Motorola Solutions WiNG 5 CLI REFERENCE GUIDE
MOTOROLA SOLUTIONS WING 5 CLI REFERENCE GUIDE 72E-152229-01 Revision B May 2011
iv CLI Reference Guide No part of this publication may be reproduced or used in any form, or by any electrical or mechanical means, without permission in writing from Motorola. This includes electronic or mechanical means, such as photocopying, recording, or information storage and retrieval systems. The material in this manual is subject to change without notice. The software is provided strictly on an “as is” basis. All software, including firmware, furnished to the user is on a licensed basis.
v Revision History Changes to the original guide are listed below: Change Date Description -01 Rev A May 2011 Original WING 5.1 release. -01 Rev B May 2011 Corrected issue with Front Page.
vi CLI Reference Guide
TABLE OF CONTENTS About This Guide 13 Chapter 1, INTRODUCTION - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1-1 1.1 CLI Overview .................................................................................................................................. 1-3 1.2 Getting Context Sensitive Help ....................................................................................................... 1-7 1.3 Using the No Command ....................
2 WiNG 5 System Reference Guide 2.1.16 no ....................................................................................................................................... 2-35 2.1.17 page ................................................................................................................................... 2-36 2.1.18 ping .................................................................................................................................... 2-37 2.1.19 revert ..............
Table of Contents 3 3.1.36 revert .................................................................................................................................. 3-56 3.1.37 rmdir ................................................................................................................................... 3-57 3.1.38 self ..................................................................................................................................... 3-58 3.1.39 service ........................
4 WiNG 5 System Reference Guide 4.1.35 radius-user-pool-policy ....................................................................................................... 4-92 4.1.36 rf-domain ............................................................................................................................ 4-93 4.1.37 rfs4000 ............................................................................................................................... 4-99 4.1.38 rfs6000 ............................
Table of Contents 5 6.1.21 interface ............................................................................................................................. 6-40 6.1.22 ip ........................................................................................................................................ 6-42 6.1.23 ip-access-list-stats ............................................................................................................. 6-47 6.1.24 licenses ...............................
6 WiNG 5 System Reference Guide 7.1.19 nat-pool ............................................................................................................................. 7-51 7.1.20 interface ............................................................................................................................. 7-54 7.1.21 Interface Config Instance ................................................................................................... 7-56 7.1.22 Interface vlan Instance ..............
Table of Contents 7 Chapter 8, - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - AAA-POLICY 8-1 8.1 aaa-policy ....................................................................................................................................... 8-2 8.1.1 accounting .............................................................................................................................. 8-3 8.1.2 authentication ............................
8 WiNG 5 System Reference Guide 12.1.5 clrscr ................................................................................................................................ 12-18 12.1.6 commit ............................................................................................................................. 12-19 12.1.7 end ................................................................................................................................... 12-20 12.1.8 exit ......................
Table of Contents 9 15.1.5 no ....................................................................................................................................... 15-7 Chapter 16, MINT-POLICY - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 16-1 16.1 mint-policy ................................................................................................................................... 16-2 16.1.1 level .....................................
10 WiNG 5 System Reference Guide Chapter 19, RADIO-QOS-POLICY - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 19-1 19.1 radio-qos-policy .......................................................................................................................... 19-2 19.1.1 accelerated-multicast ......................................................................................................... 19-3 19.1.2 admission-control ................................
Table of Contents 11 23.1.8 voice-prioritization ........................................................................................................... 23-12 23.1.9 wmm ................................................................................................................................ 23-13 Chapter 24, INTERFACE-RADIO COMMANDS - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 24-1 24.1 interface-radio Instance .....................................................
12 WiNG 5 System Reference Guide 25.1.12 ICMP Destination log .................................................................................................... 25-16 25.1.13 ICMP Packet log ............................................................................................................ 25-17 25.1.14 SSH connection log ....................................................................................................... 25-18 25.1.15 Allowed/Dropped Packets Log .............................
About This Guide This guide provides information on using the following Motorola wireless controllers: • RFS7000 • RFS6000 • RFS4000 • AP7131 • AP650 • AP6511 • AP6532 This document is organized into the following sections: • Document Set • Document Convention • Notational Conventions
14 WiNG CLI Reference Guide Document Set The documentation set for the Motorola RF Series Controllers is partitioned into the following guides to provide information for specific user deployment requirements.
About This Guide Document Convention The following conventions are used in this document to draw your attention to important information: NOTE: Indicates tips or special requirements. ! CAUTION: Indicates conditions that can cause equipment damage or data loss. WARNING! Indicates a condition or procedure that could result in personal injury or equipment damage. Switch Note: Indicates caveats unique to a RFS7000, RFS6000 or RFS4000 model controller.
16 WiNG CLI Reference Guide Notational Conventions The following notational conventions are used in this document: • Italics are used to highlight specific items in the general text, and to identify chapters and sections in this and related documents • Bullets (•) indicate: • lists of alternatives • lists of required steps that are not necessarily sequential • action items • Sequential lists (those describing step-by-step procedures) appear as numbered lists Understanding Command Syntax Variab
About This Guide [] Of the different keywords and variables listed inside a ‘[‘ & ‘]’ pair, only one can be used. Each choice in the list is separated with a ‘|’ (pipe) symbol. For example, the command rfs7000-37FABE# clear ...
18 WiNG CLI Reference Guide command / keyword The first word is always a command. Keywords are words that must be entered as is. Commands and keywords are mandatory. For example, the command, rfs7000-37FABE>show wireless is documented as show wireless where: • show – The command • wireless – The keyword () Any command/keyword/variable or a combination of them inside a ‘(‘ & ‘)’ pair are recursive.
About This Guide 19 Motorola Enterprise Mobility Support Center If you have a problem with your equipment, contact Enterprise Mobility Support for your region. Contact information is available by visiting http://www.motorola.com/customersupport and after selecting your region, click on the appropriate link under Support for Business.
20 WiNG CLI Reference Guide Motorola, Inc. End-User License Agreement BY DOWNLOADING, INSTALLING, OR USING THE SOFTWARE DESCRIBED IN THIS DOCUMENT, YOU OR THE ENTITY OR COMPANY THAT YOU REPRESENT ("LICENSEE") ARE UNCONDITIONALLY CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THIS LICENSE AGREEMENT ("AGREEMENT"). LICENSEE'S USE OR CONTINUED USE OF THE DOWNLOADED OR INSTALLED MATERIALS SHALL ALSO CONSTITUTE ASSENT TO THE TERMS OF THIS AGREEMENT.
About This Guide 5. 6. 7. 8. 21 Licensor may use such information for its business purposes, including for product support and development. Licensor will not utilize such technical information in a form that personally identifies Licensee. TERMINATION. Either party may terminate this Agreement at any time, with or without cause, upon written notice. Any termination of this Agreement shall also terminate the licenses granted hereunder.
22 WiNG CLI Reference Guide 9. INDEMNITY. Licensee agrees that Licensor shall have no liability whatsoever for any use Licensee makes of the Software. Licensee shall indemnify and hold harmless Licensor from any claims, damages, liabilities, costs and fees (including reasonable attorney fees) arising from Licensee's use of the Software as well as from Licensee's failure to comply with any term of this Agreement. 10. FAULT TOLERANCE.
CHAPTER 1 INTRODUCTION This chapter describes the commands available using the controller Command Line Interface (CLI) on a Motorola Solutions device. CLI is available for all supported devices, controllers as well as Access Points (APs). Access the CLI by: • A terminal emulation program running on a computer connected to the serial port on the controller. The serial port is located on the front of the controller. • A Telnet session through Secure Shell (SSH) over a network.
1-2 WiNG CLI Reference Guide Examples in this reference guide Examples used in this reference guide are generic to the each supported controller model and AP. Commands that are not common, are identified using the notation “Supported in the following platforms.” For an example, see below: Supported in the following platforms: • RFS6000 The above example indicates the command is only available on a RFS6000 model controller.
INTRODUCTION 1-3 1.1 CLI Overview The CLI is used for configuring, monitoring, and maintaining the controller managed network. The user interface allows you to execute commands on supported controllers and AP models, using either a serial console or a remote access method. This chapter describes basic CLI features. Topics covered include an introduction to command modes, navigation and editing features, help features and command history. The CLI is segregated into different command modes.
1-4 WiNG CLI Reference Guide Access the GLOBAL CONFIG mode from the PRIV EXEC mode. In the GLOBAL CONFIG mode, enter commands that set general system characteristics. Configuration modes, allow you to change the running configuration. If you save the configuration later, these commands are stored across controller reboots. Access a variety of protocol specific (or feature-specific) modes from the global configuration mode.
INTRODUCTION Table 1.
1-6 WiNG CLI Reference Guide Table 1.
INTRODUCTION 1-7 1.2 Getting Context Sensitive Help Enter a question mark (?) at the system prompt to display a list of commands available for each mode. Obtain a list of arguments and keywords for any command using the CLI context-sensitive help.
1-8 WiNG CLI Reference Guide locator Enable leds flashing on the device pktcap Start packet capture radio Radio parameters show Show running system information smart-rf Smart-RF Management Commands traceroute Trace route to destination wireless Wireless commands rfs7000-37FABE>service It’s possible to abbreviate commands and keywords to allow a unique abbreviation. For example, “configure terminal” can be abbreviated as config t.
INTRODUCTION 1-9 1.3 Using the No Command Almost every command has a no form. Use no to disable a feature or function or return it to its default value. Use the command without the no keyword to re-enable a disabled feature. 1.3.1 Basic Conventions Keep the following conventions in mind while working within the controller CLI: • Use ? at the end of a command to display available sub-modes. Type the first few characters of the sub-mode and press the tab key to add the sub-mode.
1 - 10 WiNG CLI Reference Guide 1.4 Using CLI Editing Features and Shortcuts A variety of shortcuts and edit features are available.
INTRODUCTION 1 - 11 1.4.1 Moving the Cursor on the Command Line Table 1.2 on page 1-11 Shows the key combinations or sequences to move the command line cursor. Ctrl defines the control key, which must be pressed simultaneously with its associated letter key. Esc means the escape key (which must be pressed first), followed by its associated letter key. Keys are not case sensitive. Specific letters are used to provide an easy way of remembering their functions. In Table 1.
1 - 12 WiNG CLI Reference Guide 1.4.2 Completing a Partial Command Name If you cannot remember a command name (or if you want to reduce the amount of typing you have to perform), enter the first few letters of a command, then press the Tab key. The command line parser completes the command if the string entered is unique to the command mode. If your keyboard does not have a Tab key, press Ctrl-L. The CLI recognizes a command once you have entered enough characters to make the command unique.
INTRODUCTION 1 - 13 rfs7000-37FABE(config-profile-default-ap7131)#show context 1.4.5 Change the default profile by creating vlan 150 and mapping to ge3 Physical interface Logon to the controller in config mode and follow the procedure below: rfs7000-37FABE(config-profile-default-rfs7000)# interface vlan 150 rfs7000-37FABE(config-profile-default-rfs7000-if-vlan150)# ip address 192.168.150.
1 - 14 WiNG CLI Reference Guide 5. Connect to the wireless controller through telnet using its configured IP address. Use the following credentials when logging on to the device for the first time. User Name admin Password motorola When logging into the controller for the first time, you are prompted to change the password. To change user credentials, perform the following: 1.
INTRODUCTION 1 - 15 rfs7000-37FABE# configure Enter configuration commands, one per line. End with CNTL/Z. rfs7000-37FABE> en rfs7000-37FABE# configure Enter configuration commands, one per line. End with CNTL/Z. 2. Go to ‘default-management-policy’ mode. rfs7000-37FABE(config)# management-policy default rfs7000-37FABE(config-management-policy-default)# 3. Enter SSH at the command prompt. rfs7000-37FABE(config-management-policy-default)# ssh 4.
1 - 16 WiNG CLI Reference Guide
CHAPTER 2 USER EXEC MODE COMMANDS Logging in to the controller places you within the USER EXEC command mode. Typically, a login requires a user name and password. You have three login attempts before the connection attempt is refused. USER EXEC commands (available at the user level) are a subset of the commands available at the privileged level. In general, USER EXEC commands allow you to connect to remote devices, perform basic tests and list system information.
2-2 WiNG CLI Reference Guide 2.1 User Exec Commands Table 2.1 Summarizes User Exec Mode Commands Table 2.
USER EXEC MODE COMMANDS Table 2.
2-4 WiNG CLI Reference Guide 2.1.
USER EXEC MODE COMMANDS Parameters [|all|ap650 |ap71xx|ap6511|ap6532|] [ cancel-upgrade|load-image| rf-domain] • all {no-reboot|reboot-time
2-6 WiNG CLI Reference Guide -------------------------------------------------------------------------CONTROLLER STATUS MESSAGE -------------------------------------------------------------------------00-15-70-37-FA-BE Success Queued 0 APs to upgrade -------------------------------------------------------------------------------rfs7000-37FABE#
USER EXEC MODE COMMANDS 2.1.2 change-passwd User Exec Commands Changes the password of the logged in user Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax change-passwd { } Parameters { } Optional. The passwords can also be changed interactively. To do so, press Enter after the change-passwd command.
2-8 WiNG CLI Reference Guide 2.1.3 clear User Exec Commands Clears parameters, cache entries, table entries, and other similar entries. The clear command is only available for specific commands. The information cleared using this command varies depending on the mode where the clear command is executed.
USER EXEC MODE COMMANDS Parameters arp-cache {on } Clears ARP cache entries. • on – Optional. Clears the arp cache on a selected AP or Controller • – An AP or a Controller name [cdp|lldp] neighbors {on } Clears Cisco Discovery Protocol (CDP) or Link Layer Discovery Protocol (LLDP) neighbor table entries • neighbors – Clears CDP neighbor table • on – Optional.
2 - 10 WiNG CLI Reference Guide rfs7000-37FABE> rfs7000-37FABE>clear event-history rfs7000-37FABE> rfs7000-37FABE>clear spanning-tree detected-protocols interface port-channel 1 on rfs7000-37FABE rfs7000-37FABE> rfs7000-37FABE>clear ip dhcp bindings 172.16.10.
USER EXEC MODE COMMANDS 2 - 11 2.1.
2 - 12 WiNG CLI Reference Guide 2.1.
USER EXEC MODE COMMANDS 2 - 13 2.1.6 cluster User Exec Commands Use this command to initiate the cluster context. The cluster context provides centralized management to configure all the cluster members from any one member. Commands executed under this context are executed on all members of the cluster.
2 - 14 WiNG CLI Reference Guide 2.1.
USER EXEC MODE COMMANDS 2 - 15 2.1.8 connect User Exec Commands Begins a console connection to a remote device using the remote device’s MINT ID or its device name. Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax connect [mint-id |] Parameters mint-id Connects to the remote system using MINT ID. • – The MINT Id of the remote device.
2 - 16 WiNG CLI Reference Guide 2.1.
USER EXEC MODE COMMANDS 2 - 17 crypto pki generate self-assigned [generate-rsa-key|use-rsa-key] autogen-subject-name email {fqdn |ip-address |on } crypto pki generate self-assigned [generate-rsa-key|use-rsa-key] autogen-subject-name fqdn {email |ip-address |on } crypto pki generate self-assigned [generate-rsa-key|use-rsa-key] autogen-subject-name ip-address
2 - 18 WiNG CLI Reference Guide key generate • generate rsa <1024-2048> {on } – Generates a keypair • rsa – Enter the name of a RSA keypair to generate • <1024-2048> – Enter the size of the RSA key in bits from 10242048 • on – On an AP or a Controller • – On AP/Controller name key import • import rsa {background {on }|on }|passphrase} – Performs an import operation • rsa
USER EXEC MODE COMMANDS 2 - 19 pki authenticate – Authenticates and imports ca certificate name> {background} • (background|on} – Enter the location of ca certificate to {on } authenticate tftp://[:port]/path/file ftp://:@[:port]/path/file sftp://@[:port]>/path/file http://[:port]/path/file cf:/path/file usb1:/path/file usb2:/path/file • {background} {on
2 - 20 WiNG CLI Reference Guide • subject-name {email |fqdn |ip-address |on – Enter the subject name to identify the certificate • – Enter the common name to be used with the ca certificate • – Enter the deployment country (2 character ISO code) • – Enter the state (2 to 64 characters) • – Enter the city (2 to 64 characters) • – Enter the o
USER EXEC MODE COMMANDS 2 - 21 • generate self-assigned [generate-rsa-key|usegenerate self-signed rsa-key] [autogen-subject-name|subject-name] – Generates Operation [generate-rsa-key|use-rsa• self-assigned – Generates a self-signed certificate (and trustpoint key] with it) • [generate-rsa-key|use-rsa-key] – Enter the trustpoint name • generate-rsa-key – Generates a new RSA key-pair • use-rsa-key – Uses a generated R
2 - 22 WiNG CLI Reference Guide import [certificate|crl|trustpoint] Imports certificates, certificate revocation list or a trustpoint to the selected device.
USER EXEC MODE COMMANDS 2 - 23 • trustpoint URL {background {on }|on |passphrase {background {on }|on } – Imports a trustpoint, includes CA certificate, server certificate and private key • – Enter the name of the trustpoint name • URL (background|on} – Enter the location to import trustpoint from URLs: tftp://[:port]/path/file ftp://:@[:port]/path/file sftp://@[:po
2 - 24 WiNG CLI Reference Guide Example rfs7000-37FABE>crypto key generate rsa key 1025 RSA Keypair successfully generated rfs7000-37FABE> rfs7000-37FABE>crypto key import rsa moto123 url passphrase word background on rfs7000-37FABE RSA key import operation is started in background rfs7000-37FABE> rfs7000-37FABE>crypto pki generate self-signed word generate-rsa-key word autogensubject-name fqdn word Successfully generated self-signed certificate rfs7000-37FABE> rfs7000-37FABE#crypto pki zeroize trustpoint
USER EXEC MODE COMMANDS 2 - 25 2.1.10 disable User Exec Commands Turns off (disables) the privileged mode command set. This command is not applicable to the User Executable mode.
2 - 26 WiNG CLI Reference Guide 2.1.11 enable User Exec Commands Turns on (enables) the privileged mode command set. This command is not applicable in the Privilege Executable mode.
USER EXEC MODE COMMANDS 2 - 27 2.1.12 exit User Exec Commands Ends the current CLI session and closes the session window.
2 - 28 WiNG CLI Reference Guide 2.1.13 help User Exec Commands Describes the interactive help system. Use this command to access the advanced help feature. Use “?” anytime at the command prompt to access the help topic. Two kinds of help are provided: • Full help is available when ready to enter a command argument • Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input (for example 'show ve?').
USER EXEC MODE COMMANDS 2 - 29 Example rfs7000-37FABE>help search crypto detailed Found 29 references for "crypto" Mode : User Exec Command : show crypto key rsa (|public-key-detail) (|(on DEVICE-OR-DOMAIN-NAME)) \ Show running system information \ Encryption related commands \ Key management operations \ Show RSA public Keys \ Show the public key in PEM format \ On AP/Controller or RF-Domain \ AP / Controller / RF-Domain name : show crypto pki trustpoints (WORD|all|)(|(on DEVICE-OR-DOMAIN-NAME)) \ Show r
2 - 30 WiNG CLI Reference Guide ## PROFILE ## ---+ | +--> Physical interface (interface GE,ME,UP etc) | | | +--> [[ RATE-LIMIT-TRUST-POLICY ]] | +--> Vlan interface (interface VLAN1/VLAN36 etc) | +--> Radio interface (interface RADIO1, RADIO2 etc) | | | +--> Radio specific Configuration | | | +--> [[ RADIO-QOS-POLICY ]] | | | +--> [[ ASSOC-ACL-POLICY ]] | | | +--> [[ WLAN ]] | +--> [[ MANAGEMENT-POLICY ]] | +--> [[ DHCP-SERVER-POLICY ]] | +--> [[ FIREWALL-POLICY ]] | +--> [[ NAT-POLICY ]] .................
USER EXEC MODE COMMANDS 2 - 31 association|probe-response-flood|dos-cts-flood|dos-eapol-logoff-storm|unauthorizedbridge) : service start-shell : service pktcap on(bridge|drop|deny|router|wireless|vpn|radio (all|<1-3>) (|promiscuous)|rim|interface `WORD|ge <1-4>|me1|pc <1-4>|vlan <1-4094>')(|{direction (any|inbound|outbound)|acl-name WORD|verbose|hex|count <1-1000000>|snap <12048>|write (FILE|URL|tzsp WORD)|tcpdump})(|filter LINE) Mode : Profile Mode Command : service watchdog Mode : Radio Mode Command : se
2 - 32 WiNG CLI Reference Guide 2.1.14 logging User Exec Commands Modifies message logging facilities.
USER EXEC MODE COMMANDS 2 - 33 2.1.
2 - 34 WiNG CLI Reference Guide Response Response Response Response Response Response Response Response Response Response Response from from from from from from from from from from from 70.37.FA.BF: 70.37.FA.BF: 70.37.FA.BF: 70.37.FA.BF: 70.37.FA.BF: 70.37.FA.BF: 70.37.FA.BF: 70.37.FA.BF: 70.37.FA.BF: 70.37.FA.BF: 70.37.FA.BF: id=10 id=11 id=12 id=13 id=14 id=15 id=16 id=17 id=18 id=19 id=20 time=0.153 time=0.159 time=0.173 time=0.156 time=0.209 time=0.147 time=0.203 time=0.148 time=0.169 time=0.
USER EXEC MODE COMMANDS 2 - 35 2.1.16 no User Exec Commands Use the no command to revert a command or to set parameters to their default values. This command is useful if you would like to turn off an enabled feature or set default values for a parameter NOTE: The commands have their own set of parameters that can be reset.
2 - 36 WiNG CLI Reference Guide 2.1.17 page User Exec Commands Use the command to toggle the Controller paging function. Enabling this command displays the CLI command output page by page, instead of running the entire output at once.
USER EXEC MODE COMMANDS 2 - 37 2.1.18 ping User Exec Commands Sends ICMP echo messages to a user-specified location Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax ping {[|]} Parameters ping {[|]} Pings the specified destination IP address or hostname. When entered without any parameters, this command prompts for an IP/Host-name to ping. Example rfs7000-37FABE>ping 172.16.10.3 PING 172.16.10.3 (172.16.10.
2 - 38 WiNG CLI Reference Guide 2.1.
USER EXEC MODE COMMANDS 2 - 39 2.1.20 service User Exec Commands The service command performs different functions depending on the parameter passed to it. Generally, this command is used to directly interact with the device to force an action to be performed NOTE: Service commands have their own set of parameters that can be used. Please refer to the Chapter 5, service for a list of parameters used with this command.
2 - 40 WiNG CLI Reference Guide 2.1.21 show User Exec Commands Displays the settings for the specified system component. There are a number of ways to invoke the show command: • When invoked without any arguments, it displays information about the current context. If the current context contains instances, the show command (usually) displays a list of these instances • When invoked with the display_parameter, it displays information about that component.
USER EXEC MODE COMMANDS 2 - 41 role running-config session-changes session-config sessions smart-rf spanning-tree startup-config terminal timezone version wireless rfs7000-37FABE> Role based firewall Current operating configuration Configuration changes made in this session This session configuration Display CLI sessions Smart-RF Management Commands Display spanning tree information Startup configuration Display terminal configuration parameters The timezone Display software & hardware version Wireless co
2 - 42 WiNG CLI Reference Guide 2.1.22 telnet User Exec Commands Opens a telnet session Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax telnet {port} Parameters {port} Defines an IP address or hostname of a remote system • port – Enter the TCP port number Example rfs7000-37FABE>telnet 172.16.10.1 Entering character mode Escape character is '^]'. RFS7000 release 5.0.0.
USER EXEC MODE COMMANDS 2 - 43 2.1.
2 - 44 WiNG CLI Reference Guide 2.1.24 time-it User Exec Commands Verifies the time taken by a particular command between request and response Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax time-it Parameters Verifies the time taken by a particular command between request and response • – Specify the command to view the response Example rfs7000-37FABE>time-it enable That took 0.00 seconds..
USER EXEC MODE COMMANDS 2 - 45 2.1.25 traceroute User Exec Commands Traces the route to a defined destination. Use the ‘--help’ or ‘-h’ built in to see a complete list of parameters for the traceroute command. Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax traceroute Parameters Traces the route to a destination IP address or a hostname Example rfs7000-37AFBE>traceroute --help BusyBox v1.14.
2 - 46 WiNG CLI Reference Guide 2.1.26 watch User Exec Commands Repeats the specific CLI command at a periodic interval Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax watch <1-3600> Parameters <1-3600> Repeats the specified CLI command in the given time intervals.
USER EXEC MODE COMMANDS 2 - 47 2.1.27 write User Exec Commands Writes the system running configuration to memory or terminal Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax write Parameters memory Writes to the NV memory terminal Writes to terminal Example rfs7000-37FABE>write memory [OK] rfs7000-37FABE> rfs7000-37FABE>write terminal ! ! Configuration of RFS7000 version 5.0.0.0-061D ! ! version 2.
2 - 48 WiNG CLI Reference Guide
CHAPTER 3 PRIVILEGED EXEC MODE COMMANDS Most PRIV EXEC commands set operating parameters. Privileged-level access should be password protected to prevent unauthorized use. The PRIV EXEC command set includes commands contained within the USER EXEC mode. The PRIV EXEC mode also provides access to configuration modes, and includes advanced testing commands. The PRIV EXEC mode prompt consists of the host name of the device followed by a pound sign (#).
3-2 WiNG CLI Reference Guide help logging mint mkdir more no page ping pwd reload remote-debug rename revert rmdir self service show telnet terminal time-it traceroute upgrade upgrade-abort watch write Description of the interactive help system Modify message logging facilities MiNT protocol Create a directory Display the contents of a file Negate a command or set its defaults Toggle paging Send ICMP echo messages Display current directory Halt and perform a warm reboot Troubleshoot remote system(s) Rena
PRIVILEGED EXEC MODE COMMANDS 3.1 Privileged Exec Mode Commands Table 3.1 Summarizes the PRIV EXEC commands:. Table 3.
3-4 WiNG CLI Reference Guide Table 3.1 Privileged Exec Commands Command Description Reference more Displays the contents of a file page 3-49 no Reverts a command or sets values to their default settings page 3-50 page Toggles the Controller paging function.
PRIVILEGED EXEC MODE COMMANDS 3.1.
3-6 WiNG CLI Reference Guide Parameters [|all|ap650 |ap71xx|ap6511|ap6532|] [ cancel-upgrade|load-image| rf-domain] • all {no-reboot|reboot-time
PRIVILEGED EXEC MODE COMMANDS -------------------------------------------------------------------------CONTROLLER STATUS MESSAGE -------------------------------------------------------------------------00-15-70-37-FA-BE Success Queued 0 APs to upgrade -------------------------------------------------------------------------------rfs7000-37FABE# 3-7
3-8 WiNG CLI Reference Guide 3.1.
PRIVILEGED EXEC MODE COMMANDS 3.1.
3 - 10 WiNG CLI Reference Guide 3.1.4 cd Privileged Exec Mode Commands Changes the current directory Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax cd {
} Parameters Changes the current directory to DIR. This parameter is optional. When this parameter is not provided, the current directory name is displayed.PRIVILEGED EXEC MODE COMMANDS 3 - 11 3.1.5 change-passwd Privileged Exec Mode Commands Changes the password of the logged in user Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax change-passwd { } Parameters { } Optional. The passwords can also be changed interactively. To do so, press Enter after the change-passwd command.
3 - 12 WiNG CLI Reference Guide 3.1.6 clear Privileged Exec Mode Commands Clears parameters, cache entries, table entries, and other similar entries. The clear command is only available for specific commands. The information cleared using this command varies depending on the mode where the clear command is executed.
