logo.jpg 1202 bytes Aug 12 2004, 15:57 :11 Total: 1839 bytes used, 20657 7 Kbytes free WX4400# set service-profile corpa-se rvice web-aaa-form corpa-ssid/ corpa-login.html success: change accepted. See Also  copy on page 567  [...]

  • Page 389

    set service-profile wep active-unicast- index 389 See Also  set service-profile we p active-unicast- index on page 389  set service-profile wep key-index on page 390 set service-profile wep active-unicast- index Specifies the static W ired-Equivalent Privacy (WEP) key (one of four) to use for encrypting unicast frames. Syntax — set service-[...]

  • Page 390

    390 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS set service-profile wep key-index Sets the value of one of four static Wired-Equivalent Privacy (WEP) keys for static WEP encryption. Syntax — set service-profile name wep key-in dex num key value  name — Service pr ofile name.  key-index num — WEP key index. Y ou can enter a value fr [...]

  • Page 391

    set service-profile wpa-ie 391 set service-profile wpa-ie Enables the WP A information element (IE) in wireless frames. The WP A IE advertises the WP A authentication meth ods and cipher suites supported by radios in the radio profil e mapped to the service profile. Syntax — set service-profile name wpa-ie { ena ble | disable }  name — Servi[...]

  • Page 392

    392 C HAPTER 11: M ANAGED A CCESS P OINT C OMM ANDS[...]

  • Page 393

    12 STP C OMMANDS Use Spanning T ree Protocol (STP) commands to configure and manage spanning trees on the virtual LANs (VLANs) configured on a wir eless LAN switch or controller , to maintain a loop-free network. STP Commands by Usage This chapter pr esents STP comman d s alphabetically . Use the following table to locate commands in this chapter b[...]

  • Page 394

    394 C HAPTER 12: STP C OMMANDS clear spantree portcost Resets to the default value t he cost of a network port or ports on paths to the STP root bridge in all VLANs on a WX switch. Syntax — clear spantree portcost port-list  port-list — List of ports. The port cost is r eset on the specified ports. Defaults — None. Access — Enabled. Hist[...]

  • Page 395

    clear spantree portpri 39 5 clear spantree portpri Resets to the default value the priority of a network port or ports for selection as part of the path to th e STP root bridge in all VLANs on a wireless LAN switch or contr oller . Syntax — clear spantree portpri port-list  port-list — List of ports. The p ort priority is re set to 32 (the d[...]

  • Page 396

    396 C HAPTER 12: STP C OMMANDS  vlan vlan-id — VLAN name or number . MSS resets the cost for only the specified VLAN. Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — MSS does not change a port’ s cost for VLANs other than the one(s) you specify . Examples — The following co mmand r esets the STP [...]

  • Page 397

    clear spantree statistics 39 7 History —Introduced in MSS V ersion 3.0. Usage — MSS does not change a port’ s priority for VLANs other than t he one(s) you specify . Examples — The following command r esets the STP priority for p ort 2 in VLAN avocado: WX4400# clear spantree portvlanpri 2 vlan avocado success: change accepted. See Also  [...]

  • Page 398

    398 C HAPTER 12: STP C OMMANDS display spantree Displays STP configuratio n and port-state information. Syntax — display spantree [ port-list | vlan vlan-id ] [ active ]  port-list — List of ports. If you do not specify any ports, MSS displays STP information for all ports.  vlan vlan-id — VLAN name or number . If you do not specify a V[...]

  • Page 399

    display spantree 399 T able 69 describes th e fields in this display . T able 69 Output for display spantree Field Description VLAN VLAN number. Spanning tree mode In the current software version, the mode is always PVST+, which means Per VLAN Spanning T ree+. Spanning tree type In the current software vers ion, the type is always IEEE, which means[...]

  • Page 400

    400 C HAPTER 12: STP C OMMANDS See Also  display spantree blockedports on page 401 display spantree backbonefast Indicates whether the STP backbone fa st convergence featur e is enabled or disabled. Syntax — display spantree backbonefast Defaults — None. Access — All. History —Introduced in MSS V ersion 3.0. Port-State STP state of the p[...]

  • Page 401

    display spantree blockedports 401 Examples — The following example shows the command out put on a WX switch with backbone fast convergence enabled: WX4400# display spantree backbonefas t Backbonefast is enabled See Also  set spantree backbonefast on page 411 display spantree blockedports Lists information abou t wi r eless LAN switch ports tha[...]

  • Page 402

    402 C HAPTER 12: STP C OMMANDS display spantree portfast Displays STP uplink fast convergence information for all network p orts or for one or more network ports . Syntax — display spantree portfast [ port-list ]  port-list — List of ports. If you do not specify any ports, MSS displays uplink fast converge nce information for all por ts. Def[...]

  • Page 403

    display spantree portvlancost 403 display spantree portvlancost Shows the cost o f a port on a path to the STP root bridge, for each of the port’ s VLANs. Syntax — display spantree portvlancost port-list  port-list — List of ports. Defaults — None. Access — All. History —Introduced in MSS V ersion 3.0. Examples — The following co m[...]

  • Page 404

    404 C HAPTER 12: STP C OMMANDS Usage — The command displays statistics separately for each port. Examples — The following co mmand shows STP statistics for port 1: WX4400# display spantree statistics 1 BPDU related parameters Port 1 VLAN 1 spanning tree enabled for VLAN = 1 port spanning tree enabled state Forwarding port_id 0x8015 port_number [...]

  • Page 405

    display spantree statistics 405 topology change timer value 0 hold timer INACTIVE hold timer value 0 delay root port timer INACTIVE delay root port timer value 0 delay root port timer restarted is FALSE VLAN based information & statistics spanning tree type ieee spanning tree multicast address 01-00-0c-cc-cc-cd bridge priority 32768 bridge MAC [...]

  • Page 406

    406 C HAPTER 12: STP C OMMANDS T able 71 Output for display spantree statis tics Field Descri ption Port Port number. VLAN VLAN ID. Spanning Tree enabled for vlan State of the STP feature on the VLAN. port spanning tree State of the STP feature on the port. state STP state of the port:  Blocking — The port is not forwarding Layer 2 traffic but[...]

  • Page 407

    display spantree statistics 407 config_pending I ndicates whether a configured BPDU is to be transmitted on expiration of the hold timer for the port. port_inconsistency Indicates whether the port is in an inconsistent state. config BPDU’s xmitted Number of BPDUs transmitted from the port. A number in parentheses indicates the number of configure[...]

  • Page 408

    408 C HAPTER 12: STP C OMMANDS hold timer Status of the hold timer. This timer ensures that configured BPDUs are not transmitted too frequently through any bridge port. hold timer value Current value of the hold timer, in seconds. delay root port timer Status of the delay root po rt timer, which enables fast convergence when uplink fast convergence[...]

  • Page 409

    display spantree uplinkfast 409 See Also  clear spantree stati stics on page 397 display spantree uplinkfast Shows uplink fast convergence infor m ation for one VLAN or all VLANs. Syntax — display spantree uplinkfast [ vlan vlan- id ]  vlan vlan-id — VLAN name or number . If you do not specify a VLAN, MSS displays STP statistics for all V[...]

  • Page 410

    410 C HAPTER 12: STP C OMMANDS Examples — The following co mmand shows uplink fast convergence information for all VLANs: WX4400# display spantree uplinkfast VLAN port list ------------------------------------ ------------------------------------ 1 1(fwd),2,3 T able 72 describes th e fields in this display . See Also  set spantree uplinkfast o[...]

  • Page 411

    set spantree backbonefast 411 Examples — The following co mmand enables STP on all VLANs configured on a WX switch: WX4400# set spantree enable success: change accepted. The following command disables STP on VLAN burgundy: WX4400# set spantree disable vlan bu rgundy success: change accepted. See Also  display spantree on page 398 set spantree [...]

  • Page 412

    412 C HAPTER 12: STP C OMMANDS See Also  display spantree backbonefast on page 400 set spantree fwddelay Changes the period of time after a topology change that a WX switch which is not the root bridge waits to begin forwar ding Layer 2 traffic on one or all of its configured VLANs. (The r oot bridge always forwards traffic.) Syntax — set span[...]

  • Page 413

    set spantree maxage 413  vlan vlan-id — VLAN name or number . MS S changes the interval on only the specified VLAN. Defaults — The default hello timer interval is 2 seconds. Access — Enabled. History —Introduced in MSS V ersion 3.0. Examples — The following co mmand change s the hello interval for all VLANs to 4 seconds: WX4400# set sp[...]

  • Page 414

    414 C HAPTER 12: STP C OMMANDS Examples — The following command changes the maximum acceptable age for root bridge hello packets on all VLANs to 15 seconds: WX4400# set spantree maxage 15 all success: change accepted. See Also  display spantree on page 398 set spantree portcost Changes the cost that transmission through a network port or ports[...]

  • Page 415

    set spantree portfast 415 Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — This command applies only to the defa ult VLAN (V LAN 1). T o change the cost of a port in ano ther VLAN, use the set spantr ee portvlancost command. Examples — The following command changes the cost on ports 3 and 4 to 20: WX1200# set spantree port[...]

  • Page 416

    416 C HAPTER 12: STP C OMMANDS Examples — The following co mmand enab les port fast convergence on ports 2, 5, and 7: WX1200# set spantree portfast port 2 ,4,7 enable success: change accepted. See Also  display spantree portfast on page 402 set spantree portpri Changes the STP priority of a network port or ports for select ion as part of the p[...]

  • Page 417

    set spantree portvlancost 417 set spantree portvlancost Changes the cost of a network por t or ports on paths to the STP root bridge for a specific VLAN on a wireless LAN switch. Syntax — set spantree portvlancost port-lis t cost cost { all | vlan vlan-id }  port-list — List of ports. MSS applies the cost change to all the specified ports. ?[...]

  • Page 418

    418 C HAPTER 12: STP C OMMANDS set spantree portvlanpri Changes the priority of a network port or ports for selectio n as part of the path to the STP root bridge, on one VLAN or all VLANs. Syntax — set spantree portvlanpri port-list priority value { all | vlan vlan-id }  port-list — List of ports. MSS changes the priority on the specified po[...]

  • Page 419

    set spantree priority 419 set spantree priority Changes the STP root bridge priority of a wir eless LAN switch on one or all of its VLANs. Syntax — set spantree priority value { all | v lan vlan-id}  priority value — Priority value. Y ou ca n specify a value from 0 through 65,535. The bridge with the lo west priority value is elected to be t[...]

  • Page 420

    420 C HAPTER 12: STP C OMMANDS History —Introduced in MSS V ersion 3.0. Usage — The uplink fast convergence feature is applicable to bridges that are acting as access switches to the net work cor e (distribution layer) but are not in the core themselves. Do not enable the feature on WX switches that are in the network cor e. Examples — The fo[...]

  • Page 421

    13 IGMP S NOOPING C OMMANDS Use Internet Group Management Pr otocol (IGMP) snooping commands to configure and manage multicast traff ic reduction on a WX. Commands by usage This chapter presents IGMP snooping commands alphabetically . Use the T able 74 to locate commands in this chap ter based on their use. T able 74 IGMP Commands by Usage Type Com[...]

