Motorola Solutions WiNG 5.2.
MOTOROLA SOLUTIONS WING 5.2.
ii WiNG 5.2.6 Wireless Controller CLI Reference Guide No part of this publication may be reproduced or used in any form, or by any electrical or mechanical means, without permission in writing from Motorola Solutions. This includes electronic or mechanical means, such as photocopying, recording, or information storage and retrieval systems. The material in this manual is subject to change without notice. The software is provided strictly on an “as is” basis.
iii Revision History Changes to the original guide are listed below: Change Revision A Date June 2012 Description Manual updated to the WiNG 5.2.
iv WiNG 5.2.
TABLE OF CONTENTS ABOUT THIS GUIDE Chapter 1, INTRODUCTION 1.1 CLI Overview ...........................................................................................................................................................1-2 1.2 Getting Context Sensitive Help ..............................................................................................................................1-6 1.3 Using the No Command .......................................................................................
vi WiNG 5.2.6 Wireless Controller CLI Reference Guide 2.1.11 exit ............................................................................................................................................................2-29 2.1.12 join-cluster ................................................................................................................................................2-30 2.1.13 logging ...................................................................................................
Table of Contents vii 3.1.31 pwd ............................................................................................................................................................3-55 3.1.32 reload ........................................................................................................................................................3-56 3.1.33 remote-debug .............................................................................................................................
viii WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.22.2 dns-whitelist-mode-commands ......................................................................................................4-64 4.1.23 do ..............................................................................................................................................................4-67 4.1.24 end ..............................................................................................................................
Table of Contents ix 5.1.7 revert ...........................................................................................................................................................5-13 5.1.8 service .........................................................................................................................................................5-14 5.1.9 show .....................................................................................................................................
x WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.40 running-config ...........................................................................................................................................6-63 6.1.41 session-changes .......................................................................................................................................6-67 6.1.42 session-config ..........................................................................................................
Table of Contents xi 7.1.21.2 interface config instance .................................................................................................................7-69 7.1.21.3 interface vlan instance ....................................................................................................................7-88 7.1.21.4 interface radio instance ..................................................................................................................7-98 7.1.22 led ..................
xii WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.2.17 remove-override ......................................................................................................................................7-210 7.2.18 rsa-key .....................................................................................................................................................7-212 7.2.19 sensor-server .....................................................................................................
Table of Contents xiii 12.1.2 no ...............................................................................................................................................................12-9 12.1.3 permit ......................................................................................................................................................12-15 12.2 mac-access-list ..........................................................................................................................
xiv WiNG 5.2.6 Wireless Controller CLI Reference Guide Chapter 16, MANAGEMENT-POLICY 16.1 management-policy ............................................................................................................................................16-2 16.1.1 aaa-login ...................................................................................................................................................16-3 16.1.2 banner ..........................................................................
Table of Contents xv Chapter 19, ROLE-POLICY 19.1 role-policy ..........................................................................................................................................................19-2 19.1.1 default-role ................................................................................................................................................19-3 19.1.2 no ..............................................................................................................
xvi WiNG 5.2.6 Wireless Controller CLI Reference Guide 22.1.8 voice-prioritization .................................................................................................................................22-14 22.1.9 wmm .......................................................................................................................................................22-15 Chapter 23, INTERFACE-RADIO COMMANDS 23.1 interface-radio Instance ........................................................
Table of Contents xvii 24.1.3 authorization .............................................................................................................................................24-8 24.1.4 no .............................................................................................................................................................24-10 Chapter 25, FIREWALL LOGGING 25.1 Firewall Log Terminology and Syslog Severity Levels .............................................................
xviii WiNG 5.2.
ABOUT THIS GUIDE This manual supports the following Wireless Controllers and connected Access Points: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 This section is organized into the following: • Document Conventions • Notational Conventions
xx WiNG 5.2.6 Wireless Controller CLI Reference Guide Document Conventions The following conventions are used in this document to draw your attention to important information: NOTE: Indicates tips or special requirements. ! CAUTION: Indicates conditions that can cause equipment damage or data loss. WARNING! Indicates a condition or procedure that could result in personal injury or equipment damage. Switch Note: Indicates caveats unique to a RFS7000, RFS6000, RFS4000, NX9000, or NX9500.
Getting Started with the Mobile Computer xxi Notational Conventions The following notational conventions are used in this document: • Italics are used to highlight specific items in the general text, and to identify chapters and sections in this and related documents • Bullets (•) indicate: • lists of alternatives • lists of required steps that are not necessarily sequential • action items • Sequential lists (those describing step-by-step procedures) appear as numbered lists Understanding Command Syntax <
xxii WiNG 5.2.6 Wireless Controller CLI Reference Guide [] Of the different keywords and variables listed inside a ‘[‘ & ‘]’ pair, only one can be used. Each choice in the list is separated with a ‘|’ (pipe) symbol. For example, the command rfs7000-37FABE# clear ...
Getting Started with the Mobile Computer () Any command/keyword/variable or a combination of them inside a ‘(‘ & ‘)’ pair are recursive. All recursive commands can be listed in any order and can be used once along with the rest of the commands. For example, the command crypto pki export request generate-rsa-key test autogen-subject-name ...
xxiv WiNG 5.2.6 Wireless Controller CLI Reference Guide Motorola Solutions Enterprise Mobility Support Center If you have a problem with your equipment, contact Motorola Solutions Enterprise Mobility Support for your region. Contact information is available by visiting the URL: http://supportcentral.motorola.
Getting Started with the Mobile Computer xxv Motorola Solutions End-User Software License Agreement THIS MOTOROLA SOLUTIONS END-USER SOFTWARE LICENSE AGREEMENT (“END-USER LICENSE AGREEMENT”) IS BETWEEN MOTOROLA SOLUTIONS INC. (HEREIN “MOTOROLA SOLUTIONS”) AND END-USER CUSTOMER TO WHOM MOTOROLA SOLUTIONS’ PROPRIETARY SOFTWARE OR MOTOROLA SOLUTIONS PRODUCTS CONTAINING EMBEDDED, PRE-LOADED, OR INSTALLED SOFTWARE (“PRODUCTS”) IS MADE AVAILABLE.
xxvi WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1 End-User Customer may use the Software only for End-User Customer’s internal business purposes and only in accordance with the Documentation. Any other use of the Software is strictly prohibited and will be deemed a breach of this End-User License Agreement.
Getting Started with the Mobile Computer xxvii 7.1 No maintenance or support is provided under this End-User License Agreement. Maintenance or support, if available, will be provided under a separate Motorola Solutions Software maintenance and support agreement. 8. LIMITED WARRANTY AND LIMITATION OF LIABILITY 8.
xxviii WiNG 5.2.6 Wireless Controller CLI Reference Guide not include a Restricted Rights notice, or other notice referring to this End-User License Agreement. The provisions of this End-User License Agreement will continue to apply, but only to the extent that they are consistent with the rights provided to the End-User Customer under the provisions of the FAR and DFARS mentioned above, as applicable to the particular procuring agency and procurement transaction. 11. GENERAL 11.1 Copyright Notices.
CHAPTER 1 INTRODUCTION This chapter describes the commands available using the wireless controller Command Line Interface (CLI). CLI is available for wireless controllers as well as access points (APs). Access the CLI by using: • A terminal emulation program running on a computer connected to the serial port on the wireless controller. The serial port is located on the front of the wireless controller. • A Telnet session through Secure Shell (SSH) over a network.
1-2 WiNG 5.2.6 Wireless Controller CLI Reference Guide Examples in this reference guide Examples used in this reference guide are generic to the each supported wireless controller model and AP. Commands that are not common, are identified using the notation “Supported in the following platforms.” For an example, see below: Supported in the following platforms: • Wireless Controller — RFS6000 The above example indicates the command is only available for a RFS6000 model wireless controller. 1.
INTRODUCTION 1-3 Command Modes A session generally begins in the USER EXEC mode (one of the two access levels of the EXEC mode). For security, only a limited subset of EXEC commands are available in the USER EXEC mode. This level is reserved for tasks that do not change the wireless controller configuration. rfs7000-37FABE> The system prompt signifies the device name and the last three bytes of the device MAC address.
1-4 WiNG 5.2.6 Wireless Controller CLI Reference Guide Table 1.
INTRODUCTION Table 1.
1-6 WiNG 5.2.6 Wireless Controller CLI Reference Guide 1.2 Getting Context Sensitive Help Enter a question mark (?) at the system prompt to display a list of commands available for each mode. Obtain a list of arguments and keywords for any command using the CLI context-sensitive help.
INTRODUCTION 1-7 Enter a question mark (?) (in place of a keyword or argument) to list keywords or arguments. Include a space before the “?”. This form of help is called command syntax help. It shows the keywords or arguments available based on the command/keyword and argument already entered.
1-8 WiNG 5.2.6 Wireless Controller CLI Reference Guide 1.4 Using CLI Editing Features and Shortcuts A variety of shortcuts and edit features are available. The following describe these features: • Moving the Cursor on the Command Line • Completing a Partial Command Name • Command Output pagination 1.4.1 Moving the Cursor on the Command Line Table 1.2 on page 1-8 Shows the key combinations or sequences to move the command line cursor.
INTRODUCTION 1-9 Table 1.2 Keystrokes Details Keystrokes Function Summary Function Details Ctrl-T Transposes the character to the left of the cursor with the character located at the cursor Ctrl-L Clears the screen 1.4.2 Completing a Partial Command Name If you cannot remember a command name (or if you want to reduce the amount of typing you have to perform), enter the first few letters of a command, then press the Tab key.
1 - 10 WiNG 5.2.6 Wireless Controller CLI Reference Guide 1.4.4 Creating Profiles Profiles are sort of a ‘template’ representation of configuration.
INTRODUCTION 1 - 11 1.4.6 Remote Administration A terminal server may function in remote administration mode if either the terminal services role is not installed on the machine or the client used to invoke the session has enabled the admin wireless controller. • A terminal emulation program running on a computer connected to the serial port on the wireless controller. The serial port is located on the front of the wireless controller. • A Telnet session through a Secure Shell (SSH) over a network.
1 - 12 WiNG 5.2.6 Wireless Controller CLI Reference Guide snmp-server community 0 private rw snmp-server user snmptrap v3 encrypted des auth md5 0 motorola snmp-server user snmpoperator v3 encrypted des auth md5 0 operator snmp-server user snmpmanager v3 encrypted des auth md5 0 motorola rfs6000-380649(config-management-policy-default)# 2. Logon to the Telnet console and provide the user details configured in the previous step to access the wireless controller. RFS7000 release 5.2.6.
CHAPTER 2 USER EXEC MODE COMMANDS Logging in to the wireless controller places you within the USER EXEC command mode. Typically, a login requires a user name and password. You have three login attempts before the connection attempt is refused. USER EXEC commands (available at the user level) are a subset of the commands available at the privileged level. In general, USER EXEC commands allow you to connect to remote devices, perform basic tests and list system information.
2-2 WiNG 5.2.6 Wireless Controller CLI Reference Guide 2.1 User Exec Mode Commands Table 2.1 summarizes User Exec Mode commands. Table 2.
USER EXEC MODE COMMANDS 2-3 Table 2.
2-4 WiNG 5.2.6 Wireless Controller CLI Reference Guide 2.1.1 ap-upgrade user exec mode commands Enables an automatic firmware upgrade on an adopted AP or a set of APs. APs of the same type can be upgraded together. Once APs have been upgraded, they can be forced to reboot. This command also loads the firmware on to the wireless controller. The AP upgrade command also upgrades APs in a specified RF Domain.
USER EXEC MODE COMMANDS upgrade-time
2-6 WiNG 5.2.
USER EXEC MODE COMMANDS 2-7 [all|ap621|ap622|ap650| ap6511|ap6521|ap6532| ap71xx|ap81xx] After specifying the RF Domain, select the AP type.
2-8 WiNG 5.2.6 Wireless Controller CLI Reference Guide 2.1.2 change-passwd user exec mode commands Changes the password of a logged user. When this command is executed without any parameters, the password can be changed interactively.
USER EXEC MODE COMMANDS 2-9 2.1.3 clear user exec mode commands Clears parameters, cache entries, table entries, and other similar entries. The clear command is available for specific commands only. The information cleared using this command varies depending on the mode where the clear command is executed.
2 - 10 WiNG 5.2.
USER EXEC MODE COMMANDS 2 - 11 interface [| ge <1-4>|me1| port-channel <1-2>| vlan <1-4094>] Optional. Clears spanning tree protocols on different interfaces • – Clears information on a specified interface. Specify the interface name. • ge <1-4> – Clears GigabitEthernet interface information. Select the GigabitEthernet interface index from 1 - 4.
2 - 12 WiNG 5.2.6 Wireless Controller CLI Reference Guide 2.1.
USER EXEC MODE COMMANDS 2 - 13 2.1.5 cluster user exec mode commands Initiates cluster context. The cluster context provides centralized management to configure all cluster members from any one member. Commands executed under this context are executed on all members of the cluster.
2 - 14 WiNG 5.2.6 Wireless Controller CLI Reference Guide 2.1.
USER EXEC MODE COMMANDS 2 - 15 2.1.
2 - 16 WiNG 5.2.6 Wireless Controller CLI Reference Guide 2.1.8 crypto user exec mode commands Enables RSA Keypair management. Use this command to generate, delete, export, or import an RSA Keypair. It encrypts the RSA Keypair before an export operation. This command also enables Public Key Infrastructure (PKI) management.
USER EXEC MODE COMMANDS 2 - 17 crypto pki import [certificate|crl|trustpoint] crypto pki import [certificate|crl] {background {on }|on }] crypto pki import trustpoint {background {on }|on |passphrase {background {on }|on } crypto pki zeroise trustpoint {del-key {on }| on } Parameters • crypto key export rsa
2 - 18 WiNG 5.2.6 Wireless Controller CLI Reference Guide • crypto key export rsa {passphrase } {background {on }|on } key Enables RSA Keypair management. Use this command to export, import, generate, or delete a RSA key. export rsa Exports a RSA Keypair to a specified destination • – Specify the RSA Keypair name.
USER EXEC MODE COMMANDS 2 - 19 {on } Specify the RSA Keypair source address in the following format: tftp://[:port]/path/file ftp://:@[:port]/path/file sftp://@[:port]>/path/file http://[:port]/path/file cf:/path/file usb:/path/file • on – Optional. Performs the import operation on a specified device • – Specify the name of the AP or wireless controller.
2 - 20 WiNG 5.2.6 Wireless Controller CLI Reference Guide {passphrase} Specify the RSA Keypair source address in the following format: tftp://[:port]/path/file ftp://:@[:port]/path/file sftp://@[:port]>/path/file http://[:port]/path/file cf:/path/file usb:/path/file • passphrase – Optional.
USER EXEC MODE COMMANDS 2 - 21 • crypto pki request [generate-rsa-key|use-rsa-key] autogen-subject-name [|email |fqdn | ip-address ] pki Enables PKI management. Use this command to authenticate, export, generate, or delete a trustpoint and its associated CA certificates. request Sends a Certificate Signing Request (CSR) to the CA for digital identity certificate. The CSR contains the applicant’s details and the RSA Keypair’s public key.
2 - 22 WiNG 5.2.6 Wireless Controller CLI Reference Guide [generate-rsa-key| use-rsa-key] Generates a new RSA Keypair or uses an existing RSA Keypair • generate-rsa-key – Generates a new RSA Keypair for digital authentication • use-rsa-key – Uses an existing RSA Keypair for digital authentication • – If generating a new RSA Keypair, specify a name for it. If using an existing RSA Keypair, specify its name.
USER EXEC MODE COMMANDS 2 - 23 Specify the destination address in the following format: tftp://[:port]/path/file ftp://:@[:port]/path/file sftp://@[:port]>/path/file http://[:port]/path/file cf:/path/file usb:/path/file background {on } Optional. Performs the export operation in the background • on – Optional.
2 - 24 WiNG 5.2.6 Wireless Controller CLI Reference Guide ip-address Exports CSR to a specified device or system • – Specify the IP address of the CA. on Exports the CSR on a specified device • – Specify the name of the AP or wireless controller.
USER EXEC MODE COMMANDS 2 - 25 [certificate|crl] Imports a signed server certificate or CRL • certificate – Imports signed server certificate • crl – Imports CRL • – Specify the trustpoint name (should be authenticated).
2 - 26 WiNG 5.2.6 Wireless Controller CLI Reference Guide passphrase {background {on }| on } Optional. Encrypts the trustpoint with a passphrase before importing it • – Specify a passphrase. • background – Optional. Imports the encrypted trustpoint in the background • on – Optional. Imports the encrypted trustpoint on a specified device • – Specify the name of the AP or wireless controller.
USER EXEC MODE COMMANDS 2 - 27 2.1.9 disable user exec mode commands Turns off (disables) the privileged mode command set. This command returns to the User Executable mode.
2 - 28 WiNG 5.2.6 Wireless Controller CLI Reference Guide 2.1.10 enable user exec mode commands Turns on (enables) the privileged mode command set. This command does not do anything in the Privilege Executable mode.
USER EXEC MODE COMMANDS 2 - 29 2.1.
2 - 30 WiNG 5.2.6 Wireless Controller CLI Reference Guide 2.1.12 join-cluster user exec mode commands Adds a wireless controller, as a member, to an existing cluster of devices. Use this command to add a wireless controller to an existing cluster. Before a wireless controller can be added to a cluster, a static address must be assigned to it.
USER EXEC MODE COMMANDS 2 - 31 2.1.
2 - 32 WiNG 5.2.6 Wireless Controller CLI Reference Guide 2.1.
USER EXEC MODE COMMANDS 2 - 33 Examples rfs7000-37FABE>mint ping 70.37.FA.BF count 20 size 128 MiNT ping 70.37.FA.BF with 128 bytes of data. Response from 70.37.FA.BF: id=1 time=0.292 ms Response from 70.37.FA.BF: id=2 time=0.206 ms Response from 70.37.FA.BF: id=3 time=0.184 ms Response from 70.37.FA.BF: id=4 time=0.160 ms Response from 70.37.FA.BF: id=5 time=0.138 ms Response from 70.37.FA.BF: id=6 time=0.161 ms Response from 70.37.FA.BF: id=7 time=0.174 ms Response from 70.37.FA.BF: id=8 time=0.
2 - 34 WiNG 5.2.6 Wireless Controller CLI Reference Guide 2.1.15 no user exec mode commands Use the no command to revert a command or to set parameters to their default. This command is useful to turn off an enabled feature or set default values for a parameter. NOTE: The commands have their own set of parameters that can be reset.
USER EXEC MODE COMMANDS 2 - 35 on Optional. Disconnects clients on a specified device or RF Domain • – Specify the name of the AP, wireless controller, or RF Domain.
2 - 36 WiNG 5.2.
USER EXEC MODE COMMANDS 2 - 37 2.1.16 page user exec mode commands Toggles wireless controller paging. Enabling this command displays the CLI command output page by page, instead of running the entire output at once.
2 - 38 WiNG 5.2.6 Wireless Controller CLI Reference Guide 2.1.17 ping user exec mode commands Sends Internet Controller Message Protocol (ICMP) echo messages to a user-specified location Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax ping Parameters • ping Optional.
USER EXEC MODE COMMANDS 2 - 39 2.1.18 ssh user exec mode commands Opens a Secure Shell (SSH) connection between two network devices Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax ssh Parameters • ssh Specify the IP address or hostname of the remote system.
2 - 40 WiNG 5.2.6 Wireless Controller CLI Reference Guide 2.1.
USER EXEC MODE COMMANDS 2 - 41 2.1.
2 - 42 WiNG 5.2.6 Wireless Controller CLI Reference Guide 2.1.
USER EXEC MODE COMMANDS 2 - 43 2.1.
2 - 44 WiNG 5.2.6 Wireless Controller CLI Reference Guide 2.1.
CHAPTER 3 PRIVILEGED EXEC MODE COMMANDS Most PRIV EXEC commands set operating parameters. Privileged-level access should be password protected to prevent unauthorized use. The PRIV EXEC command set includes commands contained within the USER EXEC mode. The PRIV EXEC mode also provides access to configuration modes, and includes advanced testing commands. The PRIV EXEC mode prompt consists of the hostname of the device followed by a pound sign (#).
3-2 WiNG 5.2.
PRIVILEGED EXEC MODE COMMANDS 3-3 3.1 Privileged Exec Mode Commands Table 3.1 summarizes the PRIV EXEC Mode configuration commands. Table 3.
3-4 WiNG 5.2.6 Wireless Controller CLI Reference Guide Table 3.
PRIVILEGED EXEC MODE COMMANDS 3-5 3.1.1 ap-upgrade privileged exec config mode commands Enables an automatic firmware upgrade on an adopted AP or a set of APs. APs of the same type can be upgraded together. Once APs have been upgraded, they can be forced to reboot. This command also loads the firmware on to the wireless controller. The AP upgrade command also upgrades APs in a specified RF Domain.
3-6 WiNG 5.2.6 Wireless Controller CLI Reference Guide upgrade-time {no-reboot| reboot-time } Optional. Schedules an automatic firmware upgrade • – Specify the upgrade time in the MM/DD/YYYY-HH:MM or HH:MM format. After a scheduled upgrade, these actions can be performed. • no-reboot – Disables automatic reboot after a successful upgrade (the wireless controller must be manually restarted) • reboot-time – Optional. Schedules an automatic reboot after a successful upgrade.
PRIVILEGED EXEC MODE COMMANDS 3-7 • ap-upgrade cancel-upgrade [ap621|ap622|ap650|ap651|ap6521|ap6532|ap71XX|ap81XX]all cancel-upgrade [ap621|ap622|ap650| ap6511|ap6521| ap6532|ap71XX| ap81XX] all Cancels scheduled firmware upgrade on all adopted APs • AP621 all – Cancels scheduled upgrade on all AP621s • AP622 all – Cancels scheduled upgrade on all AP622s • AP650 all – Cancels scheduled upgrade on all AP650s • AP6511 all – Cancels scheduled upgrade on all AP6511s • AP6521 all – Cancels scheduled upgrade
3-8 WiNG 5.2.6 Wireless Controller CLI Reference Guide [all|ap621|ap622|ap650| ap6511|ap6521|ap6532| ap71XX|ap81XX] After specifying the RF Domain, select the AP type.
PRIVILEGED EXEC MODE COMMANDS 3-9 3.1.
3 - 10 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.
PRIVILEGED EXEC MODE COMMANDS 3 - 11 3.1.4 cd privileged exec config mode commands Changes the current directory Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax cd {
} Parameters • cd {} Optional. Changes the current directory to DIR. If a directory name is not provided, the system displays the current directory name.3 - 12 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.5 change-passwd privileged exec config mode commands Changes the password of a logged user. When this command is executed without any parameters, the password can be changed interactively.
PRIVILEGED EXEC MODE COMMANDS 3 - 13 3.1.6 clear privileged exec config mode commands Clears parameters, cache entries, table entries, and other entries. The clear command is available for specific commands only. The information cleared using this command varies depending on the mode where the clear command is executed.
3 - 14 WiNG 5.2.6 Wireless Controller CLI Reference Guide neighbors Clears CDP or LLDP neighbor table entries based on the option selected in the preceding step on Optional. Clears CDP or LLDP neighbor table entries on a specified device • – Specify the name of the AP or wireless controller.
PRIVILEGED EXEC MODE COMMANDS 3 - 15 Clears DHCP address binding entries on a specified DHCP server. Specify the DHCP server IP address.
3 - 16 WiNG 5.2.6 Wireless Controller CLI Reference Guide on The following parameters are common to all interfaces: • on – Specify the name of the AP or wireless controller. Examples rfs7000-37FABE>clear crypto isakmp sa 111.222.333.
PRIVILEGED EXEC MODE COMMANDS 3 - 17 3.1.
3 - 18 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.8 cluster privileged exec config mode commands Initiates the cluster context. The cluster context provides centralized management to configure all cluster members from any one member. Commands executed under this context are executed on all members of the cluster.
PRIVILEGED EXEC MODE COMMANDS 3 - 19 3.1.9 configure privileged exec config mode commands Enters the configuration mode. Use this command to enter the current device’s configuration mode, or enable configuration from the terminal.
3 - 20 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.
PRIVILEGED EXEC MODE COMMANDS 3 - 21 3.1.11 copy privileged exec config mode commands Copies a file (config,log,txt...etc) from any location to the wireless controller and vice-versa NOTE: Copying a new config file onto an existing running-config file merges it with the existing running-config on the wireless controller. Both the existing running-config and the new config file are applied as the current running-config.
3 - 22 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.
PRIVILEGED EXEC MODE COMMANDS 3 - 23 3.1.13 crypto privileged exec config mode commands Enables RSA Keypair management. Use this command to generate, delete, export, or import a RSA Keypair. It encrypts the RSA Keypair before an export operation. This command also enables Public Key Infrastructure (PKI) management.
3 - 24 WiNG 5.2.
PRIVILEGED EXEC MODE COMMANDS 3 - 25 • crypto key export rsa {passphrase } {background {on }|on } key Enables RSA Keypair management. Use this command to export, import, generate, or delete a RSA key. export rsa Exports a RSA Keypair to a specified destination • – Specify the RSA Keypair name.
3 - 26 WiNG 5.2.6 Wireless Controller CLI Reference Guide • crypto key import rsa {background} {on } key Enables RSA Keypair management. Use this command to export, import, generate, or delete a RSA key. import rsa Imports a RSA Keypair from a specified source • – Specify the RSA Keypair name.
PRIVILEGED EXEC MODE COMMANDS 3 - 27 zeroise rsa Deletes a specified RSA Keypair • – Specify the RSA Keypair name. force {on } Optional. Forces deletion of all certificates associated with the RSA Keypair • on – Optional. Forces deletion of all certificates on a specified device • – Specify the name of the AP or wireless controller.
3 - 28 WiNG 5.2.6 Wireless Controller CLI Reference Guide {background {on } Specify the CSR destination address in the following format: tftp://[:port]/path/file ftp://:@[:port]/path/file sftp://@[:port]>/path/file http://[:port]/path/file cf:/path/file usb:/path/file • background – Optional. Performs the export operation in the background • on – Optional.
PRIVILEGED EXEC MODE COMMANDS 3 - 29 {background {on } Specify the CSR destination address in the following format: tftp://[:port]/path/file ftp://:@[:port]/path/file sftp://@[:port]>/path/file http://[:port]/path/file cf:/path/file usb:/path/file • background – Optional. Performs the export operation in the background • on – Optional.
3 - 30 WiNG 5.2.6 Wireless Controller CLI Reference Guide passphrase {background {on }| on Optional. Encrypts key with a passphrase before exporting it • – Specify the passphrase. • background – Optional. Performs the export operation in the background • on – Optional. Performs the export operation on a specified device • – Specify the name of the AP or wireless controller.
PRIVILEGED EXEC MODE COMMANDS 3 - 31 [generate-rsa-key| use-rsa-key] Generates a new RSA Keypair, or uses an existing RSA Keypair • generate-rsa-key – Generates a new RSA Keypair for digital authentication • use-rsa-key – Uses an existing RSA Keypair for digital authentication • – If generating a new RSA Keypair, specify a name for it. If using an existing RSA Keypair, specify its name. subject-name Enter a subject name to identify the certificate.
3 - 32 WiNG 5.2.6 Wireless Controller CLI Reference Guide background {on } Optional. Performs the import operation in the background • on – Optional. Performs the import operation on a specified device • – Specify the name of the AP or wireless controller. on Optional. Performs the import operation on a specified device • – Enter the name of the AP or wireless controller.
PRIVILEGED EXEC MODE COMMANDS 3 - 33 on Optional. Deletes trustpoint on a specified device • – Specify the name of the AP or wireless controller.
3 - 34 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.
PRIVILEGED EXEC MODE COMMANDS 3 - 35 3.1.15 disable privileged exec config mode commands Turns off (disables) the privileged mode command set. This command returns to the User Executable mode.
3 - 36 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.
PRIVILEGED EXEC MODE COMMANDS 3 - 37 3.1.17 dir privileged exec config mode commands Lists files on a device’s file system Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax dir {/all|/recursive|
|all-filesystems} Parameters • dir {/all|/recursive||all-filesystems} /all Optional. Lists all files /recursive Optional.3 - 38 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.18 edit privileged exec config mode commands Edits a text file on the device’s file system Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax edit Parameters • edit Specify the name of the file to modify. Examples rfs7000-37FABE#edit startup-config GNU nano 1.2.
PRIVILEGED EXEC MODE COMMANDS 3 - 39 3.1.19 enable privileged exec config mode commands Turns on (enables) the privileged mode command set. This command does not do anything in the Privilege Executable mode.
3 - 40 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.
PRIVILEGED EXEC MODE COMMANDS 3 - 41 3.1.21 exit privileged exec config mode commands Ends the current CLI session and closes the session window For more information, see exit.
3 - 42 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.22 halt privileged exec config mode commands Stops (halts) a device or a wireless controller. Once halted, the system must be restarted manually. This command stops the device immediately. No indications or notifications are provided while the device shuts down.
PRIVILEGED EXEC MODE COMMANDS 3 - 43 3.1.23 join-cluster privileged exec config mode commands Adds a wireless controller to an existing cluster of devices. Use this command to add a new wireless controller to an existing cluster. Before a wireless controller can be added to a cluster, a static address must be assigned to it.
3 - 44 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.
PRIVILEGED EXEC MODE COMMANDS 3 - 45 3.1.25 mkdir privileged exec config mode commands Creates a new directory in the file system Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax mkdir
Parameters • mkdir Specify a directory name. Examples rfs7000-37FABE#dir Directory of flash:/.3 - 46 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.
