AltitudeTM 35x0 Access Point Product Reference Guide, Software Version 2.3 Extreme Networks, Inc. 3585 Monroe Street Santa Clara, California 95051 (888) 257-3000 (408) 579-2800 http://www.extremenetworks.
AccessAdapt, Alpine, Altitude, BlackDiamond, EPICenter, ExtremeWorks Essentials, Ethernet Everywhere, Extreme Enabled, Extreme Ethernet Everywhere, Extreme Networks, Extreme Standby Router Protocol, Extreme Turbodrive, Extreme Velocity, ExtremeWare, ExtremeWorks, ExtremeXOS, Go Purple Extreme Solution, ExtremeXOS ScreenPlay, ReachNXT, Sentriant, ServiceWatch, Summit, SummitStack, Triumph, Unified Access Architecture, Unified Access RF Manager, UniStack, the Extreme Networks logo, the Alpine logo, the BlackD
Table of Contents Chapter 1: About This Guide............................................................................................................. 7 Introduction ...............................................................................................................................7 Document Conventions ................................................................................................................7 Notational Conventions .......................................................
Table of Contents Rogue AP Enhancements .....................................................................................................19 Radius Time-Based Authentication .......................................................................................19 QBSS Support ....................................................................................................................20 Reliable Multicast ..............................................................................................
Table of Contents System Radius Commands .................................................................................................221 System Network Time Protocol (NTP) Commands .................................................................244 System Log Commands......................................................................................................249 System Configuration-Update Commands ............................................................................
Table of Contents 6 Altitude 35x0 Access Point Product Reference Guide
1 About This Guide Introduction This guide provides configuration and setup information for the Extreme Networks® Altitude™ 3510 Access Point and Altitude 3550 Access Point. For the purposes of this guide, the devices will be called the generic term “access point” when identical configuration activities are applied to both models. When command line interface (CLI) commands are displayed, and apply to both models, a “35xx” convention is used.
About This Guide 8 Altitude 35x0 Access Point Product Reference Guide
2 Introduction The access point (AP) provides a bridge between Ethernet wired LANs and wireless networks. It provides connectivity between Ethernet wired networks and radio-equipped mobile units (MUs). MUs include the full line of terminals, adapters (PC cards, Compact Flash cards and PCI adapters) and other devices. The access point provides a maximum 54Mbps data transfer rate via each radio. It monitors Ethernet traffic and forwards appropriate Ethernet messages to MUs over the network.
Introduction ● “Transmit Power Control” ● “Advanced Event Logging Capability” ● “Configuration File Import/Export Functionality” ● “Default Configuration Restoration” ● “DHCP Support” ● “Multi-Function LEDs” ● “Mesh Networking” ● “Additional LAN Subnet” ● “On-board Radius Server Authentication” ● “Hotspot Support” ● “Dynamic DNS” ● “Auto Negotiation” ● “Feature Overview” ● “DHCP Lease Information” ● “Configurable MU Idle Timeout” ● “Auto Channel Select (ACS) Smart Scan” ● “T
Multiple Mounting Options The access point rests on a flat surface, attaches to a wall, mounts under a ceiling or above a ceiling (attic). Choose a mounting option based on the physical environment of the coverage area. Do not mount the access point in a location that has not been approved in an either an AP3510 or outdoor AP3550 radio coverage site survey. Antenna Support for 2.4 GHz and 5 GHz Radios The access point supports several 802.11b/g and or 802.
Introduction Industry Leading Data Security The access point supports numerous encryption and authentication techniques to protect the data transmitting on the WLAN. The following authentication techniques are supported: ● “EAP Authentication”The following encryption techniques are supported: ● “WEP Encryption” ● “Wi-Fi Protected Access (WPA) Using TKIP Encryption” ● “WPA2-CCMP (802.
is performed. The device takes plain text, encrypts or scrambles the text typically by mathematically combining the key with the plain text as instructed by the algorithm, then transmits the data over the network. At the receiving end, another device takes the encrypted text and decrypts, or unscrambles, the text revealing the original message. An unauthorized user can know the algorithm, but cannot interpret the encrypted data without the appropriate key.
Introduction VPN Tunnels Virtual Private Networks (VPNs) are IP-based networks using encryption and tunneling providing users remote access to a secure LAN. In essence, the trust relationship is extended from one LAN across the public network to another LAN, without sacrificing security. A VPN behaves like a private network; however, because the data travels through the public network, it needs several layers of security. The access point can function as a robust VPN gateway.
Power-over-Ethernet Support When users purchase an Extreme Networks WLAN solution, they often need to place access points in obscure locations. In the past, a dedicated power source was required for each access point in addition to the Ethernet infrastructure. This often required an electrical contractor to install power drops at each access point location.
Introduction Transmit Power Control The access point has a configurable power level for each radio. This enables the network administrator to define the antenna’s transmission power level in respect to the access point’s placement or network requirements as defined in the site survey. Advanced Event Logging Capability The access point provides the capability for periodically logging system events.
and are viewable using a single (customer installed) extended light pipe, adjusted as required to suit above the ceiling installations. An AP3550 model access point houses four LEDs on the bottom/back side of the unit. Mesh Networking Utilize the new mesh networking functionality to allow the access point to function as a bridge to connect two Ethernet networks or as a repeater to extend your network’s coverage area without additional cabling. Mesh networking is configurable in two modes.
Introduction The access point has a second LAN subnet enabling administrators to segment the access point’s LAN connection into two separate networks. Both LANs can still be active at any given time, but only one can transmit over the access point’s physical LAN connection. On-board Radius Server Authentication The access point has the ability to work as a Radius Server to provide user database information and user authentication.
WLAN interfaces. An additional default action is also available denying traffic when the filter rules fail. Lastly, imported and exported configurations retain their defined IP filtering configurations. DHCP Lease Information This release of the access point firmware provides an enhancement to the access point’s existing DHCP server functionality, allowing a network administrator to monitor IP address usage.
Introduction defining the days and hours access is permitted. Authentication requests for users belonging to the group are honored only during these defined hourly intervals. QBSS Support Each access point radio can be configured to optionally allow the access point to communicate channel usage data to associated devices and define the beacon interval used for channel utilization transmissions.
frequency range (802.11a radio), the actual range is country-dependent. Extreme Networks devices, like other Ethernet devices, have unique, hardware encoded Media Access Control (MAC) or IEEE addresses. MAC addresses determine the device sending or receiving data. A MAC address is a 48-bit number written as six hexadecimal bytes separated by colons. For example: 00:A2:B1:B2:C1:C2.
Introduction to another. The bridge forwards packets addressed to unknown systems to the Default Interface (Ethernet). The access point internal stack interface handles all messages directed to the access point. Each stores information on destinations and their interfaces to facilitate forwarding. When a user sends an ARP (Address Resolution Protocol) request packet, the access point forwards it over all enabled interfaces except over the interface the ARP request packet was received.
An MU can roam within a coverage area by switching access points. Roaming occurs when: ● Unassociated MU attempts to associate or reassociate with an available access point ● Supported rate changes or the MU finds a better transmit rate with another access point ● RSSI (received signal strength indicator) of a potential access point exceeds the current access point ● Ratio of good-transmitted packets to attempted-transmitted packets falls below a threshold.
Introduction 24 Altitude 35x0 Access Point Product Reference Guide
3 CLI Reference The access point Command Line Interface (CLI) is accessed through the serial port or a Telnet session. The access point CLI follows the same conventions as the Web-based user interface. The CLI does, however, provide an “escape sequence” to provide diagnostics for problem identification and resolution. The CLI treats the following as invalid characters: -> space < > | " & , \ ? In order to avoid problems when using the CLI, these characters should be avoided.
CLI Reference Accessing the CLI via Telnet To connect to the access point CLI through a Telnet connection: 1 If this is your first time connecting to your access point, keep in mind the access point’s LAN port is set as a DHCP client by default. 2 Enter the default username of admin and the default password of admin123. If this is your first time logging into the access point, you are unable to access any of the access point’s commands until the country code is set.
Admin and Common Commands AP35xx> Displays admin configuration options. The items available under this command are shown below. Syntax help Displays general user interface help. passwd Changes the admin password. summary Shows a system summary. network Goes to the network submenu system Goes to the system submenu. stats Goes to the stats submenu. .. Goes to the parent menu. / Goes to the root menu. save Saves the configuration to system flash. quit Quits the CLI.
CLI Reference help Displays general CLI user interface help. Syntax help Example admin>help ? * Restriction of “?”: : : : : : : : display command help - Eg. ?, show ?, s? “?” after a function argument is treated as an argument Eg. admin set lan enable? (Here “?” is an invalid extra argument, because it is after the argument “enable”) : go backwards in command history : go forwards in command history * Note : : : : 1) commands can be incomplete - Eg.
passwd Changes the admin password for access point access. This requires typing the old admin password and entering a new password and confirming it. Passwords can be up to 11 characters. The access point CLI treats the following as invalid characters: -> space < > | " & , \ ? In order to avoid problems when using the access point CLI, these characters should be avoided.
CLI Reference summary Displays a summary of high-level characteristics and settings for the WAN, LAN and WLAN. Syntax summary Example admin>summary ADP35xx firmware version country code ap-mode serial number Hw Model WLAN 1: WLAN Name ESS ID Radio VLAN Security Policy QoS Policy LAN1 LAN1 LAN1 LAN1 LAN1 Name: LAN1 Mode: enable IP: 0.0.0.0 Mask: 0.0.0.0 DHCP Mode: server LAN2 LAN2 LAN2 LAN2 LAN2 Name: LAN2 Mode: enable IP: 192.235.1.1 Mask: 255.255.255.0 DHCP Mode: server 2.3.2.
.. This command navigates up one level in the directory structure. This command is available in submenus. It has no effect in the admin menu. Example admin(network.lan)>..
CLI Reference / This command navigates to the top level in the directory menu. This command is available in submenus. It has no effect in the admin menu. Example admin(network.
save This command saves the current configuration settings. The save command works at all levels of the CLI. The save command must be issued before leaving the CLI for updated settings to be retained.
CLI Reference quit Exits the command line interface session and terminates the session. The quit command appears in all of the submenus under admin. In each case, it has the same function, to exit out of the CLI. Once the quit command is executed, the login prompt displays again.
Network Commands admin>network Navigates to the network submenu. The items available under this command are shown below. lan wan wireless firewall router ipfilter .. / save quit Goes to the LAN submenu. Goes to the WAN submenu. Goes to the Wireless Configuration submenu. Goes to the firewall submenu. Goes to the router submenu. Goes to the IP Filtering submenu. Goes to the parent menu. Goes to the root menu. Saves the current configuration to the system flash. Quits the CLI and exits the current session.
CLI Reference Network LAN Commands admin(network.lan)> Navigates to the LAN submenu. The items available under this menu are shown below. show set bridge wlan-mapping dhcp type-filter .. / save quit 36 Shows current access point LAN parameters. Sets LAN parameters. Goes to the mesh configuration submenu. Goes to the WLAN/Lan/Vlan Mapping submenu. Goes to the LAN DHCP submenu. Goes to the Ethernet Type Filter submenu. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash.
admin(network.lan)> show Displays the access point LAN settings. Syntax show Shows the settings for the access point LAN1 and LAN2 interfaces. Example admin(network.lan)>show LAN On Ethernet Port LAN Ethernet Timeout : LAN1 : disable 802.1x Port Authentication: Username Password : admin : ******** Auto-negoitation Speed Duplex : disable : 100M : full ** LAN1 Information ** LAN Name LAN Interface 802.
CLI Reference admin(network.lan)> set Sets the LAN parameters for the LAN port. Syntax set lan name ethernet-port-lan timeout trunking auto-negotiation ipfpolicy speed duplex username passwd ip-mode ipadr mask dgw domain dns wins Enables or disables the access point LAN interface. Defines the LAN name by index.