  • Page 422

    422 C HAPTER 13: IGMP S NOOPING C OMMANDS clear igmp statistics Clears IGMP statistics count ers on one VLAN or all VLANs on a wir eless LAN switch and r esets them to 0. Syntax — clear igmp statistics [ vlan vlan-id ]  vlan vlan-id — VLAN name or number . If you do not specify a VLAN, IGMP statistics ar e clear ed for all VLANs. Defaults ?[...]

  • Page 423

    display igmp 423 router information: Port Mrouter-IPaddr Mrouter-MAC Type TTL ---- --------------- --------------- -- ----- ----- 1 192.28.7.5 00:01:02:03:04:05 dvmrp 17 Group Port Receiver-IP Receiver-MAC TTL --------------- ---- --------------- ----------------- ----- 224.0.0.2 none none none undef 237.255.255.255 5 10.10.10.11 00:02:04:06:08:0b [...]

  • Page 424

    424 C HAPTER 13: IGMP S NOOPING C OMMANDS T able 75 Output for display igmp Field Descri ption VLAN VLAN name. MSS displays info rmation separately for each VLAN. IGMP is enabled (disabled) IGMP state. Proxy reporting Proxy reporting state. Mrouter solicitation Multicast router solicitation state. Querier functionality Pseudo-querier state. Configu[...]

  • Page 425

    display igmp 425 TTL Number of seconds befo re this entry ages out if not refreshed. For static multicast route r entries, the time-to-live (TTL) value is undef . Static multicast router entries do not age out. Group IP address of a multicast group. The display igmp receiver -table command shows the sa me information as these receiver fields. Port [...]

  • Page 426

    426 C HAPTER 13: IGMP S NOOPING C OMMANDS See Also  display igmp mrouter on page 426  display igmp querier on page 427  display igmp receiver -table on page 429  display igmp statistic s on page 431 display igmp mrouter Displays the multicast routers in a WX’ s subnet, on one VLAN or all VLANs. Routers are listed separately fo r each [...]

  • Page 427

    display igmp querier 427 See Also  display igmp mrouter on page 426  set igmp mr outer on page 435 display igmp querier Shows information about the active multicast querier , on one VLAN or all VLANs. Queriers are listed separately for each VLAN. Each VLAN can have only one querier . Syntax — display igmp querier [ vlan vlan-id ]  vlan v[...]

  • Page 428

    428 C HAPTER 13: IGMP S NOOPING C OMMANDS History — Introduced in MSS V ersion 3.0. Examples — The followin g command displa ys querier information for VLAN orange : WX1200# display igmp querier vlan or ange Querier for vlan orange Port Querier-IP Querier-MAC TTL ---- --------------- --------------- -- ----- 1 193.122.135.178 00:0b:cc:d2:e9:b4 [...]

  • Page 429

    display igmp receiver-table 429 See Also  set igmp querier on page 441 display igmp receiver -table Displays the receivers to which a WX forwar ds multicast traffic. Y ou can display receivers for all VLANs, a si ngle VLAN, or a group or gr oups identified by group address and network mask. Syntax — display igmp receiver-table [ vlan vlan-id ][...]

  • Page 430

    430 C HAPTER 13: IGMP S NOOPING C OMMANDS The following command lists all r eceivers for multicast groups 237.255.255.1 t hr ough 237.255.255.2 55, in all VLANs: WX1200# display igmp receiver-table group 237.255.255.0/24 VLAN: red Session Port Receiver-IP Receiver-MAC TTL --------------- ---- --------------- ----------------- ----- 237.255.255.2 2 [...]

  • Page 431

    display igmp stati stics 431 display igmp statistics Shows IGMP statistics. Syntax — display igmp statistics [ vlan vlan-id ]  vlan vlan-id — VLAN name or number . If you do not specify a VLAN, MSS displays IGMP statis tics for all VLANs. Defaults — None. Access — All. History — Introduced in MSS V ersion 3.0. Examples — The followin[...]

  • Page 432

    432 C HAPTER 13: IGMP S NOOPING C OMMANDS T able 79 Output of display igmp statistics Field Description IGMP statistics for vlan VLAN name. Statistics are lis ted separately for each VLAN. IGMP message type Type of IGMP message:  General-Queries — General group membership queries sent by the multicast querier (multicast router or pseudo -queri[...]

  • Page 433

    set igmp 433 See Also  clear igmp statistics on page 422 set igmp Disables or reenables IGMP snooping on one VLAN or all VLANs on a wireless LAN switch. Syntax — set igmp { enable | disable } [ vlan vlan-id ]  enable — Enables IGMP snooping.  disable — Disables IGMP snooping.  vlan vlan-id — VLAN name or number . If you do not s[...]

  • Page 434

    434 C HAPTER 13: IGMP S NOOPING C OMMANDS set igmp lmqi Changes the IGMP last member query interval timer on one VLAN or all VLANs on a wirel ess LAN switch. Syntax — set igmp lmqi tenth-seconds [ vlan vlan- id ]  lmqi tenth-seconds — Amount of time (in tenths of a second) that the WX waits for a r esponse to a gr oup-specific query after r [...]

  • Page 435

    set igmp mrouter 435 set igmp mrouter Adds or removes a port in a WX’ s list of ports on which it forwards traf fic to multicast routers. Static multicas t ports are immediately added to or removed fr om the list of r outer ports and do not age out. Syntax — set igmp mrouter port port-list { enable | disable }  port port-list — Port list. [...]

  • Page 436

    436 C HAPTER 13: IGMP S NOOPING C OMMANDS set igmp mrsol Enables or disables multicast router solicitation by a WX. Syntax — set igmp mrsol { enable | disable } [ vlan vlan-id ]  enable — Enables multicast r outer solicitation.  disable — Disables multicast router solicitation.  vlan vlan-id — VLAN name or number . If you do not sp[...]

  • Page 437

    set igmp oqi 437 Usage — Y ou cannot add MAP access ports or wired authentication ports as stat ic multicast po rts. However , MSS can dy namically add th ese port types to the list of multicast ports based on multicast traffic. Examples — The following example changes the multicast router solicitation interval to 60 seconds: WX1200# set igmp m[...]

  • Page 438

    438 C HAPTER 13: IGMP S NOOPING C OMMANDS See Also  set igmp lmqi on page 434  set igmp qi on page 439  set igmp qri on page 440  set igmp querier on page 441  set igmp mr outer on page 435  set igmp rv on page 442 set igmp proxy-r eport Disables or reenables proxy r eporting by a WX on one VLAN or all VLANs. Syntax — set igmp p[...]

  • Page 439

    set igmp qi 439 set igmp qi Changes the IGMP query interval ti mer on one VLAN or all VLANs on a WX. Syntax — set igmp qi seconds [ vlan vlan-id ]  qi seconds — Number of seconds t hat elapse between general queries sent by the WX when the WX switch is the querier for the subnet. Y ou can specify a value from 1 through 65,535.  vlan vlan-[...]

  • Page 440

    440 C HAPTER 13: IGMP S NOOPING C OMMANDS set igmp qri Changes the IGMP query r esponse in terval timer on one VLAN or all VLANs on a WX. Syntax — set igmp qri tenth-seconds [ vlan vlan-i d ]  qri tenth-seconds — Amount of time (in tenths of a second) that the WX waits for a r eceiver to respond to a gr oup-specific query message before r em[...]

  • Page 441

    set igmp querier 441 set igmp querier Enables or disables the IGMP pseudo-querier on a WX, on one VLAN or all VLANs. Syntax — set igmp querier { enable | disable } [ vl an vlan-id ]  enable — Enables the pseudo-querier .  disable — Disables t he pseudo-que rier .  vlan vlan-id — VLAN name or number . If you do not specify a VLAN, t[...]

  • Page 442

    442 C HAPTER 13: IGMP S NOOPING C OMMANDS Defaults — By default, n o ports ar e static multicast receiver ports. Access — Enabled. History — Introduced in MSS V ersion 3.0. Usage — Y ou cannot add MAP access ports or wired authentication ports as static multicast ports. However , MSS can dynamically add these port types to the list of multi[...]

  • Page 443

    set igmp rv 443 See Also  set igmp oqi on page 437  set igmp qi on page 439  set igmp qri on page 440[...]

  • Page 444

    444 C HAPTER 13: IGMP S NOOPING C OMMANDS[...]

  • Page 445

    14 S ECURITY ACL C OMMANDS Use security ACL commands to configure and monitor security access control lists (ACLs). Security ACLs filt er packets to restrict or permit network usage by certain users or traffic types, and can assign to packets a class of service (CoS) to define th e pr iority of tr eatment for pac ket filtering. (Security ACLs are d[...]

  • Page 446

    446 C HAPTER 14: S ECURITY ACL C OMM ANDS clear security acl Clears a specified security ACL, an access contr ol entry (ACE), or all security ACLs, from the edit buffe r . When used with the command commit securi ty acl , clears the ACE fr om the running configuration. Syntax — clear security acl { acl-name | all } [ editbuffer-index ]  acl-na[...]

  • Page 447

    clear security acl map 447 WX4400# display security acl info al l ACL information for all set security acl ip acl_133 (hits #1 0) ------------------------------------ --------------------- 1. deny IP source IP 192.168.1.6 0.0 .0.0 destination IP any set security acl ip acl_134 (hits #3 0) ------------------------------------ --------------------- 1[...]

  • Page 448

    448 C HAPTER 14: S ECURITY ACL C OMM ANDS Syntax — clear security acl map { acl-name | all } { vlan vlan-id | port port-list [ tag tag-value ] | dap dap-num } { in | out }  acl-name — Name of an existing security ACL to clear . ACL names start with a letter and ar e case-insensitive.  all — Removes security ACL mapping fr om all physica[...]

  • Page 449

    commit security acl 449 T o clear all physical ports, virtual por ts , and VLANs on a WX switch of the ACLs mapped for incoming and outgoi ng traffic, type the following command: WX4400# clear security acl map all success: change accepted. See Also  clear security acl on page 446  display security acl map on page 453  set security acl map [...]

  • Page 450

    450 C HAPTER 14: S ECURITY ACL C OMM ANDS Examples — The following co mmands commit all the security ACLs in the edit buffer to the configuration, display a summary of the committed ACLs, and show that the edit buffer has been clear ed: WX4400# commit security acl all configuration accepted WX4400# display security acl ACL table ACL Type Class Ma[...]

  • Page 451

    display security acl hi ts 451 Examples — T o display a sum mary of the committed security ACLs on a WX switch, type the following command: WX4400# display security acl ACL table ACL Type Class Mapping ---------------------------- ---- -- ---- ------- acl_123 IP Static Port 2 In acl_133 IP Static Port 4 In acl_124 IP Static T o view a summary of [...]

  • Page 452

    452 C HAPTER 14: S ECURITY ACL C OMM ANDS Examples — T o display the security ACL hits on a WX switch, type the following command: WX4400# display security acl hits ACL hit-counters Index Counter ACL-name ----- -------------------- -------- 1 0 acl_2 2 0 acl_175 3 916 acl_123 See Also  set security acl hit-sample-rate on page 466  set secur[...]

