Motorola ws2000 wireless switch cli reference guide
Upcoming SlideShare
Loading in...5
×
 

Motorola ws2000 wireless switch cli reference guide

on

  • 1,094 views

 

Statistics

Views

Total Views
1,094
Views on SlideShare
1,094
Embed Views
0

Actions

Likes
0
Downloads
2
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Motorola ws2000 wireless switch cli reference guide Motorola ws2000 wireless switch cli reference guide Document Transcript

  • MWS2000 Wireless Switch CLI Reference Guide
  • © 2009 Motorola, Inc. All rights reserved.MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. Symbol is a registeredtrademark of Symbol Technologies, Inc. All other product or service names are the property of their respective owners.
  • ContentsChapter 1: Product Overview 1.1 WS2000 Wireless Switch CLI Reference Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 1.2 System Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4 1.3 Hardware Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5 1.4 Software Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7Chapter 2: Admin and Common Commands 2.1 Common Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 ? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3 help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4 quit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5 save . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6 .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7 / . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8 2.2 Admin Menu Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9 passwd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-10 summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11Chapter 3: Network CLI Commands Reference 3.1 network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1 3.2 Network AP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 ap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4 copydefaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6 forget . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8 remap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9 reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10 revert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-11 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-15 3.3 Network AP Default Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17 default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-18 loadfromcf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-20
  • TOC-2 WS2000 Wireless Switch CLI Reference Guide show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-21 3.4 Network AP Test Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22 test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22 new . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-23 3.5 Network AP Selfheal commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24 selfheal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-25 detect-neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-26 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-27 del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-28 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-29 3.6 Network AP Denyap Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-30 denyap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-30 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-31 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-32 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-33 3.7 Network AP Smartscan Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-34 smartscan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-34 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-35 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-36 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-37 3.8 Network AP Test Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-38 test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-38 new . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-39 3.9 Network AP Mesh Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-40 mesh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-40 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-41 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-43 del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-44 preferred-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-45 available-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-46 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-47 3.10 Network DCHP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-48 dhcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-48 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-49 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-50 3.11 Network Firewall Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-51 fw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-51 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-52 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-54 timeradd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-55 timerdel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-56 timerlist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-57 timerset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-58 3.12 Network Firewall Intrusion Prevention System Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-59 ips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-59 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-60 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-62
  • TOC-33.13 Network Firewall Policy Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-64 policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-64 import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-653.14 Network Firewall Policy Inbound Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-66 inbound . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-66 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-67 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-68 insert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-69 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-70 move . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-71 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-723.15 Network Firewall Policy Outbound Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-73 outbound . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-73 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-74 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-75 insert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-76 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-77 move . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-78 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-793.16 Network Firewall Submap Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-80 submap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-80 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-81 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-83 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-84 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-85 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-863.17 Network LAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-87 lan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-87 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-88 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-90 updateDNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-91 updateAllDNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-923.18 Network LAN DHCP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-93 dhcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-93 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-94 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-95 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-96 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-97 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-99 renew . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1003.19 Network LAN Bridge commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-101 bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-101 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-102 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1043.20 Network QoS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-105 qos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-105 clear . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-106 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-107
  • TOC-4 WS2000 Wireless Switch CLI Reference Guide show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-108 3.21 Network Router Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-109 router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-109 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-110 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-111 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-112 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-113 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-114 3.22 Network VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-115 vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-115 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-116 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-117 3.23 Network WAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-118 wan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-118 renew . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-119 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-120 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-122 3.24 Network WAN App Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-123 app . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-123 addcmd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-124 delcmd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-126 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-128 3.25 Network WAN DynDNS Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-129 dyndns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-129 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-130 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-131 update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-132 3.26 Network WAN L2TPVPN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-133 l2tpvpn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-133 show-connected-users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-134 3.27 Network WAN L2TPVPN LNS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-135 lns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-135 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-136 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-138 3.28 Network WAN L2TPVPN Users Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-139 users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-139 add-user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-140 delete-user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-141 delete-all-users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-142 show-user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-143 show-all-users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-144 3.29 Network WAN TrunkIPFPolicy Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-145 trunkipfpolicy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-145 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-146 del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-147 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-148 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-149
  • TOC-53.30 Network WAN NAT Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-150 nat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-150 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-151 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-152 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-153 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-154 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1553.31 Network WAN VPN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-156 vpn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-156 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-157 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-158 ikestate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-159 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-160 reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-161 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-162 stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1673.32 Network WAN VPN Cmgr Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-168 cmgr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-168 delca . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-169 delprivkey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-170 delself . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-171 expcert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-172 export-req . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-173 genreq . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1743.33 Network WAN VPN Cmgr impcert Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-175 impcert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-175 listca . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-176 listprivkey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-177 listself . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-178 loadca . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-179 loadself . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-180 showreq . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1813.34 Network WLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-182 wlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-182 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-183 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-184 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-185 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-186 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1913.35 Network WLAN Rogue AP Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-193 rogueap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-193 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-194 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1953.36 Network WLAN Rogue AP Approvedlist Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-196 approvedlist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-196 ageoute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-197 approve . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-198 erase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-199
  • TOC-6 WS2000 Wireless Switch CLI Reference Guide show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-200 3.37 Network WLAN Rogue AP Roguelist Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-201 roguelist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-201 ageout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-202 approve . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-203 erase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-204 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-205 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-206 deauth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-207 3.38 Network WLAN Rogue AP Rogue List Locate Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-208 locate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-208 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-209 start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-210 3.39 Network WLAN Rogue AP Rogue List MU Scan Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-211 muscan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-211 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-212 start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-213 3.40 Network WLAN Rogue AP Rule List Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-214 rulelist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-214 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-215 authsymbolap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-216 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-217 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-218 3.41 Network WLAN Enhanced Rogue AP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-219 enhancedrogueap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-219 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-220 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-221 3.42 Network WLAN MU Probe Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-222 muprobe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-222 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-223 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-224 3.43 Network WLAN Hotspot Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-225 hotspot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-225 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-226 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-228 import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-229 3.44 Network WLAN Hotspot RADIUS commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-230 radius . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-230 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-231 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-232 3.45 Network WLAN Hotstpot White-list Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-234 white-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-234 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-235 clear . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-236 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-237 3.46 Network WLAN WLAN IP Fiter Policy Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-238 wlanipfpolicy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-238
  • TOC-7 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-239 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-240 del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-241 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2423.47 Network Port Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-243 port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-243 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-244 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2453.48 Network IP Filter Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-246 ipfilter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-246 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-247 del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-248 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2493.49 Network WIPS Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-250 wips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-250 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-251 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-252 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-253 convert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-254 revert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-255 update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2563.50 Network WIPS Default commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-257 defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-257 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-258 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2593.51 Network WIDS Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-260 wids . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-260 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-261 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-262 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2663.52 Network URL Filter Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-267 urlfilter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-267 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-268 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2693.53 Network URL Filter Keyword Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-270 keyword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-270 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-271 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-272 removeall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-273 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2743.54 Network URL Filter White list Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-275 whitelist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-275 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-276 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-277 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2783.55 Network URL Filter Black List Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-279 blacklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-279 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-280
  • TOC-8 WS2000 Wireless Switch CLI Reference Guide delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-281 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-282 3.56 Network URL Filter Trusted IP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-283 trustip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-283 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-284 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-285 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-286Chapter 4: System CLI Commands Reference 4.1 system. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1 lastpw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 exec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3 4.2 System Authentication Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6 4.3 System Authentication RADIUS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7 radius . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9 4.4 System Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-10 config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-10 default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-11 export . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12 import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-14 partial . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-18 update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-19 sensor-fw-update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-20 loadtocf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-21 4.5 System Logs Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-22 logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-22 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23 send . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-24 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-25 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-26 view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-27 4.6 System NTP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-28 ntp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-28 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-29 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-30 date-zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-31 zone-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-32 4.7 System RADIUS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-33 radius . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-33 generate-dh-param . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-34 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-35
  • TOC-9 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-364.8 System RADIUS Client Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37 client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-38 del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-39 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-404.9 System RADIUS EAP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-41 eap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-41 import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-42 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-43 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-444.10 System RADIUS EAP PEAP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-45 peap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-45 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-46 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-474.11 System RADIUS EAP TTLS Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-48 ttls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-48 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-49 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-504.12 System RADIUS LDAP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-51 ldap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-51 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-52 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-54 import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-55 join . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-564.13 System RADIUS Policy Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-57 policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-57 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-58 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-594.14 System RADIUS Proxy Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-60 proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-60 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-61 del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-62 clearall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-63 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-64 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-654.15 System Redundancy Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-66 redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-66 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-67 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-694.16 System SNMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-70 snmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-704.17 System SNMP Access Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-71 access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-71 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-72 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-74 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-76
  • TOC-10 WS2000 Wireless Switch CLI Reference Guide show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-77 4.18 System SNMP Traps Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-78 traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-78 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-79 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-81 list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-82 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-83 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-87 4.19 System SSH Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-89 ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-89 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-90 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-91 4.20 System User Database Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-92 userdb . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-92 4.21 System User Database Group Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-93 group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-93 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-94 create . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-95 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-96 clearall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-98 remove . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-99 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-100 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-102 4.22 System User Database User Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-103 user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-103 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-104 del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-105 clearall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-106 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-107 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-108 4.23 System User Database User Guest commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-109 guest . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-109 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-110 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-111 clear . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-112 4.24 System WS2000 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-113 WS2000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-113 add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-114 delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-115 restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-116 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-117 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-121 4.25 System CF commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-122 cf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-122 ls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-123 4.26 System HTTP commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-124 http . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-124 import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-125
  • TOC-11 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-126 4.27 System Test Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-127 test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-127 set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-128 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-129Chapter 5: Statistics Commands 5.1 stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1 5.2 Stats Show Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2 5.3 Statistics RF Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5 rf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5 reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6 show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7
  • TOC-12 WS2000 Wireless Switch CLI Reference Guide
  • Product Overview 1.1 WS2000 Wireless Switch CLI Reference Guide This guide is intended to support administrators responsible for understanding, configuring and maintaining the Wireless Switch. This document provides information for the system administrator to use the command line interface during the initial setup and configuration of the system. It also serves as a reference guide for the administrator to use while updating or maintaining the system.1.1.1 About this Document This document contains information on all command that configure the WS2000 Wireless Switch. To view the command syntax and a brief help on each command on your WS2000 Wireless Switch console, use the following syntax: admin> <command> ? We recommend viewing this Command Line Reference Guide with Adobe Acrobat 5.0 or higher.
  • 1-2 WS2000 Wireless Switch CLI Reference Guide 1.1.2 Document ConventionsNotes and Warnings NOTE: Indicates special tips or requirements CAUTION: Indicates a condition that can cause equipment damage or data loss WARNING! Indicates a condition or procedure that could result in personal injury or equip- ment damageCLI Conventions command / keyword The first word is always a command. Keywords are words that must be entered as is. Commands and keywords are mandatory. For example, the command, admin(network.wan)> show ip 1 is documented as show ip <idx> where: • show – The command • ip – The keyword <variable> Variables are described with a short description enclosed within a ‘<‘ and a ‘>’ pair. For example, the command, admin(network.wan)> show ip 1 is documented as show ip <idx> where: • show – The command – Display information. • ip – The keyword – The IP address • <idx> – The variable – WAN Index value.
  • Product Overview 1-3| The pipe symbol. This is used to separate the variables/keywords in a list. For example, the command admin(network.wan.vpn)> set ..... is documented as set [ike|type|sub|remip|......] where: • set – The command • [ike|type|sub|remip|...] – Indicates the different commands that can be combined with the set command. However, only one of the above list can be used at a time. set ike ... set type ... set sub ... set remip ...[] Of the different keywords and variables listed inside a ‘[‘ & ‘]’ pair, only one can be used. Each choice in the list is separated with a ‘|’ (pipe) symbol. For example, the command admin(network.wan)> show ... is documented as show [ip|pppoe] where: • show – The command • [ip|pppoe] – Indicates that two keywords are available for this command and only one can be used at a time{} Any command/keyword/variable or a combination of them inside a ‘{‘ & ‘}’ pair is optional. All optional commands follow the same conventions as listed above. However they are displayed italicized. For example, the command admin(network.wan.vpn)> list .... is documented as list {<name>} Here: • list – The command. This command can also be used as list • {<name>} – The optional variable <name>.. The command can also be extended as list vpn_tunnel_01 Here the value vpn_tunnel_01 is an optional tunnel name.values Values to be entered as shown in Blue. For example, the command admin(network.wan)> show ip .... is documented as show ip <idx> This command’s parameter <idx> is described as under: “<idx> – <idx> (1-8) is the Wlan Index.”
  • 1-4 WS2000 Wireless Switch CLI Reference Guide 1.2 System Overview The WS2000 Wireless Switch provides a low-cost, feature-rich option for sites with one to six Access Ports. The WS2000 Wireless Switch works at the center of a network’s infrastructure to seamlessly and securely combine wireless LANs (WLANs) and wired networks. The switch sits on the network. Wireless Access Ports connect to one of the six available ports on the switch and the external wired network (WAN) connects to a single 10/100 Mbit/sec. WAN port. Mobile units (MUs) associate with the switch via an Access Port. When an MU contacts the switch, the switch cell controller services attempt to authenticate the device for access to the network. The WS2000 Wireless Switch acts as a WAN/LAN gateway and a wired/wireless switch. 1.2.1 Management of Access Ports This wireless switch provides six 10/100 Mbit/sec. LAN ports for internal wired or wireless traffic. Four of these ports provide IEEE 802.3af-compliant Power over Ethernet (PoE) support for devices that require power from the Ethernet connection (such as Access Ports). Administrators can configure the six ports to communicate with a private LAN or with an Access Port for a wireless LAN (WLAN). The switch provides up to four extended service set identifiers (ESSIDs) for each Access Port connected to the switch. 1.2.1.1 Firewall Security The LAN and Access Ports are placed behind a user-configurable firewall that provides stateful packet inspection. The wireless switch performs network address translation (NAT) on packets passing to and from the WAN port. This combination provides enhanced security by monitoring communication with the wired network. 1.2.1.2 Wireless LAN (WLAN) Security Administrators can configure security settings independently for each ESSID. Security settings and protocols available with this switch include: • Kerberos • WEP-64 • WEP-128 • 802.1x with RADIUS • 802.1x with Shared Key • KeyGuard • WPA/WPA2-TKIP • WPA2/CCMP (802.11i) 1.2.1.3 VPN Security Virtual Private Networks (VPNs) are IP-based networks that use encryption and tunneling to give users remote access to a secure LAN. In essence, the trust relationship is extended from one LAN across the public network to another LAN, without sacrificing security. A VPN behaves similarly to a private network; however, because the data travels through the public network, it needs several layers of security. The WS2000 Wireless Switch acts as a robust VPN gateway.
  • Product Overview 1-5 1.3 Hardware Overview The WS2000 Wireless Switch provides a fully integrated solution for managing every aspect of connecting wireless LANs (WLANs) to a wired network. This wireless switch can connect directly to a cable or DSL modem, and can also connect to other wide area networks through a Layer 2/3 device (such as a switch or router). The switch includes the following features: • One WAN (RJ-45) port for connection to a DSL modem, cable modem, or any other Layer 2/3 network device. • Six 10/100 Mbit/sec. LAN (RJ-45) ports: four ports provide 802.3af “Power over Ethernet” (PoE) support; the other two do not provide power. • Each port has two LEDs, one indicating the speed of the transmission (10 or 100 Mbit/sec.), the other indicating whether there is activity on the port. The four LAN ports with PoE have a third LED that indicates whether power is being delivered over the line to a power device (such as an Access Port). (See the WS 2000 Wireless Switch LED explanation for more information on the meaning of the different state of the LEDs.) • A DB-9 serial port for direct access to the command-line interface from a PC. Use Symbol’s Null-Modem cable (Part No. 25-632878-0) for the best fitting connection. • A CompactFlash slot that provides AirBEAM® support.1.3.1 Technical Specifications1.3.1.1 Physical Specifications • Width: 203 mm • Height: 38 mm • Depth: 286 mm • Weight: 0.64 kg1.3.1.2 Power Specifications • Maximum Power Consumption: 90-256 VAC, 47-63 Hz, 3A • Operating Voltage: 48 VDC • Operating Current: 1A • Peak Current: 1.6A1.3.1.3 Environmental Specifications • Operating Temperature: 0ºC to 40ºC • Storage Temperature: -40ºC to 70ºC • Operating Humidity: 10% to 85% Non-condensing • Storage Humidity: 10% to 85% Non-condensing • Operating Altitude: 2.4 Km • Storage Altitude: 4.6 km
  • 1-6 WS2000 Wireless Switch CLI Reference Guide 1.3.2 WS 2000 Wireless Switch LED Functions The switch has a large blue LED on the right front that indicates that the switch is powered on. Each port on the WS 2000 Wireless Switch has either two or three LEDs that indicate the status of the port. Ports 1-4, which supply 802.3af Power over Ethernet (PoE), have three LEDs. The remaining two non-powered LAN ports and the WAN port have two LEDs. Location Function Upper left LED This LED is present on all ports and indicates the speed of the transmissions through the port. The LED is on when the transmission rate is 100 Mbit per second (100BaseT). The light is off when the transmission rate is 10 Mbit per second. Upper right LED This LED indicates activity on the port. This light is solid yellow when a link to a device is made. The light flashes when traffic is being transferred over the line. Lower LED This LED is only present on Ports 1-4. These ports provide 802.3af Power over Ethernet (PoE) support to devices (such as Access Ports). The LED has several states: OFF—A non-power device (or no device) is connected; no power is being delivered. GREEN—The switch is delivering 48 volts to the power device connected to that port. RED—There was a valid PoE connection; however, the switch has detected that the power device is faulty. The red light will remain until a non-faulty connection is made to the port.
  • Product Overview 1-7 1.4 Software Overview The WS2000 Wireless Switch software provides a fully integrated solution for managing every aspect of connecting Wireless LANs (WLANs) to a wired network, and includes the following components:1.4.1 Operating System (OS) Services Operating System (OS) Services determine how the WS2000 Wireless Switch communicates with existing network and operating system-centric software services, including: • Dynamic Host Configuration Protocol (DHCP) • Telnet and File Transfer Protocol (FTP/TFTP) servers • The Simple Network Time Protocol (SNTP) client, used to keep switch time synchronized for Kerberos authentication • A mechanism for setting up a redundant (secondary) switch that takes over if the primary switch fails1.4.2 Cell Controller Services The Cell Controller provides the ongoing communication between mobile units (MUs) on the Wireless LAN (WLAN) and the wired network. Cell Controller services perform the following: • Initialize the Access Ports • Maintain contact with Access Ports by sending a synchronized electronic “heartbeat” at regular intervals • Track MUs when they roam from one location to another • Manage security schemes based on system configuration • Maintain system statistics • Store policies and Access Port information • Detect and manage rogue Access Ports • Management of communications QoS1.4.3 Gateway Services Gateway services provide interconnectivity between the Cell Controller and the wired network, and include the following: • System management through a Web-based Graphical User Interface (GUI) and SNMP • 802.1x RADIUS client • Security, including Secure Sockets Layer (SSL) and Firewall • Network Address Translation (NAT), DHCP services, and Layer 3 Routing • Virtual Private Network (VPN)
  • 1-8 WS2000 Wireless Switch CLI Reference Guide
  • Admin and Common CommandsThe term Common Commands is used to indicate that these commands are available through the WS2000Wireless Switch’s CLI. These commands provide easy access to help, navigation, and to save configurationchanges.This chapter also lists of commands available at the admin menu.• Common Commands• Admin Menu Commands
  • 2-2 WS2000 Wireless Switch System Reference Guide 2.1 Common Commands Admin and Common Commands The following commands are available through the WS2000 CLI. Command Description Ref. ? Displays the list of commands in the current menu. page 2-3 help Displays general user interface help. page 2-4 save Saves the configuration to the system flash. page 2-6 quit Quits the CLI. page 2-5 .. Goes to the parent menu. page 2-7 / Goes to the root menu. page 2-8
  • Admin and Common Commands 2-32.1.1 ? Command ? Common Commands Displays the commands available under the admin menu. Syntax ? Parameters None Example admin> ? admin>? help : display general user interface help passwd : change password summary : show system summary network : go to network sub menu stats : go to stats sub menu system : go to system sub menu save : save cfg to system flash quit : quit cli .. : go to parent menu / : go to root menu
  • 2-4 WS2000 Wireless Switch System Reference Guide 2.1.2 help Command help Common Commands Displays general CLI user interface help. Syntax help Parameters None Example admin>help ? : display command help - Eg. ?, show ?, s? <ctrl-q> : go backwards in command history <ctrl-p> : go forwards in command history * Note : commands can be incomplete - Eg. sh = sho = show
  • Admin and Common Commands 2-52.1.3 quit Command quit Common Commands Quits the command line interface. Requires you to logon again. This command appears in all the submenus under admin menu. In each case, it has the same function, to exit out of the CLI. Syntax quit Parameters None Example admin>quit
  • 2-6 WS2000 Wireless Switch System Reference Guide 2.1.4 save Command save Common Commands Saves the configuration to system flash. This command appears in all of the submenus under admin. In each case, it has the same function, to save the configuration. The save command must be issued before leaving the CLI for the settings to be retained. Syntax save Parameters none Example admin> save admin>
  • Admin and Common Commands 2-72.1.5 .. Command .. Common Commands Displays the parent menu of the current menu. This command appears in all of the submenus under admin. In each case, it has the same function, to move up one level in the directory structure. Syntax .. Parameters None Example admin(network.ap) .. admin(network) admin(network) .. admin>
  • 2-8 WS2000 Wireless Switch System Reference Guide 2.1.6 / Command / Common Commands Displays the root menu, that is, the top-level CLI menu. This command appears in all of the submenus under admin. In each case, it has the same function, to move up to the top level in the directory structure. Syntax / Parameters None Example admin(network.wan.nat)> / admin>
  • Admin and Common Commands 2-92.2 Admin Menu Commands Admin and Common Commands The following commands are only available at the admin menu. Command Description Ref. passwd Changes the admin password. page 2-10 summary Displays a system summary. page 2-11 network Goes to the network menu. page 3-1 system Goes to the system menu. page 4-1 stats Goes to the statistics menu. page 5-1
  • 2-10 WS2000 Wireless Switch System Reference Guide 2.2.1 passwd Command passwd Admin Menu Commands Changes the password for the administrative logins - admin, guest-admin, and manager. Syntax passwd [admin|manager|guest-admin] Parameters passwd Passwords for the Administrator, Guest-admin, and Manager accounts [admin|manager|guest-admin] can be changed. To change password, type the old password once and the new password twice at their respective prompts. Passwords can be up to 11 characters. Example: admin>passwd admin Old Admin Password:****** New Admin Password:****** Verify Admin Password:******
  • Admin and Common Commands 2-112.2.2 summary Command summary Admin Menu Commands Displays system summary for the WS2000 Wireless Switch. The information displayed includes high-level characteristics and settings for WAN, subnet, and WLAN. Syntax summary Parameters None Example admin> summary System Information WS2000 firmware version : 2.4.0.0-005X country code : us WLAN 1 Information ess identifier : Bharat wlan mode : enable vlan_id : 1 enc type : none auth type : none WLAN 2 Information ess identifier : 102 wlan mode : disable vlan_id : 2 enc type : none auth type : none WLAN 3 Information ess identifier : 103 wlan mode : disable vlan_id : 3 enc type : none auth type : none WLAN 4 Information ess identifier : 104 wlan mode : disable vlan_id : 4 enc type : none auth type : none
  • 2-12 WS2000 Wireless Switch System Reference Guide WLAN 5 Information ess identifier : 105 wlan mode : disable vlan_id : 5 enc type : none auth type : none WLAN 6 Information ess identifier : 106 wlan mode : disable vlan_id : 6 enc type : none auth type : none WLAN 7 Information ess identifier : 107 wlan mode : disable vlan_id : 7 enc type : none auth type : none WLAN 8 Information ess identifier : 108 wlan mode : disable vlan_id : 8 enc type : none auth type : none Subnet 1 Information subnet interface : enable ip address : 192.168.0.50 network mask : 255.255.255.0 dhcp mode : server default gateway : 192.168.0.50 ports : port1 port2 port3 port4 port5 port6 wlan : wlan1 Subnet 2 Information subnet interface : disable ip address : 192.168.1.1 network mask : 255.255.255.0 dhcp mode : server default gateway : 192.168.1.1 ports : wlan : wlan2
  • Admin and Common Commands 2-13Subnet 3 Informationsubnet interface : disableip address : 192.168.2.1network mask : 255.255.255.0dhcp mode : serverdefault gateway : 192.168.2.1ports :wlan : wlan3Subnet 4 Informationsubnet interface : disableip address : 192.168.3.1network mask : 255.255.255.0dhcp mode : serverdefault gateway : 192.168.3.1ports :wlan : wlan4Subnet 5 Informationsubnet interface : disableip address : 192.168.4.1network mask : 255.255.255.0dhcp mode : serverdefault gateway : 192.168.4.1ports :wlan :Subnet 6 Informationsubnet interface : disableip address : 192.168.5.1network mask : 255.255.255.0dhcp mode : serverdefault gateway : 192.168.5.1ports :
  • 2-14 WS2000 Wireless Switch System Reference Guide
  • Network CLI Commands Reference Network commands are used to configure the different network parameters of the WS2000 Wireless Switch.3.1 network Admin Menu Commands Use the network command to go the Network menu. admin> network admin(network)> The following commands are available under the Network menu: Command Description Ref. ap Goes to the Access Port Submenu. page 3-3 dhcp Goes to the DHCP Submenu page 3-48 fw Goes to the Firewall Submenu page 3-51 ipfilter Goes to the IP Filter Submenu page 3-234 lan Goes to the LAN Submenu page 3-87 port Goes to the Port Submenu page 3-231 qos Goes to the QOS Submenu page 3-105 router Goes to the Router Submenu page 3-109 urlfilter Goes to the URL Filter Submenu page 3-255 vlan Goes to the VLAN Submenu page 3-115 wan Goes to the WAN Submenu page 3-118 wids Goes to the WIDS Submenu page 3-248 wips Goes to the WIPS Submenu page 3-238 wlan Goes to the WLAN Submenu page 3-170 save Saves the configuration to system flash page 2-6 quit Quits the CLI page 2-5 .. Goes to the parent menu page 2-7 / Goes to the root menu page 2-8
  • 3-2 WS2000 Wireless Switch System Reference Guide
  • Network CLI Commands Reference 3-33.2 Network AP Commands ap network Displays the Access Port submenu. The functionality provided by this menu is supplied by various screen under the Wireless menu item of the Web interface. Syntax admin(network)> ap admin(network.ap)> The items available under this command are shown below. Command Description Ref add Adds entries to the Access Port adoption list. page 3-4 copydefaults Copies default AP settings to a connected AP. page 3-5 default Goes to the default submenu. page 3-17 delete Deletes entries from the Access Port adoption lists. page 3-6 denyap Goes to the Deny AP submenu page 3-30 forget Forgets AP parameters page 3-7 list Lists entries in the Access Port adoption list. page 3-8 mesh Goes to the Mesh submenu page 3-40 remap Remaps channels for the AP in auto mode. page 3-9 reset Resets an Access Port. page 3-10 revert Reverts AP to Access Point (AP4131 or AP4121) page 3-11 selfheal Goes to the Self-heal submenu page 3-24 set Sets Access Port parameters. page 3-12 show Shows Access Port parameters. page 3-15 smartscan Goes to the Smart scan submenu page 3-34 test Goes to the test submenu. page 3-38 save Saves the configuration to system flash page 2-6 quit Quits the CLI page 2-5 .. Goes to the parent menu page 2-7 / Goes to the root menu page 2-8
  • 3-4 WS2000 Wireless Switch System Reference Guide 3.2.1 Network AP add Command add Network AP Commands Adds entries to the Access Port adoption list. This allows the Access Ports with the MAC addresses specified in the command to associate with the specified WLAN. Performs functionality available in the Access Port Adoption List area of the Wireless screen. Syntax add <idx> <mac1> <mac2> Parameters <idx> The WLAN ID (1-8) <mac1> The starting mac address for the range <mac2> The last mac address in the range Example admin(network.ap)> add 1 00A0F8BFE9B0 00A0F8BFE9B0 admin(network.ap)list 1 admin(network.ap)>list 1 ------------------------------------------------------------------- index start mac end mac ------------------------------------------------------------------- 1 00A0F8BFE9B0 00A0F8BFE9B0 2 001570165200 001570165200 3 00A0F8B54D68 00A0F8B54D68 4 00A0F8BFEE3C 00A0F8BFEE3C admin(network.ap)> Related Commands delete Removes the MAC address range from the adoption list for the specified WLAN. list Displays entries in the Access Port adoption list.
  • Network CLI Commands Reference 3-53.2.2 Network AP copydefaults Command copydefaults Network AP Commands Copies default Access Port settings to a connected Access Port. In the Web interface, the defaults are set on the Wireless, default AP screens (one for each radio type). Syntax copydefault <idx> Parameters <idx> The id of the AP to copy the defaults to Example admin(network.ap)>copydefaults 1 admin(network.ap)> Related Commands network.ap.default)> Lists the current default settings for a selected Access Port type. show default show status Lists the index numbers for all currently connected Access Ports. show ap Gets information about a particular Access Port.
  • 3-6 WS2000 Wireless Switch System Reference Guide 3.2.3 Network AP delete Command delete Network AP Commands Deletes entries from the Access Port adoption list. In the Web interface, this functionality is found on the Wireless screen in the Access Port Adoption list area. Syntax delete <idx> [<entry>|all] Parameters <idx> [<entry>|all] Deletes an entry in the Access Port adoption list as specified by <entry>, which is the number listed in the adopted list (use the list command) for WLAN <idx> (1-8). all indicates deleting all the adoption list entries. Example The following example first lists out the adoption list entries for WLAN 1, deletes the second entry for WLAN 1, and finally displays the list for WLAN 1 showing that the entry has been deleted. admin(network.ap)>list 1 ------------------------------------------------------------------------- index start mac end mac ------------------------------------------------------------------------- 1 000000000000 00306542B965 2 004000000000 005000000000 admin(network.ap)>delete 1 2 admin(network.ap)>list 1 ------------------------------------------------------------------------- index start mac end mac ------------------------------------------------------------------------- 1 000000000000 00306542B965 Related Commands add Adds entries to the adoption list. list Lists entries in the Access Port adoption list.
  • Network CLI Commands Reference 3-73.2.4 Network AP forget Command forget Network AP Commands Forgets the AP parameters at a particular index specified by the <idx> value. Syntax forget [<idx>|all] Parameters <idx>|all <idx> – The index to remove the AP parameters. all – Removes all AP parameters from all the indices in the AP adoption list. Example The following syntax shows the forget command. admin(network.ap)>forget 1 admin(network.ap)>save
  • 3-8 WS2000 Wireless Switch System Reference Guide 3.2.5 Network AP list Command list Network AP Commands Displays entries in the Access Port adoption list for a specified wireless LAN. Syntax list <idx> Parameters <idx> Lists the Access Port adoption entries for WLAN <idx> (1-8). Example The following example shows the access port adoption list for WLAN 1. admin(network.ap)>list 1 ---------------------------------------------------------------------- index start mac end mac ----------------------------------------------------------------------1 1 00A0F8BFE9B0 00A0F8BFE9B0 2 001570165200 001570165200 3 00A0F8B54D68 00A0F8B54D68 4 00A0F8BFEE3C 00A0F8BFEE3C Related Commands add Adds entries to the adoption list. delete Deletes entries from the adoption list.
  • Network CLI Commands Reference 3-93.2.6 Network AP remap Command remap Network AP Commands Remaps the channels for a radio at index specified by <idx>. Syntax remap [<idx>|all] Parameters <idx>|all <idx> – Remaps all channels for a radio specified by the index <idx> all – Remaps all channels for all the radios in auto channel selection mode. Example admin(network.ap)>list 1 -------------------------------------------- index start mac end mac -------------------------------------------- 1 00A0F8BFE9B0 00A0F8BFE9B0 2 001570165200 001570165200 3 00A0F8B54D68 00A0F8B54D68 4 00A0F8BFEE3C 00A0F8BFEE3C admin(network.ap)>remap 3
  • 3-10 WS2000 Wireless Switch System Reference Guide 3.2.7 Network AP reset Command reset Network AP Commands Resets an Access Port. Syntax reset ap <idx> Parameters ap <idx> <idx> – Resets the Access Port with index <idx> in the Access Port Adoption list. Example --------------------------------------- index start mac end mac --------------------------------------- 1 00A0F8BFE9B0 00A0F8BFE9B0 2 001570165200 001570165200 3 00A0F8B54D68 00A0F8B54D68 4 00A0F8BFEE3C 00A0F8BFEE3C admin(network.ap)>reset ap 2 admin(network.ap)>
  • Network CLI Commands Reference 3-113.2.8 Network AP revert Command revert Network AP Commands Reverts an Access Port to an Access Point (Only on AP4131 or AP4121). Syntax revert ap <idx> Parameters ap <idx> <idx> – Reverts the Access Port with index <idx> to an Access Point. Only on AP4131 and AP 4121. Example admin(network.ap)>revert ap 1 admin(network.ap)>
  • 3-12 WS2000 Wireless Switch System Reference Guide 3.2.9 Network AP set Commands set Network AP Commands Sets Access Port parameters. Syntax set [beacon|ch_mode|div|dtim|loc|name|primary|rate| reg|rts|short-pre|802.1x|ap_scan|mac|radio_type| ap_type|sip_cac_mode|allowed_sip_session] Parameters beacon intvl Sets the beacon interval for Access Port <idx> (1–12) to <interval> in K-us (50– <idx> <interval> 200). ch_mode <idx> Sets the channel mode for Access Port <idx> (1–12) to fixed, random or auto. [fixed|random|auto] div <idx> <mode> Sets the default antenna diversity to <mode> (one of full, primary, or secondary). dtim <idx> Sets the DTIM period for Access Port <idx> to <period> (number of beacons from [<period>|<bss_idx 1–50). <period>]] <bss_idx> is the index of the BSSID. If not specified for the AP300, the default value of 1 is assumed for this parameter. For other APs, the <period> value is used for all the BSSIDs. loc <idx> <loc> Sets Access Port <idx> location description to <loc> (1–13 characters). name <idx> <name> Sets Access Port <idx> name to <name> (1–13 characters). primary <idx> <widx> Sets the primary WLAN <widx> (the WLAN index from 1 to 8) for 802.11a radio associated with Access Port <idx> (1-12). The ESS ID configured for this WLAN will be used in the 802.11a beacon as the primary ESS. Note: This parameter is used only for AP200 APs with 802.11a radios rate <idx> <basic> Sets Access Port <idx> (1-12) basic and supported rates. <basic> and <supported> <supported> must be comma-separated lists of rates, such as 6,9,11,15 with no spaces. Basic rates are a subset of supported rates. The different types of radio support the following rates. A - 6|9|12|18|24|36|48|54 B - 1|2|5.5|11 G - 1|2|5.5|6|9|11|12|18|24|36|48|54 Note: For a G radio, basic rates must be a subset of B Rates in order to associate legacy B stations. reg <idx> <indoor> <ch> Sets Access Port <idx> (1-12)regulatory parameters, which <indoor> is one of <pwr> in or in/out; <ch> is the channel to use, and <pwr> is the power (in dB from 4 to 20). Select the value of <ch> from the appropriate list. 802.11b ch -- 1 to 14 802.11a ch -- 36,40,44,48,52,56,60,64,149,153,157,161 Note: Regulatory parameter values depend on country of operation and radio type. Refer to documentation for regulatory information. rts <idx> <bytes> Sets the RTS threshold for Access Port <idx> (1-12) to <bytes> (e.g., 2341).
  • Network CLI Commands Reference 3-13short-pre <idx> Enables or disables the short preamble mode for Access Port <idx> (1-12)[enable|disable]802.1x <username> Sets the 802.1x username and password on AP 300 Access Ports. Both<password> parameters can be up to 64 characters long.mac <idx> <mac> Sets the MAC address of AP <idx> (1-12) to <mac> (MAC address format is XX:XX:XX:XX:XX:XX)ap_scan <idx> <mode> Sets the scan mode for Rogue AP detection where <idx> (1-12) is the access port index and <mode> is one of none, detector, on-chan, full-detector.radio_type <idx> Sets the Radio Type of an access port where <idx> (1-12) is the access port<radio_type> index and <radio_type> is one of 802.11a, 802.11b, 802.11b/g.ap_type <idx> Sets the AP type of an Access Port <idx> (1-12) to AP type. AP type<radio_type> <radio_type> is one of AP100, AP200, AP300sip_cac_mode Enables or disables SIP Call Admission Control.[enable|disable]allowed_sip_session Sets the allowed number of SIP sessions for this portal. The value for<idx> <sip_session> <sip_session> lies between 1 and 100. <idx> (1-12) is the access port index.legacy_mode Enables or disables legacy mode support for AP300s.[enable|disable]mu-power-adjustment Sets Symbol MUs operating power in dBm. <ap-index> is the index of the<ap-index> <adjvalue> Symbol AP and <adjvalue> is the MU power adjustment value in dBm (valid 0- 20)asset-name <idx> Sets asset name for the Access Port with <idx> (1-12) with <asset-name> (1-<asset-name> 50 characters)Example:admin(network.ap)>set short-pre enableadmin(network.ap)>set shor 1 enableadmin(network.ap)>set name 1 BigOfficeadmin(network.ap)>set dtim 1 25admin(network.ap)>set loc 1 BigBldgadmin(network.ap)>show ap 1ap name : BigOfficeap location : BigBldgap mac address : 00A0F8565656ap serial number : 00A0F8565656ap radio type : 802.11 Badopted by : WLAN1ap indoor use : indoor/outdoorap channel : 1ap radio power : 4 dBantenna gain : 0 dBirf power : 3 mWantenna type : externalap diversity : fullbasic rates : 1 2supported rates : 1 2 5.5 11rts threshold : 2341
  • 3-14 WS2000 Wireless Switch System Reference Guide beacon interval : 100 dtim period : 25 short preamble : enable security beacon (hide ess) : disable primary wlan index : wlan1 admin(network.ap)>
  • Network CLI Commands Reference 3-153.2.10 Network AP show Command show Network AP Commands Shows Access Port parameters. Syntax show [ap|status|sip|legacy-mode] Parameters ap <idx> Shows Access Port <idx> (1-12) radio parameters. status Shows a list of Access Ports and their status. sip <idx> Shows SIP statistics for the portal <idx> (1-12). legacy-mode Shows the legacy mode configuration for the switch Example admin(network.ap)>show ap 1 ap name : BigOffice ap location : BigBldg ap mac address : 00A0F8565656 ap serial number : 00A0F8565656 ap radio type : 802.11 B adopted by : WLAN1 ap indoor use : indoor/outdoor ap channel : 1 ap radio power : 4 dB antenna gain : 0 dBi rf power : 3 mW antenna type : external ap diversity : full basic rates : 1 2 supported rates : 1 2 5.5 11 rts threshold : 2341 beacon interval : 100 dtim period : 25 short preamble : enable security beacon (hide ess) : disable primary wlan index : wlan1 detector ap : disable admin(network.ap)>show status ap index : 1 ap status : connected ap index : 2 ap status : not connected ap index : 3
  • 3-16 WS2000 Wireless Switch System Reference Guide ap status : not connected ap index : 4 ap status : not connected ap status : not connected ap index : 6 ap status : not connected ap index : 7 ap status : not connected ap index : 8 ap status : not connected ap index : 9 ap status : not connected ap index : 10 ap status : not connected ap index : 11 ap status : not connected ap index : 12 ap status : not connected admin(network.ap)>show legacy-mode Legacy mode is enabled. Related Commands set Sets Access Port parameters.
  • Network CLI Commands Reference 3-173.3 Network AP Default Commands default Network AP Commands Displays the default Access Port (AP) submenu. Use these commands to set the default values for all APs. Syntax admin(network.ap)> default The items available under this command are shown below. Command Description Ref set Sets default Access Port parameters. page 3-18 loadfromcf Loads the configured images from the CF card immediately page 3-20 show Shows default Access Port parameters. page 3-21 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1 The items in this menu are available in the Web interface under the three default Access Port screens (one for each radio type) within the Wireless menu area.
  • 3-18 WS2000 Wireless Switch System Reference Guide 3.3.1 Network AP Default set Command set Network AP Default Commands Sets the default Access Port parameters. Syntax set [beacon|ch_mode|div|dtim|primary|reg|rate|rts|short-pre|sensor-img| ap4131-img|ap4121-img] Parameters beacon intvl <type> Sets the default beacon interval for specified radio type <type> (one of <interval> 802.11a, 802.11b, or 802.11b/g) to <interval> in K-us (50–200). ch-mode <type> Sets the default channel mode for radios of <type> (one of 802.11a, 802.11b, [fixed|random|auto] or 802.11b/g) to fixed, random, or auto. div <type> <mode> Sets the default antenna diversity for radios of <type> (one of 802.11a, 802.11b, or 802.11b/g) to <mode> (one of full, primary, or secondary). dtim <type> Sets the default DTIM period for radios of specified <type> (one of 802.11a, [<bss_idx>|<period>] 802.11b, or 802.11b/g) to <period> number of beacons (1–50). <bss_idx> is the index of the BSSID. If not specified for the AP300, the default value of 1 is assumed for this parameter. For other APs, the <period> value is used for all the BSSIDs. primary <type> <wdix> Sets the default primary WLAN <widx> (1 to 8) for 802.11a radios of specified <type> (one of 802.11a, 802.11b, or 802.11b/g). The ESS ID configured for this WLAN will be used in the 802.11a beacon as the primary ESS. Note: This parameter is used only for AP200 APs with 802.11a radios. rate <type> <basic> Sets the default basic and supported rates for radios of specified <type> (one <supported> of 802.11a, 802.11b, or 802.11b/g). <basic> and <supported> must be a comma separated list of rates, such as 6,9,11,15 with no spaces. Basic rates are a subset of supported rates. The different types of radio support the following rates. A - 6|9|12|18|24|36|48|54 B - 1|2|5.5|11 G - 1|2|5.5|6|9|11|12|18|24|36|48|54 Note: For a G radio, basic rates must be a subset of B Rates in order to associate legacy B stations. reg <type> <indoor> <ch> Sets the default regulatory parameters for radios of specified type (one of <pwr> 802.11a, 802.11b, or 802.11b/g), where <indoor> is one of in or in/out; <ch> is the channel to use, and <pwr> is the power (in dB from 4 to 20). Select the value of <ch> from the appropriate list. 802.11b ch -- 1 to 14 802.11a ch -- 36,40,44,48,52,56,60,64,149,153,157,161 Note: Note: Regulatory parameter values depend on the country of operation and radio type. Refer to the documentation for specific regulatory information. rts <type> <bytes> Sets the default RTS threshold for radios of specified <type> (one of 802.11a, 802.11b, or 802.11b/g) to <bytes> (e.g., 2341).
