Specifications

ManualsBrandsMotorola ManualsSoftwareWiNG 5.2.6

Motorola Solutions

WiNG 5.2.6

CLI REFERENCE GUIDE

Summary of content (1110 pages)

PAGE 1
Motorola Solutions WiNG 5.2.
PAGE 2
PAGE 3
MOTOROLA SOLUTIONS WING 5.2.
PAGE 4
ii WiNG 5.2.6 Wireless Controller CLI Reference Guide No part of this publication may be reproduced or used in any form, or by any electrical or mechanical means, without permission in writing from Motorola Solutions. This includes electronic or mechanical means, such as photocopying, recording, or information storage and retrieval systems. The material in this manual is subject to change without notice. The software is provided strictly on an “as is” basis.
PAGE 5
iii Revision History Changes to the original guide are listed below: Change Revision A Date June 2012 Description Manual updated to the WiNG 5.2.
PAGE 6
iv WiNG 5.2.
PAGE 7
TABLE OF CONTENTS ABOUT THIS GUIDE Chapter 1, INTRODUCTION 1.1 CLI Overview ...........................................................................................................................................................1-2 1.2 Getting Context Sensitive Help ..............................................................................................................................1-6 1.3 Using the No Command .......................................................................................
PAGE 8
vi WiNG 5.2.6 Wireless Controller CLI Reference Guide 2.1.11 exit ............................................................................................................................................................2-29 2.1.12 join-cluster ................................................................................................................................................2-30 2.1.13 logging ...................................................................................................
PAGE 9
Table of Contents vii 3.1.31 pwd ............................................................................................................................................................3-55 3.1.32 reload ........................................................................................................................................................3-56 3.1.33 remote-debug .............................................................................................................................
PAGE 10
viii WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.22.2 dns-whitelist-mode-commands ......................................................................................................4-64 4.1.23 do ..............................................................................................................................................................4-67 4.1.24 end ..............................................................................................................................
PAGE 11
Table of Contents ix 5.1.7 revert ...........................................................................................................................................................5-13 5.1.8 service .........................................................................................................................................................5-14 5.1.9 show .....................................................................................................................................
PAGE 12
x WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.40 running-config ...........................................................................................................................................6-63 6.1.41 session-changes .......................................................................................................................................6-67 6.1.42 session-config ..........................................................................................................
PAGE 13
Table of Contents xi 7.1.21.2 interface config instance .................................................................................................................7-69 7.1.21.3 interface vlan instance ....................................................................................................................7-88 7.1.21.4 interface radio instance ..................................................................................................................7-98 7.1.22 led ..................
PAGE 14
xii WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.2.17 remove-override ......................................................................................................................................7-210 7.2.18 rsa-key .....................................................................................................................................................7-212 7.2.19 sensor-server .....................................................................................................
PAGE 15
Table of Contents xiii 12.1.2 no ...............................................................................................................................................................12-9 12.1.3 permit ......................................................................................................................................................12-15 12.2 mac-access-list ..........................................................................................................................
PAGE 16
xiv WiNG 5.2.6 Wireless Controller CLI Reference Guide Chapter 16, MANAGEMENT-POLICY 16.1 management-policy ............................................................................................................................................16-2 16.1.1 aaa-login ...................................................................................................................................................16-3 16.1.2 banner ..........................................................................
PAGE 17
Table of Contents xv Chapter 19, ROLE-POLICY 19.1 role-policy ..........................................................................................................................................................19-2 19.1.1 default-role ................................................................................................................................................19-3 19.1.2 no ..............................................................................................................
PAGE 18
xvi WiNG 5.2.6 Wireless Controller CLI Reference Guide 22.1.8 voice-prioritization .................................................................................................................................22-14 22.1.9 wmm .......................................................................................................................................................22-15 Chapter 23, INTERFACE-RADIO COMMANDS 23.1 interface-radio Instance ........................................................
PAGE 19
Table of Contents xvii 24.1.3 authorization .............................................................................................................................................24-8 24.1.4 no .............................................................................................................................................................24-10 Chapter 25, FIREWALL LOGGING 25.1 Firewall Log Terminology and Syslog Severity Levels .............................................................
PAGE 20
xviii WiNG 5.2.
PAGE 21
ABOUT THIS GUIDE This manual supports the following Wireless Controllers and connected Access Points: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 This section is organized into the following: • Document Conventions • Notational Conventions
PAGE 22
xx WiNG 5.2.6 Wireless Controller CLI Reference Guide Document Conventions The following conventions are used in this document to draw your attention to important information: NOTE: Indicates tips or special requirements. ! CAUTION: Indicates conditions that can cause equipment damage or data loss. WARNING! Indicates a condition or procedure that could result in personal injury or equipment damage. Switch Note: Indicates caveats unique to a RFS7000, RFS6000, RFS4000, NX9000, or NX9500.
PAGE 23
Getting Started with the Mobile Computer xxi Notational Conventions The following notational conventions are used in this document: • Italics are used to highlight specific items in the general text, and to identify chapters and sections in this and related documents • Bullets (•) indicate: • lists of alternatives • lists of required steps that are not necessarily sequential • action items • Sequential lists (those describing step-by-step procedures) appear as numbered lists Understanding Command Syntax <
PAGE 24
xxii WiNG 5.2.6 Wireless Controller CLI Reference Guide [] Of the different keywords and variables listed inside a ‘[‘ & ‘]’ pair, only one can be used. Each choice in the list is separated with a ‘|’ (pipe) symbol. For example, the command rfs7000-37FABE# clear ...
PAGE 25
Getting Started with the Mobile Computer () Any command/keyword/variable or a combination of them inside a ‘(‘ & ‘)’ pair are recursive. All recursive commands can be listed in any order and can be used once along with the rest of the commands. For example, the command crypto pki export request generate-rsa-key test autogen-subject-name ...
PAGE 26
xxiv WiNG 5.2.6 Wireless Controller CLI Reference Guide Motorola Solutions Enterprise Mobility Support Center If you have a problem with your equipment, contact Motorola Solutions Enterprise Mobility Support for your region. Contact information is available by visiting the URL: http://supportcentral.motorola.
PAGE 27
Getting Started with the Mobile Computer xxv Motorola Solutions End-User Software License Agreement THIS MOTOROLA SOLUTIONS END-USER SOFTWARE LICENSE AGREEMENT (“END-USER LICENSE AGREEMENT”) IS BETWEEN MOTOROLA SOLUTIONS INC. (HEREIN “MOTOROLA SOLUTIONS”) AND END-USER CUSTOMER TO WHOM MOTOROLA SOLUTIONS’ PROPRIETARY SOFTWARE OR MOTOROLA SOLUTIONS PRODUCTS CONTAINING EMBEDDED, PRE-LOADED, OR INSTALLED SOFTWARE (“PRODUCTS”) IS MADE AVAILABLE.
PAGE 28
xxvi WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1 End-User Customer may use the Software only for End-User Customer’s internal business purposes and only in accordance with the Documentation. Any other use of the Software is strictly prohibited and will be deemed a breach of this End-User License Agreement.
PAGE 29
Getting Started with the Mobile Computer xxvii 7.1 No maintenance or support is provided under this End-User License Agreement. Maintenance or support, if available, will be provided under a separate Motorola Solutions Software maintenance and support agreement. 8. LIMITED WARRANTY AND LIMITATION OF LIABILITY 8.
PAGE 30
xxviii WiNG 5.2.6 Wireless Controller CLI Reference Guide not include a Restricted Rights notice, or other notice referring to this End-User License Agreement. The provisions of this End-User License Agreement will continue to apply, but only to the extent that they are consistent with the rights provided to the End-User Customer under the provisions of the FAR and DFARS mentioned above, as applicable to the particular procuring agency and procurement transaction. 11. GENERAL 11.1 Copyright Notices.
PAGE 31
CHAPTER 1 INTRODUCTION This chapter describes the commands available using the wireless controller Command Line Interface (CLI). CLI is available for wireless controllers as well as access points (APs). Access the CLI by using: • A terminal emulation program running on a computer connected to the serial port on the wireless controller. The serial port is located on the front of the wireless controller. • A Telnet session through Secure Shell (SSH) over a network.
PAGE 32
1-2 WiNG 5.2.6 Wireless Controller CLI Reference Guide Examples in this reference guide Examples used in this reference guide are generic to the each supported wireless controller model and AP. Commands that are not common, are identified using the notation “Supported in the following platforms.” For an example, see below: Supported in the following platforms: • Wireless Controller — RFS6000 The above example indicates the command is only available for a RFS6000 model wireless controller. 1.
PAGE 33
INTRODUCTION 1-3 Command Modes A session generally begins in the USER EXEC mode (one of the two access levels of the EXEC mode). For security, only a limited subset of EXEC commands are available in the USER EXEC mode. This level is reserved for tasks that do not change the wireless controller configuration. rfs7000-37FABE> The system prompt signifies the device name and the last three bytes of the device MAC address.
PAGE 34
1-4 WiNG 5.2.6 Wireless Controller CLI Reference Guide Table 1.
PAGE 35
INTRODUCTION Table 1.
PAGE 36
1-6 WiNG 5.2.6 Wireless Controller CLI Reference Guide 1.2 Getting Context Sensitive Help Enter a question mark (?) at the system prompt to display a list of commands available for each mode. Obtain a list of arguments and keywords for any command using the CLI context-sensitive help.
PAGE 37
INTRODUCTION 1-7 Enter a question mark (?) (in place of a keyword or argument) to list keywords or arguments. Include a space before the “?”. This form of help is called command syntax help. It shows the keywords or arguments available based on the command/keyword and argument already entered.
PAGE 38
1-8 WiNG 5.2.6 Wireless Controller CLI Reference Guide 1.4 Using CLI Editing Features and Shortcuts A variety of shortcuts and edit features are available. The following describe these features: • Moving the Cursor on the Command Line • Completing a Partial Command Name • Command Output pagination 1.4.1 Moving the Cursor on the Command Line Table 1.2 on page 1-8 Shows the key combinations or sequences to move the command line cursor.
PAGE 39
INTRODUCTION 1-9 Table 1.2 Keystrokes Details Keystrokes Function Summary Function Details Ctrl-T Transposes the character to the left of the cursor with the character located at the cursor Ctrl-L Clears the screen 1.4.2 Completing a Partial Command Name If you cannot remember a command name (or if you want to reduce the amount of typing you have to perform), enter the first few letters of a command, then press the Tab key.
PAGE 40
1 - 10 WiNG 5.2.6 Wireless Controller CLI Reference Guide 1.4.4 Creating Profiles Profiles are sort of a ‘template’ representation of configuration.
PAGE 41
INTRODUCTION 1 - 11 1.4.6 Remote Administration A terminal server may function in remote administration mode if either the terminal services role is not installed on the machine or the client used to invoke the session has enabled the admin wireless controller. • A terminal emulation program running on a computer connected to the serial port on the wireless controller. The serial port is located on the front of the wireless controller. • A Telnet session through a Secure Shell (SSH) over a network.
PAGE 42
1 - 12 WiNG 5.2.6 Wireless Controller CLI Reference Guide snmp-server community 0 private rw snmp-server user snmptrap v3 encrypted des auth md5 0 motorola snmp-server user snmpoperator v3 encrypted des auth md5 0 operator snmp-server user snmpmanager v3 encrypted des auth md5 0 motorola rfs6000-380649(config-management-policy-default)# 2. Logon to the Telnet console and provide the user details configured in the previous step to access the wireless controller. RFS7000 release 5.2.6.
PAGE 43
CHAPTER 2 USER EXEC MODE COMMANDS Logging in to the wireless controller places you within the USER EXEC command mode. Typically, a login requires a user name and password. You have three login attempts before the connection attempt is refused. USER EXEC commands (available at the user level) are a subset of the commands available at the privileged level. In general, USER EXEC commands allow you to connect to remote devices, perform basic tests and list system information.
PAGE 44
2-2 WiNG 5.2.6 Wireless Controller CLI Reference Guide 2.1 User Exec Mode Commands Table 2.1 summarizes User Exec Mode commands. Table 2.
PAGE 45
USER EXEC MODE COMMANDS 2-3 Table 2.
PAGE 46
2-4 WiNG 5.2.6 Wireless Controller CLI Reference Guide 2.1.1 ap-upgrade user exec mode commands Enables an automatic firmware upgrade on an adopted AP or a set of APs. APs of the same type can be upgraded together. Once APs have been upgraded, they can be forced to reboot. This command also loads the firmware on to the wireless controller. The AP upgrade command also upgrades APs in a specified RF Domain.
PAGE 47
USER EXEC MODE COMMANDS upgrade-time {no-reboot| reboot-time } 2-5 Optional. Schedules an automatic firmware upgrade • – Specify the upgrade time in the MM/DD/YYYY-HH:MM or HH:MM format. After a scheduled upgrade, these actions can be performed. • no-reboot – Disables automatic reboot after a successful upgrade (the wireless controller must be manually restarted) • reboot-time – Optional. Schedules an automatic reboot after a successful upgrade.
PAGE 48
2-6 WiNG 5.2.
PAGE 49
USER EXEC MODE COMMANDS 2-7 [all|ap621|ap622|ap650| ap6511|ap6521|ap6532| ap71xx|ap81xx] After specifying the RF Domain, select the AP type.
PAGE 50
2-8 WiNG 5.2.6 Wireless Controller CLI Reference Guide 2.1.2 change-passwd user exec mode commands Changes the password of a logged user. When this command is executed without any parameters, the password can be changed interactively.
PAGE 51
USER EXEC MODE COMMANDS 2-9 2.1.3 clear user exec mode commands Clears parameters, cache entries, table entries, and other similar entries. The clear command is available for specific commands only. The information cleared using this command varies depending on the mode where the clear command is executed.
PAGE 52
2 - 10 WiNG 5.2.
PAGE 53
USER EXEC MODE COMMANDS 2 - 11 interface [| ge <1-4>|me1| port-channel <1-2>| vlan <1-4094>] Optional. Clears spanning tree protocols on different interfaces • – Clears information on a specified interface. Specify the interface name. • ge <1-4> – Clears GigabitEthernet interface information. Select the GigabitEthernet interface index from 1 - 4.
PAGE 54
2 - 12 WiNG 5.2.6 Wireless Controller CLI Reference Guide 2.1.
PAGE 55
USER EXEC MODE COMMANDS 2 - 13 2.1.5 cluster user exec mode commands Initiates cluster context. The cluster context provides centralized management to configure all cluster members from any one member. Commands executed under this context are executed on all members of the cluster.
PAGE 56
2 - 14 WiNG 5.2.6 Wireless Controller CLI Reference Guide 2.1.
PAGE 57
USER EXEC MODE COMMANDS 2 - 15 2.1.
PAGE 58
2 - 16 WiNG 5.2.6 Wireless Controller CLI Reference Guide 2.1.8 crypto user exec mode commands Enables RSA Keypair management. Use this command to generate, delete, export, or import an RSA Keypair. It encrypts the RSA Keypair before an export operation. This command also enables Public Key Infrastructure (PKI) management.
PAGE 59
USER EXEC MODE COMMANDS 2 - 17 crypto pki import [certificate|crl|trustpoint] crypto pki import [certificate|crl] {background {on }|on }] crypto pki import trustpoint {background {on }|on |passphrase {background {on }|on } crypto pki zeroise trustpoint {del-key {on }| on } Parameters • crypto key export rsa
PAGE 60
2 - 18 WiNG 5.2.6 Wireless Controller CLI Reference Guide • crypto key export rsa {passphrase } {background {on }|on } key Enables RSA Keypair management. Use this command to export, import, generate, or delete a RSA key. export rsa Exports a RSA Keypair to a specified destination • – Specify the RSA Keypair name.
PAGE 61
USER EXEC MODE COMMANDS 2 - 19 {on } Specify the RSA Keypair source address in the following format: tftp://[:port]/path/file ftp://:@[:port]/path/file sftp://@[:port]>/path/file http://[:port]/path/file cf:/path/file usb:/path/file • on – Optional. Performs the import operation on a specified device • – Specify the name of the AP or wireless controller.
PAGE 62
2 - 20 WiNG 5.2.6 Wireless Controller CLI Reference Guide {passphrase} Specify the RSA Keypair source address in the following format: tftp://[:port]/path/file ftp://:@[:port]/path/file sftp://@[:port]>/path/file http://[:port]/path/file cf:/path/file usb:/path/file • passphrase – Optional.
PAGE 63
USER EXEC MODE COMMANDS 2 - 21 • crypto pki request [generate-rsa-key|use-rsa-key] autogen-subject-name [|email |fqdn | ip-address ] pki Enables PKI management. Use this command to authenticate, export, generate, or delete a trustpoint and its associated CA certificates. request Sends a Certificate Signing Request (CSR) to the CA for digital identity certificate. The CSR contains the applicant’s details and the RSA Keypair’s public key.
PAGE 64
2 - 22 WiNG 5.2.6 Wireless Controller CLI Reference Guide [generate-rsa-key| use-rsa-key] Generates a new RSA Keypair or uses an existing RSA Keypair • generate-rsa-key – Generates a new RSA Keypair for digital authentication • use-rsa-key – Uses an existing RSA Keypair for digital authentication • – If generating a new RSA Keypair, specify a name for it. If using an existing RSA Keypair, specify its name.
PAGE 65
USER EXEC MODE COMMANDS 2 - 23 Specify the destination address in the following format: tftp://[:port]/path/file ftp://:@[:port]/path/file sftp://@[:port]>/path/file http://[:port]/path/file cf:/path/file usb:/path/file background {on } Optional. Performs the export operation in the background • on – Optional.
PAGE 66
2 - 24 WiNG 5.2.6 Wireless Controller CLI Reference Guide ip-address Exports CSR to a specified device or system • – Specify the IP address of the CA. on Exports the CSR on a specified device • – Specify the name of the AP or wireless controller.
PAGE 67
USER EXEC MODE COMMANDS 2 - 25 [certificate|crl] Imports a signed server certificate or CRL • certificate – Imports signed server certificate • crl – Imports CRL • – Specify the trustpoint name (should be authenticated).
PAGE 68
2 - 26 WiNG 5.2.6 Wireless Controller CLI Reference Guide passphrase {background {on }| on } Optional. Encrypts the trustpoint with a passphrase before importing it • – Specify a passphrase. • background – Optional. Imports the encrypted trustpoint in the background • on – Optional. Imports the encrypted trustpoint on a specified device • – Specify the name of the AP or wireless controller.
PAGE 69
USER EXEC MODE COMMANDS 2 - 27 2.1.9 disable user exec mode commands Turns off (disables) the privileged mode command set. This command returns to the User Executable mode.
PAGE 70
2 - 28 WiNG 5.2.6 Wireless Controller CLI Reference Guide 2.1.10 enable user exec mode commands Turns on (enables) the privileged mode command set. This command does not do anything in the Privilege Executable mode.
PAGE 71
USER EXEC MODE COMMANDS 2 - 29 2.1.
PAGE 72
2 - 30 WiNG 5.2.6 Wireless Controller CLI Reference Guide 2.1.12 join-cluster user exec mode commands Adds a wireless controller, as a member, to an existing cluster of devices. Use this command to add a wireless controller to an existing cluster. Before a wireless controller can be added to a cluster, a static address must be assigned to it.
PAGE 73
USER EXEC MODE COMMANDS 2 - 31 2.1.
PAGE 74
2 - 32 WiNG 5.2.6 Wireless Controller CLI Reference Guide 2.1.
PAGE 75
USER EXEC MODE COMMANDS 2 - 33 Examples rfs7000-37FABE>mint ping 70.37.FA.BF count 20 size 128 MiNT ping 70.37.FA.BF with 128 bytes of data. Response from 70.37.FA.BF: id=1 time=0.292 ms Response from 70.37.FA.BF: id=2 time=0.206 ms Response from 70.37.FA.BF: id=3 time=0.184 ms Response from 70.37.FA.BF: id=4 time=0.160 ms Response from 70.37.FA.BF: id=5 time=0.138 ms Response from 70.37.FA.BF: id=6 time=0.161 ms Response from 70.37.FA.BF: id=7 time=0.174 ms Response from 70.37.FA.BF: id=8 time=0.
PAGE 76
2 - 34 WiNG 5.2.6 Wireless Controller CLI Reference Guide 2.1.15 no user exec mode commands Use the no command to revert a command or to set parameters to their default. This command is useful to turn off an enabled feature or set default values for a parameter. NOTE: The commands have their own set of parameters that can be reset.
PAGE 77
USER EXEC MODE COMMANDS 2 - 35 on Optional. Disconnects clients on a specified device or RF Domain • – Specify the name of the AP, wireless controller, or RF Domain.
PAGE 78
2 - 36 WiNG 5.2.
PAGE 79
USER EXEC MODE COMMANDS 2 - 37 2.1.16 page user exec mode commands Toggles wireless controller paging. Enabling this command displays the CLI command output page by page, instead of running the entire output at once.
PAGE 80
2 - 38 WiNG 5.2.6 Wireless Controller CLI Reference Guide 2.1.17 ping user exec mode commands Sends Internet Controller Message Protocol (ICMP) echo messages to a user-specified location Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax ping Parameters • ping Optional.
PAGE 81
USER EXEC MODE COMMANDS 2 - 39 2.1.18 ssh user exec mode commands Opens a Secure Shell (SSH) connection between two network devices Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax ssh Parameters • ssh Specify the IP address or hostname of the remote system.
PAGE 82
2 - 40 WiNG 5.2.6 Wireless Controller CLI Reference Guide 2.1.
PAGE 83
USER EXEC MODE COMMANDS 2 - 41 2.1.
PAGE 84
2 - 42 WiNG 5.2.6 Wireless Controller CLI Reference Guide 2.1.
PAGE 85
USER EXEC MODE COMMANDS 2 - 43 2.1.
PAGE 86
2 - 44 WiNG 5.2.6 Wireless Controller CLI Reference Guide 2.1.
PAGE 87
CHAPTER 3 PRIVILEGED EXEC MODE COMMANDS Most PRIV EXEC commands set operating parameters. Privileged-level access should be password protected to prevent unauthorized use. The PRIV EXEC command set includes commands contained within the USER EXEC mode. The PRIV EXEC mode also provides access to configuration modes, and includes advanced testing commands. The PRIV EXEC mode prompt consists of the hostname of the device followed by a pound sign (#).
PAGE 88
3-2 WiNG 5.2.
PAGE 89
PRIVILEGED EXEC MODE COMMANDS 3-3 3.1 Privileged Exec Mode Commands Table 3.1 summarizes the PRIV EXEC Mode configuration commands. Table 3.
PAGE 90
3-4 WiNG 5.2.6 Wireless Controller CLI Reference Guide Table 3.
PAGE 91
PRIVILEGED EXEC MODE COMMANDS 3-5 3.1.1 ap-upgrade privileged exec config mode commands Enables an automatic firmware upgrade on an adopted AP or a set of APs. APs of the same type can be upgraded together. Once APs have been upgraded, they can be forced to reboot. This command also loads the firmware on to the wireless controller. The AP upgrade command also upgrades APs in a specified RF Domain.
PAGE 92
3-6 WiNG 5.2.6 Wireless Controller CLI Reference Guide upgrade-time {no-reboot| reboot-time } Optional. Schedules an automatic firmware upgrade • – Specify the upgrade time in the MM/DD/YYYY-HH:MM or HH:MM format. After a scheduled upgrade, these actions can be performed. • no-reboot – Disables automatic reboot after a successful upgrade (the wireless controller must be manually restarted) • reboot-time – Optional. Schedules an automatic reboot after a successful upgrade.
PAGE 93
PRIVILEGED EXEC MODE COMMANDS 3-7 • ap-upgrade cancel-upgrade [ap621|ap622|ap650|ap651|ap6521|ap6532|ap71XX|ap81XX]all cancel-upgrade [ap621|ap622|ap650| ap6511|ap6521| ap6532|ap71XX| ap81XX] all Cancels scheduled firmware upgrade on all adopted APs • AP621 all – Cancels scheduled upgrade on all AP621s • AP622 all – Cancels scheduled upgrade on all AP622s • AP650 all – Cancels scheduled upgrade on all AP650s • AP6511 all – Cancels scheduled upgrade on all AP6511s • AP6521 all – Cancels scheduled upgrade
PAGE 94
3-8 WiNG 5.2.6 Wireless Controller CLI Reference Guide [all|ap621|ap622|ap650| ap6511|ap6521|ap6532| ap71XX|ap81XX] After specifying the RF Domain, select the AP type.
PAGE 95
PRIVILEGED EXEC MODE COMMANDS 3-9 3.1.
PAGE 96
3 - 10 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.
PAGE 97
PRIVILEGED EXEC MODE COMMANDS 3 - 11 3.1.4 cd privileged exec config mode commands Changes the current directory Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax cd {
} Parameters • cd {} Optional. Changes the current directory to DIR. If a directory name is not provided, the system displays the current directory name.
PAGE 98
3 - 12 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.5 change-passwd privileged exec config mode commands Changes the password of a logged user. When this command is executed without any parameters, the password can be changed interactively.
PAGE 99
PRIVILEGED EXEC MODE COMMANDS 3 - 13 3.1.6 clear privileged exec config mode commands Clears parameters, cache entries, table entries, and other entries. The clear command is available for specific commands only. The information cleared using this command varies depending on the mode where the clear command is executed.
PAGE 100
3 - 14 WiNG 5.2.6 Wireless Controller CLI Reference Guide neighbors Clears CDP or LLDP neighbor table entries based on the option selected in the preceding step on Optional. Clears CDP or LLDP neighbor table entries on a specified device • – Specify the name of the AP or wireless controller.
PAGE 101
PRIVILEGED EXEC MODE COMMANDS 3 - 15 Clears DHCP address binding entries on a specified DHCP server. Specify the DHCP server IP address.
PAGE 102
3 - 16 WiNG 5.2.6 Wireless Controller CLI Reference Guide on The following parameters are common to all interfaces: • on – Specify the name of the AP or wireless controller. Examples rfs7000-37FABE>clear crypto isakmp sa 111.222.333.
PAGE 103
PRIVILEGED EXEC MODE COMMANDS 3 - 17 3.1.
PAGE 104
3 - 18 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.8 cluster privileged exec config mode commands Initiates the cluster context. The cluster context provides centralized management to configure all cluster members from any one member. Commands executed under this context are executed on all members of the cluster.
PAGE 105
PRIVILEGED EXEC MODE COMMANDS 3 - 19 3.1.9 configure privileged exec config mode commands Enters the configuration mode. Use this command to enter the current device’s configuration mode, or enable configuration from the terminal.
PAGE 106
3 - 20 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.
PAGE 107
PRIVILEGED EXEC MODE COMMANDS 3 - 21 3.1.11 copy privileged exec config mode commands Copies a file (config,log,txt...etc) from any location to the wireless controller and vice-versa NOTE: Copying a new config file onto an existing running-config file merges it with the existing running-config on the wireless controller. Both the existing running-config and the new config file are applied as the current running-config.
PAGE 108
3 - 22 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.
PAGE 109
PRIVILEGED EXEC MODE COMMANDS 3 - 23 3.1.13 crypto privileged exec config mode commands Enables RSA Keypair management. Use this command to generate, delete, export, or import a RSA Keypair. It encrypts the RSA Keypair before an export operation. This command also enables Public Key Infrastructure (PKI) management.
PAGE 110
3 - 24 WiNG 5.2.
PAGE 111
PRIVILEGED EXEC MODE COMMANDS 3 - 25 • crypto key export rsa {passphrase } {background {on }|on } key Enables RSA Keypair management. Use this command to export, import, generate, or delete a RSA key. export rsa Exports a RSA Keypair to a specified destination • – Specify the RSA Keypair name.