PRIVILEGED EXEC MODE COMMANDS 3 - 13 Parameters arp-cache {on } Clears ARP cache entries. • on – Optional. Clears the arp cache on a selected AP or Controller • – An AP or a Controller name [cdp|lldp] neighbors {on } Clears Cisco Discovery Protocol (CDP) or Link Layer Discovery Protocol (LLDP) neighbor table entries • neighbors – Clears CDP neighbor table • on – Optional.
3 - 14 WiNG CLI Reference Guide ip dhcp bindings [|all] {on } Clears the DHCP address bindings. • on – Optional.
PRIVILEGED EXEC MODE COMMANDS 3 - 15 3.1.
3 - 16 WiNG CLI Reference Guide 3.1.
PRIVILEGED EXEC MODE COMMANDS 3 - 17 3.1.9 cluster Privileged Exec Mode Commands Use this command to initiate the cluster context. The cluster context provides centralized management to configure all the cluster members from any one member. Any commands executed under this context are executed on all members of the cluster.
3 - 18 WiNG CLI Reference Guide 3.1.10 configure Privileged Exec Mode Commands Enters the configuration mode Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax configure {self|terminal} Parameters self Enables configuration from the terminal terminal Enables the configuration mode of the current device Example rfs7000-37FABE#configure self Enter configuration commands, one per line. End with CNTL/Z.
PRIVILEGED EXEC MODE COMMANDS 3 - 19 3.1.
3 - 20 WiNG CLI Reference Guide 3.1.12 connect Privileged Exec Mode Commands Begins a console connection to a remote device using the remote device’s MINT ID or its device name. Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax connect [mint-id |] Parameters mint-id Connects to the remote system using MINT ID. • – The MINT ID of the remote device.
PRIVILEGED EXEC MODE COMMANDS 3 - 21 3.1.13 copy Privileged Exec Mode Commands Copies file (config,log,txt ...etc) from any location to the controller and vice-versa NOTE: Copying a new config file onto an existing running-config file merges it with the existing running-config on the controller. Both the existing running-config and the new config file are applied as the current running-config.
3 - 22 WiNG CLI Reference Guide 3.1.
PRIVILEGED EXEC MODE COMMANDS 3 - 23 crypto pki generate self-assigned [generate-rsa-key|use-rsa-key] autogen-subject-name email {fqdn |ip-address |on } crypto pki generate self-assigned [generate-rsa-key|use-rsa-key] autogen-subject-name fqdn {email |ip-address
3 - 24 WiNG CLI Reference Guide key generate • generate rsa <1024-2048> {on } – Generates a keypair • rsa – Enter the name of a RSA keypair to generate • <1024-2048> – Enter the size of the RSA key in bits from 10242048 • on – On an AP or a Controller • – On AP/Controller name key import • import rsa {background {on }|on }|passphrase} – Performs an import operation • rsa
PRIVILEGED EXEC MODE COMMANDS 3 - 25 pki authenticate – Authenticates and imports ca certificate name> {background} • (background|on} – Enter the location of ca certificate to {on } authenticate tftp://[:port]/path/file ftp://:@[:port]/path/file sftp://@[:port]>/path/file http://[:port]/path/file cf:/path/file usb1:/path/file usb2:/path/file • {background} {on
3 - 26 WiNG CLI Reference Guide • subject-name {email |fqdn |ip-address |on – Enter the subject name to identify the certificate • – Enter the common name to be used with the ca certificate • – Enter the deployment country (2 character ISO code) • – Enter the state (2 to 64 characters) • – Enter the city (2 to 64 characters) • – Enter the o
PRIVILEGED EXEC MODE COMMANDS 3 - 27 • generate self-assigned [generate-rsa-key|usegenerate self-signed rsa-key] [autogen-subject-name|subject-name] – Generates Operation [generate-rsa-key|use-rsa• self-assigned – Generates a self-signed certificate (and trustpoint key] with it) • [generate-rsa-key|use-rsa-key] – Enter the trustpoint name • generate-rsa-key – Generates a new RSA key-pair • use-rsa-key – Uses a gener
3 - 28 WiNG CLI Reference Guide import [certificate|crl|trustpoint] Imports certificates, certificate revocation list or a trustpoint to the selected device.
PRIVILEGED EXEC MODE COMMANDS 3 - 29 • trustpoint URL {background {on }|on |passphrase {background {on }|on } – Imports a trustpoint, includes CA certificate, server certificate and private key • – Enter the name of the trustpoint name • URL (background|on} – Enter the location to import trustpoint from URLs: tftp://[:port]/path/file ftp://:@[:port]/path/file sftp://@
3 - 30 WiNG CLI Reference Guide Example rfs7000-37FABE>crypto key generate rsa key 1025 RSA Keypair successfully generated rfs7000-37FABE> rfs7000-37FABE>crypto key import rsa moto123 url passphrase word background on rfs7000-37FABE RSA key import operation is started in background rfs7000-37FABE> rfs7000-37FABE>crypto pki generate self-signed word generate-rsa-key word autogensubject-name fqdn word Successfully generated self-signed certificate rfs7000-37FABE> rfs7000-37FABE#crypto pki zeroize trustpoint
PRIVILEGED EXEC MODE COMMANDS 3 - 31 3.1.15 delete Privileged Exec Mode Commands Deletes a specified file from the system Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax delete [/force |/recursive |] Parameters /force Forces deletion without a prompt /recursive Performs a recursive delete Specifies the filename(s) to delete Example rfs7000-37FABE#delete flash:/out.tar flash:/out.tar.gz Delete flash:/out.
3 - 32 WiNG CLI Reference Guide 3.1.16 disable Privileged Exec Commands Turns off (disables) the privileged mode command set. This command is not applicable to the User Executable mode.
PRIVILEGED EXEC MODE COMMANDS 3 - 33 3.1.17 diff Privileged Exec Mode Commands Displays the differences between 2 files Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax diff [|] [|] Parameters FILE The first is the source file for the diff. The second is the file to compare. URL The first is the source URL for the diff. The second is the url to compare.
3 - 34 WiNG CLI Reference Guide 3.1.18 dir Privileged Exec Mode Commands Use this command to view the list of files on a filesystem Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax dir {[/all|/recursive|
|all-filesystems]} Parameters /all Lists all files /recursive Lists files recursively Lists files in the named file path all-filesystems Lists the files on all filesystems Example rfs7000-37FABE# dir Directory of flash:/.PRIVILEGED EXEC MODE COMMANDS 3 - 35 3.1.19 edit Privileged Exec Mode Commands Edits a text file Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax edit Parameters Name of the file to be modified Example rfs7000-37FABE#edit startup-config GNU nano 1.2.4 File: startup-config ! ! Configuration of RFS7000 version 5.1.0.0-061D ! ! version 2.
3 - 36 WiNG CLI Reference Guide 3.1.20 enable Privileged Exec Mode Commands Turns on (enables) the privileged mode command set. This command is not applicable in the Privilege Executable mode.
PRIVILEGED EXEC MODE COMMANDS 3 - 37 3.1.
3 - 38 WiNG CLI Reference Guide 3.1.22 exit Privileged Exec Mode Commands Ends the current CLI session and closes the session window.
PRIVILEGED EXEC MODE COMMANDS 3 - 39 3.1.23 format Privileged Exec Mode Commands Formats file system Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax format cf: Parameters cf: Formats compact flash Example rfs7000-37FABE#format cf: Warning: This will destroy the contents of compact flash.
3 - 40 WiNG CLI Reference Guide 3.1.
PRIVILEGED EXEC MODE COMMANDS 3 - 41 3.1.25 help Privileged Exec Mode Commands Describes the interactive help system. Use this command to access the advanced help feature. Use “?” anytime at the command prompt to access the help topic. Two kinds of help are provided: • Full help is available when ready to enter a command argument • Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input (for example 'show ve?').
3 - 42 WiNG CLI Reference Guide Example rfs7000-37FABE#help search crypto detailed Found 29 references for "crypto" Mode : Priv Exec Command : show crypto key rsa (|public-key-detail) (|(on DEVICE-OR-DOMAIN-NAME)) \ Show running system information \ Encryption related commands \ Key management operations \ Show RSA public Keys \ Show the public key in PEM format \ On AP/Controller or RF-Domain \ AP / Controller / RF-Domain name : show crypto pki trustpoints (WORD|all|)(|(on DEVICE-OR-DOMAIN-NAME)) \ Show
PRIVILEGED EXEC MODE COMMANDS 3 - 43 ## PROFILE ## ---+ | +--> Physical interface (interface GE,ME,UP etc) | | | +--> [[ RATE-LIMIT-TRUST-POLICY ]] | +--> Vlan interface (interface VLAN1/VLAN36 etc) | +--> Radio interface (interface RADIO1, RADIO2 etc) | | | +--> Radio specific Configuration | | | +--> [[ RADIO-QOS-POLICY ]] | | | +--> [[ ASSOC-ACL-POLICY ]] | | | +--> [[ WLAN ]] | +--> [[ MANAGEMENT-POLICY ]] | +--> [[ DHCP-SERVER-POLICY ]] | +--> [[ FIREWALL-POLICY ]] | +--> [[ NAT-POLICY ]] ............
3 - 44 WiNG CLI Reference Guide (any|inbound|outbound)|acl-name WORD|verbose|hex|count <1-1000000>|snap <12048>|write (FILE|URL|tzsp WORD)|tcpdump})(|filter LINE) Mode : Profile Mode Command : service watchdog Mode : Radio Mode Command : service antenna-type (default|dualband|omni|yagi|embedded|panel|patch|sector|out-omni|in-patch|ap650-int) : service disable-erp : service disable-ht-protection : service recalibration-interval <0-65535> ......................................................................
PRIVILEGED EXEC MODE COMMANDS 3 - 45 3.1.26 logging Privileged Exec Mode Commands Modifies message logging facilities.
3 - 46 WiNG CLI Reference Guide 3.1.
PRIVILEGED EXEC MODE COMMANDS 3 - 47 3.1.
3 - 48 WiNG CLI Reference Guide Response Response Response Response Response Response Response Response Response Response Response from from from from from from from from from from from 70.37.FA.BF: 70.37.FA.BF: 70.37.FA.BF: 70.37.FA.BF: 70.37.FA.BF: 70.37.FA.BF: 70.37.FA.BF: 70.37.FA.BF: 70.37.FA.BF: 70.37.FA.BF: 70.37.FA.BF: id=10 id=11 id=12 id=13 id=14 id=15 id=16 id=17 id=18 id=19 id=20 time=0.153 time=0.159 time=0.173 time=0.156 time=0.209 time=0.147 time=0.203 time=0.148 time=0.169 time=0.
PRIVILEGED EXEC MODE COMMANDS 3 - 49 3.1.29 more Privileged Exec Mode Commands Displays the contents of a file Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax more Parameters Displays the contents of the file Example rfs7000-37FABE#more flash:/log/messages.log May 03 11:45:05 2010: %PM-6-PROCSTART: Starting process "/usr/sbin/dpd2" May 03 11:45:14 2010: %KERN-6-INFO: 0| ioctl.
3 - 50 WiNG CLI Reference Guide 3.1.30 no Privileged Exec Mode Commands Use the no command to revert a command or to set parameters to their default values. This command is useful if you would like to turn off an enabled feature or set default values for a parameter NOTE: The commands have their own set of parameters that can be reset.
PRIVILEGED EXEC MODE COMMANDS 3 - 51 3.1.31 page Privileged Exec Mode Commands Use the command to toggle the Controller paging function. Enabling this command displays the CLI command output page by page, instead of running the entire output at once.
3 - 52 WiNG CLI Reference Guide 3.1.32 ping Privileged Exec Mode Commands Sends ICMP echo messages to a user-specified location Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax ping {[|]} Parameters ping {[|]} Pings the specified destination IP address or hostname. When entered without any parameters, this command prompts for an IP/Host-name to ping. Example rfs7000-37FABE#ping 172.16.10.3 PING 172.16.10.3 (172.
PRIVILEGED EXEC MODE COMMANDS 3 - 53 3.1.
3 - 54 WiNG CLI Reference Guide 3.1.
PRIVILEGED EXEC MODE COMMANDS 3 - 55 3.1.35 rename Privileged Exec Mode Commands Renames a file in the existing filesystem Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax rename Parameters Specifies the file to rename. The first is the old file name. The second defines the new file name.
3 - 56 WiNG CLI Reference Guide 3.1.
PRIVILEGED EXEC MODE COMMANDS 3 - 57 3.1.
3 - 58 WiNG CLI Reference Guide 3.1.38 self Privileged Exec Mode Commands Displays the configuration context of the currently logged device Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax self Parameters None Example rfs7000-37FABE#self Enter configuration commands, one per line. End with CNTL/Z.
PRIVILEGED EXEC MODE COMMANDS 3 - 59 3.1.39 service Privileged Exec Mode Commands The service command performs different functions depending on the parameter passed to it. Generally, this command is used to directly interact with the device to force an action on the device. NOTE: Service commands have their own set of parameters. Please refer to the Chapter 5, service for a list of parameters used with the service command.
3 - 60 WiNG CLI Reference Guide 3.1.40 show Privileged Exec Mode Commands Displays the settings for the specified system component. There are a number of ways to invoke the show command: • When invoked without any arguments, it displays information about the current context. If the current context contains instances, the show command (usually) displays a list of these instances • When invoked with the display_parameter, it displays information about that component.
PRIVILEGED EXEC MODE COMMANDS 3 - 61 mac-address-table mint noc ntp password-encryption power remote-debug rf-domain-manager role running-config session-changes session-config sessions smart-rf spanning-tree startup-config terminal timezone upgrade-status version wireless wwan Display MAC address table MiNT protocol Noc-level information Network time protocol Pasword encryption Show power over ethernet command Show details of remote debug sessions Show RF Domain Manager selection details Role based firewa
3 - 62 WiNG CLI Reference Guide 3.1.41 telnet Privileged Exec Mode Commands Opens a telnet session Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax telnet {port} Parameters {port} Defines an IP address or hostname of a remote system • port – Enter the TCP port number Example rfs7000-37FABE#telnet 172.16.10.1 Entering character mode Escape character is '^]'. RFS7000 release 5.1.0.
PRIVILEGED EXEC MODE COMMANDS 3 - 63 3.1.
3 - 64 WiNG CLI Reference Guide 3.1.43 time-it Privileged Exec Commands Verifies the time taken by a particular command between request and response Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax time-it Parameters Verifies the time taken by a particular command between request and response • – Specify the command to view the response Example rfs7000-37FABE#time-it enable That took 0.00 seconds..
PRIVILEGED EXEC MODE COMMANDS 3 - 65 3.1.44 traceroute Privileged Exec Mode Commands Traces the route to a defined destination. Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax traceroute Parameters Traces the route to a destination IP address or hostname Example rfs7000-37FABE#traceroute 172.16.10.2 traceroute to 172.16.10.2 (172.16.10.2), 30 hops max, 38 byte packets 1 172.16.10.1 (172.16.10.1) 3002.008 ms !H 3002.
3 - 66 WiNG CLI Reference Guide 3.1.45 upgrade Privileged Exec Mode Commands Upgrades the software image Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax upgrade {background|on } Parameters Sets the location of the target firmware image used in the upgrade background Optional.
PRIVILEGED EXEC MODE COMMANDS 3 - 67 3.1.
3 - 68 WiNG CLI Reference Guide 3.1.47 watch Privileged Exec Mode Commands Repeats the specific CLI command at a periodic interval Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax watch <1-3600> Parameters <1-3600> Repeats the specified CLI command on the specified interval(s).
PRIVILEGED EXEC MODE COMMANDS 3 - 69 3.1.48 write Privileged Exec Mode Commands Writes the system running configuration to memory or terminal Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax write Parameters memory Writes to NV memory terminal Writes to terminal Example rfs7000-37FABE#write memory [OK] rfs7000-37FABE# rfs7000-37FABE#write terminal ! ! Configuration of RFS7000 version 5.1.0.0-061D ! ! version 2.
3 - 70 WiNG CLI Reference Guide
CHAPTER 4 GLOBAL CONFIGURATION COMMANDS This chapter summarizes the global-configuration commands in the CLI command structure. The term global is used to indicate characteristics or features effecting the system as a whole. Use the Global Configuration Mode to configure the system globally, or enter specific configuration modes to configure specific elements (such as interfaces or protocols). Use the configure terminal command (under PRIV EXEC) to enter the global configuration mode.
4-2 WiNG CLI Reference Guide 4.1 Global Configuration Commands Table 4.1 Summarizes global configuration commands Table 4.
GLOBAL CONFIGURATION COMMANDS Table 4.
4-4 WiNG CLI Reference Guide 4.1.
GLOBAL CONFIGURATION COMMANDS 4.1.
4-6 WiNG CLI Reference Guide 4.1.3 ap650 Global Configuration Commands Adds an AP650 access point to the controller managed network using its MAC address. If a profile for the AP is not available, a new profile is created.
GLOBAL CONFIGURATION COMMANDS 4-7 4.1.4 ap6511 Global Configuration Commands Adds an AP6511 access point to the controller network using its MAC address. If a profile for the AP is not available, a new profile is created.
4-8 WiNG CLI Reference Guide 4.1.5 ap6532 Global Configuration Commands Adds an AP6532 access point to the controller network using its MAC address. If a profile for the AP is not available, a new profile is created.
GLOBAL CONFIGURATION COMMANDS 4-9 4.1.6 ap71xx Global Configuration Commands Adds an AP71xx series access point to the controller network using its MAC address. If a profile for the AP is not available, a new profile is created.
4 - 10 WiNG CLI Reference Guide 4.1.
GLOBAL CONFIGURATION COMMANDS 4 - 11 4.1.
4 - 12 WiNG CLI Reference Guide 4.1.9 captive portal Global Configuration Commands The Captive Portal Mode provides the commands to configure a hotspot. Table 4.2 lists the command to enter the Captive Portal configuration mode. Table 4.
GLOBAL CONFIGURATION COMMANDS 4 - 13 4.1.9.
4 - 14 WiNG CLI Reference Guide 4.1.9.2 captive-portal-mode commands Table 4.3 Summarizes captive-portal mode commands Table 4.3 Captive-Portal-Mode Commands Command Description Reference access-time Defines allowed access time for a client.
GLOBAL CONFIGURATION COMMANDS 4 - 15 4.1.9.2.1 access-time critical-resource-policy Defines the permitted access time for a client. It is used when no session time is defined in RADIUS response. Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP7131xx • AP650 • AP6511 • AP6532 Syntax access-time <30-10080> Parameters <30-10080> Enter the time from <30-10080> minutes to define the allowed access time for a client.
4 - 16 WiNG CLI Reference Guide 4.1.9.2.2 access-type captive-portal-mode commands Defines the captive portal access type Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP7131xx • AP650 • AP6511 • AP6532 Syntax access-type [custom-auth-radius|logging|no-auth|radius] Parameters [custom-auth-radius| logging|no-auth|radius] • custom-auth-radius – Verifies custom user information for authentication (RADIUS lookup with given information.
GLOBAL CONFIGURATION COMMANDS 4 - 17 4.1.9.2.
4 - 18 WiNG CLI Reference Guide 4.1.9.2.
GLOBAL CONFIGURATION COMMANDS 4 - 19 4.1.9.2.5 custom-auth captive-portal-mode commands Configures custom user information Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP7131xx • AP650 • AP6511 • AP6532 Syntax custom-auth info Parameters info Information used for RADIUS lookup when custom-auth-radius access type is configured. • – Guest data needs to be provided.
4 - 20 WiNG CLI Reference Guide 4.1.9.2.6 inactivity-timeout captive-portal-mode commands Defines an inactivity timeout in seconds.
GLOBAL CONFIGURATION COMMANDS 4 - 21 4.1.9.2.
4 - 22 WiNG CLI Reference Guide 4.1.9.2.8 simultaneous-users captive-portal-mode commands Specifies a particular user name that can only be used by a certain number of MAC addresses at a time Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP7131xx • AP650 • AP6511 • AP6532 Syntax simultaneous-users <0-8192> Parameters <0-8192> Sets the number of MAC addresses allowed to use that username at the same time. Select a number between 0 and 8192 (0 implies unlimited).
GLOBAL CONFIGURATION COMMANDS 4 - 23 4.1.9.2.
4 - 24 WiNG CLI Reference Guide 4.1.9.2.
GLOBAL CONFIGURATION COMMANDS 4 - 25 4.1.9.2.11webpage-location captive-portal-mode commands Specifies the location of the Web pages used for authentication.
4 - 26 WiNG CLI Reference Guide 4.1.9.2.
GLOBAL CONFIGURATION COMMANDS 4 - 27 Parameters external [fail|login|welcome] ] Configures captive portal external page links • fail – Users are redirected to this Web page if they fail authentication • login – Users are prompted for their username and password on this Web page • welcome – Users are redirected to this Web page after they authenticate successfully The following parameter is common for the above: • – Enter the URL used for remote captive portal staging.
4 - 28 WiNG CLI Reference Guide Example rfs7000-37FABE(config-captive-portal-test)#webpage external fail www.symbol.
GLOBAL CONFIGURATION COMMANDS 4 - 29 4.1.10 clear Global Configuration Commands Clears parameters, cache entries, table entries, and other similar entries. The clear command is only available for specific commands. The information cleared using this command varies depending on the mode where the clear command is executed. In this mode, the clear command is used to clear the event history.
4 - 30 WiNG CLI Reference Guide 4.1.11 critical-resource-policy Global Configuration Commands Creates a critical resource monitoring policy. A critical resource is a device (controller, router, gateway, etc.) that is considered critical to the health of the controller managed network. This is a list of IP addresses that are pinged regularly by the wireless controller.
GLOBAL CONFIGURATION COMMANDS 4 - 31 4.1.11.1 critical-resource-policy critical-resource-policy Creates or enters a critical-resource policy. If the defined policy is not present, it is created.
4 - 32 WiNG CLI Reference Guide 4.1.11.2 critical-resource-policy-mode Table 4.5 Summarizes critical resource monitoring policy commands Table 4.
GLOBAL CONFIGURATION COMMANDS 4 - 33 4.1.11.2.
4 - 34 WiNG CLI Reference Guide 4.1.11.2.2no critical-resource-policy-mode Negates a command or sets its default values Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax no monitor Parameters monitor Does not monitor the specified critical resource Example rfs7000-37FABE(config-critical-resource-policy-test)#no monitor 172.16.10.
GLOBAL CONFIGURATION COMMANDS 4 - 35 4.1.
4 - 36 WiNG CLI Reference Guide Parameters show-wireless-client [apname|auth|bss|enc|hostnam e|ip|last-active| location|mac|| radio-alias|radio-id|radiotype|role|role-policy|state| username|vendor|vlan| wlan Customizes the output of (show wireless client) commands • ap-name – Hostname of the AP to which this client associates • auth – The authentication protocol used by the client • bss – The BSSID to which the client’s radio is associated to • enc – The encryption suite of the client • hostname – Hostna
GLOBAL CONFIGURATION COMMANDS 4 - 37 show-wireless-client-statsrf [average-retry-number| error-rate|hostname|mac| noise|q-index| rx-rate|signal|snr|t-index| tx-rate] Customizes the output of (show wireless client stats rf) commands • average-retry-number – Displays the average retry number per packet • error-rate – Displays the error rate • hostname – Displays the hostname of the client – Configured by sniffing packets or manually • mac – The MAC address of client • noise – Displays the noise level measur
4 - 38 WiNG CLI Reference Guide show-wireless-radio-stats [radio-alias|radio-id| radio-mac|rx-bytes|rx-errors| rx-packets|rx-throughput| tx-bytes|tx-dropped| tx-packets|tx-throughput Customizes the output of (show wireless radio stats) commands • radio-alias – Radio alias with AP's hostname and the radio interface number in the form of hostname:RX • radio-id – Consists of the AP MAC address and the radio interface number in the form of AA-BB-CC-DD-EE-FF:RX • radio-mac – The base MAC address of the radio •
GLOBAL CONFIGURATION COMMANDS 4 - 39
4 - 40 WiNG CLI Reference Guide 4.1.
GLOBAL CONFIGURATION COMMANDS 4 - 41 4.1.14 device-categorization Global Configuration Commands Categorizes devices based on different parameters. Table 4.6 Critical Resource Policy Commands Command device-categorization Description Configures the device categorization lists.
4 - 42 WiNG CLI Reference Guide 4.1.14.
GLOBAL CONFIGURATION COMMANDS 4 - 43 4.1.14.2 device-categorization-mode commands Table 4.7 Summarizes device-categorization mode commands Table 4.
4 - 44 WiNG CLI Reference Guide 4.1.14.2.
GLOBAL CONFIGURATION COMMANDS 4 - 45 4.1.14.2.
4 - 46 WiNG CLI Reference Guide 4.1.15 dhcp-server-policy Global Configuration Commands Configures a DHCP Server policy Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax dhcp-server-policy Parameters Enter a DHCP server policy name to configure Example rfs7000-37FABE(config)#dhcp-policy test rfs7000-37FABE(config)#? NOTE: For more information, see Chapter 13, DHCP-SERVER-POLICY.
GLOBAL CONFIGURATION COMMANDS 4 - 47 4.1.16 dns-whitelist Global Configuration Commands Configures a whitelist of devices permitted to access the controller managed network or a hotspot configured for the controller managed network. Table 4.8 Critical Resource Policy Commands Command dns-whitelist Description Configures the DNS whitelist.
4 - 48 WiNG CLI Reference Guide 4.1.16.
GLOBAL CONFIGURATION COMMANDS 4 - 49 4.1.16.2 dns-whitelist mode commands Table 4.9 Summarizes dns-white-list mode commands Table 4.
4 - 50 WiNG CLI Reference Guide 4.1.16.2.
GLOBAL CONFIGURATION COMMANDS 4 - 51 4.1.16.2.2no dns-whitelist mode commands Negates a command or sets its default value Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax no permit Parameters no permit Does not match the hostname or IP address in the list and is not permitted access Example rfs7000-37FABE(config-dns-whitelist-test)#no permit motorolasolutions.
4 - 52 WiNG CLI Reference Guide 4.1.
GLOBAL CONFIGURATION COMMANDS 4 - 53 self telnet terminal time-it traceroute upgrade upgrade-abort watch write Config context of the device currently logged into Open a telnet connection Set terminal line parameters Check how long a particular command took between request and completion of response Trace route to destination Upgrade software image Abort an ongoing upgrade Repeat the specific CLI command at a periodic interval Write running configuration to memory or terminal clrscr exit service show Cle
4 - 54 WiNG CLI Reference Guide 4.1.
GLOBAL CONFIGURATION COMMANDS 4 - 55 4.1.19 event-system-policy Global Configuration Commands Configures a policy which configures how events are handled by the wireless controller. Each event can be configured individually to perform an action such as sending an email or forwarding a notification to its parent controller etc. Table 4.10 Event System Policy Commands Command event-system-policy Description Configures the event-system-policy.
4 - 56 WiNG CLI Reference Guide 4.1.19.
GLOBAL CONFIGURATION COMMANDS 4 - 57 4.1.19.2 event-system-policy mode commands event-system-policy Table 4.11 Summarizes event system policy mode commands Table 4.
4 - 58 WiNG CLI Reference Guide 4.1.19.2.1event event-system-policy mode commands Configures an event Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax event [] [] [email|forward-to-switch|snmp|syslog] [default|on|off] NOTE: The parameter values for the and are summarized in the table under the Parameters section.
