Enterasys ® Wireless Controller, Access Points and Convergence Software CLI Reference Guide Version 7.
Notice Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and its web site without prior notice. The reader should in all cases consult Enterasys Networks to determine whether any such changes have been made. The hardware, firmware, or software described in this document is subject to change without notice.
Enterasys Networks, Inc. Software License Agreement This document is an agreement (“Agreement”) between You, the end user, and Enterasys Networks, Inc. on behalf of itself and its Affiliates (“Enterasys”) that sets forth your rights and obligations with respect to the software contained in CD‐ROM or other media.
. PROTECTION AND SECURITY. In the performance of this Agreement or in contemplation thereof, You and your employees and agents may have access to private or confidential information owned or controlled by Enterasys relating to the Licensed Materials supplied hereunder including, but not limited to, product specifications and schematics, and such information may contain proprietary details and disclosures.
9. UNITED STATES GOVERNMENT RESTRICTED RIGHTS. The Licensed Materials (i) were developed solely at private expense; (ii) contains “restricted computer software” submitted with restricted rights in accordance with section 52.227‐19 (a) through (d) of the Commercial Computer Software‐Restricted Rights Clause and its successors, and (iii) in all respects is proprietary data belonging to Enterasys and/or its suppliers.
Contents About This Guide Who Should Use This Guide ........................................................................................................................... xxi How to Use This Guide .................................................................................................................................... xxi Related Documentation ..................................................................................................................................
3.15 radtest................................................................................................................................................... 3.16 radtest_mba.......................................................................................................................................... 3.17 reset...................................................................................................................................................... 3.18 restart .......................
3.21.49 show users ................................................................................................................................ 3.21.50 show vnsmode .......................................................................................................................... 3.21.51 show vnsmode radius ............................................................................................................... 3.21.52 show web ...............................................................
4.3.1.9.19 n_chlwidth ................................................................................................................ 4.3.1.9.20 n_guardinterval ........................................................................................................ 4.3.1.9.21 n_pbthreshold .......................................................................................................... 4.3.1.9.22 n_pmode ..............................................................................................
4.3.2.8.3 beaconp ..................................................................................................................... 4.3.2.8.4 dcs.............................................................................................................................. 4.3.2.8.4.1 channel_plan .................................................................................................... 4.3.2.8.4.2 mode..............................................................................................
4.3.4.8 radio1................................................................................................................................... 4.3.4.8.1 admin-mode ............................................................................................................... 4.3.4.8.2 atpc ............................................................................................................................ 4.3.4.8.3 beaconp ...........................................................................
4.3.5 learnac .......................................................................................................................................... 4-97 4.3.6 std ................................................................................................................................................. 4-97 4.3.6.1 bcast_disassoc .................................................................................................................... 4-97 4.3.6.2 client_session .........................
4.4 export_drm ........................................................................................................................................... 4.5 import_drm ........................................................................................................................................... 4.6 load-groups........................................................................................................................................... 4.6.1 create ..................................
4.12.24 persistent................................................................................................................................. 4.12.25 poll_timeout............................................................................................................................. 4.12.26 port-setting .............................................................................................................................. 4.12.27 radio1 .......................................................
8.2.2 primary ............................................................................................................................................ 8.2.3 authset ............................................................................................................................................ 8.2.4 move ............................................................................................................................................... 8.2.5 radtest_login............................
13.5 location ................................................................................................................................................. 13.6 port ....................................................................................................................................................... 13.7 publish-ap ............................................................................................................................................. 13.8 rcommunity ................
.4.3 acfilters........................................................................................................................................ 18-7 18.4.3.1 create................................................................................................................................. 18-8 18.4.3.2 config ............................................................................................................................... 18-10 18.4.3.3 delete.......................................
Chapter 19: wlans Commands 19.1 clients ................................................................................................................................................... 19-1 19.1.1 client............................................................................................................................................ 19-2 19.1.2 descr ...........................................................................................................................................
19.6.5.21 nasip .............................................................................................................................. 19.6.5.22 password ....................................................................................................................... 19.6.5.23 protocol.......................................................................................................................... 19.6.5.24 remove.........................................................................
20.5 .................................................................................................................................... 20-4 20.5.1 show.......................................................................................................................................... 20-5 20.5.2 filter-status................................................................................................................................... 20-5 20.5.3 name ..............................
21.4.3.4.12 mode .................................................................................................................... 21.4.3.4.13 range .................................................................................................................... 21.4.3.4.14 show..................................................................................................................... 21.4.3.4.15 wins ............................................................................................
About This Guide The Command Line Interface (CLI) is used to configure the Enterasys Wireless Controller and its Wireless APs. It is accessible directly on the controller’s console port, or via Secure Shell (SSH) access on the ESA or Management ports. Who Should Use This Guide This guide is intended for system test and development engineers who understand all components of the Enterasys Wireless Controller.
Related Documentation • Chapter 17, users Commands, describes commands used to manage user accounts on the network. • Chapter 18, VNS Commands (vnsmode), describes commands for the setup of virtual network services (VNS) for the network. • Chapter 19, wlans Commands, describes commands used to define and configure WLAN services for the network. • Chapter 20, policy Commands, describes commands used to define and configure policy for the Enterasys Wireless Controller.
Keyboard Shortcuts Table ii-1 Conventions Used in the CLI Reference Guide (continued) Convention Description | Vertical bars separate alternate parameters () Round brackets create parameter groups [< >] Angle brackets contained in brackets indicate a required variable within an optional parameter Note: Do not type brackets, angle brackets or vertical bars when using parameters for a command.
Getting Help xxiv • A description of your network environment (such as layout, cable type, other relevant environmental information) • Network load and frame size at the time of trouble (if known) • The device history (for example, if you have returned the device before, or if this a recurring problem) • Any previous Return Material Authorization (RMA) numbers About This Guide
1 CLI Structure The commands of the CLI are structured by context. Each context contains commands which relate to a specific function type.
Account Types copy Transfer files between the controller and an external server.
2 Common Commands The following commands are used universally throughout the CLI shell. 2.1 apply Use the apply command, after a command or a series of commands have been executed, for the configuration of the Enterasys Wireless Controller to take affect. Syntax apply Parameters None Examples The following example disables the DNS server configuration. EWC.enterasys.com:dns# no dns 192.1.1.3 EWC.enterasys.
2.3 exit Use the exit command to return to the previous context, or to exit the shell if you are in the base context. Syntax exit Parameters None Examples The following example exits a context and moves up one level to the previous context. EWC.enterasys.com:policy:p1# exit EWC.enterasys.com:policy# The following example exits the shell from the base context. EWC# exit 2.4 help Use the help command to display available commands in a context, or obtain usage information for a specified command.
2.5 logout Use the logout command to exit the shell immediately. Syntax logout Parameters None Examples The following example exits the shell. EWC.enterasys.com:interface:eth0# logout 2.6 no Use the no option to disable a function of a command. Use the command’s syntax without the no form to enable it. The no option can also be used to delete settings or files when used with certain commands. Note: Not all commands within the CLI include a no option.
Parameters None Examples The following example displays the DNS configuration. EWC.enterasys.com:dns# show dns 1 192.1.1.3 dns 2 192.1.2.3 dns 3 192.1.3.
3 root Commands The root context of the CLI displays available commands relating to the Enterasys Wireless Controller’s configuration, as well as available sub‐contexts. Note: All CLI commands cache changes. For this reason, sometimes when you make a change in a particular context, the change may not be visible immediately. If this happens, you must exit and reenter the context in order to ensure that the database is synchronized with the latest change.
Table 3-1 Root Commands Documented in Feature Chapters (continued) Command Description mobility The mobility command moves you to the mobility context of the CLI, providing commands that configure the sharing and exchanging of client session information, which enables a wireless device to roam between Wireless APs on different Enterasys Wireless Controllers without service interruption. See Chapter 10, mobility Commands.
3.1 audit Use the audit command to delete audit information or export it to a temporary file directory on the Enterasys Wireless Controller. Syntax audit (delete|export) Parameters delete Indicates that audit information will be deleted export Indicates that audit information will be exported Examples The following example deletes audit information from the Enterasys Wireless Controller EWC.enterasys.
3.2.2 pairip Use the pairip command to specify the backup of the Enterasys Wireless Controller’s IP address. Syntax pairip Parameters Specifies the IP address of the backup controller Examples The following example sets an IP address for the backup Enterasys Wireless Controller EWC.enterasys.com:availability# pairip 123.321.24.54 3.2.
Parameters None Examples EWC.enterasys.com:availability# fast_failover 3.2.5 link_timeout Use the link_timeout command to specify the time period in which the link failure between the Wireless APs and the primary controller in ‘availability’ mode would be detected. Syntax link_timeout Parameters Specifies time period in seconds before link failure is detected Examples The following example sets the time for link failure detection to 10 seconds EWC.enterasys.
3.2.7 sync-mu Use the sync‐mu command to enable or disable synchronization of MU accounts. Syntax [no] sync-mu Parameters None. Examples The following example enables the synchronization of the MU accounts. EWC.enterasys.com:availability# sync-mu 3.3 backup Use the backup command to save Enterasys Wireless Controller data to a file.
3.4 copy Use the copy command to transfer files between the Enterasys Wireless Controller and an external server. Note: Available filenames and platform information can be retrieved by invoking the respective show commands. For more information, see “3.21, show” on page 3-23.
Please input password: Attempting to upload file... SUCCESS: Upload completed. The following command copies an upgrade image for the W788 platform from a server to the Enterasys Wireless Controller. EWC.enterasys.com# copy apup 192.168.16.21 test new/ap/ W788-07.41.03.0003.img W788 Please input password: Attempting to download file using ftp ... SUCCESS: FTP Download completed. EWC.enterasys.com# The following command copies a restore file from a specific server to the Enterasys Wireless Controller. EWC.
Examples EWC.enterasys.com# host-attributes EWC.enterasys.com:host-attributes# 3.5.1 hostname Use the hostname command to configure a hostname for the controller. Syntax hostname | none Parameters Specifies the hostname of the controller. none Removes the configured hostname. Examples The following example specifies that the host name of the controller should be EWC123. EWC.enterasys.com:host-attributes# hostname EWC123 EWC.enterasys.
3.5.3 dns Use the dns command at the host‐attributes context to move into DNS server configuration context. Syntax dns Parameters None Examples EWC.enterasys.com:host-attributes# dns EWC.enterasys.com:host-attributes:dns# 3.5.3.1 dns Use the dns command in the dns context to configure DNS servers for the controller. You can configure up to three DNS servers to resolve RADIUS server host names to their corresponding IP addresses. Use the no form of the command to remove a DNS server configuration.
Specifies the new position of the DNS server that you want to reposition. Note: After you have run the move command, you must run the apply command to implement the changes. Examples The following example displays the current DNS server configuration. EWC.enterasys.com:host-attributes:dns# show dns 1 192.1.1.3 dns 2 192.1.2.3 dns 3 192.1.3.3 To move the DNS sever 192.1.3.
Filename (lab-91-f.16082010.110525): Comment: Please wait... CLI Export start: Mon Aug 16 11:05:33 2010 CLI Export end: Mon Aug 16 11:05:37 2010 Creating lab-91-f.16082010.110525... Backup/Export complete. The following example exports the controller’s CDRs in a .zip file. EWC.enterasys.com# export cdrs Filename (lab-91-f.16082010.110544): Comment: Please wait... Creating lab-91-f.16082010.110544... Backup/Export complete. The following example exports the controller’s logs in a .zip file. EWC.enterasys.
CLI Export start: Mon Aug 16 11:06:59 2010 CLI Export end: Mon Aug 16 11:07:03 2010 Creating lab-91-f.16082010.110654... Backup/Export complete. EWC.enterasys.com# Note: During the export process, the .zip file containing the controller's data is zipped. The exported file displays .zip extension. Note: If you want to upload the controller’s data to the FTP server, you must use the copy backup command. For more information, see “3.4, copy” on page 3-7. 3.
Successfully deleted file lab-91-f.16082010.110525 from flash 3.9 healthpoll Use the healthpoll command to enable or disable the poll timer. Syntax healthpoll Parameters enable Enables the poll timer disable Disables the poll timer Examples The following command enables the poll timer EWC.enterasys.com# healthpoll enable EWC.enterasys.com# show healthpoll healthpoll enable 3.
3.11 key Use the key command to configure license key information for the Enterasys Wireless Controller. Syntax key Parameters None Examples EWC.enterasys.com# key 3.11.1 activate Use the activate command to apply a license key on the Enterasys Wireless Controller. The activate command is accessible from the key context of the CLI. Syntax activate Parameters Specifies the license key to be applied on the Enterasys Wireless Controller.
Examples The following example applies a capacity enhancement license key on the Enterasys Wireless Controller. EWC.enterasys.com:key# ecap CAPCTL-12345678-22345678-32345678-42345678 3.11.3 extcp Use the extcp command to apply an external captive portal license key on the Enterasys Wireless Controller. The extcp command is accessible from the key context of the CLI.
any Allows the PHY to negotiate the port speed from any of the three options — 10, 100 or 1000 Mbps — and the duplex mode from any of the two option options — half‐duplex or full‐ duplex full Allows the PHY to operate in full duplex mode half Allows the PHY to operate in half‐duplex mode both Allows the PHY to auto‐negotiate either half‐duplex mode or the full‐duplex mode Examples for an Admin Port The following example sets the port speed to 100 Mbps, full duplex mode, and disables auto‐ negotiatio
Parameters ac Sets the log level of the Enterasys Wireless Controller ap Sets the log level of the Wireless AP 1 Indicates Critical severity level 2 Indicates Major severity level 3 Indicates Minor severity level 4 Indicates Informational severity level Examples The following example sets the Enterasys Wireless Controller’s log level to Minor EWC.enterasys.com# loglevel ac 3 Successfully set ac log level to Minor (3) 3.14 ping Use the ping command to ping an IP address. As of V7.
rtt min/avg/max/mdev = 0.204/0.281/0.423/0.101 ms The following example first uses the show topology l3 command to obtain interface names for use with ping as source addresses. Then, the following command pings an IP address using the IP address of interface name “esa1” (as determined with the the show topology l3 command) as the source address. EWC.enterasys.com# show topology l3 Name Mode L3:IP 1:Admin admin 192.168.4.37 2:esa0 physical 10.0.0.1 3:esa1 physical 10.0.1.
Please wait while all configured Radius Servers on this VNS are attempted as needed ... Turned tracing on for Radius Client. TRACE: Radius Request: CP: Server:192.0.1.202 Port:1812 Authtype:2 Username:sales Retries:0 Test Completed. 3.16 radtest_mba Use the radtest_mba command to test RADIUS servers used by the Enterasys Wireless Controller for Mac‐based authorization.
Parameters license Removes the installed license. mgmt Resets the management port configuration. Examples 1. The following example resets all configuration settings on the Enterasys Wireless Controller except for the management port configuration. You are prompted to confirm if you want to continue to reset the Enterasys Wireless Controller. EWC.enterasys.com# reset WARNING: Resetting will clear all configuration except for the management port configuration.
3.18 restart Use the restart command to restart individual processes on the Enterasys Wireless Controller. Note: Use the show system_state process command to list the current processes on the Active Controller. For more information, see “3.21.39, show system_state” on page 3-56.
3.20 secureconnection Use the secureconnection command to configure the shared secret between a Enterasys Wireless Controller and NetSight Wireless Manager. 3.20.1 secret Use the secret command to configure a shared secret for a Enterasys Wireless Controller and NetSight Wireless Manager. Use the no command to disable the shared secret. The secret command is available from the secureconnection context of the CLI. Syntax secret no secret Parameters
3.21.2 show active-user Use ths command to display the currently logged in user. Syntax show active-user Parameters None. Examples EWC.enterasys.com# show active-user User: admin 3.21.3 show ap Use the show ap command to show the configuration information of Wireless APs connected to the Enterasys Wireless Controller.
Examples The following example displays the serial number, name, and platform of connected Wireless APs. EWC.enterasys.
The following example displays the configuration information of the Wireless AP with the serial number 0122003880188015. EWC.enterasys.com# show ap 0500006072051201 config AP Serial Number: 0500006072051201 AP host name: AP2620-0500006072051201 AP Name: 0500006072051201 Description: Active # of clients: 0 AP software version: 07.41.03.0003 Port IP: 10.215.0.11 Status: approved role : ap Home: local DHCP IP address: 10.115.3.15 DHCP NetMask: 255.255.255.0 DHCP Gateway: 10.115.3.
dtim 5 beaconp 100 nonUnicastQuota 100 rts 2346 frag 2346 domain MyDomain channel current channel 0(0) last requested channel 0(0) divtx alternate divrx best preamble long tx_max_power 18 dBm hwretries 00000 radio mode b no atpc minbrate 1 maxbrate 11 maxoprate 54 max-distance 100 current_power: 18 dcs mode off channel_plan auto The following example displays the software version and hardware type for the Wireless AP. EWC.enterasys.com# show ap 0500006072051201 version Software version: 07.41.01.
3.21.4 show ap_certificate Use the show ap_certificate command to displays the Wireless AP’s current certificate credentials. Syntax show ap_certificate Parameters ap_serial Specifies Wireless AP’s serial number Examples EWC.enterasys.
Parameters None Examples The following example displays the Wireless APs connected to the Enterasys Wireless Controller. EWC.enterasys.com# show ap_inventory Name: 0002000007515340 Serial: 0002000007515340 Desc: Status: approved Software: V5 R3.10007.0 Hardware: A&D Scalance W786-2HPW-Internal Wired MAC: 00:0E:8C:8F:E5:B1 Poll Timeout: 15 Poll Interval: 3 Persistent: off Broadcast Dissoc: off Client Session Maintain:enabled Assn: Others Static IP: 10.208.0.249 Netmask: 255.255.255.
RX Diversity Best Best Preamble Long - No of Retries BK 0 0 No of Retries BE 0 0 No of Retries VI 0 0 No of Retries VO 0 0 No of Retries TVO 0 0 Protection Mode Auto - Protection Rate 11 Mbps - Protection Type CTS only - BSS:MAC (radio bg) -BSS:MAC (radio a) -- 3.21.7 show apup Use the show apup command to display all available upgrade images for Wireless APs on the Enterasys Wireless Controller by order of platform type.
AP3600-1 1: AP3600-07.41.01.0186.img AP3605 1: AP3600-07.41.01.0186.img AP3630-NAM 1: AP3600-07.41.01.0186.img AP3660 1: AP3600-07.41.01.0186.img AP4102 1: AP4102-07.41.01.0186.img AP4102C 1: AP4102-07.41.01.0186.img W786 1: W786-07.41.01.0186.img W786-1 1: W786-07.41.01.0186.img W786-2 1: W786-07.41.01.0186.img W788 1: W788-07.41.01.0186.img The following example displays the upgrade images available for the W788 platform only EWC.enterasys.com# show apup W788 W788 1: W788-07.41.01.0186.img 3.21.
3.21.9 show availability Use the show availability command to display availability settings for the Enterasys Wireless Controller. Syntax show availability Parameters None Examples The following example displays availability settings for the Enterasys Wireless Controller EWC.enterasys.com# show availability pair paired pairrole secondary pairip 192.168.4.207 fast_failover enabled link_timeout 2 sync-mu disabled 3.21.
Comment="Time for another backup" Backup type="all" Backup/Export saved from software version="C20-07.41.01.0186" 3.21.11 show bootrom Use the show bootrom command to display the bootrom images available on the Enterasys Wireless Controller, by order of Wireless AP. Use the optional parameter to display bootrom images by individual platform.
20050921wed 20050922thu 20050923fri 20050929thu 20050930fri 20051103thu The following example lists the file names within folder 20050921wed EWC.enterasys.com# show cdrs 20050921wed 1: 20050921194016.dat 2: 20050921204353.dat 3: 20050921212300.dat 4: 20050921212431.dat 5: 20050921213022.dat 6: 20050921213053.dat The following example selects a record by file name and displays its contents EWC.enterasys.com# show cdrs 20050921wed 20050921194016.
Disassociation_time = Dec 31 1969 19:00:00 Optionally, the same record could be viewed by specifying its number on the filename list instead of by its filename, as follows EWC.enterasys.com# show cdrs 20050921wed 1 3.21.13 show checkpoint Use the show checkpoint command to display the current Check Point configuration settings. Syntax show checkpoint Parameters None Examples The following example displays Check Point configuration settings EWC.enterasys.com# show checkpoint cplog cpip 1.1.1.
Clien Client Use Time t IP MAC r Conn. 172.1 00:40: 6.50. 96:AB: 250 61:58 BSS MAC 00:04:0 00: 0 0F: BB: 09: F6: A2 SSID Authe Privac Filter Proto Pkts Sent ntica y col tion Pkts Bytes Recvd Sent Bytes Recvd CNL- Ext 103- CP CPx 6 48 883 4937 6 48 883 4937 WPAPSK Global a Total 3.21.15 show clients vns Use the show clients vns command to display all clients connected to a specified VNS. Note: Use show vnsmode to list the VNS names used on the Enterasys Wireless Controller.
3.21.16 show run-config Use the show run‐config to display the system’s current running configuration commands. Syntax show run-config Parameters None 3.21.17 show dns Use the show dns command to display the DNS configuration. Syntax show dns [1-3] Parameters [1‐3] Specifies the position of the DNS server in the DNS servers list. Examples EWC.enterasys.com# show dns 1 dns 1 192.1.1.3 3.21.
3.21.19 show flash Use the show flash command to display whether the flash card is mounted or not. Note: The show flash command is applicable only to the Enterasys Wireless Controllers that support flash devices. Syntax show flash Parameters status Displays whether the flash card is mounted or not sysinfo Displays the memory usage information of the flash card list Displays all the files on the flash card Examples The following example displays that the flash card is mounted.
Examples The following example displays the current Health Poll Checking setting. EWC.enterasys.com# show healthpoll healthpoll enable 3.21.21 show import Use the show import command to display all the imported text files that contained the controller’s configuration, rogue data or both. Syntax show import Parameters None Examples The following example displays all the imported text files that contain the controller’s configuration, cdrs, logs, audit and rogue data. EWC.enterasys.
Import process is not started 3.21.23 show key Use the show key command to display the current product registration key information. Syntax show key Parameters None Examples The following example displays the current product registration key settings EWC.enterasys.
DOWN disable esa3 08:00:06:81:C2:80 UP enable admin 08:00:06:85:91:AD U 3.21.25 show lanset Use the show lanset command to display the ports’ speed — the data transmission rate of an output/input channel on each port Syntax show lanset Parameters None Examples The following example displays the lanset settings of a C2400 Controller. EWC.enterasys.
3.21.26 show log Use the show log command to display logs and reports for the Enterasys Wireless Controller. Syntax show log | [[first | last] ] Parameters log_name The log that you want to view: • ospf-neighbor • ospf-linkstate • dhcp • upgradeLog.txt • auditRecords.log • upgrade.log • configChanges.