PAGE 112
3 - 26 WiNG 5.2.6 Wireless Controller CLI Reference Guide • crypto key import rsa {background} {on } key Enables RSA Keypair management. Use this command to export, import, generate, or delete a RSA key. import rsa Imports a RSA Keypair from a specified source • – Specify the RSA Keypair name.
PAGE 113
PRIVILEGED EXEC MODE COMMANDS 3 - 27 zeroise rsa Deletes a specified RSA Keypair • – Specify the RSA Keypair name. force {on } Optional. Forces deletion of all certificates associated with the RSA Keypair • on – Optional. Forces deletion of all certificates on a specified device • – Specify the name of the AP or wireless controller.
PAGE 114
3 - 28 WiNG 5.2.6 Wireless Controller CLI Reference Guide {background {on } Specify the CSR destination address in the following format: tftp://[:port]/path/file ftp://:@[:port]/path/file sftp://@[:port]>/path/file http://[:port]/path/file cf:/path/file usb:/path/file • background – Optional. Performs the export operation in the background • on – Optional.
PAGE 115
PRIVILEGED EXEC MODE COMMANDS 3 - 29 {background {on } Specify the CSR destination address in the following format: tftp://[:port]/path/file ftp://:@[:port]/path/file sftp://@[:port]>/path/file http://[:port]/path/file cf:/path/file usb:/path/file • background – Optional. Performs the export operation in the background • on – Optional.
PAGE 116
3 - 30 WiNG 5.2.6 Wireless Controller CLI Reference Guide passphrase {background {on }| on Optional. Encrypts key with a passphrase before exporting it • – Specify the passphrase. • background – Optional. Performs the export operation in the background • on – Optional. Performs the export operation on a specified device • – Specify the name of the AP or wireless controller.
PAGE 117
PRIVILEGED EXEC MODE COMMANDS 3 - 31 [generate-rsa-key| use-rsa-key] Generates a new RSA Keypair, or uses an existing RSA Keypair • generate-rsa-key – Generates a new RSA Keypair for digital authentication • use-rsa-key – Uses an existing RSA Keypair for digital authentication • – If generating a new RSA Keypair, specify a name for it. If using an existing RSA Keypair, specify its name. subject-name Enter a subject name to identify the certificate.
PAGE 118
3 - 32 WiNG 5.2.6 Wireless Controller CLI Reference Guide background {on } Optional. Performs the import operation in the background • on – Optional. Performs the import operation on a specified device • – Specify the name of the AP or wireless controller. on Optional. Performs the import operation on a specified device • – Enter the name of the AP or wireless controller.
PAGE 119
PRIVILEGED EXEC MODE COMMANDS 3 - 33 on Optional. Deletes trustpoint on a specified device • – Specify the name of the AP or wireless controller.
PAGE 120
3 - 34 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.
PAGE 121
PRIVILEGED EXEC MODE COMMANDS 3 - 35 3.1.15 disable privileged exec config mode commands Turns off (disables) the privileged mode command set. This command returns to the User Executable mode.
PAGE 122
3 - 36 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.
PAGE 123
PRIVILEGED EXEC MODE COMMANDS 3 - 37 3.1.17 dir privileged exec config mode commands Lists files on a device’s file system Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax dir {/all|/recursive|
|all-filesystems} Parameters • dir {/all|/recursive||all-filesystems} /all Optional. Lists all files /recursive Optional.
PAGE 124
3 - 38 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.18 edit privileged exec config mode commands Edits a text file on the device’s file system Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax edit Parameters • edit Specify the name of the file to modify. Examples rfs7000-37FABE#edit startup-config GNU nano 1.2.
PAGE 125
PRIVILEGED EXEC MODE COMMANDS 3 - 39 3.1.19 enable privileged exec config mode commands Turns on (enables) the privileged mode command set. This command does not do anything in the Privilege Executable mode.
PAGE 126
3 - 40 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.
PAGE 127
PRIVILEGED EXEC MODE COMMANDS 3 - 41 3.1.21 exit privileged exec config mode commands Ends the current CLI session and closes the session window For more information, see exit.
PAGE 128
3 - 42 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.22 halt privileged exec config mode commands Stops (halts) a device or a wireless controller. Once halted, the system must be restarted manually. This command stops the device immediately. No indications or notifications are provided while the device shuts down.
PAGE 129
PRIVILEGED EXEC MODE COMMANDS 3 - 43 3.1.23 join-cluster privileged exec config mode commands Adds a wireless controller to an existing cluster of devices. Use this command to add a new wireless controller to an existing cluster. Before a wireless controller can be added to a cluster, a static address must be assigned to it.
PAGE 130
3 - 44 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.
PAGE 131
PRIVILEGED EXEC MODE COMMANDS 3 - 45 3.1.25 mkdir privileged exec config mode commands Creates a new directory in the file system Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax mkdir
Parameters • mkdir Specify a directory name. Examples rfs7000-37FABE#dir Directory of flash:/.
PAGE 132
3 - 46 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.
PAGE 133
PRIVILEGED EXEC MODE COMMANDS 3 - 47 Examples rfs7000-37FABE#mint ping 70.37.FA.BF count 20 size 128 MiNT ping 70.37.FA.BF with 128 bytes of data. Response from 70.37.FA.BF: id=1 time=0.292 ms Response from 70.37.FA.BF: id=2 time=0.206 ms Response from 70.37.FA.BF: id=3 time=0.184 ms Response from 70.37.FA.BF: id=4 time=0.160 ms Response from 70.37.FA.BF: id=5 time=0.138 ms Response from 70.37.FA.BF: id=6 time=0.161 ms Response from 70.37.FA.BF: id=7 time=0.174 ms Response from 70.37.FA.BF: id=8 time=0.
PAGE 134
3 - 48 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.27 more privileged exec config mode commands Displays contents of a file on the device’s file system. This command navigates and displays specific files in the device’s file system. To do so, provide the complete path to the file. The more command also displays the startup configuration file.
PAGE 135
PRIVILEGED EXEC MODE COMMANDS 3 - 49 3.1.28 no privileged exec config mode commands Use the no command to revert a command or set parameters to their default. This command is useful to turn off an enabled feature or set defaults for a parameter. The no commands have their own set of parameters that can be reset.
PAGE 136
3 - 50 WiNG 5.2.6 Wireless Controller CLI Reference Guide Disconnects a specified client • – Specify the MAC address of the client. on Optional. Disconnects captive portal clients or a specified client on a specified device or RF Domain • – Specify the name of the AP, wireless controller, or RF Domain.
PAGE 137
PRIVILEGED EXEC MODE COMMANDS 3 - 51 • no service mint silence no service mint silence Disables LEDs on AP300s or a specified device in the WLAN. It also resets the CLI table expand and MiNT protocol configurations. • mint – Resets MiNT protocol configurations.
PAGE 138
3 - 52 WiNG 5.2.
PAGE 139
PRIVILEGED EXEC MODE COMMANDS 3 - 53 3.1.29 page privileged exec config mode commands Toggles wireless controller paging. Enabling this command displays the CLI command output page by page, instead of running the entire output at once.
PAGE 140
3 - 54 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.30 ping privileged exec config mode commands Sends Internet Controller Message Protocol (ICMP) echo messages to a user-specified location Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax ping Parameters • ping Optional. Specify the destination IP address to ping.
PAGE 141
PRIVILEGED EXEC MODE COMMANDS 3 - 55 3.1.31 pwd privileged exec config mode commands Displays the full path of the present working directory, similar to the UNIX pwd command Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax pwd Parameters None Examples rfs7000-37FABE#pwd flash:/ rfs7000-37FABE#dir Directory of flash:/.
PAGE 142
3 - 56 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.
PAGE 143
PRIVILEGED EXEC MODE COMMANDS 3 - 57 3.1.
PAGE 144
3 - 58 WiNG 5.2.6 Wireless Controller CLI Reference Guide rf-domain Specifies the RF Domain name write Captures the specified Smart RF report to a file.
PAGE 145
PRIVILEGED EXEC MODE COMMANDS 3 - 59 3.1.34 rename privileged exec config mode commands Renames a file in the devices’ file system Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax rename Parameters • rename Specify the file to rename.
PAGE 146
3 - 60 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.
PAGE 147
PRIVILEGED EXEC MODE COMMANDS 3 - 61 3.1.36 self privileged exec config mode commands Displays the logged device’s configuration context Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax self Parameters None Examples rfs7000-37FABE#self Enter configuration commands, one per line. End with CNTL/Z.
PAGE 148
3 - 62 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.
PAGE 149
PRIVILEGED EXEC MODE COMMANDS 3 - 63 3.1.38 telnet privileged exec config mode commands Opens a Telnet session between two network devices Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax telnet {} Parameters • telnet {} Configures the remote system’s IP address or hostname.
PAGE 150
3 - 64 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.
PAGE 151
PRIVILEGED EXEC MODE COMMANDS 3 - 65 3.1.
PAGE 152
3 - 66 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.
PAGE 153
PRIVILEGED EXEC MODE COMMANDS 3 - 67 3.1.
PAGE 154
3 - 68 WiNG 5.2.6 Wireless Controller CLI Reference Guide 3.1.
PAGE 155
PRIVILEGED EXEC MODE COMMANDS 3 - 69 3.1.
PAGE 156
3 - 70 WiNG 5.2.
PAGE 157
CHAPTER 4 GLOBAL CONFIGURATION COMMANDS This chapter summarizes the global-configuration commands in the CLI command structure. The term global indicates characteristics or features effecting the system as a whole. Use the Global Configuration Mode to configure the system globally, or enter specific configuration modes to configure specific elements (such as interfaces or protocols). Use the configure terminal command (under PRIV EXEC) to enter the global configuration mode.
PAGE 158
4-2 WiNG 5.2.
PAGE 159
GLOBAL CONFIGURATION COMMANDS 4-3 4.1 Global Configuration Commands Table 4.1 summarizes Global Configuration Mode commands. Table 4.
PAGE 160
4-4 WiNG 5.2.6 Wireless Controller CLI Reference Guide Table 4.
PAGE 161
GLOBAL CONFIGURATION COMMANDS 4-5 Table 4.
PAGE 162
4-6 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.1 aaa-policy global config mode commands Configures an Authentication, Accounting, and Authorization (AAA) policy. This policy configures multiple servers for authentication and authorization. Up to six servers can be configured for providing AAA services.
PAGE 163
GLOBAL CONFIGURATION COMMANDS 4-7 4.1.2 aaa-tacacs-policy global config mode commands Configures an AAA Terminal Access Controller Access-Control System (TACACS) policy. This policy configures multiple servers for authentication and authorization. TACACS Authentication server should be configured when server preference is authenticated server.
PAGE 164
4-8 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.3 advanced-wips-policy global config mode commands Configures advanced WIPS policy parameters. The Wireless Intrusion Prevention System (WIPS) prevents unauthorized access to a managed network.
PAGE 165
GLOBAL CONFIGURATION COMMANDS 4-9 4.1.4 ap300 global config mode commands Adds a AP300 access point to the wireless controller managed network. If a profile for the AP is not available, a new profile is created. Supported in the following platforms: • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax ap300 {} Parameters • ap300 {} Optional. Specify the MAC address of the AP300.
PAGE 166
4 - 10 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.5 ap621 global config mode commands Adds a AP621 access point to the wireless controller managed network. If a profile for the AP is not available, a new profile is created. Supported in the following platforms: • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax ap621 Parameters • ap621 Specify the MAC address of the AP621.
PAGE 167
GLOBAL CONFIGURATION COMMANDS 4 - 11 4.1.6 ap622 global config mode commands Adds a AP622 access point to the wireless controller managed network. If a profile for the AP is not available, a new profile is created. Supported in the following platforms: • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax ap622 Parameters • ap622 Specify the MAC address of the AP622.
PAGE 168
4 - 12 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.7 ap650 global config mode commands Adds a AP650 access point to the wireless controller managed network. If a profile for the AP is not available, a new profile is created. Supported in the following platforms: • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax ap650 Parameters • ap650 Specify the MAC address of the AP650.
PAGE 169
GLOBAL CONFIGURATION COMMANDS 4 - 13 4.1.8 ap6511 global config mode commands Adds a AP6511 access point to the wireless controller network. If a profile for the AP is not available, a new profile is created. Supported in the following platforms: • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax ap6511 Parameters • ap6511 Specify the MAC address of the AP6511.
PAGE 170
4 - 14 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.9 ap6521 global config mode commands Adds a AP6521 access point to the wireless controller network. If a profile for the AP is not available, a new profile is created. Supported in the following platforms: • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax ap6521 Parameters • ap6521 Specify the MAC address of the AP6521.
PAGE 171
GLOBAL CONFIGURATION COMMANDS 4 - 15 4.1.10 ap6532 global config mode commands Adds a AP6532 access point to the wireless controller network. If a profile for the AP is not available, a new profile is created. Supported in the following platforms: • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax ap6532 Parameters • ap6532 Specify the MAC address of the AP6532.
PAGE 172
4 - 16 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.11 ap71xx global config mode commands Adds a AP71XX series access point to the wireless controller network. If a profile for the AP is not available, a new profile is created. Supported in the following platforms: • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax ap71xx Parameters • ap71xx Specify the MAC address of the AP71XX.
PAGE 173
GLOBAL CONFIGURATION COMMANDS 4 - 17 4.1.12 ap81xx global config mode commands Adds a AP81XX (AP8132) access point to the wireless controller network. If a profile for the AP is not available, a new profile is created. Supported in the following platforms: • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax ap81xx Parameters • ap81xx Specify the MAC address of the AP81XX.
PAGE 174
4 - 18 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.13 association-acl-policy global config mode commands Configures an association ACL policy. This policy configures a list of devices allowed or denied access to the wireless controller managed network.
PAGE 175
GLOBAL CONFIGURATION COMMANDS 4 - 19 4.1.14 auto-provisioning-policy global config mode commands Configures an auto provisioning policy. This policy is used to configure the automatic provisioning of device adoption. The policy configures how an AP is adopted based on its type.
PAGE 176
4 - 20 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.15 captive portal global config mode commands The captive portal mode configures a hotspot. Table 4.2 lists captive portal configuration mode commands. Table 4.
PAGE 177
GLOBAL CONFIGURATION COMMANDS 4 - 21 4.1.15.1 captive-portal captive portal Configures a captive portal. A captive portal is a hotspot type guest WLAN where users access wireless controller resources. For more information see, captive-portal-mode-commands.
PAGE 178
4 - 22 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.15.2 captive-portal-mode-commands captive portal Table 4.3 summarizes captive portal configuration mode commands. Table 4.3 captive-portal mode commands Command Description Reference access-time Defines a client’s access time.
PAGE 179
GLOBAL CONFIGURATION COMMANDS 4 - 23 4.1.15.2.1 access-time captive-portal-mode-commands Defines the permitted access time for a client. It is used when no session time is defined in the RADIUS response.
PAGE 180
4 - 24 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.15.2.
PAGE 181
GLOBAL CONFIGURATION COMMANDS 4 - 25 4.1.15.2.
PAGE 182
4 - 26 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.15.2.4 connection-mode captive-portal-mode-commands Configures a captive portal’s connection mode. HTTP uses plain unsecured connection for user requests. HTTPS uses encrypted connection to support user requests.
PAGE 183
GLOBAL CONFIGURATION COMMANDS 4 - 27 4.1.15.2.
PAGE 184
4 - 28 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.15.2.6 inactivity-timeout captive-portal-mode-commands Defines an inactivity timeout in seconds. If a frame is not received from a client for the specified time interval, the current session is terminated.
PAGE 185
GLOBAL CONFIGURATION COMMANDS 4 - 29 4.1.15.2.7 no captive-portal-mode-commands The no command disables captive portal mode commands or resets parameters to their default.
PAGE 186
4 - 30 WiNG 5.2.
PAGE 187
GLOBAL CONFIGURATION COMMANDS 4 - 31 welcome Resets the welcome page description Resets the description part of each Web page. This is the area where information about the captive portal and user state is displayed to the user. footer Resets the footer portion of each Web page.
PAGE 188
4 - 32 WiNG 5.2.
PAGE 189
GLOBAL CONFIGURATION COMMANDS 4 - 33 4.1.15.2.
PAGE 190
4 - 34 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.15.2.
PAGE 191
GLOBAL CONFIGURATION COMMANDS 4 - 35 4.1.15.2.
PAGE 192
4 - 36 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.15.2.11 use captive-portal-mode-commands Configures a AAA policy and DNS whitelist with this captive portal policy. AAA policies are used to configure servers for this captive portal. DNS whitelists provide a method to restrict users to a set of configurable domains on the internet accessed through the captive portal. For more information on AAA policy, see Chapter 8, AAA-POLICY.
PAGE 193
GLOBAL CONFIGURATION COMMANDS 4 - 37 4.1.15.2.12 webpage-location captive-portal-mode-commands Specifies the location of the Web pages used for authentication. These pages can either be hosted on the system or on an external Web server.
PAGE 194
4 - 38 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.15.2.13 webpage captive-portal-mode-commands Configures Web pages displayed when interacting with a captive portal. There are four (4) different pages. • agreement – This page displays “Terms and Conditions” that a user needs to accept before allowed access to the captive portal. • fail – This page is displayed when the user is not authenticated to use the captive portal.
PAGE 195
GLOBAL CONFIGURATION COMMANDS 4 - 39 footer Indicates the content is the footer portion of each internal, agreement, fail, and welcome page. The footer portion contains the signature of the organization that hosts the captive portal. header Indicates the content is the header portion of each internal, agreement, fail, and welcome page. The header portion contains the heading information for each of these pages.
PAGE 196
4 - 40 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.16 clear global config mode commands Clears parameters, cache entries, table entries, and other similar entries. The clear command is available for specific commands only. The information cleared using this command varies depending on the mode where executed.
PAGE 197
GLOBAL CONFIGURATION COMMANDS 4 - 41 4.1.17 critical-resource-policy global config mode commands Creates a critical resource monitoring policy. A critical resource is a device (wireless controller, router, gateway, etc.) considered critical to the health of the wireless controller. This is a list of IP addresses pinged regularly by the wireless controller. If there is a connectivity issue with a device on the critical resource list, an event is generated stating a critical resource is unavailable.
PAGE 198
4 - 42 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.17.1 critical-resource-policy critical-resource-policy Creates or enters a Critical-resource Monitoring (CRM) policy. If the defined policy is not present, it is created.For more information see, critical-resource-policy-mode-commands.
PAGE 199
GLOBAL CONFIGURATION COMMANDS 4 - 43 4.1.17.2 critical-resource-policy-mode-commands critical-resource-policy Table 4.5 summarizes critical resource monitoring policy configuration mode commands. Table 4.
PAGE 200
4 - 44 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.17.2.1 monitor critical-resource-policy-mode-commands Monitors critical resources. Use this command to configure a critical policy and set the interval the availability of the critical resource is checked.
PAGE 201
GLOBAL CONFIGURATION COMMANDS 4 - 45 4.1.17.2.2 no critical-resource-policy-mode-commands Removes a device from the critical resource list. This command also resets the ping interval to its default.
PAGE 202
4 - 46 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.18 customize global config mode commands Customizes the output of the summary CLI commands. Use this command to define the data displayed as a result of various show commands.
PAGE 203
GLOBAL CONFIGURATION COMMANDS 4 - 47 hostname <1-64> Includes the hostname column in the show wireless client command. The hostname column displays the hostname of the wireless client. • <1-64> – Specify the hostname column width from 1 - 64 characters. ip Includes the IP column in the show wireless client command. The IP column displays the current IP address of the wireless client. last-active Includes the last-active column in the show wireless client command.
PAGE 204
4 - 48 WiNG 5.2.6 Wireless Controller CLI Reference Guide mac Includes the MAC column in the show wireless client statistics command. The MAC column displays the MAC address of the wireless client. rx-bytes Includes the rx-bytes column in the show wireless client statistics command. The rx-bytes column displays the total number of bytes received by the wireless client. rx-errors Includes the rx-error column in the show wireless client statistics command.
PAGE 205
GLOBAL CONFIGURATION COMMANDS 4 - 49 signal Includes the signal column in the show wireless client statistics RF command. The signal column displays the signal strength at the particular wireless client. snr Includes the snr column in the show wireless client statistics RF command. The snr column displays the signal to noise ratio at the particular wireless client. t-index Includes the t-index column in the show wireless client statistics RF command.
PAGE 206
4 - 50 WiNG 5.2.6 Wireless Controller CLI Reference Guide • customize show-wireless-radio-stats (radio-alias <3-67>,radio-id,radio-mac, rx-bytes,rx-errors,rx-packets,rx-throughput,tx-bytes,tx-dropped,tx-packets, tx-throughput) show-wireless-radiostats Customizes the columns displayed for the show wireless radio statistics command. radio-alias <3-67> Includes the radio-alias column in the show wireless radio statistics command.
PAGE 207
GLOBAL CONFIGURATION COMMANDS 4 - 51 noise Includes the noise column in the show wireless radio statistics RF command. The mac column displays the noise as detected by the wireless radio. q-index Includes the q-index column in the show wireless client statistics RF command. The q-index column displays the RF quality index where a higher value indicates better RF quality. radio-alias <3-67> Includes the radio-alias column in the show wireless radio statistics RF command.
PAGE 208
4 - 52 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.
PAGE 209
GLOBAL CONFIGURATION COMMANDS 4 - 53 ap622 Filters out all devices other than AP622s ap650 Filters out devices other than AP650s ap6511 Filters out devices other than AP6511s ap6521 Filters out devices other than AP6521s ap6532 Filters out devices other than AP6532s ap71xx Filters out devices other than AP71XXs ap81xx Filters out devices other than AP81XXs rfs4000 Filters out devices other than RFS4000s rfs6000 Filters out devices other than RFS6000s rfs7000 Filters out devices other tha
PAGE 210
4 - 54 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.20 device-categorization global config mode commands Categorizes devices as sanctioned or neighboring. Categorization of devices enables quick identification and blocking of rogue/unsanctioned devices in the wireless controller managed network. Table 4.6 lists device-categorization list configuration mode commands. Table 4.
PAGE 211
GLOBAL CONFIGURATION COMMANDS 4 - 55 4.1.20.1 device-categorization device-categorization Configures a device categorization list. This list categorizes devices as sanctioned or neighboring. This information determines which devices are allowed access to the wireless controller managed network and which are rogue devices. If a device categorization list does not exist, it is created. For more information, see device-categorization-modecommands.
PAGE 212
4 - 56 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.20.2 device-categorization-mode-commands device-categorization Table 4.7 summarizes device categorization configuration mode command. Table 4.
PAGE 213
GLOBAL CONFIGURATION COMMANDS 4 - 57 4.1.20.2.1 mark-device device-categorization-mode-commands Adds a device to the device categorization list as sanctioned or neighboring. Devices are further classified as AP or client.
PAGE 214
4 - 58 WiNG 5.2.
PAGE 215
GLOBAL CONFIGURATION COMMANDS 4 - 59 4.1.20.2.
PAGE 216
4 - 60 WiNG 5.2.
PAGE 217
GLOBAL CONFIGURATION COMMANDS 4 - 61 4.1.21 dhcp-server-policy global config mode commands Configures DHCP server policy parameters, such as class, address range, and options. A new policy is created if it does not exist.
PAGE 218
4 - 62 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.22 dns-whitelist global config mode commands Configures a whitelist of devices permitted to access the wireless controller managed network or a hotspot Table 4.8 lists DNS whitelist configuration mode commands. Table 4.
PAGE 219
GLOBAL CONFIGURATION COMMANDS 4 - 63 4.1.22.1 dns-whitelist dns-whitelist Configures a DNS whitelist. A DNS whitelist is a list of domains allowed access to the wireless controller managed network. For more information, see dns-whitelist-mode-commands.
PAGE 220
4 - 64 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.22.2 dns-whitelist-mode-commands dns-whitelist Table 4.9 summarizes DNS white list configuration mode commands. Table 4.
PAGE 221
GLOBAL CONFIGURATION COMMANDS 4 - 65 4.1.22.2.1 permit dns-whitelist-mode-commands A whitelist is a list of host names and IP addresses permitted access to the wireless controller managed network or captive portal. This command adds a device by its hostname or IP address to the DNS whitelist.
PAGE 222
4 - 66 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.22.2.
PAGE 223
GLOBAL CONFIGURATION COMMANDS 4 - 67 4.1.23 do global config mode commands Use the do command to run commands from the EXEC mode. These commands perform tasks, such as clearing caches, setting device clock, upgrades etc. Generally use the do command to execute commands from the Privilege Executable or User Executable modes.
PAGE 224
4 - 68 WiNG 5.2.
PAGE 225
GLOBAL CONFIGURATION COMMANDS 4 - 69 Parameters • do ap-upgrade [|all|all|ap622|ap621|ap650|ap6511|ap6521|ap6532| ap71xx|ap81xx|load-image|rf-domain|cancel-upgrade] ap-upgrade Runs the ap-upgrade command For more information on the AP upgrade command, see ap-upgrade. • do archive tar [/create|/table|/xtract] [|] archive Runs the archive command For more information on the archive command, see archive.
PAGE 226
4 - 70 WiNG 5.2.6 Wireless Controller CLI Reference Guide • do configure {terminal|self} configure [terminal|self] Changes the configuration mode For more information on the configure command, see configure. • do connect [|mint-id ] connect Connects to a remote device to configure it. This command uses a device’s hostname or its MiNT ID to connect. For more information on the connect command, see connect.
PAGE 227
GLOBAL CONFIGURATION COMMANDS 4 - 71 • do enable enable Moves the mode to Privilege Exec mode For more information on the enable command, see enable. • do erase [flash:|nvram:|startup-config|usb1:] do erase [flash:|nvram:| startup-config|usb1] Erases the content of the specified storage device. Also erases the startup configuration to restore the device to its default. For more information on the erase command, see erase.
PAGE 228
4 - 72 WiNG 5.2.6 Wireless Controller CLI Reference Guide • do more more Displays a file in the console window For more information on the more command, see more. • do no [adoption|captive-portal|crypto|debug|page|service|terminal|upgrade| wireless|logging] no [adoption| captive-portal|crypto| debug|page|service| terminal|upgrade| wireless|logging] Reverts or negates a command For more information on the no command, see the respective profiles and modes.
PAGE 229
GLOBAL CONFIGURATION COMMANDS 4 - 73 • do self self Loads the configuration context of the device currently logged into For more information on the self command, see self.
PAGE 230
4 - 74 WiNG 5.2.6 Wireless Controller CLI Reference Guide • do upgrade-abort {on } upgrade-abort {on } Aborts an upgrade in progress on the logged device or remote device For more information on the upgrade abort command, see upgrade-abort. • do watch watch Repeats a CLI command at a periodic interval For more information on the watch command, see watch.
PAGE 231
GLOBAL CONFIGURATION COMMANDS 4 - 75 write Write running configuration to memory or terminal clrscr exit service show Clears the display screen Exit from the CLI Service Commands Show running system information rfs7000-37FABE(config)# Related Commands ap-upgrade Runs the ap update command archive Runs the archive command boot Configures the image used for the next boot cd Runs the command to change the present working directory change-passwd Changes the password for the current login user cl
PAGE 232
4 - 76 WiNG 5.2.
PAGE 233
GLOBAL CONFIGURATION COMMANDS 4 - 77 4.1.24 end global config mode commands Ends and exits the current mode and moves to the PRIV EXEC mode The prompt changes to the PRIV EXEC mode.