PRIVILEGED EXEC MODE COMMANDS 3 - 47 Examples rfs7000-37FABE#mint ping 70.37.FA.BF count 20 size 128 MiNT ping 70.37.FA.BF with 128 bytes of data. Response from 70.37.FA.BF: id=1 time=0.292 ms Response from 70.37.FA.BF: id=2 time=0.206 ms Response from 70.37.FA.BF: id=3 time=0.184 ms Response from 70.37.FA.BF: id=4 time=0.160 ms Response from 70.37.FA.BF: id=5 time=0.138 ms Response from 70.37.FA.BF: id=6 time=0.161 ms Response from 70.37.FA.BF: id=7 time=0.174 ms Response from 70.37.FA.BF: id=8 time=0.
3 - 48 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.27 more privileged exec config mode commands Displays contents of a file on the device’s file system. This command navigates and displays specific files in the device’s file system. To do so, provide the complete path to the file. The more command also displays the startup configuration file.
PRIVILEGED EXEC MODE COMMANDS 3 - 49 3.1.28 no privileged exec config mode commands Use the no command to revert a command or set parameters to their default. This command is useful to turn off an enabled feature or set defaults for a parameter. The no commands have their own set of parameters that can be reset.
3 - 50 WiNG 5.2.6 Wireless Controller CLI Reference Guide Disconnects a specified client • – Specify the MAC address of the client. on Optional. Disconnects captive portal clients or a specified client on a specified device or RF Domain • – Specify the name of the AP, wireless controller, or RF Domain.
PRIVILEGED EXEC MODE COMMANDS 3 - 51 • no service mint silence no service mint silence Disables LEDs on AP300s or a specified device in the WLAN. It also resets the CLI table expand and MiNT protocol configurations. • mint – Resets MiNT protocol configurations.
3 - 52 WiNG 5.2.
PRIVILEGED EXEC MODE COMMANDS 3 - 53 3.1.29 page privileged exec config mode commands Toggles wireless controller paging. Enabling this command displays the CLI command output page by page, instead of running the entire output at once.
3 - 54 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.30 ping privileged exec config mode commands Sends Internet Controller Message Protocol (ICMP) echo messages to a user-specified location Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax ping Parameters • ping Optional. Specify the destination IP address to ping.
PRIVILEGED EXEC MODE COMMANDS 3 - 55 3.1.31 pwd privileged exec config mode commands Displays the full path of the present working directory, similar to the UNIX pwd command Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax pwd Parameters None Examples rfs7000-37FABE#pwd flash:/ rfs7000-37FABE#dir Directory of flash:/.
3 - 56 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.
PRIVILEGED EXEC MODE COMMANDS 3 - 57 3.1.
3 - 58 WiNG 5.2.6 Wireless Controller CLI Reference Guide rf-domain Specifies the RF Domain name write Captures the specified Smart RF report to a file.
PRIVILEGED EXEC MODE COMMANDS 3 - 59 3.1.34 rename privileged exec config mode commands Renames a file in the devices’ file system Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax rename Parameters • rename Specify the file to rename.
3 - 60 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.
PRIVILEGED EXEC MODE COMMANDS 3 - 61 3.1.36 self privileged exec config mode commands Displays the logged device’s configuration context Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax self Parameters None Examples rfs7000-37FABE#self Enter configuration commands, one per line. End with CNTL/Z.
3 - 62 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.
PRIVILEGED EXEC MODE COMMANDS 3 - 63 3.1.38 telnet privileged exec config mode commands Opens a Telnet session between two network devices Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax telnet {} Parameters • telnet {} Configures the remote system’s IP address or hostname.
3 - 64 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.
PRIVILEGED EXEC MODE COMMANDS 3 - 65 3.1.
3 - 66 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.
PRIVILEGED EXEC MODE COMMANDS 3 - 67 3.1.
3 - 68 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.
PRIVILEGED EXEC MODE COMMANDS 3 - 69 3.1.
3 - 70 WiNG 5.2.
CHAPTER 4 GLOBAL CONFIGURATION COMMANDS This chapter summarizes the global-configuration commands in the CLI command structure. The term global indicates characteristics or features effecting the system as a whole. Use the Global Configuration Mode to configure the system globally, or enter specific configuration modes to configure specific elements (such as interfaces or protocols). Use the configure terminal command (under PRIV EXEC) to enter the global configuration mode.
4-2 WiNG 5.2.
GLOBAL CONFIGURATION COMMANDS 4-3 4.1 Global Configuration Commands Table 4.1 summarizes Global Configuration Mode commands. Table 4.
4-4 WiNG 5.2.6 Wireless Controller CLI Reference Guide Table 4.
GLOBAL CONFIGURATION COMMANDS 4-5 Table 4.
4-6 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.1 aaa-policy global config mode commands Configures an Authentication, Accounting, and Authorization (AAA) policy. This policy configures multiple servers for authentication and authorization. Up to six servers can be configured for providing AAA services.
GLOBAL CONFIGURATION COMMANDS 4-7 4.1.2 aaa-tacacs-policy global config mode commands Configures an AAA Terminal Access Controller Access-Control System (TACACS) policy. This policy configures multiple servers for authentication and authorization. TACACS Authentication server should be configured when server preference is authenticated server.
4-8 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.3 advanced-wips-policy global config mode commands Configures advanced WIPS policy parameters. The Wireless Intrusion Prevention System (WIPS) prevents unauthorized access to a managed network.
GLOBAL CONFIGURATION COMMANDS 4-9 4.1.4 ap300 global config mode commands Adds a AP300 access point to the wireless controller managed network. If a profile for the AP is not available, a new profile is created. Supported in the following platforms: • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax ap300 {} Parameters • ap300 {} Optional. Specify the MAC address of the AP300.
4 - 10 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.5 ap621 global config mode commands Adds a AP621 access point to the wireless controller managed network. If a profile for the AP is not available, a new profile is created. Supported in the following platforms: • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax ap621 Parameters • ap621 Specify the MAC address of the AP621.
GLOBAL CONFIGURATION COMMANDS 4 - 11 4.1.6 ap622 global config mode commands Adds a AP622 access point to the wireless controller managed network. If a profile for the AP is not available, a new profile is created. Supported in the following platforms: • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax ap622 Parameters • ap622 Specify the MAC address of the AP622.
4 - 12 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.7 ap650 global config mode commands Adds a AP650 access point to the wireless controller managed network. If a profile for the AP is not available, a new profile is created. Supported in the following platforms: • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax ap650 Parameters • ap650 Specify the MAC address of the AP650.
GLOBAL CONFIGURATION COMMANDS 4 - 13 4.1.8 ap6511 global config mode commands Adds a AP6511 access point to the wireless controller network. If a profile for the AP is not available, a new profile is created. Supported in the following platforms: • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax ap6511 Parameters • ap6511 Specify the MAC address of the AP6511.
4 - 14 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.9 ap6521 global config mode commands Adds a AP6521 access point to the wireless controller network. If a profile for the AP is not available, a new profile is created. Supported in the following platforms: • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax ap6521 Parameters • ap6521 Specify the MAC address of the AP6521.
GLOBAL CONFIGURATION COMMANDS 4 - 15 4.1.10 ap6532 global config mode commands Adds a AP6532 access point to the wireless controller network. If a profile for the AP is not available, a new profile is created. Supported in the following platforms: • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax ap6532 Parameters • ap6532 Specify the MAC address of the AP6532.
4 - 16 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.11 ap71xx global config mode commands Adds a AP71XX series access point to the wireless controller network. If a profile for the AP is not available, a new profile is created. Supported in the following platforms: • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax ap71xx Parameters • ap71xx Specify the MAC address of the AP71XX.
GLOBAL CONFIGURATION COMMANDS 4 - 17 4.1.12 ap81xx global config mode commands Adds a AP81XX (AP8132) access point to the wireless controller network. If a profile for the AP is not available, a new profile is created. Supported in the following platforms: • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax ap81xx Parameters • ap81xx Specify the MAC address of the AP81XX.
4 - 18 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.13 association-acl-policy global config mode commands Configures an association ACL policy. This policy configures a list of devices allowed or denied access to the wireless controller managed network.
GLOBAL CONFIGURATION COMMANDS 4 - 19 4.1.14 auto-provisioning-policy global config mode commands Configures an auto provisioning policy. This policy is used to configure the automatic provisioning of device adoption. The policy configures how an AP is adopted based on its type.
4 - 20 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.15 captive portal global config mode commands The captive portal mode configures a hotspot. Table 4.2 lists captive portal configuration mode commands. Table 4.
GLOBAL CONFIGURATION COMMANDS 4 - 21 4.1.15.1 captive-portal captive portal Configures a captive portal. A captive portal is a hotspot type guest WLAN where users access wireless controller resources. For more information see, captive-portal-mode-commands.
4 - 22 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.15.2 captive-portal-mode-commands captive portal Table 4.3 summarizes captive portal configuration mode commands. Table 4.3 captive-portal mode commands Command Description Reference access-time Defines a client’s access time.
GLOBAL CONFIGURATION COMMANDS 4 - 23 4.1.15.2.1 access-time captive-portal-mode-commands Defines the permitted access time for a client. It is used when no session time is defined in the RADIUS response.
4 - 24 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.15.2.
GLOBAL CONFIGURATION COMMANDS 4 - 25 4.1.15.2.
4 - 26 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.15.2.4 connection-mode captive-portal-mode-commands Configures a captive portal’s connection mode. HTTP uses plain unsecured connection for user requests. HTTPS uses encrypted connection to support user requests.
GLOBAL CONFIGURATION COMMANDS 4 - 27 4.1.15.2.
4 - 28 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.15.2.6 inactivity-timeout captive-portal-mode-commands Defines an inactivity timeout in seconds. If a frame is not received from a client for the specified time interval, the current session is terminated.
GLOBAL CONFIGURATION COMMANDS 4 - 29 4.1.15.2.7 no captive-portal-mode-commands The no command disables captive portal mode commands or resets parameters to their default.
4 - 30 WiNG 5.2.
GLOBAL CONFIGURATION COMMANDS 4 - 31 welcome Resets the welcome page description Resets the description part of each Web page. This is the area where information about the captive portal and user state is displayed to the user. footer Resets the footer portion of each Web page.
4 - 32 WiNG 5.2.
GLOBAL CONFIGURATION COMMANDS 4 - 33 4.1.15.2.
4 - 34 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.15.2.
GLOBAL CONFIGURATION COMMANDS 4 - 35 4.1.15.2.
4 - 36 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.15.2.11 use captive-portal-mode-commands Configures a AAA policy and DNS whitelist with this captive portal policy. AAA policies are used to configure servers for this captive portal. DNS whitelists provide a method to restrict users to a set of configurable domains on the internet accessed through the captive portal. For more information on AAA policy, see Chapter 8, AAA-POLICY.
GLOBAL CONFIGURATION COMMANDS 4 - 37 4.1.15.2.12 webpage-location captive-portal-mode-commands Specifies the location of the Web pages used for authentication. These pages can either be hosted on the system or on an external Web server.
4 - 38 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.15.2.13 webpage captive-portal-mode-commands Configures Web pages displayed when interacting with a captive portal. There are four (4) different pages. • agreement – This page displays “Terms and Conditions” that a user needs to accept before allowed access to the captive portal. • fail – This page is displayed when the user is not authenticated to use the captive portal.
GLOBAL CONFIGURATION COMMANDS 4 - 39 footer Indicates the content is the footer portion of each internal, agreement, fail, and welcome page. The footer portion contains the signature of the organization that hosts the captive portal. header Indicates the content is the header portion of each internal, agreement, fail, and welcome page. The header portion contains the heading information for each of these pages.
4 - 40 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.16 clear global config mode commands Clears parameters, cache entries, table entries, and other similar entries. The clear command is available for specific commands only. The information cleared using this command varies depending on the mode where executed.
GLOBAL CONFIGURATION COMMANDS 4 - 41 4.1.17 critical-resource-policy global config mode commands Creates a critical resource monitoring policy. A critical resource is a device (wireless controller, router, gateway, etc.) considered critical to the health of the wireless controller. This is a list of IP addresses pinged regularly by the wireless controller. If there is a connectivity issue with a device on the critical resource list, an event is generated stating a critical resource is unavailable.
4 - 42 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.17.1 critical-resource-policy critical-resource-policy Creates or enters a Critical-resource Monitoring (CRM) policy. If the defined policy is not present, it is created.For more information see, critical-resource-policy-mode-commands.
GLOBAL CONFIGURATION COMMANDS 4 - 43 4.1.17.2 critical-resource-policy-mode-commands critical-resource-policy Table 4.5 summarizes critical resource monitoring policy configuration mode commands. Table 4.
4 - 44 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.17.2.1 monitor critical-resource-policy-mode-commands Monitors critical resources. Use this command to configure a critical policy and set the interval the availability of the critical resource is checked.
GLOBAL CONFIGURATION COMMANDS 4 - 45 4.1.17.2.2 no critical-resource-policy-mode-commands Removes a device from the critical resource list. This command also resets the ping interval to its default.
4 - 46 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.18 customize global config mode commands Customizes the output of the summary CLI commands. Use this command to define the data displayed as a result of various show commands.
GLOBAL CONFIGURATION COMMANDS 4 - 47 hostname <1-64> Includes the hostname column in the show wireless client command. The hostname column displays the hostname of the wireless client. • <1-64> – Specify the hostname column width from 1 - 64 characters. ip Includes the IP column in the show wireless client command. The IP column displays the current IP address of the wireless client. last-active Includes the last-active column in the show wireless client command.
4 - 48 WiNG 5.2.6 Wireless Controller CLI Reference Guide mac Includes the MAC column in the show wireless client statistics command. The MAC column displays the MAC address of the wireless client. rx-bytes Includes the rx-bytes column in the show wireless client statistics command. The rx-bytes column displays the total number of bytes received by the wireless client. rx-errors Includes the rx-error column in the show wireless client statistics command.
GLOBAL CONFIGURATION COMMANDS 4 - 49 signal Includes the signal column in the show wireless client statistics RF command. The signal column displays the signal strength at the particular wireless client. snr Includes the snr column in the show wireless client statistics RF command. The snr column displays the signal to noise ratio at the particular wireless client. t-index Includes the t-index column in the show wireless client statistics RF command.
4 - 50 WiNG 5.2.6 Wireless Controller CLI Reference Guide • customize show-wireless-radio-stats (radio-alias <3-67>,radio-id,radio-mac, rx-bytes,rx-errors,rx-packets,rx-throughput,tx-bytes,tx-dropped,tx-packets, tx-throughput) show-wireless-radiostats Customizes the columns displayed for the show wireless radio statistics command. radio-alias <3-67> Includes the radio-alias column in the show wireless radio statistics command.
GLOBAL CONFIGURATION COMMANDS 4 - 51 noise Includes the noise column in the show wireless radio statistics RF command. The mac column displays the noise as detected by the wireless radio. q-index Includes the q-index column in the show wireless client statistics RF command. The q-index column displays the RF quality index where a higher value indicates better RF quality. radio-alias <3-67> Includes the radio-alias column in the show wireless radio statistics RF command.
4 - 52 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.
GLOBAL CONFIGURATION COMMANDS 4 - 53 ap622 Filters out all devices other than AP622s ap650 Filters out devices other than AP650s ap6511 Filters out devices other than AP6511s ap6521 Filters out devices other than AP6521s ap6532 Filters out devices other than AP6532s ap71xx Filters out devices other than AP71XXs ap81xx Filters out devices other than AP81XXs rfs4000 Filters out devices other than RFS4000s rfs6000 Filters out devices other than RFS6000s rfs7000 Filters out devices other tha
4 - 54 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.20 device-categorization global config mode commands Categorizes devices as sanctioned or neighboring. Categorization of devices enables quick identification and blocking of rogue/unsanctioned devices in the wireless controller managed network. Table 4.6 lists device-categorization list configuration mode commands. Table 4.
GLOBAL CONFIGURATION COMMANDS 4 - 55 4.1.20.1 device-categorization device-categorization Configures a device categorization list. This list categorizes devices as sanctioned or neighboring. This information determines which devices are allowed access to the wireless controller managed network and which are rogue devices. If a device categorization list does not exist, it is created. For more information, see device-categorization-modecommands.
4 - 56 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.20.2 device-categorization-mode-commands device-categorization Table 4.7 summarizes device categorization configuration mode command. Table 4.
GLOBAL CONFIGURATION COMMANDS 4 - 57 4.1.20.2.1 mark-device device-categorization-mode-commands Adds a device to the device categorization list as sanctioned or neighboring. Devices are further classified as AP or client.
4 - 58 WiNG 5.2.
GLOBAL CONFIGURATION COMMANDS 4 - 59 4.1.20.2.
4 - 60 WiNG 5.2.
GLOBAL CONFIGURATION COMMANDS 4 - 61 4.1.21 dhcp-server-policy global config mode commands Configures DHCP server policy parameters, such as class, address range, and options. A new policy is created if it does not exist.
4 - 62 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.22 dns-whitelist global config mode commands Configures a whitelist of devices permitted to access the wireless controller managed network or a hotspot Table 4.8 lists DNS whitelist configuration mode commands. Table 4.
GLOBAL CONFIGURATION COMMANDS 4 - 63 4.1.22.1 dns-whitelist dns-whitelist Configures a DNS whitelist. A DNS whitelist is a list of domains allowed access to the wireless controller managed network. For more information, see dns-whitelist-mode-commands.
4 - 64 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.22.2 dns-whitelist-mode-commands dns-whitelist Table 4.9 summarizes DNS white list configuration mode commands. Table 4.
GLOBAL CONFIGURATION COMMANDS 4 - 65 4.1.22.2.1 permit dns-whitelist-mode-commands A whitelist is a list of host names and IP addresses permitted access to the wireless controller managed network or captive portal. This command adds a device by its hostname or IP address to the DNS whitelist.
4 - 66 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.22.2.
GLOBAL CONFIGURATION COMMANDS 4 - 67 4.1.23 do global config mode commands Use the do command to run commands from the EXEC mode. These commands perform tasks, such as clearing caches, setting device clock, upgrades etc. Generally use the do command to execute commands from the Privilege Executable or User Executable modes.
4 - 68 WiNG 5.2.
GLOBAL CONFIGURATION COMMANDS 4 - 69 Parameters • do ap-upgrade [|all|all|ap622|ap621|ap650|ap6511|ap6521|ap6532| ap71xx|ap81xx|load-image|rf-domain|cancel-upgrade] ap-upgrade Runs the ap-upgrade command For more information on the AP upgrade command, see ap-upgrade. • do archive tar [/create|/table|/xtract] [|] archive Runs the archive command For more information on the archive command, see archive.
4 - 70 WiNG 5.2.6 Wireless Controller CLI Reference Guide • do configure {terminal|self} configure [terminal|self] Changes the configuration mode For more information on the configure command, see configure. • do connect [|mint-id ] connect Connects to a remote device to configure it. This command uses a device’s hostname or its MiNT ID to connect. For more information on the connect command, see connect.
GLOBAL CONFIGURATION COMMANDS 4 - 71 • do enable enable Moves the mode to Privilege Exec mode For more information on the enable command, see enable. • do erase [flash:|nvram:|startup-config|usb1:] do erase [flash:|nvram:| startup-config|usb1] Erases the content of the specified storage device. Also erases the startup configuration to restore the device to its default. For more information on the erase command, see erase.
4 - 72 WiNG 5.2.6 Wireless Controller CLI Reference Guide • do more more Displays a file in the console window For more information on the more command, see more. • do no [adoption|captive-portal|crypto|debug|page|service|terminal|upgrade| wireless|logging] no [adoption| captive-portal|crypto| debug|page|service| terminal|upgrade| wireless|logging] Reverts or negates a command For more information on the no command, see the respective profiles and modes.
GLOBAL CONFIGURATION COMMANDS 4 - 73 • do self self Loads the configuration context of the device currently logged into For more information on the self command, see self.
4 - 74 WiNG 5.2.6 Wireless Controller CLI Reference Guide • do upgrade-abort {on } upgrade-abort {on } Aborts an upgrade in progress on the logged device or remote device For more information on the upgrade abort command, see upgrade-abort. • do watch watch Repeats a CLI command at a periodic interval For more information on the watch command, see watch.
GLOBAL CONFIGURATION COMMANDS 4 - 75 write Write running configuration to memory or terminal clrscr exit service show Clears the display screen Exit from the CLI Service Commands Show running system information rfs7000-37FABE(config)# Related Commands ap-upgrade Runs the ap update command archive Runs the archive command boot Configures the image used for the next boot cd Runs the command to change the present working directory change-passwd Changes the password for the current login user cl
4 - 76 WiNG 5.2.
GLOBAL CONFIGURATION COMMANDS 4 - 77 4.1.24 end global config mode commands Ends and exits the current mode and moves to the PRIV EXEC mode The prompt changes to the PRIV EXEC mode.
4 - 78 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.25 event-system-policy global config mode commands Configures how events are supported by the wireless controller. Each event can be configured individually to perform an action such as sending an e-mail or forwarding a notification to its parent wireless controller etc. Table 4.10 lists event system policy configuration mode commands. Table 4.
GLOBAL CONFIGURATION COMMANDS 4 - 79 4.1.25.1 event-system-policy event-system-policy Configures a system wide events handling policy. For more information, see event-system-policy-mode-commands.
4 - 80 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.25.2 event-system-policy-mode-commands event-system-policy Table 4.11 summarizes event system policy configuration mode commands. Table 4.
GLOBAL CONFIGURATION COMMANDS 4 - 81 4.1.25.2.
4 - 82 WiNG 5.2.
GLOBAL CONFIGURATION COMMANDS 4 - 83 captive-portal Configures captive portal (hotspot) related event messages • allow-access – Event client allowed access message • auth-failed – Event authentication failed message • auth-success – Event authentication success message • client-disconnect – Event client disconnected message • client-removed – Event client removed message • flex-log-access – Event flexible log access granted to client message • inactivity-timeout – Event client
4 - 84 WiNG 5.2.
GLOBAL CONFIGURATION COMMANDS 4 - 85 dot11 Configures 802.
4 - 86 WiNG 5.2.
GLOBAL CONFIGURATION COMMANDS 4 - 87 nsm Configures Network Service Module (NSM) related event message • dhcpc-err – Event DHCP certification error message • dhcpdefrt – Event DHCP defrt message • dhcpip – Event DHCP IP message • dhcpipchg – Event DHCP IP change message • dhcpipnoadd – Event DHCP IP overlaps static IP address message • dhcplsexp – Event DHCP lease expiry message • dhcpnak – Event DHCP server returned DHCP NAK response • ifdown – Event interface down message • i
4 - 88 WiNG 5.2.
GLOBAL CONFIGURATION COMMANDS 4 - 89 test Configures the test module related event messages • testalert – Event test alert message • testargs – Event test arguments message • testcrit – Event test critical message • testdebug – Event test debug message • testemerg – Event test emergency message • testerr – Event test error message • testinfo – Event test information message • testnotice – Event test notice message • testwarn – Event test warning message wips Configures the Wi
4 - 90 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.25.2.
GLOBAL CONFIGURATION COMMANDS 4 - 91 • • • • • • • • • • • • • • • • ap adv-wips-event-14 – Event adv-wips-event-14 message adv-wips-event-142 – Event adv-wips-event-142 message adv-wips-event-16 – Event adv-wips-event-16 message adv-wips-event-19 – Event adv-wips-event-19 message adv-wips-event-2 – Event adv-wips-event-2 message adv-wips-event-21 – Event adv-wips-event-21message adv-wips-event-220 – Event adv-wips-event-220 message adv-wips-event-221 – Event adv-wips-event-221
4 - 92 WiNG 5.2.
GLOBAL CONFIGURATION COMMANDS 4 - 93 dhcpsvr Resets DHCP server related event messages • dhcp-start – Event DHCP server started message • dhcpsvr-stop – Event DHCP sever stopped message • relay-iface-no-ip – Event no IP address on DHCP relay interface message • relay-no-iface – Event no interface for DHCP relay message • relay-start – Event relay agent started • relay-stop – Event DHCP relay agent stopped diag Resets diagnostics module related event messages • autogen-tech-spr
4 - 94 WiNG 5.2.6 Wireless Controller CLI Reference Guide dot11 Resets 802.
GLOBAL CONFIGURATION COMMANDS 4 - 95 filemgmt Resets file management module related event messages • http – Event HTTP message • httplocal – Event HTTP local message • https-start – Event HTTPS start message • https-wait – Event HTTPS wait message • httpstart – Event HTTP start message • keyadded – Event key added message • keydeleted – Event key deleted message • trustpointdeleted – Event trustpoint deleted message fwu Resets firmware update related event messages • fwuaborte
4 - 96 WiNG 5.2.
GLOBAL CONFIGURATION COMMANDS 4 - 97 smrt Resets SMART RF module related event messages • calibration-done – Event calibration done message • calibration-started – Event calibration started message • config-cleared – Configuration cleared event message • cov-hole-recovery – Event coverage hole recovery message • cov-hole-recovery-done – Event coverage hole recovery done message • interference-recovery – Event interference recovery message • neighbor-recovery – Event neighbor rec
4 - 98 WiNG 5.2.
GLOBAL CONFIGURATION COMMANDS 4 - 99 4.1.26 firewall-policy global config mode commands Configures a firewall policy. This policy defines a set of rules for managing network traffic and prevent unauthorized access to the network behind the firewall while allowing authorized devices access.
4 - 100 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.27 host global config mode commands Enters the configuration context of a remote device using its hostname Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax host Parameters • host Specify the device’s hostname.
GLOBAL CONFIGURATION COMMANDS 4 - 101 4.1.28 ip global config mode commands Configures IP access control lists Access lists define access to the wireless controller managed network using a set of rules. Each rule specifies an action taken when a packet matches a given set of rules. If the action is deny, the packet is dropped. If the action is permit, the packet is allowed.
4 - 102 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.29 mac global config mode commands Configures MAC access control lists Access lists define access to the wireless controller managed network using a set of rules. Each rule specifies an action taken when a packet matches a given set of rules. If the action is deny, the packet is dropped. If the action is permit, the packet is allowed.
GLOBAL CONFIGURATION COMMANDS 4 - 103 4.1.30 management-policy global config mode commands Configures a management policy. This policy configures parameters, such as services that run on a device, welcome messages, banners, and others.
4 - 104 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.
GLOBAL CONFIGURATION COMMANDS 4 - 105 4.1.32 nac-list global config mode commands Configures a policy, which configures a list of devices that can access a managed network based on their MAC addresses. Table 4.12 lists NAC list policy configuration mode commands. Table 4.
4 - 106 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.32.1 nac-list nac-list Configures a Network Access Control (NAC) list that controls access to the wireless controller managed network. For more information see, nac-list-mode-commands.
GLOBAL CONFIGURATION COMMANDS 4 - 107 4.1.32.2 nac-list-mode-commands nac-list Table 4.13 summarizes NAC list configuration mode commands. Table 4.
4 - 108 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.32.2.
GLOBAL CONFIGURATION COMMANDS 4 - 109 4.1.32.2.
4 - 110 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.32.2.
GLOBAL CONFIGURATION COMMANDS 4 - 111 4.1.
4 - 112 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.
GLOBAL CONFIGURATION COMMANDS 4 - 113 4.1.35 profile global config mode commands Configures profile related commands. If no parameters are given, all profiles are selected.
4 - 114 WiNG 5.2.6 Wireless Controller CLI Reference Guide • profile {containing } {filter type [ap621|ap622|ap650|ap6511|ap6521|ap6532|ap71xx|ap81xx|rfs4000|rfs6000| rfs7000|nx9000]} profile Configures device profile commands containing Optional. Configures profiles that contain a specified sub-string in the hostname • – Specify a substring in the profile name to filter profiles. filter type Optional.
GLOBAL CONFIGURATION COMMANDS 4 - 115 ap81xx Selects a AP81XX profile rfs4000 Selects a RFS4000 profile rfs6000 Selects a RFS6000 profile rfs7000 Selects a RFS7000 profile nx9000 Selects a NX9000 Series profile Examples rfs7000-37FABE(config)#profile RFS7000 test1 rfs7000-37FABE(config-profile-test1)#? Profile Mode commands: aaa VPN AAA authentication settings ap-upgrade AP firmware upgrade ap300 Adopt/unadopt AP300 device to this profile/device arp Address Resolution Protocol (ARP) auto-learn-s
4 - 116 WiNG 5.2.6 Wireless Controller CLI Reference Guide spanning-tree use vpn wep-shared-key-auth Spanning tree Set setting to use Vpn configuration Enable support for 802.
GLOBAL CONFIGURATION COMMANDS 4 - 117 4.1.36 radio-qos-policy global config mode commands Configures a radio quality-of-service (QoS) policy Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax radio-qos-policy Parameters • radio-qos-policy Specify the radio QoS policy name.
4 - 118 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.37 radius-group global config mode commands Configures RADIUS user group parameters Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax radius-group Parameters • radius-group Specify a RADIUS user group name.
GLOBAL CONFIGURATION COMMANDS 4 - 119 4.1.
4 - 120 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.
GLOBAL CONFIGURATION COMMANDS 4 - 121 4.1.40 rf-domain global config mode commands An RF Domain groups devices that can logically belong to one network. The RF Domain policy configures a set of parameters that enable devices configured quickly as belonging to a particular RF Domain. Table 4.14 lists RF Domain configuration mode commands. Table 4.