EWC.enterasys.com# show log ospf-neighbor Neighbor RouterID Router Priority State IP Interface 192.168.12.7 1 Full/DR 10.91.0.2 esa0:10.91.0.1 The following example displays the log entries for the OSPF linkstate database EWC.enterasys.com# show log ospf-linkstate Router LSA (Type 1): Link ID Advertising Router Age Sequence No Checksum Link Count 192.168.4.202 192.168.4.202 1460 0x80000085 0x8f18 3 The following example displays the log entries for upgradeLog.txt. EWC.enterasys.
EWC.enterasys.com# show log configChanges.log CLI Import/EWC.enterasys.com: start: Tue Sep 14 00:27:57 2010 CLI Import/EWC.enterasys.com: end: Tue Sep 14 00:28:16 2010 EWC.enterasys.com# 3.21.27 show loglevel Use the show loglevel command to display the system log level of the Enterasys Wireless Controller or the Wireless AP.
config Displays the OSPF configuration details database Displays the OSPF linkstate database Examples The following example displays the details of all OSPF interfaces EWC.enterasys.com# show ospf interface OSPF Interface #0: Port Name :esa0 OSPF Status :Enabled OSPF authentication :None Link Cost :10 Hello Interval :10 Dead Interval :40 Retransmit Interval :5 Transmit Delay :1 The following example displays the details of all OSPF neighbors EWC.enterasys.
ASBR Summary LSA (Type 4): Link ID Advertising Router Age Sequence No Checksum 10.203.1.2 192.168.4.3 1324 0x8000002b 0xd1f4 10.203.1.2 192.168.4.9 970 0x8000002b 0xa31e AS-External LSA (Type 5): Link ID Advertising Router Age Sequence No 0.0.0.0 192.1.5.115 806 0x80000030 0x160a 10.22.1.0 192.168.3.2 585 0x800006f1 0x30e9 Checksum Route 0.0.0.0/0 10.22.1.0/24 3.21.
Lab12-open std enabled Lab12-open none disabled Lab12-INT_CP std enabled Lab12-INT_CP none internal Lab12-1 std enabled Lab12-1 none disabled top-routed std enabled aaaa none disabled Lab12-EXT_CP std enabled Lab12-EXT_CP none external 3.21.31 show report Use the show report command to display a list of all activity reports on the Enterasys Wireless Controller, or detailed information within an individual report.
The following example displays information contained within the external_connection report. EWC.enterasys.com# show report external_connection Connection Security Level 192.168.1.10 Open 192.168.3.25 Private The following example displays information contained within the active_wireless_aps report EWC.enterasys.com# show report active_wireless_aps name: 0409920201201319 serial: 0409920201201319 AP IP: 10.7.0.
ac_ip 10.109.0.1 ac_ixp_addr 10.109.0.1 ac_desc C20-37 mu_ip 172.22.215.27 mu_mac 00:14:6C:F6:A4:4E mu_user wzhu home ip 10.109.0.1 Tunnel with 10.209.2.1 Connected Tunnel with 10.109.1.4 Connected Tunnel with 10.109.0.5 Connected Tunnel with 10.209.0.3 Connected ac_ip 10.109.1.4 ac_ixp_addr 10.109.1.4 ac_desc EWC Tunnel with 10.209.2.1 Connected Tunnel with 10.109.0.1 Connected Tunnel with 10.109.0.5 Connected Tunnel with 10.209.0.3 Connected ac_ip 10.209.0.3 ac_ixp_addr 10.209.0.
3.21.32 show restore Use the show restore command to display the archives that can be restored on the Enterasys Wireless Controller. Syntax show restore Parameters None Examples The following lists the restorable archives on the Enterasys Wireless Controller EWC.enterasys.com# show restore 1: EWC.10112005.150257.zip 3.21.33 show routes Use the show routes command to display the routing table or static routes of the Enterasys Wireless Controller.
172.16.118.128 255.255.255.192 None esa9 Connected Active 172.16.118.192 255.255.255.192 None esa4 Connected Active 172.16.125.0 255.255.255.0 None esa10 Connected Active The following example displays the static routes on the Enterasys Wireless Controller EWC.enterasys.com# show routes static RouteID Dest Addr Netmask Next Hop Interface OverrideDynamic 1 0.0.0.0 0.0.0.0 10.7.0.2 1 on 3.21.
3.21.36 show snmp Use the show snmp command to display the SNMP settings for the Enterasys Wireless Controller. Syntax show snmp Parameters None Examples The following example displays the SNMP settings for the Enterasys Wireless Controller. EWC.enterasys.com# show snmp SNMP v1/v2 contact Bill Smith location lab-91 rcommunity public rwcommunity private context severity 4 (informational) port 162 publish-ap enable trap-manager-v1v2 1 136.157.233.176 trap-manager-v1v2 2 192.168.3.
radio1 Displays radio1 statistics radio2 Displays radio2 statistics interface Displays properties of a port on the Enterasys Wireless Controller Specifies the name of a port on the Enterasys Wireless Controller Examples The following example displays statistics for the Wireless AP 0001000418800008 EWC.enterasys.com# show stats ap 0001000418800008 Serial: 0409920201203917 IP Address: 10.222.0.126 Clients: 1 Home: local Session start: 2008-06-18 19:30:50 Uptime: 9878.
MAC Address: 00:0F:BB:09:EC:E1 MAC Address: 00:0F:BB:09:EC:E2 MAC Address: 00:0F:BB:09:EC:E3 MAC Address: 00:0F:BB:09:EC:E4 SSID: CNL-91-0-0-ssid SSID: CNL-91-0-1-ssid SSID: CNL-91-0-2-ssid SSID: CNL-91-0-3-ssid SSID: CNL-91-WDS-ssid Operational Max Rate: 54 Channel: 157:5785MHz Current Power Level(dBm): 0 IP Address: 10.91.0.50 Status: approved There are no active clients on this radio There are 1 WDS Children.
FCS Error Count 124944 WEP Undecryptable Count 0 Deauthentications Due to CAC 0 DCS Channel Utilization by Adjacent AP`s [%] - Average n/a DCS Channel Utilization by Adjacent AP`s [%] - Maximum n/a DCS Tx Channel Utilization [%] - Average n/a DCS Tx Channel Utilization [%] - Maximum n/a DCS Rx Channel Utilization [%] - Average n/a DCS Rx Channel Utilization [%] - Maximum n/a DCS Noise [dBm] - Average n/a DCS Noise [dBm] - Maximum n/a The following example displays the statistics for th
facility service 4 facility audit 6 3.21.39 show system_state Use the show system_state command to display the Enterasys Wireless Controller’s system information.
1131 RU Session Manager S 0.0 0.5 974 Host Services Manager S 0.0 2.3 1117 Radius Accounting S 0.0 0.4 - DHCP inactive - - 990 Test Client S 0.0 0.4 1129 LLC Handler S 0.0 0.6 The following example displays the CPU usage on the system EWC.enterasys.com# show system_state cpu CPU states: 1.5% user, 1.5% system, 0.0% nice, 6.8% idle The following example displays the memory usage on the system EWC.enterasys.
Primany DNS: 1.1.1.1 Secondary DNS: 2.2.2.2 Time Zone: America/Montreal Country: CA The following example displays system uptime EWC.enterasys.com# show system_state uptime System uptime: 6 days, 1:49 3.21.40 show tech_support Use the show tech_support to display a list of technical support files available on the system. Note: Use tech_support to generate technical support files. For more information, see “3.23, tech_support” on page 3-64.
3.21.42 show time-config Use the show time‐config command to display the system time and time server settings. Syntax show time-config Parameters None Examples The following example displays the system time and time server settings EWC.enterasys.com# show time-config ntp: internal ntp server ntpip 1 192.168.4.84 ntpip 2 192.168.4.89 ntpip 3 200.200.200.200 tz America/Montreal 3.21.43 show topology Use the show topology command to display the IDs and names of IP interfaces.
esa0 physical 545,esa0 10.109.0.1,10.0.0.2,non e esa1 physical -1,esa1 10.0.1.1,10.0.1.2,none Bridged at AP untagged b@ap -1,N/A Enterasys-37Topology b@ac 647,esa0 777 b@ac 777,esa-1 649 b@ac 649,esa-1 650 b@ac 650,esa0 10.209.2.37,0.0.0.0,non e Topology global info: Internal VLAN ID: 1 Multicast support: disabled Examples The following example uses the show topology l3 command to obtain interface information for use with the ping or traceroute commands EWC.enterasys.
EWC.enterasys.com# show traffic_capture capture is stopped 3.21.45 show upgrade Use the show upgrade command to display all of the software upgrade images available on the Enterasys Wireless Controller. Syntax show upgrade Parameters None Examples The following example displays the upgrade images on the Enterasys Wireless Controller. EWC.enterasys.com# show upgrade 1: AC-MV-07.41.03.0003-1.gps (flash) Note: Files located on an external flash card have (flash) next to them.
Examples EWC.enterasys.com# Date Type show upgrade_history Version Thu Feb 24 11:41:00 EST 2011 Upgraded 07.41.01.0150 Tue Jan 11 10:36:44 EST 2011 Installed 07.41.01.0100T Tue Jan 11 10:36:27 EST 2011 Installed OS-7_41_0-7 3.21.48 show upgrade_image_src Use show upgrade_image_src command to display the settings of FTP server where the controller’s new image is located. Syntax show upgrade_image_src Parameters None Examples EWC.enterasys.com# show upgrade_image_src upgrade_image_src 192.
Parameters None Examples The following example displays a list of every VNS currently on the Enterasys Wireless Controller EWC.enterasys.
3.21.52 show web Use the show web command to display the web timeout time (in minutes) — the time after which the web session will time out. Syntax show web Parameters None Examples EWC.enterasys.com# show web timeout 1:00 no showvns guestportal-admin-timeout 0:01 Note: The web timeout time is displayed in hh:mm format. In the above example, the web timeout time is 1 hour. 3.22 shutdown Use the shutdown command to stop or reboot the Enterasys Wireless Controller.
no tech_support (|) Parameters ap Collects Wireless AP information ac Collects Enterasys Wireless Controller information log Collects log information all Collects Wireless AP, Enterasys Wireless Controller, and log information Specifies the file name Specifies the listed number the file appears as [nostats] This parameter can be used with [tech_support ap] and [tech_support all].
Parameters source‐interface Keyword indicating that a source interface will be specified. name Identifies the source interface by name. The names are platform specific. You can use the show topology command to display a list of interfaces. number Identifies the source interface by number. The numbers are platform specific. Specifies an IP address. Examples The following example performs a traceroute to a specified IP Address EWC.enterasys.com# traceroute 68.142.226.
3.25 upgrade Use the upgrade commands to upgrade the software of the Enterasys Wireless Controller, Operating System, or the Wireless APs. 3.25.1 upgrade ac Use the upgrade ac command to upgrade the controller software. The upgrade ac command is accessible from the root context of the CLI. Syntax upgrade ac [bckto local|flash []|ftp] Parameters Specifies the file name of the new image.
In the following example, the upgrade image is downloaded from the remote ftp server and the existing image of the os is backed up to the remote ftp server. EWC.enterasys.
3.26 upgrade_backup_dest Use the upgrade_backup_dest command to backup the controller’s existing software image on the remote ftp server. Syntax upgrade_backup_dest Parameters The FTP server where the backup image will be created. The user name to access the FTP server. The password to access the FTP server. The directory where the new software image is located.
3-70 root Commands
4 ap Commands This section describes commands required to manage the basic functions of the Wireless APs on the system. These commands are found in the ap context of the CLI. Note: All CLI commands cache changes. For this reason, sometimes when you make a change in a particular context, the change may not be visible immediately. If this happens, you must exit and reenter the context in order to ensure that the database is synchronized with the latest change.
release | pending | approved | reboot|standalone| sensor [force] The administrative options for the Wireless AP Usage Configuring an 802.11n AP as standalone disconnects the AP from the HiPath Wireless Controller and converts the AP to standalone operation mode. After you convert an 802.11n AP to standalone mode, you can no longer access it using the HiPath Wireless Controller UI or CLI. Instead, you must access AP using the 802.11n AP UI or CLI. Note: You can convert an 802.
Parameters Specifies the IP address of the server Specifies the username of an account on the server Specifies the directory containing the file Specifies the file name Examples The following example exports the MAC address list to a file on a server EWC.enterasys.com:ap:blacklist# export 192.168.1.6 mgrey /mgrey/home MAClist.txt Please input password: Attempting to upload file... 4.2.
Parameters Specifies the MAC address to be added to the MAC address list. Examples The following example adds a MAC address to the MAC address list. EWC.enterasys.com:ap:blacklist# mac 43:0D:37:5C:8A:12 EWC.enterasys.com:ap:blacklist# show mac-list-mode black 43:0D:37:5C:8A:12 4.2.4 mac-list-mode Use this command to set the mode of the MAC address list.
The following commands are available in the ap:defaults context: • 11n — See 11n for commands in the ap:defaults:11n context. • 4102 — See 4102 for commands in the ap:defaults:4102 context. • assign — See assign for commands in the ap:defaults:assign context. • dualband — See dualband for commands in the ap:defaults:dualband context. • learnac • std — See std for commands in the ap:defaults:std context. 4.3.
Note: After you have run the bcast_disassoc command, you must run the apply command to implement the change in broadcast disassociation. 4.3.1.2 client_session Use the client_session command to enable users to maintain client sessions in the event of a poll failure. Use the no form of the command to disable the feature. The client_session command is accessible from the ap:defaults:11n context of the CLI.
4.3.1.4 lbs-status Use the lbs‐status command to enable or disable the collection of AeroScout tags for all 802.11n APs. The lbs‐status command is accessible from the ap:defaults:11n context of the CLI. Syntax lbs-status enable | disable Parameters enable|disable Enable or disable the collection of AeroScout tags for the 802.11n APs. Examples The following example enables the collection of AeroScout tags for the 802.11n APs. EWC.enterasys.com:ap:defaults:11n# lbs-status enable 4.3.1.
Specifies the delay, measured in seconds, between successive LLDP frame transmissions that is initiated by a value/status change in the LLDP local systems MIB. Range is 1 to 1/4 x Announcement Interval value. Examples The following example enables LLDP for the default Wireless AP configuration with an announcement interval of 30 seconds, and an announcement delay of 2. EWC.enterasys.
4.3.1.8 poll_timeout Use the poll_timeout command to set the amount of time the Wireless AP will wait for a response from the Enterasys Wireless Controller before rebooting. The poll_timeout command is accessible from the ap:defaults:11n context of the CLI. Syntax poll_timeout Note: The acceptable range for poll_timeout value is from 3 to 600. Parameters Specifies the amount of time, in seconds, to wait for a response from the Enterasys Wireless Controller before rebooting.
• n_aggr_msdu • n_aggr_msdu_max • n_chlbonding • n_chlwidth • n_guardinterval • n_pbthreshold • n_pmode • n_poffset • n_ptype • rts • tx_adjust_power • tx_max_power • tx_min_power 4.3.1.9.1 admin-mode Use this comment to configure the administration status for the radio. The admin‐mode command is accessible from the ap:defaults:11n:radio1 context of the CLI. Syntax admin-mode off|on Parameters off Clear the administrative status. on Set the administrative status.
left‐middle Specifies the use of the left‐middle antenna combination on the Wireless 802.11n AP. left‐right Specifies the use of the left‐right antenna combination on the Wireless 802.11n AP. middle‐right Specifies the use of the middle‐right antenna combination on the Wireless 802.11n AP. left‐middle‐right Specifies the use of the left‐middle‐right antenna combination on the Wireless 802.11n AP. Examples The following example depicts Radio 1of the Wireless 802.
Parameters Specifies the number of time units (milliseconds) between beacon transmissions. The acceptable range for beaconp value is from 50 to 1000 milliseconds. Examples The following example sets the time between successive beacons to 70 ms on Radio 1. EWC.enterasys.com:ap:defaults:11n:radio1# beaconp 70 Note: After you have run the beaconp command, you must run the apply command to implement the change. 4.3.1.9.
Examples The following example shows the channel plan for Radio 1 is configured to include all non‐DFS channels. EWC.enterasys.com:ap:defaults:11n:radio1:dcs# channel_plan all-non-dfs The following example shows that the channel plan for radio 1is customized to include channels 1, 2 and 3.. EWC.enterasys.com:ap:defaults:11n:radio1:dcs# channel_plan 1, 2, 3 4.3.1.9.5.2 mode Use the mode command to set the DCS mode. The mode command is accessible from the ap:defaults:11n:radio1:dcs context of the CLI.
Examples The following example sets the noise threshold to ‐45 dBm. EWC.enterasys.com:ap:defaults:11n:radio1:dcs# noise_threshold -45 4.3.1.9.5.4 occupancy_threshold Use the occupancy_threshold command to set the DCS Channel Occupancy Threshold. The occupancy_threshold command is accessible from the ap:defaults:11n:radio1:dcs context of the CLI. Syntax occupancy_threshold Parameters thrshold Specifies the DCS Occupancy Threshold as a percentage.
108: 5540 MHz 112: 5560 MHz 116: 5580 MHz 120: 5600 MHz 124: 5620 MHz 128: 5640 MHz 132: 5660 MHz 136: 5680 MHz 140: 5700 MHz 149: 5745 MHz 153: 5765 MHz 157: 5785 MHz 161: 5805 MHz 165: 5825 MHz 4.3.1.9.5.6 update_period Use the update_period command to set the DCS update period, during which the Wireless AP averages the DCS noise threshold and DCS channel occupancy threshold measurements. If either one of these thresholds is exceeded, the Wireless AP will trigger ACS.
Note: The maximum length of the domain string is 16 characters. Parameters Specifies the group name of APs that cooperate in managing RF channels. Examples The following example assigns the name test to the group of APs that cooperate in managing RF channels and transmission power levels. EWC.enterasys.com:ap:defaults:11n:radio1# domain test 4.3.1.9.7 dtim Use the dtim command to set the Delivery Traffic Indication Message (DTIM) period.
Parameters Specifies the maximum size, measured in bytes, of any packet fragment for delivery. Range is 256 to 2346. Examples The following example sets the fragmentation threshold to 1500 EWC.enterasys.com:ap:defaults:11n:radio1# frag 1500 4.3.1.9.9 max-distance Use the max‐distance command to set the maximum link distance, in meters, between APs that participate in a WDS.
Radio Mode Minimum Basic Rate Range per Mode a 6, 12, 24 an 6, 12, 24 n-strict 6, 12, 24, MCS0 – MCS7 Usage The minimum basic rate must be lower than or equat to the configured maximum basic data rate and maximum data rate that clients can operate at while associated with the AP. Examples This example sets the mode for radio 1 to a, then sets the minimum basic data rate to 12 Mbps. EWC.enterasys.com:ap:defaults:11n:radio1# mode a EWC.enterasys.com:ap:defaults:11n:radio1# minbrate 12 4.3.1.9.
Parameters None Examples The following example enables the ADDBA support. EWC.enterasys.com:ap:defaults:11n:radio1# n_addba_support 4.3.1.9.13 n_aggr_mpdu Use the n_aggr_mpdu command to enable the use of aggregate MPDU’s. Use the no command to disable this feature. The n_aggr_mpdu command is accessible from the ap:defaults:11n:radio1 context of the CLI. Syntax n_aggr_mpdu no n_aggr_mpdu Parameters None Examples The following example disables MPDU. EWC.enterasys.
Parameters <2‐64> The maximum number of subframes allowed in an aggregate MPDU. The acceptable range of values is from 2 to 64. Examples The following example sets the maximum number of subframes to 50. EWC.enterasys.com:ap:defaults:11n:radio1# n_aggr_mpdu_max_subframes 50 4.3.1.9.16 n_aggr_msdu Use the n_aggr_msdu command to enable the use of aggregate MSDUs. Use the no command to disable the use of aggregate MSDUs.
4.3.1.9.18 n_chlbonding Use the n_chlbonding command to specify the channel bonding type — up or down. The n_chlbonding command is accessible from the ap:defaults:11n:radio1 context of the CLI. Syntax n_chlbonding (up|down) Parameters up The primary channel (20MHz) is bonded with an extension channel that is 20MHz above (bonding up) the primary channel. down The primary channel (20MHz) is bonded with an extension channel that is 20MHz below (bonding down) the primary channel.
4.3.1.9.20 n_guardinterval Use the n_guardinterval command to specify the guard interval — short or long. The n_guardinterval command is accessible from the ap:defaults:11n:radio1 context of the CLI. Syntax n_guardinterval short|long Parameters short Specifies a short guard interval long Specifies a short guard interval Examples The following example sets the long guard interval. EWC.enterasys.com:ap:defaults:11n:radio1# n_guardinterval long 4.3.1.9.
Examples The following example enables the protection mode EWC.enterasys.com:ap:defaults:11n:radio1# n_pmode 4.3.1.9.23 n_poffset Use the n_poffset command to set the 40MHz Protection Channel Offset. The n_poffset command is accessible from the ap:defaults:11n:radio1 context of the CLI. Syntax n_poffset 20|25 Parameters 20 Specifies a 20 MHz channel offset 25 Specifies a 25 MHz channel offset Examples The following example sets the protection channel offset to 20 MHz. EWC.enterasys.
Note: The acceptable value for the rts value is 1 to 2346. Parameters Specifies the Request to Send packet size threshold. Examples The following example sets the RTS packet size to 256 EWC.enterasys.com:ap:defaults:11n:radio1# rts 256 4.3.1.9.26 tx_adjust_power Use the tx_adjust_power command to specify an offset to the Tx power level, which is used to adjust the ATPC power levels from the calculated value.
Examples The following example sets the maximum Tx power level to 18 dBm. EWC.enterasys.com:ap:defaults:11n:radio1# tx_max_power 18 4.3.1.9.28 tx_min_power Use the tx_min_power command to specify the minimum Tx power level. The tx_min_power command is accessible from the ap:defaults:11n:radio1 context of the CLI. Note: The tx_min_power is available only when Auto Tx Power Ctrl (ATPC) is enabled.
• n_aggr_msdu • n_aggr_msdu_max • n_chlbonding • n_chlwidth • n_guardinterval • n_pbthreshold • n_pmode • n_poffset • n_ptype • pmode • prate • preamble • ptype • rts • tx_max_power 4.3.1.10.1 admin-mode Use this comment to configure the administration status for the radio. The admin‐mode command is accessible from the ap:defaults:11n:radio2 context of the CLI. Syntax admin-mode off|on Parameters off Clear the administrative status. on Set the administrative status.
middle Specifies the use of the middle antenna on the Wireless 802.11n AP. right Specifies the use of the right antenna on the Wireless 802.11n AP. left‐middle Specifies the use of the left‐middle antenna combination on the Wireless 802.11n AP. left‐right Specifies the use of the left‐right antenna combination on the Wireless 802.11n AP. middle‐right Specifies the use of the middle‐right antenna combination on the Wireless 802.11n AP.