PAGE 234
4 - 78 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.25 event-system-policy global config mode commands Configures how events are supported by the wireless controller. Each event can be configured individually to perform an action such as sending an e-mail or forwarding a notification to its parent wireless controller etc. Table 4.10 lists event system policy configuration mode commands. Table 4.
PAGE 235
GLOBAL CONFIGURATION COMMANDS 4 - 79 4.1.25.1 event-system-policy event-system-policy Configures a system wide events handling policy. For more information, see event-system-policy-mode-commands.
PAGE 236
4 - 80 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.25.2 event-system-policy-mode-commands event-system-policy Table 4.11 summarizes event system policy configuration mode commands. Table 4.
PAGE 237
GLOBAL CONFIGURATION COMMANDS 4 - 81 4.1.25.2.
PAGE 238
4 - 82 WiNG 5.2.
PAGE 239
GLOBAL CONFIGURATION COMMANDS 4 - 83 captive-portal Configures captive portal (hotspot) related event messages • allow-access – Event client allowed access message • auth-failed – Event authentication failed message • auth-success – Event authentication success message • client-disconnect – Event client disconnected message • client-removed – Event client removed message • flex-log-access – Event flexible log access granted to client message • inactivity-timeout – Event client
PAGE 240
4 - 84 WiNG 5.2.
PAGE 241
GLOBAL CONFIGURATION COMMANDS 4 - 85 dot11 Configures 802.
PAGE 242
4 - 86 WiNG 5.2.
PAGE 243
GLOBAL CONFIGURATION COMMANDS 4 - 87 nsm Configures Network Service Module (NSM) related event message • dhcpc-err – Event DHCP certification error message • dhcpdefrt – Event DHCP defrt message • dhcpip – Event DHCP IP message • dhcpipchg – Event DHCP IP change message • dhcpipnoadd – Event DHCP IP overlaps static IP address message • dhcplsexp – Event DHCP lease expiry message • dhcpnak – Event DHCP server returned DHCP NAK response • ifdown – Event interface down message • i
PAGE 244
4 - 88 WiNG 5.2.
PAGE 245
GLOBAL CONFIGURATION COMMANDS 4 - 89 test Configures the test module related event messages • testalert – Event test alert message • testargs – Event test arguments message • testcrit – Event test critical message • testdebug – Event test debug message • testemerg – Event test emergency message • testerr – Event test error message • testinfo – Event test information message • testnotice – Event test notice message • testwarn – Event test warning message wips Configures the Wi
PAGE 246
4 - 90 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.25.2.
PAGE 247
GLOBAL CONFIGURATION COMMANDS 4 - 91 • • • • • • • • • • • • • • • • ap adv-wips-event-14 – Event adv-wips-event-14 message adv-wips-event-142 – Event adv-wips-event-142 message adv-wips-event-16 – Event adv-wips-event-16 message adv-wips-event-19 – Event adv-wips-event-19 message adv-wips-event-2 – Event adv-wips-event-2 message adv-wips-event-21 – Event adv-wips-event-21message adv-wips-event-220 – Event adv-wips-event-220 message adv-wips-event-221 – Event adv-wips-event-221
PAGE 248
4 - 92 WiNG 5.2.
PAGE 249
GLOBAL CONFIGURATION COMMANDS 4 - 93 dhcpsvr Resets DHCP server related event messages • dhcp-start – Event DHCP server started message • dhcpsvr-stop – Event DHCP sever stopped message • relay-iface-no-ip – Event no IP address on DHCP relay interface message • relay-no-iface – Event no interface for DHCP relay message • relay-start – Event relay agent started • relay-stop – Event DHCP relay agent stopped diag Resets diagnostics module related event messages • autogen-tech-spr
PAGE 250
4 - 94 WiNG 5.2.6 Wireless Controller CLI Reference Guide dot11 Resets 802.
PAGE 251
GLOBAL CONFIGURATION COMMANDS 4 - 95 filemgmt Resets file management module related event messages • http – Event HTTP message • httplocal – Event HTTP local message • https-start – Event HTTPS start message • https-wait – Event HTTPS wait message • httpstart – Event HTTP start message • keyadded – Event key added message • keydeleted – Event key deleted message • trustpointdeleted – Event trustpoint deleted message fwu Resets firmware update related event messages • fwuaborte
PAGE 252
4 - 96 WiNG 5.2.
PAGE 253
GLOBAL CONFIGURATION COMMANDS 4 - 97 smrt Resets SMART RF module related event messages • calibration-done – Event calibration done message • calibration-started – Event calibration started message • config-cleared – Configuration cleared event message • cov-hole-recovery – Event coverage hole recovery message • cov-hole-recovery-done – Event coverage hole recovery done message • interference-recovery – Event interference recovery message • neighbor-recovery – Event neighbor rec
PAGE 254
4 - 98 WiNG 5.2.
PAGE 255
GLOBAL CONFIGURATION COMMANDS 4 - 99 4.1.26 firewall-policy global config mode commands Configures a firewall policy. This policy defines a set of rules for managing network traffic and prevent unauthorized access to the network behind the firewall while allowing authorized devices access.
PAGE 256
4 - 100 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.27 host global config mode commands Enters the configuration context of a remote device using its hostname Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax host Parameters • host Specify the device’s hostname.
PAGE 257
GLOBAL CONFIGURATION COMMANDS 4 - 101 4.1.28 ip global config mode commands Configures IP access control lists Access lists define access to the wireless controller managed network using a set of rules. Each rule specifies an action taken when a packet matches a given set of rules. If the action is deny, the packet is dropped. If the action is permit, the packet is allowed.
PAGE 258
4 - 102 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.29 mac global config mode commands Configures MAC access control lists Access lists define access to the wireless controller managed network using a set of rules. Each rule specifies an action taken when a packet matches a given set of rules. If the action is deny, the packet is dropped. If the action is permit, the packet is allowed.
PAGE 259
GLOBAL CONFIGURATION COMMANDS 4 - 103 4.1.30 management-policy global config mode commands Configures a management policy. This policy configures parameters, such as services that run on a device, welcome messages, banners, and others.
PAGE 260
4 - 104 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.
PAGE 261
GLOBAL CONFIGURATION COMMANDS 4 - 105 4.1.32 nac-list global config mode commands Configures a policy, which configures a list of devices that can access a managed network based on their MAC addresses. Table 4.12 lists NAC list policy configuration mode commands. Table 4.
PAGE 262
4 - 106 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.32.1 nac-list nac-list Configures a Network Access Control (NAC) list that controls access to the wireless controller managed network. For more information see, nac-list-mode-commands.
PAGE 263
GLOBAL CONFIGURATION COMMANDS 4 - 107 4.1.32.2 nac-list-mode-commands nac-list Table 4.13 summarizes NAC list configuration mode commands. Table 4.
PAGE 264
4 - 108 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.32.2.
PAGE 265
GLOBAL CONFIGURATION COMMANDS 4 - 109 4.1.32.2.
PAGE 266
4 - 110 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.32.2.
PAGE 267
GLOBAL CONFIGURATION COMMANDS 4 - 111 4.1.
PAGE 268
4 - 112 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.
PAGE 269
GLOBAL CONFIGURATION COMMANDS 4 - 113 4.1.35 profile global config mode commands Configures profile related commands. If no parameters are given, all profiles are selected.
PAGE 270
4 - 114 WiNG 5.2.6 Wireless Controller CLI Reference Guide • profile {containing } {filter type [ap621|ap622|ap650|ap6511|ap6521|ap6532|ap71xx|ap81xx|rfs4000|rfs6000| rfs7000|nx9000]} profile Configures device profile commands containing Optional. Configures profiles that contain a specified sub-string in the hostname • – Specify a substring in the profile name to filter profiles. filter type Optional.
PAGE 271
GLOBAL CONFIGURATION COMMANDS 4 - 115 ap81xx Selects a AP81XX profile rfs4000 Selects a RFS4000 profile rfs6000 Selects a RFS6000 profile rfs7000 Selects a RFS7000 profile nx9000 Selects a NX9000 Series profile Examples rfs7000-37FABE(config)#profile RFS7000 test1 rfs7000-37FABE(config-profile-test1)#? Profile Mode commands: aaa VPN AAA authentication settings ap-upgrade AP firmware upgrade ap300 Adopt/unadopt AP300 device to this profile/device arp Address Resolution Protocol (ARP) auto-learn-s
PAGE 272
4 - 116 WiNG 5.2.6 Wireless Controller CLI Reference Guide spanning-tree use vpn wep-shared-key-auth Spanning tree Set setting to use Vpn configuration Enable support for 802.
PAGE 273
GLOBAL CONFIGURATION COMMANDS 4 - 117 4.1.36 radio-qos-policy global config mode commands Configures a radio quality-of-service (QoS) policy Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax radio-qos-policy Parameters • radio-qos-policy Specify the radio QoS policy name.
PAGE 274
4 - 118 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.37 radius-group global config mode commands Configures RADIUS user group parameters Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax radius-group Parameters • radius-group Specify a RADIUS user group name.
PAGE 275
GLOBAL CONFIGURATION COMMANDS 4 - 119 4.1.
PAGE 276
4 - 120 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.
PAGE 277
GLOBAL CONFIGURATION COMMANDS 4 - 121 4.1.40 rf-domain global config mode commands An RF Domain groups devices that can logically belong to one network. The RF Domain policy configures a set of parameters that enable devices configured quickly as belonging to a particular RF Domain. Table 4.14 lists RF Domain configuration mode commands. Table 4.
PAGE 278
4 - 122 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.40.1 rf-domain rf-domain Creates a RF Domain or enters RF Domain context for one or more RF Domains. If the policy does not exist, it creates a new policy. For more information, see rf-domain-mode-commands.
PAGE 279
GLOBAL CONFIGURATION COMMANDS 4 - 123 4.1.40.2 rf-domain-mode-commands rf-domain This section describes the default commands under RF Domain. Table 4.15 summarises RF Domain configuration mode commands. Table 4.
PAGE 280
4 - 124 WiNG 5.2.6 Wireless Controller CLI Reference Guide Table 4.
PAGE 281
GLOBAL CONFIGURATION COMMANDS 4 - 125 4.1.40.2.1 channel-list rf-domain-mode-commands Configures the channel list advertised by radios. This command also enables dynamic update of a channel list Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax channel-list [2.4GHz|5GHz|dynamic] channel-list dynamic channel-list [2.
PAGE 282
4 - 126 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.40.2.
PAGE 283
GLOBAL CONFIGURATION COMMANDS 4 - 127 4.1.40.2.3 control-vlan rf-domain-mode-commands Configures VLAN for traffic control in this RF Domain Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax control-vlan <1-4094> Parameters • control-vlan <1-4094> <1-4094> Specify the VLAN ID from 1 - 4094.
PAGE 284
4 - 128 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.40.2.4 country-code rf-domain-mode-commands Configures a RF Domain’s country of operation. Since device channels transmit in specific channels unique to the country of operation, it is essential to configure the country code correctly or risk using the access point illegally.
PAGE 285
GLOBAL CONFIGURATION COMMANDS 4 - 129 4.1.40.2.
PAGE 286
4 - 130 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.40.2.6 layout rf-domain-mode-commands Configures the RF Domain layout in terms of area, floor, and location on a map. It allows users to place APs across the deployment map. A maximum of 256 layouts is permitted.
PAGE 287
GLOBAL CONFIGURATION COMMANDS 4 - 131 4.1.40.2.7 location rf-domain-mode-commands Configures the physical location of the wireless controller RF Domain. The location could be as specific as the building name or floor number. Or it could be generic and include an entire site. The location defines the physical area where a common set of device configurations are deployed and managed by a RF Domain policy.
PAGE 288
4 - 132 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.40.2.
PAGE 289
GLOBAL CONFIGURATION COMMANDS 4 - 133 4.1.40.2.9 no rf-domain-mode-commands Negates a command or reverts configured settings to their default. When used in the config RF Domain mode, the no command negates or reverts RF Domain settings.
PAGE 290
4 - 134 WiNG 5.2.
PAGE 291
GLOBAL CONFIGURATION COMMANDS 4 - 135 4.1.40.2.10 override-smart-rf rf-domain-mode-commands Configures RF Domain level overrides for a Smart RF policy Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax override-smartrf channel-list [2.4GHz|5GHZ] Parameters • override-smartrf channel-list [2.
PAGE 292
4 - 136 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.40.2.
PAGE 293
GLOBAL CONFIGURATION COMMANDS 4 - 137 4.1.40.2.12 sensor-server rf-domain-mode-commands Configures an AirDefense sensor server on this RF Domain. Sensor servers allow network administrators to monitor and download data from multiple sensors remote locations using Ethernet TCP/IP or serial communications. This enables administrators to respond quickly to interferences and coverage problems.
PAGE 294
4 - 138 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.40.2.
PAGE 295
GLOBAL CONFIGURATION COMMANDS 4 - 139 4.1.40.2.14 timezone rf-domain-mode-commands Configures the RF Domain’s geographic time zone. Configuring the time zone is essential for RF Domains deployed across different geographical locations.
PAGE 296
4 - 140 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.40.2.
PAGE 297
GLOBAL CONFIGURATION COMMANDS 4 - 141 4.1.41 rfs4000 global config mode commands Adds an RFS4000 wireless controller to the network Supported in the following platforms: • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax rfs4000 Parameters • rfs4000 Specify the MAC address of the RFS4000.
PAGE 298
4 - 142 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.42 rfs6000 global config mode commands Adds an RFS6000 wireless controller to the network Supported in the following platforms: • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax rfs6000 Parameters • rfs6000 Specify the MAC address of a RFS6000.
PAGE 299
GLOBAL CONFIGURATION COMMANDS 4 - 143 4.1.43 rfs7000 global config mode commands Adds an RFS7000 wireless controller to the network Supported in the following platforms: • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax rfs7000 Parameters • rfs7000 Specify the MAC address of a RFS7000.
PAGE 300
4 - 144 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.44 nx9000 global config mode commands Adds an NX9000 Series wireless controller to the network Supported in the following platforms: • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax nx9000 Parameters • nx9000 Specifies the MAC address of a NX9000 Series wireless controller.
PAGE 301
GLOBAL CONFIGURATION COMMANDS 4 - 145 4.1.45 role-policy global config mode commands Configures a role-based firewall policy Supported in the following platforms: • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax role-policy Parameters • role-policy Specify the role policy name. If the policy does not exist, it is created.
PAGE 302
4 - 146 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.
PAGE 303
GLOBAL CONFIGURATION COMMANDS 4 - 147 4.1.47 smart-rf-policy global config mode commands Configures a Smart RF policy Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax smart-rf-policy Parameters • smart-rf-policy Specify the Smart RF policy name. If the policy does not exist, it is created.
PAGE 304
4 - 148 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.48 wips-policy global config mode commands Configures a WIPS policy Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax wips-policy Parameters • wips-policy Specify the WIPS policy name. If the policy does not exist, it is created.
PAGE 305
GLOBAL CONFIGURATION COMMANDS 4 - 149 4.1.49 wlan global config mode commands Configures a wireless LAN. Table 4.16 lists WLAN configuration mode commands. Table 4.
PAGE 306
4 - 150 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.49.1 wlan wlan Configures a WLAN or enters WLAN configuration context for one or more WLANs. For more information, see wlan-modecommands.
PAGE 307
GLOBAL CONFIGURATION COMMANDS 4 - 151 4.1.49.2 wlan-mode-commands wlan Configures WLAN mode commands. Manual WLAN mappings are erased when the actual WLAN is disabled and then enabled immediately Use the (config) instance to configure WLAN related parameters. To navigate to this instance, use the following commands: rfs7000-37FABE(config)#wlan Table 4.17 summarizes WLAN configuration mode commands. Table 4.
PAGE 308
4 - 152 WiNG 5.2.6 Wireless Controller CLI Reference Guide Table 4.17 wlan mode commands Command Description Reference motorolaextensions Enables support for Motorola Solutions specific extensions to 802.11 page 4-176 no Negates a command or sets its default value page 4-177 protected-mgmtframes Configures Protected Management Frames (PMF) (IEEE 802.
PAGE 309
GLOBAL CONFIGURATION COMMANDS 4 - 153 4.1.49.2.
PAGE 310
4 - 154 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.49.2.
PAGE 311
GLOBAL CONFIGURATION COMMANDS 4 - 155 4.1.49.2.3 answer-broadcast-probes wlan-mode-commands Allows the WLAN to respond to probe requests that do not specify an SSID. These probes are for broadcast ESS.
PAGE 312
4 - 156 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.49.2.
PAGE 313
GLOBAL CONFIGURATION COMMANDS 4 - 157 4.1.49.2.5 bridging-mode wlan-mode-commands Configures how packets are bridged to and from a WLAN Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax bridging-mode [local|tunnel] Parameters • bridging-mode [local|tunnel] bridging-mode Configures how packets are bridged to and from a WLAN.
PAGE 314
4 - 158 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.49.2.
PAGE 315
GLOBAL CONFIGURATION COMMANDS 4 - 159 4.1.49.2.
PAGE 316
4 - 160 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.49.2.
PAGE 317
GLOBAL CONFIGURATION COMMANDS 4 - 161 4.1.49.2.
PAGE 318
4 - 162 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.49.2.
PAGE 319
GLOBAL CONFIGURATION COMMANDS 4 - 163 4.1.49.2.11 client-load-balancing wlan-mode-commands Configures client load balancing on a WLAN Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax client-load-balancing {allow-single-band-clients|band-discovery-intvl| capability-ageout-time|max-probe-req|probe-req-invl} client-load-balancing {allow-single-band-clients [2.
PAGE 320
4 - 164 WiNG 5.2.6 Wireless Controller CLI Reference Guide Examples rfs7000-37FABE(config-wlan-wlan1)#client-load-balancing allow-single-band-clients 2.4ghz rfs7000-37FABE(config-wlan-wlan1)#client-load-balancing band-discovery-intvl 2 rfs7000-37FABEconfig-wlan-wlan1)#client-load-balancing probe-req-intvl 5ghz 5 rfs7000-37FABE(config-wlan-wlan1)#show context wlan wlan1 ssid wlan1 bridging-mode local encryption-type none authentication-type eap 802.11w sa-query timeout 110 802.
PAGE 321
GLOBAL CONFIGURATION COMMANDS 4 - 165 4.1.49.2.12 data-rates wlan-mode-commands Specifies the 802.11 rates supported on a WLAN Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax data-rates [2.4GHz|5GHz] data-rates 2.4GHz [b-only|bg|bgn|custom|default|g-only|gn] data-rates 2.4GHz [b-only|bg|bgn|default|g-only|gn] data-rates 2.
PAGE 322
4 - 166 WiNG 5.2.6 Wireless Controller CLI Reference Guide • data-rates [2.4GHz|5GHz] custom [1|11|12|18|2|24|36|48|5.5|54|6|9| basic-1|basic-11|basic-12|basic-18|basic-2|basic-24|basic-36|basic-48|basic-5.5| basic-54|basic-6|basic-9|basic-mcs0-7|mcs0-15|mcs0-7|mcs8-15|mcs16-23|mcs0-23] data-rates [2.4GHz|5GHz] Specifies the 802.11 rates supported when mapped to a 2.4GHz or 5GHz radio custom Configures a data rates list by specifying each rate individually.
PAGE 323
GLOBAL CONFIGURATION COMMANDS 4 - 167 Examples rfs7000-37FABE(config-wlan-wlan1)#data-rates 2.4GHz gn rfs7000-37FABE(config-wlan-wlan1)#show context wlan wlan1 ssid wlan1 bridging-mode local encryption-type none authentication-type eap 802.11w sa-query timeout 110 802.11w sa-query attempts 1 accounting syslog host 172.16.10.12 port 2 data-rates 2.
PAGE 324
4 - 168 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.49.2.
PAGE 325
GLOBAL CONFIGURATION COMMANDS 4 - 169 4.1.49.2.
PAGE 326
4 - 170 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.49.2.
PAGE 327
GLOBAL CONFIGURATION COMMANDS 4 - 171 4.1.49.2.
PAGE 328
4 - 172 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.49.2.
PAGE 329
GLOBAL CONFIGURATION COMMANDS 4 - 173 4.1.49.2.
PAGE 330
4 - 174 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.49.2.
PAGE 331
GLOBAL CONFIGURATION COMMANDS 4 - 175 • keberos server timeout <1-60> kerberos Configures a WLAN’s Kerberos authentication parameters The parameters are: password, realm, and server. timeout <1-60> Modifies the Kerberos KDC server‘s timeout parameters • <1-60> – Specifies the time the wireless controller waits for a response from the Kerberos KDC server before retrying. Specify a value from 1 - 60 seconds.
PAGE 332
4 - 176 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.49.2.20 motorola-extensions wlan-mode-commands Enables support for Motorola Solutions specific extensions to 802.
PAGE 333
GLOBAL CONFIGURATION COMMANDS 4 - 177 4.1.49.2.21 no wlan-mode-commands Negates WLAN mode commands and reverts values to their default Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax no Parameters None Usage Guidelines The no command negates any command associated with it.
PAGE 334
4 - 178 WiNG 5.2.6 Wireless Controller CLI Reference Guide wpa-wpa2 Modify tkip-ccmp (wpa/wpa2) related parameters service Service Commands rfs7000-37FABE(config-wlan-wlan1)# The wlan1 settings before the execution of the no command: rfs7000-37FABE(config-wlan-wlan1)#show context wlan wlan1 description testwlan ssid wlan1 bridging-mode local encryption-type tkip-ccmp authentication-type eap 802.11w sa-query timeout 110 802.
PAGE 335
GLOBAL CONFIGURATION COMMANDS 4 - 179 4.1.49.2.22 protected-mgmt-frames wlan-mode-commands Configures Protected Management Frames (PMF) (IEEE 802.
PAGE 336
4 - 180 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.49.2.23 proxy-arp-mode wlan-mode-commands Enables proxy ARP mode for handling ARP requests Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax proxy-arp-mode [dynamic|strict] Parameters • proxy-arp-mode [dynamic|strict] proxy-arp-mode Enables proxy ARP mode for handling ARP requests.
PAGE 337
GLOBAL CONFIGURATION COMMANDS 4 - 181 4.1.49.2.
PAGE 338
4 - 182 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.49.2.
PAGE 339
GLOBAL CONFIGURATION COMMANDS 4 - 183 4.1.49.2.26 ssid wlan-mode-commands Configures a WLAN’s SSID Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax ssid Parameters • ssid Specify the WLAN’s SSID. The WLAN SSID is case sensitive and alphanumeric. It’s length should not exceed 32 characters.
PAGE 340
4 - 184 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.49.2.
PAGE 341
GLOBAL CONFIGURATION COMMANDS 4 - 185 4.1.49.2.28 use wlan-mode-commands This command associates an existing captive portal with a WLAN.
PAGE 342
4 - 186 WiNG 5.2.6 Wireless Controller CLI Reference Guide Examples rfs7000-37FABE(config-wlan-wlan1)#use ip-access-list in motorola rfs7000-37FABE(config-wlan-wlan1)#show context wlan wlan1 ssid test1 bridging-mode local encryption-type none authentication-type none 802.11w sa-query timeout 110 802.
PAGE 343
GLOBAL CONFIGURATION COMMANDS 4 - 187 4.1.49.2.29 vlan wlan-mode-commands Sets the VLAN where traffic from a WLAN is mapped Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax vlan <1-4094> Parameters • vlan <1-4094> <1-4094> Sets a WLAN’s VLAN ID. This command starts a new VLAN assignment for a WLAN index. All prior VLAN settings are erased.
PAGE 344
4 - 188 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.49.2.30 vlan-pool-member wlan-mode-commands Adds a member VLAN to a WLAN’s VLAN pool NOTE: The creation of a VLAN pool overrides the VLAN’s configuration.
PAGE 345
GLOBAL CONFIGURATION COMMANDS 4 - 189 4.1.49.2.
PAGE 346
4 - 190 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.49.2.
PAGE 347
GLOBAL CONFIGURATION COMMANDS 4 - 191 4.1.49.2.
PAGE 348
4 - 192 WiNG 5.2.
PAGE 349
GLOBAL CONFIGURATION COMMANDS 4 - 193 4.1.49.2.
PAGE 350
4 - 194 WiNG 5.2.6 Wireless Controller CLI Reference Guide priority [high|normal] Configures the relative priority of handshake messages compared to other data traffic • high – Treats handshake messages as high priority packets on a radio • normal – Treats handshake messages as normal priority packets on a radio timeout <10-5000> Configures the timeout period for a handshake message to retire. Once this timeout period is over, the handshake message is retired.
PAGE 351
GLOBAL CONFIGURATION COMMANDS 4 - 195 Examples rfs7000-37FABE(config-wlan-wlan1)#wpa-wpa2 tkip-countermeasures hold-time 2 rfs7000-37FABE(config-wlan-wlan1)#show context wlan wlan1 ssid wlan1 bridging-mode tunnel encryption-type none authentication-type none wireless-client hold-time 10 wireless-client cred-cache-ageout 65 wireless-client max-firewall-sessions 100 wireless-client reauthentication 35 wpa-wpa2 tkip-countermeasures hold-time 2 wep64 key 1 hex 0 73796d626f wireless-client tx-power 12 rfs7000-
PAGE 352
4 - 196 WiNG 5.2.6 Wireless Controller CLI Reference Guide 4.1.50 wlan-qos-policy global config mode commands Configures a WLAN QoS policy Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax wlan-qos-policy Parameters • wlan-qos-policy Specify the WLAN QoS policy name.
PAGE 353
CHAPTER 5 COMMON COMMANDS This chapter describes the CLI commands used in the USER EXEC, PRIV EXEC, and GLOBAL CONFIG modes. The PRIV EXEC command set contains commands available within the USER EXEC mode. Some commands can be entered in either mode. Commands entered in either the USER EXEC or PRIV EXEC mode are referred to as EXEC mode commands. If a user or privilege is not specified, the referenced command can be entered in either mode.
PAGE 354
5-2 WiNG 5.2.6 Wireless Controller CLI Reference Guide 5.1 Common Commands Table 5.1 summarizes commands common to the User Exec, Priv Exec, and Global Config modes. Table 5.
PAGE 355
COMMON COMMANDS 5.1.
PAGE 356
5-4 WiNG 5.2.6 Wireless Controller CLI Reference Guide 5.1.2 commit common commands Commits all changes made in the active session. Use the commit command to save and invoke settings entered during the current transaction. Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax commit {write}{memory} Parameters • commit {write}{memory} write Optional.
PAGE 357
COMMON COMMANDS 5.1.3 end common commands Ends and exits the current mode and moves to the PRIV EXEC mode. The prompt changes to rfs7000-37FABE#. Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 NOTE: This is command is applicable only the Global Configuration mode.
PAGE 358
5-6 WiNG 5.2.6 Wireless Controller CLI Reference Guide 5.1.4 exit common commands The exit command works differently in the User Exec, Priv Exec, and Global Config modes. In the Global Config mode, it ends the current mode and moves to the previous mode, which is the Priv Exec mode. The prompt changes from (config)# to #. When used in the Priv Exec and User Exec modes, the exit command ends the current session and connection to the terminal device.
PAGE 359
COMMON COMMANDS 5-7 5.1.5 help common commands Describes the interactive help system Use this command to access the advanced help feature. Use “?” anytime at the command prompt to access the help topic Two kinds of help are provided: • Full help is available when ready to enter a command argument • Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input (for example 'show ve?').
PAGE 360
5-8 WiNG 5.2.