  • Network CLI Commands Reference 3-19short-pre <type> By default, enables or disables the short preamble mode for radios of[enable|disable] specified <type> (one of 802.11a, 802.11b, or 802.11b/g).sensor-img <loc> Sets the default location of the sensor image. Location is specified in the <loc> parameter.ap4131-img <loc> Sets the default location <loc> of the AP 4131 image. Select from cf or def.ap4121-img <loc> Sets the default location <loc> of the AP 4121 image. Select from cf or def.Exampleadmin(network.ap.default)>set ch_mode 802.11a fixedadmin(network.ap.default)>set dtim 802.11a 10admin(network.ap.default)>set short 802.11b/g enableadmin(network.ap.default)>show default 802.11aap indoor use : indoor onlyap channel : 36ap channel mode : randomap radio power : 17 dBm : 50 mWap diversity : fullbasic rates : 6 12 24supported rates : 6 9 12 18 24 36 48 54rts threshold : 2341beacon interval : 100-------------------------------------------------------------------------BSSID | DTIM period------------------------------------------------------------------------- 1 | 10 2 | 10 3 | 10 4 | 10short preamble : disableprimary wlan index : wlan1admin(network.ap.default)>Related Commandsshow default Displays the default AP settings for a particular radio type.
  • 3-20 WS2000 Wireless Switch System Reference Guide 3.3.2 Network AP Default loadfromcf Command loadfromcf Network AP Default Commands Immediately loads configured images from the CF card. Syntax loadfromcf Parameters None Example admin(network.ap.default)>loadfromcf
  • Network CLI Commands Reference 3-213.3.3 Network AP Default show Command show Network AP Default Commands Shows the default Access Port parameters for a particular radio type. Syntax show [default|img-location] Parameters default <type> Shows the default Access Port parameters for radio type <type> (802.11a, 802.11b, 802.11bg). img-location Shows the Sensor/Access Port image locations. Example admin(network.ap.default)>set ch_mode 802.11a fixed admin(network.ap.default)>set dtim 802.11a 10 admin(network.ap.default)>set short 802.11b/g enable admin(network.ap.default)>show default 802.11a ap indoor use : indoor only ap channel : 36 ap channel mode : random ap radio power : 17 dBm : 50 mW ap diversity : full basic rates : 6 12 24 supported rates : 6 9 12 18 24 36 48 54 rts threshold : 2341 beacon interval : 100 ---------------------------------------------------------------------- BSSID | DTIM period ---------------------------------------------------------------------- 1 | 10 2 | 10 3 | 10 4 | 10 short preamble : disable primary wlan index : wlan1 Related Commands set Sets the default parameters for the specified radio type.
  • 3-22 WS2000 Wireless Switch System Reference Guide 3.4 Network AP Test Commands test Network AP Commands Displays the test submenu. Syntax admin(network.ap)> test admin(network.ap.test)> The items available under this command are shown below Command Description Ref. new Switches the Access Port to a new channel. page 3-23 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • Network CLI Commands Reference 3-233.4.1 Network AP Test new Command new Network AP Test Commands Switches the specified Access Port to a new channel. Syntax new <idx> <ch> Parameters <idx> <ch> Switches the Access Port indexed with <idx> (1–12) to channel <ch> (which must be a valid channel for the specified Access Port. Example admin(network.ap.test)>new 2 15 admin(network.ap.test)>
  • 3-24 WS2000 Wireless Switch System Reference Guide 3.5 Network AP Selfheal commands selfheal Network AP Commands Displays the selfheal submenu. Syntax admin(network.ap)> selfheal The items available under this menu are shown below. Command Description Ref. set Sets self-heal parameters page 3-25 detect-neighbor Detects neighbors and prepares the neighbors list automatically page 3-26 add Adds entries to the self-heal table page 3-27 del Removes entries from the self-heal table page 3-28 show Shows entries in the self-heal table page 3-29 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • Network CLI Commands Reference 3-253.5.1 Network AP Selfheal set Command set Network AP Selfheal commands Sets the different self-heal parameters. Syntax set [interference-avoidance|neighbor-recovery] Parameters interference-avoidance • mode [enable|disable] – Sets the self-healing interference mode. Can be [mode one of enable or disable. [enable|disable] | • max-retries [<max-retires|default] – Sets the threshold limit on the max-retries maximum number of retires permitted. <max-retires> (0-15) is the [<max-retries>|default] | number of allowed retries. default has a value of 14. hold-time • hold-time [<hold-time>|default] – Sets the hold-time between running two [<hold-time>|default]] consecutive interference avoidance algorithms. <hold-time> (0-65535) is the duration in seconds. default has a value of 3600. neighbor-recovery • mode [enable|disable] – Enables or disables neighbor recovery. [mode • action <radio-idx> <action> – Sets the neighbor recovery action for the [enable|disable] | portal. <radio-idx> (1-12) is the id of the radio for which action specified action <radio-idx> <action> | in <action> must be taken. Select <action> from none, raise-power, offset <radio-idx> open-rates, both. [<offset>|default]] Sets the radio offset value for the radio <radio-idx> (1-12) when the set action is raise-power. <offset> value is between 0-65535. default value is 0. Example - Set interference-avoidance: admin(network.ap.selfheal)>set interference-avoidance mode enable admin(network.ap.selfheal)>set interference-avoidance mode disable admin(network.ap.selfheal)>set interference-avoidance max-retries 15 admin(network.ap.selfheal)>set interference-avoidance max-retries default admin(network.ap.selfheal)>set interference-avoidance hold-time 24000 admin(network.ap.selfheal)>set interference-avoidance hold-time default Example - set neighbor-recovery: admin(network.ap.selfheal)>set neighbor-recovery mode enable admin(network.ap.selfheal)>set neighbor-recovery mode disable admin(network.ap.selfheal)>set neighbor-recovery action none radio 1 admin(network.ap.selfheal)>set neighbor-recovery action raise-power radio 1 admin(network.ap.selfheal)>set neighbor-recovery action open-rates radio 1 admin(network.ap.selfheal)>set neighbor-recovery action both radio 1
  • 3-26 WS2000 Wireless Switch System Reference Guide 3.5.2 Network AP Selfheal detect-neighbor Command detect-neighbor Network AP Selfheal commands Detects the neighbor devices. Syntax detect-neighbor Parameters None Example admin(network.ap.selfheal)>detect-neighbor admin(network.ap.selfheal)>
  • Network CLI Commands Reference 3-273.5.3 Network AP Selfheal add Command add Network AP Selfheal commands Adds entries into the selfheal AP-AP neighbor table. Syntax add <from-ap> <to-ap> Parameters <from-ap> <to-ap> Adds the specified APs into the neighbor-recovery table. <from-ap> and <to- ap> accepts values 1 to 12 and all. all indicates all the APs. Example admin(network.ap.selfheal)>add 2 4 admin(network.ap.selfheal)>show Interference Avoidance Mode : disable Retry Count : 14 Hold Time : 3600 Neighbor Recovery Mode : enable PORTAL-IDX OFFSET-VALUE NEIGHBOR-RECOVERY-ACTION 1 0 none 2 0 open-rates 3 0 none 4 777 raise-power 5 0 none 6 0 none 7 0 none 8 0 none 9 0 none 10 0 none 11 0 none 12 0 none FROM-AP TO-AP 2 4 4 2 -------------HEALING STATE OF PORTALS------------ PORTAL HEALING-MODE CONFIGURED-POWER(dBm) RAISED-POWER(dBm) 1 Normal 20 0 2 Normal 17 0 3 Normal 20 0 4 Normal 17 0
  • 3-28 WS2000 Wireless Switch System Reference Guide 3.5.4 Network AP Selfheal del Command del Network AP Selfheal commands Deletes entries from the selfheal AP-AP neighbor table. Syntax del <from-ap> <to-ap> Parameters <from-ap> <to-ap> Removes the specified APs from the neighbor-recovery table. <from-ap> and <to-ap> accepts values 1 to 12 and all. all indicates all the APs. Example admin(network.ap.selfheal)> del 2 4 admin(network.ap.selfheal)> show Interference Avoidance Mode : disable Retry Count : 14 Hold Time : 3600 Neighbor Recovery Mode : enable PORTAL-IDX OFFSET-VALUE NEIGHBOR-RECOVERY-ACTION 1 0 none 2 0 open-rates 3 0 none 4 0 none 5 0 none 6 0 none 7 0 none 8 0 none 9 0 none 10 0 none 11 0 none 12 0 none FROM-AP TO-AP -------------HEALING STATE OF PORTALS------------ PORTAL HEALING-MODE CONFIGURED-POWER(dBm) RAISED-POWER(dBm) 1 Normal 20 0 2 Normal 17 0 3 Normal 20 0 4 Normal 17 0
  • Network CLI Commands Reference 3-293.5.5 Network AP Selfheal show Command show Network AP Selfheal commands Shows the selfheal parameter details. Syntax show Parameters None Example admin(network.ap.selfheal)>show Interference Avoidance Mode : disable Retry Count : 14 Hold Time : 3600 Neighbor Recovery Mode : disable PORTAL-IDX OFFSET-VALUE NEIGHBOR-RECOVERY-ACTION 1 0 none 2 0 none 3 0 none 4 0 none 5 0 none 6 0 none 7 0 none 8 0 none 9 0 none 10 0 none 11 0 none 12 0 none FROM-AP TO-AP 1 2 2 1 -------------HEALING STATE OF PORTALS------------ PORTAL HEALING-MODE CONFIGURED-POWER(dBm) RAISED-POWER(dBm) 1 Normal 20 0 2 Normal 20 0
  • 3-30 WS2000 Wireless Switch System Reference Guide 3.6 Network AP Denyap Commands denyap Network AP Commands Displays the denyap submenu. Use the denyap submenu to manage APs that have been denied access to the switch. Syntax admin(network.ap)> denyap admin(network.ap.denyap)> The items available under this menu are shown below. Command Description Ref. add Adds access port deny list entries page 3-31 delete Deletes access port deny list entries page 3-32 show Shows access port deny list page 3-33 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • Network CLI Commands Reference 3-313.6.1 Network AP Denyap add Command add Network AP Denyap Commands Add entries to the Access Port Deny List. Syntax add <mac> Parameters <mac> Adds the MAC specified in the <mac> parameter to the Access Port Deny List. MAC entries are to be entered without the ‘:’. For example 00b4c2114534. Example admin(network.ap.denyap)>add 00b4c2114534 admin(network.ap.denyap)> admin(network.ap.denyap)>show ------------------------------------------------------------------------- Idx AP NIC MAC ------------------------------------------------------------------------- 1 00b4c2114535 2 00b4c2114534 admin(network.ap.denyap)>
  • 3-32 WS2000 Wireless Switch System Reference Guide 3.6.2 Network AP Denyap delete Command delete Network AP Denyap Commands Deletes an entry in the Access Port Deny List. Syntax delete [<mac>|all] Parameters <mac> Deletes the MAC specified in the <mac> parameter from the Access Port Deny List. all Deletes all the entries in the Access Port Deny List Example admin(network.ap.denyap)>show ------------------------------------------------------------------------- Idx AP NIC MAC ------------------------------------------------------------------------- 1 00b4c2114535 2 00b4c2114534 admin(network.ap.denyap)>delete 00b4c2114535 admin(network.ap.denyap)>show ------------------------------------------------------------------------- Idx AP NIC MAC ------------------------------------------------------------------------- 1 00b4c2114534
  • Network CLI Commands Reference 3-333.6.3 Network AP Denyap show Command show Network AP Denyap Commands Displays the Access Port Deny List. Syntax show Parameters None Example admin(network.ap.denyap)>show ---------------------------------------------------------------------- Idx AP NIC MAC ---------------------------------------------------------------------- 1 00b4c2114535 2 00b4c2114534
  • 3-34 WS2000 Wireless Switch System Reference Guide 3.7 Network AP Smartscan Commands smartscan Network AP Commands Displays the smartscan submenu. Syntax admin(network.ap)> smartscan admin(network.ap.smartscan)> The items available under this menu are shown below. Command Description Ref. set Sets smartscan channels page 3-35 delete Removes smartscan channels page 3-36 show Shows all smartscan channels page 3-37 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • Network CLI Commands Reference 3-353.7.1 Network AP Smartscan set Command set Network AP Smartscan Commands Sets the smartscan channels. These channels are the ones that are scanned for presence of WLANs. Syntax set [11a <11a>|11bg <11bg>] Parameters 11a <11a> Sets the smart scan channel list for the 5 GHz band. Channel list <11a> should be a comma separated list. For example, 36,40,44,48 11bg <11bg> Sets the smart scan channel list for the 2.4 GHz band. Channel list <11bg> should be a comma separated list. For example, 1-4,6,8 Note: When using a range for selecting multiple channels, all the channels that are included in the range should be valid channel numbers for the current regulatory domain. Example admin<network.ap.smartscan>> set 11bg 1-6,8,10-12 admin(network.ap.smartscan)> show all smart scan 11a channels : smart scan 11bg channels : 1 2 3 4 5 6 8 10 11 12 Available valid 11a channels : 36 40 44 48 52 56 60 64 149 153 157 161 165 Available valid 11bg channels : 1 2 3 4 5 6 7 8 9 10 11 12 13
  • 3-36 WS2000 Wireless Switch System Reference Guide 3.7.2 Network AP Smartscan delete Command delete Network AP Smartscan Commands Deletes all the channels in the smartscan list for a specific radio. Syntax delete [11a <11a>|11bg <11bg>] Parameters 11a <11a> Sets the smart scan channel list for the 5 GHz band. Channel list <11a> should be a comma separated list. For example, 36,40,44,48 11bg <11bg> Sets the smart scan channel list for the 2.4 GHz band. Channel list <11bg> should be a comma separated list. For example, 1-4,6,8 Note: When using a range for selecting multiple channels, all the channels that are included in the range should be valid channel numbers for the current regulatory domain. Example admin(network.ap.smartscan)> show all smart scan 11a channels : smart scan 11bg channels : 1 2 3 4 5 6 8 10 11 12 Available valid 11a channels : 36 40 44 48 52 56 60 64 149 153 157 161 165 Available valid 11bg channels : 1 2 3 4 5 6 7 8 9 10 11 12 13 admin(network.ap.smartscan)> delete 11bg admin(network.ap.smartscan)> show all smart scan 11a channels : smart scan 11bg channels : Available valid 11a channels : 36 40 44 48 52 56 60 64 149 153 157 161 165 Available valid 11bg channels : 1 2 3 4 5 6 7 8 9 10 11 12 13 admin(network.ap.smartscan)>
  • Network CLI Commands Reference 3-373.7.3 Network AP Smartscan show Command show Network AP Smartscan Commands Displays the list of channels used for smartscan for the different radios. Syntax show [all] Parameters all Shows the list of channels in the smartscan list. Example admin(network.ap.smartscan)> show all smart scan 11a channels : smart scan 11bg channels : 1 2 3 4 5 6 8 10 11 12 Available valid 11a channels : 36 40 44 48 52 56 60 64 149 153 157 161 165 Available valid 11bg channels : 1 2 3 4 5 6 7 8 9 10 11 12 13
  • 3-38 WS2000 Wireless Switch System Reference Guide 3.8 Network AP Test Commands test Network AP Commands Displays the test submenu. Use this submenu commands to test APs. Syntax admin(network.ap)> test admin(network.ap.test)> The items available under this command are shown below. Command Description Ref new Switches the AP to a new channel page 3-39 show Shows mesh configuration information page 3-47 quit Quits the CLI. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • Network CLI Commands Reference 3-393.8.1 Network AP Test new Command new Network AP Test Commands Switches AP to a new channel. Syntax test <idx> <ch> Parameters <idx> The access port index for which the channel has to be changed <ch> The channel to change to. This must be a channel that is valid for the selected AP <idx>. Example admin(network.ap.test)> new 1 24 admin(network.ap.test)>
  • 3-40 WS2000 Wireless Switch System Reference Guide 3.9 Network AP Mesh Commands mesh Network AP Commands Displays the mesh submenu. Use this menu to configure the different Mesh Network parameters. Syntax admin(network.ap)> mesh admin(network.ap.mesh)> The items available under this command are shown below. Command Description Ref set Sets mesh parameters page 3-41 add Adds a preferred base to the list page 3-43 del Removes preferred bases from the list page 3-44 preferred-list Shows a list of preferred bases page 3-45 available-list Shows a list of available bases page 3-46 show Shows mesh configuration information page 3-47 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • Network CLI Commands Reference 3-413.9.1 Network AP Mesh set Command set Network AP Mesh Commands Sets the mesh related parameters. Syntax set [client|vlan|auto|base|max-clients] Parameters client <radio-idx> Enables or disables the mesh client for the radio with the index [enable|disable] <radio-idx> (1-12). wlan <radio-idx> <wlan-id> Selects the WLAN <wlan-id> (1-8) for the mesh client radio index <radio-idx> (1-12). auto <radio-idx> Enables or disables automatic base selection for the radio with the index [enable|disable] <radio-idx> (1-12). base <radio-idx> Enables or disables the radio <radio-idx> (1-12) as the mesh base. [enable|disable] max-clients <radio-idx> Sets the maximum number of client <max-clients> for the radio <max-clients> <radio-idx> (1-12). Example admin(network.ap.mesh)> set client 1 enable admin(network.ap.mesh)> show 1 ------------------------------------------------------------------------- "Mode" "WLAN" "Base Auto Selection" "Max Clients" ------------------------------------------------------------------------- Client Only WLAN1 Enabled N/A admin(network.ap.mesh)> set base 1 enable admin(network.ap.mesh)> show 1 ------------------------------------------------------------------------- "Mode" "WLAN" "Base Auto Selection" "Max Clients" ------------------------------------------------------------------------- Base and Client WLAN1 Enabled 6 admin(network.ap.mesh)> set wlan 1 3 admin(network.ap.mesh)> show 1 ------------------------------------------------------------------------- "Mode" "WLAN" "Base Auto Selection" "Max Clients" ------------------------------------------------------------------------- Base and Client WLAN3 Enabled 6 admin(network.ap.mesh)> set max-clients 1 4 admin(network.ap.mesh)> show 1 ------------------------------------------------------------------------- "Mode" "WLAN" "Base Auto Selection" "Max Clients" ------------------------------------------------------------------------- Base and Client WLAN3 Enabled 4
  • 3-42 WS2000 Wireless Switch System Reference Guide admin(network.ap.mesh)> set auto 1 disable admin(network.ap.mesh)> show 1 ------------------------------------------------------------------------- "Mode" "WLAN" "Base Auto Selection" "Max Clients" ------------------------------------------------------------------------- Base and Client WLAN3 Disabled 4 admin(network.ap.mesh)>
  • Network CLI Commands Reference 3-433.9.2 Network AP Mesh add Command add Network AP Mesh Commands Adds a preferred base to the device’s Preferred Base Bridge List. Syntax add <radio-idx> <mac> Parameters <radio-idx> Adds the base to the device’s Preferred Base Bridge List. The <radio-idx> (1-12) is the <mac> unique ID for the radio. <mac> is the address of the base device to be added to the list. Example admin(network.ap.mesh)> add 3 001570419F9F admin(network.ap.mesh)> preferred-list 3 ------------------------------------------------------------------------- "Priority" "Base MAC" ------------------------------------------------------------------------- 1 00:15:70:41:9F:9F admin(network.ap.mesh)> Related Commands del Removes preferred bases from the list preferred-list Shows a list of preferred bases
  • 3-44 WS2000 Wireless Switch System Reference Guide 3.9.3 Network AP Mesh del Command del Network AP Mesh Commands Removes a Mesh Base from the device’s Preferred Base Bridge List. Syntax del [<radio-idx>] [all|<index>] Parameters <radio-idx> • Removes all preferred bases from the device’s Preferred Base Bridge List for the [all|<index>] radio specified by the <radio-idx> (1-12). • all – Indicates all the preferred base devices. • <index> – Indicates the selected preferred base device. Example admin(network.ap.mesh)> preferred-list 3 ------------------------------------------------------------------------- "Priority" "Base MAC" ------------------------------------------------------------------------- 1 00:15:70:41:9F:9F 2 00:15:45:70:9C:8D 3 15:03:54:07:23:45 admin(network.ap.mesh)> del 3 2 admin(network.ap.mesh)> preferred-list 3 ------------------------------------------------------------------------- "Priority" "Base MAC" ------------------------------------------------------------------------- 1 00:15:70:41:9F:9F 2 15:03:54:07:23:45 admin(network.ap.mesh)> del 3 all admin(network.ap.mesh)> preferred-list 3 ------------------------------------------------------------------------- "Priority" "Base MAC" ------------------------------------------------------------------------- admin(network.ap.mesh)> Related Commands add Adds a preferred base to the list preferred-list Shows a list of preferred bases
  • Network CLI Commands Reference 3-453.9.4 Network AP Mesh preferred-list Command preferred-list Network AP Mesh Commands Displays the Preferred Base Bridge List for the device Syntax preferred-list <radio-idx> Parameters <radio-idx> Displays the selected radio’s (<radio-idx> (1-12)) Preferred Base Bridge List. Example admin(network.ap.mesh)> preferred-list 3 ------------------------------------------------------------------------- "Priority" "Base MAC" ------------------------------------------------------------------------- 1 00:15:70:41:9F:9F 2 00:15:45:70:9C:8D 3 15:03:54:07:23:45 admin(network.ap.mesh)> Related Commands add Adds a preferred base to the list del Removes preferred bases from the list
  • 3-46 WS2000 Wireless Switch System Reference Guide 3.9.5 Network AP Mesh available-list Command available-list Network AP Mesh Commands Displays the list of available base bridges along with their MAC addresses and the RSSI. Syntax available-list <radio-idx> Parameters <radio-idx> Displays the available base bridges for a particular radio indicated by the <radio-idx> (1-12) value. Example admin(network.ap.mesh)> available-list 3 ------------------------------------------------------------------------- "MAC" "Channel" "RSSI" ------------------------------------------------------------------------- 00:15:70:41:9A:9A 11 189 admin(network.ap.mesh)> Related Commands add Adds a preferred base to the list del Removes preferred bases from the list preferred-list Shows a list of preferred bases
  • Network CLI Commands Reference 3-473.9.6 Network AP Mesh show Command show Network AP Mesh Commands Displays the mesh details for a particular radio. Syntax show <radio-idx> Parameters <radio-idx> Displays the mesh configuration information for the radio indicated by the <radio-idx> (1-12) value. Example admin(network.ap.mesh)> show 3 ------------------------------------------------------------------------- "Mode" "WLAN" "Base Auto Selection" "Max Clients" ------------------------------------------------------------------------- Base and Client WLAN2 Enabled 4
  • 3-48 WS2000 Wireless Switch System Reference Guide 3.10 Network DCHP Commands dhcp network Displays the DHCP submenu. Syntax admin(network)> dhcp admin(network.dhcp)> The items available under this command are shown below. Command Description Ref. set Sets system updated flags. page 3-49 show Shows system updated flags. page 3-50 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • Network CLI Commands Reference 3-493.10.1 Network DHCP set Command set Network DCHP Commands Sets parameters for automated firmware and configuration upgrades. Syntax set [firmwareupgrade|configureupgrade|interface| dhcpvendorclassid|autoupgradeinterval] firmwareupgrade [0|1] Enables (1) or disables (0) automatic switch firmware upgrade. configupgrade [0|1] Enables (1) or disables (0) automatic switch configuration update. interface <iface> Sets the interface <iface> for the upgrades to the device: s1 – subnet 1 s2 – subnet 2 s3 – subnet 3 s4 – subnet 4 s5 – subnet 5 s6 – subnet 6 w – WAN dhcpvendorclassid Sets the DHCP vendor class id to <dhcp vendor class id>. <dhcp vendor class id> Note: Vendor class id must be preceded by “Sym”. autoupgradeinterval Sets the Light Weight DHCP Client Auto Upload time interval to <autoupgradeinterval> <autoupgradeinterval> (1-65535) seconds. Example admin(network.dhcp)>show all Auto Firmware upgrade flag : 0 Auto Config upgrade flag : 0 Interface : w admin(network.dhcp)>set firmwareupgrade 1 admin(network.dhcp)>set con 1 admin(network.dhcp)>set inter s1 admin(network.dhcp)>show all Auto Firmware upgrade flag : 1 Auto Config upgrade flag : 1 Interface : s1 Related Commands show all Shows the settings for all the automatic update parameters.
  • 3-50 WS2000 Wireless Switch System Reference Guide 3.10.2 Network DHCP show Command show Network DCHP Commands Displays system updated flags. Syntax show all Parameters all Displays all of the DHCP-related system update parameters. Example admin(network.dhcp)>show all Auto Firmware upgrade flag : 1 Auto Config upgrade flag : 1 Interface : w Dhcp Vendor Class Id : SymbolWS.WS2K-V2-0 Auto Upgrade Interval : 600 Related Commands set Sets the DHCP-related parameters for updating system firmware and configuration.
  • Network CLI Commands Reference 3-513.11 Network Firewall Commands fw network Displays the firewall submenu. Syntax admin(network)> fw admin(network.fw)> The items available under this command are shown below. Command Description Ref. set Sets firewall parameters. page 3-52 show Shows firewall parameters. page 3-54 submap Goes to the subnet mapping submenu. page 3-80 policy Goes to the advanced subnet mapping submenu. page 3-64 timeradd Creates a new timeout value page 3-55 timerset Sets timeout values page 3-58 timerdel Deletes a named timer page 3-56 timerlist Shows the list of timers page 3-57 ips Goes to the Intrusion Prevention System submenu. page 3-59 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1 The commands in this menu are available in the Web interface on the Network>Firewall screen.
  • 3-52 WS2000 Wireless Switch System Reference Guide 3.11.1 Network Firewall set Command set Network Firewall Commands Sets firewall parameters. In the Web interface, this functionality is provide by the Network->Firewall screen. Syntax set [mode|override|ftp|ip|seq|src|syn|win|spoof|rst| range|netbios-alg] [enable|disable] set mime [filter|hdr|len] set mime filter [enable|disable] set mime hdr <count> set mime len <length> set timeout <time> set fin <time> Parameters mode [enable|disable] Enables or disables the firewall. override [enable|disable] Enables or disables subnet access override. ftp [enable|disable] Enables or disables FTP bounce attack check. ip [enable|disable] Enables or disables IP unaligned timestamp check. mime • filter [enable|disable] – Enables or disables MIME flood attack check. [filter [enable|disable]| • hdr <count> – Sets the max number of headers as specified in <count> hdr <count>| (12-34463) len <length>] • len <length> – Sets the max header length in bytes as specified by <length> (256-34463) seq [enable|disable] Enables or disables sequence number prediction check. src [enable|disable] Enables or disables source routing check. syn [enable|disable] Enables or disables SYN flood attack check. timeout <time> Sets the firewall timeout to <time> minutes (1–90). win [enable|disable] Enables or disables Winnuke attack check. spoof [enable|disable] Enables or disables IP Spoofing attack check rst [enable|disable] Enables or disable reset attack check range [enable|disable] Enables or disable sequence out of range check fin <time> Sets fin timeout to <time> seconds. netbios-alg Enables or disables NetBIOS ALG support. [enable|disable] Example admin(network.fw)>show all Firewall Status : enable Subnet Access Override : disable Configurable Firewall Filters
  • Network CLI Commands Reference 3-53ftp bounce attack filter : enablesyn flood attack filter : enableunaligned ip timestamp filter : enablesource routing attack filter : enablewinnuke attack filter : enableseq num prediction attack filter : enablemime flood attack filter : enablemax mime header length : 8192max mime headers : 16nat timeout interval in minutes : 30ip spoofing attack filter : enablereset attack filter : enableack/seq number out of range check : enablefin timeout : 20Always On Firewall Filtersland attack filter : enableping of death attack filter : enablereassembly attack filter : enableNetBIOS alg : disableadmin(network.fw)>Related Commandsshow Shows the current firewall settings.
  • 3-54 WS2000 Wireless Switch System Reference Guide 3.11.2 Network Firewall show Command show Network Firewall Commands Displays the firewall parameters. Syntax show all Parameters all Shows all firewall settings. Example admin(network.fw)>show all Firewall Status : enable Subnet Access Override : disable Configurable Firewall Filters ftp bounce attack filter : enable syn flood attack filter : enable unaligned ip timestamp filter : enable source routing attack filter : enable winnuke attack filter : enable seq num prediction attack filter : enable mime flood attack filter : enable max mime header length : 8192 max mime headers : 16 nat timeout interval in minutes : 30 ip spoofing attack filter : enable reset attack filter : enable ack/seq number out of range check : enable fin timeout : 20 Always On Firewall Filters land attack filter : enable ping of death attack filter : enable reassembly attack filter : enable NetBIOS alg : disable admin(network.fw)> Related Commands set Sets firewall settings.
  • Network CLI Commands Reference 3-553.11.3 Network Firewall timeradd Command timeradd Network Firewall Commands Adds a new named timeout value. Syntax timeradd <name> <protocol> <port> <value> Parameters timeradd <name> Adds a new named timeout value. <protocol> • <name> is the name of the time out value (1-15 characters) <port> <value> • <protocol> is the protocol to be used. (tcp or udp) • <port> is the port number (0-32767) • <value> is the timeout value in seconds (60-268400000) Example admin(network.fw)> timeradd newtcp tcp 21 4500 admin(network.fw)> timerlist ----------------------------------------------------------- Name Protocol Port Timeout ( Secs ) ----------------------------------------------------------- newtcp tcp 21 4500 admin(network.fw)
  • 3-56 WS2000 Wireless Switch System Reference Guide 3.11.4 Network Firewall timerdel Command timerdel Network Firewall Commands Deletes a named timeout value. Syntax timerdell <timer name> Parameters timerdel <timername> Deletes a timer named <timer name>. Example admin(network.fw)>timeradd newudp udp 21 4500 admin(network.fw)>timerlist ----------------------------------------------------------- Name Protocol Port Timeout ( Secs ) ----------------------------------------------------------- newtcp tcp 21 4500 newudp udp 21 4500 admin(network.fw)timerdel newtcp admin(network.fw)>timerlist ----------------------------------------------------------- Name Protocol Port Timeout ( Secs ) ----------------------------------------------------------- newudp udp 21 4500
  • Network CLI Commands Reference 3-573.11.5 Network Firewall timerlist Command timerlist Network Firewall Commands Displays all named time outs. Syntax timerlist Parameters None Example admin(network.fw)>timerlist ----------------------------------------------------------- Name Protocol Port Timeout ( Secs ) ----------------------------------------------------------- newtcp tcp 21 4500 newudp udp 21 4500 admin(network.fw)
  • 3-58 WS2000 Wireless Switch System Reference Guide 3.11.6 Network Firewall timerset Command timerset Network Firewall Commands Sets the timeout value for a named timer. Syntax timerset <timer name> <value> Parameters timerset <timer name> Sets the timer value <value> (60-268400000) for a timer named <value> <timer name>. Example admin(network.fw)>timerset newudp 5000 admin(network.fw)>timerlist ----------------------------------------------------------- Name Protocol Port Timeout ( Secs ) ----------------------------------------------------------- newtcp tcp 21 4500 newudp udp 21 5000
  • Network CLI Commands Reference 3-593.12 Network Firewall Intrusion Prevention System Commands ips Network Firewall Commands Displays the firewall Intrusion Prevention System (IPS) submenu. Syntax admin(network.fw)> ips admin(network.fw.ips)> The items available under this command are shown below. Command Description Ref. set Sets the IPS parameters page 3-60 show Displays the IPS settings page 3-62 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • 3-60 WS2000 Wireless Switch System Reference Guide 3.12.1 Network Firewall IPS set Command set Network Firewall Intrusion Prevention System Commands Sets the Intrusion Prevention System (IPS) parameters. Syntax set [mode|anomaly-config|signature-categories|direction] set mode [enable|disable] set signature-categorises <category-list> set direction [default|bi-directional] set anomaly-config[-sl <smtplen>|-ml <mimelen>|-md <mimedepth>| -hl <httpline>|-hz <httpsize>|-hlz <httplinesize>| -huz <httpurisize>] mode [enable|disable] Enables or disables IPS. anomaly-config • -sl <smtplen> – Sets the SMTP header length. [-sl <smtplen>| • -ml <mimelen> – Sets the MIME header length. -ml <mimelen>| • -md <mimedepth> – Sets the depth of MIME boundary header. -md <mimedepth>| -hl <httphline>| • -hl <httphline> – Sets the field in the HTTP header. -hz <httphsize>| • -hz <httphsize> – Sets the HTTP header size. -hlz <httplinesize>| • -hlz <httplinesize> – Sets the HTTP header line size. -huz <httpurisize>] • -huz <httpurisize> – Sets the HTTP URI size. signature-categories Sets the signature categories for IPS. Select <category-list> from <category-list> TELNET, POP3, IMAP, NNTP, FTP, SNMP, TCPDNS, UDPDNS, TCPRPC, UDPRPC, HTTP, SMTP, TCPGEN, UDPGEN, ICMP, TCP, UDP, IP. If more than one signature category is specified, separate each category with a space. Each of the signature category must be specified in Upper Case only. direction [default|bi-directional] Sets the direction to inspect packets. • default – Sets direction as default. This is defined in the signature. • bi-directional – Sets direction as bi-directional. Packets are inspected when received or sent. Example admin(network.fw.ips)>set mode enable admin(network.fw.ips)>set anomaly-config -sl 100 admin(network.fw.ips)>set direction default admin(network.fw.ips)>set signature-categories TELNET POP3 TCP UDP admin(network.fw.ips)>show all IPS mode : enable SMTP Header length : 1024 MIME header length : 1024 Depth of MIME boundary header : 5 Field in HTTP header : 50 HTTP header size : 4096 HTTP header line size : 3072
  • Network CLI Commands Reference 3-61HTTP URI size : 3072Loaded Signature Categories : TELNET POP3 TCP UDP IMAP HTTP SMTPPacket Direction of signatures : defaultadmin(network.fw.ips)>
  • 3-62 WS2000 Wireless Switch System Reference Guide 3.12.2 Network Firewall IPS show Command show Network Firewall Intrusion Prevention System Commands Displays the Intrusion Prevention System (IPS) configurations. Syntax show all Parameters all Displays the IPS configuration. Example admin(network.fw.ips)>show all IPS mode : enable SMTP Header length : 1024 MIME header length : 1024 Depth of MIME boundary header : 5 Field in HTTP header : 50 HTTP header size : 4096 HTTP header line size : 3072 HTTP URI size : 3072 Loaded Signature Categories : TELNET POP3 TCP UDP IMAP HTTP SMTp Packet Direction of signatures : default admin(network.fw.ips)> admin(network.fw)>show all Firewall Status : enable Subnet Access Override : disable Configurable Firewall Filters ftp bounce attack filter : enable syn flood attack filter : enable unaligned ip timestamp filter : enable source routing attack filter : enable winnuke attack filter : enable seq num prediction attack filter : enable mime flood attack filter : enable max mime header length : 8192 max mime headers : 16 nat timeout interval in minutes : 10 ip spoofing attack filter : enable reset attack filter : enable ack/seq number out of range check : enable fin timeout : 20 Always On Firewall Filters land attack filter : enable ping of death attack filter : enable reassembly attack filter : enable
  • Network CLI Commands Reference 3-63NetBIOS alg : disableHTTP alg : enableadmin(network.fw)>
  • 3-64 WS2000 Wireless Switch System Reference Guide 3.13 Network Firewall Policy Commands policy Network Firewall Commands Displays the firewall policy submenu. Syntax admin(network.fw)> policy admin(network.fw.policy)> NOTE: The Policy menu can only be accessed when Subnet Access Override mode is enabled. To enable Subnet Access Override use the command admin(network.fw)> set override enable The items available under this command are shown below. Command Description Ref. inbound Goes to the inbound policy submenu. page 3-66 outbound Goes to the outbound policy submenu. page 3-73 import Imports subnet access rules. page 3-65 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • Network CLI Commands Reference 3-653.13.1 Network Firewall Policy import command import Network Firewall Policy Commands Imports subnet access rules from current subnet access settings created in the GUI interface (Network-> Firewall -> Subnet Access menu item) or using the CLI submap menu commands. Previously set outbound firewall policies will be deleted. Syntax import Parameters None Example admin(network.fw.policy)>import WARNING : You will loose all your current advanced access policies. Do you want to continue [n/y]?y admin(network.fw.policy)> admin(network.fw.policy.outb)>list ------------------------------------------------------------------------- ---- Idx Src IP-Netmask Dst IP-Netmask Tp Src Ports Dst Ports NAT Action ------------------------------------------------------------------------- ---- 1 192.168.0.1- 192.168.1.1- all 1:65535 1:65535 none allow 255.255.255.0 255.255.255.0 2 192.168.0.1- 192.168.2.1- all 1:65535 1:65535 none allow 255.255.255.0 255.255.255.0 3 192.168.1.1- 192.168.0.1- all 1:65535 1:65535 none allow 255.255.255.0 255.255.255.0 4 192.168.1.1- 192.168.2.1- all 1:65535 1:65535 none allow 255.255.255.0 255.255.255.0 5 192.168.2.1- 192.168.0.1- all 1:65535 1:65535 none allow 255.255.255.0 255.255.255.0 6 192.168.2.1- 192.168.1.1- all 1:65535 1:65535 none allow 255.255.255.0 255.255.255.0 7 192.168.0.0- 192.168.32.2- all 1:65535 1:65535 none allow 255.255.255.0 255.255.255.0 8 192.168.0.0- 0.0.0.0- all 1:65535 1:65535 wan1 allow 255.255.255.0 0.0.0.0 9 192.168.1.0- 0.0.0.0- all 1:65535 1:65535 none allow 255.255.255.0 0.0.0.0 10 192.168.2.0- 0.0.0.0- all 1:65535 1:65535 none allow 255.255.255.0 0.0.0.0 Related Commands submap > list Lists the currently defined subnet to subnet/WAN communication rules into the outbound firewall policy list. outb > list Lists the current outbound firewall policies.
  • 3-66 WS2000 Wireless Switch System Reference Guide 3.14 Network Firewall Policy Inbound Commands inbound Network Firewall Policy Commands Displays the inbound policy submenu. Syntax admin(network.fw.policy)> inb admin(network.fw.policy.inb)> The items available under this command are shown below. Command Description Ref. add Adds a firewall policy. page 3-67 set Sets firewall policy parameters. page 3-72 delete Deletes a firewall policy. page 3-68 list Lists firewall policies. page 3-70 move Moves a firewall policy to a different position in the list. page 3-71 insert Inserts a new firewall policy before an existing policy. page 3-69 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • Network CLI Commands Reference 3-673.14.1 Network Firewall Policy Inbound add Command add Network Firewall Policy Inbound Commands Adds an inbound firewall policy. Syntax add <sip> <netmask> <dip> <dnetmask> Parameters <sip> <netmask> Adds a firewall policy to be effective on communications between a source site <dip> <dnetmask> and a destination site. • <sip> – The source IP • <snetmask> – The source IP’s network mask • <dip> – The destination site IP • <dnetmask> – The destination IP’s network mask Example admin(network.fw.policy.inb)>add 192.168.24.0 255.255.255.0 209.239.170.45 255.2 55.255.224 Inbound Policy Successfully added at index 1 admin(network.fw.policy.inb)>list ------------------------------------------------------------------------- Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------- 1 192.168.24.0- 209.239.170.45- all 1: 1: 0.0.0.0 deny 255.255.255.0 255.255.255.224 65535 65535 nat port 0 Related Commands delete Deletes firewall policies from the inbound list. move Moves firewall policies either up or down in the list of policies.