Parameters Specifies the number of time units (milliseconds) between beacon transmissions. The acceptable range for beaconp value is from 50 to 1000 milliseconds. Examples The following example sets the time between successive beacons to 70 ms on Radio 2. EWC.enterasys.com:ap:defaults:11n:radio2# beaconp 70 4.3.1.10.5 dcs The dcs command refers to the dcs context, which contains commands to configure the Dynamic Channel Selection (DCS) feature.
4.3.1.10.5.2 mode Use the mode command to set the DCS mode. The mode command is accessible from the ap:defaults:11n:radio2:dcs context of the CLI. Syntax mode Parameters off Disables DCS monitor Monitors the noise and interference on the current channel active Enables DCS Note: In monitor mode, DCS generates an alarm and does not change the channel if the noise and interference levels on the current channel exceed beyond their thresholds.
11: 2462 MHz 4.3.1.10.6 domain Use the domain command to identify a group of APs that cooperate in managing RF channels and transmission power levels. The domain command is accessible from the ap:defaults:11n:radio2 context of the CLI. Syntax domain Note: The maximum length of the domain string is 15 characters. Parameters Specifies the group name of APs that cooperate in managing RF channels.
that are less than or equal to this limit. The frag command is accessible from the ap:defaults:11n:radio2 context of the CLI. Syntax frag Parameters Specifies the maximum size, measured in bytes, of any packet fragment for delivery. Examples The following example sets the fragmentation threshold to 1500 EWC.enterasys.com:ap:defaults:11n:radio2# frag 1500 4.3.1.10.
Valid values for depend on the radio mode and are expressed as Mbps: Radio Mode Minimum Basic Rate Range per Mode b 1, 2, 5.5, 11 g 6, 12, 24 gn 6, 12, 24 n-strict 6, 12, 24, MCS0 – MCS7 bg 1, 2, 5.5, 11 bgn 1, 2, 5.5, 11 Usage The minimum basic rate must be lower than or equat to the configured maximum basic data rate and maximum data rate that clients can operate at while associated with the AP.
bgn Enable b/g/n modes of Radio 2. If enabled, the AP will use all available 11b, 11g, and 11n rates. Examples The following example enables only 802.11b mode of Radio 2. EWC.enterasys.com:ap:defaults:11n:radio2# mode b The following example enables both 802.11b mode and 802.11g mode of Radio 2. EWC.enterasys.com:ap:defaults:11n:radio2# mode bg 4.3.1.10.12 n_addba_support Use the n_addba_support command to enable the ADDBA support. Use the no command to disable the feature.
4.3.1.10.14 n_aggr_mpdu_max Use the n_aggr_mpdu_max command to specify the maximum length of the aggregate MPDU. The n_aggr_mpdu_max is accessible from the ap:defaults:11n:radio2 context of the CLI. Syntax n_aggr_mpdu_max <1024-65535> Parameters <1024‐65535> The maximum size in bytes for an aggregate MPDU.The range of values allowed is 1024 to 65535. Examples The following example sets the maximum length of the aggregate MPDU to 5000 bytes. EWC.enterasys.
Examples The following example disables the aggregate MSDU. EWC.enterasys.com:ap:defaults:11n:radio2# no n_aggr_msdu 4.3.1.10.17 n_aggr_msdu_max Use the n_aggr_msdu_max command to specify the maximum length of an A‐MSDU. The n_aggr_msdu_max command is accessible from the ap:defaults:11n:radio2 context of the CLI. Syntax n_aggr_msdu_max <2290-4096> Parameters <2290‐4096> The maximum size of bytes of a A‐MSDU. The range of values allowed is 2290 to 4096.
4.3.1.10.19 n_chlwidth Use the n_chlwidth command to specify the 802.11n channel width — 20 MHz or 40 MHz. This command only has affect when the mode is set to enable 802.11n. The n_chlwidth command is accessible from the ap:defaults:11n:radio2 context of the CLI.
Parameters <0‐100> Specifies the extension channel threshold value as a percentage. Examples The following example sets the extension channel threshold value to 60 per cent. EWC.enterasys.com:ap:defaults:11n:radio2# n_pbthreshold 60 4.3.1.10.22 n_pmode Use the n_pmode command to enable the protection on the primary channel. Use the no command to disable protection. The n_pmode command is accessible from the ap:defaults:11n:radio2 context of the CLI.
4.3.1.10.24 n_ptype Use the n_ptype command to specify the 40 MHz protection type — whether CTS, RTS or none. The n_ptype command is accessible from the ap:defaults:11n:radio2 context of the CLI. Syntax n_ptype {none|cts only|rts cts} Parameters none No 40 MHz protection type is enabled. cts only Specifies Clear to Send (CTS) protection type. rts cts Specifies Receive to Send (RTS) / Clear to Send (CTS) protection type. Examples The following example sets the clear to send (CTS) protection type.
4.3.1.10.26 prate Use the prate command to adjust the Protection Rate. The prate command is accessible from the ap:defaults:11n:radio2 context of the CLI. Syntax prate (1|2|5.5|11) Parameters 1|2|5.5|11 Specifies the Protection Rate in Mbps Examples The following example adjusts the Protection Rate to 5.5 Mbps EWC.enterasys.com:ap:defaults:11n:radio2# prate 5.5 4.3.1.10.27 preamble Use the preamble command to set the preamble type.
Parameters cts only Specifies the Clear to Send (CTS) type. rts cts Specifies the Request to Send (RTS) and Clear to Send (CTS) ypes Examples The following example sets the protection type to CTS EWC.enterasys.com:ap:defaults:11n:radio2# ptype cts only 4.3.1.10.29 rts Use the rts command to specify the size of the Request to Send (RTS) threshold. The rts command is accessible from the ap:defaults:11n:radio2 context of the CLI.
4.3.1.11 show Use the show command to display 802.11n AP information. The show command is accessible from the ap:defaults:11n context of the CLI. Syntax show Parameters None. Examples The following example displays 802.11n AP information. EWC.enterasys.com:ap:defaults:11n# show telnet poll_timeout 15 client_session no persistent no bcast_disassoc country United States led-mode normal lbs-status enabled 4.3.
command to disable the feature. The bcast_disassoc command is accessible from the ap:defaults:4102 context of the CLI. Syntax bcast_disassoc no bcast_disassoc Parameters None Examples The following disassociates clients from the Wireless AP EWC.enterasys.com:ap:defaults:4102# bcast_disassoc Note: After you have run the bcast_disassoc command, you must run the apply command to implement the change in broadcast disassociation. 4.3.2.
Examples The following example sets the name of the country to United States. EWC.enterasys.com:ap:defaults:4102# country United States Note: After you have run the country command, you must run the apply command to implement the change in country. 4.3.2.4 led-mode Use the led‐mode command to configure the behavior of the LEDs on the Wireless AP. The led‐ mode command is accessible from the ap:defaults:4102 context of the CLI. Syntax led-mode off | normal Parameters off Displays fault patterns only.
Examples The following example enables LLDP for the default Wireless AP configuration with an announcement interval of 30 seconds, and an announcement delay of 2. EWC.enterasys.com:ap:defaults:4102# lldp 30 2 If SNMP is enabled to publish on the Enterasys Wireless Controller and you enable LLDP, the following message is displayed: WARNING: SNMP is set to publish.
Parameters Specifies the amount of time, in seconds, to wait for a response from the Enterasys Wireless Controller before rebooting. Examples The following example sets the poll timeout to 20 seconds EWC.enterasys.com:ap:defaults:4102# poll_timeout 20 Note: After you have run the poll_timeout command, you must run the apply command to implement the change in poll timeout value. 4.3.2.
4.3.2.8.1 admin-mode Use this comment to configure the administration status for the radio. The admin‐mode command is accessible from the ap:defaults:4102:radio1 context of the CLI. Syntax admin-mode off|on Parameters off Clear the administrative status. on Set the administrative status. On is the default. Examples EWC.enterasys.com:ap:defaults:4102:radio1# admin-mode on 4.3.2.8.2 atpc Use the atpc command to enable Auto Tx Power Ctrl (ATPC). Use the no form of the command to disable the feature.
Examples The following example sets the time between successive beacons to 70 ms on Radio 1. EWC.enterasys.com:ap:defaults:4102:radio1# beaconp 70 4.3.2.8.4 dcs The dcs command refers to the dcs context, which contains commands to configure the Dynamic Channel Selection (DCS) feature. The dcs command is accessible from the ap:defaults:4102:radio1 context of the CLI. Note: Commands entered in the dcs context do not need to be followed by "apply" in order for them to take effect.
4.3.2.8.4.2 mode Use the mode command to set the DCS mode. The mode command is accessible from the ap:defaults:4102:radio1:dcs context of the CLI. Syntax mode Parameters off Disables DCS monitor Monitors the noise and interference on the current channel active Enables DCS Note: In monitor mode, DCS generates an alarm and does not change the channel if the noise and interference levels on the current channel exceed beyond their thresholds.
108: 5540 MHz 112: 5560 MHz 116: 5580 MHz 120: 5600 MHz 124: 5620 MHz 128: 5640 MHz 132: 5660 MHz 136: 5680 MHz 140: 5700 MHz 149: 5745 MHz 153: 5765 MHz 157: 5785 MHz 161: 5805 MHz 165: 5825 MHz 4.3.2.8.5 divrx Use the divrx command to select the best signal from the pair of diversity antennas for the reception of packets from client devices. Select best for the best signal from both antennas, or Left or Right to choose either of the two diversity antennas.
Examples The following example selects the right antenna EWC.enterasys.com:ap:defaults:4102:radio1# divtx right 4.3.2.8.7 domain Use the domain command to identify a group of APs that cooperate in managing RF channels and transmission power levels. The domain command is accessible from the ap:defaults:4102:radio1 context of the CLI. Syntax domain Note: The maximum length of the domain string is 15 characters.
4.3.2.8.9 frag Use the frag command to set the fragmentation threshold, which is the maximum size of a packet or data unit that can be delivered. Any data above this threshold will be fragmented into packets that are less than or equal to this limit. The frag command is accessible from the ap:defaults:4102:radio1 context of the CLI. Syntax frag Parameters Specifies the maximum size, measured in bytes, of any packet fragment for delivery. Range is 256 to 2346.
4.3.2.8.11 maxbrate Use the maxbrate command to configure the maximum basic rate. The maxbrate command is accessible from the ap:defaults:4102:radio1 context of the CLI. Syntax maxbrate Note: The acceptable minbrate values are 6, 12 and 24 Mbps. The maximum basic rate choices adjust automatically to be higher or equal to the minimum basic rate. Parameters Specifies the maximum basic rate value in Mbps Examples The following example configures the maximum basic rate to 24 Mbps EWC.
between APs. The max‐distance command is accessible from the ap:defaults:4102:radio1 context of the CLI. Note: Do not change the default setting for any radio that is not participating in a Mesh or WDS. Syntax max-distance Parameters Specifies the maximum distance between APs in meters. The default is 100 meters. You can enter a value from 100 to 15000 meters. Examples The following example sets the maximum distance between APs to 1500 meters. EWC.enterasys.
Parameters a Enable 802.11a mode of Radio 1. Examples The following example enables only 802.11a mode of Radio 1. EWC.enterasys.com:ap:defaults:4102:radio1# mode a 4.3.2.8.16 rts Use the rts command to specify the size of the Request to Send (RTS) threshold. The rts command is accessible from the ap:defaults:4102:radio1 context of the CLI Syntax rts Note: The acceptable value for rts value is from 1 to 2346. Parameters Specifies the Request to Send packet size threshold.
4.3.2.8.18 tx_max_power Use the tx_max_power command to set the maximum Tx power level. The tx_max_power command is accessible from the ap:defaults:4102:radio1 context of the CLI. Note: The tx_max_power is a maximum level when ATPC is enabled, and a fixed level when it ATPC is disabled. Syntax tx_max_power Parameters Specifies the maximum Tx power level. Examples The following example sets the maximum Tx power level to 18 dBm. EWC.enterasys.
• divrx • divtx • domain • dtim • frag • hwretries • maxbrate • max‐distance • maxoprate • minbrate • mode • pmode • prate • preamble • ptype • rts • tx_max_power 4.3.2.9.1 admin-mode Use this comment to configure the administration status for the radio. The admin‐mode command is accessible from the ap:defaults:4102:radio2 context of the CLI. Syntax admin-mode off|on Parameters off Clear the administrative status. on Set the administrative status. On is the default.
Parameters [maintain_power] When you disable ATPC, you can elect to maintain using the current Tx power setting ATPC had established. Examples The following example disables atpc on Radio 2. EWC.enterasys.com:ap:defaults:4102:radio2# no atpc maintain_power 4.3.2.9.3 beaconp Use the beaconp command to set time units between beacon transmissions. The beaconp command is accessible from the ap:defaults:4102:radio2 context of the CLI.
Note: The parameters available in the channel_plan command are determined by the setting of the mode command in the ap:defaults:4102:radio2 context.
Parameters None Examples EWC.enterasys.com:ap:defaults:4102:radio2:dcs# radio_channels Available radio channels: 1: 2412 MHz 2: 2417 MHz 3: 2422 MHz 4: 2427 MHz 5: 2432 MHz 6: 2437 MHz 7: 2442 MHz 8: 2447 MHz 9: 2452 MHz 10: 2457 MHz 11: 2462 MHz 12: 2467 MHz 13: 2472 MHz 14: 2477 MHz 4.3.2.9.5 divrx Use the divrx command to select the best signal from the pair of diversity antennas for the reception of packets from client devices.
Parameters alternate | left | right Specifies the antenna for selection Examples The following example selects the right antenna EWC.enterasys.com:ap:defaults:4102:radio2# divtx right 4.3.2.9.7 domain Use the domain command to identify a group of APs that cooperate in managing RF channels and transmission power levels. The domain command is accessible from the ap:defaults:4102:radio2 context of the CLI. Syntax domain Note: The maximum length of the domain string is 15 characters.
EWC.enterasys.com:ap:defaults:4102:radio2# dtim 2 4.3.2.9.9 frag Use the frag command to set the fragmentation threshold, which is the maximum size of a packet or data unit that can be delivered. Any data above this threshold will be fragmented into packets that are less than or equal to this limit. The frag command is accessible from the ap:defaults:4102:radio2 context of the CLI. Syntax frag Parameters Specifies the maximum size, measured in bytes, of any packet fragment for delivery.
4.3.2.9.11 maxbrate Use the maxbrate command to configure the maximum basic rate. The maxbrate command is accessible from the ap:defaults:4102:radio2 context of the CLI. Syntax maxbrate Note: The acceptable minbrate values are 6, 12 and 24 Mbps. The maximum basic rate choices adjust automatically to be higher or equal to the minimum basic rate. Parameters Specifies the maximum basic rate value in Mbps Examples The following example configures the maximum basic rate to 24 Mbps EWC.
4.3.2.9.13 maxoprate Use the maxoprate command to set the maximum operational rate. The maxoprate is accessible from the ap:defaults:4102:radio2 context of the CLI. Note: Available operational rate values (in Mbps) for Radio 2 are: 6, 9, 12, 18, 24, 36, 48, and 54. Syntax maxoprate Parameters Specifies the maximum operational rate value in Mbps Examples The following example sets the maximum operational rate to 24Mbps EWC.enterasys.com:ap:defaults:4102:radio2# maxoprate 24 4.3.2.9.
Note: Depending on the radio mode you select, some of the radio settings may not be available for configuration. Parameters b Enables the 802.11b‐only mode of Radio 2. If enabled, the AP will use only 11b (CCK) rates with all associated clients. g Enables the 802.11g‐only mode of Radio 2. The AP will use 11g‐only (OFDM) rates with all associated clients. bg Enables both the 802.11g mode and the 802.11b mode of Radio 2.
Parameters 1|2|5.5|11 Specifies the Protection Rate in Mbps Examples The following example adjusts the Protection Rate to 5.5 Mbps EWC.enterasys.com:ap:defaults:4102:radio2# prate 5.5 4.3.2.9.18 preamble Use the preamble command to set the preamble type. The preamble command is accessible from the ap:defaults:4102:radio2 context of the CLI.
4.3.2.9.20 rts Use the rts command to specify the size of the Request to Send (RTS) threshold. The rts command is accessible from the ap:defaults:4102:radio2 context of the CLI Syntax rts Note: The acceptable value for rts value is from 1 to 2346. Parameters Specifies the Request to Send packet size threshold. Examples The following example sets the RTS packet size to 256 EWC.enterasys.com:ap:defaults:4102:radio2# rts 256 4.3.2.9.
Parameters None Examples The following example enables telnet access to the Wireless AP EWC.enterasys.com:ap:defaults:4102# telnet Note: After you have run the telnet command, you must run the apply command to implement the change. 4.3.3 assign The assign command refers to context assign, which contains the wlans‐list command. The assign command is accessible from the ap:defaults context of the CLI. 4.3.3.1 wlans-list Use the wlans‐list command to assign the Radio 1 and Radio2 to the WLANS.
• country • led‐mode • lldp • persistent • poll_timeout • radio1 — See radio1 for commands in the ap:defaults:dualband:radio1 context. • radio2 — See radio2 for commands in the ap:defaults:dualband:radio2 context. • telnet 4.3.4.1 bcast_disassoc Use the bcast_disassoc command to enable the Wireless AP to use broadcast disassociation when disconnecting all clients, instead of disassociating each client one by one. Use the no form of the command to disable the feature.
Note: After you have run the client_session command, you must run the apply command to implement the change in client session. 4.3.4.3 country Use the country command to specify the country the Wireless AP resides in. The country command is accessible from the ap:defaults:dualband context of the CLI. Syntax country Parameters Specifies the name of the country Examples The following example sets the name of the country to United States. EWC.enterasys.
4.3.4.5 lldp Use the lldp command to enable the broadcast of the LLDP protocol by a Wireless AP. Use the no form of the command to disable LLDP. The lldp command is accessible from the ap:defaults:dualband context of the CLI. Syntax lldp no lldp Parameters Specifies the scheduled frequency, measured in seconds, in which the Wireless AP advertises its information by sending a new LLDP packet.
Examples The following example enables mode persistence. EWC.enterasys.com:ap:defaults:dualband# persistent Note: After you have run the persistent command, you must run the apply command to implement the change in mode persistence value. 4.3.4.7 poll_timeout Use the poll_timeout command to set the amount of time the Wireless AP will wait for a response time from the Enterasys Wireless Controller before rebooting. The poll_timeout command is accessible from the ap:defaults:dualband context of the CLI.
• frag • hwretries • max‐distance • maxbrate • maxoprate • minbrate • mode • rts • tx_adjust_power • tx_max_power • tx_min_power 4.3.4.8.1 admin-mode Use this comment to configure the administration status for the radio. The admin‐mode command is accessible from the ap:defaults:dualband:radio1 context of the CLI. Syntax admin-mode off|on Parameters off Clear the administrative status. on Set the administrative status. On is the default. Examples EWC.enterasys.
4.3.4.8.3 beaconp Use the beaconp command to set time units between beacon transmissions. The beaconp command is accessible from the ap:defaults:dualband:radio1 context of the CLI. Syntax beaconp Parameters Specifies the number of time units (milliseconds) between beacon transmissions. The acceptable range for beaconp value is from 50 to 1000 milliseconds. Examples The following example sets the time between successive beacons to 70 ms on Radio 1. EWC.enterasys.
Parameters all‐non‐dfs Radio 1 uses all non‐DFS channels. all Radio 1 uses all channels auto Radio 1 uses 3 channels for countries supporting 11 channels and 4 channels for countries supporting 13 channels. 3‐channel Radio 1 uses 3 channels. 4‐channel Radio 1 uses 4 channels. channel[, channel] Radio 1 uses the channels that are listed, separated by commas. Examples The following example shows the channel plan for radio 1 is configured to include all channels.
4.3.4.8.4.3 noise_threshold Use the noise_threshold command to set the DCS noise threshold. The noise_threshold command is accessible from the ap:defaults:dualband:radio1:dcs context of the CLI. Syntax noise_threshold Parameters Specifies the DCS noise threshold in dBm. The DCS noise threshold must be in the ‐95 to ‐50 range. ACS will scan for a new operating channel for the Wireless AP if the threshold is exceeded.
Examples EWC.enterasys.com:ap:defaults:dualband:radio1:dcs# radio_channels Available radio channels: 36: 5180 MHz 40: 5200 MHz 44: 5220 MHz 48: 5240 MHz 52: 5260 MHz 56: 5280 MHz 60: 5300 MHz 64: 5320 MHz 100: 5500 MHz 104: 5520 MHz 108: 5540 MHz 112: 5560 MHz 116: 5580 MHz 120: 5600 MHz 124: 5620 MHz 128: 5640 MHz 132: 5660 MHz 136: 5680 MHz 140: 5700 MHz 149: 5745 MHz 153: 5765 MHz 157: 5785 MHz 161: 5805 MHz 165: 5825 MHz 4.3.4.8.4.
Examples The following example sets the DCS update period to 2 minutes. EWC.enterasys.com:ap:defaults:dualband:radio1:dcs# update_period 2 4.3.4.8.5 divrx Use the divrx command to select the best signal from the pair of diversity antennas for the reception of packets from client devices. Select best for the best signal from both antennas, or Left or Right to choose either of the two diversity antennas. The divrx command is accessible from the ap:defaults:dualband:radio1 context of the CLI.
Note: The maximum length of the domain string is 15 characters. Parameters Specifies the group name of APs that cooperate in managing RF channels. Examples The following example assigns the name test to the group of APs that cooperate in managing RF channels and transmission power levels. EWC.enterasys.com:ap:defaults:dualband:radio1# domain domain_test 4.3.4.8.8 dtim Use the dtim command to set the Delivery Traffic Indication Message (DTIM) period.
Examples The following example sets the fragmentation threshold to 1500 EWC.enterasys.com:ap:defaults:dualband:radio1# frag 1500 4.3.4.8.10 hwretries Use the hwretries command to set the number of retries for background transmission queue, best effort transmission queue, video transmission queue, voice transmission queue, and turbo voice transmission queue. The hwretries command is accessible from the ap:defaults:dualband:radio1 context of the CLI.
Parameters Specifies the maximum distance between APs in meters. The default is 100 meters. You can enter a value from 100 to 15000 meters. Examples The following example sets the maximum distance between APs to 1500 meters. EWC.enterasys.com:ap:defaults:dualband:radio1# max-distance 1500 4.3.4.8.12 maxbrate Use the maxbrate command to configure the maximum basic rate. The maxbrate command is accessible from the ap:defaults:dualband:radio1 context of the CLI.