  • Page 453

    display security acl map 45 3 Examples — T o display the contents of all security ACLs committed on a WX switch, type the following command: WX4400# display security acl info ACL information for all set security acl ip acl_123 (hits #5 462) ------------------------------------ --------------------- 1. permit IP source IP 192.168.1.11 0.0.0.255 de[...]

  • Page 454

    454 C HAPTER 14: S ECURITY ACL C OMM ANDS Access — Enabled. History — Introduced in MSS V ersion 3.0. Examples — The following command displays the port to which security ACL acl_111 is mapped : WX4400# display security acl map acl _111 ACL acl_111 is mapped to: Port 4 in See Also  clear security acl map on page 447  display security ac[...]

  • Page 455

    display security acl resource-usage 455 Examples — T o display security ACL res ource usage, type the following command: WX4400# display security acl resourc e-usage ACL resources Classifier tree counters ------------------------ Number of rules : 2 Number of leaf nodes : 1 Stored rule count : 2 Leaf chain count : 1 Longest leaf chain : 2 Number [...]

  • Page 456

    456 C HAPTER 14: S ECURITY ACL C OMM ANDS T able 81 Output of display security acl resource-usage Field Description Number of rules Number of security ACEs cu rrently mapped to ports or VLANs. Number of leaf nodes Number of security ACL data en tries stored in the rule tree. Stored rule count Number of security ACEs stored in the rule tree. Leaf ch[...]

  • Page 457

    display security acl resource-usage 457 LUdef in use Number of the lookup definition (LUdef) table currently in use for packet handling. Default action pointer Memory address used for packet handling, from which default action data is obtained when necessary. L4 global Security AC L mapping on the WX s witch:  Tr u e — Security ACLs are mapped[...]

  • Page 458

    458 C HAPTER 14: S ECURITY ACL C OMM ANDS rollback security acl Clears changes made to the security ACL edit buf fer since it was last saved. The ACL is rolled back to its state after the last commit security acl command was entered. All uncommit ted ACLs in the edit buf fer are cleared. Syntax — rollback security acl { acl-name | all }  acl-n[...]

  • Page 459

    set security acl 459 Examples — The following co mmands show the edit buf fer before a rollbac k, clear any change s in the edit buff er to security acl_122 , and show the ed it buf fer after t he r ollback: WX4400# display security acl info al l editbuffer ACL edit-buffer information for all set security acl ip acl_122 (ACEs 3, add 3, del 0, mod[...]

  • Page 460

    460 C HAPTER 14: S ECURITY ACL C OMM ANDS By ICMP packets Syntax — set security acl ip acl-name { perm it [ cos cos ] | deny } icmp { source-ip-addr mask destination -ip-addr mask [ type icmp-type ] [ code icmp-code ] [ precedence precedence ] [ tos tos ] [ before editbuffer-index | mod ify editbuffer-index ] [ hits ] By TCP packets Syntax — se[...]

  • Page 461

    set security acl 461  0 or 3—Best effort. Packets ar e queued in MAP forwar ding queue 3.  4 or 5—Video. Packets are que ued in MAP forwarding queue 2. Use CoS level 4 or 5 for voice over IP (V oIP) packets other than SpectraLink V oice Priority (SVP).  6 or 7—V oice. Packets ar e queu ed in MAP forwar ding queue 1. In MSS V ersion 3[...]

  • Page 462

    462 C HAPTER 14: S ECURITY ACL C OMM ANDS (For a complete list of TCP and UDP port numbers, see www .iana.org/assign ments/po rt-numbers .)  destination-ip-addr mask — IP addr ess and wildcar d mask of the network or host to which the packet is being sent. Specify both address and mask in dotted decimal not ation. For mor e information, see ?[...]

  • Page 463

    set security acl 463  before editbuffer-index — Inserts the new ACE in front of another ACE in the security ACL. Specify the number of the existing ACE in the edit buffer . Index numbers start at 1. (T o display the edit buffer , use display security acl editbuf fer . )  modify editbuffer-index — Replaces an ACE in the security ACL with t[...]

  • Page 464

    464 C HAPTER 14: S ECURITY ACL C OMM ANDS The following command adds an ACE to acl_123 that denies packets from IP addr ess 192.168.2.11: WX4400# s et security acl ip acl_123 deny 192.168.2.11 0.0.0.0 The following command creates acl_125 by defining an ACE that denies TCP packets from sour ce IP addr ess 1 92.168.0.1 to destination IP address 192.[...]

  • Page 465

    set security acl map 46 5 Syntax — set security acl map acl-name { v l an vlan-id | port port-list [ tag tag-list ] | dap dap-num } { in | out }  acl-name — Name of an existing secu rity ACL to map. ACL names start with a letter and ar e case-insensitive.  vlan vlan-id — VLAN name or number . MSS assigns the security ACL to the specifie[...]

  • Page 466

    466 C HAPTER 14: S ECURITY ACL C OMM ANDS See Also  clear security acl map on page 447  commit securi ty acl on page 449  set mac-user attr on page 249  set mac-usergroup attr on page 254  set security acl on page 459  set user attr on page 259  set usergroup on page 261  display security acl map on page 453 set security acl[...]

  • Page 467

    set security acl hit-sample-rate 46 7 Examples — The first command sets MSS to sample ACL hits every 15 seconds. The second and third commands display the r esults. The results show that 916 packets matching security acl_153 were sent since the ACL was mapped. WX4400# set security acl hit-sample- rate 15 WX4400# display security acl info ac l_153[...]

  • Page 468

    468 C HAPTER 14: S ECURITY ACL C OMM ANDS[...]

  • Page 469

    15 C RYPTOGRAPHY C OMMANDS Use cryptography commands to co nfigur e and manage certificates and public-private key pairs for system authentication . Depending on your network configurat ion, you must create keys and certificates to authenticate the WX switch to IEEE 802.1X wireless clients for which the WX switch performs authentication, and to 3Co[...]

  • Page 470

    470 C HAPTER 15: C RYPTOGRA PHY C OMMANDS crypto ca-certificate Installs a certificate authority’ s own PKCS #7 certificate into the WX certificate and ke y storage area. Syntax — crypto ca-certificate { admin | eap | web } PEM-formatted certificate  admin — Stores the certificate authority’ s certificate that signed the administrative c[...]

  • Page 471

    crypto certificate 47 1 T o use this command, you must alr eady have obtained a copy of the certificate authority’ s certificate as a PKCS #7 object file. Then do the following: 1 Open the PKCS #7 object file with an ASCII text editor such as Notepad or vi. 2 Enter th e crypto ca-certificate command on the CLI command line. 3 When MSS prompts you[...]

  • Page 472

    472 C HAPTER 15: C RYPTOGRA PHY C OMMANDS  PEM-formatted certificate — ASCII text repr esentation of the PKCS #7 certificate, consist ing of up to 5120 characters, that you have obtained from th e certificate authority . Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Webaaa option renamed to web in MSS V ersi[...]

  • Page 473

    crypto generate key 473 crypto generate key Gener ates an RSA public-private encrypti on key pair that is r equired for a Certificate Signing Request ( CSR) or a self-signed certificate. For SSH, the command generates an SSH authentication key . Syntax — crypto generate key { admin | eap | ssh | web } { 512 | 1024 | 2048 }  admin — Generates[...]

  • Page 474

    474 C HAPTER 15: C RYPTOGRA PHY C OMMANDS See Also  display crypto key ssh on page 483 crypto generate re quest Generates a Certificate Signing Reque st (CSR). Thi s command outputs a PEM-formatted PKCS #10 text string that you can cut and paste to another location for delivery to a certificate author ity . This command generates either an admin[...]

  • Page 475

    crypto generate request 475  Email Address string — (Optional) Specify your email address, in up to 80 alphanumeric charac ters with no spaces.  Unstructured Name string — (Optional) Specify any name, in up to 80 alphanumeric characte rs with no spaces. Defaults — None. Access — Enabled. History —Introduced in MSS V ers ion 3.0. Web[...]

  • Page 476

    476 C HAPTER 15: C RYPTOGRA PHY C OMMANDS hkiG9w0BAQEFAAOBjQAwgYkCgYEA1zatpYSt OjHMa0QJmWHeZPPFGQ9kBEimJKPG bznFjAC780GcZtnJPGqnMnOKj/4NdknonT6N dCd2fBdGbuEFGNMNgZMYKGcV2JIu M32SvpSEOEnMYuidkEzqLQol621vh67RM1KT MECM6uCBBROq6XNypIHn1gtrrpL/ LhyGTWUCAwEAAaAAMA0GCSqGSIb3DQEBBAUA A4GBAHK5z2kfjBbV/F0b0MyC5S7K htsw7T4SwmCij55qfUHxsRelggYcw6vJtr57 jJ7wFfs[...]

  • Page 477

    crypto generate self-signed 47 7  Organizational Unit string — (Optional) Specify the name of the organizational unit, in up to 80 al phanumeric characters with no spaces.  Common Name string — Specify a uniqu e name for the WX switch, in up to 80 alphanumeric ch aracters with no spaces. Use a fully qualifie d name if such names are suppo[...]

  • Page 478

    478 C HAPTER 15: C RYPTOGRA PHY C OMMANDS See Also  crypto certificate on page 471  crypto generate key on page 473 crypto otp Sets a one-t ime passwor d (OTP) for use with th e crypto pkcs12 command. Syntax — crypto otp { admin | eap | web } one-time-password  admin — Creates a one-time passwor d for installing a PKCS #12 object file [...]

  • Page 479

    crypto pkcs12 47 9 History —Introduced in MSS V ersion 3.0. W ebaaa option renamed to web in MSS V ersion 4.1. Usage — The password allows the public- private key pair and certificate to be installed together from the same PKCS #12 object file. MSS erases the one-time password after processing the crypto pkcs12 command or when you reboot the WX[...]

  • Page 480

    480 C HAPTER 15: C RYPTOGRA PHY C OMMANDS Defaults — The password you enter with the crypto otp command must be the same as the one protecting the PKCS # 12 file. Access — Enabled. History —Introduced in MSS V ersion 3.0. Webaaa option renamed to web in MSS V ersion 4.1. Usage — T o use this command, you must have already created a one-time[...]

  • Page 481

    display crypto ca-certificate 481 display crypto ca-certificate Displays information about the certificate authority’ s PEM-encoded PKCS #7 certificate. Syntax — display crypto ca-certifica te { admin | eap | web }  admin — Displays information about the certificate author ity’ s certificate that signed the administrative certificate for[...]

  • Page 482

    482 C HAPTER 15: C RYPTOGRA PHY C OMMANDS See Also  crypto ca-certificate on page 470  display crypto certificate on page 482 display crypto certificate Displays information about one of the cryptographic certificates installed on the WX switch. Syntax — display crypto certificate { admin | eap | web }  admin — Displays information abo[...]