  • 3-68 WS2000 Wireless Switch System Reference Guide 3.14.2 Network Firewall Policy Inbound delete Command delete Network Firewall Policy Inbound Commands Deletes a firewall policy. Syntax delete [all|<idx>] Parameters <idx> Deletes inbound firewall policy <idx> from the policy list. all Deletes all inbound firewall policies. Example admin(network.fw.policy.inb)>list ------------------------------------------------------------------------- Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------- 1 209.239.179.52- 168.192.56.4- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 2 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow 255.255.255.224 255.255.255.0 201 nat port 0 admin(network.fw.policy.inb)>del 1 admin(network.fw.policy.inb)>list ------------------------------------------------------------------------- Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------- 1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow 255.255.255.224 255.255.255.0 201 nat port 0
  • Network CLI Commands Reference 3-693.14.3 Network Firewall Policy Inbound insert Command insert Network Firewall Policy Inbound Commands Inserts a new firewall policy before an existing policy. Syntax insert <idx> <sip> <snetmask> <dip> <dnetmask> Parameters <idx> <sip> Inserts a new policy into the inbound firewall policy list at a specified index. <snetmask> <dip> <dnetmask> • <idx> – The index in the firewall policy list where this policy is to be inserted. • <sip> – The source IP • <snetmask> – The source IP’s network mask • <dip> – The destination site IP • <dnetmask> – The destination IP’s network mask Example admin(network.fw.policy.inb)>list ------------------------------------------------------------------------- Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------- 1 209.239.170.88- 192.168.42.2- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 admin(network.fw.policy.inb)>insert 1 209.239.160.44 255.255.255.224 192.168.55. 44 255.255.255.0 Inbound Policy Successfully inserted at index 1 admin(network.fw.policy.inb)>list ------------------------------------------------------------------------- Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------- 1 209.239.160.44- 192.168.55.44- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 2 209.239.170.88- 192.168.42.2- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0
  • 3-70 WS2000 Wireless Switch System Reference Guide 3.14.4 Network Firewall Policy Inbound list Command list Network Firewall Policy Inbound Commands Lists inbound firewall policies. Syntax list {<idx>} Parameters <idx> Displays firewall policy with number <idx>. Example: admin(network.fw.policy.inb)>add 192.168.24.0 255.255.255.0 209.239.170.45 255.255.255.224 Inbound Policy Successfully added at index 1 admin(network.fw.policy.inb)>list ------------------------------------------------------------------------- Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------- 1 192.168.24.0- 209.239.170.45- all 1: 1: 0.0.0.0 deny 255.255.255.0 255.255.255.224 65535 65535 nat port 0
  • Network CLI Commands Reference 3-713.14.5 Network Firewall Policy Inbound move Command move Network Firewall Policy Inbound Commands Moves a firewall policy to a different position in the list and renumbers all affected items in the list. Syntax move [up|down] <idx> Parameters [up|down] <idx> Moves policy with index <idx> up or down one (to a lower or a higher number) in the policy list. Example admin(network.fw.policy.inb)>list ---------------------------------------------------------------------- Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------- 1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow 255.255.255.224 255.255.255.0 201 nat port 0 2 209.239.179.52- 168.192.56.4- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 admin(network.fw.policy.inb)>move up 2 admin(network.fw.policy.inb)>list ------------------------------------------------------------------------- Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------- 1 209.239.179.52- 168.192.56.4- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 2 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow 255.255.255.224 255.255.255.0 201 nat port 0
  • 3-72 WS2000 Wireless Switch System Reference Guide 3.14.6 Network Firewall Policy Inbound set Command set Network Firewall Policy Inbound Commands Sets inbound firewall policy parameters. Syntax set [saddr|daddr|tp|sport}dport|rnat|rport|action|logging] Parameters saddr <idx> <Ip Addr> Sets source IP address <Ip Addr> and IP netmask <netmask> for inbound <netmask> firewall policy <idx>. daddr <idx> <Ip Addr> Sets destination IP address <Ip Addr> and IP netmask <netmask> for <netmask> inbound firewall policy <idx>. tp <idx> <tp> Sets transport protocol for inbound firewall policy <idx> to <tp> (one of all, tcp, udp, icmp, ah, esp, gre). sport <idx> <port1> Sets source port range for inbound firewall policy <idx> from <port1> [<port2>] (1–65535) to <port2> (1–65535). If <port2> is not specified, <port1> is used as the top end of the range. dport <idx> <port1> Sets destination port range for inbound firewall policy <idx> from <port1> (1– [<port2>] 65535) to <port2> (1–65535). If <port2> is not specified, <port1> is used as the top end of the range. rnat <idx> <Ip Addr> Sets reverse NAT IP address for inbound firewall policy <idx> to <Ip Addr> (a.b.c.d). rport <idx> <rport> Sets reverse NAT port for inbound firewall policy <idx> to <rport> (0–65535). action <idx> [allow|deny] Sets action of inbound firewall policy <idx> to allow or deny. Example admin(network.fw.policy.inb)>set tp 1 gre admin(network.fw.policy.inb)>list ------------------------------------------------------------------------- Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------- 1 209.239.160.202- 168.192.36.4- gre 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 admin(network.fw.policy.inb)>set sport 1 20 21 admin(network.fw.policy.inb)>set dport 1 200 201 admin(network.fw.policy.inb)>set action 1 allow admin(network.fw.policy.inb)>list ------------------------------------------------------------------------- Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------- 1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow 255.255.255.224 255.255.255.0 201 nat port 0
  • Network CLI Commands Reference 3-733.15 Network Firewall Policy Outbound Commands outbound Network Firewall Policy Commands Displays the outbound policy submenu. Syntax admin(network.fw.policy)> outbound admin(network.fw.policy.outbound)> The items available under this command are shown below. Command Description Ref. add Adds a firewall policy. page 3-74 set Sets firewall policy parameters. page 3-79 delete Deletes a firewall policy. page 3-75 list Lists firewall policies. page 3-77 move Moves a firewall policy to a different position in the list. page 3-78 insert Inserts a new firewall policy before an existing policy. page 3-76 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • 3-74 WS2000 Wireless Switch System Reference Guide 3.15.1 Network Firewall Policy Outbound add Command add Network Firewall Policy Outbound Commands Adds an outbound firewall policy. Syntax add <sip> <netmask> <dip> <netmask> Parameters <sip> <netmask> Adds a firewall policy to be effective on communications between a source site <dip> <dnetmask> and a destination site. • <sip> – The source IP • <snetmask> – The source IP’s network mask • <dip> – The destination site IP • <dnetmask> – The destination IP’s network mask Example admin(network.fw.policy.outb)>add 192.168.24.0 255.255.255.0 209.239.170.45 255.255.255.224 Outbound Policy Successfully added at index 1 admin(network.fw.policy.outb)>list ------------------------------------------------------------------------- Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------- 1 192.168.24.0- 209.239.170.45- all 1: 1: 0.0.0.0 deny 255.255.255.0 255.255.255.224 65535 65535 nat port 0 Related Commands delete Deletes firewall policies from the outbound list. move Moves policies either up or down in the list of policies.
  • Network CLI Commands Reference 3-753.15.2 Network Firewall Policy Outbound delete Command delete Network Firewall Policy Outbound Commands Deletes an outbound firewall policy. Syntax delete [all|<idx>] Parameters <idx> Deletes inbound firewall policy <idx> from the policy list. all Deletes all outbound firewall policies. Example admin(network.fw.policy.outb)>list ------------------------------------------------------------------------- ---- Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------- ---- 1 209.239.179.52- 168.192.56.4- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 2 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow 255.255.255.224 255.255.255.0 201 nat port 0 admin(network.fw.policy.outb)>del 1 admin(network.fw.policy.outb)>list ------------------------------------------------------------------------- ---- Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------- ---- 1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow 255.255.255.224 255.255.255.0 201 nat port 0
  • 3-76 WS2000 Wireless Switch System Reference Guide 3.15.3 Network Firewall Policy Outbound insert Command insert Network Firewall Policy Outbound Commands Inserts a new outbound firewall policy before an existing policy. Syntax insert <idx> <sip> <netmask> <dip> <netmask> Parameters <idx> <sip> Inserts a new policy into the outbound firewall policy list at a specified index. <snetmask> <dip> <dnetmask> • <idx> – The index in the firewall policy list where this policy is to be inserted. • <sip> – The source IP • <snetmask> – The source IP’s network mask • <dip> – The destination site IP • <dnetmask> – The destination IP’s network mask Example admin(network.fw.policy.outb)>list ------------------------------------------------------------------------- Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------- 1 209.239.170.88- 192.168.42.2- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 admin(network.fw.policy.outb)>insert 1 209.239.160.44 255.255.255.224 192.168.55. 44 255.255.255.0 Outbound Policy Successfully inserted at index 1 admin(network.fw.policy.outb)>list ------------------------------------------------------------------------- Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------- 1 209.239.160.44- 192.168.55.44- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 2 209.239.170.88- 192.168.42.2- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0
  • Network CLI Commands Reference 3-773.15.4 Network Firewall Policy Outbound list Command list Network Firewall Policy Outbound Commands Lists outbound firewall policies. Syntax list {<idx>} Parameters <idx> Displays firewall outbound policy with number <idx>. Example admin(network.fw.policy.outb)>add 192.168.24.0 255.255.255.0 209.239.170.45 255.2 55.255.224 Inbound Policy Successfully added at index 1 admin(network.fw.policy.outb)>list ------------------------------------------------------------------------- Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------- 1 192.168.24.0- 209.239.170.45- all 1: 1: 0.0.0.0 deny 255.255.255.0 255.255.255.224 65535 65535 nat port 0
  • 3-78 WS2000 Wireless Switch System Reference Guide 3.15.5 Network Firewall Policy Outbound move Command move Network Firewall Policy Outbound Commands Moves an outbound firewall policy up or down in the policy list and renumbers the policy affected by the move. Syntax move [up|down] <idx> Parameters [up|down] <idx> Moves policy with index <idx> up or down one (to a lower or a higher number) in the policy list. Example admin(network.fw.policy.outb)>list ------------------------------------------------------------------------- Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------- 1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow 255.255.255.224 255.255.255.0 201 nat port 0 2 209.239.179.52- 168.192.56.4- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 admin(network.fw.policy.outb)>move up 2 admin(network.fw.policy.outb)>list ------------------------------------------------------------------------- Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------- ---- 1 209.239.179.52- 168.192.56.4- all 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 2 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow 255.255.255.224 255.255.255.0 201 nat port 0
  • Network CLI Commands Reference 3-793.15.6 Network Firewall Policy Outbound set Command set Network Firewall Policy Outbound Commands Sets firewall policy parameters. Syntax set [saddr|daddr|tp|sport|dport|nat|action|logging] Parameters saddr <idx> <Ip Addr> Sets source IP address <Ip Addr> and IP netmask <netmask> for outbound <netmask> firewall policy <idx>. daddr <idx> <Ip Addr> Sets destination IP address <Ip Addr> and IP netmask <netmask> for <netmask> outbound firewall policy <idx>. tp <idx> <tp> Sets transport protocol for outbound firewall policy <idx> to <tp> (one of all, tcp, udp, icmp, ah, esp, gre). sport <idx> <port1> Sets source port range for outbound firewall policy <idx> from <port1> [<port2>] (1–65535) to <port2> (1–65535). If <port2> is not specified, <port1> is used as the top end of the range. dport <idx> <port1> Sets destination port range for outbound firewall policy <idx> from <port1> [<port2>] (1–65535) to <port2> (1–65535). If <port2> is not specified, <port1> is used as the top end of the range. nat <idx> <wan id> Sets NAT WAN ID for outbound firewall policy <idx> to <wan id> (0-8) where 0 = none, 1 = WAN 1, 2 = WAN 2, etc. action <idx> [allow|deny] Sets action of outbound firewall policy <idx> to allow or deny. logging <idx> Sets logging of outbound firewall policy <idx> to enable or disable. [enable|disable] Example admin(network.fw.policy.outb)>set tp 1 gre admin(network.fw.policy.outb)>list ------------------------------------------------------------------------- Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------- 1 209.239.160.202- 168.192.36.4- gre 1: 1: 0.0.0.0 deny 255.255.255.224 255.255.255.0 65535 65535 nat port 0 admin(network.fw.policy.outb)>set sport 1 20 21 admin(network.fw.policy.outb)>set dport 1 200 201 admin(network.fw.policy.outb)>set action 1 allow admin(network.fw.policy.outb)>list ------------------------------------------------------------------------- Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action ------------------------------------------------------------------------- 1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow 255.255.255.224 255.255.255.0 201 nat port 0
  • 3-80 WS2000 Wireless Switch System Reference Guide 3.16 Network Firewall Submap Commands submap Network Firewall Commands Displays the subnet mapping submenu. Syntax admin(network.fw)> submap admin(network.fw.submap)> NOTE: The submap menu can only be accessed when Subnet Access Override mode is disabled. To disable Subnet Access Override use the command admin(network.fw)> set override disable The items available under this command are shown below. Command Description Ref. add Adds subnet access exception rules. page 3-81 delete Deletes subnet access exception rules. page 3-83 list Lists subnet access exception rules. page 3-84 set Sets subnet access parameters. page 3-85 show Shows subnet access parameters. page 3-86 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • Network CLI Commands Reference 3-813.16.1 Network Firewall Submap add Command add Network Firewall Submap Commands Adds subnet access exception rules. Syntax add <from> <to> <name> <tran> <port1> <port2> Parameters add <from> <to> Adds a subnet access exception rule for communication. <name> <tran> • <from> – The source subnet (one of s1 = subnet1, s2 = <port1> <port2> subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6) • <to> – The destination subnet (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6, w=WAN) • <name> – The name of this exception rule. (1-7 characters) • <trans> – The transport protocol to deny access. (one of the following transport protocols: tcp, udp, icmp, ah, esp, gre, or all) • <port1> <port2> – Ports in the range <port1> to <port2> Example admin(network.fw.submap)>add s1 w test gre 21 101 admin(network.fw.submap)>list s1 ------------------------------------------------------------------------- index from to name prot start port end port ------------------------------------------------------------------------- 1 subnet1 wan test gre 21 101 admin(network.fw.submap)>add s1 s2 test2 ah 20 80 admin(network.fw.submap)>add s2 s3 test3 all 20 300 admin(network.fw.submap)>list s1 ------------------------------------------------------------------------- index from to name prot start port end port ------------------------------------------------------------------------- 1 subnet1 wan test gre 21 101 2 subnet1 subnet2 test2 ah 20 80
  • 3-82 WS2000 Wireless Switch System Reference Guide admin(network.fw.submap)>list s2 ------------------------------------------------------------------------- index from to name prot start port end port ------------------------------------------------------------------------- 1 subnet2 subnet3 test3 all 20 300 admin(network.fw.submap)>delete s2 all admin(network.fw.submap)>list s2 ------------------------------------------------------------------------- index from to name prot start port end port -------------------------------------------------------------------------
  • Network CLI Commands Reference 3-833.16.2 Network Firewall Submap delete Command delete Network Firewall Submap Commands Deletes subnet access exception rules. Syntax delete <from> [<idx>|all] Parameters <from> [<idx>|all] • <idx> – Deletes access exception rule entry <idx> from subnet <from> (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6). • all – Deletes all access exception rule entries from subnet <from> (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6). Example admin(network.fw.submap)>list s1 ------------------------------------------------------------------------- index from to name prot start port end port ------------------------------------------------------------------------- 1 subnet1 wan test gre 21 101 2 subnet1 subnet2 test2 ah 20 80 admin(network.fw.submap)>delete s1 2 admin(network.fw.submap)>list s1 ------------------------------------------------------------------------- index from to name prot start port end port ------------------------------------------------------------------------- 1 subnet1 wan test gre 21 101 admin(network.fw.submap)>list s2 ------------------------------------------------------------------------- index from to name prot start port end port ------------------------------------------------------------------------- 1 subnet2 subnet3 test3 all 20 300 admin(network.fw.submap)>delete s2 all admin(network.fw.submap)>list s2 ------------------------------------------------------------------------- index from to name prot start port end port -------------------------------------------------------------------------
  • 3-84 WS2000 Wireless Switch System Reference Guide 3.16.3 Network Firewall Submap list Command list Network Firewall Submap Commands Lists subnet access exception rules. Syntax list <from> Parameters <from> Lists the access exception entries for <from> (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6). Example admin(network.fw.submap)>list s1 ------------------------------------------------------------------------- index from to name prot start port end port ------------------------------------------------------------------------- 1 subnet1 wan test gre 21 101 admin(network.fw.submap)>add s1 s2 test2 ah 20 80 admin(network.fw.submap)>add s2 s3 test3 all 20 300 admin(network.fw.submap)>list s1 ------------------------------------------------------------------------- index from to name prot start port end port ------------------------------------------------------------------------- 1 subnet1 wan test gre 21 101 2 subnet1 subnet2 test2 ah 20 80 admin(network.fw.submap)>list s2 ------------------------------------------------------------------------- index from to name prot start port end port ------------------------------------------------------------------------- 1 subnet2 subnet3 test3 all 20 300 admin(network.fw.submap)>delete s2 all admin(network.fw.submap)>list s2 ------------------------------------------------------------------------- index from to name prot start port end port
  • Network CLI Commands Reference 3-853.16.4 Network Firewall Submap set Command set Network Firewall Submap Commands Sets a default subnet access rule to allow or deny communication. Syntax set [default|subnet-logging|logging] Parameters default <from> Sets the default subnet access rule. <to> <rule> • <from> – The source subnet. (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6). • <to> – The destination subnet. (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6, w = WAN). • <rule> – The rule to be enforced. Select from allow or deny. subnet-logging Enables or disables logging for a subnet access rule. <from> <to> • <from> – The source subnet. (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, [enable|disable] s4 = subnet4, s5 = subnet5, s6 = subnet6). • <to> – The destination subnet. (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6, w = WAN). • enable – Enables he logging • disable – Disables logging logging <from> Enables, disables, or sets to default the logging for a subnet access exception rule. <to> <rule-name> • <from> – The source subnet. (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, [enable|disable|d s4 = subnet4, s5 = subnet5, s6 = subnet6). efault] • <to> – The destination subnet. (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6, w = WAN). • enable – Enables he logging • disable – Disables logging • default – Adopts subnet access configuration. Example admin(network.fw.submap)>set default s2 w deny admin(network.fw.submap)>set default s2 s4 deny admin(network.fw.submap)>set subnet-logging s2 s3 enable admin(network.fw.submap)>set logging s1 s2 s1s2allow default admin(network.fw.submap)>show default s2 ------------------------------------------------------------------------- wan subnet1 subnet2 subnet3 subnet4 subnet5 subnet6 ------------------------------------------------------------------------- deny allow allow allow deny allow allow (log enabled) admin(network.fw.submap)>
  • 3-86 WS2000 Wireless Switch System Reference Guide 3.16.5 Network Firewall Submap show Command show Network Firewall Submap Commands Displays default subnet access exception rules for indicated subnet. Syntax show default <from> Parameters default <from> Shows all default access exception rules for subnet <from> (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6) to all other subnets. Example admin(network.fw.submap)>set default s2 w deny admin(network.fw.submap)>set default s2 s4 deny admin(network.fw.submap)>set subnet-logging s2 s3 enable admin(network.fw.submap)>set logging s1 s2 s1s2allow default admin(network.fw.submap)>show default s2 ------------------------------------------------------------------------- wan subnet1 subnet2 subnet3 subnet4 subnet5 subnet6 ------------------------------------------------------------------------- deny allow allow allow deny allow allow (log enabled) admin(network.fw.submap)>
  • Network CLI Commands Reference 3-873.17 Network LAN Commands lan network Displays the LAN submenu. Syntax admin(network)>lan admin(network.lan)> The items available under this command are shown below. Command Description Ref. dhcp Goes to the DHCP submenu. page 3-93 set Sets LAN parameters. page 3-88 show Shows LAN parameters. page 3-90 updateDNS Updates DNS for a subnet page 3-91 updateAllDNS Updates DNS for all subnets page 3-92 bridge Goes to the bridge submenu page 3-101 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • 3-88 WS2000 Wireless Switch System Reference Guide 3.17.1 Network LAN set Command set Network LAN Commands Sets the LAN parameters for the six subnets. Syntax set [ipadr|mask|dgw|mode|name|port|wlan|stp] set ipadr <idx> <ip> set mask <idx> <netmask> set dgw <idx> <ip> set mode [enable|disable] set name <idx> <name> set port <port> <subnet> set wlan <wlan> <subnet> set stp <mode> Parameters ipadr <idx> <ip> Sets the IP address of subnet <idx> (1–6) to the IP address <ip> in the form a.b.c.d. mask <idx> <netmask> Sets the netmask of subnet <idx> (1–6) to IP address mask <netmask> in the form a.b.c.d. dgw <idx> <ip> Sets the default gateway for the subnet <idx> (1-6) to the IP <ip>. mode <idx> Enables or disables the subnet identified by <idx> (1–6). [enable|disable] name <idx> <name> Sets the name of the subnet <idx>(1–6) to <name> (can be up to 7 characters). port <port> <subnet> Assigns port <port>(1–6) to the subnet indicated by <subnet> (none, s1, s2, s3, s4, s5, s6). Unassigns a port with <subnet> = none. wlan <wlan> <subnet> Assigns WLAN number <wlan> to the subnet indicated by (none, s1, s2, s3, s4, s5, s6). Unassigns a WLAN with <subnet> = none. stp <mode> Enables or disables Spanning Tree Protocol (STP) for the subnets. Choose <mode> from enable or disable. NOTE: STP is applied on mesh networks even if it is disabled through the set command. Example admin(network.lan)>show lan 1 subnet name : Subnet1 subnet interface : enable ip address : 192.168.0.1 network mask : 255.255.255.0 ports : port1 port2 port3 port4 port5 port6 wlans : wlan1
  • Network CLI Commands Reference 3-89admin(network.lan)>set name 1 NewNameadmin(network.lan)>set port 4 noneadmin(network.lan)>set wlan 2 s1admin(network.lan)>show lan 1subnet name : OfficeNsubnet interface : enableip address : 192.168.0.1network mask : 255.255.255.0default gateway : 192.168.0.1ports : port1 port2 port3 port4 port5wlan : wlan1 wlan3vlan tag : 1admin(network.lan)> set stp enableadmin(network.lan)> show stpSTP Mode : EnableRelated Commandsshow lan Shows the current settings for the specified subnet (LAN).
  • 3-90 WS2000 Wireless Switch System Reference Guide 3.17.2 Network LAN show Command show Network LAN Commands Shows the LAN parameters. Syntax show [lan|stp] Parameters lan <idx> Shows the settings for the subnet <idx> (1–4). stp Shows the STP status for the device Example admin(network.lan)>show lan 1 subnet name : Subnet1 subnet interface : enable ip address : 192.168.0.1 network mask : 255.255.255.0 ports : port1 port2 port3 port4 port5 port6 wlans : wlan1 admin(network.lan)>set name 1 NewName admin(network.lan)>set port 4 none admin(network.lan)>set wlan 2 s1 admin(network.lan)>show lan 1 subnet name : NewName subnet interface : enable ip address : 192.168.0.1 network mask : 255.255.255.0 ports : port1 port2 port3 port5 port6 wlans : wlan1 wlan2 admin(network.lan)> set stp enable admin(network.lan)> show stp STP Mode : Enable Related Commands set Sets the parameters for a specified subnet (LAN). set stp Enables or disables Spanning Tree Protocol for the device.
  • Network CLI Commands Reference 3-913.17.3 Network LAN updateDNS Command updateDNS Network LAN Commands Updates the DNS for the selected subnet. Syntax updateDNS <idx> Parameters <idx> The subnet ID (1-6) Example admin(network.lan)>updateDNS 1 admin(network.lan)> Related Commands updateAllDNS Updates the DNS for all subnets.
  • 3-92 WS2000 Wireless Switch System Reference Guide 3.17.4 Network LAN updateAllDNS Command updateAllDNS Network LAN Commands Updates the DNS for all the active subnets. Syntax updateAllDNS Parameters None Example admin(network.lan)> updateAllDNS admin(network.lan)> Related Commands updateDNS Updates the DNS for a selected subnet.
  • Network CLI Commands Reference 3-933.18 Network LAN DHCP Commands dhcp Network LAN Commands Displays the DHCP submenu. Syntax admin(network.lan)> dhcp admin(network.lan.dhcp)> The items available under this command are shown below. Command Description Ref. add Adds static DHCP address assignments. page 3-94 delete Deletes static DHCP address assignments. page 3-95 list Lists static DHCP address assignments. page 3-96 set Sets DHCP parameters. page 3-97 show Shows DHCP parameters. page 3-99 renew Renews the DHCP IP address. page 3-100 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • 3-94 WS2000 Wireless Switch System Reference Guide 3.18.1 Network LAN DHCP add Command add Network LAN DHCP Commands Adds static DHCP address assignments. Syntax add <idx> <mac> <ip> Parameters <idx> <mac> <ip> Adds a static DHCP address assignment for subnet <idx> (1-6) where the device with the MAC address <mac> (aabbccddeeff format) is assigned the IP address <ip> (a.b.c.d format). Example admin(network.lan.dhcp)>add 1 00A0F8F01234 192.160.24.6 admin(network.lan.dhcp)>add 1 00A1F1F24321 192.169.24.7 admin(network.lan.dhcp)>list 1 ------------------------------------------------------------------------- index mac address ip address ------------------------------------------------------------------------- 1 00A0F8F01234 192.160.24.6 2 00A1F1F24321 192.169.24.7 admin(network.lan.dhcp)>
  • Network CLI Commands Reference 3-953.18.2 Network LAN DHCP delete Command delete Network LAN DHCP Commands Deletes static DHCP address assignments. Syntax delete <idx> [<entry>|all] Parameters <idx> [<entry>|all] Deletes static DHCP assignment entries. • <idx> – The subnet index (1-6) • <entry> – The DHCP entry (1-30) • all – All entries. Example admin(network.lan.dhcp)>list 1 ------------------------------------------------------------------------- index mac address ip address ------------------------------------------------------------------------- admin(network.lan.dhcp)>add 1 0011223344FF 191.168.0.42 admin(network.lan.dhcp)>add 1 4433221100AA 191.168.0.43 admin(network.lan.dhcp)>list 1 ------------------------------------------------------------------------- index mac address ip address ------------------------------------------------------------------------- 1 0011223344FF 191.168.0.42 2 4433221100AA 191.168.0.43 admin(network.lan.dhcp)>delete 1 1 admin(network.lan.dhcp)>list 1 ------------------------------------------------------------------------- index mac address ip address ------------------------------------------------------------------------- 1 4433221100AA 191.168.0.43 ------------------------------------------------------------------------- index mac address ip address ------------------------------------------------------------------------- 1 0011223344FF 191.168.0.42 2 4433221100AA 191.168.0.43
  • 3-96 WS2000 Wireless Switch System Reference Guide 3.18.3 Network LAN DHCP list Command list Network LAN DHCP Commands Lists static DHCP address assignments. Syntax list <idx> Parameters <idx> Lists the static DHCP address assignments for subnet <idx> (1–6). Example admin(network.lan.dhcp)>add 1 00A0F8F01234 192.168.63.5 admin(network.lan.dhcp)>list 1 ------------------------------------------------------------------------- index mac address ip address ------------------------------------------------------------------------- 1 00A0F8F01234 192.168.63.5 admin(network.lan.dhcp)> admin(network.lan.dhcp)>add 1 12332244AABB 192.168.64.3 admin(network.lan.dhcp)>list 1 ------------------------------------------------------------------------- index mac address ip address ------------------------------------------------------------------------- 1 00A0F8F01234 192.168.63.5 2 12332244AABB 192.168.64.3
  • Network CLI Commands Reference 3-973.18.4 Network LAN DHCP set Command set Network LAN DHCP Commands Sets DHCP parameters for the subnets. Syntax set [dgw|dns|wins|lease|domain|mode|range| relayserverip|ddnsmode|fwdzone|ddnsusrcls| tftp-server|bootfile|option-189|option-43] Parameters dgw <idx> <a.b.c.d> Sets the default gateway for subnet <idx> (1–6) to the IP address <a.b.c.d>. dns <a> <b> <c> Sets the primary/secondary DNS servers for the selected subnet. • <a> – The subnet (1-6) • <b> – The DNS server type (1=primary, 2=secondary) • <c> – The IP address of the server type selected in <b> in the a.b.c.d form. wins <idx> <a.b.c.d> Sets the WINS server for subnet <idx> (1–6) to the IP address <a.b.c.d>. lease <idx> <lease> Sets the DHCP lease time for subnet <idx> (1–6) to <lease> seconds (1–999999). domain <idx> <dn> Sets the domain name for subnet <idx> (1–6) to the domain name <dn> (1 to 63 characters). mode <idx> <mode> Sets the DHCP mode for subnet <idx> (1–4) to <mode>. <mode> can be one of (none, client, server, relay) where: • none – disables DHCP node • client – enables the subnet to be a DHCP client • server – enables the subnet to be a DHCP server • relay – enables the subnet to be a DHCP relay range <a> <b> <c> Sets the DHCP assignment range for subnet <a> (1–6) from IP address <b> to another IP address <c>. relayserverip <idx> <a.b.c.d> Sets the DHCP relay server IP for subnet <idx> (1-6) to the IP <a.b.c.d>. ddnsmode <idx> <mode> Enables or disables DDNS for the subnet <idx> (1-6). <mode> can be one of enable or disable. fwdzone <idx> <fwdzone> Sets the DHCP forward zone for the subnet <idx> (1-6) to the zone specified by <fwdzone> (1 to 63 characters) ddnsusrcls <idx> <usrcls> Sets the DDNS user class <usrcls> to single or multiple for the subnet <idx> (1-6). tftp-server <idx> Sets the tftp-server IP for the subnet <idx> (1-6) to the IP <tftp-server> <tftp-server> bootfile <idx> <bootfile> Sets the bootfile name for the subnet <idx> (1-6) to the boot file name <boot-file> (max 31 characters)
  • 3-98 WS2000 Wireless Switch System Reference Guide option-189 <idx> <ip list> Sets the IP addresses and ports numbers for WIAP enabled switches for the subnet <idx> (1-6). <ip-list> (max 63 characters) must be in the format a.b.c.d:xx and multiple addresses must be separated by comma. option-43 <idx> <ip list> Sets the IP address for WIAP enabled switches for the subnet <idx> (1-6). <ip-list> (max 63 characters) must be in the format a.b.c.d and multiple addresses must be separated by a comma. Example admin(network.lan.dhcp)>set dns 1 1 209.160.0.18 admin(network.lan.dhcp)>set dns 1 2 209.160.0.218 admin(network.lan.dhcp)>show dhcp 1 dhcp mode : server default gateway : 192.168.0.1 primary dns server : 209.160.0.18 secondary dns server : 209.160.0.218 wins server : 192.168.0.254 starting ip address : 192.168.0.11 ending ip address : 192.168.0.254 lease time : 10000 domain name : admin(network.lan.dhcp)>set domain 1 BigFishCo admin(network.lan.dhcp)>show dhcp 1 dhcp mode : server default gateway : 192.168.0.1 primary dns server : 209.160.0.18 secondary dns server : 209.160.0.218 wins server : 192.168.0.254 starting ip address : 192.168.0.11 ending ip address : 192.168.0.254 lease time : 10000 domain name : BigFishCo admin(network.lan.dhcp)>
  • Network CLI Commands Reference 3-993.18.5 Network LAN DHCP show Command show Network LAN DHCP Commands Shows DHCP parameter settings for specified subnets. Syntax show dhcp <idx> Parameters show dhcp <idx> Displays the DHCP parameter settings for subnet <idx> (1–6). These parameters are set with the set command. Example admin(network.lan.dhcp)>set dns 1 2 192.168.0.242 admin(network.lan.dhcp)>set dns 1 2 192.168.0.1 admin(network.lan.dhcp)>show dhcp 1 dhcp mode : server ddns mode : disable user class : default gateway : 192.168.0.50 primary dns server : 192.168.10.1 secondary dns server : 192.168.0.1 wins server : 192.168.0.254 starting ip address : 192.168.0.100 ending ip address : 192.168.0.254 relay server ip address : 0.0.0.0 lease time : 86400 domain name : forward zone : tftp-server : 0.0.0.0 bootfile : option-189 : option-43 : admin(network.lan.dhcp)>set domain 1 BigFishCo admin(network.lan.dhcp)>show dhcp 1 admin(network.lan.dhcp)>show dhcp 1 dhcp mode : server ddns mode : disable user class : default gateway : 192.168.0.50 primary dns server : 192.168.10.1 secondary dns server : 192.168.0.1 wins server : 192.168.0.254 starting ip address : 192.168.0.100 ending ip address : 192.168.0.254 relay server ip address : 0.0.0.0 lease time : 86400 domain name : BigFishCo forward zone : tftp-server : 0.0.0.0 bootfile : option-189 : option-43 :
  • 3-100 WS2000 Wireless Switch System Reference Guide 3.18.6 Network LAN DHCP renew Command renew Network LAN DHCP Commands Renews the IP address assigned by DHCP. Syntax renew Parameters None Example admin(network.lan.dhcp)> renew
  • Network CLI Commands Reference 3-1013.19 Network LAN Bridge commands bridge Network LAN Commands Displays the Bridge submenu. Syntax admin(network.lan)> bridge admin(network.lan.bridge)> The items available under this command are shown below. Command Description Ref. show Shows the bridge configuration parameters page 3-102 set Sets bridge configuration parameters page 3-104 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • 3-102 WS2000 Wireless Switch System Reference Guide 3.19.1 Network LAN Bridge show Command show Network LAN Bridge commands Displays the bridge configuration parameters. Syntax show Parameters None Example admin(network.lan.bridge)> show admin(network.lan.bridge)>show ** LAN1 Bridge Configuration ** Bridge Priority : 32768 Hello Time (seconds) : 2 Message Age Time (seconds) : 20 Forward Delay Time (seconds) : 15 Entry Ageout Time (seconds) : 60 Wireless Trunking : disable ** LAN2 Bridge Configuration ** Bridge Priority : 32768 Hello Time (seconds) : 2 Message Age Time (seconds) : 20 Forward Delay Time (seconds) : 15 Entry Ageout Time (seconds) : 60 Wireless Trunking : disable ** LAN3 Bridge Configuration ** Bridge Priority : 32768 Hello Time (seconds) : 2 Message Age Time (seconds) : 20 Forward Delay Time (seconds) : 15 Entry Ageout Time (seconds) : 300 Wireless Trunking : disable ** LAN4 Bridge Configuration ** Bridge Priority : 32768 Hello Time (seconds) : 2 Message Age Time (seconds) : 20 Forward Delay Time (seconds) : 15 Entry Ageout Time (seconds) : 300 Wireless Trunking : disable
  • Network CLI Commands Reference 3-103** LAN5 Bridge Configuration **Bridge Priority : 32768Hello Time (seconds) : 2Message Age Time (seconds) : 20Forward Delay Time (seconds) : 15Entry Ageout Time (seconds) : 300Wireless Trunking : disable** LAN6 Bridge Configuration **Bridge Priority : 32768Hello Time (seconds) : 2Message Age Time (seconds) : 20Forward Delay Time (seconds) : 15Entry Ageout Time (seconds) : 300Wireless Trunking : disableadmin(network.lan.bridge)>
  • 3-104 WS2000 Wireless Switch System Reference Guide 3.19.2 Network LAN Bridge set Command set Network LAN Bridge commands Sets the bridge configuration parameters. Syntax set [priority|hello|msgage|fwddelay|ageout|wireless-trunking] Parameters priority <LAN-idx> <priority> Sets the bridge priority to <priority> (0-65535) for the lan <LAN- idx> (1-6) hello <LAN-idx> <hello> Sets the bridge’s hello time to <hello> (1-10) seconds for the lan <LAN-idx> (1-6) msgage <LAN-idx> <msgage> Sets the bridge message age time to <msgage> (6-40) seconds for lan <LAN-idx> (1-6) fwddelay <LAN-idx> <fwddelay> Sets the bridge forward delay time to <fwddelay> (4-30) seconds for lan <LAN-idx> (1-6) ageout <LAN-idx> <ageout> Sets the bridge forward table entry ageout to <ageout> (4-3600) seconds for lan <LAN-idx> (1-6). wireless-trunking <LAN-idx> <mode> Sets the wireless trunking mode <mode> (enable/disable) for lan <LAN-idx> (1-6) Example admin(network.lan.bridge)>set priority 1 5 admin(network.lan.bridge)>set wireless-trunking 1 enable admin(network.lan.bridge)>show ** LAN1 Bridge Configuration ** Bridge Priority : 5 Hello Time (seconds) : 2 Message Age Time (seconds) : 20 Forward Delay Time (seconds) : 15 Entry Ageout Time (seconds) : 60 Wireless Trunking : enable ** LAN2 Bridge Configuration ** Bridge Priority : 32768 Hello Time (seconds) : 2 Message Age Time (seconds) : 20 Forward Delay Time (seconds) : 15 Entry Ageout Time (seconds) : 60 Wireless Trunking : disable [...]
  • Network CLI Commands Reference 3-1053.20 Network QoS Commands qos network Displays the quality of service (QoS) submenu. Syntax admin(network)> qos admin(network.qos)> The items available under this command are shown below. Command Description Ref. clear Clears QoS parameters. page 3-106 set Sets QoS parameters. page 3-107 show Shows QoS parameters. page 3-108 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • 3-106 WS2000 Wireless Switch System Reference Guide 3.20.1 Network QOS clear Command clear Network QoS Commands Clears QoS radio statistics. Syntax clear queuing Parameters None Example admin(network.qos)>clear queue Related Commands set Sets the QoS parameters. show Shows the QoS parameters and the QoS queuing statistics.
  • Network CLI Commands Reference 3-1073.20.2 Network QOS set Command set Network QoS Commands Sets QoS parameters. Syntax set bw-share [mode|weight|threshold] Parameters mode <mode> Set bandwidth share mode <mode> (none, static, weighted or rate-limit) weight <idx> <weight> Set the weight for WLAN <idx> (1–8) to <weight> (1–10). A weight can only be set if the bandwidth share mode is set to weighted. threshold <idx> <speed> Sets the bandwidth share threshold for WLAN <idx> (1–6) to speed <speed> <0–54000> Example admin(network.qos)>set bw-share mode weighted admin(network.qos)>set bw-share weight 1 6 admin(network.qos)>set bw-share threshold 1 12000 admin(network.qos)>show bw-share BW Share Mode:weighted -------------------------------- WLAN BW Share Weight -------------------------------- 1 6 2 1 3 1 4 1 5 1 6 1 7 1 8 1 admin(network.qos)> Related Commands show Shows the bandwidth settings and the queuing statistics. clear Clears the queuing statistics.
  • 3-108 WS2000 Wireless Switch System Reference Guide 3.20.3 Network QOS show Command show Network QoS Commands Shows QoS parameters and queuing statistics. Syntax show [bw-sharing|queuing] Parameters bw-share Shows the bandwidth sharing settings. queuing Displays the radio QoS queuing statistics. Example admin(network.qos)>show bw BW Share Mode:static admin(network.qos)>show qu 1 BW Share Mode:static ------------------------------------------------------------------------- Priority In Out Dropped ------------------------------------------------------------------------- ------------------------------------------------------------------------- WLAN: 1 ------------------------------------------------------------------------- 0 0 0 0 1 0 0 0 2 0 0 0 admin(network.qos)> Related Commands set Sets the QoS parameters. clear Clears the QoS queuing statistics.
  • Network CLI Commands Reference 3-1093.21 Network Router Commands router network Displays the router submenu. Syntax admin(network)> router admin(network.router)> The items available under this command are shown below. Command Description Ref. add Adds user-defined routes. page 3-110 delete Deletes user-defined routes. page 3-111 list Lists user-defined routes. page 3-112 set Sets RIP parameters. page 3-113 show Shows routes/RIP parameters. page 3-114 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • 3-110 WS2000 Wireless Switch System Reference Guide 3.21.1 Network Router add Command add Network Router Commands Adds user-defined routes. Syntax add <dest> <netmask> <gw> <iface> <metric> Parameters <dest> <netmask> <gw> Adds a route with destination IP address <dest>, IP netmask <iface> <metric> <netmask>, gateway IP address <gw>, interface subnet or WAN set to <iface> (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6 or w = WAN), and metric set to <metric> (1– 15). Example admin(network.router)>add 202.57.42.6 255.255.255.224 202.57.42.1 s2 3 admin(network.router)>list ------------------------------------------------------------------ index destination netmask gateway interface metric ------------------------------------------------------------------ 1 202.57.42.6 255.255.255.224 202.57.42.1 subnet2 3 admin(network.router)>add 234.44.33.212 255.255.255.234 234.44.33.2 s3 5 admin(network.router)>list ------------------------------------------------------------------ index destination netmask gateway interface metric ------------------------------------------------------------------ 1 202.57.42.6 255.255.255.224 202.57.42.1 subnet2 3 2 234.44.33.212 255.255.255.234 234.44.33.2 subnet3 5
  • Network CLI Commands Reference 3-1113.21.2 Network Routes delete Command delete Network Router Commands Deletes user-defined routes. Syntax delete [all|<idx>] Parameters <idx> Deletes the user-defined route <idx> (1–20) from the list. all Deletes all user-defined routes. Example admin(network.router)>list ------------------------------------------------------------------ index destination netmask gateway interface metric ------------------------------------------------------------------ 1 202.57.42.6 255.255.255.224 202.57.42.1 subnet2 3 2 234.44.33.212 255.255.255.234 234.44.33.2 subnet3 5 admin(network.router)>delete 2 admin(network.router)>list ------------------------------------------------------------------ index destination netmask gateway interface metric ------------------------------------------------------------------ 1 202.57.42.6 255.255.255.224 202.57.42.1 subnet2 3
  • 3-112 WS2000 Wireless Switch System Reference Guide 3.21.3 Network Router list Command list Network Router Commands Lists user-defined routes. Syntax list Parameters None Example admin(network.router)>add 234.44.33.212 255.255.255.234 234.44.33.2 s3 5 admin(network.router)>list ------------------------------------------------------------------------- index destination netmask gateway interface metric ------------------------------------------------------------------------- 1 202.57.42.6 255.255.255.224 202.57.42.1 subnet2 3 2 234.44.33.212 255.255.255.234 234.44.33.2 subnet3 5
  • Network CLI Commands Reference 3-1133.21.4 Network Router set Command set Network Router Commands Sets routing information protocol (RIP) parameters. Syntax set [auth|dir|id|key|passwd|type|dgw-if] Parameters auth <auth> Sets RIP authentication type to <auth> to one of none, simple, or md5 dir <dir> Sets RIP direction to <dir> to one of rx = receive, tx = transmit, or both). id <idx> <id> Sets MD5 authentication ID for key <idx> (1–2) to the MD5 key id <id> (1– 256). key <idx> <key> Sets the MD5 authentication ID for key <idx> (1–2) to MD5 key <key> (up to 16 characters). passwd <passwd> Sets password for simple authentication to <passwd> (1 to 16 characters). type <type> Sets RIP type to <type> to ne of off, ripv1, ripv2, or ripv1v2. dgw-if <if> Sets the Default Gateway Interface to <if> one of none, wan, s1, s2, s3, s4, s5, s6, and default. Example admin(network.router)>set auth md5 admin(network.router)>set key 1 12345678 admin(network.router)>set key 2 87654321 admin(network.router)>show rip rip type : off rip direction : both rip authentication type : md5 rip simple auth password : ******** rip md5 id 1 : 1 rip md5 key 1 : ******** rip md5 id 2 : 1 rip md5 key 2 : ********S admin(network.router)>set type ripv1 Warning: Having RIP enabled compromises your Subnet to Subnet firewall. admin(network.router)>show rip rip type : ripv1 rip direction : both rip authentication type : md5 rip simple auth password : ******** rip md5 id 1 : 1 rip md5 key 1 : ******** rip md5 id 2 : 1 rip md5 key 2 : ********
  • 3-114 WS2000 Wireless Switch System Reference Guide 3.21.5 Network Router show Command show Network Router Commands Shows connected routes and routing information protocol (RIP) parameters. Syntax show [rip|routes] Parameters rip Shows RIP parameters. routes Shows connected routes. Example admin(network.router)>show rip rip type : off rip direction : both rip authentication type : md5 rip simple auth password : ******** rip md5 id 1 : 1 rip md5 key 1 : ******** rip md5 id 2 : 1 rip md5 key 2 : ******** admin(network.router)>show routes ------------------------------------------------------------------------- --- index destination netmask gateway interface metric ------------------------------------------------------------------------- --- 1 192.168.2.0 255.255.255.0 0.0.0.0 subnet3 0 2 192.168.1.0 255.255.255.0 0.0.0.0 subnet2 0 3 192.168.0.0 255.255.255.0 0.0.0.0 subnet1 0 4 192.168.24.0 255.255.255.0 0.0.0.0 wan 0 5 0.0.0.0 0.0.0.0 192.168.24.1 wan 0
  • Network CLI Commands Reference 3-1153.22 Network VLAN Commands vlan network Displays the VLAN submenu. Syntax admin(network)> vlan admin(network.vlan)> The items available under this command are shown below. Command Description Ref. set Sets VLAN parameters. page 3-116 show Shows VLAN parameters. page 3-117 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • 3-116 WS2000 Wireless Switch System Reference Guide 3.22.1 Network VLAN set Command set Network VLAN Commands Sets VLAN parameters. Syntax set [assign-mode|default|vlan-id|trunk-port|allow] Syntax: assign-mode <mode> Assigns the VLAN assignment mode <mode> to one of user or port. default <vlan_id> Assigns the default VLAN ID to <vlan_id>, which is a number between 1 and 4094. vlan-id <subnet_id> Sets the VLAN ID for subnet <subnet_id> (one of s1, s2, s3, s4, s5,or s6) <vlan_id> to <vlan_id> (1–4094). trunk-port <port> Sets the Trunk Port <port> to one of none or wan. allow [vlans <list>|all|none] Sets the list of VLANs allowed access to the trunk port. • vlans <list> – Sets the allowed VLANs from <list>, a comma separated list of VLAN Ids. • all – Sets the allowed VLANs to all VLANs. • none – Sets the list of allowed VLANs to none. Example admin(network.vlan)>set assign-mode user admin(network.vlan)>set default 3 admin(network.vlan)>show vlan 3 VLAN assignment mode : user VLAN ID : 3 VLAN Mapped Subnet : Subnet3 Default VLAN ID : Yes Related Commands show Displays the VLAN settings.