Network LAN, Bridge Commands admin(network.lan.bridge)> Displays the access point Bridge submenu. show set .. / save quit Displays the mesh configuration parameters for the access point’s LANs. Sets the mesh configuration parameters for the access point’s LANs. Moves to the parent menu. Goes to the root menu. Saves the configuration to system flash. Quits the CLI and exits the session.
CLI Reference admin(network.lan.bridge)> show Displays mesh bridge configuration parameters for the access point’s LANs. Syntax show Displays mesh bridge configuration parameters for the access point’s LANs. Example admin(network.lan.
admin(network.lan.bridge)> set Sets the mesh configuration parameters for the access point’s LANs. Syntax set priority hello msgage fwddelay ageout Sets bridge Sets bridge Sets bridge Sets bridge Sets bridge LAN. priority time in seconds (0-65535) for specified LAN. hello time in seconds (0-10) for specified LAN. message age time in seconds (6-40) for specified LAN.
CLI Reference Network LAN, WLAN-Mapping Commands admin(network.lan)>wlan-mapping Navigates to the WLAN/Lan/Vlan Mapping submenu. show set create edit delete lan-map vlan-map .. / save quit 42 Displays the VLAN list currently defined for the access point. Sets the access point VLAN configuration. Creates a new access point VLAN. Edits the properties of an existing access point VLAN. Deletes a VLAN. Maps access point existing WLANs to an enabled LAN. Maps access point existing WLANs to VLANs.
admin(network.lan.wlan-mapping)> show Displays the VLAN list currently defined for the access point.. These parameters are defined with the set command. Syntax show Displays the existing list of VLAN names. Shows WLAN-VLAN mapping and VLAN configuration. Displays a WLAN-LAN mapping summary. Displays the WLAN summary list. name vlan-cfg lan-wlan wlan Example admin(network.lan.
CLI Reference admin(network.lan.wlan-mapping)> set Sets VLAN parameters for the access point. Syntax set mgmt- tag native-tag mode Defines the Management VLAN tag (1-4095). Sets the Native VLAN tag (1-4095). Sets WLAN VLAN mode (WLAN 1-16) to either dynamic or static. Example admin(network.lan.wlan-mapping)>set mgmt-tag 1 admin(network.lan.wlan-mapping)>set native-tag 2 admin(network.lan.wlan-mapping)>set mode 1 static admin(network.lan.
admin(network.lan.wlan-mapping)> create Creates a VLAN for the access point. Syntax create vlan-id vlan-name Defines the VLAN ID (1-4095). Specifies the name of the VLAN (1-31 characters in length). Example admin(network.lan.wlan-mapping)> admin(network.lan.
CLI Reference admin(network.lan.wlan-mapping)> edit Modifies a VLAN’s name and ID. Syntax edit name id Modifies an exisiting VLAN name (1-31 characters in length). Modifies an existing VLAN ID (1-4095) characters in length). Example admin(network.lan.
admin(network.lan.wlan-mapping)> delete Deletes a specific VLAN or all VLANs. Syntax delete < VLAN id> Deletes a specific VLAN ID (1-16). all Deletes all defined VLANs. Example admin(network.lan.wlan-mapping)>show name ------------------------------------------------------------------------------Index VLAN ID VLAN Name ------------------------------------------------------------------------------1 1 VlanConfRoom 2 2 Vlan_002 3 3 Vlan_003 admin(network.lan.wlan-mapping)>delete 2 admin(network.lan.
CLI Reference admin(network.lan.wlan-mapping)> lan-map Maps an access point VLAN to a WLAN. Syntax lan-map Maps an existing WLAN to an enabled LAN. All names and IDs are casesensitive. Displays existing WLAN name. Defines enabled LAN name. All names and IDs are case-sensitive. Example admin(network.lan.
admin(network.lan.wlan-mapping)> vlan-map Maps an access point VLAN to a WLAN. Syntax vlan-map Maps an existing WLAN to an enabled VLAN. All names and IDs are casesensitive. Displays existing WLAN name. Maps an existing WLAN to an enabled VLAN. All names and IDs are casesensitive. Example admin(network.lan.
CLI Reference Network LAN, DHCP Commands admin(network.lan)> dhcp Navigates to the access point DHCP submenu. The items available are displayed below. show set add delete list .. / save quit 50 Displays DHCP parameters. Sets DHCP parameters. Adds static DHCP address assignments. Deletes static DHCP address assignments. Lists static DHCP address assignments. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash. Quits the CLI and exits the session.
admin(network.lan.dhcp)> show Displays DHCP parameter settings for the access point. These parameters are defined with the set command. Syntax show Displays DHCP parameter settings for the access point. These parameters are defined with the set command. Example admin(network.lan.dhcp)>show **LAN1 DHCP Information** DHCP Address Assignment Range: Starting IP Address : 192.168.0.100 Ending IP Address : 192.168.0.
CLI Reference admin(network.lan.dhcp)> set Sets DHCP parameters for the LAN port. Syntax set range lease Sets the DHCP assignment range from IP address to IP address for the specified LAN. Sets the DHCP lease time in seconds (120-999999) for the specified LAN (1-LAN1, 2-LAN2). Example admin(network.lan.dhcp)>set range 1 192.168.0.100 192.168.0.254 admin(network.lan.dhcp)>set lease 1 86400 admin(network.lan.
admin(network.lan.dhcp)> add Adds static DHCP address assignments. Syntax add Adds a reserved static IP address to a MAC address for the specified LAN. Example admin(network.lan.dhcp)>add 1 00A0F8112233 192.160.24.6 admin(network.lan.dhcp)>add 1 00A0F1112234 192.169.24.7 admin(network.lan.
CLI Reference admin(network.lan.dhcp)> delete Deletes static DHCP address assignments. Syntax delete all Deletes the static DHCP address entry for the specified LAN (1-LAN1, 2LAN2) and DHCP entry index (1-30). Deletes all static DHCP addresses. Example admin(network.lan.
admin(network.lan.dhcp)> list Lists static DHCP address assignments. Syntax list Lists the static DHCP address assignments for the specified LAN (1-LAN1, 2 LAN2). Example admin(network.lan.dhcp)>list 1 ----------------------------------------------------------------------------Index MAC Address IP Address ----------------------------------------------------------------------------1 2 3 4 5 00A0F8112233 00A0F8102030 00A0F8112234 00A0F8112235 00A0F8112236 10.1.2.4 10.10.1.2 10.1.2.3 192.
CLI Reference Network Type Filter Commands admin(network.lan)> type-filter Navigates to the access point Type Filter submenu. The items available under this command include: show set add delete .. / save quit 56 Displays the current Ethernet Type exception list. Defines Ethernet Type Filter parameters. Adds an Ethernet Type Filter entry. Removes an Ethernet Type Filter entry. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash. Quits the CLI.
admin(network.lan.type-filter)> show Displays the access point’s current Ethernet Type Filter configuration. Syntax show Displays the existing Type-Filter configuration for the specified LAN. Example admin(network.lan.
CLI Reference admin(network.lan.type-filter)> set Allows or denies the access point from processing a specified Ethernet data type for the specified LAN. Syntax set mode allow/deny Example admin(network.lan.
admin(network.lan.type-filter)> add Adds an Ethernet Type Filter entry. Syntax add Adds entered Ethernet Type to list of data types either allowed or denied access point processing permissions for the specified LAN (either LAN1 or LAN2). Example admin(network.lan.type-filter)> admin(network.wireless.type-filter)>add 1 8137 admin(network.wireless.type-filter)>add 2 0806 admin(network.wireless.
CLI Reference admin(network.lan.type-filter)> delete Removes an Ethernet Type Filter entry individually or the entire Type Filter list. Syntax delete all Deletes the specified Ethernet Type entry index (1 through 16). Deletes all Ethernet entries currently in list. Example admin(network.lan.type-filter)>delete 1 1 admin(network.lan.
Network WAN Commands admin(network)> wan Navigates to the WAN submenu. The items available under this command are shown below. show set nat vpn content dyndns .. / save quit Displays the access point WAN configuration and the access point’s current PPPoE configuration. Defines the access point’s WAN and PPPoE configuration. Displays the NAT submenu, wherein Network Address Translations (NAT) can be defined. Goes to the VPN submenu, where the access point VPN tunnel configuration can be set.
CLI Reference admin(network.wan)> show Displays the access point WAN port parameters. Syntax Shows the general IP parameters for the WAN port along with settings for the WAN interface. show Example admin(network.
admin(network.wan)> set Defines the configuration of the access point WAN port. Syntax set wan dhcp ipadr enable/disable enable/disable mask dgw dns autonegotiation speed enable/disable duplex pppoe mode user passwd ka idle type enable/disable enable/disable
CLI Reference Network WAN NAT Commands admin(network.wan)> nat Navigates to the NAT submenu. The items available under this command are shown below. show set add delete list .. / save quit 64 Displays the access point’s current NAT parameters for the specified index. Defines the access point NAT settings. Adds NAT entries. Deletes NAT entries. Lists NAT entries. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash. Quits the CLI.
admin(network.wan.nat)> show Displays access point NAT parameters for the specified NAT index. Syntax show Displays access point NAT parameters for the specified NAT index. Example admin(network.wan.nat)>show 2 WAN IP Mode WAN IP Address NAT Type Inbound Mappings : : : : enable 157.235.91.2 1-to-many Port Forwarding unspecified port forwarding mode unspecified port fwd. ip address one to many nat mapping : enable : 111.223.222.
CLI Reference admin(network.wan.nat)> set Sets NAT inbound and outbound parameters. Syntax set Sets the type of NAT translation for WAN address index (1-8) to (none, 1-to-1, or 1-to-many). Sets the NAT IP mapping associated with WAN address to the specified IP address . Sets the inbound IP address for specified index . Sets the inbound mode for specified index .
admin(network.wan.nat)> add Adds NAT entries. Syntax add Sets the WAN index (1-8). Defines the of the WAN NAT list (1-7). Sets the transportation protocol (tcp, udp, icmp, ah, esp, gre or all). Sets the starting port number and ending port number in the available port range (1-65535). Sets the internal IP address . Sets the internal translation port (1-65535). Example admin(network.wan.
CLI Reference admin(network.wan.nat)> delete Deletes NAT entries. Syntax delete all Deletes a specified NAT index entry associated with the WAN. Deletes all NAT entries associated with the WAN. Example admin(network.wan.nat)>list 1 ----------------------------------------------------------------------------index name prot start port end port internal ip translation port ----------------------------------------------------------------------------1 special tcp 20 21 192.168.
admin(network.wan.nat)> list Lists access point NAT entries for the specified index. Syntax list delete add Lists the inbound NAT entries associated with the WAN index (1-8). Deletes inbound NAT entries from the list. Adds entries to the list of inbound NAT entries. Example admin(network.wan.
CLI Reference Network WAN, VPN Commands admin(network.wan)> vpn Navigates to the VPN submenu. The items available under this command include: add set delete list reset stats ikestate .. / save quit 70 Adds VPN tunnel entries. Sets key exchange parameters. Deletes VPN tunnel entries. Lists VPN tunnel entries Resets all VPN tunnels. Lists security association status for the VPN tunnels. Displays an Internet Key Exchange (IKE) summary. Goes to the parent menu. Goes to the root menu.
admin(network.wan.vpn)> add Adds a VPN tunnel entry. Syntax add Creates a tunnel (1 to 13 characters) to gain access through local WAN IP from the remote subnet with IP address and subnet mask using the remote gateway . Example admin(network.wan.vpn)>add 2 SJSharkey 209.235.44.31 206.107.22.46 255.255.255.224 206.107.22.