4.3.4.8.14 minbrate Use the minbrate command to configure the minimum basic rate. The minbrate command is accessible from the ap:defaults:dualband:radio1 context of the CLI. Syntax minbrate Parameters Specifies the minimum basic rate value in Mbps. The valid minbrate values are 6, 12 and 24 Mbps. Examples The following example configures the minimum basic rate to 6 Mbps EWC.enterasys.com:ap:defaults:dualband:radio1# minbrate 6 4.3.4.8.
4.3.4.8.16 rts Use the rts command to specify the size of the Request to Send (RTS) threshold. The rts command is accessible from the ap:defaults:dualband:radio1 context of the CLI Syntax rts Note: The acceptable value for rts value is from 1 to 2346. Parameters Specifies the Request to Send packet size threshold. Examples The following example sets the RTS packet size to 256 EWC.enterasys.com:ap:defaults:dualband:radio1# rts 256 4.3.4.8.
Syntax tx_max_power Parameters Specifies the maximum Tx power level. Examples The following example sets the maximum Tx power level to 18 dBm. EWC.enterasys.com:ap:defaults:dualband:radio1# tx_max_power 18 4.3.4.8.19 tx_min_power Use the tx_min_power command to specify the minimum Tx power level. The tx_min_power command is accessible from the ap:defaults:dualband:radio1 context of the CLI. Note: The tx_min_power is available only when Auto Tx Power Ctrl (ATPC) is enabled.
• hwretries • maxbrate • maxoprate • minbrate • mode • pmode • prate • preamble • ptype • rts • tx_adjust_power • tx_max_power • tx_min_power 4.3.4.9.1 admin-mode Use this comment to configure the administration status for the radio. The admin‐mode command is accessible from the ap:defaults:dualband:radio2 context of the CLI. Syntax admin-mode off|on Parameters off Clear the administrative status. on Set the administrative status. On is the default. Examples EWC.enterasys.
Examples The following example disables atpc on Radio 2. EWC.enterasys.com:ap:defaults:dualband:radio2# no atpc maintain_power 4.3.4.9.3 beaconp Use the beaconp command to set time units between beacon transmissions. The beaconp command is accessible from the ap:defaults:dualband:radio2 context of the CLI. Syntax beaconp Parameters Specifies the number of time units (milliseconds) between beacon transmissions. The acceptable range for beaconp value is from 50 to 1000 milliseconds.
Note: The parameters available in the channel_plan command are determined by the setting of the mode command in the ap:defaults:dualband:radio2 context. Parameters all‐non‐dfs Radio 2 uses all non‐DFS channels. all Radio 2 uses all channels auto Radio 2 uses 3 channels for countries supporting 11 channels and 4 channels for countries supporting 13 channels. 3‐channel Radio 2 uses 3 channels. 4‐channel Radio 2 uses 4 channels.
4.3.4.9.4.3 noise_threshold Use the noise_threshold command to set the DCS noise threshold. The noise_threshold command is accessible from the ap:defaults:dualband:radio2:dcs context of the CLI. Syntax noise_threshold Parameters Specifies the DCS noise threshold in dBm. The DCS noise threshold must be in the ‐95 to ‐50 range. ACS will scan for a new operating channel for the Wireless AP if the threshold is exceeded.
Examples EWC.enterasys.com:ap:defaults:dualband:radio2:dcs# radio_channels Available radio channels: 1: 2412 MHz 2: 2417 MHz 3: 2422 MHz 4: 2427 MHz 5: 2432 MHz 6: 2437 MHz 7: 2442 MHz 8: 2447 MHz 9: 2452 MHz 10: 2457 MHz 11: 2462 MHz 4.3.4.9.4.6 update_period Use the update_period command to set the DCS update period — the time period during which the Wireless AP averages the DCS noise threshold and DCS channel occupancy threshold measurements.
Parameters best | left | right Specifies the antenna for selection Examples The following example selects the right antenna EWC.enterasys.com:ap:defaults:dualband:radio2# divrx right 4.3.4.9.6 divtx Use the divtx command to select the best signal from the pair of diversity antennas for the transmission of packets to client devices. Select best for the best signal from both antennas, or Left or Right to choose either of the two diversity antennas.
4.3.4.9.8 dtim Use the dtim command to set the Delivery Traffic Indication Message (DTIM) period. The dtim command is accessible from the ap:defaults:dualband:radio2 context of the CLI. Syntax dtim Note: The acceptable range for the dtim value is from 1 to 255 beacon intervals. Parameters Specifies the DTIM period in beacons Examples The following example sets the Delivery Traffic Indication Message period to 2 beacons. EWC.enterasys.com:ap:defaults:dualband:radio2# dtim 2 4.3.4.9.
Parameters BK Specifies the number of retries for the Background transmission queue. BE Specifies the number of retries for the Best Effort transmission queue. VI Specifies the number of retries for the Video transmission queue. VO Specifies the number of retries for the Voice transmission queue. TVO Specifies the number of retries for the Turbo Voice transmission queue.
Parameters Specifies the maximum operational rate value in Mpbs Examples The following example sets the maximum operational rate to 24Mbps EWC.enterasys.com:ap:defaults:dualband:radio2# maxoprate 24 4.3.4.9.13 minbrate Use the minbrate command to configure the minimum basic rate. The minbrate command is accessible from the ap:defaults:dualband:radio2 context of the CLI. Syntax minbrate Parameters Specifies the minimum basic rate value in Mbps.
Examples The following example enables only 802.11b mode of Radio 2. EWC.enterasys.com:ap:defaults:dualband:radio2# mode b 4.3.4.9.15 pmode Use the pmode command to configure the Protection Mode, which will protect 802.11g client transmissions from interruption by 802.11b clients. The pmode command is accessible from the ap:defaults:dualband:radio2 context of the CLI.
4.3.4.9.17 preamble Use the preamble command to set the preamble type. The preamble command is accessible from the ap:defaults:dualband:radio2 context of the CLI. Syntax preamble (short|long|auto) Parameters short Specifies short preambles long Specifies long preambles auto Indicates that preamble types will be automatically selected by the Wireless AP Note: For preambles set to auto, the Wireless AP will use short preambles, unless clients using the original 802.11 standard are detected.
Note: The acceptable value for rts value is from 1 to 2346. Parameters Specifies the Request to Send packet size threshold. Examples The following example sets the RTS packet size to 256 EWC.enterasys.com:ap:defaults:dualband:radio2# rts 256 4.3.4.9.20 tx_adjust_power Use the tx_adjust_power command to specify an offset to the Tx power level, which is used to adjust the ATPC power levels from the calculated value.
Examples The following example sets the maximum Tx power level to 18 dBm. EWC.enterasys.com:ap:defaults:dualband:radio2# tx_max_power 18 4.3.4.9.22 tx_min_power Use the tx_min_power command to specify the minimum Tx power level. The tx_min_power command is accessible from the ap:defaults:dualband:radio2 context of the CLI. Note: The tx_min_power is available only when Auto Tx Power Ctrl (ATPC) is enabled.
4.3.5 learnac Use the learnac command to allow the Wireless AP to provide its own EWC Search List. Use no form of the command to disable this feature. The learnac command is accessible from the ap:defaults context of the CLI. Note: If you disallow the Wireless AP to provide its own EWC Search List, you should specify the controller's static IP address by running the aclist command. For more information, see “aclist” on page 4-146.
command to disable the feature. The bcast_disassoc command is accessible from the ap:defaults:std context of the CLI. Syntax bcast_disassoc no bcast_disassoc Parameters None Examples The following disassociates clients from the Wireless AP EWC.enterasys.com:ap:defaults:std# bcast_disassoc Note: After you have run the bcast_disassoc command, you must run the apply command to implement the change in broadcast disassociation. 4.3.6.
Examples The following example sets the name of the country to United States. EWC.enterasys.com:ap:defaults:std# country United States Note: After you have run the country command, you must run the apply command to implement the change in country. 4.3.6.4 led-mode Use the led‐mode command to configure the behavior of the LEDs on the Wireless AP. The led‐ mode command is accessible from the ap:defaults:std context of the CLI. Syntax led-mode off | normal Parameters off Displays fault patterns only.
Examples The following example enables LLDP for the default Wireless AP configuration with an announcement interval of 30 seconds, and an announcement delay of 2. EWC.enterasys.com:ap:defaults:std# lldp 30 2 If SNMP is enabled to publish on the Enterasys Wireless Controller and you enable LLDP, the following message is displayed: WARNING: SNMP is set to publish.
Parameters Specifies the amount of time, in seconds, to wait for a response from the Enterasys Wireless Controller before rebooting. Examples The following example sets the poll timeout to 20 seconds EWC.enterasys.com:ap:defaults:std# poll_timeout 20 Note: After you have run the poll_timeout command, you must run the apply command to implement the change in poll timeout value. 4.3.6.
Parameters off Clear the administrative status. on Set the administrative status. On is the default. Examples EWC.enterasys.com:ap:defaults:std:radio1# admin-mode on 4.3.6.8.2 atpc Use the atpc command to enable Auto Tx Power Ctrl (ATPC). Use the no form of the command to disable the feature. The atpc command is accessible from the ap:defaults:std:radio1 context of the CLI. Syntax atpc no atpc Parameters None Examples The following example disables ATPC on Radio 1. EWC.enterasys.
4.3.6.8.4 dcs The dcs command refers to the dcs context, which contains commands to configure the Dynamic Channel Selection (DCS) feature. The dcs command is accessible from the ap:defaults:std:radio1 context of the CLI. Note: Commands entered in the dcs context do not need to be followed by "apply" in order for them to take effect. The following commands are available in the ap:defaults:std:radio1:dcs context: • channel_plan • mode • radio_channels 4.3.6.8.4.
Parameters off Disables DCS monitor Monitors the noise and interference on the current channel active Enables DCS Note: In monitor mode, DCS generates an alarm and does not change the channel if the noise and interference levels on the current channel exceed beyond their thresholds. In active mode, DCS changes the channel if the noise and interference levels on the current channel exceed beyond their thresholds. Examples The following example sets DCS to active mode. EWC.enterasys.
136: 5680 MHz 140: 5700 MHz 149: 5745 MHz 153: 5765 MHz 157: 5785 MHz 161: 5805 MHz 165: 5825 MHz 4.3.6.8.5 divrx Use the divrx command to select the best signal from the pair of diversity antennas for the reception of packets from client devices. Select best for the best signal from both antennas, or Left or Right to choose either of the two diversity antennas. The divrx command is accessible from the ap:defaults:std:radio1 context of the CLI.
4.3.6.8.7 domain Use the domain command to identify a group of APs that cooperate in managing RF channels and transmission power levels. The domain command is accessible from the ap:defaults:std:radio1 context of the CLI. Syntax domain Note: The maximum length of the domain string is 15 characters. Parameters Specifies the group name of APs that cooperate in managing RF channels.
that are less than or equal to this limit. The frag command is accessible from the ap:defaults:std:radio1 context of the CLI. Syntax frag Parameters Specifies the maximum size, measured in bytes, of any packet fragment for delivery. Examples The following example sets the fragmentation threshold to 1500 EWC.enterasys.com:ap:defaults:std:radio1# frag 1500 4.3.6.8.
4.3.6.8.11 maxbrate Use the maxbrate command to configure the maximum basic rate. The maxbrate command is accessible from the ap:defaults:std:radio1 context of the CLI. Syntax maxbrate Note: The acceptable minbrate values are 6, 12 and 24 Mbps. The maximum basic rate choices adjust automatically to be higher or equal to the minimum basic rate. Parameters Specifies the maximum basic rate value in Mbps Examples The following example configures the maximum basic rate to 24 Mbps EWC.
between APs. The max‐distance command is accessible from the ap:defaults:std:radio1 context of the CLI. Note: Do not change the default setting for any radio that is not participating in a Mesh or WDS. Syntax max-distance Parameters Specifies the maximum distance between APs in meters. The default is 100 meters. You can enter a value from 100 to 15000 meters. Examples The following example sets the maximum distance between APs to 1500 meters. EWC.enterasys.
Parameters a Enable 802.11a mode of Radio 1. Examples The following example enables only 802.11a mode of Radio 1. EWC.enterasys.com:ap:defaults:std:radio1# mode a 4.3.6.8.16 rts Use the rts command to specify the size of the Request to Send (RTS) threshold. The rts command is accessible from the ap:defaults:std:radio1 context of the CLI Syntax rts Note: The acceptable value for rts value is from 1 to 2346. Parameters Specifies the Request to Send packet size threshold.
4.3.6.9 radio2 The radio2 command refers to the radio2 context, which contains commands to configure Radio 2 of the Wireless AP. The radio2 command is accessible from the ap:defaults:std context of the CLI.
4.3.6.9.2 atpc Use the atpc command to enable Auto Tx Power Ctrl (ATPC). Use the no form of the command to disable the feature. The atpc command is accessible from the ap:defaults:std:radio2 context of the CLI. Syntax atpc no atpc [maintain_power] Parameters [maintain_power] When you disable ATPC, you can elect to maintain using the current Tx power setting ATPC had established. Examples The following example disables atpc on Radio 2. EWC.enterasys.com:ap:defaults:std:radio2# no atpc maintain_power 4.
• radio_channels 4.3.6.9.4.1 channel_plan Use the channel_plan command to customize the channel plan for the Wireless AP’s radio. The channel_plan command is accessible from the ap:defaults:std:radio2:dcs context of the CLI. Syntax channel_plan Note: The parameters available in the channel_plan command are determined by the setting of the mode command in the ap:defaults:std:radio2 context.
4.3.6.9.4.3 radio_channels Use the radio_channels command to display the list of available radio channels for auto channel selection (ACS). The radio_channels command is accessible from the ap:defaults:std:radio2:dcs context of the CLI. Syntax radio_channels Parameters None Examples EWC.enterasys.com:ap:defaults:std:radio2:dcs# radio_channels Available radio channels: 1: 2412 MHz 2: 2417 MHz 3: 2422 MHz 4: 2427 MHz 5: 2432 MHz 6: 2437 MHz 7: 2442 MHz 8: 2447 MHz 9: 2452 MHz 10: 2457 MHz 11: 2462 MHz 4.
or Right to choose either of the two diversity antennas. The divtx command is accessible from the ap:defaults:std:radio2 context of the CLI. Syntax divtx (best|left|right) Parameters best | left | right Specifies the antenna for selection Examples The following example selects the right antenna EWC.enterasys.com:ap:defaults:std:radio2# divtx right 4.3.6.9.7 domain Use the domain command to identify a group of APs that cooperate in managing RF channels and transmission power levels.
Parameters Specifies the DTIM period in beacons Examples The following example sets the Delivery Traffic Indication Message period to 2 beacons. EWC.enterasys.com:ap:defaults:std:radio2# dtim 2 4.3.6.9.9 frag Use the frag command to set the fragmentation threshold, which is the maximum size of a packet or data unit that can be delivered. Any data above this threshold will be fragmented into packets that are less than or equal to this limit.
Examples The following example sets the retry values for the background transmission queue, best effort transmission queue, video transmission queue, voice transmission queue, and the turbo voice transmission queue as 1, 2, 3, 4, 5 respectively. Note: You can set each parameter — background transmission queue, best effort transmission queue, video transmission queue, voice transmission queue and turbo voice transmission queue — to any value from 0 to 10 (0 means adaptive). EWC.enterasys.
Examples The following example sets the maximum distance between APs to 1500 meters. EWC.enterasys.com:ap:defaults:std:radio2# max-distance 1500 4.3.6.9.13 maxoprate Use the maxoprate command to set the maximum operational rate. The maxoprate is accessible from the ap:defaults:std:radio2 context of the CLI. Note: Available operational rate values (in Mbps) for Radio 2 are: 6, 9, 12, 18, 24, 36, 48, and 54.
4.3.6.9.15 mode Use the mode command to set the radio options for Radio 2. Use the no form of the command to disable Radio 2. The mode command is accessible from the ap:defaults:std:radio2 context of the CLI. Syntax mode Note: Depending on the radio mode you select, some of the radio settings may not be available for configuration. Parameters b Enables the 802.11b‐only mode of Radio 2. If enabled, the AP will use only 11b (CCK) rates with all associated clients. g Enables the 802.
4.3.6.9.17 prate Use the prate command to adjust the Protection Rate. The prate command is accessible from the ap:defaults:std:radio2 context of the CLI. Syntax prate (1|2|5.5|11) Parameters 1|2|5.5|11 Specifies the Protection Rate in Mbps Examples The following example adjusts the Protection Rate to 5.5 Mbps EWC.enterasys.com:ap:defaults:std:radio2# prate 5.5 4.3.6.9.18 preamble Use the preamble command to set the preamble type.
Examples The following example sets the protection type to CTS EWC.enterasys.com:ap:defaults:std:radio2# ptype cts only 4.3.6.9.20 rts Use the rts command to specify the size of the Request to Send (RTS) threshold. The rts command is accessible from the ap:defaults:std:radio2 context of the CLI. Syntax rts Note: The acceptable value for rts value is from 1 to 2346. Parameters Specifies the Request to Send packet size threshold.
4.3.6.10 telnet Use the telnet command to enable telnet access to the Wireless AP. Use the no form of the command to disable it. The telnet command is accessible from the ap:defaults:std context of the CLI. Syntax telnet no telnet Parameters None Examples The following example enables telnet access to the Wireless AP EWC.enterasys.com:ap:defaults:std# telnet Note: After you have run the telnet command, you must run the apply command to implement the change. 4.
Note: When the system prompts you to input password, you must type the FTP server’s password. 4.5 import_drm Use the import_drm command to import Wireless AP channel and maximum power values from an FTP server. The import_drm command is accessible from the ap context of the CLI. Syntax import_drm Parameters The IP address of the FTP server from which Wireless AP channel and maximum power values are uploaded.
4.6 load-groups Use the load‐groups refers to the load‐groups context, which contains commands to configure Wireless AP load balancing groups. The load‐groups command is accessible from the ap context of the CLI. The following commands are available in the ap:load‐groups context: • create • delete • — See for commands in the ap:load‐ groups: context. • show • maintenance 4.6.
Table 4-1 Load Groups Supported on a Enterasys Wireless Controller Controller Maximum Number of Load Groups C20 8 C20N 8 C2400 32 C4100 32 C5100 64 Each load group can contain up to 32 Wireless APs. For information about assigning a Wireless AP to a load group, see “assign‐radio” on page 4‐126. Examples The following example creates a load group named loadgroup1. This load group will be the default client balancing type. EWC.enterasys.com:ap:load-groups# create loadgroup1 EWC.enterasys.
4.6.3 The command, where refers to the name of a given load group, moves you into the ap:load‐groups: context, which contains commands to configure the settings of the specified individual load group. The following commands are available in the ap:load‐groups: context. The commands available to you depends on the type of load group you are configuring, either radio or client (see create on page 4‐124).
Parameters add|delete Use add to assign a Wireless AP’s radios to a load group. Use delete to unassign radios from a load group. ap‐name The name of the Wireless AP radio1|radio2|both The radios that you want to assign or unassign. Usage If you assign radios that are currently assigned to another load group, the radios will automatically be removed from the other load group. Examples The following example assigns both radios of a Wireless AP named AP3610_2 to the client load group named clientgroup1.
4.6.3.4 bandpreference Use this command to enable or disable the band preference feature for all APs in a radio type load group. The bandpreference command is accessible from the ap:load‐groups: context of the CLI, for the radio type of load group. Syntax bandpreference Parameters enable Enable band preference steering. disable Disable band preference steering. The default condition is disabled.
Usage After you change the name of the load group and apply the change (with the apply command), the ap:load‐groups: context retains the previous name of the load group. To change the ap:load‐groups: context to the new name of the load group, you exit the context and then enter the ap:load‐groups: context using the new name. Examples The following example changes the name of loadgroup1 to lg_lab. EWC.enterasys.
4.6.3.8 show Use the show command to display information about the load group. The show command is accessible from the ap:load‐groups: context of the CLI, for both types of load groups. Syntax show Parameters None. Examples The following example displays information for the radio type load group radiogroup1. EWC.enterasys.
Load Groups: loadgroup1 loadgroup2 4.7 maintenance The maintenance command allows for upgrading a Wireless AP’s software image. The maintenance command is accessible from the ap context of the CLI. 4.7.1 upgrd Use the upgrd command to upgrade the Wireless AP’s software image. The upgrd command is accessible from the ap:maintenance context of the CLI. Syntax upgrd Parameters Specifies default upgrade.
• dinterval • dretry • passwd • security • sshpasswd 4.8.1 cluster-encryption Use the cluster‐encryption command to enable or disable the encryption for the cluster shared secret. The cluster‐encryption command is accessible from the ap:registration context of the CLI. Syntax cluster-encryption enable | disable Parameters enable | disable Enables or disables the encryption for the cluster shared secret. Examples The following example enables the encryption for the cluster shared secret. EWC.
Parameters string The cluster shared secret, which can be 8‐63 characters long. Examples The following example sets the cluster shared secret to “sharedsecret.” EWC.enterasys.com:ap:registration# cluster-shared-secret sharedsecret 4.8.4 dinterval Use the dinterval command to set the time delay between registration attempts. The Wireless AP will wait for a predetermined amount of time between attempts to register with the Enterasys Wireless Controller.
4.8.6 passwd Use the passwd command to assign a password for telnet accessible Wireless APs. The passwd command is accessible from the ap:registration context of the CLI. For more information, see “telnet” on page 4‐154. Note: The telnet password must be between 5 and 30 alphanumeric characters. Syntax passwd Parameters telnet password Specifies the telnet password. Examples The following example assigns password ‘thisistelnetpassword’. EWC.enterasys.
4.8.8 sshpasswd Use the sshpasswd command to reset the ssh password. Use the no command to disable the ssh password. The sshpasswd command is accessible from the ap:registration context of the CLI. Syntax sshpasswd no sshpasswd Parameters password Specifies the ssh password Examples EWC.enterasys.com:ap:registration# sshpasswd mynewpassword Note: The password must be between 5 and 30 alphanumeric characters. 4.9 remove Use the remove command to remove a client from the Wireless AP.
4.10 search Use the search command to search for a client on the Wireless AP by specifying its MAC address, IP Address, or User ID. The search command is accessible from the ap context of the CLI.
Examples The following example adds a Wireless AP to the Enterasys Wireless Controller EWC.enterasys.com:ap# serial 0409920201203751 0409920201203751-AP-Name Orlandoe_4_P2 4.12 The command, where refers to the serial number of a Wireless AP, moves you into the context, which contains commands to configure attributes for a specific Wireless AP. The command is accessible from the ap context of the CLI.