PAGE 361
COMMON COMMANDS 5-9 rfs7000-37FABE>help show configuration-tree ## ACCESS-POINT / SWITCH ## ---+ | +--> [[ RF-DOMAIN ]] | +--> [[ PROFILE ]] | +--> Device specific parameters (license, serial number, hostname) | +--> Configuration Overrides of rf-domain and profile ## RF-DOMAIN ## ---+ | +--> RF parameters, WIPS server parameters | +--> [[ SMART-RF-POLICY ]] | +--> [[ WIPS POLICY ]] ## PROFILE ## ---+ | +--> Physical interface (interface GE,ME,UP etc) | | | +--> [[ RATE-LIMIT-TRUST-POLICY ]] | +--> Vlan i
PAGE 362
5 - 10 WiNG 5.2.
PAGE 363
COMMON COMMANDS 5 - 11 5.1.6 no common commands Negates a command or sets its default. Though the no command is common to the User Exec, Priv Exec, and Global Config modes, it negates a different set of commands in each mode.
PAGE 364
5 - 12 WiNG 5.2.
PAGE 365
COMMON COMMANDS 5 - 13 5.1.
PAGE 366
5 - 14 WiNG 5.2.6 Wireless Controller CLI Reference Guide 5.1.8 service common commands Service commands are used to view and manage wireless controller configurations in all modes. The service commands and their corresponding parameters vary from mode to mode. The User Exec Mode and Priv Exec Mode commands provide same functionalities with a few minor changes. The Global Config service command sets the size of history files. It also enables viewing of CLI tree of the current mode.
PAGE 367
COMMON COMMANDS 5 - 15 service cluster force [active|configured-state|standby] service delete-offline-aps [all|offline-for days <0-999> {time }] service force-send-config {on } service locator {on } service load-balancing clear-client-capability [|all] {on } service radio <1-3> dfs simulator-radar [extension|primary] service radius test [|] [|] service radius test [|] {wlan <
PAGE 368
5 - 16 WiNG 5.2.
PAGE 369
COMMON COMMANDS 5 - 17 invalid-management-frame Optional. Clears invalid management frames detection event history ipx-detection Optional. Clears automatic IPX interface detection event history monkey-jack-attackdetected Optional. Detects monkey-jack attacks detection event history multicast-all-routers-onsubnet Optional. Clears all multicast routers on the subnet detection event history multicast-all-systems-onsubnet Optional.
PAGE 370
5 - 18 WiNG 5.2.6 Wireless Controller CLI Reference Guide • service advanced-wips terminate-device advanced-wips terminatedevice The advanced WIPS service command clears event history details, and terminates a device. • terminate-device – Terminates a specified device • – Specify the MAC address of the AP or wireless client. • service ap300 dot1x username password on [all|ap-mac ] ap300 Sets global AP300 configuration parameters dot1x Sets 802.
PAGE 371
COMMON COMMANDS 5 - 19 • service clear [command-history|reboot-history|upgrade-history] {on } clear [command-history| reboot-history| upgrade-history] Clears command history, reboot history, or device upgrade history on Optional. Clears history on a specified device • – Specify the name of the AP or wireless controller.
PAGE 372
5 - 20 WiNG 5.2.6 Wireless Controller CLI Reference Guide • service cli-tables-expand {left|right} cli-tables-expand Displays the CLI table in a drop-down format left Optional. Displays the output in a left-justified format right Optional.
PAGE 373
COMMON COMMANDS 5 - 21 • service force-send-config {on } force-send-config Resends configuration details on Optional. Resends configuration details to a device • – Optional. Specify the name of the AP, wireless controller, or RF Domain. • service locator {on } locator Enables LEDs on Optional. Enables LEDs on a device • – Specify name of the AP or wireless controller.
PAGE 374
5 - 22 WiNG 5.2.6 Wireless Controller CLI Reference Guide Specify the password. wlan ssid Tests the local RADIUS WLAN. Specify the local RADIUS WLAN name. • ssid – Specify the local RADIUS server’s SSID. on Optional. Performs the tests on a specified device • – Specify the name of the AP or wireless controller.
PAGE 375
COMMON COMMANDS 5 - 23 connected-sensors-status Displays connected sensors statistics termination-entries Displays termination entries statistics • service show captive-portal [servers|user-cache] {on } show Displays running system statistics based on the parameters passed captive-portal Displays captive portal information servers Displays server information for active captive portals user-cache Displays cached user details for a captive portal on Optional.
PAGE 376
5 - 24 WiNG 5.2.6 Wireless Controller CLI Reference Guide top Displays system resource information upgrade-history Displays the device’s upgrade history (displays details, such as date, time, and status of the upgrade, old version, new version etc.) watchdog Displays the device’s watchdog status on The following parameters are common to all of the above: • on – Optional. Displays information for a specified device.
PAGE 377
COMMON COMMANDS 5 - 25 • service show pm {history} {(on )}] show Displays running system statistics based on the parameters passed pm Displays the Process Monitor (PM) controlled process details history Optional. Displays process change history (the time at which the change was implemented, and the events that triggered the change) on Optional. Displays process change history for a specified device.
PAGE 378
5 - 26 WiNG 5.2.6 Wireless Controller CLI Reference Guide • service show wireless client proc [info|stats] {} {(on
PAGE 379
COMMON COMMANDS 5 - 27 status-codes Displays 802.11 status codes (association response etc) • service show wireless reference dot11 handshake {wpa-wpa2-enterprise|wpa-wpa2personal} show Displays running system statistics based on the parameters passed wireless Displays WLAN statistics (WLAN AAA policy, configuration parameters, VLAN usage etc.) reference dot11 Displays 802.11 base standard related information, such as 802.11 frame structure, 802.11 handshake flow diagram etc.
PAGE 380
5 - 28 WiNG 5.2.6 Wireless Controller CLI Reference Guide on Optional. Displays interactive Smart RF calibration results on a specified RF Domain • – Specify the RF Domain name. • service wireless client beacon-request mode [active|passive|table] ssid [|any] channel-report [|none] {on } wireless client beaconrequests Sends beacon measurement requests to a wireless client Specify the MAC address of the wireless client.
PAGE 381
COMMON COMMANDS 5 - 29 • service wireless wips clear-client-blacklist [all|mac ] wireless wips Enables management of WIPS parameters clear-client-blacklist [all|mac ] Removes a specified client or all clients from the blacklist • all – Removes all clients from the blacklist • mac – Removes a specified client form the blacklist • – Specify the MAC address of the wireless client.
PAGE 382
5 - 30 WiNG 5.2.6 Wireless Controller CLI Reference Guide Syntax (Privilege Exec Mode) service NOTE: The “service” command of the Priv Exec Mode is the same as the service command in the User Exec Mode. There a few modifications that have been documented in this section. For the syntax and parameters of the other commands refer to the (User Exec Mode) syntax and (User Exec Mode) parameters sections of this chapter.
PAGE 383
COMMON COMMANDS 5 - 31 clear [lsp-dp|mlcp] Clears LSP database and MiNT Link Control Protocol (MLCP) links • lsp-dp – Clears MiNT Label Switched Path (LSP) database • mlcp – Clears MLCP links debug-log [flash-and-syslog| flash-only] Enables debug message logging • flash-and-syslog – Logs debug messages to the flash and syslog files • flash-only – Logs debug messages to the flash file only expire [lsp|spf] Forces expiration of LSP and recalculation of Shortest Path First (SPF) • lsp – Forces expiration
PAGE 384
5 - 32 WiNG 5.2.
PAGE 385
COMMON COMMANDS 5 - 33 rfs7000-37FABE>service show general stats on rfs7000-37FABE Current Fan Speed: 6540 Minimum Fan Speed: TBD Hysteresis: TBD Sensor Sensor Sensor Sensor Sensor Sensor 1 2 3 4 5 6 Temperature: Temperature: Temperature: Temperature: Temperature: Temperature: 31C 55C 29C 28C 26C 28C rfs7000-37FABE> rfs7000-37FABE>service wireless wips clear-mu-blacklist mac 11-22-33-44-55-66 rfs7000-37FABE> rfs7000-37FABE#service signal kill testp Sending a kill signal to testp rfs7000-37FABE# rfs7000
PAGE 386
5 - 34 WiNG 5.2.6 Wireless Controller CLI Reference Guide rfs7000-37FABE#service traceroute -h traceroute: invalid option -- h BusyBox v1.14.
PAGE 387
COMMON COMMANDS 5 - 35 rfs7000-37FABE>service show diag stats on rfs7000-37FABE fan 1 current speed: 6660 min_speed: 2000 hysteresis: 250 fan 2 current speed: 6720 min_speed: 2000 hysteresis: 250 fan 3 current speed: 6540 min_speed: 2000 hysteresis: 250 Sensor Sensor Sensor Sensor Sensor Sensor 1 2 3 4 5 6 Temperature Temperature Temperature Temperature Temperature Temperature 32.0 58.0 29.0 28.0 26.0 28.0 C C C C C C rfs7000-37FABE>service show info on rrfs7000-37FABE 7.7M out of 8.
PAGE 388
5 - 36 WiNG 5.2.
PAGE 389
COMMON COMMANDS 5 - 37 rfs7000-37FABE>service show wireless config-internal ! Startup-Config-Playback Completed: Yes no debug wireless no country-code ! wlan-qos-policy default no rate-limit wlan to-air no rate-limit wlan from-air no rate-limit client to-air no rate-limit client from-air ! wlan wlan1 ssid wlan1 vlan 1 qos-policy default encryption-type none authentication-type none no accounting radius no accounting syslog rfs7000-37FABE> System Information: Free RAM: 68.0% (169 of 249) Min: 10.
PAGE 390
5 - 38 WiNG 5.2.6 Wireless Controller CLI Reference Guide 5.1.9 show common commands Displays specified system component settings. There are a number of ways to invoke the show command: • When invoked without any arguments, it displays information about the current context. If the current context contains instances, the show command (usually) displays a list of these instances. • When invoked with the display parameter, it displays information about that component.
PAGE 391
COMMON COMMANDS 5 - 39 terminal timezone upgrade-status version wireless wwan Display terminal configuration parameters The timezone Display last image upgrade status Display software & hardware version Wireless commands Display wireless WAN Status rfs7000-37FABE# NOTE: For more information on the show command, see Chapter 6, SHOW COMMANDS.
PAGE 392
5 - 40 WiNG 5.2.6 Wireless Controller CLI Reference Guide 5.1.
PAGE 393
CHAPTER 6 SHOW COMMANDS Show commands display information about a configuration setting or display statistical information. Use this command to see the current running configuration as well as the start-up configuration. The show command also displays the configuration of the current context. This chapter describes the ‘show’ CLI commands used in the USER EXEC, PRIV EXEC, and GLOBAL CONFIG modes. Commands entered in either USER EXEC mode or PRIV EXEC mode are referred to as EXEC mode commands.
PAGE 394
6-2 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1 show commands Table 6.1 summarizes show commands. Table 6.
PAGE 395
SHOW COMMANDS 6-3 Table 6.
PAGE 396
6-4 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
PAGE 397
SHOW COMMANDS session-changes session-config sessions smart-rf spanning-tree startup-config terminal timezone upgrade-status version what wireless wwan Configuration changes made in this session This session configuration Display CLI sessions Smart-RF Management Commands Display spanning tree information Startup configuration Display terminal configuration parameters The timezone Display last image upgrade status Display software & hardware version Perform global search Wireless commands Display wireless
PAGE 398
6-6 WiNG 5.2.
PAGE 399
SHOW COMMANDS 6-7 rfs6000-380649>show noc device ------------------------------------------------------------------------------------------------------------MAC HOST-NAME TYPE CLUSTER RF-DOMAIN ADOPTED-BY ONLINE ------------------------------------------------------------------------------------------------------------00-23-68-31-16-B5 AP650-3116B5 AP650 default offline 00-15-70-38-06-49 rfs6000-380649 RFS6000 test default online 00-15-70-63-4F-86 AP300-634F86 AP300 (un-mapped) offline 00-A0-F8-CF-1E-DA A
PAGE 400
6-8 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.2 adoption show commands The adoption command is common to all three modes. It displays information related to APs adopted by a wireless controller.
PAGE 401
SHOW COMMANDS 6-9 6.1.
PAGE 402
6 - 10 WiNG 5.2.6 Wireless Controller CLI Reference Guide detected-clients-for-ap Displays clients statistics for APs {neighboring| • – Displays clients for a specified AP. Enter the MAC address (BSS-ID) of the AP. sanctioned| • neighboring – Optional. Displays neighboring client information unsanctioned} • sanctioned – Optional. Displays sanctioned client information • unsanctioned – Optional.
PAGE 403
SHOW COMMANDS 6 - 11 6.1.
PAGE 404
6 - 12 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.5 boot show commands Displays a device’s boot configuration. Use the on command to view a remote device’s boot configuration. NOTE: This command is not present in the USER EXEC Mode.
PAGE 405
SHOW COMMANDS 6 - 13 6.1.
PAGE 406
6 - 14 WiNG 5.2.6 Wireless Controller CLI Reference Guide state [pending|success]] Optional. Filters clients based on their authentication state • pending – Displays clients redirected for authentication • success – Displays clients successfully authenticated • show captive-portal client {filter vlan [|not ]} captive-portal client Displays captive portal client information filter Optional. Defines additional filters vlan [| not ] Optional.
PAGE 407
SHOW COMMANDS 6 - 15 6.1.
PAGE 408
6 - 16 WiNG 5.2.6 Wireless Controller CLI Reference Guide ------------------------Device ID: ap7131-139B34 Entry address(es): IP Address: 172.16.10.
PAGE 409
SHOW COMMANDS 6 - 17 6.1.8 clock show commands Displays a system’s clock Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax show clock {on } Parameters • show clock {on } clock Displays a system’s clock on Optional.
PAGE 410
6 - 18 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.9 cluster show commands Displays cluster information (cluster configuration parameters, members, status etc.
PAGE 411
SHOW COMMANDS 6 - 19 6.1.
PAGE 412
6 - 20 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
PAGE 413
SHOW COMMANDS 6 - 21 6.1.12 critical-resources show commands Displays critical resource information. Critical resources are resources vital to the wireless controller managed network. Some critical resources are security spanning routers, wireless controllers, firewalls, VPNs, VLANs, WiFi access points etc.
PAGE 414
6 - 22 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
PAGE 415
SHOW COMMANDS 6 - 23 all {on } Optional. Displays all trustpoints • on – Optional. Displays all trustpoints configured on a specified device • – Specify the name of the AP or wireless controller. on Optional. Displays trustpoints configured on a specified device • – Specify the name of the AP or wireless controller.
PAGE 416
6 - 24 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
PAGE 417
SHOW COMMANDS 6 - 25 option Optional. Prints the XPath node value based on the options passed Select one of the following options: • do-profiling – Performs profiling • no-pretty – Disables pretty for speed • show-tail-only – Displays only the tail of the result • use-generator – Performs streaming using generator interface • use-streaming – Uses streaming interface param option Optional.
PAGE 418
6 - 26 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
PAGE 419
SHOW COMMANDS 6 - 27 • show debugging {dhcpsvr|radius|snmp|ssm|vpn} {on } debugging Displays debugging processes in progress based on the parameters passed {dhcpsvr|radius|snmp|ssm| • dhcpsvr – Optional. Displays the DHCP server configuration module’s debugging vpn} information • radius – Optional. Displays the RADIUS server configuration module’s debugging information • snmp – Optional. Displays the Simple Network Management Protocol (SNMP) module’s debugging information • vpn – Optional.
PAGE 420
6 - 28 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
PAGE 421
SHOW COMMANDS 6 - 29 6.1.17 event-history show commands Displays event history report Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax show event-history {on } Parameters • show event-history {on } event-history Displays event history report on Optional.
PAGE 422
6 - 30 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
PAGE 423
SHOW COMMANDS 6 - 31 6.1.19 file show commands Displays file system information NOTE: This command is not available in the USER EXEC Mode.
PAGE 424
6 - 32 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.20 firewall show commands Displays wireless firewall information, such as DHCP snoop table entries, denial of service statistics, active session summaries etc.
PAGE 425
SHOW COMMANDS 6 - 33 on Optional. Displays all firewall flows on a specified device • – Specify the name of the AP or wireless controller.
PAGE 426
6 - 34 WiNG 5.2.6 Wireless Controller CLI Reference Guide min-idle Filters firewall flows idle for at least the specified duration. Specify a min-idle value from 1 - 4294967295 bytes. min-pkts Filters firewall flows with at least the given number of packets. Specify a min-bytes value from 1 - 4294967295 bytes. not Negates the filter expression selected port <1-65535> Matches either the source or destination port. Specify a port from 1 - 65535.
PAGE 427
SHOW COMMANDS 6 - 35 rfs6000-380649(config)#show firewall flows management on rfs6000-380649 ========== Flow# 1 Summary ========== Forward: Vlan 1, TCP 172.16.10.12 port 1483 > 172.16.10.4 port 22 5C-D9-98-4C-04-51 > 00-15-70-38-06-49, ingress port ge1 Egress port: , Egress interface: vlan1, Next hop: (00-15-70-38-06-49) 6661 packets, 541246 bytes, last packet 0 seconds ago Reverse: Vlan 1, TCP 172.16.10.4 port 22 > 172.16.10.
PAGE 428
6 - 36 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
PAGE 429
SHOW COMMANDS 6 - 37 vlan <1-4094> {on } Displays VLAN interface status and configuration • <1-4094> – Specify the Switch Virtual Interface (SVI) VLAN ID from 1 - 4094. • on – Optional. Displays interface status on a specified device • – Specify the name of the AP or wireless controller. waan1 {on } Displays Wireless WAN interface status and configuration • on – Optional.
PAGE 430
6 - 38 WiNG 5.2.6 Wireless Controller CLI Reference Guide rfs6000-380649(config)#show interface counters ------------------------------------------------------------------------------------------------------------# MAC RX-PKTS RX-BYTES RX-DROP TX-PKTS TXBYTES TX-DROP ------------------------------------------------------------------------------------------------------------me2 00-...-54 0 0 0 0 0 0 me1 00-...-52 0 0 0 0 0 0 vlan1 00-...-49 1765989 164738179 0 61042 5951427 0 vlan150 00-...
PAGE 431
SHOW COMMANDS 6 - 39 6.1.
PAGE 432
6 - 40 WiNG 5.2.6 Wireless Controller CLI Reference Guide networks {on } Displays the DHCP server network details • on – Optional. Displays server network details on a specified device • – Specify the name of the AP or wireless controller. status {on } Displays the DHCP server status • on – Optional. Displays server status on a specified device • – Specify the name of the AP or wireless controller.
PAGE 433
SHOW COMMANDS 6 - 41 • show ip igmp snooping vlan <1-4095> { {on }|on } ip igmp Displays IGMP configuration details snooping Displays IGMP snooping configuration details vlan <1-4095> Displays VLAN IGMP snooping configuration • <1-4095> – Specify the VLAN ID from 1 - 4095. {on } Optional. Specify the multicast group IP address. • on – Optional.
PAGE 434
6 - 42 WiNG 5.2.6 Wireless Controller CLI Reference Guide vlan <1-4095> {on } Displays VLAN interface route table details • on – Optional. Displays route table details on a specified device • – Specify the name of the AP or wireless controller. wwan1 {on } Displays WWAN1 interface route table details • on – Optional. Displays route table details on a specified device • – Specify the name of the AP or wireless controller.
PAGE 435
SHOW COMMANDS 6 - 43 rfs7000-37FABE(config)#show ip route vlan 1 on rfs7000-37FABE +------------------------+---------------------+-------------+-----------| DESTINATION | GATEWAY | FLAGS | INTERFACE +------------------------+---------------------+-------------+-----------| 172.16.10.0/24 | direct | C | vlan1 | default | 172.16.10.
PAGE 436
6 - 44 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
PAGE 437
SHOW COMMANDS 6 - 45 6.1.
PAGE 438
6 - 46 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
PAGE 439
SHOW COMMANDS 6 - 47 6.1.26 logging show commands Displays network activity log Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax show logging {on } Parameters • show logging {on } logging {on } Displays logging information on a specified device • – Optional.
PAGE 440
6 - 48 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
PAGE 441
SHOW COMMANDS 6 - 49 6.1.28 mac-address-table show commands Displays MAC address table entries Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax show mac-address-table {on } Parameters • show mac-address-table {on } mac-address-table Displays MAC address table entries on Optional.
PAGE 442
6 - 50 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
PAGE 443
SHOW COMMANDS 6 - 51 • show mint lsp-db {details {on }|on } mint Displays MiNT protocol information based on the parameters passed lsp-db Displays MiNT LSP database entries details {on } Optional. Displays detailed MiNT LSP database entries • – Specify the MiNT address in the format. • on – Optional.
PAGE 444
6 - 52 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
PAGE 445
SHOW COMMANDS 6 - 53 Examples rfs7000-37FABE(config)#show noc device +-----------------+----------------+--------+----------------+-----------| MAC| HOST-NAME | TYPE| CLUSTER| RF-DOMAIN |ADOPTED-BY| ONLINE | +-----------------+----------------+--------+----------------+-----------|99-88-77-66-55-44| AP7131-665544| AP7131| | default| | offline |00-15-70-88-9E-C4| AP7131-889EC4| AP7131| | default| | offline |11-22-33-44-55-66| AP650-445566| AP650| | default| | offline |00-15-70-37-FA-BE| rfs7000-37FABE| RFS
PAGE 446
6 - 54 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
PAGE 447
SHOW COMMANDS 6 - 55 6.1.
PAGE 448
6 - 56 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.33 power show commands Displays Power Over Ethernet (PoE) information Supported in the following platforms: • Wireless Controllers — RFS4000, RFS6000 Syntax show power [configuration|status] {on } Parameters • show power [configuration|status] {on } power Displays PoE information (PoE configuration and status) configuration {on } Displays detailed PoE configuration • on – Optional.
PAGE 449
SHOW COMMANDS 6 - 57 6.1.
PAGE 450
6 - 58 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.35 reload show commands Displays scheduled reload information NOTE: This command is not present in the USER EXEC mode.
PAGE 451
SHOW COMMANDS 6 - 59 6.1.
PAGE 452
6 - 60 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.37 rf-domain-manager show commands Displays RF Domain manager selection details Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax show rf-domain-manager {on } Parameters None Examples rfs6000-380649(config)#show rf-domain-manager RF Domain default RF Domain Manager: ID: 70.
PAGE 453
SHOW COMMANDS 6 - 61 6.1.
PAGE 454
6 - 62 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
PAGE 455
SHOW COMMANDS 6 - 63 6.1.
PAGE 456
6 - 64 WiNG 5.2.6 Wireless Controller CLI Reference Guide The following is common to all policies listed above: • – Specify the name of the policy. include-factory This parameter is common to all policies listed above. • Optional. Includes factory defaults • show running-config {device [|self] {include-factory}} running-config Displays current configuration details device {|self} Optional. Displays device configuration details • – Optional.
PAGE 457
SHOW COMMANDS 6 - 65 ap621 Displays AP621 profile configuration • – Displays configuration for a specified AP621 profile. Specify the AP621 profile name. ap622 Displays AP622 profile configuration • – Displays configuration for a specified AP622 profile. Specify the AP622 profile name. ap650 Displays AP650 profile configuration • – Displays configuration for a specified AP650 profile.
PAGE 458
6 - 66 WiNG 5.2.6 Wireless Controller CLI Reference Guide • show running-config {rf-domain {include-factory}} running-config Displays current configuration rf-domain Optional. Displays current configuration for a RF Domain Specify the name of the RF Domain. include-factory Optional. Includes factory defaults • show running-config {wlan {include-factory}} running-config Displays current configuration wlan Optional.
PAGE 459
SHOW COMMANDS 6 - 67 6.1.
PAGE 460
6 - 68 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
PAGE 461
SHOW COMMANDS 6 - 69 6.1.43 sessions show commands Displays CLI sessions initiated on a device Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax show sessions {on } Parameters • show sessions {on } sessions Displays CLI sessions initiated on a device on Optional.
PAGE 462
6 - 70 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
PAGE 463
SHOW COMMANDS 6 - 71 • show smart-rf [calibration-config|calibration-status|channel-distribution| history|history-timeline] {on } calibration-config Displays interactive calibration configurations calibration-status Displays Smart RF calibration status channel-distribution Displays Smart RF channel distribution history Displays Smart RF calibration history history-timeline Displays extended Smart RF calibration history on an hourly or daily timeline on This parameter
PAGE 464
6 - 72 WiNG 5.2.6 Wireless Controller CLI Reference Guide • show smart-rf interfering-ap {||on} interfering-ap Displays interfering access point information Optional. Displays interfering access point’s activity information • – Specify the access point’s MAC address. Note: Considers all APs if this parameter is omitted Optional.
PAGE 465
SHOW COMMANDS 6 - 73 6.1.
PAGE 466
6 - 74 WiNG 5.2.6 Wireless Controller CLI Reference Guide • show spanning-tree mst {instance <1-15>} {interface } {(on )} spanning-tree Displays spanning tree information mst Displays MST configuration. Use additional filters to view specific details. instance <1-15> Optional. Displays information for a particular MST instance • <1-15> – Specify the instance ID from 1 - 15. interface Optional.
PAGE 467
SHOW COMMANDS 6 - 75 rfs7000-37FABE(config)#show spanning-tree mst detail % Bridge up - Spanning Tree Disabled % CIST Root Path Cost 0 - CIST Root Port 0 - CIST Bridge Priority 32768 % Forward Delay 15 - Hello Time 2 - Max Age 20 - Max hops 20 % 1: CIST Root Id 800000157037fabf % 1: CIST Reg Root Id 800000157037fabf % 1: CIST Bridge Id 800000157037fabf % 1: portfast bpdu-guard disabled % portfast portfast errdisable timeout disabled % portfast errdisable timeout interval 300 sec % cisco interoperability no
PAGE 468
6 - 76 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
PAGE 469
SHOW COMMANDS 6 - 77 6.1.
PAGE 470
6 - 78 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
PAGE 471
SHOW COMMANDS 6 - 79 6.1.49 upgrade-status show commands Displays the last image upgrade status NOTE: This command is not available in the USER EXEC Mode.
PAGE 472
6 - 80 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
PAGE 473
SHOW COMMANDS 6 - 81 6.1.
PAGE 474
6 - 82 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
PAGE 475
SHOW COMMANDS 6 - 83 Parameters • show wireless ap {configured} wireless Displays wireless configuration parameters ap Displays information on wireless controller managed access points configured Optional.
PAGE 476
6 - 84 WiNG 5.2.6 Wireless Controller CLI Reference Guide • show wireless client {detail {on }|on }} wireless Displays wireless configuration parameters client Displays client information based on the parameters passed detail {on } Optional. Displays detailed information for a specified client • – Specify the MAC address of the client. • on – Optional.
PAGE 477
SHOW COMMANDS 6 - 85 • show wireless client {filter wlan {|not }} {on } wireless Displays wireless configuration parameters client Displays client information based on the parameters passed filter wlan {| not } Optional. Filters clients on a specified WLAN • – Specify the WLAN name.
PAGE 478
6 - 86 WiNG 5.2.6 Wireless Controller CLI Reference Guide mesh Displays information on radio mesh links {on } Optional. Displays active links of a radio mesh • on – Optional.
PAGE 479
SHOW COMMANDS 6 - 87 radio Displays radio operation status and other related information statistics {on | rf {on }} Optional. Displays radio traffic and RF statistics • on – Optional. Displays traffic and RF related statistics on a specified device or RF Domain • – Specify the name of the AP, wireless controller, or RF Domain. • rf {on } – Optional.
