Issuu on Google+

M WS2000 Wireless Switch CLI Reference Guide


Š 2009 Motorola, Inc. All rights reserved. MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. Symbol is a registered trademark of Symbol Technologies, Inc. All other product or service names are the property of their respective owners.


Contents Chapter 1: Product Overview 1.1 WS2000 Wireless Switch CLI Reference Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 1.2 System Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4 1.3 Hardware Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5 1.4 Software Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7

Chapter 2: Admin and Common Commands 2.1 Common Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 ? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3 help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4 quit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5 save . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6 .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7 / . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8 2.2 Admin Menu Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9 passwd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-10 summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11

Chapter 3: Network CLI Commands Reference 3.1 network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1 3.2 Network AP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 ap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 copydefaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6 forget . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8 remap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9 reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10 revert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-11 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-15 3.3 Network AP Default Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17 default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-18 loadfromcf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-20


TOC-2 WS2000 Wireless Switch CLI Reference Guide

show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-21 3.4 Network AP Test Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22 test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22 new . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-23 3.5 Network AP Selfheal commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24 selfheal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-25 detect-neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-26 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-27 del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-28 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-29 3.6 Network AP Denyap Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-30 denyap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-30 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-31 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-32 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-33 3.7 Network AP Smartscan Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-34 smartscan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-34 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-35 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-36 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-37 3.8 Network AP Test Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-38 test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-38 new . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-39 3.9 Network AP Mesh Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-40 mesh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-40 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-41 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-43 del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-44 preferred-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-45 available-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-46 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-47 3.10 Network DCHP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-48 dhcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-48 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-49 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-50 3.11 Network Firewall Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-51 fw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-51 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-52 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-54 timeradd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-55 timerdel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-56 timerlist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-57 timerset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-58 3.12 Network Firewall Intrusion Prevention System Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-59 ips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-59 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-60 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-62


TOC-3

3.13 Network Firewall Policy Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-64 policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-64 import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-65 3.14 Network Firewall Policy Inbound Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-66 inbound . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-66 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-67 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-68 insert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-69 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-70 move . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-71 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-72 3.15 Network Firewall Policy Outbound Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-73 outbound . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-73 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-74 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-75 insert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-76 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-77 move . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-78 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-79 3.16 Network Firewall Submap Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-80 submap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-80 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-81 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-83 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-84 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-85 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-86 3.17 Network LAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-87 lan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-87 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-88 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-90 updateDNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-91 updateAllDNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-92 3.18 Network LAN DHCP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-93 dhcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-93 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-94 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-95 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-96 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-97 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-99 renew . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-100 3.19 Network LAN Bridge commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-101 bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-101 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-102 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-104 3.20 Network QoS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-105 qos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-105 clear . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-106 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-107


TOC-4 WS2000 Wireless Switch CLI Reference Guide

show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-108 3.21 Network Router Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-109 router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-109 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-110 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-111 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-112 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-113 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-114 3.22 Network VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-115 vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-115 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-116 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-117 3.23 Network WAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-118 wan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-118 renew . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-119 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-120 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-122 3.24 Network WAN App Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-123 app . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-123 addcmd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-124 delcmd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-126 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-128 3.25 Network WAN DynDNS Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-129 dyndns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-129 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-130 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-131 update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-132 3.26 Network WAN L2TPVPN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-133 l2tpvpn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-133 show-connected-users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-134 3.27 Network WAN L2TPVPN LNS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-135 lns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-135 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-136 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-138 3.28 Network WAN L2TPVPN Users Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-139 users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-139 add-user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-140 delete-user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-141 delete-all-users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-142 show-user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-143 show-all-users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-144 3.29 Network WAN TrunkIPFPolicy Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-145 trunkipfpolicy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-145 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-146 del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-147 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-148 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-149


TOC-5

3.30 Network WAN NAT Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-150 nat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-150 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-151 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-152 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-153 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-154 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-155 3.31 Network WAN VPN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-156 vpn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-156 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-157 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-158 ikestate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-159 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-160 reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-161 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-162 stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-167 3.32 Network WAN VPN Cmgr Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-168 cmgr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-168 delca . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-169 delprivkey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-170 delself . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-171 expcert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-172 export-req . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-173 genreq . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-174 3.33 Network WAN VPN Cmgr impcert Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-175 impcert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-175 listca . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-176 listprivkey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-177 listself . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-178 loadca . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-179 loadself . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-180 showreq . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-181 3.34 Network WLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-182 wlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-182 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-183 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-184 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-185 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-186 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-191 3.35 Network WLAN Rogue AP Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-193 rogueap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-193 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-194 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-195 3.36 Network WLAN Rogue AP Approvedlist Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-196 approvedlist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-196 ageoute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-197 approve . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-198 erase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-199


TOC-6 WS2000 Wireless Switch CLI Reference Guide

show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-200 3.37 Network WLAN Rogue AP Roguelist Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-201 roguelist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-201 ageout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-202 approve . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-203 erase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-204 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-205 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-206 deauth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-207 3.38 Network WLAN Rogue AP Rogue List Locate Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-208 locate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-208 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-209 start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-210 3.39 Network WLAN Rogue AP Rogue List MU Scan Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-211 muscan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-211 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-212 start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-213 3.40 Network WLAN Rogue AP Rule List Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-214 rulelist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-214 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-215 authsymbolap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-216 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-217 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-218 3.41 Network WLAN Enhanced Rogue AP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-219 enhancedrogueap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-219 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-220 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-221 3.42 Network WLAN MU Probe Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-222 muprobe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-222 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-223 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-224 3.43 Network WLAN Hotspot Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-225 hotspot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-225 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-226 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-228 import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-229 3.44 Network WLAN Hotspot RADIUS commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-230 radius . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-230 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-231 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-232 3.45 Network WLAN Hotstpot White-list Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-234 white-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-234 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-235 clear . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-236 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-237 3.46 Network WLAN WLAN IP Fiter Policy Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-238 wlanipfpolicy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-238


TOC-7

set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-239 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-240 del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-241 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-242 3.47 Network Port Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-243 port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-243 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-244 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-245 3.48 Network IP Filter Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-246 ipfilter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-246 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-247 del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-248 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-249 3.49 Network WIPS Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-250 wips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-250 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-251 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-252 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-253 convert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-254 revert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-255 update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-256 3.50 Network WIPS Default commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-257 defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-257 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-258 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-259 3.51 Network WIDS Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-260 wids . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-260 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-261 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-262 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-266 3.52 Network URL Filter Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-267 urlfilter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-267 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-268 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-269 3.53 Network URL Filter Keyword Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-270 keyword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-270 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-271 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-272 removeall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-273 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-274 3.54 Network URL Filter White list Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-275 whitelist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-275 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-276 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-277 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-278 3.55 Network URL Filter Black List Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-279 blacklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-279 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-280


TOC-8 WS2000 Wireless Switch CLI Reference Guide

delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-281 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-282 3.56 Network URL Filter Trusted IP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-283 trustip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-283 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-284 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-285 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-286

Chapter 4: System CLI Commands Reference 4.1 system. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1 lastpw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 exec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3 4.2 System Authentication Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6 4.3 System Authentication RADIUS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7 radius . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9 4.4 System Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-10 config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-10 default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-11 export . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12 import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-14 partial . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-18 update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-19 sensor-fw-update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-20 loadtocf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-21 4.5 System Logs Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-22 logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-22 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23 send . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-24 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-25 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-26 view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-27 4.6 System NTP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-28 ntp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-28 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-29 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-30 date-zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-31 zone-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-32 4.7 System RADIUS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-33 radius . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-33 generate-dh-param . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-34 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-35


TOC-9

show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-36 4.8 System RADIUS Client Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37 client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-38 del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-39 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-40 4.9 System RADIUS EAP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-41 eap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-41 import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-42 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-43 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-44 4.10 System RADIUS EAP PEAP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-45 peap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-45 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-46 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-47 4.11 System RADIUS EAP TTLS Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-48 ttls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-48 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-49 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-50 4.12 System RADIUS LDAP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-51 ldap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-51 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-52 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-54 import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-55 join . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-56 4.13 System RADIUS Policy Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-57 policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-57 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-58 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-59 4.14 System RADIUS Proxy Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-60 proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-60 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-61 del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-62 clearall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-63 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-64 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-65 4.15 System Redundancy Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-66 redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-66 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-67 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-69 4.16 System SNMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-70 snmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-70 4.17 System SNMP Access Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-71 access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-71 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-72 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-74 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-76


TOC-10 WS2000 Wireless Switch CLI Reference Guide

show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-77 4.18 System SNMP Traps Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-78 traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-78 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-79 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-81 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-82 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-83 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-87 4.19 System SSH Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-89 ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-89 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-90 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-91 4.20 System User Database Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-92 userdb . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-92 4.21 System User Database Group Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-93 group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-93 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-94 create . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-95 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-96 clearall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-98 remove . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-99 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-100 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-102 4.22 System User Database User Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-103 user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-103 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-104 del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-105 clearall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-106 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-107 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-108 4.23 System User Database User Guest commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-109 guest . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-109 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-110 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-111 clear . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-112 4.24 System WS2000 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-113 WS2000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-113 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-114 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-115 restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-116 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-117 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-121 4.25 System CF commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-122 cf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-122 ls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-123 4.26 System HTTP commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-124 http . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-124 import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-125


TOC-11

show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-126 4.27 System Test Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-127 test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-127 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-128 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-129

Chapter 5: Statistics Commands 5.1 stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1 5.2 Stats Show Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2 5.3 Statistics RF Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5 rf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5 reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7


TOC-12 WS2000 Wireless Switch CLI Reference Guide


Product Overview 1.1 WS2000 Wireless Switch CLI Reference Guide

This guide is intended to support administrators responsible for understanding, configuring and maintaining the Wireless Switch. This document provides information for the system administrator to use the command line interface during the initial setup and configuration of the system. It also serves as a reference guide for the administrator to use while updating or maintaining the system.

1.1.1 About this Document This document contains information on all command that configure the WS2000 Wireless Switch. To view the command syntax and a brief help on each command on your WS2000 Wireless Switch console, use the following syntax: admin> <command> ?

We recommend viewing this Command Line Reference Guide with Adobe Acrobat 5.0 or higher.


1-2 WS2000 Wireless Switch CLI Reference Guide

1.1.2 Document Conventions Notes and Warnings NOTE:

Indicates special tips or requirements

CAUTION:

Indicates a condition that can cause equipment damage or data loss

WARNING!

Indicates a condition or procedure that could result in personal injury or equipment damage

CLI Conventions command / keyword

The first word is always a command. Keywords are words that must be entered as is. Commands and keywords are mandatory. For example, the command, admin(network.wan)> show ip 1

is documented as show ip <idx>

where: • show – The command • ip – The keyword

<variable>

Variables are described with a short description enclosed within a ‘<‘ and a ‘>’ pair. For example, the command, admin(network.wan)> show ip 1

is documented as show ip <idx>

where: • show – The command – Display information. • ip – The keyword – The IP address • <idx> – The variable – WAN Index value.


Product Overview 1-3

|

The pipe symbol. This is used to separate the variables/keywords in a list. For example, the command admin(network.wan.vpn)> set .....

is documented as set [ike|type|sub|remip|......]

where: • set – The command • [ike|type|sub|remip|...] – Indicates the different commands that can be combined with the set command. However, only one of the above list can be used at a time. set set set set

[]

ike ... type ... sub ... remip ...

Of the different keywords and variables listed inside a ‘[‘ & ‘]’ pair, only one can be used. Each choice in the list is separated with a ‘|’ (pipe) symbol. For example, the command admin(network.wan)> show ...

is documented as show [ip|pppoe]

where: • show – The command • [ip|pppoe] – Indicates that two keywords are available for this command and only one can be used at a time

{}

Any command/keyword/variable or a combination of them inside a ‘{‘ & ‘}’ pair is optional. All optional commands follow the same conventions as listed above. However they are displayed italicized. For example, the command admin(network.wan.vpn)> list ....

is documented as list {<name>}

Here: • list – The command. This command can also be used as list

• {<name>} – The optional variable <name>.. The command can also be extended as list vpn_tunnel_01

Here the value vpn_tunnel_01 is an optional tunnel name. values

Values to be entered as shown in Blue. For example, the command admin(network.wan)> show ip ....

is documented as show ip <idx>

This command’s parameter <idx> is described as under: “<idx> – <idx> (1-8) is the Wlan Index.”


1-4 WS2000 Wireless Switch CLI Reference Guide

1.2 System Overview The WS2000 Wireless Switch provides a low-cost, feature-rich option for sites with one to six Access Ports. The WS2000 Wireless Switch works at the center of a network’s infrastructure to seamlessly and securely combine wireless LANs (WLANs) and wired networks. The switch sits on the network. Wireless Access Ports connect to one of the six available ports on the switch and the external wired network (WAN) connects to a single 10/100 Mbit/sec. WAN port. Mobile units (MUs) associate with the switch via an Access Port. When an MU contacts the switch, the switch cell controller services attempt to authenticate the device for access to the network. The WS2000 Wireless Switch acts as a WAN/LAN gateway and a wired/wireless switch.

1.2.1 Management of Access Ports This wireless switch provides six 10/100 Mbit/sec. LAN ports for internal wired or wireless traffic. Four of these ports provide IEEE 802.3af-compliant Power over Ethernet (PoE) support for devices that require power from the Ethernet connection (such as Access Ports). Administrators can configure the six ports to communicate with a private LAN or with an Access Port for a wireless LAN (WLAN). The switch provides up to four extended service set identifiers (ESSIDs) for each Access Port connected to the switch.

1.2.1.1 Firewall Security The LAN and Access Ports are placed behind a user-configurable firewall that provides stateful packet inspection. The wireless switch performs network address translation (NAT) on packets passing to and from the WAN port. This combination provides enhanced security by monitoring communication with the wired network.

1.2.1.2 Wireless LAN (WLAN) Security Administrators can configure security settings independently for each ESSID. Security settings and protocols available with this switch include: • Kerberos • WEP-64 • WEP-128 • 802.1x with RADIUS • 802.1x with Shared Key • KeyGuard • WPA/WPA2-TKIP • WPA2/CCMP (802.11i)

1.2.1.3 VPN Security Virtual Private Networks (VPNs) are IP-based networks that use encryption and tunneling to give users remote access to a secure LAN. In essence, the trust relationship is extended from one LAN across the public network to another LAN, without sacrificing security. A VPN behaves similarly to a private network; however, because the data travels through the public network, it needs several layers of security. The WS2000 Wireless Switch acts as a robust VPN gateway.


Product Overview 1-5

1.3 Hardware Overview The WS2000 Wireless Switch provides a fully integrated solution for managing every aspect of connecting wireless LANs (WLANs) to a wired network. This wireless switch can connect directly to a cable or DSL modem, and can also connect to other wide area networks through a Layer 2/3 device (such as a switch or router). The switch includes the following features: • One WAN (RJ-45) port for connection to a DSL modem, cable modem, or any other Layer 2/3 network device. • Six 10/100 Mbit/sec. LAN (RJ-45) ports: four ports provide 802.3af “Power over Ethernet” (PoE) support; the other two do not provide power. • Each port has two LEDs, one indicating the speed of the transmission (10 or 100 Mbit/sec.), the other indicating whether there is activity on the port. The four LAN ports with PoE have a third LED that indicates whether power is being delivered over the line to a power device (such as an Access Port). (See the WS 2000 Wireless Switch LED explanation for more information on the meaning of the different state of the LEDs.) • A DB-9 serial port for direct access to the command-line interface from a PC. Use Symbol’s Null-Modem cable (Part No. 25-632878-0) for the best fitting connection. • A CompactFlash slot that provides AirBEAM® support.

1.3.1 Technical Specifications 1.3.1.1 Physical Specifications • Width: 203 mm • Height: 38 mm • Depth: 286 mm • Weight: 0.64 kg

1.3.1.2 Power Specifications • Maximum Power Consumption: 90-256 VAC, 47-63 Hz, 3A • Operating Voltage: 48 VDC • Operating Current: 1A • Peak Current: 1.6A

1.3.1.3 Environmental Specifications • Operating Temperature: 0ºC to 40ºC • Storage Temperature: -40ºC to 70ºC • Operating Humidity: 10% to 85% Non-condensing • Storage Humidity: 10% to 85% Non-condensing • Operating Altitude: 2.4 Km • Storage Altitude: 4.6 km


1-6 WS2000 Wireless Switch CLI Reference Guide

1.3.2 WS 2000 Wireless Switch LED Functions The switch has a large blue LED on the right front that indicates that the switch is powered on. Each port on the WS 2000 Wireless Switch has either two or three LEDs that indicate the status of the port. Ports 1-4, which supply 802.3af Power over Ethernet (PoE), have three LEDs. The remaining two non-powered LAN ports and the WAN port have two LEDs.

Location

Function

Upper left LED

This LED is present on all ports and indicates the speed of the transmissions through the port. The LED is on when the transmission rate is 100 Mbit per second (100BaseT). The light is off when the transmission rate is 10 Mbit per second.

Upper right LED

This LED indicates activity on the port. This light is solid yellow when a link to a device is made. The light flashes when traffic is being transferred over the line.

Lower LED

This LED is only present on Ports 1-4. These ports provide 802.3af Power over Ethernet (PoE) support to devices (such as Access Ports). The LED has several states: OFF—A non-power device (or no device) is connected; no power is being delivered. GREEN—The switch is delivering 48 volts to the power device connected to that port. RED—There was a valid PoE connection; however, the switch has detected that the power device is faulty. The red light will remain until a non-faulty connection is made to the port.


Product Overview 1-7

1.4 Software Overview The WS2000 Wireless Switch software provides a fully integrated solution for managing every aspect of connecting Wireless LANs (WLANs) to a wired network, and includes the following components:

1.4.1 Operating System (OS) Services Operating System (OS) Services determine how the WS2000 Wireless Switch communicates with existing network and operating system-centric software services, including: • Dynamic Host Configuration Protocol (DHCP) • Telnet and File Transfer Protocol (FTP/TFTP) servers • The Simple Network Time Protocol (SNTP) client, used to keep switch time synchronized for Kerberos authentication • A mechanism for setting up a redundant (secondary) switch that takes over if the primary switch fails

1.4.2 Cell Controller Services The Cell Controller provides the ongoing communication between mobile units (MUs) on the Wireless LAN (WLAN) and the wired network. Cell Controller services perform the following: • Initialize the Access Ports • Maintain contact with Access Ports by sending a synchronized electronic “heartbeat” at regular intervals • Track MUs when they roam from one location to another • Manage security schemes based on system configuration • Maintain system statistics • Store policies and Access Port information • Detect and manage rogue Access Ports • Management of communications QoS

1.4.3 Gateway Services Gateway services provide interconnectivity between the Cell Controller and the wired network, and include the following: • System management through a Web-based Graphical User Interface (GUI) and SNMP • 802.1x RADIUS client • Security, including Secure Sockets Layer (SSL) and Firewall • Network Address Translation (NAT), DHCP services, and Layer 3 Routing • Virtual Private Network (VPN)


1-8 WS2000 Wireless Switch CLI Reference Guide


Admin and Common Commands The term Common Commands is used to indicate that these commands are available through the WS2000 Wireless Switch’s CLI. These commands provide easy access to help, navigation, and to save configuration changes. This chapter also lists of commands available at the admin menu. • Common Commands • Admin Menu Commands


2-2 WS2000 Wireless Switch System Reference Guide

2.1 Common Commands Admin and Common Commands

The following commands are available through the WS2000 CLI. Command

Description

Ref.

?

Displays the list of commands in the current menu.

page 2-3

help

Displays general user interface help.

page 2-4

save

Saves the configuration to the system flash.

page 2-6

quit

Quits the CLI.

page 2-5

..

Goes to the parent menu.

page 2-7

/

Goes to the root menu.

page 2-8


Admin and Common Commands 2-3

2.1.1 ? Command ? Common Commands

Displays the commands available under the admin menu. Syntax ? Parameters

None Example

admin> ? admin>? help passwd summary network stats system save quit .. /

: : : : : : : : : :

display general user interface help change password show system summary go to network sub menu go to stats sub menu go to system sub menu save cfg to system flash quit cli go to parent menu go to root menu


2-4 WS2000 Wireless Switch System Reference Guide

2.1.2 help Command help Common Commands

Displays general CLI user interface help. Syntax

help Parameters

None Example admin>help ? <ctrl-q> <ctrl-p> * Note

: : : :

display command help - Eg. ?, show ?, s? go backwards in command history go forwards in command history commands can be incomplete - Eg. sh = sho = show


Admin and Common Commands 2-5

2.1.3 quit Command quit Common Commands

Quits the command line interface. Requires you to logon again. This command appears in all the submenus under admin menu. In each case, it has the same function, to exit out of the CLI. Syntax

quit Parameters

None Example admin>quit


2-6 WS2000 Wireless Switch System Reference Guide

2.1.4 save Command save Common Commands

Saves the configuration to system flash. This command appears in all of the submenus under admin. In each case, it has the same function, to save the configuration. The save command must be issued before leaving the CLI for the settings to be retained. Syntax

save Parameters

none Example

admin> save admin>


Admin and Common Commands 2-7

2.1.5 .. Command .. Common Commands

Displays the parent menu of the current menu. This command appears in all of the submenus under admin. In each case, it has the same function, to move up one level in the directory structure. Syntax

.. Parameters

None Example

admin(network.ap) .. admin(network) admin(network) .. admin>


2-8 WS2000 Wireless Switch System Reference Guide

2.1.6 / Command / Common Commands

Displays the root menu, that is, the top-level CLI menu. This command appears in all of the submenus under admin. In each case, it has the same function, to move up to the top level in the directory structure. Syntax

/ Parameters

None Example

admin(network.wan.nat)> / admin>


Admin and Common Commands 2-9

2.2 Admin Menu Commands Admin and Common Commands

The following commands are only available at the admin menu. Command

Description

Ref.

passwd

Changes the admin password.

page 2-10

summary

Displays a system summary.

page 2-11

network

Goes to the network menu.

page 3-1

system

Goes to the system menu.

page 4-1

stats

Goes to the statistics menu.

page 5-1


2-10 WS2000 Wireless Switch System Reference Guide

2.2.1 passwd Command passwd Admin Menu Commands

Changes the password for the administrative logins - admin, guest-admin, and manager. Syntax

passwd [admin|manager|guest-admin] Parameters

passwd Passwords for the Administrator, Guest-admin, and Manager accounts [admin|manager|guest-admin] can be changed. To change password, type the old password once and the new password twice at their respective prompts. Passwords can be up to 11 characters.

Example: admin>passwd admin Old Admin Password:****** New Admin Password:****** Verify Admin Password:******


Admin and Common Commands 2-11

2.2.2 summary Command summary Admin Menu Commands

Displays system summary for the WS2000 Wireless Switch. The information displayed includes high-level characteristics and settings for WAN, subnet, and WLAN. Syntax

summary Parameters

None Example

admin> summary System Information WS2000 firmware version country code

: 2.4.0.0-005X : us

WLAN 1 Information ess identifier wlan mode vlan_id enc type auth type

: : : : :

Bharat enable 1 none none

: : : : :

102 disable 2 none none

: : : : :

103 disable 3 none none

: : : : :

104 disable 4 none none

WLAN 2 Information ess identifier wlan mode vlan_id enc type auth type WLAN 3 Information ess identifier wlan mode vlan_id enc type auth type WLAN 4 Information ess identifier wlan mode vlan_id enc type auth type


2-12 WS2000 Wireless Switch System Reference Guide

WLAN 5 Information ess identifier wlan mode vlan_id enc type auth type

: : : : :

105 disable 5 none none

: : : : :

106 disable 6 none none

: : : : :

107 disable 7 none none

: : : : :

108 disable 8 none none

: : : : : : :

enable 192.168.0.50 255.255.255.0 server 192.168.0.50 port1 port2 port3 port4 port5 port6 wlan1

: : : : : : :

disable 192.168.1.1 255.255.255.0 server 192.168.1.1

WLAN 6 Information ess identifier wlan mode vlan_id enc type auth type WLAN 7 Information ess identifier wlan mode vlan_id enc type auth type WLAN 8 Information ess identifier wlan mode vlan_id enc type auth type Subnet 1 Information subnet interface ip address network mask dhcp mode default gateway ports wlan Subnet 2 Information subnet interface ip address network mask dhcp mode default gateway ports wlan

wlan2


Admin and Common Commands 2-13

Subnet 3 Information subnet interface ip address network mask dhcp mode default gateway ports wlan

: : : : : : :

disable 192.168.2.1 255.255.255.0 server 192.168.2.1

: : : : : : :

disable 192.168.3.1 255.255.255.0 server 192.168.3.1

: : : : : : :

disable 192.168.4.1 255.255.255.0 server 192.168.4.1

: : : : : :

disable 192.168.5.1 255.255.255.0 server 192.168.5.1

wlan3

Subnet 4 Information subnet interface ip address network mask dhcp mode default gateway ports wlan

wlan4

Subnet 5 Information subnet interface ip address network mask dhcp mode default gateway ports wlan Subnet 6 Information subnet interface ip address network mask dhcp mode default gateway ports


2-14 WS2000 Wireless Switch System Reference Guide


Network CLI Commands Reference Network commands are used to configure the different network parameters of the WS2000 Wireless Switch.

3.1 network Admin Menu Commands

Use the network command to go the Network menu. admin> network admin(network)>

The following commands are available under the Network menu: Command

Description

Ref.

ap

Goes to the Access Port Submenu.

page 3-3

dhcp

Goes to the DHCP Submenu

page 3-48

fw

Goes to the Firewall Submenu

page 3-51

ipfilter

Goes to the IP Filter Submenu

page 3-234

lan

Goes to the LAN Submenu

page 3-87

port

Goes to the Port Submenu

page 3-231

qos

Goes to the QOS Submenu

page 3-105

router

Goes to the Router Submenu

page 3-109

urlfilter

Goes to the URL Filter Submenu

page 3-255

vlan

Goes to the VLAN Submenu

page 3-115

wan

Goes to the WAN Submenu

page 3-118

wids

Goes to the WIDS Submenu

page 3-248

wips

Goes to the WIPS Submenu

page 3-238

wlan

Goes to the WLAN Submenu

page 3-170

save

Saves the configuration to system flash

page 2-6

quit

Quits the CLI

page 2-5

..

Goes to the parent menu

page 2-7

/

Goes to the root menu

page 2-8


3-2 WS2000 Wireless Switch System Reference Guide


Network CLI Commands Reference 3-3

3.2 Network AP Commands ap network

Displays the Access Port submenu. The functionality provided by this menu is supplied by various screen under the Wireless menu item of the Web interface. Syntax admin(network)> ap admin(network.ap)>

The items available under this command are shown below. Command

Description

Ref

add

Adds entries to the Access Port adoption list.

page 3-4

copydefaults

Copies default AP settings to a connected AP.

page 3-5

default

Goes to the default submenu.

page 3-17

delete

Deletes entries from the Access Port adoption lists.

page 3-6

denyap

Goes to the Deny AP submenu

page 3-30

forget

Forgets AP parameters

page 3-7

list

Lists entries in the Access Port adoption list.

page 3-8

mesh

Goes to the Mesh submenu

page 3-40

remap

Remaps channels for the AP in auto mode.

page 3-9

reset

Resets an Access Port.

page 3-10

revert

Reverts AP to Access Point (AP4131 or AP4121)

page 3-11

selfheal

Goes to the Self-heal submenu

page 3-24

set

Sets Access Port parameters.

page 3-12

show

Shows Access Port parameters.

page 3-15

smartscan

Goes to the Smart scan submenu

page 3-34

test

Goes to the test submenu.

page 3-38

save

Saves the configuration to system flash

page 2-6

quit

Quits the CLI

page 2-5

..

Goes to the parent menu

page 2-7

/

Goes to the root menu

page 2-8


3-4 WS2000 Wireless Switch System Reference Guide

3.2.1 Network AP add Command add Network AP Commands

Adds entries to the Access Port adoption list. This allows the Access Ports with the MAC addresses specified in the command to associate with the specified WLAN. Performs functionality available in the Access Port Adoption List area of the Wireless screen. Syntax add <idx> <mac1> <mac2> Parameters

<idx> <mac1> <mac2>

The WLAN ID (1-8) The starting mac address for the range The last mac address in the range

Example admin(network.ap)> add 1 00A0F8BFE9B0 00A0F8BFE9B0 admin(network.ap)list 1 admin(network.ap)>list 1 ------------------------------------------------------------------index start mac end mac ------------------------------------------------------------------1 00A0F8BFE9B0 00A0F8BFE9B0 2 001570165200 001570165200 3 00A0F8B54D68 00A0F8B54D68 4 00A0F8BFEE3C 00A0F8BFEE3C admin(network.ap)> Related Commands

delete

Removes the MAC address range from the adoption list for the specified WLAN.

list

Displays entries in the Access Port adoption list.


Network CLI Commands Reference 3-5

3.2.2 Network AP copydefaults Command copydefaults Network AP Commands

Copies default Access Port settings to a connected Access Port. In the Web interface, the defaults are set on the Wireless, default AP screens (one for each radio type). Syntax copydefault <idx> Parameters

<idx>

The id of the AP to copy the defaults to

Example admin(network.ap)>copydefaults 1 admin(network.ap)> Related Commands

network.ap.default)> show default show status show ap

Lists the current default settings for a selected Access Port type. Lists the index numbers for all currently connected Access Ports. Gets information about a particular Access Port.


3-6 WS2000 Wireless Switch System Reference Guide

3.2.3 Network AP delete Command delete Network AP Commands

Deletes entries from the Access Port adoption list. In the Web interface, this functionality is found on the Wireless screen in the Access Port Adoption list area. Syntax delete <idx> [<entry>|all] Parameters

<idx> [<entry>|all]

Deletes an entry in the Access Port adoption list as specified by <entry>, which is the number listed in the adopted list (use the list command) for WLAN <idx> (1-8). all indicates deleting all the adoption list entries.

Example

The following example first lists out the adoption list entries for WLAN 1, deletes the second entry for WLAN 1, and finally displays the list for WLAN 1 showing that the entry has been deleted. admin(network.ap)>list 1 ------------------------------------------------------------------------index start mac end mac ------------------------------------------------------------------------1 000000000000 00306542B965 2 004000000000 005000000000 admin(network.ap)>delete 1 2 admin(network.ap)>list 1 ------------------------------------------------------------------------index start mac end mac ------------------------------------------------------------------------1 000000000000 00306542B965 Related Commands

add list

Adds entries to the adoption list. Lists entries in the Access Port adoption list.


Network CLI Commands Reference 3-7

3.2.4 Network AP forget Command forget Network AP Commands

Forgets the AP parameters at a particular index specified by the <idx> value. Syntax forget [<idx>|all] Parameters

<idx>|all

<idx> â&#x20AC;&#x201C; The index to remove the AP parameters. all â&#x20AC;&#x201C; Removes all AP parameters from all the indices in the AP adoption list.

Example

The following syntax shows the forget command. admin(network.ap)>forget 1 admin(network.ap)>save


3-8 WS2000 Wireless Switch System Reference Guide

3.2.5 Network AP list Command list Network AP Commands

Displays entries in the Access Port adoption list for a specified wireless LAN. Syntax list <idx> Parameters

<idx>

Lists the Access Port adoption entries for WLAN <idx> (1-8).

Example

The following example shows the access port adoption list for WLAN 1. admin(network.ap)>list 1 ---------------------------------------------------------------------index start mac end mac ----------------------------------------------------------------------1 1 00A0F8BFE9B0 00A0F8BFE9B0 2 001570165200 001570165200 3 00A0F8B54D68 00A0F8B54D68 4 00A0F8BFEE3C 00A0F8BFEE3C Related Commands

add delete

Adds entries to the adoption list. Deletes entries from the adoption list.


Network CLI Commands Reference 3-9

3.2.6 Network AP remap Command remap Network AP Commands

Remaps the channels for a radio at index specified by <idx>. Syntax remap [<idx>|all] Parameters

<idx>|all

<idx> â&#x20AC;&#x201C; Remaps all channels for a radio specified by the index <idx> all â&#x20AC;&#x201C; Remaps all channels for all the radios in auto channel selection mode.

Example admin(network.ap)>list 1 -------------------------------------------index start mac end mac -------------------------------------------1 00A0F8BFE9B0 00A0F8BFE9B0 2 001570165200 001570165200 3 00A0F8B54D68 00A0F8B54D68 4 00A0F8BFEE3C 00A0F8BFEE3C admin(network.ap)>remap 3


3-10 WS2000 Wireless Switch System Reference Guide

3.2.7 Network AP reset Command reset Network AP Commands

Resets an Access Port. Syntax reset ap <idx> Parameters

ap <idx>

<idx> â&#x20AC;&#x201C; Resets the Access Port with index <idx> in the Access Port Adoption list.

Example --------------------------------------index start mac end mac --------------------------------------1 00A0F8BFE9B0 00A0F8BFE9B0 2 001570165200 001570165200 3 00A0F8B54D68 00A0F8B54D68 4 00A0F8BFEE3C 00A0F8BFEE3C admin(network.ap)>reset ap 2 admin(network.ap)>


Network CLI Commands Reference 3-11

3.2.8 Network AP revert Command revert Network AP Commands

Reverts an Access Port to an Access Point (Only on AP4131 or AP4121). Syntax revert ap <idx> Parameters

ap <idx>

<idx> â&#x20AC;&#x201C; Reverts the Access Port with index <idx> to an Access Point. Only on AP4131 and AP 4121.

Example admin(network.ap)>revert ap 1 admin(network.ap)>


3-12 WS2000 Wireless Switch System Reference Guide

3.2.9 Network AP set Commands set Network AP Commands

Sets Access Port parameters. Syntax set [beacon|ch_mode|div|dtim|loc|name|primary|rate| reg|rts|short-pre|802.1x|ap_scan|mac|radio_type| ap_type|sip_cac_mode|allowed_sip_session] Parameters

beacon intvl <idx> <interval> ch_mode <idx> [fixed|random|auto] div <idx> <mode> dtim <idx> [<period>|<bss_idx <period>]]

loc <idx> <loc> name <idx> <name> primary <idx> <widx>

Sets the beacon interval for Access Port <idx> (1–12) to <interval> in K-us (50– 200). Sets the channel mode for Access Port <idx> (1–12) to fixed, random or auto. Sets the default antenna diversity to <mode> (one of full, primary, or secondary). Sets the DTIM period for Access Port <idx> to <period> (number of beacons from 1–50). <bss_idx> is the index of the BSSID. If not specified for the AP300, the default value of 1 is assumed for this parameter. For other APs, the <period> value is used for all the BSSIDs. Sets Access Port <idx> location description to <loc> (1–13 characters). Sets Access Port <idx> name to <name> (1–13 characters). Sets the primary WLAN <widx> (the WLAN index from 1 to 8) for 802.11a radio associated with Access Port <idx> (1-12). The ESS ID configured for this WLAN will be used in the 802.11a beacon as the primary ESS. Note: This parameter is used only for AP200 APs with 802.11a radios

rate <idx> <basic> <supported>

Sets Access Port <idx> (1-12) basic and supported rates. <basic> and <supported> must be comma-separated lists of rates, such as 6,9,11,15 with no spaces. Basic rates are a subset of supported rates. The different types of radio support the following rates. A - 6|9|12|18|24|36|48|54 B - 1|2|5.5|11 G - 1|2|5.5|6|9|11|12|18|24|36|48|54 Note: For a G radio, basic rates must be a subset of B Rates in order to associate legacy B stations.

reg <idx> <indoor> <ch> Sets Access Port <idx> (1-12)regulatory parameters, which <indoor> is one of <pwr> in or in/out; <ch> is the channel to use, and <pwr> is the power (in dB from 4 to 20). Select the value of <ch> from the appropriate list. 802.11b ch -- 1 to 14 802.11a ch -- 36,40,44,48,52,56,60,64,149,153,157,161 Note: Regulatory parameter values depend on country of operation and radio type. Refer to documentation for regulatory information.

rts <idx> <bytes>

Sets the RTS threshold for Access Port <idx> (1-12) to <bytes> (e.g., 2341).


Network CLI Commands Reference 3-13

short-pre <idx> [enable|disable] 802.1x <username> <password> mac <idx> <mac>

Enables or disables the short preamble mode for Access Port <idx> (1-12)

Sets the 802.1x username and password on AP 300 Access Ports. Both parameters can be up to 64 characters long. Sets the MAC address of AP <idx> (1-12) to <mac> (MAC address format is XX:XX:XX:XX:XX:XX) ap_scan <idx> <mode> Sets the scan mode for Rogue AP detection where <idx> (1-12) is the access port index and <mode> is one of none, detector, on-chan, full-detector. radio_type <idx> Sets the Radio Type of an access port where <idx> (1-12) is the access port <radio_type> index and <radio_type> is one of 802.11a, 802.11b, 802.11b/g. ap_type <idx> Sets the AP type of an Access Port <idx> (1-12) to AP type. AP type <radio_type> <radio_type> is one of AP100, AP200, AP300 sip_cac_mode Enables or disables SIP Call Admission Control. [enable|disable] allowed_sip_session Sets the allowed number of SIP sessions for this portal. The value for <idx> <sip_session> <sip_session> lies between 1 and 100. <idx> (1-12) is the access port index. legacy_mode Enables or disables legacy mode support for AP300s. [enable|disable] mu-power-adjustment Sets Symbol MUs operating power in dBm. <ap-index> is the index of the <ap-index> <adjvalue> Symbol AP and <adjvalue> is the MU power adjustment value in dBm (valid 020) asset-name <idx> Sets asset name for the Access Port with <idx> (1-12) with <asset-name> (1<asset-name> 50 characters)

Example: admin(network.ap)>set short-pre enable admin(network.ap)>set shor 1 enable admin(network.ap)>set name 1 BigOffice admin(network.ap)>set dtim 1 25 admin(network.ap)>set loc 1 BigBldg admin(network.ap)>show ap 1 ap name ap location ap mac address ap serial number ap radio type adopted by

: : : : : :

BigOffice BigBldg 00A0F8565656 00A0F8565656 802.11 B WLAN1

ap indoor use ap channel ap radio power antenna gain rf power antenna type ap diversity

: : : : : : :

indoor/outdoor 1 4 dB 0 dBi 3 mW external full

basic rates supported rates

: 1 2 : 1 2 5.5 11

rts threshold

: 2341


3-14 WS2000 Wireless Switch System Reference Guide

beacon interval dtim period short preamble security beacon (hide ess) primary wlan index admin(network.ap)>

: : : : :

100 25 enable disable wlan1


Network CLI Commands Reference 3-15

3.2.10 Network AP show Command show Network AP Commands

Shows Access Port parameters. Syntax show [ap|status|sip|legacy-mode] Parameters

ap <idx> status sip <idx> legacy-mode

Shows Access Port <idx> (1-12) radio parameters. Shows a list of Access Ports and their status. Shows SIP statistics for the portal <idx> (1-12). Shows the legacy mode configuration for the switch

Example admin(network.ap)>show ap 1 ap name ap location ap mac address ap serial number ap radio type adopted by

: : : : : :

BigOffice BigBldg 00A0F8565656 00A0F8565656 802.11 B WLAN1

ap indoor use ap channel ap radio power antenna gain rf power

: : : : :

indoor/outdoor 1 4 dB 0 dBi 3 mW

antenna type ap diversity

: external : full

basic rates supported rates

: 1 2 : 1 2 5.5 11

rts threshold beacon interval dtim period short preamble security beacon (hide ess) primary wlan index detector ap

: : : : : : :

2341 100 25 enable disable wlan1 disable

admin(network.ap)>show status ap index ap status

: 1 : connected

ap index ap status

: 2 : not connected

ap index

: 3


3-16 WS2000 Wireless Switch System Reference Guide

ap status

: not connected

ap index ap status

: 4 : not connected

ap status

: not connected

ap index ap status

: 6 : not connected

ap index ap status

: 7 : not connected

ap index ap status

: 8 : not connected

ap index ap status

: 9 : not connected

ap index ap status

: 10 : not connected

ap index ap status

: 11 : not connected

ap index ap status

: 12 : not connected

admin(network.ap)>show legacy-mode Legacy mode is enabled. Related Commands

set

Sets Access Port parameters.


Network CLI Commands Reference 3-17

3.3 Network AP Default Commands default Network AP Commands

Displays the default Access Port (AP) submenu. Use these commands to set the default values for all APs. Syntax admin(network.ap)> default

The items available under this command are shown below. Command

set loadfromcf show quit save .. /

Description

Sets default Access Port parameters. Loads the configured images from the CF card immediately Shows default Access Port parameters. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref

page 3-18 page 3-20 page 3-21 page 3-1 page 3-1 page 3-1 page 3-1

The items in this menu are available in the Web interface under the three default Access Port screens (one for each radio type) within the Wireless menu area.


3-18 WS2000 Wireless Switch System Reference Guide

3.3.1 Network AP Default set Command set Network AP Default Commands

Sets the default Access Port parameters. Syntax set [beacon|ch_mode|div|dtim|primary|reg|rate|rts|short-pre|sensor-img| ap4131-img|ap4121-img] Parameters

beacon intvl <type> <interval> ch-mode <type> [fixed|random|auto] div <type> <mode> dtim <type> [<bss_idx>|<period>]

primary <type> <wdix>

Sets the default beacon interval for specified radio type <type> (one of 802.11a, 802.11b, or 802.11b/g) to <interval> in K-us (50â&#x20AC;&#x201C;200). Sets the default channel mode for radios of <type> (one of 802.11a, 802.11b, or 802.11b/g) to fixed, random, or auto. Sets the default antenna diversity for radios of <type> (one of 802.11a, 802.11b, or 802.11b/g) to <mode> (one of full, primary, or secondary). Sets the default DTIM period for radios of specified <type> (one of 802.11a, 802.11b, or 802.11b/g) to <period> number of beacons (1â&#x20AC;&#x201C;50). <bss_idx> is the index of the BSSID. If not specified for the AP300, the default value of 1 is assumed for this parameter. For other APs, the <period> value is used for all the BSSIDs. Sets the default primary WLAN <widx> (1 to 8) for 802.11a radios of specified <type> (one of 802.11a, 802.11b, or 802.11b/g). The ESS ID configured for this WLAN will be used in the 802.11a beacon as the primary ESS. Note: This parameter is used only for AP200 APs with 802.11a radios.

rate <type> <basic> <supported>

Sets the default basic and supported rates for radios of specified <type> (one of 802.11a, 802.11b, or 802.11b/g). <basic> and <supported> must be a comma separated list of rates, such as 6,9,11,15 with no spaces. Basic rates are a subset of supported rates. The different types of radio support the following rates. A - 6|9|12|18|24|36|48|54 B - 1|2|5.5|11 G - 1|2|5.5|6|9|11|12|18|24|36|48|54 Note: For a G radio, basic rates must be a subset of B Rates in order to associate legacy B stations.

reg <type> <indoor> <ch> <pwr>

Sets the default regulatory parameters for radios of specified type (one of 802.11a, 802.11b, or 802.11b/g), where <indoor> is one of in or in/out; <ch> is the channel to use, and <pwr> is the power (in dB from 4 to 20). Select the value of <ch> from the appropriate list. 802.11b ch -- 1 to 14 802.11a ch -- 36,40,44,48,52,56,60,64,149,153,157,161 Note: Note: Regulatory parameter values depend on the country of operation and radio type. Refer to the documentation for specific regulatory information.

rts <type> <bytes>

Sets the default RTS threshold for radios of specified <type> (one of 802.11a, 802.11b, or 802.11b/g) to <bytes> (e.g., 2341).


Network CLI Commands Reference 3-19

short-pre <type> [enable|disable] sensor-img <loc>

By default, enables or disables the short preamble mode for radios of specified <type> (one of 802.11a, 802.11b, or 802.11b/g). Sets the default location of the sensor image. Location is specified in the <loc> parameter. Sets the default location <loc> of the AP 4131 image. Select from cf or def. Sets the default location <loc> of the AP 4121 image. Select from cf or def.

ap4131-img <loc> ap4121-img <loc> Example

admin(network.ap.default)>set ch_mode 802.11a fixed admin(network.ap.default)>set dtim 802.11a 10 admin(network.ap.default)>set short 802.11b/g enable admin(network.ap.default)>show default 802.11a ap ap ap ap

indoor use channel channel mode radio power

: : : : :

indoor only 36 random 17 dBm 50 mW

ap diversity

: full

basic rates supported rates

: 6 12 24 : 6 9 12 18 24 36 48 54

rts threshold : 2341 beacon interval : 100 ------------------------------------------------------------------------BSSID | DTIM period ------------------------------------------------------------------------1 | 10 2 | 10 3 | 10 4 | 10 short preamble primary wlan index

: disable : wlan1

admin(network.ap.default)> Related Commands

show default

Displays the default AP settings for a particular radio type.


3-20 WS2000 Wireless Switch System Reference Guide

3.3.2 Network AP Default loadfromcf Command loadfromcf Network AP Default Commands

Immediately loads configured images from the CF card. Syntax loadfromcf Parameters

None Example admin(network.ap.default)>loadfromcf


Network CLI Commands Reference 3-21

3.3.3 Network AP Default show Command show Network AP Default Commands

Shows the default Access Port parameters for a particular radio type. Syntax show [default|img-location] Parameters

default <type> Shows the default Access Port parameters for radio type <type> (802.11a, 802.11b, 802.11bg). img-location Shows the Sensor/Access Port image locations. Example admin(network.ap.default)>set ch_mode 802.11a fixed admin(network.ap.default)>set dtim 802.11a 10 admin(network.ap.default)>set short 802.11b/g enable admin(network.ap.default)>show default 802.11a ap ap ap ap

indoor use channel channel mode radio power

: : : : :

indoor only 36 random 17 dBm 50 mW

ap diversity

: full

basic rates supported rates

: 6 12 24 : 6 9 12 18 24 36 48 54

rts threshold : 2341 beacon interval : 100 ---------------------------------------------------------------------BSSID | DTIM period ---------------------------------------------------------------------1 | 10 2 | 10 3 | 10 4 | 10 short preamble : disable primary wlan index : wlan1 Related Commands

set

Sets the default parameters for the specified radio type.


3-22 WS2000 Wireless Switch System Reference Guide

3.4 Network AP Test Commands test Network AP Commands

Displays the test submenu. Syntax admin(network.ap)> test admin(network.ap.test)>

The items available under this command are shown below Command

new quit save .. /

Description

Switches the Access Port to a new channel. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-23 page 3-1 page 3-1 page 3-1 page 3-1


Network CLI Commands Reference 3-23

3.4.1 Network AP Test new Command new Network AP Test Commands

Switches the specified Access Port to a new channel. Syntax new <idx> <ch> Parameters

<idx> <ch>

Switches the Access Port indexed with <idx> (1â&#x20AC;&#x201C;12) to channel <ch> (which must be a valid channel for the specified Access Port.