4 - 122 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.40.1 rf-domain rf-domain Creates a RF Domain or enters RF Domain context for one or more RF Domains. If the policy does not exist, it creates a new policy. For more information, see rf-domain-mode-commands.
GLOBAL CONFIGURATION COMMANDS 4 - 123 4.1.40.2 rf-domain-mode-commands rf-domain This section describes the default commands under RF Domain. Table 4.15 summarises RF Domain configuration mode commands. Table 4.
4 - 124 WiNG 5.2.6 Wireless Controller CLI Reference Guide Table 4.
GLOBAL CONFIGURATION COMMANDS 4 - 125 4.1.40.2.1 channel-list rf-domain-mode-commands Configures the channel list advertised by radios. This command also enables dynamic update of a channel list Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax channel-list [2.4GHz|5GHz|dynamic] channel-list dynamic channel-list [2.
4 - 126 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.40.2.
GLOBAL CONFIGURATION COMMANDS 4 - 127 4.1.40.2.3 control-vlan rf-domain-mode-commands Configures VLAN for traffic control in this RF Domain Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax control-vlan <1-4094> Parameters • control-vlan <1-4094> <1-4094> Specify the VLAN ID from 1 - 4094.
4 - 128 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.40.2.4 country-code rf-domain-mode-commands Configures a RF Domain’s country of operation. Since device channels transmit in specific channels unique to the country of operation, it is essential to configure the country code correctly or risk using the access point illegally.
GLOBAL CONFIGURATION COMMANDS 4 - 129 4.1.40.2.
4 - 130 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.40.2.6 layout rf-domain-mode-commands Configures the RF Domain layout in terms of area, floor, and location on a map. It allows users to place APs across the deployment map. A maximum of 256 layouts is permitted.
GLOBAL CONFIGURATION COMMANDS 4 - 131 4.1.40.2.7 location rf-domain-mode-commands Configures the physical location of the wireless controller RF Domain. The location could be as specific as the building name or floor number. Or it could be generic and include an entire site. The location defines the physical area where a common set of device configurations are deployed and managed by a RF Domain policy.
4 - 132 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.40.2.
GLOBAL CONFIGURATION COMMANDS 4 - 133 4.1.40.2.9 no rf-domain-mode-commands Negates a command or reverts configured settings to their default. When used in the config RF Domain mode, the no command negates or reverts RF Domain settings.
4 - 134 WiNG 5.2.
GLOBAL CONFIGURATION COMMANDS 4 - 135 4.1.40.2.10 override-smart-rf rf-domain-mode-commands Configures RF Domain level overrides for a Smart RF policy Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax override-smartrf channel-list [2.4GHz|5GHZ] Parameters • override-smartrf channel-list [2.
4 - 136 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.40.2.
GLOBAL CONFIGURATION COMMANDS 4 - 137 4.1.40.2.12 sensor-server rf-domain-mode-commands Configures an AirDefense sensor server on this RF Domain. Sensor servers allow network administrators to monitor and download data from multiple sensors remote locations using Ethernet TCP/IP or serial communications. This enables administrators to respond quickly to interferences and coverage problems.
4 - 138 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.40.2.
GLOBAL CONFIGURATION COMMANDS 4 - 139 4.1.40.2.14 timezone rf-domain-mode-commands Configures the RF Domain’s geographic time zone. Configuring the time zone is essential for RF Domains deployed across different geographical locations.
4 - 140 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.40.2.
GLOBAL CONFIGURATION COMMANDS 4 - 141 4.1.41 rfs4000 global config mode commands Adds an RFS4000 wireless controller to the network Supported in the following platforms: • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax rfs4000 Parameters • rfs4000 Specify the MAC address of the RFS4000.
4 - 142 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.42 rfs6000 global config mode commands Adds an RFS6000 wireless controller to the network Supported in the following platforms: • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax rfs6000 Parameters • rfs6000 Specify the MAC address of a RFS6000.
GLOBAL CONFIGURATION COMMANDS 4 - 143 4.1.43 rfs7000 global config mode commands Adds an RFS7000 wireless controller to the network Supported in the following platforms: • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax rfs7000 Parameters • rfs7000 Specify the MAC address of a RFS7000.
4 - 144 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.44 nx9000 global config mode commands Adds an NX9000 Series wireless controller to the network Supported in the following platforms: • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax nx9000 Parameters • nx9000 Specifies the MAC address of a NX9000 Series wireless controller.
GLOBAL CONFIGURATION COMMANDS 4 - 145 4.1.45 role-policy global config mode commands Configures a role-based firewall policy Supported in the following platforms: • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax role-policy Parameters • role-policy Specify the role policy name. If the policy does not exist, it is created.
4 - 146 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.
GLOBAL CONFIGURATION COMMANDS 4 - 147 4.1.47 smart-rf-policy global config mode commands Configures a Smart RF policy Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax smart-rf-policy Parameters • smart-rf-policy Specify the Smart RF policy name. If the policy does not exist, it is created.
4 - 148 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.48 wips-policy global config mode commands Configures a WIPS policy Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax wips-policy Parameters • wips-policy Specify the WIPS policy name. If the policy does not exist, it is created.
GLOBAL CONFIGURATION COMMANDS 4 - 149 4.1.49 wlan global config mode commands Configures a wireless LAN. Table 4.16 lists WLAN configuration mode commands. Table 4.
4 - 150 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.49.1 wlan wlan Configures a WLAN or enters WLAN configuration context for one or more WLANs. For more information, see wlan-modecommands.
GLOBAL CONFIGURATION COMMANDS 4 - 151 4.1.49.2 wlan-mode-commands wlan Configures WLAN mode commands. Manual WLAN mappings are erased when the actual WLAN is disabled and then enabled immediately Use the (config) instance to configure WLAN related parameters. To navigate to this instance, use the following commands: rfs7000-37FABE(config)#wlan Table 4.17 summarizes WLAN configuration mode commands. Table 4.
4 - 152 WiNG 5.2.6 Wireless Controller CLI Reference Guide Table 4.17 wlan mode commands Command Description Reference motorolaextensions Enables support for Motorola Solutions specific extensions to 802.11 page 4-176 no Negates a command or sets its default value page 4-177 protected-mgmtframes Configures Protected Management Frames (PMF) (IEEE 802.
GLOBAL CONFIGURATION COMMANDS 4 - 153 4.1.49.2.
4 - 154 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.49.2.
GLOBAL CONFIGURATION COMMANDS 4 - 155 4.1.49.2.3 answer-broadcast-probes wlan-mode-commands Allows the WLAN to respond to probe requests that do not specify an SSID. These probes are for broadcast ESS.
4 - 156 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.49.2.
GLOBAL CONFIGURATION COMMANDS 4 - 157 4.1.49.2.5 bridging-mode wlan-mode-commands Configures how packets are bridged to and from a WLAN Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax bridging-mode [local|tunnel] Parameters • bridging-mode [local|tunnel] bridging-mode Configures how packets are bridged to and from a WLAN.
4 - 158 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.49.2.
GLOBAL CONFIGURATION COMMANDS 4 - 159 4.1.49.2.
4 - 160 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.49.2.
GLOBAL CONFIGURATION COMMANDS 4 - 161 4.1.49.2.
4 - 162 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.49.2.
GLOBAL CONFIGURATION COMMANDS 4 - 163 4.1.49.2.11 client-load-balancing wlan-mode-commands Configures client load balancing on a WLAN Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax client-load-balancing {allow-single-band-clients|band-discovery-intvl| capability-ageout-time|max-probe-req|probe-req-invl} client-load-balancing {allow-single-band-clients [2.
4 - 164 WiNG 5.2.6 Wireless Controller CLI Reference Guide Examples rfs7000-37FABE(config-wlan-wlan1)#client-load-balancing allow-single-band-clients 2.4ghz rfs7000-37FABE(config-wlan-wlan1)#client-load-balancing band-discovery-intvl 2 rfs7000-37FABEconfig-wlan-wlan1)#client-load-balancing probe-req-intvl 5ghz 5 rfs7000-37FABE(config-wlan-wlan1)#show context wlan wlan1 ssid wlan1 bridging-mode local encryption-type none authentication-type eap 802.11w sa-query timeout 110 802.
GLOBAL CONFIGURATION COMMANDS 4 - 165 4.1.49.2.12 data-rates wlan-mode-commands Specifies the 802.11 rates supported on a WLAN Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax data-rates [2.4GHz|5GHz] data-rates 2.4GHz [b-only|bg|bgn|custom|default|g-only|gn] data-rates 2.4GHz [b-only|bg|bgn|default|g-only|gn] data-rates 2.
4 - 166 WiNG 5.2.6 Wireless Controller CLI Reference Guide • data-rates [2.4GHz|5GHz] custom [1|11|12|18|2|24|36|48|5.5|54|6|9| basic-1|basic-11|basic-12|basic-18|basic-2|basic-24|basic-36|basic-48|basic-5.5| basic-54|basic-6|basic-9|basic-mcs0-7|mcs0-15|mcs0-7|mcs8-15|mcs16-23|mcs0-23] data-rates [2.4GHz|5GHz] Specifies the 802.11 rates supported when mapped to a 2.4GHz or 5GHz radio custom Configures a data rates list by specifying each rate individually.
GLOBAL CONFIGURATION COMMANDS 4 - 167 Examples rfs7000-37FABE(config-wlan-wlan1)#data-rates 2.4GHz gn rfs7000-37FABE(config-wlan-wlan1)#show context wlan wlan1 ssid wlan1 bridging-mode local encryption-type none authentication-type eap 802.11w sa-query timeout 110 802.11w sa-query attempts 1 accounting syslog host 172.16.10.12 port 2 data-rates 2.
4 - 168 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.49.2.
GLOBAL CONFIGURATION COMMANDS 4 - 169 4.1.49.2.
4 - 170 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.49.2.
GLOBAL CONFIGURATION COMMANDS 4 - 171 4.1.49.2.
4 - 172 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.49.2.
GLOBAL CONFIGURATION COMMANDS 4 - 173 4.1.49.2.
4 - 174 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.49.2.
GLOBAL CONFIGURATION COMMANDS 4 - 175 • keberos server timeout <1-60> kerberos Configures a WLAN’s Kerberos authentication parameters The parameters are: password, realm, and server. timeout <1-60> Modifies the Kerberos KDC server‘s timeout parameters • <1-60> – Specifies the time the wireless controller waits for a response from the Kerberos KDC server before retrying. Specify a value from 1 - 60 seconds.
4 - 176 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.49.2.20 motorola-extensions wlan-mode-commands Enables support for Motorola Solutions specific extensions to 802.
GLOBAL CONFIGURATION COMMANDS 4 - 177 4.1.49.2.21 no wlan-mode-commands Negates WLAN mode commands and reverts values to their default Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax no Parameters None Usage Guidelines The no command negates any command associated with it.
4 - 178 WiNG 5.2.6 Wireless Controller CLI Reference Guide wpa-wpa2 Modify tkip-ccmp (wpa/wpa2) related parameters service Service Commands rfs7000-37FABE(config-wlan-wlan1)# The wlan1 settings before the execution of the no command: rfs7000-37FABE(config-wlan-wlan1)#show context wlan wlan1 description testwlan ssid wlan1 bridging-mode local encryption-type tkip-ccmp authentication-type eap 802.11w sa-query timeout 110 802.
GLOBAL CONFIGURATION COMMANDS 4 - 179 4.1.49.2.22 protected-mgmt-frames wlan-mode-commands Configures Protected Management Frames (PMF) (IEEE 802.
4 - 180 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.49.2.23 proxy-arp-mode wlan-mode-commands Enables proxy ARP mode for handling ARP requests Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax proxy-arp-mode [dynamic|strict] Parameters • proxy-arp-mode [dynamic|strict] proxy-arp-mode Enables proxy ARP mode for handling ARP requests.
GLOBAL CONFIGURATION COMMANDS 4 - 181 4.1.49.2.
4 - 182 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.49.2.
GLOBAL CONFIGURATION COMMANDS 4 - 183 4.1.49.2.26 ssid wlan-mode-commands Configures a WLAN’s SSID Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax ssid Parameters • ssid Specify the WLAN’s SSID. The WLAN SSID is case sensitive and alphanumeric. It’s length should not exceed 32 characters.
4 - 184 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.49.2.
GLOBAL CONFIGURATION COMMANDS 4 - 185 4.1.49.2.28 use wlan-mode-commands This command associates an existing captive portal with a WLAN.
4 - 186 WiNG 5.2.6 Wireless Controller CLI Reference Guide Examples rfs7000-37FABE(config-wlan-wlan1)#use ip-access-list in motorola rfs7000-37FABE(config-wlan-wlan1)#show context wlan wlan1 ssid test1 bridging-mode local encryption-type none authentication-type none 802.11w sa-query timeout 110 802.
GLOBAL CONFIGURATION COMMANDS 4 - 187 4.1.49.2.29 vlan wlan-mode-commands Sets the VLAN where traffic from a WLAN is mapped Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax vlan <1-4094> Parameters • vlan <1-4094> <1-4094> Sets a WLAN’s VLAN ID. This command starts a new VLAN assignment for a WLAN index. All prior VLAN settings are erased.
4 - 188 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.49.2.30 vlan-pool-member wlan-mode-commands Adds a member VLAN to a WLAN’s VLAN pool NOTE: The creation of a VLAN pool overrides the VLAN’s configuration.
GLOBAL CONFIGURATION COMMANDS 4 - 189 4.1.49.2.
4 - 190 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.49.2.
GLOBAL CONFIGURATION COMMANDS 4 - 191 4.1.49.2.
4 - 192 WiNG 5.2.
GLOBAL CONFIGURATION COMMANDS 4 - 193 4.1.49.2.
4 - 194 WiNG 5.2.6 Wireless Controller CLI Reference Guide priority [high|normal] Configures the relative priority of handshake messages compared to other data traffic • high – Treats handshake messages as high priority packets on a radio • normal – Treats handshake messages as normal priority packets on a radio timeout <10-5000> Configures the timeout period for a handshake message to retire. Once this timeout period is over, the handshake message is retired.
GLOBAL CONFIGURATION COMMANDS 4 - 195 Examples rfs7000-37FABE(config-wlan-wlan1)#wpa-wpa2 tkip-countermeasures hold-time 2 rfs7000-37FABE(config-wlan-wlan1)#show context wlan wlan1 ssid wlan1 bridging-mode tunnel encryption-type none authentication-type none wireless-client hold-time 10 wireless-client cred-cache-ageout 65 wireless-client max-firewall-sessions 100 wireless-client reauthentication 35 wpa-wpa2 tkip-countermeasures hold-time 2 wep64 key 1 hex 0 73796d626f wireless-client tx-power 12 rfs7000-
4 - 196 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.50 wlan-qos-policy global config mode commands Configures a WLAN QoS policy Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax wlan-qos-policy Parameters • wlan-qos-policy Specify the WLAN QoS policy name.
CHAPTER 5 COMMON COMMANDS This chapter describes the CLI commands used in the USER EXEC, PRIV EXEC, and GLOBAL CONFIG modes. The PRIV EXEC command set contains commands available within the USER EXEC mode. Some commands can be entered in either mode. Commands entered in either the USER EXEC or PRIV EXEC mode are referred to as EXEC mode commands. If a user or privilege is not specified, the referenced command can be entered in either mode.
5-2 WiNG 5.2.6 Wireless Controller CLI Reference Guide 5.1 Common Commands Table 5.1 summarizes commands common to the User Exec, Priv Exec, and Global Config modes. Table 5.
COMMON COMMANDS 5.1.
5-4 WiNG 5.2.6 Wireless Controller CLI Reference Guide 5.1.2 commit common commands Commits all changes made in the active session. Use the commit command to save and invoke settings entered during the current transaction. Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax commit {write}{memory} Parameters • commit {write}{memory} write Optional.
COMMON COMMANDS 5.1.3 end common commands Ends and exits the current mode and moves to the PRIV EXEC mode. The prompt changes to rfs7000-37FABE#. Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 NOTE: This is command is applicable only the Global Configuration mode.
5-6 WiNG 5.2.6 Wireless Controller CLI Reference Guide 5.1.4 exit common commands The exit command works differently in the User Exec, Priv Exec, and Global Config modes. In the Global Config mode, it ends the current mode and moves to the previous mode, which is the Priv Exec mode. The prompt changes from (config)# to #. When used in the Priv Exec and User Exec modes, the exit command ends the current session and connection to the terminal device.
COMMON COMMANDS 5-7 5.1.5 help common commands Describes the interactive help system Use this command to access the advanced help feature. Use “?” anytime at the command prompt to access the help topic Two kinds of help are provided: • Full help is available when ready to enter a command argument • Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input (for example 'show ve?').
5-8 WiNG 5.2.
COMMON COMMANDS 5-9 rfs7000-37FABE>help show configuration-tree ## ACCESS-POINT / SWITCH ## ---+ | +--> [[ RF-DOMAIN ]] | +--> [[ PROFILE ]] | +--> Device specific parameters (license, serial number, hostname) | +--> Configuration Overrides of rf-domain and profile ## RF-DOMAIN ## ---+ | +--> RF parameters, WIPS server parameters | +--> [[ SMART-RF-POLICY ]] | +--> [[ WIPS POLICY ]] ## PROFILE ## ---+ | +--> Physical interface (interface GE,ME,UP etc) | | | +--> [[ RATE-LIMIT-TRUST-POLICY ]] | +--> Vlan i
5 - 10 WiNG 5.2.
COMMON COMMANDS 5 - 11 5.1.6 no common commands Negates a command or sets its default. Though the no command is common to the User Exec, Priv Exec, and Global Config modes, it negates a different set of commands in each mode.
5 - 12 WiNG 5.2.
COMMON COMMANDS 5 - 13 5.1.
5 - 14 WiNG 5.2.6 Wireless Controller CLI Reference Guide 5.1.8 service common commands Service commands are used to view and manage wireless controller configurations in all modes. The service commands and their corresponding parameters vary from mode to mode. The User Exec Mode and Priv Exec Mode commands provide same functionalities with a few minor changes. The Global Config service command sets the size of history files. It also enables viewing of CLI tree of the current mode.
COMMON COMMANDS 5 - 15 service cluster force [active|configured-state|standby] service delete-offline-aps [all|offline-for days <0-999> {time }] service force-send-config {on } service locator {on } service load-balancing clear-client-capability [|all] {on } service radio <1-3> dfs simulator-radar [extension|primary] service radius test [|] [|] service radius test [|] {wlan <
5 - 16 WiNG 5.2.
COMMON COMMANDS 5 - 17 invalid-management-frame Optional. Clears invalid management frames detection event history ipx-detection Optional. Clears automatic IPX interface detection event history monkey-jack-attackdetected Optional. Detects monkey-jack attacks detection event history multicast-all-routers-onsubnet Optional. Clears all multicast routers on the subnet detection event history multicast-all-systems-onsubnet Optional.
5 - 18 WiNG 5.2.6 Wireless Controller CLI Reference Guide • service advanced-wips terminate-device advanced-wips terminatedevice The advanced WIPS service command clears event history details, and terminates a device. • terminate-device – Terminates a specified device • – Specify the MAC address of the AP or wireless client. • service ap300 dot1x username password on [all|ap-mac ] ap300 Sets global AP300 configuration parameters dot1x Sets 802.
COMMON COMMANDS 5 - 19 • service clear [command-history|reboot-history|upgrade-history] {on } clear [command-history| reboot-history| upgrade-history] Clears command history, reboot history, or device upgrade history on Optional. Clears history on a specified device • – Specify the name of the AP or wireless controller.
5 - 20 WiNG 5.2.6 Wireless Controller CLI Reference Guide • service cli-tables-expand {left|right} cli-tables-expand Displays the CLI table in a drop-down format left Optional. Displays the output in a left-justified format right Optional.
COMMON COMMANDS 5 - 21 • service force-send-config {on } force-send-config Resends configuration details on Optional. Resends configuration details to a device • – Optional. Specify the name of the AP, wireless controller, or RF Domain. • service locator {on } locator Enables LEDs on Optional. Enables LEDs on a device • – Specify name of the AP or wireless controller.
5 - 22 WiNG 5.2.6 Wireless Controller CLI Reference Guide Specify the password. wlan ssid Tests the local RADIUS WLAN. Specify the local RADIUS WLAN name. • ssid – Specify the local RADIUS server’s SSID. on Optional. Performs the tests on a specified device • – Specify the name of the AP or wireless controller.
COMMON COMMANDS 5 - 23 connected-sensors-status Displays connected sensors statistics termination-entries Displays termination entries statistics • service show captive-portal [servers|user-cache] {on } show Displays running system statistics based on the parameters passed captive-portal Displays captive portal information servers Displays server information for active captive portals user-cache Displays cached user details for a captive portal on Optional.
5 - 24 WiNG 5.2.6 Wireless Controller CLI Reference Guide top Displays system resource information upgrade-history Displays the device’s upgrade history (displays details, such as date, time, and status of the upgrade, old version, new version etc.) watchdog Displays the device’s watchdog status on The following parameters are common to all of the above: • on – Optional. Displays information for a specified device.
COMMON COMMANDS 5 - 25 • service show pm {history} {(on )}] show Displays running system statistics based on the parameters passed pm Displays the Process Monitor (PM) controlled process details history Optional. Displays process change history (the time at which the change was implemented, and the events that triggered the change) on Optional. Displays process change history for a specified device.
5 - 26 WiNG 5.2.6 Wireless Controller CLI Reference Guide • service show wireless client proc [info|stats] {} {(on
COMMON COMMANDS 5 - 27 status-codes Displays 802.11 status codes (association response etc) • service show wireless reference dot11 handshake {wpa-wpa2-enterprise|wpa-wpa2personal} show Displays running system statistics based on the parameters passed wireless Displays WLAN statistics (WLAN AAA policy, configuration parameters, VLAN usage etc.) reference dot11 Displays 802.11 base standard related information, such as 802.11 frame structure, 802.11 handshake flow diagram etc.
5 - 28 WiNG 5.2.6 Wireless Controller CLI Reference Guide on Optional. Displays interactive Smart RF calibration results on a specified RF Domain • – Specify the RF Domain name. • service wireless client beacon-request mode [active|passive|table] ssid [|any] channel-report [|none] {on } wireless client beaconrequests Sends beacon measurement requests to a wireless client Specify the MAC address of the wireless client.
COMMON COMMANDS 5 - 29 • service wireless wips clear-client-blacklist [all|mac ] wireless wips Enables management of WIPS parameters clear-client-blacklist [all|mac ] Removes a specified client or all clients from the blacklist • all – Removes all clients from the blacklist • mac – Removes a specified client form the blacklist • – Specify the MAC address of the wireless client.
5 - 30 WiNG 5.2.6 Wireless Controller CLI Reference Guide Syntax (Privilege Exec Mode) service NOTE: The “service” command of the Priv Exec Mode is the same as the service command in the User Exec Mode. There a few modifications that have been documented in this section. For the syntax and parameters of the other commands refer to the (User Exec Mode) syntax and (User Exec Mode) parameters sections of this chapter.
COMMON COMMANDS 5 - 31 clear [lsp-dp|mlcp] Clears LSP database and MiNT Link Control Protocol (MLCP) links • lsp-dp – Clears MiNT Label Switched Path (LSP) database • mlcp – Clears MLCP links debug-log [flash-and-syslog| flash-only] Enables debug message logging • flash-and-syslog – Logs debug messages to the flash and syslog files • flash-only – Logs debug messages to the flash file only expire [lsp|spf] Forces expiration of LSP and recalculation of Shortest Path First (SPF) • lsp – Forces expiration
5 - 32 WiNG 5.2.
COMMON COMMANDS 5 - 33 rfs7000-37FABE>service show general stats on rfs7000-37FABE Current Fan Speed: 6540 Minimum Fan Speed: TBD Hysteresis: TBD Sensor Sensor Sensor Sensor Sensor Sensor 1 2 3 4 5 6 Temperature: Temperature: Temperature: Temperature: Temperature: Temperature: 31C 55C 29C 28C 26C 28C rfs7000-37FABE> rfs7000-37FABE>service wireless wips clear-mu-blacklist mac 11-22-33-44-55-66 rfs7000-37FABE> rfs7000-37FABE#service signal kill testp Sending a kill signal to testp rfs7000-37FABE# rfs7000
5 - 34 WiNG 5.2.6 Wireless Controller CLI Reference Guide rfs7000-37FABE#service traceroute -h traceroute: invalid option -- h BusyBox v1.14.
COMMON COMMANDS 5 - 35 rfs7000-37FABE>service show diag stats on rfs7000-37FABE fan 1 current speed: 6660 min_speed: 2000 hysteresis: 250 fan 2 current speed: 6720 min_speed: 2000 hysteresis: 250 fan 3 current speed: 6540 min_speed: 2000 hysteresis: 250 Sensor Sensor Sensor Sensor Sensor Sensor 1 2 3 4 5 6 Temperature Temperature Temperature Temperature Temperature Temperature 32.0 58.0 29.0 28.0 26.0 28.0 C C C C C C rfs7000-37FABE>service show info on rrfs7000-37FABE 7.7M out of 8.
5 - 36 WiNG 5.2.
COMMON COMMANDS 5 - 37 rfs7000-37FABE>service show wireless config-internal ! Startup-Config-Playback Completed: Yes no debug wireless no country-code ! wlan-qos-policy default no rate-limit wlan to-air no rate-limit wlan from-air no rate-limit client to-air no rate-limit client from-air ! wlan wlan1 ssid wlan1 vlan 1 qos-policy default encryption-type none authentication-type none no accounting radius no accounting syslog rfs7000-37FABE> System Information: Free RAM: 68.0% (169 of 249) Min: 10.
5 - 38 WiNG 5.2.6 Wireless Controller CLI Reference Guide 5.1.9 show common commands Displays specified system component settings. There are a number of ways to invoke the show command: • When invoked without any arguments, it displays information about the current context. If the current context contains instances, the show command (usually) displays a list of these instances. • When invoked with the display parameter, it displays information about that component.
COMMON COMMANDS 5 - 39 terminal timezone upgrade-status version wireless wwan Display terminal configuration parameters The timezone Display last image upgrade status Display software & hardware version Wireless commands Display wireless WAN Status rfs7000-37FABE# NOTE: For more information on the show command, see Chapter 6, SHOW COMMANDS.
5 - 40 WiNG 5.2.6 Wireless Controller CLI Reference Guide 5.1.
CHAPTER 6 SHOW COMMANDS Show commands display information about a configuration setting or display statistical information. Use this command to see the current running configuration as well as the start-up configuration. The show command also displays the configuration of the current context. This chapter describes the ‘show’ CLI commands used in the USER EXEC, PRIV EXEC, and GLOBAL CONFIG modes. Commands entered in either USER EXEC mode or PRIV EXEC mode are referred to as EXEC mode commands.
6-2 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1 show commands Table 6.1 summarizes show commands. Table 6.
SHOW COMMANDS 6-3 Table 6.
6-4 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
SHOW COMMANDS session-changes session-config sessions smart-rf spanning-tree startup-config terminal timezone upgrade-status version what wireless wwan Configuration changes made in this session This session configuration Display CLI sessions Smart-RF Management Commands Display spanning tree information Startup configuration Display terminal configuration parameters The timezone Display last image upgrade status Display software & hardware version Perform global search Wireless commands Display wireless
6-6 WiNG 5.2.
SHOW COMMANDS 6-7 rfs6000-380649>show noc device ------------------------------------------------------------------------------------------------------------MAC HOST-NAME TYPE CLUSTER RF-DOMAIN ADOPTED-BY ONLINE ------------------------------------------------------------------------------------------------------------00-23-68-31-16-B5 AP650-3116B5 AP650 default offline 00-15-70-38-06-49 rfs6000-380649 RFS6000 test default online 00-15-70-63-4F-86 AP300-634F86 AP300 (un-mapped) offline 00-A0-F8-CF-1E-DA A
6-8 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.2 adoption show commands The adoption command is common to all three modes. It displays information related to APs adopted by a wireless controller.
SHOW COMMANDS 6-9 6.1.
6 - 10 WiNG 5.2.6 Wireless Controller CLI Reference Guide detected-clients-for-ap Displays clients statistics for APs {neighboring| • – Displays clients for a specified AP. Enter the MAC address (BSS-ID) of the AP. sanctioned| • neighboring – Optional. Displays neighboring client information unsanctioned} • sanctioned – Optional. Displays sanctioned client information • unsanctioned – Optional.
SHOW COMMANDS 6 - 11 6.1.
6 - 12 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.5 boot show commands Displays a device’s boot configuration. Use the on command to view a remote device’s boot configuration. NOTE: This command is not present in the USER EXEC Mode.
SHOW COMMANDS 6 - 13 6.1.
6 - 14 WiNG 5.2.6 Wireless Controller CLI Reference Guide state [pending|success]] Optional. Filters clients based on their authentication state • pending – Displays clients redirected for authentication • success – Displays clients successfully authenticated • show captive-portal client {filter vlan [|not ]} captive-portal client Displays captive portal client information filter Optional. Defines additional filters vlan [| not ] Optional.
SHOW COMMANDS 6 - 15 6.1.
6 - 16 WiNG 5.2.6 Wireless Controller CLI Reference Guide ------------------------Device ID: ap7131-139B34 Entry address(es): IP Address: 172.16.10.
SHOW COMMANDS 6 - 17 6.1.8 clock show commands Displays a system’s clock Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax show clock {on } Parameters • show clock {on } clock Displays a system’s clock on Optional.