PAGE 480
6 - 88 WiNG 5.2.
PAGE 481
SHOW COMMANDS 6 - 89 • show wlan {detail |on |policy-mappings|usage-mappings} wireless Displays wireless configuration parameters wlan Displays WLAN related information based on the parameters passed detail Optional. Displays WLAN configuration • – Specify the WLAN name. on Optional.
PAGE 482
6 - 90 WiNG 5.2.
PAGE 483
SHOW COMMANDS 6 - 91 rfs7000-37FABE(config)#show wireless regulatory device-type AP650 in -------------------------------------------------------------------------# Channel Set Power(mW) Power (dBm) Placement DFS CAC(mins) -------------------------------------------------------------------------1 1-13 4000 36 Indoor/Outdoor NA NA 2 36-64 200 23 Indoor Not Required 0 3 149-165 1000 30 Outdoor Not Required 0 4 149-165 200 23 Indoor Not Required 0 --------------------------------------------------------------
PAGE 484
6 - 92 WiNG 5.2.6 Wireless Controller CLI Reference Guide 6.1.
PAGE 485
CHAPTER 7 PROFILES This chapter is organized as follows: • Creating Profiles • Device Specific Commands
PAGE 486
7-2 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1 Creating Profiles PROFILES Profiles enable administrators to assign a common set of configuration parameters and policies to wireless controllers and access points. Profiles can be used to assign common or unique network, wireless and security parameters to wireless controller and access points across a large, multi segment site. The configuration parameters within a profile are based on the hardware model the profile was created to support.
PAGE 487
PROFILES 7-3 Select the device profile that you want to configure and provide a name. For example, the following command configures a default AP71XX profile.
PAGE 488
7-4 WiNG 5.2.6 Wireless Controller CLI Reference Guide do end exit help revert service show write Run commands from Exec mode End current mode and change to EXEC mode End current mode and down to previous mode Description of the interactive help system Revert changes Service Commands Show running system information Write running configuration to memory or terminal rfs7000-37FABE(config-profile-default-ap71xx)# Table 7.1 summarizes profile configuration commands. PROFILES Table 7.
PAGE 489
PROFILES 7-5 Table 7.
PAGE 490
7-6 WiNG 5.2.6 Wireless Controller CLI Reference Guide Table 7.1 config-profile config commands Command Description Reference use Uses pre configured policies with this profile page 7-181 vpn Configures VPN settings page 7-184 wep-shared-keyauth Enables support for 802.
PAGE 491
PROFILES 7-7 7.1.
PAGE 492
7-8 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.2 ap-mobility Creating Profiles Configures AP mobility (fixed or vehicle mounted) NOTE: The ap-mobility command is applicable only to a access point profile.
PAGE 493
PROFILES 7.1.
PAGE 494
7 - 10 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.
PAGE 495
PROFILES 7 - 11 7.1.
PAGE 496
7 - 12 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.
PAGE 497
PROFILES 7 - 13 7.1.7 autoinstall config-profile config commands Automatically installs firmware image and configuration parameters on to the selected device.
PAGE 498
7 - 14 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.8 bridge config-profile config commands Configures Ethernet bridging parameters Table 7.
PAGE 499
PROFILES 7 - 15 7.1.8.1 bridge bridge Configures VLAN Ethernet bridging parameters. For more information, see bridge-vlan-mode-commands.
PAGE 500
7 - 16 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.8.2 bridge-vlan-mode-commands bridge Table 7.3 summarizes bridge VLAN mode commands Table 7.
PAGE 501
PROFILES 7 - 17 7.1.8.2.
PAGE 502
7 - 18 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.8.2.2 description bridge-vlan-mode-commands Sets a VLAN bridge description Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax description Parameters • description description Sets a VLAN bridge description • – Specify a VLAN bridge description.
PAGE 503
PROFILES 7 - 19 7.1.8.2.3 edge-vlan bridge-vlan-mode-commands Enables edge VLAN mode. In the edge VLAN mode, a protected port does not forward traffic to another protected port on the same wireless controller.
PAGE 504
7 - 20 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.8.2.
PAGE 505
PROFILES 7 - 21 • ip igmp snooping {querier {address |max-response-time <1-25>| timer expiry <60-300>|version <1-3>}} ip Configures VLAN bridge IP parameters igmp snooping Configures IGMP snooping querier Optional. Configures the IGMP querier address Optional. Configures IGMP querier source IP address • – Specify the IGMP querier source IP address. max-response-time <1-25> Optional.
PAGE 506
7 - 22 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.8.2.5 no bridge-vlan-mode-commands Negates a command or reverts settings to their default. The no command, when used in the bridge VLAN mode, negates the VLAN bridge settings or reverts them to their default.
PAGE 507
PROFILES 7 - 23 interface Disables mrouter interfaces • – Specify interface names, separated by a space. learn pim-dvmrp Disables multicast router learning protocols • pim-dvmrp – Disables PIM-DVMRP snooping of packets • no ip igmp snooping {querier {address|max-response-time|timer expiry|version}} no ip Negates or reverts VLAN bridge IP settings igmp snooping Configures IGMP snooping components querier Optional. Reverts IGMP querier settings address Optional.
PAGE 508
7 - 24 WiNG 5.2.
PAGE 509
PROFILES 7 - 25 7.1.8.2.
PAGE 510
7 - 26 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.8.2.
PAGE 511
PROFILES 7 - 27 7.1.9 cdp config-profile config commands Uses Cisco Discovery Protocol (CDP) on the device.
PAGE 512
7 - 28 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.
PAGE 513
PROFILES 7 - 29 • cluster mode [active|standby] mode [active|standby] Configures cluster mode as either active or standby • active – Configures the active mode • standby – Configures the standby mode • cluster name name Configures the cluster name • – Specify the cluster name. Examples rfs7000-37FABE(config-profile-default-RFS7000)#cluster name cluster1 rfs7000-37FABE(config-profile-default-RFS7000)#cluster member ip 172.16.10.
PAGE 514
7 - 30 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.11 configuration-persistence config-profile config commands Enables configuration persistence across reloads Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax configuration-persistence {secure} Parameters • configuration-persistence {secure} secure Optional.
PAGE 515
PROFILES 7 - 31 7.1.
PAGE 516
7 - 32 WiNG 5.2.6 Wireless Controller CLI Reference Guide level [1|2] The following are common to the IP and hostname parameters: Optional. After providing the wireless controller address, optionally select one of the following two routing levels: • 1 – Level 1, local routing • 2 – Level 2, inter-site routing pool <1-2> {level [1|2]} The following are common to the IP and hostname parameters: Optional. Sets the wireless controller’s pool • <1-2> – Select either 1 or 2 as the pool. The default is 1.
PAGE 517
PROFILES 7 - 33 7.1.13 crypto Creating Profiles Table 7.4 summarizes crypto configuration commands. Table 7.4 config-crypto commands Command Description Reference crypto Defines system level local ID for ISAKMP negotiation and enters the ISAKMP Policy, ISAKMP Client, or ISAKMP Peer configuration mode.
PAGE 518
7 - 34 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.13.1 crypto crypto Use crypto to define system level local ID for ISAKMP negotiation and to enter the ISAKMP Policy, ISAKMP Client, or ISAKMP Peer command set. A crypto map entry is a single policy that describes how certain traffic is secured. There are two types of crypto map entries: ipsec-manual and ipsec-ike entries. Each entry is given an index (used to sort the ordered list).
PAGE 519
PROFILES 7 - 35 Parameters • crypto ipsec security-association lifetime [kilobytes <500-2147383646>| seconds <90-2147383646>] ipsec Configures Internet Protocol Security (IPSec) policy parameters security-association Configures IPSec SAs parameters lifetime [kilobyte |seconds] Defines IPSec SAs lifetime (in kilobytes and/or seconds). Values can be entered in both kilobytes and seconds, which ever limit is reached first, ends the SA. When the SA lifetime ends it is renegotiated as a security measure.
PAGE 520
7 - 36 WiNG 5.2.6 Wireless Controller CLI Reference Guide esp-aes Configures the ESP transform using Advanced Encryption Standard (AES) cipher. The transform set is assigned to a crypto map using the map’s set transform-set command. esp-aes-192 Configures the ESP transform using AES cipher (192 bits). The transform set is assigned to a crypto map using the map’s set transform-set command. esp-aes-256 Configures the ESP transform using AES cipher (256 bits).
PAGE 521
PROFILES 7 - 37 keepalive <10-3600> Sets a keepalive interval for use with remote peers. It defines the number of seconds between Dead Peer Detection (DPD) messages • <10-3600> – Specify a value from 10 - 3600 seconds. • crypto isakmp key [0 |2 |] address isakmp Configures ISAKMP policy, also known as IKE policy key [0 | 2 | ] Sets a pre-shared key for the remote peer • 0 – Sets a clear text key. The minimum length is 8 characters.
PAGE 522
7 - 38 WiNG 5.2.
PAGE 523
PROFILES 7 - 39 rfs7000-37FABE(config-profile-default-RFS7000)#show context pprofile RFS7000 default-RFS7000 autoinstall configuration autoinstall firmware crypto isakmp policy default crypto ipsec transform-set default esp-aes-256 esp-sha-hmac crypto ipsec transform-set tpsec-tag1 ah-md5-hmac crypto map TEST 1000 ipsec-isakmp crypto map map1 10 ipsec-isakmp dynamic interface me1 interface ge1 ip dhcp trust qos trust dscp qos trust 802.1p interface ge2 ip dhcp trust qos trust dscp qos trust 802.
PAGE 524
7 - 40 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.13.2 isakmp-policy crypto Creates a ISAKMP policy and enters its configuration mode.
PAGE 525
PROFILES 7 - 41 Table 7.
PAGE 526
7 - 42 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.13.2.
PAGE 527
PROFILES 7 - 43 7.1.13.2.
PAGE 528
7 - 44 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.13.2.3group isakmp-policy Specifies the Diffie-Hellman (DH) group (1 or 2) used by the IKE policy to generate keys (used to create IPSec SA). Specifying the group enables you to declare the size of the modulus used in DH calculation.
PAGE 529
PROFILES 7 - 45 7.1.13.2.
PAGE 530
7 - 46 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.13.2.5lifetime isakmp-policy Specifies how long an IKE SA is valid before it expires Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax lifetime <60-2147483646> Parameters • lifetime <60-2147483646> lifetime <60-2147483646> Specifies how many seconds an IKE SA lasts before it expires.
PAGE 531
PROFILES 7 - 47 7.1.13.2.6no isakmp-policy Negates a command or reverts settings to their default. The no command, when used in the ISAKMP policy mode, defaults the ISAKMP protection suite settings.
PAGE 532
7 - 48 WiNG 5.2.
PAGE 533
PROFILES 7 - 49 7.1.13.3 crypto-group crypto Creates crypto group and enters its configuration mode.
PAGE 534
7 - 50 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.13.3.1dns crypto-group Configures the DNS server Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax dns Parameters • dns Sets the IP address for the DNS server Examples rfs7000-37FABE(config-profile-default-RFS7000-crypto-group)#dns 171.16.10.
PAGE 535
PROFILES 7 - 51 7.1.13.3.2wins crypto-group Configures the Windows name server Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax wins Parameters • wins Sets the IP address for the Windows name server Examples rfs7000-37FABE(config-profile-default-RFS7000-crypto-group)#wns 172.16.10.
PAGE 536
7 - 52 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.14 dscp-mapping config-profile config commands Configures IP Differentiated Services Code Point (DSCP) to 802.
PAGE 537
PROFILES 7 - 53 7.1.
PAGE 538
7 - 54 WiNG 5.2.6 Wireless Controller CLI Reference Guide sender Defines the e-mail address of the sender • – Specify the e-mail address of the sender. username Optional. Configures the SMTP username • – Specify the SMTP username. password [2 |] Configures the SMTP server password • 2 – Configures an encrypted password • – Specify the password. port <1-65535> Optional.
PAGE 539
PROFILES 7 - 55 7.1.
PAGE 540
7 - 56 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.
PAGE 541
PROFILES 7 - 57 7.1.18 export config-profile config commands Enables the export of startup.
PAGE 542
7 - 58 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.19 ip config-profile config commands Configures IP components, such as default gateway, DHCP, Domain Name Service (DNS) server forwarding, name server, domain name, routing standards etc.
PAGE 543
PROFILES 7 - 59 name-server Configures IP address of the name server • – Specify the IP address of the name server.
PAGE 544
7 - 60 WiNG 5.2.6 Wireless Controller CLI Reference Guide • ip local pool default low-ip-address {high-ip-address } local Sets a local IP address range assigned to VPN clients using mode-config or IPSec with layer 2 TP pool Specifies the address range to configure default Sets the default tag low-ip-address Sets the lower limit of the IP address range high-ip-address Optional.
PAGE 545
PROFILES 7 - 61 • ip nat [inside|outside] source list interface [| vlan <1-4094>|wwan1] [(address |interface |overload|pool )] nat Configures NAT parameters [inside|outside] Configures inside and outside IP access list source list Configures an access list describing local addresses • – Specify a name for the IP access list.
PAGE 546
7 - 62 WiNG 5.2.6 Wireless Controller CLI Reference Guide Examples rfs7000-37FABE(config-profile-default-RFS7000)#ip default-gateway 172.16.10.9 rfs7000-37FABE(config-profile-default-RFS7000)#ip dns-server-forward rfs7000-37FABE(config-profile-default-RFS7000)#ip route 172.16.10.10/24 172.16.10.2 rfs7000-37FABE(config-profile-default-RFS7000)#ip local pool default low-ip-address 1.2.3.4 high-ip-address 6.7.8.
PAGE 547
PROFILES 7 - 63 7.1.20 nat-pool ip Use the (config-profile-default-RFS7000) instance to configure Network Address Translation (NAT) pool commands.
PAGE 548
7 - 64 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.20.
PAGE 549
PROFILES 7 - 65 7.1.20.2 no nat-pool Negates a command or sets its default Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax no address Parameters None Usage Guidelines The no command negates any command associated with it. Wherever required, use the same parameters associated with the command getting negated.
PAGE 550
7 - 66 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21 interface Creating Profiles Table 7.8 summarizes the interface configuration commands. Table 7.
PAGE 551
PROFILES 7 - 67 7.1.21.1 interface interface Selects an interface to configure This command is used to enter the interface configuration mode for the specified physical wireless controller SVI interface. If the VLANx (SVI) interface does not exist, it’s automatically created. For more information on interface configuration mode, see interface config instance. For more information VLAN interface configuration mode, see interface vlan instance.
PAGE 552
7 - 68 WiNG 5.2.6 Wireless Controller CLI Reference Guide wwan1 Configures a Wireless WAN interface xge <1-2> Configures selected a TenGigabitEthernet interface • <1-2> – Specify the interface index from 1 - 2.
PAGE 553
PROFILES 7 - 69 7.1.21.2 interface config instance interface Use the (config-profile-default-RFS7000) instance to configure the Ethernet, VLAN and tunnel associated with the wireless controller.
PAGE 554
7 - 70 WiNG 5.2.6 Wireless Controller CLI Reference Guide Table 7.
PAGE 555
PROFILES 7 - 71 7.1.21.2.
PAGE 556
7 - 72 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.2.
PAGE 557
PROFILES 7 - 73 7.1.21.2.
PAGE 558
7 - 74 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.2.4dot1x interface config instance Configures 802.
PAGE 559
PROFILES 7 - 75 7.1.21.2.5duplex interface config instance Specifies duplex mode for an interface Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax duplex [auto|half|full] Parameters • duplex [auto|half|full] auto Enables automatic duplexity on an interface port. The port automatically detects whether it should run in full or half-duplex mode.
PAGE 560
7 - 76 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.2.
PAGE 561
PROFILES 7 - 77 7.1.21.2.
PAGE 562
7 - 78 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.2.
PAGE 563
PROFILES 7 - 79 7.1.21.2.9power interface config instance Invokes Power over Ethernet (PoE) commands Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax power {limit|priority} power {limit <0-40>} power {priority [critical|high|low]} Parameters • power {limit [<0-40>]} power {limit <0-40>} Optional.
PAGE 564
7 - 80 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.2.10qos interface config instance Enables Quality of Service (QoS) Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax qos trust [802.1p|cos|dscp] Parameters • qos trust [802.1p|cos|dscp] trust [802.1p|cos|dscp] Trusts QoS values ingressing on this interface • 802.1p – Trusts 802.
PAGE 565
PROFILES 7 - 81 7.1.21.2.11shutdown interface config instance Disables an interface. The interface is administratively enabled unless explicitly disabled using this command.
PAGE 566
7 - 82 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.2.
PAGE 567
PROFILES 7 - 83 bpduguard [default|disable|enable] Enables or disables BPDU guard on a port Use the no parameter with this command to set BPDU guard to its default. When the BPDU guard is set for a bridge, all PortFast-enabled ports that have the BPDU guard set to default shut down the port upon receiving a BPDU. If this occurs, the BPDU is not processed.
PAGE 568
7 - 84 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.2.
PAGE 569
PROFILES 7 - 85 7.1.21.2.
PAGE 570
7 - 86 WiNG 5.2.6 Wireless Controller CLI Reference Guide • switchport trunk native [tagged|vlan <1-4094>] trunk Sets trunking mode characteristics of the switchport native [tagged|vlan <1-4094>] Configures the native VLAN ID of the trunk-mode port • tagged – Tags the native VLAN • vlan <1-4094> – Sets the native VLAN for classifying untagged traffic when the interface is in trunking mode. Specify a value from 1 - 4094.
PAGE 571
PROFILES 7 - 87 7.1.21.2.
PAGE 572
7 - 88 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.3 interface vlan instance interface Use (config-profile-default-RFS7000) to configure Ethernet, VLAN and tunnel settings. To switch to this mode: rfs7000-37FABE(config-profile-default-RFS7000)#interface [|ge <1-8>| me1|port-channel <1-4>|vlan <1-4094>] rfs7000-37FABE(config-profile-default-RFS7000)#interface vlan 8 rfs7000-37FABE(config-profile-default-RFS7000-if-vlan8)# Table 7.
PAGE 573
PROFILES 7 - 89 7.1.21.3.1crypto interface vlan instance Sets encryption module for this VLAN interface. The encryption module (crypto map) is configured using the crypto map command. For more information, see crypto.
PAGE 574
7 - 90 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.3.2description interface vlan instance Defines a VLAN interface description. Use this command to provide additional information about the VLAN.
PAGE 575
PROFILES 7 - 91 7.1.21.3.
PAGE 576
7 - 92 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.3.
PAGE 577
PROFILES 7 - 93 • ip nat [inside|outside] nat [inside|outside] Sets the NAT of this VLAN interface • inside – Sets the NAT inside interface • outside – Sets the NAT outside interface Examples rfs7000-37FABE(config-profile-default-RFS7000-if-vlan8)#ip address 10.0.0.1/8 rfs7000-37FABE(config-profile-default-RFS7000-if-vlan8)#ip nat inside rfs7000-37FABE(config-profile-default-RFS7000-if-vlan8)#ip helper-address 172.16.10.
PAGE 578
7 - 94 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.3.5no interface vlan instance Negates a command or sets its default values. The no command, when used in the Config Interface VLAN mode, negates VLAN interface settings or reverts them to their default values.
PAGE 579
PROFILES 7 - 95 • no ip address [helper-address |nat] no ip address Disables interface IP settings • address – Removes IP addresses configured for this interface, depending on the options used while setting the address helper-address Disables the forwarding of DHCP and BOOTP packets to the configured helper IP address • – Specify the IP address of the DHCP or BOOTP server.
PAGE 580
7 - 96 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.3.6shutdown interface vlan instance Shuts down the selected interface. Use the no shutdown command to enable an interface.
PAGE 581
PROFILES 7 - 97 7.1.21.3.
PAGE 582
7 - 98 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.4 interface radio instance interface This section documents radio interface configuration parameters. The radio interface is available in all access points and the RFS4000 wireless controller.
PAGE 583
PROFILES 7 - 99 do end exit help revert service show write Run commands from Exec mode End current mode and change to EXEC mode End current mode and down to previous mode Description of the interactive help system Revert changes Service Commands Show running system information Write running configuration to memory or terminal rfs7000-37FABE(config-profile-71xxTestProfile-if-radio1)# Table 7.11 summarizes interface VLAN mode commands. Table 7.
PAGE 584
7 - 100 WiNG 5.2.6 Wireless Controller CLI Reference Guide Table 7.
PAGE 585
PROFILES 7 - 101 7.1.21.4.
PAGE 586
7 - 102 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.4.2aggregation interface radio instance Configures 802.11n frame aggregation. Frame aggregation increases throughput by sending two or more data frames in a single transmission. There are two types of frame aggregation: MAC Service Data Unit (MSDU) aggregation and MAC Protocol Data Unit (MPDU) aggregation. Both modes group several data frames into one large data frame.
PAGE 587
PROFILES 7 - 103 max-aggr-size Configures AMPDU packet size limits. Configure the packet size limit on packets both transmitted and received. rx [8191|16383|32767|65535] Configures the limit on received frames • 8191 – Advertises a maximum of 8191 bytes • 16383 – Advertises a maximum of 16383 bytes • 32767 – Advertises a maximum of 32767 bytes • 65536 – Advertises a maximum of 65535 bytes • aggregation ampdu max-aggr-size tx [<0-65535>] aggregation Configures 802.
PAGE 588
7 - 104 WiNG 5.2.
PAGE 589
PROFILES 7 - 105 7.1.21.4.
PAGE 590
7 - 106 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.4.
PAGE 591
PROFILES 7 - 107 7.1.21.4.5antenna-gain interface radio instance Configures the antenna gain value of the selected radio. Antenna gain defines the ability of an antenna to convert power into radio waves and vice versa. Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax antenna-gain <0.0-15.0> Parameters • antenna-gain <0.0-15.0> <0.0-15.
PAGE 592
7 - 108 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.4.
PAGE 593
PROFILES 7 - 109 7.1.21.4.7beacon interface radio instance Configures radio beacon parameters. Beacons are packets sent by the access point to synchronize a wireless network.
PAGE 594
7 - 110 WiNG 5.2.6 Wireless Controller CLI Reference Guide rfs7000-37FABE(config-profile-71xxTestProfile-if-radio1)#show context interface radio1 beacon period 50 beacon dtim-period bss 1 2 beacon dtim-period bss 2 20 beacon dtim-period bss 3 2 beacon dtim-period bss 4 2 beacon dtim-period bss 5 2 beacon dtim-period bss 6 2 beacon dtim-period bss 7 2 beacon dtim-period bss 8 2 antenna-gain 12.
PAGE 595
PROFILES 7 - 111 7.1.21.4.8channel interface radio instance Configures a radio’s channel of operation Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax channel [smart|acs|1|2|3|4|-------] Parameters • channel [smart|acs|1|2|3|4|-------] smart|acs|1|2|3|4|-------] Configures a radio’s channel of operation.
PAGE 596
7 - 112 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.4.9data-rates interface radio instance Configures the 802.11 data rates on this radio Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax data-rates [b-only|g-only|a-only|bg|bgn|gn|an|default|custom] data-rates [b-only|g-only|a-only|bg|bgn|gn|an|default] data-rates custom [1|2|5.
PAGE 597
PROFILES 7 - 113 • • • • • • • • • • • • • • • • • • • • • • 36 – 36-Mbps 48 – 48-Mbps 54 – 54-Mbps mcs0-7 – Modulation and Coding Scheme 0-7 mcs8-15 – Modulation and Coding Scheme 8-15 mcs16-23 – Modulation and Coding Scheme 16-23 mcs0-15 – Modulation and Coding Scheme 0-15 mcs8-23 – Modulation and Coding Scheme 8-23 mcs0-23 – Modulation and Coding Scheme 0-232 basic-1 – Basic 1-Mbps basic-2 – Basic 2-Mbps basic-5.5 – Basic 5.
PAGE 598
7 - 114 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.4.
PAGE 599
PROFILES 7 - 115 7.1.21.4.
PAGE 600
7 - 116 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.4.
PAGE 601
PROFILES 7 - 117 7.1.21.4.
PAGE 602
7 - 118 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.4.14guard-interval interface radio instance Configures the 802.11n guard interval. A guard interval ensures distinct transmissions do not interfere with one another. It provides immunity to propagation delays, echoes and reflection of radio signals.
PAGE 603
PROFILES 7 - 119 7.1.21.4.
PAGE 604
7 - 120 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.4.
PAGE 605
PROFILES 7 - 121 7.1.21.4.17mesh interface radio instance Use this command to configure radio mesh parameters. A Wireless Mesh Network (WMN) is a network of radio nodes organized in a mesh topology. It consists of mesh clients, mesh routers, and gateways.
PAGE 606
7 - 122 WiNG 5.2.
PAGE 607
PROFILES 7 - 123 7.1.21.4.18no interface radio instance Negates a command or resets settings to their default. When used in the profile/device > radio interface configuration mode, the no command disables or resets radio interface settings.
PAGE 608
7 - 124 WiNG 5.2.
PAGE 609
PROFILES 7 - 125 7.1.21.4.19non-unicast interface radio instance Configures the handling of non unicast frames on this radio. Enables the forwarding of multicast and broadcast frames by this radio.
PAGE 610
7 - 126 WiNG 5.2.
PAGE 611
PROFILES 7 - 127 7.1.21.4.20off-channel-scan interface radio instance Enables selected radio’s off channel scanning parameters Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax off-channel-scan {channel-list|max-multicast|scan-interval|sniffer-redirect} off-channel-scan {channel-list [2.
PAGE 612
7 - 128 WiNG 5.2.6 Wireless Controller CLI Reference Guide Examples rfs7000-37FABE(config-profile-71xxTestProfile-if-radio1)#off-channel-scan chan nel-list 2.4GHz 1 rfs7000-37FABE(config-profile-71xxTestProfile-if-radio1)# rfs7000-37FABE(config-profile-71xxTestProfile-if-radio1)#show context interface radio1 data-rates b-only mesh client off-channel-scan channel-list 2.4GHz 1 guard-interval long aggregation ampdu tx-only aeroscout forward ekahau forward ip 172.16.10.
PAGE 613
PROFILES 7 - 129 7.1.21.4.
PAGE 614
7 - 130 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.4.
PAGE 615
PROFILES 7 - 131 7.1.21.4.
PAGE 616
7 - 132 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.4.
PAGE 617
PROFILES 7 - 133 7.1.21.4.
PAGE 618
7 - 134 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.4.26rf-mode interface radio instance Configures the radio’s RF mode Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax rf-mode [2.4GHz-wlan|4.9GHz-wlan|5GHz-wlan|sensor] Parameters • rf-mode [2.4GHz-wlan|4.9GHz-wlan|5GHz-wlan|sensor] rf-mode Configures the radio RF mode 2.
PAGE 619
PROFILES 7 - 135 7.1.21.4.
PAGE 620
7 - 136 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.4.
PAGE 621
PROFILES 7 - 137 7.1.21.4.
PAGE 622
7 - 138 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.4.
PAGE 623
PROFILES 7 - 139 7.1.21.4.31stbc interface radio instance Configures the radio’s Space Time Block Coding (STBC) mode. STBC is a pre-transmission encoding scheme providing an improved SNR ratio (even at a single RF receiver). STBC transmits multiple data stream copies across multiple antennas. The receiver combines the multiple copies into one to retrieve data from the signal.
PAGE 624
7 - 140 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.4.32txbf interface radio instance Enables transmit Beamforming on the selected radio. Transmit Beamforming enhances the reliability and performance of beamformed links by allowing the transmitter to generate signals that can be optimally received. The transmitter sends out a sounding signal and listens for a response from the receiver.