Example admin(network.ap.test)>new 2 15 admin(network.ap.test)>


3-24 WS2000 Wireless Switch System Reference Guide

3.5 Network AP Selfheal commands selfheal Network AP Commands

Displays the selfheal submenu. Syntax admin(network.ap)> selfheal

The items available under this menu are shown below. Command

set detect-neighbor add del show quit save .. /

Description

Sets self-heal parameters Detects neighbors and prepares the neighbors list automatically Adds entries to the self-heal table Removes entries from the self-heal table Shows entries in the self-heal table Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-25 page 3-26 page 3-27 page 3-28 page 3-29 page 3-1 page 3-1 page 3-1 page 3-1


Network CLI Commands Reference 3-25

3.5.1 Network AP Selfheal set Command set Network AP Selfheal commands

Sets the different self-heal parameters. Syntax set [interference-avoidance|neighbor-recovery] Parameters

interference-avoidance • mode [enable|disable] – Sets the self-healing interference mode. Can be [mode one of enable or disable. [enable|disable] | • max-retries [<max-retires|default] – Sets the threshold limit on the max-retries maximum number of retires permitted. <max-retires> (0-15) is the [<max-retries>|default] | number of allowed retries. default has a value of 14. hold-time • hold-time [<hold-time>|default] – Sets the hold-time between running two [<hold-time>|default]] consecutive interference avoidance algorithms. <hold-time> (0-65535) is the duration in seconds. default has a value of 3600. • mode [enable|disable] – Enables or disables neighbor recovery. neighbor-recovery • action <radio-idx> <action> – Sets the neighbor recovery action for the [mode portal. <radio-idx> (1-12) is the id of the radio for which action specified [enable|disable] | action <radio-idx> <action> | in <action> must be taken. Select <action> from none, raise-power, open-rates, both. offset <radio-idx> [<offset>|default]] Sets the radio offset value for the radio <radio-idx> (1-12) when the set action is raise-power. <offset> value is between 0-65535. default value is 0. Example - Set interference-avoidance: admin(network.ap.selfheal)>set admin(network.ap.selfheal)>set admin(network.ap.selfheal)>set admin(network.ap.selfheal)>set admin(network.ap.selfheal)>set admin(network.ap.selfheal)>set

interference-avoidance interference-avoidance interference-avoidance interference-avoidance interference-avoidance interference-avoidance

mode enable mode disable max-retries 15 max-retries default hold-time 24000 hold-time default

Example - set neighbor-recovery: admin(network.ap.selfheal)>set admin(network.ap.selfheal)>set admin(network.ap.selfheal)>set admin(network.ap.selfheal)>set 1 admin(network.ap.selfheal)>set 1 admin(network.ap.selfheal)>set

neighbor-recovery neighbor-recovery neighbor-recovery neighbor-recovery

mode enable mode disable action none radio 1 action raise-power radio

neighbor-recovery action open-rates radio neighbor-recovery action both radio 1


3-26 WS2000 Wireless Switch System Reference Guide

3.5.2 Network AP Selfheal detect-neighbor Command detect-neighbor Network AP Selfheal commands

Detects the neighbor devices. Syntax detect-neighbor Parameters

None Example admin(network.ap.selfheal)>detect-neighbor admin(network.ap.selfheal)>


Network CLI Commands Reference 3-27

3.5.3 Network AP Selfheal add Command add Network AP Selfheal commands

Adds entries into the selfheal AP-AP neighbor table. Syntax add <from-ap> <to-ap> Parameters

<from-ap> <to-ap>

Adds the specified APs into the neighbor-recovery table. <from-ap> and <toap> accepts values 1 to 12 and all. all indicates all the APs.

Example admin(network.ap.selfheal)>add 2 4 admin(network.ap.selfheal)>show Interference Avoidance Mode : disable Retry Count : 14 Hold Time : 3600 Neighbor Recovery Mode : enable PORTAL-IDX OFFSET-VALUE NEIGHBOR-RECOVERY-ACTION 1 0 none 2 0 open-rates 3 0 none 4 777 raise-power 5 0 none 6 0 none 7 0 none 8 0 none 9 0 none 10 0 none 11 0 none 12 0 none FROM-AP 2 4

TO-AP 4 2

-------------HEALING STATE OF PORTALS-----------PORTAL HEALING-MODE CONFIGURED-POWER(dBm) 1 Normal 20 2 Normal 17 3 Normal 20 4 Normal 17

RAISED-POWER(dBm) 0 0 0 0


3-28 WS2000 Wireless Switch System Reference Guide

3.5.4 Network AP Selfheal del Command del Network AP Selfheal commands

Deletes entries from the selfheal AP-AP neighbor table. Syntax del <from-ap> <to-ap> Parameters <from-ap> <to-ap> Removes the specified APs from the neighbor-recovery table. <from-ap> and

<to-ap> accepts values 1 to 12 and all. all indicates all the APs. Example admin(network.ap.selfheal)> del 2 4 admin(network.ap.selfheal)> show Interference Avoidance Mode : disable Retry Count : 14 Hold Time : 3600 Neighbor Recovery Mode : enable PORTAL-IDX OFFSET-VALUE NEIGHBOR-RECOVERY-ACTION 1 0 none 2 0 open-rates 3 0 none 4 0 none 5 0 none 6 0 none 7 0 none 8 0 none 9 0 none 10 0 none 11 0 none 12 0 none FROM-AP

TO-AP

-------------HEALING STATE OF PORTALS-----------PORTAL 1 2 3 4

HEALING-MODE Normal Normal Normal Normal

CONFIGURED-POWER(dBm) 20 17 20 17

RAISED-POWER(dBm) 0 0 0 0


Network CLI Commands Reference 3-29

3.5.5 Network AP Selfheal show Command show Network AP Selfheal commands

Shows the selfheal parameter details. Syntax show Parameters

None Example admin(network.ap.selfheal)>show Interference Avoidance Mode : disable Retry Count : 14 Hold Time : 3600 Neighbor Recovery Mode : disable PORTAL-IDX OFFSET-VALUE NEIGHBOR-RECOVERY-ACTION 1 0 none 2 0 none 3 0 none 4 0 none 5 0 none 6 0 none 7 0 none 8 0 none 9 0 none 10 0 none 11 0 none 12 0 none FROM-AP 1 2

TO-AP 2 1

-------------HEALING STATE OF PORTALS-----------PORTAL HEALING-MODE CONFIGURED-POWER(dBm) 1 Normal 20 2 Normal 20

RAISED-POWER(dBm) 0 0


3-30 WS2000 Wireless Switch System Reference Guide

3.6 Network AP Denyap Commands denyap Network AP Commands

Displays the denyap submenu. Use the denyap submenu to manage APs that have been denied access to the switch. Syntax admin(network.ap)> denyap admin(network.ap.denyap)>

The items available under this menu are shown below. Command

add delete show quit save .. /

Description

Adds access port deny list entries Deletes access port deny list entries Shows access port deny list Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-31 page 3-32 page 3-33 page 3-1 page 3-1 page 3-1 page 3-1


Network CLI Commands Reference 3-31

3.6.1 Network AP Denyap add Command add Network AP Denyap Commands

Add entries to the Access Port Deny List. Syntax add <mac> Parameters

<mac>

Adds the MAC specified in the <mac> parameter to the Access Port Deny List. MAC entries are to be entered without the â&#x20AC;&#x2DC;:â&#x20AC;&#x2122;. For example 00b4c2114534.

Example admin(network.ap.denyap)>add 00b4c2114534 admin(network.ap.denyap)> admin(network.ap.denyap)>show ------------------------------------------------------------------------Idx AP NIC MAC ------------------------------------------------------------------------1 00b4c2114535 2 00b4c2114534 admin(network.ap.denyap)>


3-32 WS2000 Wireless Switch System Reference Guide

3.6.2 Network AP Denyap delete Command delete Network AP Denyap Commands

Deletes an entry in the Access Port Deny List. Syntax delete [<mac>|all] Parameters

<mac> all

Deletes the MAC specified in the <mac> parameter from the Access Port Deny List. Deletes all the entries in the Access Port Deny List

Example admin(network.ap.denyap)>show ------------------------------------------------------------------------Idx AP NIC MAC ------------------------------------------------------------------------1 00b4c2114535 2 00b4c2114534 admin(network.ap.denyap)>delete 00b4c2114535 admin(network.ap.denyap)>show ------------------------------------------------------------------------Idx AP NIC MAC ------------------------------------------------------------------------1 00b4c2114534


Network CLI Commands Reference 3-33

3.6.3 Network AP Denyap show Command show Network AP Denyap Commands

Displays the Access Port Deny List. Syntax show Parameters

None Example admin(network.ap.denyap)>show ---------------------------------------------------------------------Idx AP NIC MAC ---------------------------------------------------------------------1 00b4c2114535 2 00b4c2114534


3-34 WS2000 Wireless Switch System Reference Guide

3.7 Network AP Smartscan Commands smartscan Network AP Commands

Displays the smartscan submenu. Syntax admin(network.ap)> smartscan admin(network.ap.smartscan)>

The items available under this menu are shown below. Command

set delete show quit save .. /

Description

Sets smartscan channels Removes smartscan channels Shows all smartscan channels Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-35 page 3-36 page 3-37 page 3-1 page 3-1 page 3-1 page 3-1


Network CLI Commands Reference 3-35

3.7.1 Network AP Smartscan set Command set Network AP Smartscan Commands

Sets the smartscan channels. These channels are the ones that are scanned for presence of WLANs. Syntax set [11a <11a>|11bg <11bg>] Parameters

11a <11a> 11bg <11bg>

Sets the smart scan channel list for the 5 GHz band. Channel list <11a> should be a comma separated list. For example, 36,40,44,48 Sets the smart scan channel list for the 2.4 GHz band. Channel list <11bg> should be a comma separated list. For example, 1-4,6,8 Note: When using a range for selecting multiple channels, all the channels that are included in the range should be valid channel numbers for the current regulatory domain.

Example admin<network.ap.smartscan>> set 11bg 1-6,8,10-12 admin(network.ap.smartscan)> show all smart scan 11a channels : smart scan 11bg channels : 1 2 3 4 5 6 8 10 11 12 Available valid 11a channels : 36 40 44 48 52 56 60 64 149 153 157 161 165 Available valid 11bg channels : 1 2 3 4 5 6 7 8 9 10 11 12 13


3-36 WS2000 Wireless Switch System Reference Guide

3.7.2 Network AP Smartscan delete Command delete Network AP Smartscan Commands

Deletes all the channels in the smartscan list for a specific radio. Syntax delete [11a <11a>|11bg <11bg>] Parameters

11a <11a> 11bg <11bg>

Sets the smart scan channel list for the 5 GHz band. Channel list <11a> should be a comma separated list. For example, 36,40,44,48 Sets the smart scan channel list for the 2.4 GHz band. Channel list <11bg> should be a comma separated list. For example, 1-4,6,8 Note: When using a range for selecting multiple channels, all the channels that are included in the range should be valid channel numbers for the current regulatory domain.

Example admin(network.ap.smartscan)> show all smart scan 11a channels : smart scan 11bg channels : 1 2 3 Available valid 11a channels : 36 40 161 165 Available valid 11bg channels : 1 2 3 admin(network.ap.smartscan)> delete 11bg admin(network.ap.smartscan)> show all smart scan 11a channels : smart scan 11bg channels : Available valid 11a channels : 36 40 161 165 Available valid 11bg channels : 1 2 3 admin(network.ap.smartscan)>

4 5 6 8 10 11 12 44 48 52 56 60 64 149 153 157 4 5 6 7 8 9 10 11 12 13

44 48 52 56 60 64 149 153 157 4 5 6 7 8 9 10 11 12 13


Network CLI Commands Reference 3-37

3.7.3 Network AP Smartscan show Command show Network AP Smartscan Commands

Displays the list of channels used for smartscan for the different radios. Syntax show [all] Parameters

all

Shows the list of channels in the smartscan list.

Example admin(network.ap.smartscan)> show smart scan 11a channels smart scan 11bg channels Available valid 11a channels 161 165 Available valid 11bg channels

all : : 1 2 3 4 5 6 8 10 11 12 : 36 40 44 48 52 56 60 64 149 153 157 : 1 2 3 4 5 6 7 8 9 10 11 12 13


3-38 WS2000 Wireless Switch System Reference Guide

3.8 Network AP Test Commands test Network AP Commands

Displays the test submenu. Use this submenu commands to test APs. Syntax admin(network.ap)> test admin(network.ap.test)>

The items available under this command are shown below. Command

new show quit .. /

Description

Switches the AP to a new channel Shows mesh configuration information Quits the CLI. Goes to the parent menu. Goes to the root menu.

Ref

page 3-39 page 3-47 page 3-1 page 3-1 page 3-1


Network CLI Commands Reference 3-39

3.8.1 Network AP Test new Command new Network AP Test Commands

Switches AP to a new channel. Syntax test <idx> <ch> Parameters

<idx> <ch>

The access port index for which the channel has to be changed The channel to change to. This must be a channel that is valid for the selected AP <idx>.

Example admin(network.ap.test)> new 1 24 admin(network.ap.test)>


3-40 WS2000 Wireless Switch System Reference Guide

3.9 Network AP Mesh Commands mesh Network AP Commands

Displays the mesh submenu. Use this menu to configure the different Mesh Network parameters. Syntax admin(network.ap)> mesh admin(network.ap.mesh)>

The items available under this command are shown below. Command

set add del preferred-list available-list show quit save .. /

Description

Sets mesh parameters Adds a preferred base to the list Removes preferred bases from the list Shows a list of preferred bases Shows a list of available bases Shows mesh configuration information Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref

page 3-41 page 3-43 page 3-44 page 3-45 page 3-46 page 3-47 page 3-1 page 3-1 page 3-1 page 3-1


Network CLI Commands Reference 3-41

3.9.1 Network AP Mesh set Command set Network AP Mesh Commands

Sets the mesh related parameters. Syntax set [client|vlan|auto|base|max-clients] Parameters

client <radio-idx> Enables or disables the mesh client for the radio with the index [enable|disable] <radio-idx> (1-12). wlan <radio-idx> <wlan-id> Selects the WLAN <wlan-id> (1-8) for the mesh client radio index <radio-idx> (1-12). auto <radio-idx> Enables or disables automatic base selection for the radio with the index [enable|disable] <radio-idx> (1-12). base <radio-idx> Enables or disables the radio <radio-idx> (1-12) as the mesh base. [enable|disable] max-clients <radio-idx> Sets the maximum number of client <max-clients> for the radio <max-clients> <radio-idx> (1-12). Example admin(network.ap.mesh)> set client 1 enable admin(network.ap.mesh)> show 1 ------------------------------------------------------------------------"Mode" "WLAN" "Base Auto Selection" "Max Clients" ------------------------------------------------------------------------Client Only WLAN1 Enabled N/A admin(network.ap.mesh)> set base 1 enable admin(network.ap.mesh)> show 1 ------------------------------------------------------------------------"Mode" "WLAN" "Base Auto Selection" "Max Clients" ------------------------------------------------------------------------Base and Client WLAN1 Enabled 6 admin(network.ap.mesh)> set wlan 1 3 admin(network.ap.mesh)> show 1 ------------------------------------------------------------------------"Mode" "WLAN" "Base Auto Selection" "Max Clients" ------------------------------------------------------------------------Base and Client WLAN3 Enabled 6 admin(network.ap.mesh)> set max-clients 1 4 admin(network.ap.mesh)> show 1 ------------------------------------------------------------------------"Mode" "WLAN" "Base Auto Selection" "Max Clients" ------------------------------------------------------------------------Base and Client WLAN3 Enabled 4


3-42 WS2000 Wireless Switch System Reference Guide

admin(network.ap.mesh)> set auto 1 disable admin(network.ap.mesh)> show 1 ------------------------------------------------------------------------"Mode" "WLAN" "Base Auto Selection" "Max Clients" ------------------------------------------------------------------------Base and Client WLAN3 Disabled 4 admin(network.ap.mesh)>


Network CLI Commands Reference 3-43

3.9.2 Network AP Mesh add Command add Network AP Mesh Commands

Adds a preferred base to the deviceâ&#x20AC;&#x2122;s Preferred Base Bridge List. Syntax add <radio-idx> <mac> Parameters <radio-idx> <mac>

Adds the base to the deviceâ&#x20AC;&#x2122;s Preferred Base Bridge List. The <radio-idx> (1-12) is the unique ID for the radio. <mac> is the address of the base device to be added to the list.

Example admin(network.ap.mesh)> add 3 001570419F9F admin(network.ap.mesh)> preferred-list 3 ------------------------------------------------------------------------"Priority" "Base MAC" ------------------------------------------------------------------------1 00:15:70:41:9F:9F admin(network.ap.mesh)> Related Commands

del preferred-list

Removes preferred bases from the list Shows a list of preferred bases


3-44 WS2000 Wireless Switch System Reference Guide

3.9.3 Network AP Mesh del Command del Network AP Mesh Commands

Removes a Mesh Base from the device’s Preferred Base Bridge List. Syntax del [<radio-idx>] [all|<index>] Parameters <radio-idx> [all|<index>]

• Removes all preferred bases from the device’s Preferred Base Bridge List for the radio specified by the <radio-idx> (1-12). • all – Indicates all the preferred base devices. • <index> – Indicates the selected preferred base device.

Example admin(network.ap.mesh)> preferred-list 3 ------------------------------------------------------------------------"Priority" "Base MAC" ------------------------------------------------------------------------1 00:15:70:41:9F:9F 2 00:15:45:70:9C:8D 3 15:03:54:07:23:45 admin(network.ap.mesh)> del 3 2 admin(network.ap.mesh)> preferred-list 3 ------------------------------------------------------------------------"Priority" "Base MAC" ------------------------------------------------------------------------1 00:15:70:41:9F:9F 2 15:03:54:07:23:45 admin(network.ap.mesh)> del 3 all admin(network.ap.mesh)> preferred-list 3 ------------------------------------------------------------------------"Priority" "Base MAC" ------------------------------------------------------------------------admin(network.ap.mesh)> Related Commands

add preferred-list

Adds a preferred base to the list Shows a list of preferred bases


Network CLI Commands Reference 3-45

3.9.4 Network AP Mesh preferred-list Command preferred-list Network AP Mesh Commands

Displays the Preferred Base Bridge List for the device Syntax preferred-list <radio-idx> Parameters

<radio-idx>

Displays the selected radioâ&#x20AC;&#x2122;s (<radio-idx> (1-12)) Preferred Base Bridge List.

Example admin(network.ap.mesh)> preferred-list 3 ------------------------------------------------------------------------"Priority" "Base MAC" ------------------------------------------------------------------------1 00:15:70:41:9F:9F 2 00:15:45:70:9C:8D 3 15:03:54:07:23:45 admin(network.ap.mesh)> Related Commands

add del

Adds a preferred base to the list Removes preferred bases from the list


3-46 WS2000 Wireless Switch System Reference Guide

3.9.5 Network AP Mesh available-list Command available-list Network AP Mesh Commands

Displays the list of available base bridges along with their MAC addresses and the RSSI. Syntax available-list <radio-idx> Parameters

<radio-idx>

Displays the available base bridges for a particular radio indicated by the <radio-idx> (1-12) value.

Example admin(network.ap.mesh)> available-list 3 ------------------------------------------------------------------------"MAC" "Channel" "RSSI" ------------------------------------------------------------------------00:15:70:41:9A:9A 11 189 admin(network.ap.mesh)> Related Commands

add del preferred-list

Adds a preferred base to the list Removes preferred bases from the list Shows a list of preferred bases


Network CLI Commands Reference 3-47

3.9.6 Network AP Mesh show Command show Network AP Mesh Commands

Displays the mesh details for a particular radio. Syntax show <radio-idx> Parameters

<radio-idx>

Displays the mesh configuration information for the radio indicated by the <radio-idx> (1-12) value.

Example admin(network.ap.mesh)> show 3 ------------------------------------------------------------------------"Mode" "WLAN" "Base Auto Selection" "Max Clients" ------------------------------------------------------------------------Base and Client WLAN2 Enabled 4


3-48 WS2000 Wireless Switch System Reference Guide

3.10 Network DCHP Commands dhcp network

Displays the DHCP submenu. Syntax admin(network)> dhcp admin(network.dhcp)>

The items available under this command are shown below. Command

set show quit save .. /

Description

Sets system updated flags. Shows system updated flags. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-49 page 3-50 page 3-1 page 3-1 page 3-1 page 3-1


Network CLI Commands Reference 3-49

3.10.1 Network DHCP set Command set Network DCHP Commands

Sets parameters for automated firmware and configuration upgrades. Syntax set [firmwareupgrade|configureupgrade|interface| dhcpvendorclassid|autoupgradeinterval]

firmwareupgrade [0|1] configupgrade [0|1] interface <iface>

Enables (1) or disables (0) automatic switch firmware upgrade. Enables (1) or disables (0) automatic switch configuration update. Sets the interface <iface> for the upgrades to the device: s1 – subnet 1 s2 – subnet 2 s3 – subnet 3 s4 – subnet 4 s5 – subnet 5 s6 – subnet 6 w – WAN Sets the DHCP vendor class id to <dhcp vendor class id>.

dhcpvendorclassid <dhcp vendor class id> Note: Vendor class id must be preceded by “Sym”. autoupgradeinterval Sets the Light Weight DHCP Client Auto Upload time interval to <autoupgradeinterval> <autoupgradeinterval> (1-65535) seconds. Example admin(network.dhcp)>show all Auto Firmware upgrade flag Auto Config upgrade flag Interface

: 0 : 0 : w

admin(network.dhcp)>set firmwareupgrade 1 admin(network.dhcp)>set con 1 admin(network.dhcp)>set inter s1 admin(network.dhcp)>show all Auto Firmware upgrade flag Auto Config upgrade flag Interface

: 1 : 1 : s1

Related Commands

show all Shows the settings for all the automatic update parameters.


3-50 WS2000 Wireless Switch System Reference Guide

3.10.2 Network DHCP show Command show Network DCHP Commands

Displays system updated flags. Syntax show all Parameters

all

Displays all of the DHCP-related system update parameters.

Example admin(network.dhcp)>show all Auto Firmware upgrade flag Auto Config upgrade flag Interface Dhcp Vendor Class Id Auto Upgrade Interval

: : : : :

1 1 w SymbolWS.WS2K-V2-0 600

Related Commands

set

Sets the DHCP-related parameters for updating system firmware and configuration.


Network CLI Commands Reference 3-51

3.11 Network Firewall Commands fw network

Displays the firewall submenu. Syntax admin(network)> fw admin(network.fw)>

The items available under this command are shown below. Command

set show submap policy timeradd timerset timerdel timerlist ips quit save .. /

Description

Sets firewall parameters. Shows firewall parameters. Goes to the subnet mapping submenu. Goes to the advanced subnet mapping submenu. Creates a new timeout value Sets timeout values Deletes a named timer Shows the list of timers Goes to the Intrusion Prevention System submenu. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-52 page 3-54 page 3-80 page 3-64 page 3-55 page 3-58 page 3-56 page 3-57 page 3-59 page 3-1 page 3-1 page 3-1 page 3-1

The commands in this menu are available in the Web interface on the Network>Firewall screen.


3-52 WS2000 Wireless Switch System Reference Guide

3.11.1 Network Firewall set Command set Network Firewall Commands

Sets firewall parameters. In the Web interface, this functionality is provide by the Network->Firewall screen. Syntax set [mode|override|ftp|ip|seq|src|syn|win|spoof|rst| range|netbios-alg] [enable|disable] set set set set

mime mime mime mime

[filter|hdr|len] filter [enable|disable] hdr <count> len <length>

set timeout <time> set fin <time> Parameters

mode [enable|disable] override [enable|disable] ftp [enable|disable] ip [enable|disable] mime [filter [enable|disable]| hdr <count>| len <length>] seq [enable|disable] src [enable|disable] syn [enable|disable] timeout <time> win [enable|disable] spoof [enable|disable] rst [enable|disable] range [enable|disable] fin <time> netbios-alg [enable|disable]

Enables or disables the firewall. Enables or disables subnet access override. Enables or disables FTP bounce attack check. Enables or disables IP unaligned timestamp check. • filter [enable|disable] – Enables or disables MIME flood attack check. • hdr <count> – Sets the max number of headers as specified in <count> (12-34463) • len <length> – Sets the max header length in bytes as specified by <length> (256-34463) Enables or disables sequence number prediction check. Enables or disables source routing check. Enables or disables SYN flood attack check. Sets the firewall timeout to <time> minutes (1–90). Enables or disables Winnuke attack check. Enables or disables IP Spoofing attack check Enables or disable reset attack check Enables or disable sequence out of range check Sets fin timeout to <time> seconds. Enables or disables NetBIOS ALG support.

Example admin(network.fw)>show all Firewall Status

: enable

Subnet Access Override

: disable

Configurable Firewall Filters


Network CLI Commands Reference 3-53

ftp bounce attack filter syn flood attack filter unaligned ip timestamp filter source routing attack filter winnuke attack filter seq num prediction attack filter mime flood attack filter max mime header length max mime headers nat timeout interval in minutes ip spoofing attack filter reset attack filter ack/seq number out of range check fin timeout

: : : : : : : : : : : : : :

enable enable enable enable enable enable enable 8192 16 30 enable enable enable 20

: : : :

enable enable enable disable

Always On Firewall Filters land attack filter ping of death attack filter reassembly attack filter NetBIOS alg admin(network.fw)> Related Commands

show

Shows the current firewall settings.


3-54 WS2000 Wireless Switch System Reference Guide

3.11.2 Network Firewall show Command show Network Firewall Commands

Displays the firewall parameters. Syntax show all Parameters

all

Shows all firewall settings.

Example admin(network.fw)>show all Firewall Status

: enable

Subnet Access Override

: disable

Configurable Firewall Filters ftp bounce attack filter syn flood attack filter unaligned ip timestamp filter source routing attack filter winnuke attack filter seq num prediction attack filter mime flood attack filter max mime header length max mime headers nat timeout interval in minutes ip spoofing attack filter reset attack filter ack/seq number out of range check fin timeout

: : : : : : : : : : : : : :

enable enable enable enable enable enable enable 8192 16 30 enable enable enable 20

: : : :

enable enable enable disable

Always On Firewall Filters land attack filter ping of death attack filter reassembly attack filter NetBIOS alg admin(network.fw)> Related Commands

set

Sets firewall settings.


Network CLI Commands Reference 3-55

3.11.3 Network Firewall timeradd Command timeradd Network Firewall Commands

Adds a new named timeout value. Syntax timeradd <name> <protocol> <port> <value> Parameters timeradd <name> Adds a new named timeout value. <protocol> • <name> is the name of the time out value (1-15 characters) <port> <value>

• <protocol> is the protocol to be used. (tcp or udp) • <port> is the port number (0-32767) • <value> is the timeout value in seconds (60-268400000)

Example admin(network.fw)> timeradd newtcp tcp 21 4500 admin(network.fw)> timerlist ----------------------------------------------------------Name Protocol Port Timeout ( Secs ) ----------------------------------------------------------newtcp tcp 21 4500 admin(network.fw)


3-56 WS2000 Wireless Switch System Reference Guide

3.11.4 Network Firewall timerdel Command timerdel Network Firewall Commands

Deletes a named timeout value. Syntax timerdell <timer name> Parameters

timerdel <timername>

Deletes a timer named <timer name>.

Example admin(network.fw)>timeradd newudp udp 21 4500 admin(network.fw)>timerlist ----------------------------------------------------------Name Protocol Port Timeout ( Secs ) ----------------------------------------------------------newtcp tcp 21 4500 newudp udp 21 4500 admin(network.fw)timerdel newtcp admin(network.fw)>timerlist ----------------------------------------------------------Name Protocol Port Timeout ( Secs ) ----------------------------------------------------------newudp udp 21 4500


Network CLI Commands Reference 3-57

3.11.5 Network Firewall timerlist Command timerlist Network Firewall Commands

Displays all named time outs. Syntax timerlist Parameters

None Example admin(network.fw)>timerlist ----------------------------------------------------------Name Protocol Port Timeout ( Secs ) ----------------------------------------------------------newtcp tcp 21 4500 newudp udp 21 4500 admin(network.fw)


3-58 WS2000 Wireless Switch System Reference Guide

3.11.6 Network Firewall timerset Command timerset Network Firewall Commands

Sets the timeout value for a named timer. Syntax timerset <timer name> <value> Parameters

timerset <timer name> <value>

Sets the timer value <value> (60-268400000) for a timer named <timer name>.

Example admin(network.fw)>timerset newudp 5000 admin(network.fw)>timerlist ----------------------------------------------------------Name Protocol Port Timeout ( Secs ) ----------------------------------------------------------newtcp tcp 21 4500 newudp udp 21 5000


Network CLI Commands Reference 3-59

3.12 Network Firewall Intrusion Prevention System Commands ips Network Firewall Commands

Displays the firewall Intrusion Prevention System (IPS) submenu. Syntax admin(network.fw)> ips admin(network.fw.ips)>

The items available under this command are shown below. Command

set show quit save .. /

Description

Sets the IPS parameters Displays the IPS settings Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-60 page 3-62 page 3-1 page 3-1 page 3-1 page 3-1


3-60 WS2000 Wireless Switch System Reference Guide

3.12.1 Network Firewall IPS set Command set Network Firewall Intrusion Prevention System Commands

Sets the Intrusion Prevention System (IPS) parameters. Syntax set [mode|anomaly-config|signature-categories|direction] set set set set

mode [enable|disable] signature-categorises <category-list> direction [default|bi-directional] anomaly-config[-sl <smtplen>|-ml <mimelen>|-md <mimedepth>| -hl <httpline>|-hz <httpsize>|-hlz <httplinesize>| -huz <httpurisize>]

mode [enable|disable] anomaly-config [-sl <smtplen>| -ml <mimelen>| -md <mimedepth>| -hl <httphline>| -hz <httphsize>| -hlz <httplinesize>| -huz <httpurisize>] signature-categories <category-list>

direction [default|bi-directional]

Enables or disables IPS. • -sl <smtplen> – Sets the SMTP header length. • -ml <mimelen> – Sets the MIME header length. • -md <mimedepth> – Sets the depth of MIME boundary header. • -hl <httphline> – Sets the field in the HTTP header. • -hz <httphsize> – Sets the HTTP header size. • -hlz <httplinesize> – Sets the HTTP header line size. • -huz <httpurisize> – Sets the HTTP URI size. Sets the signature categories for IPS. Select <category-list> from TELNET, POP3, IMAP, NNTP, FTP, SNMP, TCPDNS, UDPDNS, TCPRPC, UDPRPC, HTTP, SMTP, TCPGEN, UDPGEN, ICMP, TCP, UDP, IP. If more than one signature category is specified, separate each category with a space. Each of the signature category must be specified in Upper Case only. Sets the direction to inspect packets. • default – Sets direction as default. This is defined in the signature. • bi-directional – Sets direction as bi-directional. Packets are inspected when received or sent.

Example admin(network.fw.ips)>set mode enable admin(network.fw.ips)>set anomaly-config -sl 100 admin(network.fw.ips)>set direction default admin(network.fw.ips)>set signature-categories TELNET POP3 TCP UDP admin(network.fw.ips)>show all IPS mode : enable SMTP Header length : 1024 MIME header length : 1024 Depth of MIME boundary header : 5 Field in HTTP header : 50 HTTP header size : 4096 HTTP header line size : 3072


Network CLI Commands Reference 3-61

HTTP URI size Loaded Signature Categories Packet Direction of signatures admin(network.fw.ips)>

: 3072 : TELNET POP3 TCP UDP IMAP HTTP SMTP : default


3-62 WS2000 Wireless Switch System Reference Guide

3.12.2 Network Firewall IPS show Command show Network Firewall Intrusion Prevention System Commands

Displays the Intrusion Prevention System (IPS) configurations. Syntax show all Parameters

all

Displays the IPS configuration.

Example admin(network.fw.ips)>show all IPS mode SMTP Header length MIME header length Depth of MIME boundary header Field in HTTP header HTTP header size HTTP header line size HTTP URI size Loaded Signature Categories Packet Direction of signatures admin(network.fw.ips)>

: : : : : : : : : :

enable 1024 1024 5 50 4096 3072 3072 TELNET POP3 TCP UDP IMAP HTTP SMTp default

admin(network.fw)>show all Firewall Status

: enable

Subnet Access Override

: disable

Configurable Firewall Filters ftp bounce attack filter syn flood attack filter unaligned ip timestamp filter source routing attack filter winnuke attack filter seq num prediction attack filter mime flood attack filter max mime header length max mime headers nat timeout interval in minutes ip spoofing attack filter reset attack filter ack/seq number out of range check fin timeout

: : : : : : : : : : : : : :

enable enable enable enable enable enable enable 8192 16 10 enable enable enable 20

Always On Firewall Filters land attack filter ping of death attack filter reassembly attack filter

: enable : enable : enable


Network CLI Commands Reference 3-63

NetBIOS alg HTTP alg admin(network.fw)>

: disable : enable


3-64 WS2000 Wireless Switch System Reference Guide

3.13 Network Firewall Policy Commands policy Network Firewall Commands

Displays the firewall policy submenu. Syntax admin(network.fw)> policy admin(network.fw.policy)>

NOTE: The Policy menu can only be accessed when Subnet Access Override mode is enabled. To enable Subnet Access Override use the command admin(network.fw)> set override enable

The items available under this command are shown below. Command

inbound outbound import quit save .. /

Description

Goes to the inbound policy submenu. Goes to the outbound policy submenu. Imports subnet access rules. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-66 page 3-73 page 3-65 page 3-1 page 3-1 page 3-1 page 3-1


Network CLI Commands Reference 3-65

3.13.1 Network Firewall Policy import command import Network Firewall Policy Commands

Imports subnet access rules from current subnet access settings created in the GUI interface (Network-> Firewall -> Subnet Access menu item) or using the CLI submap menu commands. Previously set outbound firewall policies will be deleted. Syntax import Parameters

None Example admin(network.fw.policy)>import WARNING : You will loose all your current advanced access policies. Do you want to continue [n/y]?y admin(network.fw.policy)> admin(network.fw.policy.outb)>list ---------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp Src Ports Dst Ports NAT Action ---------------------------------------------------------------------------1 192.168.0.1- 192.168.1.1all 1:65535 1:65535 none allow 255.255.255.0 255.255.255.0 2 192.168.0.1- 192.168.2.1all 1:65535 1:65535 none allow 255.255.255.0 255.255.255.0 3 192.168.1.1- 192.168.0.1all 1:65535 1:65535 none allow 255.255.255.0 255.255.255.0 4 192.168.1.1- 192.168.2.1all 1:65535 1:65535 none allow 255.255.255.0 255.255.255.0 5 192.168.2.1- 192.168.0.1all 1:65535 1:65535 none allow 255.255.255.0 255.255.255.0 6 192.168.2.1- 192.168.1.1all 1:65535 1:65535 none allow 255.255.255.0 255.255.255.0 7 192.168.0.0- 192.168.32.2all 1:65535 1:65535 none allow 255.255.255.0 255.255.255.0 8 192.168.0.0- 0.0.0.0all 1:65535 1:65535 wan1 allow 255.255.255.0 0.0.0.0 9 192.168.1.0- 0.0.0.0all 1:65535 1:65535 none allow 255.255.255.0 0.0.0.0 10 192.168.2.0- 0.0.0.0all 1:65535 1:65535 none allow 255.255.255.0 0.0.0.0 Related Commands

submap > list outb > list

Lists the currently defined subnet to subnet/WAN communication rules into the outbound firewall policy list. Lists the current outbound firewall policies.


3-66 WS2000 Wireless Switch System Reference Guide

3.14 Network Firewall Policy Inbound Commands inbound Network Firewall Policy Commands

Displays the inbound policy submenu. Syntax admin(network.fw.policy)> inb admin(network.fw.policy.inb)>

The items available under this command are shown below. Command

add set delete list move insert quit save .. /

Description

Adds a firewall policy. Sets firewall policy parameters. Deletes a firewall policy. Lists firewall policies. Moves a firewall policy to a different position in the list. Inserts a new firewall policy before an existing policy. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-67 page 3-72 page 3-68 page 3-70 page 3-71 page 3-69 page 3-1 page 3-1 page 3-1 page 3-1


Network CLI Commands Reference 3-67

3.14.1 Network Firewall Policy Inbound add Command add Network Firewall Policy Inbound Commands

Adds an inbound firewall policy. Syntax add <sip> <netmask> <dip> <dnetmask> Parameters <sip> <netmask> <dip> <dnetmask>

Adds a firewall policy to be effective on communications between a source site and a destination site. • <sip> – The source IP • <snetmask> – The source IP’s network mask • <dip> – The destination site IP • <dnetmask> – The destination IP’s network mask

Example admin(network.fw.policy.inb)>add 192.168.24.0 255.255.255.0 209.239.170.45 255.2 55.255.224 Inbound Policy Successfully added at index 1 admin(network.fw.policy.inb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 192.168.24.0209.239.170.45- all 1: 1: 0.0.0.0 deny 255.255.255.0 255.255.255.224 65535 65535 nat port 0 Related Commands

delete move

Deletes firewall policies from the inbound list. Moves firewall policies either up or down in the list of policies.


3-68 WS2000 Wireless Switch System Reference Guide

3.14.2 Network Firewall Policy Inbound delete Command delete Network Firewall Policy Inbound Commands

Deletes a firewall policy. Syntax delete [all|<idx>] Parameters

<idx> all

Deletes inbound firewall policy <idx> from the policy list. Deletes all inbound firewall policies.

Example admin(network.fw.policy.inb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.179.52- 168.192.56.4- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 2 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow 255.255.255.224 255.255.255.0 201 nat port 0 admin(network.fw.policy.inb)>del 1 admin(network.fw.policy.inb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow 255.255.255.224 255.255.255.0 201 nat port 0


Network CLI Commands Reference 3-69

3.14.3 Network Firewall Policy Inbound insert Command insert Network Firewall Policy Inbound Commands

Inserts a new firewall policy before an existing policy. Syntax insert <idx> <sip> <snetmask> <dip> <dnetmask> Parameters <idx> <sip> <snetmask> <dip> <dnetmask>

Inserts a new policy into the inbound firewall policy list at a specified index. • <idx> – The index in the firewall policy list where this policy is to be inserted. • <sip> – The source IP • <snetmask> – The source IP’s network mask • <dip> – The destination site IP • <dnetmask> – The destination IP’s network mask

Example admin(network.fw.policy.inb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.170.88- 192.168.42.2- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 admin(network.fw.policy.inb)>insert 1 209.239.160.44 255.255.255.224 192.168.55. 44 255.255.255.0 Inbound Policy Successfully inserted at index 1 admin(network.fw.policy.inb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.160.44- 192.168.55.44- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 2 209.239.170.88- 192.168.42.2- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0


3-70 WS2000 Wireless Switch System Reference Guide

3.14.4 Network Firewall Policy Inbound list Command list Network Firewall Policy Inbound Commands

Lists inbound firewall policies. Syntax list {<idx>} Parameters

<idx>

Displays firewall policy with number <idx>.

Example: admin(network.fw.policy.inb)>add 192.168.24.0 255.255.255.0 209.239.170.45 255.255.255.224 Inbound Policy Successfully added at index 1 admin(network.fw.policy.inb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 192.168.24.0209.239.170.45- all 1: 1: 0.0.0.0 deny 255.255.255.0 255.255.255.224 65535 65535 nat port 0


Network CLI Commands Reference 3-71

3.14.5 Network Firewall Policy Inbound move Command move Network Firewall Policy Inbound Commands

Moves a firewall policy to a different position in the list and renumbers all affected items in the list. Syntax move [up|down] <idx> Parameters

[up|down] <idx>

Moves policy with index <idx> up or down one (to a lower or a higher number) in the policy list.

Example admin(network.fw.policy.inb)>list ---------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow 255.255.255.224 255.255.255.0 201 nat port 0 2

209.239.179.52- 168.192.56.4- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 admin(network.fw.policy.inb)>move up 2 admin(network.fw.policy.inb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.179.52- 168.192.56.4- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 2

209.239.160.202- 168.192.36.4- gre 20:21 255.255.255.224 255.255.255.0

200: 201

0.0.0.0 allow nat port 0


3-72 WS2000 Wireless Switch System Reference Guide

3.14.6 Network Firewall Policy Inbound set Command set Network Firewall Policy Inbound Commands

Sets inbound firewall policy parameters. Syntax set [saddr|daddr|tp|sport}dport|rnat|rport|action|logging] Parameters

saddr <idx> <Ip Addr> <netmask> daddr <idx> <Ip Addr> <netmask> tp <idx> <tp>

Sets source IP address <Ip Addr> and IP netmask <netmask> for inbound firewall policy <idx>. Sets destination IP address <Ip Addr> and IP netmask <netmask> for inbound firewall policy <idx>. Sets transport protocol for inbound firewall policy <idx> to <tp> (one of all, tcp, udp, icmp, ah, esp, gre). sport <idx> <port1> Sets source port range for inbound firewall policy <idx> from <port1> [<port2>] (1–65535) to <port2> (1–65535). If <port2> is not specified, <port1> is used as the top end of the range. dport <idx> <port1> Sets destination port range for inbound firewall policy <idx> from <port1> (1– [<port2>] 65535) to <port2> (1–65535). If <port2> is not specified, <port1> is used as the top end of the range. rnat <idx> <Ip Addr> Sets reverse NAT IP address for inbound firewall policy <idx> to <Ip Addr> (a.b.c.d). rport <idx> <rport> Sets reverse NAT port for inbound firewall policy <idx> to <rport> (0–65535). action <idx> [allow|deny] Sets action of inbound firewall policy <idx> to allow or deny. Example admin(network.fw.policy.inb)>set tp 1 gre admin(network.fw.policy.inb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.160.202- 168.192.36.4- gre 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 admin(network.fw.policy.inb)>set sport 1 20 21 admin(network.fw.policy.inb)>set dport 1 200 201 admin(network.fw.policy.inb)>set action 1 allow admin(network.fw.policy.inb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow 255.255.255.224 255.255.255.0 201 nat port 0


Network CLI Commands Reference 3-73

3.15 Network Firewall Policy Outbound Commands outbound Network Firewall Policy Commands

Displays the outbound policy submenu. Syntax admin(network.fw.policy)> outbound admin(network.fw.policy.outbound)>

The items available under this command are shown below. Command

add set delete list move insert quit save .. /

Description

Adds a firewall policy. Sets firewall policy parameters. Deletes a firewall policy. Lists firewall policies. Moves a firewall policy to a different position in the list. Inserts a new firewall policy before an existing policy. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-74 page 3-79 page 3-75 page 3-77 page 3-78 page 3-76 page 3-1 page 3-1 page 3-1 page 3-1


3-74 WS2000 Wireless Switch System Reference Guide

3.15.1 Network Firewall Policy Outbound add Command add Network Firewall Policy Outbound Commands

Adds an outbound firewall policy. Syntax add <sip> <netmask> <dip> <netmask> Parameters <sip> <netmask> <dip> <dnetmask>

Adds a firewall policy to be effective on communications between a source site and a destination site. • <sip> – The source IP • <snetmask> – The source IP’s network mask • <dip> – The destination site IP • <dnetmask> – The destination IP’s network mask

Example admin(network.fw.policy.outb)>add 192.168.24.0 255.255.255.0 209.239.170.45 255.255.255.224 Outbound Policy Successfully added at index 1 admin(network.fw.policy.outb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 192.168.24.0209.239.170.45- all 1: 1: 0.0.0.0 deny 255.255.255.0 255.255.255.224 65535 65535 nat port 0 Related Commands

delete move

Deletes firewall policies from the outbound list. Moves policies either up or down in the list of policies.


Network CLI Commands Reference 3-75

3.15.2 Network Firewall Policy Outbound delete Command delete Network Firewall Policy Outbound Commands

Deletes an outbound firewall policy. Syntax delete [all|<idx>] Parameters

<idx> all

Deletes inbound firewall policy <idx> from the policy list. Deletes all outbound firewall policies.

Example admin(network.fw.policy.outb)>list ---------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ---------------------------------------------------------------------------1 209.239.179.52- 168.192.56.4- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 2 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow 255.255.255.224 255.255.255.0 201 nat port 0 admin(network.fw.policy.outb)>del 1 admin(network.fw.policy.outb)>list ---------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ---------------------------------------------------------------------------1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow 255.255.255.224 255.255.255.0 201 nat port 0


3-76 WS2000 Wireless Switch System Reference Guide

3.15.3 Network Firewall Policy Outbound insert Command insert Network Firewall Policy Outbound Commands

Inserts a new outbound firewall policy before an existing policy. Syntax insert <idx> <sip> <netmask> <dip> <netmask> Parameters <idx> <sip> <snetmask> <dip> <dnetmask>

Inserts a new policy into the outbound firewall policy list at a specified index. • <idx> – The index in the firewall policy list where this policy is to be inserted. • <sip> – The source IP • <snetmask> – The source IP’s network mask • <dip> – The destination site IP • <dnetmask> – The destination IP’s network mask

Example admin(network.fw.policy.outb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.170.88- 192.168.42.2- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 admin(network.fw.policy.outb)>insert 1 209.239.160.44 255.255.255.224 192.168.55. 44 255.255.255.0 Outbound Policy Successfully inserted at index 1 admin(network.fw.policy.outb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.160.44- 192.168.55.44- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 2 209.239.170.88- 192.168.42.2- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0


Network CLI Commands Reference 3-77

3.15.4 Network Firewall Policy Outbound list Command list Network Firewall Policy Outbound Commands

Lists outbound firewall policies. Syntax list {<idx>} Parameters

<idx>

Displays firewall outbound policy with number <idx>.

Example admin(network.fw.policy.outb)>add 192.168.24.0 255.255.255.0 209.239.170.45 255.2 55.255.224 Inbound Policy Successfully added at index 1 admin(network.fw.policy.outb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 192.168.24.0209.239.170.45- all 1: 1: 0.0.0.0 deny 255.255.255.0 255.255.255.224 65535 65535 nat port 0


3-78 WS2000 Wireless Switch System Reference Guide

3.15.5 Network Firewall Policy Outbound move Command move Network Firewall Policy Outbound Commands

Moves an outbound firewall policy up or down in the policy list and renumbers the policy affected by the move. Syntax move [up|down] <idx> Parameters

[up|down] <idx>

Moves policy with index <idx> up or down one (to a lower or a higher number) in the policy list.