  • Page 483

    display crypto key ssh 48 3 See Also  crypto generate self-signed on page 476  display crypto ca-certificate on page 481 display crypto key ssh Displays SSH authentication key info rmation. This comma nd displays the checksum (also called a fingerprint ) of the public SSH authentication key . When you connect to the WX switch with an SSH clie[...]

  • Page 484

    484 C HAPTER 15: C RYPTOGRA PHY C OMMANDS[...]

  • Page 485

    16 RADIUS AND S ERVER G RO U P C OMMANDS Use RADIUS commands to set up communication between a WX switch and groups of up to four RADIUS servers for re mote authentication, authorization, and accounting (AAA) of administrat ors and network users. Commands by Usage This chapter presents RADIUS commands alp habetically . Use T able 85 to locate comma[...]

  • Page 486

    486 C HAPTER 16: RADIUS AND S ERVER G ROU P C OM MANDS clear radius Resets parameters that were globall y configured for RADIUS servers to their default values. Syntax — clear radius { deadtime | key | re transmit | timeout }  deadtime — Number of minutes to wait after declaring an unresponsive RADIUS server unava ilable before r etrying the[...]

  • Page 487

    clear radius client system-ip 487 WX4400# clear radius timeout success: change accepted. See Also  set radius on page 490  set radius server on page 494  display aaa on page 219 clear radius client system-ip Removes the WX switch’ s system IP addr ess from use as the permanent source addr ess in RADIUS client reque sts fr om the switch t[...]

  • Page 488

    488 C HAPTER 16: RADIUS AND S ERVER G ROU P C OM MANDS clear radius pr oxy client Removes RADIUS proxy client entries for third-party APs. Syntax — clear radius proxy client all Defaults — None. Access — Enabled. History —Introduced in MSS 4.0. Examples — The following command clear s all RADIUS proxy client entries from the switch: WX440[...]

  • Page 489

    clear radius server 489 clear radius server Removes the named RADIUS server from the WX configuration. Syntax — clear radius server server-name  server-name — Name of a RADIUS server con figur ed to perform re mote AAA service s for the W X switch. Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Examples —[...]

  • Page 490

    490 C HAPTER 16: RADIUS AND S ERVER G ROU P C OM MANDS Examples — T o remove the server group sg-77 type the following command: WX4400# clear server group sg-77 success: change accepted. T o disable load balancing in a server gr oup shorebirds , type the following command: WX4400# set server group shorebirds load-balance disable success: change a[...]

  • Page 491

    set radius client system-ip 491  retransmit — 3 (the total number of attempts, including the first attempt)  timeout — 5 seconds Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — Y o u can specify only one parameter per command line. Examples — The fo llowing commands sets the dead time to 5 minutes, the RADIUS ke[...]

  • Page 492

    492 C HAPTER 16: RADIUS AND S ERVER G ROU P C OM MANDS Usage — The WX system IP addr ess must be set before you use this command. Examples — The followin g command sets the WX system IP address as the address of the RADIUS client: WX4400# set radius client system-ip success: change accepted. See Also  clear radius c lient system-ip on page 4[...]

  • Page 493

    set radius proxy po rt 493 Examples — The following command config ur es a RADIUS pr oxy entry for a thir d-party AP RADIUS client at 10.20.20.9, sending RADIUS traf fic to the default UDP ports 1812 and 1813 on the WX: WX4400# set radius proxy client addr ess 10.20.20.9 key radkey1 success: change accepted. See Also  clear radius pr oxy clien[...]

  • Page 494

    494 C HAPTER 16: RADIUS AND S ERVER G ROU P C OM MANDS Examples — The following co mmand maps SSID mycorp to packets received on port 3 or 4, using 802.1Q tag value 104: WX4400# set radius proxy port 3-4 ta g 104 ssid mycorp success: change accepted. See Also  clear radius pr oxy port on page 488  set authentication proxy on page 241  se[...]

  • Page 495

    set radius server 495  key string — Password (shared secr et key) the WX switch uses to authenticate to the RADIUS server . Y ou must provide the same password that is defined on the RA DIUS server . The password can be 1 to 32 characters long, with no spaces or tabs.  author-password password — Passwor d used for authorization to a RADIU[...]

  • Page 496

    496 C HAPTER 16: RADIUS AND S ERVER G ROU P C OM MANDS Examples — T o set a RADIUS server named RS42 with IP address 198.162.1.1 to use the default acco unt ing and authorization ports with a timeout interval of 30 second s, two transmit attempts, 5 minutes of dead time, and a key string of keys4u , type the following command: WX1200# set radius [...]

  • Page 497

    set server group load-balanc e 497 Do not use the same name for a R ADIUS server and a RADIUS server group. Examples — T o set server group shorebirds with members heron , egret , and sandpiper , type the follo wing command: WX1200# set server group shorebirds members heron egret sandpiper success: change accepted. See Also  clear server group[...]

  • Page 498

    498 C HAPTER 16: RADIUS AND S ERVER G ROU P C OM MANDS Examples — T o enable load b alancing bet ween the me mbers of serv er group shorebirds , type the following command: WX1200# set server group shorebirds load-balance enable success: change accepted. T o disable load balancing between shorebird s server gr oup members, type the following comm[...]

  • Page 499

    17 802.1X M ANAGEMENT C OMMANDS Use 802. IEEE X management commands to modify the default settings for IEEE 802.1X sessions on an WX sw itch. For best r esults, change the settings only if you are awar e of a pr oblem with the WX switch’ s 802.1X performance. CAUTION: 802.1X paramete r settings are global for all SSIDs configured on the switch. C[...]

  • Page 500

    500 C HAPTER 17: 802.1X M ANAGEMENT C OMMANDS clear dot1x bonded-period Resets the Bonded Auth™ (bonded authentication) perio d to its default value. The bonded period is the number of seconds MSS retains session information for an authenticated machin e while waiting for an 802.1X client on the machine to start (re)authentication for the user . [...]

  • Page 501

    clear dot1x max-req 50 1 See Also  display dot1x on page 505  set dot1x bonded-period on page 509 clear dot1x max- req Resets to the default setting the nu mber of Extensible Authentication Protocol (EAP) r equests that the WX switch r etransmits to a supplicant (client). Syntax — clear dot1x max-req Defaults — The default number is 20. A[...]

  • Page 502

    502 C HAPTER 17: 802.1X M ANAGEMENT C OMMANDS Usage — This command is overridden by the set dot1x authcontrol command. The clear dot1x port-control command r eturns port co ntro l to the method configured. This command applies only to wired authentication ports. Examples — T ype the followin g command to r eset the wired authentication port con[...]

  • Page 503

    clear dot1x reauth-max 503 clear dot1x re auth-max Resets the maxi mum number of reaut horization attempts to the default setting. Syntax — clear dot1x reauth-max Defaults — The default is 2 attempts. Access — Enabled. History —Introduced in MSS V ersion 3.0. Examples — T ype the followin g command to r eset the maximum number of reauthor[...]

  • Page 504

    504 C HAPTER 17: 802.1X M ANAGEMENT C OMMANDS clear dot1x timeout auth-server Resets to the default setting the nu mber of seconds that must elapse before the WX times out a request to a RADIUS server . Syntax — clear dot1x timeout auth-server Defaults — The default is 3 0 seconds. Access — Enabled. History —Introduced in MSS V ersion 3.0. [...]

  • Page 505

    clear dot1x tx-period 505 clear dot1x tx-period Resets to the default setting the nu mber of seconds that mus t elapse before the WX switch r etransmits an EAP over LAN (EAPoL) packet. Syntax — clear dot1x tx-period Defaults — The default is 5 seconds. Access — Enabled. History —Introduced in MSS V ersion 3.0. Examples — T ype the followi[...]

  • Page 506

    506 C HAPTER 17: 802.1X M ANAGEMENT C OMMANDS History —Introduced in MSS V ersion 3.0. Format of 802.1X authentication rule informat ion in display dot1x config output changed in MSS V ersion 3. 2. The rules ar e still listed at the top of the display , but more information is shown for each rule. Examples — T ype the following co mmand to disp[...]

  • Page 507

    display dot1x 507 802.1X parameter setting ---------------- ------- supplicant timeout 30 auth-server timeout 30 quiet period 5 transmit period 5 reauthentication period 3600 maximum requests 2 key transmission enabled reauthentication enabled authentication control enabled WEP rekey period 1800 WEP rekey enab led Bonded period 60 port 5, authcontr[...]

  • Page 508

    508 C HAPTER 17: 802.1X M ANAGEMENT C OMMANDS set dot1x authcontrol Provides a global override mechanism for 802.1X authentication configuration on wired authentication ports. Syntax — set dot1x authcontrol { enable | d isable }  enable — Allows all wir ed authentication ports running 802.1X to use the authentication specified per port by th[...]

  • Page 509

    set dot1x bonded-period 509 Defaults — By default, authenticati on control for individual wir ed authentication is enabled. Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — This command applies only to wired authentication ports. Examples — T o enable per -port 802.1X authentication on wired authentication ports, type th[...]

  • Page 510

    510 C HAPTER 17: 802.1X M ANAGEMENT C OMMANDS Usage — Normally , the Bonded Auth period needs to be set only if the network has Bonded Auth clients that use dynamic WEP , or use WEP-40 or WEP-104 encryption with WP A or RS N. These clients can be affected by the 802.1X reauthentication parameter or the RADIUS Session-T imeout parameter . 3Com rec[...]

  • Page 511

    set dot1x max-req 511 Examples — T ype the following comma nd to enable key transmission: WX4400# set dot1x key-tx enable success: dot1x key transmission enab led. See Also  display dot1x on page 505 set dot1x max-req Sets the maximum number of times th e WX retransmits an EAP r equest to a supplicant (client) before ending the authentication [...]

  • Page 512

    512 C HAPTER 17: 802.1X M ANAGEMENT C OMMANDS set dot1x port-control Determines the 802.1 X authenticati on behavior on individu al wir ed authentication ports or groups of ports. Syntax — set dot1x port-control {forceauth | forceunauth | auto } port-list  forceauth — For ces the specified wired authentication port(s) to unconditionally auth[...]

  • Page 513

    set dot1x quiet-period 513 set dot1x quiet-period Sets the number of seconds a W X r emains quiet and does not r espond to a supplicant after a failed authentication. Syntax — set dot1x quiet-period seconds  seconds — Specify a value between 0 and 65,535. Defaults — The default is 6 0 seconds. Access — Enabled. History —Introduced in M[...]

  • Page 514

    514 C HAPTER 17: 802.1X M ANAGEMENT C OMMANDS See Also  display dot1x on page 505  set dot1x reauth-max on page 514  set dot1x reauth-period on page 515 set dot1x re auth-max Sets the number of reauthentication attempts that the WX switch makes before the supplicant (client) becomes unauthorized. Syntax — set dot1x reauth-max number-of-a[...]

  • Page 515

    set dot1x reauth-period 515 set dot1x re auth-period Sets the number of seconds that must elapse before the WX switch attempts reauthentication. Syntax — set dot1x reauth-period seconds  seconds — Specify a value between 60 (1 minute) and 1,641,600 (19 days). Defaults — The default is 3 600 seconds (1 hour). Access — Enabled. History —[...]