• role • show • ssh • telnet • tunnel‐mtu • usedhcp • vlanid • wlan 4.12.1 leftantenna-radio2 Use the leftantenna‐radio2 command to select an antenna supported by the Wireless AP. Use the help command to list the available antenna models. Currently, this command is available for the AP2660 only. The leftantenna‐radio2 command is accessible from the ap: context of the CLI if the AP supports configuration of a left antenna radio2.
command is available for the AP2660 only. The rightantenna‐radio2 command is accessible from the ap: context of the CLI. Syntax rightantenna-radio2 Parameters Model name of an antenna supported by the Wireless AP. Examples This example lists the valid antenna models that can be entered with this command, then executes the command with an appropriate model number. EWC.enterasys.
antenna_model: WS-ANT01 AG 4dBi Omni Factory No Antenna EWC.enterasys.com:ap:0500010032150135 antennaleft WS-ANT01 AG 4dBi Omni Factory This example removes a configured left antenna. EWC.enterasys.com:ap:0500010032150135 antennaleft No Antenna 4.12.4 antennamiddle Use the antennamiddle command to select an antenna supported by the Wireless AP. This command is accessible from the context of the CLI if the AP supports configuration of a middle antenna.
Parameters Model name of an antenna supported by the Wireless AP. Examples This example lists the valid antenna models that can be entered with this command, then executes the command with an appropriate model number. EWC.enterasys.com:ap:0500010032150135 antennaright help Error : "help" is not a valid antenna model. Usage: antennaright antenna_model: WS-ANT01 AG 4dBi Omni Factory No Antenna EWC.enterasys.
EWC.enterasys.com:ap:0500010032150135 leftantenna-radio1 No Antenna 4.12.7 rightantenna-radio1 Use the rightantenna‐radio1 command to select an antenna supported by the Wireless AP. This command is accessible from the context of the CLI if the AP supports configuration of a right radio1 antenna. Use the help command to list the available antenna models. Currently, this command is available for the AP 2660 only. The rightantenna‐radio1 command is accessible from the ap: context of the CLI.
Examples This example lists the valid antenna models that can be entered with this command, then executes the command with an appropriate model number. EWC.enterasys.com:ap:0500010032150135 antennaleftmiddle help Error : "help" is not a valid antenna model. Usage: antennaleftmiddle antenna_model: WS-ANT02 AG 4dBi Omni Factory No Antenna EWC.enterasys.
4.12.10 apip Use the apip command when statically configuring a Wireless AP. In order to statically configure a Wireless AP, you must first run the no usedhcp command. The apip command is accessible from the ap: context of the CLI. Syntax apip [no] apip Parameters IP address of the Wireless AP Netmask of the of the Wireless AP Examples EWC.enterasys.com:ap:7000001222222222 apip 10.205.3.131 255.255.255.0 4.12.
4.12.12.1 eap Use the eap command to download and set the certificate from the FTP server as part of the 802.1x EAP‐TLS authentication configuration process. The eap command is accessible from the ap::802_1x context of the CLI.
Examples EWC.enterasys.com:ap:Ardal AP:802_1x# gen_certreq shopfloor_aps location CA Ontario Mississauga organization mnj_Ware_House Service email me@email.com 4.12.12.3 peap Use the peap command to set PEAP (Protected Extensible Authentication Protocol) authentication. Use the no command to delete the PEAP authentication credentials from the Wireless AP. The peap command is accessible from the ap::802_1x context of the CLI. Syntax peap no peap Parameters None Examples EWC.
The following example removes an entry from the Enterasys Wireless Controller list by rank. EWC.enterasys.com:ap:0409920201204003# no aclist 1 4.12.14 bcast_disassoc Use the bcast_disassoc command to force the disassociation of clients from the Wireless AP. Use the no command to cancel the disassociation of clients from the Wireless AP. The bcast_disassoc command is accessible from the ap: context of the CLI.
Examples The following example sets the name of the country to United States EWC.enterasys.com:ap:0500008043050212# country United States 4.12.17 desc Use the desc command to change the description of the Wireless AP. The desc command is accessible from the ap: context of the CLI. Syntax desc Parameters Specifies a description of the Wireless AP. Examples The following example provides a description for an Wireless AP EWC.enterasys.
Parameters identify All LEDs blink simultaneously approximately two to four times every second. normal Identifies the AP status during the registration process during power on and boot process. off Displays fault patterns only. LEDs do not light when the AP is fault‐free and the discovery is complete. wds‐signal Indicates the WDS signal strength as a bar graph. This setting helps to align external antennas in WDS deployments by correlating the WDS link RSS with the LED pattern.
4.12.21 lldp Use the lldp command to enable the broadcast of the LLDP protocol by a Wireless AP. Use the no form of the command to disable LLDP. The lldp command is accessible from the ap: context of the CLI. Syntax lldp no lldp Parameters Specifies the scheduled frequency, measured in seconds, in which the Wireless AP advertises its information by sending a new LLDP packet.
Examples EWC.enterasys.com:ap:0500008043050212# move aclist 4 + 3 4.12.23 name Use the name command to assign or change the name of the Wireless AP. The name command is accessible from the ap: context of the CLI. Syntax name Parameters Specifies the new name of the Wireless AP Examples The following example sets the name of the Wireless AP. EWC.enterasys.com:ap:0500008043050212# name HomeAP1 4.12.24 persistent Use the persistent command to enable Mode Persistence.
4.12.25 poll_timeout Use the poll_timeout command to set the amount of time the Wireless AP will wait for a response time from the Enterasys Wireless Controller before rebooting. The poll_timeout command is accessible from the ap: context of the CLI. Syntax poll_timeout Note: The acceptable range for poll_timeout value is from 3 to 600. Parameters Specifies the amount of time in seconds to wait for a response from the Enterasys Wireless Controller before rebooting.
4.12.28 radio2 Use the radio2 command to configure Radio 2 of the Wireless AP. The radio2 command is accessible from the ap: context of the CLI. For more information on radio2 commands, see the radio2 commands in section “defaults” on page 4‐4. 4.12.29 role Use the role command to configure the role of the Wireless AP — access point or sensor. The role command is accessible from the ap: context of the CLI.
no bcast_disassoc no vlanid country United States led-mode normal wlan test both lbs-status enabled port-setting auto tunnel-mtu 1500 ssh enabled antennaleft No Antenna antennamiddle No Antenna antennaright No Antenna 4.12.31 ssh Use the ssh command to enable or disable SSH for the specified AP36xx AP. The ssh command is accessible from the ap: context of the CLI. Syntax ssh enable | disable Parameters enable | disable Enables or disables SSH on the specified AP36xx AP.
Examples The following example enables telnet access to the Wireless AP. EWC.enterasys.com:ap:0409920201204003# telnet 4.12.33 tunnel-mtu Use the tunnel‐mtu command to set the static MTU value. The tunnel‐mtu command is accessible from the ap: context of the CLI. Syntax tunnel‐mtu <600‐1500> Parameters <600‐1500> Specifies the static MTU size in bytes. The default is 1500 bytes. Usage The Enterasys wireless software enforces the static MTU size if it cannot discover the MTU size.
4.12.35 vlanid Use vlanid to assign a VLAN tag to the subnet carrying the Wireless AP’s management traffic. The vlanid command is accessible from the ap: context of the CLI. Syntax vlanid <1-4094> Parameters <1‐4094> Specifies the ID tag for the VLAN Examples The following example assigns the subnet a VLAN tag. EWC.enterasys.com:ap:0122003880188015# vlanid 4 4.12.36 wlan Use the wlan command to assign one or both of the AP’s radios to the specified WLAN service.
led-mode normal wlan CNL-91-0-1 radio2 Enterasys Wireless Controller Software CLI Reference Guide 4-157
4-158 ap Commands
5 checkpoint Commands The Enterasys Wireless Controller forwards specified event messages to an ELA server using Check Point software’s OPSEC ELA protocol. The server tracks and analyzes these event messages and forwards suspicious information to a firewall application. This section describes commands which enable and configure Check Point event logging options for the Enterasys Wireless Controller. These commands are located in the checkpoint context of the CLI. Note: All CLI commands cache changes.
Parameters Specifies the IP address of the ELA Management Station Examples The following example sets the IP address of the ELA Management Station. EWC.enterasys.com:checkpoint# cpip 134.127.56.9 5.2 cplog The Wireless Controller forwards specified event messages to an Event Logging Application Program Interface (ELA) server, which tracks and analyzes messages and forwards suspicious content to a firewall.
EWC.enterasys.com:checkpoint# show elaq EWC.enterasys.com:checkpoint# show sicname EWC.enterasys.com:checkpoint# show sicpwd 5.3 cpcert Use the cpcert command to generate a certificate to be sent to the ELA Management Station. Syntax cpcert Parameters None Examples The following example generates a certificate EWC.enterasys.com:checkpoint# cpcert 5.
Parameters Specifies the Event Logging API port Examples The following example sets the elaport value to port 999. EWC.enterasys.com:checkpoint# elaport 999 5.6 elaq If the Enterasys Wireless Controller and the Check Point gateway become disconnected, any event log messages are placed into a queue. Use the elaq command to set the size of the Event Logging (ELA) API queue.
5.8 sicname Use the sicname command to set the Secure Internal Communication (SIC) name, which serves as the security‐based ID. Syntax sicname Parameters Specifies the Secure Internal Communication name Examples The following example sets the SIC name EWC.enterasys.com:checkpoint# sicname JohnDoe 5.9 sicpwd Use the sicpwd command to set the Secure Internal Communication (SIC) password.
5-6 checkpoint Commands
6 l2ports Commands This section describes commands to enable and disable ports on the Enterasys Wireless Controller. These commands are located in the l2ports context of the CLI. L2 port configuration is performed within a named topology context. See “l2” on page 21‐5 for L2 port configuration information. Note: All CLI commands cache changes. For this reason, sometimes when you make a change in a particular context, the change may not be visible immediately.
ports. This command is available on the C4110 platform. See “port” on page 6‐2 for information on enabling and disabling a port in this context. 6.3.1 port Use the port command to enable or disable the port from within the appropriate port context for your platform: • l2ports:esaN# is available on the CRBT8110, CRBT8210, C20, C2400, and C5110 controllers. See “esaN” on page 6‐1. • l2ports:pc.N# is available on the C20N controller. See “pc.N” on page 6‐1.
Examples The following example displays port information for the Enterasys Wireless Controller: EWC.enterasys.com# l2ports EWC.enterasys.
6-4 l2ports Commands
7 ip Commands This section describes the commands with options to configure routing information. These options can be found within the ip context of the CLI. Note: All CLI commands cache changes. For this reason, sometimes when you make a change in a particular context, the change may not be visible immediately. If this happens, you must exit and reenter the context in order to ensure that the database is synchronized with the latest change.
Specifies index number of route on the routing table Examples The following example adds an IP address to the routing table, specifying the netmask in CIDR format and disallowing OSPF overrides EWC.enterasys.com:ip# route 1.1.2.1/24 10.7.0.3 nofloat The following example adds an IP address to the routing table, specifying the netmask as an IP address and allowing OSPF overrides EWC.enterasys.com:ip# route 1.1.2.1 255.255.255.0 10.7.0.
Parameters Specifies an integer or an IP address defining the OSPF area Examples The following example sets the OSPF area to Area 0. EWC.enterasys.com:ip:ospf# area 0.0.0.0 7.2.2 areatype Use the areatype command to select the type of Open Shortest Path First (OSPF) protocol area to be used on the Enterasys Wireless Controller.
7.2.4 status Use the status command to enable or disable the Open Shortest Path First (OSPF) protocol on the Enterasys Wireless Controller. Syntax status (enable|disable) Parameters enable Indicates that the OSPF will be enabled disable Indicates that the OSPF will be disabled Examples The following example enables OSPF on the Enterasys Wireless Controller EWC.enterasys.com:ip:ospf# status enable 7.2.
Parameters None. Examples The following moves you to the ip:ospf:ospfinterface:0 context for the configuration OSPF interface esa0. EWC.enterasys.com:ip:ospf:ospfinterface# 0 EWC.enterasys.com:ip:ospf:ospfinterface:0# 7.2.5.2 authkey Use the authkey command to set the password used for authentication. Use the no form of the command to clear the password. Note: Authentication must be configured to use a password before this command can be used. For more information, see “authtype” on page 7-5.
7.2.5.4 deadinterval Use the deadinterval command to set the amount of time the OSPF protocol will wait for a response before assuming peer devices are unreachable. Syntax deadinterval <1-65535> Parameters <1‐65535> Specifies the time interval (in seconds) the OSPF protocol will wait for a response Examples The following example sets the time to wait for a packet response to 300 seconds EWC.enterasys.com:ip:ospf:ospfinterface:0# deadinterval 300 7.2.5.
7.2.5.7 retransmitinterval Use the retransmitinterval command to set the amount of time the port will wait before it attempts to retransmit outgoing packets Syntax retransmitinterval <1-65535> Parameters <1‐65535> Specifies the time interval in seconds Examples The following example sets the retransmission time interval to five seconds EWC.enterasys.com:ip:ospf:ospfinterface:0# retransmitinterval 5 7.2.5.8 status Use the status command to enable or disable OSPF advertising on the port.
7-8 ip Commands
8 login Commands The login command refers to login context, which contains commands to configure the login authentication modes. The login command is accessible from the root context of the CLI. Note: All CLI commands cache changes. For this reason, sometimes when you make a change in a particular context, the change may not be visible immediately. If this happens, you must exit and reenter the context in order to ensure that the database is synchronized with the latest change.
Examples The following example saves login configuration changes. EWC.enterasys.com:login# apply 8.2 auth The auth command moves you into the login:auth context, which contains commands to configure the RADIUS server for RADIUS‐based login. The following commands are available in the login:auth context. • server • primary • authset • move • radtest_login 8.2.1 server Use the server command to select a RADIUS server. The server command is available from the login:auth context.
Parameters Specifies the name of the server Examples The following example sets the primary authentication server EWC.enterasys.com:login:auth# primary FreeRadius70 8.2.3 authset Use the authset command to set authentication server information. The authset command is available from the login:auth context.
<#2> Specifies Server # 2 in the list of RADIUS servers Examples The following example moves the Server # 1 to second in order in the list of RADIUS servers. EWC.enterasys.com:login:auth# move #1 - 8.2.5 radtest_login Use the radtest_login command to check the RADIUS server’s configuration. The radtest_login command is available from the login:auth context.
Usage • You must configure the RADIUS server before you can add RADIUS‐based authentication to the list. To do this, use the auth commands. See auth. • You cannot add duplicate authentication modes to the list. • The authentication order list must contain at least one authentication mode. You cannot delete an authentication mode if it is the only mode in the list. • To change the order of authentication modes in the list, use the move command.
1 authentication method: local 2 authentication method: radius EWC.enterasys.com:login# move 2 1 EWC.enterasys.com:login# show 1 authentication method: radius 2 authentication method: local EWC.enterasys.com:login# apply Changing login mode will cause CLI to terminate. Do you want to proceed? [y|n]:y ************************************************************ Login mode has changed. CLI will terminate in 5 seconds! ************************************************************ 8.
9 mitigator Commands The Enterasys Wireless Controller uses a mechanism known as the Mitigator to assist in the detection of rogue Access Points. The Mitigator function has three main components: an RF scanning task that runs on the Wireless AP, an RF Data Collector (RFDC) to receive and manage RF scan messages sent by the Wireless AP, and an Analysis Engine to process data from the RFDC. This section describes the commands that enable and configure the Mitigator options for the controller.
9.2 wcswip Use the wcswip command to set the IP address of a Remote Data Collection Engine. Use the no format of the command to remove the IP address. Syntax wcswip [ ] no wcswip Parameters IP Address Specifies the IP address of the Remote Data Collection Engine poll_interval Specifies the time interval (in seconds) that the Analysis Engine will poll the Remote Data Collection Engine. The values from 3 to 60 are accepted.
9.3.1 sgname Use the sgname command to create a scan group. Use the no form of the command to delete the scan group. The sgname command is accessible from the mitigator:scgroup context of the CLI. Syntax sgname <10-120> [dtime <1-1000>] [radio1 |radio2|both] [channel all|current] [type active|passive] [serial ...
• show 9.3.2.1 aplist Use the aplist command to modify the list of the Wireless AP that are part of the scan group. Use the no form of the command to delete the Wireless APs from the list. Syntax [no] aplist ... aplist ... Parameters Specifies the Wireless AP by their serial numbers that are to be added to the scan group Examples The following example adds the Wireless APs of the following serial numbers to the scan group: 500006072051354 and 0500006072051427. EWC.
Parameters None Examples The following example sets the channel dwell time of scan group South Block to 100 milliseconds. EWC.enterasys.com:mitigator:scgroup:South Block# dtime 100 Note: After you have run the dtime command, you must run the apply command to start the scanning. 9.3.2.4 radio Use the radio command to modify the radio mode to be used for scanning.
Note: After you have run the type command, you must run the apply command to start the scanning. 9.3.2.6 channel Use the channel command to modify the Channel List — scanning on all channels or on the current channels. Syntax channel all|current Parameters all Specifies all channels to be scanned current Specifies the current channel to be scanned Examples The following example sets the current channel to be scanned. EWC.enterasys.
Parameters None Examples The following example displays the scan group South Block’s settings. EWC.enterasys.com:mitigator:scgroup:South-Block# show Interval 100 dtime 300 radio both channel current type active serial 0500006072051354 0500006072051427 0500006062051048 0500006062051040 9.4 friend The friend command refers to context friend, which contains commands to add friendly APs. The friend command is accessible from the mitigator context of the CLI. 9.4.
9-8 mitigator Commands
10 mobility Commands Multiple Enterasys Wireless Controllers on a network can share and exchange client session information, which enables a wireless device to roam between Wireless APs on different Enterasys Wireless Controllers without service interruption. This section describes the commands required to configure the Mobility options for the Enterasys Wireless Controller. These commands are located in the mobility context of the CLI. Note: All CLI commands cache changes.
EWC.enterasys.com:mobility# mrole agent 10.2 mport Use the mport command to select the port to be used by the Mobility feature. Syntax mport Parameters Specifies the ESA port, where X refers to the port number Examples The following example selects the esa3 port EWC.enterasys.com:mobility# mport esa3 10.
Examples The following example enables SLP registration EWC.enterasys.com:mobility# splreg 10.5 agent Use the agent command to add, remove, or approve an agent on the network by its IP address. Note: The role of the Enterasys Wireless Controller must be set to Manager before this option becomes available. For more information, see “mrole” on page 10-1.
Examples The following example configures the security mode to have no restrictions, allowing all agents to connect to the manager EWC.enterasys.com:mobility# secmode none 10.7 mdismethod Use the mdismethod command to locate the Mobility Manager on the network. Syntax mdismethod (slpd|static) Parameters slpd Uses the Service Location Protocol (SLP) Discovery method static Uses a statically configured IP address for detection Examples The following example uses the SLP discovery method EWC.enterasys.
11 schedule_backup Commands This section describes commands for scheduling the backup of the following reports and database: • Software configurations • CDRs • Logs • Audit Report • Rogue APs Report This section describes commands which manage scheduling options for the backup of data to an FTP or SCP address. These commands are located in the schedule_backup context of the CLI.
11.1 dir Use the dir command to specify a directory to contain backup data on the FTP or SCP server. Syntax dir Parameters Specifies the directory path Examples The following example specifies the directory path for backup data. EWC.enterasys.com:schedule_backup# dir /home/user/destdir 11.2 freq Use the freq command to specify the frequency of software backups.
EWC.enterasys.com:schedule_backup# freq weekly 2,4 The following example sets the software backups to occur on the 15th day of every month EWC.enterasys.com:schedule_backup# freq monthly 15 The following example disables all backup scheduling EWC.enterasys.com:schedule_backup# freq never 11.3 password Use the password command to specify the password of the user name on the FTP or SCP server. Note: The user name must be specified using the user command. For more information, see “user” on page 11-5.
11.5 server Use the server command to specify the IP address of the destination server for backup data. Syntax server Parameters Specifies the IP address of the FTP or SCP server Examples The following example sets the IP address of the server receiving backup data. EWC.enterasys.com:schedule_backup# server 192.168.1.17 11.6 starttime Use the starttime command to specify the time of day to start a scheduled backup.
all Indicates that all configuration, call detail records, log files, audit files, and rogue files will be backed up logs Indicates that log files will be backed up audit Indicates that audit files will be backed up rogue Indicates that rogue files will be backed up Examples The following example indicates that audit files are to be backed up EWC.enterasys.com:schedule_backup# type audit 11.8 user Use the user command to specify the user name of an account on the FTP or SCP server.
11-6 schedule_backup Commands
12 schedule_upgrade Commands Use the schedule_upgrade context to access the commands for scheduling an upgrade and back up of the controller’s software. The schedule_upgrade context is accessible from the root context of the CLI. Note: schedule_upgrade is not the command. It is the context. You must be in the schedule_upgrade context to access the commands for scheduling the upgrade and backup of the controller’s software.
user The user name to access the FTP server password The password to access the FTP server dir The path to the directory where the new software is stored on the FTP server image name The new software’s file name Examples The following example schedules a local upgrade. EWC.enterasys.com:schedule_upgrade# schld_upgrd 06:01:12:00 local AC-MV07.41.03.0003-1.gps Note: Before you can schedule a local uprade, you must download the upgrade image to the controller.
local Specifies that the backup image of the existing software of the Enterasys Wireless Controller is to be saved locally. Option is not available on C2400.
12-4 schedule_upgrade Commands
13 snmp Commands The Enterasys Wireless Controller supports the Simple Network Management Protocol (SNMP) for retrieving statistics and configuration information. This section describes commands which manage SNMP settings for the Enterasys Wireless Controller. These commands are located in the snmp context of the CLI. Note: All CLI commands cache changes. For this reason, sometimes when you make a change in a particular context, the change may not be visible immediately.
Examples The following example specifies a name to identify the SNMP administrator. EWC.enterasys.com:snmp# contact Bill 13.2 context Use the context command to add an SNMPv3 context. Syntax context Parameters Specifies the context name Examples The following example specifies the SNMPv3 context. EWC.enterasys.com:snmp# context context1 13.3 enable Use the enable command to enable and configure SNMP.
Examples The following example enables SNMPv3. EWC.enterasys.com:snmp# enable v3 13.4 engine-id Use the engine‐id command to configure the SNMPv3 engine ID for the Enterasys Wireless Controller running the SNMP agent. Syntax engine-id [auto-gen] Parameters Specifies the SNMPv3 engine ID for the Enterasys Wireless Controller running the SNMP agent. The string must be from 5 to 32 characters in length when auto‐gen is not selected, and from 1 to 27 characters when auto‐gen is selected.
13.6 port Use the port command to specify the destination port for the SNMP traps. Syntax port Parameters Specifies the trap port of the SNMP manager. The value can range from 1 to 65535. Examples The following example sets the trap port of the SNMP manager to 163. EWC.enterasys.com:snmp# port 163 13.7 publish-ap Use the publish‐ap command to enable or disable SNMP publishing of the access point as an interface to the Enterasys Wireless Controller.