PAGE 625
PROFILES 7 - 141 ap81xx-00090C(config)#show wireless client detail ADDRESS : 00-24-D7-F1-00-EC - 00-24-D7-F1-00-EC 192.168.1.218 (vlan:1) WLAN : open (ssid:open) : : : : : : DATA-RATES : 6 9 12 18 24 36 48 54 mcs0-23 MAX-PHY_RATE : 450 M MAX-USER_RATE : 337 M 802.
PAGE 626
7 - 142 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.4.
PAGE 627
PROFILES 7 - 143 7.1.21.4.34wireless-client interface radio instance Configures wireless client parameters on this radio Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax wireless-client tx-power [<0-20>|mode] wireless-client tx-power mode [802.11d {symbol-ie}|symbol-ie {802.
PAGE 628
7 - 144 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.21.4.
PAGE 629
PROFILES 7 - 145 7.1.
PAGE 630
7 - 146 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.
PAGE 631
PROFILES 7 - 147 7.1.
PAGE 632
7 - 148 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.
PAGE 633
PROFILES 7 - 149 7.1.26 load-balancing config-profile config commands Configures load balancing parameters Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax load-balancing [advanced-params|balance-ap-loads|balance-band-loads| balance-channel-loads|band-ratio|band-control-strategy|group-id| neighbor-selection-strategy] load-balancing advanced-params [2.
PAGE 634
7 - 150 WiNG 5.2.
PAGE 635
PROFILES 7 - 151 • load-balancing advanced-params max-preferred-band-load [2.4GHGz|5GHzd] <0-100> advanced-params Configures advanced load balancing parameters max-preferred-bandload Configures the maximum load on the preferred band, beyond which the other band is equally preferred [2.4GHz|5GHz] <0-100> Select one of the following options: • 2.4GHz – Configures the maximum load on 2.
PAGE 636
7 - 152 WiNG 5.2.6 Wireless Controller CLI Reference Guide 5ghz [0|<1-10>] Configures the relative loading of 5GHz bands • 0 – Selecting ‘0’ steers all dual-band clients preferentially to the other band • <0-10> – Configures a relative load as a number from 0 - 10 • load-balancing band-control-strategy [distribute-by-ratio|prefer-2.4ghz| prefer-5ghz] band-control-strategy Configures a band control strategy distribute-by-ratio Distributes clients to either 2.
PAGE 637
PROFILES 7 - 153 7.1.
PAGE 638
7 - 154 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.
PAGE 639
PROFILES 7 - 155 • logging facility [local0|local1|local2|local3|local4|local5|local16|local7] facility [local0|local1| local2|local3|local4| local5|local6|local7] Enables the syslog to decide where to send the incoming message. There are 8 logging facilities, from syslog0 to syslog7.
PAGE 640
7 - 156 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.29 mac-address-table config-profile config commands Configures the MAC address table. Use this command to assign a static address to the MAC address table.
PAGE 641
PROFILES 7 - 157 7.1.
PAGE 642
7 - 158 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.
PAGE 643
PROFILES 7 - 159 7.1.
PAGE 644
7 - 160 WiNG 5.2.6 Wireless Controller CLI Reference Guide <1-65535> level 2 Specifies the peer UDP port to link with the specified IP address • level – Specifies the routing level • 2 – Configures inter-site MiNT routing level adjacent-hold-time <2-600> Optional. Specifies the adjacency lifetime after hello packets cease • <2-600> – Specify a value from 2 - 600 seconds. cost <1-100000> Optional. Specifies the link cost in arbitrary units • <1-100000> – Specify a value from 1 - 100000.
PAGE 645
PROFILES 7 - 161 hello-interval <1-120> Optional. Specifies the hello interval between packets <1-120> – Specify a value from 1 - 120. level [1|2] Optional. Specifies the routing levels for this routing link.
PAGE 646
7 - 162 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.
PAGE 647
PROFILES 7 - 163 7.1.
PAGE 648
7 - 164 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.
PAGE 649
PROFILES 7 - 165 7.1.
PAGE 650
7 - 166 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.
PAGE 651
PROFILES 7 - 167 email-notification Configures e-mail notification enforce-version Checks device firmware versions before attempting connection events Displays system event messages export Enables the export of the startup.
PAGE 652
7 - 168 WiNG 5.2.6 Wireless Controller CLI Reference Guide spanning-tree Configures spanning tree commands use Defines the settings used by this feature vpn Configures VPN settings wep-shared-key-auth Enables support for 802.
PAGE 653
PROFILES 7 - 169 7.1.
PAGE 654
7 - 170 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.
PAGE 655
PROFILES 7 - 171 Examples rfs7000-37FABE(config-profile-default-RFS7000)#ntp server 172.16.10.10 rfs7000-37FABE(config-profile-default-RFS7000)#ntp server 172.16.10.1 version 1 prefer rfs7000-37FABE(config-profile-default-RFS7000)#ntp server 172.16.10.
PAGE 656
7 - 172 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.40 power-config config-profile config commands Configures the power option mode.
PAGE 657
PROFILES 7 - 173 7.1.41 preferred-controller-group config-profile config commands Specifies the wireless controller group preferred for adoption Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX.
PAGE 658
7 - 174 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.
PAGE 659
PROFILES 7 - 175 7.1.
PAGE 660
7 - 176 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.44 service config-profile config commands Service commands enable you to view and manage wireless controller configurations in the User Exec, Priv Exec, and Global Config modes. In the profile/device configuration context, use this command to do the following: • Enable system restart, by the Process Monitor (PM), in case of a process failure • Enable Watchdog • Modify the Remote Site Survivability (RSS) timeout value.
PAGE 661
PROFILES 7 - 177 trigger-threshold <1-255> Sets the number of pending RADIUS sessions after which EAP throttling is triggered • service wireless ap300 [image|version] wireless ap300 Use this command to set the AP300 image file path and to view the image version number. image Sets the AP300 image file path • – Specify the image file name and location.
PAGE 662
7 - 178 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.45 spanning-tree config-profile config commands Enables spanning tree commands. Use these commands to configure the errdisable, multiple spanning tree and portfast settings.
PAGE 663
PROFILES 7 - 179 hello-time <1-10> Specifies the hello BDPU interval in seconds • <1-10> – Specify a value from 1 - 10 seconds. instance <1-15> Defines the instance ID to which the VLAN is associated • <1-15> – Specify an instance ID from 1 - 10. max-age <6-40> Defines the maximum time to listen for the root bridge • <6-40> – Specify a value from 4 - 60 seconds. max-hops <7-127> Defines the maximum hops when BPDU is valid • <7-127> – Specify a value from 7 - 127.
PAGE 664
7 - 180 WiNG 5.2.6 Wireless Controller CLI Reference Guide rfs7000-37FABE(config-profile-default-RFS7000)#show context profile RFS7000 default-RFS7000 spanning-tree mst 2 priority 4096 spanning-tree errdisable recovery cause bpduguard autoinstall configuration autoinstall firmware crypto isakmp policy default crypto ipsec transform-set default esp-aes-256 esp-sha-hmac interface me1 interface ge1 ip dhcp trust qos trust dscp qos trust 802.1p interface ge2 ip dhcp trust qos trust dscp qos trust 802.
PAGE 665
PROFILES 7 - 181 7.1.
PAGE 666
7 - 182 WiNG 5.2.6 Wireless Controller CLI Reference Guide management-policy Associates a management policy • – Specify the management policy name. radius-server-policy Associates a device onboard RADIUS policy • – Specify the RADIUS policy name. role-policy Associates a role policy • – Specify the role policy name.
PAGE 667
PROFILES 7 - 183 role-policy Associates a role policy • – Specify the role policy name. wips-policy Associates a WIPS policy • – Specify the WIPS policy name.
PAGE 668
7 - 184 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.1.
PAGE 669
PROFILES 7 - 185 7.1.48 wep-shared-key-auth config-profile config commands Enables support for 802.
PAGE 670
7 - 186 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.2 Device Specific Commands PROFILES Devices managed by the wireless controller can either be assigned unique configurations or have existing RF Domain or Profile configurations modified (overridden) to support a requirement that dictates a device’s configuration be customized from the configuration shared by its peer devices.
PAGE 671
PROFILES 7 - 187 led legacy-auto-downgrade legacy-auto-update license lldp load-balancing local location logging mac-address-table mac-name memory-profile min-misconfiguration-recovery-time mint misconfiguration-recovery-time monitor neighbor-inactivity-timeout neighbor-info-interval no noc ntp override-wlan power-config preferred-controller-group radius remove-override rf-domain-manager rsa-key sensor-server spanning-tree stats timezone trustpoint use vpn wep-shared-key-auth clrscr commit do end exit help
PAGE 672
7 - 188 WiNG 5.2.6 Wireless Controller CLI Reference Guide Table 7.12 summarizes device mode commands PROFILES Table 7.
PAGE 673
PROFILES 7 - 189 Table 7.
PAGE 674
7 - 190 WiNG 5.2.6 Wireless Controller CLI Reference Guide Table 7.
PAGE 675
PROFILES 7 - 191 7.2.
PAGE 676
7 - 192 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.2.
PAGE 677
PROFILES 7 - 193 7.2.3 channel-list config-device mode commands Configures the channel list advertised to wireless clients Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax channel-list [2.4GHz |5GHz |dynamic] Parameters • channel-list [2.4GHz |5GHz |dynamic] 2.
PAGE 678
7 - 194 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.2.
PAGE 679
PROFILES 7 - 195 7.2.5 country-code config-device mode commands Sets the country of operation. Erases all existing radio configurations.
PAGE 680
7 - 196 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.2.
PAGE 681
PROFILES 7 - 197 7.2.
PAGE 682
7 - 198 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.2.8 hostname config-device mode commands Sets system's network name Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax hostname Parameters • hostname hostname Sets the name of the wireless controller.
PAGE 683
PROFILES 7 - 199 7.2.9 interface config-device mode commands Selects an interface to configure This command is used to enter the interface configuration mode for the specified physical wireless controller SVI interface. If the VLAN (SVI) interface does not exist, it’s automatically created.
PAGE 684
7 - 200 WiNG 5.2.
PAGE 685
PROFILES 7 - 201 7.2.10 layout-coordinates config-device mode commands Configures X and Y layout coordinates for the device Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax layout-coordinates <-4096.0-4096.0> <-4096.0-4096.0> Parameters • layout-coordinates <-4096.0-4096.0> <-4096.0-4096.0> <-4096.0-4096.0> Specify the X coordinate from -4096.0 - 4096.
PAGE 686
7 - 202 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.2.
PAGE 687
PROFILES 7 - 203 7.2.
PAGE 688
7 - 204 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.2.
PAGE 689
PROFILES 7 - 205 7.2.
PAGE 690
7 - 206 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.2.
PAGE 691
PROFILES 7 - 207 contact Sets contact information controller Configures a WLAN wireless controller country-code Configures wireless controller’s country code crypto Configures crypto settings dhcp-redundancy Enables DHCP redundancy dscp-mapping Configures IP Differentiated Services Code Point (DSCP) to 802.1p priority mapping for untagged frames email-notification Configures e-mail notification events Displays system event messages export Enables the export of startup.
PAGE 692
7 - 208 WiNG 5.2.
PAGE 693
PROFILES 7 - 209 7.2.
PAGE 694
7 - 210 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.2.
PAGE 695
PROFILES 7 - 211 rfs7000-37FABE(config-device-00-15-70-88-9E-C4)*# Related Commands no Disables or reverts settings to their default
PAGE 696
7 - 212 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.2.18 rsa-key config-device mode commands Assigns a RSA key to a device Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax rsa-key ssh Parameters • rsa-key ssh ssh Assigns the RSA key to SSH • – Specifies the RSA key name.
PAGE 697
PROFILES 7 - 213 7.2.
PAGE 698
7 - 214 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.2.
PAGE 699
PROFILES 7 - 215 7.2.
PAGE 700
7 - 216 WiNG 5.2.6 Wireless Controller CLI Reference Guide 7.2.
PAGE 701
CHAPTER 8 AAA-POLICY This chapter summarizes the AAA policy commands within the CLI structure. Use the (config) instance to configure AAA policy commands.
PAGE 702
8-2 WiNG 5.2.6 Wireless Controller CLI Reference Guide 8.1 aaa-policy Table 8.1 summarizes AAA policy configuration commands. Table 8.
PAGE 703
AAA-POLICY 8-3 8.1.1 accounting aaa-policy Configures the server type and interval at which interim accounting updates are sent to the server. Up to 6 accounting servers can be configured. Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511.
PAGE 704
8-4 WiNG 5.2.6 Wireless Controller CLI Reference Guide • accounting server <1-6> [dscp <0-63>|retry-timeout-factor <50-200>] server <1-6> Configures an accounting server. Up to 6 accounting servers can be configured dscp <0-63> Sets the Differentiated Services Code Point (DSCP) value for Quality of Service (QOS) monitoring. This value is used in generated RADIUS packets.
PAGE 705
AAA-POLICY strip 8-5 Optional. Strips the realm from the username before forwarding the request to the RADIUS server • accounting server <1-6> onboard [self|controller] server <1-6> Configures an accounting server.
PAGE 706
8-6 WiNG 5.2.6 Wireless Controller CLI Reference Guide Examples rfs7000-37FABE(config-aaa-policy-test)#accounting rfs7000-37FABE(config-aaa-policy-test)#accounting motorola port 1 rfs7000-37FABE(config-aaa-policy-test)#accounting prefix realm word strip rfs7000-37FABE(config-aaa-policy-test)#accounting 6000 rfs7000-37FABE(config-aaa-policy-test)#accounting rfs7000-37FABE(config-aaa-policy-test)#accounting rfs7000-37FABE(config-aaa-policy-test)#accounting number interim interval 65 server 2 host 172.16.
PAGE 707
AAA-POLICY 8-7 8.1.2 attribute aaa-policy Configures RADIUS Framed MTU attribute used in access and accounting requests. The Framed MTU attribute reduces the Extensible Authentication Protocol (EAP) packet size of the RADIUS server. This command is useful in networks where routers and firewalls do not perform fragmentation. To ensure network security, some firewall software drop UDP fragments from RADIUS server EAP packets. Consequently the packets are large in size.
PAGE 708
8-8 WiNG 5.2.6 Wireless Controller CLI Reference Guide 8.1.3 authentication aaa-policy Configures authentication parameters Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511.
PAGE 709
AAA-POLICY 8-9 • authentication protocol [chap|pap] protocol [chap|pap] Configures the protocol used for non-EAP authentication • chap – Uses Challenge Handshake Authentication Protocol (CHAP) • pap – Uses Password Authentication Protocol (PAP) • authentication server <1-6> dscp <0-63> server <1-6> Configures a RADIUS authentication server. Up to 6 RADIUS servers can be configured • <1-6> – Specify the RADIUS server index from 1 - 6.
PAGE 710
8 - 10 WiNG 5.2.6 Wireless Controller CLI Reference Guide realm Sets the realm information used for RADIUS authentication • – Sets the realm used for authentication. This value is matched against the user name provided for RADIUS authentication. Example: Prefix - AC\JohnTalbot Suffix - JohnTalbot@AC.org strip Optional. Indicates the realm name must be stripped from the user name before sending it to the RADIUS server for authentication.
PAGE 711
AAA-POLICY 8 - 11 • authentication server <1-6> timeout <1-60> {attempts <1-10>} server <1-6> Configures a RADIUS authentication server. Up to 6 RADIUS servers can be configured • <1-6> – Specify the RADIUS server index from 1 - 6. timeout <1-60> Configures the timeout, in seconds, for each request sent to the RADIUS server. This is the time allowed to elapse before another request is sent to the RADIUS server. If a response is received from the RADIUS server within this time, no retry is attempted.
PAGE 712
8 - 12 WiNG 5.2.6 Wireless Controller CLI Reference Guide 8.1.4 health-check aaa-policy During normal operation, a AAA server can go offline. When a server goes offline, it is marked as down. This command configures the interval after which a server marked as down is checked to see if it has come back online and is reachable. Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511.
PAGE 713
AAA-POLICY 8 - 13 8.1.5 mac-address-format aaa-policy Configures the format MAC addresses are filled in RADIUS request frames Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511.
PAGE 714
8 - 14 WiNG 5.2.6 Wireless Controller CLI Reference Guide 8.1.6 no aaa-policy Negates a AAA policy command or sets its default Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511.
PAGE 715
AAA-POLICY 8 - 15 retry-timeout-factor Optional. Resets retry timeout to its default of 100 timeout Optional.
PAGE 716
8 - 16 WiNG 5.2.
PAGE 717
AAA-POLICY 8 - 17 8.1.7 proxy-attribute aaa-policy Configures RADIUS attribute behavior when proxying through the wireless controller or RF Domain Manager Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511.
PAGE 718
8 - 18 WiNG 5.2.6 Wireless Controller CLI Reference Guide 8.1.8 server-pooling-mode aaa-policy Configures the server selection method from a pool of AAA servers. The available methods are failover and load-balance. In the failover scenario, when a configured AAA server goes down, the server with the next higher index in the list of configured AAA server takes over for the failed server.
PAGE 719
AAA-POLICY 8 - 19 8.1.9 use aaa-policy Applies a Network Access Control (NAC) list for use by this AAA policy. This allows only the set of configured devices to use AAA servers. For more information on creating a NAC list, see nac-list. Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511.
PAGE 720
8 - 20 WiNG 5.2.
PAGE 721
CHAPTER 9 AUTO-PROVISIONING-POLICY This chapter summarizes the auto provisioning policy commands in the CLI structure. Adoption rules are sorted by precedence value and matched (filtered) against the information available from an AP, any rule for the wrong AP type is ignored.
PAGE 722
9-2 WiNG 5.2.6 Wireless Controller CLI Reference Guide 9.1 auto-provisioning-policy Table 9.1 summarizes auto provisioning policy configuration commands. Table 9.1 auto-provisioning policy commands Command Description Reference adopt Adds rules for device adoption page 9-3 default-adoption Adopts devices even when no matching rules are found.
PAGE 723
AUTO-PROVISIONING-POLICY 9-3 9.1.1 adopt auto-provisioning-policy Adds device adoption rules Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511.
PAGE 724
9-4 WiNG 5.2.
PAGE 725
AUTO-PROVISIONING-POLICY 9-5 mac {} Adopts a device if it matches the range of MAC addresses • – Specify the first MAC address in the range. Provide this MAC address if you want to match for a single device. • – Optional. Specify the last MAC address in the range. model-number Adopts a device if its model number matches • – Specify the model number to match.
PAGE 726
9-6 WiNG 5.2.6 Wireless Controller CLI Reference Guide 9.1.2 default-adoption auto-provisioning-policy Adopts devices, even when no matching rules are defined. Assigns a default profile and default RF Domain Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511.
PAGE 727
AUTO-PROVISIONING-POLICY 9-7 9.1.3 deny auto-provisioning-policy Defines a deny device adoption rule Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511.
PAGE 728
9-8 WiNG 5.2.6 Wireless Controller CLI Reference Guide fqdn Fully Qualified Domain Name (FQDN) is a domain name that specifies its exact location in the DNS hierarchy. It specifies all domain levels, including its top-level domain and the root domain. This parameter denies adoption based on the fully qualified domain name of the device. • – Specify the FQDN to match.
PAGE 729
AUTO-PROVISIONING-POLICY 9-9 9.1.4 no auto-provisioning-policy Negates an auto provisioning policy command or sets its default Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511.
PAGE 730
9 - 10 WiNG 5.2.
PAGE 731
CHAPTER 10 ADVANCED-WIPS-POLICY This chapter summarizes the advanced WIPS policy commands within the CLI structure. Use the (config) instance to configure advance WIPS policy commands.
PAGE 732
10 - 2 WiNG 5.2.6 Wireless Controller CLI Reference Guide 10.1 advanced-wips-policy Table 10.1 summarizes advanced WIPS policy configuration commands. Table 10.
PAGE 733
ADVANCED-WIPS-POLICY 10 - 3 10.1.
PAGE 734
10 - 4 WiNG 5.2.
PAGE 735
ADVANCED-WIPS-POLICY 10 - 5 fake-dhcp-server-detected This event occurs when a fake DHCP server is detected in the controlled network A fake or rogue DHCP server is a type of man in the middle attack where DHCP services are provide by an unauthorized DHCP server compromising the integrity of the wireless controller managed network.
PAGE 736
10 - 6 WiNG 5.2.
PAGE 737
ADVANCED-WIPS-POLICY 10 - 7 • event dos-cts-flood threshold [cts-frames-ratio <0-65535>|mu-rx-cts-frame <0-65535>] dos-cts-flood This event occurs when a large number of clear to send (CTS) frames are detected in the network threshold [cts-frames-ratio <0-65535>| mu-rx-cts-frame <0-65535>] Sets the CTS flood threshold • cts-frames-radio <0-65535> – Sets the CTS:Total Frames ratio for triggering this event • <0-65535> – Specify the value from 0 - 65535.
PAGE 738
10 - 8 WiNG 5.2.6 Wireless Controller CLI Reference Guide • event probe-response-flood threshold probe-rsp-frames-count <0-65535> probe-response-flood This event occurs when a large number of probe response frames are detected in the network threshold probe-rsp-framescount <0-65535> Sets the probe response frames flood threshold • probe-rsp-frames-count – Sets the threshold from the number of probe response frames received • <0-65535> – Specify the value from 0 - 65535.
PAGE 739
ADVANCED-WIPS-POLICY 10 - 9 Example rfs7000-37FABE(config-advanced-wips-policy-test)#event dos-cts-flood threshold ctsframes-ratio 8 rfs7000-37FABE(config-advanced-wips-policy-test)#event dos-eapol-logoff-storm threshold eapol-start-frames-mu 99 rfs7000-37FABE(config-advanced-wips-policy-test)#event probe-response-flood threshold probe-rsp-frames-count 8 rfs7000-37FABE(config-advanced-wips-policy-test)#event wlan-jack-attack-detected trigger-against sanctioned rfs7000-37FABE(config-advanced-wips-policy-te
PAGE 740
10 - 10 WiNG 5.2.6 Wireless Controller CLI Reference Guide 10.1.
PAGE 741
ADVANCED-WIPS-POLICY 10 - 11 Parameters • no event [accidental-association|crackable-wep-iv-used|dos-cts-flood| dos-deauthentication-detection|dos-disassociation-detection|dos-eap-failure-spoof| dos-eapol-logoff-storm|dos-rts-flood|essid-jack-attack-detected| fake-dhcp-server-detected|fata-jack-detected|id-theft-eapol-success-spoof-detected| id-theft-out-of-sequence|invalid-channel-advertized|invalid-management-frame| ipx-detection|monkey-jack-attack-detected|multicast-all-routers-on-subnet| multicast-all
PAGE 742
10 - 12 WiNG 5.2.
PAGE 743
ADVANCED-WIPS-POLICY 10 - 13 10.1.3 server-listen-port advanced-wips-policy Defines the local WIPS server’s listening port, where WIPS sensors connect to the local WIPS server Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax server-listen-port <0-65535> Parameters • server-listen-port <0-65535> server-listen-port <0-65535> Select a port from 0 - 65535.
PAGE 744
10 - 14 WiNG 5.2.6 Wireless Controller CLI Reference Guide 10.1.4 terminate advanced-wips-policy Adds a device to a device termination list. Devices on this list cannot access the wireless controller managed network.
PAGE 745
ADVANCED-WIPS-POLICY 10 - 15 10.1.5 use advanced-wips-policy Uses an existing device categorization list with the advanced WIPS policy. A device configuration list must exist before it can be used with the advanced WIPS policy. A device categorization list categorizes a device, either an AP or a wireless client, as sanctioned or neighboring based on its MAC address or access point SSID.
PAGE 746
10 - 16 WiNG 5.2.
PAGE 747
CHAPTER 11 ASSOCIATION-ACL-POLICY This chapter summarizes the association ACL policy commands within the CLI structure. Use the (config) instance to configure association ACL policy related configuration commands.
PAGE 748
11 - 2 WiNG 5.2.6 Wireless Controller CLI Reference Guide 11.1 association-acl-policy Table 11.1 summarizes association ACL policy configuration commands. Table 11.
PAGE 749
ASSOCIATION-ACL-POLICY 11 - 3 11.1.1 deny association-acl-policy Identifies those devices denied access to the wireless controller managed network. Devices are identified by their MAC address. A single MAC address or a range of MAC addresses can be specified to deny access. This command also sets the precedence on how deny list rules are applied. Up to a thousand (1000) deny rules can be defined.
PAGE 750
11 - 4 WiNG 5.2.6 Wireless Controller CLI Reference Guide 11.1.
PAGE 751
ASSOCIATION-ACL-POLICY 11 - 5 Specify the last MAC address in the range. precedence <1-1000> Sets the rule precedence. Rules are checked in an increasing order of precedence value. • <1-1000> – Specify a value from 1 - 1000.
PAGE 752
11 - 6 WiNG 5.2.6 Wireless Controller CLI Reference Guide 11.1.3 permit association-acl-policy Specifies devices permitted access to the wireless controller managed network. Devices are permitted access based on their MAC address. A single MAC address or a range of MAC addresses can be specified. This command also sets the precedence on how permit list rules are applied. Up to a thousand (1000) deny rules can be defined.
PAGE 753
CHAPTER 12 ACCESS-LIST This chapter summarizes IP and MAC access list commands in detail. Access lists control access to the network using a set of rules. Each rule specifies an action taken when a packet matches a given set of rules. If the action is deny, the packet is dropped. If the action is permit, the packet is allowed. The wireless controller supports following ACLs: • IP access lists • MAC access lists Use IP and MAC commands under the global configuration to create an access list.
PAGE 754
12 - 2 WiNG 5.2.
PAGE 755
ACCESS-LIST 12 - 3 12.1 ip-access-list ACCESS-LIST Table 12.1 summarizes commands under the IP access list configuration commands. Table 12.
PAGE 756
12 - 4 WiNG 5.2.6 Wireless Controller CLI Reference Guide 12.1.1 deny ip-access-list Specifies packets to reject NOTE: Use a decimal value representation to implement a permit/deny designation for a packet. The command set for IP ACLs provides the hexadecimal values for each listed EtherType. The wireless controller supports all EtherTypes. Use the decimal equivalent of the EtherType listed for any other EtherType.
PAGE 757
ACCESS-LIST 12 - 5 Defines the ICMP packet type For example, an ICMP type 0 indicates it is an ECHO REPLY, and type 8 indicates it is an ECHO. Defines the ICMP message type For example, an ICMP code 3 indicates “Destination Unreachable”, code 1 indicates “Host Unreachable”, and code 3 indicates “Port Unreachable.” log Logs all deny events rule-precedence <1-5000> Sets the rule precedence.
PAGE 758
12 - 6 WiNG 5.2.
PAGE 759
ACCESS-LIST 12 - 7 any Identifies all devices as the source to deny access host Identifies a specific host as the source to deny access • – Specify the host IP address. eq Identifies a specific source port • – Specify the source port. range Specifies the source port range • – Specify the start in the port range. • – Specify the end in the port range.
PAGE 760
12 - 8 WiNG 5.2.6 Wireless Controller CLI Reference Guide Usage Guidelines Use this command to deny traffic between networks/hosts based on the protocol type selected in the access list configuration. The following protocols are supported: • IP • ICMP • TCP • UDP • PROTO The last ACE in the access list is an implicit deny statement. Whenever the interface receives the packet, its content is checked against the ACEs in the ACL. It is allowed/denied based on the ACL configuration.
PAGE 761
ACCESS-LIST 12 - 9 12.1.