Example admin(network.fw.policy.outb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow 255.255.255.224 255.255.255.0 201 nat port 0 2

209.239.179.52- 168.192.56.4- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 admin(network.fw.policy.outb)>move up 2 admin(network.fw.policy.outb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ---------------------------------------------------------------------------1 209.239.179.52- 168.192.56.4- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 2

209.239.160.202- 168.192.36.4- gre 20:21 255.255.255.224 255.255.255.0

200: 201

0.0.0.0 allow nat port 0


Network CLI Commands Reference 3-79

3.15.6 Network Firewall Policy Outbound set Command set Network Firewall Policy Outbound Commands

Sets firewall policy parameters. Syntax set [saddr|daddr|tp|sport|dport|nat|action|logging] Parameters

saddr <idx> <Ip Addr> <netmask> daddr <idx> <Ip Addr> <netmask> tp <idx> <tp>

Sets source IP address <Ip Addr> and IP netmask <netmask> for outbound firewall policy <idx>. Sets destination IP address <Ip Addr> and IP netmask <netmask> for outbound firewall policy <idx>. Sets transport protocol for outbound firewall policy <idx> to <tp> (one of all, tcp, udp, icmp, ah, esp, gre). sport <idx> <port1> Sets source port range for outbound firewall policy <idx> from <port1> [<port2>] (1–65535) to <port2> (1–65535). If <port2> is not specified, <port1> is used as the top end of the range. dport <idx> <port1> Sets destination port range for outbound firewall policy <idx> from <port1> [<port2>] (1–65535) to <port2> (1–65535). If <port2> is not specified, <port1> is used as the top end of the range. nat <idx> <wan id> Sets NAT WAN ID for outbound firewall policy <idx> to <wan id> (0-8) where 0 = none, 1 = WAN 1, 2 = WAN 2, etc. action <idx> [allow|deny] Sets action of outbound firewall policy <idx> to allow or deny. logging <idx> Sets logging of outbound firewall policy <idx> to enable or disable. [enable|disable]

Example admin(network.fw.policy.outb)>set tp 1 gre admin(network.fw.policy.outb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.160.202- 168.192.36.4- gre 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 admin(network.fw.policy.outb)>set sport 1 20 21 admin(network.fw.policy.outb)>set dport 1 200 201 admin(network.fw.policy.outb)>set action 1 allow admin(network.fw.policy.outb)>list ------------------------------------------------------------------------Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow 255.255.255.224 255.255.255.0 201 nat port 0


3-80 WS2000 Wireless Switch System Reference Guide

3.16 Network Firewall Submap Commands submap Network Firewall Commands

Displays the subnet mapping submenu. Syntax admin(network.fw)> submap admin(network.fw.submap)>

NOTE: The submap menu can only be accessed when Subnet Access Override mode is disabled. To disable Subnet Access Override use the command admin(network.fw)> set override disable

The items available under this command are shown below. Command

add delete list set show quit save .. /

Description

Adds subnet access exception rules. Deletes subnet access exception rules. Lists subnet access exception rules. Sets subnet access parameters. Shows subnet access parameters. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-81 page 3-83 page 3-84 page 3-85 page 3-86 page 3-1 page 3-1 page 3-1 page 3-1


Network CLI Commands Reference 3-81

3.16.1 Network Firewall Submap add Command add Network Firewall Submap Commands

Adds subnet access exception rules. Syntax add <from> <to> <name> <tran> <port1> <port2> Parameters

add <from> <to> <name> <tran> <port1> <port2>

Adds a subnet access exception rule for communication. • <from> – The source subnet (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6) • <to> – The destination subnet (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6, w=WAN) • <name> – The name of this exception rule. (1-7 characters) • <trans> – The transport protocol to deny access. (one of the following transport protocols: tcp, udp, icmp, ah, esp, gre, or all) • <port1> <port2> – Ports in the range <port1> to <port2>

Example admin(network.fw.submap)>add s1 w test gre 21 101 admin(network.fw.submap)>list s1 ------------------------------------------------------------------------index from to name prot start port end port ------------------------------------------------------------------------1 subnet1 wan test gre 21 101 admin(network.fw.submap)>add s1 s2 test2 ah 20 80 admin(network.fw.submap)>add s2 s3 test3 all 20 300 admin(network.fw.submap)>list s1 ------------------------------------------------------------------------index from to name prot start port end port ------------------------------------------------------------------------1 subnet1 wan test gre 21 101 2 subnet1 subnet2 test2 ah 20 80


3-82 WS2000 Wireless Switch System Reference Guide

admin(network.fw.submap)>list s2 ------------------------------------------------------------------------index from to name prot start port end port ------------------------------------------------------------------------1 subnet2 subnet3 test3 all 20 300 admin(network.fw.submap)>delete s2 all admin(network.fw.submap)>list s2 ------------------------------------------------------------------------index from to name prot start port end port -------------------------------------------------------------------------


Network CLI Commands Reference 3-83

3.16.2 Network Firewall Submap delete Command delete Network Firewall Submap Commands

Deletes subnet access exception rules. Syntax delete <from> [<idx>|all] Parameters

<from> [<idx>|all]

• <idx> – Deletes access exception rule entry <idx> from subnet <from> (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6). • all – Deletes all access exception rule entries from subnet <from> (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6).

Example admin(network.fw.submap)>list s1 ------------------------------------------------------------------------index from to name prot start port end port ------------------------------------------------------------------------1 subnet1 wan test gre 21 101 2 subnet1 subnet2 test2 ah 20 80 admin(network.fw.submap)>delete s1 2 admin(network.fw.submap)>list s1 ------------------------------------------------------------------------index from to name prot start port end port ------------------------------------------------------------------------1 subnet1 wan test gre 21 101 admin(network.fw.submap)>list s2 ------------------------------------------------------------------------index from to name prot start port end port ------------------------------------------------------------------------1 subnet2 subnet3 test3 all 20 300 admin(network.fw.submap)>delete s2 all admin(network.fw.submap)>list s2 ------------------------------------------------------------------------index from to name prot start port end port -------------------------------------------------------------------------


3-84 WS2000 Wireless Switch System Reference Guide

3.16.3 Network Firewall Submap list Command list Network Firewall Submap Commands

Lists subnet access exception rules. Syntax list <from> Parameters

<from>

Lists the access exception entries for <from> (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6).

Example admin(network.fw.submap)>list s1 ------------------------------------------------------------------------index from to name prot start port end port ------------------------------------------------------------------------1 subnet1 wan test gre 21 101 admin(network.fw.submap)>add s1 s2 test2 ah 20 80 admin(network.fw.submap)>add s2 s3 test3 all 20 300 admin(network.fw.submap)>list s1 ------------------------------------------------------------------------index from to name prot start port end port ------------------------------------------------------------------------1 subnet1 wan test gre 21 101 2 subnet1 subnet2 test2 ah 20 80 admin(network.fw.submap)>list s2 ------------------------------------------------------------------------index from to name prot start port end port ------------------------------------------------------------------------1 subnet2 subnet3 test3 all 20 300 admin(network.fw.submap)>delete s2 all admin(network.fw.submap)>list s2 ------------------------------------------------------------------------index from to name prot start port end port


Network CLI Commands Reference 3-85

3.16.4 Network Firewall Submap set Command set Network Firewall Submap Commands

Sets a default subnet access rule to allow or deny communication. Syntax set [default|subnet-logging|logging] Parameters

default <from> <to> <rule>

Sets the default subnet access rule. • <from> – The source subnet. (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6). • <to> – The destination subnet. (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6, w = WAN). • <rule> – The rule to be enforced. Select from allow or deny. subnet-logging Enables or disables logging for a subnet access rule. <from> <to> • <from> – The source subnet. (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, [enable|disable] s4 = subnet4, s5 = subnet5, s6 = subnet6). • <to> – The destination subnet. (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6, w = WAN). • enable – Enables he logging • disable – Disables logging logging <from> Enables, disables, or sets to default the logging for a subnet access exception rule. <to> <rule-name> • <from> – The source subnet. (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, [enable|disable|d s4 = subnet4, s5 = subnet5, s6 = subnet6). efault] • <to> – The destination subnet. (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6, w = WAN). • enable – Enables he logging • disable – Disables logging • default – Adopts subnet access configuration. Example admin(network.fw.submap)>set default s2 w deny admin(network.fw.submap)>set default s2 s4 deny admin(network.fw.submap)>set subnet-logging s2 s3 enable admin(network.fw.submap)>set logging s1 s2 s1s2allow default admin(network.fw.submap)>show default s2 ------------------------------------------------------------------------wan subnet1 subnet2 subnet3 subnet4 subnet5 subnet6 ------------------------------------------------------------------------deny allow allow allow deny allow allow (log enabled) admin(network.fw.submap)>


3-86 WS2000 Wireless Switch System Reference Guide

3.16.5 Network Firewall Submap show Command show Network Firewall Submap Commands

Displays default subnet access exception rules for indicated subnet. Syntax show default <from> Parameters

default <from>

Shows all default access exception rules for subnet <from> (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6) to all other subnets.

Example admin(network.fw.submap)>set default s2 w deny admin(network.fw.submap)>set default s2 s4 deny admin(network.fw.submap)>set subnet-logging s2 s3 enable admin(network.fw.submap)>set logging s1 s2 s1s2allow default admin(network.fw.submap)>show default s2 ------------------------------------------------------------------------wan subnet1 subnet2 subnet3 subnet4 subnet5 subnet6 ------------------------------------------------------------------------deny allow allow allow deny allow allow (log enabled) admin(network.fw.submap)>


Network CLI Commands Reference 3-87

3.17 Network LAN Commands lan network

Displays the LAN submenu. Syntax admin(network)>lan admin(network.lan)>

The items available under this command are shown below. Command

dhcp set show updateDNS updateAllDNS bridge quit save .. /

Description

Goes to the DHCP submenu. Sets LAN parameters. Shows LAN parameters. Updates DNS for a subnet Updates DNS for all subnets Goes to the bridge submenu Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-93 page 3-88 page 3-90 page 3-91 page 3-92 page 3-101 page 3-1 page 3-1 page 3-1 page 3-1


3-88 WS2000 Wireless Switch System Reference Guide

3.17.1 Network LAN set Command set Network LAN Commands

Sets the LAN parameters for the six subnets. Syntax set [ipadr|mask|dgw|mode|name|port|wlan|stp] set set set set set set set set

ipadr <idx> <ip> mask <idx> <netmask> dgw <idx> <ip> mode [enable|disable] name <idx> <name> port <port> <subnet> wlan <wlan> <subnet> stp <mode>

Parameters

ipadr <idx> <ip> mask <idx> <netmask> dgw <idx> <ip> mode <idx> [enable|disable] name <idx> <name> port <port> <subnet> wlan <wlan> <subnet> stp <mode>

Sets the IP address of subnet <idx> (1–6) to the IP address <ip> in the form a.b.c.d. Sets the netmask of subnet <idx> (1–6) to IP address mask <netmask> in the form a.b.c.d. Sets the default gateway for the subnet <idx> (1-6) to the IP <ip>. Enables or disables the subnet identified by <idx> (1–6). Sets the name of the subnet <idx>(1–6) to <name> (can be up to 7 characters). Assigns port <port>(1–6) to the subnet indicated by <subnet> (none, s1, s2, s3, s4, s5, s6). Unassigns a port with <subnet> = none. Assigns WLAN number <wlan> to the subnet indicated by (none, s1, s2, s3, s4, s5, s6). Unassigns a WLAN with <subnet> = none. Enables or disables Spanning Tree Protocol (STP) for the subnets. Choose <mode> from enable or disable.

NOTE: STP is applied on mesh networks even if it is disabled through the set command. Example admin(network.lan)>show lan 1 subnet name subnet interface ip address network mask ports wlans

: : : : : :

Subnet1 enable 192.168.0.1 255.255.255.0 port1 port2 port3 port4 port5 port6 wlan1


Network CLI Commands Reference 3-89

admin(network.lan)>set name admin(network.lan)>set port admin(network.lan)>set wlan admin(network.lan)>show lan

1 NewName 4 none 2 s1 1

subnet name subnet interface ip address network mask default gateway ports wlan vlan tag

: : : : : : : :

OfficeN enable 192.168.0.1 255.255.255.0 192.168.0.1 port1 port2 port3 port4 port5 wlan1 wlan3 1

admin(network.lan)> set stp enable admin(network.lan)> show stp STP Mode

: Enable

Related Commands

show lan

Shows the current settings for the specified subnet (LAN).


3-90 WS2000 Wireless Switch System Reference Guide

3.17.2 Network LAN show Command show Network LAN Commands

Shows the LAN parameters. Syntax show [lan|stp] Parameters

lan <idx> stp

Shows the settings for the subnet <idx> (1â&#x20AC;&#x201C;4). Shows the STP status for the device

Example admin(network.lan)>show lan 1 subnet name subnet interface ip address network mask ports wlans admin(network.lan)>set name admin(network.lan)>set port admin(network.lan)>set wlan admin(network.lan)>show lan

: : : : : :

Subnet1 enable 192.168.0.1 255.255.255.0 port1 port2 port3 port4 port5 port6 wlan1

1 NewName 4 none 2 s1 1

subnet name subnet interface ip address network mask ports wlans

: : : : : :

NewName enable 192.168.0.1 255.255.255.0 port1 port2 port3 port5 port6 wlan1 wlan2

admin(network.lan)> set stp enable admin(network.lan)> show stp STP Mode

: Enable

Related Commands

set set stp

Sets the parameters for a specified subnet (LAN). Enables or disables Spanning Tree Protocol for the device.


Network CLI Commands Reference 3-91

3.17.3 Network LAN updateDNS Command updateDNS Network LAN Commands

Updates the DNS for the selected subnet. Syntax updateDNS <idx> Parameters

<idx>

The subnet ID (1-6)

Example admin(network.lan)>updateDNS 1 admin(network.lan)> Related Commands

updateAllDNS Updates the DNS for all subnets.


3-92 WS2000 Wireless Switch System Reference Guide

3.17.4 Network LAN updateAllDNS Command updateAllDNS Network LAN Commands

Updates the DNS for all the active subnets. Syntax updateAllDNS Parameters

None Example admin(network.lan)> updateAllDNS admin(network.lan)> Related Commands

updateDNS

Updates the DNS for a selected subnet.


Network CLI Commands Reference 3-93

3.18 Network LAN DHCP Commands dhcp Network LAN Commands

Displays the DHCP submenu. Syntax admin(network.lan)> dhcp admin(network.lan.dhcp)>

The items available under this command are shown below. Command

add delete list set show renew quit save .. /

Description

Adds static DHCP address assignments. Deletes static DHCP address assignments. Lists static DHCP address assignments. Sets DHCP parameters. Shows DHCP parameters. Renews the DHCP IP address. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-94 page 3-95 page 3-96 page 3-97 page 3-99 page 3-100 page 3-1 page 3-1 page 3-1 page 3-1


3-94 WS2000 Wireless Switch System Reference Guide

3.18.1 Network LAN DHCP add Command add Network LAN DHCP Commands

Adds static DHCP address assignments. Syntax add <idx> <mac> <ip> Parameters <idx> <mac> <ip>

Adds a static DHCP address assignment for subnet <idx> (1-6) where the device with the MAC address <mac> (aabbccddeeff format) is assigned the IP address <ip> (a.b.c.d format).

Example admin(network.lan.dhcp)>add 1 00A0F8F01234 192.160.24.6 admin(network.lan.dhcp)>add 1 00A1F1F24321 192.169.24.7 admin(network.lan.dhcp)>list 1 ------------------------------------------------------------------------index mac address ip address ------------------------------------------------------------------------1 00A0F8F01234 192.160.24.6 2 00A1F1F24321 192.169.24.7 admin(network.lan.dhcp)>


Network CLI Commands Reference 3-95

3.18.2 Network LAN DHCP delete Command delete Network LAN DHCP Commands

Deletes static DHCP address assignments. Syntax delete <idx> [<entry>|all] Parameters

<idx> [<entry>|all]

Deletes static DHCP assignment entries. • <idx> – The subnet index (1-6) • <entry> – The DHCP entry (1-30) • all – All entries.

Example admin(network.lan.dhcp)>list 1 ------------------------------------------------------------------------index mac address ip address ------------------------------------------------------------------------admin(network.lan.dhcp)>add 1 0011223344FF 191.168.0.42 admin(network.lan.dhcp)>add 1 4433221100AA 191.168.0.43 admin(network.lan.dhcp)>list 1 ------------------------------------------------------------------------index mac address ip address ------------------------------------------------------------------------1 0011223344FF 191.168.0.42 2 4433221100AA 191.168.0.43 admin(network.lan.dhcp)>delete 1 1 admin(network.lan.dhcp)>list 1 ------------------------------------------------------------------------index mac address ip address ------------------------------------------------------------------------1 4433221100AA 191.168.0.43 ------------------------------------------------------------------------index mac address ip address ------------------------------------------------------------------------1 0011223344FF 191.168.0.42 2 4433221100AA 191.168.0.43


3-96 WS2000 Wireless Switch System Reference Guide

3.18.3 Network LAN DHCP list Command list Network LAN DHCP Commands

Lists static DHCP address assignments. Syntax list <idx> Parameters

<idx>

Lists the static DHCP address assignments for subnet <idx> (1â&#x20AC;&#x201C;6).

Example admin(network.lan.dhcp)>add 1 00A0F8F01234 192.168.63.5 admin(network.lan.dhcp)>list 1 ------------------------------------------------------------------------index mac address ip address ------------------------------------------------------------------------1 00A0F8F01234 192.168.63.5 admin(network.lan.dhcp)> admin(network.lan.dhcp)>add 1 12332244AABB 192.168.64.3 admin(network.lan.dhcp)>list 1 ------------------------------------------------------------------------index mac address ip address ------------------------------------------------------------------------1 00A0F8F01234 192.168.63.5 2 12332244AABB 192.168.64.3


Network CLI Commands Reference 3-97

3.18.4 Network LAN DHCP set Command set Network LAN DHCP Commands

Sets DHCP parameters for the subnets. Syntax set [dgw|dns|wins|lease|domain|mode|range| relayserverip|ddnsmode|fwdzone|ddnsusrcls| tftp-server|bootfile|option-189|option-43] Parameters

dgw <idx> <a.b.c.d>

Sets the default gateway for subnet <idx> (1–6) to the IP address <a.b.c.d>. dns <a> <b> <c> Sets the primary/secondary DNS servers for the selected subnet. • <a> – The subnet (1-6) • <b> – The DNS server type (1=primary, 2=secondary) • <c> – The IP address of the server type selected in <b> in the a.b.c.d form. wins <idx> <a.b.c.d> Sets the WINS server for subnet <idx> (1–6) to the IP address <a.b.c.d>. lease <idx> <lease> Sets the DHCP lease time for subnet <idx> (1–6) to <lease> seconds (1–999999). domain <idx> <dn> Sets the domain name for subnet <idx> (1–6) to the domain name <dn> (1 to 63 characters). mode <idx> <mode> Sets the DHCP mode for subnet <idx> (1–4) to <mode>. <mode> can be one of (none, client, server, relay) where: • none – disables DHCP node • client – enables the subnet to be a DHCP client • server – enables the subnet to be a DHCP server • relay – enables the subnet to be a DHCP relay range <a> <b> <c> Sets the DHCP assignment range for subnet <a> (1–6) from IP address <b> to another IP address <c>. relayserverip <idx> <a.b.c.d> Sets the DHCP relay server IP for subnet <idx> (1-6) to the IP <a.b.c.d>. ddnsmode <idx> <mode> Enables or disables DDNS for the subnet <idx> (1-6). <mode> can be one of enable or disable. fwdzone <idx> <fwdzone> Sets the DHCP forward zone for the subnet <idx> (1-6) to the zone specified by <fwdzone> (1 to 63 characters) ddnsusrcls <idx> <usrcls> Sets the DDNS user class <usrcls> to single or multiple for the subnet <idx> (1-6). tftp-server <idx> Sets the tftp-server IP for the subnet <idx> (1-6) to the IP <tftp-server> <tftp-server> bootfile <idx> <bootfile> Sets the bootfile name for the subnet <idx> (1-6) to the boot file name <boot-file> (max 31 characters)


3-98 WS2000 Wireless Switch System Reference Guide

option-189 <idx> <ip list>

option-43 <idx> <ip list>

Sets the IP addresses and ports numbers for WIAP enabled switches for the subnet <idx> (1-6). <ip-list> (max 63 characters) must be in the format a.b.c.d:xx and multiple addresses must be separated by comma. Sets the IP address for WIAP enabled switches for the subnet <idx> (1-6). <ip-list> (max 63 characters) must be in the format a.b.c.d and multiple addresses must be separated by a comma.

Example admin(network.lan.dhcp)>set dns 1 1 209.160.0.18 admin(network.lan.dhcp)>set dns 1 2 209.160.0.218 admin(network.lan.dhcp)>show dhcp 1 dhcp mode : server default gateway : 192.168.0.1 primary dns server : 209.160.0.18 secondary dns server : 209.160.0.218 wins server : 192.168.0.254 starting ip address : 192.168.0.11 ending ip address : 192.168.0.254 lease time : 10000 domain name : admin(network.lan.dhcp)>set domain 1 BigFishCo admin(network.lan.dhcp)>show dhcp 1 dhcp mode : server default gateway : 192.168.0.1 primary dns server : 209.160.0.18 secondary dns server : 209.160.0.218 wins server : 192.168.0.254 starting ip address : 192.168.0.11 ending ip address : 192.168.0.254 lease time : 10000 domain name : BigFishCo admin(network.lan.dhcp)>


Network CLI Commands Reference 3-99

3.18.5 Network LAN DHCP show Command show Network LAN DHCP Commands

Shows DHCP parameter settings for specified subnets. Syntax show dhcp <idx> Parameters

show dhcp <idx>

Displays the DHCP parameter settings for subnet <idx> (1â&#x20AC;&#x201C;6). These parameters are set with the set command.

Example admin(network.lan.dhcp)>set dns 1 2 192.168.0.242 admin(network.lan.dhcp)>set dns 1 2 192.168.0.1 admin(network.lan.dhcp)>show dhcp 1 dhcp mode : server ddns mode : disable user class : default gateway : 192.168.0.50 primary dns server : 192.168.10.1 secondary dns server : 192.168.0.1 wins server : 192.168.0.254 starting ip address : 192.168.0.100 ending ip address : 192.168.0.254 relay server ip address : 0.0.0.0 lease time : 86400 domain name : forward zone : tftp-server : 0.0.0.0 bootfile : option-189 : option-43 : admin(network.lan.dhcp)>set domain 1 BigFishCo admin(network.lan.dhcp)>show dhcp 1 admin(network.lan.dhcp)>show dhcp 1 dhcp mode : server ddns mode : disable user class : default gateway : 192.168.0.50 primary dns server : 192.168.10.1 secondary dns server : 192.168.0.1 wins server : 192.168.0.254 starting ip address : 192.168.0.100 ending ip address : 192.168.0.254 relay server ip address : 0.0.0.0 lease time : 86400 domain name : BigFishCo forward zone : tftp-server : 0.0.0.0 bootfile : option-189 : option-43 :


3-100 WS2000 Wireless Switch System Reference Guide

3.18.6 Network LAN DHCP renew Command renew Network LAN DHCP Commands

Renews the IP address assigned by DHCP. Syntax renew Parameters

None Example admin(network.lan.dhcp)> renew


Network CLI Commands Reference 3-101

3.19 Network LAN Bridge commands bridge Network LAN Commands

Displays the Bridge submenu. Syntax admin(network.lan)> bridge admin(network.lan.bridge)>

The items available under this command are shown below. Command

show set quit save .. /

Description

Shows the bridge configuration parameters Sets bridge configuration parameters Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-102 page 3-104 page 3-1 page 3-1 page 3-1 page 3-1


3-102 WS2000 Wireless Switch System Reference Guide

3.19.1 Network LAN Bridge show Command show Network LAN Bridge commands

Displays the bridge configuration parameters. Syntax show Parameters

None Example admin(network.lan.bridge)> show admin(network.lan.bridge)>show ** LAN1 Bridge Configuration ** Bridge Priority Hello Time (seconds) Message Age Time (seconds) Forward Delay Time (seconds)

: : : :

32768 2 20 15

Entry Ageout Time (seconds)

: 60

Wireless Trunking

: disable

** LAN2 Bridge Configuration ** Bridge Priority Hello Time (seconds) Message Age Time (seconds) Forward Delay Time (seconds)

: : : :

32768 2 20 15

Entry Ageout Time (seconds)

: 60

Wireless Trunking

: disable

** LAN3 Bridge Configuration ** Bridge Priority Hello Time (seconds) Message Age Time (seconds) Forward Delay Time (seconds)

: : : :

32768 2 20 15

Entry Ageout Time (seconds)

: 300

Wireless Trunking

: disable

** LAN4 Bridge Configuration ** Bridge Priority Hello Time (seconds) Message Age Time (seconds) Forward Delay Time (seconds)

: : : :

32768 2 20 15

Entry Ageout Time (seconds)

: 300

Wireless Trunking

: disable


Network CLI Commands Reference 3-103

** LAN5 Bridge Configuration ** Bridge Priority Hello Time (seconds) Message Age Time (seconds) Forward Delay Time (seconds)

: : : :

32768 2 20 15

Entry Ageout Time (seconds)

: 300

Wireless Trunking

: disable

** LAN6 Bridge Configuration ** Bridge Priority Hello Time (seconds) Message Age Time (seconds) Forward Delay Time (seconds)

: : : :

32768 2 20 15

Entry Ageout Time (seconds)

: 300

Wireless Trunking admin(network.lan.bridge)>

: disable


3-104 WS2000 Wireless Switch System Reference Guide

3.19.2 Network LAN Bridge set Command set Network LAN Bridge commands

Sets the bridge configuration parameters. Syntax set [priority|hello|msgage|fwddelay|ageout|wireless-trunking] Parameters

priority <LAN-idx> <priority>

Sets the bridge priority to <priority> (0-65535) for the lan <LANidx> (1-6) hello <LAN-idx> <hello> Sets the bridgeâ&#x20AC;&#x2122;s hello time to <hello> (1-10) seconds for the lan <LAN-idx> (1-6) msgage <LAN-idx> <msgage> Sets the bridge message age time to <msgage> (6-40) seconds for lan <LAN-idx> (1-6) fwddelay <LAN-idx> <fwddelay> Sets the bridge forward delay time to <fwddelay> (4-30) seconds for lan <LAN-idx> (1-6) ageout <LAN-idx> <ageout> Sets the bridge forward table entry ageout to <ageout> (4-3600) seconds for lan <LAN-idx> (1-6). wireless-trunking <LAN-idx> <mode> Sets the wireless trunking mode <mode> (enable/disable) for lan <LAN-idx> (1-6) Example admin(network.lan.bridge)>set priority 1 5 admin(network.lan.bridge)>set wireless-trunking 1 enable admin(network.lan.bridge)>show ** LAN1 Bridge Configuration ** Bridge Priority Hello Time (seconds) Message Age Time (seconds) Forward Delay Time (seconds)

: : : :

5 2 20 15

Entry Ageout Time (seconds)

: 60

Wireless Trunking

: enable

** LAN2 Bridge Configuration ** Bridge Priority Hello Time (seconds) Message Age Time (seconds) Forward Delay Time (seconds)

: : : :

32768 2 20 15

Entry Ageout Time (seconds)

: 60

Wireless Trunking

: disable

[...]


Network CLI Commands Reference 3-105

3.20 Network QoS Commands qos network

Displays the quality of service (QoS) submenu. Syntax admin(network)> qos admin(network.qos)>

The items available under this command are shown below. Command

clear set show quit save .. /

Description

Clears QoS parameters. Sets QoS parameters. Shows QoS parameters. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-106 page 3-107 page 3-108 page 3-1 page 3-1 page 3-1 page 3-1


3-106 WS2000 Wireless Switch System Reference Guide

3.20.1 Network QOS clear Command clear Network QoS Commands

Clears QoS radio statistics. Syntax clear queuing Parameters

None Example admin(network.qos)>clear queue Related Commands

set show

Sets the QoS parameters. Shows the QoS parameters and the QoS queuing statistics.


Network CLI Commands Reference 3-107

3.20.2 Network QOS set Command set Network QoS Commands

Sets QoS parameters. Syntax set bw-share [mode|weight|threshold] Parameters

mode <mode> weight <idx> <weight>

threshold <idx> <speed>

Set bandwidth share mode <mode> (none, static, weighted or rate-limit) Set the weight for WLAN <idx> (1–8) to <weight> (1–10). A weight can only be set if the bandwidth share mode is set to weighted. Sets the bandwidth share threshold for WLAN <idx> (1–6) to speed <speed> <0–54000>

Example admin(network.qos)>set bw-share mode weighted admin(network.qos)>set bw-share weight 1 6 admin(network.qos)>set bw-share threshold 1 12000 admin(network.qos)>show bw-share BW Share Mode:weighted -------------------------------WLAN BW Share Weight -------------------------------1 6 2 1 3 1 4 1 5 1 6 1 7 1 8 1 admin(network.qos)> Related Commands

show clear

Shows the bandwidth settings and the queuing statistics. Clears the queuing statistics.


3-108 WS2000 Wireless Switch System Reference Guide

3.20.3 Network QOS show Command show Network QoS Commands

Shows QoS parameters and queuing statistics. Syntax show [bw-sharing|queuing] Parameters

bw-share queuing

Shows the bandwidth sharing settings. Displays the radio QoS queuing statistics.

Example admin(network.qos)>show bw BW Share Mode:static admin(network.qos)>show qu 1 BW Share Mode:static ------------------------------------------------------------------------Priority In Out Dropped ------------------------------------------------------------------------------------------------------------------------------------------------WLAN: 1 ------------------------------------------------------------------------0 0 0 0 1 0 0 0 2 0 0 0 admin(network.qos)> Related Commands

set clear

Sets the QoS parameters. Clears the QoS queuing statistics.


Network CLI Commands Reference 3-109

3.21 Network Router Commands router network

Displays the router submenu. Syntax admin(network)> router admin(network.router)>

The items available under this command are shown below. Command

add delete list set show quit save .. /

Description

Adds user-defined routes. Deletes user-defined routes. Lists user-defined routes. Sets RIP parameters. Shows routes/RIP parameters. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-110 page 3-111 page 3-112 page 3-113 page 3-114 page 3-1 page 3-1 page 3-1 page 3-1


3-110 WS2000 Wireless Switch System Reference Guide

3.21.1 Network Router add Command add Network Router Commands

Adds user-defined routes. Syntax add <dest> <netmask> <gw> <iface> <metric> Parameters <dest> <netmask> <gw> <iface> <metric>

Adds a route with destination IP address <dest>, IP netmask <netmask>, gateway IP address <gw>, interface subnet or WAN set to <iface> (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6 or w = WAN), and metric set to <metric> (1â&#x20AC;&#x201C; 15).

Example admin(network.router)>add 202.57.42.6 255.255.255.224 202.57.42.1 s2 3 admin(network.router)>list -----------------------------------------------------------------index destination netmask gateway interface metric -----------------------------------------------------------------1 202.57.42.6 255.255.255.224 202.57.42.1 subnet2 3 admin(network.router)>add 234.44.33.212 255.255.255.234 234.44.33.2 s3 5 admin(network.router)>list -----------------------------------------------------------------index destination netmask gateway interface metric -----------------------------------------------------------------1 202.57.42.6 255.255.255.224 202.57.42.1 subnet2 3 2 234.44.33.212 255.255.255.234 234.44.33.2 subnet3 5


Network CLI Commands Reference 3-111

3.21.2 Network Routes delete Command delete Network Router Commands

Deletes user-defined routes. Syntax delete [all|<idx>] Parameters

<idx> all

Deletes the user-defined route <idx> (1â&#x20AC;&#x201C;20) from the list. Deletes all user-defined routes.

Example admin(network.router)>list -----------------------------------------------------------------index destination netmask gateway interface metric -----------------------------------------------------------------1 202.57.42.6 255.255.255.224 202.57.42.1 subnet2 3 2 234.44.33.212 255.255.255.234 234.44.33.2 subnet3 5 admin(network.router)>delete 2 admin(network.router)>list -----------------------------------------------------------------index destination netmask gateway interface metric -----------------------------------------------------------------1 202.57.42.6 255.255.255.224 202.57.42.1 subnet2 3


3-112 WS2000 Wireless Switch System Reference Guide

3.21.3 Network Router list Command list Network Router Commands

Lists user-defined routes. Syntax list Parameters

None Example admin(network.router)>add 234.44.33.212 255.255.255.234 234.44.33.2 s3 5 admin(network.router)>list ------------------------------------------------------------------------index destination netmask gateway interface metric ------------------------------------------------------------------------1 202.57.42.6 255.255.255.224 202.57.42.1 subnet2 3 2 234.44.33.212 255.255.255.234 234.44.33.2 subnet3 5


Network CLI Commands Reference 3-113

3.21.4 Network Router set Command set Network Router Commands

Sets routing information protocol (RIP) parameters. Syntax set [auth|dir|id|key|passwd|type|dgw-if] Parameters

auth <auth> dir <dir> id <idx> <id> key <idx> <key> passwd <passwd> type <type> dgw-if <if>

Sets RIP authentication type to <auth> to one of none, simple, or md5 Sets RIP direction to <dir> to one of rx = receive, tx = transmit, or both). Sets MD5 authentication ID for key <idx> (1–2) to the MD5 key id <id> (1– 256). Sets the MD5 authentication ID for key <idx> (1–2) to MD5 key <key> (up to 16 characters). Sets password for simple authentication to <passwd> (1 to 16 characters). Sets RIP type to <type> to ne of off, ripv1, ripv2, or ripv1v2. Sets the Default Gateway Interface to <if> one of none, wan, s1, s2, s3, s4, s5, s6, and default.

Example admin(network.router)>set auth md5 admin(network.router)>set key 1 12345678 admin(network.router)>set key 2 87654321 admin(network.router)>show rip rip rip rip rip rip rip rip rip

type direction authentication type simple auth password md5 id 1 md5 key 1 md5 id 2 md5 key 2

: : : : : : : :

off both md5 ******** 1 ******** 1 ********S

admin(network.router)>set type ripv1 Warning: Having RIP enabled compromises your Subnet to Subnet firewall. admin(network.router)>show rip rip rip rip rip rip rip rip rip

type direction authentication type simple auth password md5 id 1 md5 key 1 md5 id 2 md5 key 2

: : : : : : : :

ripv1 both md5 ******** 1 ******** 1 ********


3-114 WS2000 Wireless Switch System Reference Guide

3.21.5 Network Router show Command show Network Router Commands

Shows connected routes and routing information protocol (RIP) parameters. Syntax show [rip|routes] Parameters

rip routes

Shows RIP parameters. Shows connected routes.

Example admin(network.router)>show rip rip type : off rip direction : both rip authentication type : md5 rip simple auth password : ******** rip md5 id 1 : 1 rip md5 key 1 : ******** rip md5 id 2 : 1 rip md5 key 2 : ******** admin(network.router)>show routes --------------------------------------------------------------------------index destination netmask gateway interface metric --------------------------------------------------------------------------1 192.168.2.0 255.255.255.0 0.0.0.0 subnet3 0 2 192.168.1.0 255.255.255.0 0.0.0.0 subnet2 0 3 192.168.0.0 255.255.255.0 0.0.0.0 subnet1 0 4 192.168.24.0 255.255.255.0 0.0.0.0 wan 0 5 0.0.0.0 0.0.0.0 192.168.24.1 wan 0


Network CLI Commands Reference 3-115

3.22 Network VLAN Commands vlan network

Displays the VLAN submenu. Syntax admin(network)> vlan admin(network.vlan)>

The items available under this command are shown below. Command

set show quit save .. /

Description

Sets VLAN parameters. Shows VLAN parameters. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-116 page 3-117 page 3-1 page 3-1 page 3-1 page 3-1


3-116 WS2000 Wireless Switch System Reference Guide

3.22.1 Network VLAN set Command set Network VLAN Commands

Sets VLAN parameters. Syntax set [assign-mode|default|vlan-id|trunk-port|allow]

Syntax: assign-mode <mode> default <vlan_id> vlan-id <subnet_id> <vlan_id> trunk-port <port> allow [vlans <list>|all|none]

Assigns the VLAN assignment mode <mode> to one of user or port. Assigns the default VLAN ID to <vlan_id>, which is a number between 1 and 4094. Sets the VLAN ID for subnet <subnet_id> (one of s1, s2, s3, s4, s5,or s6) to <vlan_id> (1–4094). Sets the Trunk Port <port> to one of none or wan. Sets the list of VLANs allowed access to the trunk port. • vlans <list> – Sets the allowed VLANs from <list>, a comma separated list of VLAN Ids. • all – Sets the allowed VLANs to all VLANs. • none – Sets the list of allowed VLANs to none.

Example admin(network.vlan)>set assign-mode user admin(network.vlan)>set default 3 admin(network.vlan)>show vlan 3 VLAN assignment mode VLAN ID VLAN Mapped Subnet Default VLAN ID Related Commands

show

Displays the VLAN settings.

: : : :

user 3 Subnet3 Yes


Network CLI Commands Reference 3-117

3.22.2 Network VLAN show Command show Network VLAN Commands

Shows VLAN parameters. Syntax show [vlan|trunk] Parameters

vlan <id> trunk

Displays the VLAN settings for the VLAN specified by <id> (1â&#x20AC;&#x201C;4094). Displays the Trunk settings.

Example admin(network.vlan)>show vlan 3 VLAN assignment mode VLAN ID VLAN Mapped Subnet Default VLAN ID

: : : :

user 3 Subnet3 Yes

: : : :

user 2 Subnet1 No

admin(network.vlan)>show vlan 2 VLAN assignment mode VLAN ID VLAN Mapped Subnet Default VLAN ID

admin(network.vlan)>set trunk-port wan admin(network.vlan)>set all vlans 1-20 admin(network.vlan)>show trunk Trunk Port Allowed VLANs Related Commands

set

Sets the VLAN parameters.

: WAN : 1-20


3-118 WS2000 Wireless Switch System Reference Guide

3.23 Network WAN Commands wan network

Displays the WAN submenu. Syntax admin(network)> wan admin(network.wan)>

The items available under this command are shown below. Command

vpn nat app dyndns trunkipfpolicy renew set show quit save .. /

Description

Goes to the VPN submenu. Goes to the NAT submenu. Goes to the outbound content filtering submenu. Goes to the Dynamic DNS submenu Goes to the Trunk Port IP Filter Policy submenu Renews the IP address. Sets WAN parameters. Shows WAN parameters. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-144 page 3-138 page 3-123 page 3-129 page 3-133 page 3-119 page 3-120 page 3-122 page 3-1 page 3-1 page 3-1 page 3-1


Network CLI Commands Reference 3-119

3.23.1 Network WAN renew Command renew Network WAN Commands

Renews the IP address. Syntax renew Parameters

None Example admin(network.wan)>renew admin(network.wan)>


3-120 WS2000 Wireless Switch System Reference Guide

3.23.2 Network WAN set Command set Network WAN Commands

Sets the WAN parameters. In the Web interface, this functionality if provided by the Network->WAN screen. Syntax set [dhcp|dgw|dns|ipadr|mask|mode|ppope|mtu] Parameters

dhcp <mode>

Enables or disables the switch as a DHCP client. <mode> can be one of enable or disable. dgw <a.b.c.d> Sets the default gateway IP address to <a.b.c.d>. dns <idx> <a.b.c.d> Sets the IP address of one or two DNS servers, where <idx> indicates either the primary (1) or secondary (2) server, and <a.b.c.d> is the IP address of the server. ipadr <idx> <a.b.c.d> Sets up to 8 (using <idx> from 1 to 8) IP addresses <a.b.c.d> for the WAN interface of the switch. mask <a.b.c.d> Sets the subnet mask to <a.b.c.d>. mode <idx> <mode> Enables or disables the WAN interface associated with the given <idx> (1– 8) as set using the set ipadr command. <mode> can be one of enable or disable. pppoe [idle|ka|mode|passwd| Sets PPPoE parameters. type|user|mss] • idle <val> – Sets the PPPoE idle value <val> (1–65535) seconds. • ka <mode> – Sets the PPPoE keep alive mode <mode> (enable, disable). • mode <mode> – Enables or disables PPPoE. <mode> can be one of enable or disable. • passwd <password> – Sets the PPPoE password to <password> (1 – 39 Characters) • type <type> – Sets the PPPoE authentication type to <type> (none, pap/ chap, pap, chap). • user <username> – Sets the PPPoE user name to <username> (1 – 47 Characters). • mss <msssize> – Sets the PPPoE maximum segment size to <msssize> (20–1460). mtu Sets MTU size of wan interface. The minimum value is 128 bytes and maximum is 1500 bytes. Example admin(network.wan)>set admin(network.wan)>set admin(network.wan)>set admin(network.wan)>set admin(network.wan)>set admin(network.wan)>set

dhcp enable dgw 192.168.122.25 pppoe mode enable pppoe type chap pppoe user JohnDoe pppoe passwd @#$goodpassword%$#


Network CLI Commands Reference 3-121

admin(network.wan)>set pppoe keepalive enable Related Commands

show ip Shows the IP settings for the WAN. show pppoe Shows the PPPoE settings for the WAN.


3-122 WS2000 Wireless Switch System Reference Guide

3.23.3 Network WAN show Command show Network WAN Commands

Shows the WAN parameters. Syntax show [ip|pppoe|mtuc] Parameters

ip <idx>

Shows the general IP parameters for the WAN along with settings for the WAN interface associated with <idx> (where <idx> is in the range 1â&#x20AC;&#x201C;8). Note: If the WAN interface IP addresses have not been specified for <idx>, the IP and Mask values will be shown as 0.0.0.0.

pppoe mtu

Shows all PPPoE settings. Sets MTU size of wan interface. The minimum value is 128 bytes and maximum is 1500 bytes.

Example admin(network.wan)>show ip 3 wan interface ip address network mask default gateway dhcp mode primary dns server secondary dns server

: : : : : : :

enable 0.0.0.0 0.0.0.0 192.168.24.1 enable 209.142.0.2 209.142.0.218

: : : : : : : : : : :

disable 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 disable pap/chap 600

admin(network.wan)>show pppoe pppoe mode ip address default gateway primary dns server secondary dns server pppoe keepalive mode pppoe authentication type pppoe idle time pppoe user name pppoe password pppoe MSS

******** 1452


Network CLI Commands Reference 3-123

3.24 Network WAN App Commands app Network WAN Commands

Displays the outbound content filtering submenu. Syntax admin(network.wan)> app admin(network.wan.app)>

The items available under this command are shown below. Command

addcmd delcmd list quit save .. /

Description

Adds app control commands to the deny list. Deletes app control commands from the deny list. Lists app control records. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-124 page 3-126 page 3-128 page 3-1 page 3-1 page 3-1 page 3-1


3-124 WS2000 Wireless Switch System Reference Guide

3.24.1 Network WAN APP addcmd Command addcmd Network WAN App Commands

Adds app control commands to the deny list. Syntax addcmd [web|ftp|smtp] Parameters

web [file Denies access to the specified web files. <filename>.<ext>| • file <filename>.<ext> – Denies specified web file name. <filename> can be up to 15 proxy|activex] characters and “*” can be used to match any string. <ext> can be up to 10 characters (such as htm, html, or java). Up to 10 files can be specified. • proxy – Denies web proxies • activex – Denies ActiveX files ftp Denies access to the following FTP commands: [put|get|ls|mkdir|c • put – Denies access to FTP put command d|pasv] • get – Denies access to FTP get command • ls – Denies access to FTP ls command • mkdir – Denies access to FTP mkdir command • cd – Denies access to FTP cd command • pasv – Denies access to FTP pasv command smtp Denies access to the following SMTP command: [helo|mail|rcpt| • helo – Denies access to the SMTP helo command data|quit|send| • mail – Denies access to the SMTP mail command saml|rset|vrfy| • rcpt – Denies access to the SMTP rcpt command expn] • data – Denies access to the SMTP data command • quit – Denies access to the SMTP quit command • send – Denies access to the SMTP send command • saml – Denies access to the SMTP saml command • rset – Denies access to the SMTP rset command • vrfy – Denies access to the SMTP vrfy command • expn – Denies access to the SMTP expn command Example admin(network.wan.app)>addcmd ftp ? put get ls mkdir cd pasv

: : : : : :

store command retrieve command directory list command create directory command change directory command passive mode command


Network CLI Commands Reference 3-125

admin(network.wan.app)>addcmd ftp put admin(network.wan.app)>addcmd ftp cd admin(network.wan.app)>addcmd ftp pasv admin(network.wan.app)>list ftp FTP Commands Storing Files Retrieving Files Directory List Create Directory Change Directory Passive Operation

: : : : : :

deny allow allow allow deny deny

admin(network.wan.app)>addcmd smtp helo admin(network.wan.app)>addcmd smtp vrfy admin(network.wan.app)>list smtp SMTP Commands HELO MAIL RCPT DATA QUIT SEND SAML RESET VRFY EXPN

: : : : : : : : : :

deny allow allow allow allow allow allow allow deny allow

admin(network.wan.app)> Related Commands

delcmd

Removes a file or command from the deny list.


3-126 WS2000 Wireless Switch System Reference Guide

3.24.2 Network WAN APP delcmd Command delcmd Network WAN App Commands

Deletes application control commands from the deny list. Syntax delcmd [web|ftp|smtp] Parameters

web [file Deletes the specified web files from the access denied list. <filename>.<ext>| • file <filename>.<ext> – Denied web file name. <filename> can be up to 15 proxy|activex] characters and “*” can be used to match any string. <ext> can be up to 10 characters (such as htm, html, or java). Up to 10 files can be specified. • proxy – Web proxies • activex – ActiveX files ftp Deletes the following FTP commands from the access denied list. [put|get|ls|mkdir|c • put – FTP put command d|pasv] • get – FTP get command • ls – FTP ls command • mkdir – FTP mkdir command • cd – FTP cd command • pasv – FTP pasv command smtp Deletes the following SMTP command from the access denied list. [helo|mail|rcpt| • helo – SMTP helo command data|quit|send| • mail – SMTP mail command saml|rset|vrfy| • rcpt – SMTP rcpt command expn] • data – SMTP data command • quit – SMTP quit command • send – SMTP send command • saml – SMTP saml command • rset – SMTP rset command • vrfy – SMTP vrfy command • expn – SMTP expn command Example admin(network.wan.app)>list ftp FTP Commands Storing Files Retrieving Files Directory List Create Directory Change Directory

: : : : :

deny allow allow allow deny


Network CLI Commands Reference 3-127

Passive Operation

: deny

admin(network.wan.app)>delcmd ftp put admin(network.wan.app)>delcmd ftp cd admin(network.wan.app)>list ftp FTP Commands Storing Files Retrieving Files Directory List Create Directory Change Directory Passive Operation

: : : : : :

allow allow allow allow allow deny

: : : : : : : : : :

deny allow allow allow allow allow allow allow deny allow

admin(network.wan.app)>list smtp SMTP Commands HELO MAIL RCPT DATA QUIT SEND SAML RESET VRFY EXPN

admin(network.wan.app)>delcmd smtp helo admin(network.wan.app)>list smtp SMTP Commands HELO MAIL RCPT DATA QUIT SEND SAML RESET VRFY EXPN

: : : : : : : : : :

allow allow allow allow allow allow allow allow deny allow

Related Commands

addcmd

Adds a file or command to the deny list.


3-128 WS2000 Wireless Switch System Reference Guide

3.24.3 Network WAN APP list Command list Network WAN App Commands

Lists the app control records. Syntax list [web|ftp|smtp] Parameters

web ftp smtp

Lists Web/HTTP app control settings. Lists FTP app control settings. Lists SMTP app control record.