  • Page 516

    516 C HAPTER 17: 802.1X M ANAGEMENT C OMMANDS See Also  display dot1x on page 505  clear dot1x timeout auth-server on page 504 set dot1x timeout supplicant Sets the number of seconds that must elapse before the WX switch times out an authentication s ession with a supplicant (client). Syntax — set dot1x timeout supplicant seco nds  secon[...]

  • Page 517

    set dot1x wep-rekey 517 Examples — T ype t he following command to set the number of seconds before the WX switch r etransmits an EAPoL packet to 300: WX4400# set dot1x tx-period 300 success: dot1x tx-period set to 300. See Also  display dot1x on page 505  clear dot1x tx-period on page 505 set dot1x wep-rekey Enables or d isables Wired Eq u[...]

  • Page 518

    518 C HAPTER 17: 802.1X M ANAGEMENT C OMMANDS set dot1x wep-rekey-period Sets the interval for rotating th e WEP broadcast and multicast keys. Syntax — set dot1x wep-rekey-period second s  seconds — Specif y a value between 30 and 1,641,6 00 (19 days). Defaults — The default is 1 800 seconds (30 minutes). Access — Enabled. History —Int[...]

  • Page 519

    18 S ESSION M ANAGEMENT C OMMANDS Use session management commands to display and cl ear administrative and ne twork user sessions. Commands by Usage This chapter pr esents session manage ment co mmands al phabetically . Use T able 88 to locate commands in this chap ter based on their use. clear sessions Clears all administrative sessions, or clea r[...]

  • Page 520

    520 C HAPTER 18: S ESSION M ANAGEMENT C OMMANDS Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Examples — T o clear all administrato r sessions type the following command: WX4400# clear sessions admin This will terminate manager sessions , do you wish to continue? (y|n) [n] y T o clear all administrativ e sessio[...]

  • Page 521

    clear sessions network 521 clear sessions network Clears all network sessions for a specif ied user name or set of usernames, MAC addr ess or set of MAC addresse s, virtual LAN (VLAN) or set of VLANs, or session ID. Syntax — clear sessions network { user user -glob | mac-addr mac-addr-glob | vlan vlan-glob | session-id local-session-id }  user[...]

  • Page 522

    522 C HAPTER 18: S ESSION M ANAGEMENT C OMMANDS Examples — T o clear all sessions for MAC address 00:01:02:03:04:05, type the following command: WX4400# clear sessions network mac-a ddr 00:01:02:03:04:05 T o clear session 9, type the following command: WX1200# clear sessions network sessi on-id 9 SM Apr 11 19:53:38 DEBUG SM-STATE: l ocalid 9, mac[...]

  • Page 523

    display sessions 523  telnet — Displays sessions for all user s with administrative access to the WX switch through a T elnet connection.  telnet client — Displays T elnet sessions from the CLI to r emote devices. Defaults — None. Access — All, except for dis play sessions telnet client , which has enabled access. History —Introduce[...]

  • Page 524

    524 C HAPTER 18: S ESSION M ANAGEMENT C OMMANDS T o view information about T elnet client sessions, type the following command: WX4400# display sessions telnet clie nt Session Server Address Server P ort Client Port ------- -------------- -------- ---- ----------- 0 192.168.1.81 23 48000 1 10.10.1.22 23 48001 T able 89 descri bes the fields of the [...]

  • Page 525

    display sessions network 52 5 display sessions network Displays summary or verbose inform ation about all network sessions, or network sessions for a specified user name or set of user names, MAC address or set of MAC addresses, VLAN or set of VLANs, or session ID. Syntax — display sessions network [ user user-glob | mac-addr mac-addr- glob | ssi[...]

  • Page 526

    526 C HAPTER 18: S ESSION M ANAGEMENT C OMMANDS History —Introduced in MSS V ersion 3.0. Output added to the display network sessions verbose command to indicate the user’ s authorization attributes and whether they were supplied thr o ugh AAA or through configured SSID defaults in a service profile in MSS V ersion 4.1. Usage — MSS displays i[...]

  • Page 527

    display sessions network 52 7 EXAMPLESingh 12* 10.10.10.30 vlan-eng 3/2 EXAMPLEHavel 13* 10.10.10.40 vlan-eng 1/2 2 sessions match criteria (of 3 tota l) (T able 91 on page 528 describes the summary displays of display sessions network commands.) The following command displays detailed (verbose) session information about user nin@example.com: WX1[...]

  • Page 528

    528 C HAPTER 18: S ESSION M ANAGEMENT C OMMANDS (T able 92 on page 529 describes th e additional fi elds of the verbose output of display sessions network commands.) The following command displays information about network session 27: WX1200# display sessions network ses sion-id 27 Global Id: SESS-27-000430-835586-58d fe5a State: ACTIVE Port/Radio:[...]

  • Page 529

    display sessions network 52 9 T able 92 Additional display sessions network verbose Output Field Description Client MAC MAC address of the session user. GID Global session ID, a unique session number wi thin a Mobility Domain. State Status of the session:  AUTH, ASSOC REQ — Client is being associated by the 802.1X protocol.  AUTH AND ASSOC [...]

  • Page 530

    530 C HAPTER 18: S ESSION M ANAGEMENT C OMMANDS T able 93 display sessions network session-id Output Field Description Global Id A u nique session identifier within the Mob ility Domain. State Status of the session:  AUTH, ASSOC REQ — Client is being ass ociated by the 802.1X protocol.  AUTH AND ASSOC — Client is being associated by the 8[...]

  • Page 531

    display sessions network 53 1 See Also  clear sessions network on page 521 Session Timeout Assigned session timeou t in seconds. Authentication Method Extensible Auth entication Prot ocol (EAP) type used to authenticate the session user, and the IP addr es s of the authentication server. Session statistics as updated from AP Time the session sta[...]

  • Page 532

    532 C HAPTER 18: S ESSION M ANAGEMENT C OMMANDS[...]

  • Page 533

    19 RF D ETECTION C OMMANDS MSS automatically performs RF detect ion scans on enabled and disabled radios to detect rogue access points. A rogue access point is a BSSID (MAC address associated with an SS ID) that does not belong to a 3Com switch and is not a member of the ignore list configured on the seed switch of the Mobility Domain. The ignor e [...]

  • Page 534

    534 C HAPTER 19: RF D ET ECTION C OMMANDS clear rfdetect attack-list Removes a MAC address fr om the attack list. Syntax — clear rfdetect attack-list mac-addr  mac-addr — MAC address you want to remove fr om the attack list. Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 4.0. Examples — The following co mmand [...]

  • Page 535

    clear rfdetect black-list 535 See Also  clear rfdetect attack-list on p age 534  display rfdetect attack-list on page 537 clear rfdetect black-list Removes a MAC address fr om the client black list. Syntax — clear rfdetect black-list mac-addr  mac-addr — MAC address you want to remove fr om the black list. Defaults — None. Access —[...]

  • Page 536

    536 C HAPTER 19: RF D ET ECTION C OMMANDS Examples — The f ollowing command removes BSSID aa:b b:cc:11:22:33 from the ignor e list for RF scans: WX1200# clear rfdetect ignore aa:bb: cc:11:22:33 success: aa:bb:cc:11:22:33 is no lon ger ignored. See Also  display rfdetect ignore on page 546  set rfdetect ignore on page 558 clear rfdetect ssid[...]

  • Page 537

    clear rfdetect vendor-list 537 clear rfdetect vendor -list Removes an entry from the permitted vendor list. Syntax — clear rfdetect vendor-list {client | ap} mac-addr | all  client | ap — Specifies whether the entry is for an AP brand or a client brand.  mac-addr | all — Organizati onally Unique Identifier (OUI) to rem ov e. Defaults ?[...]

  • Page 538

    538 C HAPTER 19: RF D ET ECTION C OMMANDS Examples — The following example shows the attack list on WX swit ch: WX1200# display rfdetect attack-list Total number of entries: 1 Attacklist MAC Port/Radio/Chan RSSI SSID ----------------- ----------------- ------ ------------ 11:22:33:44:55:66 dap 2/1/11 -53 rogue-ssid See Also  clear rfdetect att[...]

  • Page 539

    display rf detect cli ents 539 display rfdetect clients Displays the wir eless clients detected by a WX switch. Syntax — display rfdetect clients [mac mac-addr ] mac mac-addr — Displays detailed informat ion for a specific client. Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 4.0. Examples — The following co mma[...]

  • Page 540

    540 C HAPTER 19: RF D ET ECTION C OMMANDS T able 95 display rfdetect clients Output Field Description Client MAC MAC address of t he client. Client Vendor Company that manufactures or sells the client. AP MAC MAC address of the radio with which the rogue client is associated. AP Vendor Company that manufactures or sells the AP with which the rogue [...]

  • Page 541

    display rfdetect countermeasures 541 display rfdetect countermeasures Displays the current status of countermeasures against rogues in the Mobility Domain. Syntax — display rfdetect countermeasure s Defaults — None. Access — Enabled. History —Output no longer lists rogues for which co untermeasur es have not been starte d in MSS V ersion 4.[...]

  • Page 542

    542 C HAPTER 19: RF D ET ECTION C OMMANDS T able 97 describes the fields in this display . See Also  set radio-profile countermeasur es on page 35 5 display rfdetect counters Displays statisti cs for rogue and Intr usion Detection System (IDS) activity detected by the MAPs managed by a WX switch. Syntax — display rfdetect counters Defaults —[...]

  • Page 543

    display rfdete ct counters 54 3 Examples — The following command sho ws counters for r ogue activity detected by a WX switch: WX4400# display rfdetect counters Type Current Total ------------------------------------ -------------- ------------ ------------ Rogue access points 0 0 Interfering access points 139 1116 Rogue 802.11 clients 0 0 Interfe[...]

  • Page 544

    544 C HAPTER 19: RF D ET ECTION C OMMANDS display rfdetect data Displays all the BSSIDs det ected by an individual WX switch during an RF detection scan. The data includes BSSIDs t ransmitted by other 3Com radios as well as by thir d-party access points. Syntax — display rfdetect data Defaults — None. Access — Enabled. History —Introduced i[...]

  • Page 545

    display rfdetect data 545 See Also  display rfdetect mobility-domain on page 546  display rfdetect visible on page 552 T able 98 display rfdetect data Output Field Description BSSID BSSID detected by a MAP radio on this WX switch. Vendor Company that manufactures or se lls the rogue device. Type Classification of the rogue device:  rogue?[...]

  • Page 546

    546 C HAPTER 19: RF D ET ECTION C OMMANDS display rfdetect ignore Displays the BSSIDs of third-party devices that MSS ignor es during RF scans. MSS does not gene rate log messages or traps for the devices in the ignore list. Syntax — display rfdetect ignore Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Examples[...]

  • Page 547

    display rfdetect mobility-domain 547 Usage — This command is valid only on the seed switch of the Mobility Domain. T o display rogue information for an individual switch, use the display rfdetect data command on that switch. Only rogues ar e listed. T o display all devices detected, including 3Com radios, use the display rfdetect data command. Ex[...]