CLI Reference admin(network.wan.vpn)> set Sets VPN entry parameters. Syntax set 72 Sets the tunnel type to Auto or Manual for the specified tunnel name.
myiddata remiddata authtype authalgo phrase encalgo lifetime group Altitude 35x0 Access Point Product Reference Guide Sets the Local ID data for IKE authentication for to . This value is not required when the ID type is set to IP. Sets the Local ID data for IKE authentication for to .
CLI Reference admin(network.wan.vpn)> delete Deletes VPN tunnel entries. Syntax delete all Deletes all VPN entries. Deletes VPN entries by supplied name. Example admin(network.wan.vpn)>list -------------------------------------------------------------------------Tunnel Name Type Remote IP/Mask Remote Gateway Local WAN IP -------------------------------------------------------------------------Eng2EngAnnex Manual 192.168.32.2/24 192.168.33.1 192.168.24.198 SJSharkey Manual 206.107.22.45/27 206.
admin(network.wan.vpn)> list Lists VPN tunnel entries. Syntax list Lists all tunnel entries. Lists detailed information about a specific tunnel . Note that the must match case with the name of the VPN tunnel entry. Example admin(network.wan.vpn)>list -------------------------------------------------------------------------Tunnel Name Type Remote IP/Mask Remote Gateway Local WAN IP -------------------------------------------------------------------------Eng2EngAnnex Manual 192.168.32.
CLI Reference admin(network.wan.vpn)> reset Resets all of the access point’s VPN tunnels. Syntax reset Resets all VPN tunnel states. Example admin(network.wan.vpn)>reset VPN tunnels reset. admin(network.wan.
admin(network.wan.vpn)> stats Lists statistics for all active tunnels. Syntax stats Display statistics for all VPN tunnels. Example admin(network.wan.
CLI Reference admin(network.wan.vpn)> ikestate Displays statistics for all active tunnels using an Internet Key Exchange (IKE). Syntax ikestate Displays status about Internet Key Exchange (IKE) for all tunnels. In particular, the table indicates whether IKE is connected for any of the tunnels, it provides the destination IP address, and the remaining lifetime of the IKE key. Example admin(network.wan.
Network WAN Content Commands admin(network.wan)>content Navigates to the Outbound Content Filtering menu. Content filtering allows system administrators to block specific commands and URL extensions from going out through the access point’s WAN port. Therefore, content filtering affords system administrators selective control on the content proliferating the network and is a powerful data and network screening tool.
CLI Reference admin(network.wan.content)> addcmd Adds control commands to block outbound traffic. Syntax addcmd web smtp ftp proxy activex file helo mail rcpt data quit send saml reset vrfy expn put get ls mkdir cd pasv Adds WEB commands to block outbound traffic. Adds a Web proxy command. Adds activex files. Adds Web URL extensions (10 files maximum) Adds SMTP commands to block outbound traffic.
admin(network.wan.content)> delcmd Deletes control commands to block outbound traffic. Syntax delcmd web smtp ftp proxy activex file helo mail rcpt data quit send saml reset vrfy expn put get ls mkdir cd pasv Deletes WEB commands to block outbound traffic. Deletes a Web proxy command. Deletes activex files. Deletes Web URL extensions (10 files maximum) Deletes SMTP commands to block outbound traffic.
CLI Reference admin(network.wan.content)> list Lists application control commands. Syntax list web smtp ftp Lists WEB application control record. Lists SMTP application control record. Lists FTP application control record. Example admin(network.wan.content)>list web HTTP Files/Commands Web Proxy ActiveX filename : deny : allow : admin(network.wan.
Network WAN, Dynamic DNS Commands admin(network.wan)> dyndns Navigates to the Dynamic DNS submenu. The items available under this command include: set update show .. / save quit Sets Dynamic DNS parameters. Sets key exchange parameters. Shows the Dynamic DNS configuration. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash. Quits the CLI.
CLI Reference admin(network.wan.dyndns)> set Sets the access point’s Dynamic DNS configuration. Syntax set mode username enable/disable password hostname Enables or disables the Dynamic DNS service for the access point. Enter a 1 - 32 character username for the account used for the access point. Enter a 1 - 32 character password for the account used for the access point. Enter a 1 - 32 character hostname for the account used for the access point. Example admin(network.wan.
admin(network.wan.dyndns)> update Updates the access point’s current WAN IP address with the DynDNS service. Syntax update Updates the access point’s current WAN IP address with the DynDNS service (when DynDNS is enabled). Example admin(network.wan.dyndns)>update IP Address Hostname : 157.235.91.
CLI Reference admin(network.wan.dyndns)> show Shows the current Dynamic DNS configuration. Syntax show Shows the access point’s current Dynamic DNS configuration. Example admin(network.wan.dyndns)>show DynDNS Configuration Mode Username Password Hostname : : : : enable percival ******** greengiant DynDNS Update Response IP Address Hostname Status 86 : 157.235.91.
Network Wireless Commands admin(network)> wireless Navigates to the access point wireless submenu. The items available under this command include: wlan security acl radio qos bandwidth rogue-ap wips mu-locationing .. / save quit Displays the WLAN submenu used to create and configure up to 16 WLANs per access point. Displays the security submenu used to create encryption and authentication based security policies for use with access point WLANs.
CLI Reference Network WLAN Commands admin(network.wireless)> wlan Navigates to the access point wireless LAN (WLAN) submenu. The items available under this command include: show create edit delete .. / save quit 88 Displays the access point’s current WLAN configuration. Defines the parameters of a new WLAN. Modifies the properties of an existing WLAN. Deletes an existing WLAN. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash. Quits the CLI.
admin(network.wireless.wlan)> show Displays the access point’s current WLAN configuration. Syntax show wlan security acl qos Displays Displays Displays Displays the the the the configuration for the requested WLAN (WLAN 1 through 16). security policy for the WLAN (1-32). ACL policy used with the WLAN (1-32). name representing the QoS policy used with this WLAN. Example admin(network.wireless.
CLI Reference admin(network.wireless.wlan)> create Navigates to the WLAN creation submenu. Syntax create show set wlan ess wlan-name 11a 11bg mesh hotspot max-client security acl ipfilter passwd no-mu-mu sbeacon bcast qos add-wlan Displays newly created WLAN and policy number. Defines the ESSID for a target WLAN. Determines the name of this particlular WLAN (1-32). Enables or disables access to the access point 802.11a radio.
Secu Policy Name Authen Encryption Associated WLANs ---------------------------------------------------------------------1 Default Manual no encrypt Front Lobby 2 WEP Demo Manual WEP 64 2nd Floor 3 Open Manual no encrypt 1st Floor WPA Countermeasure enable admin(network.wireless.wlan.
CLI Reference admin(network.wireless.wlan)> edit Edits the properties of an existing WLAN policy. Syntax edit 92 Edits the sequence number (index) in the WLAN summary.
admin(network.wireless.wlan)> delete Deletes an existing WLAN. Syntax delete Deletes a target WLAN by name supplied. all Deletes all WLAN configurations.
CLI Reference Network Security Commands admin(network.wireless)> security Navigates to the access point wireless security submenu. The items available under this command include: show set create edit delete .. / save quit 94 Displays the access point’s current security configuration. Sets security parameters. Defines the parameters of a security policy. Edits the properties of an existing security policy. Removes a specific security policy. Goes to the parent menu. Goes to the root menu.
admin(network.wireless.security)> show Displays the access point’s current security configuration. Syntax show summary policy Displays list of existing security policies (1-16). Displays the specified security policy . Example admin(network.wireless.
CLI Reference admin(network.wireless.security)> create Defines the parameter of access point security policies. Syntax create show set sec-name auth kerb realm server port server port secret eap reauth accounting 96 mode period
adv enc weppasskey keyguard tkip retry Sets the maximum number of retries to (1-10). syslog ip Enable or disable syslog messages. Defines syslog server IP address.
CLI Reference ccmp 98 phrase Sets the TKIP ASCII pass phrase to (8-63 characters). Enables or disabled the broadcast key. Sets the broadcast key rotation interval to
admin(network.wireless.security)> edit Edits the properties of a specific security policy. Syntax edit Edits a profile specified by its ID. A new context opens for the profile being edited. AP35xx>admin(network.wireless.security.
CLI Reference Network Security Policy Edit Commands admin(network.wireless.security)> edit Navigates to the access point wireless security policy edit submenu. The items available under this menu include: show set change .. 100 Displays the security policy parameters for the selected security policy. Sets security parameters for the selected policy. Changes the policy and exits this submenu. Goes to the parent menu.
admin(network.wireless.security.edit)> show Description: Displays the security policy details for the selected policy. Syntax : show Displays the new or modified security policy parameters. Example admin(network.wireless.security.
CLI Reference admin(network.wireless.security.edit)> set Description: Configures the different parameters for the selected security policy. Syntax set sec-name auth kerb eap Sets the name of the selected security profile to . Sets the authentication type for the selected security profile to (none, eap, kerberos).
svr-timeout enc svr-retry wep-keyguard tkip passkey index hex-key ascii-key mixed-mode rotate-mode interval
CLI Reference tkip key allow wpa2 tkip : ************* : enable admin(network.wireless.security.edit)>set auth none admin(network.wireless.security.edit)>set enc tkip admin(network.wireless.security.edit)>set tkip rotate-mode enable admin(network.wireless.security.edit)>set tkip interval 46 admin(network.wireless.security.
admin(network.wireless.security.edit)> change Description: Saves the policy changes and exits to the security submenu. Syntax change Saves the policy changes and exists to the security submenu. Example admin(network.wireless.security.edit)>set auth none admin(network.wireless.security.edit)>set enc tkip admin(network.wireless.security.edit)>set tkip rotate-mode enable admin(network.wireless.security.edit)>set tkip interval 46 admin(network.wireless.security.
CLI Reference admin(network.wireless.security)> delete Deletes a specific security policy. Syntax delete 106 Removes the specified security policy from the list of supported policies. Removes all security policies except the default policy.
Network ACL Commands admin(network.wireless.acl)> Navigates to the access point Access Control List (ACL) submenu. The items available under this command include: show create edit delete .. / save quit Displays the access point’s current ACL configuration. Creates a Client ACL policy. Edits the properties of an existing Client ACL policy. Removes an Client ACL policy. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash. Quits the CLI.
CLI Reference admin(network.wireless.acl)> show Displays the access point’s current ACL configuration. Syntax show summary policy Displays the list of existing Client ACL policies. Displays the requested Client ACL index policy. Example admin(network.wireless.
admin(network.wireless.acl)> create Creates a Client ACL policy. Syntax create show set add-addr delete add-policy .. Displays the parameters of a new ACL policy. Sets the Client ACL policy name. Sets the ACL mode for the defined index (1-16). Allowed Clients can access the access point managed LAN. Options are deny and allow. or Adds specified MAC address to list of ACL MAC addresses.
CLI Reference admin(network.wireless.acl.edit)> Edits the properties of an existing Client ACL policy. Syntax show set add-addr delete change .. 110 Displays Client ACL policy and its parameters. Modifies the properties of an existing Client ACL policy. Adds an Client ACL table entry. Deletes an Client ACL table entry, including starting and ending MAC address ranges. Completes the changes made and exits the session. Cancels the changes made and exits the session.
admin(network.wireless.acl)> delete Removes an Client ACL policy. Syntax delete all Deletes a specific Client ACL policy. Deletes all Client ACL policies (except for the default policy).
CLI Reference Network Radio Configuration Commands admin(network.wireless)> radio Navigates to the access point Radio submenu. The items available under this command include: show set radio1 radio2 .. / save quit 112 Summarizes access point radio parameters at a high-level. Defines the access point radio configuration. Displays the 802.11b/g radio submenu. Displays the 802.11a radio submenu. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash. Quits the CLI.
admin(network.wireless.radio)> show Displays the access point’s current radio configuration. Syntax show Displays the access point’s current radio configuration. Example admin(network.wireless.radio)>show Radio Configuration Radio 1 Name Radio Mode RF Band of Operation RF Function : : : : Radio 1 enable 802.11b/g (2.