Example admin(network.wan.app)>list web HTTP Files/Commands Web Proxy ActiveX filename

: deny : deny :

admin(network.wan.app)>list ftp FTP Commands Storing Files Retrieving Files Directory List Create Directory Change Directory Passive Operation

: : : : : :

allow allow allow deny deny deny

: : : : : : : : : :

deny allow allow allow allow allow allow allow deny allow

admin(network.wan.app)>list smtp SMTP Commands HELO MAIL RCPT DATA QUIT SEND SAML RESET VRFY EXPN admin(network.wan.app)>


Network CLI Commands Reference 3-129

3.25 Network WAN DynDNS Commands dyndns Network WAN Commands

Displays the Dynamic DNS menu. DynDNS provides a facility to update the domain name information when the IP address associated with the domain name changes. Syntax admin(network.wan)> dyndns admin(network.wan.dyndns)>

The items available under this command are shown below. Command

set show update quit save .. /

Description

Sets the different Dynamic DNS parameters Displays the Dynamic DNS parameters and current status Manually updates the Dynamic DNS status Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-130 page 3-131 page 3-132 page 3-1 page 3-1 page 3-1 page 3-1


3-130 WS2000 Wireless Switch System Reference Guide

3.25.1 Network WAN DynDNS set Command set Network WAN DynDNS Commands

Sets the DynDNS parameters Syntax set [mode|username|password|hostname] set set set set

mode <mode> username <username> password <password> hostname <hostname>

Parameters

mode <mode> Enables or disables DynDNS. <mode> can be enable or disable. username <username> Sets the DynDNS user name to <username> (1-32 characters) password <password> Sets the password to <password> (1-32 characters) for the DynDNS username <username>. hostname <hostname> Sets the DynDNS server host name to <hostname> (1-32 characters). Example admin(network.wan.dyndns)>set admin(network.wan.dyndns)>set admin(network.wan.dyndns)>set admin(network.wan.dyndns)>set

mode enable username JohnDoe password JohnDoe hostname motPropServ

admin(network.wan.dyndns)>show DynDNS Configuration Mode Username Password Hostname

: : : :

enable JohnDoe ******** motPropServ

DynDNS Update Response IP Address Hostname Status

: 192.168.10.1 : motPropServ : Connected


Network CLI Commands Reference 3-131

3.25.2 Network WAN DynDNS show Command show Network WAN DynDNS Commands

Displays the Dynamic DNS parameter information and the current status. Syntax show Parameters

None Example admin(network.wan.dyndns)>show DynDNS Configuration Mode Username Password Hostname

: : : :

enable JohnDoe ******** motPropServ

DynDNS Update Response IP Address Hostname Status

: 192.168.10.1 : motPropServ : Connected


3-132 WS2000 Wireless Switch System Reference Guide

3.25.3 Network WAN DynDNS update Command update Network WAN DynDNS Commands

Manually updates the Dynamic DNS information. Syntax update Parameters

None Example admin(network.wan.dyndns)>update IP Address Hostname

: 192.168.10.1 : motPropServ


Network CLI Commands Reference 3-133

3.26 Network WAN TrunkIPFPolicy Commands trunkipfpolicy Network WAN Commands

Displays the Trunk IP Filter Policy submenu. Syntax admin(network.wan)>trunkipfpolicy admin(network.wan.trunkipfpolicy)>

The items available under this command are shown below. Command

add del set show quit save .. /

Description

Adds Trunk Port IP Filter association table entry Removes Trunk Port IP Filter association table entry Sets Trunk Port IP Filter association parameters Displays Trunk Port IP Filter association parameters Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-134 page 3-135 page 3-136 page 3-137 page 3-1 page 3-1 page 3-1 page 3-1


3-134 WS2000 Wireless Switch System Reference Guide

3.26.1 Network WAN TrunkIPFPolicy add Command add Network WAN TrunkIPFPolicy Commands

Adds a Trunk Port IP Filter association table entry. Syntax add <filter-name> <direction> <action> Parameters

<filter-name> <direction> <action> Example

Name of the Trunk Port Filter entry The direction for the filter One of allow or deny.


Network CLI Commands Reference 3-135

3.26.2 Network WAN TrunkIPFPolicy del Command del Network WAN TrunkIPFPolicy Commands

Deletes an entry from the Trunk Port IP Filter association table. Syntax del [all|<index>] Parameters

all <index>

Removes all trunk port IP filter association table entries. Remove trunk port ip filter association table entry at the index <index>.

Example admin(network.wan.trunkipfpolicy)> del 1 admin(network.wan.trunkipfpolicy)>


3-136 WS2000 Wireless Switch System Reference Guide

3.26.3 Network WAN TrunkIPFPolicy set Command set Network WAN TrunkIPFPolicy Commands

Sets the different Trunk Port IP Filter Policy configuration settings Syntax set [ipf-mode|default] set ipf-mode <mode> set default [incoming|outgoing] [allow|deny] Parameters

ipf-mode <mode> default [incoming|outgoing] [allow|deny]

Enables or disables the Trunk Port IP Filtering Sets the default properties for incoming and outgoing direction to either allow or deny.

Example admin(network.wan.trunkipfpolicy)>show ---------------------------------------------------------------Filter-Name Direction Action ---------------------------------------------------------------IP Filter Mode

: enable

Default Incoming Action

: allow

Default Outgoing Action

: allow

admin(network.wan.trunkipfpolicy)>set default outgoing deny admin(network.wan.trunkipfpolicy)>show -----------------------------------------------------------Filter-Name Direction Action -----------------------------------------------------------IP Filter Mode

: enable

Default Incoming Action

: allow

Default Outgoing Action

: deny


Network CLI Commands Reference 3-137

3.26.4 Network WAN TrunkIPFPolicy show Command show Network WAN TrunkIPFPolicy Commands

Displays the Trunk Port IP Filter policy configuration information. Syntax show Parameters

None Example admin(network.wan.trunkipfpolicy)>show ---------------------------------------------------Filter-Name Direction Action ---------------------------------------------------IP Filter Mode

: enable

Default Incoming Action

: allow

Default Outgoing Action

: deny

admin(network.wan.trunkipfpolicy)>?


3-138 WS2000 Wireless Switch System Reference Guide

3.27 Network WAN NAT Commands nat Network WAN Commands

Displays the nat submenu. Syntax admin(network.wan)> nat admin(network.wan.nat)>

The items available under this command are shown below. Command

add delete listt set show quit save .. /

Description

Adds NAT records. Deletes NAT records. Lists NAT records. Sets NAT parameters. Shows NAT parameters. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-139 page 3-140 page 3-141 page 3-142 page 3-143 page 3-1 page 3-1 page 3-1 page 3-1


Network CLI Commands Reference 3-139

3.27.1 Network WAN NAT add Command add Network WAN NAT Commands

Adds NAT records. Syntax add inb <idx> <name> <tran> <port1> <port2> <ip> <dst_port> Parameters

inb <idx> <name> Sets an inbound Network Address Translation (NAT) entry. <tran> <port1> • <idx> – The WAN address <port2> <ip> • <name> – The NAT entry name <dst_port> • <tran> – The transport protocol (one of cp, udp, icmp, ah, esp, gre, or all) • <port1> – The starting port number in a port range • <port2> – The ending port number in a port range • <ip> – The internal IP address • <dst_port> – The optional internal translation port Example admin(network.wan.nat)>add inb 2 special tcp 20 21 192.168.42.16 21 admin(network.wan.nat)>list inb 2 ------------------------------------------------------------------------index name prot start port end port internal ip translation port ------------------------------------------------------------------------1 special tcp 20 21 192.168.42.16 21 Related Commands

delete inb list inb

Deletes one of the inbound NAT entries from the list. Displays the list of inbound NAT entries.


3-140 WS2000 Wireless Switch System Reference Guide

3.27.2 Network WAN NAT delete Command delete Network WAN NAT Commands

Deletes NAT records. Syntax delete inb <idx> [<entry>|all]

Syntax: inb <idx> [<entry>|all]

Deletes a NAT table entry. • <idx> – The WAN index (1–8) • <entry> – The NAT entry (1–20) • all – All NAT entries associated with the WAN <idx> (1–8)

Example admin(network.wan.nat)>list inb 2 ------------------------------------------------------------------------index name prot start port end port internal ip translation port ------------------------------------------------------------------------1 special tcp 20 21 192.168.42.16 21 admin(network.wan.nat)>delete inb 2 all ^ admin(network.wan.nat)>list inb 2 ------------------------------------------------------------------------index name prot start port end port internal ip translation port ------------------------------------------------------------------------Related Commands

add inb list inb

Adds entries to the list of inbound NAT entries. Displays the list of inbound NAT entries.


Network CLI Commands Reference 3-141

3.27.3 Network WAN NAT list Command list Network WAN NAT Commands

Lists NAT records. Syntax list inb <idx> Parameters

list inb <idx>

Lists the inbound NAT entries associated with WAN port <idx> (1â&#x20AC;&#x201C;8).

Example admin(network.wan.nat)>add inb 2 special tcp 20 21 192.168.42.16 21 admin(network.wan.nat)>list inb 2 ------------------------------------------------------------------------index name prot start port end port internal ip translation port ------------------------------------------------------------------------1 special tcp 20 21 192.168.42.16 21 Related Commands

delete inb add inb

Deletes one of the inbound NAT entries from the list. Adds entries to the list of inbound NAT entries.


3-142 WS2000 Wireless Switch System Reference Guide

3.27.4 Network WAN NAT set Command set Network WAN NAT Commands

Sets NAT inbound and outbound parameters. Syntax set [inb|outb|type] Parameters

inb [mode|ip]

Sets the inbound NAT parameters. • mode <idx> <mode> – Sets the inbound NAT mode for the WAN with index <idx> (1–8). <mode> can be one of enable or disable. • ip <idx> <a.b.c.d> – Forward unspecified ports and to the IP <a.b.c.d> for the WAN with index <idx> (1–8). outb [ip|map] Sets the outbound NAT parameters. • ip <idx> <a.b.c.d> – Sets 1-to-1 NAT IP mapping entries where <idx> (1–8) is the index of the WAN to the ip address <a.b.c.d>. • map <from> <to> – Sets 1-to-many NAT mapping entries where <from> is one of s1, s2, s3, s4, s5, and s6. <to> is the Wan index (1–8) or none. type <idx> <type> Sets the type of NAT translation for WAN address index <idx> (1–8) to one of none, 1-to-1, or 1-to-many. Example admin(network.wan.nat)>set type 1 1-to-1 admin(network.wan.nat)>set outb ip 1 209.239.44.36 admin(network.wan.nat)>set inb mode 1 enable admin(network.wan.nat)>show nat 1 nat type one to one nat ip address port forwarding mode port forwarding ip address one to many nat mapping

: : : : :

1-to-1 209.239.44.36 enable 0.0.0.0 subnet1 subnet2 subnet3 subnet4 _


Network CLI Commands Reference 3-143

3.27.5 Network WAN NAT show Command show Network WAN NAT Commands

Shows NAT parameters. Syntax show nat <idx> Parameters

show

nat

<idx>

Shows NAT settings for WAN <idx> (1â&#x20AC;&#x201C;8).

Example admin(network.wan.nat)>set inb mode 1 enable admin(network.wan.nat)>show nat 1 nat type one to one nat ip address port forwarding mode port forwarding ip address one to many nat mapping

: : : : :

1-to-1 209.239.44.36 enable 0.0.0.0 subnet1 subnet2 subnet3 subnet4


3-144 WS2000 Wireless Switch System Reference Guide

3.28 Network WAN VPN Commands vpn Network WAN Commands

Displays the VPN submenu. Syntax admin(network.wan)> vpn admin(network.wan.vpn)>

The items available under this command are shown below. Command

cmgr add set list delete stats ikestate reset quit save .. /

Description

Goes to the cmgr (Certificate Manager) submenu. Adds an security policy database (SPD) entry. Sets SPD parameters. Lists SPD entries. Deletes SPD entries. Lists statistics for all active tunnels. Lists statistics for all active tunnels. Resets all VPN tunnels. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-156 page 3-145 page 3-150 page 3-148 page 3-146 page 3-155 page 3-147 page 3-149 page 3-1 page 3-1 page 3-1 page 3-1


Network CLI Commands Reference 3-145

3.28.1 Network WAN VPN add Command add Network WAN VPN Commands

Adds a security policy database (SPD) entry. Syntax add <name> <LSubnet> <LWANIP> <RSubnetIP> <RSubnetMask> <RGatewayIP> Parameters <name> <LSubnet> <LWanIP> <RSubnetIP> <RSubnetMask> <RGatewayIP>

Creates a tunnel named <name> (1 to 13 characters) to gain access to local subnet <LSubnet> (1, 2, 3, 4, 5, 6), through local WAN IP <LWanIP> from the remote subnet with address <RSubnetIP> and subnet mask <RSubnetMask> using the remote gateway <RGatewayIP>. The local WAN IP can be set to 0.0.0.0 for a DHCP client. Any IP address obtained from the DHCP server is then used to initiate the VPN tunnel. The VPN peer must set itâ&#x20AC;&#x2122;s Remote Gateway address to 0.0.0.0 to indicate an IP value of ANY and shall operate as a responder only. Example admin(network.wan.vpn)>add Bob 1 209.239.160.55 206.107.22.45 255.255.255.224 206.107.22.2 If tunnel type is Manual, proper SPI values and Keys must be configured after adding the tunnel admin(network.wan.vpn)>list -----------------------------------------------------------------------Tunnel Name Type Remote IP/Mask Remote Gateway Local WAN IP Subnet ------------------------------------------------------------------------Eng2EngAnnex Manual 192.168.32.2/24 192.168.33.1 192.168.24.198 1 Bob Manual 206.107.22.45/27 206.107.22.2 209.239.160.55 1 admin(network.wan.vpn)>


3-146 WS2000 Wireless Switch System Reference Guide

3.28.2 Network WAN VPN delete Command delete Network WAN VPN Commands

Deletes security policy database (SPD) entries. Syntax delete [*|<name>] Parameters

* <name>

Deletes all SPD entries. Deletes SPD entries named <name>.

Example admin(network.wan.vpn)>list ------------------------------------------------------------------------Tunnel Name Type Remote IP/Mask Remote Gateway Local WAN IP Subnet ------------------------------------------------------------------------Eng2EngAnnex Manual 192.168.32.2/24 192.168.33.1 192.168.24.198 1 Bob Manual 206.107.22.45/27 206.107.22.2 209.239.160.55 1 admin(network.wan.vpn)>delete Bob admin(network.wan.vpn)>list ------------------------------------------------------------------------Tunnel Name Type Remote IP/Mask Remote Gateway Local WAN IP Subnet ------------------------------------------------------------------------Eng2EngAnnex Manual 192.168.32.2/24 192.168.33.1 192.168.24.198 1 admin(network.wan.vpn)>


Network CLI Commands Reference 3-147

3.28.3 Network WAN VPN ikestate Command ikestate Network WAN VPN Commands

Displays statistics for all active tunnels using Internet Key Exchange (IKE). In particular, the table indicates whether IKE is connected for any of the tunnels, it provides the destination IP address, and the remaining lifetime of the IKE key. Syntax ikestate Parameters

None Example admin(network.wan.vpn)>ikestate ---------------------------------------------------------------------Tunnel Name IKE State Dest IP Remaining Life ---------------------------------------------------------------------Eng2EngAnnex Not Connected -----Bob Not Connected -----admin(network.wan.vpn)>


3-148 WS2000 Wireless Switch System Reference Guide

3.28.4 Network WAN VPN list Command list Network WAN VPN Commands

Lists security policy database (SPD) entries. Syntax list {<name>} Parameters

<name>

Lists all tunnel entries. Lists detailed information about tunnel named <name>. Note that the <name> must match case with the name in the SPD entry. “Bob” is not equal to “bob”, as shown in the example below.

Example admin(network.wan.vpn)>list ------------------------------------------------------------------------Tunnel Name Type Remote IP/Mask Remote Gateway Local WAN IP Subnet ------------------------------------------------------------------------Eng2EngAnnex Manual 192.168.32.2/24 192.168.33.1 192.168.24.198 1 Bob Manual 206.107.22.45/27 206.107.22.2 209.239.160.55 1 admin(network.wan.vpn)>list bob bad index value admin(network.wan.vpn)>list Bob ------------------------------------------------------------------------Detail listing of VPN entry: ------------------------------------------------------------------------Name : Bob Local Subnet : 1 Tunnel Type : Manual Remote IP : 206.107.22.45 Remote IP Mask : 255.255.255.224 Remote Security Gateway : 206.107.22.2 Local Security Gateway : 209.239.160.55 AH Algorithm : None Encryption Type : ESP Encryption Algorithm : DES ESP Inbound SPI : 0x00000100 ESP Outbound SPI : 0x00000100


Network CLI Commands Reference 3-149

3.28.5 Network WAN VPN reset Command reset Network WAN VPN Commands

Resets all VPN tunnels. Syntax reset Parameters

None Example admin(network.wan.vpn)>reset VPN tunnels reset. admin(network.wan.vpn)>


3-150 WS2000 Wireless Switch System Reference Guide

3.28.6 Network WAN VPN set Command set Network WAN VPN Commands

Sets security policy database (SPD) entry parameters. Syntax set [ike|type|sub|remip|remmask|remgw|authalgo|espauthalgo|enckey|espauthkey| spi| localgw|usepfs|pfsgrp|salife|ipsecdel|auto-initiation| auto-initiate-interval] set ike [myidtype|remidtype|myiddata|opmode|authtype|authalgo|psk| encalgo|lifetime|group] set ike myidtype <name> <idtype> set ike remidtype <name> <idtype> set ike myiddata <name> <idtype> set ike opmode <name> <opmode> set ike authtype <name> <authtype> set ike authalgo <name> <authalgo> set ike psk <name> <psk> set ike encalgo <name> <encalgo> set ike lifetime <name> <lifetime> set ike group <name> <group> set type <name> <type> set sub <name> <sub> set remip <name> <remip> set remmask <name> <remmask> set remgw <name> <remgw> set authalgo <name> <auth> set enctype <name> <enctype> set encalgo <name> <encalgo> set espauthalgo <name> <espauthalgo> set enckey <name> <direction> <enckey> set espauthkey <name> <direction> <espauthkey> set spi <name> <algo> <direction> <spi> set localgw <name> <localgw> set usepfs <name> <usepfs> set pfsgrp <name> <pfsgrp> set salife <name> <lifetime>


Network CLI Commands Reference 3-151

set ipsecdel <name> <mode> set auto-initiation <name> <mode> set auto-initiate-interval <interval> Parameters

ike myidtype <name> <idtype> ike remidtype <name> <idtype> ike myiddata <name> <iddata> ike remiddata <name> <iddata> ike opmode <name> <opmode> ike authtype <name> <authtype> ike authalgo <name> <authalgo> ike psk <name> <psk>

Sets the Local ID type for IKE authentication for SPD <name> (1 to 13 characters) to <idtype> (one of IP, FQDN, or UFQDN). Sets the Remote ID type for IKE authentication for SPD <name> (1 to 13 characters) to <idtype> (one of IP, FQDN, or UFQDN). Sets the Local ID data for IKE authentication for SPD <name> (1 to 13 characters) to <iddata>. This value is not required when the ID type is set to IP. Sets the Remote ID data for IKE authentication for SPD <name> (1 to 13 characters) to <idtype>. Sets the Operation Mode of IKE for SPD <name> (1 to 13 characters) to 4. <opmode> can be one of Main or Aggr(essive). Sets the IKE Authentication type for SPD <name> (1 to 13 characters) to <authtype> (one of PSK or RSA). Sets the IKE Authentication Algorithm for SPD <name> (1 to 13 characters) to <authalgo>. <authalgo> can be either MD5 or SHA1. Sets the IKE Pre-Shared Key for SPD <name> (1 to 13 characters) to <psk> (1â&#x20AC;&#x201C;49 characters). ike encalgo <name> Sets the IKE Encryption Algorithm for SPD <name> (1 to 13 characters) to <encalgo> <encalgo> (one of DES, 3DES, AES128, AES192, or AES256). ike lifetime <name> Sets the IKE Key life time in seconds for SPD <name> (1 to 13 characters) to <lifetime> <lifetime> seconds. ike group <name> Sets the IKE Diffie-Hellman Group for SPD <name> (1 to 13 characters) to <group> <group> (one of G768 or G1024) type <name> <type> Sets the authentication type of SPD <name> (1 to 13 characters) to <type> (Auto or Manual). sub <name> <sub> Sets the Local Subnet (1, 2, 3, 4, 5 or 6) for SPD <name> (1 to 13 characters) to subnet number <sub> (1, 2, 3, 4, 5 or 6). remip <name> <remip> Sets the IP address for the remote end of SPD <name> (1 to 13 characters) to remote ip <remip> (a.b.c.d). remmask <name> Sets the IP Mask for the remote end of SPD <name> (1 to 13 characters) to <remmask> <remmask> (a.b.c.d). remgw <name> Sets the Remote IP gateway for SPD <name> (1 to 13 characters) to be <remgw> <remgw> (a.b.c.d). Set this value to 0.0.0.0 to support tunneling to VPN peer which is a DHCP client. authalgo <name> Sets the authentication algorithm for SPD <name> (1 to 13 characters) to <authalgo> <authalgo> (one of None, MD5, or SHA1).


3-152 WS2000 Wireless Switch System Reference Guide

authkey <name> Sets the AH authentication key (if SPD type is Manual) for tunnel <name> (1 to 13 <direction> <authkey> characters) with the direction <direction> set to IN or OUT, and the manual authentication key set to <authkey>. (The key size is 32 hex characters for MD5, and 40 hex characters for SHA1). enctype <name> Sets the Encryption type for SPD <name> (1 to 13 characters) to <enctype> (one <enctype> of None, ESP, or ESP-AUTH). encalgo <name> Sets the Encryption Algorithm for SPD <name> (1 to 13 characters) to <encalgo> <encalgo> (one of DES, 3DES, AES128, AES192, or AES256). espauthalgo <name> Sets ESP Authentication Algorithm for SPD <name> to <espauthalgo> (one of MD5 or SHA1). <espauthalgo> enckey <name> Sets the Manual Encryption Key in ASCII for SPD <name> and direction <direction> <enckey> <direction> (IN or OUT) to the key <enckey>. The size of the key depends on the encryption algorithm. - 16 hex chars for DES - 48 hex chars for 3DES - 32 hex chars for AES128 - 48 hex chars for AES192 - 64 hex chars for AES256 espauthkey <name> Sets Manual ESP Authentication Key for SPD <name> (1 to 13 characters) either <direction> for direction <direction> (IN or OUT) to <espauthkey>, an ASCII string of hex <espauthkey> characters. If authalgo is set to MD5, the provide 32 hex characters. If authalgo is set to SHA1, provide 40 hex characters. spi <name> <algo> Sets the direction <direction> (IN(bound) or OUT(bound)) SPI for <algo> (AUTH <direction> <spi> (Manual Authentication) or ESP) for SPD <name> (1 to 13 characters) to <spi> (a hex value more than 0xFF). localgw <name> <ip> Sets the Local WAN IP to <ip> (a.b.c.d) for a SPI <name> (1 to 13 characters). The local WAN IP (local gateway) can be set to 0.0.0.0 for a DHCP client. Any IP address obtained from the DHCP server is then used to initiate the VPN tunnel. The VPN peer must set itâ&#x20AC;&#x2122;s Remote Gateway address to 0.0.0.0 to indicate an IP value of ANY and shall operate as a responder only. usepfs <name> Enables or disables Perfect Forward Secrecy for SPD <name> (1 to 13 characters). <usepfs> salife <name> <life Sets SA life time to <lifetime> seconds (minimum 300). time> ipsecdel <name> Enables the deletion of IPSEC SA when IKE SA is deleted for the tunnel named <mode> <name> (1 to 13 characters). auto-initiation <name> Enables / disables auto-initiation by WS2000 for the tunnel named <name> (1 to <mode> 13 characters). auto-initiate-interval Sets the time duration between two consecutive auto-initiation attempts. This <time> time duration is in seconds. Example admin(network.wan.vpn)>list Bob ------------------------------------------------------------------------Detail listing of VPN entry: -----------------------------------------------------------------------Name : Bob Local Subnet : 1


Network CLI Commands Reference 3-153

Tunnel Type Remote IP Remote IP Mask Remote Security Gateway Local Security Gateway AH Algorithm Encryption Type Encryption Algorithm ESP Inbound SPI ESP Outbound SPI

: : : : : : : : : :

Manual 206.107.22.45 255.255.255.224 206.107.22.2 209.239.160.55 None ESP DES 0x00000100 0x00000100

admin(network.wan.vpn)>set usepfs Bob enable admin(network.wan.vpn)>set spi Bob ESP IN abcde admin(network.wan.vpn)>set spi Bob ESP OUT cdef23 admin(network.wan.vpn)>list Bob ------------------------------------------------------------------------Detail listing of VPN entry: ------------------------------------------------------------------------Name : Bob Local Subnet : 1 Tunnel Type : Manual Remote IP : 206.107.22.45 Remote IP Mask : 255.255.255.224 Remote Security Gateway : 206.107.22.2 Local Security Gateway : 209.239.160.55 AH Algorithm : None Encryption Type : ESP Encryption Algorithm : DES ESP Inbound SPI : 0x000ABCDE ESP Outbound SPI : 0x00CDEF23 admin(network.wan.vpn)>set authalgo Bob MD5 admin(network.wan.vpn)>list Bob ------------------------------------------------------------------------Detail listing of VPN entry: -----------------------------------------------------------------------Name : Bob Local Subnet : 1 Tunnel Type : Manual Remote IP : 206.107.22.45 Remote IP Mask : 255.255.255.224 Remote Security Gateway : 206.107.22.2 Local Security Gateway : 209.239.160.55 AH Algorithm : MD5 Encryption Type : ESP Encryption Algorithm : DES Auth Inbound SPI : 0x00000100 Auth Outbound SPI : 0x00000100 ESP Inbound SPI : 0x000ABCDE ESP Outbound SPI : 0x00CDEF23 admin(network.wan.vpn)>set authkey Bob IN 12345678901234567890123456789012 admin(network.wan.vpn)>set authkey Bob OUT 11111111112222222222333333333344 admin(network.wan.vpn)>set spi Bob AUTH IN 2233445 admin(network.wan.vpn)>set spi Bob AUTH OUT 33344 admin(network.wan.vpn)>list Bob -------------------------------------------------------------------------


3-154 WS2000 Wireless Switch System Reference Guide

Detail listing of VPN entry: -----------------------------------------------------------------------Name : Bob Local Subnet : 1 Tunnel Type : Manual Remote IP : 206.107.22.45 Remote IP Mask : 255.255.255.224 Remote Security Gateway : 206.107.22.2 Local Security Gateway : 209.239.160.55 AH Algorithm : MD5 Encryption Type : ESP Encryption Algorithm : DES Auth Inbound SPI : 0x02233445 Auth Outbound SPI : 0x00033344 ESP Inbound SPI : 0x000ABCDE ESP Outbound SPI : 0x00CDEF23


Network CLI Commands Reference 3-155

3.28.7 Network WAN VPN stats Command stats Network WAN VPN Commands

Lists statistics for all active tunnels. Syntax stats Parameters

None Example admin(network.wan.vpn)>stats -----------------------------------------------------------------------Tunnel Name Status SPI(OUT/IN) Life Time Bytes(Tx/Rx) -----------------------------------------------------------------------Eng2EngAnnex Not Active Bob Not Active


3-156 WS2000 Wireless Switch System Reference Guide

3.29 Network WAN VPN Cmgr Commands cmgr Network WAN VPN Commands

Displays to the Certificate Manager submenu. Syntax admin(network.wan.vpn)> cmgr admin(network.wan.vpn.cmgr)>

The items available under this command are shown below. Command

genreq loadca loadself showreq listprivkey listself listca delprivkey delself delca expcert impcert quit save .. /

Description

Generates a Certificate Request. Loads a trusted certificate from CA. Loads a self certificate signed by CA. Displays a certificate request in PEM format. Lists names of private keys. Lists the self certificate loaded. Lists the trusted certificate loaded. Deletes the private key. Deletes the self certificate. Deletes the trusted certificate. Exports the certificate file. Imports the certificate file. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-162 page 3-167 page 3-168 page 3-169 page 3-165 page 3-166 page 3-164 page 3-158 page 3-159 page 3-157 page 3-160 page 3-163 page 3-1 page 3-1 page 3-1 page 3-1


Network CLI Commands Reference 3-157

3.29.1 Network WAN VPN Cmgr delca Command delca Network WAN VPN Commands

Deletes a trusted certificate. Syntax delca <IDname> Parameters <IDname>

Deletes the trusted certificate <IDname>.

Example admin(network.wan.vpn.cmgr)>delca CAfinance admin(network.wan.vpn.cmgr)>


3-158 WS2000 Wireless Switch System Reference Guide

3.29.2 Network WAN VPN Cmgr delprivkey Command delprivkey Network WAN VPN Commands

Deletes a private key. Syntax delprivkey <IDName> Parameters <IDname>

The key name to be deleted.

Example admin(network.wan.vpn.cmgr)>delprivkey <IDname> admin(network.wan.vpn.cmgr)>


Network CLI Commands Reference 3-159

3.29.3 Network WAN VPN Cmgr delself Command delself Network WAN VPN Cmgr Commands

Deletes a self certificate. Syntax delself <IDName> Parameters <IDname>

The name of the self certificate to be deleted.

Example admin(network.wan.vpn.cmgr)>delself<IDname> admin(network.wan.vpn.cmgr)>


3-160 WS2000 Wireless Switch System Reference Guide

3.29.4 Network WAN VPN Cmgr expcert Command expcert Network WAN VPN Cmgr Commands

Exports the certificate file. Syntax expcert [ftp|tftp] <filename> Parameters

[ftp|tftp] <file name>

Exports the certificate with specified filename <file name> by either ftp or tftp. The tftp or ftp options for this file transfer will use the settings for the configuration file settings. See System Config set Command for information on how to set the tftp/ftp options.

Example admin(system.config)>set server 192.168.22.12 admin(system.config)>set user myadmin admin(system.config)>set passwd admin(network.wan.vpn.cmgr)>expcert ftp mycertificate admin(network.wan.vpn.cmgr)> Related Commands

impcert

Imports a certificate.


Network CLI Commands Reference 3-161

3.29.5 Network WAN VPN Cmgr export-req Command export-req Network WAN VPN Cmgr Commands

Exports the private key ID name to a file. The exported file will be in the same directory as used for importing or exporting configuration files. Syntax export-req ftp <idname> <filename> Parameters

ftp <idname> <filename>

Exports the private key ID name to a file. This file is exported to the same directory as used for exporting or importing configuration files.

Example admin(network.wan.vpn.cmgr)> export-req ftp key1 filekey1


3-162 WS2000 Wireless Switch System Reference Guide

3.29.6 Network WAN VPN Cmgr genreq Command genreq Network WAN VPN Cmgr Commands

Generates a Certificate Request. Syntax genreq <IDName> <subject> {-ou <Organization Unit>} {-on <Organization Name>} {-cn <City Name>} {-st <State>} {-p <Postal Code>} {-cc <Country Code>} {-e <Email Address>} { -d <Domain Name>} {-i <IP Address>} {-sa <Signature Algorithm>} {-k <Key Size>}

Syntax: genreq <IDname> <Subject> ...optional arguments...

Generates a self-certificate request for a Certification Authority (CA), where <IDname> is the private key ID (up to 7 characters) and <subject> is the subject name (up to 49 characters). A number of optional arguments can also be specified as indicated below.

-ou <Organization Unit> -on <Organization Name> -cn <City Name> -st <State> -p <Postal Code> -cc <Country Code> -e <Email Address> -d <Domain Name> -i <IP Address> -sa <Signature Algorithm> -k <Key Size>

Organization Unit (1 to 49 chars) Organization Name (1 to 49 chars) City Name of Organization (1 to 49 chars) State Name (1 to 49 chars) Postal code (9 digits) Country code (2 chars) E-mail Address (1 to 49 chars) Domain Name (1 to 49 chars) IP Address (a.b.c.d) Signature Algorithm (one of MD5-RSA or SHA1-RSA) Key size in bits (one of 512, 1024, or 2048)

Note: The parameters in {curly brackets} are optional. Check with the CA to determine what fields are necessary. For example, most CAs require an email address and an IP address, but not the address of the organization. Example admin(network.wan.vpn.cmgr)>genreq MyCert2 MySubject -ou MyDept -on MyCompany Please wait. It may take some time... -----BEGIN CERTIFICATE REQUEST----MIHzMIGeAgEAMDkxEjAQBgNVBAoTCU15Q29tcGFueTEPMA0GA1UECxMGTXlEZXB0 MRIwEAYDVQQDEwlNeVN1YmplY3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAtKcX plKFCFAJymTFX71yuxY1fdS7UEhKjBsH7pdqnJnsASK6ZQGAqerjpKScWV1mzYn4 1q2+mgGnCvaZUlIo7wIDAQABoAAwDQYJKoZIhvcNAQEEBQADQQCClQ5LHdbG/C1f Bj8AszttSo/bA4dcX3vHvhhJcmuuWO9LHS2imPA3xhX/d6+Q1SMbs+tG4RP0lRSr iWDyuvwx -----END CERTIFICATE REQUEST-----


Network CLI Commands Reference 3-163

3.30 Network WAN VPN Cmgr impcert Command impcert Network WAN VPN Cmgr Commands

Imports the certificate file. Syntax impcert <type> <filename> Parameters

[ftp|tftp] <filename>

Imports the certificate with specified filename <file name> by either ftp or tftp. The tftp or ftp options for this file transfer will use the settings for the configuration file settings. See System Config set Command for information on how to set the tftp/ftp options.

Example admin(system.config)>set server 192.168.22.12 admin(system.config)>set user myadmin admin(system.config)>set passwd admin(network.wan.vpn.cmgr)>impcert ftp mycertificate admin(network.wan.vpn.cmgr)> Related Commands

expcert Exports a certificate.


3-164 WS2000 Wireless Switch System Reference Guide

3.30.1 Network WAN VPN Cmgr listca Command listca Network WAN VPN Cmgr Commands

Lists the loaded trusted certificate. Syntax listca Parameters

None Example admin(network.wan.vpn.cmgr)>listca Trusted Certificate List:


Network CLI Commands Reference 3-165

3.30.2 Network WAN VPN Cmgr listprivkey Command listprivkey Network WAN VPN Cmgr Commands

Lists the names of private keys. Syntax listprivkey Parameters

None Example admin(network.wan.vpn.cmgr)>listprivkey ------------------------------------------------------------------------Private Key Name Certificate Associated -------------------------------------------------------------------------


3-166 WS2000 Wireless Switch System Reference Guide

3.30.3 Network WAN Vpn Cmgr listself Command listself Network WAN VPN Cmgr Commands

Lists the loaded self certificates. Syntax listself Parameters

None Example admin(network.wan.vpn.cmgr)>listself Self Certificate List:


Network CLI Commands Reference 3-167

3.30.4 Network WAN VPN Cmgr loadca Command loadca Network WAN VPN Cmgr Commands

Loads a trusted certificate from the Certificate Authority. Syntax loadca {ftp <filename>} Parameters

loadca

Loads the trusted certificate (in PEM format) that is pasted into the command line. ftp <filename> â&#x20AC;&#x201C; (Optional parameter) Loads a CA certificate from a FTP server. <filename> is the name of the certificate file to load. The default path for loading the file is the same as used for importing or exporting configuration files.

Example admin(network.wan.vpn.cmgr)>loadca ftp cert1 Starting file transfer ... Certificate transferred successfully admin(network.wan.vpn.cmgr)>loadca Currently Only certificates in PEM format can be uploaded Enter 'Ctrl C' to abort. Paste the certificate:


3-168 WS2000 Wireless Switch System Reference Guide

3.30.5 Network WAN VPN Cmgr loadself Command loadself Network WAN VPN Cmgr Commands

Loads a self certificate signed by the Certificate Authority. Syntax loadself [<IDname>|ftp <IDname> <filename>] Parameters

<IDname> ftp <IDname> <filename>

Loads the self certificate signed by the CA with name <IDname>. Loads the self certificate <IDName> from a file <filename> on an FTP server. The certificate file is loaded from the same directory as used for importing or exporting configuration files.

Example admin(network.wan.vpn.cmgr)> loadself ftp MyCert mycert.cert Starting file transfer ... admin(network.wan.vpn.cmgr)> admin(network.wan.vpn.cmgr)>loadself MyCert Currently Only certificates in PEM format can be uploaded. Paste the certificate:


Network CLI Commands Reference 3-169

3.30.6 Network WAN VPN Cmgr showreq Command showreq Network WAN VPN Cmgr Commands

Displays a certificate request in PEM format. Syntax showreq <IDname> Parameters

showreq <IDname>

Displays a certificate request named <IDname> generated from the genreq command.


3-170 WS2000 Wireless Switch System Reference Guide

3.31 Network WLAN Commands wlan network

Displays the WLAN submenu. Syntax admin(network)> wlan admin(network.wlan)>

The items available under this command are shown below. Command

add delete list rogueap enhancedrogueap muprobe hotspot wlanipfpolicy set show quit save .. /

Description

Adds MU access control list entries. Deletes MU access control list entries. Lists MU access control list entries. Goes to the rogue AP submenu. Goes to the Enhanced Rogue AP submenu. Goes to the MU Probe submenu Goes to the Hotspot submenu Goes to WLAN IPF policy submenu. Sets WLAN parameters. Shows WLAN parameters. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-171 page 3-172 page 3-173 page 3-181 page 3-207 page 3-210 page 3-213 page 3-226 page 3-174 page 3-179 page 3-1 page 3-1 page 3-1 page 3-1


Network CLI Commands Reference 3-171

3.31.1 Network WLAN add Command add Network WLAN Commands

Adds entries to the mobile unit (MU) access control list. Syntax add <idx> <mac1> <mac2> <name> Parameters <idx> <mac1> <mac2> <name>

Adds an entry to the MU access control list, where <idx> is the WLAN index (1â&#x20AC;&#x201C;8), <mac1> is the starting MAC address (e.g., 001122334455), and <mac2> is ending MAC address in the acceptable range. <name> is the name of the MU ACL.

Example admin(network.wlan)>add 1 000000000000 112233445566 admin(network.wlan)>list 1 -----------------------------------------------------------------------index start mac end mac -----------------------------------------------------------------------1 000000000000 112233445566 admin(network.wlan)> Related Commands

delete list

Deletes entries from the MU access control list. Shows entries in the MU access control list.


3-172 WS2000 Wireless Switch System Reference Guide

3.31.2 Network WLAN delete Command delete Network WLAN Commands

Deletes specified entry or entries from mobile unit (MU) access control list. Syntax delete <idx> [<entry>|all] Parameters

<idx> [<entry>|all]

Deletes MU ACL entries. • <entry> – Deletes MU access control list entry <entry> (1–30) for WLAN <idx> (1–8). • all – Deletes all access control list entries for the WLAN specified by <idx>.

Example admin(network.wlan)>add 1 223344556677 334455667788 admin(network.wlan)>list 1 -----------------------------------------------------------------------index start mac end mac -----------------------------------------------------------------------1 000000000000 112233445566 2 223344556677 334455667788 admin(network.wlan)>delete 1 2 admin(network.wlan)>list 1 ------------------------------------------------------------------------index start mac end mac -----------------------------------------------------------------------1 000000000000 112233445566 admin(network.wlan)> Related Commands

add list

Adds entries to the MU access control list. Displays entries in the MU access control list.


Network CLI Commands Reference 3-173

3.31.3 Network WLAN list Command list Network WLAN Commands

Lists the entries in the mobile unit (MU) access control list. Syntax list <idx> Parameters

list <idx>

Displays the entries in the MU access control list for WLAN <idx> (1â&#x20AC;&#x201C;8).

Example admin(network.wlan)>list 1 ------------------------------------------------------------------------index start mac end mac ------------------------------------------------------------------------1 000000000000 112233445566 Related Commands

add Adds entries to the MU access control list. delete Deletes entries from the MU access control list.


3-174 WS2000 Wireless Switch System Reference Guide

3.31.4 Network WLAN set Command set Network WLAN Commands

Sets WLAN parameters. Syntax set [acl|adopt|auth|bcast|eap|enc|ess|kerb|mcast|mode|name| vlan-id|no-mu-mu|vop|tkip|ccmp|wep-mcm|mu-inact|wep_shared| handshake-timeout|handshake-retry-count|secure-beacon|enforce-pmkvalidation|wireless-stp] set [acl|adopt|bcast] <idx> <mode> set auth <idx> <type> set eap [adv|server|port|syslog|rad-acct|reauth|secret| rad-bind-interface] set eap adv [mu-quite|mu-tx|mu-timeout|mu-retry| server-timeout|server-retry] set eap adv [mu-quite|mu-tx] <idx> <period> set eap adv [mu-timeout|server-timeout] <idx> <timeout> set eap adv [mu-retry|server-retry] <idx> <retry> set eap server <a> <b> <c> set eap port <a> <b> <c> set eap syslog [ip|mode] set eap syslog ip <a> <b> set eap syslog mode <idx> <mode> set eap rad-acct [mode|timeout|retry-count] set eap rad-acct mode <idx> <mode> set eap rad-acct timeout <idx> <timeout> set eap rad-acct retry-count <idx> <retry> set eap reauth mode <idx> <mode> set eap reauth period <idx> <period> set eap reauth retry <idx> <retry> set eap secret <a> <b> <c> set eap rad-bind-interface <idx> <server> <interface> set enc <idx> <type> set ess <idx> <ess> set set set set set set

kerb kerb kerb kerb kerb kerb

[passwd|port|realm|server|user] passwd <idx> <passwd> port <a> <b> <c> realm <idx> <realm> server <a> <b> <c> user <idx> <name>

set mcast <widx> <midx> <mac> set [mode|no-mu-mu|vop] <idx> <mode> set name <idx> <name> set vlan-id <idx> <vlan-id>


Network CLI Commands Reference 3-175

set set set set set set

tkip tkip tkip tkip tkip tkip

set ccmp pmk] set ccmp set ccmp set tkip set tkip set tkip

[key|type|phrase|rotate-mode|interval|wpa2|preauth|pmk] key <idx> <key> type <idx> <type> phrase <idx> <phrase> [rotate-mode|wpa2|preauth|pmk] <idx> <mode> interval <idx> <interval> [key|type|phrase|rotate-mode|interval|mixed-mode|preauth|oppkey <idx> <key> type <idx> <type> phrase <idx> <phrase> [rotate-mode|mixed-mode|preauth|opp-pmk] <idx> <mode> interval <idx> <interval>

set wep-mcm [index|key] set wep-mcm index <a> <b> set wep-mcm key <a> <b> <c> set mu-inact <timeout> set wep_shared <mode> set handshake-timeout <idx> <timeout> set handshake-retry-count <idx> <retry-count> Parameters

acl <idx> <mode> adopt <idx> <mode> auth <idx> <type>

Sets the default MU access control mode <mode> to allow or deny for WLAN <idx> (1–8). Sets default Access Port adoption mode <mode> to allow or deny for WLAN <idx> (1–8). Sets the authentication type for WLAN <idx> (1–8) to <type> (none, eap, or kerberos). Note: EAP parameters are only in effect if “eap” is specified for the authentication method (set auth <idx> <type>).

bcast <idx> <mode>

Enables or disables the broadcast ESS answer for the WLAN <idx> (1– 8). eap adv mu-quiet <idx> Sets the EAP MU/supplicant quiet period for WLAN <idx> (1–8) to <period> <period> seconds (1–65535). eap adv mu-tx <idx> <period> Sets the EAP MU/supplicant TX period for WLAN <idx> (1–8) to <period> seconds (1–65535). eap adv mu-timeout <idx> Sets the EAP MU/supplicant timeout for WLAN <idx> (1–8) to <timeout> <timeout> seconds (1–255). eap adv mu-retry <idx> <retry> Sets the EAP maximum number of MU retries to <retry> (1–10) for WLAN <idx> (1–8). eap adv server-timeout <idx> Sets the server timeout for WLAN <idx> (1–8) to <timeout> seconds (1– <timeout> 255). eap adv server-retry <idx> Sets the maximum number of server retries for WLAN <idx> (1–8) to <retry> <retry> (1–10).


3-176 WS2000 Wireless Switch System Reference Guide

eap server <idx> <rsidx> <ip> eap port <idx> <rsidx> <port> eap rad-acct mode <idx> <mode> eap rad-acct retry-count <idx> <count> eap rad-acct timeout <idx> <time> eap rad-bind-interface <idx> <server> <interface>

Sets the RADIUS server <rsidx> (1-primary or 2-secondary) for WLAN <idx> (1–8) to IP address <ip>. Sets the RADIUS server <rsidx> (1-primary or 2-secondary) for WLAN <idx> (1–8) to <port>. Enables/disables RADIUS accounting for WLAN <idx> (1–8).

Sets RADIUS accounting retry count to <count> (1–10) for WLAN <idx> (1–8). Sets RADIUS accounting retry timeout to <time> seconds (1–255) for WLAN <idx> (1–8). 0 indicates no timeout. Binds the RADIUS server type <server> (1 - Primary, 2 - Secondary) to the interface <interface> (one of s1-s6, w, none - s1- Subnet 1, s2-subnet 2, ...s6-Subnet 6, w-wan) for the WLAN <idx> (1–8). eap reauth mode <idx> enable/ Enables or disables the EAP reauthentication parameters for WLAN <idx> disable (1–8). eap reauth period <idx> Sets the reauthentication period for WLAN <idx> (1–8) to <period> <period> seconds (30–9999). eap reauth retry <idx> <retry> Sets the maximum number of reauthentication retries to <retry> (1–99) for WLAN <idx> (1–8). eap secret <idx> <rsidx> Sets the EAP shared secret <secret> (1–127 characters) for server <secret> <rsidx> (1-primary or 2-secondary) on WLAN <idx> (1–8). Note: Kerberos parameters are only in effect if “kerberos” is specified for the authentication method (set auth <idx> <type>).

eap syslog ip <idx> <ip>

Sets the remote syslog server for WLAN <idx> (1–8) to the IP address <ip> (a.b.c.d). eap syslog mode <idx> enable/ Enables/disables remote syslog for WLAN <idx> (1–8). disable enc <idx> <type> Sets the encryption type to <type> (one of none, wep40, wep104, keyguard, tkip, or ccmp) for WLAN <idx> (1–8). Note: TKIP parameters are only in effect if “tkip” is selected as the encryption type.

ess <idx> <ess> kerb passwd <idx> <password> kerb port <idx> <ksidx> <port>

Sets the 802.11 ESS ID for WLAN <idx> (1–8) to <ess>. Sets the Kerberos password to <password> (1–21 characters) for WLAN <idx> (1–8). Sets the Kerberos port to <port> (KDC port) for server <ksidx> (1-primary, 2-backup, or 3-remote) for WLAN <idx> (1–8). kerb realm <idx> <realm> Sets the Kerberos realm name for WLAN <idx> (1–8) to <realm> (1–63 characters). kerb server <idx> <ksidx> <ip> Sets the Kerberos server <ksidx> (1-primary, 2-backup, or 3-remote) IP address for WLAN <idx> (1–8) to <ip>. kerb user <idx> <name> Sets the Kerberos user name for WLAN <idx> (1–8) to <name> (1–21 characters). mcast <idx> <midx> <mic> Sets the multicast group address <midx> (1, 2) for WLAN <idx> (1–8) to MAC address <mac>. mode <idx> <mode> Enables or disables WLAN <idx> (1–8). name <idx> <name> Sets the name of WLAN <idx> (1–8) to <name> (1–7 characters).