GLOBAL CONFIGURATION COMMANDS 4 - 59 Parameters aaa • • • • radius-discon-msg – RADIUS disconnection message radius-session-expired – RADIUS session expired message radius-session-not-started – RADIUS session not started message radius-vlan-update – RADIUS VLAN update message adv-wips • • • • • • • • • • • • • • • • • • • • • • • • • • adv-wips-event-1 – Event adv-wips-event-1 message adv-wips-event-10 – Event adv-wips-event-10 message adv-wips-event-105 – Event adv-wips-e
4 - 60 WiNG CLI Reference Guide ap • • • • • • • • • • • • • • • adopted – Event adopted message adopted-to-controller – Event adopted to controller message ap-autoup-done – Event ap autoup done message ap-autoup-fail – Event ap autoup fail message ap-autoup-needed – Event ap autoup needed message ap-autoup-no-need – Event ap autoup not needed message ap-autoup-reboot – Event ap autoup reboot message ap-autoup-timeout – Event ap autoup timeout message ap-autoup-ver – Event ap
GLOBAL CONFIGURATION COMMANDS 4 - 61 certmgr • • • • • • • • • • • • • • • • ca-cert-actions-failure – Event ca certificate actions failure message ca-cert-actions-success – Event ca certificate actions success message ca-key-actions-failure – Event ca key actions failure message ca-key-actions-success – Event ca key actions success message cert-expiry – Event certificate expiry message crl-actions-failure – Event crl (Certificate Revocation List) actions failure message crl-act
4 - 62 WiNG CLI Reference Guide diag • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • autogen-tech-sprt – Event autogen technical support message buf-usage – Event buffer usage message cpu-load – Event CPU load message disk-usage – Event disk usage message elapsed-time – Event elapsed time message fan-underspeed – Event fan underspeed message fd-count – Event forward count message free-flash-disk – Event free flash disk message free-flash-inodes – Event free flash ino
GLOBAL CONFIGURATION COMMANDS 4 - 63 dot11 • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • client-associated – Wireless client associated event message client-denied-assoc – Event client denied association message client-disassociated – Wireless client disassociated message country-code – Event country code message country-code-error – Event country code error message eap-cached-keys – Event EAP cached keys message eap-client-timeout – Event EAP client timeout me
4 - 64 WiNG CLI Reference Guide filemgmt • • • • • • • • http – Event HTTP message httplocal – Event HTTP local message https-start – Event HTTPS start message https-wait – Event HTTPS wait message httpstart – Event HTTP start message keyadded – Event key added message keydeleted – Event key deleted message trustpointdeleted – Event trustpoint deleted message fwu • • • • • • • • • • • • • • fwuaborted – Event fwu aborted message fwubadconfig – Event fwu bad config message f
GLOBAL CONFIGURATION COMMANDS 4 - 65 pm • • • • • • • • procid – Event procid message procmaxrstrt – Event proc max restart message procnoresp – Event proc no response message procrstrt – Event proc restart message procstart – Event proc start message procstop – Event proc stop message procsysrstrt – Event proc system restart message startupcomplete – Event startup complete message radconf raduserpassstrength – Event RADIUS user pass strength message radio • • • • • radar
4 - 66 WiNG CLI Reference Guide smtpnot • • • • • • • cfg – Event cfg message cfginc – Event cfg inc message net – Event net message proto – Event proto message smtpauth – Event SMTP authentication message smtperr – Event SMTP error message smtpinfo – Event SMTP information message system • • • • • • • • • • • • • clock-reset – Event clock reset message http – Event HTTP message login – Event login message login-fail – Event login fail message login-fail-access – Event logi
GLOBAL CONFIGURATION COMMANDS 4 - 67 off Off on On Example rfs7000-37FABE(config-event-system-policy-event-testpolicy)#event aaa radius-disconmsg email on forward-to-switch default snmp default syslog default rfs7000-37FABE(config-event-system-policy-event-testpolicy)# rfs7000-37FABE(config-event-system-policy-adv-wips)# rfs7000-37FABE(config-event-system-policy-testpolicy)#show context event-system-policy testpolicy event sole adaptererr syslog off snmp off forward-to-switch off rfs7000-37FABE(config
4 - 68 WiNG CLI Reference Guide 4.1.19.2.
GLOBAL CONFIGURATION COMMANDS 4 - 69 4.1.20 firewall-policy Global Configuration Commands Configures a firewall policy Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax firewall-policy Parameters Enter a firewall policy name to configure Example rfs7000-37FABE(config)#firewall-policy test rfs7000-37FABE(config-fw-policy-test)# NOTE: For more information, see Chapter 14, FIREWALL-POLICY.
4 - 70 WiNG CLI Reference Guide 4.1.21 help Global Configuration Commands Describes the interactive help system. Use this command to access the advanced help feature. Use “?” anytime at the command prompt to access a help topic. Two kinds of help are provided: • Full help is available when ready to enter a command argument • Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input (for example 'show ve?').
GLOBAL CONFIGURATION COMMANDS 4 - 71 : show wireless ap (|(on DEVICE-OR-DOMAIN-NAME)) \ Show running system information \ Wireless commands \ Information regarding managed Access Points \ On AP/Controller or RF-Domain \ AP / Controller / RF-Domain name : show wireless ap configured \ Show running system information \ Wireless commands \ Information regarding managed Access Points \ Information of all Access Points in configuration : show wireless ap detail (|WORD) \ Show running system information \ Wirele
4 - 72 WiNG CLI Reference Guide 4.1.22 host Global Configuration Commands Enters the configuration context of a remote device using its hostname. Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax host Parameters The name of the controller. This name is displayed when the controller is accessed from any network.
GLOBAL CONFIGURATION COMMANDS 4 - 73 4.1.23 igmp-snoop-policy Global Configuration Commands Configures an igmp-snoop policy Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax igmp-snoop-policy Parameters Enter a igmp-snoop policy name to configure Example rfs7000-37FABE(config)#igmp-snoop-policy test rfs7000-37FABE(config)#? NOTE: For more information, see Chapter 15, IGMP-SNOOP-POLICY.
4 - 74 WiNG CLI Reference Guide 4.1.24 ip Global Configuration Commands Configures a selected Internet Protocol (IP) component Access-lists define access to the controller managed network using a set of rules. Each rule specifies an action taken when a packet matches a given set of rules. If the action is deny, the packet is dropped. If the action is permit, the packet is allowed.
GLOBAL CONFIGURATION COMMANDS 4 - 75 4.1.
4 - 76 WiNG CLI Reference Guide 4.1.
GLOBAL CONFIGURATION COMMANDS 4 - 77 4.1.27 mint-policy Global Configuration Commands Configures the global MiNT policy Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax mint-policy global-default Parameters Enter a MiNT policy name to configure Example rfs7000-37FABE(config)#mint-policy global-default rfs7000-37FABE(config-mint-policy-global-default)# NOTE: For more information, see Chapter 16, MINT-POLICY.
4 - 78 WiNG CLI Reference Guide 4.1.28 nac-list Global Configuration Commands Configures a policy which configures a list of devices that can access a wireless controller managed network based on their MAC addresses. Table 4.12 NAC List Commands Command nac-list Description Creates a nac-list policy.
GLOBAL CONFIGURATION COMMANDS 4 - 79 4.1.28.1 nac-list Global Configuration Commands Configures a network access control list that controls access to the wireless controller managed network.
4 - 80 WiNG CLI Reference Guide 4.1.28.2 nac-list-mode Table 4.13 Summarizes nac-list mode commands Table 4.
GLOBAL CONFIGURATION COMMANDS 4 - 81 4.1.28.2.
4 - 82 WiNG CLI Reference Guide 4.1.28.2.
GLOBAL CONFIGURATION COMMANDS 4 - 83 4.1.28.2.
4 - 84 WiNG CLI Reference Guide 4.1.
GLOBAL CONFIGURATION COMMANDS 4 - 85 service Service Commands
4 - 86 WiNG CLI Reference Guide 4.1.
GLOBAL CONFIGURATION COMMANDS 4 - 87 4.1.31 profile Global Configuration Commands Configures profile related commands.
4 - 88 WiNG CLI Reference Guide led legacy-auto-update lldp load-balancing local logging mac-address-table mint misconfiguration-recovery-time monitor no noc ntp power-config preferred-controller-group radius rf-domain-manager spanning-tree use vpn wep-shared-key-auth Turn LEDs on/off on the device Enable legacy device firmware auto update Link Layer Discovery Protocol Configure load balancing parameter Local user authentication database for VPN Modify message logging facilities MAC Address Table MiNT pro
GLOBAL CONFIGURATION COMMANDS 4 - 89 4.1.32 radio-qos-policy Global Configuration Commands Configures a radio quality of service policy Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax radio-qos-policy Parameters Enter the name of the QoS policy Example rfs7000-37FABE(config)#radio-qos-policy test rfs7000-37FABE(config)# NOTE: For more information, see Chapter 19, RADIO-QOS-POLICY.
4 - 90 WiNG CLI Reference Guide 4.1.33 radius-group Global Configuration Commands Configures RADIUS user group parameters Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax radius-group Parameters Enter a user group name up to 64 characters Example rfs7000-37FABE(config)#radius-group testgroup rfs7000-37FABE(config)# NOTE: For more information, see Chapter 18, RADIUS-POLICY.
GLOBAL CONFIGURATION COMMANDS 4 - 91 4.1.
4 - 92 WiNG CLI Reference Guide 4.1.
GLOBAL CONFIGURATION COMMANDS 4 - 93 4.1.36 rf-domain Global Configuration Commands RF Domain groups devices that can logically belong to one network. The rf-domain policy configures a set of parameters that enable devices to be configured quickly as belonging to a particular RF domain. Table 4.14 RF Domain Commands Command rf-domain Description Creates a rf-domain policy.
4 - 94 WiNG CLI Reference Guide 4.1.36.1 rf-domain rf-domain Creates a RF Domain configuration. If the policy does not exist, it creates a new policy.
GLOBAL CONFIGURATION COMMANDS 4 - 95 4.1.36.2 rf-domain-mode rf-domain This section describes the default commands under rf-domain. Table 4.15 Summarises rf-domain commands Table 4.
4 - 96 WiNG CLI Reference Guide 4.1.36.2.1channel-list rf-domain-mode Configures channel list advertised by radios Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax channel-list [2.4GHz|5GHz|dynamic] channel-list [2.4GHz|5GHz] Parameters [2.4GHz|5GHz|dynamic] • 2.4GHz – Configures the channel list advertised by radios operating in 2.
GLOBAL CONFIGURATION COMMANDS 4 - 97 4.1.36.2.
4 - 98 WiNG CLI Reference Guide 4.1.36.2.3layout rf-domain-mode Configure layout maps for every rf-domain/floor/area. It allows users to place APs across the deployment map. A maximum of 256 layouts will be permitted.
GLOBAL CONFIGURATION COMMANDS 4 - 99 4.1.
4 - 100 WiNG CLI Reference Guide 4.1.
GLOBAL CONFIGURATION COMMANDS 4 - 101 4.1.
4 - 102 WiNG CLI Reference Guide 4.1.40 role-policy Global Configuration Commands Configures a role based firewall policy Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax role-policy Parameters Enter the role-policy name to configure Example rfs7000-37FABE(config)#role-policy role1 rfs7000-37FABE(config)# NOTE: For more information, see Chapter 20, ROLE-POLICY.
GLOBAL CONFIGURATION COMMANDS 4 - 103 4.1.
4 - 104 WiNG CLI Reference Guide 4.1.
GLOBAL CONFIGURATION COMMANDS 4 - 105 +-include-factory [show running-config interface (|`WORD|ge <1-4>|me1|pc <14>|vlan <1-4094>') (|include-factory)] +-ge +-<1-4> [show running-config interface (|`WORD|ge <1-4>|me1|pc <1-4>|vlan <14094>') (|include-factory)] +-include-factory [show running-config interface (|`WORD|ge <1-4>|me1|pc <14>|vlan <1-4094>') (|include-factory)] +-me1 [show running-config interface (|`WORD|ge <1-4>|me1|pc <1-4>|vlan <14094>') (|include-factory)] +-include-factory [show running-co
4 - 106 WiNG CLI Reference Guide 4.1.43 show Global Configuration Commands Displays running system information under various parameters such as, auto-provisioning-policy, advanced-wips policy and boot configuration details. Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax show Parameters None NOTE: For more information, see Chapter 6, SHOW COMMANDS.
GLOBAL CONFIGURATION COMMANDS 4 - 107 power remote-debug rf-domain-manager role running-config session-changes session-config sessions smart-rf spanning-tree startup-config terminal timezone upgrade-status version wireless rfs7000-37FABE(config)# Show power over ethernet command Show details of remote debug sessions Show RF Domain Manager selection details Role based firewall Current operating configuration Configuration changes made in this session This session configuration Display CLI sessions Smart-RF
4 - 108 WiNG CLI Reference Guide 4.1.44 smart-rf-policy Global Configuration Commands Configures a Smart RF policy. Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax smart-rf-policy Parameters Enter the Smart RF policy name Example rfs7000-37FABE(config)#smart-rf-policy test rfs7000-37FABE(config-smart-rf-policy-test)# NOTE: For more information, see Chapter 21, SMART-RF-POLICY.
GLOBAL CONFIGURATION COMMANDS 4 - 109 4.1.45 wips-policy Global Configuration Commands Configures a WIPS policy Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax wips-policy Parameters Enter the WIPS policy name to configure Example rfs7000-37FABE(config)#wips-policy test rfs7000-37FABE(config-wips-policy-test)# NOTE: For more information, see Chapter 22, WIPS-POLICY.
4 - 110 WiNG CLI Reference Guide 4.1.46 wlan Global Configuration Commands Configures a wireless LAN. Table 4.16 WLAN Commands Command wlan Description Configures a wireless LAN.
GLOBAL CONFIGURATION COMMANDS 4 - 111 4.1.46.1 wlan wlan Configures a WLAN. Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax wlan {[|containing ]} Parameters |containing Configures a wireless LAN • – Optional. Configures the WLAN specified by its WLAN number. • containing – Optional.
4 - 112 WiNG CLI Reference Guide 4.1.46.2 wlan-mode commands wlan Configures WLAN related commands. Manual mapping of WLANs is erased when the actual WLAN is disabled and enabled immediately. Use the (config) instance to configure WLAN related parameters. To navigate to this instance, use the following commands: rfs7000-37FABE(config)#wlan Table 4.17 Summarizes wlan-mode commands Table 4.17 wlan-mode commands Command Description Reference 802.11k Configures support for 802.
GLOBAL CONFIGURATION COMMANDS 4 - 113 Table 4.
4 - 114 WiNG CLI Reference Guide 4.1.46.2.1802.11k wlan-mode commands Configures support for 802.11k radio resource measurement Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax 802.11k {channel-report} Parameters {channel-report} Optional. Configures support for radio resource measurement, including the channel-report element in beacons and probe responses Example rfs7000-37FABE(config-wlan-1)#802.
GLOBAL CONFIGURATION COMMANDS 4 - 115 4.1.46.2.2802.11r wlan-mode commands Configures support for 802.11r fast BSS transition Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax 802.11r {mobility-domain-id } Parameters {mobility-domain-id} Configures the mobility domain ID for the roaming domain. A mobility domain ID must be 4 hexadecimal characters long. Example rfs7000-37AFBE(config-wlan-1)#802.
4 - 116 WiNG CLI Reference Guide 4.1.46.2.3802.11w wlan-mode commands Enables support for Protected Management Frames (IEEE 802.11w) settings Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax 802.11w [mandatory|optional|sa-query] 802.
GLOBAL CONFIGURATION COMMANDS 4 - 117 4.1.46.2.
4 - 118 WiNG CLI Reference Guide 4.1.46.2.
GLOBAL CONFIGURATION COMMANDS 4 - 119 4.1.46.2.
4 - 120 WiNG CLI Reference Guide 4.1.46.2.7authentication-type wlan-mode commands Sets the authentication type for the WLAN Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax authentication-type [eap|eap-mac|eap-psk|kerberos|mac|none] Parameters [eap|eap-mac|eap-psk| kerberos|mac|none] Sets the authentication type for this WLAN • eap – EAP authentication (802.
GLOBAL CONFIGURATION COMMANDS 4 - 121 4.1.46.2.
4 - 122 WiNG CLI Reference Guide 4.1.46.2.
GLOBAL CONFIGURATION COMMANDS 4 - 123 4.1.46.2.
4 - 124 WiNG CLI Reference Guide 4.1.46.2.
GLOBAL CONFIGURATION COMMANDS 4 - 125 4.1.46.2.
4 - 126 WiNG CLI Reference Guide 4.1.46.2.
GLOBAL CONFIGURATION COMMANDS 4 - 127 4.1.46.2.14client-load-balancing wlan-mode commands Configures load balancing of wireless clients on the specified WLAN Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax client-load-balancing {allow-single-band-clients [2.4ghz|5ghz]| band-discovery-intvl <0-10000> |capability-ageout-time <0-10000>| max-probe-req|probe-req-intvl} client-load-balancing {max-probe-req|probe-req-intvl} [2.
4 - 128 WiNG CLI Reference Guide 4.1.46.2.15data-rates wlan-mode commands Specifies the 802.11 rates supported on the WLAN Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax data-rates [2.4GHz|5GHz] data-rates 2.4GHz [b-only|bg|bgn|custom|default|g-only|gn] data-rates 5GHz [a-only|an|custom|default] data-rates 5GHz custom [{12|18|24|36|48|54|9|basic-1|basi-11| basic-12|basic-18|basic-2|basic-24|basic-36|basic-48|basic-5.
GLOBAL CONFIGURATION COMMANDS 4 - 129 Parameters 2.4GHz [b-only|bg|bgn |custom|default|g-only|gn] Specifies the 802.11 rates supported on the WLAN when mapped to a 2.4GHz radio • b-only – Supports 11b-only mode • bg – Uses rates that support both 11b and 11g clients • bgn – Uses rates that support 11b, 11g and 11n clients • custom – Configures a list of data rates by specifying each rate individually.
4 - 130 WiNG CLI Reference Guide 5GHz [a-only|an| custom[{12|18|24|36|48|54|9 |basic-1|basi-11| basic-12|basic-18| basic-2|basic-24| basic-36|basic-48| basic-5.5|basic-54| basic-6|basic-9| basic-mcs0-7| mcs0-15|mcs0-7|mcs8-15}] |default]] Specifies the 802.
GLOBAL CONFIGURATION COMMANDS 4 - 131 4.1.46.2.16description wlan-mode commands Defines the WLAN description. Used to identify the selected WLAN Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax description Parameters Defines the description for this WLAN. It is used to identify the selected WLAN.
4 - 132 WiNG CLI Reference Guide 4.1.46.2.17encryption-type wlan-mode commands Sets the WLAN encryption type Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax encryption-type [ccmp|keyguard|none|tkip|tkip-ccmp|wep128| web128-keyguard] Parameters [ccmp|keyguard|none|tkip|tki Sets the WLAN encryption type.
GLOBAL CONFIGURATION COMMANDS 4 - 133 4.1.46.2.18enforce-dhcp wlan-mode commands Drops the packets from clients with a static IP address.
4 - 134 WiNG CLI Reference Guide 4.1.46.2.19ip wlan-mode commands Configures Internet Protocol settings Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax ip [arp|dhcp] ip dhcp trust ip arp [header-mismatch-validation|trust] Parameters [arp|dhcp] trust Sets Internet Protocol settings for ARP and DHCP packets.
GLOBAL CONFIGURATION COMMANDS 4 - 135 4.1.46.2.
4 - 136 WiNG CLI Reference Guide
GLOBAL CONFIGURATION COMMANDS 4 - 137 4.1.46.2.21motorola-extensions wlan-mode commands Enables support for Motorola Solutions-specific extensions to 802.
4 - 138 WiNG CLI Reference Guide 4.1.46.2.22no wlan-mode commands Negates a command or sets its default value Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax no Parameters None Usage Guidelines The no command negates any command associated with it. Wherever required, use the same parameters associated with the command getting negated.
GLOBAL CONFIGURATION COMMANDS 4 - 139 4.1.46.2.
4 - 140 WiNG CLI Reference Guide 4.1.46.2.24radius wlan-mode commands Configures RADIUS related parameters Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax radius [dynamic-authorization|nas-identifier |nas-port-id |vlanassignment] Parameters dynamic-authorization Enables support for disconnect and change-of-authorization messages (RFC5176) nas-identifier The WLAN NAS identifier sent to the RADIUS server.
GLOBAL CONFIGURATION COMMANDS 4 - 141 4.1.46.2.
4 - 142 WiNG CLI Reference Guide 4.1.46.2.
GLOBAL CONFIGURATION COMMANDS 4 - 143 4.1.46.2.
4 - 144 WiNG CLI Reference Guide 4.1.46.2.28vlan wlan-mode commands Sets the VLAN assignment of the WLAN Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax vlan <1-4094> Parameters <1-4094> Sets the WLAN’s VLAN. This command starts a new VLAN assignment for a WLAN index. All prior VLAN settings are erased.
GLOBAL CONFIGURATION COMMANDS 4 - 145 4.1.46.2.29vlan-pool-member wlan-mode commands Add a member vlan to the pool of VLANs for the WLAN NOTE: Configuration of a VLAN pool overrides the 'vlan' configuration. Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xxx • AP650 • AP6511 • AP6532 Syntax vlan-pool-member {limit} <0-8192> Parameters {limit} <0-8192> Defines the VLAN configuration.
4 - 146 WiNG CLI Reference Guide 4.1.46.2.
GLOBAL CONFIGURATION COMMANDS 4 - 147 4.1.46.2.
4 - 148 WiNG CLI Reference Guide 4.1.46.2.
GLOBAL CONFIGURATION COMMANDS 4 - 149 rfs7000-37FABE(config-wlan-1)#show context wlan 1 ssid Test1 vlan 2 bridging-mode tunnel encryption-type none authentication-type none wireless-client cred-cache-ageout 65 wireless-client hold-time 10 wireless-client max-firewall-sessions 100 wireless-client reauthentication 35 wireless-client tx-power 12
4 - 150 WiNG CLI Reference Guide 4.1.46.2.
GLOBAL CONFIGURATION COMMANDS 4 - 151 Parameters exclude-wpa2-tkip Excludes the WPA2 version of TKIP, support only WPA-TKIP handshake [attempts <15>|init-wait <5-1000000>| priority|timeout <10-5000>] Configures the parameters related to the WPA/WPA2 handshake • attempts <1-5> – Configures the total number of times a message is transmitted towards a non-responsive client • init-wait <5-1000000> – Configure a wait-time before the first message of the handshake is transmitted from the AP • priority [high|
4 - 152 WiNG CLI Reference Guide encryption-type none authentication-type none wpa-wpa2 tkip-countermeasures hold-time 1000
GLOBAL CONFIGURATION COMMANDS 4 - 153 4.1.47 wlan-qos-policy Global Configuration Commands Configures a WLAN QoS policy Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax wlan-qos-policy Parameters Enter a WLAN QoS-policy name to configure Example rfs7000-37FABE(config)#wlan-qos-policy test rfs7000-37FABE(config-wlan-qos-test)# NOTE: For more information, see Chapter 23, WLAN-QOS-POLICY.
4 - 154 WiNG CLI Reference Guide 4.1.48 write Global Configuration Commands Writes the system running configuration to memory or terminal Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax write [terminal|memory] Parameters memory Writes to the NV memory terminal Writes to terminal Example rfs7000-37FABE#write memory [OK] rfs7000-37FABE# rfs7000-37FABE#write terminal ! ! Configuration of RFS7000 version 5.1.0.0-061D ! ! version 2.
CHAPTER 5 COMMON COMMANDS This chapter describes the CLI commands used in the USER EXEC, PRIV EXEC, and GLOBAL CONFIG modes. The PRIV EXEC command set contains commands available within the USER EXEC mode. Some commands can be entered in either mode. Commands entered in either the USER EXEC mode or the PRIV EXEC mode are referred to as EXEC mode commands. If a user or privilege is not specified, the referenced command can be entered in either mode.
5-2 WiNG CLI Reference Guide 5.1 Common Commands Table 5.1 Summarizes Common Commands Table 5.
COMMON COMMANDS 5.1.
5-4 WiNG CLI Reference Guide 5.1.
COMMON COMMANDS 5.1.
5-6 WiNG CLI Reference Guide 5.1.4 help Common Commands Describes the interactive help system Use this command to access the advanced help feature. Use “?” anytime at the command prompt to access the help topic Two kinds of help are provided: • Full help is available when ready to enter a command argument • Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input (for example 'show ve?').
COMMON COMMANDS 5-7 Example rfs7000-37FABE>help search crypto detailed Found 29 references for "crypto" Found 113 references for "crypto" Mode : User Exec Command : show crypto key rsa (|public-key-detail) (|(on DEVICE-NAME)) \ Show running system information \ Encryption related commands \ Key management operations \ Show RSA public Keys \ Show the public key in PEM format \ On AP/Controller \ AP / Controller name : show crypto pki trustpoints (WORD|all|)(|(on DEVICE-NAME)) \ Show running system informa
5-8 WiNG CLI Reference Guide +--> [[ WIPS POLICY ]] ## PROFILE ## ---+ | +--> Physical interface (interface GE,ME,UP etc) | | | +--> [[ RATE-LIMIT-TRUST-POLICY ]] | +--> Vlan interface (interface VLAN1/VLAN36 etc) | +--> Radio interface (interface RADIO1, RADIO2 etc) | | | +--> Radio specific Configuration | | | +--> [[ RADIO-QOS-POLICY ]] | | | +--> [[ ASSOC-ACL-POLICY ]] | | | +--> [[ WLAN ]] | +--> [[ MANAGEMENT-POLICY ]] | +--> [[ DHCP-SERVER-POLICY ]] | +--> [[ FIREWALL-POLICY ]] | +--> [[ NAT-POLICY
COMMON COMMANDS 5-9 detection|dos-disassociation-detection|dos-rts-flood|rogue-ap-detection|accidentalassociation|probe-response-flood|dos-cts-flood|dos-eapol-logoff-storm|unauthorizedbridge) : service start-shell : service pktcap on(bridge|drop|deny|router|wireless|vpn|radio (all|<1-3>) (|promiscuous)|rim|interface `WORD|ge <1-4>|me1|pc <1-4>|vlan <1-4094>')(|{direction (any|inbound|outbound)|acl-name WORD|verbose|hex|count <1-1000000>|snap <12048>|write (FILE|URL|tzsp WORD)|tcpdump})(|filter LINE) Mode
5 - 10 WiNG CLI Reference Guide 5.1.
COMMON COMMANDS 5 - 11 radius-group radius-server-policy radius-user-pool-policy rf-domain rfs4000 rfs6000 rfs7000 role-policy smart-rf-policy wips-policy wlan wlan-qos-policy service rfs7000-37FABE(config)# Local radius server group configuration Remove device onboard radius policy Configure Radius User Pool Delete one or more RF-domains and all their associated configurations Delete an RFS4000 wireless controller Delete an RFS6000 wireless controller Delete an RFS7000 wireless controller Role based fire
5 - 12 WiNG CLI Reference Guide 5.1.6 show Common Commands Displays running system information Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax show Parameters None Example rfs7000-37FABE>show ? adoption Display information related to adoption to wireless controller advanced-wips Advanced WIPS ap-upgrade AP Upgrade boot Display boot configuration.
COMMON COMMANDS 5 - 13 spanning-tree startup-config terminal timezone upgrade-status version wireless rfs7000-37FABE> Display spanning tree information Startup configuration Display terminal configuration parameters The timezone Display last image upgrade status Display software & hardware version Wireless commands
5 - 14 WiNG CLI Reference Guide 5.1.
COMMON COMMANDS 5 - 15 5.1.8 service Common Commands Service commands are used to manage the Controller configuration in all modes.