  • Page 548

    548 C HAPTER 19: RF D ET ECTION C OMMANDS BSSID: 00:0b:0e:00:7a:8a Vendor: 3Co m SSID: 3com-webaaa Type: intfr Adhoc: no Crypto-types: clear WX-IPaddress: 10.8.121.102 Port/Ra dio/Ch: 3/1/1 Mac: 00:0b:0e:00:0a:6a Device-type: interfering Adhoc: no Crypto-types: clear RSSI: -75 SSID: 3Com-webaaa WX-IPaddress: 10.3.8.103 Port/Radi o/Ch: dap 1/1/1 Mac[...]

  • Page 549

    display rfdetect mobility-domain 549 T able 99 display rfdetect mobility-domain Output Field Description BSSID MAC address of the SSID used by the detected device. Vendor Company that manufactures or sells the rogue device. Type Classification of th e rogue device:  rogue—Wireless device that is not supposed to be on the network. The device ha[...]

  • Page 550

    550 C HAPTER 19: RF D ET ECTION C OMMANDS See Also  display rfdetect data on page 544  display rfdetect visible on page 552 display rfdetect ssid-list Displays the entries in the permitted SSID list. Syntax — display rfdetect ssid-list Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 4.0. Crypto-Types Encryption [...]

  • Page 551

    display rfdetect vendor-list 551 Examples — The following example shows the permitt ed SSID list on WX switch: WX4400# display rfdetect ssid-list Total number of entries: 3 SSID ----------------- mycorp corporate guest See Also  clear rfdetect ssid-list on page 536  set rfdetect ssid-list on page 560 display rfdetect vendor -list Displays t[...]

  • Page 552

    552 C HAPTER 19: RF D ET ECTION C OMMANDS display rfdetect visible Displays the BSSIDs discovered by a specific 3Com radio. The data includes BSSIDs transmitted by othe r 3Com radios as well as by third-party access points. Syntax — display rfdetect visible mac-addr Syntax — display rfdetect visible ap map-num [ radio { 1 | 2 }] Syntax — disp[...]

  • Page 553

    display rfdetect visible 553 ----------------- ------- ----- --- ---- ------ ----------------------------- --- 00:07:50:d5:cc:91 Cisco intfr 6 -60 i----w r27-cisco1200-2 00:07:50:d5:dc:78 Cisco intfr 6 -82 i----w r116-cisco1200-2 00:09:b7:7b:8a:54 Cisco intfr 2 -54 i----- 00:0a:5e:4b:4a:c0 3Com intfr 11 -57 i----- public 00:0a:5e:4b:4a:c2 3Com intf[...]

  • Page 554

    554 C HAPTER 19: RF D ET ECTION C OMMANDS set rfdetect active-scan Disables or reenables active RF dete ction scan ning on a WX switch. W hen active scanning is enabled, the MAP radios managed by the switch look for rogue devices by sending probe any r equests (probe r e quests with a null SSID name), to solicit probe responses fr om other access p[...]

  • Page 555

    set rfdete ct black-list 555 When on-demand countermeasures are enabled (with the set radio-profile countermeasur es configured command) only those devices configured in the attack list are subject to counte rmeasur es. In this case, devices found to be rogues by other means, such as policy violations or by determining that th e device is providing[...]

  • Page 556

    556 C HAPTER 19: RF D ET ECTION C OMMANDS Examples — The following co mmand adds client MAC addr ess 11:22:33:44:55:66 to t he black list: WX1200# set rfdetect black-list 11:2 2:33:44:55:66 success: MAC 11:22:33:44:55:66 is n ow blacklisted. See Also  set rfdetect black-list on page 555  display rfdetect black-list on page 538 set rf detect[...]

  • Page 557

    set rfdetect countermeasures mac 55 7 set rfdetect countermeasures mac Starts countermeasures against a specific rogue. Syntax — set rfdetect countermeasures mac mac-addr  mac-addr — Basic service s et identifier (BSSID) of the rogue. Enter the BSSID in MAC address format, using a colon between each octet (f or example: aa:bb:cc :dd:ee:f f).[...]

  • Page 558

    558 C HAPTER 19: RF D ET ECTION C OMMANDS See Also  clear rfdetect attack-list on p age 534  display rfdetect ignore on page 546  set rf detect countermeasures on page 556 set rfdetect ignore Configures a list of known devices to ignore during an RF scan. MSS does not generate log messages or traps for the devices in the ignore list. Synta[...]

  • Page 559

    set rfdetect log 55 9 Examples — The following command config ur es MSS to ignore BSSID aa:bb:cc:11:22:33 during RF scans: WX1200# set rfdetect ignore aa:bb:cc:11:22:33 success: MAC aa:bb:cc:11:22:33 is n ow ignored. See Also  clear rfdetect ignore on page 535  display rfdetect ignore on page 546 set rfdetect log Disables or reenables gener[...]

  • Page 560

    560 C HAPTER 19: RF D ET ECTION C OMMANDS set rfdetect signature Enables MAP signatures. A MAP signature is a set of bits in a management frame sent by a MAP tha t identifies that MAP to MSS. If someone attempts to spoof manage ment packets from a 3Com MAP , MSS can detect the spo of attempt. Syntax — set rfdetect signature {enable | disable} [...]

  • Page 561

    set rfdetect vendor-list 561 Defaults — The permitted SSID list is empty by default and all SS IDs are allowed. However , after you add an entry to th e list, MSS allows traf fic only for the SSIDs that are on the list. Access — Enabled. History —Introduced in MSS V ersion 4.0. Usage — The permitted SSID list applie s only to the WX switch [...]

  • Page 562

    562 C HAPTER 19: RF D ET ECTION C OMMANDS Defaults — The permitted vendor list is empty by default and all vendors are allowed. However , after you add an entry to the list, MSS allows only the devices whose OUIs ar e on the list. Access — Enabled. History —Introduced in MSS V ersion 4.0. Usage — The permitted vendor list applies only to th[...]

  • Page 563

    20 F ILE M ANAGEMENT C OMMANDS Use file management commands to ma nage system files and to display software and boot information. Commands by Usage This chapter presents file management co mmands alphabetically . Use T able 102 to locate commands in this chapter based on their use. T able 102 File Management Comma nds by Usage Type Command Software[...]

  • Page 564

    564 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS backup Creates an ar chive of WX system file s and optionally , user file, in Unix tape archive ( tar ) format. Syntax backup system [tftp:/ip-addr/]filename [all | critical] Defaults — All. Access — Enabled. History —. Usage — Y ou can create an archive loca ted on a TF TP server or in the switc[...]

  • Page 565

    backup 565 The backup command places the boo t configuration file into the archive. (The boot configuration file is the Configured boot conf iguration in the display boot command’ s output.) If the running config uration contains changes that have not been saved, these changes are not in the boot configuration file and are not archived. T o make [...]

  • Page 566

    566 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS clear boot backup-configuration Clears the filename specified as the backup configuration file. In the event that MSS cannot read the config uration file at boot time, a backup configuration file is not used. Syntax — clear boot backup-configuration Defaults — None. Access — Enabled. History —Int[...]

  • Page 567

    copy 567 WX4400# reset system force ...... rebooting ...... See Also  display config on page 574  reset system on page 582 copy Performs the following co py operations:  Copies a file f r om a TF TP se rver to nonvolatile storage.  Copies a file from nonvolatile stor age or temporary storage to a TF TP server .  Copies a file fr om o[...]

  • Page 568

    568 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — The filename and file: filename URLs are equivalent. Y ou can use either URL to refer to a file in an WX switch’ s nonvolatile memory . The tftp:// ip-addr / filename URL refers to a file on a TF TP ser ver . If[...]

  • Page 569

    delete 569 The following commands rename test-config to new-config by copying it from one name to the other in the same location, then deleting test-config : WX4400# copy test-config new-config WX4400# delete test-config success: file deleted. The following command copies file corpa-log in.html fr om a TF TP se rver into subdirectory corpa in a WX [...]

  • Page 570

    570 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS Examples — The follow ing co mmands copy file testconfig to a TF TP server and delete the file from nonvolatile storage: WX4400# copy testconfig tftp://10.1. 1.1/testconfig success: sent 365 bytes in 0.401 sec onds [ 910 bytes/sec] WX4400# delete testconfig success: file deleted. The following commands[...]

  • Page 571

    dir 571 Examples — The following co mmand displays the files in the r oot directory: WX4400# dir ==================================== ========================================= == file: Filename Size Created file:configuration 48 KB Jul 12 2005, 15:02 :32 file:corp2:corp2cnfig 17 KB Mar 14 2005, 22:20 :04 corp_a/ 512 bytes May 21 2004, 19:15 :48 f[...]

  • Page 572

    572 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS The following command limit s the output to the contents of the user fi les area: WX4400# dir file: ==================================== ========================================= == file: Filename Size Created file:configuration 48 KB Jul 12 2005, 15:02 :32 file:corp2:corp2cnfig 17 KB Mar 14 2005, 22:20 [...]

  • Page 573

    display boot 573 See Also  copy on page 567  delete on page 569 display boot Displays the system image and configur ation filenames used after the last reboot and configured for use after the next reboot. Syntax — display boot Defaults — None. Access — Access. History —Introduced in MSS V ersion 3.0. New fields, Configured boot versio[...]

  • Page 574

    574 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS Booted configuration: fil e:configuration Product model: WX T able 105 describes the fields in the display boot ou tput. See Also  display version on pag e 576  reset system on page 582  set boot configuration-file on page 586 display config Displays the configuration ru nning on the WX switch. [...]

  • Page 575

    display config 575  httpd  ip  ip-config  log  mobility-domain  ntp  portconfig  portgroup  radio-profile  rfdetect  service-profile  sm  snmp  snoop  spantree  system  trace  vlan  vlan-fdb If you do not specify a configuration area, nondefault information for all areas is displayed.  all[...]

  • Page 576

    576 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS Examples — The following co mmand shows configuration information for VLANs: WX4400# display config area vlan # Configuration nvgen'd at 2004-5-21 19:36:48 # Image 3.0.0 # Model WX4400 # Last change occurred at 2004-5-21 18:20:50 set vlan 1 port 1 See Also  load config on page 578  save conf[...]

  • Page 577

    display version 57 7 Flash: 4.1.0.14 - md0a Kernel: 3.0.0#20: Fri May 20 17:43:51 PDT 2005 BootLoader: 4.10 / 4.1.0 The following command displays ad ditional software build information and MAP access point information: WX1200# display version details Mobility System Software, Ve rsion: 4.1.0 QA 67 Copyright (c) 2002, 2003, 20 04, 2005 3Com Corpora[...]

  • Page 578

    578 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS See Also  display boot on page 573 load config Load s configuration commands fr om a file and replaces the WX switch’ s running configuration with the commands in the loaded file. CAUTION: This command completely remo ves the running config uration and replaces it with the configuration contained in[...]

  • Page 579

    load config 579 If you do not specify a filename, MSS uses the same configuration filename that was used for the previous configuration load. Fo r example, if the WX switch used configuration for the most r ecent configuration load, MSS uses configuration again unle ss you specify a dif ferent filename. T o display the filename of the configuration[...]