Network CLI Commands Reference 3-177

no-mu-mu <idx> <mode>

Enables or disables the stoppage of MU-to-MU communication for WLAN <idx> (1–8). vop <idx> <mode> Enables or disables the voice priority mode for WLAN <idx> (1–8). tkip key <idx> <key> Sets the TKIP key to <key> (1–64 hex digits) for WLAN <idx> (1–8). tkip type <idx> <type> Sets the TKIP key type to phrase or key for WLAN <idx> (1–8). tkip phrase <idx> <phrase> Sets the TKIP ASCII pass phrase to <phrase> (8–63 characters) for WLAN <idx> (1–8). tkip rotate-mode <idx> <mode> Enables or disabled the broadcast key rotation for WLAN <idx> (1–8). tkip interval <idx> <interval> Sets the broadcast key rotation interval to <interval> seconds (300– 604800) for WLAN <idx> (1–8). ccmp key <idx> <key> Sets the CCMP key to <key> (1–64 hex digits) for WLAN <idx> (1–8). Must be specified when type parameter is set to key. ccmp type <idx> phrase/ Sets the CCMP key type to phrase or key for WLAN <idx> (1–8). key ccmp phrase <idx> <phrase> Sets the CCMP ASCII pass phrase for WLAN <idx> (1–8) to <phrase> (8– 63 characters). Must be specified when type parameter is set to phrase. ccmp rotate-mode <idx> Enables or disables the broadcast key rotation for WLAN <idx> (1–8). enable/disable ccmp interval <idx> <interval> Sets the broadcast key rotation interval for WLAN <idx> (1–8) to <interval> (300–604800) seconds. Enables or disables mixed mode (allowing WPA-TKIP clients) for WLAN ccmp mixed-mode <idx> enable/disable <idx> (1–8). ccmp preauth <idx> enable/ Enables or disables pre-authentication (fast roaming) for WLAN <idx> (1– disable 8). ccmp opp-pmk <idx> enable/ Enables or disables opportunistic PMK caching (fast roaming) for WLAN disable <idx> (1–8). Note: The WEP authentication mechanism saves up to four different keys (one for each WLAN). It is not a requirement to set all keys, but you must associate a WLAN with the appropriate key.

wep-mcm index <idx> <kidx> Selects the WEP/KeyGuard key (from one of the four potential values of <kidx> (1–4) for WLAN <idx> (1–8). wep-mcm key <idx> <kidx> Sets the WEP/KeyGuard key for key index <kidx> (1–4) for WLAN <idx> <key> (1–8) to <key> 1 to 26 (hex digits). vlan-id <idx> <vlan-id> Sets the VLAN-ID mapping to WLAN <idx> (1–8) to VLAN <vlan-id> (1– 4094). mu-inact <timeout> Sets the MU inactivity timeout value to <timeout> (1-60) minutes. wep_shared <mode> Enables or disables WEP shared mode. handshake-timeout <idx> Sets the 802.11i handshake timeout value to <timeout> (100-2000 ms) for <timeout> the WLAN <idx> (1–8). This feature is provided to prevent those MUs that do not receive EAPOL messages from restarting the association procedure. The default retry for these MUs is 2 seconds. This switch is provided to control the retry for EAPOL messages to a value that is less than 2 seconds.


3-178 WS2000 Wireless Switch System Reference Guide

handshake-retry-count <idx> <retry-count>

secure-beacon <idx> <mode> enforce-pmk-validation <mode> wireless-stp <mode>

Sets the 802.11i handshake retry count to <retry-count> (1-10) for the WLAN <idx> (1â&#x20AC;&#x201C;8). This in conjunction with the handshake-timeout command controls the handshake retry time and retry count for those MUs that do not receive EAPOL messages. Enables or disables secure beacon for the WLAN <idx> (1â&#x20AC;&#x201C;8) Enables or disables PMK validation across association and EAPOL packets Enable or disables STP on wireless side

Example admin(network.wlan)>set name 1 store admin(network.wlan)>set name 2 backoff admin(network.wlan)>set auth 1 kerberos Kerberos requires WEP 104 or Keyguard. The encryption type has been changed to W EP104. admin(network.wlan)>set no-mu-mu 1 enable admin(network.wlan)>show wlan 1 wlan name ess identifier wlan mode subnet vlan_id enc type auth type voice prioritization disallow mu to mu answer broadcast ess secure beacon mode default mu acl mode default ap adopt mode multicast address 1 multicast address 2 handshake timeout in milliseconds handshake retry count admin(network.wlan)>

: : : : : : : : : : : : : : : : :

WLAN1 101 enable s1 1 none none enable disable disable disable allow all allow all 01005E000000 09000E000000 2000 3


Network CLI Commands Reference 3-179

3.31.5 Network WLAN show Command show Network WLAN Commands

Displays the WLAN parameters. Syntax show [eap|kerb|tkip|ccmp|wep-mcm|wlan|mu-inact|wep_shared|enforce-pmkvalidation|wireless-stp] <idx>

Syntax: eap <idx> kerb <idx> tkip <idx> ccmp <idx> wep-mcm <idx> wlan <idx> mu-inact wep_shared enforce-pmkvalidation wireless-stp

Shows the EAP parameters for WLAN <idx> (1–8). Shows the Kerberos parameters for WLAN <idx> (1–8). Shows the TKIP parameters for WLAN <idx> (1–8). Shows the CCMP parameters for WLAN <idx> (1–8). Shows the WEP/Keyguard parameters for WLAN <idx> (1–8). Shows the basic WLAN parameters for WLAN <idx> (1–8). Shows the MU inactivity timeout value. Shows the WEP Shared parameters. Shows enforce-pmk-validation configuration value Show wireless STP configuration

Example admin(network.wlan)>show tkip 1 tkip tkip tkip tkip tkip

key type phrase key rotate mode rotate interval

: : : : :

phrase ******** ******** disable 86400

: : : : : : : :

phrase ******** ******** disable 86400 disable disable enable

admin(network.wlan)>show ccmp 1 ccmp key type ccmp phrase ccmp key ccmp rotate mode ccmp rotate interval ccmp mixed mode (allow WPA) 802.11i preauthentication Opportunistic PMK Caching

admin(network.wlan)>show wep-mcm 1 wep wep wep wep wep

key key key key key

index 1 2 3 4

: : : : :

1 ******** ******** ******** ********


3-180 WS2000 Wireless Switch System Reference Guide

admin(network.wlan)>show wlan 1 wlan name ess identifier wlan mode enc type auth type voice prioritization disallow mu to mu answer broadcast ess default mu acl mode default ap adopt mode multicast address 1 multicast address 2

: : : : : : : : : : : :

WLAN1 101 enable none none enable disable disable allow all allow all 01005E000000 09000E000000

server ip 1 server ip 2 server port 1 server port 2 eap secret 1 eap secret 2

: : : : : :

0.0.0.0 0.0.0.0 1812 1812 ******** ********

eap remote syslog mode syslog server ip Bind interface (for server 1) Bind interface (for server 2)

: : : :

disable 0.0.0.0 s1 none

eap reauth mode eap reauth retries eap reauth period

: disable : 2 : 3600

eap eap eap eap eap eap

: : : : : :

admin(network.wlan)>show eap 1

mu quiet period mu tx period mu timeout mu retries server timeout server retries

radius accounting retry mode radius accounting retry timeout radius accounting retry count

Related Commands

set

Sets WLAN parameters.

10 5 10 2 5 2

: disable : 10 : 2


Network CLI Commands Reference 3-181

3.32 Network WLAN Rogue AP Commands rogueap Network WLAN Commands

Displays the rogue AP submenu. Syntax admin(network.wlan)> rogueap admin(network.wlan.rogueap)>

The items available under this command are shown below. Command

Description

show set rulelist approvedlist roguelist quit save .. /

Shows current rogue AP configuration. Sets rogue AP parameters. Goes to the rule list submenu. Goes to the approved AP list submenu. Goes to the rogue AP list submenu. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-183 page 3-182 page 3-202 page 3-184 page 3-189 page 3-1 page 3-1 page 3-1 page 3-1


3-182 WS2000 Wireless Switch System Reference Guide

3.32.1 Network WLAN Rogueap set Command set Network WLAN Rogue AP Commands

Sets rogue access point parameters. Syntax set [muscan|apscan|detscan|fullapscan] [mode <mode>|interval <interval>] Parameters

[muscan|apscan|detscan|fullapscan] [mode <mode>|interval <interval>

Sets the different Rogue AP parameters • muscan – Sets MU scanning parameters • apscan – Sets AP scanning parameters. • detscan – Sets Detector scanning parameters. For this feature to work, you must set one of the Access Ports as a Detector AP. • fullapscan – Sets full AP scanning parameter. For this feature to work, you must set one of the Access Ports as a Full Detector AP. Each of the above options have these settings • mode <mode> – <mode> can be enable or disable. Use this to enable or disable a rogue ap parameter • interval <interval> – Sets the scanning interval for rogue ap detection. <interval> can be between 5 to 65535 minutes. For fullapscan, the interval is in seconds. Enables or disables mobile unit scanning.

Example admin(network.wlan.rogueap)>set apscan mode enable admin(network.wlan.rogueap)>set apscan int 60 Related Commands

show

Displays the rogue AP parameters.


Network CLI Commands Reference 3-183

3.32.2 Network WLAN Rogueap show Command show Network WLAN Rogue AP Commands

Shows the current rogue AP configuration. Syntax show Parameters

None Example admin(network.wlan.rogueap)>show mu scan : disabled mu scan interval : 60 minutes ap scan : disabled ap scan interval : 60 minutes detector ap scan : disabled detector ap scan interval : 60 minutes full detector ap scan : disabled full detector ap scan interval : 60 seconds Related Commands

set

Sets the rogue AP scanning parameters.


3-184 WS2000 Wireless Switch System Reference Guide

3.33 Network WLAN Rogue AP Approvedlist Commands approvedlist Network WLAN Rogue AP Commands

Displays the approved AP list submenu. Syntax admin(network.wlan.rogueap)> approvedlist admin(network.wlan.rogueap.approvedlist)>

The items available under this command are shown below. Command

show ageoute approve erase quit save .. /

Description

Shows the approved AP list. Displays the ageout time for an approved list entry. Approves an AP. Erases the list. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-188 page 3-185 page 3-186 page 3-187 page 3-1 page 3-1 page 3-1 page 3-1


Network CLI Commands Reference 3-185

3.33.1 Network WLAN Rogueap Approvedlist ageout Command ageoute Network WLAN Rogue AP Approvedlist Commands

Displays ageout time for an approved list entry. Syntax ageout <interval> Parameters

ageout <interval>

Sets the number of minutes, the <interval> (0â&#x20AC;&#x201C;1000), before an entry in the approved list is automatically removed.

Example admin(network.wlan.rogueap.approvedlist)>ageout 30 admin(network.wlan.rogueap.approvedlist)> Related Commands

erase

Erases the approved AP list.


3-186 WS2000 Wireless Switch System Reference Guide

3.33.2 Network WLAN Rogueap Approvedlist approve Command approve Network WLAN Rogue AP Approvedlist Commands

Approves an AP. Syntax approve [<index>|all] Parameters

approve [<index>|all]

• approve <index> – Approves an access point from the list based on the location specified by <index>. • approve all – Approves all access points in the list.

Example admin(network.wlan.rogueap.approvedlist)>approve 1 admin(network.wlan.rogueap.approvedlist)>approve all admin(network.wlan.rogueap.approvedlist)> Related Commands

erase

Erases all access points in the list.


Network CLI Commands Reference 3-187

3.33.3 Network WLAN Rogueap Approvedlist erase Command erase Network WLAN Rogue AP Approvedlist Commands

Erases the approved AP list. Syntax erase all Parameters

none Example admin(network.wlan.rogueap.approvedlist)>erase all admin(network.wlan.rogueap.approvedlist)>show approved ap list ++++++++++++++++ approved list ageout index -----

ap --

: 30 minutes essid ------

Related Commands

approve show

Adds an Access Port to the approved list. Displays the approved list.


3-188 WS2000 Wireless Switch System Reference Guide

3.33.4 Network WLAN Rogueap Approvedlist show Command show Network WLAN Rogue AP Approvedlist Commands

Shows the approved AP list. Syntax show Parameters

None Example admin(network.wlan.rogueap.approvedlist)>show approved ap list ++++++++++++++++ approved list ageout index -----

: 30 minutes

ap --

Related Commands

approve Adds an AP to the approved list.

essid ------


Network CLI Commands Reference 3-189

3.34 Network WLAN Rogue AP Roguelist Commands roguelist Network WLAN Rogue AP Commands

Displays the rogue AP list submenu. Syntax admin(network.wlan.rogueap)> roguelist admin(network.wlan.rogueap.roguelist)>

The items available under this command are shown below. Command

show locate muscan ageout approve erase set deauth quit save .. /

Description

Displays the rogue list entries. Goes to the submenu for locating a rogue AP. Goes to the submenu for on-demand MU polling. Displays the ageout time for a rogue list entry. Approves a rogue AP. Erases the list. Sets rogue AP related parameters Configuration related to Rogue AP Containment. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-193 page 3-196 page 3-199 page 3-190 page 3-191 page 3-192 page 3-194 page 3-195 page 3-1 page 3-1 page 3-1 page 3-1


3-190 WS2000 Wireless Switch System Reference Guide

3.34.1 Network WLAN Rogue AP Roguelist ageout Command ageout Network WLAN Rogue AP Commands

Displays the ageout time for a rogue list entry. Syntax ageout <time> Parameters

ageout <time>

Sets the ageout time for the entry associated to <time> (1â&#x20AC;&#x201C;1000) minutes.

Example admin(network.wlan.rogueap.roguelist)>ageout 50 Related Commands

locate show

Locates a rogue AP. Shows the rogue AP list parameters and entries.


Network CLI Commands Reference 3-191

3.34.2 Network WLAN Rogue AP Roguelist approve Command approve Network WLAN Rogue AP Commands

Moves a rogue AP into the approved AP list. Syntax approve [<index>|all] Parameters

approve [<index>|all]

• approve <index> – Puts the rogue AP <index> into the approved AP list. • approve all – Puts all the entries of the rogue list into the approved AP list.

Example admin(network.wlan.rogueap.approvedlist)>approve all Related Commands

show

Shows the rogue list entries.


3-192 WS2000 Wireless Switch System Reference Guide

3.34.3 Network WLAN Rogue AP Roguelist erase Command erase Network WLAN Rogue AP Commands

Erases the rogue AP list. Syntax erase all Parameters

None Example admin(network.wlan.rogueap.roguelist)>erase all Example

show

Lists all entries in the rogue AP list.


Network CLI Commands Reference 3-193

3.34.4 Network WLAN Rogue AP Roguelist show Command show Network WLAN Rogue AP Commands

Displays the rogue list entries. Syntax show [all|<index>|deauth-list] Parameters

show [all|<index>|deauthlist]

Displays Rogue AP lists. • all – Displays the complete list of rogue APs. • <index> – Displays detailed information for the rogue AP with index number <index>. • deauth-list – Displays the Rogue AP Containment list

Example admin(network.wlan.rogueap.roguelist)>show all rogue ap list ++++++++++++++++++++ rogue list ageout

: 0 minutes

------------------------------------------------------------------------Idx AP Essid Channel ------------------------------------------------------------------------Related Commands

locate approve

Locates a rogue AP. Approves a rogue AP


3-194 WS2000 Wireless Switch System Reference Guide

3.34.5 Network WLAN Rogue AP Roguelist set Command set Network WLAN Rogue AP Commands

Sets rogue list parameters. Syntax set [rap-containment|deauth-interval|deauth-all] set RAP-Containment <mode> set deauth-interval <interval> set dauth-all <mode>

Syntax: RAP-Containment <mode> deauth-interval <interval> deauth-all <mode>

• Enables or disables Rogue AP Containment feature. Sets the Rogue AP de-authentication interval to <interval> (1–300) seconds. This is the time after which MUs associated to a Rogue AP is deauthenticated. Enables or disables deauthenticating all rogue APs in the containment list. •

Example admin(network.wlan.rogueap)>set RAP-Containment enable admin(network.wlan.rogueap)>set deauth-interval 10 admin(network.wlan.rogueap)>set deauth-all enable Related Commands

show

Displays the rogue AP parameters.


Network CLI Commands Reference 3-195

3.34.6 Network WLAN Rogue AP Roguelist deauth Command deauth Network WLAN Rogue AP Commands

Manages the Rogue AP Containment list by adding APs, their MAC address to the list and deleting APs from the list. Syntax deauth [add-to-list|add-mac-to-list|remove-from-list] <index> deauth all Parameters

deauth [add-tolist|add-mac-tolist|remove-from-list] <index>

deauth all

Adds or removes APs from the ACL. • add-to-list <index> – Adds an AP to the Rogue AP containment list at the position specified by <index>. • add-mac-to-list <index> – Adds the MAC address of a Rogue AP to the Rogue AP containment list at the position specified by <index>. • remove-from-list <index> – Removes a MAC from the Rogue AP Containment list. Removes all the contents from the Rogue AP Containment list

Example admin(network.wlan.rogueap.roguelist)>deauth add-to-list 1 admin(network.wlan.rogueap.roguelist)> admin(network.wlan.rogueap.roguelist)>deauth add-mac-to-list 11-22-33-4455-66 admin(network.wlan.rogueap.roguelist)>


3-196 WS2000 Wireless Switch System Reference Guide

3.35 Network WLAN Rogue AP Rogue List Locate Commands locate Network WLAN Rogue AP Roguelist Commands

Displays the locate submenu. Syntax admin(network.wlan.rogueap.roguelist)> locate admin(network.wlan.rogueap.roguelist.locate)>

The items available under this command are shown below. Command

start list quit save .. /

Description

Ref.

Starts locating a rogue AP. Lists results of the locate rogue AP scan. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

page 3-198 page 3-200 page 3-1 page 3-1 page 3-1 page 3-1


Network CLI Commands Reference 3-197

3.35.1 Network WLAN Rogue AP Rogue List Locate list Command list Network WLAN Rogue AP Rogue List Locate Commands

Lists the results of the locate rogue AP scan. Syntax list Parameters

None Example admin(network.wlan.rogueap.roguelist.locate)>list Related Commands

start

Starts the rogue AP location process.


3-198 WS2000 Wireless Switch System Reference Guide

3.35.2 Network WLAN Rogue AP Rogue List Locate start Command start Network WLAN Rogue AP Rogue List Locate Commands

Locates a rogue AP. Syntax start <MAC> <ESSID> Parameters

start <MAC> <ESSID>

Starts locating a rogue AP where <MAC> is the MAC address (or BSSID) of the rogue AP, and <essid> is the ESSID for the rogue AP.

Example admin(network.wlan.rogueap.roguelist.locate)>start 00A0f8fe2344 wlan-engg Related Commands

list

Lists information for the rogue AP found during the scan.


Network CLI Commands Reference 3-199

3.36 Network WLAN Rogue AP Rogue List MU Scan Commands muscan Network WLAN Rogue AP Roguelist Commands

Displays the MU scan submenu. Syntax admin(network.wlan.rogueap.roguelist)> muscan admin(network.wlan.rogueap.roguelist.muscan)>

The items available under this command are shown below. Command

start list quit save .. /

Description

Starts a rogue AP scan using on-demand MU polling. Lists the rogue APs found during the scan. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-201 page 3-200 page 3-1 page 3-1 page 3-1 page 3-1


3-200 WS2000 Wireless Switch System Reference Guide

3.36.1 Network WLAN Rogue AP Rogue List MU Scan list Command list Network WLAN Rogue AP Roguelist Commands

Lists the results of the locate rogue AP scan. Syntax list Parameters

None Example admin(network.wlan.rogueap.roguelist.muscan)>list Related Commands

start

Starts the MU scan process.


Network CLI Commands Reference 3-201

3.36.2 Network WLAN Rogue AP Rogue List MU Scan start Command start Network WLAN Rogue AP Roguelist Commands

Starts an on-demand MU polling for rogue APs. Syntax start <MAC> <ESSID> Parameters

start <MAC> <ESSID>

Starts locating a rogue AP where <MAC> is the MAC address (or BSSID) of the rogue AP, and <ESSID> is the ESSID for the rogue AP.

Example admin(network.wlan.rogueap.roguelist.muscan)>start 00A0f8fe2344 Related Commands

list

Lists information for the rogue AP found during the scan.


3-202 WS2000 Wireless Switch System Reference Guide

3.37 Network WLAN Rogue AP Rule List Commands rulelist Network WLAN Rogue AP Commands

Displays the rule list submenu. Syntax admin(network.wlan.rogueap)> rulelist admin(network.wlan.rogueap.rulelist)>

The items available under this command are shown below. Command

show add delete authsymbolap quit save .. /

Description

Displays the rule list. Adds an entry to the rule list. Deletes an entry from the rule list. Authorizes all Symbol APs. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-206 page 3-203 page 3-205 page 3-204 page 3-1 page 3-1 page 3-1 page 3-1


Network CLI Commands Reference 3-203

3.37.1 Network WLAN Rogue AP Rule List add Command add Network WLAN Rogue AP Rule List Commands

Adds an entry to the rule list. Syntax add <MAC> <ESSID> Parameters

add <MAC> <ESSID>

Adds an entry into the rule list to allow an AP with the mac address <MAC> and the ESSID <ESSID>.

Example admin(network.wlan.rogueap.rulelist)>add 00a0f8f31212 mywlan admin(network.wlan.rogueap.rulelist)>show rule list +++++++++ symbol ap authorization index ----1

: disabled

ap -00:a0:f8:f3:12:12

essid -----mywlan

admin(network.wlan.rogueap.rulelist)>? Related Commands

show

Shows the entries in the rule list.


3-204 WS2000 Wireless Switch System Reference Guide

3.37.2 Network WLAN Rogue AP Rule List authsymbolap Command authsymbolap Network WLAN Rogue AP Rule List Commands

Authorizes all Symbol APs. Syntax authsymbolap <mode> Parameters

authsymbolap <mode> Enables or disables automatic authorization of all Symbol APs. <mode> can be enable or disable. Example admin(network.wlan.rogueap.rulelist)>auth enable admin(network.wlan.rogueap.rulelist)>show rule list +++++++++ symbol ap authorization index ----1

: enabled

ap -00:a0:f8:f3:12:12

essid -----mywlan

Related Commands

show

Shows all the rules in the rule list and shows status of the Symbol AP automatic authorization.


Network CLI Commands Reference 3-205

3.37.3 Network WLAN Rogue AP Rule List delete Command delete Network WLAN Rogue AP Rule List Commands

Deletes an entry from the rule list. Syntax delete [all|<idx>] Parameters

delete [all|<idx>]

Deletes entries in the rule list. • all – Deletes all entries in the rule list. • <idx> – Deletes the entry at the <idx> index in the rule list.

Example admin(network.wlan.rogueap.rulelist)>delete all admin(network.wlan.rogueap.rulelist)>show rule list +++++++++ symbol ap authorization index -----

ap --

: enabled essid ------

Related Commands

show

Displays the entries in the rule list.


3-206 WS2000 Wireless Switch System Reference Guide

3.37.4 Network WLAN Rogue AP Rule List show Command show Network WLAN Rogue AP Rule List Commands

Displays the rule list. Syntax show Parameters

None Example admin(network.wlan.rogueap.rulelist)>show rule list +++++++++ symbol ap authorization index ----1

: enabled

ap -00:a0:f8:f3:12:12

essid -----mywlan

Related Commands

delete add

Deletes entries from the rule list. Adds entries to the rule list.


Network CLI Commands Reference 3-207

3.38 Network WLAN Enhanced Rogue AP Commands enhancedrogueap Network WLAN Commands

Displays the Enhanced Rogue AP detection submenu. Syntax admin(network.wlan)> enhancedrogueap admin(network.wlan.enhancedrogueap)>

The items available under this command are shown below. Command

show set quit save .. /

Description

Displays the Enhanced Rogue AP parameters. Sets the Enhanced Rogue AP parameters Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-208 page 3-209 page 3-1 page 3-1 page 3-1 page 3-1


3-208 WS2000 Wireless Switch System Reference Guide

3.38.1 Network WLAN Enhanced Rogue AP show Command show Network WLAN Enhanced Rogue AP Commands

Displays the Enhanced Rogue AP parameters. Syntax show Parameters

None Example admin(network.wlan.enhancedrogueap)>show Enhanced RAP mode ERAP scan interval ERAP scan duration Channel Set for Radio A Channel Set for Radio B/G

: disabled : 10 seconds : 100 milli seconds : :

admin(network.wlan.enhancedrogueap)>


Network CLI Commands Reference 3-209

3.38.2 Network WLAN Enhanced Rogue AP set Command set Network WLAN Enhanced Rogue AP Commands

Sets the Enhanced Rogue AP parameters. Syntax set [mode|scaninterval|scanduration|A_channels|BG_channels|erase] set set set set set set

mode <mode> scaninterval <scaninterval> scanduration <scanduration> A_channel {channelset} BG_channel {channelset} erase

Parameters

mode <mode> scaninterval <scaninterval> scanduration <scanduration> A_channels {<channelset>} BG_channels {<channelset>} erase

Enables or disables the Enhanced Rogue AP feature Sets the Enhanced Rogue AP feature scan interval. Sets the Enhanced Rogue AP feature scan duration Sets A channels to scan for Enhanced Rogue AP feature. • <channelset> (Optional) – Enter a list of valid channels for A Radio. Sets BG channels to scan for Enhanced Rogue AP feature • <channelset> (Optional) – Enter a list of valid channels for b/g Radio. Clears the Enhanced Rogue AP feature list.

Example admin(network.wlan.enhancedrogueap)> show Enhanced RAP mode : disabled ERAP scan interval : 10 seconds ERAP scan duration : 100 milli seconds Channel Set for Radio A : Channel Set for Radio B/G : admin(network.wlan.enhancedrogueap)> set mode enable admin(network.wlan.enhancedrogueap)> set scaninterval 33 admin(network.wlan.enhancedrogueap)> set scanduration 110 admin(network.wlan.enhancedrogueap)> set A_channels 36 40 admin(network.wlan.enhancedrogueap)> set BG_channels 1 2 3 admin(network.wlan.enhancedrogueap)> show Enhanced RAP mode ERAP scan interval ERAP scan duration Channel Set for Radio A Channel Set for Radio B/G

: : : : :

enabled 33 seconds 110 milli seconds 36, 40, 1, 2, 3,


3-210 WS2000 Wireless Switch System Reference Guide

3.39 Network WLAN MU Probe Commands muprobe Network WLAN Commands

Displays the MU Probe sub menu. Syntax admin(network.wlan)> muprobe admin(network.wlan.muprobe)>

The items available under this menu are shown below. Command

show set quit save .. /

Description

Shows the MU Probe Table configuration Sets the MU Probe Table configuration Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-211 page 3-212 page 3-1 page 3-1 page 3-1 page 3-1


Network CLI Commands Reference 3-211

3.39.1 Network WLAN MU Probe show Command show Network WLAN MU Probe Commands

Displays the MU Probe Table configuration information. Syntax show Parameters

None Example admin(network.wlan.muprobe)> show mu probe table mu probe table size mu probe window

: disabled : 200 MUs (number of rows could be more) : 30 seconds


3-212 WS2000 Wireless Switch System Reference Guide

3.39.2 Network WLAN MU Probe set Command set Network WLAN MU Probe Commands

Sets the different MU Probe Table configurations. Syntax set [mode|size|erase|windows] set set set set

mode <mode> size <size> erase window <value>

Parameters

mode <mode> size <size> erase window <value>

Enables or disables MU Probe scans. <mode> can be enable or disable. Sets the size <size> in number of rows of the MU Probe Table. Erases the MU Probe Table Sets the MU Probe time window to <value> (5-300) seconds.

Example admin(network.wlan.muprobe)> show mu probe table mu probe table size mu probe window admin(network.wlan.muprobe)> admin(network.wlan.muprobe)> admin(network.wlan.muprobe)> admin(network.wlan.muprobe)> mu probe table mu probe table size mu probe window

: disabled : 200 MUs (number of rows could be more) : 30 seconds set mode enable set size 100 set window 50 show : enabled : 100 MUs (number of rows could be more) : 50 seconds


Network CLI Commands Reference 3-213

3.40 Network WLAN Hotspot Commands hotspot Network WLAN Commands

Displays the Hotspot sub menu. Syntax admin(network.wlan)> hotspot admin(network.wlan.hotspot)>

The items available under this menu are shown below. Command

set show import radius white-list quit save .. /

Description

Sets the hotspot parameters Displays the hotspot parameters Imports hotspot display pages Sets hotspot RADIUS configuration. Goes to a submenu. Sets the hotspot white-list. Goes to a submenu. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-214 page 3-216 page 3-217 page 3-218 page 3-222 page 3-1 page 3-1 page 3-1 page 3-1


3-214 WS2000 Wireless Switch System Reference Guide

3.40.1 Network WLAN Hotspot set Command set Network WLAN Hotspot Commands

Sets the different Hotspot parameters. Syntax set [mode|page-loc|exturl|http-mode|hotspot-session-timeout| hotspot-cred-cache] set set set set set set

mode <idx> <mode> page-loc <idx> <page-loc> exturl <idx> <page> <url> http-mode <idx> <http-mode> hotspot-session-timeout <timeout> hotspot-cred-cache <hotspot-cred-cache>

Parameters

mode <idx> <mode> page-loc <idx> <page-loc>

exturl <idx> <page> <url>

http-mode <idx> <http-mode>

hotspot-session-timeout <hotspot-session-timeout>

hotspot-cred-cache <hotspot-cred-cache>

Enables or disables hotspot for a WLAN with the index value <idx> (18). Sets the location of the welcome page for Hotspot for a WLAN with the index <idx> (1-8). <page-loc> can be one of default, cf, url. • When <page-loc> is default, the default pages are shown. • When <page-loc> is cf, the pages for login, welcome, and fail are stored on the CF card and are displayed from there. • When <page-loc> is url, the pages are displayed from a URL. The URL information is provided through the set exturl command. Sets the URL locations for the hotspot login, welcome, and fail pages for a WLAN with the index value <idx> (1-8). <page> should be one of login, welcome, or fail and indicates the page type. <url> is the fully qualified path to the page indicated by the <page> value. Sets the HTTP mode for the hotspot for the WLAN with index <idx> (1-8). <http-mode> can be one of http or https. HTTP indicates that connections to the hotspot does not use security. HTTPS indicates use of security. Sets the timeout value for the hotspot to <hotspot-session-timeout> minutes. This value is global and is applicable to all WLANs. The default value for <hotspot-session-timeout> is 20 minutes and the maximum value that can be entered is 1440 minutes (1 day). Enables or disables hotspot user credential caching for the WS2000.

Example admin(network.wlan.hotspot)> show hotspot 1 WLAN 1 Hotspot Mode Hotspot Page Location External Login URL External Welcome URL

: disable : default : :


Network CLI Commands Reference 3-215

External Fail URL Http Mode admin(network.wlan.hotspot)> admin(network.wlan.hotspot)> admin(network.wlan.hotspot)> hotspt/login.htm admin(network.wlan.hotspot)> hotspt/welcome.htm admin(network.wlan.hotspot)> hotspt/fail.htm admin(network.wlan.hotspot)> WLAN 1 Hotspot Mode Hotspot Page Location External Login URL External Welcome URL welcome.htm External Fail URL Http Mode

: : https set mode 1 enable set page-loc 1 url set exturl 1 login //192.168.1.10/wlan1/ set exturl 1 welcome //192.168.1.10/wlan1/ set exturl 1 fail //192.168.1.10/wlan1/ show hotspot 1 : : : :

enable url //192.168.1.10/wlan1/hotspt/login.htm //192.168.1.10/wlan1/hotspt/

: //192.168.1.10/wlan1/hotspt/fail.htm : https


3-216 WS2000 Wireless Switch System Reference Guide

3.40.2 Network WLAN Hotspot show Command show Network WLAN Hotspot Commands

Displays the different hotspot configuration settings. Syntax show [hotspot|white-list|hs-session-timeout|hs-cred-cache] show hotspot <idx> show white-list <idx> Parameters

hotspot <idx> white-list <idx> hs-session-timeout hs-cred-cache

Displays the hotspot configuration settings. Displays the white list rules. Displays the global hotspot session timeout value. Displays the enable/disable status for hotspot user credentials caching.

Example admin(network.wlan.hotspot)> show hotspot 1 WLAN 1 Hotspot Mode Hotspot Page Location External Login URL External Welcome URL welcome.htm External Fail URL Http Mode

: : : :

enable url //192.168.1.10/wlan1/hotspt/login.htm //192.168.1.10/wlan1/hotspt/

: //192.168.1.10/wlan1/hotspt/fail.htm : https

admin(network.wlan.hotspot)> show white-list 1 WhiteList Rules ------------------------------------------------------------------------Idx IP Address ------------------------------------------------------------------------1 192.168.1.32 2 192.168.1.45 3 192.168.1.55 4 192.168.1.56 admin(network.wlan.hotspot)> show hs-session-timeout Hotspot Session Timeout : 10 admin(network.wlan.hotspot)> show hs-cred-caching Hotspot Credential Cache Mode : Disabled


Network CLI Commands Reference 3-217

3.40.3 Network WLAN Hotspot Import Command import Network WLAN Hotspot Commands

Imports the html pages for the welcome, login, and fail screens. Syntax import <idx> <page> Parameters

import <idx> <page> Imports the specified page for the WLAN with index <idx> (1-8). <page> must be one of login, welcome, or fail. Paste the html page into the console. Example admin(network.wlan.hotspot)> import 1 login Enter 'Ctrl C' to abort. Paste the HTML Page: <html> <Head> <title>Office1 WLAN - Login Page</title> </head> <body> <h1 align="center">Office1 Wireless LAN - Login Page</h1> <HR width=50%> <p align ="center"><b>Please enter your login information below</b></p> <form action="login.asp> <center> <table width=25%> <tr> <tD>User Name</td> <td><input > </input></td> </tr> <tr> <td>Password</td> <td><input type=password> </input></td> </tr> </table> <br> <button type=submit> <strong>Login</strong> </button> <hr width=50%> <p>Page usage monitored and IP captured. Do not login if not authorized.</p> </center> </form> </body> </html>


3-218 WS2000 Wireless Switch System Reference Guide

3.41 Network WLAN Hotspot RADIUS commands radius Network WLAN Hotspot Commands

Displays the RADIUS server commands for hotspot. RADIUS is used to authenticate hotspot users. Syntax admin(network.wlan.hotspot)> radius admin(network.wlan.hotspot.radius)>

The items available under this command are shown below. Command

show set quit save .. /

Description

Shows RADIUS configuration settings. Sets RADIUS configuration Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-219 page 3-220 page 3-1 page 3-1 page 3-1 page 3-1


Network CLI Commands Reference 3-219

3.41.1 Network WLAN Hotspot RADIUS show Command show Network WLAN Hotspot RADIUS commands

Displays the RADIU ?S server information for each hotspot. Syntax show radius <idx> Parameters

show radius <idx>

Displays the RADIUS information for the WLAN with the index <idx> (1-8).

Example admin(network.wlan.hotspot.radius)> Primary Server Ip adr : Primary Server Port : Primary Server Secret : Secondary Server Ip adr : Secondary Server Port : Secondary Server Secret : Accounting Mode : Accounting Timeout : Accounting Retry-count :

show radius 1 127.0.0.1 1812 ****** 0.0.0.0 1812 ****** disable 1 1


3-220 WS2000 Wireless Switch System Reference Guide

3.41.2 Network WLAN Hotspot RADIUS set Command set Network WLAN Hotspot RADIUS commands

Configures the RADIUS server information for hotspots for each WLAN. Syntax set [server|port|secret|acct-mode|acct-timeout|acct-retry| bind-interface|auth-mode] set set set set set set set set

server <idx> <srvr_type> <ipadr> port <idx> <srvr_type> <port> secret <idx> <srvr_type> <secret> acct-mode <idx> <mode> acct-timeout <idx> <timeout> acct-retry <idx> <retry_count> bind-interface <idx> <server> <interface> auth-mode <idx> <mode>

Parameters

server <idx> <srvr_type> <ipadr> port <idx> <srvr_type> <port>

secret <idx> <srvr_type <secret> acct-mode <idx> <mode>

acct-timeout <idx> <timeout> acct-retry <idx> <retry-count> bind-interface <idx> <server> <interface> auth-mode <idx> <mode>

Sets the IP address <ipadr> of the RADIUS server for the WLAN with index <idx> (1-8). The <srvr_type> (primary, secondary) identifies the RADIUS server as a primary or a secondary server. Sets the port <port> of the RADIUS server for the WLAN with the index <idx> (1-8). The <srvr_type> (primary, secondary) identifies the RADIUS server as a primary or a secondary server. Sets the secret <secret> for accessing the RADIUS server for the WLAN with the index <idx> (1-8). The <srvr_type> (primary, secondary) identifies the RADIUS server as a primary or a secondary server. Enables or disables accounting mode for the RADIUS server for the WLAN with the index <idx> (1-8). When enabled, RADIUS accounting log is written to the CF card when the RADIUS server is not reachable. Sets the time duration <timeout> (1-255) seconds after which RADIUS logs are written to the CF card. Sets the number of re-tries <retry-count> (1-10) made before RADIUS logs are written to the CF card. Binds the RADIUS server type <server> (Primary or Secondary) to the interface <interface> (one of s1-s6, w, none - s1- Subnet 1, s2-subnet 2, ...s6-Subnet 6, w-wan) for the WLAN <idx> (1â&#x20AC;&#x201C;8). Sets the radius authentication mode to either PAP or CHAP. This is used to encrypt authentication packets when authenticating with radius servers located on the WAN side of WS2000.

Example admin(network.wlan.hotspot.radius)> admin(network.wlan.hotspot.radius)> admin(network.wlan.hotspot.radius)> admin(network.wlan.hotspot.radius)> admin(network.wlan.hotspot.radius)>

set set set set set

server server port 1 port 1 secret

1 primary 192.169.1.222 1 secondary 192.169.1.223 primary 1812 secondary 1812 1 primary hello1


Network CLI Commands Reference 3-221

admin(network.wlan.hotspot.radius)> set secret 1 secondary hello2 admin(network.wlan.hotspot.radius)> set acct-mode 1 enable admin(network.wlan.hotspot.radius)> set acct-timeout 1 90 admin(network.wlan.hotspot.radius)> set acct-retry 1 8 admin(network.wlan.hotspot.radius)> set bind-interface 1 primary s1 admin(network.wlan.hotspot.radius)> set auth-mode 1 PAP admin(network.wlan.hotspot.radius)>show radius 1 Primary Server Ip adr : 192.168.1.222 Primary Server Port : 1812 Primary Server Secret : ****** Primary client bind interface : s1 Secondary Server Ip adr : 192.169.1.223 Secondary Server Port : 1812 Secondary Server Secret : ****** Secondary client bind interface : none Accounting Mode : disable Accounting Timeout : 10 Accounting Retry-count : 3 RADIUS auth-mode : PAP admin(network.wlan.hotspot.radius)>


3-222 WS2000 Wireless Switch System Reference Guide

3.42 Network WLAN Hotstpot White-list Commands white-list Network WLAN Hotspot Commands

Displays the White-list submenu. White-list is a list of devices that can use the hotspot. Syntax admin(network.wlan.hotspot)> white-list admin(network.wlan.hotspot.whitelist)>

The items available under this command are shown below. Command

add clear show quit save .. /

Description

Adds hotspot white-list entries. Clears the hotspot white-list entries. Displays the hotspot white-list entries. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-223 page 3-225 page 3-225 page 3-1 page 3-1 page 3-1 page 3-1


Network CLI Commands Reference 3-223

3.42.1 Network WLAN Hotspot White-list add Command add Network WLAN Hotstpot White-list Commands

Adds an entry to the WLAN hotspot white-list. White-list is a list of devices that can access the hotspot. Syntax add rule <wlan_idx> <ipadr> Parameters

add rule <wlan_idx> <ipadr>

Adds an IP entry <ipadr> to the White-list for the WLAN specified by the index <wlan_idx> (1-8)

Example admin(network.wlan.hotspot.whitelist)> add rule 1 192.168.1.67 admin(network.wlan.hotspot.whitelist)> show white-rules 1 WhiteList Rules ------------------------------------------------------------------------Idx IP Address ------------------------------------------------------------------------1 192.168.1.32 2 192.168.1.45 3 192.168.1.55 4 192.168.1.56 5 192.168.1.67


3-224 WS2000 Wireless Switch System Reference Guide

3.42.2 Network WLAN Hotspot White-list clear Command clear Network WLAN Hotstpot White-list Commands

Clears or deletes the WLAN hotspot white-list entries. Syntax clear rule [all|<wlan_idx> [all|<ipadr>]] clear rule all clear rule <wlan_idx> all clear rule <wlan_idx> <ipadr> Parameters

clear rule [all|<wlan_idx> [all|<ipadr>]]

• clear rule all – Clears all the hotspot white-list entries. • clear rule <wlan_idx> all – Clears all the hotspot white-list entries for the WLAN specified by the <wlan_idx> (1-8) value. • clear rule <wlan_idx> <ipadr> – Clears a specific IP address <ipadr> from the hotspot white-list entries for the WLAN specified by the <wlan_idx> (1-8) value.

Example admin(network.wlan.hotspot.whitelist)> show white-rules 1 WhiteList Rules ------------------------------------------------------------------------Idx IP Address ------------------------------------------------------------------------1 192.168.1.32 2 192.168.1.45 3 192.168.1.55 4 192.168.1.56 5 192.168.1.67 admin(network.wlan.hotspot.whitelist)> clear rule 1 192.168.1.67 admin(network.wlan.hotspot.whitelist)> show white-rules 1 WhiteList Rules ------------------------------------------------------------------------Idx IP Address ------------------------------------------------------------------------1 192.168.1.32 2 192.168.1.45 3 192.168.1.55 4 192.168.1.56 admin(network.wlan.hotspot.whitelist)> clear rule all admin(network.wlan.hotspot.whitelist)> show white-rules 1 WhiteList Rules ------------------------------------------------------------------------Idx IP Address -------------------------------------------------------------------------


Network CLI Commands Reference 3-225

3.42.3 Network WLAN Hotspot White-list show Command show Network WLAN Hotstpot White-list Commands

Displays the WLAN hotspot white-list entries. Syntax show white-rules <idx> Parameters

show white-rules <idx> Displays the hotspot white-list for the WLAN with the index <idx> (1-8). Example admin(network.wlan.hotspot.whitelist)> show white-rules 1 WhiteList Rules ------------------------------------------------------------------------Idx IP Address ------------------------------------------------------------------------1 192.168.1.32 2 192.168.1.45 3 192.168.1.55 4 192.168.1.56 5 192.168.1.67


3-226 WS2000 Wireless Switch System Reference Guide

3.43 Network WLAN WLAN IP Fiter Policy Commands wlanipfpolicy Network WLAN Commands

Displays the WLAN IP Filter Policy submenu. Syntax admin(network.wlan)> wlanipfpolicy admin(network.wlan.wlanipfpolicy)>

The items available under this command are shown below. Command

set add del show quit save .. /

Description

Sets the WLAN IP Filter Policy configurations. Adds entries to the WLAN IP Filter table. Deletes entries from the WLAN IP Filter table. Displays the WLAN IP filter table. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-227 page 3-228 page 3-229 page 3-230 page 3-1 page 3-1 page 3-1 page 3-1


Network CLI Commands Reference 3-227

3.43.1 Network WLAN WLAN IP Filter Policy set Command set Network WLAN WLAN IP Fiter Policy Commands

Sets the WLAN IP filter policy configuration. IP Filters have to be set up through the Network > IPFilter menu. Syntax set [ipf-mode|default] set ipf-mode <wlan-idx> <ipf-mode> set default [incoming|outgoing] <wlan-idx> <action>

Syntax: ipf-mode <wlan-idx> <ipf-mode> default [incoming|outgoing] <wlan-idx> <action>

Sets the IP filter mode <ipf-mode> (enable/disable) for the WLAN with the index <idx> (1-8). • incoming – Sets the default incoming action to <action> (allow/deny) for IP filtering for he WLAN with the index <idx> (1-8). • outgoing – Sets the default outgoing action to <action> (allow/deny) for IP filtering for he WLAN with the index <idx> (1-8).

Example admin(network.wlan.wlanipfpolicy)> show 1 ------------------------------------------------------------------------Filter-Name Direction Action ------------------------------------------------------------------------IP Filter Mode Default Incoming Action Default Outgoing Action

: disable : deny : deny

admin(network.wlan.wlanipfpolicy)> set ipf-mode 1 enable admin(network.wlan.wlanipfpolicy)> set default outgoing 1 allow admin(network.wlan.wlanipfpolicy)> set default incoming 1 allow admin(network.wlan.wlanipfpolicy)>show 1 ------------------------------------------------------------------------Filter-Name Direction Action ------------------------------------------------------------------------IP Filter Mode Default Incoming Action Default Outgoing Action

: enable : allow : allow


3-228 WS2000 Wireless Switch System Reference Guide

3.43.2 Network WLAN WLAN IP Filter Policy add Command add Network WLAN WLAN IP Fiter Policy Commands

Adds a new IP Filter association table entry. IP Filters have to be set up through the Network > IPFilter menu. Syntax add <wlan-idx> <filter-name> <direction> <action> Parameters

add <wlan-idx> <filter-name> <direction> <action> Adds a new IP Filter association table entry. The <filter-name> is the name of the filter to be added to the WLAN specified by the <wlan-idx> (1-8). The <direction> could be incoming or outgoing. The <action> could be allow or deny. Example admin(network.wlan.wlanipfpolicy)> add 1 allow_tcp incoming allow admin(network.wlan.wlanipfpolicy)> add 1 allow_tcp outgoing deny admin(network.wlan.wlanipfpolicy)> show 1 ------------------------------------------------------------------------Filter-Name Direction Action ------------------------------------------------------------------------allow_tcp incoming allow allow_tcp outgoing deny IP Filter Mode Default Incoming Action Default Outgoing Action

: enable : allow : allow


Network CLI Commands Reference 3-229

3.43.3 Network WLAN WLAN IP Filter Policy del Command del Network WLAN WLAN IP Fiter Policy Commands

Deletes a entry from the IP Filter association table. Syntax del <wlan-idx> [all|<index>]

Syntax: delete <wlan-idx> [all|<index>]

Deletes an IP Filter association table entry. The WLAN is specified by the <wlan-idx> (1-8). <index> indicates the filter to delete. all is used to delete all entries from the IP Filter association table.