5 - 16 WiNG CLI Reference Guide service clear wireless radio statistics {on } service clear wireless wlan statistics {|on } service clear wireless wlan statistics {on } service cli-tables-expand {left|right} service cli-tables-skin [ansi|hashes|minimal|none|percent| stars|thick|thin|uf-8] {grid} service cluster manual-revert service locator {on } service noc parallel-updates <1-1024> service pktcap
COMMON COMMANDS 5 - 17 service smart-rf [clear-config|clear-history|interactive-calibration|runcalibration|stop-calibration]{on } service smart-rf interactive-calibration-result [discard|replace-currentconfig|write-to-configuration]{on } service wireless [client|dump-core-snapshot|qos|wips] service wireless client beacon-request mode [active|passive|table]ssid [|any] channel-report [|none]{on } service wireless qos delete-tspec ti
5 - 18 WiNG CLI Reference Guide Parameters advanced-wips [clear-eventhistory {accidentalassociation|| crackable-wep-iv-used|doscts-flood| dos-deauthenticationdetection|dosdisassociationdetection|dos-eap-failurespoof| dos-eapol-logoff-storm|dosrts-flood| essid-jack-attack-detected| fake-dhcp-serverdetected|fata-jack-detected| id-theft-eapol-successspoof-detected| id-theft-out-of-sequence| invalid-channeladvertized|invalidmanagement-frame| ipx-detection|monkey-jackattack-detected| multicast-all-routers-onsu
COMMON COMMANDS 5 - 19 • terminate-device – Terminates an AP or client unauthorized• – MAC address of AP or client bridge|windows-zero-configmemory-leak|wlan-jackattack-detected}|terminatedevice ] cli-tables-expand {left|right} Expands CLI table in drop down format • left – Left justify output line • right – Right justify output line cli-tables-skin [ansi|hashes|minimal|none| percent|stars|thick| thin|uf-8] {grid} Chooses a formatting layout/skin for CLI tabular outputs • ansi – Uses ANSI
5 - 20 WiNG CLI Reference Guide pktcap on [bridge|deny| drop|ext-vlan|interface| radio|rim|router|vpn| |wireless] {acl-name | count <1-1000000> |direction|filter|hex| rate <1-100>| snap <1-2048>| tcpdump|verbose|write [file|url|tzsp]} Starts the packet capture • on – Enter the capture location from the list • bridge – Captures packets transiting through the ethernet bridge • deny – Captures packets denied by an ACL • drop – Captures packets at drop locations • ext-vlan – Captures packets forwarded t
COMMON COMMANDS 5 - 21 • write – Captures a file at a specified location • FILE Files: flash:/path/file cf:/path/file usb1:/path/file usb2:/path/file nvram:startup-config • URL – URLs: tftp://[:port]/path/file ftp://:@[:port]/path/file sftp://@[:port]>/path/file • tzsp – Tazman Sniffer Protocol Host radio <1-3> [data-rates rateindex <0-27> [basic|supp]| dfs simulate-radar [extension|primary] Configures radio parameters • <1-3> – Index value betwee
5 - 22 WiNG CLI Reference Guide show [advancedwips|captiveportal|cli|commandhistory|crash-info|dhcplease|diag|info| mac-vendor | mem|noc|pm|process| reboot-history| rf-domain-manager diag {on }| snmp|startup-log| sysinfo||top| upgrade-history| watchdog|wireless| xpath-history] Displays the statistics about the running system • advanced-wips stats [ap-table|client-table|connected-sensorsstatus|termination-entries] – Displays advanced-wips settings • stats – Displays advanced-wips statist
COMMON COMMANDS 5 - 23 • rf-domain-manager diag {|on} – Displays the RF Domain manager information • diag {} – Displays diagnostic information about RF Domain manager • on – Specify the MAC address of the device or its hostname • on – On AP/Controller/RF Domain • snmp session – Displays information regarding SNMP • session – Displays SNMP session information • startup-log {on } – Displays the startup log
5 - 24 WiNG CLI Reference Guide • noc diag – Displays information regarding noc updates • diag – Diagnostic information • pm [history|all] – Displays information about the processes controlled by process monitor • history – Displays the state changes for a process • on – On AP/Controller • {on } – Enter the process name • all {on } – All processes smart-rf [clear-config| clear-history |interactive-calibration |run-calibration| stop-calibration |interactive-calibrationresult
COMMON COMMANDS 5 - 25 clear [ap-upgrade| command-history|noc| reboot-history| upgrade-history| unsanctioned|wireless] Performs a variety of reset functions • command-history {on } – Clears the command history • reboot-history {on } – Clears the reboot history • upgrade-history {on } – Clears the upgrade history The following is common for the above: • {on } – On AP/Controller • – AP/Controller name • ap-upgrade history – Clears the AP upgr
5 - 26 WiNG CLI Reference Guide • {on } – Specify a WLAN name • {on } – On AP/Controller or RF Domain • – AP/Controller/RF Domain name wireless [client|dump-coresnapshot|qos|wips] Configures wireless service commands • client beacon-request mode [active|passive|table] ssid [|any] channel-report[|none] {on } – Configures wireless client service commands • beacon-request – Sends an 802.
COMMON COMMANDS 5 - 27 ]] • rid – Enter the client MAC address • tid <0-7> – Enter the traffic identifier from 0-7 • wips [clear-event-history | clear-client-blacklist [all|mac ] – Configures WIPS service commands • clear-event-history {on – Clears the event history • on – On AP/Controller • – Specifies AP/Controller/RF Domain name • clear-client-blacklist [all|mac ] – Clears th
5 - 28 WiNG CLI Reference Guide ParametersPrivilege Exec Mode copy tech-support [FILE|URL] Copies files for technical support • tech-support [|] [tftp|ftp|sftp] – Copies extensive system information useful to technical support for troubleshooting • FILE – File to which to copy • cf:/path/file • usb1:/path/file • usb2:/path/file • URL– Target URL from which to copy • tftp:///path/file • ftp://:@ /path/file • sftp://@
COMMON COMMANDS 5 - 29 signal [abort |kill ] Sends a signal to a process • abort – Sends an abort signal (to force it to dump core) • kill – Sends a kill signal (terminate without a core) • < WORD> – Enter the name of process to be signalled show [advancedwips|captive-portal| cli|command-history| crash-info| dhcp-lease|diag|info| last-passwd|mac-vendor |mem|noc|pm| process| reboot-history| rf-domain-manager| snmp| startup-log| sysinfo||top| upgrade-history| watchdog|wirele
5 - 30 WiNG CLI Reference Guide +-commands [show commands] +-running-config [show (running-config|session-config) (|include-factory)] +-include-factory [show (running-config|session-config) (|include-factory)] +-interface [show running-config interface (|`WORD|ge <1-4>|me1|pc <1-4>|vlan <14094>') (|include-factory)] +-WORD [show running-config interface (|`WORD|ge <1-4>|me1|pc <1-4>|vlan <14094>') (|include-factory)] +-include-factory [show running-config interface (|`WORD|ge <1-4>|me1|pc <14>|vlan <1-4094
COMMON COMMANDS 5 - 31 +-DEVICE-OR-DOMAIN-NAME [show debugging voice (|(on DEVICE-OR-DOMAIN-NAME))] +-captive-portal [show debugging captive-portal (|(on DEVICE-OR-DOMAIN-NAME))] +-on +-DEVICE-OR-DOMAIN-NAME [show debugging captive-portal (|(on DEVICE-OR-DOMAINNAME))] +-dhcpsvr [show debugging dhcpsvr (|(on DEVICE-NAME))] +-on.............................................................. rfs7000-37FABE(config)# rfs7000-37FABE#service traceroute -h traceroute: invalid option -- h BusyBox v1.14.
5 - 32 WiNG CLI Reference Guide Jul 27 13:44:46 2010 admin 172.16.10.10 6 profile rfs7000 default-rfs7000 Jul 27 12:39:29 2010 admin 172.16.10.12 5 reload force Jul 27 12:28:41 2010 admin 172.16.10.12 20 reload force Jul 27 12:28:39 2010 admin 172.16.10.12 20 write memory ..................................................................
COMMON COMMANDS 5 - 33 Wed Jul 28 17:29:43 2010 adjust_stats_interval 39 Wed Jul 28 17:29:43 2010 adjust_stats_interval 16 Wed Jul 28 17:29:37 2010 adjust_stats_interval 40 Wed Jul 28 17:29:37 2010 adjust_stats_interval 17 Wed Jul 28 17:29:31 2010 adjust_stats_interval 40 Wed Jul 28 17:29:31 2010 adjust_stats_interval 16 Wed Jul 28 17:29:30 2010 status 6 [system] /wing-stats/device/00-A0-F8-00-00-00/_internal/ [system] /wing-stats/device/00-15-70-37-FA-BE/_internal/ [system] /wing-stats/device/00-A0-
5 - 34 WiNG CLI Reference Guide no accounting radius no accounting syslog rfs7000-37FABE> System Information: Free RAM: 68.0% (169 of 249) Min: 10.0% File Descriptors: free: 24198 used: 960 max: 25500 CPU load averages: 1 min: 0.0% 5 min: 0.0% 15 min: 0.
COMMON COMMANDS 5 - 35 5.1.9 write Common Commands Writes the system running configuration to memory or terminal Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax write Parameters memory Writes to NV memory terminal Writes to terminal Example rfs7000-37FABE>write memory [OK] rfs7000-37FABE> rfs7000-37FABE>write terminal ! ! Configuration of RFS7000 version 5.1.0.0-061D ! ! version 2.
5 - 36 WiNG CLI Reference Guide
CHAPTER 6 SHOW COMMANDS This chapter provides an overview of all the show commands within the controller CLI structure. This chapter describes the ‘ show ‘ CLI commands used in the USER EXEC, PRIV EXEC, and GLOBAL CONFIG modes. Commands entered in either USER EXEC mode or PRIV EXEC mode are referred to as EXEC mode commands. If a user or privilege is not specified, the referenced command can be entered in either mode. This chapter describes the ‘show’ commands in the ‘GLOBAL CONFIG’ mode.
6-2 WiNG CLI Reference Guide 6.1 show commands Table 6.1 Summarizes show commands Table 6.
SHOW COMMANDS Table 6.
6-4 WiNG CLI Reference Guide Table 6.
SHOW COMMANDS 6-5 6.1.1 show show commands Displays settings for the specified system component. There are a number of ways to invoke the show command: • When invoked without any arguments, it displays information about the current context. If the current context contains instances, the show command (usually) displays a list of these instances. • When invoked with the display parameter, it displays information about that component.
6-6 WiNG CLI Reference Guide remote-debug rf-domain-manager role running-config session-changes session-config sessions smart-rf spanning-tree startup-config terminal timezone upgrade-status version wireless wwan Show details of remote debug sessions Show RF Domain Manager selection details Role based firewall Current operating configuration Configuration changes made in this session This session configuration Display CLI sessions Smart-RF Management Commands Display spanning tree information Startup con
SHOW COMMANDS version wireless wwan 6-7 Display software & hardware version Wireless commands Display wireless WAN Status rfs7000-37FABE#show terminal rfs7000-37FABE#show terminal Terminal Type: xterm Length: 24 Width: 80 USER EXEC Mode rfs7000-37FABE>show ? adoption Display information related to adoption to wireless controller advanced-wips Advanced WIPS ap-upgrade AP Upgrade captive-portal Captive portal commands cdp Cisco Discovery Protocol clock Display system clock cluster Cluster Protocol comma
6-8 WiNG CLI Reference Guide 6.1.2 adoption show commands Displays information related to controller adoption.
SHOW COMMANDS 6-9 -------------------------------------------------------------------------MAC HOST-NAME TYPE VERSION ADOPTED-BY LAST-ADOPTION -------------------------------------------------------------------------00-A0-F8-00-00-00 ap650-000000 ap650 5.1.0.
6 - 10 WiNG CLI Reference Guide 6.1.3 advanced-wips show commands Displays advanced-wips settings.
SHOW COMMANDS 6 - 11 Parameters configuration [events thresholds|terminate-list] Displays advanced WIPS configuration details • events {thresholds} – Displays events summary • thresholds – Displays thresholds details • terminate-list – Displays the terminate list stats [ap-table|connected-sensors|detectedaps{authorized|neighboring| unauthorized}|detected-stations-for-ap {authorized|neighboring| unauthorized}|event-history| server-listening-port|client-table] Displays advanced WIPS sta
6 - 12 WiNG CLI Reference Guide | test | 18 | windows-zero-config-memory-leak | N | N | N | test | 19 | dos-eap-failure-spoof | N | N | N | test | 20 | multicast-all-routers-on-subnet | N | N | N | test | 21 | essid-jack-attack-detected | N | N | N | test | 22 | dos-rts-flood | N | N | N | test | 23 | accidental-association | N | N | N | test | 24 | probe-response-flood | N | N | N | test | 25 | invalid-channel-advertized | N | N | N | test | 26 | id-theft-eapol-success-spoof-detected | N | N | N | | test
SHOW COMMANDS 6 - 13 6.1.
6 - 14 WiNG CLI Reference Guide 6.1.5 boot show commands Displays the boot configuration of a device. Use the ‘on’ command to view the boot configuration on a remote device. NOTE: This command is not present in the USER EXEC Mode.
SHOW COMMANDS 6 - 15 6.1.6 captive-portal show commands Displays WLAN hotspot information.
6 - 16 WiNG CLI Reference Guide Parameters client {filter|on} Displays connected captive portal client information • filter {captive-portal|ip|state|vlan|wlan} – Specifies an additional selection filter for getting table values • {on } {filter {captiveportal|ip|state|vlan|wlan} – On AP/Controller or RF Domain name The following are common for the above: • captive-portal {CAPTIVE-PORTAL|not CAPTIVE-PORTAL} – Displays clients on the selected captive portal • CAPTIVE-PORTAL – Specify
SHOW COMMANDS 6 - 17 6.1.
6 - 18 WiNG CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 19 6.1.9 cluster show commands Displays cluster related information.
6 - 20 WiNG CLI Reference Guide 6.1.10 commands show commands Displays available commands for the current mode.
SHOW COMMANDS 6 - 21 show wireless client (|(on DEVICE-OR-DOMAIN-NAME)) (|(filter {|(state (|not) (dataready|roaming))|(wlan (|not) WLAN)|(ip (|not) A.B.C.D)})) show wireless client detail AA-BB-CC-DD-EE-FF (|(on DEVICE-OR-DOMAIN-NAME)) show wireless client statistics (|traffic) (|(on DEVICE-OR-DOMAIN-NAME)) show wireless client statistics rf (|(on DEVICE-OR-DOMAIN-NAME)) ...............................................
6 - 22 WiNG CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 23 interference-recovery channel-Controller-delta 5Ghz 20 interference-recovery ..................... rfs7000-37FABE(config)# rfs7000-37FABE(config)#show context session-config ! ! Configuration of RFS7000 version 5.1.0.0-072R ! ! version 2.
6 - 24 WiNG CLI Reference Guide 6.1.12 critical-resources show commands Displays critical resource information. Critical resources are resources that are vital to the wellbeing of the controller managed network.
SHOW COMMANDS 6 - 25 6.1.
6 - 26 WiNG CLI Reference Guide Parameters [ipsec|isakmp] sa {on } • ipsec – Displays the IPSEC policy • isakmp – Displays the ISAKMP policy The following parameters are common for the above: • sa – All crypto ISAKMP security associations • on – Displays ISAKMP security associations on AP/Controller • – Displays AP/Controller name key rsa {on |public-key-detail {on } Displays key management operations • rsa – Displays RSA public keys • on
SHOW COMMANDS 6 - 27 +------------+-------------------------------------------+---------------------+ rfs7000-37FABE(config)# rfs7000-37FABE(config)#show crypto pki trustpoints all on rfs7000-37FABE Trustpoint Name: default-trustpoint (self signed) -------------------------------------------------------------------------CRL present: no Server Certificate details: Key used: default-trustpoint-srvr-priv-key Serial Number: 0671 Subject Name: C=US, ST=CA, L=San Jose, O=Enterprise Mobility, OU=EWLAN, CN=Motorol
6 - 28 WiNG CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 29 ncalls tottime percall cumtime percall filename:lineno(function) 1 0.000 0.000 0.001 0.001 :1() 1 0.000 0.000 0.001 0.001 cluster_db_api.py:20(cluster_db_get_api) 1 0.000 0.000 0.001 0.001 debugcli.py:150(debug_xpath_get_stats_body) 2 0.000 0.000 0.000 0.000 log.py:133(dlog) 1 0.000 0.000 0.000 0.000 re.py:144(sub) 1 0.000 0.000 0.000 0.000 re.py:227(_compile) 1 0.000 0.000 0.000 0.000 utils.py:147(dlog_stats) 1 0.000 0.000 0.000 0.000 utils.py:159(dlog_snmp) 1 0.000 0.
6 - 30 WiNG CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 31 show debugging snmp {on } Parameters debugging {advanced-wips|captive-portal| cfgd|dhcpsvr|mstp|on|radius|voice|vpn|wireless} Displays debugging functions: • captive-portal – Displays the debugging configuration of a hotspot (HSD) module • mstp – Displays the debugging configuration of a Multiple Spanning Tree (MST) module • nsm – DIsplays the debugging configuration of Network Service Module (NSM) • voice – Displays the debugging configuration of a voice module • wirele
6 - 32 WiNG CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 33 6.1.17 event-history show commands Displays an event history Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax show event-history {on } Parameters {on } • on – On AP/Controller • – On AP/Controller name Example rfs7000-37FABE(config)#show event-history Wed Apr 7 18:16:06 2010 00-15-70-37-FA-BE in configuration.
6 - 34 WiNG CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 35 6.1.
6 - 36 WiNG CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 37 Parameters dhcp snoop-table|dos stats|flows]{on } • dhcp snoop table – Displays DHCP snoop-table entries • dos stats – Displays a list of statistics denied from service • flows {filter|management|on |stats|wireless-client } – Displays that a session has been established • filter dir|dst port <1-65535>|ether[dst |host |src |vlan <1-4095>]|flow-type [bridge|natted|routed| wired|wireless]|icmp {code|type}|igmp|ip[dst |proto <0-254> |host
6 - 38 WiNG CLI Reference Guide • igmp – Matches IGMP flows • ip [dst |proto <0-254>|host |src] – Displays IP V4 parameters • dst – Matches destination IP address • host – Matches flows containing IPv4 address • proto <0-254> – Matches the IPv4 protocol • src – Matches source IP address • max-idle – Matches flows which are idle at most for the given duration • min-bytes – Matches flows which has seen at least the given number of bytes • min-idle – Matches flows which are idle at lea
SHOW COMMANDS 6 - 39 | source-route | 0 | Never | tcp-bad-sequence | 0 | Never | tcp-fin-scan | 0 | Never | snork | 0 | Never | chargen | 0 | Never | smurf | 0 | Never +---------------------------------+-----------------+--------------------rfs7000-37FABE(config)# | | | | | | rfs7000-37FABE(config)#show firewall flows brief on rfs7000-37FABE Active Flows 7 TCP flows 3 UDP flows 2 DHCP flows 0 ICMP flows 0 IPsec flows 0 L3/Unknown flows 2 rfs7000-37FABE(config)# rfs7000-37FABE(config)#show firewall flows
6 - 40 WiNG CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 41 IP-Address: 172.16.10.
6 - 42 WiNG CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 43 Parameters arp { {on }|on } Displays the ARP configuration • – Specify the vlan name • {on } – Displays information on the AP/Controller • – Displays information on the AP/Controller name • {on } – Displays information on the AP/Controller • – Displays information on the AP/Controller name ddns bindings {on } Displays the DDNS configuration • bindings {on } –
6 - 44 WiNG CLI Reference Guide igmp snooping [mrouter|vlan] Displays Internet Group Management Protocol (IGMP) information • snooping – IGMP snooping • mrouter vlan <1-4095> {on } – Multicast router • vlan <1-4095> – Specifies a VLAN index value from 1 and 4095 • {on } – Displays information on the AP/ Controller • } – Displays information on the AP/ Controller name • vlan <1-4095> {on |
SHOW COMMANDS 6 - 45 nat translations verbose {on } Displays Network Address Translation (NAT) information • translations – Displays NAT translations • verbose – Displays NAT Translations in real-time • on } – Displays information on the AP/ Controller • } – Displays information on the AP/ Controller/RF Domain name route {|ge|me1|on|pc| vlan} Displays route table information • – Interface name • ge <1-4> – Displays the configured Gigabit Ethernet inter
6 - 46 WiNG CLI Reference Guide | 157.235.208.0/24 | direct | C | vlan4 | 172.16.10.0/24 | direct | C | vlan1 | default | 172.16.10.
SHOW COMMANDS 6 - 47 6.1.
6 - 48 WiNG CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 49 6.1.
6 - 50 WiNG CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 51 6.1.
6 - 52 WiNG CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 53 6.1.
6 - 54 WiNG CLI Reference Guide Example rfs7000-37FABE(config)#show mint stats 0 L1 neighbors L1 LSP DB size 1 LSPs (0 KB) 1 L1 routes Last SPFs took 0s SPF (re)calculated 1 times. levels 1 base priority 180 dis priority 180 rfs7000-37FABE(config)# rfs7000-37FABE(config)#show mint lsp id 70.37.fa.be, level 1, seqnum 18640, 0 adjacencies, 0 extended-vlans, expires in 1145 seconds, republish in 722 seconds, changed True, ext-vlan FDB pri 0, 180 bytes rfs7000-37FABE(config)#show mint lsp-db Level 1 LSPs 70.
SHOW COMMANDS 6 - 55 6.1.
6 - 56 WiNG CLI Reference Guide Data throughput : ( TX + RX = Total ), 0 Kbps + 0 Kbps = 0 Kbps Data packets : ( TX + RX = Total ), 0 + 0 = 0 pkts Data pkts/sec : ( TX + RX = Total ), 0 + 0 = 0 pps BCMC Packets : ( TX + RX = Total ), 0 + 0 = 0 pkts Management Packets : ( TX + RX = Total ), 0 + 0 = 0 pkts Packets Discarded : 0 - Tx Dropped, 0 - Rx Errors Indicators : T = 0 @ Max user rate of 0 Kbps Distribution : 0 Clients, 0 radios Client count Detais : 0/0/0 (b/bg/bgn); 0/0 (a/an) Stats Update Info : 6 se
SHOW COMMANDS 6 - 57 6.1.
6 - 58 WiNG CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 59 6.1.
6 - 60 WiNG CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 61 6.1.35 rf-domain-manager show commands Displays RF Domain Manager selection details. Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax show rf-domain-manager Parameters None Example rfs7000-37FABE(config)#show rf-domain-manager RF Domain default RF Domain Manager: ID: 70.37.fa.
6 - 62 WiNG CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 63 6.1.
6 - 64 WiNG CLI Reference Guide ssh ! firewall-policy default ! mint-security-policy the_policy rejoin-timeout 35 ! device-discover-policy default ! rfs7000 00-15-70-37-FA-BE hostname rfs7000-37FABE no country-code bridge vlan 3 bridge vlan 5 ip arp trust ip dhcp trust ip igmp snooping querier version 2 ip igmp snooping querier max-response-time 3 ip igmp snooping querier timer expiry 89 wep-shared-key-auth radius nas-identifier test..........................................................................
SHOW COMMANDS 6 - 65 6.1.
6 - 66 WiNG CLI Reference Guide 6.1.39 session-config show commands Displays the list of active open sessions on a device Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax show session-config {include-factory} Parameters session-config {includefactory} Displays the contents of the current configuration • {include-factory} – Includes factory defaults Example rfs7000-37FABE(config)#show session-config ! ! Configuration of RFS7000 version 5.1.
SHOW COMMANDS 6 - 67 6.1.
6 - 68 WiNG CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 69 Parameters calibration-status {on } Displays smart-rf calibration status • on – Displays information on a RF Domain • – Displays information on a RF Domain name channel-distribution {on } Display smart-rf channel distribution • on – Displays information on a RF Domain • – Displays information on a RF Domain name history {on } Displays smart-rf history • on – Displays infor
6 - 70 WiNG CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 71 Parameters mst Displays Multiple Spanning Tree (MST) information configuration {on } • configuration – Displays configuration information • {on } – Displays information on the AP/Controller • – Displays information on the AP/Controller/RF Domain name detail {interface|on} Displays detailed information • interface – Interface information • – Interface name • ge <1-4> – Gigabit Ethernet interface from 1-4 •
6 - 72 WiNG CLI Reference Guide rfs7000-37FABE(config)#show spanning-tree mst detail interface test on rfs7000-37FABE % Bridge up - Spanning Tree Disabled % CIST Root Path Cost 0 - CIST Root Port 0 - CIST Bridge Priority 32768 % Forward Delay 15 - Hello Time 2 - Max Age 20 - Max hops 20 % 1: CIST Root Id 800000157037fabf % 1: CIST Reg Root Id 800000157037fabf % 1: CIST Bridge Id 800000157037fabf % portfast bpdu-filter disabled % portfast bpdu-guard disabled % portfast portfast errdisable timeout disabled %
SHOW COMMANDS 6 - 73 6.1.
6 - 74 WiNG CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 75 6.1.
6 - 76 WiNG CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 77 6.1.47 version show commands Displays a device’s software and hardware version Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax show version {on } Parameters version {on Displays the software and hardware version on a device • {on } – On AP/Controller • – On AP/Controller name Example rfs7000-37FABE(config)#show version on rfs7000-37FABE RFS7000 version 5.1.0.
6 - 78 WiNG CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 79 Parameters ap {configured|detail |load-balancing|on} Displays information regarding managed access points • configured – Displays information all access points in configuration • detail {on | on } – Displays detailed information for given AP • – Specify AP MAC address or its hostname • load-balancing {on } – Displays load balancing status on the specified device • on – On AP/
6 - 80 WiNG CLI Reference Guide • on – On AP/Controller or RF Domain • – On AP/Controller or RF Domain name • window-data [ <1-2>|] – Displays window statistics • <1-2> – Specifies the MAC address of the client • <1-2> – Enter a numerical window number • – Enter the client window-stats id in the form of MAC followed by window number: e.g.
SHOW COMMANDS 6 - 81 radio {detail|on|statistics|tspec} Radio related commands. All parameters are optional.
6 - 82 WiNG CLI Reference Guide unsanctioned aps {detail|statistics} {on } Displays information about unauthorized APs Detected • aps – Lists detected unauthorized APs • detailed – Detailed information • statistics – Displays channel statistics The following parameters are common for the above: • on – On AP/controller or RF Domain •
SHOW COMMANDS 6 - 83 +-----------+---------+-----------+-------------+-----------------+------| test | Y | test | none | none | 1 | motorola | Y | motorola | none | none | 1 | wlan1 | Y | wlan1 | none | none | 1 | | | rfs7000-37FABE(config)# rfs7000-37FABE(config)#show wireless wlan statistics +---------------------+----------+----------+--------+--------+--------+-| WLAN | TX BYTES | RX BYTES |TX PKTS |RX PKTS |TX KBPS |RX KBPS |DROPPED | ERRORS | +---------------------+----------+----------+--------+--
6 - 84 WiNG CLI Reference Guide radio-1 radio-2 Country-code Site-Survivable Last error Fault Detected : : : : : : wlan wlan not-set True False rfs4000-880DA7(config)# rfs4000-880DA7(config)#show wireless ap load-balancing on default/rfs4000-880DA7 AP: 00-23-68-88-0D-A7 Client requests on 5ghz : allowed Client requests on 2.4ghz : allowed Average AP load in neighborhood Load on this AP Total 2.4ghz band load in neighborhood Total 5ghz band load in neighborhood Configured band ratio 2.
SHOW COMMANDS 6 - 85 6.1.
6 - 86 WiNG CLI Reference Guide
CHAPTER 7 PROFILES Profiles enable administrators to assign a common set of configuration parameters and policies to controllers and Access Points. Profiles can be used to assign common or unique network, wireless and security parameters to Wireless Controllers and Access Points across a large, multi segment site. The configuration parameters within a profile are based on the hardware model the profile was created to support.
7-2 WiNG CLI Reference Guide 7.1 Creating Profiles NOTE: The commands present under ‘Profiles’ are also available under the ‘Device mode’. The additional commands specific to the ‘Device mode’ are listed separately. Refer Chapter 7, Device Mode Commands for more information. Table 7.1 Summarizes Profile Commands Table 7.
PROFILES 7-3 Table 7.