  • Network CLI Commands Reference 3-1173.22.2 Network VLAN show Command show Network VLAN Commands Shows VLAN parameters. Syntax show [vlan|trunk] Parameters vlan <id> Displays the VLAN settings for the VLAN specified by <id> (1–4094). trunk Displays the Trunk settings. Example admin(network.vlan)>show vlan 3 VLAN assignment mode : user VLAN ID : 3 VLAN Mapped Subnet : Subnet3 Default VLAN ID : Yes admin(network.vlan)>show vlan 2 VLAN assignment mode : user VLAN ID : 2 VLAN Mapped Subnet : Subnet1 Default VLAN ID : No admin(network.vlan)>set trunk-port wan admin(network.vlan)>set all vlans 1-20 admin(network.vlan)>show trunk Trunk Port : WAN Allowed VLANs : 1-20 Related Commands set Sets the VLAN parameters.
  • 3-118 WS2000 Wireless Switch System Reference Guide 3.23 Network WAN Commands wan network Displays the WAN submenu. Syntax admin(network)> wan admin(network.wan)> The items available under this command are shown below. Command Description Ref. vpn Goes to the VPN submenu. page 3-144 nat Goes to the NAT submenu. page 3-138 app Goes to the outbound content filtering submenu. page 3-123 dyndns Goes to the Dynamic DNS submenu page 3-129 trunkipfpolicy Goes to the Trunk Port IP Filter Policy submenu page 3-133 renew Renews the IP address. page 3-119 set Sets WAN parameters. page 3-120 show Shows WAN parameters. page 3-122 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • Network CLI Commands Reference 3-1193.23.1 Network WAN renew Command renew Network WAN Commands Renews the IP address. Syntax renew Parameters None Example admin(network.wan)>renew admin(network.wan)>
  • 3-120 WS2000 Wireless Switch System Reference Guide 3.23.2 Network WAN set Command set Network WAN Commands Sets the WAN parameters. In the Web interface, this functionality if provided by the Network->WAN screen. Syntax set [dhcp|dgw|dns|ipadr|mask|mode|ppope|mtu] Parameters dhcp <mode> Enables or disables the switch as a DHCP client. <mode> can be one of enable or disable. dgw <a.b.c.d> Sets the default gateway IP address to <a.b.c.d>. dns <idx> <a.b.c.d> Sets the IP address of one or two DNS servers, where <idx> indicates either the primary (1) or secondary (2) server, and <a.b.c.d> is the IP address of the server. ipadr <idx> <a.b.c.d> Sets up to 8 (using <idx> from 1 to 8) IP addresses <a.b.c.d> for the WAN interface of the switch. mask <a.b.c.d> Sets the subnet mask to <a.b.c.d>. mode <idx> <mode> Enables or disables the WAN interface associated with the given <idx> (1– 8) as set using the set ipadr command. <mode> can be one of enable or disable. pppoe [idle|ka|mode|passwd| Sets PPPoE parameters. type|user|mss] • idle <val> – Sets the PPPoE idle value <val> (1–65535) seconds. • ka <mode> – Sets the PPPoE keep alive mode <mode> (enable, disable). • mode <mode> – Enables or disables PPPoE. <mode> can be one of enable or disable. • passwd <password> – Sets the PPPoE password to <password> (1 – 39 Characters) • type <type> – Sets the PPPoE authentication type to <type> (none, pap/ chap, pap, chap). • user <username> – Sets the PPPoE user name to <username> (1 – 47 Characters). • mss <msssize> – Sets the PPPoE maximum segment size to <msssize> (20–1460). mtu Sets MTU size of wan interface. The minimum value is 128 bytes and maximum is 1500 bytes. Example admin(network.wan)>set dhcp enable admin(network.wan)>set dgw 192.168.122.25 admin(network.wan)>set pppoe mode enable admin(network.wan)>set pppoe type chap admin(network.wan)>set pppoe user JohnDoe admin(network.wan)>set pppoe passwd @#$goodpassword%$#
  • Network CLI Commands Reference 3-121admin(network.wan)>set pppoe keepalive enableRelated Commandsshow ip Shows the IP settings for the WAN.show pppoe Shows the PPPoE settings for the WAN.
  • 3-122 WS2000 Wireless Switch System Reference Guide 3.23.3 Network WAN show Command show Network WAN Commands Shows the WAN parameters. Syntax show [ip|pppoe|mtuc] Parameters ip <idx> Shows the general IP parameters for the WAN along with settings for the WAN interface associated with <idx> (where <idx> is in the range 1–8). Note: If the WAN interface IP addresses have not been specified for <idx>, the IP and Mask values will be shown as 0.0.0.0. pppoe Shows all PPPoE settings. mtu Sets MTU size of wan interface. The minimum value is 128 bytes and maximum is 1500 bytes. Example admin(network.wan)>show ip 3 wan interface : enable ip address : 0.0.0.0 network mask : 0.0.0.0 default gateway : 192.168.24.1 dhcp mode : enable primary dns server : 209.142.0.2 secondary dns server : 209.142.0.218 admin(network.wan)>show pppoe pppoe mode : disable ip address : 0.0.0.0 default gateway : 0.0.0.0 primary dns server : 0.0.0.0 secondary dns server : 0.0.0.0 pppoe keepalive mode : disable pppoe authentication type : pap/chap pppoe idle time : 600 pppoe user name : pppoe password : ******** pppoe MSS : 1452
  • Network CLI Commands Reference 3-1233.24 Network WAN App Commands app Network WAN Commands Displays the outbound content filtering submenu. Syntax admin(network.wan)> app admin(network.wan.app)> The items available under this command are shown below. Command Description Ref. addcmd Adds app control commands to the deny list. page 3-124 delcmd Deletes app control commands from the deny list. page 3-126 list Lists app control records. page 3-128 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • 3-124 WS2000 Wireless Switch System Reference Guide 3.24.1 Network WAN APP addcmd Command addcmd Network WAN App Commands Adds app control commands to the deny list. Syntax addcmd [web|ftp|smtp] Parameters web [file Denies access to the specified web files. <filename>.<ext>| • file <filename>.<ext> – Denies specified web file name. <filename> can be up to 15 proxy|activex] characters and “*” can be used to match any string. <ext> can be up to 10 characters (such as htm, html, or java). Up to 10 files can be specified. • proxy – Denies web proxies • activex – Denies ActiveX files ftp Denies access to the following FTP commands: [put|get|ls|mkdir|c • put – Denies access to FTP put command d|pasv] • get – Denies access to FTP get command • ls – Denies access to FTP ls command • mkdir – Denies access to FTP mkdir command • cd – Denies access to FTP cd command • pasv – Denies access to FTP pasv command smtp Denies access to the following SMTP command: [helo|mail|rcpt| • helo – Denies access to the SMTP helo command data|quit|send| • mail – Denies access to the SMTP mail command saml|rset|vrfy| expn] • rcpt – Denies access to the SMTP rcpt command • data – Denies access to the SMTP data command • quit – Denies access to the SMTP quit command • send – Denies access to the SMTP send command • saml – Denies access to the SMTP saml command • rset – Denies access to the SMTP rset command • vrfy – Denies access to the SMTP vrfy command • expn – Denies access to the SMTP expn command Example admin(network.wan.app)>addcmd ftp ? put : store command get : retrieve command ls : directory list command mkdir : create directory command cd : change directory command pasv : passive mode command
  • Network CLI Commands Reference 3-125admin(network.wan.app)>addcmd ftp putadmin(network.wan.app)>addcmd ftp cdadmin(network.wan.app)>addcmd ftp pasvadmin(network.wan.app)>list ftpFTP CommandsStoring Files : denyRetrieving Files : allowDirectory List : allowCreate Directory : allowChange Directory : denyPassive Operation : denyadmin(network.wan.app)>addcmd smtp heloadmin(network.wan.app)>addcmd smtp vrfyadmin(network.wan.app)>list smtpSMTP CommandsHELO : denyMAIL : allowRCPT : allowDATA : allowQUIT : allowSEND : allowSAML : allowRESET : allowVRFY : denyEXPN : allowadmin(network.wan.app)>Related Commandsdelcmd Removes a file or command from the deny list.
  • 3-126 WS2000 Wireless Switch System Reference Guide 3.24.2 Network WAN APP delcmd Command delcmd Network WAN App Commands Deletes application control commands from the deny list. Syntax delcmd [web|ftp|smtp] Parameters web [file Deletes the specified web files from the access denied list. <filename>.<ext>| • file <filename>.<ext> – Denied web file name. <filename> can be up to 15 proxy|activex] characters and “*” can be used to match any string. <ext> can be up to 10 characters (such as htm, html, or java). Up to 10 files can be specified. • proxy – Web proxies • activex – ActiveX files ftp Deletes the following FTP commands from the access denied list. [put|get|ls|mkdir|c • put – FTP put command d|pasv] • get – FTP get command • ls – FTP ls command • mkdir – FTP mkdir command • cd – FTP cd command • pasv – FTP pasv command smtp Deletes the following SMTP command from the access denied list. [helo|mail|rcpt| • helo – SMTP helo command data|quit|send| • mail – SMTP mail command saml|rset|vrfy| expn] • rcpt – SMTP rcpt command • data – SMTP data command • quit – SMTP quit command • send – SMTP send command • saml – SMTP saml command • rset – SMTP rset command • vrfy – SMTP vrfy command • expn – SMTP expn command Example admin(network.wan.app)>list ftp FTP Commands Storing Files : deny Retrieving Files : allow Directory List : allow Create Directory : allow Change Directory : deny
  • Network CLI Commands Reference 3-127Passive Operation : denyadmin(network.wan.app)>delcmd ftp putadmin(network.wan.app)>delcmd ftp cdadmin(network.wan.app)>list ftpFTP CommandsStoring Files : allowRetrieving Files : allowDirectory List : allowCreate Directory : allowChange Directory : allowPassive Operation : denyadmin(network.wan.app)>list smtpSMTP CommandsHELO : denyMAIL : allowRCPT : allowDATA : allowQUIT : allowSEND : allowSAML : allowRESET : allowVRFY : denyEXPN : allowadmin(network.wan.app)>delcmd smtp heloadmin(network.wan.app)>list smtpSMTP CommandsHELO : allowMAIL : allowRCPT : allowDATA : allowQUIT : allowSEND : allowSAML : allowRESET : allowVRFY : denyEXPN : allowRelated Commandsaddcmd Adds a file or command to the deny list.
  • 3-128 WS2000 Wireless Switch System Reference Guide 3.24.3 Network WAN APP list Command list Network WAN App Commands Lists the app control records. Syntax list [web|ftp|smtp] Parameters web Lists Web/HTTP app control settings. ftp Lists FTP app control settings. smtp Lists SMTP app control record. Example admin(network.wan.app)>list web HTTP Files/Commands Web Proxy : deny ActiveX : deny filename : admin(network.wan.app)>list ftp FTP Commands Storing Files : allow Retrieving Files : allow Directory List : allow Create Directory : deny Change Directory : deny Passive Operation : deny admin(network.wan.app)>list smtp SMTP Commands HELO : deny MAIL : allow RCPT : allow DATA : allow QUIT : allow SEND : allow SAML : allow RESET : allow VRFY : deny EXPN : allow admin(network.wan.app)>
  • Network CLI Commands Reference 3-1293.25 Network WAN DynDNS Commands dyndns Network WAN Commands Displays the Dynamic DNS menu. DynDNS provides a facility to update the domain name information when the IP address associated with the domain name changes. Syntax admin(network.wan)> dyndns admin(network.wan.dyndns)> The items available under this command are shown below. Command Description Ref. set Sets the different Dynamic DNS parameters page 3-130 show Displays the Dynamic DNS parameters and current status page 3-131 update Manually updates the Dynamic DNS status page 3-132 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • 3-130 WS2000 Wireless Switch System Reference Guide 3.25.1 Network WAN DynDNS set Command set Network WAN DynDNS Commands Sets the DynDNS parameters Syntax set [mode|username|password|hostname] set mode <mode> set username <username> set password <password> set hostname <hostname> Parameters mode <mode> Enables or disables DynDNS. <mode> can be enable or disable. username <username> Sets the DynDNS user name to <username> (1-32 characters) password <password> Sets the password to <password> (1-32 characters) for the DynDNS username <username>. hostname <hostname> Sets the DynDNS server host name to <hostname> (1-32 characters). Example admin(network.wan.dyndns)>set mode enable admin(network.wan.dyndns)>set username JohnDoe admin(network.wan.dyndns)>set password JohnDoe admin(network.wan.dyndns)>set hostname motPropServ admin(network.wan.dyndns)>show DynDNS Configuration Mode : enable Username : JohnDoe Password : ******** Hostname : motPropServ DynDNS Update Response IP Address : 192.168.10.1 Hostname : motPropServ Status : Connected
  • Network CLI Commands Reference 3-1313.25.2 Network WAN DynDNS show Command show Network WAN DynDNS Commands Displays the Dynamic DNS parameter information and the current status. Syntax show Parameters None Example admin(network.wan.dyndns)>show DynDNS Configuration Mode : enable Username : JohnDoe Password : ******** Hostname : motPropServ DynDNS Update Response IP Address : 192.168.10.1 Hostname : motPropServ Status : Connected
  • 3-132 WS2000 Wireless Switch System Reference Guide 3.25.3 Network WAN DynDNS update Command update Network WAN DynDNS Commands Manually updates the Dynamic DNS information. Syntax update Parameters None Example admin(network.wan.dyndns)>update IP Address : 192.168.10.1 Hostname : motPropServ
  • Network CLI Commands Reference 3-1333.26 Network WAN TrunkIPFPolicy Commands trunkipfpolicy Network WAN Commands Displays the Trunk IP Filter Policy submenu. Syntax admin(network.wan)>trunkipfpolicy admin(network.wan.trunkipfpolicy)> The items available under this command are shown below. Command Description Ref. add Adds Trunk Port IP Filter association table entry page 3-134 del Removes Trunk Port IP Filter association table entry page 3-135 set Sets Trunk Port IP Filter association parameters page 3-136 show Displays Trunk Port IP Filter association parameters page 3-137 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • 3-134 WS2000 Wireless Switch System Reference Guide 3.26.1 Network WAN TrunkIPFPolicy add Command add Network WAN TrunkIPFPolicy Commands Adds a Trunk Port IP Filter association table entry. Syntax add <filter-name> <direction> <action> Parameters <filter-name> Name of the Trunk Port Filter entry <direction> The direction for the filter <action> One of allow or deny. Example
  • Network CLI Commands Reference 3-1353.26.2 Network WAN TrunkIPFPolicy del Command del Network WAN TrunkIPFPolicy Commands Deletes an entry from the Trunk Port IP Filter association table. Syntax del [all|<index>] Parameters all Removes all trunk port IP filter association table entries. <index> Remove trunk port ip filter association table entry at the index <index>. Example admin(network.wan.trunkipfpolicy)> del 1 admin(network.wan.trunkipfpolicy)>
  • 3-136 WS2000 Wireless Switch System Reference Guide 3.26.3 Network WAN TrunkIPFPolicy set Command set Network WAN TrunkIPFPolicy Commands Sets the different Trunk Port IP Filter Policy configuration settings Syntax set [ipf-mode|default] set ipf-mode <mode> set default [incoming|outgoing] [allow|deny] Parameters ipf-mode <mode> Enables or disables the Trunk Port IP Filtering default Sets the default properties for incoming and outgoing direction to either allow or [incoming|outgoing] deny. [allow|deny] Example admin(network.wan.trunkipfpolicy)>show ---------------------------------------------------------------- Filter-Name Direction Action ---------------------------------------------------------------- IP Filter Mode : enable Default Incoming Action : allow Default Outgoing Action : allow admin(network.wan.trunkipfpolicy)>set default outgoing deny admin(network.wan.trunkipfpolicy)>show ------------------------------------------------------------ Filter-Name Direction Action ------------------------------------------------------------ IP Filter Mode : enable Default Incoming Action : allow Default Outgoing Action : deny
  • Network CLI Commands Reference 3-1373.26.4 Network WAN TrunkIPFPolicy show Command show Network WAN TrunkIPFPolicy Commands Displays the Trunk Port IP Filter policy configuration information. Syntax show Parameters None Example admin(network.wan.trunkipfpolicy)>show ---------------------------------------------------- Filter-Name Direction Action ---------------------------------------------------- IP Filter Mode : enable Default Incoming Action : allow Default Outgoing Action : deny admin(network.wan.trunkipfpolicy)>?
  • 3-138 WS2000 Wireless Switch System Reference Guide 3.27 Network WAN NAT Commands nat Network WAN Commands Displays the nat submenu. Syntax admin(network.wan)> nat admin(network.wan.nat)> The items available under this command are shown below. Command Description Ref. add Adds NAT records. page 3-139 delete Deletes NAT records. page 3-140 listt Lists NAT records. page 3-141 set Sets NAT parameters. page 3-142 show Shows NAT parameters. page 3-143 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • Network CLI Commands Reference 3-1393.27.1 Network WAN NAT add Command add Network WAN NAT Commands Adds NAT records. Syntax add inb <idx> <name> <tran> <port1> <port2> <ip> <dst_port> Parameters inb <idx> <name> Sets an inbound Network Address Translation (NAT) entry. <tran> <port1> • <idx> – The WAN address <port2> <ip> • <name> – The NAT entry name <dst_port> • <tran> – The transport protocol (one of cp, udp, icmp, ah, esp, gre, or all) • <port1> – The starting port number in a port range • <port2> – The ending port number in a port range • <ip> – The internal IP address • <dst_port> – The optional internal translation port Example admin(network.wan.nat)>add inb 2 special tcp 20 21 192.168.42.16 21 admin(network.wan.nat)>list inb 2 ------------------------------------------------------------------------- index name prot start port end port internal ip translation port ------------------------------------------------------------------------- 1 special tcp 20 21 192.168.42.16 21 Related Commands delete inb Deletes one of the inbound NAT entries from the list. list inb Displays the list of inbound NAT entries.
  • 3-140 WS2000 Wireless Switch System Reference Guide 3.27.2 Network WAN NAT delete Command delete Network WAN NAT Commands Deletes NAT records. Syntax delete inb <idx> [<entry>|all] Syntax: inb <idx> [<entry>|all] Deletes a NAT table entry. • <idx> – The WAN index (1–8) • <entry> – The NAT entry (1–20) • all – All NAT entries associated with the WAN <idx> (1–8) Example admin(network.wan.nat)>list inb 2 ------------------------------------------------------------------------- index name prot start port end port internal ip translation port ------------------------------------------------------------------------- 1 special tcp 20 21 192.168.42.16 21 admin(network.wan.nat)>delete inb 2 all ^ admin(network.wan.nat)>list inb 2 ------------------------------------------------------------------------- index name prot start port end port internal ip translation port ------------------------------------------------------------------------- Related Commands add inb Adds entries to the list of inbound NAT entries. list inb Displays the list of inbound NAT entries.
  • Network CLI Commands Reference 3-1413.27.3 Network WAN NAT list Command list Network WAN NAT Commands Lists NAT records. Syntax list inb <idx> Parameters list inb <idx> Lists the inbound NAT entries associated with WAN port <idx> (1–8). Example admin(network.wan.nat)>add inb 2 special tcp 20 21 192.168.42.16 21 admin(network.wan.nat)>list inb 2 ------------------------------------------------------------------------- index name prot start port end port internal ip translation port ------------------------------------------------------------------------- 1 special tcp 20 21 192.168.42.16 21 Related Commands delete inb Deletes one of the inbound NAT entries from the list. add inb Adds entries to the list of inbound NAT entries.
  • 3-142 WS2000 Wireless Switch System Reference Guide 3.27.4 Network WAN NAT set Command set Network WAN NAT Commands Sets NAT inbound and outbound parameters. Syntax set [inb|outb|type] Parameters inb [mode|ip] Sets the inbound NAT parameters. • mode <idx> <mode> – Sets the inbound NAT mode for the WAN with index <idx> (1–8). <mode> can be one of enable or disable. • ip <idx> <a.b.c.d> – Forward unspecified ports and to the IP <a.b.c.d> for the WAN with index <idx> (1–8). outb [ip|map] Sets the outbound NAT parameters. • ip <idx> <a.b.c.d> – Sets 1-to-1 NAT IP mapping entries where <idx> (1–8) is the index of the WAN to the ip address <a.b.c.d>. • map <from> <to> – Sets 1-to-many NAT mapping entries where <from> is one of s1, s2, s3, s4, s5, and s6. <to> is the Wan index (1–8) or none. type <idx> <type> Sets the type of NAT translation for WAN address index <idx> (1–8) to one of none, 1-to-1, or 1-to-many. Example admin(network.wan.nat)>set type 1 1-to-1 admin(network.wan.nat)>set outb ip 1 209.239.44.36 admin(network.wan.nat)>set inb mode 1 enable admin(network.wan.nat)>show nat 1 nat type : 1-to-1 one to one nat ip address : 209.239.44.36 port forwarding mode : enable port forwarding ip address : 0.0.0.0 one to many nat mapping : subnet1 subnet2 subnet3 subnet4 _
  • Network CLI Commands Reference 3-1433.27.5 Network WAN NAT show Command show Network WAN NAT Commands Shows NAT parameters. Syntax show nat <idx> Parameters show nat <idx> Shows NAT settings for WAN <idx> (1–8). Example admin(network.wan.nat)>set inb mode 1 enable admin(network.wan.nat)>show nat 1 nat type : 1-to-1 one to one nat ip address : 209.239.44.36 port forwarding mode : enable port forwarding ip address : 0.0.0.0 one to many nat mapping : subnet1 subnet2 subnet3 subnet4
  • 3-144 WS2000 Wireless Switch System Reference Guide 3.28 Network WAN VPN Commands vpn Network WAN Commands Displays the VPN submenu. Syntax admin(network.wan)> vpn admin(network.wan.vpn)> The items available under this command are shown below. Command Description Ref. cmgr Goes to the cmgr (Certificate Manager) submenu. page 3-156 add Adds an security policy database (SPD) entry. page 3-145 set Sets SPD parameters. page 3-150 list Lists SPD entries. page 3-148 delete Deletes SPD entries. page 3-146 stats Lists statistics for all active tunnels. page 3-155 ikestate Lists statistics for all active tunnels. page 3-147 reset Resets all VPN tunnels. page 3-149 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • Network CLI Commands Reference 3-1453.28.1 Network WAN VPN add Command add Network WAN VPN Commands Adds a security policy database (SPD) entry. Syntax add <name> <LSubnet> <LWANIP> <RSubnetIP> <RSubnetMask> <RGatewayIP> Parameters <name> <LSubnet> <LWanIP> <RSubnetIP> <RSubnetMask> <RGatewayIP> Creates a tunnel named <name> (1 to 13 characters) to gain access to local subnet <LSubnet> (1, 2, 3, 4, 5, 6), through local WAN IP <LWanIP> from the remote subnet with address <RSubnetIP> and subnet mask <RSubnetMask> using the remote gateway <RGatewayIP>. The local WAN IP can be set to 0.0.0.0 for a DHCP client. Any IP address obtained from the DHCP server is then used to initiate the VPN tunnel. The VPN peer must set it’s Remote Gateway address to 0.0.0.0 to indicate an IP value of ANY and shall operate as a responder only. Example admin(network.wan.vpn)>add Bob 1 209.239.160.55 206.107.22.45 255.255.255.224 206.107.22.2 If tunnel type is Manual, proper SPI values and Keys must be configured after adding the tunnel admin(network.wan.vpn)>list ------------------------------------------------------------------------ Tunnel Name Type Remote IP/Mask Remote Gateway Local WAN IP Subnet ------------------------------------------------------------------------- Eng2EngAnnex Manual 192.168.32.2/24 192.168.33.1 192.168.24.198 1 Bob Manual 206.107.22.45/27 206.107.22.2 209.239.160.55 1 admin(network.wan.vpn)>
  • 3-146 WS2000 Wireless Switch System Reference Guide 3.28.2 Network WAN VPN delete Command delete Network WAN VPN Commands Deletes security policy database (SPD) entries. Syntax delete [*|<name>] Parameters * Deletes all SPD entries. <name> Deletes SPD entries named <name>. Example admin(network.wan.vpn)>list ------------------------------------------------------------------------- Tunnel Name Type Remote IP/Mask Remote Gateway Local WAN IP Subnet ------------------------------------------------------------------------- Eng2EngAnnex Manual 192.168.32.2/24 192.168.33.1 192.168.24.198 1 Bob Manual 206.107.22.45/27 206.107.22.2 209.239.160.55 1 admin(network.wan.vpn)>delete Bob admin(network.wan.vpn)>list ------------------------------------------------------------------------- Tunnel Name Type Remote IP/Mask Remote Gateway Local WAN IP Subnet ------------------------------------------------------------------------- Eng2EngAnnex Manual 192.168.32.2/24 192.168.33.1 192.168.24.198 1 admin(network.wan.vpn)>
  • Network CLI Commands Reference 3-1473.28.3 Network WAN VPN ikestate Command ikestate Network WAN VPN Commands Displays statistics for all active tunnels using Internet Key Exchange (IKE). In particular, the table indicates whether IKE is connected for any of the tunnels, it provides the destination IP address, and the remaining lifetime of the IKE key. Syntax ikestate Parameters None Example admin(network.wan.vpn)>ikestate ---------------------------------------------------------------------- Tunnel Name IKE State Dest IP Remaining Life ---------------------------------------------------------------------- Eng2EngAnnex Not Connected ---- --- Bob Not Connected ---- --- admin(network.wan.vpn)>
  • 3-148 WS2000 Wireless Switch System Reference Guide 3.28.4 Network WAN VPN list Command list Network WAN VPN Commands Lists security policy database (SPD) entries. Syntax list {<name>} Parameters Lists all tunnel entries. <name> Lists detailed information about tunnel named <name>. Note that the <name> must match case with the name in the SPD entry. “Bob” is not equal to “bob”, as shown in the example below. Example admin(network.wan.vpn)>list ------------------------------------------------------------------------- Tunnel Name Type Remote IP/Mask Remote Gateway Local WAN IP Subnet ------------------------------------------------------------------------- Eng2EngAnnex Manual 192.168.32.2/24 192.168.33.1 192.168.24.198 1 Bob Manual 206.107.22.45/27 206.107.22.2 209.239.160.55 1 admin(network.wan.vpn)>list bob bad index value admin(network.wan.vpn)>list Bob ------------------------------------------------------------------------- Detail listing of VPN entry: ------------------------------------------------------------------------- Name : Bob Local Subnet : 1 Tunnel Type : Manual Remote IP : 206.107.22.45 Remote IP Mask : 255.255.255.224 Remote Security Gateway : 206.107.22.2 Local Security Gateway : 209.239.160.55 AH Algorithm : None Encryption Type : ESP Encryption Algorithm : DES ESP Inbound SPI : 0x00000100 ESP Outbound SPI : 0x00000100
  • Network CLI Commands Reference 3-1493.28.5 Network WAN VPN reset Command reset Network WAN VPN Commands Resets all VPN tunnels. Syntax reset Parameters None Example admin(network.wan.vpn)>reset VPN tunnels reset. admin(network.wan.vpn)>
  • 3-150 WS2000 Wireless Switch System Reference Guide 3.28.6 Network WAN VPN set Command set Network WAN VPN Commands Sets security policy database (SPD) entry parameters. Syntax set [ike|type|sub|remip|remmask|remgw|authalgo|espauthalgo|enckey|espauthkey| spi| localgw|usepfs|pfsgrp|salife|ipsecdel|auto-initiation| auto-initiate-interval] set ike [myidtype|remidtype|myiddata|opmode|authtype|authalgo|psk| encalgo|lifetime|group] set ike myidtype <name> <idtype> set ike remidtype <name> <idtype> set ike myiddata <name> <idtype> set ike opmode <name> <opmode> set ike authtype <name> <authtype> set ike authalgo <name> <authalgo> set ike psk <name> <psk> set ike encalgo <name> <encalgo> set ike lifetime <name> <lifetime> set ike group <name> <group> set type <name> <type> set sub <name> <sub> set remip <name> <remip> set remmask <name> <remmask> set remgw <name> <remgw> set authalgo <name> <auth> set enctype <name> <enctype> set encalgo <name> <encalgo> set espauthalgo <name> <espauthalgo> set enckey <name> <direction> <enckey> set espauthkey <name> <direction> <espauthkey> set spi <name> <algo> <direction> <spi> set localgw <name> <localgw> set usepfs <name> <usepfs> set pfsgrp <name> <pfsgrp> set salife <name> <lifetime>
  • Network CLI Commands Reference 3-151set ipsecdel <name> <mode>set auto-initiation <name> <mode>set auto-initiate-interval <interval>Parametersike myidtype <name> Sets the Local ID type for IKE authentication for SPD <name> (1 to 13 characters)<idtype> to <idtype> (one of IP, FQDN, or UFQDN).ike remidtype <name> Sets the Remote ID type for IKE authentication for SPD <name> (1 to 13<idtype> characters) to <idtype> (one of IP, FQDN, or UFQDN).ike myiddata <name> Sets the Local ID data for IKE authentication for SPD <name> (1 to 13 characters)<iddata> to <iddata>. This value is not required when the ID type is set to IP.ike remiddata <name> Sets the Remote ID data for IKE authentication for SPD <name> (1 to 13<iddata> characters) to <idtype>.ike opmode <name> Sets the Operation Mode of IKE for SPD <name> (1 to 13 characters) to 4.<opmode> <opmode> can be one of Main or Aggr(essive).ike authtype <name> Sets the IKE Authentication type for SPD <name> (1 to 13 characters) to<authtype> <authtype> (one of PSK or RSA).ike authalgo <name> Sets the IKE Authentication Algorithm for SPD <name> (1 to 13 characters) to<authalgo> <authalgo>. <authalgo> can be either MD5 or SHA1.ike psk <name> <psk> Sets the IKE Pre-Shared Key for SPD <name> (1 to 13 characters) to <psk> (1–49 characters).ike encalgo <name> Sets the IKE Encryption Algorithm for SPD <name> (1 to 13 characters) to<encalgo> <encalgo> (one of DES, 3DES, AES128, AES192, or AES256).ike lifetime <name> Sets the IKE Key life time in seconds for SPD <name> (1 to 13 characters) to<lifetime> <lifetime> seconds.ike group <name> Sets the IKE Diffie-Hellman Group for SPD <name> (1 to 13 characters) to<group> <group> (one of G768 or G1024)type <name> <type> Sets the authentication type of SPD <name> (1 to 13 characters) to <type> (Auto or Manual).sub <name> <sub> Sets the Local Subnet (1, 2, 3, 4, 5 or 6) for SPD <name> (1 to 13 characters) to subnet number <sub> (1, 2, 3, 4, 5 or 6).remip <name> <remip> Sets the IP address for the remote end of SPD <name> (1 to 13 characters) to remote ip <remip> (a.b.c.d).remmask <name> Sets the IP Mask for the remote end of SPD <name> (1 to 13 characters) to<remmask> <remmask> (a.b.c.d).remgw <name> Sets the Remote IP gateway for SPD <name> (1 to 13 characters) to be <remgw><remgw> (a.b.c.d). Set this value to 0.0.0.0 to support tunneling to VPN peer which is a DHCP client.authalgo <name> Sets the authentication algorithm for SPD <name> (1 to 13 characters) to<authalgo> <authalgo> (one of None, MD5, or SHA1).
  • 3-152 WS2000 Wireless Switch System Reference Guide authkey <name> Sets the AH authentication key (if SPD type is Manual) for tunnel <name> (1 to 13 <direction> <authkey> characters) with the direction <direction> set to IN or OUT, and the manual authentication key set to <authkey>. (The key size is 32 hex characters for MD5, and 40 hex characters for SHA1). enctype <name> Sets the Encryption type for SPD <name> (1 to 13 characters) to <enctype> (one <enctype> of None, ESP, or ESP-AUTH). encalgo <name> Sets the Encryption Algorithm for SPD <name> (1 to 13 characters) to <encalgo> <encalgo> (one of DES, 3DES, AES128, AES192, or AES256). espauthalgo <name> Sets ESP Authentication Algorithm for SPD <name> to <espauthalgo> (one of <espauthalgo> MD5 or SHA1). enckey <name> Sets the Manual Encryption Key in ASCII for SPD <name> and direction <direction> <enckey> <direction> (IN or OUT) to the key <enckey>. The size of the key depends on the encryption algorithm. - 16 hex chars for DES - 48 hex chars for 3DES - 32 hex chars for AES128 - 48 hex chars for AES192 - 64 hex chars for AES256 espauthkey <name> Sets Manual ESP Authentication Key for SPD <name> (1 to 13 characters) either <direction> for direction <direction> (IN or OUT) to <espauthkey>, an ASCII string of hex <espauthkey> characters. If authalgo is set to MD5, the provide 32 hex characters. If authalgo is set to SHA1, provide 40 hex characters. spi <name> <algo> Sets the direction <direction> (IN(bound) or OUT(bound)) SPI for <algo> (AUTH <direction> <spi> (Manual Authentication) or ESP) for SPD <name> (1 to 13 characters) to <spi> (a hex value more than 0xFF). localgw <name> <ip> Sets the Local WAN IP to <ip> (a.b.c.d) for a SPI <name> (1 to 13 characters). The local WAN IP (local gateway) can be set to 0.0.0.0 for a DHCP client. Any IP address obtained from the DHCP server is then used to initiate the VPN tunnel. The VPN peer must set it’s Remote Gateway address to 0.0.0.0 to indicate an IP value of ANY and shall operate as a responder only. usepfs <name> Enables or disables Perfect Forward Secrecy for SPD <name> (1 to 13 characters). <usepfs> salife <name> <life Sets SA life time to <lifetime> seconds (minimum 300). time> ipsecdel <name> Enables the deletion of IPSEC SA when IKE SA is deleted for the tunnel named <mode> <name> (1 to 13 characters). auto-initiation <name> Enables / disables auto-initiation by WS2000 for the tunnel named <name> (1 to <mode> 13 characters). auto-initiate-interval Sets the time duration between two consecutive auto-initiation attempts. This <time> time duration is in seconds. Example admin(network.wan.vpn)>list Bob ------------------------------------------------------------------------- Detail listing of VPN entry: ------------------------------------------------------------------------ Name : Bob Local Subnet : 1
  • Network CLI Commands Reference 3-153Tunnel Type : ManualRemote IP : 206.107.22.45Remote IP Mask : 255.255.255.224Remote Security Gateway : 206.107.22.2Local Security Gateway : 209.239.160.55AH Algorithm : NoneEncryption Type : ESPEncryption Algorithm : DESESP Inbound SPI : 0x00000100ESP Outbound SPI : 0x00000100admin(network.wan.vpn)>set usepfs Bob enableadmin(network.wan.vpn)>set spi Bob ESP IN abcdeadmin(network.wan.vpn)>set spi Bob ESP OUT cdef23admin(network.wan.vpn)>list Bob-------------------------------------------------------------------------Detail listing of VPN entry:-------------------------------------------------------------------------Name : BobLocal Subnet : 1Tunnel Type : ManualRemote IP : 206.107.22.45Remote IP Mask : 255.255.255.224Remote Security Gateway : 206.107.22.2Local Security Gateway : 209.239.160.55AH Algorithm : NoneEncryption Type : ESPEncryption Algorithm : DESESP Inbound SPI : 0x000ABCDEESP Outbound SPI : 0x00CDEF23admin(network.wan.vpn)>set authalgo Bob MD5admin(network.wan.vpn)>list Bob-------------------------------------------------------------------------Detail listing of VPN entry:------------------------------------------------------------------------Name : BobLocal Subnet : 1Tunnel Type : ManualRemote IP : 206.107.22.45Remote IP Mask : 255.255.255.224Remote Security Gateway : 206.107.22.2Local Security Gateway : 209.239.160.55AH Algorithm : MD5Encryption Type : ESPEncryption Algorithm : DESAuth Inbound SPI : 0x00000100Auth Outbound SPI : 0x00000100ESP Inbound SPI : 0x000ABCDEESP Outbound SPI : 0x00CDEF23admin(network.wan.vpn)>set authkey Bob IN12345678901234567890123456789012admin(network.wan.vpn)>set authkey Bob OUT11111111112222222222333333333344admin(network.wan.vpn)>set spi Bob AUTH IN 2233445admin(network.wan.vpn)>set spi Bob AUTH OUT 33344admin(network.wan.vpn)>list Bob-------------------------------------------------------------------------
  • 3-154 WS2000 Wireless Switch System Reference Guide Detail listing of VPN entry: ------------------------------------------------------------------------ Name : Bob Local Subnet : 1 Tunnel Type : Manual Remote IP : 206.107.22.45 Remote IP Mask : 255.255.255.224 Remote Security Gateway : 206.107.22.2 Local Security Gateway : 209.239.160.55 AH Algorithm : MD5 Encryption Type : ESP Encryption Algorithm : DES Auth Inbound SPI : 0x02233445 Auth Outbound SPI : 0x00033344 ESP Inbound SPI : 0x000ABCDE ESP Outbound SPI : 0x00CDEF23
  • Network CLI Commands Reference 3-1553.28.7 Network WAN VPN stats Command stats Network WAN VPN Commands Lists statistics for all active tunnels. Syntax stats Parameters None Example admin(network.wan.vpn)>stats ------------------------------------------------------------------------ Tunnel Name Status SPI(OUT/IN) Life Time Bytes(Tx/Rx) ------------------------------------------------------------------------ Eng2EngAnnex Not Active Bob Not Active
  • 3-156 WS2000 Wireless Switch System Reference Guide 3.29 Network WAN VPN Cmgr Commands cmgr Network WAN VPN Commands Displays to the Certificate Manager submenu. Syntax admin(network.wan.vpn)> cmgr admin(network.wan.vpn.cmgr)> The items available under this command are shown below. Command Description Ref. genreq Generates a Certificate Request. page 3-162 loadca Loads a trusted certificate from CA. page 3-167 loadself Loads a self certificate signed by CA. page 3-168 showreq Displays a certificate request in PEM format. page 3-169 listprivkey Lists names of private keys. page 3-165 listself Lists the self certificate loaded. page 3-166 listca Lists the trusted certificate loaded. page 3-164 delprivkey Deletes the private key. page 3-158 delself Deletes the self certificate. page 3-159 delca Deletes the trusted certificate. page 3-157 expcert Exports the certificate file. page 3-160 impcert Imports the certificate file. page 3-163 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • Network CLI Commands Reference 3-1573.29.1 Network WAN VPN Cmgr delca Command delca Network WAN VPN Commands Deletes a trusted certificate. Syntax delca <IDname> Parameters <IDname> Deletes the trusted certificate <IDname>. Example admin(network.wan.vpn.cmgr)>delca CAfinance admin(network.wan.vpn.cmgr)>
  • 3-158 WS2000 Wireless Switch System Reference Guide 3.29.2 Network WAN VPN Cmgr delprivkey Command delprivkey Network WAN VPN Commands Deletes a private key. Syntax delprivkey <IDName> Parameters <IDname> The key name to be deleted. Example admin(network.wan.vpn.cmgr)>delprivkey <IDname> admin(network.wan.vpn.cmgr)>
  • Network CLI Commands Reference 3-1593.29.3 Network WAN VPN Cmgr delself Command delself Network WAN VPN Cmgr Commands Deletes a self certificate. Syntax delself <IDName> Parameters <IDname> The name of the self certificate to be deleted. Example admin(network.wan.vpn.cmgr)>delself<IDname> admin(network.wan.vpn.cmgr)>
  • 3-160 WS2000 Wireless Switch System Reference Guide 3.29.4 Network WAN VPN Cmgr expcert Command expcert Network WAN VPN Cmgr Commands Exports the certificate file. Syntax expcert [ftp|tftp] <filename> Parameters [ftp|tftp] <file name> Exports the certificate with specified filename <file name> by either ftp or tftp. The tftp or ftp options for this file transfer will use the settings for the configuration file settings. See System Config set Command for information on how to set the tftp/ftp options. Example admin(system.config)>set server 192.168.22.12 admin(system.config)>set user myadmin admin(system.config)>set passwd admin(network.wan.vpn.cmgr)>expcert ftp mycertificate admin(network.wan.vpn.cmgr)> Related Commands impcert Imports a certificate.