Example admin(network.wlan.wlanipfpolicy)> show 1 ------------------------------------------------------------------------Filter-Name Direction Action ------------------------------------------------------------------------allow_tcp incoming allow allow_tcp outgoing deny IP Filter Mode Default Incoming Action Default Outgoing Action

: enable : allow : allow

admin(network.wlan.wlanipfpolicy)> del 1 2 admin(network.wlan.wlanipfpolicy)> show 1 ------------------------------------------------------------------------Filter-Name Direction Action ------------------------------------------------------------------------allow_tcp incoming allow IP Filter Mode Default Incoming Action Default Outgoing Action

: enable : allow : allow


3-230 WS2000 Wireless Switch System Reference Guide

3.43.4 Network WLAN WLAN IP Filter Policy show Command show Network WLAN WLAN IP Fiter Policy Commands

Displays the contents of the IP Filter association table. Syntax show <wlan-idx> Parameters

show <wlan-idx> Displays the IP filter association table for the WLAN with the index <wlan-idx> (1-8). Example admin(network.wlan.wlanipfpolicy)> show 1 ------------------------------------------------------------------------Filter-Name Direction Action ------------------------------------------------------------------------allow_tcp incoming allow allow_tcp outgoing deny IP Filter Mode Default Incoming Action Default Outgoing Action

: enable : allow : allow


Network CLI Commands Reference 3-231

3.44 Network Port Commands port network

Displays the port configuration submenu. Syntax admin(network)>port admin(network.port)>

The items available under this command are shown below. Command

show set quit save .. /

Description

Shows the port configuration settings. Sets the port configuration Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-233 page 3-232 page 3-1 page 3-1 page 3-1 page 3-1


3-232 WS2000 Wireless Switch System Reference Guide

3.44.1 Network Port set Command set Network Port Commands

Sets the port configuration parameters. Syntax set [auto-negotiation|speed|duplex] set auto-negotiation <idx> <auto-negotiation> set speed <idx> <speed> set duplex <idx> <duplex> Parameters

auto-negotiation <idx> <autonegotiation> speed <idx> <speed> duplex <idx> <duplex>

Enables or disables auto negotiation. When enabled, the port negotiates the speed and the duplex type. <auto-negotiation> can be one of enable or disable. <idx> (port1-port6, wan) is the port number. Sets the speed for the port with the index <idx> (port1-port6, wan). Set <speed> from 10M or 100M. Sets the duplex mode for the port with the index <idx> (port1-port6, wan). Set the <duplex> value from full or half.

Example admin(network.port)> show port1 auto-negotiation speed duplex admin(network.port)> admin(network.port)> admin(network.port)> admin(network.port)> auto-negotiation speed duplex

: disable : 10M : half set auto-negotiation port1 enable set speed port1 100M set duplex port1 full show port1 : enable : 100M : full


Network CLI Commands Reference 3-233

3.44.2 Network Port show Command show Network Port Commands

Displays the port configuration parameters. Syntax show <idx> Parameters

show <idx>

Displays the port configuration settings for the port <idx> (port1-port6, wan).

Example admin(network.port)> show port1 auto-negotiation speed duplex

: enable : 100M : full


3-234 WS2000 Wireless Switch System Reference Guide

3.45 Network IP Filter Commands ipfilter network

Displays the IP Filter submenu. IP based filtering allows administrators to configure Incoming and Outgoing IP filtering policies on packets within the same Subnet / WLAN and between wired and wireless hosts. Filters can be set up based on IP Address or as a default rule for all IPs in a given direction. Syntax admin(network)> ipfilter admin(network.ipfilter)>

The items available under this command are shown below. Command

add del show quit save .. /

Description

Adds a filter to the global IP Filter table. Deletes a filter from the global IP Filter table. Shows the global IP Filter table. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-235 page 3-236 page 3-237 page 3-1 page 3-1 page 3-1 page 3-1


Network CLI Commands Reference 3-235

3.45.1 Network IP Filter add Command add Network IP Filter Commands

Adds an entry into the global IP Filter table. Syntax add <filter-name> <protocol> <port> <start-src-address> <end-src-address> <start-dest-address> <end-dest-address> Parameters

add <filter-name> <protocol> <port> <start-src-address> <end-src-address> <start-dest-address> <enddest-address> Adds an IP Filter with <filter-name> to the IP Filter table. • <protocol> can be one of tcp, udp, icmp, pim, gre, rsvp, idp, pup, egp, ipip, esp, ah, igmp, ipv6, compr_h, raw_ip. • <port> is the port number. Could also be all. • <start-src-address> to <end-src-address> is the source ip range for which this filter is applied • <start-dest-address> to <end-dest-address> is the destination ip range for which this filter is applied. Example admin(network.ipfilter)> add port80tcp TCP 80 192.168.1.100 192.168.1.250 0.0.0.0 0.0.0.0 admin(network.ipfilter)> show ------------------------------------------------------------------------Filter-Name Protocol-Port Start-End-Src-IP Start-End-Dst-IP In-Use ------------------------------------------------------------------------allow_tcp TCP 0.0.0.0 0.0.0.0 YES ALL 0.0.0.0 0.0.0.0 allow_udp UDP 0.0.0.0 0.0.0.0 NO ALL 0.0.0.0 0.0.0.0 port80tcp TCP 192.168.1.100 0.0.0.0 NO 80 192.168.1.250 0.0.0.0


3-236 WS2000 Wireless Switch System Reference Guide

3.45.2 Network IP Filter del Command del Network IP Filter Commands

Deletes an entry from the global IP Filter table. Syntax del [all|<idx>] Parameters

del [all|<index>] Deletes IP Filter table entries. • del <index> – Deletes the global IP Filter table entry at <index>. • del all – Deletes all entries of the global IP Filter table. Example admin(network.ipfilter)> del 3 admin(network.ipfilter)> show ------------------------------------------------------------------------Filter-Name Protocol-Port Start-End-Src-IP Start-End-Dst-IP In-Use ------------------------------------------------------------------------allow_tcp TCP 0.0.0.0 0.0.0.0 YES ALL 0.0.0.0 0.0.0.0 allow_udp UDP 0.0.0.0 0.0.0.0 NO ALL 0.0.0.0 0.0.0.0


Network CLI Commands Reference 3-237

3.45.3 Network IP Filter Shlow Command show Network IP Filter Commands

Displays the global IP Filter table. Syntax show Parameters

None Example admin(network.ipfilter)> show ------------------------------------------------------------------------Filter-Name Protocol-Port Start-End-Src-IP Start-End-Dst-IP In-Use ------------------------------------------------------------------------allow_tcp TCP 0.0.0.0 0.0.0.0 YES ALL 0.0.0.0 0.0.0.0 allow_udp UDP 0.0.0.0 0.0.0.0 NO ALL 0.0.0.0 0.0.0.0


3-238 WS2000 Wireless Switch System Reference Guide

3.46 Network WIPS Command wips network

Description: Displays the Wireless Intrusion Protection System (WIPS) submenu. Syntax admin(network)> wips admin(network.wips)>

The items available under this command are shown below. Command

set show list convert revert update defaults quit save .. /

Description

Sets WIPS parameters. Displays WIPS parameters Lists the APs and Sensors discovered. Converts APs to dedicated WIPS sensors Revers dedicated WIPS sensors to APs Sends WIPS configuration to the sensors Goes to the Defaults submenu. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-239 page 3-240 page 3-241 page 3-242 page 3-243 page 3-244 page 3-245 page 3-1 page 3-1 page 3-1 page 3-1


Network CLI Commands Reference 3-239

3.46.1 Network WIPS set Command set Network WIPS Command

Enables or disables WIPS. Syntax set mode <mode> Parameters

set mode <mode>

Enables or disables WIPS. <mode> can be either enable or disable.

Example admin(network.wips)> set mode enable admin(network.wips)> show mode State : enable


3-240 WS2000 Wireless Switch System Reference Guide

3.46.2 Network WIPS show Command show Network WIPS Command

Displays the WIPS parameters. Syntax show [mode|sensor] Parameters

mode sensor <mac>

Enables or disables WIPS mode Shows sensor configuration <mac> â&#x20AC;&#x201C; Shows mac-Sensor MAC address

Example admin(network.wips)> show mode State : enable


Network CLI Commands Reference 3-241

3.46.3 Network WIPS list Command list Network WIPS Command

Lists the adopted APs and detected sensors for WIPS. Syntax list [sensors|aps] Parameters

list [sensors|aps]

• list aps – Lists the sensor APs • list sensors – Lists the discovered APs

Example admin(network.wips)> list sensors ------------------------------------------------------------------------Idx Sensor MAC IP address ------------------------------------------------------------------------1 00a0f8bf8a70 192.168.0.167 admin(network.wips)> list APs ------------------------------------------------------------------------Idx AP MAC Conversion State ------------------------------------------------------------------------1 00a0f8bf8a70


3-242 WS2000 Wireless Switch System Reference Guide

3.46.4 Network WIPS convert Command convert Network WIPS Command

Converts an existing AP to a dedicated Sensor device. This command is only valid for Motorola AP300. Syntax convert <mac1> <mac2> ... Parameters

convert <mac1> <mac2> ...

Converts the list of AP represented by their MAC addresses <mac1> <mac2>... to dedicated sensor devices.

Example admin(network.wips)> convert 00a0f8bf8a70 Conversion is started in the background admin(network.wips)> list sensors ------------------------------------------------------------------------Idx Sensor MAC IP address ------------------------------------------------------------------------1 00a0f8bf8a70 192.168.0.167


Network CLI Commands Reference 3-243

3.46.5 Network WIPS revert Command revert Network WIPS Command

Reverts a dedicated Sensor device to an AP. This command is only valid for Motorola AP300. Syntax revert <mac1> <mac2> ...

Syntax: revert <mac1> <mac2> Converts the list of Sensors represented by their MAC addresses <mac1> ... <mac2>... to APs. Example admin(network.wips)> revert 00a0f8bf8a70 Revert is started in the background admin(network.wips)> list aps ---------------------------------------------------------------------------Idx AP MAC Conversion State ---------------------------------------------------------------------------1 00a0f8bf8a70


3-244 WS2000 Wireless Switch System Reference Guide

3.46.6 Network WIPS update Command update Network WIPS Command

Sends configuration information to dedicated sensor devices. Syntax update <mac> <dhcp_mode> <ipaddr> <mask> <dgw> <pwips> {<swips>} Parameters

update <mac> <dhcp_mode> <ipaddr> <mask> <dgw> <pwips> {<swips>} Sends the configuration information to the sensor device, where: <mac> is the MAC address of the sensor device. <dhcp_mode> is the dhcp mode. Mode can be either client or static. <ipaddr> is the IP address of the sensor device. This field is only required when the <dhcp_mode> is static. <mask> is the subnet mask for the IP address of the sensor device. This field is only required when the <dhcp_mode> is static. <dgw> is the default gateway for the sensor device. This field is only required when the <dhcp_mode> is static. <pwips> is the IP address of the primary WIPS server. <swips> is the IP address of the secondary WIPS server. This value is optional. Example admin(network.wips)> show sensor 00a0f8bf8a70 Sensor MAC DHCP Mode IP Address IP Mask Default Gateway Primary WIPS Server Secondary WIPS Server

: : : : : : :

00a0f8bf8a70 client 192.168.1.107 255.255.255.0 192.168.1.1 192.168.0.20 192.168.0.21

admin(network.wips)> update 00a0f8bf8a70 static 192.168.1.108 255.255.255.0 192.168.1.10 192.168 .0.20 192.168.0.21 admin(network.wips)> show sensor 00a0f8bf8a70 Sensor MAC DHCP Mode IP Address IP Mask Default Gateway Primary WIPS Server Secondary WIPS Server

: : : : : : :

00a0f8bf8a70 client 192.168.2.100 255.255.255.0 192.168.2.1 192.168.0.20 192.168.0.21


Network CLI Commands Reference 3-245

3.47 Network WIPS Default commands defaults Network WIPS Command

Goes to the WIPS default configuration menu. Syntax admin(network.wips)>defaults admin(network.wips.defaults)>

The items available under this command are shown below. Default

show set quit save .. /

Description

Shows the WIPS default configuration settings. Sets the Sensor default configuration for WIPS. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-247 page 3-246 page 3-1 page 3-1 page 3-1 page 3-1


3-246 WS2000 Wireless Switch System Reference Guide

3.47.1 Network WIPS set Command set Network WIPS Default commands

Sets the default WIPS configuration settings. These settings are used when WIPS configurations are not changed. Syntax set mode <mode> set [ipaddr|mask|dgw|pwips|swips] <a.b.c.d>

Syntax: mode <mode> ipaddr <a.b.c.d> mask <a.b.c.d> dgw <a.b.c.d> pwips <a.b.c.d> swips <a.b.c.d>

Sets the default mode to enable or disable. Sets the IP address to <a.b.c.d> for the WIPS sensor. Sets the network mask to <a.b.c.d> for the WIPS sensor Sets the default gateway for the WIPS sensor to <a.b.c.d> Sets the primary WIPS server to <a.b.c.d> Sets the secondary WIPS server to <a.b.c.d>.

Example admin(network.wips.default)> admin(network.wips.default)> admin(network.wips.default)> admin(network.wips.default)> admin(network.wips.default)> admin(network.wips.default)> admin(network.wips.default)> DHCP Mode IP Address IP Mask Default Gateway Primary WIPS Server Secondary WIPS Server

: : : : : :

set mode enable set ipaddr 192.168.0.10 set mask 255.255.255.0 set dgw 192.168.0.1 set pwips 192.168.0.20 set swips192.168.0.21 show

client 192.168.0.10 255.255.255.0 192.168.0.1 192.168.0.20 192.168.0.21


Network CLI Commands Reference 3-247

3.47.2 Network WIPS show Command show Network WIPS Default commands

Displays the default WIPS configuration. Syntax show Parameters

None Example admin(network.wips.default)> show DHCP Mode IP Address IP Mask Default Gateway Primary WIPS Server Secondary WIPS Server

: : : : : :

client 192.168.0.10 255.255.255.0 192.168.0.1 192.168.0.20 192.168.0.21


3-248 WS2000 Wireless Switch System Reference Guide

3.48 Network WIDS Commands wids network

Displays the Wireless Intrusion Detection System (WIDS) commands. Syntax admin(network)>wids admin(network.wids)>

The items available under this command are shown below. Command

show set delete quit save .. /

Description

Shows WIDS status and statistics Sets WIDS parameters Removes WIDS MU List entries Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-254 page 3-250 page 3-249 page 3-1 page 3-1 page 3-1 page 3-1


Network CLI Commands Reference 3-249

3.48.1 Network WIDS delete Command delete Network WIDS Commands

Deletes WIDS MU list entries. Syntax delete [all|<idx>] Parameters

delete [all|<idx>]

• all – Deletes all the MU from the list. • <idx> – Deletes MU list entry at the index <idx>.

Example admin(network.wids)> delete 1 admin(network.wids)> delete all admin(network.wids)>


3-250 WS2000 Wireless Switch System Reference Guide

3.48.2 Network WIDS set Command set Network WIDS Commands

Sets the WIDPS parameters. Syntax set [mode|detect-window|anomaly-detect|excess-op] set set set set set set set set

mode <mode> detect-window <detect-window> anomaly-mode [mode|filter-ageout] anomaly-mode mode <violation-type> <mode> anomaly-mode filter-ageout <type> <filter-ageout> excess-op [threshold|filter-ageout] excess-op threshold [mu|radio|switch] <type> <threshold> excess-op filter-ageout <type> <filter-ageout>

Parameters

mode <mode> Enables or disables WIDS. <mode> can be enable or disable. detect-window Sets the duration for which WIDS information is collected to <detect-window> (5<detect-window> 300) seconds. Once collected, the information is sent for analysis. The deafult value for <detect-window> is 10 seconds.


Network CLI Commands Reference 3-251

anomaly-detect [mode|filterageout]

Configures the anomaly detection mode. • mode <violation-type> <mode> – Enables or disables anomaly detection for each violation type <violation-type>. <mode> can be enable or disable. • <violation-type> can be one of the following: • all - all the anomalies. • null-dst - NULL destination MAC anomaly • same-src-dst - Same source and destination IP anomaly • mcas-src - Multicast source MAC anomaly • weak-wep-iv - Weak WEP initialization vector anomaly • tkip-cntr-meas - TKIP Countermeasures anomaly • invalid-frame-len - Invalid frame length anomaly • filter-ageout <type> <filter-ageout> – Sets the number of seconds a mobile unit is filtered out. • <type> is the violation type and can be one of: • all - all the anomalies. • null-dst - NULL destination MAC anomaly • same-src-dst - Same source and destination IP anomaly • mcas-src - Multicast source MAC anomaly • weak-wep-iv - Weak WEP initialization vector anomaly • tkip-cntr-meas - TKIP Countermeasures anomaly • invalid-frame-len - Invalid frame length anomaly • <filter-ageout> (0-86400) is the ageout value in seconds. Default is 60 seconds. 0 disables this option.


3-252 WS2000 Wireless Switch System Reference Guide

excess-op [threshold|filterageout]

Sets the threshold of events allowed in the detection window per MU. • threshold [mu|radio|switch] <type> <threshold> – Sets the threshold values for mu, radio, or switch. • <type> is the violation type and can be one of: • all - all types of excessive operations • probe-req - Probe Request frames • auth-assoc-req - 802.11 Authentication and Association Request • deauth-disassoc-req - Disassociation and Deauthentication frames • auth-fails - Failures reported by Authentication servers • crypto-replay-fails - TKIP/CCMP IV replay check failure • 80211-replay-fails - 802.11 replay check failure • decrypt-fails - decryption failures • unassoc-frames - frames from unassociated stations • eap-starts - EAP (802.1x) Start frames • <threshold> (0-65535) is the threshold value in seconds, 0 disables this option • filter-ageout <type> <filter-ageout> – Sets the number of seconds a mobile unit is filtered out. • <type> is the violation type and can be one of: • all - all the anomalies. • null-dst - NULL destination MAC anomaly • same-src-dst - Same source and destination IP anomaly • mcas-src - Multicast source MAC anomaly • weak-wep-iv - Weak WEP initialization vector anomaly • tkip-cntr-meas - TKIP Countermeasures anomaly • invalid-frame-len - Invalid frame length anomaly • <filter-ageout> (0-86400) is the ageout value in seconds. Default is 60 seconds. 0 disables this option.

Example admin(network.wids)> admin(network.wids)> admin(network.wids)> admin(network.wids)> admin(network.wids)> admin(network.wids)> admin(network.wids)>

set mode enable set detect-window 25 set anomaly-detect mode all enable set anomaly-detect filter-ageout all 120 set excess-op threshold mu all 80 set excess-op filter-ageout all 80 show wids

WIDS feature is Detect Window Excessive Operations :: (Secs) -------------------probe-req : auth-assoc-req : deauth-disassoc-req : auth-fails :

: Enabled : 10 (Secs) Threshold (0 == disabled) mu 80 80 80 80

radio 0 0 0 0

switch 0 0 0 0

Filter-Ageout 80 80 80 80


Network CLI Commands Reference 3-253

crypto-replay-fails 80211-replay-fails decrypt-fails unassoc-frames eap-starts Anomaly Analysis ---------------null-dst same-src-dst mcast-src weak-wep-iv tkip-cntr-meas invalid-frame-len

: : : : :

80 80 80 80 80

::

Status

: : : : : :

enabled enabled enabled enabled enabled enabled

0 0 0 0 0

0 0 0 0 0

80 80 80 80 80

Filter-Ageout (Secs) 120 120 120 120 120 120


3-254 WS2000 Wireless Switch System Reference Guide

3.48.3 Network WIDS show Command show Network WIDS Commands

Displays the default WIDS configuration settings Syntax show [wids|filter] Parameters

show [wids|filter]

• wids – Displays the default WIDS configuration values. • filter – Displays the filter configuration values.

Example admin(network.wids)> show wids WIDS feature is Detect Window

: Enabled : 10 (Secs)

Excessive Operations :: (Secs) -------------------probe-req : auth-assoc-req : deauth-disassoc-req : auth-fails : crypto-replay-fails : 80211-replay-fails : decrypt-fails : unassoc-frames : eap-starts : Anomaly Analysis ---------------null-dst same-src-dst mcast-src weak-wep-iv tkip-cntr-meas invalid-frame-len

Threshold (0 == disabled) mu 80 80 80 80 80 80 80 80 80

radio 0 0 0 0 0 0 0 0 0

::

Status

: : : : : :

enabled enabled enabled enabled enabled enabled

switch 0 0 0 0 0 0 0 0 0

Filter-Ageout 80 80 80 80 80 80 80 80 80

Filter-Ageout (Secs) 120 120 120 120 120 120


Network CLI Commands Reference 3-255

3.49 Network URL Filter Commands urlfilter network

Displays the URL Filter commands Syntax admin(network)> urlfilter admin(network.urlfilter)>

The items available under this command are shown below. Command

keyword whitelist blacklist trustip set show quit save .. /

Description

Goes to the Keyword submenu Goes to the Whitelist submenu Goes to the Blacklist submenu Goes to the Trusted IP submenu Sets the URL Filter configuration information Displays URL Filter configuration information Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-258 page 3-263 page 3-267 page 3-271 page 3-256 page 3-257 page 3-1 page 3-1 page 3-1 page 3-1


3-256 WS2000 Wireless Switch System Reference Guide

3.49.1 Network URL Filter set Command set Network URL Filter Commands

Sets URL FIlter parameters. Syntax set [mode|tcp-port|error-msg|action] set set set set

mode <mode> tcp-port <tcp-port> error-msg <error-msg> action <action>

Parameters

mode <mode> set tcp-port <tcp-port> set error-msg <error-msg>

set action <action>

Sets the URL Filter mode. <mode> can be enable or disable. Sets the TCP Port for URL Filtering to <tcp-port>. Sets the error message to the string <error-msg> for URL Filtering. This error message is displayed when there is an error while accessing the page the user had requested. Sets the default action for URL Filtering when reverse DNS look-up fails. <action> can be one of allow or deny.

Example admin(network.urlfilter)> show URL Filter Mode TCP Port Number Error Message

: Disable : 0 :

admin(network.urlfilter)>admin(network.urlfilter)>set mode enable admin(network.urlfilter)>set tcp-port 100 admin(network.urlfilter)>set error-msg "Error message" admin(network.urlfilter)>set action deny admin(network.urlfilter)>show URL Filter Mode TCP Port Number Error Message Action on DNSRD reply failure

: : : :

Disable 80 policies of your service provider deny


Network CLI Commands Reference 3-257

3.49.2 Network URL Filter show Command show Network URL Filter Commands

Displays URL Filter configuration information. Syntax show Parameters

None Example admin(network.urlfilter)>show URL Filter Mode TCP Port Number Error Message Action on DNSRD reply failure

: : : :

Disable 80 policies of your service provider deny


3-258 WS2000 Wireless Switch System Reference Guide

3.50 Network URL Filter Keyword Commands keyword Network URL Filter Commands

Displays the URL Filter Keyword commands. Syntax admin(network.urlfilter)> keyword admin(network.urlfilter.keyword)>

The items available under this command are shown below. Command

add delete removeall show quit save .. /

Description

Adds a new keyword and action to the keyword filter table Deletes keyword from the keyword filter table Removes all keywords in the keyword filter table Displays the URL Filter Keyword table entries Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-259 page 3-260 page 3-261 page 3-262 page 3-1 page 3-1 page 3-1 page 3-1


Network CLI Commands Reference 3-259

3.50.1 Network URL Filter Keyword add Command add Network URL Filter Keyword Commands

Adds a new keyword and action to the keyword filter table. Syntax add <keyword> <action> Parameters

add <keyword> <action>

Adds a filter to the keyword filter table. <keyword> – The keyword to be searched <action> – allow or deny. The action to be performed when the <keyword> is found.

Example admin(network.urlfilter.keyword)>add share deny admin(network.urlfilter.keyword)>show --------URL FILTERING KEYWORD DETAILS--------KeyWord Action share deny admin(network.urlfilter.keyword)>add trading deny admin(network.urlfilter.keyword)>show --------URL FILTERING KEYWORD DETAILS--------KeyWord Action share deny trading deny admin(network.urlfilter.keyword)>


3-260 WS2000 Wireless Switch System Reference Guide

3.50.2 Network URL Filter Keyword delete Command delete Network URL Filter Keyword Commands

Deletes a keyword from the keyword table. Syntax delete <keyword> Parameters

delete <keyword> Deletes the keyword <keyword> from the URL Filter keyword table. Example admin(network.urlfilter.keyword)>show --------URL FILTERING KEYWORD DETAILS--------KeyWord Action share deny trading deny admin(network.urlfilter.keyword)>delete share admin(network.urlfilter.keyword)>show --------URL FILTERING KEYWORD DETAILS--------KeyWord Action trading Deny admin(network.urlfilter.keyword)>


Network CLI Commands Reference 3-261

3.50.3 Network URL Filter Keyword removeall Command removeall Network URL Filter Keyword Commands

Removes all entries from the Keyword Table. Syntax removeall Parameters

None Example admin(network.urlfilter.keyword)>show --------URL FILTERING KEYWORD DETAILS--------KeyWord share trading stocks stock

Action Deny Deny Deny Deny

admin(network.urlfilter.keyword)>removeall admin(network.urlfilter.keyword)>show --------URL FILTERING KEYWORD DETAILS--------KeyWord

Action


3-262 WS2000 Wireless Switch System Reference Guide

3.50.4 Network URL Filter Keyword show Command show Network URL Filter Keyword Commands

Displays the URL filter keyword table entries. Syntax show Parameters

None Example admin(network.urlfilter.keyword)>show --------URL FILTERING KEYWORD DETAILS--------KeyWord Action share Deny trading Deny


Network CLI Commands Reference 3-263

3.51 Network URL Filter White list Commands whitelist Network URL Filter Commands

Displays the whitelist URLs commands. Syntax admin(network.urlfilter)> whitelist admin(network.urlfilter.whitelist)>

The items available under this command are shown below. Command

add delete show quit save .. /

Description

Adds a whitelist entry to the URL whitelist table. Deletes a whitelist entry from the URL whitelist table. Displays the URL whitelist table entries. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-264 page 3-265 page 3-266 page 3-1 page 3-1 page 3-1 page 3-1


3-264 WS2000 Wireless Switch System Reference Guide

3.51.1 Network URL Filter White List add Command add Network URL Filter White list Commands

Adds a new whitelist entry to the whitelist table. Syntax add <whitelist> Parameters

add <whitelist>

Adds a whitelist entry into the whitelist table. <whitelist> is an URL to be added.

Example admin(network.urlfilter.whitelist)>show --------URL FILTERING WHITE LIST DETAILS--------mot.com admin(network.urlfilter.whitelist)>add moto.com admin(network.urlfilter.whitelist)>show --------URL FILTERING WHITE LIST DETAILS--------mot.com moto.com admin(network.urlfilter.whitelist)>


Network CLI Commands Reference 3-265

3.51.2 Network URL Filter White List delete Command delete Network URL Filter White list Commands

Deletes a whitelist entry from the whitelist table. Syntax delete [<whitelist>|all] Parameters

delete [<whitelist>|all]

Deletes the entries from the URL whitelist table. <whitelist> â&#x20AC;&#x201C; deletes the specified URL from the URL whitelist table all â&#x20AC;&#x201C; deletes all URLs from the URL whitelist table

Example admin(network.urlfilter.whitelist)>show --------URL FILTERING WHITE LIST DETAILS--------mot.com moto.com motoo.com admin(network.urlfilter.whitelist)>delete motoo.com admin(network.urlfilter.whitelist)>show --------URL FILTERING WHITE LIST DETAILS--------mot.com moto.com admin(network.urlfilter.whitelist)>delete all admin(network.urlfilter.whitelist)>show --------URL FILTERING WHITE LIST DETAILS---------


3-266 WS2000 Wireless Switch System Reference Guide

3.51.3 Network URL Filter White List show Command show Network URL Filter White list Commands

Displays the URL filter whitelist table entries. Syntax show Parameters

None Example admin(network.urlfilter.whitelist)>show --------URL FILTERING WHITE LIST DETAILS--------mot.com moto.com admin(network.urlfilter.whitelist)>


Network CLI Commands Reference 3-267

3.52 Network URL Filter Black List Commands blacklist Network URL Filter Commands

Displays the URL Filter black list URLs commands. Syntax admin(network.urlfilter)> blacklist admin(network.urlfilter.blacklist)>

The items available under this command are shown below. Command

add delete show quit save .. /

Description

Adds an URL to the blacklist table Deletes a URL from the blacklist table Displays the URL blacklist table entries Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-268 page 3-269 page 3-270 page 3-1 page 3-1 page 3-1 page 3-1


3-268 WS2000 Wireless Switch System Reference Guide

3.52.1 Network URL Filter Black List add Command add Network URL Filter Black List Commands

Adds a new blacklist entry to the blacklist table. Syntax add <blacklist> Parameters

add <blacklist>

Adds a blacklist entry into the blacklist table. <blacklist> is an URL.

Example admin(network.urlfilter.blacklist)>show --------URL Filtering BLACK LIST DETAILS--------shares.com admin(network.urlfilter.blacklist)>add trading.com admin(network.urlfilter.blacklist)>show --------URL Filtering BLACK LIST DETAILS--------shares.com trading.com admin(network.urlfilter.blacklist)>


Network CLI Commands Reference 3-269

3.52.2 Network URL Filter Black List delete Command delete Network URL Filter Black List Commands

Deletes a blacklist entry from the blacklist table. Syntax delete [<blacklist>|all] Parameters

del [<blacklist>|all]

Deletes the entries from the URL blacklist table. <blacklist> â&#x20AC;&#x201C; The URL to be removed from the blacklist table. all â&#x20AC;&#x201C; Removes all URLs from the URL blacklist table.

Example admin(network.urlfilter.blacklist)>show --------URL Filtering BLACK LIST DETAILS--------shares.com trading.com dipmail.com admin(network.urlfilter.blacklist)>delete dipmail.com admin(network.urlfilter.blacklist)>show --------URL Filtering BLACK LIST DETAILS--------shares.com trading.com admin(network.urlfilter.blacklist)>delete all admin(network.urlfilter.blacklist)>show --------URL Filtering BLACK LIST DETAILS---------


3-270 WS2000 Wireless Switch System Reference Guide

3.52.3 Network URL Filter Black List show Command show Network URL Filter Black List Commands

Displays the URL filter blacklist table entries. Syntax show Parameters

None Example admin(network.urlfilter.blacklist)>show --------URL Filtering BLACK LIST DETAILS--------shares.com trading.com admin(network.urlfilter.blacklist)>


Network CLI Commands Reference 3-271

3.53 Network URL Filter Trusted IP Commands trustip Network URL Filter Commands

Displays the URL Trusted IP commands. Syntax admin(network.urlfilter)> trustip admin(network.urlfilter.trustip)>

The items available under this command are shown below. Command

add delete show quit save .. /

Description

Adds an IP to the trusted IP list Deletes an IP from the trusted IP list Displays the list of trusted IPs Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 3-272 page 3-273 page 3-274 page 3-1 page 3-1 page 3-1 page 3-1


3-272 WS2000 Wireless Switch System Reference Guide

3.53.1 Network URL Filter Trusted IP add Command add Network URL Filter Trusted IP Commands

Adds a new IP into the trusted IP table. add <trustip> Parameters

add <trustip>

Adds an IP address <trustip> into the trusted IPs list.

Example admin(network.urlfilter.trustip)>show --------URL FILTERING TRUST IP--------192.168.10.20 admin(network.urlfilter.trustip)>add 192.168.10.10 admin(network.urlfilter.trustip)>show --------URL FILTERING TRUST IP--------192.168.10.20 192.168.10.10 admin(network.urlfilter.trustip)>


Network CLI Commands Reference 3-273

3.53.2 Network URL Filter Trusted IP delete Command delete Network URL Filter Black List Commands

Deletes an entry from the trusted IPs list. Syntax delete [<trustip>|all] Parameters

del [<trustip>|all] Deletes trusted IP entries from the trusted IP list. <trustedip> â&#x20AC;&#x201C; Deletes the IP <trustedip> from the trusted IP list all â&#x20AC;&#x201C; Deletes all trusted IPs from the trusted IP list. Example admin(network.urlfilter.trustip)>show --------URL FILTERING TRUST IP--------192.168.10.20 192.168.10.10 192.168.11.9 admin(network.urlfilter.trustip)>del 192.168.11.9 admin(network.urlfilter.trustip)>show --------URL FILTERING TRUST IP--------192.168.10.20 192.168.10.10 admin(network.urlfilter.trustip)>


3-274 WS2000 Wireless Switch System Reference Guide

3.53.3 Network URL Filter Trusted IP show Command show Network URL Filter Trusted IP Commands

Displays the trusted IPs list Syntax show Parameters

None Example admin(network.urlfilter.trustip)>show --------URL FILTERING TRUST IP--------192.168.10.20 192.168.10.10 admin(network.urlfilter.trustip)>


System CLI Commands Reference System commands are used to set the system parameters for the WS 2000 Wireless Switch.

4.1 system Admin Menu Commands

Use the system command to go to the System menu. admin> system admin(system)>

The following commands are available under the System menu: Command

Description

Ref.

lastpw exec config logs ntp snmp userdb radius test WS2000 authentication ssh redundancy cf http save quit .. /

Displays the last debug password. Execute a linux command. Goes to the config submenu. Goes to the logs submenu. Goes to the NTP submenu. Goes to the SNMP submenu. Goes to the userdb submenu. Goes to the RADIUS submenu. Goes to the test submenu. Goes to the WS2000 submenu. Goes to the authentication submenu. Goes to the SSH submenu. Goes to the redundancy submenu. Goes to the CF submenu. Goes to the HTTP submenu Saves the configuration to system flash Quits the CLI Goes to the parent menu Goes to the root menu

page 4-2 page 4-3 page 4-10 page 4-22 page 4-28 page 4-70 page 4-92 page 4-33 page 4-127 page 4-113 page 4-4 page 4-89 page 4-66 page 4-122 page 4-124 page 2-6 page 2-5 page 2-7 page 2-8


4-2 WS2000 Wireless Switch System Reference Guide

4.1.1 System lastpw Command lastpw system

This command displays the MAC address for the switch, the previous admin password for the switch, and the number of times the current admin password has been used along with how many more times it will be valid. Syntax lastpw Parameters

None Example admin(system)>lastpw WS2000 MAC Address is 00:a0:f8:6f:d8:fc Last Password was symbol12 Current password used 0 times, valid 4 more time(s)


System CLI Commands Reference 4-3

4.1.2 System exec Command exec system

Executes a linux command Syntax exec <command> Parameters

exec <command> Executes a linux command <command>. Example admin(system)> exec df -h /mnt Filesystem Size Used Avail Use% Mounted on automount(pid153) 0 0 0 - /mnt


4-4 WS2000 Wireless Switch System Reference Guide

4.2 System Authentication Commands authentication system

Displays the authentication submenu. Syntax admin(system)> authentication admin(system.authentication)>

The items available under this command are shown below. Command

radius set show save .. /

Description

Goes to the RADIUS submenu. Sets the mode. Shows the authentication parameters. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 4-7 page 4-5 page 4-6 page 4-1 page 4-1 page 4-1


System CLI Commands Reference 4-5

4.2.1 System Authentication set Command set System Authentication Commands

Sets the parameter that specifies how user authentication is taking place. Syntax set [mode|auth-loc] [local|radius]

Syntax: set mode [local|radius]

set auth-loc [local|radius]

Sets the authentication mode. If set to local, the internal User Database will serve as the data source. If set to radius, the switch will use an external LDAP server for the information. If radius is the mode, then the parameters under the radius submenu must to be set. Sets the Airbeam user authentication to either the local database or the RADIUS server. If set to radius, the switch will use an external LDAP server for the authentication. If radius is the authentication location, then the RADIUS server is used for authentication.

Example admin(system.authentication)>set mode local admin(system.authentication)>show all authentication mode : local admin(system.authentication)> Related Commands

set

Sets the parameters to specify that the external RADIUS server is used for user authentication.


4-6 WS2000 Wireless Switch System Reference Guide

4.2.2 System Authentication show Command show System Authentication Commands

Shows the main user authentication parameters. Syntax show all Parameters

None Example admin(system.authentication)>set mode local admin(system.authentication)>show all authentication mode : local radius user location and type : radius admin(system.authentication)> Related Commands

set

Sets the authentication parameters.


System CLI Commands Reference 4-7

4.3 System Authentication RADIUS Commands radius System Authentication Commands

Displays the RADIUS submenu. Syntax admin(system.authentication)> radius admin(system.authentication.radius)>

The items available under this command are shown below. Command

set show save .. /

Description

Sets the RADIUS authentication parameters. Shows the RADIUS authentication parameters. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 4-8 page 4-9 page 4-1 page 4-1 page 4-1


4-8 WS2000 Wireless Switch System Reference Guide

4.3.1 System Authentication RADIUS set Command set System Authentication RADIUS Commands

Sets the RADIUS proxy server authentication parameters. Syntax set [auth-server-ip|auth-server-port|shared-secret] set auth-server-ip <IP> set auth-server-port <port> set shared-secret <password> Parameters

set auth-server-ip <IP>

Sets the IP address for the RADIUS authentication proxy server to the IP address <IP>. auth-server-port <port> Specifies the TCP/IP port number <port> for the RADIUS server that will act as a proxy server. The default port is 1812. shared-secret <password> Sets a shared secret <password> for each suffix that is used for authentication with the RADIUS proxy server. Example admin(system.authentication.radius)>set auth-server-ip 192.168.0.4 admin(system.authentication.radius)>set auth-server-port 1812 admin(system.authentication.radius)>set shared mysecret admin(system.authentication.radius)> admin(system.authentication.radius)>show all radius server ip : 192.168.0.4 radius server port : 1812 radius server shared secret : ********


System CLI Commands Reference 4-9

4.3.2 System Authentication RADIUS show Command show System Authentication RADIUS Commands

Shows the RADIUS authentication parameters. Syntax show all Parameters

None Example admin(system.authentication.radius)> set auth-server-ip 192.168.0.4 admin(system.authentication.radius)> set auth-server-port 1812 admin(system.authentication.radius)> set shared mysecret admin(system.authentication.radius)>show all radius server ip : 192.168.0.4 radius server port : 1812 radius server shared secret : ******** Related Commands

set

Sets the RADIUS authentication parameters.


4-10 WS2000 Wireless Switch System Reference Guide

4.4 System Configuration Commands config system

Displays the config submenu. Syntax admin(system)> config admin(system.config)>

The items available under this command are shown below. Command

default export import partial set show update sensor-fw-update loadtocf save quit .. /

Description

Restores default configuration Exports configuration from the system Imports configuration to the system Restores partial default configuration Sets import/export parameters Shows import/export parameters Performs firmware update Performs firmware update for the sensors Loads the current firmware to a CF card Saves the configuration to system flash Quits the CLI Goes to the parent menu Goes to the root menu

Ref.

page 4-11 page 4-12 page 4-14 page 4-15 page 4-16 page 4-18 page 4-19 page 4-20 page 4-21 page 2-6 page 2-5 page 2-7 page 2-8


System CLI Commands Reference 4-11

4.4.1 System Config default Command default System Configuration Commands

Restores the switch to the factory default configuration. Syntax default Parameters

None Example admin(system.config)>default Are you sure you want to default the configuration? (yes/no):yes ************************************************************************* System will now restore default configuration. You will need to set the country code for correct operation. ************************************************************************* Restoring default configuration

: [ In progress ]


4-12 WS2000 Wireless Switch System Reference Guide

4.4.2 System Config export Command export System Configuration Commands

Exports the configuration from the system. Syntax export [ftp|tftp|terminal|sftp]

Syntax: export Exports the system configuration. [ftp|tftp|terminal • ftp – Exports the configuration to the FTP server. Use the set command to set the sftp] server, user, password, and file name before using this command. • tftp – Exports the configuration to the TFTP server. Use the set command to set the IP address for the TFTP server before using the command. • terminal – Exports the configuration to the terminal. • sftp – Exports the configuration to the sftp server. Example

Export FTP Example: admin(system.config)>set server 192.168.22.12 admin(system.config)>set user myadmin admin(system.config)>set passwd admin(system.config)>export ftp Export operation Building configuration file File transfer File transfer Export operation

: [ Started ] : [ Done ] : [ In progress ] : [ Done ] : [ Done ]

Export TFTP Example: admin(system.config)>set server 192.168.0.101 admin(system.config)>export tftp Export operation Building configuration file File transfer File transfer Export operation

: : : : :

[ [ [ [ [

Started ] Done ] In progress ] Done ] Done ]

Export Terminal Example: admin(system.config)>export terminal // // WS2000 Configuration Command Script // System Firmware Version: 1.5.0.0-160b // system ws2000


System CLI Commands Reference 4-13

// WS2000 menu set name WS2000 set loc Extra\20office set email fred@symbol.com set cc us set airbeam mode disable set airbeam enc-passwd a11e00942773 set applet lan enable set applet wan enable set applet slan enable set applet swan enable set cli lan enable set cli wan enable set snmp lan enable set snmp wan enable / system config --More--

. . . <several pages of settings> / // Router configuration network router set type off set dir both set auth none set enc-passwd 8e57 set id 1 1 set enc-key 1 e2565fc57c2a766fb0d55160d6f92952 set id 2 1 set enc-key 2 e2565fc57c2a766fb0d55160d6f92952 delete all / save


4-14 WS2000 Wireless Switch System Reference Guide

4.4.3 System Config import Command import System Configuration Commands

Imports the configuration to the system. Syntax import [ftp|tftp|sftp] {default-and-apply} Parameters

import [ftp|tftp] {default-and-apply}

Imports configuration from external devices. • ftp – Imports the configuration from the FTP server. Use the set command to set the server, user, password, and file. • tftp – Imports the configuration from the TFTP server. Use the set command to set the server and file. • default-and-apply – Import the configuration from the FTP or TFTP server. Use this command to first set the device to factory defaults before applying the imported configuration. This command is optional. • sftp – Imports the comfiguration from the SFTP server.

Example

Import FTP Example admin(system.config)>set server 192.168.22.12 admin(system.config)>set user myadmin admin(system.config)>set passwd mysecret admin(system.config)>import ftp Import operation : [ Started ] File transfer : [ In progress ] File transfer : [ Done ] Import operation : [ Done ] admin(system.config)>import ftp default-and-apply Import operation : [ Started ] File transfer : [ In progress ] File transfer : [ Done ] Import operation : [ Done ]

Import TFTP Example admin(system.config)>set server 192.168.0.101 admin(system.config)>import tftp Import operation : [ Started ] File transfer : [ In progress ] File transfer : [ Done ] Import operation : [ Done ] admin(system.config)>import tftp default-and-apply Import operation : [ Started ] File transfer : [ In progress ] File transfer : [ Done ] Import operation : [ Done ]


System CLI Commands Reference 4-15

4.4.4 System Config partial Command partial System Configuration Commands

Resets the switch's configuration to the factory default settings for all settings except the WAN and some SNMP related settings. The following settings will remain intact when using Restore Partial Default Configuration: • All settings on the WAN page • SNMP access to the WS 2000 on the WS 2000 Access page • All settings on the SNMP Access page Before using this feature, consider exporting the current configuration for safekeeping. Syntax partial Parameters

None Example admin(system.config)>partial Are you sure you want to partially default WS 2000? (yes/no):yes ************************************************************************* System will now restore default configuration. You will need to set the country code for correct operation. ************************************************************************* Restoring default configuration

: [ In progress ]

Related Commands

export

Exports system configuration settings.


4-16 WS2000 Wireless Switch System Reference Guide

4.4.5 System Config set Command set System Configuration Commands

Sets the import/export parameters. Syntax set [server|user|passwd|file|cfgpath|fw|sensor-fw|import-enc-password| bind-interface|ap300] set set set set set

server <IP> user <username> passwd <password> file <filename> cfgpath <filepath>

set set set set set

fw fw fw fw fw

set set set set

sensor-fw sensor-fw sensor-fw sensor-fw

[file|path|boot|active-partition] file <filename> path <path> boot [on-board-flash|compact-flash] active-partition [primary|secondary] [file|path|max-size] file <filename> path <path> max-size <size>

set import-enc-password <mode> set bind-interface <bind-interface> set ap300 [file|path|max-size|legacy-mode] Parameters

server <ipaddress> user <username> passwd <password> file <filename> cfgpath <path> fw [ file <filename>| path <path>| boot [on-board-flash| compact-flash]| active-partition [primary|secondary]

Sets the FTP/TFTP server IP address to <ipaddress> in the format a.b.c.d. Sets the FTP user name to <username> (up to 47 characters). Sets the FTP password to <password> (up to 39 characters). Sets the configuration file name to <filename> (up to 39 characters). Sets the configuration file path to <path> (up to 31 characters) Sets the firmware information for the device. • file <filename> – Sets the firmware filename to <filename> (up to 39 characters). • path <path> – Sets the firmware file path to <path> (up to 39 characters). • boot [on-board-flash|compact-flash] – Sets the firmware boot device to either the on board flash (on-board-flash) or the compact flash card (compactflash) attached to the WS 2000 Wireless Switch. • active-partition [primary|secondary] – Sets the active partition on the compact flash card to either of primary or secondary.