7-4 WiNG CLI Reference Guide 7.1.1 aaa Creating Profiles Configures VPN AAA authentication settings on the device Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax aaa vpn-authentication aaa vpn-authentication [primary|secondary] key [0 |2 |] {auth-port <1024-65535>} Parameters vpn-authentication [primary|secondary]
PROFILES qos trust 802.1p interface ge2 ip dhcp trust qos trust dscp qos trust 802.1p interface ge3 ip dhcp trust qos trust dscp qos trust 802.1p interface ge4 ip dhcp trust qos trust dscp qos trust 802.
7-6 WiNG CLI Reference Guide 7.1.2 arp Creating Profiles Configures the address resolution protocol parameters. Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax arp [|timeout arp arpa [|vlan ] {[dhcp-server|router]} arp timeout
PROFILES no autoinstall firmware crypto isakmp policy default crypto ipsec transform-set default esp-aes-256 esp-sha-hmac interface me1 interface ge1 ip dhcp trust qos trust dscp qos trust 802.
7-8 WiNG CLI Reference Guide 7.1.
PROFILES 7-9 7.1.
7 - 10 WiNG CLI Reference Guide 7.1.5 ap-upgrade Creating Profiles Enables an automatic firmware upgrade for an adopted AP Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax ap-upgrade [auto|count <1-20>] Parameters auto Enables automatic adopted AP firmware upgrade count <1-20> Sets the concurrent upgrade limit • <1-20> – Enter the number of concurrent upgrades that can be performed.
PROFILES 7 - 11 7.1.6 bridge commands Creating Profiles Configures the Ethernet Bridging commands. Table 7.
7 - 12 WiNG CLI Reference Guide 7.1.6.
PROFILES 7 - 13 7.1.6.2 bridge-vlan-mode commands bridge commands Table 7.3 Summarizes bridge-vlan-mode commands Table 7.3 bridge-vlan commands Command Description Reference bridging-mode Configures how packets on this VLAN are bridged.
7 - 14 WiNG CLI Reference Guide 7.1.6.2.1 bridging-mode bridge-vlan-mode commands Cofigures how the packets on the selected VLAN are bridged.
PROFILES 7 - 15 7.1.6.2.2 description bridge-vlan-mode commands Sets a description of a Bridged VLAN.
7 - 16 WiNG CLI Reference Guide 7.1.6.2.3 edge-vlan bridge-vlan-mode commands Enables the edge VLAN mode Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax edge-vlan Parameters None Example rfs7000-37FABE(config-profile default-rfs7000-bridge-vlan-1)#edge-vlan rfs7000-37FABE(config-profile default-rfs7000-bridge-vlan-1)# 7.1.6.2.
PROFILES 7 - 17 Parameters arp trust Configures an ARP component • trust – Trust ARP responses on VLAN dhcp trust Configures DHCP components • trust – Trust DHCP responses on a VLAN igmp snooping {mrouter(interface |learn|querier {address
7 - 18 WiNG CLI Reference Guide 7.1.6.2.
PROFILES 7 - 19 Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax stateful-packet-inspection-l2 Parameters None Example rfs7000-37FABE(config-profile defalut-rfs7000-bridge-vlan-2)#stateful-packetinspection-l2 rfs7000-37FABE(config-profile defalut-rfs7000-bridge-vlan-2)#
7 - 20 WiNG CLI Reference Guide 7.1.6.2.7 use bridge-vlan-mode commands Uses preconfigured access lists with this bridge policy.
PROFILES 7 - 21 7.1.
7 - 22 WiNG CLI Reference Guide 7.1.8 cluster Creating Profiles Sets the cluster configuration Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax cluster [auto-revert|auto-revert-delay|handle-stp|member|mode|name] cluser member [ip
PROFILES 7 - 23 cluster name cluster1 cluster member ip 172.16.10.
7 - 24 WiNG CLI Reference Guide 7.1.9 configuration-persistence Creating Profiles Enables persistence of configuration across reloads Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • RFS71xx • AP650 • AP6511 • AP6532 Syntax configuration-persistence {secure} Parameters secure Optional. Ensures that parts of the file that contain security related information are not written during a reload.
PROFILES 7 - 25 7.1.10 controller Creating Profiles Configures a WLAN controller information. Sets the controller to be a part of a group of controllers, sets if the controller is a part of a pool of controllers, etc.
7 - 26 WiNG CLI Reference Guide interface ge4 ip dhcp trust qos trust dscp qos trust 802.1p use firewall-policy default controller host 1.2.3.
PROFILES 7 - 27 7.1.11 crypto Creating Profiles Use crypto to define system level local ID for ISAKMP negotiation and to enter the ISAKMP Policy, ISAKMP Client or ISAKMP Peer command set. A crypto map entry is a single policy that describes how certain traffic is secured. There are two types of crypto map entries: ipsec-manual and ipsec-ike entries. Each entry is given an index (used to sort the ordered list).
7 - 28 WiNG CLI Reference Guide Parameters ipsec Configures IPSEC policies [security-association| transform-set] Configures IPSEC security associations and transform set. • security-association – Defines the lifetime (in kilobytes and/or seconds) of the IPSec SAs created • lifetime [kilobyte | seconds] – Specifies how many kilobyte/ seconds an IKE SA lasts before it expires. Values can be entered in both kilobytes and seconds.
PROFILES 7 - 29 isakmp [aggresive-modepeer|client|keepalive|key| policy] Configures the Internet Security Association and Key Management Protocol (ISAKMP) policy • aggressive-mode-peer [address|dn|hostname] – Defines the aggressive mode attributes • address – The IP address is the identity of the remote peer • dn – The identity of the remote peer is the distinguished name • hostname –The hostname is the identity of the remote peer • client configuration group default – Leads to the config-crypto group ins
7 - 30 WiNG CLI Reference Guide A peer address can be deleted with a wrong ISAKMP value. Crypto currently matches only the IP address when a no command is issued. rfs7000-37FABE(config-profile-default-rfs7000)#crypto isakmp key 12345678 address 4.4.4.
PROFILES 7 - 31 7.1.12 isakmp-policy Use the (config) instance to configure ISAKMP policy related configuration commands.
7 - 32 WiNG CLI Reference Guide 7.1.12.
PROFILES 7 - 33 7.1.12.
7 - 34 WiNG CLI Reference Guide 7.1.12.
PROFILES 7 - 35 7.1.12.
7 - 36 WiNG CLI Reference Guide 7.1.12.5 lifetime isakmp-policy Specifies how long an IKE SA is valid before it expires Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax lifetime Parameters lifetime Specifies how many seconds an IKE SA lasts before it expires. A time stamp (in seconds) can be configured between 60 and 2147483646.
PROFILES 7 - 37 7.1.12.
7 - 38 WiNG CLI Reference Guide 7.1.
PROFILES 7 - 39 7.1.13.1 dns crypto-group Configures domain name server settings Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax dns Parameters Sets the IP address for the domain name server Example rfs7000-37FABE(config-profile-default-rfs7000-crypto-group)#dns 171.16.10.6 rfs7000-37FABE(config-profile-default-rfs7000-crypto-group)#show context crypto isakmp client configuration group default wins 1.2.3.4 dns 171.16.10.
7 - 40 WiNG CLI Reference Guide 7.1.13.2 wns crypto-group Configures the Windows name server settings Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax wns Parameters Sets the IP address for Windows name server Example rfs7000-37FABE(config-profile-default-rfs7000-crypto-group)#wns 172.16.10.8 rfs7000-37FABE(config-profile-default-rfs7000-crypto-group)#show context crypto isakmp client configuration group default wins 1.
PROFILES 7 - 41 7.1.14 dscp-mapping Creating Profiles Configures IP DSCP to 802.1p priority mapping for untagged frames Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax dscp-mapping priority <0-7> Parameters Enter a DSCP value of a received IP packet priority <0-7> Priority used for the packet if untagged. • <0-7> – Specifies the 802.
7 - 42 WiNG CLI Reference Guide 7.1.15 email-notification Creating Profiles Configures email notification Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax email-notification [host |recipient ] email-notification host sender {port <1-65535||username } Parameters [host|recipient]] host[sender {port|username} • host – Configures the host SMTP server • – The IP address of the SMTP server.
PROFILES 7 - 43 qos trust 802.1p use firewall-policy default email-notification recipient test@motorolasolutions.
7 - 44 WiNG CLI Reference Guide 7.1.
PROFILES 7 - 45 qos trust 802.1p interface ge4 ip dhcp trust qos trust dscp qos trust 802.1p use firewall-policy default email-notification recipient test@motorolasolutions.
7 - 46 WiNG CLI Reference Guide 7.1.
PROFILES 7 - 47 7.1.18 ip Creating Profiles Configures a selected Internet Protocol component Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax ip [default-gateway|dns-server-forward|route|dhcp|domain-lookup| domain-name|local|name-server|nat|routing] ip dhcp client [hostname|persistent-lease] ip default-gateway ip route ip domain-name ip local pool default low-ip-address {high-ip-address}
7 - 48 WiNG CLI Reference Guide Parameters default-gateway Configures the IP address of the default gateway • – IP address of the next-hop router dns-server-forward Enables Domain Name Service (DNS) Forwarding route Establishes static routes • – IP destination prefix (e.g. 10.0.0.0/8) •
PROFILES 7 - 49 nat [inside|outside][destination static [<1-65535>[[tcp |udp] {165535>}]| {1-65535}]|source [list interface vlan <1-4094> [ overload|overload]|static
7 - 50 WiNG CLI Reference Guide • – Specifies the NAT pool to use • prefix-length <1-30> – Specifies the number of netmask bits routing Enables IP routing Example rfs7000-37FABE(config-profile-default-rfs7000)#ip default-gateway 172.16.10.9 rfs7000-37FABE(config-profile-default-rfs7000)# rfs7000-37FABE(config-profile-default-rfs7000)#ip dns-server-forward rfs7000-37FABE(config-profile-default-rfs7000)# rfs7000-37FABE(config-profile-default-rfs7000)#ip route 172.16.10.10/24 172.16.10.
PROFILES 7 - 51 7.1.19 nat-pool Creating Profiles Use this (config-profile-default-rfs7000) instance to configure NAT pool commands.
7 - 52 WiNG CLI Reference Guide 7.1.19.
PROFILES 7 - 53 7.1.19.2 no nat-pool Negates a comamnd or sets its default value Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax no address Parameters None Usage Guidelines The no command negates any command associated with it. Wherever required, use the same parameters associated with the command getting negated.
7 - 54 WiNG CLI Reference Guide 7.1.20 interface Creating Profiles Selects an interface to configure This command is used to enter the interface configuration mode for the specified physical controller Virtual Interface (SVI) interface. If the VLANx (SVI) interface does not exist, it’s automatically created.
PROFILES 7 - 55 Example rfs7000-37FABE(config-profile-default-rfs7000)#interface vlan 44 rfs7000-37FABE(config-profile-default-rfs7000-if-vlan44)#? VLAN configuration commands: allow-management Allow management crypto Encryption module description Vlan description dhcp-relay-incoming Allow on-board DHCP server to respond to relayed DHCP packets on this interface ip Interface Internet Protocol config commands no Negate a command or set its defaults shutdown Shutdown the selected interface use Set setting t
7 - 56 WiNG CLI Reference Guide 7.1.21 Interface Config Instance Use the (config-profile-default-rfs7000) instance to configure the interfaces – Ethernet, VLAN and tunnel associated with the controller.
PROFILES 7 - 57 Table 7.
7 - 58 WiNG CLI Reference Guide 7.1.21.
PROFILES 7 - 59 7.1.21.
7 - 60 WiNG CLI Reference Guide 7.1.21.
PROFILES 7 - 61 7.1.21.4 dot1x Interface Config Instance Configures 802.
7 - 62 WiNG CLI Reference Guide 7.1.21.5 duplex Interface Config Instance Specifies the duplex mode for the interface Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax duplex [auto|half|full] Parameters [auto|half|full] • auto – Sets the ports duplexity automatically.
PROFILES 7 - 63 7.1.21.
7 - 64 WiNG CLI Reference Guide 7.1.21.
PROFILES 7 - 65 7.1.21.8 no Interface Config Instance Negates a command or sets its defaults Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax no [arp|cdp|channel-group|description|dot1k|duplex|ip|lldp|power|qos| shutdown|spanning-tree|speed|switchport|use] Parameters None Usage Guidelines The no command negates any command associated with it. Wherever required, use the same parameters associated with the command getting negated.
7 - 66 WiNG CLI Reference Guide 7.1.21.9 power Interface Config Instance Invokes PoE commands to configure the PoE power limit and port priority. By default, the value for a GE port is set to low. Power is applied in order of priority, power overlaods are removed in the reverse order of priority. Supported in the following platforms: • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Switch Note: This command is not supported on the RFS7000 controller.
PROFILES 7 - 67 7.1.21.10 qos Interface Config Instance Enables quality of service (QoS) Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax qos trust [802.1p|cos|dscp] Parameters trust [802.1p|cos|dscp] Trust QoS values ingressing on interface • 802.1p – Sets the trust 802.1p COS values ingressing on the interface • cos – Sets the trust 802.
7 - 68 WiNG CLI Reference Guide 7.1.21.11 shutdown Interface Config Instance Disables the selected interface, the interface is administratively enabled unless explicitly disabled using this command.
PROFILES 7 - 69 7.1.21.
7 - 70 WiNG CLI Reference Guide guard root Enables the Root Guard feature for the port. The Root Guard disables the reception of superior BPDUs. The Root Guard ensures the enabled port is a designated port. If the Root Guard enabled port receives a superior BPDU, it moves to a discarding state. Use the no parameter with this command to disable the Root Guard feature.
PROFILES 7 - 71 7.1.21.13 speed Interface Config Instance Specifies the speed of a fast-ethernet (10/100) or a gigabit-ethernet port (10/100/1000) Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 Syntax speed [10|100|1000|auto] Parameters 10 Forces 10 Mbps operation 100 Forces 100 Mbps operation 1000 Forces 1000 Mbps operation auto Port automatically detects the speed it should run based on the port at the other end of the link.
7 - 72 WiNG CLI Reference Guide 7.1.21.
PROFILES 7 - 73 trunk [allowed |native] Sets the trunking mode characteristics • allowed vlan – Configures trunk characteristics when the port is in trunk-mode • vlan [add|none|remove] – Sets allowed VLANs • none – Allows no VLANs to Xmit/Rx through the Layer2 interface • add – Adds VLANs to the current list • remove – Removes VLANs from the current list • – VLAN IDs added or removed. Can be either a range of VLAN (55-60) or list of comma separated IDs (35, 41 etc.
7 - 74 WiNG CLI Reference Guide 7.1.21.
PROFILES 7 - 75 7.1.22 Interface vlan Instance Use the (config-profile-default-rfs7000) instance to configure interfaces – Ethernet, VLAN and the tunnel associated with the controller. To switch to this mode, use the command: rfs7000-37FABE(config-profile-default-rfs7000)#interface [|ge <1-4>| me1|port-channel <1-4>|radio|up1|vlan <1-4094>] rfs7000-37FABE(config-profile-default-rfs7000)#vlan 8 rfs7000-37FABE(config-profile-default-rfs7000-if-vlan8)# Table 7.
7 - 76 WiNG CLI Reference Guide 7.1.22.
PROFILES 7 - 77 7.1.22.2 description Interface vlan Instance Defines a description for the VLAN interface. Use this command to provide additional information about the VLAN.
7 - 78 WiNG CLI Reference Guide 7.1.22.
PROFILES 7 - 79 7.1.22.4 ip Interface vlan Instance Configures Internet Protocol (IP) config commands. Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax ip ip ip ip [address|dhcp|helper-address |nat] address [ {secondary}|dhcp|zeroconfig {secondary} ] nat [inside|outside] dhcp client request options all Parameters address [ {secondary}|dhcp] Sets the IP address of an interface •
7 - 80 WiNG CLI Reference Guide 7.1.22.
PROFILES 7 - 81 7.1.22.
7 - 82 WiNG CLI Reference Guide 7.1.22.
PROFILES 7 - 83 7.1.
7 - 84 WiNG CLI Reference Guide 7.1.
PROFILES 7 - 85 7.1.25 legacy-auto-update Creating Profiles Enables a legacy device firmware to be auto updated.
7 - 86 WiNG CLI Reference Guide 7.1.
PROFILES 7 - 87 7.1.27 load-balancing Creating Profiles Configures load balancing parameters Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax load-balancing [ap-load-weightage|balance-ap-loads|balance-band-loads|balancechannel-loads|band-ratio|client-weightage|equality-margin|hiwaterthreshold|throughput-weightage] load-balancing [ap-load-weightage|client-weightage|throughput-weightage] [2.
7 - 88 WiNG CLI Reference Guide Parameters • ap-load-weightage [2.4ghz|5ghz] <0-100> – Configures weightage when [ap-load-weightage calculating ap-load from radio loads |balance-ap-loads| • 2.4ghz – Weightage assigned to the 2.4ghz radio balance-band-loads| • 5ghz – Weightage assigned to the 5ghz radio balance-channel-loads| • <0-100> – Sets weightage as a percentage from 0 to 100 band-ratio|client-weightage| equality-margin| • client-weightage [2.
PROFILES 7 - 89 7.1.
7 - 90 WiNG CLI Reference Guide 7.1.
PROFILES 7 - 91 facility [local0|local1| local2|local3|local4| local5|local6|local7] Syslog facility in which log messages are sent • local0 – Syslog facility local0 • local1 – Syslog facility local1 • local2 – Syslog facility local2 • local3 – Syslog facility local3 • local4 – Syslog facility local4 • local5 – Syslog facility local5 • local6 – Syslog facility local6 • local7 – Syslog facility local7 host Configures a remote host to receive log messages • – Remote host's IP address on Enable
7 - 92 WiNG CLI Reference Guide 7.1.
PROFILES 7 - 93 7.1.31 mint Creating Profiles Configures MiNT protocol commands Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax mint [dis||level|link|mlcp|spf-latency] mint dispriority-adjustment <-255-255> mint level [leve11|leve2] area-id <1-4294967295> mint link [ip|listen|vlan] mint link listen ip {adjacency-hold-time <2-600>|cost <1-10000>|hello-interval <1-120>|level [1|2]} mint link [ip
7 - 94 WiNG CLI Reference Guide link [ip |listen||vlan <1-4095>] {adjacency-hold-time <2600>|cost <1-10000>|hellointerval <1-120>|level [1|2]} Creates a MiNT routing link • ip – Creates a MiNT tunnel over UDP/IP • – Specifies a peer IP address • listen – Creates listening link over UDP/IP •
PROFILES 7 - 95 Example rfs7000-37FABE(config-profile-default-rfs7000)#mint level 1 area-id 88 rfs7000-37FABE(config-profile-default-rfs7000)# rfs7000-37FABE(config-profile-default-rfs7000)#mint link ip 1.2.3.4 level 1 rfs7000-37FABE(config-profile-default-rfs7000)# rfs7000-37FABE(config-profile-default-rfs7000)#show mint links vlan-1 : level 1, cost 10, 1 adjacencies, DIS 70.37.fa.
7 - 96 WiNG CLI Reference Guide 7.1.
PROFILES 7 - 97 7.1.33 monitor Creating Profiles Enables critical resource monitoring Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax monitor ping-mode [arp-icmp|arp-only vlan <1-4094>] Parameters
7 - 98 WiNG CLI Reference Guide 7.1.34 neighbor-inactivity-timeout Creating Profiles Configures neighbor inactivity timeout factor Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax neighbour-inactivity-timeout <1-1000 Parameters <1-1000> <1-1000> – Sets a timeout period, in seconds, for the neighbor-inactivity factor.
PROFILES 7 - 99 7.1.
7 - 100 WiNG CLI Reference Guide 7.1.
PROFILES 7 - 101 7.1.
7 - 102 WiNG CLI Reference Guide 7.1.38 ntp Creating Profiles Configure Network Time Protocol (NTP) values Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax ntp server {autokey|key|prefer|version} ntp server autokey {prefer version <1-4>|version <1-4>} ntp server key md5 [0 |2|]{prefer version <1-4>|version <1-4>} ntp server prefer version <1-4> ntp server
PROFILES 7 - 103 7.1.
7 - 104 WiNG CLI Reference Guide 7.1.
PROFILES 7 - 105 7.1.
7 - 106 WiNG CLI Reference Guide 7.1.
PROFILES 7 - 107 7.1.
7 - 108 WiNG CLI Reference Guide 7.1.
PROFILES 7 - 109 Parameters errdisable recovery [cause bpduguard |interval <10-1000000>] • Disables error • recovery – Enables the timeout mechanism for a port to be recovered • cause bpduguard – Specifies the reason for errdisable • bpduguard – Recovers from errdisable due to bpduguard • interval <10-1000000> – Specifies the interval after which a port is enabled • <10-1000000> – Specifies an errdisable-timeout interval in seconds.
7 - 110 WiNG CLI Reference Guide If a bridge does not hear bridge protocol data units (BPDUs) from the root bridge within the specified interval, defined in the max-age (seconds) parameter, assume the network has changed and recomputed the spanning-tree topology. Generally, spanning tree configuration settings in the config mode define the configuration for bridge and bridge instances. MSTP works based on instances. An instance is a group of VLANs with a common spanning tree.
PROFILES 7 - 111 7.1.
7 - 112 WiNG CLI Reference Guide Parameters use [adoption-policy| advanced-wips-policy| captive-portal| critical-resource-policy| dhcp-server-policy| firewall-policy| igmp-snoop-policy| management-policy|profile| radius-server-policy| rf-domain|role-policy| smart-rf-policy| trustpoint|wips-policy] Uses the policies as defined • adoption-policy – Sets an adoption policy • advanced-wips-policy – Creates/configures an advanced-wips policy • captive-portal – Captive portal access configuration • critical-res
PROFILES 7 - 113 7.1.
7 - 114 WiNG CLI Reference Guide 7.1.47 wep-shared-key-auth Creating Profiles Enables support for 802.
PROFILES 7 - 115 7.2 Device Specific Commands Use the (config) instance to configure device specific parameters. To navigate to this instance, use the following commands: rfs7000-37FABE(config)#ap7131? rfs7000-37FABE(config)#ap7131 00-15-70-88-9E-C4 rfs7000-37FABE(config-device-00-15-70-88-9E-C4)# Table 7.9 Summarizes Device Mode commands Table 7.
7 - 116 WiNG CLI Reference Guide Table 7.
PROFILES 7 - 117 7.2.
7 - 118 WiNG CLI Reference Guide 7.2.
PROFILES 7 - 119 7.2.
7 - 120 WiNG CLI Reference Guide 7.2.4 country-code Device Specific Commands Sets the country of operation. All existing radio configurations are erased. Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax country-code Parameters country-code Configures the device to operate in a defined country.
PROFILES 7 - 121 7.2.
7 - 122 WiNG CLI Reference Guide 7.2.
PROFILES 7 - 123 7.2.7 hostname Device Specific Commands Sets system's network name Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax hostname Parameters hostname Sets the name of the controller. This name is displayed when the controller is accessed from any network.
7 - 124 WiNG CLI Reference Guide 7.2.8 layout-coordinates Device Specific Commands Configures layout coordinates for the device Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax layout-coordinates <0.0-4096.0> <0.0-4096.0> Parameters <0.0-4096.0> <0.0-4096.0> • <0.0-4096.0> – Specify X coordinate between 0 and 4096.0 • <0.0-4096.0> – Specify Y coordinate between 0 and 4096.
PROFILES 7 - 125 7.2.
7 - 126 WiNG CLI Reference Guide 7.2.
PROFILES 7 - 127 7.2.
7 - 128 WiNG CLI Reference Guide 7.2.
PROFILES 7 - 129 7.2.
7 - 130 WiNG CLI Reference Guide 7.2.14 rsa-key Device Specific Commands Assigns a RSA key to a service Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax rsa-key ssh Parameters ssh Assigns the RSA key to SSH • – Specifies the RSA key name.
PROFILES 7 - 131 7.2.15 sensor-server Device Specific Commands Configures a Motorola Solutions AirDefense sensor server Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax sensor-server <1-3> ip {port}[443|8443|<1-65535>] Parameters <1-3> ip {port} <165535> <1-3> – Select a server to configure with an IP address and optional port number • ip
7 - 132 WiNG CLI Reference Guide 7.2.16 stats Device Specific Commands Configures the statistics related stettings Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax stats open-window <1-2> {sample-interval <5-86640>} {size <3-100>} Parameters open-window <1-2> {sample-interval <5-86640>} {size <3-100>} Opens a stats-window to fetch trending data.
PROFILES 7 - 133 7.2.
7 - 134 WiNG CLI Reference Guide 7.2.
PROFILES 7 - 135 7.2.
7 - 136 WiNG CLI Reference Guide
CHAPTER 8 AAA-POLICY This chapter summarizes the aaa-policy commands within the CLI structure. Use the (config) instance to configure aaa-policy related configuration commands.
8-2 WiNG CLI Reference Guide 8.1 aaa-policy Table 8.1 Summarizes aaa-policy commands Table 8.
AAA-POLICY 8-3 8.1.
8-4 WiNG CLI Reference Guide Parameters interim interval <60-3600> Configures interim accounting parameters • interval <60-3600> – Configures the interval (in seconds) after which interim-accounting updates are sent server [<1-6> [dscp <063>|host secret {port}|nai-routing| onboard|proxy-mode|retrytimeout-factor <50200>|timeout]|preference] Configures a RADIUS accounting server • <1-6> [dscp <0-63>|host |nai-routing |onboard|proxymode|retry-timeout-factor <50-200>|timeout <1-60>] –
AAA-POLICY 8-5 • onboard [controller|self] – Selects an onboard server instead of an external host • controller – Configures the controller’s RADIUS server to which the device is presently adopted • self – Indicates the device itself • proxy-mode [none|through-controller|through-rf-domain-manager] – Select the mode of proxying requests from the list given below • none – No proxy required.
8-6 WiNG CLI Reference Guide accounting accounting accounting accounting server 2 nai-routing realm-type prefix realm DSOS strip type start-interim-stop interim interval 65 server preference auth-server-number
AAA-POLICY 8-7 8.1.
8-8 WiNG CLI Reference Guide Parameters eap wireless-client [attempts <1-10>|identity-requesttimeout <1-60>|retry-timeoutfactor <50-200>|timeout <1-60>] Configures EAP parameters for clients • wireless-client – Configures EAP wireless client related parameters • attempts <1-10> – Enter the number of times a request is sent to a client • <1-10> – Specify the number of attempts • identity-request-timeout <1-60> – Enter the timeout value after which an EAP-Identity request message to a client is retried •
AAA-POLICY server <1-6> [dscp|host| Configures an authentication server nac|nai-routing|onboard|proxy- • <1-6> [dscp|host|nac|nai-routing|onboard|proxy-mode|retry-timeoutmode|retry-timeout-factor <50factor <50-200>|time-out] – Selects a server to be configured 200>|time-out] • dscp <0-63> – Specifies a differentiated devices code point value (QoS) to be used in generated RADIUS packets • <0-63> – Configures a DSCP value between 0 and 3 • host – Defines the address of the server • secret – Ent
8 - 10 WiNG CLI Reference Guide • onboard [controller|self] – Selects an onboard server instead of an external host • controller – Specifies the onboard server on the controller to which the AP is adopted • self – Specifies the onboard server on the device (AP or controller) where the client is associated • proxy-mode [none|through-controller|through-rf-domain-manager] – Selects the mode of proxying requests • none – Sends the requests directly using the IP address of the device without proxy • through-con
AAA-POLICY 8 - 11 8.1.
8 - 12 WiNG CLI Reference Guide 8.1.
AAA-POLICY 8 - 13 8.1.
8 - 14 WiNG CLI Reference Guide 8.1.6 use aaa-policy Applies a NAC for use by this aaa policy.
AAA-POLICY 8 - 15 8.1.7 write aaa-policy Writes the running configuration to memory or a terminal Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax write [memory|terminal] Parameters memory Writes to the NV memory terminal Writes to a terminal Example rfs7000-37FABE(config-aaa-policy-test)#write terminal ! ! Configuration of RFS7000 version 5.1.0.0-036D ! ! version 2.