  • Network CLI Commands Reference 3-1613.29.5 Network WAN VPN Cmgr export-req Command export-req Network WAN VPN Cmgr Commands Exports the private key ID name to a file. The exported file will be in the same directory as used for importing or exporting configuration files. Syntax export-req ftp <idname> <filename> Parameters ftp <idname> Exports the private key ID name to a file. This file is exported to the same <filename> directory as used for exporting or importing configuration files. Example admin(network.wan.vpn.cmgr)> export-req ftp key1 filekey1
  • 3-162 WS2000 Wireless Switch System Reference Guide 3.29.6 Network WAN VPN Cmgr genreq Command genreq Network WAN VPN Cmgr Commands Generates a Certificate Request. Syntax genreq <IDName> <subject> {-ou <Organization Unit>} {-on <Organization Name>} {-cn <City Name>} {-st <State>} {-p <Postal Code>} {-cc <Country Code>} {-e <Email Address>} { -d <Domain Name>} {-i <IP Address>} {-sa <Signature Algorithm>} {-k <Key Size>} Syntax: genreq Generates a self-certificate request for a Certification Authority (CA), where <IDname> is <IDname> the private key ID (up to 7 characters) and <subject> is the subject name (up to 49 <Subject> characters). A number of optional arguments can also be specified as indicated below. ...optional arguments... -ou <Organization Unit> Organization Unit (1 to 49 chars) -on <Organization Name> Organization Name (1 to 49 chars) -cn <City Name> City Name of Organization (1 to 49 chars) -st <State> State Name (1 to 49 chars) -p <Postal Code> Postal code (9 digits) -cc <Country Code> Country code (2 chars) -e <Email Address> E-mail Address (1 to 49 chars) -d <Domain Name> Domain Name (1 to 49 chars) -i <IP Address> IP Address (a.b.c.d) -sa <Signature Algorithm> Signature Algorithm (one of MD5-RSA or SHA1-RSA) -k <Key Size> Key size in bits (one of 512, 1024, or 2048)Note: The parameters in {curly brackets} are optional. Check with the CA to determine what fields are necessary. For example,most CAs require an email address and an IP address, but not the address of the organization. Example admin(network.wan.vpn.cmgr)>genreq MyCert2 MySubject -ou MyDept -on MyCompany Please wait. It may take some time... -----BEGIN CERTIFICATE REQUEST----- MIHzMIGeAgEAMDkxEjAQBgNVBAoTCU15Q29tcGFueTEPMA0GA1UECxMGTXlEZXB0 MRIwEAYDVQQDEwlNeVN1YmplY3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAtKcX plKFCFAJymTFX71yuxY1fdS7UEhKjBsH7pdqnJnsASK6ZQGAqerjpKScWV1mzYn4 1q2+mgGnCvaZUlIo7wIDAQABoAAwDQYJKoZIhvcNAQEEBQADQQCClQ5LHdbG/C1f Bj8AszttSo/bA4dcX3vHvhhJcmuuWO9LHS2imPA3xhX/d6+Q1SMbs+tG4RP0lRSr iWDyuvwx -----END CERTIFICATE REQUEST-----
  • Network CLI Commands Reference 3-1633.30 Network WAN VPN Cmgr impcert Command impcert Network WAN VPN Cmgr Commands Imports the certificate file. Syntax impcert <type> <filename> Parameters [ftp|tftp] <filename> Imports the certificate with specified filename <file name> by either ftp or tftp. The tftp or ftp options for this file transfer will use the settings for the configuration file settings. See System Config set Command for information on how to set the tftp/ftp options. Example admin(system.config)>set server 192.168.22.12 admin(system.config)>set user myadmin admin(system.config)>set passwd admin(network.wan.vpn.cmgr)>impcert ftp mycertificate admin(network.wan.vpn.cmgr)> Related Commands expcert Exports a certificate.
  • 3-164 WS2000 Wireless Switch System Reference Guide 3.30.1 Network WAN VPN Cmgr listca Command listca Network WAN VPN Cmgr Commands Lists the loaded trusted certificate. Syntax listca Parameters None Example admin(network.wan.vpn.cmgr)>listca Trusted Certificate List:
  • Network CLI Commands Reference 3-1653.30.2 Network WAN VPN Cmgr listprivkey Command listprivkey Network WAN VPN Cmgr Commands Lists the names of private keys. Syntax listprivkey Parameters None Example admin(network.wan.vpn.cmgr)>listprivkey ------------------------------------------------------------------------- Private Key Name Certificate Associated -------------------------------------------------------------------------
  • 3-166 WS2000 Wireless Switch System Reference Guide 3.30.3 Network WAN Vpn Cmgr listself Command listself Network WAN VPN Cmgr Commands Lists the loaded self certificates. Syntax listself Parameters None Example admin(network.wan.vpn.cmgr)>listself Self Certificate List:
  • Network CLI Commands Reference 3-1673.30.4 Network WAN VPN Cmgr loadca Command loadca Network WAN VPN Cmgr Commands Loads a trusted certificate from the Certificate Authority. Syntax loadca {ftp <filename>} Parameters loadca Loads the trusted certificate (in PEM format) that is pasted into the command line. ftp <filename> – (Optional parameter) Loads a CA certificate from a FTP server. <filename> is the name of the certificate file to load. The default path for loading the file is the same as used for importing or exporting configuration files. Example admin(network.wan.vpn.cmgr)>loadca ftp cert1 Starting file transfer ... Certificate transferred successfully admin(network.wan.vpn.cmgr)>loadca Currently Only certificates in PEM format can be uploaded Enter Ctrl C to abort. Paste the certificate:
  • 3-168 WS2000 Wireless Switch System Reference Guide 3.30.5 Network WAN VPN Cmgr loadself Command loadself Network WAN VPN Cmgr Commands Loads a self certificate signed by the Certificate Authority. Syntax loadself [<IDname>|ftp <IDname> <filename>] Parameters <IDname> Loads the self certificate signed by the CA with name <IDname>. ftp <IDname> Loads the self certificate <IDName> from a file <filename> on an FTP server. The <filename> certificate file is loaded from the same directory as used for importing or exporting configuration files. Example admin(network.wan.vpn.cmgr)> loadself ftp MyCert mycert.cert Starting file transfer ... admin(network.wan.vpn.cmgr)> admin(network.wan.vpn.cmgr)>loadself MyCert Currently Only certificates in PEM format can be uploaded. Paste the certificate:
  • Network CLI Commands Reference 3-1693.30.6 Network WAN VPN Cmgr showreq Command showreq Network WAN VPN Cmgr Commands Displays a certificate request in PEM format. Syntax showreq <IDname> Parameters showreq Displays a certificate request named <IDname> generated from the genreq command. <IDname>
  • 3-170 WS2000 Wireless Switch System Reference Guide 3.31 Network WLAN Commands wlan network Displays the WLAN submenu. Syntax admin(network)> wlan admin(network.wlan)> The items available under this command are shown below. Command Description Ref. add Adds MU access control list entries. page 3-171 delete Deletes MU access control list entries. page 3-172 list Lists MU access control list entries. page 3-173 rogueap Goes to the rogue AP submenu. page 3-181 enhancedrogueap Goes to the Enhanced Rogue AP submenu. page 3-207 muprobe Goes to the MU Probe submenu page 3-210 hotspot Goes to the Hotspot submenu page 3-213 wlanipfpolicy Goes to WLAN IPF policy submenu. page 3-226 set Sets WLAN parameters. page 3-174 show Shows WLAN parameters. page 3-179 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • Network CLI Commands Reference 3-1713.31.1 Network WLAN add Command add Network WLAN Commands Adds entries to the mobile unit (MU) access control list. Syntax add <idx> <mac1> <mac2> <name> Parameters <idx> <mac1> <mac2> Adds an entry to the MU access control list, where <idx> is the WLAN <name> index (1–8), <mac1> is the starting MAC address (e.g., 001122334455), and <mac2> is ending MAC address in the acceptable range. <name> is the name of the MU ACL. Example admin(network.wlan)>add 1 000000000000 112233445566 admin(network.wlan)>list 1 ------------------------------------------------------------------------ index start mac end mac ------------------------------------------------------------------------ 1 000000000000 112233445566 admin(network.wlan)> Related Commands delete Deletes entries from the MU access control list. list Shows entries in the MU access control list.
  • 3-172 WS2000 Wireless Switch System Reference Guide 3.31.2 Network WLAN delete Command delete Network WLAN Commands Deletes specified entry or entries from mobile unit (MU) access control list. Syntax delete <idx> [<entry>|all] Parameters <idx> [<entry>|all] Deletes MU ACL entries. • <entry> – Deletes MU access control list entry <entry> (1–30) for WLAN <idx> (1–8). • all – Deletes all access control list entries for the WLAN specified by <idx>. Example admin(network.wlan)>add 1 223344556677 334455667788 admin(network.wlan)>list 1 ------------------------------------------------------------------------ index start mac end mac ------------------------------------------------------------------------ 1 000000000000 112233445566 2 223344556677 334455667788 admin(network.wlan)>delete 1 2 admin(network.wlan)>list 1 ------------------------------------------------------------------------- index start mac end mac ------------------------------------------------------------------------ 1 000000000000 112233445566 admin(network.wlan)> Related Commands add Adds entries to the MU access control list. list Displays entries in the MU access control list.
  • Network CLI Commands Reference 3-1733.31.3 Network WLAN list Command list Network WLAN Commands Lists the entries in the mobile unit (MU) access control list. Syntax list <idx> Parameters list <idx> Displays the entries in the MU access control list for WLAN <idx> (1–8). Example admin(network.wlan)>list 1 ------------------------------------------------------------------------- index start mac end mac ------------------------------------------------------------------------- 1 000000000000 112233445566 Related Commands add Adds entries to the MU access control list. delete Deletes entries from the MU access control list.
  • 3-174 WS2000 Wireless Switch System Reference Guide 3.31.4 Network WLAN set Command set Network WLAN Commands Sets WLAN parameters. Syntax set [acl|adopt|auth|bcast|eap|enc|ess|kerb|mcast|mode|name| vlan-id|no-mu-mu|vop|tkip|ccmp|wep-mcm|mu-inact|wep_shared| handshake-timeout|handshake-retry-count|secure-beacon|enforce-pmk- validation|wireless-stp] set [acl|adopt|bcast] <idx> <mode> set auth <idx> <type> set eap [adv|server|port|syslog|rad-acct|reauth|secret| rad-bind-interface] set eap adv [mu-quite|mu-tx|mu-timeout|mu-retry| server-timeout|server-retry] set eap adv [mu-quite|mu-tx] <idx> <period> set eap adv [mu-timeout|server-timeout] <idx> <timeout> set eap adv [mu-retry|server-retry] <idx> <retry> set eap server <a> <b> <c> set eap port <a> <b> <c> set eap syslog [ip|mode] set eap syslog ip <a> <b> set eap syslog mode <idx> <mode> set eap rad-acct [mode|timeout|retry-count] set eap rad-acct mode <idx> <mode> set eap rad-acct timeout <idx> <timeout> set eap rad-acct retry-count <idx> <retry> set eap reauth mode <idx> <mode> set eap reauth period <idx> <period> set eap reauth retry <idx> <retry> set eap secret <a> <b> <c> set eap rad-bind-interface <idx> <server> <interface> set enc <idx> <type> set ess <idx> <ess> set kerb [passwd|port|realm|server|user] set kerb passwd <idx> <passwd> set kerb port <a> <b> <c> set kerb realm <idx> <realm> set kerb server <a> <b> <c> set kerb user <idx> <name> set mcast <widx> <midx> <mac> set [mode|no-mu-mu|vop] <idx> <mode> set name <idx> <name> set vlan-id <idx> <vlan-id>
  • Network CLI Commands Reference 3-175set tkip [key|type|phrase|rotate-mode|interval|wpa2|preauth|pmk]set tkip key <idx> <key>set tkip type <idx> <type>set tkip phrase <idx> <phrase>set tkip [rotate-mode|wpa2|preauth|pmk] <idx> <mode>set tkip interval <idx> <interval>set ccmp [key|type|phrase|rotate-mode|interval|mixed-mode|preauth|opp-pmk]set ccmp key <idx> <key>set ccmp type <idx> <type>set tkip phrase <idx> <phrase>set tkip [rotate-mode|mixed-mode|preauth|opp-pmk] <idx> <mode>set tkip interval <idx> <interval>set wep-mcm [index|key]set wep-mcm index <a> <b>set wep-mcm key <a> <b> <c>set mu-inact <timeout>set wep_shared <mode>set handshake-timeout <idx> <timeout>set handshake-retry-count <idx> <retry-count>Parametersacl <idx> <mode> Sets the default MU access control mode <mode> to allow or deny for WLAN <idx> (1–8).adopt <idx> <mode> Sets default Access Port adoption mode <mode> to allow or deny for WLAN <idx> (1–8).auth <idx> <type> Sets the authentication type for WLAN <idx> (1–8) to <type> (none, eap, or kerberos). Note: EAP parameters are only in effect if “eap” is specified for the authentication method (set auth <idx> <type>).bcast <idx> <mode> Enables or disables the broadcast ESS answer for the WLAN <idx> (1– 8).eap adv mu-quiet <idx> Sets the EAP MU/supplicant quiet period for WLAN <idx> (1–8) to<period> <period> seconds (1–65535).eap adv mu-tx <idx> <period> Sets the EAP MU/supplicant TX period for WLAN <idx> (1–8) to <period> seconds (1–65535).eap adv mu-timeout <idx> Sets the EAP MU/supplicant timeout for WLAN <idx> (1–8) to <timeout><timeout> seconds (1–255).eap adv mu-retry <idx> <retry> Sets the EAP maximum number of MU retries to <retry> (1–10) for WLAN <idx> (1–8).eap adv server-timeout <idx> Sets the server timeout for WLAN <idx> (1–8) to <timeout> seconds (1–<timeout> 255).eap adv server-retry <idx> Sets the maximum number of server retries for WLAN <idx> (1–8) to<retry> <retry> (1–10).
  • 3-176 WS2000 Wireless Switch System Reference Guide eap server <idx> <rsidx> <ip> Sets the RADIUS server <rsidx> (1-primary or 2-secondary) for WLAN <idx> (1–8) to IP address <ip>. eap port <idx> <rsidx> <port> Sets the RADIUS server <rsidx> (1-primary or 2-secondary) for WLAN <idx> (1–8) to <port>. eap rad-acct mode <idx> Enables/disables RADIUS accounting for WLAN <idx> (1–8). <mode> eap rad-acct retry-count <idx> Sets RADIUS accounting retry count to <count> (1–10) for WLAN <idx> <count> (1–8). eap rad-acct timeout <idx> Sets RADIUS accounting retry timeout to <time> seconds (1–255) for <time> WLAN <idx> (1–8). 0 indicates no timeout. eap rad-bind-interface <idx> Binds the RADIUS server type <server> (1 - Primary, 2 - Secondary) to the <server> <interface> interface <interface> (one of s1-s6, w, none - s1- Subnet 1, s2-subnet 2, ...s6-Subnet 6, w-wan) for the WLAN <idx> (1–8). eap reauth mode <idx> enable/ Enables or disables the EAP reauthentication parameters for WLAN <idx> disable (1–8). eap reauth period <idx> Sets the reauthentication period for WLAN <idx> (1–8) to <period> <period> seconds (30–9999). eap reauth retry <idx> <retry> Sets the maximum number of reauthentication retries to <retry> (1–99) for WLAN <idx> (1–8). eap secret <idx> <rsidx> Sets the EAP shared secret <secret> (1–127 characters) for server <secret> <rsidx> (1-primary or 2-secondary) on WLAN <idx> (1–8). Note: Kerberos parameters are only in effect if “kerberos” is specified for the authentication method (set auth <idx> <type>). eap syslog ip <idx> <ip> Sets the remote syslog server for WLAN <idx> (1–8) to the IP address <ip> (a.b.c.d). eap syslog mode <idx> enable/ Enables/disables remote syslog for WLAN <idx> (1–8). disable enc <idx> <type> Sets the encryption type to <type> (one of none, wep40, wep104, keyguard, tkip, or ccmp) for WLAN <idx> (1–8). Note: TKIP parameters are only in effect if “tkip” is selected as the encryption type. ess <idx> <ess> Sets the 802.11 ESS ID for WLAN <idx> (1–8) to <ess>. kerb passwd <idx> Sets the Kerberos password to <password> (1–21 characters) for WLAN <password> <idx> (1–8). kerb port <idx> <ksidx> <port> Sets the Kerberos port to <port> (KDC port) for server <ksidx> (1-primary, 2-backup, or 3-remote) for WLAN <idx> (1–8). kerb realm <idx> <realm> Sets the Kerberos realm name for WLAN <idx> (1–8) to <realm> (1–63 characters). kerb server <idx> <ksidx> <ip> Sets the Kerberos server <ksidx> (1-primary, 2-backup, or 3-remote) IP address for WLAN <idx> (1–8) to <ip>. kerb user <idx> <name> Sets the Kerberos user name for WLAN <idx> (1–8) to <name> (1–21 characters). mcast <idx> <midx> <mic> Sets the multicast group address <midx> (1, 2) for WLAN <idx> (1–8) to MAC address <mac>. mode <idx> <mode> Enables or disables WLAN <idx> (1–8). name <idx> <name> Sets the name of WLAN <idx> (1–8) to <name> (1–7 characters).
  • Network CLI Commands Reference 3-177no-mu-mu <idx> <mode> Enables or disables the stoppage of MU-to-MU communication for WLAN <idx> (1–8).vop <idx> <mode> Enables or disables the voice priority mode for WLAN <idx> (1–8).tkip key <idx> <key> Sets the TKIP key to <key> (1–64 hex digits) for WLAN <idx> (1–8).tkip type <idx> <type> Sets the TKIP key type to phrase or key for WLAN <idx> (1–8).tkip phrase <idx> <phrase> Sets the TKIP ASCII pass phrase to <phrase> (8–63 characters) for WLAN <idx> (1–8).tkip rotate-mode <idx> <mode> Enables or disabled the broadcast key rotation for WLAN <idx> (1–8).tkip interval <idx> <interval> Sets the broadcast key rotation interval to <interval> seconds (300– 604800) for WLAN <idx> (1–8).ccmp key <idx> <key> Sets the CCMP key to <key> (1–64 hex digits) for WLAN <idx> (1–8). Must be specified when type parameter is set to key.ccmp type <idx> phrase/ Sets the CCMP key type to phrase or key for WLAN <idx> (1–8).keyccmp phrase <idx> <phrase> Sets the CCMP ASCII pass phrase for WLAN <idx> (1–8) to <phrase> (8– 63 characters). Must be specified when type parameter is set to phrase.ccmp rotate-mode <idx> Enables or disables the broadcast key rotation for WLAN <idx> (1–8).enable/disableccmp interval <idx> <interval> Sets the broadcast key rotation interval for WLAN <idx> (1–8) to <interval> (300–604800) seconds.ccmp mixed-mode <idx> Enables or disables mixed mode (allowing WPA-TKIP clients) for WLANenable/disable <idx> (1–8).ccmp preauth <idx> enable/ Enables or disables pre-authentication (fast roaming) for WLAN <idx> (1–disable 8).ccmp opp-pmk <idx> enable/ Enables or disables opportunistic PMK caching (fast roaming) for WLANdisable <idx> (1–8). Note: The WEP authentication mechanism saves up to four different keys (one for each WLAN). It is not a requirement to set all keys, but you must associate a WLAN with the appropriate key.wep-mcm index <idx> <kidx> Selects the WEP/KeyGuard key (from one of the four potential values of <kidx> (1–4) for WLAN <idx> (1–8).wep-mcm key <idx> <kidx> Sets the WEP/KeyGuard key for key index <kidx> (1–4) for WLAN <idx><key> (1–8) to <key> 1 to 26 (hex digits).vlan-id <idx> <vlan-id> Sets the VLAN-ID mapping to WLAN <idx> (1–8) to VLAN <vlan-id> (1– 4094).mu-inact <timeout> Sets the MU inactivity timeout value to <timeout> (1-60) minutes.wep_shared <mode> Enables or disables WEP shared mode.handshake-timeout <idx> Sets the 802.11i handshake timeout value to <timeout> (100-2000 ms) for<timeout> the WLAN <idx> (1–8). This feature is provided to prevent those MUs that do not receive EAPOL messages from restarting the association procedure. The default retry for these MUs is 2 seconds. This switch is provided to control the retry for EAPOL messages to a value that is less than 2 seconds.
  • 3-178 WS2000 Wireless Switch System Reference Guide handshake-retry-count <idx> Sets the 802.11i handshake retry count to <retry-count> (1-10) for the <retry-count> WLAN <idx> (1–8). This in conjunction with the handshake-timeout command controls the handshake retry time and retry count for those MUs that do not receive EAPOL messages. secure-beacon <idx> <mode> Enables or disables secure beacon for the WLAN <idx> (1–8) enforce-pmk-validation Enables or disables PMK validation across association and EAPOL packets <mode> wireless-stp <mode> Enable or disables STP on wireless side Example admin(network.wlan)>set name 1 store admin(network.wlan)>set name 2 backoff admin(network.wlan)>set auth 1 kerberos Kerberos requires WEP 104 or Keyguard. The encryption type has been changed to W EP104. admin(network.wlan)>set no-mu-mu 1 enable admin(network.wlan)>show wlan 1 wlan name : WLAN1 ess identifier : 101 wlan mode : enable subnet : s1 vlan_id : 1 enc type : none auth type : none voice prioritization : enable disallow mu to mu : disable answer broadcast ess : disable secure beacon mode : disable default mu acl mode : allow all default ap adopt mode : allow all multicast address 1 : 01005E000000 multicast address 2 : 09000E000000 handshake timeout in milliseconds : 2000 handshake retry count : 3 admin(network.wlan)>
  • Network CLI Commands Reference 3-1793.31.5 Network WLAN show Command show Network WLAN Commands Displays the WLAN parameters. Syntax show [eap|kerb|tkip|ccmp|wep-mcm|wlan|mu-inact|wep_shared|enforce-pmk- validation|wireless-stp] <idx> Syntax: eap <idx> Shows the EAP parameters for WLAN <idx> (1–8). kerb <idx> Shows the Kerberos parameters for WLAN <idx> (1–8). tkip <idx> Shows the TKIP parameters for WLAN <idx> (1–8). ccmp <idx> Shows the CCMP parameters for WLAN <idx> (1–8). wep-mcm <idx> Shows the WEP/Keyguard parameters for WLAN <idx> (1–8). wlan <idx> Shows the basic WLAN parameters for WLAN <idx> (1–8). mu-inact Shows the MU inactivity timeout value. wep_shared Shows the WEP Shared parameters. enforce-pmk- Shows enforce-pmk-validation configuration value validation wireless-stp Show wireless STP configuration Example admin(network.wlan)>show tkip 1 tkip key type : phrase tkip phrase : ******** tkip key : ******** tkip rotate mode : disable tkip rotate interval : 86400 admin(network.wlan)>show ccmp 1 ccmp key type : phrase ccmp phrase : ******** ccmp key : ******** ccmp rotate mode : disable ccmp rotate interval : 86400 ccmp mixed mode (allow WPA) : disable 802.11i preauthentication : disable Opportunistic PMK Caching : enable admin(network.wlan)>show wep-mcm 1 wep key index : 1 wep key 1 : ******** wep key 2 : ******** wep key 3 : ******** wep key 4 : ********
  • 3-180 WS2000 Wireless Switch System Reference Guide admin(network.wlan)>show wlan 1 wlan name : WLAN1 ess identifier : 101 wlan mode : enable enc type : none auth type : none voice prioritization : enable disallow mu to mu : disable answer broadcast ess : disable default mu acl mode : allow all default ap adopt mode : allow all multicast address 1 : 01005E000000 multicast address 2 : 09000E000000 admin(network.wlan)>show eap 1 server ip 1 : 0.0.0.0 server ip 2 : 0.0.0.0 server port 1 : 1812 server port 2 : 1812 eap secret 1 : ******** eap secret 2 : ******** eap remote syslog mode : disable syslog server ip : 0.0.0.0 Bind interface (for server 1) : s1 Bind interface (for server 2) : none eap reauth mode : disable eap reauth retries : 2 eap reauth period : 3600 eap mu quiet period : 10 eap mu tx period : 5 eap mu timeout : 10 eap mu retries : 2 eap server timeout : 5 eap server retries : 2 radius accounting retry mode : disable radius accounting retry timeout : 10 radius accounting retry count : 2 Related Commands set Sets WLAN parameters.
  • Network CLI Commands Reference 3-1813.32 Network WLAN Rogue AP Commands rogueap Network WLAN Commands Displays the rogue AP submenu. Syntax admin(network.wlan)> rogueap admin(network.wlan.rogueap)> The items available under this command are shown below. Command Description Ref. show Shows current rogue AP configuration. page 3-183 set Sets rogue AP parameters. page 3-182 rulelist Goes to the rule list submenu. page 3-202 approvedlist Goes to the approved AP list submenu. page 3-184 roguelist Goes to the rogue AP list submenu. page 3-189 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • 3-182 WS2000 Wireless Switch System Reference Guide 3.32.1 Network WLAN Rogueap set Command set Network WLAN Rogue AP Commands Sets rogue access point parameters. Syntax set [muscan|apscan|detscan|fullapscan] [mode <mode>|interval <interval>] Parameters [muscan|apscan|detscan|fullapscan] [mode Sets the different Rogue AP parameters <mode>|interval <interval> • muscan – Sets MU scanning parameters • apscan – Sets AP scanning parameters. • detscan – Sets Detector scanning parameters. For this feature to work, you must set one of the Access Ports as a Detector AP. • fullapscan – Sets full AP scanning parameter. For this feature to work, you must set one of the Access Ports as a Full Detector AP. Each of the above options have these settings • mode <mode> – <mode> can be enable or disable. Use this to enable or disable a rogue ap parameter • interval <interval> – Sets the scanning interval for rogue ap detection. <interval> can be between 5 to 65535 minutes. For fullapscan, the interval is in seconds. Enables or disables mobile unit scanning. Example admin(network.wlan.rogueap)>set apscan mode enable admin(network.wlan.rogueap)>set apscan int 60 Related Commands show Displays the rogue AP parameters.
  • Network CLI Commands Reference 3-1833.32.2 Network WLAN Rogueap show Command show Network WLAN Rogue AP Commands Shows the current rogue AP configuration. Syntax show Parameters None Example admin(network.wlan.rogueap)>show mu scan : disabled mu scan interval : 60 minutes ap scan : disabled ap scan interval : 60 minutes detector ap scan : disabled detector ap scan interval : 60 minutes full detector ap scan : disabled full detector ap scan interval : 60 seconds Related Commands set Sets the rogue AP scanning parameters.
  • 3-184 WS2000 Wireless Switch System Reference Guide 3.33 Network WLAN Rogue AP Approvedlist Commands approvedlist Network WLAN Rogue AP Commands Displays the approved AP list submenu. Syntax admin(network.wlan.rogueap)> approvedlist admin(network.wlan.rogueap.approvedlist)> The items available under this command are shown below. Command Description Ref. show Shows the approved AP list. page 3-188 ageoute Displays the ageout time for an approved list entry. page 3-185 approve Approves an AP. page 3-186 erase Erases the list. page 3-187 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • Network CLI Commands Reference 3-1853.33.1 Network WLAN Rogueap Approvedlist ageout Command ageoute Network WLAN Rogue AP Approvedlist Commands Displays ageout time for an approved list entry. Syntax ageout <interval> Parameters ageout <interval> Sets the number of minutes, the <interval> (0–1000), before an entry in the approved list is automatically removed. Example admin(network.wlan.rogueap.approvedlist)>ageout 30 admin(network.wlan.rogueap.approvedlist)> Related Commands erase Erases the approved AP list.
  • 3-186 WS2000 Wireless Switch System Reference Guide 3.33.2 Network WLAN Rogueap Approvedlist approve Command approve Network WLAN Rogue AP Approvedlist Commands Approves an AP. Syntax approve [<index>|all] Parameters approve • approve <index> – Approves an access point from the list based on the location [<index>|all] specified by <index>. • approve all – Approves all access points in the list. Example admin(network.wlan.rogueap.approvedlist)>approve 1 admin(network.wlan.rogueap.approvedlist)>approve all admin(network.wlan.rogueap.approvedlist)> Related Commands erase Erases all access points in the list.
  • Network CLI Commands Reference 3-1873.33.3 Network WLAN Rogueap Approvedlist erase Command erase Network WLAN Rogue AP Approvedlist Commands Erases the approved AP list. Syntax erase all Parameters none Example admin(network.wlan.rogueap.approvedlist)>erase all admin(network.wlan.rogueap.approvedlist)>show approved ap list ++++++++++++++++ approved list ageout : 30 minutes index ap essid ----- -- ------ Related Commands approve Adds an Access Port to the approved list. show Displays the approved list.
  • 3-188 WS2000 Wireless Switch System Reference Guide 3.33.4 Network WLAN Rogueap Approvedlist show Command show Network WLAN Rogue AP Approvedlist Commands Shows the approved AP list. Syntax show Parameters None Example admin(network.wlan.rogueap.approvedlist)>show approved ap list ++++++++++++++++ approved list ageout : 30 minutes index ap essid ----- -- ------ Related Commands approve Adds an AP to the approved list.
  • Network CLI Commands Reference 3-1893.34 Network WLAN Rogue AP Roguelist Commands roguelist Network WLAN Rogue AP Commands Displays the rogue AP list submenu. Syntax admin(network.wlan.rogueap)> roguelist admin(network.wlan.rogueap.roguelist)> The items available under this command are shown below. Command Description Ref. show Displays the rogue list entries. page 3-193 locate Goes to the submenu for locating a rogue AP. page 3-196 muscan Goes to the submenu for on-demand MU polling. page 3-199 ageout Displays the ageout time for a rogue list entry. page 3-190 approve Approves a rogue AP. page 3-191 erase Erases the list. page 3-192 set Sets rogue AP related parameters page 3-194 deauth Configuration related to Rogue AP Containment. page 3-195 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • 3-190 WS2000 Wireless Switch System Reference Guide 3.34.1 Network WLAN Rogue AP Roguelist ageout Command ageout Network WLAN Rogue AP Commands Displays the ageout time for a rogue list entry. Syntax ageout <time> Parameters ageout <time> Sets the ageout time for the entry associated to <time> (1–1000) minutes. Example admin(network.wlan.rogueap.roguelist)>ageout 50 Related Commands locate Locates a rogue AP. show Shows the rogue AP list parameters and entries.
  • Network CLI Commands Reference 3-1913.34.2 Network WLAN Rogue AP Roguelist approve Command approve Network WLAN Rogue AP Commands Moves a rogue AP into the approved AP list. Syntax approve [<index>|all] Parameters approve • approve <index> – Puts the rogue AP <index> into the approved AP list. [<index>|all] • approve all – Puts all the entries of the rogue list into the approved AP list. Example admin(network.wlan.rogueap.approvedlist)>approve all Related Commands show Shows the rogue list entries.
  • 3-192 WS2000 Wireless Switch System Reference Guide 3.34.3 Network WLAN Rogue AP Roguelist erase Command erase Network WLAN Rogue AP Commands Erases the rogue AP list. Syntax erase all Parameters None Example admin(network.wlan.rogueap.roguelist)>erase all Example show Lists all entries in the rogue AP list.
  • Network CLI Commands Reference 3-1933.34.4 Network WLAN Rogue AP Roguelist show Command show Network WLAN Rogue AP Commands Displays the rogue list entries. Syntax show [all|<index>|deauth-list] Parameters show Displays Rogue AP lists. [all|<index>|deauth- • all – Displays the complete list of rogue APs. list] • <index> – Displays detailed information for the rogue AP with index number <index>. • deauth-list – Displays the Rogue AP Containment list Example admin(network.wlan.rogueap.roguelist)>show all rogue ap list ++++++++++++++++++++ rogue list ageout : 0 minutes ------------------------------------------------------------------------- Idx AP Essid Channel ------------------------------------------------------------------------- Related Commands locate Locates a rogue AP. approve Approves a rogue AP
  • 3-194 WS2000 Wireless Switch System Reference Guide 3.34.5 Network WLAN Rogue AP Roguelist set Command set Network WLAN Rogue AP Commands Sets rogue list parameters. Syntax set [rap-containment|deauth-interval|deauth-all] set RAP-Containment <mode> set deauth-interval <interval> set dauth-all <mode> Syntax: RAP-Containment • Enables or disables Rogue AP Containment feature. <mode> deauth-interval Sets the Rogue AP de-authentication interval to <interval> (1–300) seconds. This <interval> is the time after which MUs associated to a Rogue AP is deauthenticated. deauth-all <mode> Enables or disables deauthenticating all rogue APs in the containment list. • Example admin(network.wlan.rogueap)>set RAP-Containment enable admin(network.wlan.rogueap)>set deauth-interval 10 admin(network.wlan.rogueap)>set deauth-all enable Related Commands show Displays the rogue AP parameters.
  • Network CLI Commands Reference 3-1953.34.6 Network WLAN Rogue AP Roguelist deauth Command deauth Network WLAN Rogue AP Commands Manages the Rogue AP Containment list by adding APs, their MAC address to the list and deleting APs from the list. Syntax deauth [add-to-list|add-mac-to-list|remove-from-list] <index> deauth all Parameters deauth [add-to- Adds or removes APs from the ACL. list|add-mac-to- • add-to-list <index> – Adds an AP to the Rogue AP containment list at the position list|remove-from-list] specified by <index>. <index> • add-mac-to-list <index> – Adds the MAC address of a Rogue AP to the Rogue AP containment list at the position specified by <index>. • remove-from-list <index> – Removes a MAC from the Rogue AP Containment list. deauth all Removes all the contents from the Rogue AP Containment list Example admin(network.wlan.rogueap.roguelist)>deauth add-to-list 1 admin(network.wlan.rogueap.roguelist)> admin(network.wlan.rogueap.roguelist)>deauth add-mac-to-list 11-22-33-44- 55-66 admin(network.wlan.rogueap.roguelist)>
  • 3-196 WS2000 Wireless Switch System Reference Guide 3.35 Network WLAN Rogue AP Rogue List Locate Commands locate Network WLAN Rogue AP Roguelist Commands Displays the locate submenu. Syntax admin(network.wlan.rogueap.roguelist)> locate admin(network.wlan.rogueap.roguelist.locate)> The items available under this command are shown below. Command Description Ref. start Starts locating a rogue AP. page 3-198 list Lists results of the locate rogue AP scan. page 3-200 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • Network CLI Commands Reference 3-1973.35.1 Network WLAN Rogue AP Rogue List Locate list Command list Network WLAN Rogue AP Rogue List Locate Commands Lists the results of the locate rogue AP scan. Syntax list Parameters None Example admin(network.wlan.rogueap.roguelist.locate)>list Related Commands start Starts the rogue AP location process.
  • 3-198 WS2000 Wireless Switch System Reference Guide 3.35.2 Network WLAN Rogue AP Rogue List Locate start Command start Network WLAN Rogue AP Rogue List Locate Commands Locates a rogue AP. Syntax start <MAC> <ESSID> Parameters start <MAC> <ESSID> Starts locating a rogue AP where <MAC> is the MAC address (or BSSID) of the rogue AP, and <essid> is the ESSID for the rogue AP. Example admin(network.wlan.rogueap.roguelist.locate)>start 00A0f8fe2344 wlan-engg Related Commands list Lists information for the rogue AP found during the scan.
  • Network CLI Commands Reference 3-1993.36 Network WLAN Rogue AP Rogue List MU Scan Commands muscan Network WLAN Rogue AP Roguelist Commands Displays the MU scan submenu. Syntax admin(network.wlan.rogueap.roguelist)> muscan admin(network.wlan.rogueap.roguelist.muscan)> The items available under this command are shown below. Command Description Ref. start Starts a rogue AP scan using on-demand MU polling. page 3-201 list Lists the rogue APs found during the scan. page 3-200 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • 3-200 WS2000 Wireless Switch System Reference Guide 3.36.1 Network WLAN Rogue AP Rogue List MU Scan list Command list Network WLAN Rogue AP Roguelist Commands Lists the results of the locate rogue AP scan. Syntax list Parameters None Example admin(network.wlan.rogueap.roguelist.muscan)>list Related Commands start Starts the MU scan process.
  • Network CLI Commands Reference 3-2013.36.2 Network WLAN Rogue AP Rogue List MU Scan start Command start Network WLAN Rogue AP Roguelist Commands Starts an on-demand MU polling for rogue APs. Syntax start <MAC> <ESSID> Parameters start <MAC> <ESSID> Starts locating a rogue AP where <MAC> is the MAC address (or BSSID) of the rogue AP, and <ESSID> is the ESSID for the rogue AP. Example admin(network.wlan.rogueap.roguelist.muscan)>start 00A0f8fe2344 Related Commands list Lists information for the rogue AP found during the scan.
  • 3-202 WS2000 Wireless Switch System Reference Guide 3.37 Network WLAN Rogue AP Rule List Commands rulelist Network WLAN Rogue AP Commands Displays the rule list submenu. Syntax admin(network.wlan.rogueap)> rulelist admin(network.wlan.rogueap.rulelist)> The items available under this command are shown below. Command Description Ref. show Displays the rule list. page 3-206 add Adds an entry to the rule list. page 3-203 delete Deletes an entry from the rule list. page 3-205 authsymbolap Authorizes all Symbol APs. page 3-204 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • Network CLI Commands Reference 3-2033.37.1 Network WLAN Rogue AP Rule List add Command add Network WLAN Rogue AP Rule List Commands Adds an entry to the rule list. Syntax add <MAC> <ESSID> Parameters add <MAC> <ESSID> Adds an entry into the rule list to allow an AP with the mac address <MAC> and the ESSID <ESSID>. Example admin(network.wlan.rogueap.rulelist)>add 00a0f8f31212 mywlan admin(network.wlan.rogueap.rulelist)>show rule list +++++++++ symbol ap authorization : disabled index ap essid ----- -- ------ 1 00:a0:f8:f3:12:12 mywlan admin(network.wlan.rogueap.rulelist)>? Related Commands show Shows the entries in the rule list.
  • 3-204 WS2000 Wireless Switch System Reference Guide 3.37.2 Network WLAN Rogue AP Rule List authsymbolap Command authsymbolap Network WLAN Rogue AP Rule List Commands Authorizes all Symbol APs. Syntax authsymbolap <mode> Parameters authsymbolap <mode> Enables or disables automatic authorization of all Symbol APs. <mode> can be enable or disable. Example admin(network.wlan.rogueap.rulelist)>auth enable admin(network.wlan.rogueap.rulelist)>show rule list +++++++++ symbol ap authorization : enabled index ap essid ----- -- ------ 1 00:a0:f8:f3:12:12 mywlan Related Commands show Shows all the rules in the rule list and shows status of the Symbol AP automatic authorization.
  • Network CLI Commands Reference 3-2053.37.3 Network WLAN Rogue AP Rule List delete Command delete Network WLAN Rogue AP Rule List Commands Deletes an entry from the rule list. Syntax delete [all|<idx>] Parameters delete [all|<idx>] Deletes entries in the rule list. • all – Deletes all entries in the rule list. • <idx> – Deletes the entry at the <idx> index in the rule list. Example admin(network.wlan.rogueap.rulelist)>delete all admin(network.wlan.rogueap.rulelist)>show rule list +++++++++ symbol ap authorization : enabled index ap essid ----- -- ------ Related Commands show Displays the entries in the rule list.
  • 3-206 WS2000 Wireless Switch System Reference Guide 3.37.4 Network WLAN Rogue AP Rule List show Command show Network WLAN Rogue AP Rule List Commands Displays the rule list. Syntax show Parameters None Example admin(network.wlan.rogueap.rulelist)>show rule list +++++++++ symbol ap authorization : enabled index ap essid ----- -- ------ 1 00:a0:f8:f3:12:12 mywlan Related Commands delete Deletes entries from the rule list. add Adds entries to the rule list.