13.8 rcommunity Use the rcommunity command to set the name of the read‐only community. Syntax rcommunity Parameters Specifies the name used for the read‐only community Examples The following example sets the name of the read‐only community. EWC.enterasys.com:snmp# rcommunity public 13.9 rwcommunity Use the rwcommunity command to specify the name of the read‐write community. This community allows the modification of stored data on the administrative system.
Examples The following example forwards traps having the Critical level of severity. EWC.enterasys.com:snmp# severity 2 13.11 show Use the show command in the SNMP context to display all SNMP configuration information or just information about configured SNMPv3 users. Syntax show [user] Parameters user Display only configured users. Examples The following example lists only the SNMPv3 users, when in the SNMP context. EWC.enterasys.
13.13 trap-manager-v3 Use the trap‐manager‐v3 command to identify either the primary or secondary machine monitoring SNMPv3 traps by IP address. Syntax trap-manager-v3 (1|2) (A.B.C.D user | delete) Parameters <1‐2> Identifies the primary or secondary machine monitoring SNMPv3 traps
Examples The following example creates an SNMPv3 user named “test” with an authPriv security level using MD5, an authentication password of “tester1234” and a privacy password of “tester1234.” EWC.enterasys.
14 syslog Commands This section describes commands to configure System Log settings on the Enterasys Wireless Controller. These commands are located in the syslog context of the CLI. Note: All CLI commands cache changes. For this reason, sometimes when you make a change in a particular context, the change may not be visible immediately. If this happens, you must exit and reenter the context in order to ensure that the database is synchronized with the latest change.
Syntax facility (application|service|audit) (0|1|3|4|5|6) Parameters application Indicates that application logs are to be updated service Indicates that service logs are to be updated audit Indicates that audit logs are to be updated 0 Sends the log with the Emergency severity level to the syslog server 1 Sends the log with the Alert severity level to the syslog server 3 Sends the log with the Error severity level to the syslog server 4 Sends the log with the Warning severity level to the sys
14.4 syslogip Use the syslogip command to configure up to three syslog servers. Use the no form of the command to delete a server. Note: Use show syslog to display system log levels. For more information, see “show syslog” on page 3-55.
14-4 syslog Commands
15 time Commands Network elements on the Enterasys Wireless Controller can be synchronized to a universal clock in one of two ways: • using the Enterasys Wireless Controller’s own system time • using the Network Time Protocol The commands described in this section are used to select and configure these options, and are located in the time context of the CLI. Note: All CLI commands cache changes.
Examples The following example sets the system time to 12:01pm EWC.enterasys.com:time# clock 12:01 Note: After you run the clock command, you must run the apply command to implement the changes. 15.2 date Use the date command to set the system date. Note: The Network Time Protocol must be disabled before this command can be used. For more information, see “ntp” on page 15-2.
EWC.enterasys.com:time# ntp 3 Note: If you want to use the external NTP Server, you must configure the NTP Server’s IP address by running the ntpip command. For more information, see the following section. 15.4 ntpip Use the ntpip command to configure the IP address of up to 3 standard NTP time servers. Use the no form of the command to remove an IP address by its index number.
15-4 time Commands
16 traffic_capture Commands The traffic_capture command refers to traffic_capture context, which contains the commands to manage the TCPDump. The traffic_capture is accessible from the root context of the CLI. Note: All CLI commands cache changes. For this reason, sometimes when you make a change in a particular context, the change may not be visible immediately. If this happens, you must exit and reenter the context in order to ensure that the database is synchronized with the latest change.
Note: If you do not assign any file name to the TCPDump, the CLI gives a default name mgmt_traffic_dump.cap. The CLI enforces .cap file extension to the TCPDump file. 16.2 size Use the size command to specify the file size of TCPDump file. The size command is accessible from the traffic_capture context of the CLI. Syntax size Parameters Specifies the file size of TCPDump file Examples The following example specifies the file size of the TCPDump file as 5Mb. EWC.enterasys.
Note: The destination command is accessible only in the Enterasys Wireless C2400 Controller and only when the CF card is enabled. 16.4 interface Use the interface command to specify the interface on which the exception traffic is to be captured.
16.6 list Use the list command to display the “TCPDump file capture” list. The list command is accessible from the traffic_capture context of the CLI. Syntax list Parameters None Examples The following example displays the list of TCPDump file capture. EWC.enterasys.com:traffic_capture# list Traffic Capture Files: 1:mgmt_traffic_dump.cap 2:mgmt_traffic_dump.cap (flash) 3:mgmt_traffic_dump-01.cap (flash) 4:mgmt_traffic_dump-02.cap (flash) 5:dhcp-relay-01.cap (flash) 6:third-party-01.
EWC.enterasys.com:traffic_capture# start 16.8 stop Use the stop command to stop capturing the exception traffic to and from the management plane. The stop command is accessible from the traffic_capture context of the CLI. Syntax stop Parameters None Examples The following example specifies to stop capturing the exception traffic. EWC.enterasys.com:traffic_capture# stop 16.9 show Use the show command to display the configuration for capturing the exception traffic to and from the management plane.
16.10 show interfaces Use the show interfaces command to display the physical and virtual ports for which the exception traffic can be captured.The show interfaces command is accessible from the traffic_capture context of the CLI. Syntax show interfaces Parameters None Examples The following example displays the physical and virtual ports for which the exception traffic can be captured. EWC.enterasys.
17 users Commands This section describes commands used to create and manage user accounts on the network. These commands are found within the users context of the CLI. Note: All CLI commands cache changes. For this reason, sometimes when you make a change in a particular context, the change may not be visible immediately. If this happens, you must exit and reenter the context in order to ensure that the database is synchronized with the latest change.
Please input password: Please confirm password: Successfully created user fred. The following example creates a guest administrator user account called “tester” on the system EWC.enterasys.com:users# id tester guestportal Please input password: Please confirm password: Successfully created user tester. Note: A guest administrator user created using the guestportal user type can only login to the system using the GUI. 17.2 pwd Use the pwd command to change the password for a specified account.
18 VNS Commands (vnsmode) This section describes commands used to define and configure Virtual Network Services (VNS) for the network. These commands are located in the vnsmode context of the CLI. Execute the vnsmode command at the root level to enter vnsmode context. Note: All CLI commands cache changes. For this reason, sometimes when you make a change in a particular context, the change may not be visible immediately.
18.1.1 flex-client-access Use the flex‐client‐access command to configure flexible client access (FCA) to the wireless medium. FCA can be adjusted in multiple steps between packet fairness and airtime fairness using this command. This command is available in the vnsmode:adminctr context.
18.1.3 max-video-reassoc Use the max‐video‐reassoc command to set the maximum allowed overall bandwidth on the new AP when a client with an active video stream roams to a new AP and requests admission for the video stream. Syntax max-video-reassoc <0-100> Parameters <0‐100> Specifies the maximum allowable bandwidth as a percentage of total bandwidth. Examples The following example sets the maximum video bandwidth for roaming streams to 60% of total bandwidth. EWC.enterasys.
18.1.5 max-voice-reassoc Use the max‐voice‐reassoc command to set the maximum allowed overall bandwidth on the new AP when a client with an active voice stream roams to a new AP and requests admission for the voice stream. Syntax max-voice-reassoc <0-100> Parameters <0‐100> Specifies the maximum allowable bandwidth as a percentage of total bandwidth. Examples The following example sets the maximum voice bandwidth for roaming streams to 80% EWC.enterasys.
Note: After you run the create command, you must run the apply command to implement the changes. 18.3 das Use the das command to configure DAS (Dynamic Authorization Server) settings. Executing the das command puts you in the vnsmode:das context where the following commands are available. The following commands are available in the vnsmode:das context: • port • replay_interval 18.3.1 port Use the port command to configure the DAS port. The port command is available from the vnsmode:das context.
18.4 default-policy The default‐policy command moves you into the vnsmode:default‐policy context. The vnsmode:default‐policy context provides commands for the configuration of the default‐policy. The default‐policy definitions provide a placeholder for completion of incomplete (no‐change) policies for the VNS being configured. Refer to Chapter 20, policy Commands for a complete discussion of policy commands.
Ingress rate profile: Unlimited Egress rate profile: Unlimited Enable AP filtering: enable Synchronize: disable EWC.enterasys.com:vnsmode:default-policy# 18.4.2 sync Use the sync command to enable or disable automatic synchronization of the default‐policy across paired controllers. Refer to the Enterasys Wireless Controller User Guide for more information about synchronization of policies. The sync command is accessible from within the vnsmode:default‐policy context.
• config • delete • move 18.4.3.1 create Use the create command to create, insert, or append a new filter rule into an AC filter list for the default‐policy. The create command is accessible from within the vnsmode:default‐ policy:acfilters context. If advanced filter mode has been enabled with the enable‐advance‐filtering command (page 20‐3), the Advanced mode syntax is presented. If advanced filter mode is not enabled, the Basic mode syntax is presented.
type [] Specifies an ICMP type or range of ICMP types. This parameter is only valid when ICMP is the specified protocol. Valid values are from 0 ‐ 255. Basic: in (none|dst) Specifies the direction of packet flow. — in specifies a packet flow from the AP to the AC (into network). Advanced: in (none|src|dst|both) none specifies that the in direction does not apply to the filter rule. dst specifies that the IP address for this filter rule is the destination of the packet flow.
The following example creates a filter rule 1 that is inserted into the rule list at position 1, resequencing the current rule 1. This filter rule allows TCP traffic in both directions from the associated topology’s interface‐subnet for ports 10 through 20000: EWC.enterasys.com:vnsmode:default-policy:acfilters# create 1 proto tcp interfacesubnet port 10 2000 in dst out src allow EWC.enterasys.com:vnsmode:default-policy:acfilters# apply EWC.enterasys.
interface‐ip Specifies the IP address of the associated topology will be used for this filter rule. port [] Specifies a TCP or UDP port or port range to which this filter rule will be applied. The first value specifies either the port or the start of a port range. The second value optionally specifies the end of a port range. This parameter is only valid when either TCP or UDP is the specified protocol. Valid port values are from 0 ‐ 65535.
Enable AP filtering: disable filter 1 proto icmp interface-subnet type 9 31 in dst out src allow filter 2 proto udp 192.168.10.0 255.255.255.0 port 10 2000 in dst out src allow filter 3 (default) proto none 0.0.0.0 all_ports in dst out src deny EWC.enterasys.com:vnsmode:default-policy:acfilters# 18.4.3.3 delete Use the delete command to remove a filter rule from the filter list. The delete command is accessible from within the vnsmode:default‐policy:acfilters context.
Enable AP filtering: disable filter 1 proto udp 192.168.10.0 255.255.255.0 port 10 2000 both allow filter 2 proto icmp interface-subnet type 9 31 both allow filter 3 (default) proto none 0.0.0.0 all_ports both deny EWC.enterasys.com:vnsmode:default-policy:acfilters# 18.4.4 rateprf-in Use the rateprf‐in command to associate an already existing rate profile for a policy as an ingress rate profile. The rateprf‐in command is accessible from the vnsmode:default‐policy context.
Usage Refer to “rateprofile” on page 18‐32 for Rate Profile Configuration Information. Examples The following example configures the default‐policy with the Unlimited egress rate profile: EWC.enterasys.com:vnsmode:default-policy# rateprf-out DocRateOut EWC.enterasys.com:vnsmode:default-policy# apply EWC.enterasys.com:vnsmode:default-policy# show Assigned topology: guestPortal Ingress rate profile: DocRateIn Egress rate profile: DocRateOut Enable AP filtering: disable Synchronize: enable EWC.enterasys.
18.4.7 ulfilterap Use the ulfilterap command to enable filtering on the AP. The ulfilterap command is accessible from the vnsmode:default‐policy context. Syntax ulfilterap {enable | disable} Parameters enable | disable Provides for the enabling or disabling of filtering on the AP for this vnsmode:default‐policy context. Usage When filtering is enabled on the AP, wireless APs obtain client filter information from the Enterasys Wireless Controller.
Usage Enabling AP custom filters allows you to access the vnsmode:default‐policy: apfilters context by executing the apfilters command. The vnsmode:default‐policy:apfilters context allows you to configure additional filters for the APs. Filtering on the AP must be enabled using the ulfilterap enable command for the apcustom command to be visible in the CLI. The apcustom enable command makes the apfilters command visible. Examples The following example enables AP custom filters: EWC.enterasys.
Advanced mode syntax: create proto ( | interface-subnet | interface-ip) [(port []) | (type [])] in (none|src|dst|both) out (none|src|dst|both) (allow | deny) Parameters Specifies a position value for this filter in the filter list. Valid values are from 0 ‐ 255. proto Specifies the protocol for this filter rule by number or name. Valid number values are from 0 ‐ 255.
Basic: out (none|src) Advanced: out (none|src|dst|both) Specifies the direction of packet flow. — out specifies a packet flow from the AC to the AP (out of network). none specifies that the out direction does not apply to the filter rule. dst specifies that the IP address for this filter rule is the destination of the packet flow. src specifies that the IP address for this filter rule is the source of the packet flow.
18.4.9.2 config Use the config command to modify an existing AP filter rule for the default‐policy. The config command is accessible from the vnsmode:default‐policy:apfilters context. If advanced filter mode has been enabled with the enable‐advance‐filtering command (page 20‐3), the Advanced mode syntax is presented. If advanced filter mode is not enabled, the Basic mode syntax is presented.
Basic: in (none|dst) Advanced: in (none|src|dst|both) Specifies the direction of packet flow. — in specifies a packet flow from the AP to the AC (into the network). none specifies that the in direction does not apply to the filter rule. dst specifies that the IP address for this filter rule is the destination of the packet flow. src specifies that the IP address for this filter rule is the source of the packet flow.
Parameters Specifies the filter rule list position of the filter to be deleted. Valid values are from 0 ‐ 255. Examples The following example deletes filter rule 1 and displays the remaining deny all rule: EWC.enterasys.com:vnsmode:default-policy:apfilters# delete 1 EWC.enterasys.com:vnsmode:default-policy:apfilters# show Custom AP Filters: enable filter 1 (default) proto none 0.0.0.0 all_ports both deny EWC.enterasys.com:vnsmode:default-policy:apfilters# 18.4.9.
Parameters Specifies the VNS to delete. Examples The following example deletes the VNS named guestportal. EWC.enterasys.com:vnsmode:delete guestportal 18.6 radius Executing the radius command moves you into the vnsmode:radius context, which contains the following commands to manage RADIUS server configuration. After you create a radius server configuration, you can further configure it by entering the vnsmode:radius: context. See “” on page 18‐27.
EWC.enterasys.com:vnsmode:radius# create test-radius-server 10.10.10.10 test EWC.enterasys.com:vnsmode:radius# test-radius-server EWC.enterasys.
Examples The following example deletes the RADIUS server named test‐radius‐server. EWC.enterasys.com:vnsmode:radius# delete test-radius-server 18.6.4 include-service-type Use the include‐service‐type command to include or exclude the Serice‐Type attribute in the client Access‐Request message. The include‐service‐type command is accessible from the vnsmode:radius context of the CLI.
EWC.enterasys.com:vnsmode:radius# show Strict: disable Radius MAC format: 1. XXXXXXXXXXXX Client Access-Request includes Service-Type Attribute: disable Name IP address Priority(Auth:Acct) Protocol RADIUS_1 PAP 192.0.1.202 Retries(Auth:Acct) 3:3 Timeout(Auth:Acct) 5:5 Ports(Auth:Acct) 1812:1813 1:1 The following example displays configuration information for the RADIUS server named “RADIUS_1.” EWC.enterasys.
5 Specifies a MAC address format of XXXXXX‐XXXXXX for use with the RADIUS server 6 Specifies a MAC address format of XX XX XX XX XX XX for use with the RADIUS server 101 Specifies a MAC address format of xxxxxxxxxxxx for use with the RADIUS server 102 Specifies a MAC address format of xx:xx:xx:xx:xx:xx for use with the RADIUS server 103 Specifies a MAC address format of xx‐xx‐xx‐xx‐xx‐xx for use with the RADIUS server 104 Specifies a MAC address format of xxxx.xxxx.
18.6.8 strict Use this command to enable or disable the ability to change RADIUS server settings per WLAN Service. This command is available from the vnsmode:radius context. Syntax strict Parameters enable Enables changing RADIUS server settings per WLAN Service. disable Disables changing RADIUS server settings per WLAN Service. Examples This example disables changing RADIUS server settings per WLAN Service. EWC.enterasys.com:vnsmode:radius# strict disable 18.6.
Syntax acct-port <0-65535> Parameters <0‐65535> Specifies the RADIUS accounting port The following example sets the RADIUS accounting port to 1646 for the RADIUS server named RAD1. EWC.enterasys.com:vnsmode:radius:RAD1# acct-port 1646 18.6.9.2 acct-prio Use the acct‐prio command to set the priority for RADIUS accounting. The acct‐prio command is accessible from the vnsmode:radius: context of the CLI.
18.6.9.4 acct-timeout Use the acct‐timeout command to set the timeout for RADIUS accounting. The acct‐timeout command is accessible from the vnsmode:radius: context of the CLI. Syntax acct-timeout <1-360> Parameters <1‐360> Specifies the RADIUS accounting timeout in seconds. Examples The following example sets the RADIUS accounting timeout to 10 seconds for the RADIUS server named RAD1. EWC.enterasys.com:vnsmode:radius:RAD1# acct-timeout 10 18.6.9.
Examples The following example sets the RADIUS authentication priority to 5 for the RADIUS server named RAD1. EWC.enterasys.com:vnsmode:radius:RAD1# auth-prio 5 18.6.9.7 auth-retries Use the auth‐retries command to set the the total number of RADIUS authentication attempts. The auth‐retries command is accessible from the vnsmode:radius: context of the CLI. Syntax auth-retries <1-32> Parameters <1‐32> Specifies the total number of RADIUS authentication attempts.
Parameters <0‐360> Specifies the RADIUS interim accounting interval in seconds. Examples The following example sets the RADIUS interim accounting interval to 10 seconds for the RADIUS server named RAD1. EWC.enterasys.com:vnsmode:radius:RAD1# interim 10 18.6.9.10 ip Use the ip command to configure the IP address of the RADIUS server. The ip command is accessible from the vnsmode:radius: context of the CLI. Syntax ip A.B.C.D Parameters A.B.C.
18.6.9.12 protocol Use the protocol command to set the security protocol used with the RADIUS server. The protocol command is accessible from the vnsmode:radius: context of the CLI. Syntax protocol [CHAP|MS-CHAP|MS-CHAP2|PAP] Parameters CHAP|MS‐CHAP|MS‐CHAP2|PAP Specifies the security protocol that is used between the RADIUS Server and the Enterasys Wireless Controller Examples The following example sets the security protocol to PAP for the RADIUS server named RAD1. EWC.enterasys.
18.7.1 create Use the create command to create a bandwidth rate control profile with an average rate in Kbps. The create command is accessible from the vnsmode:rateprofile context of the CLI. In the vnsmode:rateprofile context, use the delete command to delete a bandwidth rate control profile, and use the show command to display existing rate control profiles. Note: You can create up to 128 profiles.
Delete rate profile The following example deletes the lowspeed profile. EWC.enterasys.com:vnsmode:rateprofile# delete lowspeed Note: If the rate control profile that you are attempting to delete is being used by any other VNS, the system returns the following message: You can not delete this profile because it is used by other VNS. 18.7.3 show Use the show command to display all existing bandwidth rate control profiles or a specific profile.
18.8.1 auth Use the auth command to assign a default policy for authenticated clients. This command is available from the vnsmode: context. Syntax auth {non-auth | Parameters non‐auth Use the default policy for non‐authenticated clients for authenticated clients. Specifies the name of the policy to use as the default policy for authenticated clients. Usage When you assign a default authenticated policy to this VNS, the same rules apply as when a VNS is created.
Usage When you change the default non‐authenticated policy for this VNS, the same rules apply as when a VNS is created.
18.8.4 pre-auth Use the pre‐auth command to assign the default policy for pre‐authenticated clients when the WLAN Service assigned to this VNS is configured with the 3pap (3rd party AP) mode. The referenced policy can only reference a Topology of mode physical. This command is available in the vnsmode: context. Syntax pre-auth | non-auth Parameters Specifies the name of the policy to be applied to pre‐ authenticated clients.
EWC.enterasys.com:vnsmode:VNS1# restrict enable EWC.enterasys.com:vnsmode:VNS1# apply Note: After you run the restrict command, you must run the apply command to implement the changes. 18.8.6 status Use the status command in the vnsmode: context to enable or disable the current VNS. Syntax status (enable | disable) Parameters enable Enables the VNS. disable Disables the VNS. Examples This example disables the current VNS named VNS1. EWC.enterasys.com:vnsmode:VNS1# status disable EWC.
Note: After you run the sync command, you must run the apply command to implement the changes. 18.8.8 wlans-name Use the wlans‐name command in the vnsmode: context to associate a different WLAN Service with the current VNS. Only one WLAN Service can be associated with a VNS at a time. Syntax wlans-name Parameters Specifies the name of the .WLAN Service to associate with this VNS.
18-40 VNS Commands (vnsmode)
19 wlans Commands This section describes commands used to define and configure WLAN services for the network. These commands are located in the wlans context of the CLI. Execute the wlans command at the root level to enter wlans context. Note: All CLI commands cache changes. For this reason, sometimes when you make a change in a particular context, the change may not be visible immediately.
• import_clients • startofday 19.1.1 client Use the client command to configure the guest portal client access account.
Examples The following example sets a description for the client guest access account with ID “Guest‐ lobby”: EWC.enterasys.com:EWC.enterasys.com:wlans:clients# descr Guest-lobby The lobby guest client account. EWC.enterasys.com:wlans:clients# show descr Guest-lobby Lobby 1234abcd lobby guest client account. 2009-12-01 12:00:00 12 00:00 00:00 disabled 12 The The following example clears the description for the client guest access account with ID “Guest‐ lobby” EWC.enterasys.
Parameters Specifies the ID of the guest access account and must begin with the string “Guest‐” Specifies the duration of the guest client in a hours and minutes format Examples The following example sets the duration of the guest access account to 8 hours: EWC.enterasys.com:wlans:clients# endofday Guest-lobby 08:00 EWC.enterasys.com:wlans:clients# show Guest-lobby 00:00 08:00 Lobby 1234abcd disabled 2009-12-01 12:00:00 12 12 19.1.