8 - 16 WiNG CLI Reference Guide ! mint-security-policy the_policy ! role-policy default ! device-discover-policy default !
AAA-POLICY 8 - 17 8.1.
8 - 18 WiNG CLI Reference Guide 8.1.
AAA-POLICY 8 - 19 8.1.
8 - 20 WiNG CLI Reference Guide rmdir self telnet terminal time-it traceroute upgrade upgrade-abort watch write Delete a directory Config context of the device currently logged into Open a telnet connection Set terminal line parameters Check how long a particular command took between request and completion of response Trace route to destination Upgrade software image Abort an ongoing upgrade Repeat the specific CLI command at a periodic interval Write running configuration to memory or terminal clrscr ex
AAA-POLICY 8 - 21 8.1.11 end aaa-policy Ends and exits the current mode and moves to the PRIV EXEC mode The prompt changes to the previous mode.
8 - 22 WiNG CLI Reference Guide 8.1.12 exit aaa-policy Ends the current mode and moves to the previous mode (GLOBAL-CONFIG). The prompt changes to the previous mode.
AAA-POLICY 8 - 23 8.1.
8 - 24 WiNG CLI Reference Guide 8.1.
AAA-POLICY 8 - 25 8.1.
8 - 26 WiNG CLI Reference Guide 8.1.
AAA-POLICY 8 - 27 NAME))]............................................................................. .........................
8 - 28 WiNG CLI Reference Guide 8.1.
AAA-POLICY 8 - 29 startup-config terminal timezone upgrade-status version wireless Startup configuration Display terminal configuration parameters The timezone Display last image upgrade status Display software & hardware version Wireless commands
8 - 30 WiNG CLI Reference Guide
CHAPTER 9 AUTO-PROVISIONING-POLICY This chapter summarizes the auto-provisioning-policy commands in the CLI structure. Adoption rules are sorted by precedence value and matched (filtered) against the information available from an AP, any rule for the wrong AP type is ignored.
9-2 WiNG CLI Reference Guide 9.1 auto-provisioning-policy Table 9.1 Summarizes auto-provisioning-policy commands Table 9.1 auto-provisioning-policy commands Command Description Reference adopt Adds rules for device adoption page 9-3 default-adoption Adopts devices even when no matching rules are found.
AUTO-PROVISIONING-POLICY 9.1.
9-4 WiNG CLI Reference Guide Parameters adopt [ap7131|ap650|ap6511| ap6532] <1-1000> [any|cdp-match |dhcp-option |fqdn |ip|lldp-match |mac|model-number |serial-number |vlan ] Adds rules for device adoption • ap7131– Configures an AP7131 • ap650 – Configures an AP650 • ap6511 – Configures an AP6511 • ap6532 – Configures an AP6532 The following parameters are common for all the APs: • <1-1000> – Configure a rule precedence value between 1
AUTO-PROVISIONING-POLICY 9-5 | IDX | NAME | MAC | PROFILE | RF-DOMAIN | +-----+-----------------+---------------------+------------------+-------| 1 | ap7131-889EC4 | 00-15-70-88-9E-C4 | default-ap7131 | default | | 2 | ap650-445566 | 11-22-33-44-55-66 | default-ap650 | default | +-----+-----------------+---------------------+------------------+-------rfs7000-37FABE(config-auto-provisioning-policy-test)#adopt ap7131 10 ap7131 default dhcp-option test rfs7000-37FABE(config-auto-provisioning-policy-test)#ad
9-6 WiNG CLI Reference Guide 9.1.2 default-adoption auto-provisioning-policy Adopts devices even when no matching rules are found.
AUTO-PROVISIONING-POLICY 9-7 9.1.3 deny auto-provisioning-policy Adds a rule to deny device adoption Supported in the following platforms: • RFS7000 • RFS6000 • AP71xx • AP650 • AP6511 • AP6532 Syntax deny [ap7131|ap650|ap6511|ap6532] <1-1000> [any|cdp-match |dhcp-option |fqdn |ip|lldp-match |mac|model-number |serial-number |vlan ] deny [ap7131|ap650|ap6511|ap6532] <1-1000> ip [ |A.B.C.
9-8 WiNG CLI Reference Guide Parameters [ap7131|ap650|ap6511| ap6532] <1-1000> [any|cdp-match |dhcp-option |fqdn|ip|lldp-match |mac|model-number |serial-number |vlan ] Use the ‘deny’ command to add a rule to deny a device adoption • ap7131 – Configures an AP7131 • ap650 – Configures an AP650 • ap6511 – Configures an AP6511 • ap6532 – Configures an AP6532 The following parameters are common for both AP7131 and AP650: • <1-1000> – Configure a rule precedence value be
AUTO-PROVISIONING-POLICY 9.1.
9 - 10 WiNG CLI Reference Guide
CHAPTER 10 ADVANCED-WIPS-POLICY This chapter summarizes the advanced-wips-policy commands within the CLI structure. Use the (config) instance to configure advance-wips-policy related configuration commands.
10 - 2 WiNG CLI Reference Guide 10.1 advanced-wips-policy Table 10.1 Summarizes advanced-wips-policy commands Table 10.
ADVANCED-WIPS-POLICY 10 - 3 10.1.1 event advanced-wips-policy Configures event detection. Configures the parameters related to the detection of anomalous frames on the RF network.
10 - 4 WiNG CLI Reference Guide Parameters event [accidentalassociation|rogue-apdetection|unauthorized-bridge] [mitigation-enable|triggeragainst {neighboring|sanctioned|unsa nctioned}] Configures parameters related to the detection of anomalous frames on the RF network.
ADVANCED-WIPS-POLICY 10 - 5 [crackable-wep-iv-used| dos-deauthenticationdetection|dos-disassociationdetection|dos-eap-failurespoof|dos-rts-flood|essid-jackattack-detected|fake-dhcpserver-detected|fata-jackdetected|id-theft-eapolsuccess-spoof-detected|idtheft-out-of-sequence|invalidchannel-advertized|invalidmanagement-frame|ipxdetection|monkey-jack-attackdetected|multicast-all-routerson-subnet|multicast-allsystems-on-subnet|multicastdhcp-server-relayagent|multicast-hsrpagent|multicast-igmpdetection|multicas
10 - 6 WiNG CLI Reference Guide dos-eapol-logoff-storm Detects DoS EAPoL Logoff Storm [threshold [eapol-start-frames- • threshold – Configures the event threshold ap|eapol-start-frames-mu]<0• eapol-start-frames-ap <0-65535> –Detects EAPoL start frames 65535> |trigger-against transmitted by an AP {neighboring|sanctioned|unsa • eapol-start-frames-mu <0-65535> – Detects EAPoL start frames nctioned}] transmitted by a client • <0-65535> – Select a threshold value between 0 and 65535 • trigger-against{neighborin
ADVANCED-WIPS-POLICY 10 - 7 Example rfs7000-37FABE(config-advanced-wips-policy-test)#event frames-ratio 8 rfs7000-37FABE(config-advanced-wips-policy-test)#event threshold eapol-start-frames-mu 99 rfs7000-37FABE(config-advanced-wips-policy-test)#event threshold probe-rsp-frames-count 8 rfs7000-37FABE(config-advanced-wips-policy-test)#event trigger-against sanctioned rfs7000-37FABE(config-advanced-wips-policy-test)#event against sanctioned dos-cts-flood threshold ctsdos-eapol-logoff-storm probe-response-fl
10 - 8 WiNG CLI Reference Guide 10.1.
ADVANCED-WIPS-POLICY 10 - 9 10.1.
10 - 10 WiNG CLI Reference Guide 10.1.
ADVANCED-WIPS-POLICY 10 - 11 10.1.
10 - 12 WiNG CLI Reference Guide
CHAPTER 11 ASSOCIATION-ACL-POLICY This chapter summarizes the association-acl-policy commands within the CLI structure. Use the (config) instance to configure association-acl-policy related configuration commands.
11 - 2 WiNG CLI Reference Guide 11.1 association-acl-policy Table 11.1 Summarizes association-acl-policy commands Table 11.
ASSOCIATION-ACL-POLICY 11 - 3 11.1.
11 - 4 WiNG CLI Reference Guide 11.1.
ASSOCIATION-ACL-POLICY 11 - 5 11.1.
11 - 6 WiNG CLI Reference Guide
Chapter 12 ACCESS-LIST This chapter summarizes IP and MAC access list commands in detail. Access-lists control access to the network through a set of rules. Each rule specifies an action taken when a packet matches a given set of rules. If the action is deny, the packet is dropped. If the action is permit, the packet is allowed. The controller supports the following ACLs. • IP access lists • MAC access lists Use IP and MAC commands under the global configuration to create an access list.
12 - 2 WiNG CLI Reference Guide mac-access-list rfs7000-37FABE(config)#mac access-list test rfs7000-37FABE(config-mac-acl-test)#? MAC Extended ACL Config commands: deny Specify packets to reject no Negate a command or set its defaults permit Specify packets to forward clrscr Clears the display screen commit Commit all changes made in this session end End current mode and change to EXEC mode exit End current mode and down to previous mode help Description of the interactive help system revert Revert changes
ACCESS-LIST 12 - 3 12.1 ip-access-list Table 12.1 Summarizes commands under the IP access list mode Table 12.
12 - 4 WiNG CLI Reference Guide 12.1.1 deny ip-access-list Specifies packets to reject NOTE: Use a decimal value representation of ethertypes to implement a permit/deny designation for a packet. The command set for IP ACLs provide the hexadecimal values for each listed ethertype. The controller supports all ethertypes. Use the decimal equivalent of the ethertype listed for any other ethertype.
ACCESS-LIST 12 - 5 Parameters deny ip [|any|host ][|any|host ] {log} {rule-precedence <1-5000>} Use with the deny command to reject packets • deny – Sets the action type on an ACL • IP – Specifies an IP address • |any|host – The keyword is the source IP address of the network or host in dotted decimal format. • any – any is an abbreviation for a source IP of 0.0.0.
12 - 6 WiNG CLI Reference Guide deny [tcp|udp] [|any|host ] {eq |range • |any|host – The source is the source IP address of } []{eq
ACCESS-LIST 12 - 7 [<0-254>|| eigrp|gre|igmp|igp|ospf|vrrp][ |any|host ][|any|host ] {log} {rule-description |rule-precedence<15000>}] Use with the deny command to deny any protocol other than TCP, UDP or ICMP • <0-254] – Displays the protocol number • – Refers to any protocol name • eigrp – EIGRP protocol 88 • gre – GRE protocol 47 • igmp – IGMP protocol 2 • igp – IGP protocol 9 • ospf – OSPF protocol 89 • vrrp – VRRP protocol 112 •
12 - 8 WiNG CLI Reference Guide packets based on ICMP type and code NOTE: The log option is functional only for router ACL’s. The log option displays an informational logging message about the packet that matches the entry sent to the console. Example rfs7000-37FABE(config-ip-acl-test)#deny icmp 172.16.10.3/24 any rule-precedence 88 rfs7000-37FABE(config-ip-acl-test)# rfs7000-37FABE(config-ip-acl-test)#deny icmp 172.16.10.3/24 host 172.16.10.
ACCESS-LIST 12 - 9 12.1.2 permit ip-access-list Permits specific packets NOTE: Use a decimal value representation of ethertypes to implement a permit/deny designation for a packet. The command set for IP ACLs provide the hexadecimal values for each listed ethertype. The controller supports all ethertypes. Use the decimal equivalent of the ethertype listed for any other ethertype.
12 - 10 WiNG CLI Reference Guide Parameters permit ip [| any|host ] [|any|host ] {log} {rule-precedence <1-5000>} {mark [8021p <07>|dscp<0-63> ruleprecedence <1-5000> {ruledescription} } Use with a permit command to allow IP packets • permit – Sets the action type on an ACL • IP – Specifies an IP (to match to a protocol) • |any|host – The keyword is the source IP address of the network or host in dotted decimal format • any – an
ACCESS-LIST 12 - 11 • [|any|host ] – Defines the destination host IP address or destination network address • {} – Sets the ICMP type value from 0 to 255, and is valid only for ICMP. The ICMP code value is from 0 to 255, and is valid only for protocol type icmp • log – Generates log messages when the packet coming from the interface matches the ACL entry.
12 - 12 WiNG CLI Reference Guide permit [tcp|udp] [|any|host ] {eq |range } [|any|host ] {eq } {range } {log} {rule-precedence <1-5000>}{mark [8021p <07>|dscp<0-63> ruleprecedence <1-5000> {ruledescription} } Use with the permit command to allow TCP or UDP packets • permit – Permits TCP/UDP packets • [tcp|udp] – Specifies TCP or UDP as the protocol • <
ACCESS-LIST 12 - 13 permit proto [<0-254>|WORD|eigrp|gre| igmp|igp|ospf|vrrp] [|any|host ][|any|host ] {log} {rule-description |rule-precedence <1-5000>} Use with the permit command to allow any protocol other than TCP, UDP or ICMP • 0-254] – Displays protocol number • – Refers to any protocol name • eigrp – EIGRP protocol 88 • gre – GRE protocol 47 • igmp – IGMP protocol 2 • igp – IGP protocol 9 • ospf – OSPF protocol 89 • vrrp – VRRP protocol 112 •
12 - 14 WiNG CLI Reference Guide • Selecting ICMP allows the filter of ICMP packets based on type and node. NOTE: The log option is functional only for router ACL’s. The log option displays an informational logging message about the packet matching the entry sent to the console. Example rfs7000-37FABE(config-ip-acl-test)#permit icmp any any log rule-precedence 200 rfs7000-37FABE(config-ip-acl-test)# rfs7000-37FABE(config-ip-acl-test)#permit ip 192.168.1.10/24 192.168.2.
ACCESS-LIST 12 - 15 12.1.3 no ip-access-list Negates a command or sets its default Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax no [deny|permit] Parameters deny Specifies packets to reject permit Specifies packets to forward Usage Guidelines Removes an access list control entry. Provide the rule-precedence value when using the no command. Example rfs7000-37FABE(config-ip-acl-test)#no mark 8021p 5 tcp 192.168.2.
12 - 16 WiNG CLI Reference Guide 12.1.4 write ip-access-list Writes the running configuration to memory or terminal Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax write [terminal|memory] Parameters terminal Writes to a terminal memory Writes to memory Example rfs7000-37FABE(config-ip-acl-test)#write terminal ! ! Configuration of RFS7000 version 5.1.0.0-036D ! ! version 2.
ACCESS-LIST 12 - 17 ! mint-security-policy the_policy ! role-policy default ! device-discover-policy default !
12 - 18 WiNG CLI Reference Guide 12.1.
ACCESS-LIST 12 - 19 12.1.
12 - 20 WiNG CLI Reference Guide 12.1.
ACCESS-LIST 12 - 21 12.1.8 exit ip-access-list Ends the current mode and moves to the previous mode (GLOBAL-CONFIG). The prompt changes to the previous mode.
12 - 22 WiNG CLI Reference Guide 12.1.9 help ip-access-list Displays the interactive help system Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax help Parameters None Example rfs7000-37FABE(config-ip-acl-test)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
ACCESS-LIST 12 - 23 12.1.
12 - 24 WiNG CLI Reference Guide 12.1.
ACCESS-LIST 12 - 25 NAME))]............................................................................. .........................
12 - 26 WiNG CLI Reference Guide 12.1.12 show ip-access-list Displays running system information Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax show Parameters None Example rfs7000-37FABE(config-ip-acl-test)#show ? aclstats ACL stats adoption Display information related to adoption advanced-wips Advanced WIPS boot Display boot configuration.
ACCESS-LIST 12 - 27 12.2 mac-access-list Table 12.2 Summarizes MAC Access list commands Table 12.
12 - 28 WiNG CLI Reference Guide 12.2.1 permit mac-access-list Specifies specific packets to forward NOTE: Use a decimal value representation of ethertypes to implement a permit/deny designation for a packet. The command set for MAC ACLs provide the hexadecimal values for each listed ethertype. The controller supports all ethertypes. Use the decimal equivalent of the ethertype listed for any other ethertype.
ACCESS-LIST 12 - 29 Parameters permit Use with a permit command to allow IP packets permit [dot1p <0-7>|log|mark [8021p<0-7>|dscp<063>[rule-precedence <1-5000> [rule-description ]]|rule-precedence <1-5000>[rule-description |type [8021q|<1-65535>|aarp|appletalk| arp|ip|ipv6|ipx|mint|rarp|wisp] [log| rule-precedence <1-5000> rule-desription ]|vlan <1-4095> [log| rule-precedence|type[8021q| <1-65535>|aarp|appletalk |arp|ip|ip
12 - 30 WiNG CLI Reference Guide • aarp – AARP Ether Type (0x80F3) • appletalk – APPLETALK Ether Type (0x809B) • arp – ARP Ether Type (0x0806) • ip – IP Ether Type (0x0800) • ipv6 – IPv6 Ether Type (0x86DD) • ipx – IPX Ether Type (0x8137) • mint – MINT Ether Type (0x8783) • rarp – RARP Ether Type (0x8035) • wisp –WISP Ether Type (0x8783) • vlan <1-4095> [log|rule-precedence <1-5000> rule-desription |type] – VLAN ID • <1-4095> – Specify a VLAN ID between 1-4095
ACCESS-LIST 12 - 31 any [dot1p <0-7>|log|mark [8021p<0-7>|dscp<063>[rule-precedence <1-5000> [ruledescription ]] rule-precedence <15000> [rule-description |type [8021q|<1-65535>|aarp|appletalk| arp|ip|ipv6|ipx|mint|rarp|wisp] [log|ruleprecedence]|vlan <1-4095> [log|ruleprecedence|type[8021q| <1-65535>|aarp|appletalk| arp|ip|ipv6|ipx|mint|rarp|wisp] any – Specify any source host to match • – Defines the destination MAC address • – De
12 - 32 WiNG CLI Reference Guide host [dot1p <0-7>|log|mark [8021p<0-7>|dscp<0-63>[rule-precedence <15000>[rule-description ]]|ruleprecedence <1-5000>[rule-description |type [8021q|<1-65535>|aarp| appletalk|arp|ip|ipv6|ipx|mint|rarp|wisp]] [log|mark|rule-precedence] Defines exact source address to match • – Defines source MAC address to match • – Defines destination MAC address to match • – Defines destinati
ACCESS-LIST 12 - 33 • – Specify the description not exceeding 128 characters • rule-precedence <1-5000> rule-description – Defines an integer value between 1-5000 to set the rule precedence in the ACL • rule-description – Access-list entry description • – Specify the description not exceeding 128 characters • type[8021q|<1-65535>|aarp|appletalk|arp|ip|ipv6| ipx|mint|rarp|wisp] [log <0-7>|rule-precedence <1-5000>][log|mark|rule-precedence] – Ether Type • 8021q – VLAN Ether Type (0x8100)
12 - 34 WiNG CLI Reference Guide The controller (by default) does not allow layer 2 traffic to pass through the interface. To adopt an access point through an interface, configure an access control list to allow an Ethernet WISP Use the mark option to specify the type of service (tos) and priority value. The tos value is marked in the IP header and the 802.1p priority value is marked in the dot1q frame. Whenever the interface receives the packet, its content is checked against all the ACEs in the ACL.
ACCESS-LIST 12 - 35 12.2.2 deny mac-access-list Specifies packets to reject NOTE: Use a decimal value representation of ethertypes to implement a permit/deny designation for a packet. The command set for MAC ACLs provide the hexadecimal values for each listed ethertype. The controller supports all ethertypes. Use the decimal equivalent of the ethertype listed for any other ethertype.
12 - 36 WiNG CLI Reference Guide Parameters deny Use with the deny command to reject packets deny [|any|host • deny – Sets the action type on a ACL • – Specify the source MAC address • – Specify the source MAC address mask • – Specify the destination MAC address • any – any destination host • host – host is an abbreviation for the exact source (AA-BB-CC-DD-EE-FF format) and source-mask bits equal to 32 • AA-BB-CC-DD-EE-FF – Specify t
ACCESS-LIST 12 - 37 any [dot1p <0-7>|log|ruleprecedence <1-5000>[ruledescription |type [8021q|<165535>|aarp|appletalk|arp|ip|ipv6|i px|mint|rarp|wisp] [log|ruleprecedence]|vlan <1-4095> [log|ruleprecedence|type[8021q|<165535>|aarp|appletalk|arp|ip|ipv6|i px|mint|rarp|wisp] any –Specify a destination MAC address • – Specify any destination MAC address mask • dot1p <0-7> – Sets the 802.
12 - 38 WiNG CLI Reference Guide host [dot1p <0-7>|log|ruleprecedence <1-5000>[ruledescription |type [8021q|<165535>|aarp|appletalk|arp|ip|ipv6|i px|mint|rarp|wisp] [log|ruleprecedence]|vlan <1-4095> [log|ruleprecedence|type[8021q|<165535>|aarp|appletalk|arp|ip|ipv6|i px|mint|rarp|wisp] host – Specify an exact source MAC address to match • – Specify the destination MAC address • dot1p <0-7> – Sets the 802.
ACCESS-LIST 12 - 39 The last ACE in the access list is an implicit deny statement. Whenever the interface receives the packet, its content is checked against all the ACEs in the ACL. It is allowed/denied based on the ACL’s configuration.
12 - 40 WiNG CLI Reference Guide
CHAPTER 13 DHCP-SERVER-POLICY This chapter summarizes DHCP Server Policy commands within CLI structure. Use the (config) instance to configure DHCP Server Policy related configuration commands.
13 - 2 WiNG CLI Reference Guide 13.1 dhcp-server-policy Table 13.1Summarizes dhcp-server-policy commands Table 13.
DHCP-SERVER-POLICY 13 - 3 13.1.
13 - 4 WiNG CLI Reference Guide 13.1.
DHCP-SERVER-POLICY 13 - 5 13.1.3 dhcp-pool-mode Configures dhcp-pool commands Table 13.2 Summarizes dhcp-pool commands Table 13.2 dhcp-pool-mode Commands Command Description Reference address Specifies a range of addresses for a DHCP network pool page 13-6 bootfile Assigns a bootfile name. The bootfile name can contain letters, numbers, dots and hyphens.
13 - 6 WiNG CLI Reference Guide 13.1.3.
DHCP-SERVER-POLICY 13 - 7 13.1.3.2 bootfile dhcp-pool-mode Assigns a bootfile name for the DHCP configuration in the network pool Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax bootfile Parameters Sets the boot image for BOOTP clients. The file name can contain letters, numbers, dots and hyphens. Consecutive dots and hyphens are not permitted Usage Guidelines Use the bootfile command to specify the boot image.
13 - 8 WiNG CLI Reference Guide 13.1.3.3 ddns dhcp-pool-mode Configures dynamic DNS parameters Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax ddns [domain-name |multiple-userclass|server {A.B.C.D}|ttl <1-864000>] Parameters domain-name Sets the domain name used for DDNS updates multiple-userclass Enables multiple user class option server {A.B.C.
DHCP-SERVER-POLICY 13 - 9 13.1.3.4 default-router dhcp-pool-mode Configures a default-router or gateway IP address for the network pool. To remove the default router list, use the no default-router command. Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax default-router {} Parameters {} Specifies the default router IP address for the network pool. The maximum number of IP’s that can be configured is 8.
13 - 10 WiNG CLI Reference Guide 13.1.3.5 dns-server dhcp-pool-mode Sets the DNS server’s IP address available to all DHCP clients connected to the DHCP pool. Use the no dnsserver command to remove the DNS server list. Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax dns-server Parameters Configures the DNS server’s IP address • – Sets the server's IP address.
DHCP-SERVER-POLICY 13 - 11 13.1.3.6 domain-name dhcp-pool-mode Sets the domain name for the DHCP pool. Use the no domain-name command to remove the domain name. Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax domain-name Parameters Defines the domain name for the DHCP pool Usage Guidelines For DHCP clients, the DNS server’s IP address maps the host name to an IP address.
13 - 12 WiNG CLI Reference Guide 13.1.3.7 excluded-address dhcp-pool-mode Prevents a DHCP Server from assigning certain addresses to the DHCP pool Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax excluded-address [|range ] Parameters [|range ] •
DHCP-SERVER-POLICY 13 - 13 13.1.3.8 lease dhcp-pool-mode Sets a valid lease time for the IP address used by DHCP clients in the DHCP pool Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax lease [<0-365> {0-23} {0-59> {0-59}|infinite] Parameters <0-365> Select a value between 0 and 365 days to configure lease time. Days may be 0 only when hours and/or mins are greater than 0 • <0-23> – Sets the lease period in hours.
13 - 14 WiNG CLI Reference Guide client-name test4lease client-identifier tested4lease ................................................................ ..........................................
DHCP-SERVER-POLICY 13 - 15 13.1.3.9 netbios-name-server dhcp-pool-mode Configures the NetBIOS (WINS) name server IP address Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax netbios-name-server Parameters Sets the NetBIOS name server's IP address Example rfs7000-37FABE(config-dhcp-policy-test-pool-pool1)#netbios-name-server 172.16.10.
13 - 16 WiNG CLI Reference Guide 13.1.3.
DHCP-SERVER-POLICY 13 - 17 13.1.3.11 next-server dhcp-pool-mode Configures the next server in the boot process Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax next-server Parameters Configures the IP address of the next server in the boot process Example rfs7000-37FABE(config-dhcp-policy-test-pool-pool1)#next-server 172.16.10.
13 - 18 WiNG CLI Reference Guide 13.1.3.
DHCP-SERVER-POLICY 13 - 19 13.1.3.13 option dhcp-pool-mode Configures raw DHCP options. The DHCP option has to be configured under the DHCP-Server-Policy. The options configured under the DHCP-Pool/DHCP-Server-Policy can also be used in static-bindings. Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax option [|] Parameters Specify the name of the DHCP option to configure
13 - 20 WiNG CLI Reference Guide 13.1.3.14 respond-via-unicast dhcp-pool-mode Sends a DHCP offer and a DHCP Ack as unicast messages Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP7131 • AP650 • AP6511 • AP6532 Syntax respond-via-unicast Parameters None Example rfs7000-37FABE(config-dhcp-policy-test-pool-pool1)#respond-via-unicast rfs7000-37FABE(config-dhcp-policy-test-pool-pool1)# NOTE: The commands clrscr, commit, exit, help, show, service, revert, write are common commands.
DHCP-SERVER-POLICY 13 - 21 13.1.3.15 update dhcp-pool-mode Controls the usage of the DDNS service Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax update dns {override} Parameters dns {override} Dynamic DNS Configuration • override – Enables dynamic updates by onboard DHCP Server Usage Guidelines A DHCP client cannot perform updates for RR’s A, TXT and PTR.
13 - 22 WiNG CLI Reference Guide 13.1.4 static-binding dhcp-pool-mode Configures static address bindings Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax static-binding [client-identifier |hardware-address ] Parameters [client-identifier |hardware-address ] • client-identifier – Specify the client identifier for the DHCP client (DHCP option 61) • – ASCII string.
DHCP-SERVER-POLICY 13 - 23 rfs7000-37FABE(config-dhcp-policy-test-pool-pool1-binding-Hex)# rfs7000-37FABE(config-dhcp-policy-test-pool-pool1-binding-11-22-33-44-5566)#? DHCP static binding Mode commands: bootfile Boot file name client-name Client name default-router Default routers dns-server DNS Servers domain-name Configure domain-name ip-address Fixed IP address for host netbios-name-server NetBIOS (WINS) name servers netbios-node-type NetBIOS node type next-server Next server in boot process no Negate a
13 - 24 WiNG CLI Reference Guide 13.1.5 static-binding-mode Use the (config) instance to configure dhcp-static-binding related configuration commands. To navigate to the instance, use the following commands: rrfs7000-37FABE(config-dhcp-policy-test-pool-pool1)#static-binding clientidentifier Hex rfs7000-37FABE(config-dhcp-policy-test-pool-pool1-binding-Hex)#? Table 13.3 Summarizes static-binding-mode commands Table 13.