CLI Reference admin(network.wireless.radio)> set Enables an access point Radio and defines the RF band of operation. Syntax set 11a 11bg rf-function mesh-base mesh-max mesh-client mesh-timeout mesh-wlan dot11-auth Enables or disables the access point’s 802.11a radio. Enables or disables the access point’s 802.11b/g radio. Sets the WLAN or WIPS sensor mode for the specifiec radio index . Enables or disables base bridge mode. Sets the maximum number of wireless bridge clients.
admin(network.wireless.radio)> radio1 Navigates to a 802.11b/g radio specific submenu. The items available under this command include: Syntax show set delete advanced mesh .. / save quit Displays 802.11b/g radio settings. Defines specific 802.11b/g radio parameters. Deletes the channels defined within the ACS exception list. Displays the Adavanced radio settings submenu. Goes to the Wireless AP Connections submenu. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash.
CLI Reference admin(network.wireless.radio.radio1)> show Displays specific 802.11b/g radio settings. Syntax radio qos show Displays specific 802.11b/g radio settings. Displays specific 802.11b/g radio WMM QoS settings. Example admin(network.wireless.radio.radio1)>show radio Radio Setting Information Placement MAC Address Radio Type ERP Protection : : : : indoor 00A0F8715920 802.
admin(network.wireless.radio.802-11bg)> set Defines specific 802.11b/g radio parameters. Syntax set placement ch-mode channel acs-exception-list antenna power bg-mode rates beacon dtim preamble rts range qos qbss-beacon qbss-mode Defines the access point radio placement as indoors or outdoors. Determines how the radio channel is selected. Defines the actual channel used by the radio. Sets the ACS exception list (for auto selection only) for up to 3 channels.
CLI Reference admin(network.wireless.radio.802-11bg)> advanced Displays the advanced submenu for the 802.11b/g radio. The items available under this command include: Syntax show set .. / save quit 118 Displays advanced radio settings for the 802.11b/g radio. Defines advanced parameters for the 802.11b/g radio. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash. Quits the CLI.
admin(network.wireless.radio.802-11bg.advanced)> show Displays the BSSID to WLAN mapping for the 802.11b/g radio. Syntax advanced wlan show Displays advanced settings for the 802.11b/g radio. Displays WLAN summary list for the 802.11b/g radio. Example admin(network.wireless.radio.802-11bg.
CLI Reference admin(network.wireless.radio.802-11bg.advanced)> set Defines advanced parameters for the target 802.11b/g radio. Syntax set wlan bss Defines advanced WLAN to BSSID mapping for the target radio. Sets the BSSID to primary WLAN definition. Example admin(network.wireless.radio.802-11bg.advanced)>set wlan demoroom 1 admin(network.wireless.radio.802-11bg.
admin(network.wireless.radio)> radio2 Navigates to a 802.11a specific radio submenu. The items available under this command include: Syntax show set delete advanced mesh .. / save quit Displays 802.11a radio settings Defines specific 802.11a radio parameters. Deletes the ACS exception channels. Displays the Advanced radio settings submenu. Goes to the Wireless AP Connections submenu. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash. Quits the CLI.
CLI Reference admin(network.wireless.radio.802-11a)> show Displays specific 802.11a radio settings. Syntax show radio qos Displays 802.11a radio settings. Displays 802.11a radio WMM QoS settings. Example admin(network.wireless.radio.802-11a)>show radio Radio Setting Information Placement MAC Address Radio Type : indoor : 00A0F8715920 : 802.
admin(network.wireless.radio.802-11a)> set Defines specific 802.11a radio parameters. Syntax set placement ch-mode channel acs-exception-list antenna power rates beacon dtim rts range qos qbss-beacon qbss-mode Defines the access point radio placement as indoors or outdoors. Determines how the radio channel is selected. Defines the actual channel used by the radio. Used to define the automatic channel selection exception list. Sets the radio antenna power. Defines the radio antenna power transmit level.
CLI Reference admin(network.wireless.radio.802-11a)> advanced Navigates to the advanced submenu for the 802-11a radio. The items available under this command include: Syntax show set .. / save quit 124 Displays advanced radio settings for the 802-11a radio. Defines advanced parameters for the 802-11a radio. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash. Quits the CLI.
admin(network.wireless.radio.802-11a.advanced)> show Displays the BSSID to WLAN mapping for the 802.11a radio. Syntax advanced wlan show Displays advanced settings for the 802.11a radio. Displays WLAN summary list for 802.11a radio. Example admin(network.wireless.radio.802-11a.
CLI Reference admin(network.wireless.radio.802-11a.advanced)> set Defines advanced parameters for the target 802..11a radio. Syntax set wlan bss Defines advanced WLAN to BSSID mapping for the target radio. Sets the BSSID to primary WLAN definition. Example admin(network.wireless.radio.802-11a.advanced)>set wlan demoroom 1 admin(network.wireless.radio.802-11a.
Network Quality of Service (QoS) Commands admin(network.wireless)> qos Displays the access point Quality of Service (QoS) submenu. The items available under this command include: show create edit delete .. / save quit Displays access point QoS policy information. Defines the parameters of the QoS policy. Edits the settings of an existing QoS policy. Removes an existing QoS policy. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash. Quits the CLI.
CLI Reference admin(network.wireless.qos)> show Displays the access point’s current QoS policy by summary or individual policy. Syntax show summary policy Displays all exisiting QoS policies that have been defined. Displays the configuration for the requested QoS policy. Example admin(network.wireless.
admin(network.wireless.qos)> create Navigates to a menu used to define an access point’s QoS policy. Syntax show set qos-name vop mcast wmm-qos param-set cwmin cwmax aifsn txops default add-policy .. Altitude 35x0 Access Point Product Reference Guide Displays QoS policy parameters. Sets the QoS name for the specified index entry.
CLI Reference admin(network.wireless.qos)> edit Navigates to menu used to edit the properties of an existing QoS policy. Syntax show set qos-name vop mcast wmm-qos param-set cwmin cwmax aifsn txops default change .. 130 Displays QoS policy parameters. Sets the QoS name for the specified index entry.
admin(network.wireless.qos)> delete Removes a QoS policy. Syntax delete Deletes the specified QoS polciy index, or all of the policies (except default policy).
CLI Reference Network Bandwith Management Commands admin(network.wireless)> bandwidth Displays the access point Bandwidth Management submenu. The items available under this command include: show set .. / save quit 132 Displays Bandwidth Management information for how data is processed by the access point. Defines Bandwidth Management parameters for the access point. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash. Quits the CLI.
admin(network.wireless.bandwidth)> show Displays the current Bandwidth Management configuration summary or for defined WLANs as well as how they are weighted. Syntax show Displays the current Bandwidth Management configuration summary or for defined WLANs as well as how they are weighted. Example admin(network.wireless.
CLI Reference admin(network.wireless.bandwidth)> set Defines the access point Bandwidth Management configuration. Syntax set mode weight 134 Defines bandwidth share mode of First In First Out , Round Robin or Weighted Round Robin Assigns a bandwidth share allocation for the WLAN when Weighted Round Robin is selected. The weighting is from 1-10.
Network Rogue-AP Commands admin(network.wireless)> rogue-ap Navigates to the Rogue AP submenu. The items available under this command include: show set mu-scan allowed-list active-list rogue-list .. / save quit Displays the current access point Rogue AP detection configuration. Defines the Rogue AP detection method. Goes to the Rogue AP scan submenu. Goes to the Rogue AP Allowed List submenu. Goes the Rogue AP Active List submenu. Goes the Rogue AP List submenu. Goes to the parent menu.
CLI Reference admin(network.wireless.rogue-ap)> show Displays the current access point Rogue AP detection configuration. Syntax show Displays the current access point Rogue AP detection configuration. Example admin(network.wireless.
admin(network.wireless.rogue-ap)> set Defines the access point ACL rogue AP method. Syntax set mu-scan interval on-channel detector-scan ABG-scan extreme networks-ap applst-ageout roglst-ageout Enables or disables to permit Clients to scan for rogue APs. Define an interval for associated Clients to beacon in attempting to locate rogue APs. Value not available unless mu-scan is enabled. Enables or disables on-channel detection.
CLI Reference admin(network.wireless.rogue-ap)> mu-scan Navigates to the Rogue-AP mu-scan submenu. Syntax add show start .. / save quit 138 Add all or just one scan result to Allowed AP list. Displays all APs located by the Client scan. Initiates scan immediately by the Client. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash. Quits the CLI.
admin(network.wireless.rogue-ap.mu-scan)> start Initiates an MU scan for a user provided MAC address. Syntax start Initiates Client scan from user provided MAC address.
CLI Reference admin(network.wireless.rogue-ap.mu-scan)> show Displays the results of an MU scan. Syntax show 140 Displays all APs located by the Client scan.
admin(network.wireless.rogue-ap)> allowed-list Navigates to the Rogue-AP allowed-list submenu. show add delete .. / save quit Displays the rogue AP allowed list Adds an AP MAC address and ESSID to the allowed list. Deletes an entry or all entries from the allowed list. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash. Quits the CLI.
CLI Reference admin(network.wireless.rogue-ap.allowed-list)> show Displays the Rogue AP allowed List. Syntax show Displays the Rogue AP allowed List. Example admin(network.wireless.rogue-ap.
admin(network.wireless.rogue-ap.allowed-list)> add Adds an AP MAC address and ESSID to existing allowed list. Syntax add Adds an AP MAC address and ESSID to existing allowed list. “fffffffffffffffff” means any MAC Use a “*” for any ESSID. Example admin(network.wireless.rogue-ap.allowed-list)>add 00A0F83161BB 103 admin(network.wireless.rogue-ap.
CLI Reference admin(network.wireless.rogue-ap.allowed-list)> delete Deletes an AP MAC address and ESSID to existing allowed list. Syntax delete 144 Deletes a specified AP MAC address and ESSID index (1-50) from the allowed list. The option also exists to remove all indexes.
WIPS Commands admin(network.wireless)> wips Navigates to the wips Locationing submenu. The items available under this command include: show set .. / save quit Displays the current WLAN Intrusion Prevention configuration. Sets WLAN Intrusion Prevention parameters. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash. Quits the CLI.
CLI Reference admin(network.wireless.wips)> show Shows the WLAN Intrusion Prevention configuration. Syntax show Shows the WLAN Intrusion Prevention configuration. Example admin(network.wireless.wips)>show WIPS Server #1 IP Address : 192.168.0.21 WIPS Server #2 IP Address : 10.10.1.1 admin(network.wireless.
admin(network.wireless.wips)> set Sets the WLAN Intrusion Prevention configuration. Syntax set Defines the WLAN Intrusion Prevention Server IP Address for (server IPs 1 and 2) Example admin(network.wireless.wips)>set server 1 192.168.0.21 admin(network.wireless.
CLI Reference Network MU Locationing Commands admin(network.wireless)> mu-locationing Navigates to the Client Locationing submenu. The items available under this command include: show set .. / save quit 148 Displays the current Client Locationing configuration. Defines Client Locationing parameters. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash. Quits the CLI.
admin(network.wireless.mu-locationing)> show Displays the MU probe table configuration Syntax show Displays the Client probe table configuration. Example admin(network.wireless.mu-locationing)>show MU Probe Table Mode MU Probe Table Size : disable : 200 admin(network.wireless.