  • Network CLI Commands Reference 3-2073.38 Network WLAN Enhanced Rogue AP Commands enhancedrogueap Network WLAN Commands Displays the Enhanced Rogue AP detection submenu. Syntax admin(network.wlan)> enhancedrogueap admin(network.wlan.enhancedrogueap)> The items available under this command are shown below. Command Description Ref. show Displays the Enhanced Rogue AP parameters. page 3-208 set Sets the Enhanced Rogue AP parameters page 3-209 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • 3-208 WS2000 Wireless Switch System Reference Guide 3.38.1 Network WLAN Enhanced Rogue AP show Command show Network WLAN Enhanced Rogue AP Commands Displays the Enhanced Rogue AP parameters. Syntax show Parameters None Example admin(network.wlan.enhancedrogueap)>show Enhanced RAP mode : disabled ERAP scan interval : 10 seconds ERAP scan duration : 100 milli seconds Channel Set for Radio A : Channel Set for Radio B/G : admin(network.wlan.enhancedrogueap)>
  • Network CLI Commands Reference 3-2093.38.2 Network WLAN Enhanced Rogue AP set Command set Network WLAN Enhanced Rogue AP Commands Sets the Enhanced Rogue AP parameters. Syntax set [mode|scaninterval|scanduration|A_channels|BG_channels|erase] set mode <mode> set scaninterval <scaninterval> set scanduration <scanduration> set A_channel {channelset} set BG_channel {channelset} set erase Parameters mode <mode> Enables or disables the Enhanced Rogue AP feature scaninterval Sets the Enhanced Rogue AP feature scan interval. <scaninterval> scanduration Sets the Enhanced Rogue AP feature scan duration <scanduration> A_channels Sets A channels to scan for Enhanced Rogue AP feature. {<channelset>} • <channelset> (Optional) – Enter a list of valid channels for A Radio. BG_channels Sets BG channels to scan for Enhanced Rogue AP feature {<channelset>} • <channelset> (Optional) – Enter a list of valid channels for b/g Radio. erase Clears the Enhanced Rogue AP feature list. Example admin(network.wlan.enhancedrogueap)> show Enhanced RAP mode : disabled ERAP scan interval : 10 seconds ERAP scan duration : 100 milli seconds Channel Set for Radio A : Channel Set for Radio B/G : admin(network.wlan.enhancedrogueap)> set mode enable admin(network.wlan.enhancedrogueap)> set scaninterval 33 admin(network.wlan.enhancedrogueap)> set scanduration 110 admin(network.wlan.enhancedrogueap)> set A_channels 36 40 admin(network.wlan.enhancedrogueap)> set BG_channels 1 2 3 admin(network.wlan.enhancedrogueap)> show Enhanced RAP mode : enabled ERAP scan interval : 33 seconds ERAP scan duration : 110 milli seconds Channel Set for Radio A : 36, 40, Channel Set for Radio B/G : 1, 2, 3,
  • 3-210 WS2000 Wireless Switch System Reference Guide 3.39 Network WLAN MU Probe Commands muprobe Network WLAN Commands Displays the MU Probe sub menu. Syntax admin(network.wlan)> muprobe admin(network.wlan.muprobe)> The items available under this menu are shown below. Command Description Ref. show Shows the MU Probe Table configuration page 3-211 set Sets the MU Probe Table configuration page 3-212 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • Network CLI Commands Reference 3-2113.39.1 Network WLAN MU Probe show Command show Network WLAN MU Probe Commands Displays the MU Probe Table configuration information. Syntax show Parameters None Example admin(network.wlan.muprobe)> show mu probe table : disabled mu probe table size : 200 MUs (number of rows could be more) mu probe window : 30 seconds
  • 3-212 WS2000 Wireless Switch System Reference Guide 3.39.2 Network WLAN MU Probe set Command set Network WLAN MU Probe Commands Sets the different MU Probe Table configurations. Syntax set [mode|size|erase|windows] set mode <mode> set size <size> set erase set window <value> Parameters mode <mode> Enables or disables MU Probe scans. <mode> can be enable or disable. size <size> Sets the size <size> in number of rows of the MU Probe Table. erase Erases the MU Probe Table window <value> Sets the MU Probe time window to <value> (5-300) seconds. Example admin(network.wlan.muprobe)> show mu probe table : disabled mu probe table size : 200 MUs (number of rows could be more) mu probe window : 30 seconds admin(network.wlan.muprobe)> set mode enable admin(network.wlan.muprobe)> set size 100 admin(network.wlan.muprobe)> set window 50 admin(network.wlan.muprobe)> show mu probe table : enabled mu probe table size : 100 MUs (number of rows could be more) mu probe window : 50 seconds
  • Network CLI Commands Reference 3-2133.40 Network WLAN Hotspot Commands hotspot Network WLAN Commands Displays the Hotspot sub menu. Syntax admin(network.wlan)> hotspot admin(network.wlan.hotspot)> The items available under this menu are shown below. Command Description Ref. set Sets the hotspot parameters page 3-214 show Displays the hotspot parameters page 3-216 import Imports hotspot display pages page 3-217 radius Sets hotspot RADIUS configuration. Goes to a submenu. page 3-218 white-list Sets the hotspot white-list. Goes to a submenu. page 3-222 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • 3-214 WS2000 Wireless Switch System Reference Guide 3.40.1 Network WLAN Hotspot set Command set Network WLAN Hotspot Commands Sets the different Hotspot parameters. Syntax set [mode|page-loc|exturl|http-mode|hotspot-session-timeout| hotspot-cred-cache] set mode <idx> <mode> set page-loc <idx> <page-loc> set exturl <idx> <page> <url> set http-mode <idx> <http-mode> set hotspot-session-timeout <timeout> set hotspot-cred-cache <hotspot-cred-cache> Parameters mode <idx> <mode> Enables or disables hotspot for a WLAN with the index value <idx> (1- 8). page-loc <idx> <page-loc> Sets the location of the welcome page for Hotspot for a WLAN with the index <idx> (1-8). <page-loc> can be one of default, cf, url. • When <page-loc> is default, the default pages are shown. • When <page-loc> is cf, the pages for login, welcome, and fail are stored on the CF card and are displayed from there. • When <page-loc> is url, the pages are displayed from a URL. The URL information is provided through the set exturl command. exturl <idx> <page> <url> Sets the URL locations for the hotspot login, welcome, and fail pages for a WLAN with the index value <idx> (1-8). <page> should be one of login, welcome, or fail and indicates the page type. <url> is the fully qualified path to the page indicated by the <page> value. http-mode <idx> <http-mode> Sets the HTTP mode for the hotspot for the WLAN with index <idx> (1-8). <http-mode> can be one of http or https. HTTP indicates that connections to the hotspot does not use security. HTTPS indicates use of security. hotspot-session-timeout Sets the timeout value for the hotspot to <hotspot-session-timeout> <hotspot-session-timeout> minutes. This value is global and is applicable to all WLANs. The default value for <hotspot-session-timeout> is 20 minutes and the maximum value that can be entered is 1440 minutes (1 day). hotspot-cred-cache Enables or disables hotspot user credential caching for the WS2000. <hotspot-cred-cache> Example admin(network.wlan.hotspot)> show hotspot 1 WLAN 1 Hotspot Mode : disable Hotspot Page Location : default External Login URL : External Welcome URL :
  • Network CLI Commands Reference 3-215External Fail URL :Http Mode : httpsadmin(network.wlan.hotspot)> set mode 1 enableadmin(network.wlan.hotspot)> set page-loc 1 urladmin(network.wlan.hotspot)> set exturl 1 login //192.168.1.10/wlan1/hotspt/login.htmadmin(network.wlan.hotspot)> set exturl 1 welcome //192.168.1.10/wlan1/hotspt/welcome.htmadmin(network.wlan.hotspot)> set exturl 1 fail //192.168.1.10/wlan1/hotspt/fail.htmadmin(network.wlan.hotspot)> show hotspot 1WLAN 1Hotspot Mode : enableHotspot Page Location : urlExternal Login URL : //192.168.1.10/wlan1/hotspt/login.htmExternal Welcome URL : //192.168.1.10/wlan1/hotspt/welcome.htmExternal Fail URL : //192.168.1.10/wlan1/hotspt/fail.htmHttp Mode : https
  • 3-216 WS2000 Wireless Switch System Reference Guide 3.40.2 Network WLAN Hotspot show Command show Network WLAN Hotspot Commands Displays the different hotspot configuration settings. Syntax show [hotspot|white-list|hs-session-timeout|hs-cred-cache] show hotspot <idx> show white-list <idx> Parameters hotspot <idx> Displays the hotspot configuration settings. white-list <idx> Displays the white list rules. hs-session-timeout Displays the global hotspot session timeout value. hs-cred-cache Displays the enable/disable status for hotspot user credentials caching. Example admin(network.wlan.hotspot)> show hotspot 1 WLAN 1 Hotspot Mode : enable Hotspot Page Location : url External Login URL : //192.168.1.10/wlan1/hotspt/login.htm External Welcome URL : //192.168.1.10/wlan1/hotspt/ welcome.htm External Fail URL : //192.168.1.10/wlan1/hotspt/fail.htm Http Mode : https admin(network.wlan.hotspot)> show white-list 1 WhiteList Rules ------------------------------------------------------------------------- Idx IP Address ------------------------------------------------------------------------- 1 192.168.1.32 2 192.168.1.45 3 192.168.1.55 4 192.168.1.56 admin(network.wlan.hotspot)> show hs-session-timeout Hotspot Session Timeout : 10 admin(network.wlan.hotspot)> show hs-cred-caching Hotspot Credential Cache Mode : Disabled
  • Network CLI Commands Reference 3-2173.40.3 Network WLAN Hotspot Import Command import Network WLAN Hotspot Commands Imports the html pages for the welcome, login, and fail screens. Syntax import <idx> <page> Parameters import <idx> <page> Imports the specified page for the WLAN with index <idx> (1-8). <page> must be one of login, welcome, or fail. Paste the html page into the console. Example admin(network.wlan.hotspot)> import 1 login Enter Ctrl C to abort. Paste the HTML Page: <html> <Head> <title>Office1 WLAN - Login Page</title> </head> <body> <h1 align="center">Office1 Wireless LAN - Login Page</h1> <HR width=50%> <p align ="center"><b>Please enter your login information below</b></p> <form action="login.asp> <center> <table width=25%> <tr> <tD>User Name</td> <td><input > </input></td> </tr> <tr> <td>Password</td> <td><input type=password> </input></td> </tr> </table> <br> <button type=submit> <strong>Login</strong> </button> <hr width=50%> <p>Page usage monitored and IP captured. Do not login if not authorized.</p> </center> </form> </body> </html>
  • 3-218 WS2000 Wireless Switch System Reference Guide 3.41 Network WLAN Hotspot RADIUS commands radius Network WLAN Hotspot Commands Displays the RADIUS server commands for hotspot. RADIUS is used to authenticate hotspot users. Syntax admin(network.wlan.hotspot)> radius admin(network.wlan.hotspot.radius)> The items available under this command are shown below. Command Description Ref. show Shows RADIUS configuration settings. page 3-219 set Sets RADIUS configuration page 3-220 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • Network CLI Commands Reference 3-2193.41.1 Network WLAN Hotspot RADIUS show Command show Network WLAN Hotspot RADIUS commands Displays the RADIU ?S server information for each hotspot. Syntax show radius <idx> Parameters show radius <idx> Displays the RADIUS information for the WLAN with the index <idx> (1-8). Example admin(network.wlan.hotspot.radius)> show radius 1 Primary Server Ip adr : 127.0.0.1 Primary Server Port : 1812 Primary Server Secret : ****** Secondary Server Ip adr : 0.0.0.0 Secondary Server Port : 1812 Secondary Server Secret : ****** Accounting Mode : disable Accounting Timeout : 1 Accounting Retry-count : 1
  • 3-220 WS2000 Wireless Switch System Reference Guide 3.41.2 Network WLAN Hotspot RADIUS set Command set Network WLAN Hotspot RADIUS commands Configures the RADIUS server information for hotspots for each WLAN. Syntax set [server|port|secret|acct-mode|acct-timeout|acct-retry| bind-interface|auth-mode] set server <idx> <srvr_type> <ipadr> set port <idx> <srvr_type> <port> set secret <idx> <srvr_type> <secret> set acct-mode <idx> <mode> set acct-timeout <idx> <timeout> set acct-retry <idx> <retry_count> set bind-interface <idx> <server> <interface> set auth-mode <idx> <mode> Parameters server <idx> <srvr_type> Sets the IP address <ipadr> of the RADIUS server for the WLAN with <ipadr> index <idx> (1-8). The <srvr_type> (primary, secondary) identifies the RADIUS server as a primary or a secondary server. port <idx> <srvr_type> <port> Sets the port <port> of the RADIUS server for the WLAN with the index <idx> (1-8). The <srvr_type> (primary, secondary) identifies the RADIUS server as a primary or a secondary server. secret <idx> <srvr_type Sets the secret <secret> for accessing the RADIUS server for the WLAN <secret> with the index <idx> (1-8). The <srvr_type> (primary, secondary) identifies the RADIUS server as a primary or a secondary server. acct-mode <idx> <mode> Enables or disables accounting mode for the RADIUS server for the WLAN with the index <idx> (1-8). When enabled, RADIUS accounting log is written to the CF card when the RADIUS server is not reachable. acct-timeout <idx> <timeout> Sets the time duration <timeout> (1-255) seconds after which RADIUS logs are written to the CF card. acct-retry <idx> <retry-count> Sets the number of re-tries <retry-count> (1-10) made before RADIUS logs are written to the CF card. bind-interface <idx> <server> Binds the RADIUS server type <server> (Primary or Secondary) to the <interface> interface <interface> (one of s1-s6, w, none - s1- Subnet 1, s2-subnet 2, ...s6-Subnet 6, w-wan) for the WLAN <idx> (1–8). auth-mode <idx> <mode> Sets the radius authentication mode to either PAP or CHAP. This is used to encrypt authentication packets when authenticating with radius servers located on the WAN side of WS2000. Example admin(network.wlan.hotspot.radius)> set server 1 primary 192.169.1.222 admin(network.wlan.hotspot.radius)> set server 1 secondary 192.169.1.223 admin(network.wlan.hotspot.radius)> set port 1 primary 1812 admin(network.wlan.hotspot.radius)> set port 1 secondary 1812 admin(network.wlan.hotspot.radius)> set secret 1 primary hello1
  • Network CLI Commands Reference 3-221admin(network.wlan.hotspot.radius)> set secret 1 secondary hello2admin(network.wlan.hotspot.radius)> set acct-mode 1 enableadmin(network.wlan.hotspot.radius)> set acct-timeout 1 90admin(network.wlan.hotspot.radius)> set acct-retry 1 8admin(network.wlan.hotspot.radius)> set bind-interface 1 primary s1admin(network.wlan.hotspot.radius)> set auth-mode 1 PAPadmin(network.wlan.hotspot.radius)>show radius 1Primary Server Ip adr : 192.168.1.222Primary Server Port : 1812Primary Server Secret : ******Primary client bind interface : s1Secondary Server Ip adr : 192.169.1.223Secondary Server Port : 1812Secondary Server Secret : ******Secondary client bind interface : noneAccounting Mode : disableAccounting Timeout : 10Accounting Retry-count : 3RADIUS auth-mode : PAPadmin(network.wlan.hotspot.radius)>
  • 3-222 WS2000 Wireless Switch System Reference Guide 3.42 Network WLAN Hotstpot White-list Commands white-list Network WLAN Hotspot Commands Displays the White-list submenu. White-list is a list of devices that can use the hotspot. Syntax admin(network.wlan.hotspot)> white-list admin(network.wlan.hotspot.whitelist)> The items available under this command are shown below. Command Description Ref. add Adds hotspot white-list entries. page 3-223 clear Clears the hotspot white-list entries. page 3-225 show Displays the hotspot white-list entries. page 3-225 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • Network CLI Commands Reference 3-2233.42.1 Network WLAN Hotspot White-list add Command add Network WLAN Hotstpot White-list Commands Adds an entry to the WLAN hotspot white-list. White-list is a list of devices that can access the hotspot. Syntax add rule <wlan_idx> <ipadr> Parameters add rule <wlan_idx> Adds an IP entry <ipadr> to the White-list for the WLAN specified by the index <ipadr> <wlan_idx> (1-8) Example admin(network.wlan.hotspot.whitelist)> add rule 1 192.168.1.67 admin(network.wlan.hotspot.whitelist)> show white-rules 1 WhiteList Rules ------------------------------------------------------------------------- Idx IP Address ------------------------------------------------------------------------- 1 192.168.1.32 2 192.168.1.45 3 192.168.1.55 4 192.168.1.56 5 192.168.1.67
  • 3-224 WS2000 Wireless Switch System Reference Guide 3.42.2 Network WLAN Hotspot White-list clear Command clear Network WLAN Hotstpot White-list Commands Clears or deletes the WLAN hotspot white-list entries. Syntax clear rule [all|<wlan_idx> [all|<ipadr>]] clear rule all clear rule <wlan_idx> all clear rule <wlan_idx> <ipadr> Parameters clear rule [all|<wlan_idx> • clear rule all – Clears all the hotspot white-list entries. [all|<ipadr>]] • clear rule <wlan_idx> all – Clears all the hotspot white-list entries for the WLAN specified by the <wlan_idx> (1-8) value. • clear rule <wlan_idx> <ipadr> – Clears a specific IP address <ipadr> from the hotspot white-list entries for the WLAN specified by the <wlan_idx> (1-8) value. Example admin(network.wlan.hotspot.whitelist)> show white-rules 1 WhiteList Rules ------------------------------------------------------------------------- Idx IP Address ------------------------------------------------------------------------- 1 192.168.1.32 2 192.168.1.45 3 192.168.1.55 4 192.168.1.56 5 192.168.1.67 admin(network.wlan.hotspot.whitelist)> clear rule 1 192.168.1.67 admin(network.wlan.hotspot.whitelist)> show white-rules 1 WhiteList Rules ------------------------------------------------------------------------- Idx IP Address ------------------------------------------------------------------------- 1 192.168.1.32 2 192.168.1.45 3 192.168.1.55 4 192.168.1.56 admin(network.wlan.hotspot.whitelist)> clear rule all admin(network.wlan.hotspot.whitelist)> show white-rules 1 WhiteList Rules ------------------------------------------------------------------------- Idx IP Address -------------------------------------------------------------------------
  • Network CLI Commands Reference 3-2253.42.3 Network WLAN Hotspot White-list show Command show Network WLAN Hotstpot White-list Commands Displays the WLAN hotspot white-list entries. Syntax show white-rules <idx> Parameters show white-rules <idx> Displays the hotspot white-list for the WLAN with the index <idx> (1-8). Example admin(network.wlan.hotspot.whitelist)> show white-rules 1 WhiteList Rules ------------------------------------------------------------------------- Idx IP Address ------------------------------------------------------------------------- 1 192.168.1.32 2 192.168.1.45 3 192.168.1.55 4 192.168.1.56 5 192.168.1.67
  • 3-226 WS2000 Wireless Switch System Reference Guide 3.43 Network WLAN WLAN IP Fiter Policy Commands wlanipfpolicy Network WLAN Commands Displays the WLAN IP Filter Policy submenu. Syntax admin(network.wlan)> wlanipfpolicy admin(network.wlan.wlanipfpolicy)> The items available under this command are shown below. Command Description Ref. set Sets the WLAN IP Filter Policy configurations. page 3-227 add Adds entries to the WLAN IP Filter table. page 3-228 del Deletes entries from the WLAN IP Filter table. page 3-229 show Displays the WLAN IP filter table. page 3-230 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • Network CLI Commands Reference 3-2273.43.1 Network WLAN WLAN IP Filter Policy set Command set Network WLAN WLAN IP Fiter Policy Commands Sets the WLAN IP filter policy configuration. IP Filters have to be set up through the Network > IPFilter menu. Syntax set [ipf-mode|default] set ipf-mode <wlan-idx> <ipf-mode> set default [incoming|outgoing] <wlan-idx> <action> Syntax: ipf-mode <wlan-idx> Sets the IP filter mode <ipf-mode> (enable/disable) for the WLAN with <ipf-mode> the index <idx> (1-8). default [incoming|outgoing] • incoming – Sets the default incoming action to <action> (allow/deny) <wlan-idx> <action> for IP filtering for he WLAN with the index <idx> (1-8). • outgoing – Sets the default outgoing action to <action> (allow/deny) for IP filtering for he WLAN with the index <idx> (1-8). Example admin(network.wlan.wlanipfpolicy)> show 1 ------------------------------------------------------------------------- Filter-Name Direction Action ------------------------------------------------------------------------- IP Filter Mode : disable Default Incoming Action : deny Default Outgoing Action : deny admin(network.wlan.wlanipfpolicy)> set ipf-mode 1 enable admin(network.wlan.wlanipfpolicy)> set default outgoing 1 allow admin(network.wlan.wlanipfpolicy)> set default incoming 1 allow admin(network.wlan.wlanipfpolicy)>show 1 ------------------------------------------------------------------------- Filter-Name Direction Action ------------------------------------------------------------------------- IP Filter Mode : enable Default Incoming Action : allow Default Outgoing Action : allow
  • 3-228 WS2000 Wireless Switch System Reference Guide 3.43.2 Network WLAN WLAN IP Filter Policy add Command add Network WLAN WLAN IP Fiter Policy Commands Adds a new IP Filter association table entry. IP Filters have to be set up through the Network > IPFilter menu. Syntax add <wlan-idx> <filter-name> <direction> <action> Parameters add <wlan-idx> <filter-name> <direction> <action> Adds a new IP Filter association table entry. The <filter-name> is the name of the filter to be added to the WLAN specified by the <wlan-idx> (1-8). The <direction> could be incoming or outgoing. The <action> could be allow or deny. Example admin(network.wlan.wlanipfpolicy)> add 1 allow_tcp incoming allow admin(network.wlan.wlanipfpolicy)> add 1 allow_tcp outgoing deny admin(network.wlan.wlanipfpolicy)> show 1 ------------------------------------------------------------------------- Filter-Name Direction Action ------------------------------------------------------------------------- allow_tcp incoming allow allow_tcp outgoing deny IP Filter Mode : enable Default Incoming Action : allow Default Outgoing Action : allow
  • Network CLI Commands Reference 3-2293.43.3 Network WLAN WLAN IP Filter Policy del Command del Network WLAN WLAN IP Fiter Policy Commands Deletes a entry from the IP Filter association table. Syntax del <wlan-idx> [all|<index>] Syntax: delete <wlan-idx> Deletes an IP Filter association table entry. The WLAN is specified by the [all|<index>] <wlan-idx> (1-8). <index> indicates the filter to delete. all is used to delete all entries from the IP Filter association table. Example admin(network.wlan.wlanipfpolicy)> show 1 ------------------------------------------------------------------------- Filter-Name Direction Action ------------------------------------------------------------------------- allow_tcp incoming allow allow_tcp outgoing deny IP Filter Mode : enable Default Incoming Action : allow Default Outgoing Action : allow admin(network.wlan.wlanipfpolicy)> del 1 2 admin(network.wlan.wlanipfpolicy)> show 1 ------------------------------------------------------------------------- Filter-Name Direction Action ------------------------------------------------------------------------- allow_tcp incoming allow IP Filter Mode : enable Default Incoming Action : allow Default Outgoing Action : allow
  • 3-230 WS2000 Wireless Switch System Reference Guide 3.43.4 Network WLAN WLAN IP Filter Policy show Command show Network WLAN WLAN IP Fiter Policy Commands Displays the contents of the IP Filter association table. Syntax show <wlan-idx> Parameters show <wlan-idx> Displays the IP filter association table for the WLAN with the index <wlan-idx> (1-8). Example admin(network.wlan.wlanipfpolicy)> show 1 ------------------------------------------------------------------------- Filter-Name Direction Action ------------------------------------------------------------------------- allow_tcp incoming allow allow_tcp outgoing deny IP Filter Mode : enable Default Incoming Action : allow Default Outgoing Action : allow
  • Network CLI Commands Reference 3-2313.44 Network Port Commands port network Displays the port configuration submenu. Syntax admin(network)>port admin(network.port)> The items available under this command are shown below. Command Description Ref. show Shows the port configuration settings. page 3-233 set Sets the port configuration page 3-232 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • 3-232 WS2000 Wireless Switch System Reference Guide 3.44.1 Network Port set Command set Network Port Commands Sets the port configuration parameters. Syntax set [auto-negotiation|speed|duplex] set auto-negotiation <idx> <auto-negotiation> set speed <idx> <speed> set duplex <idx> <duplex> Parameters auto-negotiation Enables or disables auto negotiation. When enabled, the port negotiates the speed <idx> <auto- and the duplex type. <auto-negotiation> can be one of enable or disable. <idx> negotiation> (port1-port6, wan) is the port number. speed <idx> Sets the speed for the port with the index <idx> (port1-port6, wan). Set <speed> <speed> from 10M or 100M. duplex <idx> Sets the duplex mode for the port with the index <idx> (port1-port6, wan). Set the <duplex> <duplex> value from full or half. Example admin(network.port)> show port1 auto-negotiation : disable speed : 10M duplex : half admin(network.port)> set auto-negotiation port1 enable admin(network.port)> set speed port1 100M admin(network.port)> set duplex port1 full admin(network.port)> show port1 auto-negotiation : enable speed : 100M duplex : full
  • Network CLI Commands Reference 3-2333.44.2 Network Port show Command show Network Port Commands Displays the port configuration parameters. Syntax show <idx> Parameters show <idx> Displays the port configuration settings for the port <idx> (port1-port6, wan). Example admin(network.port)> show port1 auto-negotiation : enable speed : 100M duplex : full
  • 3-234 WS2000 Wireless Switch System Reference Guide 3.45 Network IP Filter Commands ipfilter network Displays the IP Filter submenu. IP based filtering allows administrators to configure Incoming and Outgoing IP filtering policies on packets within the same Subnet / WLAN and between wired and wireless hosts. Filters can be set up based on IP Address or as a default rule for all IPs in a given direction. Syntax admin(network)> ipfilter admin(network.ipfilter)> The items available under this command are shown below. Command Description Ref. add Adds a filter to the global IP Filter table. page 3-235 del Deletes a filter from the global IP Filter table. page 3-236 show Shows the global IP Filter table. page 3-237 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • Network CLI Commands Reference 3-2353.45.1 Network IP Filter add Command add Network IP Filter Commands Adds an entry into the global IP Filter table. Syntax add <filter-name> <protocol> <port> <start-src-address> <end-src-address> <start-dest-address> <end-dest-address> Parameters add <filter-name> <protocol> <port> <start-src-address> <end-src-address> <start-dest-address> <end- dest-address> Adds an IP Filter with <filter-name> to the IP Filter table. • <protocol> can be one of tcp, udp, icmp, pim, gre, rsvp, idp, pup, egp, ipip, esp, ah, igmp, ipv6, compr_h, raw_ip. • <port> is the port number. Could also be all. • <start-src-address> to <end-src-address> is the source ip range for which this filter is applied • <start-dest-address> to <end-dest-address> is the destination ip range for which this filter is applied. Example admin(network.ipfilter)> add port80tcp TCP 80 192.168.1.100 192.168.1.250 0.0.0.0 0.0.0.0 admin(network.ipfilter)> show ------------------------------------------------------------------------- Filter-Name Protocol-Port Start-End-Src-IP Start-End-Dst-IP In-Use ------------------------------------------------------------------------- allow_tcp TCP 0.0.0.0 0.0.0.0 YES ALL 0.0.0.0 0.0.0.0 allow_udp UDP 0.0.0.0 0.0.0.0 NO ALL 0.0.0.0 0.0.0.0 port80tcp TCP 192.168.1.100 0.0.0.0 NO 80 192.168.1.250 0.0.0.0
  • 3-236 WS2000 Wireless Switch System Reference Guide 3.45.2 Network IP Filter del Command del Network IP Filter Commands Deletes an entry from the global IP Filter table. Syntax del [all|<idx>] Parameters del [all|<index>] Deletes IP Filter table entries. • del <index> – Deletes the global IP Filter table entry at <index>. • del all – Deletes all entries of the global IP Filter table. Example admin(network.ipfilter)> del 3 admin(network.ipfilter)> show ------------------------------------------------------------------------- Filter-Name Protocol-Port Start-End-Src-IP Start-End-Dst-IP In-Use ------------------------------------------------------------------------- allow_tcp TCP 0.0.0.0 0.0.0.0 YES ALL 0.0.0.0 0.0.0.0 allow_udp UDP 0.0.0.0 0.0.0.0 NO ALL 0.0.0.0 0.0.0.0
  • Network CLI Commands Reference 3-2373.45.3 Network IP Filter Shlow Command show Network IP Filter Commands Displays the global IP Filter table. Syntax show Parameters None Example admin(network.ipfilter)> show ------------------------------------------------------------------------- Filter-Name Protocol-Port Start-End-Src-IP Start-End-Dst-IP In-Use ------------------------------------------------------------------------- allow_tcp TCP 0.0.0.0 0.0.0.0 YES ALL 0.0.0.0 0.0.0.0 allow_udp UDP 0.0.0.0 0.0.0.0 NO ALL 0.0.0.0 0.0.0.0
  • 3-238 WS2000 Wireless Switch System Reference Guide 3.46 Network WIPS Command wips network Description: Displays the Wireless Intrusion Protection System (WIPS) submenu. Syntax admin(network)> wips admin(network.wips)> The items available under this command are shown below. Command Description Ref. set Sets WIPS parameters. page 3-239 show Displays WIPS parameters page 3-240 list Lists the APs and Sensors discovered. page 3-241 convert Converts APs to dedicated WIPS sensors page 3-242 revert Revers dedicated WIPS sensors to APs page 3-243 update Sends WIPS configuration to the sensors page 3-244 defaults Goes to the Defaults submenu. page 3-245 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • Network CLI Commands Reference 3-2393.46.1 Network WIPS set Command set Network WIPS Command Enables or disables WIPS. Syntax set mode <mode> Parameters set mode <mode> Enables or disables WIPS. <mode> can be either enable or disable. Example admin(network.wips)> set mode enable admin(network.wips)> show mode State : enable
  • 3-240 WS2000 Wireless Switch System Reference Guide 3.46.2 Network WIPS show Command show Network WIPS Command Displays the WIPS parameters. Syntax show [mode|sensor] Parameters mode Enables or disables WIPS mode sensor <mac> Shows sensor configuration <mac> – Shows mac-Sensor MAC address Example admin(network.wips)> show mode State : enable
  • Network CLI Commands Reference 3-2413.46.3 Network WIPS list Command list Network WIPS Command Lists the adopted APs and detected sensors for WIPS. Syntax list [sensors|aps] Parameters list [sensors|aps] • list aps – Lists the sensor APs • list sensors – Lists the discovered APs Example admin(network.wips)> list sensors ------------------------------------------------------------------------- Idx Sensor MAC IP address ------------------------------------------------------------------------- 1 00a0f8bf8a70 192.168.0.167 admin(network.wips)> list APs ------------------------------------------------------------------------- Idx AP MAC Conversion State ------------------------------------------------------------------------- 1 00a0f8bf8a70
  • 3-242 WS2000 Wireless Switch System Reference Guide 3.46.4 Network WIPS convert Command convert Network WIPS Command Converts an existing AP to a dedicated Sensor device. This command is only valid for Motorola AP300. Syntax convert <mac1> <mac2> ... Parameters convert <mac1> <mac2> Converts the list of AP represented by their MAC addresses <mac1> ... <mac2>... to dedicated sensor devices. Example admin(network.wips)> convert 00a0f8bf8a70 Conversion is started in the background admin(network.wips)> list sensors ------------------------------------------------------------------------- Idx Sensor MAC IP address ------------------------------------------------------------------------- 1 00a0f8bf8a70 192.168.0.167
  • Network CLI Commands Reference 3-2433.46.5 Network WIPS revert Command revert Network WIPS Command Reverts a dedicated Sensor device to an AP. This command is only valid for Motorola AP300. Syntax revert <mac1> <mac2> ... Syntax: revert <mac1> <mac2> Converts the list of Sensors represented by their MAC addresses <mac1> ... <mac2>... to APs. Example admin(network.wips)> revert 00a0f8bf8a70 Revert is started in the background admin(network.wips)> list aps ------------------------------------------------------------------------- ---- Idx AP MAC Conversion State ------------------------------------------------------------------------- ---- 1 00a0f8bf8a70
  • 3-244 WS2000 Wireless Switch System Reference Guide 3.46.6 Network WIPS update Command update Network WIPS Command Sends configuration information to dedicated sensor devices. Syntax update <mac> <dhcp_mode> <ipaddr> <mask> <dgw> <pwips> {<swips>} Parameters update <mac> <dhcp_mode> <ipaddr> <mask> <dgw> <pwips> {<swips>} Sends the configuration information to the sensor device, where: <mac> is the MAC address of the sensor device. <dhcp_mode> is the dhcp mode. Mode can be either client or static. <ipaddr> is the IP address of the sensor device. This field is only required when the <dhcp_mode> is static. <mask> is the subnet mask for the IP address of the sensor device. This field is only required when the <dhcp_mode> is static. <dgw> is the default gateway for the sensor device. This field is only required when the <dhcp_mode> is static. <pwips> is the IP address of the primary WIPS server. <swips> is the IP address of the secondary WIPS server. This value is optional. Example admin(network.wips)> show sensor 00a0f8bf8a70 Sensor MAC : 00a0f8bf8a70 DHCP Mode : client IP Address : 192.168.1.107 IP Mask : 255.255.255.0 Default Gateway : 192.168.1.1 Primary WIPS Server : 192.168.0.20 Secondary WIPS Server : 192.168.0.21 admin(network.wips)> update 00a0f8bf8a70 static 192.168.1.108 255.255.255.0 192.168.1.10 192.168 .0.20 192.168.0.21 admin(network.wips)> show sensor 00a0f8bf8a70 Sensor MAC : 00a0f8bf8a70 DHCP Mode : client IP Address : 192.168.2.100 IP Mask : 255.255.255.0 Default Gateway : 192.168.2.1 Primary WIPS Server : 192.168.0.20 Secondary WIPS Server : 192.168.0.21
  • Network CLI Commands Reference 3-2453.47 Network WIPS Default commands defaults Network WIPS Command Goes to the WIPS default configuration menu. Syntax admin(network.wips)>defaults admin(network.wips.defaults)> The items available under this command are shown below. Default Description Ref. show Shows the WIPS default configuration settings. page 3-247 set Sets the Sensor default configuration for WIPS. page 3-246 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • 3-246 WS2000 Wireless Switch System Reference Guide 3.47.1 Network WIPS set Command set Network WIPS Default commands Sets the default WIPS configuration settings. These settings are used when WIPS configurations are not changed. Syntax set mode <mode> set [ipaddr|mask|dgw|pwips|swips] <a.b.c.d> Syntax: mode <mode> Sets the default mode to enable or disable. ipaddr Sets the IP address to <a.b.c.d> for the WIPS sensor. <a.b.c.d> mask <a.b.c.d> Sets the network mask to <a.b.c.d> for the WIPS sensor dgw <a.b.c.d> Sets the default gateway for the WIPS sensor to <a.b.c.d> pwips Sets the primary WIPS server to <a.b.c.d> <a.b.c.d> swips Sets the secondary WIPS server to <a.b.c.d>. <a.b.c.d> Example admin(network.wips.default)> set mode enable admin(network.wips.default)> set ipaddr 192.168.0.10 admin(network.wips.default)> set mask 255.255.255.0 admin(network.wips.default)> set dgw 192.168.0.1 admin(network.wips.default)> set pwips 192.168.0.20 admin(network.wips.default)> set swips192.168.0.21 admin(network.wips.default)> show DHCP Mode : client IP Address : 192.168.0.10 IP Mask : 255.255.255.0 Default Gateway : 192.168.0.1 Primary WIPS Server : 192.168.0.20 Secondary WIPS Server : 192.168.0.21
  • Network CLI Commands Reference 3-2473.47.2 Network WIPS show Command show Network WIPS Default commands Displays the default WIPS configuration. Syntax show Parameters None Example admin(network.wips.default)> show DHCP Mode : client IP Address : 192.168.0.10 IP Mask : 255.255.255.0 Default Gateway : 192.168.0.1 Primary WIPS Server : 192.168.0.20 Secondary WIPS Server : 192.168.0.21
  • 3-248 WS2000 Wireless Switch System Reference Guide 3.48 Network WIDS Commands wids network Displays the Wireless Intrusion Detection System (WIDS) commands. Syntax admin(network)>wids admin(network.wids)> The items available under this command are shown below. Command Description Ref. show Shows WIDS status and statistics page 3-254 set Sets WIDS parameters page 3-250 delete Removes WIDS MU List entries page 3-249 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • Network CLI Commands Reference 3-2493.48.1 Network WIDS delete Command delete Network WIDS Commands Deletes WIDS MU list entries. Syntax delete [all|<idx>] Parameters delete [all|<idx>] • all – Deletes all the MU from the list. • <idx> – Deletes MU list entry at the index <idx>. Example admin(network.wids)> delete 1 admin(network.wids)> delete all admin(network.wids)>
  • 3-250 WS2000 Wireless Switch System Reference Guide 3.48.2 Network WIDS set Command set Network WIDS Commands Sets the WIDPS parameters. Syntax set [mode|detect-window|anomaly-detect|excess-op] set mode <mode> set detect-window <detect-window> set anomaly-mode [mode|filter-ageout] set anomaly-mode mode <violation-type> <mode> set anomaly-mode filter-ageout <type> <filter-ageout> set excess-op [threshold|filter-ageout] set excess-op threshold [mu|radio|switch] <type> <threshold> set excess-op filter-ageout <type> <filter-ageout> Parameters mode <mode> Enables or disables WIDS. <mode> can be enable or disable. detect-window Sets the duration for which WIDS information is collected to <detect-window> (5- <detect-window> 300) seconds. Once collected, the information is sent for analysis. The deafult value for <detect-window> is 10 seconds.
  • Network CLI Commands Reference 3-251anomaly-detect Configures the anomaly detection mode.[mode|filter- • mode <violation-type> <mode> – Enables or disables anomaly detection for eachageout] violation type <violation-type>. <mode> can be enable or disable. • <violation-type> can be one of the following: • all - all the anomalies. • null-dst - NULL destination MAC anomaly • same-src-dst - Same source and destination IP anomaly • mcas-src - Multicast source MAC anomaly • weak-wep-iv - Weak WEP initialization vector anomaly • tkip-cntr-meas - TKIP Countermeasures anomaly • invalid-frame-len - Invalid frame length anomaly • filter-ageout <type> <filter-ageout> – Sets the number of seconds a mobile unit is filtered out. • <type> is the violation type and can be one of: • all - all the anomalies. • null-dst - NULL destination MAC anomaly • same-src-dst - Same source and destination IP anomaly • mcas-src - Multicast source MAC anomaly • weak-wep-iv - Weak WEP initialization vector anomaly • tkip-cntr-meas - TKIP Countermeasures anomaly • invalid-frame-len - Invalid frame length anomaly • <filter-ageout> (0-86400) is the ageout value in seconds. Default is 60 seconds. 0 disables this option.