DHCP-SERVER-POLICY 13 - 25 13.1.5.1 bootfile static-binding-mode Specifies a bootfile name for the DHCP configuration Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax bootfile Parameters Specify a boot file name. The file name can contain letters, numbers, dots and hyphens. Consecutive dots and hyphens are not permitted. Usage Guidelines Use the bootfile command to specify the boot image.
13 - 26 WiNG CLI Reference Guide 13.1.5.
DHCP-SERVER-POLICY 13 - 27 13.1.5.3 default-router static-binding-mode Configures the default router or gateway IP address for the network pool. To remove the default router list, use the no default-router command. Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax default-router {A.B.C.D} Parameters {A.B.C.D} Specify an IP address to configure a default router. The maximum number of IPs that can be configured is 8.
13 - 28 WiNG CLI Reference Guide 13.1.5.4 dns-server static-binding-mode Sets the DNS server’s IP address available to all DHCP clients connected to the pool. Use the no dns-server command to remove the DNS server list. Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax dns-server Parameters Specify a static IP address to configure a DNS server. Up to 8 IPs can be set.
DHCP-SERVER-POLICY 13 - 29 13.1.5.5 domain-name static-binding-mode Configures a domain name Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax domain-name Parameters Specify a name for the domain Usage Guidelines The domain name cannot exceed 256 characters.
13 - 30 WiNG CLI Reference Guide 13.1.5.6 ip-address static-binding-mode Configures a fixed IP address for a host Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax ip-address Parameters Configures a fixed IP address in dotted decimal format for the host Example rfs7000-37FABE(config-dhcp-policy-test-pool-pool1-binding-1)#ip-address 172.16.10.
DHCP-SERVER-POLICY 13 - 31 13.1.5.7 netbios-name-server static-binding-mode Configures a NetBIOS (WINS) name server‘s IP address Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax netbios-name-server Parameters Sets the NetBIOS name server’s IP address Example rfs7000-37FABE(config-dhcp-policy-test-pool-pool1-binding-1))#netbiosname-server 172.16.10.
13 - 32 WiNG CLI Reference Guide 13.1.5.
DHCP-SERVER-POLICY 13 - 33 13.1.5.9 next-server static-binding-mode Configures the next-server in the boot process Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax next-server Parameters Configures the IP address of the next-server in the boot process Example rfs7000-37FABE(config-dhcp-policy-test-pool-pool1-binding-1))#next-server 172.16.10.
13 - 34 WiNG CLI Reference Guide 13.1.5.
DHCP-SERVER-POLICY 13 - 35 13.1.5.11 option static-binding-mode Configures raw DHCP options. The DHCP option has to be configured under DHCP-Policy. The options configured under DHCP-Server-Policy only can be used in static-bindings. rfs7000-37FABE(config-dhcp-policy-test)#option test1 rfs7000-37FABE(config-dhcp-policy-test)# 2 ascii Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP7131 • AP650 • AP6511 • AP6532 Syntax option [|] Parameters
13 - 36 WiNG CLI Reference Guide 13.1.5.
DHCP-SERVER-POLICY 13 - 37 13.1.5.13 static-route static-binding-mode Adds static routes to be installed on the DHCP clients Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax static-route Parameters Enter the network number and mask to configure the subnet Example rfs7000-37FABE(config-dhcp-policy-test-pool-pool1-binding-1)#static-route 10.0.0.0/10 157.235.208.
13 - 38 WiNG CLI Reference Guide 13.1.
DHCP-SERVER-POLICY 13 - 39 13.1.
13 - 40 WiNG CLI Reference Guide 13.1.
DHCP-SERVER-POLICY 13 - 41 13.1.
13 - 42 WiNG CLI Reference Guide 13.1.10 dhcp-class-mode Use the (config-dhcpclass) instance to configure DHCP user classes. The controller supports a maximum of 8 user classes per DHCP class. To navigate to this instance use the command: rfs7000-37FABE(config-dhcp-policy-test)#dhcp-class dhcpclass1 rfs7000-37FABE(config-dhcp-policy-test-class-dhcpclass1)#? Table 13.4 Summarizes dhcp-class commands Table 13.
DHCP-SERVER-POLICY 13 - 43 13.1.10.
13 - 44 WiNG CLI Reference Guide 13.1.10.
DHCP-SERVER-POLICY 13 - 45 13.1.10.
13 - 46 WiNG CLI Reference Guide
CHAPTER 14 FIREWALL-POLICY This chapter summarizes the firewall-policy commands within the CLI structure. Use (config) instance to configure firewall-policy related configuration commands. To navigate to the config-fw-policy instance, use the following commands.
14 - 2 WiNG CLI Reference Guide 14.1 firewall-policy Table 14.1 Summarizes default firewall policy commands Table 14.
FIREWALL-POLICY 14 - 3 14.1.
14 - 4 WiNG CLI Reference Guide 14.1.
FIREWALL-POLICY 14 - 5 14.1.
14 - 6 WiNG CLI Reference Guide 14.1.
FIREWALL-POLICY 14 - 7 14.1.
14 - 8 WiNG CLI Reference Guide 14.1.
FIREWALL-POLICY 14 - 9 Example rfs7000-37FABE(config-fw-policy-default)#flow timeout icmp 4 rfs7000-37FABE(config-fw-policy-default)# rfs7000-37FABE(config-fw-policy-default)#flow timeout tcp setup 8 rfs7000-37FABE(config-fw-policy-default)# rfs7000-37FABE(config-fw-policy-default)#flow icmp stateful rfs7000-37FABE(config-fw-policy-default)#
14 - 10 WiNG CLI Reference Guide 14.1.
FIREWALL-POLICY 14 - 11 Parameters dos {ascend| bcast-mcast-icmp |chargen|fraggle| ftp-bounce|invalid-protocol| ip-ttl-zero|ipspoof|land| option-route| router-solicit|router-advt| smurf|snork|tcp-badsequence|tcp-fin-scan| tcp-intercept|tcp-maxincomplete| tcp-null-scan| tcp-post-syn| tcp-xmas-scan |tcphdrfrag |twinge|udp-short-hdr} [drop-only|log-and-drop| log-only]log-level [<0-8>| alerts|critical|debugging| |emergencies| errors|informational|none|notif ications| warnings] Configures the Denial of Servic
14 - 12 WiNG CLI Reference Guide For all the above DoS attacks, the following log-levels can be set • alerts – Immediate action needed (level 1) • critical – Critical conditions (level 2) • <0-8> – Select one numerical log level.
FIREWALL-POLICY 14 - 13 rfs7000-37FABE(config-fw-policy-test)#ip tcp recreate-flow-on-out-of-state-syn rfs7000-37FABE(config-fw-policy-test)# rfs7000-37FABE(config-fw-policy-test)#ip tcp validate-rst-seq-number rfs7000-37FABE(config-fw-policy-test)#
14 - 14 WiNG CLI Reference Guide 14.1.
FIREWALL-POLICY 14 - 15 14.1.
14 - 16 WiNG CLI Reference Guide 14.1.
FIREWALL-POLICY 14 - 17 14.1.
14 - 18 WiNG CLI Reference Guide 14.1.
FIREWALL-POLICY 14 - 19 14.1.13 storm-control firewall-policy Storm control limits the amount of multicast, unicast and broadcast frames accepted and forwarded by the device. Messages are logged based on their severity level.
14 - 20 WiNG CLI Reference Guide Parameters [arp|bcast|mcast|ucast]{log} [<0-7>|alert|critical |debugging| emergencies|errors| informational| none|notifications |warnings] • arp – The traffic type is ARP • bcast – The traffic type is broadcast • mcast – The traffic type is multicast • ucast – The traffic type is unicast For all the above, the following level and log options can be set • level <1-1000000> [ge <1-8>|port-channel <1-8>| up1|wlan ] – Performs packet rate limiting • <1-1000000> – Specif
FIREWALL-POLICY 14 - 21 14.1.14 virtual-defragmentation firewall-policy Enables the virtual defragmentation for IPv4 packets Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax virtual-defragmentation {maximum-defragmentation-per-host <1-16384>| maximumfragments-per-datagram <2-8129>|minimum-first-fragment-length <8-1500>} Parameters maximum-defragmentationper-host <1-16384> Defines the maximum active IPv4 defragmentation per host.
14 - 22 WiNG CLI Reference Guide
CHAPTER 15 IGMP-SNOOP-POLICY This chapter summarizes igmp-snoop-policy commands within the CLI structure. Use the (config) instance to configure igmp-snoop-policy related configuration commands.
15 - 2 WiNG CLI Reference Guide 15.1 igmp-snoop-policy Table 15.1 Summarizes igmp-snoop-policy commands Table 15.
IGMP-SNOOP-POLICY 15 - 3 15.1.
15 - 4 WiNG CLI Reference Guide 15.1.
IGMP-SNOOP-POLICY 15 - 5 15.1.
15 - 6 WiNG CLI Reference Guide 15.1.
IGMP-SNOOP-POLICY 15 - 7 15.1.
15 - 8 WiNG CLI Reference Guide
CHAPTER 16 MINT-POLICY This chapter summarizes mint-policy commands within the CLI structure. All communication using the MiNT transport layer can be optionally secured. This includes confidentiality, integrity and authentication of all communications. In addition, a device can be configured to communicate over MiNT with other devices authorized by an administrator. Use the (config) instance to configure mint-policy related configuration commands.
16 - 2 WiNG CLI Reference Guide 16.1 mint-policy Table 16.1 Summarizes mint-policy commands Table 16.
MINT-POLICY 16 - 3 16.1.
16 - 4 WiNG CLI Reference Guide 16.1.2 mtu mint-policy Configures the global MiNT MTU Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax mtu <900-1500> Parameters <900-1500> Specifies the maximum packet size. Will be rounded down to nearest (4 + a multiple of 8).
MINT-POLICY 16 - 5 16.1.3 re-join timeout mint-policy Specifies the timeout after which the device attempts to join a new security domain Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax re-join timeout <30-4294967295> Parameters <30-4294967295> When unable to adopt, a device attempts to join a new security domain. Specify the timeout in seconds between 30 and 4294967295.
16 - 6 WiNG CLI Reference Guide 16.1.
MINT-POLICY 16 - 7 16.1.
16 - 8 WiNG CLI Reference Guide 16.1.6 udp mint-policy Configures MiNT UDP/IP encapsulation parameters Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax udp port <2-65534> Parameters port <2-65534> Configures the default UDP port used for MiNT control packet encapsulation between <2-65534>.
MINT-POLICY 16 - 9 16.1.
16 - 10 WiNG CLI Reference Guide
CHAPTER 17 MANAGEMENT-POLICY This chapter summarizes management-policy commands within the CLI structure. Use the (config) instance to configure management-policy related configuration commands.
17 - 2 WiNG CLI Reference Guide 17.1 management-policy Table 17.1 Summarizes management-policy commands Table 17.
MANAGEMENT-POLICY 17 - 3 17.1.1 aaa-login management-policy Configures the current authentication, authorization and accounting (aaa) login settings Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax aaa-login [local|radius] aaa-login radius [external|fallback|server] aaa-login radius server host
17 - 4 WiNG CLI Reference Guide rfs7000-37FABE(config-management-policy-default)#aaa-login local rfs7000-37FABE(config-management-policy-default)#
MANAGEMENT-POLICY 17 - 5 17.1.2 banner management-policy Defines athe login banner message of the day. Use this command to display messages to a user as soon as login happens.
17 - 6 WiNG CLI Reference Guide 17.1.
MANAGEMENT-POLICY 17 - 7 rfs7000-37FABE(config-management-policy-test)#show context management-policy test http server ftp username root password 1 word rootdir dir no ssh user superuser password 1 4e03aaf1065294ba86d19da984347e38dfbaa9955335dc354748cb4f9a16e0a9 rfs7000-37FABE(config-management-policy-test)#
17 - 8 WiNG CLI Reference Guide 17.1.
MANAGEMENT-POLICY 17 - 9 17.1.
17 - 10 WiNG CLI Reference Guide 17.1.6 idle-session-timeout management-policy Configures a configuration session’s idle timeout duration. After the session has been idle for this time duration, the session is automatically timed out. Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax idle-session-timeout
MANAGEMENT-POLICY 17 - 11 17.1.
17 - 12 WiNG CLI Reference Guide 17.1.8 restrict-access management-policy Restricts management access to a set of hosts or subnets Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax restrict-access [host|ip-access-list|subnet] restrict-access host {|log [all|denied-only]|subnet {/M|log [all|denied-only]}} restrict-access ip-access-list restrict-access subnet {
MANAGEMENT-POLICY 17 - 13 17.1.9 snmp-server management-policy Configures SNMP engine parameters Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax snmp-server [community|enable|host|manager|user] snmp-server enable traps snmp-server community [ro|tw] snmp-server host
17 - 14 WiNG CLI Reference Guide Parameters community [ro|tw] Sets the community string and access privileges. • – Sets the community string • ro – Assigns read-only access to this community string • rw – Assigns read-write access to this community string enable traps Enables SNMP traps host [v2c|v3] {<1-65535>} SNMP server host •
MANAGEMENT-POLICY 17 - 15 ftp username root password 1 word rootdir dir no ssh user superuser password 1 4e03aaf1065294ba86d19da984347e38dfbaa9955335dc354748cb4f9a16e0a9 snmp-server community snmp1 ro snmp-server enable traps snmp-server host 172.16.10.23 v3 162 snmp-server host 172.16.10.3 v3 162 snmp-server host 172.16.10.
17 - 16 WiNG CLI Reference Guide 17.1.10 ssh management-policy Configures SSH parameters Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax ssh {port} <1-65535> Parameters port <1-65535> Select a value between 1 and 165535 to configure a SSH port.
MANAGEMENT-POLICY 17 - 17 17.1.11 telnet management-policy Enables Telnet settings Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax telnet {port} <1-65535> Parameters port <1-65535> Select a Telnet port value between 1 and 165535. The default port is 23.
17 - 18 WiNG CLI Reference Guide 17.1.
MANAGEMENT-POLICY 17 - 19 Example rfs7000-37FABE(config-management-policy-test)#user testuser password moto123 rfs7000-37FABE(config-management-policy-test)#commit rfs7000-37FABE(config-management-policy-default)#user george password 1 symbol12 role security-admin access console ssh telnet web rfs7000-37FABE(config-management-policy-default)# NOTE: The commands clrscr, commit, do, exit, help, write, revert, service and show are common commands. Refer to Chapter 5, COMMON COMMANDS for more information.
17 - 20 WiNG CLI Reference Guide
CHAPTER 18 RADIUS-POLICY This chapter summarizes RADIUS-Group, RADIUS-Server and RADIUS-User-Policy commands in detail. Use the (config) instance to configure RADIUS-Group related configuration commands. This command creates a group within the existing RADIUS group.
18 - 2 WiNG CLI Reference Guide 18.1 radius-group Sets RADIUS user group parameters Table 18.1 Summarizes RADIUS group commands Table 18.
RADIUS-POLICY 18 - 3 18.1.1 guest radius-group Manages a guest user linked with a hotspot. Create a guest-user and associates it with the guest group. The guest user and policies are used for hotspot authentication/authorization.
18 - 4 WiNG CLI Reference Guide 18.1.2 policy radius-group Sets the authorization policies for a particular group day/time of access, WLANs etc. NOTE: A user-based VLAN is effective only if dynamic VLAN authorization is enabled for the WLAN (as defined within the WLAN Configuration screen).
RADIUS-POLICY 18 - 5 Parameters access [all|console|ssh|telnet|web] Sets management group access • all – Allows all access • console – Allows console access • ssh – Allows SSH access • telnet – Allows Telnet access • web – Allows Web access day [all|fri|mo|sa|su|th|tu|we|week days] Configures the access day for this group • all – All days (from Sunday to Saturday) • fri – Friday • mo – Monday • sa – Saturday • su – Sunday • th – Thursday • tu – Tuesday • we – Wednesday • weekdays – Configures the polic
18 - 6 WiNG CLI Reference Guide Example rfs7000-37FABE(config-radius-group-test)#policy time start 13:30 end 17:30 rfs7000-37FABE(config-radius-group-test)# rfs7000-37FABE(config-radius-group-test)#policy wlan wlan1 rfs7000-37FABE(config-radius-group-test)# rfs7000-37FABE(config-radius-group-test)#show context radius-group test guest-group policy vlan 2 policy wlan wlan1 policy time start 13:30 end 17:30 rfs7000-37FABE(config-radius-group-test)#
RADIUS-POLICY 18 - 7 18.1.
18 - 8 WiNG CLI Reference Guide 18.1.
RADIUS-POLICY 18 - 9 18.2 radius-server-policy Creates an onboard device RADIUS policy Use the (config) instance to configure RADIUS-Server-Policy related configuration commands. To navigate to the RADIUSServer-Policy instance, use the following commands: rfs7000-37FABE(config)#radius-server-policy rfs7000-37FABE(config)#radius-server-policy test rfs7000-37FABE(config-radius-server-policy-test)# Table 18.2 Summarizes radius-server-policy commands Table 18.
18 - 10 WiNG CLI Reference Guide 18.2.
RADIUS-POLICY 18 - 11 18.2.
18 - 12 WiNG CLI Reference Guide 18.2.
RADIUS-POLICY 18 - 13 18.2.4 ldap-server radius-server-policy Configures LDAP server parameters Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax ldap-server [dead-period <0-600>|primary|secondary] ldap-server [primary|secondary] host
18 - 14 WiNG CLI Reference Guide Parameters [primary|secondary] host
RADIUS-POLICY 18 - 15 18.2.5 local radius-server-policy Configures a local RADIUS realm Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax local realm Parameters realm Configures a local RADIUS realm • – Specify a local RADIUS realm name.
18 - 16 WiNG CLI Reference Guide 18.2.6 nas radius-server-policy Configures the key sent to a RADIUS client Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax nas secret[0|2|] Parameters
RADIUS-POLICY 18 - 17 18.2.
18 - 18 WiNG CLI Reference Guide 18.2.8 proxy radius-server-policy Configures a proxy RADIUS server based on the realm/suffix Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax proxy proxy proxy proxy [realm|retry-count|retry-delay] realm server port <1024-65535> secret [0|2|] retry-count <3-6> retry-delay retry-delay <5-10>] Parameters realm server
RADIUS-POLICY 18 - 19 18.2.
18 - 20 WiNG CLI Reference Guide 18.2.10 use radius-server-policy Defines settings used with the RADIUS Server policy Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax use [radius-group {RAD-GROUP}|radius-user-pool-policy ] Parameters radius-group {RAD-GROUP} Configures a RADIUS group (for LDAP users) radius-user-pool-policy Configures RADIUS user pool parameters. Specify a user name.
RADIUS-POLICY 18 - 21 18.3 radius-user-pool-policy Configures a RADIUS User Pool policy. Use the (config) instance to configure RADIUS User Pool Policy related configuration commands. To navigate to the radiususer-pool-policy instance, use the following commands. rfs7000-37FABE(config)#radius-user-pool-policy rfs7000-37FABE(config)#radius-user-pool-policy testuser rfs7000-37FABE(config-radius-user-pool-testuser)# Table 18.3 Summarizes radius-user-pool policy commands Table 18.
18 - 22 WiNG CLI Reference Guide 18.3.
RADIUS-POLICY 18 - 23 18.3.
18 - 24 WiNG CLI Reference Guide
CHAPTER 19 RADIO-QOS-POLICY This chapter summarizes the radio-qos-policy in detail. Use the (config) instance to configure radios-qos-policy related configuration commands.
19 - 2 WiNG CLI Reference Guide 19.1 radio-qos-policy Table 19.1 Summarizes radio-qos-policy commands Table 19.1 radio-qos-policy Commands Command Description Reference accelerated-multicast Configures multicast streams for acceleration page 19-3 admission-control Enables admission-control across all radios for one or more access categories page 19-4 no Negates a command or sets its default value page 19-6 wmm Configures 802.
RADIO-QOS-POLICY 19 - 3 19.1.
19 - 4 WiNG CLI Reference Guide 19.1.
RADIO-QOS-POLICY 19 - 5 Parameters [background|best-effort| firewall-detected-traffic| implicit-tspec|video|voice] • background – Configures background access category admission control parameters • best-effort – Configures best effort access category admission control parameters • video – Configures video access category admission-control parameters • voice – Configures voice access category admission-control parameters The following parameters are common for the above: • max-airtime-percent<0-150> – Sp
19 - 6 WiNG CLI Reference Guide 19.1.3 no radio-qos-policy Negates a command or sets its default value Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax no [accelerated-multicast|admission-control|wmm] Parameters [admission-control| wmm] • accelerated-multicast – Unconfigures multicast streams for acceleration • admission-control – Unconfigures admission-control on the radio for one or more access categories • wmm – Unconfigures 802.
RADIO-QOS-POLICY 19 - 7 19.1.4 wmm radio-qos-policy Configures 802.
19 - 8 WiNG CLI Reference Guide Example rfs7000-37FABE(config-radio-qos-test)#wmm best-effort aifsn 7 rfs7000-37FABE(config-radio-qos-test)# rfs7000-37FABE(config-radio-qos-test)#wmm voice txop-limit 1 rfs7000-37FABE(config-radio-qos-test)# NOTE: The commands clrscr, commit, exit, end, help, write, revert, service and show are common commands. For more information, see Chapter 5, COMMON COMMANDS.
CHAPTER 20 ROLE-POLICY This chapter summarizes Role Policies in detail. Use the (config-role-policy) instance to configure role-policy related configuration commands.
20 - 2 WiNG CLI Reference Guide 20.1 role-policy Table 20.1 Summarizes role-policy commands Table 20.
ROLE-POLICY 20 - 3 20.1.1 default-role role-policy When a client fails to find a matching role, the default role action is assigned to that client.
20 - 4 WiNG CLI Reference Guide 20.1.
ROLE-POLICY 20 - 5 20.1.3 user-role role-policy Creates a role and associates it to the newly created role-policy rfs7000-37FABE(config-role-policy-test)#user- role precedence <1-10000> rfs7000-37FABE(config-role-policy-test)# user-role role1 precedence 1 rfs7000-37FABE(config-role-role1)# Table 20.2 Summarizes role commands Table 20.
20 - 6 WiNG CLI Reference Guide 20.1.3.
ROLE-POLICY 20 - 7 20.1.3.
20 - 8 WiNG CLI Reference Guide 20.1.3.
ROLE-POLICY 20 - 9 20.1.3.
20 - 10 WiNG CLI Reference Guide 20.1.3.
ROLE-POLICY 20 - 11 20.1.3.6 mu-mac user-role Configures the client’s MAC addresses for the role based firewall Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax mu-mac [ |any] Parameters The address of the allowed client. The MAC address can be in the format of AA-BB-CC-DD-EE-FF The address and mask combination for the allowed client.
20 - 12 WiNG CLI Reference Guide 20.1.3.7 no user-role Negates a command or sets its default values Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax no [ap-location|authentication-type|captive-portal| encryption-type|group|mu-mac|ssid|use] Parameters None Usage Guidelines The no command negates any command associated with it. Wherever required, use the same parameters associated with the command getting negated.
ROLE-POLICY 20 - 13 20.1.3.
20 - 14 WiNG CLI Reference Guide 20.1.3.
CHAPTER 21 SMART-RF-POLICY This chapter summarizes Smart RF Policy commands within the CLI structure. Use the (config) instance to configure Smart RF Policy related configuration commands.
21 - 2 WiNG CLI Reference Guide 21.1 smart-rf-policy Table 21.1Summarizes Smart RF Policy commands Table 21.
SMART-RF-POLICY 21 - 3 21.1.1 assignable-power smart-rf-policy Specifies the power range during power assignment Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax assignable-power [2.4Ghz|5Ghz] [max|min] <1-20> Parameters [2.4Ghz|5Ghz] [max|min] <1-20> [2.4Ghz|5Ghz] [max|min] <1-20> – Specifies the power range during power assignment • max <1-20> – Sets the upper bound of the power range.
21 - 4 WiNG CLI Reference Guide 21.1.
SMART-RF-POLICY 21 - 5 21.1.3 channel-list smart-rf-policy Assigns the channel list for the selected frequency Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax channel-list [2.4Ghz|5Ghz] Parameters [2.4Ghz|5Ghz] Assigns the channel list for the selected frequency • – A comma separated list of channel numbers Example rfs7000-37FABE(config-smart-rf-policy-test)#channel-list 2.
21 - 6 WiNG CLI Reference Guide 21.1.4 channel-width smart-rf-policy Selects the channel width for Smart RF configuration Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax channel-width [2.4Ghz|5Ghz] [20Mhz|40Mhz|auto] Parameters [2.
SMART-RF-POLICY 21 - 7 21.1.5 coverage-hole-recovery smart-rf-policy Enables recovery from coverage hole errors Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax coverage-hole-recovery snr-threshold} coverage-hole-recovery coverage-hole-recovery coverage-hole-recovery {client-threshold|coverage-interval|interval| client-threshold [2.4Ghz|5Ghz] <1-255> [coverage-interval|interval] [2.4Ghz|5Ghz] <1-120> snr-threshold [2.
21 - 8 WiNG CLI Reference Guide 21.1.
SMART-RF-POLICY 21 - 9 21.1.
21 - 10 WiNG CLI Reference Guide 21.1.8 interference-recovery smart-rf-policy Recovers detected problems due to excessive noise and interference Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax interference-recovery {channel-hold-time <0-86400> |channel-switch-delta [2.
SMART-RF-POLICY 21 - 11 21.1.9 neighbor-recovery smart-rf-policy Enables a recovery from errors due to faulty neighbor radios Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax neighbor-recovery {power-hold-time <0-3600>|power-threshold} [2.4Ghz|5Ghz] <-85--55> Parameters power-hold-time <0-3600> Specifies the minimum time between two power change recoveries • <0-3600> – Sets the time between 0 and 3600 seconds {power-threshold} [2.
21 - 12 WiNG CLI Reference Guide 21.1.
SMART-RF-POLICY 21 - 13 21.1.
21 - 14 WiNG CLI Reference Guide 21.1.12 smart-ocs-monitoring smart-rf-policy Applies smart off channel scanning instead of dedicated detectors Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax smart-ocs-monitoring {extended-scan-frequency|frequency| off-channel-duration|sample-count} Parameters {extended-scanfrequency|frequency| off-channel-duration| sample-count} • extended-scan-frequency [2.
CHAPTER 22 WIPS-POLICY This chapter summarizes WIPS-Policy in detail. Use the (config) instance to configure wips-policy related configuration commands.
22 - 2 WiNG CLI Reference Guide 22.1 wips-policy Table 22.1 Summarizes WIPS-Policy commands in detail Table 22.
WIPS-POLICY 22 - 3 22.1.
22 - 4 WiNG CLI Reference Guide 22.1.
WIPS-POLICY 22 - 5 22.1.
22 - 6 WiNG CLI Reference Guide Parameters ap-anomaly [ad-hocviolation|airjack| ap-ssid-broadcast-inbeacon|asleap|impersonationattack|null-probe-response| transmitting-device-usinginvalid-mac| unencrypted-wiredleakage|wireless-bridge] Configures ap-anomaly type events • ad-hoc-violation – Ad-Hoc network violation • airjack – AirJack attack • ap-ssid-broadcast-in-beacon – AP SSID broadcast in beacon • asleap – ASLEAP attack • impersonation-attack – Impersonation attack detected • null-probe-response – Nul
WIPS-POLICY 22 - 7 enable-all-events Enables all events excessive [80211-replaycheck-failure| aggressivescanning|auth-server-failures| decryption-failures|dos-assocor-auth-flood|dos-eapol-startstorm|dos-unicast-deauth-ordisassoc|eap-flood|eap-nakflood |frames-from-unassocstation] {filter-ageout <086400>|threshold-mu <065535>|threshold-radio <065535> Configures excessive type events • 80211-replay-check-failure – 802.