CLI Reference admin(network.wireless.mu-locationing)> set Defines the MU probe table configuration used for locating MUs. Syntax set mode size Defines the probe table configuration. Enables/disables a probe scan for the purposes of MU locationing. Defines the number of Clients in the table (the maximum allowed is 200). Example admin(network.wireless.mu-locationing)>set admin(network.wireless.mu-locationing)>set mode enable admin(network.wireless.mu-locationing)>set size 200 admin(network.wireless.
Network Reliable Multicast Commands admin(network.wireless)> reliable-multicast Navigates to the Reliable Multicast submenu. The items available under this command include: add delete show set .. / save quit Adds a multicast streaming address for Reliable Multicast. Removes multicast streaming address for Reliable Multicast. Displays the current Reliable Multicast configuration. Defines the Reliable Multicast configuration information. Goes to the parent menu. Goes to the root menu.
CLI Reference admin(network.wireless.reliable-multicast)> add Adds a multicast address for Reliable Multicast feature. Syntax : add multicast-group Adds a multicast group for Reliable Multicast feature The multicast group to be added. The value for this parameter is an IP address in the range of 244.0.0.0 to 239.255.255.255. Example admin(network.wireless.reliable-multicast)>add multicast-group 224.0.1.10 admin(network.wireless.
admin(network.wireless.reliable-multicast)> delete Removes multicast address or addresses for Reliable Multicast feature. Syntax : delete multicast-group all Removes a multicast group for Reliable Multicast feature. is the multicast group to be removed. The value for this parameter is an IP address in the range of 244.0.0.0 to 239.255.255.255. Removes all multicast groups registered for Reliable Multicast. Example admin(network.wireless.
CLI Reference admin(network.wireless.reliable-multicast)> set Sets the different Reliable Multicast configuration settings. Syntax : set mode stream-limit query-interval query-version standalone-mode wlan tx-multicast Enables or disables the Reliable Multicast feature. Sets the number of Multicast streams supported by Reliable Multicast. Enter a value in the range 1 and 32. The default value is 12. Sets the IGMP query interval in seconds.
admin(network.wireless.reliable-multicast)> show Displays the configuration information for the Reliable Multicast feature. Also displays the MUs that are subscribed for Reliable Multicast transmission. Syntax : show config mobile-units Displays the current configuration for the Reliable Multicast feature. Displays the MUs that are subscribed to Reliable Multicast transmission. Example admin(network.wireless.
CLI Reference Network DOT 11i Retry Commands admin(network.wireless)> dot11i-retry Navigates to the 11i retry command submenu: show set .. / save quit 156 Displays the current dot11i retry configuration. Defines the dot11i retry configuration information. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash. Quits the CLI.
admin(network.wireless.dot11i-retry)> show Displays the configuration information for the dot11i retry feature. Syntax : show Displays the retry configuration for the WLAN specified by the index . Example admin(network.wireless.dot11i-retry)>show 1 handshake timeout in milliseconds: 2000 handshake retry count : 3 admin(network.wireless.
CLI Reference admin(network.wireless.dot11i-retry)> set Sets the configuration parameters for the dot11i retry feature. Syntax : set handshake-timeout handshake-retrycount Sets the handshake retry timeout value for the WLAN specified by the index to the duration in ms specified by the (value between 100-2000) parameter.
Network Firewall Commands admin(network)> firewall Navigates to the access point firewall submenu. The items available under this command include: show set access advanced .. / save quit Displays the access point’s current firewall configuration. Defines the access point’s firewall parameters. Enables/disables firewall permissions through the LAN and WAN ports. Displays interoperaility rules between the LAN and WAN ports. Goes to the parent menu. Goes to the root menu.
CLI Reference admin(network.firewall)> show Displays the access point firewall parameters. Syntax show Shows all access point’s firewall settings. Example admin(network.
admin(network.firewall)> set Defines the access point firewall parameters. Syntax set mode nat-timeout syn src win ftp ip seq mime len hdr filter Enables or disables the firewall. Defines the NAT timeout value. Enables or disables SYN flood attack check. Enables or disables source routing check. Enables or disables Winnuke attack check. Enables or disables FTP bounce attack check.
CLI Reference admin(network.firewall)> access Enables or disables firewall permissions through LAN to WAN ports. Syntax Displays LAN to WAN access rules. Sets LAN to WAN access rules. Adds LAN to WAN exception rules. Deletes LAN to WAN access exception rules. Displays LAN to WAN access exception rules. Goes to parent menu Goes to root menu. Saves configuration to system flash. Quits and exits the CLI session. show set add delete list .. / save quit Example admin(network.firewall.
admin(network.firewall)> advanced Displays whether an access point firewall rule is intended for inbound traffic to an interface or outbound traffic from that interface.. Syntax show set import inbound outbound .. / save quit Shows advanced subnet access parameters. Sets advanced subnet access parameters. Imports rules from subnet access. Goes to the Inbound Firewall Rules submenu. Goes to the Outbound Firewall Rules submenu. Goes to the parent menu. Goes to the root menu.
CLI Reference Network Router Commands admin(network)> router Navigates to the router submenu. The items available under this command are: show set add delete list .. / save quit 164 Displays the existing access point router configuration. Sets the RIP parameters. Adds user-defined routes. Deletes user-defined routes. Lists user-defined routes. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash. Quits the CLI.
admin(network.router)> show Shows the access point route table. Syntax show Shows the access point route table. Example admin(network.router)>show routes ---------------------------------------------------------------------------index destination netmask gateway interface metric ---------------------------------------------------------------------------1 192.168.2.0 255.255.255.0 0.0.0.0 lan1 0 2 192.168.1.0 255.255.255.0 0.0.0.0 lan2 0 3 192.168.0.0 255.255.255.0 0.0.0.0 lan1 0 4 192.168.24.0 255.255.
CLI Reference admin(network.router)> set Sets access point route table entries. Syntax set auth dir id key passwd type dgw-iface 166 Sets the RIP authentication type. Sets RIP direction. Sets MD5 authetication ID. Sets MD5 authetication key. Sets the password for simple authentication. Defines the RIP type. Sets the default gateway interface.
admin(network.router)> add Adds user-defined routes. Syntax add Adds a route with destination IP address , IP netmask , destination gateway IP address , interface LAN1, LAN2 or WAN , and metric set to (1-65536). Example admin(network.router)>add 192.168.3.0 255.255.255.0 192.168.2.1 LAN1 1 admin(network.
CLI Reference admin(network.router)> delete Deletes user-defined routes. Syntax delete all Deletes the user-defined route (1-20) from list. Deletes all user-defined routes. Example admin(network.router)>list ---------------------------------------------------------------------------index destination netmask gateway interface metric ---------------------------------------------------------------------------1 192.168.2.0 255.255.255.0 192.168.0.1 lan1 1 2 192.168.1.0 255.255.255.0 0.0.0.
admin(network.router)> list Lists user-defined routes. Syntax list Displays a list of user-defined routes. Example admin(network.router)>list ---------------------------------------------------------------------------index destination netmask gateway interface metric ---------------------------------------------------------------------------1 192.168.2.0 255.255.255.0 192.168.0.1 lan1 1 2 192.168.1.0 255.255.255.0 0.0.0.0 lan2 0 3 192.168.0.0 255.255.255.0 0.0.0.
CLI Reference System Commands admin>system Navigates to the System submenu. The items available under this command are shown below. restart show set lastpw exec arp aap-setup access cmgr snmp userdb radius ntp logs config fw-update .. / save quit 170 Restarts the access point. Shows access point system parameter settings. Defines access point system parameter settings. Displays last debug password. Goes to a Linux command menu. Dispalys the access point’s arp table. Goes to the AP Settings submenu.
admin(system)> restart Restarts the access point access point. Syntax restart Restarts the access point. Example admin(system)>restart ********************************WARNING*********************************** ** Unsaved configuration changes will be lost when the access point is reset. ** Please be sure to save changes before resetting. ************************************************************************** Are you sure you want to restart the AP35xx?? (yes/no): AP35xx Boot Firmware Version 4.0.0.
CLI Reference admin(system)> show Displays high-level system information helpful to differentiate this access point. Syntax show Displays access point system information. Example admin(system)>show system name system location admin email address system uptime : : : : BldgC Atlanta Field Office johndoe@mycompany.com 0 days 4 hours 41 minutes AP35xx firmware version country code ap-mode serial number : : : : 2.2.0.
admin(system)> set Sets access point system parameters. Syntax set name loc email cc Sets the access point system name to (1 to 59 characters). The access point does not allow intermediate space characters between characters within the system name. For example, “AP35xx sales” must be changed to “AP35xxsales” to be a valid system name. Sets the access point system location to (1 to 59 characters).
CLI Reference admin(system)> lastpw Displays last expired debug password.
admin(system)> arp Dispalys the access point’s arp table. Example admin(system)>arp Address HWtype HWaddress Flags Mask Iface 157.235.92.210 157.235.92.179 157.235.92.248 157.235.92.180 157.235.92.3 157.235.92.181 157.235.92.80 157.235.92.95 157.235.92.161 157.235.92.
CLI Reference Adaptive AP Setup Commands admin(system)> aap-setup Navigates to the Adaptive AP submenu. show set delete .. / save quit 176 Displays adopted AP information. Defines the adopted AP’s configuration. Deletes static controller address assignments. Goes to the parent menu. Goes to the root menu. Saves the current configuration to the access point system flash. Quits the CLI and exits the current session.
admin(system.aap-setup)> show Displays the access point’s configuration once adopted by the controller. Syntax Displays the access point’s adopted configuration. show Example admin(system.
CLI Reference admin(system.aap-setup)> set Sets adopted access point’s configuration. Syntax set 178 auto-discovery interface ipadr name port passphrase tunnel-to-controller ac-keepalive Sets the controller auto-discovery mode (enable/disable). Defines the tunnel interface. Defines the controller IP address used. Defines the controller name for DNS lookups. Sets the port. Defines the pass phrase or key for controller connection. Enables/disables the tunnel between controller and access point.
admin(system.aap-setup)> delete Deletes static controller address assignments. Syntax delete Deletes static controller address assignments by the selected index. Deletes all assignments. Example admin(system.aap-setup)>delete 1 admin(system.
CLI Reference System Access Commands admin(system)> access Navigates to the access point’s access submenu. show set .. / save quit 180 Displays access point system access capabilities. Goes to the access point system access submenu. Goes to the parent menu. Goes to the root menu. Saves the current configuration to the access point system flash. Quits the CLI and exits the current session.
admin(system.access)> set Defines the permissions to access the access point applet, CLI, SNMP as well as defining their timeout values. Syntax set applet app-timeout cli Defines the applet HTTP/HTTPS access parameters. Sets the applet timeout. Default is 300 Mins. Defines CLI Telnet access parameters. Enables/disables access from lan and wan. ssh Sets the CLI SSH access parameters.
CLI Reference admin(system.access)> show Displays the current access point access permissions and timeout values. Syntax Shows all of the current system access settings for the access point.. show Example admin(system.access)>set trusted-host mode enable admin(system.access)>set trusted-host range 1 10.1.1.1 10.1.1.10 Warning: Only trusted hosts can access the AP through snmp, http, https, telnet, ssh admin(system.
System Certificate Management Commands admin(system)> cmgr Navigates to the Certificate Manager submenu. The items available under this command include: genreq delself loadself listself loadca delca listca showreq delprivkey listprivkey expcert impcert .. / save quit Generates a Certificate Request. Deletes a Self Certificate. Loads a Self Certificate signed by CA. Lists the self certificate loaded. Loads trusted certificate from CA. Deletes the trusted certificate. Lists the trusted certificate loaded.
CLI Reference admin(system.cmgr)> genreq Generates a certificate request. Syntax genreq [-ou ] [-on ] [-cn ] [-st ] . . . ...
admin(system.cmgr)> delself Deletes a self certificate. Syntax delself Deletes the self certificate named . Example admin(system.