  • 3-252 WS2000 Wireless Switch System Reference Guide excess-op Sets the threshold of events allowed in the detection window per MU. [threshold|filter- • threshold [mu|radio|switch] <type> <threshold> – Sets the threshold values for mu, ageout] radio, or switch. • <type> is the violation type and can be one of: • all - all types of excessive operations • probe-req - Probe Request frames • auth-assoc-req - 802.11 Authentication and Association Request • deauth-disassoc-req - Disassociation and Deauthentication frames • auth-fails - Failures reported by Authentication servers • crypto-replay-fails - TKIP/CCMP IV replay check failure • 80211-replay-fails - 802.11 replay check failure • decrypt-fails - decryption failures • unassoc-frames - frames from unassociated stations • eap-starts - EAP (802.1x) Start frames • <threshold> (0-65535) is the threshold value in seconds, 0 disables this option • filter-ageout <type> <filter-ageout> – Sets the number of seconds a mobile unit is filtered out. • <type> is the violation type and can be one of: • all - all the anomalies. • null-dst - NULL destination MAC anomaly • same-src-dst - Same source and destination IP anomaly • mcas-src - Multicast source MAC anomaly • weak-wep-iv - Weak WEP initialization vector anomaly • tkip-cntr-meas - TKIP Countermeasures anomaly • invalid-frame-len - Invalid frame length anomaly • <filter-ageout> (0-86400) is the ageout value in seconds. Default is 60 seconds. 0 disables this option. Example admin(network.wids)> set mode enable admin(network.wids)> set detect-window 25 admin(network.wids)> set anomaly-detect mode all enable admin(network.wids)> set anomaly-detect filter-ageout all 120 admin(network.wids)> set excess-op threshold mu all 80 admin(network.wids)> set excess-op filter-ageout all 80 admin(network.wids)> show wids WIDS feature is : Enabled Detect Window : 10 (Secs) Excessive Operations :: Threshold (0 == disabled) Filter-Ageout (Secs) -------------------- mu radio switch probe-req : 80 0 0 80 auth-assoc-req : 80 0 0 80 deauth-disassoc-req : 80 0 0 80 auth-fails : 80 0 0 80
  • Network CLI Commands Reference 3-253 crypto-replay-fails : 80 0 0 80 80211-replay-fails : 80 0 0 80 decrypt-fails : 80 0 0 80 unassoc-frames : 80 0 0 80 eap-starts : 80 0 0 80Anomaly Analysis :: Status Filter-Ageout (Secs)---------------- null-dst : enabled 120 same-src-dst : enabled 120 mcast-src : enabled 120 weak-wep-iv : enabled 120 tkip-cntr-meas : enabled 120 invalid-frame-len : enabled 120
  • 3-254 WS2000 Wireless Switch System Reference Guide 3.48.3 Network WIDS show Command show Network WIDS Commands Displays the default WIDS configuration settings Syntax show [wids|filter] Parameters show [wids|filter] • wids – Displays the default WIDS configuration values. • filter – Displays the filter configuration values. Example admin(network.wids)> show wids WIDS feature is : Enabled Detect Window : 10 (Secs) Excessive Operations :: Threshold (0 == disabled) Filter-Ageout (Secs) -------------------- mu radio switch probe-req : 80 0 0 80 auth-assoc-req : 80 0 0 80 deauth-disassoc-req : 80 0 0 80 auth-fails : 80 0 0 80 crypto-replay-fails : 80 0 0 80 80211-replay-fails : 80 0 0 80 decrypt-fails : 80 0 0 80 unassoc-frames : 80 0 0 80 eap-starts : 80 0 0 80 Anomaly Analysis :: Status Filter-Ageout (Secs) ---------------- null-dst : enabled 120 same-src-dst : enabled 120 mcast-src : enabled 120 weak-wep-iv : enabled 120 tkip-cntr-meas : enabled 120 invalid-frame-len : enabled 120
  • Network CLI Commands Reference 3-2553.49 Network URL Filter Commands urlfilter network Displays the URL Filter commands Syntax admin(network)> urlfilter admin(network.urlfilter)> The items available under this command are shown below. Command Description Ref. keyword Goes to the Keyword submenu page 3-258 whitelist Goes to the Whitelist submenu page 3-263 blacklist Goes to the Blacklist submenu page 3-267 trustip Goes to the Trusted IP submenu page 3-271 set Sets the URL Filter configuration information page 3-256 show Displays URL Filter configuration information page 3-257 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • 3-256 WS2000 Wireless Switch System Reference Guide 3.49.1 Network URL Filter set Command set Network URL Filter Commands Sets URL FIlter parameters. Syntax set [mode|tcp-port|error-msg|action] set mode <mode> set tcp-port <tcp-port> set error-msg <error-msg> set action <action> Parameters mode <mode> Sets the URL Filter mode. <mode> can be enable or disable. set tcp-port <tcp-port> Sets the TCP Port for URL Filtering to <tcp-port>. set error-msg <error-msg> Sets the error message to the string <error-msg> for URL Filtering. This error message is displayed when there is an error while accessing the page the user had requested. set action <action> Sets the default action for URL Filtering when reverse DNS look-up fails. <action> can be one of allow or deny. Example admin(network.urlfilter)> show URL Filter Mode : Disable TCP Port Number : 0 Error Message : admin(network.urlfilter)>admin(network.urlfilter)>set mode enable admin(network.urlfilter)>set tcp-port 100 admin(network.urlfilter)>set error-msg "Error message" admin(network.urlfilter)>set action deny admin(network.urlfilter)>show URL Filter Mode : Disable TCP Port Number : 80 Error Message : policies of your service provider Action on DNSRD reply failure : deny
  • Network CLI Commands Reference 3-2573.49.2 Network URL Filter show Command show Network URL Filter Commands Displays URL Filter configuration information. Syntax show Parameters None Example admin(network.urlfilter)>show URL Filter Mode : Disable TCP Port Number : 80 Error Message : policies of your service provider Action on DNSRD reply failure : deny
  • 3-258 WS2000 Wireless Switch System Reference Guide 3.50 Network URL Filter Keyword Commands keyword Network URL Filter Commands Displays the URL Filter Keyword commands. Syntax admin(network.urlfilter)> keyword admin(network.urlfilter.keyword)> The items available under this command are shown below. Command Description Ref. add Adds a new keyword and action to the keyword filter table page 3-259 delete Deletes keyword from the keyword filter table page 3-260 removeall Removes all keywords in the keyword filter table page 3-261 show Displays the URL Filter Keyword table entries page 3-262 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • Network CLI Commands Reference 3-2593.50.1 Network URL Filter Keyword add Command add Network URL Filter Keyword Commands Adds a new keyword and action to the keyword filter table. Syntax add <keyword> <action> Parameters add <keyword> Adds a filter to the keyword filter table. <action> <keyword> – The keyword to be searched <action> – allow or deny. The action to be performed when the <keyword> is found. Example admin(network.urlfilter.keyword)>add share deny admin(network.urlfilter.keyword)>show --------URL FILTERING KEYWORD DETAILS--------- KeyWord Action share deny admin(network.urlfilter.keyword)>add trading deny admin(network.urlfilter.keyword)>show --------URL FILTERING KEYWORD DETAILS--------- KeyWord Action share deny trading deny admin(network.urlfilter.keyword)>
  • 3-260 WS2000 Wireless Switch System Reference Guide 3.50.2 Network URL Filter Keyword delete Command delete Network URL Filter Keyword Commands Deletes a keyword from the keyword table. Syntax delete <keyword> Parameters delete <keyword> Deletes the keyword <keyword> from the URL Filter keyword table. Example admin(network.urlfilter.keyword)>show --------URL FILTERING KEYWORD DETAILS--------- KeyWord Action share deny trading deny admin(network.urlfilter.keyword)>delete share admin(network.urlfilter.keyword)>show --------URL FILTERING KEYWORD DETAILS--------- KeyWord Action trading Deny admin(network.urlfilter.keyword)>
  • Network CLI Commands Reference 3-2613.50.3 Network URL Filter Keyword removeall Command removeall Network URL Filter Keyword Commands Removes all entries from the Keyword Table. Syntax removeall Parameters None Example admin(network.urlfilter.keyword)>show --------URL FILTERING KEYWORD DETAILS--------- KeyWord Action share Deny trading Deny stocks Deny stock Deny admin(network.urlfilter.keyword)>removeall admin(network.urlfilter.keyword)>show --------URL FILTERING KEYWORD DETAILS--------- KeyWord Action
  • 3-262 WS2000 Wireless Switch System Reference Guide 3.50.4 Network URL Filter Keyword show Command show Network URL Filter Keyword Commands Displays the URL filter keyword table entries. Syntax show Parameters None Example admin(network.urlfilter.keyword)>show --------URL FILTERING KEYWORD DETAILS--------- KeyWord Action share Deny trading Deny
  • Network CLI Commands Reference 3-2633.51 Network URL Filter White list Commands whitelist Network URL Filter Commands Displays the whitelist URLs commands. Syntax admin(network.urlfilter)> whitelist admin(network.urlfilter.whitelist)> The items available under this command are shown below. Command Description Ref. add Adds a whitelist entry to the URL whitelist table. page 3-264 delete Deletes a whitelist entry from the URL whitelist table. page 3-265 show Displays the URL whitelist table entries. page 3-266 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • 3-264 WS2000 Wireless Switch System Reference Guide 3.51.1 Network URL Filter White List add Command add Network URL Filter White list Commands Adds a new whitelist entry to the whitelist table. Syntax add <whitelist> Parameters add <whitelist> Adds a whitelist entry into the whitelist table. <whitelist> is an URL to be added. Example admin(network.urlfilter.whitelist)>show --------URL FILTERING WHITE LIST DETAILS--------- mot.com admin(network.urlfilter.whitelist)>add moto.com admin(network.urlfilter.whitelist)>show --------URL FILTERING WHITE LIST DETAILS--------- mot.com moto.com admin(network.urlfilter.whitelist)>
  • Network CLI Commands Reference 3-2653.51.2 Network URL Filter White List delete Command delete Network URL Filter White list Commands Deletes a whitelist entry from the whitelist table. Syntax delete [<whitelist>|all] Parameters delete Deletes the entries from the URL whitelist table. [<whitelist>|all] <whitelist> – deletes the specified URL from the URL whitelist table all – deletes all URLs from the URL whitelist table Example admin(network.urlfilter.whitelist)>show --------URL FILTERING WHITE LIST DETAILS--------- mot.com moto.com motoo.com admin(network.urlfilter.whitelist)>delete motoo.com admin(network.urlfilter.whitelist)>show --------URL FILTERING WHITE LIST DETAILS--------- mot.com moto.com admin(network.urlfilter.whitelist)>delete all admin(network.urlfilter.whitelist)>show --------URL FILTERING WHITE LIST DETAILS---------
  • 3-266 WS2000 Wireless Switch System Reference Guide 3.51.3 Network URL Filter White List show Command show Network URL Filter White list Commands Displays the URL filter whitelist table entries. Syntax show Parameters None Example admin(network.urlfilter.whitelist)>show --------URL FILTERING WHITE LIST DETAILS--------- mot.com moto.com admin(network.urlfilter.whitelist)>
  • Network CLI Commands Reference 3-2673.52 Network URL Filter Black List Commands blacklist Network URL Filter Commands Displays the URL Filter black list URLs commands. Syntax admin(network.urlfilter)> blacklist admin(network.urlfilter.blacklist)> The items available under this command are shown below. Command Description Ref. add Adds an URL to the blacklist table page 3-268 delete Deletes a URL from the blacklist table page 3-269 show Displays the URL blacklist table entries page 3-270 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • 3-268 WS2000 Wireless Switch System Reference Guide 3.52.1 Network URL Filter Black List add Command add Network URL Filter Black List Commands Adds a new blacklist entry to the blacklist table. Syntax add <blacklist> Parameters add <blacklist> Adds a blacklist entry into the blacklist table. <blacklist> is an URL. Example admin(network.urlfilter.blacklist)>show --------URL Filtering BLACK LIST DETAILS--------- shares.com admin(network.urlfilter.blacklist)>add trading.com admin(network.urlfilter.blacklist)>show --------URL Filtering BLACK LIST DETAILS--------- shares.com trading.com admin(network.urlfilter.blacklist)>
  • Network CLI Commands Reference 3-2693.52.2 Network URL Filter Black List delete Command delete Network URL Filter Black List Commands Deletes a blacklist entry from the blacklist table. Syntax delete [<blacklist>|all] Parameters del Deletes the entries from the URL blacklist table. [<blacklist>|all] <blacklist> – The URL to be removed from the blacklist table. all – Removes all URLs from the URL blacklist table. Example admin(network.urlfilter.blacklist)>show --------URL Filtering BLACK LIST DETAILS--------- shares.com trading.com dipmail.com admin(network.urlfilter.blacklist)>delete dipmail.com admin(network.urlfilter.blacklist)>show --------URL Filtering BLACK LIST DETAILS--------- shares.com trading.com admin(network.urlfilter.blacklist)>delete all admin(network.urlfilter.blacklist)>show --------URL Filtering BLACK LIST DETAILS---------
  • 3-270 WS2000 Wireless Switch System Reference Guide 3.52.3 Network URL Filter Black List show Command show Network URL Filter Black List Commands Displays the URL filter blacklist table entries. Syntax show Parameters None Example admin(network.urlfilter.blacklist)>show --------URL Filtering BLACK LIST DETAILS--------- shares.com trading.com admin(network.urlfilter.blacklist)>
  • Network CLI Commands Reference 3-2713.53 Network URL Filter Trusted IP Commands trustip Network URL Filter Commands Displays the URL Trusted IP commands. Syntax admin(network.urlfilter)> trustip admin(network.urlfilter.trustip)> The items available under this command are shown below. Command Description Ref. add Adds an IP to the trusted IP list page 3-272 delete Deletes an IP from the trusted IP list page 3-273 show Displays the list of trusted IPs page 3-274 quit Quits the CLI. page 3-1 save Saves the configuration to system flash. page 3-1 .. Goes to the parent menu. page 3-1 / Goes to the root menu. page 3-1
  • 3-272 WS2000 Wireless Switch System Reference Guide 3.53.1 Network URL Filter Trusted IP add Command add Network URL Filter Trusted IP Commands Adds a new IP into the trusted IP table. add <trustip> Parameters add <trustip> Adds an IP address <trustip> into the trusted IPs list. Example admin(network.urlfilter.trustip)>show --------URL FILTERING TRUST IP--------- 192.168.10.20 admin(network.urlfilter.trustip)>add 192.168.10.10 admin(network.urlfilter.trustip)>show --------URL FILTERING TRUST IP--------- 192.168.10.20 192.168.10.10 admin(network.urlfilter.trustip)>
  • Network CLI Commands Reference 3-2733.53.2 Network URL Filter Trusted IP delete Command delete Network URL Filter Black List Commands Deletes an entry from the trusted IPs list. Syntax delete [<trustip>|all] Parameters del [<trustip>|all] Deletes trusted IP entries from the trusted IP list. <trustedip> – Deletes the IP <trustedip> from the trusted IP list all – Deletes all trusted IPs from the trusted IP list. Example admin(network.urlfilter.trustip)>show --------URL FILTERING TRUST IP--------- 192.168.10.20 192.168.10.10 192.168.11.9 admin(network.urlfilter.trustip)>del 192.168.11.9 admin(network.urlfilter.trustip)>show --------URL FILTERING TRUST IP--------- 192.168.10.20 192.168.10.10 admin(network.urlfilter.trustip)>
  • 3-274 WS2000 Wireless Switch System Reference Guide 3.53.3 Network URL Filter Trusted IP show Command show Network URL Filter Trusted IP Commands Displays the trusted IPs list Syntax show Parameters None Example admin(network.urlfilter.trustip)>show --------URL FILTERING TRUST IP--------- 192.168.10.20 192.168.10.10 admin(network.urlfilter.trustip)>
  • System CLI Commands Reference System commands are used to set the system parameters for the WS 2000 Wireless Switch.4.1 system Admin Menu Commands Use the system command to go to the System menu. admin> system admin(system)> The following commands are available under the System menu: Command Description Ref. lastpw Displays the last debug password. page 4-2 exec Execute a linux command. page 4-3 config Goes to the config submenu. page 4-10 logs Goes to the logs submenu. page 4-22 ntp Goes to the NTP submenu. page 4-28 snmp Goes to the SNMP submenu. page 4-70 userdb Goes to the userdb submenu. page 4-92 radius Goes to the RADIUS submenu. page 4-33 test Goes to the test submenu. page 4-127 WS2000 Goes to the WS2000 submenu. page 4-113 authentication Goes to the authentication submenu. page 4-4 ssh Goes to the SSH submenu. page 4-89 redundancy Goes to the redundancy submenu. page 4-66 cf Goes to the CF submenu. page 4-122 http Goes to the HTTP submenu page 4-124 save Saves the configuration to system flash page 2-6 quit Quits the CLI page 2-5 .. Goes to the parent menu page 2-7 / Goes to the root menu page 2-8
  • 4-2 WS2000 Wireless Switch System Reference Guide 4.1.1 System lastpw Command lastpw system This command displays the MAC address for the switch, the previous admin password for the switch, and the number of times the current admin password has been used along with how many more times it will be valid. Syntax lastpw Parameters None Example admin(system)>lastpw WS2000 MAC Address is 00:a0:f8:6f:d8:fc Last Password was symbol12 Current password used 0 times, valid 4 more time(s)
  • System CLI Commands Reference 4-34.1.2 System exec Command exec system Executes a linux command Syntax exec <command> Parameters exec <command> Executes a linux command <command>. Example admin(system)> exec df -h /mnt Filesystem Size Used Avail Use% Mounted on automount(pid153) 0 0 0 - /mnt
  • 4-4 WS2000 Wireless Switch System Reference Guide 4.2 System Authentication Commands authentication system Displays the authentication submenu. Syntax admin(system)> authentication admin(system.authentication)> The items available under this command are shown below. Command Description Ref. radius Goes to the RADIUS submenu. page 4-7 set Sets the mode. page 4-5 show Shows the authentication parameters. page 4-6 save Saves the configuration to system flash. page 4-1 .. Goes to the parent menu. page 4-1 / Goes to the root menu. page 4-1
  • System CLI Commands Reference 4-54.2.1 System Authentication set Command set System Authentication Commands Sets the parameter that specifies how user authentication is taking place. Syntax set [mode|auth-loc] [local|radius] Syntax: set mode [local|radius] Sets the authentication mode. If set to local, the internal User Database will serve as the data source. If set to radius, the switch will use an external LDAP server for the information. If radius is the mode, then the parameters under the radius submenu must to be set. set auth-loc [local|radius] Sets the Airbeam user authentication to either the local database or the RADIUS server. If set to radius, the switch will use an external LDAP server for the authentication. If radius is the authentication location, then the RADIUS server is used for authentication. Example admin(system.authentication)>set mode local admin(system.authentication)>show all authentication mode : local admin(system.authentication)> Related Commands set Sets the parameters to specify that the external RADIUS server is used for user authentication.
  • 4-6 WS2000 Wireless Switch System Reference Guide 4.2.2 System Authentication show Command show System Authentication Commands Shows the main user authentication parameters. Syntax show all Parameters None Example admin(system.authentication)>set mode local admin(system.authentication)>show all authentication mode : local radius user location and type : radius admin(system.authentication)> Related Commands set Sets the authentication parameters.
  • System CLI Commands Reference 4-74.3 System Authentication RADIUS Commands radius System Authentication Commands Displays the RADIUS submenu. Syntax admin(system.authentication)> radius admin(system.authentication.radius)> The items available under this command are shown below. Command Description Ref. set Sets the RADIUS authentication parameters. page 4-8 show Shows the RADIUS authentication parameters. page 4-9 save Saves the configuration to system flash. page 4-1 .. Goes to the parent menu. page 4-1 / Goes to the root menu. page 4-1
  • 4-8 WS2000 Wireless Switch System Reference Guide 4.3.1 System Authentication RADIUS set Command set System Authentication RADIUS Commands Sets the RADIUS proxy server authentication parameters. Syntax set [auth-server-ip|auth-server-port|shared-secret] set auth-server-ip <IP> set auth-server-port <port> set shared-secret <password> Parameters set auth-server-ip <IP> Sets the IP address for the RADIUS authentication proxy server to the IP address <IP>. auth-server-port <port> Specifies the TCP/IP port number <port> for the RADIUS server that will act as a proxy server. The default port is 1812. shared-secret <password> Sets a shared secret <password> for each suffix that is used for authentication with the RADIUS proxy server. Example admin(system.authentication.radius)>set auth-server-ip 192.168.0.4 admin(system.authentication.radius)>set auth-server-port 1812 admin(system.authentication.radius)>set shared mysecret admin(system.authentication.radius)> admin(system.authentication.radius)>show all radius server ip : 192.168.0.4 radius server port : 1812 radius server shared secret : ********
  • System CLI Commands Reference 4-94.3.2 System Authentication RADIUS show Command show System Authentication RADIUS Commands Shows the RADIUS authentication parameters. Syntax show all Parameters None Example admin(system.authentication.radius)> set auth-server-ip 192.168.0.4 admin(system.authentication.radius)> set auth-server-port 1812 admin(system.authentication.radius)> set shared mysecret admin(system.authentication.radius)>show all radius server ip : 192.168.0.4 radius server port : 1812 radius server shared secret : ******** Related Commands set Sets the RADIUS authentication parameters.
  • 4-10 WS2000 Wireless Switch System Reference Guide 4.4 System Configuration Commands config system Displays the config submenu. Syntax admin(system)> config admin(system.config)> The items available under this command are shown below. Command Description Ref. default Restores default configuration page 4-11 export Exports configuration from the system page 4-12 import Imports configuration to the system page 4-14 partial Restores partial default configuration page 4-15 set Sets import/export parameters page 4-16 show Shows import/export parameters page 4-18 update Performs firmware update page 4-19 sensor-fw-update Performs firmware update for the sensors page 4-20 loadtocf Loads the current firmware to a CF card page 4-21 save Saves the configuration to system flash page 2-6 quit Quits the CLI page 2-5 .. Goes to the parent menu page 2-7 / Goes to the root menu page 2-8
  • System CLI Commands Reference 4-114.4.1 System Config default Command default System Configuration Commands Restores the switch to the factory default configuration. Syntax default Parameters None Example admin(system.config)>default Are you sure you want to default the configuration? (yes/no):yes ************************************************************************* System will now restore default configuration. You will need to set the country code for correct operation. ************************************************************************* Restoring default configuration : [ In progress ]
  • 4-12 WS2000 Wireless Switch System Reference Guide 4.4.2 System Config export Command export System Configuration Commands Exports the configuration from the system. Syntax export [ftp|tftp|terminal|sftp] Syntax: export Exports the system configuration. [ftp|tftp|terminal • ftp – Exports the configuration to the FTP server. Use the set command to set the sftp] server, user, password, and file name before using this command. • tftp – Exports the configuration to the TFTP server. Use the set command to set the IP address for the TFTP server before using the command. • terminal – Exports the configuration to the terminal. • sftp – Exports the configuration to the sftp server. Example Export FTP Example: admin(system.config)>set server 192.168.22.12 admin(system.config)>set user myadmin admin(system.config)>set passwd admin(system.config)>export ftp Export operation : [ Started ] Building configuration file : [ Done ] File transfer : [ In progress ] File transfer : [ Done ] Export operation : [ Done ] Export TFTP Example: admin(system.config)>set server 192.168.0.101 admin(system.config)>export tftp Export operation : [ Started ] Building configuration file : [ Done ] File transfer : [ In progress ] File transfer : [ Done ] Export operation : [ Done ] Export Terminal Example: admin(system.config)>export terminal // // WS2000 Configuration Command Script // System Firmware Version: 1.5.0.0-160b // system ws2000
  • System CLI Commands Reference 4-13// WS2000 menuset name WS2000set loc Extra20officeset email fred@symbol.comset cc usset airbeam mode disableset airbeam enc-passwd a11e00942773set applet lan enableset applet wan enableset applet slan enableset applet swan enableset cli lan enableset cli wan enableset snmp lan enableset snmp wan enable/systemconfig--More--. . . <several pages of settings>/// Router configurationnetworkrouterset type offset dir bothset auth noneset enc-passwd 8e57set id 1 1set enc-key 1 e2565fc57c2a766fb0d55160d6f92952set id 2 1set enc-key 2 e2565fc57c2a766fb0d55160d6f92952delete all/save
  • 4-14 WS2000 Wireless Switch System Reference Guide 4.4.3 System Config import Command import System Configuration Commands Imports the configuration to the system. Syntax import [ftp|tftp|sftp] {default-and-apply} Parameters import [ftp|tftp] Imports configuration from external devices. {default-and-apply} • ftp – Imports the configuration from the FTP server. Use the set command to set the server, user, password, and file. • tftp – Imports the configuration from the TFTP server. Use the set command to set the server and file. • default-and-apply – Import the configuration from the FTP or TFTP server. Use this command to first set the device to factory defaults before applying the imported configuration. This command is optional. • sftp – Imports the comfiguration from the SFTP server. Example Import FTP Example admin(system.config)>set server 192.168.22.12 admin(system.config)>set user myadmin admin(system.config)>set passwd mysecret admin(system.config)>import ftp Import operation : [ Started ] File transfer : [ In progress ] File transfer : [ Done ] Import operation : [ Done ] admin(system.config)>import ftp default-and-apply Import operation : [ Started ] File transfer : [ In progress ] File transfer : [ Done ] Import operation : [ Done ] Import TFTP Example admin(system.config)>set server 192.168.0.101 admin(system.config)>import tftp Import operation : [ Started ] File transfer : [ In progress ] File transfer : [ Done ] Import operation : [ Done ] admin(system.config)>import tftp default-and-apply Import operation : [ Started ] File transfer : [ In progress ] File transfer : [ Done ] Import operation : [ Done ]
  • System CLI Commands Reference 4-154.4.4 System Config partial Command partial System Configuration Commands Resets the switchs configuration to the factory default settings for all settings except the WAN and some SNMP related settings. The following settings will remain intact when using Restore Partial Default Configuration: • All settings on the WAN page • SNMP access to the WS 2000 on the WS 2000 Access page • All settings on the SNMP Access page Before using this feature, consider exporting the current configuration for safekeeping. Syntax partial Parameters None Example admin(system.config)>partial Are you sure you want to partially default WS 2000? (yes/no):yes ************************************************************************* System will now restore default configuration. You will need to set the country code for correct operation. ************************************************************************* Restoring default configuration : [ In progress ] Related Commands export Exports system configuration settings.
  • 4-16 WS2000 Wireless Switch System Reference Guide 4.4.5 System Config set Command set System Configuration Commands Sets the import/export parameters. Syntax set [server|user|passwd|file|cfgpath|fw|sensor-fw|import-enc-password| bind-interface|ap300] set server <IP> set user <username> set passwd <password> set file <filename> set cfgpath <filepath> set fw [file|path|boot|active-partition] set fw file <filename> set fw path <path> set fw boot [on-board-flash|compact-flash] set fw active-partition [primary|secondary] set sensor-fw [file|path|max-size] set sensor-fw file <filename> set sensor-fw path <path> set sensor-fw max-size <size> set import-enc-password <mode> set bind-interface <bind-interface> set ap300 [file|path|max-size|legacy-mode] Parameters server <ipaddress> Sets the FTP/TFTP server IP address to <ipaddress> in the format a.b.c.d. user <username> Sets the FTP user name to <username> (up to 47 characters). passwd <password> Sets the FTP password to <password> (up to 39 characters). file <filename> Sets the configuration file name to <filename> (up to 39 characters). cfgpath <path> Sets the configuration file path to <path> (up to 31 characters) fw [ Sets the firmware information for the device. file <filename>| • file <filename> – Sets the firmware filename to <filename> (up to 39 path <path>| characters). boot [on-board-flash| • path <path> – Sets the firmware file path to <path> (up to 39 characters). compact-flash]| active-partition • boot [on-board-flash|compact-flash] – Sets the firmware boot device to either [primary|secondary] the on board flash (on-board-flash) or the compact flash card (compact- flash) attached to the WS 2000 Wireless Switch. • active-partition [primary|secondary] – Sets the active partition on the compact flash card to either of primary or secondary.
  • System CLI Commands Reference 4-17sensor-fw [ Sets sensor firmware information.file <filename>| • file <filename> – Sets the sensor firmware file name to <filename> (up to 39path <path| characters).max-size <size>] • path <path> – Sets the firmware file path for the sensor to <path> (up to 39 characters). • max-size <size> – Sets the maximum file size of the sensor firmware file to <size>.import-enc-password Enables or disables the import of encrypted passwords for the admin and<mode> manager logins. <mode> can be one of enable or disable.bind-interface <bind- Sets the interface to bind <bind-interface> (s1-s6, w, none where s1-Subnet 1,interface> s2-Subnet 2,..., s6-Subnet 6, w-WAN) during ftp.ap300 [file|path| Sets AP300 firmware update parameters.max-size|legacy-mode] • file <filename> – Sets AP300 firmware file name • filename – Sets the file name. The range is 1 to 39 characters. • path – Sets firmware file path • max-size – Sets maximum size for AP300 firmware file • legacy-mode – Sets AP300 fw legacy modeExampleFTP Set Exampleadmin(system.config)>set server 192.168.22.12admin(system.config)>set user myadminadmin(system.config)>set passwdadmin(system.config)>export ftpExport operation : [ Started ]Building configuration file : [ Done ]File transfer : [ In progress ]File transfer : [ Done ]Export operation : [ Done ]Firmware Exampleadmin(system.config)>set fw file mf_01050000160B.binadmin(system.config)>set fw path /tftp/myadmin/admin(system.config)>update tftp s1
  • 4-18 WS2000 Wireless Switch System Reference Guide 4.4.6 System Config show Command show System Configuration Commands Shows the import/export parameters. Syntax show all Parameters None Example admin(system.config)> show all ftp/tftp server ip address : 157.235.208.196 ftp user name : admin ftp password : ******** cfg filename : v23.26b.bin config filepath : /home/ftp/admin/2k/ firmware filepath : /home/ftp/admin/2k/ firmware filename : v23.26b.bin sensor firmware filepath : /home/ftp/admin/2k/ sensor firmware filename : leo_sensor.bin max size of sensor firmware file : 512000 import enc admin password mode : disable boot source device : on-board-flash active partition of Compact Flash : primary ftp/sftp/tftp server ip address : 192.168.0.11 ftp/sftp user name : guest ftp/sftp password : ******** cfg filename : cfg.txt config filepath : firmware filepath : /home/guest/ firmware filename : mf_02040300010B.bin sensor firmware filepath : sensor firmware filename : leo_sensor.bin max size of sensor firmware file : 512000 ap300 firmware filepath : ap300 firmware filename : wiap.bin max size of ap300 firmware file : 512000 AP300 firmware legacy mode : disable import enc admin password mode : disable boot source device : on-board-flash active partition of Compact Flash : primary bind interface : none
  • System CLI Commands Reference 4-194.4.7 System Config update Command update System Configuration Commands Performs a firmware update. Syntax update <mode> {<interface>} update [tftp|ftp|sftp] <interface> update cf Parameters update [tftp|ftp|sftp] Sets how firmware updates will occur. Select between ftp, sftp and tftp. <iface> <iface> specifies the interface (location), as follows: • s1 = subnet1 • s2 = subnet2 • s3 = subnet3 • s4 = subnet4 • s5 = subnet5 • s6 = subnet6 • w = wan Before using this command, use set server to set the IP address for the FTP/TFTP server. If using the ftp mode, also use set user and set passwd to allow login to the FTP server. Note: When update mode is sftp,then the parameter ‘iface’ is not required. update cf Indicates that firmware updates will occur from the switch’s compact flash slot. (Undoes an ftp/tftp/sftp setting.) Example admin(system.config)>set fw file mf_01050000200B.bin admin(system.config)>set fw path /tftp/myadmin/ admin(system.config)>update tftp s1
  • 4-20 WS2000 Wireless Switch System Reference Guide 4.4.8 System Config sensor-fw-update Command sensor-fw-update System Configuration Commands Performs firmware update for the sensors. When sensor firmware update is done, • No restart is required. • New sensors receive the updated firmware. • Existing sensors must be reverted and then reassigned for them to get the new sensor firmware image. Syntax sensor-fw-update [ftp|tftp|sftp] Parameters sensor-fw-update Updates the sensor firmware. [ftp|tftp] • ftp – Updates the sensor firmware from the specified FTP server. • tftp – Updates the sensor firmware from the specified TFTP server. • sftp – Updates the sensor firmware from the specified SFTP server. Example admin(system.config)>sensor-fw-update tftp File transfer : [Successful] admin(system.config)>
  • System CLI Commands Reference 4-214.4.9 System Config loadtocf Command loadtocf System Configuration Commands This command loads and updates the firmware to the CF card. This is used for dual boot. Syntax loadtocf [cf|ftp|tftp|sftp] <image-type> Syntax: cf <image-type> Loads the image to the CF card. The <image-type> (primary, secondary) is the target partition on the CF card to store the image on. In this case, the image source is the CF card and the destination is also the CF card. ftp <image-type> Loads the image to a CF card. The <image-type> (primary, secondary) is the target partition on the CF card to store the image on. This command downloads the image using FTP and stores it on the target partition. tftp <image-type> Loads the image to a CF card. The <image-type> (primary, secondary) is the target partition on the CF card to store the image on. This command downloads the image using TFTP and stores it on the target partition. sftp <image-type> Loads binary image to cf using sftp.The <image-type> (primary, secondary) is the target partition on the CF card to store the image on. This command downloads the image using SFTP and stores it on the target partition. Example admin(system.config)> loadtocf cf primary admin(system.config)>
  • 4-22 WS2000 Wireless Switch System Reference Guide 4.5 System Logs Commands logs system Displays the logs submenu. Syntax admin(system)> logs admin(system.logs)> The items available under this command are shown below. Command Description Ref. delete Deletes core files. page 4-23 set Sets log options and parameters. page 4-25 send Sends log and core files. page 4-24 show Shows logging options. page 4-26 view Views system log. page 4-27 quit Quits the CLI page 4-1 save Saves the configuration to system flash page 4-1 .. Goes to the parent menu page 4-1 / Goes to the root menu page 4-1
  • System CLI Commands Reference 4-234.5.1 System Logs delete Command delete System Logs Commands Deletes the core log files. Syntax delete Parameters None Example admin(system.logs)>delete
  • 4-24 WS2000 Wireless Switch System Reference Guide 4.5.2 System Logs send Command send System Logs Commands Sends log and core files through FTP to a location specified with the set command. Use the set command to set the FTP login and site information first. Syntax send Parameters None Example admin(system.logs)>set user fred admin(system.logs)>set passwd mygoodness admin(system.logs)>show all log level : L6 Info ext syslog server logging : disable ext syslog server ip address : 0.0.0.0 ftp/tftp server ip address : 192.168.0.10 ftp user name : fred ftp password : ******** admin(system.logs)>send File transfer : [ In progress ] File transfer : [ Done ] admin(system.logs)> Related Commands set Sets the parameters associated with log operations, such as send. show all Displays the log related settings.
  • System CLI Commands Reference 4-254.5.3 System Logs set Command set System Logs Commands Sets log options and parameters. Syntax set [ipadr|level|mode|cf_logging_mode|server|user|passwd] set ipadr <ip> set level <level> set mode <mode> set cf_logging_mode <mode> set server <ip> set user <username> set passwd <password> Parameters ipadr <ip> Sets the external syslog server IP address to <ip> (a.b.c.d). level <level> Sets the level of the events that will be logged. All event with a level at or above <level> (L0–L7) will be saved in the system log. • L0:Emergency • L1:Alert • L2:Critical • L3:Errors • L4:Warning • L5:Notice • L6:Info • L7:Debug mode <mode> Enables or disables ext syslog server logging. <mode> is either enable or disable. cf_logging_mode <mode> Enables or disables logging to CF card if connection to the Syslog server fails. <mode> is either enable or disable. server <ip> Sets the FTP server IP address to <ip> (a.b.c.d). user <username> Sets the FTP user name to <username> (1–47 characters). passwd <password> Sets the FTP password to <password> (1–39 characters). Example admin(system.logs)>set user fred admin(system.logs)>set passwd mygoodness admin(system.logs)>show all log level : L6 Info ext syslog server logging : disable ext syslog server ip address : 0.0.0.0 ftp/tftp server ip address : 192.168.0.10 ftp user name : fred ftp password : ********
  • 4-26 WS2000 Wireless Switch System Reference Guide 4.5.4 System Logs Show Command show System Logs Commands Shows logging options. Syntax show all Parameters None Example admin(system.logs)>set user user1 admin(system.logs)>set passwd hello admin(system.logs)>show all log level : L4 Warning ext syslog server logging : enable syslog server logging on CF : disable ext syslog server ip address : 0.0.0.0 ftp/tftp server ip address : 196.168.10.1 ftp user name : admin ftp password : ******** Related Commands set Sets logging parameters to be used with send.
  • System CLI Commands Reference 4-274.5.5 System Logs View Command view System Logs Commands Views the system log file. Syntax view Parameters None Example admin(system.logs)>view Jan 7 16:14:00 (none) syslogd 1.4.1: restart (remote reception). Jan 7 16:14:10 (none) klogd: :ps log:fc: queue maintenance Jan 7 16:14:41 (none) klogd: :ps log:fc: queue maintenance Jan 7 16:15:43 (none) last message repeated 2 times Jan 7 16:16:01 (none) CC: 4:16pm up 6 days, 16:16, load average: 0.00, 0.01, 0.00 Jan 7 16:16:01 (none) CC: Mem: 62384 32520 29864 0 0 Jan 7 16:16:01 (none) CC: 0000077e 0012e95b 0000d843 00000000 00000003 0000121 e 00000000 00000000 0037ebf7 000034dc 00000000 00000000 00000000 Jan 7 16:16:13 (none) klogd: :ps log:fc: queue maintenance Jan 7 16:16:44 (none) klogd: :ps log:fc: queue maintenance Jan 7 16:17:15 (none) klogd: :ps log:fc: queue maintenance Jan 7 16:17:15 (none) klogd: :ps log:fc: queue maintenance . . .
  • 4-28 WS2000 Wireless Switch System Reference Guide 4.6 System NTP Commands ntp system Displays the NTP submenu. Syntax admin(system)> ntp admin(system.ntp)> The items available under this command are shown below. Command Description Ref. show Shows NTP parameters settings. page 4-30 set Sets NTP parameters. page 4-29 date-zone Shows the date, time and time zone page 4-31 zone-list Shows the list of time zones page 4-32 quit Quits the CLI page 4-1 save Saves the configuration to system flash page 4-1 .. Goes to the parent menu page 4-1 / Goes to the root menu page 4-1
  • System CLI Commands Reference 4-294.6.1 System NTP Set Command set System NTP Commands Sets NTP parameters. Syntax set [mode|intrvl|server|port|time|zone] set mode <mode> set intrvl <interval> set server <idx> <ip/hostname> set port <idx> <port> set time <yyyy> <MM> <dd> <hh> <mm> <ss> set zone <zone-index> Syntax: mode <mode> Enables or disables NTP. <mode> is either enable or disable. intrvl <interval> Sets the length of time to <interval> (in minutes) for the switch to synchronize its time with an NTP server. server <idx> Sets the NTP server IP address <ip/hostname> (a.b.c.d or host url); specify one of <ip/hostname> the three NTP servers with <idx> (1, 2, or 3). This value can also be a host name of the NTP server. When the value is a host name, the domain name IP should be set under the (system.ws2000) menu on the CLI. port <idx> <port> Sets the NTP port for the indicated server <idx> to <port> (1–65535). time <yyyy> <MM> Sets the WS2000 system time manually. Time is in the format YYYY MM DD hh mm <dd> <hh> <mm> ss (Example: 2008 02 24 11 25 32) <ss> zone <zone-idx> Sets the time zone to the <zone-idx> value. This value can be found by using the (system.ntp)>zone-list command. Example admin(system.ntp)>set mode enable admin(system.ntp)>set server 1 203.21.37.18 admin(system.ntp)>set port 1 345 admin(system.ntp)>show all ntp mode : enable server ip 1 : 203.21.37.18 server ip 2 : 0.0.0.0 server ip 3 : 0.0.0.0 server port 1 : 345 server port 2 : 123 server port 3 : 123 current time : 1970-01-07 23:29:05 admin(system.ntp)>
  • 4-30 WS2000 Wireless Switch System Reference Guide 4.6.2 System NTP Show Command show System NTP Commands Shows all NTP server settings. Syntax show all Parameters None Example admin(system.ntp)>show all ntp mode : enable server ip 1 : 114.233.112.4 server ip 2 : 0.0.0.0 server ip 3 : 0.0.0.0 server port 1 : 123 server port 2 : 123 server port 3 : 123 current time : 2004-10-07 22:58:24 Related Commands set Sets NTP parameters.
  • System CLI Commands Reference 4-314.6.3 System NTP Date-zone Command date-zone System NTP Commands Shows the WS2000 date, time and time zone. Syntax date-zone Parameters None Example admin(system.ntp)> date-zone Date/Time : Thu 1970-Jan-01 05:53:25 +0530 IST Time Zone : Asia/Calcutta admin(system.ntp)>
  • 4-32 WS2000 Wireless Switch System Reference Guide 4.6.4 System NTP zone-list Command zone-list System NTP Commands Displays the different time zones. Syntax zone-list Parameters None Example admin(system.ntp)>zone-list ---------------------------------------------- Index | TimeZone ---------------------------------------------- 1 | Africa/Abidjan 2 | Africa/Accra 3 | Africa/Addis_Ababa 4 | Africa/Algiers 5 | Africa/Asmera 6 | Africa/Bamako 7 | Africa/Bangui 8 | Africa/Banjul 9 | Africa/Bissau 10 | Africa/Blantyre <Hit any key to continue> 11 | Africa/Brazzaville 12 | Africa/Bujumbura 13 | Africa/Cairo 14 | Africa/Casablanca 15 | Africa/Ceuta 16 | Africa/Conakry 17 | Africa/Dakar 18 | Africa/Dar_es_Salaam 19 | Africa/Djibouti <Hit any key to continue> 20 | Africa/Douala 21 | Africa/El_Aaiun 22 | Africa/Freetown 23 | Africa/Gaborone 24 | Africa/Harare 25 | Africa/Johannesburg 26 | Africa/Kampala 27 | Africa/Khartoum 28 | Africa/Kigali <Hit any key to continue>
  • System CLI Commands Reference 4-334.7 System RADIUS Commands radius system Displays the RADIUS submenu. Syntax admin(system)> radius admin(system.radius)> The items available under this command are shown below. Command Description Ref. eap Goes to the EAP submenu. page 4-41 policy Goes to the access policy submenu. page 4-57 ldap Goes to the LDAP submenu. page 4-51 proxy Goes to the proxy submenu. page 4-60 client Goes to the client submenu. page 4-37 generate-dh-param Generates the DH Param file required for EAP-TLS/TTLS page 4-34 set Sets the RADIUS parameters. page 4-35 show Shows the RADIUS parameters. page 4-36 quit Quits the CLI page 4-1 save Saves the configuration to system flash page 4-1 .. Goes to the parent menu page 4-1 / Goes to the root menu page 4-1
  • 4-34 WS2000 Wireless Switch System Reference Guide 4.7.1 System RADIUS generate-dh-param Command generate-dh-param System RADIUS Commands Generates the DH Params file for supporting Cipher Suit v 0x13 (TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA) for EAP-TLS./TTLS protocols. If this file does not exist when the WS2000 is booted, it is created. This command provides a facility to create the DH Params file as required. Syntax generate-dh-param Parameters None Example admin(system.radius)>generate-dh-param This will take several minutes. Please wait until the operation is complete. DH Parameter file will not get created if interrupted... admin(system.radius)>
  • System CLI Commands Reference 4-354.7.2 System RADIUS set Command set System RADIUS Commands Sets the RADIUS database to either the local database or an LDAP server. Syntax set database [local|ldap|ldaps] Parameters set database Sets the RADIUS server to the local database (local) or an LDAP server (ldap) or [local|ldap|ldaps] a secured LDAP server (ldaps). Example admin(system.radius)>set database ldap admin(system.radius)>show all Database : ldap Related Commands show all Shows the top-level RADIUS parameters.
  • 4-36 WS2000 Wireless Switch System Reference Guide 4.7.3 System RADIUS show Command show System RADIUS Commands Shows the RADIUS parameters. Syntax show all Parameters None Example admin(system.radius)>set database ldap admin(system.radius)>show all Database : ldap Related Commands set Sets the RADIUS database source.
  • System CLI Commands Reference 4-374.8 System RADIUS Client Commands client System RADIUS Commands Displays the client submenu. Syntax admin(system.radius)>client admin(system.radius.client)> The items available under this command are shown below. Command Description Ref. add Adds a RADIUS client. page 4-38 del Deletes a RADIUS client. page 4-39 show Displays a list of configured clients. page 4-40 quit Quits the CLI page 4-1 save Saves the configuration to system flash page 4-1 .. Goes to the parent menu page 4-1 / Goes to the root menu page 4-1
  • 4-38 WS2000 Wireless Switch System Reference Guide 4.8.1 System RADIUS Client add Command add System RADIUS Client Commands Adds a RADIUS client. Syntax add <ip> <mask> <secret> Parameters add <ip> <mask> <secret> Adds a RADIUS client with IP address <ip>, netmask <mask>, and shared secret <secret>. Example admin(system.radius.client)>add 192.168.46.4 225.225.225.0 mysecret admin(system.radius.client)>show List of Radius Clients : ------------------------------------------------------------------------- Idx Subnet/Host Netmask SharedSecret ------------------------------------------------------------------------ 1 192.168.46.4 225.225.225.0 ****** admin(system.radius.client)> Related Commands del Deletes a RADIUS client. show Shows a list of RADIUS clients.
  • System CLI Commands Reference 4-394.8.2 System RADIUS Client del Command del System RADIUS Client Commands Deletes a RADIUS client with the provided IP address. Syntax del <ip> Parameters del <ip> Deletes the RADIUS client with IP address <ip>. Example admin(system.radius.client)>show List of Radius Clients : ------------------------------------------------------------------------- Idx Subnet/Host Netmask SharedSecret ------------------------------------------------------------------------- 1 192.168.46.4 225.225.225.0 ****** 2 192.168.101.43 225.225.225.0 ****** admin(system.radius.client)>del 192.168.46.4 admin(system.radius.client)>show List of Radius Clients : ------------------------------------------------------------------------- Idx Subnet/Host Netmask SharedSecret ------------------------------------------------------------------------- 1 192.168.101.43 225.225.225.0 ****** admin(system.radius.client)> Related Commands add Adds a RADIUS client to the list. show Displays the list of RADIUS clients.
  • 4-40 WS2000 Wireless Switch System Reference Guide 4.8.3 System RADIUS Client show Command show System RADIUS Client Commands Displays a list of configured RADIUS clients. Syntax show Parameters None Example admin(system.radius.client)>show List of Radius Clients : ------------------------------------------------------------------------- Idx Subnet/Host Netmask SharedSecret ------------------------------------------------------------------------- 1 192.168.46.4 225.225.225.0 ****** 2 192.168.101.43 225.225.225.0 ****** admin(system.radius.client)> Related Commands add Adds a RADIUS client to the list. del Deletes a RADIUS client from the list.
  • System CLI Commands Reference 4-414.9 System RADIUS EAP Commands eap System RADIUS Commands Displays the EAP submenu. Syntax admin(system.radius)> eap admin(system.radius.eap)> The items available under this command are shown below. Command Description Ref. peap Goes to the PEAP submenu. page 4-45 ttls Goes to the TTLS submenu. page 4-48 import Imports the EAP certificates. page 4-42 set Sets the EAP parameters. page 4-43 show Shows the EAP parameters. page 4-44 quit Quits the CLI page 4-1 save Saves the configuration to system flash page 4-1 .. Goes to the parent menu page 4-1 / Goes to the root menu page 4-1
  • 4-42 WS2000 Wireless Switch System Reference Guide 4.9.1 System RADIUS EAP import Command import System RADIUS EAP Commands Imports the EAP certificates. Syntax import [server|cacert] <cert ID> Parameters server <cert id> Imports a server certificate with the certificate ID <cert id>. cacert <cert id> Imports a Trusted Certificate with certificate ID <cert id>. Example admin(system.radius.eap)>import server mycert admin(system.radius.eap)>import cacert NETE3443 Related Commands show cert Show the list of certificates.
  • System CLI Commands Reference 4-434.9.2 System RADIUS EAP set Command set System RADIUS EAP Commands Sets the EAP parameters. To configure each of the selected authentication types, go to the submenu associated with each type. Syntax set auth [peap|ttls|both] Parameters auth [peap|ttls|both] Sets the default authorization type to one of PEAP or TTLS or both. When selected, go to the submenu associated with the selection to finish the setup. Example admin(system.radius.eap)>set auth peap admin(system.radius.eap)>show all Default EAP Type : peap Related Commands show all Shows the EAP settings.
  • 4-44 WS2000 Wireless Switch System Reference Guide 4.9.3 System RADIUS EAP show Command show System RADIUS EAP Commands Displays the EAP parameters. Syntax show [all|cert] Parameters show [all|cert] Displays EAP parameters • all – Displays the default EAP authentication settings. • cert - Displays a list of certificates. Example admin(system.radius.eap)>set auth peap admin(system.radius.eap)>show all Default EAP Type : peap Example set Sets the EAP parameters.
  • System CLI Commands Reference 4-454.10 System RADIUS EAP PEAP Commands peap System RADIUS EAP Commands Displays the PEAP submenu. Syntax admin(system.radius.eap)> peap admin(system.radius.eap.peap)> The items available under this command are shown below. Command Description Ref. set Sets the PEAP authentication type. page 4-46 show Shows the PEAP authentication type. page 4-47 quit Quits the CLI page 4-1 save Saves the configuration to system flash page 4-1 .. Goes to the parent menu page 4-1 / Goes to the root menu page 4-1
  • 4-46 WS2000 Wireless Switch System Reference Guide 4.10.1 System RADIUS EAP PEAP set Command set System RADIUS EAP PEAP Commands Sets the PEAP authentication type. Syntax set auth <peap type> Parameters set auth <peap type> Sets the authentication type for PEAP to <peap type> (GTC or MTCHAPv2). Example admin(system.radius.eap.peap)>set auth gtc admin(system.radius.eap.peap)>show PEAP Auth Type : gtc Related Commands show Displays the PEAP authentication type.