22 - 8 WiNG CLI Reference Guide 22.1.
WIPS-POLICY 22 - 9 22.1.5 no wips-policy Negates a command or sets its default values Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax no [ap-detection|enable|event|history-throttle-duration|signature|use] Parameters None Usage Guidelines The no command negates any command associated with it. Wherever required, use the same parameters associated with the command getting negated.
22 - 10 WiNG CLI Reference Guide 22.1.
WIPS-POLICY 22 - 11 22.1.
22 - 12 WiNG CLI Reference Guide Table 22.
WIPS-POLICY 22 - 13 22.1.7.
22 - 14 WiNG CLI Reference Guide 22.1.7.
WIPS-POLICY 22 - 15 22.1.7.
22 - 16 WiNG CLI Reference Guide 22.1.7.
WIPS-POLICY 22 - 17 22.1.7.
22 - 18 WiNG CLI Reference Guide 22.1.7.
WIPS-POLICY 22 - 19 22.1.7.
22 - 20 WiNG CLI Reference Guide 22.1.7.
WIPS-POLICY 22 - 21 22.1.7.
22 - 22 WiNG CLI Reference Guide 22.1.7.
WIPS-POLICY 22 - 23 22.1.7.11 no signature Negates a command or sets its default values Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax no [bssid|dts-mac|filter-ageout|frame-type|mode|payload|src-mac| ssid-match|threshold-client|threshold-radio] Parameters None Usage Guidelines The no command negates any command associated with it. Wherever required, use the same parameters associated with the command getting negated.
22 - 24 WiNG CLI Reference Guide
CHAPTER 23 WLAN-QOS-POLICY This chapter summarizes the WLAN QoS Policy in detail. Use the (config) instance to configure WLAN QoS Policy related configuration commands.
23 - 2 WiNG CLI Reference Guide 23.1 wlan-qos-policy Table 23.1 Summarizes WLAN QoS Policy commands Table 23.
WLAN-QOS-POLICY 23 - 3 23.1.1 accelerated-multicast wlan-qos-policy Configures multicast streams for acceleration Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax accelerated-multicast [|autodetect] accelerated-multicast [|autodetect] {classification} [background|besteffort|trust|video|voice] Parameters [|autodetect] {classification} [background|besteffort|trust|video|voice] •
23 - 4 WiNG CLI Reference Guide 23.1.
WLAN-QOS-POLICY 23 - 5 rfs7000-37FABE(config-wlan-qos-test)#classification non-unicast voice rfs7000-37FABE(config-wlan-qos-test)#
23 - 6 WiNG CLI Reference Guide 23.1.
WLAN-QOS-POLICY 23 - 7 23.1.
23 - 8 WiNG CLI Reference Guide 23.1.5 qos wlan-qos-policy Enables quality of service Supported in the following platforms: • RFS7000 • RFS6000 • RFS4000 • AP71xx • AP650 • AP6511 • AP6532 Syntax qos trust [dscp|wmm] Parameters trust [dscp|wmm] Trust QOS values of ingressing packets • dscp – Trust IP DSCP values of ingressing packets • wmm – Trust 802.
WLAN-QOS-POLICY 23 - 9 23.1.
23 - 10 WiNG CLI Reference Guide Example rfs7000-37FABE(config-wlan-qos-test)#rate-limit wlan from-air max-burst-size 6 rfs7000-37FABE(config-wlan-qos-test)# rfs7000-37FABE(config-wlan-qos-test)#rate-limit wlan from-air rate 55 rfs7000-37FABE(config-wlan-qos-test)# rfs7000-37FABE(config-wlan-qos-test)#rate-limit wlan from-air red-threshold besteffort 10 rfs7000-37FABE(config-wlan-qos-test)# rfs7000-37FABE(config-wlan-qos-test)#no rate-limit wlan from-air red-threshold besteffort rfs7000-37FABE(config-wlan
WLAN-QOS-POLICY 23 - 11 23.1.
23 - 12 WiNG CLI Reference Guide 23.1.
WLAN-QOS-POLICY 23 - 13 23.1.9 wmm wlan-qos-policy Configures 802.
23 - 14 WiNG CLI Reference Guide Parameters [background|besteffort|power- save|qbss-loadelement|video|voice] [aifsn|cw-max|cw-mintxoplimit] • background – Configures background access category parameters • best-effort – Configures best effort access category parameters • video – Configures video access category parameters • voice – Configure voice access category parameters The following parameters are common for all the above: • aifsn <2-15> – Configures the AIFSN: The wait time between data frames is d
WLAN-QOS-POLICY 23 - 15 Example rfs7000-37FABE(config-wlan-qos-test)#wmm background aifsn 7 rfs7000-37FABE(config-wlan-qos-test)# rfs7000-37FABE(config-wlan-qos-test)#wmm video txop-limit 9 rfs7000-37FABE(config-wlan-qos-test)# rfs7000-37FABE(config-wlan-qos-test)#wmm voice cw-min 6 rfs7000-37FABE(config-wlan-qos-test)# rfs7000-37FABE(config-wlan-qos-test)#wmm qbss-load-element rfs7000-37FABE(config-wlan-qos-test)# NOTE: clrscr, commit,end, exit, help, revert, service, show, write are common across all c
23 - 16 WiNG CLI Reference Guide
CHAPTER 24 INTERFACE-RADIO COMMANDS Use the (config-profile-default-rfs4000) instance to configure radio instances associated with the controller. To switch to this mode, use: rfs4000-37FABE(config-profile-default-rfs4000)#interface radio ? 1 Radio interface 1 2 Radio interface 2 3 Radio interface 3 rfs4000-37FABE(config-profile-default-rfs4000)#interface radio rfs4000-37FABE(config-profile-default-rfs4000-if-radio1)#? Radio Mode commands: aggregation Configure 802.
24 - 2 WiNG CLI Reference Guide power preamble-short probe-response use wireless client wlan Configure the transmit power of the radio User short preambles on this radio Configure transmission parameters for Probe Response frames Configure the radio-tap mode of operation for radio Configure the rf-mode of operation for this radio rts-threshod Configure the RTS threshold Shutdown the selected radio interface Capture packets and redirect to an IP address running a packet capture/analysis tool Set setting t
INTERFACE-RADIO COMMANDS 24 - 3 24.1 interface-radio Instance Table 24.1 Summarizes interface-radio commands Table 24.1 interface-radio commands Commands Description Reference aggregation Configures 802.
24 - 4 WiNG CLI Reference Guide Table 24.
INTERFACE-RADIO COMMANDS 24 - 5 24.1.1 aggregation interface-radio Instance Configures 802.
24 - 6 WiNG CLI Reference Guide 24.1.2 airtime-fairness interface-radio Instance Enables equal access for clients based on their usage of airtime Supported in the following platforms: • RFS4011 Syntax airtime-fairness {prefer-ht} {weight <1-10>} Parameters {prefer-ht} {weight <1-10>} • prefer-ht – Prefers high throughput (802.
INTERFACE-RADIO COMMANDS 24 - 7 24.1.
24 - 8 WiNG CLI Reference Guide 24.1.4 antenna-gain interface-radio Instance Specifies the antenna gain of the selected radio Supported in the following platforms: • RFS4011 Syntax antenna-gain <0.0-15.0> Parameters <0.0-15.0> Select the antenna gain in units of dBi between <0.0-15.0> Example rfs4000-880DA7(config-profile-default-rfs4000-if-radio1)#antenna-gain 12.
INTERFACE-RADIO COMMANDS 24 - 9 24.1.
24 - 10 WiNG CLI Reference Guide 24.1.
INTERFACE-RADIO COMMANDS 24 - 11 24.1.
24 - 12 WiNG CLI Reference Guide 24.1.8 data-rates interface-radio Instance Specifies the 802.11 rates supported on the radio Supported in the following platforms: • RFS4011 Syntax data-rates [b-only|g-only|a-only|bg|bgn|gn|an|default|custom data-rates custom [1|2|5.5|6|9|11|12|18|24|36|48|54| mcs0-7|mcs8-15| mcs0-15|basic-1|basic-2| basic-5.
INTERFACE-RADIO COMMANDS 24 - 13 default Enables the default data-rates according to the band of operation of the radio custom Configures a list of data rates by specifying each rate individually. Use 'basic-' prefix before a rate to indicate it is to be used as a basic rate (Eg: 'data-rates custom basic-1 basic-2 5.5 11') • 1 – 1-Mbps • 2 – 2-Mbps • 5.5 – 5.
24 - 14 WiNG CLI Reference Guide Example rfs4000-880DA7(config-profile-default-rfs4000-if-radio1)#data-rates bonly rfs4000-880DA7(config-profile-default-rfs4000-if-radio1)#show context interface radio1 data-rates b-only wlan 1 bss 1 primary wlan wlan1 bss 1 antenna-gain 12.
INTERFACE-RADIO COMMANDS 24 - 15 24.1.
24 - 16 WiNG CLI Reference Guide 24.1.
INTERFACE-RADIO COMMANDS 24 - 17 24.1.11 guard-interval interface-radio Instance Configures the 802.11n guard interval. Guard intervals are used to ensure that distinct transmissions do not interfere with one another. Its is used to provide immunity to propagation delays, echoes and reflection of radio signal.
24 - 18 WiNG CLI Reference Guide 24.1.12 lock-rf-mode interface-radio Instance Retains user configured rf-mode settings for the selected radio through reboots.
INTERFACE-RADIO COMMANDS 24 - 19 24.1.
24 - 20 WiNG CLI Reference Guide 24.1.14 mesh interface-radio Instance Configures radio mesh parameters Supported in the following platforms: • RFS4011 Syntax mesh [client|links <1-6>|portal|preferred-peer <1-6> ] Parameters • client – Enables operation as a client.
INTERFACE-RADIO COMMANDS 24 - 21 24.1.15 no interface-radio Instance Negates a command or sets its default value Supported in the following platforms: • RFS4011 Syntax no Parameters None Usage Guidelines The no command negates any command associated with it. Wherever required, use the same parameters associated with the command getting negated.
24 - 22 WiNG CLI Reference Guide 24.1.
INTERFACE-RADIO COMMANDS 24 - 23 24.1.17 off-channel-scan interface-radio Instance Enables off channel scanning on the radio Supported in the following platforms: • RFS4011 Syntax off-channel-scan {channel-list [2.4Ghz {}|5Ghz {}]|snifferredirect } Parameters channel-list [2.4Ghz {}|5Ghz {}] channel-list [2.4GHz {}|5GHz {} – Specifies the channel list to scan • 2.4GHz – 2.
24 - 24 WiNG CLI Reference Guide 24.1.
INTERFACE-RADIO COMMANDS 24 - 25 24.1.
24 - 26 WiNG CLI Reference Guide 24.1.20 preamble-short interface-radio Instance Configures short preamble on the radio Supported in the following platforms: • RFS4011 Syntax preamble-short Parameters None Example rfs4000-880DA7(config-profile-default-rfs4000-if-radio1)#preamble-short wm3400-229D58(config-profile-default-wm3400-if-radio1)#show context interface radio1 description Primary\ Radio data-rates custom basic-mcs0-7 mesh client wlan 1 bss 1 primary wlan wlan1 bss 1 antenna-gain 12.
INTERFACE-RADIO COMMANDS 24 - 27 24.1.
24 - 28 WiNG CLI Reference Guide 24.1.
INTERFACE-RADIO COMMANDS 24 - 29 24.1.23 rf-mode interface-radio Instance Configures the rf-mode for the radio Supported in the following platforms: • RFS4011 Syntax rf-mode [2.4GHz-wlan|5GHz-wlan|sensor] Parameters 2.4GHz|5GHz|sensor] • 2.4GHz-wlan – Provides WLAN service in 2.
24 - 30 WiNG CLI Reference Guide 24.1.
INTERFACE-RADIO COMMANDS 24 - 31 24.1.
24 - 32 WiNG CLI Reference Guide 24.1.
INTERFACE-RADIO COMMANDS 24 - 33 24.1.27 sniffer-redirect interface-radio Instance Captures packets and redirects to an IP address running a packet capture/analysis tool Supported in the following platforms: • RFS4011 Syntax sniffer-redirect channel [1|1+|10|10---------165 Parameters channel [1|1+|10|10---------165]
24 - 34 WiNG CLI Reference Guide 24.1.28 use interface-radio Instance The use command is used to apply other configuration profiles or values on to the current configuration item. In this case, association acl policy and radio-qos-policy can be used by this radio interface.
INTERFACE-RADIO COMMANDS 24 - 35 24.1.29 wlan interface-radio Instance Enables WLAN on the radio Supported in the following platforms: • RFS4011 Syntax wlan {bss|primary} wlan bss <1-8> {primary} Parameters {bss <1-8> |primary} {bss <1-8> |primary} – Specify the name of the WLAN (it must have been already created and configured) • bss <1-8> {primary} – Optional.
24 - 36 WiNG CLI Reference Guide non-unicast queue bss 6 1 non-unicast queue bss 7 1 non-unicast queue bss 8 1 probe-response rate highest-basic rfs4000-880DA7(config-profile-default-rfs4000-if-radio1)#
INTERFACE-RADIO COMMANDS 24 - 37 24.1.
24 - 38 WiNG CLI Reference Guide
CHAPTER 25 FIREWALL LOGGING This chapter summarizes the Firewall Logging commands within the CLI. The firewall uses logging to send system messages to one or more logging destinations, where they can be collected, archived and reviewed. Set the logging level to define which messages are sent to each of the target destinations.
25 - 2 WiNG CLI Reference Guide 25.
FIREWALL LOGGING 25 - 3 25.1.1 Date format in Syslog messages The following output displays date in proper format rfs7000-81916A(config)#May 19 16:20:00 2010: USER: cfgd: deleting session 4 rfs7000-81916A(config)# rfs7000-81916A(config)#May 19 16:20:17 2010: USER: cfgd: deleting session 5 The date format is Month Date - Time Year Month is May Date is 19 Time is 16:20:00 Year is 2010 To generate a date log, enable logging For example, the following command has to be executed.
25 - 4 WiNG CLI Reference Guide 25.1.2 FTP data connection log To generate a FTP data connection log, an ACL rule has to be applied and logging has to be enabled. The FTP connection is Control Connection May 19 16:31:19 2010:%DATAPLANE-5-LOGRULEHIT: Matched ACL:ftpuser:ip Rule:0 Disposition:Allow Packet Src MAC:<00-19-B9-6B-DA-77> Dst MAC:<00-15-70-81-91-6A> Ethertype:0x0800 Src IP:192.168.1.99 Dst IP:192.168.2.
FIREWALL LOGGING 25 - 5 The Data Connection in Passive Mode May 19 17:14:31 2010: %DATAPLANE-5-LOGRULEHIT: Matched Temporary Rule of FTP ALG. Disposition:Allow Packet Src MAC:<00-19-B9-6B-DA-77> Dst MAC:<00-15-70-81-91-6A> Ethertype:0x0800 Src IP:192.168.1.99 Dst IP:192.168.2.102 Proto:6 Src Port:3033 Dst Port:3894.
25 - 6 WiNG CLI Reference Guide 25.1.3 UDP packets log In both DHCP release and DHCP renew scenarios, the destination port 67 is logged. DHCP Release May 19 18:57:43 2010: %DATAPLANE-5-LOGRULEHIT: Matched ACL:ftpuser:ip Rule:1 Disposition:Allow Packet Src MAC:<00-11-25-14-D9-E2> Dst MAC:<00-15-70-81-91-6A> Ethertype:0x0800 Src IP:192.168.2.102 Dst IP:172.16.31.196 Proto:17 Src Port:68 Dst Port:67.
FIREWALL LOGGING 25 - 7 25.1.4 ICMP type logs The example below displays an ICMP Type as 13 and an ICMP Code as 0. May 19 19:12:13 2010:%DATAPLANE-5-LOGRULEHIT: Matched ACL:ftpuser:ip Rule:0 Disposition:Allow Packet Src MAC:<00-11-25-14-D9-E2> Dst MAC:<00-15-70-81-91-6A> Ethertype:0x0800 Src IP:192.168.2.102 Dst IP:192.168.1.103 Proto:1 ICMP Type:13 ICMP Code:0. The below example displays an ICMP Type as 15 and an ICMP Code as 0.
25 - 8 WiNG CLI Reference Guide 25.1.5 ICMP type logs The following example displays an ICMP Type as 3 and a Code as 3. May 19 19:56:00 2010:%DATAPLANE-5-ICMPPKTDROP: Dropping ICMP Packet from 192.168.1.104 to 192.168.2.102, with ProtocolNumber:1 ICMP code 3 and ICMP type 3. Reason: no flow matching payload of ICMP Error. Module name is DATAPLANE Syslog Severity level is 5 Log ID is ICMPPKTDROP Log Message is Dropping ICMP Packet The following example displays an ICMP Type as 4 and a Code as 0.
FIREWALL LOGGING 25 - 9 25.1.6 Raw IP Protocol logs The following example displays a TCP header length as less than 20 bytes: May 19 20:02:50 2010: %DATAPLANE-4-DOSATTACK: INVALID PACKET: TCP header length less than 20 bytes : Src IP : 192.168.2.102, Dst IP: 192.168.1.104, Src Mac: 00-11-25-14-D9-E2, Dst Mac: 00-15-70-81-91-6A, Proto = 6..
25 - 10 WiNG CLI Reference Guide 25.1.7 Raw IP Protocol logs The following example displays TCP without data: May 19 20:02:50 2010: %DATAPLANE-4-DOSATTACK: INVALID PACKET: TCP header length less than 20 bytes : Src IP : 192.168.2.102, Dst IP: 192.168.1.104, Src Mac: 00-11-25-14-D9-E2, Dst Mac: 00-15-70-81-91-6A, Proto = 6. May 19 20:02:50 2010: %DATAPLANE-5-MALFORMEDIP: Dropping IPv4 Packet from 192.168.2.102 to 192.168.1.104 Protocol Number: 6. Reason: malformed TCP header.
FIREWALL LOGGING 25 - 11 25.1.8 Firewall startup log The following example displays an enabled firewall. A firewall enabled message is displayed in bold. System bootup time (via /proc/uptime) was 93.42 42.52 Please press Enter to activate this console. May 19 20:10:09 2010: %NSM-4-IFUP: Interface vlan2 is up May 19 20:10:09 2010: KERN: vlan2: add 01:00:5e:00:00:01 mcast address to master interface.
25 - 12 WiNG CLI Reference Guide 25.1.9 Manual time change log The following example displays the manual time changes log. The clock is manually set to May 19 18:49:07 2010.
FIREWALL LOGGING 25 - 13 25.1.10 Firewall ruleset log The following example displays the log changes as ‘ ACL_ATTACHED_ALTERED’ when an ACL Rule is applied/removed on WLAN, VLAN, GE, and PORT-CHANNEL.
25 - 14 WiNG CLI Reference Guide IP ACL on GE Port Remove May 21 13:01:25 2010: %CFGD-6-ACL_ATTACHED_ALTERED: USER: root session 3: ACL attached to interface ge1 is getting altered. MAC ACL on GE Port Attach May 21 13:03:15 2010: %CFGD-6-ACL_ATTACHED_ALTERED: USER: root session 3: ACL attached to interface ge1 is getting altered. MAC ACL on GE Port Remove May 21 13:06:19 2010: %CFGD-6-ACL_ATTACHED_ALTERED: USER: root session 3: ACL attached to interface ge1 is getting altered.
FIREWALL LOGGING 25 - 15 25.1.11 TCP Reset Packets log For any change in the TCP configuration, a TCP reset log is generated. The following example displays the initial TCP packets permitted before the session timedout. May 19 20:31:26 2010: %DATAPLANE-5-LOGRULEHIT: Matched ACL:ftpuser:ip Rule:1 Disposition:Allow Packet Src MAC:<00-19-B9-6B-DA-77> Dst MAC:<00-15-70-81-91-6A> Ethertype:0x0800 Src IP:192.168.1.99 Dst IP:192.168.2.102 Proto:6 Src Port:3318 Dst Port:21.
25 - 16 WiNG CLI Reference Guide 25.1.12 ICMP Destination log The following example displays an ICMP destination is unreachable when no matching payload is found. May 19 19:57:09 2010: %DATAPLANE-5-ICMPPKTDROP: Dropping ICMP Packet from 192.168.1.104 to 192.168.2.102, with ProtocolNumber:1 ICMP code 3 and ICMP type 3. Reason: no flow matching payload of ICMP Error. May 19 19:57:09 2010: %DATAPLANE-5-ICMPPKTDROP: Dropping ICMP Packet from 192.168.1.104 to 192.168.2.
FIREWALL LOGGING 25 - 17 25.1.13 ICMP Packet log May 19 20:37:04 2010: %DATAPLANE-5-LOGRULEHIT: Matched ACL:ftpuser:ip Rule:0 Disposition:Drop Packet Src MAC:<00-19-B9-6B-DA-77> Dst MAC:<00-15-70-81-91-6A> Ethertype:0x0800 Src IP:192.168.1.99 Dst IP:192.168.1.1 Proto:1 ICMP Type:8 ICMP Code:0. May 19 20:37:08 2010: %DATAPLANE-5-ICMPPKTDROP: Dropping ICMP Packet from 192.168.2.1 to 172.16.31.196, with Protocol Number:1 ICMP code 3 and ICMP type 3. Reason: no flow matching payload of ICMP Error.
25 - 18 WiNG CLI Reference Guide 25.1.14 SSH connection log A SSH connection is enabled on the controller using factory settings. Running primary software, version 5.0.0.0-81243X Alternate software Secondary, version 5.0.0.0-070D Software fallback feature is enabled System bootup time (via /proc/uptime) was 126.10 92.38 Please press Enter to activate this console.
FIREWALL LOGGING 25 - 19 25.1.15 Allowed/Dropped Packets Log The following example displays disposition information regarding allow/deny packets. Allow Packets CCB:0:Matched ACL:ftpuser:ip Rule:1 Disposition:Allow Packet Src MAC:<00-11-25-14-D9-E2> Dst MAC:<00-15-70-8191-6A> Ethertype:0x0800 Src IP:192.168.2.102 Dst IP:192.168.2.
25 - 20 WiNG CLI Reference Guide
APPENDIX 26 Controller Managed WLAN Use Case This section describes the activities required to configure a controller managed WLAN. Instructions are provided using the controller CLI to allow an administrator to define the WLAN using the desired interface.
26 - 2 WiNG CLI Reference Guide 26.1 Creating a First Controller Managed WLAN It is assumed you have a RFS4000 wireless controller with the latest build available from Motorola. It is also assumed you have one an AP7131 model Access Point and one AP650 model Access Point, both with the latest firmware avilable from Mototrola. Upon completion, you will have created a WLAN on a RFS4000 model wireless controller using a DHCP server to allocate IP addresses to associated wireless clients.
26 - 3 26.1.1 Assumptions Creating a First Controller Managed WLAN Verify the following conditions have been satisfied before attempting the WLAN configuration activities described in this section. 1. It is assumed the wireless controller has the latest firmware version available from Motorola. 2. It is assumed the AP7131 and AP650 Access Points also have the latest firmware version available from Motorola. 3.
26 - 4 WiNG CLI Reference Guide 26.1.2 Design Creating a First Controller Managed WLAN This section defines the network design being implemented. Figure 26-1 Network Design This is a simple deployment scenario, with the Access Points connected directly to the wireless controller. One wireless controller port is connected to an external network. On the RFS4000 wireless controller, the GE1 interface is connected to an external network. Interfaces GE3 and GE4 are used by the access points.
26 - 5 26.1.3 Using the Command Line Interface to Configure the WLAN Creating a First Controller Managed WLAN These instructions are for configuring your first WLAN using the Wireless Controller’s command line interface (CLI). Use a serial console cable when connecting to the wireless controller for the first time. Set the following configuration when using the serial connection.
26 - 6 WiNG CLI Reference Guide 26.1.3.1 Logging Into the Controller for the First Time Using the Command Line Interface to Configure the WLAN When powering on the wireless controller for the first time, you are prompted to replace the existing administrative password. The credentials for logging into the wireless controller for the first time are: • User Name: admin • Password: motorola Ensure the new password created is strong enough to provide adequate security for the controller managed network.
26 - 7 26.1.3.2 Creating a RF Domain Using the Command Line Interface to Configure the WLAN A RF Domain is a collection of configuration settings specific to devices located at the same physical deployment, such as a building or a floor. Create a RF Domain and assign the country code where the devices are deployed. This is a mandatory step, and the devices will not function as intended if this step is omitted.
26 - 8 WiNG CLI Reference Guide 26.1.3.3 Creating a Wireless Controller Profile Using the Command Line Interface to Configure the WLAN The first step in creating a WLAN is to configure a profile defining the parameters that must be applied to a wireless controller. To create a profile: RFS4000(config)#profile rfs4000 RFS4000_UseCase1 RFS4000(config-profile-RFS4000_UseCase1)# This creates a profile with the name RFS4000_UseCase1 and moves the cursor into its context.
26 - 9 RFS4000(config-wlan-1)#ssid WLAN_USECASE_01 Enable the SSID to be broadcast so wireless clients can find it and associate. RFS4000(config-wlan-1)#broadcast-ssid Associate the VLAN to the WLAN and exit. RFS4000(config-wlan-1)#vlan 2 RFS4000(config-wlan-1)#exit Commit the Changes Once these changes have been made, they have to be committed before proceeding.
26 - 10 WiNG CLI Reference Guide 26.1.3.4 Creating an AP Profile Using the Command Line Interface to Configure the WLAN An AP profile provides a method of applying common settings to access points of the same model. The profile significantly reduces the time required to configure access points within a large deployment. For more information, see: • Creating an AP650 Profile • Creating an AP7131 Profile 26.1.3.4.
26 - 11 RFS4000(config-device-00-A0-F8-00-00-01)#use profile AP650_UseCase1 RFS4000(config-device-00-A0-F8-00-00-01)#commit write Apply the RF Domain profile to the AP Apply the previously created RF Domain to enable a country code to be assigned to the discovered Access Point. A discovered Access Point only works properly if its country code is the country code of its associated wireless controller.
26 - 12 WiNG CLI Reference Guide RFS4000(config-profile-AP7131_UseCase1)#commit write RFS4000(config-profile-AP7131_UseCase1)#exit RFS4000(config)# Apply this Profile to the Discovered AP7131 Access the discovered Access Point using the following command. The discovered device’s MAC address is used to access its context. RFS4000(config)#ap7131 00-23-68-16-C6-C4 RFS4000(config-device-00-23-68-16-C6-C4)# Assign the AP profile to this Access Point.
26 - 13 26.1.3.5 Creating a DHCP Server Policy Using the Command Line Interface to Configure the WLAN The DHCP Server Policy defines the parameters required to run a DHCP server on the wireless controller and assign IP addresses automatically to devices that associate. Configuring DHCP enables the reuse of a limited set of IP addresses. To create a DHCP server policy: RFS4000(config)#dhcp-server-policy DHCP_POLICY_UseCase1 RFS4000-37FABE(config-dhcp-policy-DHCP_POLICY_UseCase1)# Table 26.
26 - 14 WiNG CLI Reference Guide 26.1.3.6 Completing and Testing the Configuration Using the Command Line Interface to Configure the WLAN A wireless client must be configured to associate with the controller managed WLAN. The following information must be defined: • SSID: WLAN_USECASE_01 • Country: Same as the country configured in Creating a RF Domain on page 26-7. In this scenario, the country code is set to US.
モトローラ・ソリューションズ株式会社 http://www.motorolasolutions.com/JP 〒106-0032 東京都港区六本木一丁目8番7号 アーク八木ヒルズ TEL.(03)6365-7000 FAX.(03) 3582-5673 MOTOROLA,MOTO,MOTOROLA SOLUTIONS and the Stylized M Logo are trademarks or registered trademarks of Motorola Trademark Holdings,LLC and are used under license.All other trademarks are the property of their respective owners. © 2011 Motorola Solutions,Inc.All Rights Reserved.