6 - 18 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.9 cluster show commands Displays cluster information (cluster configuration parameters, members, status etc.
SHOW COMMANDS 6 - 19 6.1.
6 - 20 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 21 6.1.12 critical-resources show commands Displays critical resource information. Critical resources are resources vital to the wireless controller managed network. Some critical resources are security spanning routers, wireless controllers, firewalls, VPNs, VLANs, WiFi access points etc.
6 - 22 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 23 all {on } Optional. Displays all trustpoints • on – Optional. Displays all trustpoints configured on a specified device • – Specify the name of the AP or wireless controller. on Optional. Displays trustpoints configured on a specified device • – Specify the name of the AP or wireless controller.
6 - 24 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 25 option Optional. Prints the XPath node value based on the options passed Select one of the following options: • do-profiling – Performs profiling • no-pretty – Disables pretty for speed • show-tail-only – Displays only the tail of the result • use-generator – Performs streaming using generator interface • use-streaming – Uses streaming interface param option Optional.
6 - 26 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 27 • show debugging {dhcpsvr|radius|snmp|ssm|vpn} {on } debugging Displays debugging processes in progress based on the parameters passed {dhcpsvr|radius|snmp|ssm| • dhcpsvr – Optional. Displays the DHCP server configuration module’s debugging vpn} information • radius – Optional. Displays the RADIUS server configuration module’s debugging information • snmp – Optional. Displays the Simple Network Management Protocol (SNMP) module’s debugging information • vpn – Optional.
6 - 28 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 29 6.1.17 event-history show commands Displays event history report Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax show event-history {on } Parameters • show event-history {on } event-history Displays event history report on Optional.
6 - 30 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 31 6.1.19 file show commands Displays file system information NOTE: This command is not available in the USER EXEC Mode.
6 - 32 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.20 firewall show commands Displays wireless firewall information, such as DHCP snoop table entries, denial of service statistics, active session summaries etc.
SHOW COMMANDS 6 - 33 on Optional. Displays all firewall flows on a specified device • – Specify the name of the AP or wireless controller.
6 - 34 WiNG 5.2.6 Wireless Controller CLI Reference Guide min-idle Filters firewall flows idle for at least the specified duration. Specify a min-idle value from 1 - 4294967295 bytes. min-pkts Filters firewall flows with at least the given number of packets. Specify a min-bytes value from 1 - 4294967295 bytes. not Negates the filter expression selected port <1-65535> Matches either the source or destination port. Specify a port from 1 - 65535.
SHOW COMMANDS 6 - 35 rfs6000-380649(config)#show firewall flows management on rfs6000-380649 ========== Flow# 1 Summary ========== Forward: Vlan 1, TCP 172.16.10.12 port 1483 > 172.16.10.4 port 22 5C-D9-98-4C-04-51 > 00-15-70-38-06-49, ingress port ge1 Egress port: , Egress interface: vlan1, Next hop: (00-15-70-38-06-49) 6661 packets, 541246 bytes, last packet 0 seconds ago Reverse: Vlan 1, TCP 172.16.10.4 port 22 > 172.16.10.
6 - 36 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 37 vlan <1-4094> {on } Displays VLAN interface status and configuration • <1-4094> – Specify the Switch Virtual Interface (SVI) VLAN ID from 1 - 4094. • on – Optional. Displays interface status on a specified device • – Specify the name of the AP or wireless controller. waan1 {on } Displays Wireless WAN interface status and configuration • on – Optional.
6 - 38 WiNG 5.2.6 Wireless Controller CLI Reference Guide rfs6000-380649(config)#show interface counters ------------------------------------------------------------------------------------------------------------# MAC RX-PKTS RX-BYTES RX-DROP TX-PKTS TXBYTES TX-DROP ------------------------------------------------------------------------------------------------------------me2 00-...-54 0 0 0 0 0 0 me1 00-...-52 0 0 0 0 0 0 vlan1 00-...-49 1765989 164738179 0 61042 5951427 0 vlan150 00-...
SHOW COMMANDS 6 - 39 6.1.
6 - 40 WiNG 5.2.6 Wireless Controller CLI Reference Guide networks {on } Displays the DHCP server network details • on – Optional. Displays server network details on a specified device • – Specify the name of the AP or wireless controller. status {on } Displays the DHCP server status • on – Optional. Displays server status on a specified device • – Specify the name of the AP or wireless controller.
SHOW COMMANDS 6 - 41 • show ip igmp snooping vlan <1-4095> { {on }|on } ip igmp Displays IGMP configuration details snooping Displays IGMP snooping configuration details vlan <1-4095> Displays VLAN IGMP snooping configuration • <1-4095> – Specify the VLAN ID from 1 - 4095. {on } Optional. Specify the multicast group IP address. • on – Optional.
6 - 42 WiNG 5.2.6 Wireless Controller CLI Reference Guide vlan <1-4095> {on } Displays VLAN interface route table details • on – Optional. Displays route table details on a specified device • – Specify the name of the AP or wireless controller. wwan1 {on } Displays WWAN1 interface route table details • on – Optional. Displays route table details on a specified device • – Specify the name of the AP or wireless controller.
SHOW COMMANDS 6 - 43 rfs7000-37FABE(config)#show ip route vlan 1 on rfs7000-37FABE +------------------------+---------------------+-------------+-----------| DESTINATION | GATEWAY | FLAGS | INTERFACE +------------------------+---------------------+-------------+-----------| 172.16.10.0/24 | direct | C | vlan1 | default | 172.16.10.
6 - 44 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 45 6.1.
6 - 46 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 47 6.1.26 logging show commands Displays network activity log Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax show logging {on } Parameters • show logging {on } logging {on } Displays logging information on a specified device • – Optional.
6 - 48 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 49 6.1.28 mac-address-table show commands Displays MAC address table entries Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax show mac-address-table {on } Parameters • show mac-address-table {on } mac-address-table Displays MAC address table entries on Optional.
6 - 50 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 51 • show mint lsp-db {details {on }|on } mint Displays MiNT protocol information based on the parameters passed lsp-db Displays MiNT LSP database entries details {on } Optional. Displays detailed MiNT LSP database entries • – Specify the MiNT address in the format. • on – Optional.
6 - 52 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 53 Examples rfs7000-37FABE(config)#show noc device +-----------------+----------------+--------+----------------+-----------| MAC| HOST-NAME | TYPE| CLUSTER| RF-DOMAIN |ADOPTED-BY| ONLINE | +-----------------+----------------+--------+----------------+-----------|99-88-77-66-55-44| AP7131-665544| AP7131| | default| | offline |00-15-70-88-9E-C4| AP7131-889EC4| AP7131| | default| | offline |11-22-33-44-55-66| AP650-445566| AP650| | default| | offline |00-15-70-37-FA-BE| rfs7000-37FABE| RFS
6 - 54 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 55 6.1.
6 - 56 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.33 power show commands Displays Power Over Ethernet (PoE) information Supported in the following platforms: • Wireless Controllers — RFS4000, RFS6000 Syntax show power [configuration|status] {on } Parameters • show power [configuration|status] {on } power Displays PoE information (PoE configuration and status) configuration {on } Displays detailed PoE configuration • on – Optional.
SHOW COMMANDS 6 - 57 6.1.
6 - 58 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.35 reload show commands Displays scheduled reload information NOTE: This command is not present in the USER EXEC mode.
SHOW COMMANDS 6 - 59 6.1.
6 - 60 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.37 rf-domain-manager show commands Displays RF Domain manager selection details Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax show rf-domain-manager {on } Parameters None Examples rfs6000-380649(config)#show rf-domain-manager RF Domain default RF Domain Manager: ID: 70.
SHOW COMMANDS 6 - 61 6.1.
6 - 62 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 63 6.1.
6 - 64 WiNG 5.2.6 Wireless Controller CLI Reference Guide The following is common to all policies listed above: • – Specify the name of the policy. include-factory This parameter is common to all policies listed above. • Optional. Includes factory defaults • show running-config {device [|self] {include-factory}} running-config Displays current configuration details device {|self} Optional. Displays device configuration details • – Optional.
SHOW COMMANDS 6 - 65 ap621 Displays AP621 profile configuration • – Displays configuration for a specified AP621 profile. Specify the AP621 profile name. ap622 Displays AP622 profile configuration • – Displays configuration for a specified AP622 profile. Specify the AP622 profile name. ap650 Displays AP650 profile configuration • – Displays configuration for a specified AP650 profile.
6 - 66 WiNG 5.2.6 Wireless Controller CLI Reference Guide • show running-config {rf-domain {include-factory}} running-config Displays current configuration rf-domain Optional. Displays current configuration for a RF Domain Specify the name of the RF Domain. include-factory Optional. Includes factory defaults • show running-config {wlan {include-factory}} running-config Displays current configuration wlan Optional.
SHOW COMMANDS 6 - 67 6.1.
6 - 68 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 69 6.1.43 sessions show commands Displays CLI sessions initiated on a device Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax show sessions {on } Parameters • show sessions {on } sessions Displays CLI sessions initiated on a device on Optional.
6 - 70 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 71 • show smart-rf [calibration-config|calibration-status|channel-distribution| history|history-timeline] {on } calibration-config Displays interactive calibration configurations calibration-status Displays Smart RF calibration status channel-distribution Displays Smart RF channel distribution history Displays Smart RF calibration history history-timeline Displays extended Smart RF calibration history on an hourly or daily timeline on This parameter
6 - 72 WiNG 5.2.6 Wireless Controller CLI Reference Guide • show smart-rf interfering-ap {||on} interfering-ap Displays interfering access point information Optional. Displays interfering access point’s activity information • – Specify the access point’s MAC address. Note: Considers all APs if this parameter is omitted Optional.
SHOW COMMANDS 6 - 73 6.1.
6 - 74 WiNG 5.2.6 Wireless Controller CLI Reference Guide • show spanning-tree mst {instance <1-15>} {interface } {(on )} spanning-tree Displays spanning tree information mst Displays MST configuration. Use additional filters to view specific details. instance <1-15> Optional. Displays information for a particular MST instance • <1-15> – Specify the instance ID from 1 - 15. interface Optional.
SHOW COMMANDS 6 - 75 rfs7000-37FABE(config)#show spanning-tree mst detail % Bridge up - Spanning Tree Disabled % CIST Root Path Cost 0 - CIST Root Port 0 - CIST Bridge Priority 32768 % Forward Delay 15 - Hello Time 2 - Max Age 20 - Max hops 20 % 1: CIST Root Id 800000157037fabf % 1: CIST Reg Root Id 800000157037fabf % 1: CIST Bridge Id 800000157037fabf % 1: portfast bpdu-guard disabled % portfast portfast errdisable timeout disabled % portfast errdisable timeout interval 300 sec % cisco interoperability no
6 - 76 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 77 6.1.
6 - 78 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 79 6.1.49 upgrade-status show commands Displays the last image upgrade status NOTE: This command is not available in the USER EXEC Mode.
6 - 80 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 81 6.1.
6 - 82 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
SHOW COMMANDS 6 - 83 Parameters • show wireless ap {configured} wireless Displays wireless configuration parameters ap Displays information on wireless controller managed access points configured Optional.
6 - 84 WiNG 5.2.6 Wireless Controller CLI Reference Guide • show wireless client {detail {on }|on }} wireless Displays wireless configuration parameters client Displays client information based on the parameters passed detail {on } Optional. Displays detailed information for a specified client • – Specify the MAC address of the client. • on – Optional.
SHOW COMMANDS 6 - 85 • show wireless client {filter wlan {|not }} {on } wireless Displays wireless configuration parameters client Displays client information based on the parameters passed filter wlan {| not } Optional. Filters clients on a specified WLAN • – Specify the WLAN name.
6 - 86 WiNG 5.2.6 Wireless Controller CLI Reference Guide mesh Displays information on radio mesh links {on } Optional. Displays active links of a radio mesh • on – Optional.
SHOW COMMANDS 6 - 87 radio Displays radio operation status and other related information statistics {on | rf {on }} Optional. Displays radio traffic and RF statistics • on – Optional. Displays traffic and RF related statistics on a specified device or RF Domain • – Specify the name of the AP, wireless controller, or RF Domain. • rf {on } – Optional.
6 - 88 WiNG 5.2.
SHOW COMMANDS 6 - 89 • show wlan {detail |on |policy-mappings|usage-mappings} wireless Displays wireless configuration parameters wlan Displays WLAN related information based on the parameters passed detail Optional. Displays WLAN configuration • – Specify the WLAN name. on Optional.
6 - 90 WiNG 5.2.
SHOW COMMANDS 6 - 91 rfs7000-37FABE(config)#show wireless regulatory device-type AP650 in -------------------------------------------------------------------------# Channel Set Power(mW) Power (dBm) Placement DFS CAC(mins) -------------------------------------------------------------------------1 1-13 4000 36 Indoor/Outdoor NA NA 2 36-64 200 23 Indoor Not Required 0 3 149-165 1000 30 Outdoor Not Required 0 4 149-165 200 23 Indoor Not Required 0 --------------------------------------------------------------
6 - 92 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
CHAPTER 7 PROFILES This chapter is organized as follows: • Creating Profiles • Device Specific Commands
7-2 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1 Creating Profiles PROFILES Profiles enable administrators to assign a common set of configuration parameters and policies to wireless controllers and access points. Profiles can be used to assign common or unique network, wireless and security parameters to wireless controller and access points across a large, multi segment site. The configuration parameters within a profile are based on the hardware model the profile was created to support.
PROFILES 7-3 Select the device profile that you want to configure and provide a name. For example, the following command configures a default AP71XX profile.
7-4 WiNG 5.2.6 Wireless Controller CLI Reference Guide do end exit help revert service show write Run commands from Exec mode End current mode and change to EXEC mode End current mode and down to previous mode Description of the interactive help system Revert changes Service Commands Show running system information Write running configuration to memory or terminal rfs7000-37FABE(config-profile-default-ap71xx)# Table 7.1 summarizes profile configuration commands. PROFILES Table 7.
PROFILES 7-5 Table 7.
7-6 WiNG 5.2.6 Wireless Controller CLI Reference Guide Table 7.1 config-profile config commands Command Description Reference use Uses pre configured policies with this profile page 7-181 vpn Configures VPN settings page 7-184 wep-shared-keyauth Enables support for 802.
PROFILES 7-7 7.1.
7-8 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.2 ap-mobility Creating Profiles Configures AP mobility (fixed or vehicle mounted) NOTE: The ap-mobility command is applicable only to a access point profile.
PROFILES 7.1.
7 - 10 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.
PROFILES 7 - 11 7.1.
7 - 12 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.
PROFILES 7 - 13 7.1.7 autoinstall config-profile config commands Automatically installs firmware image and configuration parameters on to the selected device.
7 - 14 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.8 bridge config-profile config commands Configures Ethernet bridging parameters Table 7.
PROFILES 7 - 15 7.1.8.1 bridge bridge Configures VLAN Ethernet bridging parameters. For more information, see bridge-vlan-mode-commands.
7 - 16 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.8.2 bridge-vlan-mode-commands bridge Table 7.3 summarizes bridge VLAN mode commands Table 7.
PROFILES 7 - 17 7.1.8.2.
7 - 18 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.8.2.2 description bridge-vlan-mode-commands Sets a VLAN bridge description Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax description Parameters • description description Sets a VLAN bridge description • – Specify a VLAN bridge description.
PROFILES 7 - 19 7.1.8.2.3 edge-vlan bridge-vlan-mode-commands Enables edge VLAN mode. In the edge VLAN mode, a protected port does not forward traffic to another protected port on the same wireless controller.
7 - 20 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.8.2.
PROFILES 7 - 21 • ip igmp snooping {querier {address |max-response-time <1-25>| timer expiry <60-300>|version <1-3>}} ip Configures VLAN bridge IP parameters igmp snooping Configures IGMP snooping querier Optional. Configures the IGMP querier address Optional. Configures IGMP querier source IP address • – Specify the IGMP querier source IP address. max-response-time <1-25> Optional.
7 - 22 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.8.2.5 no bridge-vlan-mode-commands Negates a command or reverts settings to their default. The no command, when used in the bridge VLAN mode, negates the VLAN bridge settings or reverts them to their default.
PROFILES 7 - 23 interface Disables mrouter interfaces • – Specify interface names, separated by a space. learn pim-dvmrp Disables multicast router learning protocols • pim-dvmrp – Disables PIM-DVMRP snooping of packets • no ip igmp snooping {querier {address|max-response-time|timer expiry|version}} no ip Negates or reverts VLAN bridge IP settings igmp snooping Configures IGMP snooping components querier Optional. Reverts IGMP querier settings address Optional.
7 - 24 WiNG 5.2.
PROFILES 7 - 25 7.1.8.2.
7 - 26 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.8.2.
PROFILES 7 - 27 7.1.9 cdp config-profile config commands Uses Cisco Discovery Protocol (CDP) on the device.
7 - 28 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.
PROFILES 7 - 29 • cluster mode [active|standby] mode [active|standby] Configures cluster mode as either active or standby • active – Configures the active mode • standby – Configures the standby mode • cluster name name Configures the cluster name • – Specify the cluster name. Examples rfs7000-37FABE(config-profile-default-RFS7000)#cluster name cluster1 rfs7000-37FABE(config-profile-default-RFS7000)#cluster member ip 172.16.10.
7 - 30 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.11 configuration-persistence config-profile config commands Enables configuration persistence across reloads Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax configuration-persistence {secure} Parameters • configuration-persistence {secure} secure Optional.
PROFILES 7 - 31 7.1.
7 - 32 WiNG 5.2.6 Wireless Controller CLI Reference Guide level [1|2] The following are common to the IP and hostname parameters: Optional. After providing the wireless controller address, optionally select one of the following two routing levels: • 1 – Level 1, local routing • 2 – Level 2, inter-site routing pool <1-2> {level [1|2]} The following are common to the IP and hostname parameters: Optional. Sets the wireless controller’s pool • <1-2> – Select either 1 or 2 as the pool. The default is 1.
PROFILES 7 - 33 7.1.13 crypto Creating Profiles Table 7.4 summarizes crypto configuration commands. Table 7.4 config-crypto commands Command Description Reference crypto Defines system level local ID for ISAKMP negotiation and enters the ISAKMP Policy, ISAKMP Client, or ISAKMP Peer configuration mode.
7 - 34 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.13.1 crypto crypto Use crypto to define system level local ID for ISAKMP negotiation and to enter the ISAKMP Policy, ISAKMP Client, or ISAKMP Peer command set. A crypto map entry is a single policy that describes how certain traffic is secured. There are two types of crypto map entries: ipsec-manual and ipsec-ike entries. Each entry is given an index (used to sort the ordered list).
PROFILES 7 - 35 Parameters • crypto ipsec security-association lifetime [kilobytes <500-2147383646>| seconds <90-2147383646>] ipsec Configures Internet Protocol Security (IPSec) policy parameters security-association Configures IPSec SAs parameters lifetime [kilobyte |seconds] Defines IPSec SAs lifetime (in kilobytes and/or seconds). Values can be entered in both kilobytes and seconds, which ever limit is reached first, ends the SA. When the SA lifetime ends it is renegotiated as a security measure.
7 - 36 WiNG 5.2.6 Wireless Controller CLI Reference Guide esp-aes Configures the ESP transform using Advanced Encryption Standard (AES) cipher. The transform set is assigned to a crypto map using the map’s set transform-set command. esp-aes-192 Configures the ESP transform using AES cipher (192 bits). The transform set is assigned to a crypto map using the map’s set transform-set command. esp-aes-256 Configures the ESP transform using AES cipher (256 bits).
PROFILES 7 - 37 keepalive <10-3600> Sets a keepalive interval for use with remote peers. It defines the number of seconds between Dead Peer Detection (DPD) messages • <10-3600> – Specify a value from 10 - 3600 seconds. • crypto isakmp key [0 |2 |] address isakmp Configures ISAKMP policy, also known as IKE policy key [0 | 2 | ] Sets a pre-shared key for the remote peer • 0 – Sets a clear text key. The minimum length is 8 characters.
7 - 38 WiNG 5.2.
PROFILES 7 - 39 rfs7000-37FABE(config-profile-default-RFS7000)#show context pprofile RFS7000 default-RFS7000 autoinstall configuration autoinstall firmware crypto isakmp policy default crypto ipsec transform-set default esp-aes-256 esp-sha-hmac crypto ipsec transform-set tpsec-tag1 ah-md5-hmac crypto map TEST 1000 ipsec-isakmp crypto map map1 10 ipsec-isakmp dynamic interface me1 interface ge1 ip dhcp trust qos trust dscp qos trust 802.1p interface ge2 ip dhcp trust qos trust dscp qos trust 802.
7 - 40 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.13.2 isakmp-policy crypto Creates a ISAKMP policy and enters its configuration mode.
PROFILES 7 - 41 Table 7.
7 - 42 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.13.2.
PROFILES 7 - 43 7.1.13.2.
7 - 44 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.13.2.3group isakmp-policy Specifies the Diffie-Hellman (DH) group (1 or 2) used by the IKE policy to generate keys (used to create IPSec SA). Specifying the group enables you to declare the size of the modulus used in DH calculation.
PROFILES 7 - 45 7.1.13.2.
7 - 46 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.13.2.5lifetime isakmp-policy Specifies how long an IKE SA is valid before it expires Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax lifetime <60-2147483646> Parameters • lifetime <60-2147483646> lifetime <60-2147483646> Specifies how many seconds an IKE SA lasts before it expires.
PROFILES 7 - 47 7.1.13.2.6no isakmp-policy Negates a command or reverts settings to their default. The no command, when used in the ISAKMP policy mode, defaults the ISAKMP protection suite settings.
7 - 48 WiNG 5.2.
PROFILES 7 - 49 7.1.13.3 crypto-group crypto Creates crypto group and enters its configuration mode.
7 - 50 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.13.3.1dns crypto-group Configures the DNS server Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax dns Parameters • dns Sets the IP address for the DNS server Examples rfs7000-37FABE(config-profile-default-RFS7000-crypto-group)#dns 171.16.10.
PROFILES 7 - 51 7.1.13.3.2wins crypto-group Configures the Windows name server Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax wins Parameters • wins Sets the IP address for the Windows name server Examples rfs7000-37FABE(config-profile-default-RFS7000-crypto-group)#wns 172.16.10.
7 - 52 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.14 dscp-mapping config-profile config commands Configures IP Differentiated Services Code Point (DSCP) to 802.
PROFILES 7 - 53 7.1.
7 - 54 WiNG 5.2.6 Wireless Controller CLI Reference Guide sender Defines the e-mail address of the sender • – Specify the e-mail address of the sender. username Optional. Configures the SMTP username • – Specify the SMTP username. password [2 |] Configures the SMTP server password • 2 – Configures an encrypted password • – Specify the password. port <1-65535> Optional.
PROFILES 7 - 55 7.1.
7 - 56 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.
PROFILES 7 - 57 7.1.18 export config-profile config commands Enables the export of startup.
7 - 58 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.19 ip config-profile config commands Configures IP components, such as default gateway, DHCP, Domain Name Service (DNS) server forwarding, name server, domain name, routing standards etc.
PROFILES 7 - 59 name-server Configures IP address of the name server • – Specify the IP address of the name server.
7 - 60 WiNG 5.2.6 Wireless Controller CLI Reference Guide • ip local pool default low-ip-address {high-ip-address } local Sets a local IP address range assigned to VPN clients using mode-config or IPSec with layer 2 TP pool Specifies the address range to configure default Sets the default tag low-ip-address Sets the lower limit of the IP address range high-ip-address Optional.
PROFILES 7 - 61 • ip nat [inside|outside] source list interface [| vlan <1-4094>|wwan1] [(address |interface |overload|pool )] nat Configures NAT parameters [inside|outside] Configures inside and outside IP access list source list Configures an access list describing local addresses • – Specify a name for the IP access list.
7 - 62 WiNG 5.2.6 Wireless Controller CLI Reference Guide Examples rfs7000-37FABE(config-profile-default-RFS7000)#ip default-gateway 172.16.10.9 rfs7000-37FABE(config-profile-default-RFS7000)#ip dns-server-forward rfs7000-37FABE(config-profile-default-RFS7000)#ip route 172.16.10.10/24 172.16.10.2 rfs7000-37FABE(config-profile-default-RFS7000)#ip local pool default low-ip-address 1.2.3.4 high-ip-address 6.7.8.
PROFILES 7 - 63 7.1.20 nat-pool ip Use the (config-profile-default-RFS7000) instance to configure Network Address Translation (NAT) pool commands.
7 - 64 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.20.
PROFILES 7 - 65 7.1.20.2 no nat-pool Negates a command or sets its default Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax no address Parameters None Usage Guidelines The no command negates any command associated with it. Wherever required, use the same parameters associated with the command getting negated.
7 - 66 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21 interface Creating Profiles Table 7.8 summarizes the interface configuration commands. Table 7.
PROFILES 7 - 67 7.1.21.1 interface interface Selects an interface to configure This command is used to enter the interface configuration mode for the specified physical wireless controller SVI interface. If the VLANx (SVI) interface does not exist, it’s automatically created. For more information on interface configuration mode, see interface config instance. For more information VLAN interface configuration mode, see interface vlan instance.
7 - 68 WiNG 5.2.6 Wireless Controller CLI Reference Guide wwan1 Configures a Wireless WAN interface xge <1-2> Configures selected a TenGigabitEthernet interface • <1-2> – Specify the interface index from 1 - 2.
PROFILES 7 - 69 7.1.21.2 interface config instance interface Use the (config-profile-default-RFS7000) instance to configure the Ethernet, VLAN and tunnel associated with the wireless controller.
7 - 70 WiNG 5.2.6 Wireless Controller CLI Reference Guide Table 7.
PROFILES 7 - 71 7.1.21.2.
7 - 72 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.2.
PROFILES 7 - 73 7.1.21.2.
7 - 74 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.2.4dot1x interface config instance Configures 802.
PROFILES 7 - 75 7.1.21.2.5duplex interface config instance Specifies duplex mode for an interface Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax duplex [auto|half|full] Parameters • duplex [auto|half|full] auto Enables automatic duplexity on an interface port. The port automatically detects whether it should run in full or half-duplex mode.
7 - 76 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.2.
PROFILES 7 - 77 7.1.21.2.
7 - 78 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.2.
PROFILES 7 - 79 7.1.21.2.9power interface config instance Invokes Power over Ethernet (PoE) commands Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax power {limit|priority} power {limit <0-40>} power {priority [critical|high|low]} Parameters • power {limit [<0-40>]} power {limit <0-40>} Optional.
7 - 80 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.2.10qos interface config instance Enables Quality of Service (QoS) Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax qos trust [802.1p|cos|dscp] Parameters • qos trust [802.1p|cos|dscp] trust [802.1p|cos|dscp] Trusts QoS values ingressing on this interface • 802.1p – Trusts 802.
PROFILES 7 - 81 7.1.21.2.11shutdown interface config instance Disables an interface. The interface is administratively enabled unless explicitly disabled using this command.
7 - 82 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.2.
PROFILES 7 - 83 bpduguard [default|disable|enable] Enables or disables BPDU guard on a port Use the no parameter with this command to set BPDU guard to its default. When the BPDU guard is set for a bridge, all PortFast-enabled ports that have the BPDU guard set to default shut down the port upon receiving a BPDU. If this occurs, the BPDU is not processed.
7 - 84 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.2.
PROFILES 7 - 85 7.1.21.2.
7 - 86 WiNG 5.2.6 Wireless Controller CLI Reference Guide • switchport trunk native [tagged|vlan <1-4094>] trunk Sets trunking mode characteristics of the switchport native [tagged|vlan <1-4094>] Configures the native VLAN ID of the trunk-mode port • tagged – Tags the native VLAN • vlan <1-4094> – Sets the native VLAN for classifying untagged traffic when the interface is in trunking mode. Specify a value from 1 - 4094.
PROFILES 7 - 87 7.1.21.2.
7 - 88 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.3 interface vlan instance interface Use (config-profile-default-RFS7000) to configure Ethernet, VLAN and tunnel settings. To switch to this mode: rfs7000-37FABE(config-profile-default-RFS7000)#interface [|ge <1-8>| me1|port-channel <1-4>|vlan <1-4094>] rfs7000-37FABE(config-profile-default-RFS7000)#interface vlan 8 rfs7000-37FABE(config-profile-default-RFS7000-if-vlan8)# Table 7.
PROFILES 7 - 89 7.1.21.3.1crypto interface vlan instance Sets encryption module for this VLAN interface. The encryption module (crypto map) is configured using the crypto map command. For more information, see crypto.
7 - 90 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.3.2description interface vlan instance Defines a VLAN interface description. Use this command to provide additional information about the VLAN.
PROFILES 7 - 91 7.1.21.3.
7 - 92 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.3.
PROFILES 7 - 93 • ip nat [inside|outside] nat [inside|outside] Sets the NAT of this VLAN interface • inside – Sets the NAT inside interface • outside – Sets the NAT outside interface Examples rfs7000-37FABE(config-profile-default-RFS7000-if-vlan8)#ip address 10.0.0.1/8 rfs7000-37FABE(config-profile-default-RFS7000-if-vlan8)#ip nat inside rfs7000-37FABE(config-profile-default-RFS7000-if-vlan8)#ip helper-address 172.16.10.
7 - 94 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.3.5no interface vlan instance Negates a command or sets its default values. The no command, when used in the Config Interface VLAN mode, negates VLAN interface settings or reverts them to their default values.