Specifies the username with which to login in to the FTP server Specifies the directory path containing the clients import file Specifies the clients import file name Examples The following example imports the previously exported file created by the export_clients command: EWC.enterasys.com:wlans:clients# import_clients 192.168.4.1 admin /support clients_export_file Please input password: Attempting to download file... 19.1.
ssid Specifies the SSID of the WLAN service Examples The following example creates and then displays the details of a WLAN service configuration named test‐wlan in WDS mode with an SSID of “test”: EWC.enterasys.com:wlans# create test-wlan mode wds ssid test EWC.enterasys.com:wlans# show test-wlan Service type: wds Pre-shared Key: Name: test-wlan Enable status: enable Pre-shared Key: SSID: test 19.3 delete Use the delete command to delete a WLAN service configuration.
Examples The following example displays the currently available remote SSIDs. EWC.enterasys.com:wlans# remote-ssid There is no remotable SSID in the mobility domain. 19.5 show Use the show command from the wlans context to display WLAN service configuration information. Syntax show [] Parameters Specifies to display information about the specific WLAN service Examples The following example displays a list of all WLAN service configuration information: EWC.enterasys.
Wireless AP: z106 AP2630-1 m Wireless AP: z201 AP3610 m Wireless AP: z202 AP3610-1 m Wireless AP: z301 AP2650 m (foreign) (foreign) Wireless AP: z302 AP2650-1 m Wireless AP: z901 APW788 m (foreign) (foreign) (foreign) (foreign) SSID: Lab12-open pre-authentication timeout(minutes): 5 post-authentication timeout(minutes): 30 session timeout(minutes): 0 Block MU to MU traffic: disable 19.
19.6.1 3pap Use the 3pap command to add a third party AP to the WLAN service configuration. Use the [no] form of the command to remove a third party AP from the WLAN service configuration. The 3pap command is accessible from the wlan: context of the CLI when the WLAN service type is 3PAP. Syntax [no] 3pap Parameters
Examples The following example adds an AP by serial number to the WLAN service named “test” and then displays the list of Wireless APs: EWC.enterasys.com:wlans:test# aplist 0500000000000000 both EWC.enterasys.com:wlans:test# apply EWC.enterasys.com:wlans:test# show aplist Wireless AP Services: Wireless AP: 0500000000000000 both Note: After you run the aplist command, you must run the apply command to implement the changes. 19.6.
Usage This command is only available when the WLAN service type is WDS. Examples The following example reflects the following: • AP Lancaster is serving as a child of AP Aruba on radio radio1 • AP Auberon is the backup parent of AP Lancaster • Work group bridging is switched off EWC.enterasys.com:wlans:shopfloor_WDS_wlan# aplist-wds Lancaster radio1 child radio2 parent pref-parent Aruba backup-parent Auberon wkgbridge off EWC.enterasys.
Examples The following example adds the AP named lab‐ap1 as a mesh portal with work group bridging on for dynamic mesh WLAN mesh1‐wlan. EWC.enterasys.com:wlans:mesh1-wlan# aplist-wds lab-ap1 portal wkgbridge on 19.6.5 auth The auth command moves you into the authentication context, wlans::auth, for the configuration of authentication settings for the WLAN service being configured. The WLANS auth context supports the following authentication types: • MAC • 802.
• protocol • remove • show 19.6.5.1 aaa-redir Use the aaa‐redir command to enable or disable AAA redirect. Syntax aaa-redir enable | disable Parameters enable | disable Specify to enable or disable AAA redirect Usage The 8021x authentication mode must be set for this command to be available. For more information, see “mode” on page 19‐32. Examples The following example enables AAA redirect: EWC.enterasys.com:wlans:cnl-AAA:auth# aaa-redir enable EWC.enterasys.
Examples The following example enables the inclusion of AP Identification information in messages to the RADIUS server: EWC.enterasys.com:wlans:test:auth# auth-ap enable EWC.enterasys.com:wlans:test:auth# apply EWC.enterasys.com:wlans:test:auth# show auth-ap AP as VSA attribute: enable Note: After you run the auth-ap command, you must run the apply command to implement the changes. 19.6.5.
19.6.5.4 auth-ingress Use the auth‐ingress command to include ingress rate control information in the message to the RADIUS server. The auth‐ingress command is accessible from the wlan::auth context of the CLI. Syntax auth-ingress enable | disable Parameters enable | disable Specifies to enable or disable the inclusion of ingress rate control information in messages to the RADIUS server Usage The auth‐ingress command is not available when the authentication mode is guestportal.
Examples The following example enables the inclusion of policy information in the message to the RADIUS server: EWC.enterasys.com:wlans:test:auth# auth-policy enable EWC.enterasys.com:wlans:test:auth# apply EWC.enterasys.com:wlans:test:auth# show auth-policy Policy as VSA attribute: enable Note: After you run this command, you must run the apply command to implement the changes. 19.6.5.6 auth-ssid Use the auth‐ssid command to include SSID information in the message to the RADIUS server.
19.6.5.7 auth-topology Use the auth‐topology command to include topology information in the message to the RADIUS server. The auth‐topology command is accessible from the wlan::auth context of the CLI. Syntax auth-topology enable | disable Parameters enable | disable Specifies to enable or disable the inclusion of Topology information in messages to the RADIUS server Usage The auth‐topology command is not available when the authentication mode is guestportal.
Examples The following example enables the inclusion of VNS information in messages to the RADIUS server: EWC.enterasys.com:wlans:test:auth# auth-vns enable EWC.enterasys.com:wlans:test:auth# apply EWC.enterasys.com:wlans:test:auth# show auth-vns VNS as VSA attribute: enable Note: After you run this command, you must run the apply command to implement the changes. 19.6.5.
19.6.5.9.1 add-ip-port Use this command enable or disable the ability to add a controller IP address and port to the redirection URL. The add‐ip‐port command is available in the wlan::auth:captiveportal context for external captive portal mode only. Syntax add-ip-port enable | disable Parameters enable Enable adding a controller IP address and port to the redirection URL. disable Disable adding a controller IP address and port to the redirection URL. This is the default. 19.6.5.9.
disable Disable HTTPS support on the WLAN service configured for external authentication. Usage By default, HTTPS support is disabled. Examples The following example enables HTTPS support on the WLAN service. EWC.enterasys.com:wlans:external_wlan:auth:captiveportal# cp-ssl enable EWC.enterasys.com:wlans:external_wlan:auth:captiveportal# apply 19.6.5.9.
For a Enterasys Wireless Controller C20N the syntax is: extcpip (PC.|eth0): For a Enterasys Wireless Controller C4110 the syntax is: extcpip port: Parameters PC. Indicates that a physical data port will be used, where X is an identification number between 0 and 3.
Examples The following example specifies an External Redirection URL: EWC.enterasys.com:wlans:CNL-7-CP:auth:captiveportal# extredir http:// 192.168.4.89:80 EWC.enterasys.com:wlans:CNL-7-CP:auth:captiveportal# apply Note: After you run the extredir command, you must run the apply command to implement the changes. 19.6.5.9.
Usage The guestportal, internal, or splash authentication mode must be set for this command to be available. For more information, see “mode” on page 19‐32. Examples The following example replaces the Gateway IP address with a domain name: EWC.enterasys.com:vnsmode:CNL-7-CP:auth:captiveportal# fqdn cp.siemens.com EWC.enterasys.com:vnsmode:CNL-7-CP:auth:captiveportal# apply Note: After you run the fqdn command, you must run the apply command to implement the changes. 19.6.5.9.
Parameters Specifies the maximum number of hours for the session time of the guestportal access account Usage The guestportal authentication mode must be set for this command to be available. For more information, see “mode” on page 19‐32. Examples The following example sets the guest portal prefix to the string “TEST”: EWC.enterasys.com:wlans:CNL-CP:auth:captiveportal# guestportalprefix TEST EWC.enterasys.com:wlans:CNL-CP:auth:captiveportal# apply EWC.enterasys.
19.6.5.9.12 minpasswdlength Use the minpasswdlength command, within context wlan::auth:captiveportal, to set the minimum acceptable character length for the password for the guest portal access account. Syntax minpasswdlength Parameters Specifies the minimum acceptable character length for the guest portal access account password Usage The guestportal authentication mode must be set for this command to be available. For more information, see “mode” on page 19‐32.
Examples The following example specifies the internal network URL to redirect connecting users to: EWC.enterasys.com:vnsmode:CNL-7-CP:auth:captiveportal# redirect http:// 192.168.1.38 EWC.enterasys.com:vnsmode:CNL-7-CP:auth:captiveportal# apply Note: After you run the redirect command, you must run the apply command to implement the changes. 19.6.5.9.14 send-login Use this command to specify the type of captive portal redirection URL for successful logins.
Examples This example enables the ability of the Guest Administrator to set account lifetimes. EWC.enterasys.com:wlans:Lab126-12-GuestP:auth:captiveportal# set-acct-lifetime enable 19.6.5.9.16 tos-override Use the tos‐override command, within context wlan::auth:captiveportal, to enable or disable external portal integration with Policy Manager (NAC). This command is available when the named WLAN service is in “external” mode.
Parameters enable | disable Specifies to enable or disable the collection of Wireless Controller accounting information Usage The cdr command is available in all authentication modes. For more information, see “mode” on page 19‐32. Examples The following example enables the collection of Wireless Controller accounting information: EWC.enterasys.com:wlans:test:auth# cdr enable EWC.enterasys.com:wlans:test:auth# apply EWC.enterasys.
configuring RADIUS server attributes, use the exit command to return to the wlans: context. Examples The following example configures the RADIUS server “radius1” as an authentication server: EWC.enterasys.com:wlans:cnl-AAA:auth# config radius1 role auth prot PAP EWC.enterasys.
Parameters Specify an integer value in minutes for the interim interval. The default value is 30 minutes. Usage The interim command is not available when the authentication mode is guestportal. When the authentication mode is disabled, MAC must be enabled for this command to be available. For authentication mode command information, see “mode” on page 19‐32. For mac command information, see “mac” on page 19‐30.
Parameters enable | disable Specify to enable or disable automatic authentication of authorized users Usage The mac‐auto‐authenticate command is available in all authentication modes, if MAC authentication is enabled, using the mac enable command. For authentication mode command information, see “mode” on page 19‐32. For mac command information, see “mac” on page 19‐30. Examples The following example enables automatic authentication of authorized users on the cnl‐mac WLANS service: EWC.enterasys.
19.6.5.17 mac-roam Use the command to enable or disable MAC based authentication on roam. The mac‐roam command is accessible from the wlans::auth context of the CLI. Syntax mac-roam enable | disable Parameters enable | disable Specify to enable or disable MAC authentication on roam. Default value: disabled Usage The mac‐roam command is not available in the guest splash and guest portal authentication modes, if MAC authentication is enabled, using the mac enable command.
Examples The following example sets the authentication mode to external captive portal: EWC.enterasys.com:wlans:test:auth# mode external EWC.enterasys.com:wlans:test:auth# apply EWC.enterasys.com:wlans:test:auth# show mode Authentication mode: external Note: After you run the mode command, you must run the apply command to implement the changes. 19.6.5.19 move Use the move command, from within the RADIUS server configuration command mode, to change the position of a RADIUS server in the RADIUS server list.
Parameters Specify the ID for the NAS vnsname Specifies that the VNS name should be used for the NAS ID Usage The NAS ID defaults to the VNS name if this command is not used to specify a NAS ID. You must be in RADIUS server configuration mode for the nasid command to be available. Use the config command to enter RADIUS server configuration mode. For more information, see “config” on page 19‐28.
Examples The following example sets the NAS IP address for this RADIUS server configuration to the VNS IP address for the cnl‐AAA WLANS auth context: EWC.enterasys.com:wlans:cnl-AAA:auth# nasip vnsip EWC.enterasys.com:wlans:cnl-AAA:auth# apply EWC.enterasys.com:wlans:cnl-AAA:auth# show nasip NAS identifier: Use VNS IP address Note: After you run the nasip command, you must run the apply command to implement the changes. 19.6.5.
Parameters CHAP Configures the Challenge Handshake Authentication Protocol as the authentication protocol PAP Configures the Password Authentication Protocol as the authentication protocol MS‐CHAP Configures the Windows specific version of CHAP as the authentication protocol MS‐CHAP2 Configures the Windows specific version (Version 2) of CHAP as the authentication protocol Usage You must be in RADIUS server configuration mode for the protocol command to be available.
19.6.5.25 show Use the show command to display the current authentication settings of the specified individual WLAN service. The show command is accessible from the wlan::auth context of the CLI. Examples The following example displays the current authentication settings for the WLAN service named Lab126‐12‐AAA.: EWC.enterasys.
Examples This example selects the 5 GHz radio band for the dynamic mesh WLAN service named mesh1‐ wlan. EWC.enterasys.com:wlans:mesh1-wlan# backhaul-radio a 19.6.7 default-topology Use the default‐topology command to assign an existing B@AC, B@AP, or routed topology as the default topology for the specified WLAN service. You can also use the default‐topology command to unassign the default topology. The default‐topology command is accessible from the wlans: context of the CLI.
Note: After you run the direct-client-traffic command, you must run the apply command to implement the changes. 19.6.9 interwlan-roaming Use this command to enable or disable inter‐WLAN roaming on this WLAN service. The interwlan‐roaming command is accessible from the wlan: context of the CLI. Syntax interwlan-roaming enable|disable Parameters enable Enables the inter‐WLAN roaming feature for this WLAN service. This is the default setting.
19.6.11 priv The priv command moves you to the wlan::priv context, which contains commands to configure the privacy mode of the specified individual WLAN service. The following commands are available in the wlan::priv context. • group‐key‐ps • mode • wep • wpa‐broadcast‐rekey • wpa‐v1 • wpa‐v2 • wpa‐v2‐key‐mgmt 19.6.11.1 group-key-ps Use the group‐key‐ps command to enable or disable the group key power save retry.
dynwep Specifies the dynamic WEP privacy mode Usage Once you have set the privacy mode, new commands become available in the wlan::priv context. For example, setting the privacy mode to wep provides an additional command (wep) that you can use to configure WEP settings. Examples The following example changes the privacy mode of the WLAN service named “test” to WPA‐ PSK: EWC.enterasys.com:wlans:test:priv# mode wpa-psk EWC.enterasys.com:wlans:test:priv# apply EWC.enterasys.
Input method: input string WEP string: Sl==p Note: After you have run the wep command, you must run the apply command to implement the name change. 19.6.11.4 wpa-broadcast-rekey Use the wpa‐broadcast‐rekey command to configure the re‐key interval for group keys. The wpa‐ broadcast‐rekey command is accessible from the wlan::priv context of the CLI.
Usage The wpa‐v1 command is available when the privacy mode is set to wpa or wpa‐psk. For more information, see “mode” on page 19‐40. Examples The following example displays the WPA v1 encryption protocol, sets the WPA v1 encryption protocol to TKIP, and displays the setting: EWC.enterasys.com:wlans:test:priv# show wpa-v1 WPA v.1 encryption is not enabled EWC.enterasys.com:wlans:test:priv# wpa-v1 tkip EWC.enterasys.com:wlans:test:priv# apply EWC.enterasys.com:wlans:test:priv# show wpa-v1 WPA v.
19.6.11.7 wpa-v2-key-mgmt Use the wpa‐v2‐key‐mgmt command to configure WPA v2 key management options. The wpa‐ v2‐key‐mgmt command is accessible from the wlan::priv context of the CLI.
Examples The following example configures the pre‐shared key for the WDS WLAN service wds‐test as testsecret: EWC.enterasys.com# wlans EWC.enterasys.com:wlans# wds-test EWC.enterasys.com:wlans:wds-test# psk testsecret EWC.enterasys.com:wlans:wds-test# apply EWC.enterasys.com:wlans:wds-test# show Service type: wds Pre-shared Key: testsecret Name: wds-test Enable status: enable Pre-shared Key: testsecret SSID: wdstest EWC.enterasys.
19.6.13.1 dot11e Use the dot11e command to enable or disable 802.11e radio QoS support. The dot11e command is accessible from the wlan::qos‐policy context of the CLI. Syntax dot11e enable | disable Parameters enable | disable Specify to enable or disable 802.11e radio QoS support Examples The following example enables 802.11e support on the Enterasys Wireless Controller: EWC.enterasys.com:wlans:CNL-7-CP:qos-policy# dot11e enable EWC.enterasys.com:wlans:CNL-7-CP:qos-policy# apply EWC.
Note: After you run the downlink command, you must run the apply command to implement the changes. 19.6.13.3 flex-client-access Use the flex‐client‐access command to enable or disable flexible client access to the wireless medium. The flex‐client‐access command is accessible from the wlan::qos‐policy context of the CLI.
Note: After you run the legacy command, you must run the apply command to implement the changes. 19.6.13.5 priority-map Use the priority‐map command to configure Differentiated Service Code Point (DSCP) classification by mapping Service Class user priority levels to DSCP codepoints. The priority‐map command is accessible from the wlan::qos‐policy context of the CLI.
Examples The following example overrides priority for all packets on WLANS CNL‐7‐CP: EWC.enterasys.com:wlans:CNL-7-CP:qos-policy# priority-override enable EWC.enterasys.com:wlans:CNL-7-CP:qos-policy# apply EWC.enterasys.com:wlans:CNL-7-CP:qos-policy# show priority-override Priority override: enable Note: After you run the priority-override command, you must run the apply command to implement the changes. 19.6.13.
Parameters <0‐7> Specifies a Service Class value. Default value: 1. Usage This command is only active if the priority‐override command has been enabled. For more information, see “priority‐override” on page 19‐48. Examples The following example overrides all existing Service Class settings and configures a single Service Class of 4 for the CNL‐7‐CP WLANS: EWC.enterasys.com:wlans:CNL-7-CP:qos_policy# priority-override-up 4 EWC.enterasys.com:wlans:CNL-7-CP:qos_policy# apply EWC.enterasys.
19.6.13.10 uapsd Use the uapsd command to enable Unscheduled Automatic Power Save Delivery (U‐APSD) on the VNS. Use the no form of the command to disable it. The uapsd command is accessible from the wlan::qos‐policy context of the CLI. Syntax uapsd enable | disable Parameters enable | disable Enables or disables U‐APSD. Default value: disabled. Usage This command is only available when either the 802.11e or wmm commands have been enabled.
Examples The following example defines the uplink policer action to end TSPEC violations by deleting the TSPEC for the CNL‐7‐CP WLANS: EWC.enterasys.com:wlans:CNL-7-CP:qos-policy# uplink delts EWC.enterasys.com:wlans:CNL-7-CP:qos-policy# apply Note: After you run the uplink command, you must run the apply command to implement the changes. 19.6.13.12 wmm Use the wmm command to enable Wi‐Fi Multimedia enhancements for audio, video, and voice applications.
Usage Enabling video admission control automatically enables voice admission control. Disabling video admission control automatically disables voice admission control. Examples The following example enables global admission control for video: EWC.enterasys.com:wlans:CNL-7-CP:qos-policy# video-admission-control enable EWC.enterasys.com:wlans:CNL-7-CP:qos-policy# apply EWC.enterasys.
19.6.14 remoteable Use the remoteable command to enable or disable the SSID advertisement to the mobility domain. The remoteable command is accessible from the wlan: context of the CLI. Syntax remoteable enable | disable Parameters enable | disable Enables or disables the SSID advertisement to the mobility domain. Examples The following example enables the SSID advertisement for the CNL‐7‐CP WLANS: EWC.enterasys.com:wlans:CNL-7-CP# remoteable enable EWC.enterasys.
Parameters enable | disable Enables or disables automatic power reduction of transmissions using the 802.11h standard Examples The following example enables the power reduction feature on the WLAN service: EWC.enterasys.com:wlans:test:rf# 11h-power-reduction enable EWC.enterasys.com:wlans:test:rf# apply EWC.enterasys.
19.6.15.3 energy-save-mode Use the energy‐save‐mode command to enable or disable the AP energy saving mode. The energy‐save‐mode command is accessible from the wlan::rf context of the CLI. Syntax energy-save-mode enable | disable Parameters enable | disable Enables or disables the AP energy saving mode on the WLAN service. Examples The following example enables AP energy saving mode: EWC.enterasys.com:wlans:CNL-7-CP:rf# energy-save-mode enable 19.6.15.
Process client IE requests: disable Enable 11h support: disable Apply power reduction to 11h clients: disable Suppress SSID: disable Energy save mode: disable 19.6.15.6 ssid-suppress Use the ssid‐suppress command to allow or prevent the SSID from being broadcast by the Wireless AP. The ssid‐suppress command is accessible from the wlan::rf context of the CLI.
post-authentication timeout(minutes): 30 session timeout(minutes): 0 Block MU to MU traffic: disable This example displays the settings for the dynamic mesh WLAN service named mesh1‐wlan. EWC.enterasys.com:wlans:mesh1-wlan# show Service type: mesh Pre-shared Key: SSID: mesh1 Backhaul Radio Band: a Name: mesh1-wlan Enable/disable WLAN Service: enable aplist-wds 0500008043050236 portal wkgbridge on Radio Mode: off 19.6.
Parameters enable | disable Enables or disables this WLAN service Examples The following example enables this WLAN service EWC.enterasys.com:wlans:test# status enable EWC.enterasys.com:wlans:test# apply EWC.enterasys.com:wlans:test# show status Enable status: enable Note: After you run the status command, you must run the apply command to implement the changes. 19.6.
Parameters <0‐999999> Specify the post‐authentication timeout value in minutes for this WLAN service Examples The following example sets the post‐authentication timeout value to 10 minutes for this WLAN service: EWC.enterasys.com:wlans:test# timeout-post 10 EWC.enterasys.com:wlans:test# apply Note: After you run the timeout-post command, you must run the apply command to implement the changes. 19.6.
19.6.22 timeout-session Use the timeout‐session command to set the session timeout value (in minutes) for this WLAN service. The timeout‐session command is accessible from the wlan: context of the CLI. Syntax timeout-session <0-999999> Parameters <0‐999999> Specify the session timeout value in minutes for this WLAN service Examples The following example sets the session timeout value to never for this WLAN service: EWC.enterasys.com:wlans:test# timeout-session 0 EWC.enterasys.
19-62 wlans Commands
20 policy Commands This section describes commands used to define and configure policy for the Enterasys Wireless Controller. These commands are located in the policy context of the CLI. Execute the policy command at the root level to enter policy context. Refer to Section 6.10, “Configuring Policy,” in the Enterasys Wireless Controller User Guide for more information about policy configuration.
20.1 create Use the create command to create a new policy, specifying a name for the new policy. The create command is accessible from the policy context. Syntax create Parameters Specifies the name of the policy.
20.2 delete Use the delete command to delete a policy, specifying the name of the policy to be deleted. The delete command is accessible from the policy context of the CLI. Syntax delete Parameters Specifies the name of the policy to delete The following example deletes the policy named p6. EWC.enterasys.com:policy# delete p6 20.3 enable-advance-filtering Use this command to enable advanced filtering definitions.