  • Page 580

    580 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS md5 Calculates the MD5 checksum for a file in the switch’ s nonvolatile storage. Syntax — md5 [boot0: | boot1:] filename  boot0: | boot1: — Boot partition into which you copied the file.  filename — Name of the file. Defaults — None. Access — Enabled. History —Introduced in MSS V ersi[...]

  • Page 581

    mkdir 581 Examples — The following commands crea te a subdirectory called corp2 and display the root dir ectory to verify the result: WX4400# mkdir corp2 success: change accepted. WX4400# dir ==================================== ========================================= == file: Filename Size Created file:configuration 17 KB May 21 2004, 18:20 :5[...]

  • Page 582

    582 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS reset system Restar ts an WX switch and r eboots the software. Syntax — reset system [ force ]  force — Immediately restarts the system and reboots, without comparing the running co nfiguration to the configuration file. Defaults — None. Access — Enabled. History —Introduced in MSS V ersion [...]

  • Page 583

    restore 583 res to re Unzips a system archive created by the backup command and copies the files from the ar chive onto the switch. Syntax restore system [tftp:/ip-addr/]filename [al l | critical] Defaults — Critical. Access — Enabled. History —Introduced in MSS V ersion 3.2. Usage — If a file in the archive has a counterpart on the switch,[...]

  • Page 584

    584 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS See Also  backup on page 564 rmdir Removes a subdirectory fr om nonvolatile storage. Syntax — rmdir [ subdirname ]  subdirname — Subdirectory name. Specify between 1 and 32 alphanumeric characters , with no spaces. Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0[...]

  • Page 585

    set boot backup -configuration 585 Access — Enabled. History —Introduced in MSS V ersion 3.0. Usage — If you do not specify a filename , MSS r eplaces the configuration file loaded during the most recent r eboot. T o display th e filename of the configuration file MSS loaded during the most recent reboot, use the display boot command. The com[...]

  • Page 586

    586 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS History —Introduced in MSS V ersion 4.1. Examples — The following command specifies a file called backup.cfg as the backup configuration file on th e WX switch: WX1200# set boot backup-configuratio n backup.cfg success: backup boot config filename set. See Also  clear boot backup-configuration on [...]

  • Page 587

    set boot partition 587 set boot partition Specifies the boot partiti on in which to look for the system imag e file following the next system reset, softwar e r eload, or power cycle. Syntax — set boot partition { boot0 | boot1 }  boot0 — Boot partition 0.  boot1 — Boot partition 1. Defaults — By default, an WX switch us es the same b[...]

  • Page 588

    588 C HAPTER 20: F ILE M ANAGEMENT C OMMANDS[...]

  • Page 589

    21 T RACE C OMMANDS Use trace commands to perform diag nostic routines. While MSS allows you to run many types of traces, this chapter describes commands for those traces you are most likely to use. Fo r a complete listing of the types of traces MSS allows, type the set trace ? command. CAUTION: Using the set trace command can have adverse effects [...]

  • Page 590

    590 C HAPTER 21: T RACE C OMMANDS clear log trace Deletes the log messages stor ed in the trace buffer . Syntax — clear log trace Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 3.0. Examples — T o delete the trace log, type the following command: WX4400# clear log trace See Also  display log buffer on page 610 ?[...]

  • Page 591

    display trace 591 T o clear the session manag er trace, type the following c ommand: WX4400# clear trace sm success: clear trace sm See Also  display trace on page 591  set trace authentication on page 592  set trace authorization on page 593  set trace dot1x on page 594  set trace sm on page 595 display trace Displays information ab[...]

  • Page 592

    592 C HAPTER 21: T RACE C OMMANDS save trace Saves the accumulated trace data for enabled traces to a file in the WX switch’ s nonvolatile storage. Syntax — save trace filename  filename — Name for the trace file. T o save the file in a subdirectory , specify the subdir ectory name, then a slash. For example: traces/trace1 Defaults — Non[...]

  • Page 593

    set trace authorization 593 Examples — The following co mmand sta rts a trace for information about user jose’ s authentication: WX4400# set trace authentication use r jose success: change accepted. See Also  clear trace on page 590  display trace on page 591 set trace authorization T races authorization inf ormation. Syntax — set trace[...]

  • Page 594

    594 C HAPTER 21: T RACE C OMMANDS See Also  clear trace on page 590  display trace on page 591 set trace dot1x T races 802.1X sessions. Syntax — set trace dot1x [ mac-addr mac-addr ess ] [ port port-num ] [ user username ] [ level level ]  mac-addr mac-address — T races a MAC address. Specify a MAC address, using colons to separa te th[...]

  • Page 595

    set trace sm 595 set trace sm T races ses sion manager activity . Syntax — set trace sm [ mac-addr mac-address ] [ port port-n um ] [ user username ] [ level level ]  mac-addr mac-address — T races a MAC address. Specify a MAC address, using colons to separate the octets (for example, 00:11:22:aa:bb:cc).  port port-num — T races on a WX[...]

  • Page 596

    596 C HAPTER 21: T RACE C OMMANDS[...]

  • Page 597

    2 2 S NOOP C OMMANDS Use snoop commands to monitor wirele ss traffic, by using a Distributed MAP as a sniffing device. The MAP copies the sniffed 802.11 packets and sends the co pies to an obse rver , whic h is typically a protocol analyzer such as Ether eal or T etherea l. (For more information, including setup instructions for the monitoring stat[...]

  • Page 598

    598 C HAPTER 22: S NOOP C OMMANDS clear snoop Deletes a snoop filter . Syntax — clear snoop filter-name  filter-name — Name of the snoop filter . Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 4.0. Examples — The follow ing comma nd deletes snoop filter snoop1 : WX1200# clear snoop snoop1 See Also  set snoo[...]

  • Page 599

    set snoop 599 WX1200# clear snoop map snoop2 dap 3 radio 2 success: change accepted. The following command removes all snoop filter mappings from all radios: WX1200# clear snoop map all success: change accepted. See Also  set snoop map on page 602  display snoop on page 604  display snoop map on page 6 05 set snoop Configures a snoop filte[...]

  • Page 600

    600 C HAPTER 22: S NOOP C OMMANDS T o match on packets to or from a specific MAC address, use the dest-mac or src-mac option. T o match on both sen d and r eceive traffic for a host address, use the host-mac option. T o match o n a traffic flow (sour ce and destination MAC addresses), use the mac-pair option. This option matches for either directio[...]

  • Page 601

    set snoop 601  The MAP that is running a snoop filter forwards snooped packets directly to the observer . This is a one-way commu nication, fr om the MAP to the observer . If the observer is not pres ent, the MAP still sends the snoop packets, which u se bandwidth. If the observer is present but is not listening t o TZSP traf fi c, the observer [...]

  • Page 602

    602 C HAPTER 22: S NOOP C OMMANDS set snoop map Maps a snoop filter to a radio on a Distributed MAP . A snoop filter does take effect until you map it to a radio and enab le the filter . Syntax — set snoop map filter-name dap dap-num radio {1 | 2}  filter-name — Name of the snoop filter .  dap dap-num — Number of a Distributed MAP to wh[...]

  • Page 603

    set snoop mode 603 set snoop mode Enables a sno op filter . A snoop filter does not take ef fect until you map it to a MAP radio and ena ble the filter . Syntax — set snoop { filter-name | all} mode {enable [stop-after num-pkts ] | disable}  filter-name | all — Name of the snoop f ilter . Specify all to enable all snoop filters.  enable [[...]

  • Page 604

    604 C HAPTER 22: S NOOP C OMMANDS display snoop Displays the MAP radio mapping for all snoop filters. Syntax — display snoop Defaults — None. Access — Enabled. History —Introduced in MSS V ersion 4.0. Usage — T o display the mappings for a specific MAP radio, use the display snoop map command. Examples — The following co mmand shows the[...]

  • Page 605

    display snoop map 605 Examples — The following command shows the snoop filters con figur ed in the examples above: WX1200# display snoop info snoop1: observer 10.10.30.2 snap-len gth 100 all packets snoop2: observer 10.10.30.3 snap-len gth 100 frame-type eq data mac-pair (aa:bb:cc:dd:ee:ff, 11:22:33:44:55:66) See Also  clear snoop on page 598 [...]

  • Page 606

    606 C HAPTER 22: S NOOP C OMMANDS display snoop stats Displays stat istics for enabled snoop filters. Syntax — display snoop stats [ filter-name [ dap-num [radio {1 | 2}]]]  filter-name — Name of the snoop filter .  dap-num — Number of a Distributed MAP to which the snoop filter is mapped  radio 1 — Radio 1 of th e MAP  radio 2 [...]

  • Page 607

    display snoop stats 607 T able 109 describes the fields in this display . T able 109 display snoop stats Output Field Description Filter Name of the snoop filter. Dap Distributed MAP containing the ra dio to which the filter is mapped. Radio Radio to which the filter is mapped. Rx Match Number of packets received by the ra dio that match the filter[...]

  • Page 608

    608 C HAPTER 22: S NOOP C OMMANDS[...]

  • Page 609

    23 S YSTEM L OG C OMMANDS Use the system log commands to recor d information for monitor ing and troubleshooting. MSS system logs are based on RFC 3164, which defines the log protocol. Commands by Usage This chapter pr esent system log commands alphabetically . Use T able 110 to locate commands in this chapter based on their use. clear log Clears t[...]

  • Page 610

    610 C HAPTER 23: S YSTEM L OG C OMMANDS Access — Enabled. History — Introduced in MSS V ersion 3.0. Examples — T o stop sending system logging messag es to a server at 192.168.253.11, type the following command: WX4400# clear log server 192.168.253 .11 success: change accepted. T ype the following command to clear all messages from the log bu[...]

  • Page 611

    display log buffer 611  severity severity-level — Displays messages at a severity level greater than or equal to the leve l specified. Specify one of the following:  emergency — The WX switch is unusable.  alert — Action must be taken immediately .  critical — Y ou must r e solve the critical conditions. If the conditions are no[...]

  • Page 612

    612 C HAPTER 23: S YSTEM L OG C OMMANDS See Also  clear log on page 609  display log config on page 612 display log config Displays log configur ation information. Syntax — display log config Defaults — None. Access — Enabled. History — Introduced in MSS V ersion 3.0. Examples — T o display how logging is configur ed, type the follo[...]

  • Page 613

    display log trace 613 display log trace Displays system information sto r ed in the nonvolatile log buffer or the trace buffer . Syntax — display log trace [{ + | - | / } number- of-messages ] [ facility facility-name ] [ matching s tring ] [ severity severity-level ]  trace — Displays the log messa ges in the trace buffer .  + | - | / nu[...]

  • Page 614

    614 C HAPTER 23: S YSTEM L OG C OMMANDS Defaults — None. Access — Enabled. History — Introduced in MSS V ersion 3.0. Examples — T ype the following co mmand to see the facilities for which you can view event messag es ar chived in the buffer: WX4400# display log trace facility ? <facility name> Select o ne of: KERNEL, AAA, SYSLOGD, AC[...]