System CLI Commands Reference 4-17

sensor-fw [ file <filename>| path <path| max-size <size>]

Sets sensor firmware information. • file <filename> – Sets the sensor firmware file name to <filename> (up to 39 characters). • path <path> – Sets the firmware file path for the sensor to <path> (up to 39 characters). • max-size <size> – Sets the maximum file size of the sensor firmware file to <size>. import-enc-password Enables or disables the import of encrypted passwords for the admin and <mode> manager logins. <mode> can be one of enable or disable. bind-interface <bind- Sets the interface to bind <bind-interface> (s1-s6, w, none where s1-Subnet 1, interface> s2-Subnet 2,..., s6-Subnet 6, w-WAN) during ftp. ap300 [file|path| Sets AP300 firmware update parameters. max-size|legacy-mode] • file <filename> – Sets AP300 firmware file name • filename – Sets the file name. The range is 1 to 39 characters. • path – Sets firmware file path • max-size – Sets maximum size for AP300 firmware file • legacy-mode – Sets AP300 fw legacy mode Example

FTP Set Example admin(system.config)>set server 192.168.22.12 admin(system.config)>set user myadmin admin(system.config)>set passwd admin(system.config)>export ftp Export operation Building configuration file File transfer File transfer Export operation

: : : : :

[ [ [ [ [

Started ] Done ] In progress ] Done ] Done ]

Firmware Example admin(system.config)>set fw file mf_01050000160B.bin admin(system.config)>set fw path /tftp/myadmin/ admin(system.config)>update tftp s1


4-18 WS2000 Wireless Switch System Reference Guide

4.4.6 System Config show Command show System Configuration Commands

Shows the import/export parameters. Syntax show all Parameters

None Example admin(system.config)> show all ftp/tftp server ip address ftp user name ftp password cfg filename config filepath firmware filepath firmware filename sensor firmware filepath sensor firmware filename max size of sensor firmware file import enc admin password mode boot source device active partition of Compact Flash

: : : : : : : : : : : : :

157.235.208.196 admin ******** v23.26b.bin /home/ftp/admin/2k/ /home/ftp/admin/2k/ v23.26b.bin /home/ftp/admin/2k/ leo_sensor.bin 512000 disable on-board-flash primary

ftp/sftp/tftp server ip address ftp/sftp user name ftp/sftp password cfg filename config filepath firmware filepath firmware filename sensor firmware filepath sensor firmware filename max size of sensor firmware file ap300 firmware filepath ap300 firmware filename max size of ap300 firmware file AP300 firmware legacy mode import enc admin password mode boot source device active partition of Compact Flash bind interface

: : : : : : : : : : : : : : : : : :

192.168.0.11 guest ******** cfg.txt /home/guest/ mf_02040300010B.bin leo_sensor.bin 512000 wiap.bin 512000 disable disable on-board-flash primary none


System CLI Commands Reference 4-19

4.4.7 System Config update Command update System Configuration Commands

Performs a firmware update. Syntax update <mode> {<interface>} update [tftp|ftp|sftp] <interface> update cf Parameters

update [tftp|ftp|sftp] <iface>

Sets how firmware updates will occur. Select between ftp, sftp and tftp. <iface> specifies the interface (location), as follows: • s1 = subnet1 • s2 = subnet2 • s3 = subnet3 • s4 = subnet4 • s5 = subnet5 • s6 = subnet6 • w = wan Before using this command, use set server to set the IP address for the FTP/TFTP server. If using the ftp mode, also use set user and set passwd to allow login to the FTP server. Note: When update mode is sftp,then the parameter ‘iface’ is not required.

update cf

Indicates that firmware updates will occur from the switch’s compact flash slot. (Undoes an ftp/tftp/sftp setting.)

Example admin(system.config)>set fw file mf_01050000200B.bin admin(system.config)>set fw path /tftp/myadmin/ admin(system.config)>update tftp s1


4-20 WS2000 Wireless Switch System Reference Guide

4.4.8 System Config sensor-fw-update Command sensor-fw-update System Configuration Commands

Performs firmware update for the sensors. When sensor firmware update is done, • No restart is required. • New sensors receive the updated firmware. • Existing sensors must be reverted and then reassigned for them to get the new sensor firmware image. Syntax sensor-fw-update [ftp|tftp|sftp] Parameters

sensor-fw-update [ftp|tftp]

Updates the sensor firmware. • ftp – Updates the sensor firmware from the specified FTP server. • tftp – Updates the sensor firmware from the specified TFTP server. • sftp – Updates the sensor firmware from the specified SFTP server.

Example admin(system.config)>sensor-fw-update tftp File transfer admin(system.config)>

:

[Successful]


System CLI Commands Reference 4-21

4.4.9 System Config loadtocf Command loadtocf System Configuration Commands

This command loads and updates the firmware to the CF card. This is used for dual boot. Syntax loadtocf [cf|ftp|tftp|sftp] <image-type>

Syntax: cf <image-type>

ftp <image-type>

tftp <image-type>

sftp <image-type>

Loads the image to the CF card. The <image-type> (primary, secondary) is the target partition on the CF card to store the image on. In this case, the image source is the CF card and the destination is also the CF card. Loads the image to a CF card. The <image-type> (primary, secondary) is the target partition on the CF card to store the image on. This command downloads the image using FTP and stores it on the target partition. Loads the image to a CF card. The <image-type> (primary, secondary) is the target partition on the CF card to store the image on. This command downloads the image using TFTP and stores it on the target partition. Loads binary image to cf using sftp.The <image-type> (primary, secondary) is the target partition on the CF card to store the image on. This command downloads the image using SFTP and stores it on the target partition.

Example admin(system.config)> loadtocf cf primary admin(system.config)>


4-22 WS2000 Wireless Switch System Reference Guide

4.5 System Logs Commands logs system

Displays the logs submenu. Syntax admin(system)> logs admin(system.logs)>

The items available under this command are shown below. Command

delete set send show view quit save .. /

Description

Deletes core files. Sets log options and parameters. Sends log and core files. Shows logging options. Views system log. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

Ref.

page 4-23 page 4-25 page 4-24 page 4-26 page 4-27 page 4-1 page 4-1 page 4-1 page 4-1


System CLI Commands Reference 4-23

4.5.1 System Logs delete Command delete System Logs Commands

Deletes the core log files. Syntax delete Parameters

None Example admin(system.logs)>delete


4-24 WS2000 Wireless Switch System Reference Guide

4.5.2 System Logs send Command send System Logs Commands

Sends log and core files through FTP to a location specified with the set command. Use the set command to set the FTP login and site information first. Syntax send Parameters

None Example admin(system.logs)>set user fred admin(system.logs)>set passwd mygoodness admin(system.logs)>show all log level ext syslog server logging ext syslog server ip address ftp/tftp server ip address ftp user name ftp password

: : : : : :

L6 Info disable 0.0.0.0 192.168.0.10 fred ********

admin(system.logs)>send File transfer

: [ In progress ]

File transfer

: [ Done ]

admin(system.logs)> Related Commands

set Sets the parameters associated with log operations, such as send. show all Displays the log related settings.


System CLI Commands Reference 4-25

4.5.3 System Logs set Command set System Logs Commands

Sets log options and parameters. Syntax set [ipadr|level|mode|cf_logging_mode|server|user|passwd] set set set set set set set

ipadr <ip> level <level> mode <mode> cf_logging_mode <mode> server <ip> user <username> passwd <password>

Parameters

ipadr <ip> level <level>

Sets the external syslog server IP address to <ip> (a.b.c.d). Sets the level of the events that will be logged. All event with a level at or above <level> (L0–L7) will be saved in the system log. • L0:Emergency • L1:Alert • L2:Critical • L3:Errors • L4:Warning • L5:Notice • L6:Info • L7:Debug mode <mode> Enables or disables ext syslog server logging. <mode> is either enable or disable. cf_logging_mode <mode> Enables or disables logging to CF card if connection to the Syslog server fails. <mode> is either enable or disable. server <ip> Sets the FTP server IP address to <ip> (a.b.c.d). user <username> Sets the FTP user name to <username> (1–47 characters). passwd <password> Sets the FTP password to <password> (1–39 characters). Example admin(system.logs)>set user fred admin(system.logs)>set passwd mygoodness admin(system.logs)>show all log level ext syslog server logging ext syslog server ip address ftp/tftp server ip address ftp user name ftp password

: : : : : :

L6 Info disable 0.0.0.0 192.168.0.10 fred ********


4-26 WS2000 Wireless Switch System Reference Guide

4.5.4 System Logs Show Command show System Logs Commands

Shows logging options. Syntax show all Parameters

None Example admin(system.logs)>set user user1 admin(system.logs)>set passwd hello admin(system.logs)>show all log level ext syslog server logging syslog server logging on CF ext syslog server ip address ftp/tftp server ip address ftp user name ftp password

: : : : : : :

L4 Warning enable disable 0.0.0.0 196.168.10.1 admin ********

Related Commands

set

Sets logging parameters to be used with send.


System CLI Commands Reference 4-27

4.5.5 System Logs View Command view System Logs Commands

Views the system log file. Syntax view Parameters

None Example admin(system.logs)>view Jan 7 16:14:00 (none) syslogd 1.4.1: restart (remote reception). Jan 7 16:14:10 (none) klogd: :ps log:fc: queue maintenance Jan 7 16:14:41 (none) klogd: :ps log:fc: queue maintenance Jan 7 16:15:43 (none) last message repeated 2 times Jan 7 16:16:01 (none) CC: 4:16pm up 6 days, 16:16, load average: 0.00, 0.01, 0.00 Jan 7 16:16:01 (none) CC: Mem: 62384 32520 29864 0 0 Jan 7 16:16:01 (none) CC: 0000077e 0012e95b 0000d843 00000000 00000003 0000121 e 00000000 00000000 0037ebf7 000034dc 00000000 00000000 00000000 Jan 7 16:16:13 (none) klogd: :ps log:fc: queue maintenance Jan 7 16:16:44 (none) klogd: :ps log:fc: queue maintenance Jan 7 16:17:15 (none) klogd: :ps log:fc: queue maintenance Jan 7 16:17:15 (none) klogd: :ps log:fc: queue maintenance . . .


4-28 WS2000 Wireless Switch System Reference Guide

4.6 System NTP Commands ntp system

Displays the NTP submenu. Syntax admin(system)> ntp admin(system.ntp)>

The items available under this command are shown below. Command

show set date-zone zone-list quit save .. /

Description

Shows NTP parameters settings. Sets NTP parameters. Shows the date, time and time zone Shows the list of time zones Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

Ref.

page 4-30 page 4-29 page 4-31 page 4-32 page 4-1 page 4-1 page 4-1 page 4-1


System CLI Commands Reference 4-29

4.6.1 System NTP Set Command set System NTP Commands

Sets NTP parameters. Syntax set [mode|intrvl|server|port|time|zone] set set set set set set

mode <mode> intrvl <interval> server <idx> <ip/hostname> port <idx> <port> time <yyyy> <MM> <dd> <hh> <mm> <ss> zone <zone-index>

Syntax: mode <mode> intrvl <interval>

Enables or disables NTP. <mode> is either enable or disable. Sets the length of time to <interval> (in minutes) for the switch to synchronize its time with an NTP server. server <idx> Sets the NTP server IP address <ip/hostname> (a.b.c.d or host url); specify one of <ip/hostname> the three NTP servers with <idx> (1, 2, or 3). This value can also be a host name of the NTP server. When the value is a host name, the domain name IP should be set under the (system.ws2000) menu on the CLI. port <idx> <port> Sets the NTP port for the indicated server <idx> to <port> (1â&#x20AC;&#x201C;65535). time <yyyy> <MM> Sets the WS2000 system time manually. Time is in the format YYYY MM DD hh mm <dd> <hh> <mm> ss (Example: 2008 02 24 11 25 32) <ss> zone <zone-idx> Sets the time zone to the <zone-idx> value. This value can be found by using the (system.ntp)>zone-list command.

Example admin(system.ntp)>set mode enable admin(system.ntp)>set server 1 203.21.37.18 admin(system.ntp)>set port 1 345 admin(system.ntp)>show all ntp mode server ip 1 server ip 2 server ip 3 server port 1 server port 2 server port 3 current time admin(system.ntp)>

: : : : : : : :

enable 203.21.37.18 0.0.0.0 0.0.0.0 345 123 123 1970-01-07 23:29:05


4-30 WS2000 Wireless Switch System Reference Guide

4.6.2 System NTP Show Command show System NTP Commands

Shows all NTP server settings. Syntax show all Parameters

None Example admin(system.ntp)>show all ntp mode server ip 1 server ip 2 server ip 3 server port 1 server port 2 server port 3 current time Related Commands

set

Sets NTP parameters.

: : : : : : : :

enable 114.233.112.4 0.0.0.0 0.0.0.0 123 123 123 2004-10-07 22:58:24


System CLI Commands Reference 4-31

4.6.3 System NTP Date-zone Command date-zone System NTP Commands

Shows the WS2000 date, time and time zone. Syntax date-zone Parameters

None Example admin(system.ntp)> date-zone Date/Time : Thu 1970-Jan-01 05:53:25 +0530 IST Time Zone : Asia/Calcutta admin(system.ntp)>


4-32 WS2000 Wireless Switch System Reference Guide

4.6.4 System NTP zone-list Command zone-list System NTP Commands

Displays the different time zones. Syntax zone-list Parameters

None Example admin(system.ntp)>zone-list ---------------------------------------------Index | TimeZone ---------------------------------------------1 | Africa/Abidjan 2 | Africa/Accra 3 | Africa/Addis_Ababa 4 | Africa/Algiers 5 | Africa/Asmera 6 | Africa/Bamako 7 | Africa/Bangui 8 | Africa/Banjul 9 | Africa/Bissau 10 | Africa/Blantyre <Hit any key to continue> 11 | Africa/Brazzaville 12 | Africa/Bujumbura 13 | Africa/Cairo 14 | Africa/Casablanca 15 | Africa/Ceuta 16 | Africa/Conakry 17 | Africa/Dakar 18 | Africa/Dar_es_Salaam 19 | Africa/Djibouti <Hit any key to continue> 20 | Africa/Douala 21 | Africa/El_Aaiun 22 | Africa/Freetown 23 | Africa/Gaborone 24 | Africa/Harare 25 | Africa/Johannesburg 26 | Africa/Kampala 27 | Africa/Khartoum 28 | Africa/Kigali <Hit any key to continue>


System CLI Commands Reference 4-33

4.7 System RADIUS Commands radius system

Displays the RADIUS submenu. Syntax admin(system)> radius admin(system.radius)>

The items available under this command are shown below. Command

eap policy ldap proxy client generate-dh-param set show quit save .. /

Description

Goes to the EAP submenu. Goes to the access policy submenu. Goes to the LDAP submenu. Goes to the proxy submenu. Goes to the client submenu. Generates the DH Param file required for EAP-TLS/TTLS Sets the RADIUS parameters. Shows the RADIUS parameters. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

Ref.

page 4-41 page 4-57 page 4-51 page 4-60 page 4-37 page 4-34 page 4-35 page 4-36 page 4-1 page 4-1 page 4-1 page 4-1


4-34 WS2000 Wireless Switch System Reference Guide

4.7.1 System RADIUS generate-dh-param Command generate-dh-param System RADIUS Commands

Generates the DH Params file for supporting Cipher Suit v 0x13 (TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA) for EAP-TLS./TTLS protocols. If this file does not exist when the WS2000 is booted, it is created. This command provides a facility to create the DH Params file as required. Syntax generate-dh-param Parameters

None Example admin(system.radius)>generate-dh-param This will take several minutes. Please wait until the operation is complete. DH Parameter file will not get created if interrupted... admin(system.radius)>


System CLI Commands Reference 4-35

4.7.2 System RADIUS set Command set System RADIUS Commands

Sets the RADIUS database to either the local database or an LDAP server. Syntax set database [local|ldap|ldaps] Parameters

set database [local|ldap|ldaps]

Sets the RADIUS server to the local database (local) or an LDAP server (ldap) or a secured LDAP server (ldaps).

Example admin(system.radius)>set database ldap admin(system.radius)>show all Database : ldap Related Commands

show all

Shows the top-level RADIUS parameters.


4-36 WS2000 Wireless Switch System Reference Guide

4.7.3 System RADIUS show Command show System RADIUS Commands

Shows the RADIUS parameters. Syntax show all Parameters

None Example admin(system.radius)>set database ldap admin(system.radius)>show all Database : ldap Related Commands

set

Sets the RADIUS database source.


System CLI Commands Reference 4-37

4.8 System RADIUS Client Commands client System RADIUS Commands

Displays the client submenu. Syntax admin(system.radius)>client admin(system.radius.client)>

The items available under this command are shown below. Command

add del show quit save .. /

Description

Adds a RADIUS client. Deletes a RADIUS client. Displays a list of configured clients. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

Ref.

page 4-38 page 4-39 page 4-40 page 4-1 page 4-1 page 4-1 page 4-1


4-38 WS2000 Wireless Switch System Reference Guide

4.8.1 System RADIUS Client add Command add System RADIUS Client Commands

Adds a RADIUS client. Syntax add <ip> <mask> <secret> Parameters

add <ip> <mask> <secret>

Adds a RADIUS client with IP address <ip>, netmask <mask>, and shared secret <secret>.

Example admin(system.radius.client)>add 192.168.46.4 225.225.225.0 mysecret admin(system.radius.client)>show List of Radius Clients : ------------------------------------------------------------------------Idx Subnet/Host Netmask SharedSecret -----------------------------------------------------------------------1 192.168.46.4 225.225.225.0 admin(system.radius.client)>

Related Commands

del show

Deletes a RADIUS client. Shows a list of RADIUS clients.

******


System CLI Commands Reference 4-39

4.8.2 System RADIUS Client del Command del System RADIUS Client Commands

Deletes a RADIUS client with the provided IP address. Syntax del <ip> Parameters

del <ip>

Deletes the RADIUS client with IP address <ip>.

Example admin(system.radius.client)>show List of Radius Clients

:

------------------------------------------------------------------------Idx Subnet/Host Netmask SharedSecret ------------------------------------------------------------------------1 192.168.46.4 225.225.225.0 ****** 2 192.168.101.43 225.225.225.0 ****** admin(system.radius.client)>del 192.168.46.4 admin(system.radius.client)>show List of Radius Clients : ------------------------------------------------------------------------Idx Subnet/Host Netmask SharedSecret ------------------------------------------------------------------------1 192.168.101.43 225.225.225.0 ****** admin(system.radius.client)> Related Commands

add show

Adds a RADIUS client to the list. Displays the list of RADIUS clients.


4-40 WS2000 Wireless Switch System Reference Guide

4.8.3 System RADIUS Client show Command show System RADIUS Client Commands

Displays a list of configured RADIUS clients. Syntax show Parameters

None Example admin(system.radius.client)>show List of Radius Clients

:

------------------------------------------------------------------------Idx Subnet/Host Netmask SharedSecret ------------------------------------------------------------------------1 192.168.46.4 225.225.225.0 ****** 2 192.168.101.43 225.225.225.0 ****** admin(system.radius.client)> Related Commands

add del

Adds a RADIUS client to the list. Deletes a RADIUS client from the list.


System CLI Commands Reference 4-41

4.9 System RADIUS EAP Commands eap System RADIUS Commands

Displays the EAP submenu. Syntax admin(system.radius)> eap admin(system.radius.eap)>

The items available under this command are shown below. Command

peap ttls import set show quit save .. /

Description

Goes to the PEAP submenu. Goes to the TTLS submenu. Imports the EAP certificates. Sets the EAP parameters. Shows the EAP parameters. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

Ref.

page 4-45 page 4-48 page 4-42 page 4-43 page 4-44 page 4-1 page 4-1 page 4-1 page 4-1


4-42 WS2000 Wireless Switch System Reference Guide

4.9.1 System RADIUS EAP import Command import System RADIUS EAP Commands

Imports the EAP certificates. Syntax import [server|cacert] <cert ID> Parameters

server <cert id> cacert <cert id>

Imports a server certificate with the certificate ID <cert id>. Imports a Trusted Certificate with certificate ID <cert id>.

Example admin(system.radius.eap)>import server mycert admin(system.radius.eap)>import cacert NETE3443 Related Commands

show cert

Show the list of certificates.


System CLI Commands Reference 4-43

4.9.2 System RADIUS EAP set Command set System RADIUS EAP Commands

Sets the EAP parameters. To configure each of the selected authentication types, go to the submenu associated with each type. Syntax set auth [peap|ttls|both] Parameters

auth [peap|ttls|both]

Sets the default authorization type to one of PEAP or TTLS or both. When selected, go to the submenu associated with the selection to finish the setup.

Example admin(system.radius.eap)>set auth peap admin(system.radius.eap)>show all Default EAP Type : peap Related Commands

show all

Shows the EAP settings.


4-44 WS2000 Wireless Switch System Reference Guide

4.9.3 System RADIUS EAP show Command show System RADIUS EAP Commands

Displays the EAP parameters. Syntax show [all|cert] Parameters

show [all|cert]

Displays EAP parameters • all – Displays the default EAP authentication settings. • cert - Displays a list of certificates.

Example admin(system.radius.eap)>set auth peap admin(system.radius.eap)>show all Default EAP Type : peap Example

set

Sets the EAP parameters.


System CLI Commands Reference 4-45

4.10 System RADIUS EAP PEAP Commands peap System RADIUS EAP Commands

Displays the PEAP submenu. Syntax admin(system.radius.eap)> peap admin(system.radius.eap.peap)>

The items available under this command are shown below. Command

set show quit save .. /

Description

Sets the PEAP authentication type. Shows the PEAP authentication type. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

Ref.

page 4-46 page 4-47 page 4-1 page 4-1 page 4-1 page 4-1


4-46 WS2000 Wireless Switch System Reference Guide

4.10.1 System RADIUS EAP PEAP set Command set System RADIUS EAP PEAP Commands

Sets the PEAP authentication type. Syntax set auth <peap type> Parameters

set auth <peap type> Sets the authentication type for PEAP to <peap type> (GTC or MTCHAPv2). Example admin(system.radius.eap.peap)>set auth gtc admin(system.radius.eap.peap)>show PEAP Auth Type : gtc Related Commands

show

Displays the PEAP authentication type.


System CLI Commands Reference 4-47

4.10.2 System RADIUS EAP PEAP show Command show System RADIUS EAP PEAP Commands

Displays the PEAP authentication type. Syntax show Parameters

None Example admin(system.radius.eap.peap)>set auth gtc admin(system.radius.eap.peap)>show PEAP Auth Type : gtc Related Commands

set

Sets the PEAP authentication type.


4-48 WS2000 Wireless Switch System Reference Guide

4.11 System RADIUS EAP TTLS Commands ttls System RADIUS EAP Commands

Displays the TTLS submenu. Syntax admin(system.radius.eap)> ttls admin(system.radius.eap.ttls)>

The items available under this command are shown below. Command

set show quit save .. /

Description

Sets the TTLS authentication type. Shows the TTLS authentication type. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

Ref.

page 4-49 page 4-50 page 4-1 page 4-1 page 4-1 page 4-1


System CLI Commands Reference 4-49

4.11.1 System RADIUS EAP TTLS set Command set System RADIUS EAP TTLS Commands

Sets the TTLS authentication type. Syntax set auth <ttls type> Parameters

set auth <auth type>

Sets the authentication type for TTLS to <auth type> (PAP, MD5, or MSCHAPv2).

Example admin(system.radius.eap.ttls)>set auth md5 admin(system.radius.eap.ttls)>show TTLS Auth Type : md5 Related Commands

show

Show the TTLS authentication type.


4-50 WS2000 Wireless Switch System Reference Guide

4.11.2 System RADIUS EAP TTLS show Command show System RADIUS EAP TTLS Commands

Shows the TTLS authentication type. Syntax show Parameters

None Example admin(system.radius.eap.ttls)>set auth md5 admin(system.radius.eap.ttls)>show TTLS Auth Type : md5 Related Commands

set

Sets the TTLS authentication type.


System CLI Commands Reference 4-51

4.12 System RADIUS LDAP Commands ldap System RADIUS Commands

Displays the LDAP submenu. Syntax admin(system.radius)> ldap admin(system.radius.ldap)>

The items available under this command are shown below. Command

set show import join quit save .. /

Description

Sets the LDAP parameters. Shows the LDAP parameters. Imports Secured LDAP certificates. Joins the A D domain. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

Ref.

page 4-52 page 4-54 page 4-55 page 4-56 page 4-1 page 4-1 page 4-1 page 4-1


4-52 WS2000 Wireless Switch System Reference Guide

4.12.1 System RADIUS LDAP set Command set System RADIUS LDAP Commands

Sets the LDAP parameters. Syntax set [ipadr|domain|port|binddn|basedn|passwd|login|pass_attr| groupname|filter|membership|adagent|pri-domain|admin-uname|admin-pass] set set set set set set set set set set set set set set set

ipadr <ip> domain <domain> port <port> binddn <binddn> basedn <basedn> passwd <password> login <login attr> pass_attr <password attr> groupname <groupname attr> filter membership <group attr> adagent <mode> pri-domain <mode> admin-uname <username> admin-pass <password>

Parameters

ipadr <ip> domain <domain> port <port> binddn <binddn> basedn <basedn> passwd <password> login <login attr> pass_attr <password attr> groupname <groupname attr> filter membership <group attr> adagent <mode> pri-domain <mode> admin-uname <username> admin-pass <password>

Sets LDAP server IP address to <ip>. Sets LDAP domain name to a fully qualified domain name <domain>. Use when using LDAPS or AD agent Sets LDAP server port to <port>. Sets LDAP bind distinguished name to <binddn> (a string of characters). Sets LDAP Base distinguished name to <basedn> (a string of characters). Sets LDAP server password to <password> (a string of characters). Sets LDAP login attribute to <login attr> (a string of characters). Sets LDAP password attribute to <password attr> (a string of characters). Sets LDAP group name attribute to <groupname attr> (a string of characters). Sets LDAP membership filter with appropriate settings Sets LDAP membership attribute to <group attr> (a string of characters). Enables or disables the A D agent feature. <mode> is either enable or disable. Enables or disables setting primary domain for A D agent. <mode> is either enable or disable. Sets the administrator user name to <username> for the LDAP domain Sets the administrator password to <password> for the LDAP domain


System CLI Commands Reference 4-53

Example admin(system.radius.ldap)>set ipadr 192.168.42.23 admin(system.radius.ldap)>set port 356 admin(system.radius.ldap)>show all LDAP Server IP : 192.168.42.23 LDAP Server Port : 56 LDAP Bind DN : dfkjkkj LDAP Base DN : o=mobion LDAP Login Attribute : (uid=%{Stripped-User-Name:-%{UserName}}) LDAP Password Attribute : userPassword LDAP Group Name Attribute : cn LDAP Group Membership Filter : LDAP Group Membership Attribute : mygroup admin(system.radius.ldap)> Related Commands

show

Displays the set of LDAP server settings.


4-54 WS2000 Wireless Switch System Reference Guide

4.12.2 System RADIUS LDAP show Command show System RADIUS LDAP Commands

Description: Displays the LDAP parameters. Syntax show all Parameters

None Example admin(system.radius.ldap)>set ipadr 192.168.42.23 admin(system.radius.ldap)>set port 356 admin(system.radius.ldap)>show all LDAP Server IP : 192.168.42.23 LDAP Server Port : 56 LDAP Bind DN : dfkjkkj LDAP Base DN : o=mobion LDAP Login Attribute : (uid=%{Stripped-User-Name:-%{UserName}}) LDAP Password Attribute : userPassword LDAP Group Name Attribute : cn LDAP Group Membership Filter : LDAP Group Membership Attribute : mygroup admin(system.radius.ldap)> Related Commands

set

Sets the LDAP parameters.


System CLI Commands Reference 4-55

4.12.3 System RADIUS LDAP import Command import System RADIUS LDAP Commands

Imports Secure LDAP certificates. Syntax import [client|cacert] <cert-id> Parameters

import Import Secure LDAP certificates. [client|cacert] • client – Imports self certificate <cert-id> <cert-id> • ca-cert – Imports the trusted certificate authority certificate <cert-id> Example admin(system.radius.ldap)> import client LdapClient admin(system.radius.ldap)> import cacert LdapTrusted


4-56 WS2000 Wireless Switch System Reference Guide

4.12.4 System RADIUS LDAP join Command join System RADIUS LDAP Commands

Joins the device to the A D domain. Syntax join Parameters

None Example admin(system.radius.ldap)> join


System CLI Commands Reference 4-57

4.13 System RADIUS Policy Commands policy System RADIUS Commands

Displays the policy submenu. Syntax admin(system.radius)> policy admin(system.radius.policy)>

The items available under this command are shown below. Command

set show quit save .. /

Description

Sets the groupâ&#x20AC;&#x2122;s access policy. Shows the groupâ&#x20AC;&#x2122;s access policy. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

Ref.

page 4-58 page 4-59 page 4-1 page 4-1 page 4-1 page 4-1


4-58 WS2000 Wireless Switch System Reference Guide

4.13.1 System RADIUS Policy set Command set System RADIUS Policy Commands

Sets a group’s access to WLANs. Syntax set <group> <idx> Parameters

set <group> <idx> Gives the group <group> access to WLAN with a list of indexes <idx>. The list <idx> can either be a single index or several indexes separated by spaces. The group <group> must be already defined. See System User Database Group Commands for information about defining groups. Example admin(system.radius.policy)>set g1 2 3 4 admin(system.radius.policy)>show List of Access Policies : g1 : 2 3 4 g2 : No Wlans Related Commands

show

Displays the group’s access policies.


System CLI Commands Reference 4-59

4.13.2 System RADIUS Policy show Command show System RADIUS Policy Commands

Displays the access policy details for all groups. Syntax show Parameters

None Example admin(system.radius.policy)>set g1 2 3 4 admin(system.radius.policy)>show List of Access Policies : g1 : 2 3 4 g2 : No Wlans Related Commands

set

Sets the group WLAN access settings.


4-60 WS2000 Wireless Switch System Reference Guide

4.14 System RADIUS Proxy Commands proxy System RADIUS Commands

Displays the proxy submenu. Syntax admin(system.radius)> proxy admin(system.radius.proxy)>

The items available under this command are shown below. Command

add del clearall set show quit save .. /

Description

Adds a proxy realm. Deletes a proxy realm. Removes all proxy server records. Sets the proxy server parameters. Shows the proxy server parameters. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

Ref.

page 4-61 page 4-62 page 4-63 page 4-64 page 4-65 page 4-1 page 4-1 page 4-1 page 4-1


System CLI Commands Reference 4-61

4.14.1 System RADIUS Proxy add Command add System RADIUS Proxy Commands

Adds a proxy realm. Syntax add <name> <ip> <port> <secret> Parameters

add <realm> <ip> <port> <secret>

Add a proxy realm with realm name <realm>, RADIUS server IP address <ip>, port <port>, and shared secret <secret>.

Example admin(system.radius.proxy)>add realm1 192.168.102.42 225 realmpass admin(system.radius.proxy)>show realm Proxy Realms : ------------------------------------------------------------------------Idx Suffix RadiusServerIP Port SharedSecret ------------------------------------------------------------------------1 realm1 192.168.102.42 225 ****** Related Commands

show realm del

Displays this list of defined proxy servers. Deletes a proxy server from the list.


4-62 WS2000 Wireless Switch System Reference Guide

4.14.2 System RADIUS Proxy del Command del System RADIUS Proxy Commands

Deletes a proxy realm. Syntax del <realm> Parameters

del <realm>

Deletes a proxy server realm with name <realm>.

Example admin(system.radius.proxy)>add realm1 192.168.102.42 225 realmpass admin(system.radius.proxy)>show realm Proxy Realms : ------------------------------------------------------------------------Idx Suffix RadiusServerIP Port SharedSecret ------------------------------------------------------------------------1 realm1 192.168.102.42 225 ****** admin(system.radius.proxy)>del realm1 admin(system.radius.proxy)>show realm Proxy Realms : ------------------------------------------------------------------------Idx Suffix RadiusServerIP Port SharedSecret ------------------------------------------------------------------------Related Commands

add show

Adds a proxy server realm. Displays the list of proxy servers.


System CLI Commands Reference 4-63

4.14.3 System RADIUS Proxy clearall Command clearall System RADIUS Proxy Commands

Clears all the proxy server records. Syntax clearall Parameters

None Example admin(system.radius.proxy)> clearall


4-64 WS2000 Wireless Switch System Reference Guide

4.14.4 System RADIUS Proxy set Command set System RADIUS Proxy Commands

Sets the proxy server parameters. Syntax set delay <delay> set count <count>

Syntax: delay <delay> count <count>

Sets the retry delay of the proxy server to <delay> minute (5–10). Sets the retry count of the proxy server to <count> (3–6).

Example admin(system.radius.proxy)>set delay 7 admin(system.radius.proxy)>set count 4 admin(system.radius.proxy)>show proxy Proxy Server Retry Count : 4 Proxy Server Retry Delay : 7 admin(system.radius.proxy)> Example

show proxy

Shows the proxy server retry settings.


System CLI Commands Reference 4-65

4.14.5 System RADIUS Proxy show Command show System RADIUS Proxy Commands

Shows the proxy server parameters. Syntax show [proxy|realm] Parameters

show [proxy|realm] Displays proxy server parameters. • proxy – Displays the proxy server parameters. • realm – Displays proxy server realm information. Example admin(system.radius.proxy)>add realm1 192.168.102.42 225 realmpass admin(system.radius.proxy)>show realm Proxy Realms : ------------------------------------------------------------------------Idx Suffix RadiusServerIP Port SharedSecret ------------------------------------------------------------------------1 realm1 192.168.102.42 225 ****** admin(system.radius.proxy)>set delay 7 admin(system.radius.proxy)>set count 4 admin(system.radius.proxy)>show proxy Proxy Server Retry Count : 4 Proxy Server Retry Delay : 7 admin(system.radius.proxy)> Related Commands

set add

Sets the proxy server retry parameters. Adds a proxy server realm to the list.


4-66 WS2000 Wireless Switch System Reference Guide

4.15 System Redundancy Commands redundancy system

Displays the redundancy submenu. Syntax admin(system)> redundancy admin(system.redundancy)>

The items available under this command are shown below. Command

set show quit save .. /

Description

Sets redundancy parameters. Shows redundancy settings. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

Ref.

page 4-67 page 4-69 page 4-1 page 4-1 page 4-1 page 4-1


System CLI Commands Reference 4-67

4.15.1 System Redundancy set Command set System Redundancy Commands

Sets the parameters for redundant switch mode. Syntax set [op_state|mode|heartbeat|revertdelay|redundancy|preempt|virtualip] set set set set set set set

mode <mode> op_state <state> heartbeat <interval> revertdelay <delay> redundancy <subnet> <state> preempt <mode> virtualip <subnet> <ip>

Parameters

mode <mode>

Sets the switch to the <mode> (primary or secondary). Indicates that the switch is either the primary or secondary (standby) switch when redundancy is enabled. This parameter can only be set if the op_state parameter is set to redundancy. op-state <state> Sets the redundancy operation state of the switch to one of the following <state>: • standalone—The switch has no redundancy capabilities and operates independently of any other WS 2000 switches on the network. This is the default setting. • redundancy—Two WS 2000 switches are connected, with one set as a primary and the other as a standby. • upgrade—The primary and standby switches must run the same version of the switch firmware for redundancy to work correctly. If the firmware on only one of the switches is updated, redundancy is disabled and the Operational State is automatically set to Upgrade. heartbeat <interval> Sets the heartbeat interval for the switch to <interval> (1–60) seconds. revertdelay <delay> Specifies the amount of time <delay> (1–20 minutes) after not receiving a heartbeat packet before the secondary (standby) switch will take over. redundancy <subnet> Sets the redundancy state <state> (enable or disable) for the subnet <subnet> <state> (s1, s2. s3, s4, s5, s6). preempt <mode> Enables to prevent system stand-by on redundant switches. <mode> can be enable or disable. virtualip <subnet> Sets the virtual IP address to <ip> for each redundant subnet <subnet>. <ip> Example admin(system.redundancy)>set mode standby can not set the value when the op_state is either upgrade or standalone admin(system.redundancy)>set op-state redundancy admin(system.redundancy)>set mode standby admin(system.redundancy)>


4-68 WS2000 Wireless Switch System Reference Guide

Related Commands

show

Displays the redundancy settings.


System CLI Commands Reference 4-69

4.15.2 System Redundancy show Command show System Redundancy Commands

Displays the switch redundancy settings. Syntax show all Parameters

None Example admin(system.redundancy)>show all redundancy configured mode redundancy operational mode redundancy operational state heart beat interval revert delay heart beat interface Related Commands

set

Sets the redundancy settings.

: : : : : :

primary VRRP daemon not running standalone 3 seconds 5 minutes 1


4-70 WS2000 Wireless Switch System Reference Guide

4.16 System SNMP Commands snmp system

Displays the SNMP submenu. Syntax admin(system)> snmp admin(system.snmp)>

The items available under this command are shown below. Command

access traps quit save .. /

Description

Goes to the SNMP access submenu. Goes to the SNMP traps submenu. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

Ref.

page 4-71 page 4-78 page 4-1 page 4-1 page 4-1 page 4-1


System CLI Commands Reference 4-71

4.17 System SNMP Access Commands access System SNMP Commands

Displays the SNMP access menu. Syntax admin(system.snmp)> access admin(system.snmp.access)>

The items available under this command are shown below. Command

add delete list show quit save .. /

Description

Adds SNMP access entries. Deletes SNMP access entries. Lists SNMP access entries. Shows SNMP v3 engine ID. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

Ref.

page 4-72 page 4-74 page 4-76 page 4-77 page 4-1 page 4-1 page 4-1 page 4-1


4-72 WS2000 Wireless Switch System Reference Guide

4.17.1 System SNMP Access add Command add System SNMP Access Commands

Adds SNMP access list entries. Syntax add [acl|v1v2c|v3] add acl <ip1> <ip2> add v1v2c <comm> <access> [<oid>|all] add v3 <user> <access> [<oid>|all] <sec> <auth> <pass1> <priv> <pass2> Parameters

add acl <ip1> <ip2>

Adds an entry to the SNMP access control list with <ip1> as the starting IP address and <ip2> and the ending IP address. v1v2c <comm> Adds an SNMP v1/v2c configuration. <access> [<oid>|all] • <comm> – The community (1–31 characters) • <access> – The read/write access set to (ro (read only) or rw (read/write) • <oid> – The Object Identifier. <oid> is a string of 1–127 numbers in dot notation, such as 2.3.4.5.6 or all for all objects. v3 <user> <access> Adds an SNMP v3 user definition. [<oid> / all] <sec> • <user> – The username (1–31 characters). <auth> <pass1> <priv> • <access> – The read/write access set to ro (read only) or rw (read/write) <pass2> • <oid> – The Object Identifier. <oid> is a string of 1–127 numbers in dot notation, such as 1.3.6.1 or all for all objects) • <sec> – The security type. <sec> is set to one of none, auth, or auth/priv. The following parameters must be specified if <sec> is set to auth/priv: • <auth> – The authentication algorithm. Can be one of md5 or sha1. Must be set if <sec> is set to auth or auth/priv. • <pass1> – The password (8–31 characters) for authentication. Must be provided if <sec> is set to auth or auth/priv. • <priv> – The privacy algorithm. Set to des or aes. Must be set if <sec> is set to auth/priv. • <pass2> – Privacy password (8–31 characters). Must be provided if <sec> is set to auth/priv. Example admin(system.snmp.access)>add acl 209.236.24.1 209.236.24.46 admin(system.snmp.access)>list acl ---------------------------------------------------------------index start ip end ip ---------------------------------------------------------------1 209.236.24.1 209.236.24.46 admin(system.snmp.access)>add v3 fred rw 1.3.6.6 none admin(system.snmp.access)>list v3 all


System CLI Commands Reference 4-73

index username access permission object identifier security level auth algorithm auth password privacy algorithm privacy password

: : : : : : : : :

1 fred read/write 1.3.6.6 none md5 ******** des ********

admin(system.snmp.access)>add v3 judy rw 1.3.6.1 auth/priv md5 changeme des changemetoo admin(system.snmp.access)>list v3 2 index username access permission object identifier security level auth algorithm auth password privacy algorithm privacy password

: : : : : : : : :

2 judy read/write 1.3.6.1 auth/priv md5 ******** des *******


4-74 WS2000 Wireless Switch System Reference Guide

4.17.2 System SNMP Access delete Command delete System SNMP Access Commands

Deletes SNMP access entries. Syntax delete [acl|v1v2c|v3] [<idx>|all] Parameters

delete [acl|v1v2c|v3] [<idx>|all]

Deletes SNMP access entries. • acl – Deletes SNMP access list entries • v1v2c – Deletes entries from the SNMP v1/v2 configuration list • v3 – Deletes entries from the SNMP v3 configuration list. • <idx> – Deletes entry with index <idx> • all – Deletes all entries.

Example admin(system.snmp.access)>list acl ------------------------------------------------------------------------index start ip end ip ------------------------------------------------------------------------1 209.236.24.1 209.236.24.46 admin(system.snmp.access)>delete acl all admin(system.snmp.access)>list acl ------------------------------------------------------------------------index start ip end ip ------------------------------------------------------------------------admin(system.snmp.access)>list v3 all index username access permission object identifier security level auth algorithm auth password privacy algorithm privacy password

: : : : : : : : :

1 fred read/write 1.3.6.6 none md5 ******** des ********

index username access permission object identifier security level auth algorithm auth password privacy algorithm privacy password

: : : : : : : : :

2 judy read/write 1.3.6.1 auth/priv md5 ******** des ********


System CLI Commands Reference 4-75

admin(system.snmp.access)>delete v3 2 admin(system.snmp.access)>list v3 all index username access permission object identifier security level auth algorithm auth password privacy algorithm privacy password admin(system.snmp.access)>

: : : : : : : : :

1 fred read/write 1.3.6.6 none md5 ******** des ********


4-76 WS2000 Wireless Switch System Reference Guide

4.17.3 System SNMP Access list Command list System SNMP Access Commands

Lists SNMP access entries. Syntax list [acl|v1v2c] list v3 [<idx>|all] Parameters

list [acl|v1v2c]

• acl – Lists SNMP access control list entries. • v1v2c – Lists SNMP v1/v2c configuration entries. list v3 [<idx>|all] Lists SNMP v3 user definition with index <idx>. all lists all SNMP v3 user definitions. Example admin(system.snmp.access)>list acl ---------------------------------------------------------------index start ip end ip ---------------------------------------------------------------1 209.236.24.1 209.236.24.46 admin(system.snmp.access)>list v3 all index username access permission object identifier security level auth algorithm auth password privacy algorithm privacy password

: : : : : : : : :

1 fred read/write 1.3.6.6 none md5 ******** des ********

admin(system.snmp.access)>list v3 2 index username access permission object identifier security level auth algorithm auth password privacy algorithm privacy password

: : : : : : : : :

2 judy read/write 1.3.6.1 auth/priv md5 ******** des *******


System CLI Commands Reference 4-77

4.17.4 System SNMP Access show Command show System SNMP Access Commands

Displays the SNMP v3 engine ID. Syntax show eid Parameters

None Example admin(system.snmp.access)>show eid WS2000 snmp v3 engine id admin(system.snmp.access)>

: 0000018457D71CDFF86FD8FC


4-78 WS2000 Wireless Switch System Reference Guide

4.18 System SNMP Traps Commands traps System SNMP Commands

Displays the SNMP traps submenu. Syntax admin(system.snmp)> traps admin(system.snmp.traps)>

The items available under this command are shown below. Command

add delete list set show quit save .. /

Description

Adds SNMP trap entries. Deletes SNMP trap entries. Lists SNMP trap entries. Sets SNMP trap parameters. Shows SNMP trap parameters. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

Ref.

page 4-79 page 4-81 page 4-82 page 4-83 page 4-87 page 4-1 page 4-1 page 4-1 page 4-1


System CLI Commands Reference 4-79

4.18.1 System SNMP Traps add Command add System SNMP Traps Commands

Adds SNMP traps. Syntax add [v1v2c|v3] add v1v2c <ip> <port> <comm> <ver> add v3 <ip> <port> <user> <sec> <auth> <pass1> <priv> <pass2> Parameters

v1v2c <ip> <port> <comm> <ver>

v3 <ip> <port> <user> <sec> <auth> <pass1> <priv> <pass2>

Adds an SNMP v1/v2c trap entry. • <ip> – The destination IP address • <port> – The destination UDP port number. • <comm> – The community (1–31 characters) • <ver> – The SNMP version number. (v1 or v2) Adds an SNMP v3 trap entry. • <ip> – The destination IP address • <port> – The destination UDP port number. • <user> – The username (1–31 characters). • <sec> – The security type. <sec> is set to one of none, auth, or auth/priv. The following parameters must be specified if <sec> is set to auth/priv: • <auth> – The authentication algorithm. Can be one of md5 or sha1. Must be set if <sec> is set to auth or auth/priv. • <pass1> – The password (8–31 characters) for authentication. Must be provided if <sec> is set to auth or auth/priv. • <priv> – The privacy algorithm. Set to des or aes. Must be set if <sec> is set to auth/priv. • <pass2> – Privacy password (8–31 characters). Must be provided if <sec> is set to auth/priv.

Example admin(system.snmp.traps)>add v1v2 203.223.24.2 333 mycomm v1 admin(system.snmp.traps)>list v1v2c ---------------------------------------------------------------------index dest ip dest port community version ---------------------------------------------------------------------1 203.223.24.2 333 mycomm v1 admin(system.snmp.traps)>add v1v2 209.255.32.1 334 jumbo v2 admin(system.snmp.traps)>list v1v2c ---------------------------------------------------------------------index dest ip dest port community version ---------------------------------------------------------------------1 203.223.24.2 333 mycomm v1 2 209.255.32.1 334 jumbo v2


4-80 WS2000 Wireless Switch System Reference Guide

admin(system.snmp.traps)>add v3 192.168.103.3 80 bomuser auth md5 bomuser1 admin(system.snmp.traps)>add v3 182.168.103.4 80 blistuser auth/priv md5 blistuser des listuser admin(system.snmp.traps)>list v3 all index destination ip destination port username security level auth algorithm auth password privacy algorithm privacy password

: : : : : : : : :

1 192.168.103.3 80 bomuser auth md5 ******** des ********

index destination ip destination port username security level auth algorithm auth password privacy algorithm privacy password

: : : : : : : : :

2 182.168.103.4 80 blistuser auth/priv md5 ******** des ********


System CLI Commands Reference 4-81

4.18.2 System SNMP Traps delete Command delete System SNMP Traps Commands

Deletes SNMP trap entries. Syntax delete [v1v2c|v3] [<idx>|all] Parameters

delete [acl|v1v2c|v3] [<idx>|all]

Deletes SNMP access entries. • acl – Deletes SNMP access list entries • v1v2c – Deletes entries from the SNMP v1/v2 configuration list • v3 – Deletes entries from the SNMP v3 configuration list. • <idx> – Deletes entry with index <idx> • all – Deletes all entries.