Examples The following example displays the current list of policy configuration information.
• apcustom • apfilters — See apfilters for commands in the policy::apfilters context. 20.5.1 show Use the show command to display the configuration information for the current policy: context. The show command is accessible from within the the policy: context. Syntax show Parameters None. Examples The following example displays the p1 policy configuration from within the p1 policy: context: EWC.enterasys.com:policy# p1 EWC.
If the filter‐status command is set to no‐change, any filters that exist in the previous policy are applied to this user. For example, if the previous policy is the default‐policy, default‐policy filters are applied to this user. The show command, within the policy context, and the show command, within a policy: context, specify the current filter‐status command setting with the line “Do not change filter settings when this Policy is applied:”.
EWC.enterasys.com:policy:p1# name policy1 EWC.enterasys.com:policy:p1# apply EWC.enterasys.com:policy:p1# show Assigned topology: no change Ingress rate profile: no change Egress rate profile: no change Do not change filter settings when this Policy is applied: disable Enable AP filtering: disable Name: policy1 Synchronize: disable EWC.enterasys.com:policy:p1# exit EWC.enterasys.com:policy# policy1 EWC.enterasys.com:policy:policy1# 20.5.
20.5.5 acfilters Use the acfilters command to enter the policy::acfilters context for the configuring of AC filters. AC filter rules are applied at the controller. The acfilters command is accessible from within the the policy: context. Notes: AC filtering is not available when the associated topology is configured for Bridge at AP. AC filtering is available when the associated topology is set to either Bridge at AC or Routed. The acfilter command has been replaced by acfilters.
Advanced mode syntax: create proto ( | interface-subnet | interface-ip) [(port []) | (type [])] in (none|src|dst|both) out (none|src|dst|both) (allow | deny) Parameters Specifies a position value for this filter in the filter list. Valid values are from 0 ‐ 255. proto Specifies the protocol for this filter rule by number or name. Valid number values are from 0 ‐ 255.
Basic: out (none|src) Advanced: out (none|src|dst|both) Specifies the direction of packet flow. — out specifies a packet flow from the AC to the AP. none specifies that the out direction does not apply to the filter rule. dst specifies that the IP address for this filter rule is the destination of the packet flow. src specifies that the IP address for this filter rule is the source of the packet flow. both specifies that the IP address for this filter rule can be either source or destination.
filter 1 proto tcp 192.168.0.0 255.255.0.0 port 10 2000 in dst out src allow filter 2 proto udp 192.168.10.0 255.255.255.0 port 10 2000 in dst out src allow filter 3 (default) proto none 0.0.0.0 all_ports in dst out none allow filter 4 (default) proto none 0.0.0.0 all_ports in none out src allow 20.5.5.2 config Use the config command to modify an existing AC filter rule for this . The config command is accessible from within the policy::acfilters context.
type [] Specifies an ICMP type or range of ICMP types. This parameter is only valid when ICMP is the specified protocol. Valid values are from 0 ‐ 255. Basic: in (none|dst) Specifies the direction of packet flow. — in specifies a packet flow from the AP to the AC. Advanced: in (none|src|dst|both) none specifies that the in direction does not apply to the filter rule. dst specifies that the IP address for this filter rule is the destination of the packet flow.
20.5.5.3 delete Use the delete command to remove a filter rule from the filter list. The delete command is accessible from within the policy::acfilters context. Syntax delete Parameters Specifies the filter rule list position of the filter to be deleted. Valid values are from 0 ‐255. Examples The following example deletes filter rule 1 and displays the remaining default deny all rule: EWC.enterasys.com:policy:p1:acfilters# delete 1 EWC.enterasys.
20.5.6 rateprf-in Use the rateprf‐in command to associate an already existing rate profile with a policy as an ingress rate profile. The rateprf‐in command is accessible from the policy: context. Syntax rateprf-in | no-change Parameters Specifies the ingress rate profile to associate with this policy: context. no‐change Specifies that no rate profile change is associated with this policy.
no‐change Specifies that no rate profile change is associated with this policy. When applying this policy to a user at runtime, the user retains the egress rate profile currently enforced. Usage Refer to “rateprofile” on page 18‐32 for Rate Profile Configuration Information. Examples The following example configures the p1 with the Unlimited egress rate profile: EWC.enterasys.com:policy:p1# rateprf-out Unlimited EWC.enterasys.com:policy:p1# apply EWC.enterasys.
Assigned topology: guestPortal Ingress rate profile: no change Egress rate profile: no change Do not change filter settings when this Policy is applied: disable Enable AP filtering: disable Name: p1 Synchronize: disable EWC.enterasys.com:policy:p1# 20.5.9 ulfilterap Use the ulfilterap command to enable filtering on the AP. The ulfilterap command is accessible from the policy: context.
Parameters enable | disable Provides for the enabling or disabling of AP custom filters for this policy: context. Usage Enabling AP custom filters provides for the ability to access the policy::apfilters context using the apfilters command. The apfilters command allows for the configuration of additional filters for the APs. Filtering on the AP must be enabled using the ulfilterap enable command for the apcustom command to be visible in the CLI.
Examples The following example enters the policy::apfilters context for the p1 : EWC.enterasys.com:policy:p1# ulfilterap enable EWC.enterasys.com:policy:p1# apcustom enable EWC.enterasys.com:policy:p1# apfilters EWC.enterasys.com:policy:p1:apfilters# 20.5.11.1 create Use the create command to create, insert, or append a new AP custom filter for this . The create command is accessible from the policy::apfilters context.
port [] Specifies a TCP or UDP port or port range to which this custom filter will be applied. The first value specifies either the port or the start of a port range. The second value optionally specifies the end of a range. This parameter is only valid when either TCP or UDP is the specified protocol. Valid port values are from 0 ‐ 65535. type [] Specifies an ICMP type or range of ICMP types. This parameter is only valid when ICMP is the specified protocol.
filter 1 proto udp 10.10.10.0 255.255.255.0 port 20 2000 in dst out src allow filter 2 (default) proto none 0.0.0.0 all_ports in dst out none allow filter 3 (default) proto none 0.0.0.0 all_ports in none out src allow The following example creates a custom filter 1 that is inserted into the rule list at position 1 because a rule already exists for rule 1. This custom filter allows ICMP types 9 through 31 traffic in both directions from IP address 20.20.10.0/24: EWC.enterasys.
Specifies an IP address and mask for this filter. interface‐subnet Specifies the IP address and mask configured for the associated topology. interface‐ip Specifies the IP address of the associated topology port [] Specifies a TCP or UDP port or port range to which this custom filter will be applied. The first value specifies either the port or the start of a port range. The second value optionally specifies the end of a range.
EWC.enterasys.com:vnsmode:default-policy:apfilters# show Custom AP Filters: enable filter 1 proto icmp 20.20.10.0 255.255.255.0 type 9 31 in dst out src allow filter 2 proto tcp 50.20.0.0 255.255.0.0 all_ports in dst out src allow filter 3 (default) proto none 0.0.0.0 all_ports in dst out none allow filter 4 (default) proto none 0.0.0.0 all_ports in none out src allow 20.5.11.3 delete Use the delete command to remove a custom filter from the AP filter list.
• Displays the new list ordering : EWC.enterasys.com:policy:p1:apfilters# move 2 1 EWC.enterasys.com:policy:p1:apfilters# show Custom AP Filters: enable filter 1 proto tcp 50.20.0.0 255.255.0.0 all_ports both allow filter 2 proto icmp 20.20.10.0 255.255.255.0 type 9 31 both allow filter 3 (default) proto none 0.0.0.0 all_ports in dst out none allow filter 4 (default) proto none 0.0.0.
20-24 policy Commands
21 topology Commands This section describes commands used to define and configure topology objects used by policy and VNS objects. These commands are located in the topology context of the CLI. Execute the topology command at the root level to enter toplogy context. Note: All CLI commands cache changes. For this reason, sometimes when you make a change in a particular context, the change may not be visible immediately.
Usage There are five topology types: • Admin — The native, pre‐defined topology of the Enterasys Wireless Controller management port. This topology is named admin. You cannot create topologies with the name admin. • B@AC — Bridge Traffic Locally at controller. Requires Layer 2 configuration. May optionally have Layer 3 configuration.
EWC.enterasys.com:topology# delete test 21.3 show Use the show command to display topology configuration information. Syntax show [] Parameters Specifies to display information about the specific topology Examples The following example displays information for all configured topologies. EWC.enterasys.com:topology# show Name Mode L2:VlanId,port L3:IP,GW, Admin admin N/A,Admin 192.168.4.37,192.168.4.11,N/A esa0 physical 545,esa0 10.109.0.1,10.0.0.
21.4 The command, where refers to the name of a given topology, moves you into the topology: context, which contains commands to configure the settings of the specified individual topology. The following commands are available in the topology: context. • 3rd‐party • l2 — See l2 for commands in the topology::l2 context. • l3 — See l3 for commands in the topology::l3 context.
21.4.2 l2 Use the l2 command to enter the topology::l2 context of the CLI for b@ac, b@ap, physical, and routed topologies. The l2 context allows you to configure the Layer 2 functionality of the topology. The following commands are available in the topology::l2 context. • multicast — See multicast for commands in the topology::l2:multicast context. • port • show • tagged • vlanid 21.4.2.
Examples This example configures an existing multicast filter. EWC.enterasys.com:topology:techpubs_test_ac:l2:multicast# config 1 225.1.1.0/32 on 21.4.2.1.2 create Use the create command to create a multicast filter rule. The create command is available from the topology::l2:multicast context of the CLI for b@ac and routed topologies. Syntax create [|default] (A.B.C.
21.4.2.1.4 filter Use the filter command to enable or disable multicast filtering support. The filter command is available from the topology::l2:multicast context of the CLI for b@ac and routed topologies. Syntax filter enable | disable Parameters enable Indicates that multicast filtering support will be enabled. disable Indicates that multicast filtering support will be disabled. Examples This example enables multicast filtering support. EWC.enterasys.
None Examples This example shows the multicast support for a topology named r1. EWC.enterasys.com:topology:r1:l2:multicast# show Multicast support: disable 21.4.2.2 port Use the port command to assign a port to a topology. The port command is available from the topology::l2 context of the CLI for b@ac topologies. Syntax port Parameters Specifies the name of the port Examples This example assigns port esa1 to the topology named r1. EWC.enterasys.
21.4.2.4 tagged Use the tagged command to enable or disable 802.1Q VLAN tagging. The tagged command is available from the topology::l2 context of the CLI for b@ap and physical topologies. Syntax tagged enable | disable Parameters enable Indicates that 802.1Q VLAN tagging will be enabled. disable Indicates that 802.1Q VLAN tagging will be disabled. Examples This following example enables 802.1Q VLAN tagging on the physical topology named esa1. EWC.enterasys.
• exceptions — See exceptions for commands in the topology::l3:exceptions context. • foreign‐ip • gateway • gen‐certreq • ip • mgmt • mtu • nexthop • ospf‐advert • ospf‐cost • show 21.4.3.1 ap-register Use the ap‐register command to enable or disable AP registration through the named topology. The ap‐register command is available from the topology::l3 context of the CLI for b@ac and physical topologies.
Parameters pkcs12 Indicates that certificate file is in the PKCS #12 format. pem‐der Indicates that the certificate file and key file are PEM/DER encoded. csr‐cert Indicates that the is a certificate signing request file. Indicates that either SCP or FTP should be used to download the certificate file.
PKCS#12 file, CSR file, or PEM/DER files, and, if successful, converts the PKCS#12 file, CSR file, or PEM/DER files into a certificate and key. The command confirms that the certificate password works with the private key file then assigns both the certificate and key to the named topology. Note: This command generates an error if the indicated file name cannot be found.
Examples EWC.enterasys.com:topology:test:l3# copy-csr ftp 192.168.1.1 root mypasswd /tmp 21.4.3.4 dhcp Use the dhcp command to enter the topology::l3:dhcp context of the CLI for b@ac, physical, and routed topologies. The following commands are available in the topology::l3: dhcp context.
21.4.3.4.2 dls Use the dls command to enable or disable DLS (HiPath Deployment Services). The dls command is available from the topology::l3:dhcp context of the CLI for b@ac and routed topologies. This command is visible only when mode is set to local. See “mode” on page 21‐18. Syntax dls enable | disable Parameters enable Enables DLS disable Disables DLS Examples The following example enables DLS. EWC.enterasys.com:topology:test:l3:dhcp# mode local EWC.enterasys.
21.4.3.4.4 dns Use the dns command to specify the IP addresses for one or more DNS servers. The dns command is available from the topology::l3:dhcp context of the CLI for b@ac, physical, and routed topologies. This command is visible only when mode is set to local. See “mode” on page 21‐18. Syntax dns ( [, [...
context of the CLI for b@ac, physical, and routed topologies. This command is visible only when mode is set to local. See “mode” on page 21‐18. Syntax exclude A.B.C.D [A.B.C.D] [delete | (comment )] Parameters A.B.C.D[ A.B.C.D] Specifies the IP address or range of IP addresses. delete Clears the IP addresses. comment A comment about the excluded IP address or range of IP addresses. Examples The following example excludes the address range 10.0.1.10–10.0.1.20. EWC.
from the topology::l3: dhcp context of the CLI for b@ac and routed topologies. This command is visible only when mode is set to local. See “mode” on page 21‐18. Syntax foreign-range A.B.C.D A.B.C.D Parameters A.B.C.D Specifies the first IP address in the IP address range A.B.C.D Specifies the last IP address in the IP address range Examples The following example specifies the IP address range. EWC.enterasys.com:topology:routed2:l3:dhcp# mode local EWC.enterasys.
Examples The following example sets the default lease time to 34000 seconds. EWC.enterasys.com:topology:routed2:l3:dhcp# mode local EWC.enterasys.com:topology:routed2:l3:dhcp# lease 34000 EWC.enterasys.com:topology:routed2:l3:dhcp# apply Note: After you run the lease-default command, you must run the apply command to implement the changes. 21.4.3.4.11 lease-max Use the lease‐max command to set the maximum time limit, in seconds, that an IP address would be assigned by the DHCP server to a wireless device.
relay Indicates that a DHCP relay server will be used none Indicates that the Enterasys Wireless Controller will not treat the DHCP messages specially Examples The following example configures the routed topology named routed2 to use a local DHCP server on the controller. EWC.enterasys.com:topology:routed2:l3:dhcp# mode local EWC.enterasys.com:topology:routed2:l3:dhcp# apply Note: After you run the mode command, you must run the apply command to implement the changes. 21.4.3.4.
Parameters None Examples The following example shows DHCP information for a physical topology with mode set to local: EWC.enterasys.com:topology:esa1:l3:dhcp# show DHCP option: local Gateway: 10.0.1.2 Address range: 10.109.1.2 10.109.1.254 exclude 10.109.1.5(interface address) DNS servers: Domain name: Max lease time: 2592000 Default lease time: 36000 WINS servers: 21.4.3.4.15 wins Use the wins command to specify the IP address for the Windows Internet Naming Service (WINS) server.
21.4.3.5 exceptions Use the exceptions command to enter the topology::l3: exceptions context of the CLI for b@ac, physical, and routed topologies. In this context, you can configure exception filters. Note: The exception command has been replaced by the exceptions command. exception is deprecated. The following commands are available in the topology::l3: exceptions context. • config • create • delete • move • show 21.4.3.5.
proto {udp|tcp|ah|esp|none |icmp|gre|<0‐255>} Specifies the protocol for this filter rule by number or name. Valid number values are from 0–255. Valid name values are: • udp - UDP protocol • tcp - TCP protocol • ah - Authentication Header protocol • esp - Encapsulating Security Payload protocol • none - No protocols • icmp - ICMP protocol • gre - Generic Route Encapsulation protocol A.B.C.D/<0‐32> Specifies the IPv4 IP address and mask.
21.4.3.5.2 create Use the create command to create an exception filter. The create command is available from the topology::l3:exception context of the CLI for b@ac, physical, and routed topologies. If advanced filter mode has been enabled with the enable‐advance‐filtering command (page 20‐3), the Advanced mode syntax is presented. If advanced filter mode is not enabled, the Basic mode syntax is presented.
Basic: in (none|dst) Advanced: in (none|src|dst|both) Specifies the direction of packet flow — in specifies a packet flow from the AP to the AC. none specifies that the in direction does not apply to the filter rule. dst specifies that the IP address for this filter rule is the destination of the packet flow. src specifies that the IP address for this filter rule is the source of the packet flow. both specifies that the IP address for this filter rule can be either source or destination.
21.4.3.5.4 move Use the move command to change the order (position) of an exception filter. The move command is available from the topology::l3: exceptions context of the CLI for b@ac, physical, and routed topologies. Syntax move Parameters Specifies the current position of the exception filter (0–255). Specifies the new position of the exception filter (0–255). Examples The following example moves exception filter at position 4 to 25. EWC.enterasys.
21.4.3.6 foreign-ip Use the foreign‐ip command to specify the IP address and subnet mask of the foreign controller. The foreign‐ip command is available from the topology::l3 context of the CLI for b@ac and routed topologies. Syntax foreign-ip A.B.C.D/<0-32> Parameters A.B.C.D/<0‐32> Specifies the IP address and subnet mask. Examples The following example specifies the IP address and mask of the foreign controller. EWC.enterasys.com:topology:r1:l3:# foreign-ip 21.4.3.
location Keyword indicating that the next three parameters specify the location where the controller is operating. country The name of the country where the controller is located. You must use the two‐letter ISO abbreviation for the country. state The name of the state or province where the controller is located city The name of the city where the controller is located organization Keyword indicating that the next two parameters specify the name of the organization to which the controller belongs.
21.4.3.10 mgmt Use the mgmt command to allow or prohibit management traffic. The mgmt command is available from the topology::l3 context of the CLI for b@ac, physical, and routed topologies. Syntax mgmt enable | disable Parameters enable Enables management traffic. disable Disable management traffic. Examples The following example enables management traffic. EWC.enterasys.com:topology:r1:l3:# mgmt enable 21.4.3.
Examples The following example sets the IP address of the next hop router (169.232.75.1). EWC.enterasys.com:topology:r1:l3:# nexthop 169.232.75.1 Note: After you run the nexthop command, you must run the apply command to implement the changes. 21.4.3.13 ospf-advert Use the ospf‐advert command to enable or disable OSPF advertisements on the topology. The ospf‐advert command is available from the topology::l3 context of the CLI for routed topologies.
Note: After you run the ospf-cost command, you must run the apply command to implement the changes. 21.4.3.15 show Use the show command to display Layer 3 information. The show command is available from the topology::l3 context of the CLI for admin, b@ac, physical, and routed topologies. Syntax show Parameters None Examples The following example displays Layer 3 information for a physical topology. EWC.enterasys.com:topology:esa0:l3# show Interface IP 10.109.0.1 255.255.255.
disable Disables Layer 3. Examples The following example enables Layer 3 on a b@ac topology. EWC.enterasys.com:topology:bridged_ac1# l3presence enable 21.4.5 mode Use the mode command to change the mode of an existing b@ac, b@ap, or routed topology. The mode command is available from the topology: context of the CLI for b@ac, b@ap, and routed topologies. Note: You can configure the mode of a topology only if the topology is not associated with a policy.
21.4.7 show Use the show command to display information about a topology. The show command is available from the topology: context of the CLI for admin, b@ac, b@ap, physical, and routed topologies. Syntax show Parameters None Examples The following examples shows configuration information for an admin topology. EWC.enterasys.com:topology:Admin# show Name: Admin The following example shows configuration information for a b@ac topology. EWC.enterasys.
Parameters enable Enables strict subnet adherence. disable Disables strict subnet adherence. Examples The following example enables strict subnet adherence on a b@ac topology. EWC.enterasys.com:topology:bridged_ac1# strict-subnet enable 21.4.9 sync Use the sync command to enable or disable automatic synchronization of this topology across paired controllers. The sync command is available from the topology: context of the CLI for b@ac, b@ap, and routed topologies.
21-34 topology Commands
22 Location Commands (lbs) This section describes commands used to enable and configure an AeroScout location based service on a Enterasys Wireless Controller and Wireless APs. These commands are located in the lbs context of the CLI. Execute the lbs command at the root level to enter lbs context. Note: All CLI commands cache changes. For this reason, sometimes when you make a change in a particular context, the change may not be visible immediately.
22.2 server-ip Use the server‐ip command to set the AeroScout IP address. The server‐ip command is accessible from the lbs context of the CLI. Syntax server-ip A.B.C.D Parameters A.B.C.D Specifies the IP address of the AeroScout server. Usage This command is visible only if you have set the service command to enable. The default IP address is 0.0.0.0. Examples The following example sets the IP address of the AeroScout server to 192.168.3.100. EWC.enterasys.com:lbs# server-ip 192.168.3.100 22.
22.4.1 lbs-status The lbs‐status command allows you to enable or disable the collection of AeroScout tags on a specific 802.11n AP or all 802.11n APs. The lbs‐status command is accessible from the following contexts: • ap: — Use the lbs‐status command in this context to enable or disable the collection of AeroScout tags on a specific 802.11n AP. See “lbs‐status” on page 4‐148.
22-4 Location Commands (lbs)
23 web Commands The web command refers to the web context, which contains commands used to configure the web settings. The web command is accessible from the root context of the CLI. The following commands are available in the web context: • guestportal‐admin‐timeout • timeout • showvns • show 23.1 guestportal-admin-timeout Use the guestportal‐admin‐timeout command to configure the time after which the web sessions of guest administrator users (guestportal user type) will time out.
23.2 timeout Use the timeout command to configure the time after which the web session will time out. The timeout command is accessible from the web context of the CLI. Syntax timeout (hour:minutes or just minutes, range 1 minute to 7 days) Parameters Specifies time in hh:mm format Examples The following example sets the web session timeout to one hour and 30 minutes. EWC.enterasys.com:web# timeout 01:30 The following example sets the web session timeout to 30 minutes. EWC.enterasys.
23.4 show Use the show command to display the web settings. Syntax show Parameters None Examples The following example displays the web settings. EWC.enterasys.
23-4 web Commands
24 Wireless AP Diagnostics Performing Wireless AP Diagnostics Using Telnet Caution: For security reasons, telnet is disabled by default. Telnet should only be enabled to perform diagnostic sessions. When completed, telnet should always be disabled. As a support tool to perform diagnostic debugging of the Wireless AP, the capability to access the Wireless AP by telnet has been provided. Normally, telnet is disabled and should be disabled again after diagnostics.
Performing Wireless AP Diagnostics Using Telnet Note: When the Enterasys Wireless Controller ships from the factory it is configured with a default password to assign to the Wireless APs that register with it. The default password is new2day. The password is sent to the Wireless APafter it has registered. The administrator can override this password using the Wireless AP Registration page in the GUI.