PAGE 762
12 - 10 WiNG 5.2.6 Wireless Controller CLI Reference Guide Defines the ICMP packet type For example, an ICMP type 0 indicates it is an ECHO REPLY, and type 8 indicates it is an ECHO Defines the ICMP message type For example, an ICMP code 3 indicates “Destination Unreachable”, code 1 indicates “Host Unreachable”, and code 3 indicates “Port Unreachable.
PAGE 763
ACCESS-LIST 12 - 11 rule-precedence <1-5000> Sets the rule precedence. Rules are checked in the order of their rule precedence • <1-5000> – Specify the rule precedence from 1 - 5000. rule-description Optional. Sets the rule description • – Provide a description of the rule. The description should not exceed 128 characters.
PAGE 764
12 - 12 WiNG 5.2.6 Wireless Controller CLI Reference Guide rule-precedence <1-5000> Sets the rule precedence. Rules are checked in the order of their rule precedence • <1-5000> – Specify the rule precedence from 1 - 5000. rule-description Optional. Sets the rule description • – Provide a description of the rule. The description should not exceed 128 characters.
PAGE 765
ACCESS-LIST 12 - 13 eq [ Identifies a specific destination or protocol port |bgp|dns|ftp|ftp-data|gopher| • – The destination port designated by its number https|ldap|nntp|ntp|pop3| • bgp – The designated BGP protocol port smtp|ssh|telnet|tftp|www] • dns – The designated DNS protocol port • ftp – The designated FTP protocol port • ftp-data – The designated FTP data port • gropher – The designated GROPHER protocol port • https – The designated HTTPS protocol port • ldap
PAGE 766
12 - 14 WiNG 5.2.
PAGE 767
ACCESS-LIST 12 - 15 12.1.3 permit ip-access-list Permits specific packets NOTE: Use a decimal value representation to implement a permit/deny designation for a packet. The command set for IP ACLs provide the hexadecimal values for each listed EtherType. The wireless controller supports all EtherTypes. Use the decimal equivalent of the EtherType listed for any other EtherType.
PAGE 768
12 - 16 WiNG 5.2.6 Wireless Controller CLI Reference Guide Defines the ICMP packet type For example, an ICMP type 0 indicates it is an ECHO REPLY, and type 8 indicates it is an ECHO Defines the ICMP message type For example, an ICMP code 3 indicates “Destination Unreachable”, code 1 indicates “Host Unreachable”, and code 3 indicates “Port Unreachable.
PAGE 769
ACCESS-LIST 12 - 17 • permit proto [||eigrp|gre|igmp|igp|ospf|vrrp] [|any|host ] [|any|host ] (log,mark [8021p <0-7>|dscp <0-63>],rule-precedence <1-5000>) {rule-description } proto Configures an ACL for additional protocols Other protocols (other than IP, ICMP, TCP, and UDP) must be configured using this parameter.
PAGE 770
12 - 18 WiNG 5.2.
PAGE 771
ACCESS-LIST 12 - 19 range Identifies the destination port range • – Specify the start of the range. • – Specify the end of the range. log Logs all permit events mark [8021p <0-7>| dscp <0-63>] Marks packets that match the ACL rule • 8021p <0-7> – Modifies 802.1p VLAN user priority from 0 - 7 • dscp <0-63> – Modifies DSCP TOS bits in the IP header from 0 - 63 rule-precedence <1-5000> Sets the rule precedence.
PAGE 772
12 - 20 WiNG 5.2.6 Wireless Controller CLI Reference Guide Examples rfs7000-37FABE(config-ip-acl-test)#show context ip access-list test deny proto vrrp any any log rule-precedence 600 deny proto ospf any any log rule-precedence 650 rfs7000-37FABE(config-ip-acl-test)#permit ip 172.16.10.0/24 any log rule-precedence 750 rfs7000-37FABE(config-ip-acl-test)#permit tcp 172.16.10.
PAGE 773
ACCESS-LIST 12 - 21 12.2 mac-access-list ACCESS-LIST Table 12.2 summarizes MAC Access list commands Table 12.
PAGE 774
12 - 22 WiNG 5.2.6 Wireless Controller CLI Reference Guide 12.2.1 deny mac-access-list Specifies packets to reject NOTE: Use a decimal value representation to implement a permit/deny designation for a packet. The command set for MAC ACLs provide the hexadecimal values for each listed EtherType. The wireless controller supports all EtherTypes. Use the decimal equivalent of the EtherType listed for any other EtherType.
PAGE 775
ACCESS-LIST 12 - 23 type [8021q|<1-65535>|aarp| appletalk |arp|ip|ipv6| mint|rarp| wisp|ipx] Configures the EtherType value An EtherType is a two-octet field in an Ethernet frame that indicates the protocol encapsulated in the payload of the frame The EtherType values are: • 8021q – Indicates a 802.
PAGE 776
12 - 24 WiNG 5.2.6 Wireless Controller CLI Reference Guide Usage Guidelines The deny command disallows traffic based on layer 2 (data-link layer) data. The MAC access list denies traffic from a particular source MAC address or any MAC address. It can also disallow traffic from a list of MAC addresses based on the source mask. The MAC access list can disallow traffic based on the VLAN and EtherType. • ARP • WISP • IP • 802.1q NOTE: MAC ACLs always takes precedence over IP based ACLs.
PAGE 777
ACCESS-LIST 12 - 25 12.2.
PAGE 778
12 - 26 WiNG 5.2.6 Wireless Controller CLI Reference Guide type [8021q|<1-65535>|aarp| Configures the EtherType value appletalk |arp|ip|ipv6| An EtherType is a two-octet field in an Ethernet frame that indicates the protocol mint|rarp|wisp|ipx] encapsulated in the payload of the frame The EtherType values are: • 8021q – Indicates the 802.
PAGE 779
ACCESS-LIST 12 - 27 12.2.3 permit mac-access-list Configures a permit MAC ACL NOTE: Use a decimal value representation to implement a permit/deny designation for a packet. The command set for MAC ACLs provide the hexadecimal values for each listed EtherType. The wireless controller supports all EtherTypes. Use the decimal equivalent of the EtherType listed for any other EtherType.
PAGE 780
12 - 28 WiNG 5.2.6 Wireless Controller CLI Reference Guide type [8021q|<1-65535>|aarp| appletalk |arp|ip|ipv6| mint|rarp|wisp|ipx] Configures the EtherType value An EtherType is a two-octet field in an Ethernet frame that indicates the protocol encapsulated in the payload of the frame The EtherType values are: • 8021q – Indicates a 802.
PAGE 781
ACCESS-LIST 12 - 29 Usage Guidelines The permit command in the MAC ACL disallows traffic based on layer 2 (data-link layer) information. A MAC access list permits traffic from a source MAC address or any MAC address. It also has an option to allow traffic from a list of MAC addresses (based on the source mask). The MAC access list can be configured to allow traffic based on VLAN information, or Ethernet type. Common types include: • ARP • WISP • IP • 802.
PAGE 782
12 - 30 WiNG 5.2.
PAGE 783
CHAPTER 13 DHCP-SERVER-POLICY This chapter summarizes DHCP server policy commands within CLI structure. Dynamic Host Control Protocol (DHCP) is a protocol that automatically assigns network IP addresses to clients to enable them to participate in the network. DHCP keeps track of IP address assignments, their lease times and their availability for use by clients. Use the (config) instance to configure DHCP server policy configuration commands.
PAGE 784
13 - 2 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1 dhcp-server-policy Table 13.1summarizes DHCP server policy configuration commands. Table 13.
PAGE 785
DHCP-SERVER-POLICY 13 - 3 13.1.1 bootp dhcp-server-policy Configures a BOOTP specific configuration. Bootstrap Protocol (BOOTP) is used by UNIX diskless workstations to obtain the network location of their boot image and IP address. A BOOP configuration server also assigns an IP address from a configured pool of IP addresses.
PAGE 786
13 - 4 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.2 dhcp-class dhcp-server-policy A DHCP user class applies different DHCP settings to a set of wireless clients. These wireless clients are grouped under the same DHCP class. This class is configured on the DHCP server to provide differentiated service. Table 13.
PAGE 787
DHCP-SERVER-POLICY 13 - 5 13.1.2.1 dhcp-class dhcp-class command Configures a DHCP server class and opens a new mode. For more information, see dhcp-class-mode. Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax dhcp-class Parameters • dhcp-class Sets the DHCP class. If the class does not exist, it is created.
PAGE 788
13 - 6 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.2.2 dhcp-class-mode dhcp-class Use DHCP class mode commands to configure a DHCP server class. Table 13.3 summarizes DHCP class commands Table 13.
PAGE 789
DHCP-SERVER-POLICY 13 - 7 13.1.2.2.
PAGE 790
13 - 8 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.2.2.
PAGE 791
DHCP-SERVER-POLICY 13 - 9 13.1.2.2.3 option dhcp-class-mode Configures the DHCP server options for use with this DHCP user class Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax option user-class Parameters • option user-class user-class Configures a DHCP user class options • – Specify the DHCP user class option.
PAGE 792
13 - 10 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.3 dhcp-pool dhcp-server-policy The DHCP pool commands create and manage a pool of IP addresses. These IP addresses are assigned to devices using the DHCP protocol. IP addresses have to be unique for each device in the network. As IP addresses are finite, DHCP mechanism enables the reuse of finite addresses by keeping track of their issue, release and reissue.
PAGE 793
DHCP-SERVER-POLICY 13 - 11 13.1.3.1 dhcp-pool dhcp pool command Configures a DHCP server address pool. An address pool is a set of IP addresses allocated to devices as they are authorized to access network resources. This enables the reuse of limited IP address resources for deployment in any network. A separate instance opens where you can configure DHCP pool parameters.
PAGE 794
13 - 12 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.3.2 dhcp-pool-mode dhcp-pool Configures the DHCP pool commands Table 13.5 summarizes DHCP pool commands Table 13.5 dhcp-pool mode commands Command Description Reference address Specifies a range of addresses for a DHCP pool page 13-13 bootfile Assigns a bootfile name.
PAGE 795
DHCP-SERVER-POLICY 13 - 13 13.1.3.2.1address dhcp-pool-mode Specifies a range of addresses for the DHCP pool. This is the range of IP addresses assigned to each device that joins the network.
PAGE 796
13 - 14 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.3.2.2 bootfile dhcp-pool-mode The Bootfile command provides a diskless node path to the image file while booting up. Only one file can be configured for each DHCP pool. For more information on the BOOTP protocol with reference to the DHCP policy, see bootp.
PAGE 797
DHCP-SERVER-POLICY 13 - 15 13.1.3.2.3 ddns dhcp-pool-mode Configures Dynamic DNS (DDNS) parameters. Dynamic DNS provides a way to access an individual device in a DHCP serviced network using a static device name. Depending on the DHCP server configuration, the IP address of a device changes periodically. To enable the device to be accessible, its current IP address has to be published to a server that can resolve the static device name used to access the device with its changing IP address.
PAGE 798
13 - 16 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.3.2.
PAGE 799
DHCP-SERVER-POLICY 13 - 17 13.1.3.2.5 dns-server dhcp-pool-mode Configures the DNS server for this network. This DNS server supports all clients connected to the network supported by the DHCP server. For DHCP clients, the DNS server’s IP address maps the hostname to an IP address. DHCP clients use the DNS server’s IP address based on the order (sequence) configured.
PAGE 800
13 - 18 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.3.2.6 domain-name dhcp-pool-mode Sets the domain name for the DHCP pool For DHCP clients, the DNS server’s IP address maps the hostname to an IP address. DHCP clients use the DNS server’s IP address based on the order (sequence) configured.
PAGE 801
DHCP-SERVER-POLICY 13 - 19 13.1.3.2.
PAGE 802
13 - 20 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.3.2.8 lease dhcp-pool-mode The lease is the duration a DHCP issued IP address is valid for a DHCP client. Once this lease expires, and if the lease is not renewed, the IP address is revoked and is available for reuse. Generally, before an IP lease expires, the client tries to get the same IP address issued for the next lease period. The lease period is about 24 hours.
PAGE 803
DHCP-SERVER-POLICY 13 - 21 13.1.3.2.9 netbios-name-server dhcp-pool-mode Configures the NetBIOS (WINS) name server’s IP address. This server is used to resolve NetBIOS host names.
PAGE 804
13 - 22 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.3.2.10 netbios-node-type dhcp-pool-mode Configures the predefined NetBIOS node type. The NetBIOS node type resolves NetBIOS names to IP addresses.
PAGE 805
DHCP-SERVER-POLICY 13 - 23 13.1.3.2.
PAGE 806
13 - 24 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.3.2.
PAGE 807
DHCP-SERVER-POLICY 13 - 25 Removes an IP address from the list of addresses all Removes configured DHCP IP addresses • no address range no address Resets the DHCP pool addresses range Removes a range of IP address from the list of addresses • – Specify the first IP address in the range. • – Specify the last IP address in the range.
PAGE 808
13 - 26 WiNG 5.2.6 Wireless Controller CLI Reference Guide • no static-binding hardware-address no static-binding Removes static bindings for DHCP client hardware-address Resets information based on the hardware address • – Specify the hardware MAC address.
PAGE 809
DHCP-SERVER-POLICY 13 - 27 static-binding Configure static binding information static-route Configures static routes installed on DHCP clients update Controls the usage of DDNS service
PAGE 810
13 - 28 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.3.2.13 option dhcp-pool-mode Configures raw DHCP options. The DHCP option must be configured under the DHCP server policy. The options configured under the DHCP pool/DHCP server policy can also be used in static-bindings.
PAGE 811
DHCP-SERVER-POLICY 13 - 29 13.1.3.2.
PAGE 812
13 - 30 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.3.2.15 static-binding dhcp-pool-mode Configures static IP address information for a particular device. Static address binding is executed on the device’s hostname, client identifier, or MAC address. Static bindings allow the configuration of client parameters, such as DHCP server, DNS server, default routers, fixed IP address etc. Table 13.
PAGE 813
DHCP-SERVER-POLICY 13 - 31 13.1.3.2.16 static-binding dhcp-pool static-binding command Configures static address bindings. For more information, see static-binding-mode.
PAGE 814
13 - 32 WiNG 5.2.
PAGE 815
DHCP-SERVER-POLICY 13 - 33 13.1.3.2.17 static-binding-mode Table 13.7 summarizes static binding mode commands Table 13.
PAGE 816
13 - 34 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.3.2.18 bootfile static-binding-mode The Bootfile command provides a diskless node the path to the image file used while booting up. Only one file can be configured for each static IP binding. For more information on the BOOTP protocol with reference to static binding, see bootp.
PAGE 817
DHCP-SERVER-POLICY 13 - 35 13.1.3.2.
PAGE 818
13 - 36 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.3.2.
PAGE 819
DHCP-SERVER-POLICY 13 - 37 13.1.3.2.21 dns-server static-binding-mode Configures the DNS server for this static binding configuration. This DNS server supports the client for which the static binding has been configured. For this client, the DNS server’s IP address maps the host name to an IP address. DHCP clients use the DNS server’s IP address based on the order (sequence) configured.
PAGE 820
13 - 38 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.3.2.22 domain-name static-binding-mode Sets the domain name for the static binding configuration For this client, the DNS server’s IP address maps the host name to an IP address. DHCP clients use the DNS server’s IP address based on the order (sequence) configured.
PAGE 821
DHCP-SERVER-POLICY 13 - 39 13.1.3.2.
PAGE 822
13 - 40 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.3.2.24 netbios-name-server static-binding-mode Configures the NetBIOS (WINS) name server’s IP address. This server is used to resolve NetBIOS host names.
PAGE 823
DHCP-SERVER-POLICY 13 - 41 13.1.3.2.25 netbios-node-type static-binding-mode Configures different predefined NetBIOS node types. The NetBIOS node defines the way a device resolves NetBIOS names to IP addresses.
PAGE 824
13 - 42 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.3.2.
PAGE 825
DHCP-SERVER-POLICY 13 - 43 13.1.3.2.
PAGE 826
13 - 44 WiNG 5.2.
PAGE 827
DHCP-SERVER-POLICY 13 - 45 13.1.3.2.28 option static-binding-mode Configures raw DHCP options. The DHCP option has to be configured in the DHCP policy. The options configured in the DHCP server policy can only be used in static bindings.
PAGE 828
13 - 46 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.3.2.
PAGE 829
DHCP-SERVER-POLICY 13 - 47 13.1.3.2.
PAGE 830
13 - 48 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.3.2.31 static-route dhcp-pool-mode Configures a static route for a DHCP pool. Static routes define a gateway for traffic intended for other networks. This gateway is always used when an IP address does not match any route in the network.
PAGE 831
DHCP-SERVER-POLICY 13 - 49 13.1.3.2.32 update dhcp-pool-mode Controls the use of the DDNS service Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax update dns {override} Parameters • update dns {override} dns {override} Configures the DDNS parameters • override – Optional.
PAGE 832
13 - 50 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.
PAGE 833
DHCP-SERVER-POLICY 13 - 51 Examples rfs7000-37FABE(config-dhcp-policy-test)#no bootp ignore rfs7000-37FABE(config-dhcp-policy-test)# rfs7000-37FABE(config-dhcp-policy-test)#no option test1 rfs7000-37FABE(config-dhcp-policy-test)# Related Commands bootp Configures BOOTP protocol parameters dhcp-class Configures DHCP user class parameters dhcp-pool Configures the DHCP pool option Configures DHCP option values ping Configures the DHCP ping timeout
PAGE 834
13 - 52 WiNG 5.2.6 Wireless Controller CLI Reference Guide 13.1.5 option dhcp-server-policy Configures raw DHCP options. The DHCP option has to be configured in the DHCP server policy. The options configured in the DHCP pool/DHCP server policy can also be used in static bindings.
PAGE 835
DHCP-SERVER-POLICY 13 - 53 13.1.
PAGE 836
13 - 54 WiNG 5.2.
PAGE 837
CHAPTER 14 FIREWALL-POLICY A firewall protects a network from attacks and unauthorized access from outside the network. Simultaneously, it allows authorized users to access required resources. Firewalls work on multiple levels. Some work at layers 1, 2 and 3 to inspect each packet. The packet is either passed, dropped or rejected based on rules configured on the firewall. Firewalls use application layer filtering to enforce compliance.
PAGE 838
14 - 2 WiNG 5.2.
PAGE 839
FIREWALL-POLICY 14 - 3 14.1 firewall-policy Table 14.1 summarizes default firewall policy configuration commands. Table 14.
PAGE 840
14 - 4 WiNG 5.2.6 Wireless Controller CLI Reference Guide 14.1.
PAGE 841
FIREWALL-POLICY 14 - 5 14.1.2 clamp firewall-policy This option limits the TCP Maximum Segment Size (MSS) to the size of the Maximum Transmission Unit (MTU) discovered by path MTU discovery for the inner protocol. This ensures the packet traverses through the inner protocol without fragmentation.
PAGE 842
14 - 6 WiNG 5.2.6 Wireless Controller CLI Reference Guide 14.1.
PAGE 843
FIREWALL-POLICY 14 - 7 14.1.
PAGE 844
14 - 8 WiNG 5.2.6 Wireless Controller CLI Reference Guide 14.1.
PAGE 845
FIREWALL-POLICY 14 - 9 14.1.
PAGE 846
14 - 10 WiNG 5.2.
PAGE 847
FIREWALL-POLICY 14 - 11 14.1.
PAGE 848
14 - 12 WiNG 5.2.6 Wireless Controller CLI Reference Guide fraggle A Fraggle DoS attack checks for UDP packets to or from port 7 or 19 ftp-bounce A FTP bounce attack is a MIM attack that enables an attacker to open a port on a different machine using FTP. FTP requires that when a connection is requested by a client on the FTP port (21), another connection must open between the server and the client.
PAGE 849
FIREWALL-POLICY 14 - 13 twinge A twinge attack is a flood of false ICMP packets to try and slow down a system udp-short-hdr Enables the identification of truncated UDP headers and UDP header length fields winnuke This DoS attack is specific to Windows™ 95 and Windows™ NT, causing devices to crash with a blue screen log-and-drop Logs the event and drops the packet log-only Logs the event only, the packet is not dropped log-level Configures the log level <0-7> Sets the numeric logging level ale
PAGE 850
14 - 14 WiNG 5.2.6 Wireless Controller CLI Reference Guide ip-ttl-zero Enables a check for the TCP/IP TTL field having a value of zero (0) ipsproof Enables a check for IP spoofing DoS attack land A Local Area Network Denial (LAND) is a DoS attack where IP packets are spoofed and sent to a device where the source IP and destination IP of the packet are the target device’s IP, and similarly, the source port and destination port are open ports on the same device.
PAGE 851
FIREWALL-POLICY 14 - 15 • ip dos tcp-max-incomplete [high|low] <1-1000> dos Identifies IP events as DoS events tcp-max-incomplete Sets the limits for the maximum number of incomplete TCP connections high Sets the upper limit for the maximum number of incomplete TCP connections low Sets the lower limit for the maximum number of incomplete TCP connections <1-1000> Sets the limit in the range of 1 - 1000 connections • ip tcp adjust-mss <472-1460> tcp Identifies and configures TCP events and confi
PAGE 852
14 - 16 WiNG 5.2.6 Wireless Controller CLI Reference Guide 14.1.
PAGE 853
FIREWALL-POLICY 14 - 17 • ip-mac routing conflict drop-only routing Defines a routing table based action conflict Action performed when a conflict exists in the routing table drop-only Drops a packet without logging • ip-mac routing [log-and-drop|log-only] log-level [<0-7>|alerts|critical|debug| emergencies|errors|informational|notifications|warnings] routing Defines a routing table based action conflict Action performed when a conflict exists in the routing table log-and-drop Logs the event a
PAGE 854
14 - 18 WiNG 5.2.6 Wireless Controller CLI Reference Guide 14.1.
PAGE 855
FIREWALL-POLICY 14 - 19 14.1.
PAGE 856
14 - 20 WiNG 5.2.
PAGE 857
FIREWALL-POLICY 14 - 21 stateless-fin-or-reset Disables the timeout for TCP flows in stateless FIN or RST status stateless-general Disables the timeout for TCP flows in general stateless states • no ip dos [ascend|broadcast-multicast-icmp|chargen|fraggle|ftp-bounce| invalid-protocol|ip-ttl-zero|ipsproof|land|option-route|router-advt| router-solicit|smurf|snork|tcp-bad-sequence|tcp-fin-scan|tcp-intercept| tcp-null-scan|tcp-post-syn|tcp-sequence-past-window|tcp-xmas-scan|tcphdrfrag| twinge|udp-short-hdr|
PAGE 858
14 - 22 WiNG 5.2.6 Wireless Controller CLI Reference Guide router-solicit Disables router-solicit attack checks Router solicitation messages are sent to locate routers as a form of network scanning. This information can then be used to attack a device. smurf Disables smurf attack checks In this attack a large number of ICMP echo packets are sent with a spoofed source address. This causes the device with the spoofed source address to be flooded with a large number of replies.
PAGE 859
FIREWALL-POLICY 14 - 23 • no ip tcp [adjust-mss|optimize-unnecessary-resends|recreate-flow-on-out-of-statesyn|validate-icmp-unreachable|validate-rst-ack-number|validate-rst-seq-number] no ip Disables IP DoS events tcp Identifies and disables TCP events and configuration items adjust-mss Disables the adjust MSS configuration optimize-unnecessaryresends Disables the validation of unnecessary TCP packets recreate-flow-on-out-ofstate-sync Disallows a TCP SYN packet to delete an old flow in TCP_FIN_FI
PAGE 860
14 - 24 WiNG 5.2.6 Wireless Controller CLI Reference Guide fe <1-4> Disables the FastEthernet port • <1-4> – Sets the FastEthernet port ge <1-8> Disables the Gigabit Ethernet port • <1-8> – Sets the GigabitEthernet port log Disables storm control logging port-channel <1-8> Disables the port channel.
PAGE 861
FIREWALL-POLICY 14 - 25 Following is the firewall policy ‘test’ settings after the ‘no’ command is executed: rfs6000-380649(config-fw-policy-test)#no rfs6000-380649(config-fw-policy-test)#no rfs6000-380649(config-fw-policy-test)#no rfs6000-380649(config-fw-policy-test)#no rfs6000-380649(config-fw-policy-test)#no rfs6000-380649(config-fw-policy-test)#no rfs6000-380649(config-fw-policy-test)#no ip dos fraggle dhcp-offer-convert logging malformed-packet-drop flow timeout icmp flow timeout other logging verbo
PAGE 862
14 - 26 WiNG 5.2.6 Wireless Controller CLI Reference Guide 14.1.
PAGE 863
FIREWALL-POLICY 14 - 27 14.1.
PAGE 864
14 - 28 WiNG 5.2.6 Wireless Controller CLI Reference Guide 14.1.13 storm-control firewall policy config commands Storm control limits multicast, unicast and broadcast frames accepted and forwarded by a device.
PAGE 865
FIREWALL-POLICY 14 - 29 <0-7> Sets the numeric logging level from 0 - 7 alerts Numerical severity 1. Indicates a condition where immediate action is required critical Numerical severity 2. Indicates a critical condition debugging Numerical severity 7. Debugging messages emergencies Numerical severity 0. System is unusable errors Numerical severity 3. Indicates an error condition informational Numerical severity 6.
PAGE 866
14 - 30 WiNG 5.2.6 Wireless Controller CLI Reference Guide 14.1.14 virtual-defragmentation firewall-policy Enables the virtual defragmentation of IPv4 packets. This parameter is required for optimal firewall functionality.
PAGE 867
CHAPTER 15 MINT-POLICY This chapter summarizes MiNT policy commands within the CLI structure. All communication using the MiNT transport layer can be optionally secured. This includes confidentiality, integrity and authentication of all communications. In addition, a device can be configured to communicate over MiNT with other devices authorized by an administrator. Use the (config) instance to configure mint-policy related configuration commands.
PAGE 868
15 - 2 WiNG 5.2.6 Wireless Controller CLI Reference Guide 15.1 mint-policy Table 15.1 summarizes MiNT policy configuration commands. Table 15.
PAGE 869
MINT-POLICY 15 - 3 15.1.
PAGE 870
15 - 4 WiNG 5.2.6 Wireless Controller CLI Reference Guide 15.1.2 mtu mint-policy Configures global MiNT Multiple Transmission Unit (MTU). Use this command to specify the maximum packet size, in bytes, for MiNT routing. The higher the MTU values, the greater the network efficiency. The user data per packet increases, while protocol overheads, such as headers or underlying per-packet delays remain the same.
PAGE 871
MINT-POLICY 15 - 5 15.1.3 udp mint-policy Configures MiNT UDP/IP encapsulation parameters. Use this command to configure the default UDP port used for MiNT control packet encapsulation.
PAGE 872
15 - 6 WiNG 5.2.6 Wireless Controller CLI Reference Guide 15.1.4 no mint-policy Negates a command or reverts values to their default. When used in the config MiNT policy mode, the no command resets or reverts the following global MiNT policy parameters: routing level, MTU, and UDP or IP encapsulation settings.
PAGE 873
CHAPTER 16 MANAGEMENT-POLICY This chapter summarizes management policy commands within the CLI structure. A management policy contains configuration elements for managing a device, such as access control, SNMP, admin user credentials, and roles. Use the (config) instance to configure management policy related configuration commands.
PAGE 874
16 - 2 WiNG 5.2.6 Wireless Controller CLI Reference Guide 16.1 management-policy Table 16.1 summarizes management policy configuration commands. Table 16.