Example admin(system.snmp.traps)>list v3 all index destination ip destination port username security level auth algorithm auth password privacy algorithm privacy password

: : : : : : : : :

1 192.168.103.3 80 bomuser auth md5 ******** des ********

index destination ip destination port username security level auth algorithm auth password privacy algorithm privacy password

: : : : : : : : :

2 182.168.103.4 80 blistuser auth/priv md5 ******** des ********

admin(system.snmp.traps)>delete v3 1 admin(system.snmp.traps)>list v3 all index destination ip destination port username security level auth algorithm auth password privacy algorithm privacy password

: : : : : : : : :

1 182.168.103.4 80 blistuser auth/priv md5 ******** des ********


4-82 WS2000 Wireless Switch System Reference Guide

4.18.3 System SNMP Traps list Command list System SNMP Traps Commands

Lists SNMP trap entries. Syntax list v1v2c list v3 [<idx>|all] Parameters

list v1v2c Lists SNMP v1/v2c traps entries. list v3 [<idx>|all] Lists SNMP v3 traps definition with index <idx>. all lists all SNMP v3 traps definitions. Example admin(system.snmp.traps)>list v1 ------------------------------------------------------------------------index dest ip dest port community version ------------------------------------------------------------------------1 197.168.10.1 80 HTTPUser v2 2 197.168.10.2 1056 AllUsers v2 admin(system.snmp.traps)>list v3 all index destination ip destination port username security level auth algorithm auth password privacy algorithm privacy password

: : : : : : : : :

1 182.168.103.4 80 blistuser auth/priv md5 ******** des ********


System CLI Commands Reference 4-83

4.18.4 System SNMP Traps set Command set System SNMP Traps Commands

Sets SNMP trap parameters. Syntax set [cold|cfg|lowcf|port|dos-attack|snmp-auth|snmp-acl|mu-assoc| mu-unassoc|mu-deny-assoc|mu-deny-auth|ap-adopt|ap-unadopt| ap-denied-adopt|ap-radar|rogue-ap|hotspot-mu-state| user-login-failure|interface|admin-passwd-change|dyndns-update| wids-mu|wids-radio|wids-switch|ips] <mode> set cf-thresh <memory_kb> set min-pkt <pkt> set dos-rate-limit <seconds> set rate <rate> <scope> <value> Parameters

set [cold|cfg|lowcf|port|dos-attack|snmp-auth|snmp-acl|mu-assoc|mu-unassoc| mu-deny-assoc|mu-deny-auth|ap-adopt|ap-unadopt|ap-denied-adopt|ap-radar| rogue-ap|hotspot-mu-state|user-login-failure|interface|admin-passwd-change| dyndns-update|wids-mu|wids-radio|wids-switch|ips] <mode> Sets the different SNMP parameters. <mode> can be one of enable or disable. • cold – Configuration changed trap • cfg – Configuration mode trap • lowcf – Low compact flash memory trap • port – Physical port status change trap • dos-attack – Denial of Service (DOS) attack trap • snmp-auth – Authentication failure trap • snmp-acl – SNMP ACL violation trap • mu-assoc – MU associated trap • mu-unassoc – MU un-associated trap • mu-deny-assoc – MU denied association trap • mu-deny-auth – MU authentication denied trap • ap-adop – AP adopted trap • ap-unadop – AP un-adopted trap • ap-denied-adopt – AP denied trap • ap-radar – AP radar trap • rogue-ap – Rogue AP trap • hotspot-mu-state – Hotspot MU change state trap • user-login-failure – User login failure trap • ips – Intrusion Prevention System trap • interface – Interface status change trap


4-84 WS2000 Wireless Switch System Reference Guide

cf-thresh <memory_kb> min-pkt <pkt>

• admin-passwd-change – Admin password change trap • dyndns-update – Dynamic DNS update trap • wids-mu – WIDS MU event trap • wids-radio – WIDS radio event trap • wids-switch – WIDS switch event trap • cf-thresh – Compact Flash memory trap • min-pkt – Packets required for rate traps to fire Sets the low memory on compact flash trap to the value <memory_kb> (0 – 2147483647 kilobytes). Sets the minimum number of packets <pkt> required for the rate traps to fire. <pkt> can be a value in the range 0 – 65535. Sets the rate limit to <seconds> ((0 – 2147483647 seconds) for DOS traps.

dos-rate-limit <seconds> rate <rate> Sets the rate value for rate and scope combination for DOS traps. <scope> <value> • <rate> – The rate value to monitor. Can be one of • pkts – packets greater than <value> (0 – 9999.99). • mbps – throughput greater than <value> (0 – 108.00) MBPS. • avg-bps – bit speed less than <value> (0 – 108.00) MBPS. • pct-nu – non unicast packets percentage greater than <value> (0 – 100.00) • avg-signal – negative average signal worse than <value> (0 – 100.00) • avg-retries – average retries greater than <value> (0 – 16.00) • pct–dropped – dropped packet percentage greater than <value> (0 – 100.00) • pct-undecrypted – undecryptable packet percentage greater than <value> (0 – 100.00) • assoc-mus – number of associated MUs greater than <value> (0 – 32.00 when scope is AP, 200.00 otherwise.) • <scope> – The scope where the rate applies to. <scope> can be one of switch, wlan, ap, mu) • <value> – The value in the range as specified for each <rate>.

<rate> Choices

pkts mbps avg-bps pct-nu avg-signal avg-retries pct-dropped pct-undecrypt assoc-mus

Interpretation

Packets/second > <value> Throughput > <value> Average bit speed in mbps < <value> % not UNICAST > <value> Negative average signal < <value> Average retries > <value> % dropped packets > <value> % undecryptable > <value> Number of associated MUs > <value>

Allowed Range for <value>

0-9999.99 0-108.00 0-108.00 0-100.00 0-100.00 0-16.00 0-100.00 0-100.00 0-200

Allowed <scope>

switch,wlan,ap,mu switch,wlan,ap,mu wlan,ap,mu wlan,ap,mu wlan,ap,mu wlan,ap,mu wlan,ap,mu wlan,ap,mu switch,wlan,ap


System CLI Commands Reference 4-85

NOTE: <value> can be a number with up to two decimal places, except for assoc_mus, which must be an integer. Example admin(system.snmp.traps)>show trap SNMP System Traps snmp cold start snmp config changed low compact flash memory

: disable : disable : disable

SNMP Network Traps physical port status change denial of service

: disable : disable

SNMP Traps snmp auth failure snmp acl violation

: disable : disable

SNMP MU Traps mu mu mu mu

associated unassociated denied association denied authentication

: : : :

disable disable disable disable

: : : :

disable disable disable disable

SNMP AP Traps ap ap ap ap

adopted unadopted denied adoption radar detection

SNMP Trap Threshold compact flash memory threshold : 1024 min packets required for rate trap: 800 denial of service trap rate limit : 10 admin(system.snmp.traps)>set cold enable admin(system.snmp.traps)>set port enable admin(system.snmp.traps)>set dos-attack enable admin(system.snmp.traps)>set mu-unassoc enable admin(system.snmp.traps)>set ap-radar enable admin(system.snmp.traps)>set min-pkt 1000 admin(system.snmp.traps)>show trap SNMP System Traps snmp cold start snmp config changed low compact flash memory

: enable : disable : disable


4-86 WS2000 Wireless Switch System Reference Guide

SNMP Network Traps physical port status change denial of service

: enable : enable

SNMP Traps snmp auth failure snmp acl violation

: disable : disable

SNMP MU Traps mu mu mu mu

associated unassociated denied association denied authentication

: : : :

disable enable disable disable

: : : :

disable disable disable enable

SNMP AP Traps ap ap ap ap

adopted unadopted denied adoption radar detection

SNMP Trap Threshold compact flash memory threshold : 1024 min packets required for rate trap: 1000 denial of service trap rate limit : 10 admin(system.snmp.traps)>


System CLI Commands Reference 4-87

4.18.5 System SNMP Traps show Command show System SNMP Traps Commands

Shows SNMP trap parameters. Syntax show [trap|rate-trap] Parameters

show [trap|rate-trap] Displays trap settings. • trap – Displays SNMP trap parameter settings. • rate-trap – Shows SNMP rate-trap parameter settings. Example admin(system.snmp.traps)>show trap SNMP System Traps snmp cold start snmp config changed low compact flash memory

: enable : disable : disable

SNMP Network Traps physical port status change denial of service

: enable : enable

SNMP Traps snmp auth failure snmp acl violation

: disable : disable

SNMP MU Traps mu mu mu mu

associated unassociated denied association denied authentication

: : : :

disable enable disable disable

: : : :

disable disable disable enable

SNMP AP Traps ap ap ap ap

adopted unadopted denied adoption radar detection

SNMP Trap Threshold compact flash memory threshold : 1024 min packets required for rate trap: 1000 denial of service trap rate limit : 10


4-88 WS2000 Wireless Switch System Reference Guide

admin(system.snmp.traps)>show rate-trap SNMP Switch Rate Traps pkts/s greater than : disable throughput(Mbps) greater than : disable num of associated mu greater than : disable SNMP Wlan Rate Traps pkts/s greater than throughput(Mbps) greater than avg bit speed(Mbps) less than pct non-unicast greater than -average signal worse than average retry greater than pct dropped greater than pct undecryptable greater than num of associated mu greater than

: : : : : : : : :

disable disable disable disable disable disable disable disable disable

: : : : : : : : :

disable disable disable disable disable disable disable disable disable

: : : : : : : :

disable disable disable disable disable disable disable disable

SNMP Portal Rate Traps pkts/s greater than throughput(Mbps) greater than avg bit speed(Mbps) less than pct non-unicast greater than -average signal worse than average retry greater than pct dropped greater than pct undecryptable greater than num of associated mu greater than SNMP Mu Rate Traps pkts/s greater than throughput(Mbps) greater than avg bit speed(Mbps) less than pct non-unicast greater than -average signal worse than average retry greater than pct dropped greater than pct undecryptable greater than admin(system.snmp.traps)>


System CLI Commands Reference 4-89

4.19 System SSH Commands ssh system

Displays the secure shell (SSH) submenu. Syntax admin(system)> ssh admin(system.ssh)>

The items available under this command are shown below. Command

set show save .. /

Description

Sets SSH parameters Shows SSH parameters. Saves the configuration to system flash Goes to the parent menu Goes to the root menu

Ref.

page 4-90 page 4-91 page 4-1 page 4-1 page 4-1


4-90 WS2000 Wireless Switch System Reference Guide

4.19.1 System SSH set Command set System SSH Commands

Sets secure shell parameters for system access. Syntax set auth-timeout <authentication timeout> set inactive-timeout <inactive timeout> Parameters

auth-timeout <authentication timeout> inactive-timeout <inactive timeout>

Sets the maximum time <authentication timeout> (0â&#x20AC;&#x201C;65535 seconds) allowed for SSH authentication to occur before executing a timeout. Sets the maximum amount of inactive time <inactive timeout> (0â&#x20AC;&#x201C;65535 seconds) for an SSH connection before a timeout occurs and the user is dropped.

Example admin(system.ssh)>set auth-timeout 60 admin(system.ssh)>set inactiv 2000 admin(system.ssh)>show all Authentication Timeout : 60 SSH Client Inactivity Timeout : 2000 admin(system.ssh)> Related Commands

show all Shows the SSH parameter values.


System CLI Commands Reference 4-91

4.19.2 System SSH show Command show System SSH Commands

Shows secure shell timeout parameters. Syntax show all Parameters

None Example admin(system.ssh)>set auth-timeout 60 admin(system.ssh)>set inactiv 2000 admin(system.ssh)>show all Authentication Timeout : 60 SSH Client Inactivity Timeout : 2000 admin(system.ssh)> Related Commands

set

Sets the values for the secure shell timeout parameters.


4-92 WS2000 Wireless Switch System Reference Guide

4.20 System User Database Commands userdb system

Displays the userdb submenu. Syntax admin(system)> userdb admin(system.userdb)>

The items available under this command are shown below. Command

user group quit save .. /

Description

Goes to the user submenu. Goes to the group submenu. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

Ref.

page 4-103 page 4-93 page 4-1 page 4-1 page 4-1 page 4-1


System CLI Commands Reference 4-93

4.21 System User Database Group Commands group System User Database Commands

Displays the group submenu. Syntax admin(system.userdb)> group admin(system.userdb.group)>

The items available under this command are shown below. Command

create delete clearall add remove set show quit save .. /

Description

Creates a new group. Deletes a group. Deletes all the listed groups Adds a user to a group. Removes a user from a group. Sets group parameters. Shows the existing groups. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

Ref.

page 4-95 page 4-96 page 4-98 page 4-94 page 4-99 page 4-100 page 4-102 page 4-1 page 4-1 page 4-1 page 4-1


4-94 WS2000 Wireless Switch System Reference Guide

4.21.1 System Userdb Group add Command add System User Database Group Commands

Adds a user to a group. Syntax add <userid> <group> Parameters

add <userID> <groupID>

Adds the user specified by <userID> to the group <groupID>. <userID> must already be defined in the database. User the add command from the (system.userdb.users) menu to add a new user.

Example admin(system.userdb.group)>add fred g1 admin(system.userdb.group)>add joe g1 admin(system.userdb.group)>add joe g2 admin(system.userdb.group)>show user g1 List of Users of Group : fred joe admin(system.userdb.group)>show user g2 List of Users of Group : joe Related Commands

show users

Displays a list of users in a group.


System CLI Commands Reference 4-95

4.21.2 System Userdb Group create Command create System User Database Group Commands

Creates a new group. Syntax create <group> <vlan-id> Parameters

create <group> <vlan-id> Creates a new group with the ID <group>. <group> can be an alphanumeric string. Users in the group are automatically assigned the vlan-id as specified by <vlan-id>.

Example: admin(system.userdb.group)>create g1 10 admin(system.userdb.group)>show groups List of Group Names : Groupname Guest Group VanId Start Time Expiry Time Access on Days

: : : : : :

g1 NO 10 0000 2359 All

admin(system.userdb.group)> Related Commands

delete Deletes a group. show groups Displays a list of groups in the database.


4-96 WS2000 Wireless Switch System Reference Guide

4.21.3 System Userdb Group delete Command delete System User Database Group Commands

Deletes a group from the database. Syntax delete <group> Parameters

delete <groupID>

Deletes the group <group> from the database. A warning occurs if there are still users assigned to that group.

Example admin(system.userdb.group)>show groups List of Group Names : Groupname Guest Group VanId Start Time Expiry Time Access on Days

: : : : : :

g1 NO 10 0000 2359 All

Groupname Guest Group VanId Start Time Expiry Time Access on Days

: : : : : :

g2 NO 6 0000 2359 All

Groupname Guest Group VanId Start Time Expiry Time Access on Days

: : : : : :

g3 NO 1 0000 2359 All

admin(system.userdb.group)>delete g2 admin(system.userdb.group)>show groups List of Group Names : Groupname Guest Group VanId Start Time Expiry Time Access on Days

: : : : : :

g1 NO 10 0000 2359 All

Groupname Guest Group

: g3 : NO


System CLI Commands Reference 4-97

VanId Start Time Expiry Time Access on Days

: : : :

1 0000 2359 All

Related Commands

add show user

Adds users to a group. Displays a list of users in a group.


4-98 WS2000 Wireless Switch System Reference Guide

4.21.4 System Userdb Group clearall Command clearall System User Database Group Commands

Clears all the groups in the Groups list. Before clearing all the groups, ensure that no user account is associated to the groups. Syntax clearall Parameters

None Example admin(system.userdb.group)>show groups List of Group Names : Groupname Guest Group VanId Start Time Expiry Time Access on Days

: : : : : :

g1 NO 10 0000 2359 All

Groupname Guest Group VanId Start Time Expiry Time Access on Days

: : : : : :

g3 NO 1 0000 2359 All

Groupname Guest Group VanId Start Time Expiry Time Access on Days

: : : : : :

g2 NO 15 0000 2359 All

admin(system.userdb.group)>clearall admin(system.userdb.group)>show groups List of Group Names : admin(system.userdb.group)>

No Groups


System CLI Commands Reference 4-99

4.21.5 System Userdb Group remove Command remove System User Database Group Commands

Removes a user from a group. Syntax remove <userid> <group> Parameters

remove <userid> <group>

Removes the user <userid> from the group <group>.

Example admin(system.userdb.group)>show users g1 List of Users of Group : John Jane admin(system.userdb.group)>remove Jane g1 admin(system.userdb.group)>show users g1 List of Users of Group : John admin(system.userdb.group)> Related Commands

add show users

Adds a user to a group. Shows a list of users in a group.


4-100 WS2000 Wireless Switch System Reference Guide

4.21.6 System Userdb Group set Command set System User Database Group Commands

Sets the different group parameters. Syntax set [vlan|day-access|guest-group|start-time|end-time] set set set set

[start-time|end-time} <time> vlan <group> <vlan> day-access <group> [all|weekdays|<days>] guest-group <group>

Parameters

vlan <group> <vlan> start-time <group> <time> end-time <group> <time> day-access <group> [all|weekdays|<days>

guest-group <group>

Sets the vlan id of a group <group> to <vlan> (1 – 4094). Sets the time when a user belonging to a group <group> can start authenticating (login) with the WS2000. Start-time is in 24hr format. Sets the time after which a user belonging to a group <group> cannot authenticate (login) with the WS2000. End-time is in 24hr format. Sets the access days for a group <group>. • all – Sets the access days to all days of the week including Saturdays and Sundays. • weekday – Sets the access days to all week days excluding Saturdays and Sunday. • <days> – Sets the access days as specified. Each item in this list is to be separated by a space. <days> can be mo, tu, we, th, fr, sa, su. Sets the group identified by <group> as a guest group.

Example admin(system.userdb.group)> admin(system.userdb.group)> admin(system.userdb.group)> admin(system.userdb.group)> admin(system.userdb.group)> List of Group Names :

set vlan Group1 1 set start-time Group1 0730 set end-time Group1 2230 set day-access Group1 mo tu we fr sa su show groups

Groupname Guest Group VanId Start Time Expiry Time Access on Days

: : : : : :

GroupOfAdmins NO 1 0000 2359 All

Groupname Guest Group VanId Start Time Expiry Time Access on Days

: : : : : :

GroupOfLevel1Users NO 1 0730 2230 Mo Tu We Fr Sa Su


System CLI Commands Reference 4-101

admin(system.userdb.group)> set guest-group Group1 admin(system.userdb.group)>set guest-group guests admin(system.userdb.group)>show groups List of Group Names : Groupname Guest Group VanId Start Time Expiry Time Access on Days

: : : : : :

g1 NO 10 0000 2359 All

Groupname Guest Group VanId Start Time Expiry Time Access on Days

: : : : : :

g2 NO 6 0600 2000 Weekdays

Groupname Guest Group VanId Start Time Expiry Time Access on Days

: : : : : :

guests YES 9 0000 2359 All


4-102 WS2000 Wireless Switch System Reference Guide

4.21.7 System Userdb Groups show Command show System User Database Group Commands

Shows the existing groups. Syntax show [groups|users <group>] Parameters

show [groups| users <group>]

Displays user database groups information. • group – Displays a list of the defined groups. • users <group> – Displays a list of users in group <group>.

Example admin(system.userdb.group)>show groups admin(system.userdb.group)>show groups List of Group Names : Groupname Guest Group VanId Start Time Expiry Time Access on Days

: : : : : :

g1 NO 1 0000 2359 All

Groupname Guest Group VanId Start Time Expiry Time Access on Days

: : : : : :

g2 NO 1 0000 2359 ALL

Groupname Guest Group VanId Start Time Expiry Time Access on Days

: : : : : :

g3 NO 1 0000 2359 All

admin(system.userdb.group)>show users g1 List of Users of Group : Admin L1User Related Commands

create delete set

Creates a new group. Deletes a group. Sets group parameters


System CLI Commands Reference 4-103

4.22 System User Database User Commands user System User Database Commands

Displays the user submenu. Syntax admin(system.userdb)> user admin(system.userdb.user)>

The items available under this command are shown below. Command

add del clearall set show guest quit save .. /

Description

Adds a new user to the database. Deletes a user from the database. Removes all User IDs Sets the password for a user. Shows a list of users and group information about a user. Manages guest users Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

Ref.

page 4-104 page 4-105 page 4-106 page 4-107 page 4-108 page 4-109 page 4-1 page 4-1 page 4-1 page 4-1


4-104 WS2000 Wireless Switch System Reference Guide

4.22.1 System Userdb User add Command add System User Database User Commands

Adds a new user to the database. Syntax add <userid> <password> Parameters

add <userid> <password> Adds a user to the database with the ID <userid> and password <password> (1 â&#x20AC;&#x201C; 8 characters). Example admin(system.userdb.user)>add fred fredpass admin(system.userdb.user)>add joe joepass admin(system.userdb.user)>add sally sallypa admin(system.userdb.user)> List of User Ids : fred joe sally Related Commands

show users del

Show a list of the users in the database. Deletes a user from the database.


System CLI Commands Reference 4-105

4.22.2 System Userdb User del Command del System User Database User Commands

Deletes a user from the database. Syntax del <userid> Parameters

del <userid>

Deletes the user with the ID <userid> from the database.

Example admin(system.userdb.user)>show users List of User Ids : John Jane Bill Amanda

Guest User NO NO NO NO

:

admin(system.userdb.user)>del Bill admin(system.userdb.user)>show users List of User Ids : John Jane Amanda

Guest User NO NO NO

:

Related Commands

add Adds a user to the database. show users Displays a list of users in the database.


4-106 WS2000 Wireless Switch System Reference Guide

4.22.3 System Userdb User clearall Command clearall System User Database User Commands

Clears all the users from the local database. Syntax clearall Parameters

None Example admin(system.userdb.user)>show users List of User Ids : John Jane Bill Amanda admin(system.userdb.user)> admin(system.userdb.user)> clearall admin(system.userdb.user)> admin(system.userdb.user)> show users entries = 0 List of User Ids : No Users

Guest User NO NO NO NO

:

Guest User

:


System CLI Commands Reference 4-107

4.22.4 System Userdb User set Command set System User Database User Commands

Sets the password for a user. Syntax set <userid> <password> Parameters

set <userID> <password>

Resets the password for user with <userid> to <password>.

Example admin(system.userdb.user)>set fred frednew Related Commands

add

Adds a new user.


4-108 WS2000 Wireless Switch System Reference Guide

4.22.5 System Userdb Users show Command show System User Database User Commands

Shows a list of users and group membership for a particular user. Syntax show [groups <userid>|users] Parameters

show [groups <userid>|users]

Displays group membership and user information. • groups <userid> – Displays the list of groups that a user with <userid> belongs. • users – Displays a list of all defined users in the database.

Example admin(system.userdb.user)>show user List of User Ids : Guest User John NO Jane NO Bill NO Amanda NOadmin(system.userdb.user)>.. admin(system.userdb.user)>group admin(system.userdb.group)>create g1 admin(system.userdb.group)>add John g1 admin(system.userdb.group)>.. admin(system.userdb.user)>user admin(system.userdb.user)>show groups John List of Groups of user : g1 Related Commands

add

Add a user to the database.

:


System CLI Commands Reference 4-109

4.23 System User Database User Guest commands guest System User Database User Commands

Displays the Guest submenu. Syntax admin(system.userdb.user)> guest admin(system.userdb.guest)>

The items available under this command are shown below. Command

set show clear quit save .. /

Description

Sets the parameters for guest users. Shows the list of guest users Clears guest users and guest groups. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

Ref.

page 4-110 page 4-111 page 4-112 page 4-1 page 4-1 page 4-1 page 4-1


4-110 WS2000 Wireless Switch System Reference Guide

4.23.1 System Userdb User Guest set Command set System User Database User Commands

Sets the parameters for guest users. Syntax set [guest-user|start-date|expiry-date] set guest-user <guest-user> <guest-group> set start-date <guest-user> <date-time> set expiry-date <guest-user> <date-time> Parameters

guest-user <guest-user> <guest-group> start-date <guest-user> <date-time> expiry-date <guest-user> <date-time>

Adds the guest user <guest-user> to the guest user group <guest-group>.

Sets the start date for a guest user <guest-user>. This is the date and time combination from when a guest user can access the resources. <date-time> value must be in the MM:DD:YYYY-hh:mm format (02:24:2008-21:06). Sets the date when the guest user account <guest-user> expires. This is the date and time combination after which the account becomes inactive. <date-time> value must be in the MM:DD:YYYY-hh:mm format (02.24:2008-21:06).

Example admin(system.userdb.user.guest)> set guest-user guest1 GroupOfGuestUsers admin(system.userdb.user.guest)> show users Guest Username Belongs to Group Start Date Time Expiry Date Time

: : : :

guest1 GroupOfGuestUsers 01:16:1970-01:10 01:17:1970-01:10

admin(system.userdb.user.guest)> set start-date guest1 01:01:2008-00:00 admin(system.userdb.user.guest)> set expiry-date guest1 01:31:2008-23:59 admin(system.userdb.user.guest)> show users Guest Username Belongs to Group Start Date Time Expiry Date Time

: : : :

guest1 GroupOfGuestUsers 01:01:2008-00:00 01:31:2008-23:59


System CLI Commands Reference 4-111

4.23.2 System Userdb User Guest show Command show System User Database User Commands

Displays information for guest users and guest user groups. Syntax show [groups|users] Parameters

show [guests|users]

Displays guest information. • groups – Displays the list of guest user groups • users – Displays the list of guest users.

Example admin(system.userdb.user.guest)> show users Guest Username Belongs to Group Start Date Time Expiry Date Time

: : : :

guest1 GroupOfGuestUsers 01:01:2008-00:00 01:31:2008-23:59

admin(system.userdb.user.guest)> show groups Guest Groupname VanId Start Time Expiry Time Access on Days

: : : : :

GroupOfGuestUsers 1 0000 2359 Weekdays


4-112 WS2000 Wireless Switch System Reference Guide

4.23.3 System Usredb User Guest clear Command clear System User Database User Commands

Clears all guest user and guest user groups from the local database. Syntax clear [guest-group|guest-user] clear guest-group <guest-group> clear guest-user <guest-user> Parameters

guest-group <guest-group> guest-user <guest-user>

Clears the guest group indicated by <guest-group> Clears the guest user indicated by <guest-user>

Example admin(system.userdb.user.guest)> clear guest-group GroupOfGuestUsers admin(system.userdb.user.guest)> clear guest-user guest1 admin(system.userdb.user.guest)> show groups No Guest Groups


System CLI Commands Reference 4-113

4.24 System WS2000 Commands WS2000 system

Displays the WS 2000 submenu. Syntax admin(system)> ws2000 admin(system.ws2000)>

The items available under this command are shown below. Command

add delete restart set show quit save .. /

Description

Adds an administrative user Removes an administrative user Restarts the WS 2000 Wireless Switch Sets WS 2000 system parameters. Shows WS 2000 system parameter settings. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

Ref.

page 4-114 page 4-115 page 4-116 page 4-117 page 4-121 page 4-1 page 4-1 page 4-1 page 4-1


4-114 WS2000 Wireless Switch System Reference Guide

4.24.1 System WS2000 add Command add System WS2000 Commands

Adds a device that is allowed administrative access to the switch over WLAN. Syntax add administrator <ip> Parameters

add administrator <ip>

Adds the device specified by <ip> as an administrator for this device.

Example admin(system.ws2000)> add administrator 192.168.0.10 admin(system.ws2000)>


System CLI Commands Reference 4-115

4.24.2 System WS2000 delete Command delete System WS2000 Commands

Removes a device that is allowed administrative access to the switch over WLAN. Syntax delete administrator [<ip>|all] Parameters

delete administrator [<ip>|all]

Removes the specified device that is allowed administrative access of the switch from WLAN . • <ip> – Removes the device specified by <ip>. • all – Removes all devices

Example admin(system.ws2000)> delete administrator 192.168.0.10 admin(system.ws2000)> delete administrator all admin(system.ws2000)>


4-116 WS2000 Wireless Switch System Reference Guide

4.24.3 System WS2000 restart Command restart System WS2000 Commands

Restarts the WS 2000 Wireless Switch. Syntax restart Parameters

None Example admin(system.ws2000)>restart Restarting system. WS 2000 Wireless Switch 2.4.0.0-011B Copyright(c) Motorola Inc. 2003-2008. All rights reserved. Press escape key to run boot firmware ........ Power On Self Test testing testing testing testing

ram nor flash nand flash ethernet

: : : :

pass pass pass pass

... Starting iGateway Apps(1).... Starting iGateway Apps(2).... Using switch.o Starting Wireless Switch.... Configuring iGateway.... Starting SNMP.... Using led.o Starting WS2000 CLI.... Login:


System CLI Commands Reference 4-117

4.24.4 System WS2000 set Command set System WS2000 Commands

Sets WS 2000 system parameters. Syntax set [airbeam|ftp|ssh|applet|cc|cli|email|loc|name|domain-name|snmp| timeout|limited-access|dns-ip|sslv2|support-sshv1|dns-relay-mode] set set set set

airbeam airbeam airbeam airbeam

[mode|passwd|logging] mode <mode> passwd <password> logging <mode>

set [ftp|ssh|snmp] [lan|wan] [mode <mode>|logging <mode>] set [applet|cli] [lan|wan|slan|swan] [mode <mode>|logging <mode>] set set set set set set set set

email <email> cc <country-code> loc <location> name <device-name> domain-name <domain> timeout <timeout> limited-access <mode> dns-ip <ip>;

Parameters

airbeam mode <mode> airbeam passwd <passwd> airbeam logging <mode> applet [lan|wan|slan|swan] [mode <mode>| logging <mode>]

cc <country-code>

Enables or disables airbeam access. <mode> can be one of enable or disable. Sets the airbeam password to <passwd> (1–39 characters). Sets the logging mode for airbeam access.<mode> can be one of enable or disable. Configures access to the applet. • lan mode <mode> – Enables/disables http applet access from LAN. • wlan mode <mode> – Enables/disables http applet access from WAN. • slan mode <mode> – Enables/disables https applet access from LAN. • swan mode <mode> – Enables/disables https applet access from WAN. <mode> can be one of enable or disable. logging <mode> – Enables/disables logging for each access type. Sets the WS2000 two-letter country code to <country-code>.


4-118 WS2000 Wireless Switch System Reference Guide

cli [lan|wan|slan|swan] Configures access to the Command Line Interface (CLI). [mode <mode>| • lan mode <mode> – Enables/disables http applet access from LAN. logging <mode>] • wlan mode <mode> – Enables/disables http applet access from WAN. • slan mode <mode> – Enables/disables https applet access from LAN. • swan mode <mode> – Enables/disables https applet access from WAN. <mode> can be one of enable or disable. logging <mode> – Enables/disables logging for each access type. email Sets the WS2000 admin email address to <email> (1–59 characters). <email> ftp [lan|wan] [mode Configures access to FTP <mode>| • lan mode <mode> – Enables/disables http applet access from LAN. logging <mode>] • wlan mode <mode> – Enables/disables http applet access from WAN. <mode> can be one of enable or disable. logging <mode> – Enables/disables logging for each access type. loc <location> Sets the WS2000 system location to <location> (1–59 characters). name <device-name> Sets the WS2000 system name to <device-name> (1–59 characters). ssh [lan|wan] [mode Configures secure shell access (SSH) to the device. <mode>| • lan mode <mode> – Enables/disables http applet access from LAN. logging <mode>] • wlan mode <mode> – Enables/disables http applet access from WAN. <mode> can be one of enable or disable. logging <mode> – Enables/disables logging for each access type. snmp [lan|wan] [mode Configures SNMP access to the device. <mode>| • lan mode <mode> – Enables/disables http applet access from LAN. logging <mode>] • wlan mode <mode> – Enables/disables http applet access from WAN. <mode> can be one of enable or disable. logging <mode> – Enables/disables logging for each access type. timeout <time-out> Sets the idle timeout to <time-out> value in minutes (0–1440). Setting the value to 0 indicates not to timeout. limited-access <mode> Enables/disables management access to the WS2000 across subnets. When enabled, administrative access to the subnet interface is available only from hosts in the same subnet. When disabled, hosts from any subnet can access any subnet’s interface. <mode> can be one of enable or disable. dns-ip <ip> Sets the IP address of the Domain Name Server to resolve domain names to the IP address <ip>. domain-name <domain- Sets the name of the domain to <domain-name> for this WS2000. name> sslv2 <mode> Sets SSLv2 mode • <mode> – Enables/disables mode for apache support-sshv1 Sets SSHv1 mode. • <mode> – Enables/disables mode for sshv1 dns-relay-mode Sets DNS relay mode • <mode> – Enables/disables dns relay mode.


System CLI Commands Reference 4-119

Example admin(system.ws2000)>show all system name : system location : system Domain Name : admin email address : system uptime : WS2000 firmware version : WS2000 firmware build time : country code : applet http access from lan : applet http access from wan : applet https access from lan : applet https access from wan : cli telnet access from lan : cli telnet access from wan : snmp access from lan : snmp access from wan : airbeam/ftp lan access mode : airbeam/ftp wan access mode : ssh wan access mode : ssh lan access mode : airbeam access user name : airbeam access password : http/s timeout interval in minutes: limit ws2000 access : System Wide DNS IP Address :

Atlanta1 Atlanta Field Office docteam.motorola.com LeoExample@motorola.com 0 days 4 hours 33 minutes 2.3.1.0-004X Sat-May-31-00:42:16-IST-2008 us enable enable enable enable enable enable enable enable disable disable enable enable airbeam ******** 0 disable 192.168.0.1

admin(system.ws2000)>set name BldgC admin(system.ws2000)>set email johndoe@motorola.com admin(system.ws2000)>set applet lan enable admin(system.ws2000)>set airbeam mode enable admin(system.ws2000)>set airbeam passwd changeme admin(system.ws2000)>show all system name system location system Domain Name admin email address system uptime WS2000 firmware version WS2000 firmware build time country code applet http access from lan applet http access from wan applet https access from lan applet https access from wan cli telnet access from lan cli telnet access from wan snmp access from lan snmp access from wan airbeam/ftp lan access mode airbeam/ftp wan access mode ssh wan access mode ssh lan access mode airbeam access user name airbeam access password

: : : : : : : : : : : : : : : : : : : : : :

BldgC Atlanta Field Office docteam.motorola.com johndoe@motorola.com 0 days 4 hours 41 minutes 2.3.1.0-004X Sat-May-31-00:42:16-IST-2008 us enable enable enable enable enable enable enable enable disable disable enable enable airbeam ********


4-120 WS2000 Wireless Switch System Reference Guide

http/s timeout interval in minutes: 0 limit ws2000 access : disable System Wide DNS IP Address : 192.168.0.1 admin(system.ws2000)>


System CLI Commands Reference 4-121

4.24.5 System WS2000 show Command show System WS2000 Commands

Shows WS 2000 system information. Syntax show all Parameters

None Example admin(system.ws2000)>show all system name : system location : system Domain Name : admin email address : system uptime : WS2000 firmware version : WS2000 firmware build time : country code : applet http access from lan : applet http access from wan : applet https access from lan : applet https access from wan : cli telnet access from lan : cli telnet access from wan : snmp access from lan : snmp access from wan : airbeam/ftp lan access mode : airbeam/ftp wan access mode : ssh wan access mode : ssh lan access mode : airbeam access user name : airbeam access password : http/s timeout interval in minutes: limit ws2000 access : System Wide DNS IP Address : admin(system.ws2000)>

Atlanta1 Atlanta Field Office docteam.motorola.com LeoExample@motorola.com 0 days 4 hours 33 minutes 2.3.1.0-004X Sat-May-31-00:42:16-IST-2008 us enable enable enable enable enable enable enable enable disable disable enable enable airbeam ******** 0 disable 192.168.0.1


4-122 WS2000 Wireless Switch System Reference Guide

4.25 System CF commands cf system

Displays the CF submenu. Syntax admin(system)> cf admin(system.cf)>

The items available under this command are shown below. Command

ls quit .. /

Description

Lists the content of the CF card Quits the CLI Goes to the parent menu Goes to the root menu

Ref.

page 4-123 page 4-1 page 4-1 page 4-1


System CLI Commands Reference 4-123

4.25.1 System CF ls Command ls System CF commands

Displays the CF cardâ&#x20AC;&#x2122;s contents. Syntax ls {<directory-name>} Parameters

ls <directory-name>

Lists the contents of the CF card. The <directory-name> parameter is optional.

Example admin(system.cf)> ls . .. mf12.bin mf_02020200003R.bin admin(system.cf)> admin(system.cf)>


4-124 WS2000 Wireless Switch System Reference Guide

4.26 System HTTP commands http system

Displays the http submenu. Syntax admin(system)> http admin(system.http)>

The items available under this command are shown below. Command

import show quit save .. /

Description

Imports the Secured HTTP self certificate Shows all the Secured HTTP certificates. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

Ref.

page 4-125 page 4-126 page 4-1 page 4-1 page 4-1 page 4-1


System CLI Commands Reference 4-125

4.26.1 System HTTP import Command import System HTTP commands

Imports Secured HTTP self certificates. Syntax import self <cert-id> Parameters

import self <cert-id> Imports the Secured HTTP Self Certificate identified by the ID <cert-id>. Example admin(system.http)> import self 1


4-126 WS2000 Wireless Switch System Reference Guide

4.26.2 System HTTP show Command show System HTTP commands

Displays all Secure HTTP certificates on this device. Syntax show all Parameters

None Example admin(system.http)> show all http self certificate admin(system.http)>

: default


System CLI Commands Reference 4-127

4.27 System Test Commands test system

Displays the test submenu. Syntax admin(system)> test admin(system.test)>

The items available under this command are shown below. Command

set show quit save .. /

Description

Sets the different test parameters Displays the different test parameters and their set values. Quits the CLI Saves the configuration to system flash Goes to the parent menu Goes to the root menu

Ref.

page 4-128 page 4-129 page 4-1 page 4-1 page 4-1 page 4-1


4-128 WS2000 Wireless Switch System Reference Guide

4.27.1 System Test set Command set System Test Commands

Configures the different test parameters. Syntax set flow hbt wd pmd rs wme padding parp sip-portcheck weighted-wme int1 hosts mu_limit int4 str1 str2 str3 str4 interval


System CLI Commands Reference 4-129

4.27.2 System Test show Command show System Test Commands

Displays the test parameters. Syntax show all Parameters

None Example admin(system.test)> show all admin(system.test)>show all half fc window for ap100 val broadcasts in psp val drop bc pre wep val rate scale disable val wireless disable val psp fix more data val wpa2 tkip disabled val wpa ie before rsn ie val disable wpa countermeasures val WME enable Wisp alignment padding enable Proxy arp enable Weighted WME enable ARP Check enable SIP src/dst port check

: : : : : : : : : : : : : : :

int1 max lan hosts max clients/Portal int4 str1 str2 str3 str4

: : : : : : : :

[ [ [ [ [ [ [ [ [ [ [ [ [ [ [

0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000 0x0000

00006C06 200 64 00000000

........ ........ ........ ........ ........ ........ ........ ........ .......0 ......0. .....1.. ....1... ...0.... ..1..... .1......

.......0 ......1. .....1.. ....0... ...0.... ..0..... .0...... 0....... ........ ........ ........ ........ ........ ........ ........

] ] ] ] ] ] ] ] ] ] ] ] ] ] ]


4-130 WS2000 Wireless Switch System Reference Guide


Statistics Commands Statistics commands are used to view the different statistical information of the WS2000 Wireless Switch.

5.1 stats Admin Menu Commands

Use the stats command to go to the Stats menu admin>stats admin(stats)>

The following commands are available under the Stats menu: Command

Description

Ref.

show

Shows system status and statistics

page 5-2

rf

Goes to the RF Submenu

page 5-5

save

Saves the configuration to system flash

page 2-6

quit

Quits the CLI

page 2-5

..

Goes to the parent menu

page 2-7

/

Goes to the root menu

page 2-8


5-2 WS2000 Wireless Switch System Reference Guide

5.2 Stats Show Command show stats

Displays the system status and statistics for either the specified subnet or the WAN. Syntax show [leases|subnet|wan|stp|ips] show show show show show show show

leases subnet <idx> wan stp <idx> ips [global-stats|category-stats] ips global-stats ips category-stats <category-name>

Parameters

show leases show subnet <idx>

Show the leases issued by the switch. Shows subnet status, where <idx> (1â&#x20AC;&#x201C;6) is the index number of the subnet (LAN) to show. show wan Shows WAN status. show stp <idx> Shows the LAN Spanning Tree Protocol statistics for the subnet <idx> (1-6). show ips global-stats Shows the IPS Global statistics show ips category-stats Show the IPS statistics for a category. Select <category> from: <category> TELNET, POP3, IMAP, NNTP, FTP, SNMP, TCPDNS, UDPDNS, TCPRPC, UDPRPC, HTTP, SMTP, TCPGEN, UDPGEN, TCP, UDP, ICMP, IP To display stats for all IPS signature categories do not pass any parameter to <category>. Example

show subnet example admin(stats)>show subnet 1 LAN Interface Information subnet interface 1 : enable ip address 1 : 192.168.0.1 network mask : 255.255.255.0 ethernet address : 00A0F86FD8FD LAN Rx Information rx packets : 236530 rx bytes : 31581419 rx errors : 0 rx dropped : 0 rx overruns : 0 rx frame errors : 0 LAN Tx Information tx packets : 100101 tx bytes : 40811508 tx errors : 0 tx dropped : 0


Statistics Commands 5-3

tx overruns : 0 tx carrier errors : 0 Port 1 link status : up speed : 100 Mbps Port 2 link status : up speed : 100 Mbps Port 3 link status : down Port 4 link status : down Port 5 link status : down Port 6 link status : down WLAN Interfaces wlans : wlan1

show wan example admin(stats)>show wan WAN Interface Information wan interface 1 : enable ip address 1 : 192.168.24.198 wan interface 2 : disable ip address 2 : 192.168.24.198 wan interface 3 : disable ip address 3 : 192.168.24.198 wan interface 4 : disable ip address 4 : 192.168.24.198 wan interface 5 : disable ip address 5 : 192.168.24.198 wan interface 6 : disable ip address 6 : 192.168.24.198 wan interface 7 : disable ip address 7 : 192.168.24.198 wan interface 8 : disable ip address 8 : 192.168.24.198 network mask : 255.255.255.0 ethernet address : 00A0F86FD8FC link status : up speed : 100 Mbps WAN Rx Information rx packets : 226809 rx bytes : 311719105 rx errors : 1 rx dropped : 0 rx overruns : 0 rx frame errors : 1 WAN Tx Information tx packets : 5499 tx bytes : 559567 tx errors : 0 tx dropped : 0 tx overruns : 0 tx carrier errors : 0


5-4 WS2000 Wireless Switch System Reference Guide

show ips global-stats example. admin(stats)>show ips global-stats IPS GLOBAL STATISTICS ================================================ Number of Packets Received : 124832934 Number of Packets Processsed : 124832899 Number of Packets Dropped : 35 Number of Connecti ns Disconnected: 6

show ips category-stats example. admin(stats)>show ips category-stats TCP Category Name Number of rules Number of alerts Number of logs Number of pkts droped Number of disconnection

: : : : : :

TCP 6 18 9 45 1

: : : : : : : :

enable 8000.00157000C851 8000.00157000C851 0 0 20 2 15

show stp example: admin(stats)>show stp 1 LAN1 Spanning Tree Info: Spanning Tree Designated Root Bridge ID Root Port Root Path Cost Bridge Max Msg Age Bridge Hello Time Bridge Forward Delay

Port Interface Table: ------------------------------------------------------------------------Designated Designated Designated Port - State - Cost Root Bridge Port Designated Cost ------------------------------------------------------------------------ixp0v0 Fwding 100 8000.00157000C851 8000.00157000C851 8001 0 ixp1v0 Fwding 100 8000.00157000C851 8000.00157000C851 8002 0


Statistics Commands 5-5

5.3 Statistics RF Commands rf stats

Displays the RF statistics submenu. Syntax admin(stats)> rf admin(stats.rf)>

The items available under this command are shown below. Command

show reset quit save .. /

Description

Shows RF statistics. Resets/clears all RF statistics. Quits the CLI. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.

Ref.

page 5-7 page 5-6 page 5-1 page 5-1 page 5-1 page 5-1


5-6 WS2000 Wireless Switch System Reference Guide

5.3.1 Stats RF reset Command reset Statistics RF Commands

Resets/clears all RF statistics. Syntax reset Parameters

None Example admin(stats.rf)>reset admin(stats.rf)>


Statistics Commands 5-7

5.3.2 Stats RF show Command show Statistics RF Commands

Shows radio frequency (RF) statistics. Syntax show [all|wlan|ap|mu|mesh-base|mesh-client|total] show show show show show show show

all [wlan|ap|mu|mesh-base|mesh-client] wlan <idx> ap <idx> mu <mu> mesh-base <base> mesh-client <client> total

Syntax: show all [wlan|ap|mu| Shows all statistics for: mesh-base|mesh-client] • wlan – Shows all WLAN status. • ap – Shows all Access Port status. • mu – Shows all mobile unit (MU) status. • mesh-base – Shows all mesh-base statistics • mesh-client – Shows all mesh-client statistics show wlan <idx> Shows the specified WLAN’s statistics, where <idx> is the index number of the WLAN. show ap <idx> Shows the specified Access Port’s statistics, where <idx> is the index number of the Access Port (1–12). show mu <mu> Shows the specified mobile unit’s statistics, where <mu> is the index number of the mobile unit (1–200). show mesh-base <base> Shows the statistics for the mesh base with index <base> (1-36). show mesh-client Shows the statistics for the mesh client with index <client> (1-72). <client> show total Shows total switch statistics. Example admin(stats.rf)>show all wlan Index Name Status

: 1 : WLAN1 : Enabled

Index Name Status

: 2 : WLAN2 : Disabled

Index Name Status

: 3 : WLAN3 : Disabled

Index

: 4


5-8 WS2000 Wireless Switch System Reference Guide

Name Status

: WLAN4 : Disabled

Index Name Status

: 5 : WLAN5 : Disabled

Index Name Status

: 6 : WLAN6 : Disabled

Index Name Status

: 7 : WLAN7 : Disabled

Index Name Status

: 8 : WLAN8 : Disabled

admin(stats.rf)>show wlan 1 Name ESSID Subnet Adopted APs Number of Associated MUs

: : : : :

Packets per second Throughput Average Bit Speed

: 0.00 pps : 0.00 Mbps : 0.00 Mbps

Non-Unicast Packets

: 0.00 %

Signal Noise Signal-to-Noise

: 0.0 dBm : 0.0 dBm : 0.0 dBm

Average Number of Retries Dropped Packets Undecryptable Packets

: 0.00 Retries : 0.00 % : 0.00 %

WLAN1 101 Subnet1 2 0

admin(stats.rf)>show all ap ap index ap status

: 1 : not connected

ap index ap status

: 2 : connected

ap index ap status

: 3 : not connected

ap index ap status

: 4 : not connected

ap index ap status

: 5 : not connected

ap index ap status

: 6 : not connected


Statistics Commands 5-9

ap index ap status

: 7 : not connected

ap index ap status

: 8 : not connected

ap index ap status

: 9 : not connected

ap index ap status

: 10 : not connected

ap index ap status

: 11 : not connected

ap index ap status

: 12 : not connected

admin(stats.rf)>show ap 2 Name Location Radio Type Current Channel Adopted By Number of Associated Mus

: : : : : :

AP2

Packets per Throughput Average Bit Approximate Non-Unicast

: : : : :

0.13 pps 0.00 Mbps 0.00 Mbps 0.00 % 100.00 %

second Speed Utilization Packets

802.11 B 1 WLAN1 0

Signal Noise Signal-to-Noise

: 0.0 dBm : 0.0 dBm : 0.0 dBm

Average Number of Retries Dropped Packets Undecryptable Packets

: 0.00 Retries : 0.00 % : 0.00 %


5-10 WS2000 Wireless Switch System Reference Guide


MOTOROLA INC. 1303 E. ALGONQUIN ROAD SCHAUMBURG, IL 60196 http://www.motorola.com

72E-132762-01 Revision A December 2009