PROFILES 7 - 95 • no ip address [helper-address |nat] no ip address Disables interface IP settings • address – Removes IP addresses configured for this interface, depending on the options used while setting the address helper-address Disables the forwarding of DHCP and BOOTP packets to the configured helper IP address • – Specify the IP address of the DHCP or BOOTP server.
7 - 96 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.3.6shutdown interface vlan instance Shuts down the selected interface. Use the no shutdown command to enable an interface.
PROFILES 7 - 97 7.1.21.3.
7 - 98 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.4 interface radio instance interface This section documents radio interface configuration parameters. The radio interface is available in all access points and the RFS4000 wireless controller.
PROFILES 7 - 99 do end exit help revert service show write Run commands from Exec mode End current mode and change to EXEC mode End current mode and down to previous mode Description of the interactive help system Revert changes Service Commands Show running system information Write running configuration to memory or terminal rfs7000-37FABE(config-profile-71xxTestProfile-if-radio1)# Table 7.11 summarizes interface VLAN mode commands. Table 7.
7 - 100 WiNG 5.2.6 Wireless Controller CLI Reference Guide Table 7.
PROFILES 7 - 101 7.1.21.4.
7 - 102 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.4.2aggregation interface radio instance Configures 802.11n frame aggregation. Frame aggregation increases throughput by sending two or more data frames in a single transmission. There are two types of frame aggregation: MAC Service Data Unit (MSDU) aggregation and MAC Protocol Data Unit (MPDU) aggregation. Both modes group several data frames into one large data frame.
PROFILES 7 - 103 max-aggr-size Configures AMPDU packet size limits. Configure the packet size limit on packets both transmitted and received. rx [8191|16383|32767|65535] Configures the limit on received frames • 8191 – Advertises a maximum of 8191 bytes • 16383 – Advertises a maximum of 16383 bytes • 32767 – Advertises a maximum of 32767 bytes • 65536 – Advertises a maximum of 65535 bytes • aggregation ampdu max-aggr-size tx [<0-65535>] aggregation Configures 802.
7 - 104 WiNG 5.2.
PROFILES 7 - 105 7.1.21.4.
7 - 106 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.4.
PROFILES 7 - 107 7.1.21.4.5antenna-gain interface radio instance Configures the antenna gain value of the selected radio. Antenna gain defines the ability of an antenna to convert power into radio waves and vice versa. Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax antenna-gain <0.0-15.0> Parameters • antenna-gain <0.0-15.0> <0.0-15.
7 - 108 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.4.
PROFILES 7 - 109 7.1.21.4.7beacon interface radio instance Configures radio beacon parameters. Beacons are packets sent by the access point to synchronize a wireless network.
7 - 110 WiNG 5.2.6 Wireless Controller CLI Reference Guide rfs7000-37FABE(config-profile-71xxTestProfile-if-radio1)#show context interface radio1 beacon period 50 beacon dtim-period bss 1 2 beacon dtim-period bss 2 20 beacon dtim-period bss 3 2 beacon dtim-period bss 4 2 beacon dtim-period bss 5 2 beacon dtim-period bss 6 2 beacon dtim-period bss 7 2 beacon dtim-period bss 8 2 antenna-gain 12.
PROFILES 7 - 111 7.1.21.4.8channel interface radio instance Configures a radio’s channel of operation Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax channel [smart|acs|1|2|3|4|-------] Parameters • channel [smart|acs|1|2|3|4|-------] smart|acs|1|2|3|4|-------] Configures a radio’s channel of operation.
7 - 112 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.4.9data-rates interface radio instance Configures the 802.11 data rates on this radio Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax data-rates [b-only|g-only|a-only|bg|bgn|gn|an|default|custom] data-rates [b-only|g-only|a-only|bg|bgn|gn|an|default] data-rates custom [1|2|5.
PROFILES 7 - 113 • • • • • • • • • • • • • • • • • • • • • • 36 – 36-Mbps 48 – 48-Mbps 54 – 54-Mbps mcs0-7 – Modulation and Coding Scheme 0-7 mcs8-15 – Modulation and Coding Scheme 8-15 mcs16-23 – Modulation and Coding Scheme 16-23 mcs0-15 – Modulation and Coding Scheme 0-15 mcs8-23 – Modulation and Coding Scheme 8-23 mcs0-23 – Modulation and Coding Scheme 0-232 basic-1 – Basic 1-Mbps basic-2 – Basic 2-Mbps basic-5.5 – Basic 5.
7 - 114 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.4.
PROFILES 7 - 115 7.1.21.4.
7 - 116 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.4.
PROFILES 7 - 117 7.1.21.4.
7 - 118 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.4.14guard-interval interface radio instance Configures the 802.11n guard interval. A guard interval ensures distinct transmissions do not interfere with one another. It provides immunity to propagation delays, echoes and reflection of radio signals.
PROFILES 7 - 119 7.1.21.4.
7 - 120 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.4.
PROFILES 7 - 121 7.1.21.4.17mesh interface radio instance Use this command to configure radio mesh parameters. A Wireless Mesh Network (WMN) is a network of radio nodes organized in a mesh topology. It consists of mesh clients, mesh routers, and gateways.
7 - 122 WiNG 5.2.
PROFILES 7 - 123 7.1.21.4.18no interface radio instance Negates a command or resets settings to their default. When used in the profile/device > radio interface configuration mode, the no command disables or resets radio interface settings.
7 - 124 WiNG 5.2.
PROFILES 7 - 125 7.1.21.4.19non-unicast interface radio instance Configures the handling of non unicast frames on this radio. Enables the forwarding of multicast and broadcast frames by this radio.
7 - 126 WiNG 5.2.
PROFILES 7 - 127 7.1.21.4.20off-channel-scan interface radio instance Enables selected radio’s off channel scanning parameters Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax off-channel-scan {channel-list|max-multicast|scan-interval|sniffer-redirect} off-channel-scan {channel-list [2.
7 - 128 WiNG 5.2.6 Wireless Controller CLI Reference Guide Examples rfs7000-37FABE(config-profile-71xxTestProfile-if-radio1)#off-channel-scan chan nel-list 2.4GHz 1 rfs7000-37FABE(config-profile-71xxTestProfile-if-radio1)# rfs7000-37FABE(config-profile-71xxTestProfile-if-radio1)#show context interface radio1 data-rates b-only mesh client off-channel-scan channel-list 2.4GHz 1 guard-interval long aggregation ampdu tx-only aeroscout forward ekahau forward ip 172.16.10.
PROFILES 7 - 129 7.1.21.4.
7 - 130 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.4.
PROFILES 7 - 131 7.1.21.4.
7 - 132 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.4.
PROFILES 7 - 133 7.1.21.4.
7 - 134 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.4.26rf-mode interface radio instance Configures the radio’s RF mode Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax rf-mode [2.4GHz-wlan|4.9GHz-wlan|5GHz-wlan|sensor] Parameters • rf-mode [2.4GHz-wlan|4.9GHz-wlan|5GHz-wlan|sensor] rf-mode Configures the radio RF mode 2.
PROFILES 7 - 135 7.1.21.4.
7 - 136 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.4.
PROFILES 7 - 137 7.1.21.4.
7 - 138 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.4.
PROFILES 7 - 139 7.1.21.4.31stbc interface radio instance Configures the radio’s Space Time Block Coding (STBC) mode. STBC is a pre-transmission encoding scheme providing an improved SNR ratio (even at a single RF receiver). STBC transmits multiple data stream copies across multiple antennas. The receiver combines the multiple copies into one to retrieve data from the signal.
7 - 140 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.4.32txbf interface radio instance Enables transmit Beamforming on the selected radio. Transmit Beamforming enhances the reliability and performance of beamformed links by allowing the transmitter to generate signals that can be optimally received. The transmitter sends out a sounding signal and listens for a response from the receiver.
PROFILES 7 - 141 ap81xx-00090C(config)#show wireless client detail ADDRESS : 00-24-D7-F1-00-EC - 00-24-D7-F1-00-EC 192.168.1.218 (vlan:1) WLAN : open (ssid:open) : : : : : : DATA-RATES : 6 9 12 18 24 36 48 54 mcs0-23 MAX-PHY_RATE : 450 M MAX-USER_RATE : 337 M 802.
7 - 142 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.4.
PROFILES 7 - 143 7.1.21.4.34wireless-client interface radio instance Configures wireless client parameters on this radio Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax wireless-client tx-power [<0-20>|mode] wireless-client tx-power mode [802.11d {symbol-ie}|symbol-ie {802.
7 - 144 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.4.
PROFILES 7 - 145 7.1.
7 - 146 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.
PROFILES 7 - 147 7.1.
7 - 148 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.
PROFILES 7 - 149 7.1.26 load-balancing config-profile config commands Configures load balancing parameters Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax load-balancing [advanced-params|balance-ap-loads|balance-band-loads| balance-channel-loads|band-ratio|band-control-strategy|group-id| neighbor-selection-strategy] load-balancing advanced-params [2.
7 - 150 WiNG 5.2.
PROFILES 7 - 151 • load-balancing advanced-params max-preferred-band-load [2.4GHGz|5GHzd] <0-100> advanced-params Configures advanced load balancing parameters max-preferred-bandload Configures the maximum load on the preferred band, beyond which the other band is equally preferred [2.4GHz|5GHz] <0-100> Select one of the following options: • 2.4GHz – Configures the maximum load on 2.
7 - 152 WiNG 5.2.6 Wireless Controller CLI Reference Guide 5ghz [0|<1-10>] Configures the relative loading of 5GHz bands • 0 – Selecting ‘0’ steers all dual-band clients preferentially to the other band • <0-10> – Configures a relative load as a number from 0 - 10 • load-balancing band-control-strategy [distribute-by-ratio|prefer-2.4ghz| prefer-5ghz] band-control-strategy Configures a band control strategy distribute-by-ratio Distributes clients to either 2.
PROFILES 7 - 153 7.1.
7 - 154 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.
PROFILES 7 - 155 • logging facility [local0|local1|local2|local3|local4|local5|local16|local7] facility [local0|local1| local2|local3|local4| local5|local6|local7] Enables the syslog to decide where to send the incoming message. There are 8 logging facilities, from syslog0 to syslog7.
7 - 156 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.29 mac-address-table config-profile config commands Configures the MAC address table. Use this command to assign a static address to the MAC address table.
PROFILES 7 - 157 7.1.
7 - 158 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.
PROFILES 7 - 159 7.1.
7 - 160 WiNG 5.2.6 Wireless Controller CLI Reference Guide <1-65535> level 2 Specifies the peer UDP port to link with the specified IP address • level – Specifies the routing level • 2 – Configures inter-site MiNT routing level adjacent-hold-time <2-600> Optional. Specifies the adjacency lifetime after hello packets cease • <2-600> – Specify a value from 2 - 600 seconds. cost <1-100000> Optional. Specifies the link cost in arbitrary units • <1-100000> – Specify a value from 1 - 100000.
PROFILES 7 - 161 hello-interval <1-120> Optional. Specifies the hello interval between packets <1-120> – Specify a value from 1 - 120. level [1|2] Optional. Specifies the routing levels for this routing link.
7 - 162 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.
PROFILES 7 - 163 7.1.
7 - 164 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.
PROFILES 7 - 165 7.1.
7 - 166 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.
PROFILES 7 - 167 email-notification Configures e-mail notification enforce-version Checks device firmware versions before attempting connection events Displays system event messages export Enables the export of the startup.
7 - 168 WiNG 5.2.6 Wireless Controller CLI Reference Guide spanning-tree Configures spanning tree commands use Defines the settings used by this feature vpn Configures VPN settings wep-shared-key-auth Enables support for 802.
PROFILES 7 - 169 7.1.
7 - 170 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.
PROFILES 7 - 171 Examples rfs7000-37FABE(config-profile-default-RFS7000)#ntp server 172.16.10.10 rfs7000-37FABE(config-profile-default-RFS7000)#ntp server 172.16.10.1 version 1 prefer rfs7000-37FABE(config-profile-default-RFS7000)#ntp server 172.16.10.
7 - 172 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.40 power-config config-profile config commands Configures the power option mode.
PROFILES 7 - 173 7.1.41 preferred-controller-group config-profile config commands Specifies the wireless controller group preferred for adoption Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX.
7 - 174 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.
PROFILES 7 - 175 7.1.
7 - 176 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.44 service config-profile config commands Service commands enable you to view and manage wireless controller configurations in the User Exec, Priv Exec, and Global Config modes. In the profile/device configuration context, use this command to do the following: • Enable system restart, by the Process Monitor (PM), in case of a process failure • Enable Watchdog • Modify the Remote Site Survivability (RSS) timeout value.
PROFILES 7 - 177 trigger-threshold <1-255> Sets the number of pending RADIUS sessions after which EAP throttling is triggered • service wireless ap300 [image|version] wireless ap300 Use this command to set the AP300 image file path and to view the image version number. image Sets the AP300 image file path • – Specify the image file name and location.
7 - 178 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.45 spanning-tree config-profile config commands Enables spanning tree commands. Use these commands to configure the errdisable, multiple spanning tree and portfast settings.
PROFILES 7 - 179 hello-time <1-10> Specifies the hello BDPU interval in seconds • <1-10> – Specify a value from 1 - 10 seconds. instance <1-15> Defines the instance ID to which the VLAN is associated • <1-15> – Specify an instance ID from 1 - 10. max-age <6-40> Defines the maximum time to listen for the root bridge • <6-40> – Specify a value from 4 - 60 seconds. max-hops <7-127> Defines the maximum hops when BPDU is valid • <7-127> – Specify a value from 7 - 127.
7 - 180 WiNG 5.2.6 Wireless Controller CLI Reference Guide rfs7000-37FABE(config-profile-default-RFS7000)#show context profile RFS7000 default-RFS7000 spanning-tree mst 2 priority 4096 spanning-tree errdisable recovery cause bpduguard autoinstall configuration autoinstall firmware crypto isakmp policy default crypto ipsec transform-set default esp-aes-256 esp-sha-hmac interface me1 interface ge1 ip dhcp trust qos trust dscp qos trust 802.1p interface ge2 ip dhcp trust qos trust dscp qos trust 802.
PROFILES 7 - 181 7.1.
7 - 182 WiNG 5.2.6 Wireless Controller CLI Reference Guide management-policy Associates a management policy • – Specify the management policy name. radius-server-policy Associates a device onboard RADIUS policy • – Specify the RADIUS policy name. role-policy Associates a role policy • – Specify the role policy name.
PROFILES 7 - 183 role-policy Associates a role policy • – Specify the role policy name. wips-policy Associates a WIPS policy • – Specify the WIPS policy name.
7 - 184 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.
PROFILES 7 - 185 7.1.48 wep-shared-key-auth config-profile config commands Enables support for 802.
7 - 186 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.2 Device Specific Commands PROFILES Devices managed by the wireless controller can either be assigned unique configurations or have existing RF Domain or Profile configurations modified (overridden) to support a requirement that dictates a device’s configuration be customized from the configuration shared by its peer devices.
PROFILES 7 - 187 led legacy-auto-downgrade legacy-auto-update license lldp load-balancing local location logging mac-address-table mac-name memory-profile min-misconfiguration-recovery-time mint misconfiguration-recovery-time monitor neighbor-inactivity-timeout neighbor-info-interval no noc ntp override-wlan power-config preferred-controller-group radius remove-override rf-domain-manager rsa-key sensor-server spanning-tree stats timezone trustpoint use vpn wep-shared-key-auth clrscr commit do end exit help
7 - 188 WiNG 5.2.6 Wireless Controller CLI Reference Guide Table 7.12 summarizes device mode commands PROFILES Table 7.
PROFILES 7 - 189 Table 7.
7 - 190 WiNG 5.2.6 Wireless Controller CLI Reference Guide Table 7.
PROFILES 7 - 191 7.2.
7 - 192 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.2.
PROFILES 7 - 193 7.2.3 channel-list config-device mode commands Configures the channel list advertised to wireless clients Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax channel-list [2.4GHz |5GHz |dynamic] Parameters • channel-list [2.4GHz |5GHz |dynamic] 2.
7 - 194 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.2.
PROFILES 7 - 195 7.2.5 country-code config-device mode commands Sets the country of operation. Erases all existing radio configurations.
7 - 196 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.2.
PROFILES 7 - 197 7.2.
7 - 198 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.2.8 hostname config-device mode commands Sets system's network name Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax hostname Parameters • hostname hostname Sets the name of the wireless controller.
PROFILES 7 - 199 7.2.9 interface config-device mode commands Selects an interface to configure This command is used to enter the interface configuration mode for the specified physical wireless controller SVI interface. If the VLAN (SVI) interface does not exist, it’s automatically created.
7 - 200 WiNG 5.2.
PROFILES 7 - 201 7.2.10 layout-coordinates config-device mode commands Configures X and Y layout coordinates for the device Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax layout-coordinates <-4096.0-4096.0> <-4096.0-4096.0> Parameters • layout-coordinates <-4096.0-4096.0> <-4096.0-4096.0> <-4096.0-4096.0> Specify the X coordinate from -4096.0 - 4096.
7 - 202 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.2.
PROFILES 7 - 203 7.2.
7 - 204 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.2.
PROFILES 7 - 205 7.2.
7 - 206 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.2.
PROFILES 7 - 207 contact Sets contact information controller Configures a WLAN wireless controller country-code Configures wireless controller’s country code crypto Configures crypto settings dhcp-redundancy Enables DHCP redundancy dscp-mapping Configures IP Differentiated Services Code Point (DSCP) to 802.1p priority mapping for untagged frames email-notification Configures e-mail notification events Displays system event messages export Enables the export of startup.
7 - 208 WiNG 5.2.
PROFILES 7 - 209 7.2.
7 - 210 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.2.
PROFILES 7 - 211 rfs7000-37FABE(config-device-00-15-70-88-9E-C4)*# Related Commands no Disables or reverts settings to their default
7 - 212 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.2.18 rsa-key config-device mode commands Assigns a RSA key to a device Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax rsa-key ssh Parameters • rsa-key ssh ssh Assigns the RSA key to SSH • – Specifies the RSA key name.
PROFILES 7 - 213 7.2.
7 - 214 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.2.
PROFILES 7 - 215 7.2.
7 - 216 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.2.
CHAPTER 8 AAA-POLICY This chapter summarizes the AAA policy commands within the CLI structure. Use the (config) instance to configure AAA policy commands.
8-2 WiNG 5.2.6 Wireless Controller CLI Reference Guide 8.1 aaa-policy Table 8.1 summarizes AAA policy configuration commands. Table 8.
AAA-POLICY 8-3 8.1.1 accounting aaa-policy Configures the server type and interval at which interim accounting updates are sent to the server. Up to 6 accounting servers can be configured. Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511.
8-4 WiNG 5.2.6 Wireless Controller CLI Reference Guide • accounting server <1-6> [dscp <0-63>|retry-timeout-factor <50-200>] server <1-6> Configures an accounting server. Up to 6 accounting servers can be configured dscp <0-63> Sets the Differentiated Services Code Point (DSCP) value for Quality of Service (QOS) monitoring. This value is used in generated RADIUS packets.
AAA-POLICY strip 8-5 Optional. Strips the realm from the username before forwarding the request to the RADIUS server • accounting server <1-6> onboard [self|controller] server <1-6> Configures an accounting server.
8-6 WiNG 5.2.6 Wireless Controller CLI Reference Guide Examples rfs7000-37FABE(config-aaa-policy-test)#accounting rfs7000-37FABE(config-aaa-policy-test)#accounting motorola port 1 rfs7000-37FABE(config-aaa-policy-test)#accounting prefix realm word strip rfs7000-37FABE(config-aaa-policy-test)#accounting 6000 rfs7000-37FABE(config-aaa-policy-test)#accounting rfs7000-37FABE(config-aaa-policy-test)#accounting rfs7000-37FABE(config-aaa-policy-test)#accounting number interim interval 65 server 2 host 172.16.
AAA-POLICY 8-7 8.1.2 attribute aaa-policy Configures RADIUS Framed MTU attribute used in access and accounting requests. The Framed MTU attribute reduces the Extensible Authentication Protocol (EAP) packet size of the RADIUS server. This command is useful in networks where routers and firewalls do not perform fragmentation. To ensure network security, some firewall software drop UDP fragments from RADIUS server EAP packets. Consequently the packets are large in size.
8-8 WiNG 5.2.6 Wireless Controller CLI Reference Guide 8.1.3 authentication aaa-policy Configures authentication parameters Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511.
AAA-POLICY 8-9 • authentication protocol [chap|pap] protocol [chap|pap] Configures the protocol used for non-EAP authentication • chap – Uses Challenge Handshake Authentication Protocol (CHAP) • pap – Uses Password Authentication Protocol (PAP) • authentication server <1-6> dscp <0-63> server <1-6> Configures a RADIUS authentication server. Up to 6 RADIUS servers can be configured • <1-6> – Specify the RADIUS server index from 1 - 6.
8 - 10 WiNG 5.2.6 Wireless Controller CLI Reference Guide realm Sets the realm information used for RADIUS authentication • – Sets the realm used for authentication. This value is matched against the user name provided for RADIUS authentication. Example: Prefix - AC\JohnTalbot Suffix - JohnTalbot@AC.org strip Optional. Indicates the realm name must be stripped from the user name before sending it to the RADIUS server for authentication.
AAA-POLICY 8 - 11 • authentication server <1-6> timeout <1-60> {attempts <1-10>} server <1-6> Configures a RADIUS authentication server. Up to 6 RADIUS servers can be configured • <1-6> – Specify the RADIUS server index from 1 - 6. timeout <1-60> Configures the timeout, in seconds, for each request sent to the RADIUS server. This is the time allowed to elapse before another request is sent to the RADIUS server. If a response is received from the RADIUS server within this time, no retry is attempted.
8 - 12 WiNG 5.2.6 Wireless Controller CLI Reference Guide 8.1.4 health-check aaa-policy During normal operation, a AAA server can go offline. When a server goes offline, it is marked as down. This command configures the interval after which a server marked as down is checked to see if it has come back online and is reachable. Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511.
AAA-POLICY 8 - 13 8.1.5 mac-address-format aaa-policy Configures the format MAC addresses are filled in RADIUS request frames Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511.
8 - 14 WiNG 5.2.6 Wireless Controller CLI Reference Guide 8.1.6 no aaa-policy Negates a AAA policy command or sets its default Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511.
AAA-POLICY 8 - 15 retry-timeout-factor Optional. Resets retry timeout to its default of 100 timeout Optional.
8 - 16 WiNG 5.2.
AAA-POLICY 8 - 17 8.1.7 proxy-attribute aaa-policy Configures RADIUS attribute behavior when proxying through the wireless controller or RF Domain Manager Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511.
8 - 18 WiNG 5.2.6 Wireless Controller CLI Reference Guide 8.1.8 server-pooling-mode aaa-policy Configures the server selection method from a pool of AAA servers. The available methods are failover and load-balance. In the failover scenario, when a configured AAA server goes down, the server with the next higher index in the list of configured AAA server takes over for the failed server.
AAA-POLICY 8 - 19 8.1.9 use aaa-policy Applies a Network Access Control (NAC) list for use by this AAA policy. This allows only the set of configured devices to use AAA servers. For more information on creating a NAC list, see nac-list. Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511.
8 - 20 WiNG 5.2.
CHAPTER 9 AUTO-PROVISIONING-POLICY This chapter summarizes the auto provisioning policy commands in the CLI structure. Adoption rules are sorted by precedence value and matched (filtered) against the information available from an AP, any rule for the wrong AP type is ignored.
9-2 WiNG 5.2.6 Wireless Controller CLI Reference Guide 9.1 auto-provisioning-policy Table 9.1 summarizes auto provisioning policy configuration commands. Table 9.1 auto-provisioning policy commands Command Description Reference adopt Adds rules for device adoption page 9-3 default-adoption Adopts devices even when no matching rules are found.
AUTO-PROVISIONING-POLICY 9-3 9.1.1 adopt auto-provisioning-policy Adds device adoption rules Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511.
9-4 WiNG 5.2.
AUTO-PROVISIONING-POLICY 9-5 mac {} Adopts a device if it matches the range of MAC addresses • – Specify the first MAC address in the range. Provide this MAC address if you want to match for a single device. • – Optional. Specify the last MAC address in the range. model-number Adopts a device if its model number matches • – Specify the model number to match.
9-6 WiNG 5.2.6 Wireless Controller CLI Reference Guide 9.1.2 default-adoption auto-provisioning-policy Adopts devices, even when no matching rules are defined. Assigns a default profile and default RF Domain Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511.
AUTO-PROVISIONING-POLICY 9-7 9.1.3 deny auto-provisioning-policy Defines a deny device adoption rule Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511.
9-8 WiNG 5.2.6 Wireless Controller CLI Reference Guide fqdn Fully Qualified Domain Name (FQDN) is a domain name that specifies its exact location in the DNS hierarchy. It specifies all domain levels, including its top-level domain and the root domain. This parameter denies adoption based on the fully qualified domain name of the device. • – Specify the FQDN to match.
AUTO-PROVISIONING-POLICY 9-9 9.1.4 no auto-provisioning-policy Negates an auto provisioning policy command or sets its default Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511.
9 - 10 WiNG 5.2.
CHAPTER 10 ADVANCED-WIPS-POLICY This chapter summarizes the advanced WIPS policy commands within the CLI structure. Use the (config) instance to configure advance WIPS policy commands.
10 - 2 WiNG 5.2.6 Wireless Controller CLI Reference Guide 10.1 advanced-wips-policy Table 10.1 summarizes advanced WIPS policy configuration commands. Table 10.
ADVANCED-WIPS-POLICY 10 - 3 10.1.
10 - 4 WiNG 5.2.
ADVANCED-WIPS-POLICY 10 - 5 fake-dhcp-server-detected This event occurs when a fake DHCP server is detected in the controlled network A fake or rogue DHCP server is a type of man in the middle attack where DHCP services are provide by an unauthorized DHCP server compromising the integrity of the wireless controller managed network.
10 - 6 WiNG 5.2.
ADVANCED-WIPS-POLICY 10 - 7 • event dos-cts-flood threshold [cts-frames-ratio <0-65535>|mu-rx-cts-frame <0-65535>] dos-cts-flood This event occurs when a large number of clear to send (CTS) frames are detected in the network threshold [cts-frames-ratio <0-65535>| mu-rx-cts-frame <0-65535>] Sets the CTS flood threshold • cts-frames-radio <0-65535> – Sets the CTS:Total Frames ratio for triggering this event • <0-65535> – Specify the value from 0 - 65535.
10 - 8 WiNG 5.2.6 Wireless Controller CLI Reference Guide • event probe-response-flood threshold probe-rsp-frames-count <0-65535> probe-response-flood This event occurs when a large number of probe response frames are detected in the network threshold probe-rsp-framescount <0-65535> Sets the probe response frames flood threshold • probe-rsp-frames-count – Sets the threshold from the number of probe response frames received • <0-65535> – Specify the value from 0 - 65535.
ADVANCED-WIPS-POLICY 10 - 9 Example rfs7000-37FABE(config-advanced-wips-policy-test)#event dos-cts-flood threshold ctsframes-ratio 8 rfs7000-37FABE(config-advanced-wips-policy-test)#event dos-eapol-logoff-storm threshold eapol-start-frames-mu 99 rfs7000-37FABE(config-advanced-wips-policy-test)#event probe-response-flood threshold probe-rsp-frames-count 8 rfs7000-37FABE(config-advanced-wips-policy-test)#event wlan-jack-attack-detected trigger-against sanctioned rfs7000-37FABE(config-advanced-wips-policy-te
10 - 10 WiNG 5.2.6 Wireless Controller CLI Reference Guide 10.1.
ADVANCED-WIPS-POLICY 10 - 11 Parameters • no event [accidental-association|crackable-wep-iv-used|dos-cts-flood| dos-deauthentication-detection|dos-disassociation-detection|dos-eap-failure-spoof| dos-eapol-logoff-storm|dos-rts-flood|essid-jack-attack-detected| fake-dhcp-server-detected|fata-jack-detected|id-theft-eapol-success-spoof-detected| id-theft-out-of-sequence|invalid-channel-advertized|invalid-management-frame| ipx-detection|monkey-jack-attack-detected|multicast-all-routers-on-subnet| multicast-all
10 - 12 WiNG 5.2.
ADVANCED-WIPS-POLICY 10 - 13 10.1.3 server-listen-port advanced-wips-policy Defines the local WIPS server’s listening port, where WIPS sensors connect to the local WIPS server Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax server-listen-port <0-65535> Parameters • server-listen-port <0-65535> server-listen-port <0-65535> Select a port from 0 - 65535.
10 - 14 WiNG 5.2.6 Wireless Controller CLI Reference Guide 10.1.4 terminate advanced-wips-policy Adds a device to a device termination list. Devices on this list cannot access the wireless controller managed network.
ADVANCED-WIPS-POLICY 10 - 15 10.1.5 use advanced-wips-policy Uses an existing device categorization list with the advanced WIPS policy. A device configuration list must exist before it can be used with the advanced WIPS policy. A device categorization list categorizes a device, either an AP or a wireless client, as sanctioned or neighboring based on its MAC address or access point SSID.
10 - 16 WiNG 5.2.
CHAPTER 11 ASSOCIATION-ACL-POLICY This chapter summarizes the association ACL policy commands within the CLI structure. Use the (config) instance to configure association ACL policy related configuration commands.
11 - 2 WiNG 5.2.6 Wireless Controller CLI Reference Guide 11.1 association-acl-policy Table 11.1 summarizes association ACL policy configuration commands. Table 11.