CLI Reference admin(system.cmgr)> loadself Loads a self certificate signed by the Certificate Authority. Syntax loadself 186 [https] Load the self certificate signed by the CA with name (7 characters). HTTPS is needed for an apacahe certificate and keys.
admin(system.cmgr)> listself Lists the loaded self certificates. Syntax listself Lists all self certificates that are loaded.
CLI Reference admin(system.cmgr)> loadca Loads a trusted certificate from the Certificate Authority. Syntax loadca 188 Loads the trusted certificate (in PEM format) that is pasted into the command line.
admin(system.cmgr)> delca Deletes a trusted certificate. Syntax delca Deletes the trusted certificate.
CLI Reference admin(system.cmgr)> listca Lists the loaded trusted certificate. Syntax listca 190 Lists the loaded trusted certificates.
admin(system.cmgr)> showreq Displays a certificate request in PEM format. Syntax showreq Displays a certificate request named generated from the genreq command (7 characters maximum).
CLI Reference admin(system.cmgr)> delprivkey Deletes a private key. Syntax delprivkey 192 Deletes private key named .
admin(system.cmgr)> listprivkey Lists the names of private keys. Syntax listprivkey Lists all private keys and their associated certificates.
CLI Reference admin(system.cmgr)> expcert Exports the certificate file to a user defined location. Syntax expcert Exports the access point’s CA or Self certificate file. To export certificate information from an AP3510 or AP3550 model access point: admin(system.
admin(system.cmgr)> impcert Imports the target certificate file. Syntax impcert Imports the target certificate file. To import certificate information from an AP3510 or AP3550 model access point: admin(system.cmgr)>impcert ? [https] : : : : : : type: ftp/tftp file name: Certificate file name https: If set to import apache certificate and key Server options for this file are the same as that for the configuration file admin(system.cmgr)>impcert tftp AP-51x1certs.
CLI Reference System SNMP Commands admin(system)> snmp Navigates to the SNMP submenu. The items available under this command are shown below. access traps .. / save quit 196 Goes to the SNMP access submenu. Goes to the SNMP traps submenu. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash. Quits the CLI.
System SNMP Access Commands admin(system.snmp)> access Navigates to the SNMP Access menu. The items available under this command are shown below. show add delete list .. / save quit Shows SNMP v3 engine ID. Adds SNMP access entries. Deletes SNMP access entries. Lists SNMP access entries. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash. Quits the CLI.
CLI Reference admin(system.snmp.access)> show Shows the SNMP v3 engine ID. Syntax show eid Shows the SNMP v3 Engine ID. Example admin(system.snmp.access)>show eid access point snmp v3 engine id : 000001846B8B4567F871AC68 admin(system.snmp.
admin(system.snmp.access)> add Adds SNMP access entries for specific v1v2 and v3 user definitions. Syntax add acl v1v2c Adds an entry to the SNMP access control list with as the starting IP address and and as the ending IP address. : comm - community string 1 to 31 characters : access - read/write access - (ro,rw) v3 : oid - string 1 to 127 chars - E.g. 1.3.6.
CLI Reference admin(system.snmp.access)> delete Deletes SNMP access entries for specific v1v2 and v3 user definitions. Syntax delete acl v1v2c v3 all all all Deletes Deletes Deletes Deletes Deletes Deletes entry (1-10) from the access control list. all entries from the access control list. entry (1-10) from the v1/v2 configuration list. all entries from the v1/v2 configuration list. entry (1-10) from the v3 user definition list.
admin(system.snmp.access)> list Lists SNMP access entries. Syntax list acl v1v2c v3 all Lists Lists Lists Lists SNMP access control list entries. SNMP v1/v2c configuration. SNMP v3 user definition with index . all SNMP v3 user definitions. Example admin(system.snmp.access)>list acl ---------------------------------------------------------------index start ip end ip ---------------------------------------------------------------1 209.236.24.1 209.236.24.46 admin(system.snmp.
CLI Reference System SNMP Traps Commands admin(system.snmp)> traps Navigates to the SNMP traps submenu. The items available under this command are shown below. show set add delete list .. / save quit 202 Shows SNMP trap parameters. Sets SNMP trap parameters. Adds SNMP trap entries. Deletes SNMP trap entries. Lists SNMP trap entries. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash. Quits the CLI.
admin(system.snmp.traps)> show Shows SNMP trap parameters. Syntax show trap rate-trap Shows SNMP trap parameter settings. Shows SNMP rate-trap parameter settings. Example admin(system.snmp.
CLI Reference admin(system.snmp.traps)> set Sets SNMP trap parameters.
admin(system.snmp.traps)> add Adds SNMP trap entries. Syntax add v1v2 v3 Adds an entry to the SNMP v1/v2 access list with the destination IP address set to , the destination UDP port set to , the community string set to (1 to 31 characters), and the SNMP version set to .
CLI Reference admin(system.snmp.traps)> delete Deletes SNMP trap entries. Syntax delete v1v2c v3 all all Deletes Deletes Deletes Deletes entry from the v1v2c access control list. all entries from the v1v2c access control list. entry from the v3 access control list. all entries from the v3 access control list. Example admin(system.snmp.
admin(system.snmp.traps)> list Lists SNMP trap entries. Syntax list v1v2c v3 all Lists SNMP v1/v2c access entries. Lists SNMP v3 access entry . Lists all SNMP v3 access entries. Example admin(system.snmp.traps)>add v1v2 203.223.24.2 162 mycomm v1 admin(system.snmp.traps)>list v1v2c ---------------------------------------------------------------------index dest ip dest port community version ---------------------------------------------------------------------1 203.223.24.
CLI Reference System User Database Commands admin(system)> userdb Navigates to the user database submenu. Syntax user group save .. / 208 Goes to the user submenu. Goes to the group submenu. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
Adding and Removing Users from the User Database admin(system.userdb)> user Adds and removes users from the user database and defines user passwords. Syntax add delete clearall set show save .. / Adds a new user. Deletes an existing user ID.. Removes all existing user IDs from the system. Sets a password for a user. Displays the current user database configuration. Saves the configuration to system flash. Goes to the parent menu. Goes to the root menu.
CLI Reference admin(system.userdb.user)> add Adds a new user to the user database. Syntax add Adds a new user and password to the user database. Example admin(system.userdb.user>add george password admin(system.userdb.
admin(system.userdb.user)> delete Removes a new user to the user database. Syntax delete Removes a user ID string from the user database. Example admin(system.userdb.user>delete george admin(system.userdb.
CLI Reference admin(system.userdb.user)> clearall Removes all existing user IDs from the system. Syntax clearall Removes all existing user IDs from the system. Example admin(system.userdb.user>clearall admin(system.userdb.
admin(system.userdb.user)> set Sets a password for a user.. Syntax set Sets a password for a specific user. Example admin(system.userdb.user>set george password admin(system.userdb.
CLI Reference Adding and Removing Groups from the User Database admin(system.userdb)> group Adds or removes groups from the user database. Syntax create delete clearall add remove show save .. / 214 Creates a group name. Deletes a group name. Removes all existing group names from the system. Adds a user to an existing group. Removes a user from an existing group. Displays existing groups. Saves the configuration to system flash. Goes to the parent menu. Moves back to root menu.
admin(system.userdb.group)> create Creates a group name. Once defined, users can be added to the group. Syntax create Creates a group name. Once defined, users can be added to the group. Example admin(system.userdb.group>create 2 admin(system.userdb.
CLI Reference admin(system.userdb.group)> delete Deletes an existing group. Syntax delete Deletes an existing group. Example admin(system.userdb.group>delete 2 admin(system.userdb.
admin(system.userdb.group)> clearall Removes all existing group names from the system. Syntax clearall Removes all existing group names from the system. Example admin(system.userdb.group>clearall admin(system.userdb.
CLI Reference admin(system.userdb.group)> add Adds a user to an existing group. Syntax add Adds a user to an existing group . Example admin(system.userdb.group>add lucy group x admin(system.userdb.
admin(system.userdb.group)> remove Removes a user from an existing group. Syntax remove Removes a user from an existing group . Example admin(system.userdb.group>remove lucy group x admin(system.userdb.
CLI Reference admin(system.userdb.group)> show Displays existing groups. Syntax Displays existing groups and users. Displays configured user IDs for a group. Displays configured groups. show users groups Example admin(system.userdb.group>show groups List of Group Names : engineering : marketing : demo room admin(system.userdb.
System Radius Commands admin(system)> radius Navigates to the Radius system submenu. Syntax eap policy ldap proxy client set show save quit .. / Goes to the EAP submenu. Goes to the access policy submenu. Goes to the LDAP submenu. Goes to the proxy submenu. Goes to the client submenu. Sets Radius parameters. Displays Radius parameters. Saves the configuration to system flash. Quits the CLI. Goes to the parent menu. Goes to the root menu.
CLI Reference admin(system.radius)> set/show Sets or displays the Radius user database. Syntax set show all Sets the Radius user database. Displays the Radius user database. Example admin(system.radius)>set database local admin(system.radius)>show all Database : local admin(system.
admin(system.radius)> eap Navigates to the EAP submenu. Syntax peap ttls import set show save quit .. / Goes to the Peap submenu. Goes to the TTLS submenu. Imports the requested EAP certificates. Defines EAP parameters. Displays the EAP configuration. Saves the configuration to system flash. Quits the CLI. Goes to the parent menu. Goes to the root menu.
CLI Reference admin(system.radius.eap)> peap Navigates to the Peap submenu. Syntax set show save quit .. / 224 Defines Peap parameters. Displays the Peap configuration. Saves the configuration to system flash. Quits the CLI. Goes to the parent menu. Goes to the root menu.
admin(system.radius.eap.peap)> set/show Defines and displays Peap parameters Syntax set show Sets the Peap authentication . Displays the Peap authentication type. Example admin(system.radius.eap.peap)>set auth gtc admin(system.radius.eap.
CLI Reference admin(system.radius.eap)> ttls Navigates to the TTLS submenu. Syntax set show save quit .. / 226 Defines TTLS parameters. Displays the TTLS configuration. Saves the configuration to system flash. Quits the CLI. Goes to the parent menu. Goes to the root menu.
admin(system.radius.eap.ttls)> set/show Defines and displays TTLS parameters Syntax set show Sets the TTLS authentication . Displays the TTLS authentication type. Example admin(system.radius.eap.ttls)>set auth pap admin(system.radius.eap.
CLI Reference admin(system.radius)> policy Navigates to the access policy submenu. Syntax set access-time show save quit .. / 228 Sets a group’s WLAN access policy. Goes to the time based login submenu. Displays the group’s access policy. Saves the configuration to system flash. Quits the CLI. Goes to the parent menu. Goes to the root menu.
admin(system.radius.policy)> set Defines the group’s WLAN access policy. Syntax set Defines the group’s WLAN access policy (WLAN name dilimited by a space). Example admin(system.radius.policy)>set engineering 16 admin(system.radius.
CLI Reference admin(system.radius.policy)> access-time Goes to the time-based login submenu. Syntax set show save quit .. / Defines a target group’s access time permissions. Access time is in DayDDDD DDDD format. Displays the group’s access time rule. Saves the configuration to system flash. Quits the CLI. Goes to the parent menu. Goes to the root menu. Example admin(system.radius.policy.
admin(system.radius.policy)> show Displays a group’s access policy. Syntax show Displays a group’s access policy. Example admin(system.radius.policy)>show List of Access Policies engineering marketing demo room test demo : : : : 16 10 3 No Wlans admin(system.radius.