  • System CLI Commands Reference 4-474.10.2 System RADIUS EAP PEAP show Command show System RADIUS EAP PEAP Commands Displays the PEAP authentication type. Syntax show Parameters None Example admin(system.radius.eap.peap)>set auth gtc admin(system.radius.eap.peap)>show PEAP Auth Type : gtc Related Commands set Sets the PEAP authentication type.
  • 4-48 WS2000 Wireless Switch System Reference Guide 4.11 System RADIUS EAP TTLS Commands ttls System RADIUS EAP Commands Displays the TTLS submenu. Syntax admin(system.radius.eap)> ttls admin(system.radius.eap.ttls)> The items available under this command are shown below. Command Description Ref. set Sets the TTLS authentication type. page 4-49 show Shows the TTLS authentication type. page 4-50 quit Quits the CLI page 4-1 save Saves the configuration to system flash page 4-1 .. Goes to the parent menu page 4-1 / Goes to the root menu page 4-1
  • System CLI Commands Reference 4-494.11.1 System RADIUS EAP TTLS set Command set System RADIUS EAP TTLS Commands Sets the TTLS authentication type. Syntax set auth <ttls type> Parameters set auth <auth type> Sets the authentication type for TTLS to <auth type> (PAP, MD5, or MSCHAPv2). Example admin(system.radius.eap.ttls)>set auth md5 admin(system.radius.eap.ttls)>show TTLS Auth Type : md5 Related Commands show Show the TTLS authentication type.
  • 4-50 WS2000 Wireless Switch System Reference Guide 4.11.2 System RADIUS EAP TTLS show Command show System RADIUS EAP TTLS Commands Shows the TTLS authentication type. Syntax show Parameters None Example admin(system.radius.eap.ttls)>set auth md5 admin(system.radius.eap.ttls)>show TTLS Auth Type : md5 Related Commands set Sets the TTLS authentication type.
  • System CLI Commands Reference 4-514.12 System RADIUS LDAP Commands ldap System RADIUS Commands Displays the LDAP submenu. Syntax admin(system.radius)> ldap admin(system.radius.ldap)> The items available under this command are shown below. Command Description Ref. set Sets the LDAP parameters. page 4-52 show Shows the LDAP parameters. page 4-54 import Imports Secured LDAP certificates. page 4-55 join Joins the A D domain. page 4-56 quit Quits the CLI page 4-1 save Saves the configuration to system flash page 4-1 .. Goes to the parent menu page 4-1 / Goes to the root menu page 4-1
  • 4-52 WS2000 Wireless Switch System Reference Guide 4.12.1 System RADIUS LDAP set Command set System RADIUS LDAP Commands Sets the LDAP parameters. Syntax set [ipadr|domain|port|binddn|basedn|passwd|login|pass_attr| groupname|filter|membership|adagent|pri-domain|admin-uname|admin-pass] set ipadr <ip> set domain <domain> set port <port> set binddn <binddn> set basedn <basedn> set passwd <password> set login <login attr> set pass_attr <password attr> set groupname <groupname attr> set filter set membership <group attr> set adagent <mode> set pri-domain <mode> set admin-uname <username> set admin-pass <password> Parameters ipadr <ip> Sets LDAP server IP address to <ip>. domain <domain> Sets LDAP domain name to a fully qualified domain name <domain>. Use when using LDAPS or AD agent port <port> Sets LDAP server port to <port>. binddn <binddn> Sets LDAP bind distinguished name to <binddn> (a string of characters). basedn <basedn> Sets LDAP Base distinguished name to <basedn> (a string of characters). passwd <password> Sets LDAP server password to <password> (a string of characters). login <login attr> Sets LDAP login attribute to <login attr> (a string of characters). pass_attr <password attr> Sets LDAP password attribute to <password attr> (a string of characters). groupname <groupname Sets LDAP group name attribute to <groupname attr> (a string of attr> characters). filter Sets LDAP membership filter with appropriate settings membership <group attr> Sets LDAP membership attribute to <group attr> (a string of characters). adagent <mode> Enables or disables the A D agent feature. <mode> is either enable or disable. pri-domain <mode> Enables or disables setting primary domain for A D agent. <mode> is either enable or disable. admin-uname <username> Sets the administrator user name to <username> for the LDAP domain admin-pass <password> Sets the administrator password to <password> for the LDAP domain
  • System CLI Commands Reference 4-53Exampleadmin(system.radius.ldap)>set ipadr 192.168.42.23admin(system.radius.ldap)>set port 356admin(system.radius.ldap)>show allLDAP Server IP : 192.168.42.23LDAP Server Port : 56LDAP Bind DN : dfkjkkjLDAP Base DN : o=mobionLDAP Login Attribute : (uid=%{Stripped-User-Name:-%{User-Name}})LDAP Password Attribute : userPasswordLDAP Group Name Attribute : cnLDAP Group Membership Filter :LDAP Group Membership Attribute : mygroupadmin(system.radius.ldap)>Related Commandsshow Displays the set of LDAP server settings.
  • 4-54 WS2000 Wireless Switch System Reference Guide 4.12.2 System RADIUS LDAP show Command show System RADIUS LDAP Commands Description: Displays the LDAP parameters. Syntax show all Parameters None Example admin(system.radius.ldap)>set ipadr 192.168.42.23 admin(system.radius.ldap)>set port 356 admin(system.radius.ldap)>show all LDAP Server IP : 192.168.42.23 LDAP Server Port : 56 LDAP Bind DN : dfkjkkj LDAP Base DN : o=mobion LDAP Login Attribute : (uid=%{Stripped-User-Name:-%{User- Name}}) LDAP Password Attribute : userPassword LDAP Group Name Attribute : cn LDAP Group Membership Filter : LDAP Group Membership Attribute : mygroup admin(system.radius.ldap)> Related Commands set Sets the LDAP parameters.
  • System CLI Commands Reference 4-554.12.3 System RADIUS LDAP import Command import System RADIUS LDAP Commands Imports Secure LDAP certificates. Syntax import [client|cacert] <cert-id> Parameters import Import Secure LDAP certificates. [client|cacert] • client – Imports self certificate <cert-id> <cert-id> • ca-cert – Imports the trusted certificate authority certificate <cert-id> Example admin(system.radius.ldap)> import client LdapClient admin(system.radius.ldap)> import cacert LdapTrusted
  • 4-56 WS2000 Wireless Switch System Reference Guide 4.12.4 System RADIUS LDAP join Command join System RADIUS LDAP Commands Joins the device to the A D domain. Syntax join Parameters None Example admin(system.radius.ldap)> join
  • System CLI Commands Reference 4-574.13 System RADIUS Policy Commands policy System RADIUS Commands Displays the policy submenu. Syntax admin(system.radius)> policy admin(system.radius.policy)> The items available under this command are shown below. Command Description Ref. set Sets the group’s access policy. page 4-58 show Shows the group’s access policy. page 4-59 quit Quits the CLI page 4-1 save Saves the configuration to system flash page 4-1 .. Goes to the parent menu page 4-1 / Goes to the root menu page 4-1
  • 4-58 WS2000 Wireless Switch System Reference Guide 4.13.1 System RADIUS Policy set Command set System RADIUS Policy Commands Sets a group’s access to WLANs. Syntax set <group> <idx> Parameters set <group> <idx> Gives the group <group> access to WLAN with a list of indexes <idx>. The list <idx> can either be a single index or several indexes separated by spaces. The group <group> must be already defined. See System User Database Group Commands for information about defining groups. Example admin(system.radius.policy)>set g1 2 3 4 admin(system.radius.policy)>show List of Access Policies : g1 : 2 3 4 g2 : No Wlans Related Commands show Displays the group’s access policies.
  • System CLI Commands Reference 4-594.13.2 System RADIUS Policy show Command show System RADIUS Policy Commands Displays the access policy details for all groups. Syntax show Parameters None Example admin(system.radius.policy)>set g1 2 3 4 admin(system.radius.policy)>show List of Access Policies : g1 : 2 3 4 g2 : No Wlans Related Commands set Sets the group WLAN access settings.
  • 4-60 WS2000 Wireless Switch System Reference Guide 4.14 System RADIUS Proxy Commands proxy System RADIUS Commands Displays the proxy submenu. Syntax admin(system.radius)> proxy admin(system.radius.proxy)> The items available under this command are shown below. Command Description Ref. add Adds a proxy realm. page 4-61 del Deletes a proxy realm. page 4-62 clearall Removes all proxy server records. page 4-63 set Sets the proxy server parameters. page 4-64 show Shows the proxy server parameters. page 4-65 quit Quits the CLI page 4-1 save Saves the configuration to system flash page 4-1 .. Goes to the parent menu page 4-1 / Goes to the root menu page 4-1
  • System CLI Commands Reference 4-614.14.1 System RADIUS Proxy add Command add System RADIUS Proxy Commands Adds a proxy realm. Syntax add <name> <ip> <port> <secret> Parameters add <realm> <ip> <port> Add a proxy realm with realm name <realm>, RADIUS server IP address <ip>, <secret> port <port>, and shared secret <secret>. Example admin(system.radius.proxy)>add realm1 192.168.102.42 225 realmpass admin(system.radius.proxy)>show realm Proxy Realms : ------------------------------------------------------------------------- Idx Suffix RadiusServerIP Port SharedSecret ------------------------------------------------------------------------- 1 realm1 192.168.102.42 225 ****** Related Commands show realm Displays this list of defined proxy servers. del Deletes a proxy server from the list.
  • 4-62 WS2000 Wireless Switch System Reference Guide 4.14.2 System RADIUS Proxy del Command del System RADIUS Proxy Commands Deletes a proxy realm. Syntax del <realm> Parameters del <realm> Deletes a proxy server realm with name <realm>. Example admin(system.radius.proxy)>add realm1 192.168.102.42 225 realmpass admin(system.radius.proxy)>show realm Proxy Realms : ------------------------------------------------------------------------- Idx Suffix RadiusServerIP Port SharedSecret ------------------------------------------------------------------------- 1 realm1 192.168.102.42 225 ****** admin(system.radius.proxy)>del realm1 admin(system.radius.proxy)>show realm Proxy Realms : ------------------------------------------------------------------------- Idx Suffix RadiusServerIP Port SharedSecret ------------------------------------------------------------------------- Related Commands add Adds a proxy server realm. show Displays the list of proxy servers.
  • System CLI Commands Reference 4-634.14.3 System RADIUS Proxy clearall Command clearall System RADIUS Proxy Commands Clears all the proxy server records. Syntax clearall Parameters None Example admin(system.radius.proxy)> clearall
  • 4-64 WS2000 Wireless Switch System Reference Guide 4.14.4 System RADIUS Proxy set Command set System RADIUS Proxy Commands Sets the proxy server parameters. Syntax set delay <delay> set count <count> Syntax: delay <delay> Sets the retry delay of the proxy server to <delay> minute (5–10). count <count> Sets the retry count of the proxy server to <count> (3–6). Example admin(system.radius.proxy)>set delay 7 admin(system.radius.proxy)>set count 4 admin(system.radius.proxy)>show proxy Proxy Server Retry Count : 4 Proxy Server Retry Delay : 7 admin(system.radius.proxy)> Example show proxy Shows the proxy server retry settings.
  • System CLI Commands Reference 4-654.14.5 System RADIUS Proxy show Command show System RADIUS Proxy Commands Shows the proxy server parameters. Syntax show [proxy|realm] Parameters show [proxy|realm] Displays proxy server parameters. • proxy – Displays the proxy server parameters. • realm – Displays proxy server realm information. Example admin(system.radius.proxy)>add realm1 192.168.102.42 225 realmpass admin(system.radius.proxy)>show realm Proxy Realms : ------------------------------------------------------------------------- Idx Suffix RadiusServerIP Port SharedSecret ------------------------------------------------------------------------- 1 realm1 192.168.102.42 225 ****** admin(system.radius.proxy)>set delay 7 admin(system.radius.proxy)>set count 4 admin(system.radius.proxy)>show proxy Proxy Server Retry Count : 4 Proxy Server Retry Delay : 7 admin(system.radius.proxy)> Related Commands set Sets the proxy server retry parameters. add Adds a proxy server realm to the list.
  • 4-66 WS2000 Wireless Switch System Reference Guide 4.15 System Redundancy Commands redundancy system Displays the redundancy submenu. Syntax admin(system)> redundancy admin(system.redundancy)> The items available under this command are shown below. Command Description Ref. set Sets redundancy parameters. page 4-67 show Shows redundancy settings. page 4-69 quit Quits the CLI page 4-1 save Saves the configuration to system flash page 4-1 .. Goes to the parent menu page 4-1 / Goes to the root menu page 4-1
  • System CLI Commands Reference 4-674.15.1 System Redundancy set Command set System Redundancy Commands Sets the parameters for redundant switch mode. Syntax set [op_state|mode|heartbeat|revertdelay|redundancy|preempt|virtualip] set mode <mode> set op_state <state> set heartbeat <interval> set revertdelay <delay> set redundancy <subnet> <state> set preempt <mode> set virtualip <subnet> <ip> Parameters mode <mode> Sets the switch to the <mode> (primary or secondary). Indicates that the switch is either the primary or secondary (standby) switch when redundancy is enabled. This parameter can only be set if the op_state parameter is set to redundancy. op-state <state> Sets the redundancy operation state of the switch to one of the following <state>: • standalone—The switch has no redundancy capabilities and operates independently of any other WS 2000 switches on the network. This is the default setting. • redundancy—Two WS 2000 switches are connected, with one set as a primary and the other as a standby. • upgrade—The primary and standby switches must run the same version of the switch firmware for redundancy to work correctly. If the firmware on only one of the switches is updated, redundancy is disabled and the Operational State is automatically set to Upgrade. heartbeat <interval> Sets the heartbeat interval for the switch to <interval> (1–60) seconds. revertdelay <delay> Specifies the amount of time <delay> (1–20 minutes) after not receiving a heartbeat packet before the secondary (standby) switch will take over. redundancy <subnet> Sets the redundancy state <state> (enable or disable) for the subnet <subnet> <state> (s1, s2. s3, s4, s5, s6). preempt <mode> Enables to prevent system stand-by on redundant switches. <mode> can be enable or disable. virtualip <subnet> Sets the virtual IP address to <ip> for each redundant subnet <subnet>. <ip> Example admin(system.redundancy)>set mode standby can not set the value when the op_state is either upgrade or standalone admin(system.redundancy)>set op-state redundancy admin(system.redundancy)>set mode standby admin(system.redundancy)>
  • 4-68 WS2000 Wireless Switch System Reference Guide Related Commands show Displays the redundancy settings.
  • System CLI Commands Reference 4-694.15.2 System Redundancy show Command show System Redundancy Commands Displays the switch redundancy settings. Syntax show all Parameters None Example admin(system.redundancy)>show all redundancy configured mode : primary redundancy operational mode : VRRP daemon not running redundancy operational state : standalone heart beat interval : 3 seconds revert delay : 5 minutes heart beat interface : 1 Related Commands set Sets the redundancy settings.
  • 4-70 WS2000 Wireless Switch System Reference Guide 4.16 System SNMP Commands snmp system Displays the SNMP submenu. Syntax admin(system)> snmp admin(system.snmp)> The items available under this command are shown below. Command Description Ref. access Goes to the SNMP access submenu. page 4-71 traps Goes to the SNMP traps submenu. page 4-78 quit Quits the CLI page 4-1 save Saves the configuration to system flash page 4-1 .. Goes to the parent menu page 4-1 / Goes to the root menu page 4-1
  • System CLI Commands Reference 4-714.17 System SNMP Access Commands access System SNMP Commands Displays the SNMP access menu. Syntax admin(system.snmp)> access admin(system.snmp.access)> The items available under this command are shown below. Command Description Ref. add Adds SNMP access entries. page 4-72 delete Deletes SNMP access entries. page 4-74 list Lists SNMP access entries. page 4-76 show Shows SNMP v3 engine ID. page 4-77 quit Quits the CLI page 4-1 save Saves the configuration to system flash page 4-1 .. Goes to the parent menu page 4-1 / Goes to the root menu page 4-1
  • 4-72 WS2000 Wireless Switch System Reference Guide 4.17.1 System SNMP Access add Command add System SNMP Access Commands Adds SNMP access list entries. Syntax add [acl|v1v2c|v3] add acl <ip1> <ip2> add v1v2c <comm> <access> [<oid>|all] add v3 <user> <access> [<oid>|all] <sec> <auth> <pass1> <priv> <pass2> Parameters add acl <ip1> <ip2> Adds an entry to the SNMP access control list with <ip1> as the starting IP address and <ip2> and the ending IP address. v1v2c <comm> Adds an SNMP v1/v2c configuration. <access> [<oid>|all] • <comm> – The community (1–31 characters) • <access> – The read/write access set to (ro (read only) or rw (read/write) • <oid> – The Object Identifier. <oid> is a string of 1–127 numbers in dot notation, such as 2.3.4.5.6 or all for all objects. v3 <user> <access> Adds an SNMP v3 user definition. [<oid> / all] <sec> • <user> – The username (1–31 characters). <auth> <pass1> <priv> • <access> – The read/write access set to ro (read only) or rw (read/write) <pass2> • <oid> – The Object Identifier. <oid> is a string of 1–127 numbers in dot notation, such as 1.3.6.1 or all for all objects) • <sec> – The security type. <sec> is set to one of none, auth, or auth/priv. The following parameters must be specified if <sec> is set to auth/priv: • <auth> – The authentication algorithm. Can be one of md5 or sha1. Must be set if <sec> is set to auth or auth/priv. • <pass1> – The password (8–31 characters) for authentication. Must be provided if <sec> is set to auth or auth/priv. • <priv> – The privacy algorithm. Set to des or aes. Must be set if <sec> is set to auth/priv. • <pass2> – Privacy password (8–31 characters). Must be provided if <sec> is set to auth/priv. Example admin(system.snmp.access)>add acl 209.236.24.1 209.236.24.46 admin(system.snmp.access)>list acl ---------------------------------------------------------------- index start ip end ip ---------------------------------------------------------------- 1 209.236.24.1 209.236.24.46 admin(system.snmp.access)>add v3 fred rw 1.3.6.6 none admin(system.snmp.access)>list v3 all
  • System CLI Commands Reference 4-73index : 1username : fredaccess permission : read/writeobject identifier : 1.3.6.6security level : noneauth algorithm : md5auth password : ********privacy algorithm : desprivacy password : ********admin(system.snmp.access)>add v3 judy rw 1.3.6.1 auth/priv md5 changemedes changemetooadmin(system.snmp.access)>list v3 2index : 2username : judyaccess permission : read/writeobject identifier : 1.3.6.1security level : auth/privauth algorithm : md5auth password : ********privacy algorithm : desprivacy password : *******
  • 4-74 WS2000 Wireless Switch System Reference Guide 4.17.2 System SNMP Access delete Command delete System SNMP Access Commands Deletes SNMP access entries. Syntax delete [acl|v1v2c|v3] [<idx>|all] Parameters delete Deletes SNMP access entries. [acl|v1v2c|v3] • acl – Deletes SNMP access list entries [<idx>|all] • v1v2c – Deletes entries from the SNMP v1/v2 configuration list • v3 – Deletes entries from the SNMP v3 configuration list. • <idx> – Deletes entry with index <idx> • all – Deletes all entries. Example admin(system.snmp.access)>list acl ------------------------------------------------------------------------- index start ip end ip ------------------------------------------------------------------------- 1 209.236.24.1 209.236.24.46 admin(system.snmp.access)>delete acl all admin(system.snmp.access)>list acl ------------------------------------------------------------------------- index start ip end ip ------------------------------------------------------------------------- admin(system.snmp.access)>list v3 all index : 1 username : fred access permission : read/write object identifier : 1.3.6.6 security level : none auth algorithm : md5 auth password : ******** privacy algorithm : des privacy password : ******** index : 2 username : judy access permission : read/write object identifier : 1.3.6.1 security level : auth/priv auth algorithm : md5 auth password : ******** privacy algorithm : des privacy password : ********
  • System CLI Commands Reference 4-75admin(system.snmp.access)>delete v3 2admin(system.snmp.access)>list v3 allindex : 1username : fredaccess permission : read/writeobject identifier : 1.3.6.6security level : noneauth algorithm : md5auth password : ********privacy algorithm : desprivacy password : ********admin(system.snmp.access)>
  • 4-76 WS2000 Wireless Switch System Reference Guide 4.17.3 System SNMP Access list Command list System SNMP Access Commands Lists SNMP access entries. Syntax list [acl|v1v2c] list v3 [<idx>|all] Parameters list [acl|v1v2c] • acl – Lists SNMP access control list entries. • v1v2c – Lists SNMP v1/v2c configuration entries. list v3 [<idx>|all] Lists SNMP v3 user definition with index <idx>. all lists all SNMP v3 user definitions. Example admin(system.snmp.access)>list acl ---------------------------------------------------------------- index start ip end ip ---------------------------------------------------------------- 1 209.236.24.1 209.236.24.46 admin(system.snmp.access)>list v3 all index : 1 username : fred access permission : read/write object identifier : 1.3.6.6 security level : none auth algorithm : md5 auth password : ******** privacy algorithm : des privacy password : ******** admin(system.snmp.access)>list v3 2 index : 2 username : judy access permission : read/write object identifier : 1.3.6.1 security level : auth/priv auth algorithm : md5 auth password : ******** privacy algorithm : des privacy password : *******
  • System CLI Commands Reference 4-774.17.4 System SNMP Access show Command show System SNMP Access Commands Displays the SNMP v3 engine ID. Syntax show eid Parameters None Example admin(system.snmp.access)>show eid WS2000 snmp v3 engine id : 0000018457D71CDFF86FD8FC admin(system.snmp.access)>
  • 4-78 WS2000 Wireless Switch System Reference Guide 4.18 System SNMP Traps Commands traps System SNMP Commands Displays the SNMP traps submenu. Syntax admin(system.snmp)> traps admin(system.snmp.traps)> The items available under this command are shown below. Command Description Ref. add Adds SNMP trap entries. page 4-79 delete Deletes SNMP trap entries. page 4-81 list Lists SNMP trap entries. page 4-82 set Sets SNMP trap parameters. page 4-83 show Shows SNMP trap parameters. page 4-87 quit Quits the CLI page 4-1 save Saves the configuration to system flash page 4-1 .. Goes to the parent menu page 4-1 / Goes to the root menu page 4-1
  • System CLI Commands Reference 4-794.18.1 System SNMP Traps add Command add System SNMP Traps Commands Adds SNMP traps. Syntax add [v1v2c|v3] add v1v2c <ip> <port> <comm> <ver> add v3 <ip> <port> <user> <sec> <auth> <pass1> <priv> <pass2> Parameters v1v2c <ip> <port> Adds an SNMP v1/v2c trap entry. <comm> <ver> • <ip> – The destination IP address • <port> – The destination UDP port number. • <comm> – The community (1–31 characters) • <ver> – The SNMP version number. (v1 or v2) v3 <ip> <port> <user> Adds an SNMP v3 trap entry. <sec> <auth> <pass1> • <ip> – The destination IP address <priv> <pass2> • <port> – The destination UDP port number. • <user> – The username (1–31 characters). • <sec> – The security type. <sec> is set to one of none, auth, or auth/priv. The following parameters must be specified if <sec> is set to auth/priv: • <auth> – The authentication algorithm. Can be one of md5 or sha1. Must be set if <sec> is set to auth or auth/priv. • <pass1> – The password (8–31 characters) for authentication. Must be provided if <sec> is set to auth or auth/priv. • <priv> – The privacy algorithm. Set to des or aes. Must be set if <sec> is set to auth/priv. • <pass2> – Privacy password (8–31 characters). Must be provided if <sec> is set to auth/priv. Example admin(system.snmp.traps)>add v1v2 203.223.24.2 333 mycomm v1 admin(system.snmp.traps)>list v1v2c ---------------------------------------------------------------------- index dest ip dest port community version ---------------------------------------------------------------------- 1 203.223.24.2 333 mycomm v1 admin(system.snmp.traps)>add v1v2 209.255.32.1 334 jumbo v2 admin(system.snmp.traps)>list v1v2c ---------------------------------------------------------------------- index dest ip dest port community version ---------------------------------------------------------------------- 1 203.223.24.2 333 mycomm v1 2 209.255.32.1 334 jumbo v2
  • 4-80 WS2000 Wireless Switch System Reference Guide admin(system.snmp.traps)>add v3 192.168.103.3 80 bomuser auth md5 bomuser1 admin(system.snmp.traps)>add v3 182.168.103.4 80 blistuser auth/priv md5 blistuser des listuser admin(system.snmp.traps)>list v3 all index : 1 destination ip : 192.168.103.3 destination port : 80 username : bomuser security level : auth auth algorithm : md5 auth password : ******** privacy algorithm : des privacy password : ******** index : 2 destination ip : 182.168.103.4 destination port : 80 username : blistuser security level : auth/priv auth algorithm : md5 auth password : ******** privacy algorithm : des privacy password : ********
  • System CLI Commands Reference 4-814.18.2 System SNMP Traps delete Command delete System SNMP Traps Commands Deletes SNMP trap entries. Syntax delete [v1v2c|v3] [<idx>|all] Parameters delete Deletes SNMP access entries. [acl|v1v2c|v3] • acl – Deletes SNMP access list entries [<idx>|all] • v1v2c – Deletes entries from the SNMP v1/v2 configuration list • v3 – Deletes entries from the SNMP v3 configuration list. • <idx> – Deletes entry with index <idx> • all – Deletes all entries. Example admin(system.snmp.traps)>list v3 all index : 1 destination ip : 192.168.103.3 destination port : 80 username : bomuser security level : auth auth algorithm : md5 auth password : ******** privacy algorithm : des privacy password : ******** index : 2 destination ip : 182.168.103.4 destination port : 80 username : blistuser security level : auth/priv auth algorithm : md5 auth password : ******** privacy algorithm : des privacy password : ******** admin(system.snmp.traps)>delete v3 1 admin(system.snmp.traps)>list v3 all index : 1 destination ip : 182.168.103.4 destination port : 80 username : blistuser security level : auth/priv auth algorithm : md5 auth password : ******** privacy algorithm : des privacy password : ********
  • 4-82 WS2000 Wireless Switch System Reference Guide 4.18.3 System SNMP Traps list Command list System SNMP Traps Commands Lists SNMP trap entries. Syntax list v1v2c list v3 [<idx>|all] Parameters list v1v2c Lists SNMP v1/v2c traps entries. list v3 [<idx>|all] Lists SNMP v3 traps definition with index <idx>. all lists all SNMP v3 traps definitions. Example admin(system.snmp.traps)>list v1 ------------------------------------------------------------------------- index dest ip dest port community version ------------------------------------------------------------------------- 1 197.168.10.1 80 HTTPUser v2 2 197.168.10.2 1056 AllUsers v2 admin(system.snmp.traps)>list v3 all index : 1 destination ip : 182.168.103.4 destination port : 80 username : blistuser security level : auth/priv auth algorithm : md5 auth password : ******** privacy algorithm : des privacy password : ********
  • System CLI Commands Reference 4-834.18.4 System SNMP Traps set Command set System SNMP Traps Commands Sets SNMP trap parameters. Syntax set [cold|cfg|lowcf|port|dos-attack|snmp-auth|snmp-acl|mu-assoc| mu-unassoc|mu-deny-assoc|mu-deny-auth|ap-adopt|ap-unadopt| ap-denied-adopt|ap-radar|rogue-ap|hotspot-mu-state| user-login-failure|interface|admin-passwd-change|dyndns-update| wids-mu|wids-radio|wids-switch|ips] <mode> set cf-thresh <memory_kb> set min-pkt <pkt> set dos-rate-limit <seconds> set rate <rate> <scope> <value> Parameters set [cold|cfg|lowcf|port|dos-attack|snmp-auth|snmp-acl|mu-assoc|mu-unassoc| mu-deny-assoc|mu-deny-auth|ap-adopt|ap-unadopt|ap-denied-adopt|ap-radar| rogue-ap|hotspot-mu-state|user-login-failure|interface|admin-passwd-change| dyndns-update|wids-mu|wids-radio|wids-switch|ips] <mode> Sets the different SNMP parameters. <mode> can be one of enable or disable. • cold – Configuration changed trap • cfg – Configuration mode trap • lowcf – Low compact flash memory trap • port – Physical port status change trap • dos-attack – Denial of Service (DOS) attack trap • snmp-auth – Authentication failure trap • snmp-acl – SNMP ACL violation trap • mu-assoc – MU associated trap • mu-unassoc – MU un-associated trap • mu-deny-assoc – MU denied association trap • mu-deny-auth – MU authentication denied trap • ap-adop – AP adopted trap • ap-unadop – AP un-adopted trap • ap-denied-adopt – AP denied trap • ap-radar – AP radar trap • rogue-ap – Rogue AP trap • hotspot-mu-state – Hotspot MU change state trap • user-login-failure – User login failure trap • ips – Intrusion Prevention System trap • interface – Interface status change trap
  • 4-84 WS2000 Wireless Switch System Reference Guide • admin-passwd-change – Admin password change trap • dyndns-update – Dynamic DNS update trap • wids-mu – WIDS MU event trap • wids-radio – WIDS radio event trap • wids-switch – WIDS switch event trap • cf-thresh – Compact Flash memory trap • min-pkt – Packets required for rate traps to fire cf-thresh Sets the low memory on compact flash trap to the value <memory_kb> <memory_kb> (0 – 2147483647 kilobytes). min-pkt <pkt> Sets the minimum number of packets <pkt> required for the rate traps to fire. <pkt> can be a value in the range 0 – 65535. dos-rate-limit Sets the rate limit to <seconds> ((0 – 2147483647 seconds) for DOS traps. <seconds> rate <rate> Sets the rate value for rate and scope combination for DOS traps. <scope> <value> • <rate> – The rate value to monitor. Can be one of • pkts – packets greater than <value> (0 – 9999.99). • mbps – throughput greater than <value> (0 – 108.00) MBPS. • avg-bps – bit speed less than <value> (0 – 108.00) MBPS. • pct-nu – non unicast packets percentage greater than <value> (0 – 100.00) • avg-signal – negative average signal worse than <value> (0 – 100.00) • avg-retries – average retries greater than <value> (0 – 16.00) • pct–dropped – dropped packet percentage greater than <value> (0 – 100.00) • pct-undecrypted – undecryptable packet percentage greater than <value> (0 – 100.00) • assoc-mus – number of associated MUs greater than <value> (0 – 32.00 when scope is AP, 200.00 otherwise.) • <scope> – The scope where the rate applies to. <scope> can be one of switch, wlan, ap, mu) • <value> – The value in the range as specified for each <rate>. Allowed Range for <rate> Choices Interpretation <value> Allowed <scope> pkts Packets/second > <value> 0-9999.99 switch,wlan,ap,mu mbps Throughput > <value> 0-108.00 switch,wlan,ap,mu avg-bps Average bit speed in mbps < <value> 0-108.00 wlan,ap,mu pct-nu % not UNICAST > <value> 0-100.00 wlan,ap,mu avg-signal Negative average signal < <value> 0-100.00 wlan,ap,mu avg-retries Average retries > <value> 0-16.00 wlan,ap,mu pct-dropped % dropped packets > <value> 0-100.00 wlan,ap,mu pct-undecrypt % undecryptable > <value> 0-100.00 wlan,ap,mu assoc-mus Number of associated MUs > 0-200 switch,wlan,ap <value>
  • System CLI Commands Reference 4-85 NOTE: <value> can be a number with up to two decimal places, except for assoc_mus, which must be an integer.Exampleadmin(system.snmp.traps)>show trapSNMP System Trapssnmp cold start : disablesnmp config changed : disablelow compact flash memory : disableSNMP Network Trapsphysical port status change : disabledenial of service : disableSNMP Trapssnmp auth failure : disablesnmp acl violation : disableSNMP MU Trapsmu associated : disablemu unassociated : disablemu denied association : disablemu denied authentication : disableSNMP AP Trapsap adopted : disableap unadopted : disableap denied adoption : disableap radar detection : disableSNMP Trap Thresholdcompact flash memory threshold : 1024min packets required for rate trap: 800denial of service trap rate limit : 10admin(system.snmp.traps)>set cold enableadmin(system.snmp.traps)>set port enableadmin(system.snmp.traps)>set dos-attack enableadmin(system.snmp.traps)>set mu-unassoc enableadmin(system.snmp.traps)>set ap-radar enableadmin(system.snmp.traps)>set min-pkt 1000admin(system.snmp.traps)>show trapSNMP System Trapssnmp cold start : enablesnmp config changed : disablelow compact flash memory : disable
  • 4-86 WS2000 Wireless Switch System Reference Guide SNMP Network Traps physical port status change : enable denial of service : enable SNMP Traps snmp auth failure : disable snmp acl violation : disable SNMP MU Traps mu associated : disable mu unassociated : enable mu denied association : disable mu denied authentication : disable SNMP AP Traps ap adopted : disable ap unadopted : disable ap denied adoption : disable ap radar detection : enable SNMP Trap Threshold compact flash memory threshold : 1024 min packets required for rate trap: 1000 denial of service trap rate limit : 10 admin(system.snmp.traps)>
  • System CLI Commands Reference 4-874.18.5 System SNMP Traps show Command show System SNMP Traps Commands Shows SNMP trap parameters. Syntax show [trap|rate-trap] Parameters show [trap|rate-trap] Displays trap settings. • trap – Displays SNMP trap parameter settings. • rate-trap – Shows SNMP rate-trap parameter settings. Example admin(system.snmp.traps)>show trap SNMP System Traps snmp cold start : enable snmp config changed : disable low compact flash memory : disable SNMP Network Traps physical port status change : enable denial of service : enable SNMP Traps snmp auth failure : disable snmp acl violation : disable SNMP MU Traps mu associated : disable mu unassociated : enable mu denied association : disable mu denied authentication : disable SNMP AP Traps ap adopted : disable ap unadopted : disable ap denied adoption : disable ap radar detection : enable SNMP Trap Threshold compact flash memory threshold : 1024 min packets required for rate trap: 1000 denial of service trap rate limit : 10
  • 4-88 WS2000 Wireless Switch System Reference Guide admin(system.snmp.traps)>show rate-trap SNMP Switch Rate Traps pkts/s greater than : disable throughput(Mbps) greater than : disable num of associated mu greater than : disable SNMP Wlan Rate Traps pkts/s greater than : disable throughput(Mbps) greater than : disable avg bit speed(Mbps) less than : disable pct non-unicast greater than : disable -average signal worse than : disable average retry greater than : disable pct dropped greater than : disable pct undecryptable greater than : disable num of associated mu greater than : disable SNMP Portal Rate Traps pkts/s greater than : disable throughput(Mbps) greater than : disable avg bit speed(Mbps) less than : disable pct non-unicast greater than : disable -average signal worse than : disable average retry greater than : disable pct dropped greater than : disable pct undecryptable greater than : disable num of associated mu greater than : disable SNMP Mu Rate Traps pkts/s greater than : disable throughput(Mbps) greater than : disable avg bit speed(Mbps) less than : disable pct non-unicast greater than : disable -average signal worse than : disable average retry greater than : disable pct dropped greater than : disable pct undecryptable greater than : disable admin(system.snmp.traps)>
  • System CLI Commands Reference 4-894.19 System SSH Commands ssh system Displays the secure shell (SSH) submenu. Syntax admin(system)> ssh admin(system.ssh)> The items available under this command are shown below. Command Description Ref. set Sets SSH parameters page 4-90 show Shows SSH parameters. page 4-91 save Saves the configuration to system flash page 4-1 .. Goes to the parent menu page 4-1 / Goes to the root menu page 4-1
  • 4-90 WS2000 Wireless Switch System Reference Guide 4.19.1 System SSH set Command set System SSH Commands Sets secure shell parameters for system access. Syntax set auth-timeout <authentication timeout> set inactive-timeout <inactive timeout> Parameters auth-timeout Sets the maximum time <authentication timeout> (0–65535 seconds) allowed for <authentication SSH authentication to occur before executing a timeout. timeout> inactive-timeout Sets the maximum amount of inactive time <inactive timeout> (0–65535 seconds) <inactive timeout> for an SSH connection before a timeout occurs and the user is dropped. Example admin(system.ssh)>set auth-timeout 60 admin(system.ssh)>set inactiv 2000 admin(system.ssh)>show all Authentication Timeout : 60 SSH Client Inactivity Timeout : 2000 admin(system.ssh)> Related Commands show all Shows the SSH parameter values.
  • System CLI Commands Reference 4-914.19.2 System SSH show Command show System SSH Commands Shows secure shell timeout parameters. Syntax show all Parameters None Example admin(system.ssh)>set auth-timeout 60 admin(system.ssh)>set inactiv 2000 admin(system.ssh)>show all Authentication Timeout : 60 SSH Client Inactivity Timeout : 2000 admin(system.ssh)> Related Commands set Sets the values for the secure shell timeout parameters.
  • 4-92 WS2000 Wireless Switch System Reference Guide 4.20 System User Database Commands userdb system Displays the userdb submenu. Syntax admin(system)> userdb admin(system.userdb)> The items available under this command are shown below. Command Description Ref. user Goes to the user submenu. page 4-103 group Goes to the group submenu. page 4-93 quit Quits the CLI page 4-1 save Saves the configuration to system flash page 4-1 .. Goes to the parent menu page 4-1 / Goes to the root menu page 4-1
  • System CLI Commands Reference 4-934.21 System User Database Group Commands group System User Database Commands Displays the group submenu. Syntax admin(system.userdb)> group admin(system.userdb.group)> The items available under this command are shown below. Command Description Ref. create Creates a new group. page 4-95 delete Deletes a group. page 4-96 clearall Deletes all the listed groups page 4-98 add Adds a user to a group. page 4-94 remove Removes a user from a group. page 4-99 set Sets group parameters. page 4-100 show Shows the existing groups. page 4-102 quit Quits the CLI page 4-1 save Saves the configuration to system flash page 4-1 .. Goes to the parent menu page 4-1 / Goes to the root menu page 4-1
  • 4-94 WS2000 Wireless Switch System Reference Guide 4.21.1 System Userdb Group add Command add System User Database Group Commands Adds a user to a group. Syntax add <userid> <group> Parameters add <userID> Adds the user specified by <userID> to the group <groupID>. <userID> must <groupID> already be defined in the database. User the add command from the (system.userdb.users) menu to add a new user. Example admin(system.userdb.group)>add fred g1 admin(system.userdb.group)>add joe g1 admin(system.userdb.group)>add joe g2 admin(system.userdb.group)>show user g1 List of Users of Group : fred joe admin(system.userdb.group)>show user g2 List of Users of Group : joe Related Commands show users Displays a list of users in a group.
  • System CLI Commands Reference 4-954.21.2 System Userdb Group create Command create System User Database Group Commands Creates a new group. Syntax create <group> <vlan-id> Parameters create <group> <vlan-id> Creates a new group with the ID <group>. <group> can be an alphanumeric string. Users in the group are automatically assigned the vlan-id as specified by <vlan-id>. Example: admin(system.userdb.group)>create g1 10 admin(system.userdb.group)>show groups List of Group Names : Groupname : g1 Guest Group : NO VanId : 10 Start Time : 0000 Expiry Time : 2359 Access on Days : All admin(system.userdb.group)> Related Commands delete Deletes a group. show groups Displays a list of groups in the database.
  • 4-96 WS2000 Wireless Switch System Reference Guide 4.21.3 System Userdb Group delete Command delete System User Database Group Commands Deletes a group from the database. Syntax delete <group> Parameters delete <groupID> Deletes the group <group> from the database. A warning occurs if there are still users assigned to that group. Example admin(system.userdb.group)>show groups List of Group Names : Groupname : g1 Guest Group : NO VanId : 10 Start Time : 0000 Expiry Time : 2359 Access on Days : All Groupname : g2 Guest Group : NO VanId : 6 Start Time : 0000 Expiry Time : 2359 Access on Days : All Groupname : g3 Guest Group : NO VanId : 1 Start Time : 0000 Expiry Time : 2359 Access on Days : All admin(system.userdb.group)>delete g2 admin(system.userdb.group)>show groups List of Group Names : Groupname : g1 Guest Group : NO VanId : 10 Start Time : 0000 Expiry Time : 2359 Access on Days : All Groupname : g3 Guest Group : NO
  • System CLI Commands Reference 4-97 VanId : 1 Start Time : 0000 Expiry Time : 2359 Access on Days : AllRelated Commandsadd Adds users to a group.show user Displays a list of users in a group.
  • 4-98 WS2000 Wireless Switch System Reference Guide 4.21.4 System Userdb Group clearall Command clearall System User Database Group Commands Clears all the groups in the Groups list. Before clearing all the groups, ensure that no user account is associated to the groups. Syntax clearall Parameters None Example admin(system.userdb.group)>show groups List of Group Names : Groupname : g1 Guest Group : NO VanId : 10 Start Time : 0000 Expiry Time : 2359 Access on Days : All Groupname : g3 Guest Group : NO VanId : 1 Start Time : 0000 Expiry Time : 2359 Access on Days : All Groupname : g2 Guest Group : NO VanId : 15 Start Time : 0000 Expiry Time : 2359 Access on Days : All admin(system.userdb.group)>clearall admin(system.userdb.group)>show groups List of Group Names : No Groups admin(system.userdb.group)>
  • System CLI Commands Reference 4-994.21.5 System Userdb Group remove Command remove System User Database Group Commands Removes a user from a group. Syntax remove <userid> <group> Parameters remove <userid> Removes the user <userid> from the group <group>. <group> Example admin(system.userdb.group)>show users g1 List of Users of Group : John Jane admin(system.userdb.group)>remove Jane g1 admin(system.userdb.group)>show users g1 List of Users of Group : John admin(system.userdb.group)> Related Commands add Adds a user to a group. show users Shows a list of users in a group.
  • 4-100 WS2000 Wireless Switch System Reference Guide 4.21.6 System Userdb Group set Command set System User Database Group Commands Sets the different group parameters. Syntax set [vlan|day-access|guest-group|start-time|end-time] set [start-time|end-time} <time> set vlan <group> <vlan> set day-access <group> [all|weekdays|<days>] set guest-group <group> Parameters vlan <group> <vlan> Sets the vlan id of a group <group> to <vlan> (1 – 4094). start-time <group> Sets the time when a user belonging to a group <group> can start authenticating <time> (login) with the WS2000. Start-time is in 24hr format. end-time <group> Sets the time after which a user belonging to a group <group> cannot <time> authentica