ASSOCIATION-ACL-POLICY 11 - 3 11.1.1 deny association-acl-policy Identifies those devices denied access to the wireless controller managed network. Devices are identified by their MAC address. A single MAC address or a range of MAC addresses can be specified to deny access. This command also sets the precedence on how deny list rules are applied. Up to a thousand (1000) deny rules can be defined.
11 - 4 WiNG 5.2.6 Wireless Controller CLI Reference Guide 11.1.
ASSOCIATION-ACL-POLICY 11 - 5 Specify the last MAC address in the range. precedence <1-1000> Sets the rule precedence. Rules are checked in an increasing order of precedence value. • <1-1000> – Specify a value from 1 - 1000.
11 - 6 WiNG 5.2.6 Wireless Controller CLI Reference Guide 11.1.3 permit association-acl-policy Specifies devices permitted access to the wireless controller managed network. Devices are permitted access based on their MAC address. A single MAC address or a range of MAC addresses can be specified. This command also sets the precedence on how permit list rules are applied. Up to a thousand (1000) deny rules can be defined.
CHAPTER 12 ACCESS-LIST This chapter summarizes IP and MAC access list commands in detail. Access lists control access to the network using a set of rules. Each rule specifies an action taken when a packet matches a given set of rules. If the action is deny, the packet is dropped. If the action is permit, the packet is allowed. The wireless controller supports following ACLs: • IP access lists • MAC access lists Use IP and MAC commands under the global configuration to create an access list.
12 - 2 WiNG 5.2.
ACCESS-LIST 12 - 3 12.1 ip-access-list ACCESS-LIST Table 12.1 summarizes commands under the IP access list configuration commands. Table 12.
12 - 4 WiNG 5.2.6 Wireless Controller CLI Reference Guide 12.1.1 deny ip-access-list Specifies packets to reject NOTE: Use a decimal value representation to implement a permit/deny designation for a packet. The command set for IP ACLs provides the hexadecimal values for each listed EtherType. The wireless controller supports all EtherTypes. Use the decimal equivalent of the EtherType listed for any other EtherType.
ACCESS-LIST 12 - 5 Defines the ICMP packet type For example, an ICMP type 0 indicates it is an ECHO REPLY, and type 8 indicates it is an ECHO. Defines the ICMP message type For example, an ICMP code 3 indicates “Destination Unreachable”, code 1 indicates “Host Unreachable”, and code 3 indicates “Port Unreachable.” log Logs all deny events rule-precedence <1-5000> Sets the rule precedence.
12 - 6 WiNG 5.2.
ACCESS-LIST 12 - 7 any Identifies all devices as the source to deny access host Identifies a specific host as the source to deny access • – Specify the host IP address. eq Identifies a specific source port • – Specify the source port. range Specifies the source port range • – Specify the start in the port range. • – Specify the end in the port range.
12 - 8 WiNG 5.2.6 Wireless Controller CLI Reference Guide Usage Guidelines Use this command to deny traffic between networks/hosts based on the protocol type selected in the access list configuration. The following protocols are supported: • IP • ICMP • TCP • UDP • PROTO The last ACE in the access list is an implicit deny statement. Whenever the interface receives the packet, its content is checked against the ACEs in the ACL. It is allowed/denied based on the ACL configuration.
ACCESS-LIST 12 - 9 12.1.
12 - 10 WiNG 5.2.6 Wireless Controller CLI Reference Guide Defines the ICMP packet type For example, an ICMP type 0 indicates it is an ECHO REPLY, and type 8 indicates it is an ECHO Defines the ICMP message type For example, an ICMP code 3 indicates “Destination Unreachable”, code 1 indicates “Host Unreachable”, and code 3 indicates “Port Unreachable.
ACCESS-LIST 12 - 11 rule-precedence <1-5000> Sets the rule precedence. Rules are checked in the order of their rule precedence • <1-5000> – Specify the rule precedence from 1 - 5000. rule-description Optional. Sets the rule description • – Provide a description of the rule. The description should not exceed 128 characters.
12 - 12 WiNG 5.2.6 Wireless Controller CLI Reference Guide rule-precedence <1-5000> Sets the rule precedence. Rules are checked in the order of their rule precedence • <1-5000> – Specify the rule precedence from 1 - 5000. rule-description Optional. Sets the rule description • – Provide a description of the rule. The description should not exceed 128 characters.
ACCESS-LIST 12 - 13 eq [ Identifies a specific destination or protocol port |bgp|dns|ftp|ftp-data|gopher| • – The destination port designated by its number https|ldap|nntp|ntp|pop3| • bgp – The designated BGP protocol port smtp|ssh|telnet|tftp|www] • dns – The designated DNS protocol port • ftp – The designated FTP protocol port • ftp-data – The designated FTP data port • gropher – The designated GROPHER protocol port • https – The designated HTTPS protocol port • ldap
12 - 14 WiNG 5.2.
ACCESS-LIST 12 - 15 12.1.3 permit ip-access-list Permits specific packets NOTE: Use a decimal value representation to implement a permit/deny designation for a packet. The command set for IP ACLs provide the hexadecimal values for each listed EtherType. The wireless controller supports all EtherTypes. Use the decimal equivalent of the EtherType listed for any other EtherType.
12 - 16 WiNG 5.2.6 Wireless Controller CLI Reference Guide Defines the ICMP packet type For example, an ICMP type 0 indicates it is an ECHO REPLY, and type 8 indicates it is an ECHO Defines the ICMP message type For example, an ICMP code 3 indicates “Destination Unreachable”, code 1 indicates “Host Unreachable”, and code 3 indicates “Port Unreachable.
ACCESS-LIST 12 - 17 • permit proto [||eigrp|gre|igmp|igp|ospf|vrrp] [|any|host ] [|any|host ] (log,mark [8021p <0-7>|dscp <0-63>],rule-precedence <1-5000>) {rule-description } proto Configures an ACL for additional protocols Other protocols (other than IP, ICMP, TCP, and UDP) must be configured using this parameter.
12 - 18 WiNG 5.2.
ACCESS-LIST 12 - 19 range Identifies the destination port range • – Specify the start of the range. • – Specify the end of the range. log Logs all permit events mark [8021p <0-7>| dscp <0-63>] Marks packets that match the ACL rule • 8021p <0-7> – Modifies 802.1p VLAN user priority from 0 - 7 • dscp <0-63> – Modifies DSCP TOS bits in the IP header from 0 - 63 rule-precedence <1-5000> Sets the rule precedence.
12 - 20 WiNG 5.2.6 Wireless Controller CLI Reference Guide Examples rfs7000-37FABE(config-ip-acl-test)#show context ip access-list test deny proto vrrp any any log rule-precedence 600 deny proto ospf any any log rule-precedence 650 rfs7000-37FABE(config-ip-acl-test)#permit ip 172.16.10.0/24 any log rule-precedence 750 rfs7000-37FABE(config-ip-acl-test)#permit tcp 172.16.10.
ACCESS-LIST 12 - 21 12.2 mac-access-list ACCESS-LIST Table 12.2 summarizes MAC Access list commands Table 12.
12 - 22 WiNG 5.2.6 Wireless Controller CLI Reference Guide 12.2.1 deny mac-access-list Specifies packets to reject NOTE: Use a decimal value representation to implement a permit/deny designation for a packet. The command set for MAC ACLs provide the hexadecimal values for each listed EtherType. The wireless controller supports all EtherTypes. Use the decimal equivalent of the EtherType listed for any other EtherType.
ACCESS-LIST 12 - 23 type [8021q|<1-65535>|aarp| appletalk |arp|ip|ipv6| mint|rarp| wisp|ipx] Configures the EtherType value An EtherType is a two-octet field in an Ethernet frame that indicates the protocol encapsulated in the payload of the frame The EtherType values are: • 8021q – Indicates a 802.
12 - 24 WiNG 5.2.6 Wireless Controller CLI Reference Guide Usage Guidelines The deny command disallows traffic based on layer 2 (data-link layer) data. The MAC access list denies traffic from a particular source MAC address or any MAC address. It can also disallow traffic from a list of MAC addresses based on the source mask. The MAC access list can disallow traffic based on the VLAN and EtherType. • ARP • WISP • IP • 802.1q NOTE: MAC ACLs always takes precedence over IP based ACLs.
ACCESS-LIST 12 - 25 12.2.
12 - 26 WiNG 5.2.6 Wireless Controller CLI Reference Guide type [8021q|<1-65535>|aarp| Configures the EtherType value appletalk |arp|ip|ipv6| An EtherType is a two-octet field in an Ethernet frame that indicates the protocol mint|rarp|wisp|ipx] encapsulated in the payload of the frame The EtherType values are: • 8021q – Indicates the 802.
ACCESS-LIST 12 - 27 12.2.3 permit mac-access-list Configures a permit MAC ACL NOTE: Use a decimal value representation to implement a permit/deny designation for a packet. The command set for MAC ACLs provide the hexadecimal values for each listed EtherType. The wireless controller supports all EtherTypes. Use the decimal equivalent of the EtherType listed for any other EtherType.
12 - 28 WiNG 5.2.6 Wireless Controller CLI Reference Guide type [8021q|<1-65535>|aarp| appletalk |arp|ip|ipv6| mint|rarp|wisp|ipx] Configures the EtherType value An EtherType is a two-octet field in an Ethernet frame that indicates the protocol encapsulated in the payload of the frame The EtherType values are: • 8021q – Indicates a 802.
ACCESS-LIST 12 - 29 Usage Guidelines The permit command in the MAC ACL disallows traffic based on layer 2 (data-link layer) information. A MAC access list permits traffic from a source MAC address or any MAC address. It also has an option to allow traffic from a list of MAC addresses (based on the source mask). The MAC access list can be configured to allow traffic based on VLAN information, or Ethernet type. Common types include: • ARP • WISP • IP • 802.
12 - 30 WiNG 5.2.
CHAPTER 13 DHCP-SERVER-POLICY This chapter summarizes DHCP server policy commands within CLI structure. Dynamic Host Control Protocol (DHCP) is a protocol that automatically assigns network IP addresses to clients to enable them to participate in the network. DHCP keeps track of IP address assignments, their lease times and their availability for use by clients. Use the (config) instance to configure DHCP server policy configuration commands.
13 - 2 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1 dhcp-server-policy Table 13.1summarizes DHCP server policy configuration commands. Table 13.
DHCP-SERVER-POLICY 13 - 3 13.1.1 bootp dhcp-server-policy Configures a BOOTP specific configuration. Bootstrap Protocol (BOOTP) is used by UNIX diskless workstations to obtain the network location of their boot image and IP address. A BOOP configuration server also assigns an IP address from a configured pool of IP addresses.
13 - 4 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.2 dhcp-class dhcp-server-policy A DHCP user class applies different DHCP settings to a set of wireless clients. These wireless clients are grouped under the same DHCP class. This class is configured on the DHCP server to provide differentiated service. Table 13.
DHCP-SERVER-POLICY 13 - 5 13.1.2.1 dhcp-class dhcp-class command Configures a DHCP server class and opens a new mode. For more information, see dhcp-class-mode. Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax dhcp-class Parameters • dhcp-class Sets the DHCP class. If the class does not exist, it is created.
13 - 6 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.2.2 dhcp-class-mode dhcp-class Use DHCP class mode commands to configure a DHCP server class. Table 13.3 summarizes DHCP class commands Table 13.
DHCP-SERVER-POLICY 13 - 7 13.1.2.2.
13 - 8 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.2.2.
DHCP-SERVER-POLICY 13 - 9 13.1.2.2.3 option dhcp-class-mode Configures the DHCP server options for use with this DHCP user class Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax option user-class Parameters • option user-class user-class Configures a DHCP user class options • – Specify the DHCP user class option.
13 - 10 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.3 dhcp-pool dhcp-server-policy The DHCP pool commands create and manage a pool of IP addresses. These IP addresses are assigned to devices using the DHCP protocol. IP addresses have to be unique for each device in the network. As IP addresses are finite, DHCP mechanism enables the reuse of finite addresses by keeping track of their issue, release and reissue.
DHCP-SERVER-POLICY 13 - 11 13.1.3.1 dhcp-pool dhcp pool command Configures a DHCP server address pool. An address pool is a set of IP addresses allocated to devices as they are authorized to access network resources. This enables the reuse of limited IP address resources for deployment in any network. A separate instance opens where you can configure DHCP pool parameters.
13 - 12 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.3.2 dhcp-pool-mode dhcp-pool Configures the DHCP pool commands Table 13.5 summarizes DHCP pool commands Table 13.5 dhcp-pool mode commands Command Description Reference address Specifies a range of addresses for a DHCP pool page 13-13 bootfile Assigns a bootfile name.
DHCP-SERVER-POLICY 13 - 13 13.1.3.2.1address dhcp-pool-mode Specifies a range of addresses for the DHCP pool. This is the range of IP addresses assigned to each device that joins the network.
13 - 14 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.3.2.2 bootfile dhcp-pool-mode The Bootfile command provides a diskless node path to the image file while booting up. Only one file can be configured for each DHCP pool. For more information on the BOOTP protocol with reference to the DHCP policy, see bootp.
DHCP-SERVER-POLICY 13 - 15 13.1.3.2.3 ddns dhcp-pool-mode Configures Dynamic DNS (DDNS) parameters. Dynamic DNS provides a way to access an individual device in a DHCP serviced network using a static device name. Depending on the DHCP server configuration, the IP address of a device changes periodically. To enable the device to be accessible, its current IP address has to be published to a server that can resolve the static device name used to access the device with its changing IP address.
13 - 16 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.3.2.
DHCP-SERVER-POLICY 13 - 17 13.1.3.2.5 dns-server dhcp-pool-mode Configures the DNS server for this network. This DNS server supports all clients connected to the network supported by the DHCP server. For DHCP clients, the DNS server’s IP address maps the hostname to an IP address. DHCP clients use the DNS server’s IP address based on the order (sequence) configured.
13 - 18 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.3.2.6 domain-name dhcp-pool-mode Sets the domain name for the DHCP pool For DHCP clients, the DNS server’s IP address maps the hostname to an IP address. DHCP clients use the DNS server’s IP address based on the order (sequence) configured.
DHCP-SERVER-POLICY 13 - 19 13.1.3.2.
13 - 20 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.3.2.8 lease dhcp-pool-mode The lease is the duration a DHCP issued IP address is valid for a DHCP client. Once this lease expires, and if the lease is not renewed, the IP address is revoked and is available for reuse. Generally, before an IP lease expires, the client tries to get the same IP address issued for the next lease period. The lease period is about 24 hours.
DHCP-SERVER-POLICY 13 - 21 13.1.3.2.9 netbios-name-server dhcp-pool-mode Configures the NetBIOS (WINS) name server’s IP address. This server is used to resolve NetBIOS host names.
13 - 22 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.3.2.10 netbios-node-type dhcp-pool-mode Configures the predefined NetBIOS node type. The NetBIOS node type resolves NetBIOS names to IP addresses.
DHCP-SERVER-POLICY 13 - 23 13.1.3.2.
13 - 24 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.3.2.
DHCP-SERVER-POLICY 13 - 25 Removes an IP address from the list of addresses all Removes configured DHCP IP addresses • no address range no address Resets the DHCP pool addresses range Removes a range of IP address from the list of addresses • – Specify the first IP address in the range. • – Specify the last IP address in the range.
13 - 26 WiNG 5.2.6 Wireless Controller CLI Reference Guide • no static-binding hardware-address no static-binding Removes static bindings for DHCP client hardware-address Resets information based on the hardware address • – Specify the hardware MAC address.
DHCP-SERVER-POLICY 13 - 27 static-binding Configure static binding information static-route Configures static routes installed on DHCP clients update Controls the usage of DDNS service
13 - 28 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.3.2.13 option dhcp-pool-mode Configures raw DHCP options. The DHCP option must be configured under the DHCP server policy. The options configured under the DHCP pool/DHCP server policy can also be used in static-bindings.
DHCP-SERVER-POLICY 13 - 29 13.1.3.2.
13 - 30 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.3.2.15 static-binding dhcp-pool-mode Configures static IP address information for a particular device. Static address binding is executed on the device’s hostname, client identifier, or MAC address. Static bindings allow the configuration of client parameters, such as DHCP server, DNS server, default routers, fixed IP address etc. Table 13.
DHCP-SERVER-POLICY 13 - 31 13.1.3.2.16 static-binding dhcp-pool static-binding command Configures static address bindings. For more information, see static-binding-mode.
13 - 32 WiNG 5.2.
DHCP-SERVER-POLICY 13 - 33 13.1.3.2.17 static-binding-mode Table 13.7 summarizes static binding mode commands Table 13.
13 - 34 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.3.2.18 bootfile static-binding-mode The Bootfile command provides a diskless node the path to the image file used while booting up. Only one file can be configured for each static IP binding. For more information on the BOOTP protocol with reference to static binding, see bootp.
DHCP-SERVER-POLICY 13 - 35 13.1.3.2.
13 - 36 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.3.2.
DHCP-SERVER-POLICY 13 - 37 13.1.3.2.21 dns-server static-binding-mode Configures the DNS server for this static binding configuration. This DNS server supports the client for which the static binding has been configured. For this client, the DNS server’s IP address maps the host name to an IP address. DHCP clients use the DNS server’s IP address based on the order (sequence) configured.
13 - 38 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.3.2.22 domain-name static-binding-mode Sets the domain name for the static binding configuration For this client, the DNS server’s IP address maps the host name to an IP address. DHCP clients use the DNS server’s IP address based on the order (sequence) configured.
DHCP-SERVER-POLICY 13 - 39 13.1.3.2.
13 - 40 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.3.2.24 netbios-name-server static-binding-mode Configures the NetBIOS (WINS) name server’s IP address. This server is used to resolve NetBIOS host names.
DHCP-SERVER-POLICY 13 - 41 13.1.3.2.25 netbios-node-type static-binding-mode Configures different predefined NetBIOS node types. The NetBIOS node defines the way a device resolves NetBIOS names to IP addresses.
13 - 42 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.3.2.
DHCP-SERVER-POLICY 13 - 43 13.1.3.2.
13 - 44 WiNG 5.2.
DHCP-SERVER-POLICY 13 - 45 13.1.3.2.28 option static-binding-mode Configures raw DHCP options. The DHCP option has to be configured in the DHCP policy. The options configured in the DHCP server policy can only be used in static bindings.
13 - 46 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.3.2.
DHCP-SERVER-POLICY 13 - 47 13.1.3.2.
13 - 48 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.3.2.31 static-route dhcp-pool-mode Configures a static route for a DHCP pool. Static routes define a gateway for traffic intended for other networks. This gateway is always used when an IP address does not match any route in the network.
DHCP-SERVER-POLICY 13 - 49 13.1.3.2.32 update dhcp-pool-mode Controls the use of the DDNS service Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax update dns {override} Parameters • update dns {override} dns {override} Configures the DDNS parameters • override – Optional.
13 - 50 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.
DHCP-SERVER-POLICY 13 - 51 Examples rfs7000-37FABE(config-dhcp-policy-test)#no bootp ignore rfs7000-37FABE(config-dhcp-policy-test)# rfs7000-37FABE(config-dhcp-policy-test)#no option test1 rfs7000-37FABE(config-dhcp-policy-test)# Related Commands bootp Configures BOOTP protocol parameters dhcp-class Configures DHCP user class parameters dhcp-pool Configures the DHCP pool option Configures DHCP option values ping Configures the DHCP ping timeout
13 - 52 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.5 option dhcp-server-policy Configures raw DHCP options. The DHCP option has to be configured in the DHCP server policy. The options configured in the DHCP pool/DHCP server policy can also be used in static bindings.
DHCP-SERVER-POLICY 13 - 53 13.1.
13 - 54 WiNG 5.2.
CHAPTER 14 FIREWALL-POLICY A firewall protects a network from attacks and unauthorized access from outside the network. Simultaneously, it allows authorized users to access required resources. Firewalls work on multiple levels. Some work at layers 1, 2 and 3 to inspect each packet. The packet is either passed, dropped or rejected based on rules configured on the firewall. Firewalls use application layer filtering to enforce compliance.
14 - 2 WiNG 5.2.
FIREWALL-POLICY 14 - 3 14.1 firewall-policy Table 14.1 summarizes default firewall policy configuration commands. Table 14.
14 - 4 WiNG 5.2.6 Wireless Controller CLI Reference Guide 14.1.
FIREWALL-POLICY 14 - 5 14.1.2 clamp firewall-policy This option limits the TCP Maximum Segment Size (MSS) to the size of the Maximum Transmission Unit (MTU) discovered by path MTU discovery for the inner protocol. This ensures the packet traverses through the inner protocol without fragmentation.
14 - 6 WiNG 5.2.6 Wireless Controller CLI Reference Guide 14.1.
FIREWALL-POLICY 14 - 7 14.1.
14 - 8 WiNG 5.2.6 Wireless Controller CLI Reference Guide 14.1.
FIREWALL-POLICY 14 - 9 14.1.
14 - 10 WiNG 5.2.
FIREWALL-POLICY 14 - 11 14.1.
14 - 12 WiNG 5.2.6 Wireless Controller CLI Reference Guide fraggle A Fraggle DoS attack checks for UDP packets to or from port 7 or 19 ftp-bounce A FTP bounce attack is a MIM attack that enables an attacker to open a port on a different machine using FTP. FTP requires that when a connection is requested by a client on the FTP port (21), another connection must open between the server and the client.
FIREWALL-POLICY 14 - 13 twinge A twinge attack is a flood of false ICMP packets to try and slow down a system udp-short-hdr Enables the identification of truncated UDP headers and UDP header length fields winnuke This DoS attack is specific to Windows™ 95 and Windows™ NT, causing devices to crash with a blue screen log-and-drop Logs the event and drops the packet log-only Logs the event only, the packet is not dropped log-level Configures the log level <0-7> Sets the numeric logging level ale
14 - 14 WiNG 5.2.6 Wireless Controller CLI Reference Guide ip-ttl-zero Enables a check for the TCP/IP TTL field having a value of zero (0) ipsproof Enables a check for IP spoofing DoS attack land A Local Area Network Denial (LAND) is a DoS attack where IP packets are spoofed and sent to a device where the source IP and destination IP of the packet are the target device’s IP, and similarly, the source port and destination port are open ports on the same device.
FIREWALL-POLICY 14 - 15 • ip dos tcp-max-incomplete [high|low] <1-1000> dos Identifies IP events as DoS events tcp-max-incomplete Sets the limits for the maximum number of incomplete TCP connections high Sets the upper limit for the maximum number of incomplete TCP connections low Sets the lower limit for the maximum number of incomplete TCP connections <1-1000> Sets the limit in the range of 1 - 1000 connections • ip tcp adjust-mss <472-1460> tcp Identifies and configures TCP events and confi
14 - 16 WiNG 5.2.6 Wireless Controller CLI Reference Guide 14.1.
FIREWALL-POLICY 14 - 17 • ip-mac routing conflict drop-only routing Defines a routing table based action conflict Action performed when a conflict exists in the routing table drop-only Drops a packet without logging • ip-mac routing [log-and-drop|log-only] log-level [<0-7>|alerts|critical|debug| emergencies|errors|informational|notifications|warnings] routing Defines a routing table based action conflict Action performed when a conflict exists in the routing table log-and-drop Logs the event a
14 - 18 WiNG 5.2.6 Wireless Controller CLI Reference Guide 14.1.
FIREWALL-POLICY 14 - 19 14.1.
14 - 20 WiNG 5.2.
FIREWALL-POLICY 14 - 21 stateless-fin-or-reset Disables the timeout for TCP flows in stateless FIN or RST status stateless-general Disables the timeout for TCP flows in general stateless states • no ip dos [ascend|broadcast-multicast-icmp|chargen|fraggle|ftp-bounce| invalid-protocol|ip-ttl-zero|ipsproof|land|option-route|router-advt| router-solicit|smurf|snork|tcp-bad-sequence|tcp-fin-scan|tcp-intercept| tcp-null-scan|tcp-post-syn|tcp-sequence-past-window|tcp-xmas-scan|tcphdrfrag| twinge|udp-short-hdr|
14 - 22 WiNG 5.2.6 Wireless Controller CLI Reference Guide router-solicit Disables router-solicit attack checks Router solicitation messages are sent to locate routers as a form of network scanning. This information can then be used to attack a device. smurf Disables smurf attack checks In this attack a large number of ICMP echo packets are sent with a spoofed source address. This causes the device with the spoofed source address to be flooded with a large number of replies.
FIREWALL-POLICY 14 - 23 • no ip tcp [adjust-mss|optimize-unnecessary-resends|recreate-flow-on-out-of-statesyn|validate-icmp-unreachable|validate-rst-ack-number|validate-rst-seq-number] no ip Disables IP DoS events tcp Identifies and disables TCP events and configuration items adjust-mss Disables the adjust MSS configuration optimize-unnecessaryresends Disables the validation of unnecessary TCP packets recreate-flow-on-out-ofstate-sync Disallows a TCP SYN packet to delete an old flow in TCP_FIN_FI
14 - 24 WiNG 5.2.6 Wireless Controller CLI Reference Guide fe <1-4> Disables the FastEthernet port • <1-4> – Sets the FastEthernet port ge <1-8> Disables the Gigabit Ethernet port • <1-8> – Sets the GigabitEthernet port log Disables storm control logging port-channel <1-8> Disables the port channel.
FIREWALL-POLICY 14 - 25 Following is the firewall policy ‘test’ settings after the ‘no’ command is executed: rfs6000-380649(config-fw-policy-test)#no rfs6000-380649(config-fw-policy-test)#no rfs6000-380649(config-fw-policy-test)#no rfs6000-380649(config-fw-policy-test)#no rfs6000-380649(config-fw-policy-test)#no rfs6000-380649(config-fw-policy-test)#no rfs6000-380649(config-fw-policy-test)#no ip dos fraggle dhcp-offer-convert logging malformed-packet-drop flow timeout icmp flow timeout other logging verbo
14 - 26 WiNG 5.2.6 Wireless Controller CLI Reference Guide 14.1.
FIREWALL-POLICY 14 - 27 14.1.
14 - 28 WiNG 5.2.6 Wireless Controller CLI Reference Guide 14.1.13 storm-control firewall policy config commands Storm control limits multicast, unicast and broadcast frames accepted and forwarded by a device.
FIREWALL-POLICY 14 - 29 <0-7> Sets the numeric logging level from 0 - 7 alerts Numerical severity 1. Indicates a condition where immediate action is required critical Numerical severity 2. Indicates a critical condition debugging Numerical severity 7. Debugging messages emergencies Numerical severity 0. System is unusable errors Numerical severity 3. Indicates an error condition informational Numerical severity 6.
14 - 30 WiNG 5.2.6 Wireless Controller CLI Reference Guide 14.1.14 virtual-defragmentation firewall-policy Enables the virtual defragmentation of IPv4 packets. This parameter is required for optimal firewall functionality.
CHAPTER 15 MINT-POLICY This chapter summarizes MiNT policy commands within the CLI structure. All communication using the MiNT transport layer can be optionally secured. This includes confidentiality, integrity and authentication of all communications. In addition, a device can be configured to communicate over MiNT with other devices authorized by an administrator. Use the (config) instance to configure mint-policy related configuration commands.
15 - 2 WiNG 5.2.6 Wireless Controller CLI Reference Guide 15.1 mint-policy Table 15.1 summarizes MiNT policy configuration commands. Table 15.
MINT-POLICY 15 - 3 15.1.
15 - 4 WiNG 5.2.6 Wireless Controller CLI Reference Guide 15.1.2 mtu mint-policy Configures global MiNT Multiple Transmission Unit (MTU). Use this command to specify the maximum packet size, in bytes, for MiNT routing. The higher the MTU values, the greater the network efficiency. The user data per packet increases, while protocol overheads, such as headers or underlying per-packet delays remain the same.
MINT-POLICY 15 - 5 15.1.3 udp mint-policy Configures MiNT UDP/IP encapsulation parameters. Use this command to configure the default UDP port used for MiNT control packet encapsulation.
15 - 6 WiNG 5.2.6 Wireless Controller CLI Reference Guide 15.1.4 no mint-policy Negates a command or reverts values to their default. When used in the config MiNT policy mode, the no command resets or reverts the following global MiNT policy parameters: routing level, MTU, and UDP or IP encapsulation settings.
CHAPTER 16 MANAGEMENT-POLICY This chapter summarizes management policy commands within the CLI structure. A management policy contains configuration elements for managing a device, such as access control, SNMP, admin user credentials, and roles. Use the (config) instance to configure management policy related configuration commands.
16 - 2 WiNG 5.2.6 Wireless Controller CLI Reference Guide 16.1 management-policy Table 16.1 summarizes management policy configuration commands. Table 16.
MANAGEMENT-POLICY 16 - 3 16.1.1 aaa-login management-policy Specifies the Authentication, Authorization and Accounting (AAA) authentication mode used with this management policy. The different modes are: local authentication or external RADIUS server authentication.
16 - 4 WiNG 5.2.6 Wireless Controller CLI Reference Guide fallback Configures TACACS as the primary authentication mode. When TACACS authentication fails, the system uses local authentication. This command configures local authentication as a backup mode.
MANAGEMENT-POLICY 16 - 5 16.1.2 banner management-policy Configures the login banner message. Use this command to display messages to users as they as login.
16 - 6 WiNG 5.2.6 Wireless Controller CLI Reference Guide 16.1.
MANAGEMENT-POLICY 16 - 7 Usage Guidelines The string size of encrypted password (option 1, Password is encrypted with a SHA1 algorithm) must be exactly 40 characters.