CLI Reference admin(system.radius)> ldap Navigates to the LDAP submenu. Syntax set show save quit .. / 232 Defines the LDAP parameters. Displays existing LDAP parameters (command must be supplied as “show all.” Saves the configuration to system flash. Quits the CLI. Goes to the parent menu. Goes to the root menu.
admin(system.radius.ldap)> set Defines the LDAP parameters. Syntax set ipadr port binddn basedn passwd login pass_attr groupname filter membership Defines the LDAP parameters. Sets LDAP IP address. Sets LDAP server port. Sets LDAP bind distinguished name. Sets LDAP base distinguished name. Sets LDAP server password. Sets LDAP login attribute. Sets LDAP password attribute. Sets LDAP group name attribute. Sets LDAP group membership filter. Sets LDAP group membership attribute. Example admin(system.radius.
CLI Reference admin(system.radius.ldap)> show all Displays existing LDAP parameters. Syntax show all Displays existing LDAP parameters. Example admin(system.radius.ldap)>show all LDAP Server IP : 0.0.0.
admin(system.radius)> proxy Navigates to the Radius proxy server submenu. Syntax add delete clearall set show save quit .. / Adds a proxy realm. Deletes a proxy realm. Removes all proxy server records. Sets proxy server parameters. Displays current Radius proxy server parameters. Saves the configuration to system flash. Quits the CLI. Goes to the parent menu. Goes to the root menu.
CLI Reference admin(system.radius.proxy)> add Adds a proxy. Syntax add name ip1 port sec Adds a proxy realm. Realm name. Authentication server IP address. Authentication server port. Shared secret password. Example admin(system.radius.proxy)>add lancelot 157.235.241.22 1812 muddy admin(system.radius.
admin(system.radius.proxy)> delete Adds a proxy. Syntax delete Deletes a specified realm name. Example admin(system.radius.proxy)>delete lancelot admin(system.radius.
CLI Reference admin(system.radius.proxy)> clearall Removes all proxy server records from the system. Syntax clearall Removes all proxy server records from the system. Example admin(system.radius.proxy)>clearall admin(system.radius.
admin(system.radius.proxy)> set Sets Radius proxy server parameters. Syntax set delay count Sets Radius proxy server parameters. Defines retry delay time (in seconds) for the proxy server. Defines retry count value for the proxy server. Example admin(system.radius.proxy)>set delay 10 admin(system.radius.proxy)>set count 5 admin(system.radius.
CLI Reference admin(system.radius)> client Goes to the Radius client submenu. Syntax add delete show save quit .. / 240 Adds a Radius client to list of available clients. Deletes a Radius client from list of available clients. Displays a list of configured clients. Saves the configuration to system flash. Quits the CLI. Goes to the parent menu. Goes to the root menu.
admin(system.radius.client)> add Adds a Radius client to those available to the Radius server. Syntax add ip mask secret Adds a proxy. Client’s IP address. Network mask address of the client. Shared secret password. Example admin(system.radius.client)>add 157.235.132.11 255.255.255.225 muddy admin(system.radius.
CLI Reference admin(system.radius.client)> delete Removes a specified Radius client from those available to the Radius server. Syntax delete Removes a specified Radius client (by IP address) from those available to the Radius server Example admin(system.radius.client)>delete 157.235.132.11 admin(system.radius.
admin(system.radius.client)> show Displays a list of configured Radius clients. Syntax show Removes a specified Radius client from those available to the Radius server. Example admin(system.radius.client)>show ---------------------------------------------------------------------------Idx Subnet/Host Netmask SharedSecret ---------------------------------------------------------------------------1 157.235.132.11 255.255.255.225 ***** admin(system.radius.
CLI Reference System Network Time Protocol (NTP) Commands admin(system)> ntp Navigates to the NTP menu. The correct network time is required for numerous functions to be configured accurately on the access point. Syntax show date-zone zone-list set .. / save quit 244 Shows NTP parameters settings. Show date, time and time zone. Displays list of time zones. Sets NTP parameters. Goes to the parent menu. Goes to the root menu. Saves the configuration to system flash. Quits the CLI.
admin(system.ntp)> show Displays the NTP server configuration. Syntax show Shows all NTP server settings. Example admin(system.ntp)>show current time (UTC) : 2006-07-31 14:35:20 Time Zone: ntp mode preferred Time server ip preferred Time server port first alternate server ip first alternate server port second alternate server ip second alternate server port synchronization interval : : : : : : : : Altitude 35x0 Access Point Product Reference Guide enable 203.21.37.18 123 203.21.37.19 123 0.0.0.
CLI Reference admin(system.ntp)> date-zone Show date, time and time zone. Syntax date-zone Show date, time and time zone. Example admin(system.
admin(system.ntp)> zone-list Displays an extensive list of time zones for countries around the world. Syntax zone-list Displays list of time zone indexes for every known zone. Example admin(system.
CLI Reference admin(system.ntp)> set Sets NTP parameters for access point clock synchronization. Syntax set mode server port intrvl time
System Log Commands admin(system)> logs Navigates to the access point log submenu. Logging options include: Syntax show set view delete send .. / save quit Shows logging options. Sets log options and parameters. Views system log. Deletes the system log. Sends log to the designated FTP Server. Goes to the parent menu. Goes to the root menu. Saves configuration to system flash. Quits the CLI.
CLI Reference admin(system.logs)> show Displays the current access point logging settings. Syntax show Displays the current access point logging configuration. Example admin(system.logs)>show log level syslog server logging syslog server ip address 250 : L6 Info : enable : 192.168.0.
admin(system.logs)> set Sets log options and parameters. Syntax set level mode ipadr Sets the level of the events that will be logged. All events with a level at or above (L0-L7) will be saved to the system log. L0:Emergency L1:Alert L2:Critical L3:Errors L4:Warning L5:Notice L6:Info (default setting) L7:Debug Enables or disables syslog server logging. Sets the external syslog server IP address to (a.b.c.d). admin(system.logs)>set mode enable admin(system.
CLI Reference admin(system.logs)> view Displays the access point system log file. Syntax view Displays the entire access point system log file. Example admin(system.logs)>view Jan 7 16:14:00 (none) syslogd 1.4.1: restart (remote reception). Jan 7 16:14:10 (none) klogd: :ps log:fc: queue maintenance Jan 7 16:14:41 (none) klogd: :ps log:fc: queue maintenance Jan 7 16:15:43 (none) last message repeated 2 times Jan 7 16:16:01 (none) CC: 4:16pm up 6 days, 16:16, load average: 0.00, 0.01, 0.
admin(system.logs)> delete Deletes the log files. Syntax delete Deletes the access point system log file. Example admin(system.
CLI Reference admin(system.logs)> send Sends log and core file to an FTP Server. Syntax send Sends the system log file via FTP to a location specified with the set command. Refer to the command set under the (system.fwupdate) command for information on setting up an FTP server and login information. Example admin(system.logs)>send File transfer File transfer : [ In progress ] : [ Done ] admin(system.
System Configuration-Update Commands admin(system)> config Navigates to the access point configuration update submenu. Syntax default partial show set export import .. / save quit Restores the default access point configuration. Restores a partial default access point configuration. Shows import/export parameters. Sets import/export access point configuration parameters. Exports access point configuration to a designated system. Imports configuration to the access point. Goes to the parent menu.
CLI Reference admin(system.config)> default Restores the full access point factory default configuration. Syntax default Restores the access point to the original (factory) configuration. Example admin(system.
admin(system.config)> partial Restores a partial factory default configuration. The access point’s LAN, WAN and SNMP settings are unaffected by the partial restore. Syntax default Restores a partial access point configuration. Example admin(system.
CLI Reference admin(system.config)> show Displays import/export parameters for the access point configuration file. Syntax show Shows all import/export parameters. Example admin(system.config)>show cfg filename cfg filepath ftp/tftp server ip address ftp user name ftp password 258 : : : : : cfg.txt 192.168.0.
admin(system.config)> set Sets the import/export parameters. Syntax set file path server user passwd Sets the configuration file name (1 to 39 characters in length). Defines the path used for the configuration file upload. Sets the FTP/TFTP server IP address. Sets the FTP user name (1 to 39 characters in length). Sets the FTP password (1 to 39 characters in length). Example admin(system.config)>set server 192.168.22.12 admin(system.
CLI Reference admin(system.config)> export Exports the configuration from the system. Syntax export ftp tftp terminal Exports the access point configuration to the FTP server. Use the set command to set the server, user, password, and file name before using this command. Exports the access point configuration to the TFTP server. Use the set command to set the IP address for the TFTP server before using the command. Exports the access point configuration to a terminal. Example Export FTP admin(system.
admin(system.config)> import Imports the access point configuration to the access point. Errors could display as a result of invaid configuration parameters. Correct the sepcified lines and import the file again until the import operation is error free. Syntax import ftp tftp Imports the access point configuration file from the FTP server. Use the set command to set the server, user, password, and file. Imports the access point configuration from the TFTP server.
CLI Reference Firmware Update Commands admin(system)> fw-update Navigates to the firmware update submenu. The items available under this command are shown below. NOTE The access point must complete the reboot process to successfully update the device firmware, regardless of whether the reboot is conducted uing the GUI or CLI interfaces. show set update .. / save quit 262 Displays the current access point firmware update settings. Defines the access point firmware update parameters.
admin(system.fw-update)> show Displays the current access point firmware update settings. Syntax show Shows the current system firmware update settings for the access point. Example admin(system.fw-update)>show automatic firmware upgrade automatic config upgrade : enable : enable firmware filename firmware path ftp/tftp server ip address ftp user name ftp password : : : : : Altitude 35x0 Access Point Product Reference Guide APFW.bin /tftpboot/ 168.197.2.
CLI Reference admin(system.fw-update)> set Defines access point firmware update settings and user permissions. Syntax set fw-auto cfg-auto file path server user passwd admin(system.fw-update)>set admin(system.fw-update)>set admin(system.fw-update)>set admin(system.fw-update)>set admin(system.fw-update)>set admin(system.fw-update)>set admin(system.
admin(system.fw-update)> update Executes the access point firmware update over the WAN or LAN port using either ftp or tftp. Syntax update Defines the ftp ot tftp mode used to conduct the firmware update. Specifies whether the update is executed over the access point’s WAN, LAN1 or LAN2 interface . NOTE The access point must complete the reboot process to successfully update the device firmware, regardless of whether the reboot is conducted uing the GUI or CLI interfaces. admin(system.
CLI Reference Statistics Commands admin>stats Navigates to the access point statistics submenu. The items available under this command are: show send-cfg-ap send-cfg-all clear flash-all-leds echo ping .. / save quit 266 Displays access point WLAN, Client, LAN and WAN statistics. Sends a config file to another access point within the known AP table. Sends a config file to all access points within the known AP table. Clears all statistic counters to zero.
admin(stats)> show Displays access point system information. Syntax show wan leases lan stp wlan s-wlan radio s-radio retry-hgram mu s-mu auth-mu wlap s-wlap known-ap cpu-mem Displays Displays Displays Displays Displays Displays Displays Displays Displays Displays Displays Displays Displays Displays Displays Displays stats for the access point WAN port. the leases issued by the access point. stats for the access point LAN port LAN Spanning Tree Status WLAN status and statistics summary.
CLI Reference admin(stats)> send-cfg-ap Copies the access point’s configuration to another access point within the known AP table. Syntax send-cfg-ap Copies the access point’s configuration to the access points within the known AP table. Mesh configuration attributes do not get copied using this command and must be configured manually.
admin(stats)> send-cfg-all Copies the access point’s configuration to all of the access points within the known AP table. Syntax send-cfg-all Copies the access point’s configuration to all of the access points within the known AP table. Example admin(stats)>send-cfg-all admin(stats)> NOTE The send-cfg-all command copies all existing configuration parameters except Mesh settings, LAN IP data, WAN IP data and DHCP Server parameter information.