  • Page 615

    set log 615  Logging state (enabled or disabled) T o override the sessio n defaults for an individual session, type the set log command from within the session and use the current opt ion.  trace — Sets log parameters for trace files.  severity severity-level — Logs ev ents at a severity level greater than or equal to the level specifi[...]

  • Page 616

    616 C HAPTER 23: S YSTEM L OG C OMMANDS Defaults — The following a re d efaults for the set log commands.  Events at the error level and higher are logged to the WX console.  Events at the error level and higher are logged to the WX system buffer .  T race logging is enabled, and debug-level output is stored in the WX trace buffer . Acce[...]

  • Page 617

    set log mark 617  alert  critical  error  war ning  notice  info  debug  interval interval — Interval at which MSS generates the mark messages. Y ou can specify from 1 to 2147483647 seconds. Defaults — Mark messages are disabled by default. When they ar e enabled, MSS gen erates a message at the not ice level once every [...]

  • Page 618

    618 C HAPTER 23: S YSTEM L OG C OMMANDS[...]

  • Page 619

    24 B OOT P RO M P T C OMMANDS Boot prompt commands enable you to perform basic tasks, including booting a system image file, from the boot prompt (boot>). A CLI session enters the bo ot pr ompt if MSS does not boot successfully or you intentionally interrupt the boot process. T o interrupt the boot process, press q followed by Enter (r eturn). C[...]

  • Page 620

    620 C HAPTER 24: B OOT P ROMPT C OMMANDS autoboot Displays or changes the state of the aut oboot option. The autoboot option controls whether a WX switch automat ically boots a system image after initializing the hardwar e, followi ng a system reset or power cycle. Syntax — autoboot [ON | on | OFF | off]  ON — Enables the autoboot option. ?[...]

  • Page 621

    boot 621 boot Loads and executes a system image file. Syntax — boot [ BT= type ] [ DEV= device ] [ FN= fi lename ] [ HA= ip-addr ] [ FL= num ] [ OPT= option ] [ OPT+= option ]  BT= type — Boot type:  c — Compact flash. Boots using nonvolatile storage or a flash card.  n — Network. Boots using a TF TP server .  DEV= device — Lo[...]

  • Page 622

    622 C HAPTER 24: B OOT P ROMPT C OMMANDS Usage — If you use an optional para meter , the para meter setting overrides the setting of the same pa rameter in the currently active boot profile. However , the bo ot pr ofile itself is not changed. T o display the currently active boot profile, use the display command. T o change the currently active b[...]

  • Page 623

    change 623 change Changes parameters in the currently active boot profile. (For information about boot profiles, see display on page 628.) Syntax — change Defaults — The default boot type is c (compa ct flash). T he defau lt filename is default . The default flags setting is 0x0000 0000 (all flags disabled) and the default options li st is run=[...]

  • Page 624

    624 C HAPTER 24: B OOT P ROMPT C OMMANDS The following command enters the configuration mode for the currently active boot profile and configur es the WX switch (in this example, an WXR100) to boot using a TF TP server: boot> change Changing the default configuration i s not recommended. Are you sure that you want to procee d? (y/n) y BOOT TYPE:[...]

  • Page 625

    delete 625 Usage — A WX switch can have up to four boot profiles. The boot profiles ar e stored in slots, number ed 0 thr ough 3. When you create a new profile, the system uses the next available slot for the pr ofile. If all four slots already contain pr ofiles and you try to create a fifth profile, the switch displays a message advising you to [...]

  • Page 626

    626 C HAPTER 24: B OOT P ROMPT C OMMANDS Usage — When yo u type the delete command, the next-lower numbered boot profile becomes the ac tive profile. For example, if the currently active profile is number 3, pr ofile numb er 2 becomes active after you type de lete to delete pr ofile 3. Y ou cannot delete boot profile 0. Examples — T o remove th[...]

  • Page 627

    diag 627 Examples — The following command displays the current setting of the DHCP option: boot> dhcp DHCP is currently enabled. The following command disables the DHCP option: boot> dhcp DHCP is currently disabled. See Also  boot on page 621 diag Accesses the dia gnostic mode. Syntax — diag Defaults — The diagnostic mode is disabled[...]

  • Page 628

    628 C HAPTER 24: B OOT P ROMPT C OMMANDS Defaults — None. Access — Boot prompt. History —Introduced in MSS V ersion 3.0. Usage — T o display the system image software versions, use the fver command. This command does not list the boot code versions. T o display the boot code versions, use the version command. Examples — The following co m[...]

  • Page 629

    display 629 A WX switch can have up to four boot profiles, number ed 0 through 3. Only one boot profile can be active at a time. Y ou can create, change, and delete boot profiles. Y ou also can activate ano ther boot pr ofile in place of the currently active one. Syntax — display Defaults — None. Access — Boot prompt. History —Introduced in[...]

  • Page 630

    630 C HAPTER 24: B OOT P ROMPT C OMMANDS See Also  change on page 623  cr eate on page 624  delete on page 625  next on page 633 fver Displays the version of a system image file installed in a specific location on a WX switch. Syntax — fver { c: | d: | e: | f: | boot0: | boot1: } [ filename ]  c: — Nonvolatile storage ar ea conta[...]

  • Page 631

    help 631 Defaults — None. Access — Boot prompt. History —Introduced in MSS V ersion 3.0. Usage — T o display the imag e filenames, use the dir command. This command does not list the boot code versions. T o display the boot code versions, use the version command. Examples — The following command displa ys the system image version installe[...]

  • Page 632

    632 C HAPTER 24: B OOT P ROMPT C OMMANDS Examples — The following co mmand displa ys detailed information for the fver command: boot> help fver fver Display the version of the specified device:filename. USAGE: fver [c:file|d:file|e:file |f:file|boot0:file|boot1:file| boot2:file|boot3:file] Command to display the version o f the compressed imag[...]

  • Page 633

    next 633 Examples — T o display a list of the commands av ailable at the boot prompt, type the following command: boot> ls ls Display a list of all commands and descriptions. help Display help information for each command. autoboot Display the state of, enable, or disable the autoboot option. boot Load and execute an image using the current bo[...]

  • Page 634

    634 C HAPTER 24: B OOT P ROMPT C OMMANDS Examples — T o activate the boot profile in the next slot and display the profile, type the following command: boot> next BOOT Index: 0 BOOT TYPE: c DEVICE: boot1: FILENAME: testcfg FLAGS: 00000000 OPTIONS: run=nos;boot=0 See Also  change on page 623  cr eate on page 624  delete on page 625 [...]

  • Page 635

    test 635 3Com WX-4400 Bootstrap/Bootloade r Version 3.0.2 Re lease Compiled on Wed Sep 22 09:18:47 PDT 2004 by Bootstrap 0 version: 3.1 Active Bootloader 0 version: 3. 0.2 Active Bootstrap 1 version: 3.1 Bootloader 1 version: 3. 0.1 WX-4400 Board Revision: 2. WX-4400 Controller Revision: 5. WXA30001.Rel 8863722 bytes BOOT Index: 0 BOOT TYPE: c DEVI[...]

  • Page 636

    636 C HAPTER 24: B OOT P ROMPT C OMMANDS Examples — The following command displays the current setting of the poweron test flag: boot> test The diagnostic execution flag is not set. See Also  boot on page 621 version Displays version informatio n for a WX switch’ s hardwar e and boot code. Syntax — version Defaults — None. Access — [...]

  • Page 637

    A O BTAINING S UPPORT FOR YOUR P R ODUCT Register Y our Product W arranty and other service benefits start from the date of purchase, so it is important to register your product quickly to ensure you get full use of the warranty and other service benefits available to you. W arranty and other service benefits are enabled thr ough product re gistrat[...]

  • Page 638

    638 A PPENDIX A: O BTAINING S UPPORT FOR YOUR P RODUCT T roubleshoot Online Y ou will find support tools posted on the 3Com web site at http://www.3com.com/ 3Com Knowledgebase helps you troubleshoot 3Com products. This query-based interactive tool is located at http://knowledgebase.3com.com and contains thousands of technical solutions written by 3[...]

  • Page 639

    Contact Us 639 T o send a product directly to 3Com for repair , you must first obtain a return authorization number (RMA). Pr oducts sent to 3Com, without authorization numbers clearly marked on the outside of the package, will be returned to the sender unopened, at the sender’ s expense. If your product is r egistered and under warranty , you ca[...]

  • Page 640

    640 A PPENDIX A: O BTAINING S UPPORT FOR YOUR P RODUCT From the following countries, you may use the numbers s hown: Austria Belgium Denmark Finland France Germany Hungary Ireland Israel Italy 01 7956 7124 070 700 770 7010 7289 01080 2783 0825 809 622 01805 404 747 06800 12813 1407 3387 1800 945 379 4 199 161346 Luxembourg Netherlands Norway Poland[...]

  • Page 641

    I NDEX A autoboot 620 B boot 621 C change 623 clear {ap | dap} radio 286 clear accounting 203 clear authentication admin 204 clear authentication console 205 clear authentication dot1x 206 clear authentication last-re sort 207 clear authentication mac 208 clear authentication proxy 209 clear banner motd 38 clear boot backup- config uration 566 clea[...]

  • Page 642

    642 I NDEX clear spantree portcost 394 clear spantree portpri 395 clear spantree portvlancost 395 clear spantree portvlanpri 396 clear spantree statistics 397 clear summertime 135 clear system 40 clear system countrycode 40 clear system ip-address 40, 136 clear system location 40 clear system name 40 clear timezone 136 clear trace 590 clear user 21[...]

  • Page 643

    I NDEX 643 display rfdetect countermeasur es 541 display rfdetect co unters 542 display rfdetect data 544 display rfdetect ignor e 546 display rfdetect mobility-domain 546 display rfdetect ssid-list 550 display rfdetect ven dor -list 551 display rfdetect visible 552 display roaming station 106 display roaming vlan 108 display security 12-restrict 1[...]

  • Page 644

    644 I NDEX set {ap | dap} radio tx-power 344 set {ap | dap} upgrade-fi rmwar e 346 set acco unting {admin | console} 225 set accountin g {dot1x | mac | web | last-resort} 22 7 set arp 158 set arp ag ingtime 159 set aut hentication ad min 229 set authenticati on console 231 set authentication dot1x 233 set authentication last-r esort 236 set authent[...]

  • Page 645

    I NDEX 645 set radio-pr ofile frag- thres hold 358 set radio-profile long-retry 359 set radio-profile m ax-rx-lifetime 360 set radio-profile m ax-tx-lifetime 361 set radio-profile mode 362 set radio-profile preamble-length 364 set radio-profile r ts-thr eshold 365 set radio-profile service-profile 366 set radio-profile short-r etry 369 set radio-pr[...]

  • Page 646

    646 I NDEX set usergroup 261 set usergroup attr 261 set vlan name 116 set vlan port 117 set vlan tunnel-affinity 118 set web-portal 262 T telnet 195 test 635 traceroute 197 V version 636[...]