16 - 8 WiNG 5.2.6 Wireless Controller CLI Reference Guide 16.1.
MANAGEMENT-POLICY 16 - 9 16.1.
16 - 10 WiNG 5.2.6 Wireless Controller CLI Reference Guide 16.1.6 idle-session-timeout management-policy Configures a session’s idle timeout. After the timeout period has been exceeded, the session is automatically terminated.
MANAGEMENT-POLICY 16 - 11 16.1.7 no management-policy Negates a command or reverts values to their default. When used in the config management policy mode, the no command negates or reverts management policy parameters.
16 - 12 WiNG 5.2.
MANAGEMENT-POLICY 16 - 13 no user Deletes a user account – Specify the username of the account.
16 - 14 WiNG 5.2.6 Wireless Controller CLI Reference Guide 16.1.
MANAGEMENT-POLICY 16 - 15 • restrict-access ip-access-list ip-access-list Uses an IP access list to filter access requests Sets the access list name • restrict-access subnet {log [all|denied-only]} subnet Restricts access to a specified subnet. Uses a subnet IP address to filter access requests • – Sets the IP address of the subnet in the A.B.C.D/M format log [all|denied-only] Optional. Configures a logging policy for access requests.
16 - 16 WiNG 5.2.6 Wireless Controller CLI Reference Guide 16.1.
MANAGEMENT-POLICY 16 - 17 • snmp-server host [v2c|v3] {<1-65535>} host Configures a IP address of the host [v2c|v3] Configures the SNMP version used to send the traps • v2c – Uses SNMP version 2c • v3 – Uses SNMP version 3 <1-65535> Optional. Specifies the UDP port of the host • <1-65535> – Sets a value from 1 - 65535. The default value is 162.
16 - 18 WiNG 5.2.
MANAGEMENT-POLICY 16 - 19 rfs7000-37FABE(config-management-policy-test)#show context management-policy test http server no ssh snmp-server community snmp1 ro snmp-server user snmpmanager v3 encrypted des auth md5 0 motorola123 snmp-server host 172.16.10.
16 - 20 WiNG 5.2.6 Wireless Controller CLI Reference Guide 16.1.10 ssh management-policy Enables SSH for this management policy. SSH encrypts communication between the client and the server.
MANAGEMENT-POLICY 16 - 21 16.1.11 telnet management-policy Enables Telnet. By default Telnet is enabled on Transmission Control Protocol (TCP) port 23. Use this command to change the TCP port. Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax telnet {port <1-65535>} Parameters • telnet {port <1-65535>} telnet Enables Telnet port <1-65535> Optional.
16 - 22 WiNG 5.2.6 Wireless Controller CLI Reference Guide 16.1.
MANAGEMENT-POLICY 16 - 23 Examples rfs7000-37FABE(config-management-policy-test)#user TESTER password moto123 role superuser access all rfs7000-37FABE(config-management-policy-test)#show context management-policy test telnet port 200 http server ssh port 162 user TESTER password 1 92d96356524478e04a6669c0c5a167a2d5f5ed0547c489b0d5b8662d879d3a1e role superuser access all snmp-server community snmp1 ro snmp-server user snmpmanager v3 encrypted des auth md5 0 motorola123 snmp-server enable traps snmp-server
16 - 24 WiNG 5.2.
CHAPTER 17 RADIUS-POLICY This chapter summarizes RADIUS group, server and user policy commands in detail. It is organized as follows: • radius-group • radius-server-policy • radius-user-pool-policy Use the (config) instance to configure RADIUS group commands. This command creates a group within the existing Remote Authentication Dial-in user Service (RADIUS) group.
17 - 2 WiNG 5.2.6 Wireless Controller CLI Reference Guide 17.1 radius-group RADIUS-POLICY Sets RADIUS user group parameters Table 17.1 summarizes RADIUS group configuration commands. Table 17.
RADIUS-POLICY 17 - 3 17.1.1 guest radius-group Manages captive portal guest access. Creates a guest user and associates it with a group. The guest user and policies are used for captive portal authorization to the wireless controller managed network.
17 - 4 WiNG 5.2.6 Wireless Controller CLI Reference Guide 17.1.2 no radius-group Negates a command or sets its default. Removes or modifies the RADIUS group policy settings. When used in the config RADIUS group mode, the no command removes or modifies the following settings: access type, access days, role type, VLAN ID, and SSID.
RADIUS-POLICY 17 - 5 • no policy ssid [|all] no policy ssid Removes the RADIUS group’s SSID • – Specify the RADIUS group SSID • all – Removes all allowed WLANs • no policy [role|time|vlan] no policy role Removes the RADIUS group’s role no policy time Removes the RADIUS group’s start and end access time no policy vlan Removes the RADIUS group’s VLAN ID • no rate-limit [from-air|to-air] no rate-limit Removes RADIUS group’s rate limit from-air Removes the rate limit in the uplink di
17 - 6 WiNG 5.2.6 Wireless Controller CLI Reference Guide 17.1.3 policy radius-group Sets the authorization policies for a RADIUS group, such as access day/time, WLANs etc.
RADIUS-POLICY 17 - 7 • policy role [helpdesk|monitor|network-admin|security-admin|super-user| system-admin|web-user-admin] role [helpdesk|monitor| network-admin| security-admin| super-user| system-admin| web-user-admin] Configures the role assigned to this RADIUS group • helpdesk – Helpdesk administrator. Performs troubleshooting tasks, such as clear statistics, reboot, create and copy tech support dumps • monitor – Monitor. Has read-only access to the system.
17 - 8 WiNG 5.2.
RADIUS-POLICY 17 - 9 17.1.
17 - 10 WiNG 5.2.6 Wireless Controller CLI Reference Guide 17.2 radius-server-policy RADIUS-POLICY Creates an onboard device RADIUS server policy. Use the (config) instance to configure RADIUS-Server-Policy related configuration commands. To navigate to the RADIUSServer-Policy instance, use the following commands: rfs7000-37FABE(config)#radius-server-policy rfs7000-37FABE(config)#radius-server-policy test rfs7000-37FABE(config-radius-server-policy-test)# Table 17.
RADIUS-POLICY 17 - 11 17.2.
17 - 12 WiNG 5.2.6 Wireless Controller CLI Reference Guide 17.2.
RADIUS-POLICY 17 - 13 17.2.
17 - 14 WiNG 5.2.6 Wireless Controller CLI Reference Guide 17.2.
RADIUS-POLICY 17 - 15 17.2.5 ldap-server radius-server-policy Configures LDAP server parameters. Configuring LDAP server allows users to login and authenticate from anywhere on the network.
17 - 16 WiNG 5.2.
RADIUS-POLICY 17 - 17 17.2.
17 - 18 WiNG 5.2.6 Wireless Controller CLI Reference Guide 17.2.
RADIUS-POLICY 17 - 19 17.2.8 no radius-server-policy Negates a command or reverts back to default settings. When used with in the config RADIUS server policy mode, the no command removes settings, such as crl-check, LDAP group verification, RADIUS client etc.
17 - 20 WiNG 5.2.
RADIUS-POLICY 17 - 21 proxy Configures a proxy RADIUS server based on the realm/suffix session-resumption Enables session resumption/fast re-authentication by using cached attributes use Defines settings used with the RADIUS server policy
17 - 22 WiNG 5.2.6 Wireless Controller CLI Reference Guide 17.2.9 proxy radius-server-policy Configures a proxy RADIUS server based on the realm/suffix. The realm identifies where the RADIUS server forwards AAA requests for processing.
RADIUS-POLICY 17 - 23 Usage Guidelines Only five RADIUS proxy servers can be configured. The proxy server attempts six retries before it times out. The retry count defines the number of times the wireless controller transmits each RADIUS request before giving up. The timeout value defines the duration for which the wireless controller waits for a reply to a RADIUS request before retransmitting the request. Examples rfs7000-37FABE(config-radius-server-policy-test)#proxy realm test1 server 172.16.10.
17 - 24 WiNG 5.2.6 Wireless Controller CLI Reference Guide 17.2.
RADIUS-POLICY 17 - 25 17.2.
17 - 26 WiNG 5.2.6 Wireless Controller CLI Reference Guide 17.3 radius-user-pool-policy RADIUS-POLICY Configures a RADIUS user pool policy Use the (config) instance to configure RADIUS user pool policy commands. To navigate to the radius-user-pool-policy instance, use the following commands: rfs7000-37FABE(config)#radius-user-pool-policy rfs7000-37FABE(config)#radius-user-pool-policy testuser rfs7000-37FABE(config-radius-user-pool-testuser)# Table 17.
RADIUS-POLICY 17 - 27 17.3.
17 - 28 WiNG 5.2.6 Wireless Controller CLI Reference Guide 17.3.2 no radius-user-pool-policy Negates a command or sets its default.
CHAPTER 18 RADIO-QOS-POLICY This chapter summarizes the radio QoS policy in detail. Configuring and implementing a radio QOS policy is essential for WLANs with heavy traffic and less bandwidth. The policy enables you to provide preferential service to selected network traffic by controlling bandwidth allocation. The radio QoS policy can be applied to VLANs configured on an access point. In case no VLANs are configured, the radio QoS policy can be applied to an access point’s Ethernet and radio ports.
18 - 2 WiNG 5.2.6 Wireless Controller CLI Reference Guide 18.1 radio-qos-policy Table 18.1 summarizes radio QoS policy configuration commands. Table 18.1 radio-qos policy config commands Command Description Reference acceleratedmulticast Configures multicast streams for acceleration page 18-3 admission-control Enables admission control across all radios for one or more access categories page 18-4 no Negates a command or resets configured settings to their default page 18-6 wmm Configures 802.
RADIO-QOS-POLICY 18 - 3 18.1.1 accelerated-multicast radio-qos-policy Configures multicast streams for acceleration. Multicasting allows the group transmission of data streams.
18 - 4 WiNG 5.2.6 Wireless Controller CLI Reference Guide 18.1.2 admission-control radio-qos-policy Enables admission control across all radios for one or more access categories. Enabling admission control for an access category, ensures clients associated to an access point complete WMM admission control before using that access category.
RADIO-QOS-POLICY 18 - 5 max-roamed-clients <0-256> Optional. Specifies the maximum number of roaming wireless clients admitted to this access category • <0-256> – Specify a value from 0 - 256. This is the maximum number of roaming wireless clients admitted to this access category. the default is 10 roamed clients. reserved-for-roam-percent <0-150> Optional. Calculates the percentage of air time, including oversubscription, allocated exclusively for roaming clients.
18 - 6 WiNG 5.2.6 Wireless Controller CLI Reference Guide 18.1.3 no radio-qos-policy Negates a command or resets configured settings to their default. When used in the radio QOS policy mode, the no command enables the resetting of accelerated multicast parameters, admission control parameters, and MultiMedia parameters.
RADIO-QOS-POLICY 18 - 7 • no admission-control [background|best-effort|video|voice] {max-airtime-percent| max-clients|max-roamed-clients|reserved-for-roam-percent} no admission-control Reverts or resets admission control settings to their default. These controls are configured on a radio for one or more access categories.
18 - 8 WiNG 5.2.
RADIO-QOS-POLICY 18 - 9 18.1.4 wmm radio-qos-policy Configures 802.
18 - 10 WiNG 5.2.
CHAPTER 19 ROLE-POLICY A role policy defines the rules that associates tasks and devices with specific roles. A role is as a class of users with a specific set of requirements and responsibilities. By defining roles, you are actually defining different user groups. A well defined role policy simplifies user management, and is a significant aspect of WLAN management. Use the (config-role-policy) instance to configure role policy related configuration commands.
19 - 2 WiNG 5.2.6 Wireless Controller CLI Reference Guide 19.1 role-policy Table 19.1 summarizes role policy configuration commands. Table 19.
ROLE-POLICY 19 - 3 19.1.1 default-role role-policy Assigns a default role to a wireless client that fails to find a matching role. Use this command to configure a wireless client not matching any role.
19 - 4 WiNG 5.2.6 Wireless Controller CLI Reference Guide Examples rfs7000-37FABE(config-role-policy-test)#default-role use ip-access-list in test precedence 1 rfs7000-37FABE(config-role-policy-test)#show context role-policy test default-role use ip-access-list in test precedence 1 rfs7000-37FABE(config-role-policy-test)# Related Commands no Removes the default role assigned to a client ip-access-list Creates a new IP based access list. Access lists control access to the network using a set of rules.
ROLE-POLICY 19 - 5 19.1.2 no role-policy Negates a command or resets settings to their default. When used in the config role policy mode, the no command removes the default role assigned to a wireless client. It also disables existing user roles from being assigned to new users.
19 - 6 WiNG 5.2.6 Wireless Controller CLI Reference Guide Specifies the MAC access list to remove • – Sets the MAC access list name precedence <1-100> After specifying the MAC access list to remove, specify the ACL precedence value applied. • precedence – Based on the packets received, the lower precedence value is evaluated first. • <1-100> – Specify the precedence value from 1 - 100.
ROLE-POLICY 19 - 7 19.1.3 user-role role-policy This command creates a user defined role and associates it to a role policy. This command defines a number of settings used to assign a user defined role to the role policy. Table 19.
19 - 8 WiNG 5.2.6 Wireless Controller CLI Reference Guide 19.1.3.1 user-role config user role command Creates a user defined role. A user defined role configures a set of rules for this role.
ROLE-POLICY 19 - 9 19.1.3.2 user-role commands config user role command Table 19.3 summarizes user role commands Table 19.
19 - 10 WiNG 5.2.6 Wireless Controller CLI Reference Guide 19.1.3.2.
ROLE-POLICY 19 - 11 19.1.3.2.
19 - 12 WiNG 5.2.6 Wireless Controller CLI Reference Guide 19.1.3.2.
ROLE-POLICY 19 - 13 19.1.3.2.4 encryption-type user-role commands Selects the encryption type for this user role. Encryption ensures privacy of all communication between access points and wireless clients. There are various modes of encrypting communication on a WLAN, such as Counter-model CBC-MAC Protocol (CCMP), Wired Equivalent Privacy (WEP), keyguard, Temporal Key Integrity Protocol (TKIP) etc.
19 - 14 WiNG 5.2.
ROLE-POLICY 19 - 15 19.1.3.2.
19 - 16 WiNG 5.2.6 Wireless Controller CLI Reference Guide 19.1.3.2.
ROLE-POLICY 19 - 17 19.1.3.2.7 no user-role commands Negates a command or resets configured settings to their default. When used in the config role policy user role mode, the no command removes or resets settings, such as AP location, authentication type, encryption type, captive portal etc.
19 - 18 WiNG 5.2.
ROLE-POLICY 19 - 19 19.1.3.2.
19 - 20 WiNG 5.2.6 Wireless Controller CLI Reference Guide 19.1.3.2.
CHAPTER 20 SMART-RF-POLICY This chapter summarizes Smart RF policy commands within the CLI structure. A Self Monitoring at Run Time RF Management (Smart RF) policy defines operating and recovery parameters that can be assigned to groups of access points. A Smart RF policy is designed to scan the network to identify the best channel and transmit power for each access point radio. Use the (config) instance to configure Smart RF Policy related configuration commands.
20 - 2 WiNG 5.2.6 Wireless Controller CLI Reference Guide 20.1 smart-rf-policy Table 20.1summarizes Smart RF policy configuration commands. Table 20.
SMART-RF-POLICY 20 - 3 20.1.1 assignable-power smart-rf-policy Specifies the power range during power assignment Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax assignable-power [2.4GHz|5GHz] [max|min] <1-20> Parameters • assignable-power [2.4GHz|5GHz] [max|min] <1-20> 2.4GHz [max|min] <1-20> Assigns a power range on the 2.
20 - 4 WiNG 5.2.6 Wireless Controller CLI Reference Guide 20.1.2 channel-list smart-rf-policy Assigns the channel list for the selected frequency Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax channel-list [2.4GHz|5GHz] Parameters • channel-list [2.4GHz|5GHz] 2.4GHz Assigns a channel list for the 2.
SMART-RF-POLICY 20 - 5 20.1.3 channel-width smart-rf-policy Selects the channel width for Smart RF configuration Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax channel-width [2.4GHz|5GHz] [20MHz|40MHz|auto] Parameters • channel-width [2.4GHz|5GHz] [20MHz|40MHz|auto] 2.4GHz [20MHz|40MHz| auto] Assigns the channel width for the 2.
20 - 6 WiNG 5.2.6 Wireless Controller CLI Reference Guide 20.1.4 coverage-hole-recovery smart-rf-policy Enables recovery from coverage hole errors detected by Smart RF Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax coverage-hole-recovery {client-threshold|coverage-interval|interval|snr-threshold} coverage-hole-recovery {client-threshold [2.
SMART-RF-POLICY 20 - 7 Examples rfs7000-37FABE(config-smart-rf-policy-test)#coverage-hole-recovery snr-threshold 5GHz 1 rfs7000-37FABE(config-smart-rf-policy-test)#show context smart-rf-policy test auto-assign-sensor assignable-power 5GHz min 8 assignable-power 5GHz max 20 channel-list 2.
20 - 8 WiNG 5.2.6 Wireless Controller CLI Reference Guide 20.1.5 enable smart-rf-policy Enables a Smart RF policy Use this command to enable this Smart RF policy. Once enabled, the policy can be assigned to a RF Domain or used for wireless controller network support.
SMART-RF-POLICY 20 - 9 20.1.
20 - 10 WiNG 5.2.6 Wireless Controller CLI Reference Guide 20.1.7 interference-recovery smart-rf-policy Recovers excessive noise and interference. Enabling interference recovery ensures that noise levels and other RF parameters are continuously monitored on a radio’s current channel. When noise levels exceed the specified noise threshold, Smart RF switches to another channel with less interference.
SMART-RF-POLICY 20 - 11 Examples rfs7000-37FABE(config-smart-rf-policy-test)#interference-recovery channel-switchdelta 5 5 rfs7000-37FABE(config-smart-rf-policy-test)#show context smart-rf-policy test auto-assign-sensor group-by floor assignable-power 5GHz min 8 assignable-power 5GHz max 20 channel-list 2.
20 - 12 WiNG 5.2.6 Wireless Controller CLI Reference Guide 20.1.8 neighbor-recovery smart-rf-policy Enables recovery from errors due to faulty neighbor radios. Enabling neighbor recovery ensures automatic recovery when a radio fails within the radio coverage area. Smart RF instructs neighboring access points to increase their transmit power to compensate for the failed radio.
SMART-RF-POLICY 20 - 13 Examples rfs7000-37FABE(config-smart-rf-policy-test)#neighbor-recovery power-threshold 2.4 82 rfs7000-37FABE(config-smart-rf-policy-test)#neighbor-recovery power-threshold 5 -65 rfs7000-37FABE(config-smart-rf-policy-test)#show context smart-rf-policy test auto-assign-sensor group-by floor assignable-power 5GHz min 8 assignable-power 5GHz max 20 channel-list 2.
20 - 14 WiNG 5.2.6 Wireless Controller CLI Reference Guide 20.1.9 no smart-rf-policy Negates a command or sets its default. When used in the config Smart RF policy mode, the no command disables or resets Smart RF settings.
SMART-RF-POLICY 20 - 15 Related Commands assignable-power Assigns the power range channel-list Assigns the channel list for the selected frequency channel-width Selects the channel width for Smart RF configuration coverage-hole-recovery Enables recovery from coverage hole errors enable Enables the configured Smart RF policy features group-by Configures grouping parameters on this Smart RF policy interference-recovery Enables recovery of errors due to excessive noise and interference neighbor
20 - 16 WiNG 5.2.6 Wireless Controller CLI Reference Guide 20.1.
SMART-RF-POLICY 20 - 17 20.1.
20 - 18 WiNG 5.2.6 Wireless Controller CLI Reference Guide • smart-ocs-monitoring {frequency [2.4GHz|5GHz] [<1-120>]} frequency Optional. Specifies the frequency the channel must be switched. Sets the value, in seconds, from 1 - 120 2.4GHz <1-20> Selects the 2.4GHz band • <1-20> – Sets a scan frequency from 1 - 120 seconds. The default is 6 seconds. 5GHz <1-20> Selects the 5GHz band • <1-20> – Sets a scan frequency from 1 - 120 seconds. The default is 6 seconds.
SMART-RF-POLICY 20 - 19 • smart-ocs-monitoring {voice-aware [2.4GHz|5GHz] [dynamic|strict]} voice-aware Optional. Enables voice aware scanning on this Smart RF policy 2.4Ghz [dynamic|strict] Specifies the scanning mode on the 2.4GHz band • dynamic – Dynamically avoids scanning based on traffic for voice clients • strict – Strictly avoids scanning when voice clients are present The default is dynamic.
20 - 20 WiNG 5.2.6 Wireless Controller CLI Reference Guide 20.1.12 smart-ocs-monitoring (ap7161) smart-rf-policy Enables automatic channel selection on an AP7161 model access point, provided radio meshpoint is configured. Use this command to configure meshpoint on an AP7161.
CHAPTER 21 WIPS-POLICY This chapter summarizes WIPS policy commands in detail. The Wireless Intrusion Protection Systems (WIPS) is an additional measure of security designed to continuously monitor the network for threats and intrusions. Along with wireless VPNs, encryptions and authentication policies, WIPS enhances the security of a WLAN. The wireless controller supports WIPS through the use of sensor devices that locate unauthorized access points.
21 - 2 WiNG 5.2.6 Wireless Controller CLI Reference Guide 21.1 wips-policy Table 21.1 summarizes WIPS policy configuration commands. Table 21.
WIPS-POLICY 21 - 3 21.1.1 ap-detection wips-policy Enables the detection of unauthorized or unsanctioned APs. Unauthorized APs are untrusted access points connected to an access point managed network. These untrusted APs accept wireless client associations. It is important to detect such rogue APs and declare them unauthorized.
21 - 4 WiNG 5.2.6 Wireless Controller CLI Reference Guide 21.1.
WIPS-POLICY 21 - 5 21.1.3 event wips-policy Configures events, filters and threshold values for this WIPS policy. Events have been grouped into three categories, AP anomaly, client anomaly, and excessive. WLANs are baselined for matching criteria. Any deviation from this baseline is considered an anomaly and logged as an event.
21 - 6 WiNG 5.2.6 Wireless Controller CLI Reference Guide • event client-anomaly [crackable-wep-iv-key-used|dos-broadcast-deauth| fuzzing-all-zero-macs|fuzzing-invalid-frame-type|fuzzing-invalid-mgmt-frames| fuzzing-invalid-seq-num|identical-src-and-dest-addr|invalid-8021x-frames| netstumbler-generic|non-changing-wep-iv|tkip-mic-counter-measures|wellenreiter] {filter-ageout [<0-86400>]} client-anomaly Enables client anomaly event tracking.
WIPS-POLICY 21 - 7 dos-eapol-start-storm Tracks DoS EAPOL start storms dos-unicast-deauth-ordisassoc Tracks DoS dissociation or deauthentication floods eap-flood Tracks EAP floods eap-nak-flood Tracks EAP NAK floods frames-from-unassoc-station Tracks frames from unassociated clients filter-ageout <0-86400> Optional. Configures a filter expiration interval in seconds. It sets the duration for which the client is filtered.
21 - 8 WiNG 5.2.6 Wireless Controller CLI Reference Guide 21.1.
WIPS-POLICY 21 - 9 21.1.5 no wips-policy Negates a command or resets configured settings to their default. When used in the config WIPS policy mode, the no command negates or resets filters and threshold values.
21 - 10 WiNG 5.2.
WIPS-POLICY 21 - 11 • no event excessive [80211-replay-check-failure|aggressive-scanning| auth-server-failures|decryption-failures|dos-assoc-or-auth-flood| dos-eapol-start-storm |dos-unicast-deauth-or-disassoc|eap-flood|eap-nak-flood| frames-from-unassoc-station] {filter-ageout [<0-86400>]| threshold-client [<0-65535>]|threshold-radio [<0-65535>]} no event Disables WIPS policy event tracking settings excessive Disables the tracking of excessive events.
21 - 12 WiNG 5.2.6 Wireless Controller CLI Reference Guide Usage Guidelines The no command negates any command associated with it. Wherever required, use the same parameters associated with the command getting negated.
WIPS-POLICY 21 - 13 21.1.6 signature wips-policy Attack and intrusion patterns are identified and configured as signatures in a WIPS policy. The WIPS policy compares packets in the network with pre configured signatures to identify threats. When a threat is identified, the WIPS policy takes adequate actions. Table 21.
21 - 14 WiNG 5.2.6 Wireless Controller CLI Reference Guide 21.1.6.1 signature config signature command Configures a WIPS policy signature. For more information, see signature mode commands.
WIPS-POLICY 21 - 15 21.1.6.2 signature mode commands config signature command Table 21.3 summarizes signature commands Table 21.
21 - 16 WiNG 5.2.6 Wireless Controller CLI Reference Guide 21.1.6.2.
WIPS-POLICY 21 - 17 21.1.6.2.
21 - 18 WiNG 5.2.6 Wireless Controller CLI Reference Guide 21.1.6.2.3 filter-ageout signature mode commands Configures the filter ageout interval in seconds. This is the duration a client, triggering a WIPS event, is excluded from RF Domain manager radio association.
WIPS-POLICY 21 - 19 21.1.6.2.
21 - 20 WiNG 5.2.6 Wireless Controller CLI Reference Guide 21.1.6.2.
WIPS-POLICY 21 - 21 21.1.6.2.6 payload signature mode commands Configures payload settings. The payload command sets a numerical index pattern and offset for this WIPS signature.
21 - 22 WiNG 5.2.6 Wireless Controller CLI Reference Guide 21.1.6.2.
WIPS-POLICY 21 - 23 21.1.6.2.
21 - 24 WiNG 5.2.6 Wireless Controller CLI Reference Guide 21.1.6.2.9 threshold-client signature mode commands Configures wireless client’s threshold limit. When the wireless client exceeds the specified limit, an event is triggered.
WIPS-POLICY 21 - 25 21.1.6.2.10 threshold-radio signature mode commands Configures radio’s threshold limit. When the radio exceeds the specified limit, an event is triggered.
21 - 26 WiNG 5.2.6 Wireless Controller CLI Reference Guide 21.1.6.2.11 no signature mode commands Negates a command or resets settings to their default. When used in the config WIPS policy signature mode, the no command resets or removes WIPS signature settings.
WIPS-POLICY 21 - 27 Examples The following is the WIPS signature before the execution of the no command: rfs7000-37FABE(config-test-signature-test)#show context signature symbol bssid 11-22-33-44-55-66 src-mac 00-1E-E5-EA-1D-60 dst-mac 55-66-77-88-99-00 frame-type beacon ssid-match ssid PrinterLan filter-ageout 8 threshold-client 88 threshold-radio 88 payload 1 pattern motorola offset 1 rfs7000-37FABE(config-test-signature-test)# The following is the WIPS signature after the execution of the no command: r
21 - 28 WiNG 5.2.6 Wireless Controller CLI Reference Guide 21.1.7 use config-wips policy config command Enables device categorization on this WIPS policy. This command uses an existing device categorization list, or creates a new device categorization list. The list categorizes devices as authorized or unauthorized.
CHAPTER 22 WLAN-QOS-POLICY This chapter summarizes the WLAN QoS policy in detail. A WLAN QoS policy increases network efficiency by prioritizing data traffic. Prioritization reduces congestion. This is essential because of the lack of bandwidth for all users and applications. QoS ensures WLANs get a share of the bandwidth equally or per the configured proportion. Each WLAN QoS policy has a set of parameters which it groups into categories, such as management, voice and data.
22 - 2 WiNG 5.2.6 Wireless Controller CLI Reference Guide 22.1 wlan-qos-policy Table 22.1 summarizes WLAN QoS policy configuration commands. Table 22.
WLAN-QOS-POLICY 22 - 3 22.1.
22 - 4 WiNG 5.2.6 Wireless Controller CLI Reference Guide 22.1.2 classification wlan-qos-policy Specifies how traffic on this WLAN is classified. This classification is based on relative prioritization on the radio.
WLAN-QOS-POLICY 22 - 5 normal Specifies all WLAN non-WMM client traffic is classified and treated as normal priority packets (best effort) low Specifies all WLAN non-WMM client traffic is classified and treated as low priority packets (background) Examples rfs7000-37FABE(config-wlan-qos-test)#classification wmm rfs7000-37FABE(config-wlan-qos-test)#classification non-wmm video rfs7000-37FABE(config-wlan-qos-test)#classification non-unicast normal rfs7000-37FABE(config-wlan-qos-test)#show context wlan-q
22 - 6 WiNG 5.2.6 Wireless Controller CLI Reference Guide 22.1.3 multicast-mask wlan-qos-policy Configure an egress prioritization multicast mask for this WLAN QoS policy. By configuring a primary or secondary prioritization multicast mask, the network administrator can indicate which packets are to be transmitted immediately.
WLAN-QOS-POLICY 22 - 7 22.1.
22 - 8 WiNG 5.2.6 Wireless Controller CLI Reference Guide • no rate-limit [client|wlan] [from-air|to-air] [max-burst-size|rate| red-threshold [background|best-effort|video|voice] no rate-limit [client|wlan] Disables traffic rate limit parameters • Disables client traffic rate limits • Disables WLAN traffic rate limits [from-air|to-air] The following are common to the client and WLAN parameters: • from-air – Removes client/WLAN traffic rate limits in the up link direction.