CLI Reference admin(stats)> clear Clears the specified statistics counters to zero to begin new data calculations. Syntax clear wan lan all-rf all-wlan wlan all-radio radio1 radio2 all-mu mu known-ap 270 Clears Clears 2). Clears Clears Clears Clears Clears Clears Clears Clears Clears WAN statistics counters. statistics counters for specified LAN index (either clear lan 1 or clear lan all RF data. all WLAN summary information. individual WLAN statistic counters. access point radio summary information.
admin(stats)> flash-all-leds Starts and stops the illumination of a specified access point’s LEDs. Syntax flash-all-leds Defines the Known AP index number of the target AP to flash. Starts or stops the flash activity.
CLI Reference admin(stats)> echo Defines the echo test values used to conduct a ping test to an associated Client. Syntax show list set start .. / quit 272 Shows the Mobile Unit Statistics Summary. Defines echo test parameters and result. Determines echo test packet data. Begins echoing the defined station. Goes to parent menu. Goes to root menu. Quits CLI session.
admin(stats.echo)> show Shows Mobile Unit Statistics Summary. Syntax show Shows Mobile Unit Statistics Summary. Example admin(stats.echo)>show ---------------------------------------------------------------------------Idx IP Address MAC Address WLAN Radio T-put ABS Retries ---------------------------------------------------------------------------1 192.168.2.
CLI Reference admin(stats.echo)> list Lists echo test parameters and results. Syntax list Lists echo test parameters and results. Example admin(stats.echo)>list Station Address Number of Pings Packet Length Packet Data (in HEX) : : : : 00A0F8213434 10 10 55 admin(stats.
admin(stats.echo)> set Defines the parameters of the echo test. Syntax set station request length data Altitude 35x0 Access Point Product Reference Guide Defines a Client target MAC address. Sets number of echo packets to transmit (1-539). Determines echo packet length in bytes (1-539). Defines the particular packet data.
CLI Reference admin(stats.echo)> start Initiates the echo test. Syntax start Initiates the echo test. Example admin(stats.echo)>start admin(stats.
admin(stats)> ping Defines the ping test values used to conduct a ping test to an AP with the same ESSID. Syntax ping show list set start .. / quit Shows Known AP Summary details. Defines ping test packet length. Determines ping test packet data. Begins pinging the defined station. Goes to parent menu. Goes to root menu. Quits CLI session.
CLI Reference admin(stats.ping)> show Shows Known AP Summary Details. Syntax show Shows Known AP Summary Details. Example admin(stats.ping)>show ---------------------------------------------------------------------------Idx IP Address MAC Address MUs KBIOS Unit Name ---------------------------------------------------------------------------1 192.168.2.
admin(stats.ping)> list Lists ping test parameters and results. Syntax list Lists ping test parameters and results. Example admin(stats.ping)>list Station Address Number of Pings Packet Length Packet Data (in HEX) : : : : 00A0F8213434 10 10 55 admin(stats.
CLI Reference admin(stats.ping)> set Defines the parameters of the ping test. Syntax set station request length data Defines the AP target MAC address. Sets number of ping packets to transmit (1-539). Determines ping packet length in bytes (1-539). Defines the particular packet data. Example admin(stats.ping)>set admin(stats.ping)>set admin(stats.ping)>set admin(stats.ping)>set station 00A0F843AABB request 10 length 100 data 1 admin(stats.
admin(stats.echo)> start Initiates the ping test. Syntax start Initiates the ping test. Example admin(stats.ping)>start admin(stats.
CLI Reference 282 Altitude 35x0 Access Point Product Reference Guide
4 AP Management From Controller The management of an adopted AP is conducted by the controller, once the AP connects to an Extreme Networks Summit WM3600 or Summit WM3700 wireless LAN controller and receives its configuration. An adopted AP provides: ● local 802.
AP Management From Controller ● Remote Site Survivability (RSS) on page 287 ● Mesh Support on page 287 For an understanding of how support should be configured for the access point and its connected controller, see “How the AP Receives its Configuration” on page 291. For an overview of how to configure both the access point and controller for basic connectivity and operation, see “Establishing Controller Managed AP Connectivity” on page 292.
Auto Discovery using DHCP Extended Global Options 189, 190, 191, 192 can be used or Embedded Option 43 - Vendor Specific options can be embedded in Option 43 using the vendor class identifier.
AP Management From Controller LAN, ensure the LAN subnet is on a secure channel. The AP will connect to the controller and request a configuration. AP WLAN Topology An AP can be deployed in the following WLAN topologies: ● Extended WLANs - Extended WLANs are centralized WLANs created on the controller All wireless client traffics are tunneled to the controller. ● Independent WLANs - Independent WLANs are local to an AP and can be configured from the controller.
Managing an AP’s Controller Failure In the event of a controller failure, an AP's independent WLAN continues to operate without disruption. The AP attempts to connect to other controllers (if available) in background. Extended WLANs are disabled once controller adoption is lost. When a new controller is discovered and a connection is secured, an extended WLAN is resumed automatically. If a new controller is located, the AP synchronizes its configuration with the located controller once adopted.
AP Management From Controller MU associated, it sends the Radius packets on the wired side with its own IP Address as the source IPof the request and the Destination IP Address of the Radius Server. In a local network implementation, the APs, controller and Radius Servers are all on the same LAN and the routing works fine. However, when the AP is adopted over a WAN link, the Radius Server IP Address will be an internal address which is non-routable I over the Internet.
● There are two LAN interfaces on the AP35xx LAN port: LAN1 and LAN2. By default, LAN1 is the primary LAN connection. LAN2 is only used for tunneled traffic. ● An AP can use its LAN1 interface on the LAN port or WAN interface for adoption. The default gateway interface is set to LAN1. If the WAN Interface is used, explicitly configure WAN as the default gateway interface. ● Extreme Networks recommends using the LAN1 interface for adoption in multi-cell deployments.
AP Management From Controller Extended VLAN with Mesh Networking Mesh networking is an extension of the existing wired network. There is no special configuration required, with the exception of setting the mesh and using it within one of the two extended VLAN configurations. NOTE The mesh backhaul WLAN must be an independent WLAN mapped to LAN2. The controller enforces the mesh WLAN be defined as an independent WLAN by automatically setting the WLAN to independent when backhaul is selected.
How the AP Receives its Configuration An AP does not require a separate "local" or "running" configuration. Once adopted, the AP obtains its configuration from the controller. If the AP to controller link fails, it continues to operate using the last valid configuration until its link is re-established and a new configuration is pushed down from the controller. There is no separate file-based configuration stored on the controller.
AP Management From Controller NOTE For additional information (in greater detail) on the AP configuration activities described above, see “AP Configuration” on page 292. Configuring the Controller for AP Adoption The tasks described below are configured on an Extreme Networks wireless LAN controller. To adopt an AP on a controller: 1 Ensure enough licenses are available on the controller to adopt the required number of APs.
Adopting an AP Using a Configuration File To adopt an AP using a configuration file: 4 Define the AP controller connection parameters. 5 Export the AP’s configuration to a secure location. Either import the configuration manually to other APs or the same AP later (if you elect to default its configuration). Use DHCP option 186 and 187 to force a download of the configuration file during startup (when it receives a DHCP offer).
AP Management From Controller 3 Ensure the Adopt unconfigured radios automatically option is NOT selected. When disabled, there is no automatic adoption of non-configured radios on the network. Additionally, default radio settings will NOT be applied to access points when automatically adopted. NOTE For IPSec deployments, refer to “Sample Controller Configuration File for IPSec and Independent WLAN” on page 298 and take note of the CLI commands in red and associated comments in green.
NOTE Additionally, a WLAN can be defined as independent using the "wlan independent" command from the config-wireless context. NOTE Avoid mapping independent or extended WLANs to VLANs on the controller’s ge port.
AP Management From Controller Once an AP is adopted by the controller, it displays within the controller’s Access Point Radios screen (under the Network parent menu item) as an AP3510 or AP3550.
AP Deployment Considerations Before deploying your controller/AP configuration, refer to the following usage caveats to optimize its effectiveness: ● Extended WLANs are mapped to the AP’s LAN2 interface and all independent WLANs are mapped to the AP’s LAN1 Interface. ● If deploying multiple independent WLANs mapped to different VLANs, ensure the AP’s LAN1 interface is connected to a trunk port on the Layer 2/Layer 3 controller and appropriate management and native VLANs are configured.
AP Management From Controller Sample Controller Configuration File for IPSec and Independent WLAN The following constitutes a sample controller configuration file supporting an AP IPSec with Independent WLAN configuration. Please note new AP specific CLI commands in red and relevant comments in blue.
xyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxyxx yxyxyx ! wireless no adopt-unconf-radio enable manual-wlan-mapping enable wlan 1 enable wlan 1 ssid qs5-ccmp wlan 1 vlan 200 wlan 1 encryption-type ccmp wlan 1 dot11i phrase 0 Extreme123 wlan 2 enable wlan 2 ssid qs5-tkip wlan 2 vlan 210 wlan 2 encryption-type tkip wlan 2 dot11i phrase 0 Extreme123 wlan 3 enable wlan 3 ssid qs5-wep128 wlan 3 vlan 220 wlan 3 encryption-type wep128 wlan 4 enable wlan 4 ssid qs5-open wlan 4
AP Management From Controller radio add 4 00-15-70-00-79-12 11a aap3510 radio 4 bss 1 5 radio 4 bss 2 6 radio 4 channel-power indoor 48 4 radio 4 rss enable radio 4 client-bridge bridge-select-mode auto radio 4 client-bridge ssid Mesh radio 4 client-bridge mesh-timeout 0 radio 4 client-bridge enable radio default-11a rss enable radio default-11bg rss enable radio default-11b rss enable no ap-ip default-ap controller-ip ! radius-server local ! To create an IPSEC Transform Set ! crypto ipsec transform-set AAP
controllerport trunk native vlan 1 controllerport trunk allowed vlan none controllerport trunk allowed vlan add 1-9,100,110,120,130,140,150,160,170, controllerport trunk allowed vlan add 180,190,200,210,220,230,240,250, ! ! ! ! interface vlan1 ip address dhcp ! To attach a Crypto Map to a VLAN Interface ! crypto map AAP-CRYPTOMAP ! sole ! ip route 157.235.0.0/16 157.235.92.2 ip route 172.0.0.0/8 157.235.92.2 ! ntp server 10.10.10.
AP Management From Controller 302 Altitude 35x0 Access Point Product Reference Guide
A Country Codes The following list of countries and their country codes is useful when using the access point configuration file, CLI or the MIB to configure the access point: Country Code Country Code Argentina AR Mexico MX Australia AU Montenegro ME Austria AT Morocco MA Bahamas BS Netherlands NL Bahrain BH Netherlands Antilles AN Barbados BB New Zealand NZ Belarus BY Nicaragua NI Bermuda BM Norfolk Island NF Belgium BE Norway NO Bolivia BO Oman OM Botswana B
Country Codes 304 Estonia EE Spain ES Egypt EG Sri Lanka LK Falkland Islands FK Sweden SE Finland FI Switzerland CH France FR Taiwan TW Germany DE Thailand TH Greece GR Trinidad and Tobago TT Guam GU Turkey TR Guatemala GT Ukraine UA Guinea GN UAE AE Haiti HT United Kingdom GB Honduras HN USA US Hong Kong HK Uruguay UY Hungary HU Virgin Islands (British) VG Iceland IS Virgin Islands (US) VI India IN Vietnam VN Indonesia ID Venezuela VE Ir
Altitude 35x0 Access Point Product Reference Guide 305
Country Codes 306 Altitude 35x0 Access Point Product Reference Guide
B Customer Support NOTE Services can be purchased from Extreme Networks or through one of its channel partners. If you are an end-user who has purchased service through an Extreme Networks channel partner, please contact your partner first for support. Extreme Networks Technical Assistance Centers (TAC) provide 24x7x365 worldwide coverage. These centers are the focal point of contact for post-sales technical and network-related questions or issues.