WLAN-QOS-POLICY 22 - 9 Related Commands accelerated-multicast Configures the accelerated multicast streams address and forwards the QoS classification classification Classifies WLAN traffic based on priority multicast-mask Configures the egress prioritization multicast mask qos Defines the QoS configuration rate-limit Configures a WLAN’s traffic rate limits svp-prioritization Enables Spectralink voice protocol support on a WLAN voice-prioritization Prioritizes voice client over other clients
22 - 10 WiNG 5.2.6 Wireless Controller CLI Reference Guide 22.1.5 qos wlan-qos-policy Enables QoS on this WLAN Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, WF5100 Syntax qos trust [dscp|wmm] Parameters • qos trust [dscp|wmm] trust [dscp|wmm] Trusts the QoS values of ingressing packets • dscp – Trusts the IP DSCP values of ingressing packets • wmm – Trusts the 802.
WLAN-QOS-POLICY 22 - 11 22.1.
22 - 12 WiNG 5.2.
WLAN-QOS-POLICY 22 - 13 22.1.7 svp-prioritization wlan-qos-policy Enables WLAN SVP support on this WLAN QoS policy. Enabling SVP enables the wireless controller to identify and prioritize traffic from Spectralink/Ploycomm phones. This feature is enabled by default.
22 - 14 WiNG 5.2.6 Wireless Controller CLI Reference Guide 22.1.8 voice-prioritization wlan-qos-policy Prioritizes voice clients over other clients (for non-WMM clients). This feature is enabled by default.
WLAN-QOS-POLICY 22 - 15 22.1.9 wmm wlan-qos-policy Configures 802.
22 - 16 WiNG 5.2.6 Wireless Controller CLI Reference Guide cw-max <0-15> Configures the maximum contention window. Wireless clients pick a number between 0 and the minimum contention window to wait before retransmission. Wireless clients then double their wait time on a collision, until it reaches the maximum contention window. This parameter is common to background, best effort, video and voice.
CHAPTER 23 INTERFACE-RADIO COMMANDS Use the (config-profile-default-RFS4000) instance to configure radio instances associated with the wireless controller.
23 - 2 WiNG 5.2.
INTERFACE-RADIO COMMANDS 23 - 3 23.1 interface-radio Instance Table 23.1 summarizes interface radio configuration commands. Table 23.1 interface-radio config commands Commands Description Reference aeroscout Enables Aeroscout Multicast packet forwarding page 23-5 aggregation Configures 802.
23 - 4 WiNG 5.2.6 Wireless Controller CLI Reference Guide Table 23.
INTERFACE-RADIO COMMANDS 23 - 5 23.1.1 aeroscout interface-radio Instance Enables Aeroscout Multicast packet forwarding Supported in the following platforms: • Wireless Controller — RFS4011 Syntax aeroscout [forward|mac ] Parameters • aeroscout [forward|mac ] forward Enables Aeroscout Multicast packet forwarding mac Configures the multicast MAC address to forward the packets • – Specify the multicast MAC address in the AA-BB-CC-DD-EE-FF format.
23 - 6 WiNG 5.2.6 Wireless Controller CLI Reference Guide 23.1.2 aggregation interface-radio Instance Configures 802.11n frame aggregation. Frame aggregation increases throughput by sending two or more data frames in a single transmission. There are two types of frame aggregation: MAC Service Data Unit (MSDU) aggregation and MAC Protocol Data Unit (MPDU) aggregation. Both modes group several data frames into one large data frame.
INTERFACE-RADIO COMMANDS 23 - 7 max-aggr-size Configures AMPDU packet size limits. Configure the packet size limit on packets both transmitted and received. rx [8191|16383| 32767|65535] Configures the limit on received frames • 8191 – Advertises a maximum of 8191 bytes • 16383 – Advertises a maximum of 16383 bytes • 32767 – Advertises a maximum of 32767 bytes • 65536 – Advertises a maximum of 65535 bytes • aggregation ampdu max-aggr-size tx [<0-65535>] aggregation Configures 802.
23 - 8 WiNG 5.2.
INTERFACE-RADIO COMMANDS 23 - 9 23.1.3 airtime-fairness interface-radio Instance Enables equal access for wireless clients based on their airtime usage Supported in the following platforms: • Wireless Controller — RFS4011 Syntax airtime-fairness {prefer-ht} {weight [<1-10>]} Parameters • airtime-fairness {prefer-ht} {weight [<1-10>]} airtime-fairness Enables equal access for wireless clients based on their airtime usage prefer-ht Optional. Gives preference to high throughput (802.
23 - 10 WiNG 5.2.6 Wireless Controller CLI Reference Guide 23.1.
INTERFACE-RADIO COMMANDS 23 - 11 23.1.5 antenna-gain interface-radio Instance Configures the antenna gain value of the selected radio. Antenna gain defines the ability of an antenna to convert power into radio waves and vice versa. Supported in the following platforms: • Wireless Controller — RFS4011 Syntax antenna-gain <0.0-15.0> Parameters • antenna-gain <0.0-15.0> <0.0-15.0> Sets the antenna gain from 0.0 - 15.
23 - 12 WiNG 5.2.6 Wireless Controller CLI Reference Guide 23.1.
INTERFACE-RADIO COMMANDS 23 - 13 23.1.7 beacon interface-radio Instance Configures radio beacon parameters. Beacons are packets sent by the access point to synchronize a wireless network.
23 - 14 WiNG 5.2.
INTERFACE-RADIO COMMANDS 23 - 15 23.1.
23 - 16 WiNG 5.2.6 Wireless Controller CLI Reference Guide 23.1.9 data-rates interface-radio Instance Configures the 802.11 data rates on this radio Supported in the following platforms: • Wireless Controller — RFS4011 Syntax data-rates [b-only|g-only|a-only|bg|bgn|gn|an|default|custom|mcs] data-rates [b-only|g-only|a-only|bg|bgn|gn|an|default] data-rates custom [1|2|5.5|6|9|11|12|18|24|36|48|54|mcs0-7|mcs8-15|mcs16-23| mcs0-15|mcs8-23|mcs0-23|basic-1|basic-2| basic-5.
INTERFACE-RADIO COMMANDS 23 - 17 • • • • • • • • • • • • • • • • • • • mcs0-7 – Modulation and Coding Scheme 0-7 mcs8-15 – Modulation and Coding Scheme 8-15 mcs16-23 – Modulation and Coding Scheme 16-23 mcs0-15 – Modulation and Coding Scheme 0-15 mcs8-23 – Modulation and Coding Scheme 8-23 mcs0-23 – Modulation and Coding Scheme 0-23 basic-1 – Basic 1-Mbps basic-2 – Basic 2-Mbps basic-5.5 – Basic 5.
23 - 18 WiNG 5.2.
INTERFACE-RADIO COMMANDS 23 - 19 23.1.
23 - 20 WiNG 5.2.6 Wireless Controller CLI Reference Guide 23.1.
INTERFACE-RADIO COMMANDS 23 - 21 23.1.
23 - 22 WiNG 5.2.6 Wireless Controller CLI Reference Guide 23.1.13 ekahau interface-radio Instance Enables Ekahau multicast packet forwarding Supported in the following platforms: • Wireless Controller — RFS4011 Syntax ekahau [forward|mac ] ekahau forward ip port <0-65535> Parameters • ekahau [forward|mac ] forward ip port <0-65535> Enables multicast packet forwarding to the Ekahau engine • ip – Configures the IP address of the Ekahau engine in the A.B.C.
INTERFACE-RADIO COMMANDS 23 - 23 23.1.14 guard-interval interface-radio Instance Configures the 802.11n guard interval. A guard interval ensures distinct transmissions do not interfere with one another. It provides immunity to propagation delays, echoes and reflection of radio signals.
23 - 24 WiNG 5.2.6 Wireless Controller CLI Reference Guide 23.1.
INTERFACE-RADIO COMMANDS 23 - 25 23.1.16 max-clients interface-radio Instance Configures the maximum number of wireless clients allowed to associate with this radio Supported in the following platforms: • Wireless Controller — RFS4011 Syntax max-clients <0-256> Parameters • max-clients <0-256> <0-256> Configures the maximum number of clients allowed to associate with a radio. Specify a value from 0 - 256.
23 - 26 WiNG 5.2.6 Wireless Controller CLI Reference Guide 23.1.17 mesh interface-radio Instance Use this command to configure radio mesh parameters. A Wireless Mesh Network (WMN) is a network of radio nodes organized in a mesh topology. It consists of mesh clients, mesh routers, and gateways.
INTERFACE-RADIO COMMANDS 23 - 27 23.1.18 no interface-radio Instance Negates a command or resets settings to their default. When used in the config RFS4000 radio Interface mode, the no command disables or resets radio interface settings. Supported in the following platforms: • Wireless Controller — RFS4011 Syntax no Parameters None Usage Guidelines The no command negates any command associated with it. Wherever required, use the same parameters associated with the command getting negated.
23 - 28 WiNG 5.2.
INTERFACE-RADIO COMMANDS 23 - 29 antenna-mode Configures the radio antenna mode (the number of transmit and receive antennas) beacon Configure beacon parameters channel Configures a radio channel of operation data-rates Configures 802.
23 - 30 WiNG 5.2.6 Wireless Controller CLI Reference Guide 23.1.19 non-unicast interface-radio Instance Configures the handling of non unicast frames on this radio. Enables the forwarding of multicast and broadcast frames by this radio.
INTERFACE-RADIO COMMANDS 23 - 31 dynamic-all Dynamically selects a rate from all supported rates based on current traffic conditions dynamic-basic Dynamically selects a rate from all supported basic rates based on current traffic conditions highest-basic Uses the highest configured basic rate lowest-basic Uses the lowest configured basic rate Examples RFS4000-880DA7(config-profile-default_RFS4000-if-radio1)#non-unicast queue bss 2 3 RFS4000-880DA7(config-profile-default_RFS4000-if-radio1)#non-unic
23 - 32 WiNG 5.2.6 Wireless Controller CLI Reference Guide 23.1.20 off-channel-scan interface-radio Instance Enables selected radio’s off channel scanning parameters Supported in the following platforms: • Wireless Controller — RFS4011 Syntax off-channel-scan {channel-list|max-multicast|scan-interval|sniffer-redirect} off-channel-scan {channel-list [2.
INTERFACE-RADIO COMMANDS 23 - 33 Examples RFS4000-880DA7(config-profile-default_RFS4000-if-radio1)#off-channel-scan channellist 2.4GHz 1 RFS4000-880DA7(config-profile-default_RFS4000-if-radio1)#show context interface radio1 data-rates custom basic-mcs0-7 mesh preferred-peer 2 11-22-33-44-55-66 beacon period 50 off-channel-scan channel-list 2.
23 - 34 WiNG 5.2.6 Wireless Controller CLI Reference Guide 23.1.
INTERFACE-RADIO COMMANDS 23 - 35 23.1.
23 - 36 WiNG 5.2.6 Wireless Controller CLI Reference Guide 23.1.
INTERFACE-RADIO COMMANDS 23 - 37 23.1.24 probe-response interface-radio Instance Configures transmission parameters for probe response frames.
23 - 38 WiNG 5.2.6 Wireless Controller CLI Reference Guide 23.1.
INTERFACE-RADIO COMMANDS 23 - 39 23.1.26 rf-mode interface-radio Instance Configures the radio’s RF mode Supported in the following platforms: • Wireless Controller — RFS4011 Syntax rf-mode [2.4GHz-wlan|4.9GHz-wlan|5GHz-wlan|sensor] Parameters • rf-mode [2.4GHz-wlan|4.9GHz-wlan|5GHz-wlan|sensor] rf-mode Configures the radio RF mode 2.4GHz-wlan Provides WLAN service in the 2.4GHz bandwidth 4.9GHz-wlan Provides WLAN service in the 4.
23 - 40 WiNG 5.2.6 Wireless Controller CLI Reference Guide 23.1.
INTERFACE-RADIO COMMANDS 23 - 41 23.1.28 rts-threshold interface-radio Instance Configures the RTS threshold value on this radio Supported in the following platforms: • Wireless Controller — RFS4011 Syntax rts-threshold <1-2347> Parameters • rts-threshold <1-2347> <1-2347> Specify the RTS threshold value from 0 - 2347 bytes.
23 - 42 WiNG 5.2.6 Wireless Controller CLI Reference Guide 23.1.
INTERFACE-RADIO COMMANDS 23 - 43 23.1.
23 - 44 WiNG 5.2.6 Wireless Controller CLI Reference Guide 23.1.31 stbc interface-radio Instance Configures radio’s Space Time Block Coding (STBC) mode. STBC is a pre-transmission encoding scheme providing an improved SNR ratio (even at a single RF receiver). STBC transmits multiple data stream copies across multiple antennas. The receiver combines the multiple copies into one to retrieve data from the signal.
INTERFACE-RADIO COMMANDS 23 - 45 23.1.32 txbf interface-radio Instance Enables transmit Beamforming on the selected radio. Transmit Beamforming enhances the reliability and performance of beamformed links by allowing the transmitter to generate signals that can be optimally received. The transmitter sends out a sounding signal and listens for a response from the receiver.
23 - 46 WiNG 5.2.6 Wireless Controller CLI Reference Guide Examples RFS4000-880DA7(config-profile-default_RFS4000-if-radio1)#txbf explicitnoncompressed-compressed RFS4000-880DA7(config-profile-default_RFS4000-if-radio1)#show context interface radio1 rf-mode sensor placement outdoor mesh preferred-peer 2 11-22-33-44-55-66 .........................................................
INTERFACE-RADIO COMMANDS 23 - 47 23.1.
23 - 48 WiNG 5.2.6 Wireless Controller CLI Reference Guide 23.1.34 wireless-client interface-radio Instance Configures wireless client parameters on this radio Supported in the following platforms: • Wireless Controller — RFS4011 Syntax wireless-client tx-power [<0-20>|mode] wireless-client tx-power mode [802.11d {symbol-ie}|symbol-ie {802.
INTERFACE-RADIO COMMANDS 23 - 49 23.1.35 wlan interface-radio Instance Enables a WLAN on this radio Supported in the following platforms: • Wireless Controller — RFS4011 Syntax wlan {bss|primary} wlan bss <1-8> {primary} Parameters • wlan bss <1-8> {primary} {bss <1-8> |primary} Specify the WLAN name (it must have been already created and configured) • bss <1-8> – Optional.
23 - 50 WiNG 5.2.
CHAPTER 24 AAA-TACACS-POLICY This chapter summarizes the Terminal Access Control Access-Control System (TACACS) policy commands within the CLI structure. Use the (config) instance to configure AAA-TACACS policy commands.
24 - 2 WiNG 5.2.6 Wireless Controller CLI Reference Guide 24.1 aaa-tacacs-policy Table 24.1 summarizes AAA-TACACS policy configuration commands. Table 24.
AAA-TACACS-POLICY 24 - 3 24.1.1 accounting aaa-tacacs-policy Configures the server type and interval at which interim accounting updates are sent to the server. Up to 2 accounting servers can be configured.
24 - 4 WiNG 5.2.6 Wireless Controller CLI Reference Guide authenticated-servernumber Sets the authentication server as the accounting server This parameter indicates the same server is used for authentication and accounting. The server is referred to by its index or number. authorized-server-host Sets the authentication server as the accounting server This parameter indicates the same server is used for authentication and accounting. The server is referred to by its hostname.
AAA-TACACS-POLICY 24 - 5 Examples rfs7000-37FABE(config-aaa-tacacs-policy-test)#accounting auth-fail rfs7000-37FABE(config-aaa-tacacs-policy-test)# rfs7000-37FABE(config-aaa-tacacs-policy-test)#accounting commands rfs7000-37FABE(config-aaa-tacacs-policy-test)# rfs7000-37FABE(config-aaa-tacacs-policy-test)#accounting server preference none rfs7000-37FABE(config-aaa-tacacs-policy-test)# rfs7000-37FABE(config-aaa-tacacs-policy-test)#accounting server preference authenticated-server-host rfs7000-37FABE(config
24 - 6 WiNG 5.2.6 Wireless Controller CLI Reference Guide 24.1.
AAA-TACACS-POLICY 24 - 7 port <1-65535> Optional. Specifies the RADIUS server port (this port is used to connect to the RADIUS server) • <1-65535> – Specify a value from 1 - 65535. • authentication server <1-2> retry-timeout-factor <50-200> server <1-2> Configures a RADIUS authentication server. Up to 2 RADIUS servers can be configured • <1-2> – Specify the RADIUS server index from 1 - 2.
24 - 8 WiNG 5.2.6 Wireless Controller CLI Reference Guide 24.1.
AAA-TACACS-POLICY 24 - 9 • authorization server <1-2> retry-timeout-factor <50-200> server <1-2> Configures a RADIUS authorization server. Up to 2 RADIUS servers can be configured • <1-2> – Specify the RADIUS server index from 1 - 2. retry-timeout-factor <50-200> Configures the scaling of timeouts between two consecutive RADIUS authorization retries • <50-200> – Specify the scaling factor from 50 - 200.
24 - 10 WiNG 5.2.6 Wireless Controller CLI Reference Guide 24.1.
CHAPTER 25 FIREWALL LOGGING This chapter summarizes firewall logging commands within the CLI. The firewall uses logging to send system messages to one or more logging destinations, where they can be collected, archived and reviewed. Set the logging level to define which messages are sent to each of the target destinations.
25 - 2 WiNG 5.2.6 Wireless Controller CLI Reference Guide 25.
FIREWALL LOGGING 25 - 3 25.1.
25 - 4 WiNG 5.2.6 Wireless Controller CLI Reference Guide 25.1.2 FTP data connection log An ACL rule has to be applied and logging has to be enabled to generate a FTP data collection log. The FTP connection is Control Connection Jul 25 11:10:17 2011: %DATAPLANE-5-LOGRULEHIT: Matched ACL:ftpuser:ip Rule:0 Disposition:Allow Packet Src MAC:<00-19-B9-6B-DA-77> Dst MAC:<00-15-70-81-91-6A> Ethertype:0x0800 Src IP:192.168.1.99 Dst IP:192.168.2.
FIREWALL LOGGING 25 - 5 25.1.3 UDP packets log In both DHCP release and DHCP renew scenarios, the destination port 67 is logged. DHCP Release Jul 25 11:57:43 2011: %DATAPLANE-5-LOGRULEHIT: Matched ACL:ftpuser:ip Rule:1 Disposition:Allow Packet Src MAC:<00-11-25-14-D9-E2> Dst MAC:<00-15-70-81-91-6A> Ethertype:0x0800 Src IP:192.168.2.102 Dst IP:172.16.31.196 Proto:17 Src Port:68 Dst Port:67.
25 - 6 WiNG 5.2.6 Wireless Controller CLI Reference Guide 25.1.4 ICMP type logs The example below displays an ICMP Type as 13 and an ICMP Code as 0: Jul 25 12:00:00 2011: %DATAPLANE-5-LOGRULEHIT: Matched ACL:ftpuser:ip Rule:0 Disposition:Allow Packet Src MAC:<00-11-25-14-D9-E2> Dst MAC:<00-15-70-81-91-6A> Ethertype:0x0800 Src IP:192.168.2.102 Dst IP:192.168.1.103 Proto:1 ICMP Type:13 ICMP Code:0.
FIREWALL LOGGING 25 - 7 25.1.5 ICMP type logs The following example displays an ICMP Type as 3 and a Code as 3: Jul 25 12:03:00 2011: %DATAPLANE-5-ICMPPKTDROP: Dropping ICMP Packet from 192.168.1.104 to 192.168.2.102, with ProtocolNumber:1 ICMP code 3 and ICMP type 3. Reason: no flow matching payload of ICMP Error.
25 - 8 WiNG 5.2.6 Wireless Controller CLI Reference Guide 25.1.6 Raw IP Protocol logs The following example displays a TCP header length as less than 20 bytes: Jul 25 12:11:50 2011: %DATAPLANE-4-DOSATTACK: INVALID PACKET: TCP header length less than 20 bytes : Src IP : 192.168.2.102, Dst IP: 192.168.1.104, Src Mac: 00-11-25-14-D9-E2, Dst Mac: 00-15-70-81-91-6A, Proto = 6.
FIREWALL LOGGING 25 - 9 25.1.7 Raw IP Protocol logs The following example displays TCP without data: Jul 25 12:16:50 2011: %DATAPLANE-4-DOSATTACK: INVALID PACKET: TCP header length less than 20 bytes : Src IP : 192.168.2.102, Dst IP: 192.168.1.104, Src Mac: 00-11-25-14-D9-E2, Dst Mac: 00-15-70-81-91-6A, Proto = 6. Jul 25 12:16:55 2011: %DATAPLANE-5-MALFORMEDIP: Dropping IPv4 Packet from 192.168.2.102 to 192.168.1.104 Protocol Number: 6. Reason: malformed TCP header.
25 - 10 WiNG 5.2.6 Wireless Controller CLI Reference Guide 25.1.8 Firewall startup log The following example displays an enabled firewall. A firewall enabled message is displayed in bold. System bootup time (via /proc/uptime) was 93.42 42.52 Please press Enter to activate this console. May 19 20:10:09 2010: %NSM-4-IFUP: Interface vlan2 is up Jul 25 12:25:09 2011: KERN: vlan2: add 01:00:5e:00:00:01 mcast address to master interface.
FIREWALL LOGGING 25 - 11 25.1.9 Manual time change log The following example displays the manual time change log. The clock is manually set to Jul 25 12:25:33 2011.
25 - 12 WiNG 5.2.6 Wireless Controller CLI Reference Guide 25.1.
FIREWALL LOGGING 25 - 13 IP ACL on GE Port Remove July 28 12:49:20 2011: %CFGD-6-ACL_ATTACHED_ALTERED: USER: root session 3: ACL attached to interface ge1 is getting altered. MAC ACL on GE Port Attach July 28 12:49:22 2011: %CFGD-6-ACL_ATTACHED_ALTERED: USER: root session 3: ACL attached to interface ge1 is getting altered. MAC ACL on GE Port Remove July 28 12:49:24 2011: %CFGD-6-ACL_ATTACHED_ALTERED: USER: root session 3: ACL attached to interface ge1 is getting altered.
25 - 14 WiNG 5.2.6 Wireless Controller CLI Reference Guide 25.1.11 TCP Reset Packets log For any change in the TCP configuration, a TCP reset log is generated. The following example displays the initial TCP packets permitted before the session timedout: July 28 20:31:26 2011: %DATAPLANE-5-LOGRULEHIT: Matched ACL:ftpuser:ip Rule:1 Disposition:Allow Packet Src MAC:<00-19-B9-6B-DA-77> Dst MAC:<00-15-70-81-91-6A> Ethertype:0x0800 Src IP:192.168.1.99 Dst IP:192.168.2.102 Proto:6 Src Port:3318 Dst Port:21.
FIREWALL LOGGING 25 - 15 25.1.12 ICMP Destination log The following example displays an ICMP destination as unreachable when no matching payload is found: July 28 19:57:09 2011: %DATAPLANE-5-ICMPPKTDROP: Dropping ICMP Packet from 192.168.1.104 to 192.168.2.102, with ProtocolNumber:1 ICMP code 3 and ICMP type 3. Reason: no flow matching payload of ICMP Error. July 28 19:57:09 2011: %DATAPLANE-5-ICMPPKTDROP: Dropping ICMP Packet from 192.168.1.104 to 192.168.2.
25 - 16 WiNG 5.2.6 Wireless Controller CLI Reference Guide 25.1.13 ICMP Packet log July 28 20:37:04 2011: %DATAPLANE-5-LOGRULEHIT: Matched ACL:ftpuser:ip Rule:0 Disposition:Drop Packet Src MAC:<00-19-B9-6B-DA-77> Dst MAC:<00-15-70-81-91-6A> Ethertype:0x0800 Src IP:192.168.1.99 Dst IP:192.168.1.1 Proto:1 ICMP Type:8 ICMP Code:0. July 28 20:37:08 2011: %DATAPLANE-5-ICMPPKTDROP: Dropping ICMP Packet from 192.168.2.1 to 172.16.31.196, with Protocol Number:1 ICMP code 3 and ICMP type 3.
FIREWALL LOGGING 25 - 17 25.1.14 SSH connection log A SSH connection is enabled on the wireless controller using factory settings. Running primary software, version 5.2.6.0-048D Alternate software secondary, version 5.0.0.0-81243X Software fallback feature is enabled System bootup time (via /proc/uptime) was 126.10 92.38 Please press Enter to activate this console.
25 - 18 WiNG 5.2.6 Wireless Controller CLI Reference Guide 25.1.15 Allowed/Dropped Packets Log The following example displays disposition information regarding allow/deny packets: Allow Packets CCB:0:Matched ACL:ftpuser:ip Rule:1 Disposition:Allow Packet Src MAC:<00-11-25-14-D9-E2> Dst MAC:<00-15-70-8191-6A> Ethertype:0x0800 Src IP:192.168.2.102 Dst IP:192.168.2.
APPENDIX A CONTROLLER MANAGED WLAN USE CASE This section describes the activities required to configure a wireless controller managed WLAN. Instructions are provided using the wireless controller CLI.
A-2 WiNG 5.2.6 Wireless Controller CLI Reference Guide A.1 Creating a First Controller Managed WLAN It is assumed you have a RFS4000 wireless controller with the latest build available from Motorola Solutions. It is also assumed you have one AP7131 model access point and one AP650 model access point, both with the latest firmware available from Motorola Solutions.
A-3 On the RFS4000 wireless controller, the GE1 interface is connected to an external network. Interfaces GE3 and GE4 are used by the access points. On the external network, the wireless controller is assigned an IP address of 192.168.10.188. The wireless controller acts as a DHCP server for the wireless clients connecting to it, and assigns IP addresses in the range of 172.16.11.11 to 172.16.11.200. The rest of IPs in the range are reserved for devices requiring static IP addresses. A.1.
A-4 WiNG 5.2.6 Wireless Controller CLI Reference Guide A.1.3.2 Creating a RF Domain Using the Command Line Interface to Configure the WLAN A RF Domain is a collection of configuration settings specific to devices located at the same physical deployment, such as a building or a floor. Create a RF Domain and assign the country code where the devices are deployed. This is a mandatory step, and the devices will not function as intended if this step is omitted.
A-5 A.1.3.3 Creating a Wireless Controller Profile Using the Command Line Interface to Configure the WLAN The first step in creating a WLAN is to configure a profile defining the parameters applied to a wireless controller. To create a profile: RFS4000(config)#profile RFS4000 RFS4000_UseCase1 RFS4000(config-profile-RFS4000_UseCase1)# This creates a profile with the name RFS4000_UseCase1 and moves the cursor into its context.
A-6 WiNG 5.2.6 Wireless Controller CLI Reference Guide RFS4000(config-wlan-1)#ssid WLAN_USECASE_01 Enable the SSID to be broadcast so wireless clients can find it and associate. RFS4000(config-wlan-1)#broadcast-ssid Associate the VLAN to the WLAN and exit. RFS4000(config-wlan-1)#vlan 2 RFS4000(config-wlan-1)#exit Commit the Changes Once these changes have been made, they have to be committed before proceeding. RFS4000(config)#commit write A.1.3.
A-7 Commit the changes made to this profile and exit. RFS4000(config-profile-AP650_UseCase1)#commit write RFS4000(config-profile-AP650_UseCase1)#exit RFS4000(config)# Apply this Profile to the Discovered AP650 Access the discovered access point using the following command. The discovered device’s MAC address is used to access its context. RFS4000(config)#AP650 00-A0-F8-00-00-01 RFS4000(config-device-00-A0-F8-00-00-01)# Assign the AP profile to this AP650 access point.
A-8 WiNG 5.2.6 Wireless Controller CLI Reference Guide RFS4000(config-profile-AP7131_UseCase1)#interface radio 1 RFS4000(config-profile-AP7131_UseCase1-if-radio1)#wlan 1 RFS4000(config-profile-AP7131_UseCase1-if-radio1)#exit RFS4000(config-profile-AP7131_UseCase1)#interface radio 2 RFS4000(config-profile-AP7131_UseCase1-if-radio2)#wlan 1 RFS4000(config-profile-AP7131_UseCase1-if-radio2)#exit RFS4000(config-profile-AP7131_UseCase1)# Commit the changes made to the profile and exit this context.
A-9 In the table, the IP address range of 172.16.11.11 to 172.16.11.200 is available using the DHCP server. To configure the DHCP server: RFS4000-37FABE(config-dhcp-policy-DHCP_POLICY_UseCase1)#dhcp-pool DHCP_POOL_USECASE1_01 RFS4000-37FABE(config-dhcp-policy-DHCP_POLICY_UseCase1-poolDHCP_POOL_USECASE1_01)# Configure the address range as follows: RFS4000-37FABE(config-dhcp-policy-DHCP_POLICY_UseCase1-poolDHCP_POOL_USECASE1_01)#address range 172.16.11.11 172.16.11.
A - 10 WiNG 5.2.
APPENDIX B CUSTOMER SUPPORT Motorola Solutions Enterprise Mobility Support Center If you have a problem with your equipment, contact support for your region. Support and issue resolution is provided for products under warranty or that are covered by a service agreement. Contact information and Web self-service is available by visiting http://supportcentral.motorola.
B-2 WiNG 5.2.
Motorola Solutions, Inc. 1301 E. Algonquin Rd. Schaumburg, IL 60196-1078, U.S.A. http://www.motorolasolutions.com MOTOROLA, MOTO, MOTOROLA SOLUTIONS and the Stylized M Logo are trademarks or registered trademarks of Motorola Trademark Holdings, LLC and are used under license. All other trademarks are the property of their respective owners. © 2012 Motorola Solutions, Inc. All Rights Reserved.