PAGE 875
MANAGEMENT-POLICY 16 - 3 16.1.1 aaa-login management-policy Specifies the Authentication, Authorization and Accounting (AAA) authentication mode used with this management policy. The different modes are: local authentication or external RADIUS server authentication.
PAGE 876
16 - 4 WiNG 5.2.6 Wireless Controller CLI Reference Guide fallback Configures TACACS as the primary authentication mode. When TACACS authentication fails, the system uses local authentication. This command configures local authentication as a backup mode.
PAGE 877
MANAGEMENT-POLICY 16 - 5 16.1.2 banner management-policy Configures the login banner message. Use this command to display messages to users as they as login.
PAGE 878
16 - 6 WiNG 5.2.6 Wireless Controller CLI Reference Guide 16.1.
PAGE 879
MANAGEMENT-POLICY 16 - 7 Usage Guidelines The string size of encrypted password (option 1, Password is encrypted with a SHA1 algorithm) must be exactly 40 characters.
PAGE 880
16 - 8 WiNG 5.2.6 Wireless Controller CLI Reference Guide 16.1.
PAGE 881
MANAGEMENT-POLICY 16 - 9 16.1.
PAGE 882
16 - 10 WiNG 5.2.6 Wireless Controller CLI Reference Guide 16.1.6 idle-session-timeout management-policy Configures a session’s idle timeout. After the timeout period has been exceeded, the session is automatically terminated.
PAGE 883
MANAGEMENT-POLICY 16 - 11 16.1.7 no management-policy Negates a command or reverts values to their default. When used in the config management policy mode, the no command negates or reverts management policy parameters.
PAGE 884
16 - 12 WiNG 5.2.
PAGE 885
MANAGEMENT-POLICY 16 - 13 no user Deletes a user account – Specify the username of the account.
PAGE 886
16 - 14 WiNG 5.2.6 Wireless Controller CLI Reference Guide 16.1.
PAGE 887
MANAGEMENT-POLICY 16 - 15 • restrict-access ip-access-list ip-access-list Uses an IP access list to filter access requests Sets the access list name • restrict-access subnet {log [all|denied-only]} subnet Restricts access to a specified subnet. Uses a subnet IP address to filter access requests • – Sets the IP address of the subnet in the A.B.C.D/M format log [all|denied-only] Optional. Configures a logging policy for access requests.
PAGE 888
16 - 16 WiNG 5.2.6 Wireless Controller CLI Reference Guide 16.1.
PAGE 889
MANAGEMENT-POLICY 16 - 17 • snmp-server host [v2c|v3] {<1-65535>} host Configures a IP address of the host [v2c|v3] Configures the SNMP version used to send the traps • v2c – Uses SNMP version 2c • v3 – Uses SNMP version 3 <1-65535> Optional. Specifies the UDP port of the host • <1-65535> – Sets a value from 1 - 65535. The default value is 162.
PAGE 890
16 - 18 WiNG 5.2.
PAGE 891
MANAGEMENT-POLICY 16 - 19 rfs7000-37FABE(config-management-policy-test)#show context management-policy test http server no ssh snmp-server community snmp1 ro snmp-server user snmpmanager v3 encrypted des auth md5 0 motorola123 snmp-server host 172.16.10.
PAGE 892
16 - 20 WiNG 5.2.6 Wireless Controller CLI Reference Guide 16.1.10 ssh management-policy Enables SSH for this management policy. SSH encrypts communication between the client and the server.
PAGE 893
MANAGEMENT-POLICY 16 - 21 16.1.11 telnet management-policy Enables Telnet. By default Telnet is enabled on Transmission Control Protocol (TCP) port 23. Use this command to change the TCP port. Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax telnet {port <1-65535>} Parameters • telnet {port <1-65535>} telnet Enables Telnet port <1-65535> Optional.
PAGE 894
16 - 22 WiNG 5.2.6 Wireless Controller CLI Reference Guide 16.1.
PAGE 895
MANAGEMENT-POLICY 16 - 23 Examples rfs7000-37FABE(config-management-policy-test)#user TESTER password moto123 role superuser access all rfs7000-37FABE(config-management-policy-test)#show context management-policy test telnet port 200 http server ssh port 162 user TESTER password 1 92d96356524478e04a6669c0c5a167a2d5f5ed0547c489b0d5b8662d879d3a1e role superuser access all snmp-server community snmp1 ro snmp-server user snmpmanager v3 encrypted des auth md5 0 motorola123 snmp-server enable traps snmp-server
PAGE 896
16 - 24 WiNG 5.2.
PAGE 897
CHAPTER 17 RADIUS-POLICY This chapter summarizes RADIUS group, server and user policy commands in detail. It is organized as follows: • radius-group • radius-server-policy • radius-user-pool-policy Use the (config) instance to configure RADIUS group commands. This command creates a group within the existing Remote Authentication Dial-in user Service (RADIUS) group.
PAGE 898
17 - 2 WiNG 5.2.6 Wireless Controller CLI Reference Guide 17.1 radius-group RADIUS-POLICY Sets RADIUS user group parameters Table 17.1 summarizes RADIUS group configuration commands. Table 17.
PAGE 899
RADIUS-POLICY 17 - 3 17.1.1 guest radius-group Manages captive portal guest access. Creates a guest user and associates it with a group. The guest user and policies are used for captive portal authorization to the wireless controller managed network.
PAGE 900
17 - 4 WiNG 5.2.6 Wireless Controller CLI Reference Guide 17.1.2 no radius-group Negates a command or sets its default. Removes or modifies the RADIUS group policy settings. When used in the config RADIUS group mode, the no command removes or modifies the following settings: access type, access days, role type, VLAN ID, and SSID.
PAGE 901
RADIUS-POLICY 17 - 5 • no policy ssid [|all] no policy ssid Removes the RADIUS group’s SSID • – Specify the RADIUS group SSID • all – Removes all allowed WLANs • no policy [role|time|vlan] no policy role Removes the RADIUS group’s role no policy time Removes the RADIUS group’s start and end access time no policy vlan Removes the RADIUS group’s VLAN ID • no rate-limit [from-air|to-air] no rate-limit Removes RADIUS group’s rate limit from-air Removes the rate limit in the uplink di
PAGE 902
17 - 6 WiNG 5.2.6 Wireless Controller CLI Reference Guide 17.1.3 policy radius-group Sets the authorization policies for a RADIUS group, such as access day/time, WLANs etc.
PAGE 903
RADIUS-POLICY 17 - 7 • policy role [helpdesk|monitor|network-admin|security-admin|super-user| system-admin|web-user-admin] role [helpdesk|monitor| network-admin| security-admin| super-user| system-admin| web-user-admin] Configures the role assigned to this RADIUS group • helpdesk – Helpdesk administrator. Performs troubleshooting tasks, such as clear statistics, reboot, create and copy tech support dumps • monitor – Monitor. Has read-only access to the system.
PAGE 904
17 - 8 WiNG 5.2.
PAGE 905
RADIUS-POLICY 17 - 9 17.1.
PAGE 906
17 - 10 WiNG 5.2.6 Wireless Controller CLI Reference Guide 17.2 radius-server-policy RADIUS-POLICY Creates an onboard device RADIUS server policy. Use the (config) instance to configure RADIUS-Server-Policy related configuration commands. To navigate to the RADIUSServer-Policy instance, use the following commands: rfs7000-37FABE(config)#radius-server-policy rfs7000-37FABE(config)#radius-server-policy test rfs7000-37FABE(config-radius-server-policy-test)# Table 17.
PAGE 907
RADIUS-POLICY 17 - 11 17.2.
PAGE 908
17 - 12 WiNG 5.2.6 Wireless Controller CLI Reference Guide 17.2.
PAGE 909
RADIUS-POLICY 17 - 13 17.2.
PAGE 910
17 - 14 WiNG 5.2.6 Wireless Controller CLI Reference Guide 17.2.
PAGE 911
RADIUS-POLICY 17 - 15 17.2.5 ldap-server radius-server-policy Configures LDAP server parameters. Configuring LDAP server allows users to login and authenticate from anywhere on the network.
PAGE 912
17 - 16 WiNG 5.2.
PAGE 913
RADIUS-POLICY 17 - 17 17.2.
PAGE 914
17 - 18 WiNG 5.2.6 Wireless Controller CLI Reference Guide 17.2.
PAGE 915
RADIUS-POLICY 17 - 19 17.2.8 no radius-server-policy Negates a command or reverts back to default settings. When used with in the config RADIUS server policy mode, the no command removes settings, such as crl-check, LDAP group verification, RADIUS client etc.
PAGE 916
17 - 20 WiNG 5.2.
PAGE 917
RADIUS-POLICY 17 - 21 proxy Configures a proxy RADIUS server based on the realm/suffix session-resumption Enables session resumption/fast re-authentication by using cached attributes use Defines settings used with the RADIUS server policy
PAGE 918
17 - 22 WiNG 5.2.6 Wireless Controller CLI Reference Guide 17.2.9 proxy radius-server-policy Configures a proxy RADIUS server based on the realm/suffix. The realm identifies where the RADIUS server forwards AAA requests for processing.
PAGE 919
RADIUS-POLICY 17 - 23 Usage Guidelines Only five RADIUS proxy servers can be configured. The proxy server attempts six retries before it times out. The retry count defines the number of times the wireless controller transmits each RADIUS request before giving up. The timeout value defines the duration for which the wireless controller waits for a reply to a RADIUS request before retransmitting the request. Examples rfs7000-37FABE(config-radius-server-policy-test)#proxy realm test1 server 172.16.10.
PAGE 920
17 - 24 WiNG 5.2.6 Wireless Controller CLI Reference Guide 17.2.
PAGE 921
RADIUS-POLICY 17 - 25 17.2.
PAGE 922
17 - 26 WiNG 5.2.6 Wireless Controller CLI Reference Guide 17.3 radius-user-pool-policy RADIUS-POLICY Configures a RADIUS user pool policy Use the (config) instance to configure RADIUS user pool policy commands. To navigate to the radius-user-pool-policy instance, use the following commands: rfs7000-37FABE(config)#radius-user-pool-policy rfs7000-37FABE(config)#radius-user-pool-policy testuser rfs7000-37FABE(config-radius-user-pool-testuser)# Table 17.
PAGE 923
RADIUS-POLICY 17 - 27 17.3.
PAGE 924
17 - 28 WiNG 5.2.6 Wireless Controller CLI Reference Guide 17.3.2 no radius-user-pool-policy Negates a command or sets its default.
PAGE 925
CHAPTER 18 RADIO-QOS-POLICY This chapter summarizes the radio QoS policy in detail. Configuring and implementing a radio QOS policy is essential for WLANs with heavy traffic and less bandwidth. The policy enables you to provide preferential service to selected network traffic by controlling bandwidth allocation. The radio QoS policy can be applied to VLANs configured on an access point. In case no VLANs are configured, the radio QoS policy can be applied to an access point’s Ethernet and radio ports.
PAGE 926
18 - 2 WiNG 5.2.6 Wireless Controller CLI Reference Guide 18.1 radio-qos-policy Table 18.1 summarizes radio QoS policy configuration commands. Table 18.1 radio-qos policy config commands Command Description Reference acceleratedmulticast Configures multicast streams for acceleration page 18-3 admission-control Enables admission control across all radios for one or more access categories page 18-4 no Negates a command or resets configured settings to their default page 18-6 wmm Configures 802.
PAGE 927
RADIO-QOS-POLICY 18 - 3 18.1.1 accelerated-multicast radio-qos-policy Configures multicast streams for acceleration. Multicasting allows the group transmission of data streams.
PAGE 928
18 - 4 WiNG 5.2.6 Wireless Controller CLI Reference Guide 18.1.2 admission-control radio-qos-policy Enables admission control across all radios for one or more access categories. Enabling admission control for an access category, ensures clients associated to an access point complete WMM admission control before using that access category.
PAGE 929
RADIO-QOS-POLICY 18 - 5 max-roamed-clients <0-256> Optional. Specifies the maximum number of roaming wireless clients admitted to this access category • <0-256> – Specify a value from 0 - 256. This is the maximum number of roaming wireless clients admitted to this access category. the default is 10 roamed clients. reserved-for-roam-percent <0-150> Optional. Calculates the percentage of air time, including oversubscription, allocated exclusively for roaming clients.
PAGE 930
18 - 6 WiNG 5.2.6 Wireless Controller CLI Reference Guide 18.1.3 no radio-qos-policy Negates a command or resets configured settings to their default. When used in the radio QOS policy mode, the no command enables the resetting of accelerated multicast parameters, admission control parameters, and MultiMedia parameters.
PAGE 931
RADIO-QOS-POLICY 18 - 7 • no admission-control [background|best-effort|video|voice] {max-airtime-percent| max-clients|max-roamed-clients|reserved-for-roam-percent} no admission-control Reverts or resets admission control settings to their default. These controls are configured on a radio for one or more access categories.
PAGE 932
18 - 8 WiNG 5.2.
PAGE 933
RADIO-QOS-POLICY 18 - 9 18.1.4 wmm radio-qos-policy Configures 802.
PAGE 934
18 - 10 WiNG 5.2.
PAGE 935
CHAPTER 19 ROLE-POLICY A role policy defines the rules that associates tasks and devices with specific roles. A role is as a class of users with a specific set of requirements and responsibilities. By defining roles, you are actually defining different user groups. A well defined role policy simplifies user management, and is a significant aspect of WLAN management. Use the (config-role-policy) instance to configure role policy related configuration commands.
PAGE 936
19 - 2 WiNG 5.2.6 Wireless Controller CLI Reference Guide 19.1 role-policy Table 19.1 summarizes role policy configuration commands. Table 19.
PAGE 937
ROLE-POLICY 19 - 3 19.1.1 default-role role-policy Assigns a default role to a wireless client that fails to find a matching role. Use this command to configure a wireless client not matching any role.
PAGE 938
19 - 4 WiNG 5.2.6 Wireless Controller CLI Reference Guide Examples rfs7000-37FABE(config-role-policy-test)#default-role use ip-access-list in test precedence 1 rfs7000-37FABE(config-role-policy-test)#show context role-policy test default-role use ip-access-list in test precedence 1 rfs7000-37FABE(config-role-policy-test)# Related Commands no Removes the default role assigned to a client ip-access-list Creates a new IP based access list. Access lists control access to the network using a set of rules.
PAGE 939
ROLE-POLICY 19 - 5 19.1.2 no role-policy Negates a command or resets settings to their default. When used in the config role policy mode, the no command removes the default role assigned to a wireless client. It also disables existing user roles from being assigned to new users.
PAGE 940
19 - 6 WiNG 5.2.6 Wireless Controller CLI Reference Guide Specifies the MAC access list to remove • – Sets the MAC access list name precedence <1-100> After specifying the MAC access list to remove, specify the ACL precedence value applied. • precedence – Based on the packets received, the lower precedence value is evaluated first. • <1-100> – Specify the precedence value from 1 - 100.
PAGE 941
ROLE-POLICY 19 - 7 19.1.3 user-role role-policy This command creates a user defined role and associates it to a role policy. This command defines a number of settings used to assign a user defined role to the role policy. Table 19.
PAGE 942
19 - 8 WiNG 5.2.6 Wireless Controller CLI Reference Guide 19.1.3.1 user-role config user role command Creates a user defined role. A user defined role configures a set of rules for this role.
PAGE 943
ROLE-POLICY 19 - 9 19.1.3.2 user-role commands config user role command Table 19.3 summarizes user role commands Table 19.
PAGE 944
19 - 10 WiNG 5.2.6 Wireless Controller CLI Reference Guide 19.1.3.2.
PAGE 945
ROLE-POLICY 19 - 11 19.1.3.2.
PAGE 946
19 - 12 WiNG 5.2.6 Wireless Controller CLI Reference Guide 19.1.3.2.
PAGE 947
ROLE-POLICY 19 - 13 19.1.3.2.4 encryption-type user-role commands Selects the encryption type for this user role. Encryption ensures privacy of all communication between access points and wireless clients. There are various modes of encrypting communication on a WLAN, such as Counter-model CBC-MAC Protocol (CCMP), Wired Equivalent Privacy (WEP), keyguard, Temporal Key Integrity Protocol (TKIP) etc.
PAGE 948
19 - 14 WiNG 5.2.
PAGE 949
ROLE-POLICY 19 - 15 19.1.3.2.
PAGE 950
19 - 16 WiNG 5.2.6 Wireless Controller CLI Reference Guide 19.1.3.2.
PAGE 951
ROLE-POLICY 19 - 17 19.1.3.2.7 no user-role commands Negates a command or resets configured settings to their default. When used in the config role policy user role mode, the no command removes or resets settings, such as AP location, authentication type, encryption type, captive portal etc.
PAGE 952
19 - 18 WiNG 5.2.
PAGE 953
ROLE-POLICY 19 - 19 19.1.3.2.
PAGE 954
19 - 20 WiNG 5.2.6 Wireless Controller CLI Reference Guide 19.1.3.2.
PAGE 955
CHAPTER 20 SMART-RF-POLICY This chapter summarizes Smart RF policy commands within the CLI structure. A Self Monitoring at Run Time RF Management (Smart RF) policy defines operating and recovery parameters that can be assigned to groups of access points. A Smart RF policy is designed to scan the network to identify the best channel and transmit power for each access point radio. Use the (config) instance to configure Smart RF Policy related configuration commands.
PAGE 956
20 - 2 WiNG 5.2.6 Wireless Controller CLI Reference Guide 20.1 smart-rf-policy Table 20.1summarizes Smart RF policy configuration commands. Table 20.
PAGE 957
SMART-RF-POLICY 20 - 3 20.1.1 assignable-power smart-rf-policy Specifies the power range during power assignment Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax assignable-power [2.4GHz|5GHz] [max|min] <1-20> Parameters • assignable-power [2.4GHz|5GHz] [max|min] <1-20> 2.4GHz [max|min] <1-20> Assigns a power range on the 2.
PAGE 958
20 - 4 WiNG 5.2.6 Wireless Controller CLI Reference Guide 20.1.2 channel-list smart-rf-policy Assigns the channel list for the selected frequency Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax channel-list [2.4GHz|5GHz] Parameters • channel-list [2.4GHz|5GHz] 2.4GHz Assigns a channel list for the 2.
PAGE 959
SMART-RF-POLICY 20 - 5 20.1.3 channel-width smart-rf-policy Selects the channel width for Smart RF configuration Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax channel-width [2.4GHz|5GHz] [20MHz|40MHz|auto] Parameters • channel-width [2.4GHz|5GHz] [20MHz|40MHz|auto] 2.4GHz [20MHz|40MHz| auto] Assigns the channel width for the 2.
PAGE 960
20 - 6 WiNG 5.2.6 Wireless Controller CLI Reference Guide 20.1.4 coverage-hole-recovery smart-rf-policy Enables recovery from coverage hole errors detected by Smart RF Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, NX9500 Syntax coverage-hole-recovery {client-threshold|coverage-interval|interval|snr-threshold} coverage-hole-recovery {client-threshold [2.
PAGE 961
SMART-RF-POLICY 20 - 7 Examples rfs7000-37FABE(config-smart-rf-policy-test)#coverage-hole-recovery snr-threshold 5GHz 1 rfs7000-37FABE(config-smart-rf-policy-test)#show context smart-rf-policy test auto-assign-sensor assignable-power 5GHz min 8 assignable-power 5GHz max 20 channel-list 2.
PAGE 962
20 - 8 WiNG 5.2.6 Wireless Controller CLI Reference Guide 20.1.5 enable smart-rf-policy Enables a Smart RF policy Use this command to enable this Smart RF policy. Once enabled, the policy can be assigned to a RF Domain or used for wireless controller network support.
PAGE 963
SMART-RF-POLICY 20 - 9 20.1.
PAGE 964
20 - 10 WiNG 5.2.6 Wireless Controller CLI Reference Guide 20.1.7 interference-recovery smart-rf-policy Recovers excessive noise and interference. Enabling interference recovery ensures that noise levels and other RF parameters are continuously monitored on a radio’s current channel. When noise levels exceed the specified noise threshold, Smart RF switches to another channel with less interference.
PAGE 965
SMART-RF-POLICY 20 - 11 Examples rfs7000-37FABE(config-smart-rf-policy-test)#interference-recovery channel-switchdelta 5 5 rfs7000-37FABE(config-smart-rf-policy-test)#show context smart-rf-policy test auto-assign-sensor group-by floor assignable-power 5GHz min 8 assignable-power 5GHz max 20 channel-list 2.
PAGE 966
20 - 12 WiNG 5.2.6 Wireless Controller CLI Reference Guide 20.1.8 neighbor-recovery smart-rf-policy Enables recovery from errors due to faulty neighbor radios. Enabling neighbor recovery ensures automatic recovery when a radio fails within the radio coverage area. Smart RF instructs neighboring access points to increase their transmit power to compensate for the failed radio.
PAGE 967
SMART-RF-POLICY 20 - 13 Examples rfs7000-37FABE(config-smart-rf-policy-test)#neighbor-recovery power-threshold 2.4 82 rfs7000-37FABE(config-smart-rf-policy-test)#neighbor-recovery power-threshold 5 -65 rfs7000-37FABE(config-smart-rf-policy-test)#show context smart-rf-policy test auto-assign-sensor group-by floor assignable-power 5GHz min 8 assignable-power 5GHz max 20 channel-list 2.
PAGE 968
20 - 14 WiNG 5.2.6 Wireless Controller CLI Reference Guide 20.1.9 no smart-rf-policy Negates a command or sets its default. When used in the config Smart RF policy mode, the no command disables or resets Smart RF settings.
PAGE 969
SMART-RF-POLICY 20 - 15 Related Commands assignable-power Assigns the power range channel-list Assigns the channel list for the selected frequency channel-width Selects the channel width for Smart RF configuration coverage-hole-recovery Enables recovery from coverage hole errors enable Enables the configured Smart RF policy features group-by Configures grouping parameters on this Smart RF policy interference-recovery Enables recovery of errors due to excessive noise and interference neighbor
PAGE 970
20 - 16 WiNG 5.2.6 Wireless Controller CLI Reference Guide 20.1.
PAGE 971
SMART-RF-POLICY 20 - 17 20.1.
PAGE 972
20 - 18 WiNG 5.2.6 Wireless Controller CLI Reference Guide • smart-ocs-monitoring {frequency [2.4GHz|5GHz] [<1-120>]} frequency Optional. Specifies the frequency the channel must be switched. Sets the value, in seconds, from 1 - 120 2.4GHz <1-20> Selects the 2.4GHz band • <1-20> – Sets a scan frequency from 1 - 120 seconds. The default is 6 seconds. 5GHz <1-20> Selects the 5GHz band • <1-20> – Sets a scan frequency from 1 - 120 seconds. The default is 6 seconds.
PAGE 973
SMART-RF-POLICY 20 - 19 • smart-ocs-monitoring {voice-aware [2.4GHz|5GHz] [dynamic|strict]} voice-aware Optional. Enables voice aware scanning on this Smart RF policy 2.4Ghz [dynamic|strict] Specifies the scanning mode on the 2.4GHz band • dynamic – Dynamically avoids scanning based on traffic for voice clients • strict – Strictly avoids scanning when voice clients are present The default is dynamic.
PAGE 974
20 - 20 WiNG 5.2.6 Wireless Controller CLI Reference Guide 20.1.12 smart-ocs-monitoring (ap7161) smart-rf-policy Enables automatic channel selection on an AP7161 model access point, provided radio meshpoint is configured. Use this command to configure meshpoint on an AP7161.
PAGE 975
CHAPTER 21 WIPS-POLICY This chapter summarizes WIPS policy commands in detail. The Wireless Intrusion Protection Systems (WIPS) is an additional measure of security designed to continuously monitor the network for threats and intrusions. Along with wireless VPNs, encryptions and authentication policies, WIPS enhances the security of a WLAN. The wireless controller supports WIPS through the use of sensor devices that locate unauthorized access points.
PAGE 976
21 - 2 WiNG 5.2.6 Wireless Controller CLI Reference Guide 21.1 wips-policy Table 21.1 summarizes WIPS policy configuration commands. Table 21.
PAGE 977
WIPS-POLICY 21 - 3 21.1.1 ap-detection wips-policy Enables the detection of unauthorized or unsanctioned APs. Unauthorized APs are untrusted access points connected to an access point managed network. These untrusted APs accept wireless client associations. It is important to detect such rogue APs and declare them unauthorized.
PAGE 978
21 - 4 WiNG 5.2.6 Wireless Controller CLI Reference Guide 21.1.
PAGE 979
WIPS-POLICY 21 - 5 21.1.3 event wips-policy Configures events, filters and threshold values for this WIPS policy. Events have been grouped into three categories, AP anomaly, client anomaly, and excessive. WLANs are baselined for matching criteria. Any deviation from this baseline is considered an anomaly and logged as an event.
PAGE 980
21 - 6 WiNG 5.2.6 Wireless Controller CLI Reference Guide • event client-anomaly [crackable-wep-iv-key-used|dos-broadcast-deauth| fuzzing-all-zero-macs|fuzzing-invalid-frame-type|fuzzing-invalid-mgmt-frames| fuzzing-invalid-seq-num|identical-src-and-dest-addr|invalid-8021x-frames| netstumbler-generic|non-changing-wep-iv|tkip-mic-counter-measures|wellenreiter] {filter-ageout [<0-86400>]} client-anomaly Enables client anomaly event tracking.
PAGE 981
WIPS-POLICY 21 - 7 dos-eapol-start-storm Tracks DoS EAPOL start storms dos-unicast-deauth-ordisassoc Tracks DoS dissociation or deauthentication floods eap-flood Tracks EAP floods eap-nak-flood Tracks EAP NAK floods frames-from-unassoc-station Tracks frames from unassociated clients filter-ageout <0-86400> Optional. Configures a filter expiration interval in seconds. It sets the duration for which the client is filtered.
PAGE 982
21 - 8 WiNG 5.2.6 Wireless Controller CLI Reference Guide 21.1.
PAGE 983
WIPS-POLICY 21 - 9 21.1.5 no wips-policy Negates a command or resets configured settings to their default. When used in the config WIPS policy mode, the no command negates or resets filters and threshold values.
PAGE 984
21 - 10 WiNG 5.2.
PAGE 985
WIPS-POLICY 21 - 11 • no event excessive [80211-replay-check-failure|aggressive-scanning| auth-server-failures|decryption-failures|dos-assoc-or-auth-flood| dos-eapol-start-storm |dos-unicast-deauth-or-disassoc|eap-flood|eap-nak-flood| frames-from-unassoc-station] {filter-ageout [<0-86400>]| threshold-client [<0-65535>]|threshold-radio [<0-65535>]} no event Disables WIPS policy event tracking settings excessive Disables the tracking of excessive events.
PAGE 986
21 - 12 WiNG 5.2.6 Wireless Controller CLI Reference Guide Usage Guidelines The no command negates any command associated with it. Wherever required, use the same parameters associated with the command getting negated.
PAGE 987
WIPS-POLICY 21 - 13 21.1.6 signature wips-policy Attack and intrusion patterns are identified and configured as signatures in a WIPS policy. The WIPS policy compares packets in the network with pre configured signatures to identify threats. When a threat is identified, the WIPS policy takes adequate actions. Table 21.
PAGE 988
21 - 14 WiNG 5.2.6 Wireless Controller CLI Reference Guide 21.1.6.1 signature config signature command Configures a WIPS policy signature. For more information, see signature mode commands.
PAGE 989
WIPS-POLICY 21 - 15 21.1.6.2 signature mode commands config signature command Table 21.3 summarizes signature commands Table 21.
PAGE 990
21 - 16 WiNG 5.2.6 Wireless Controller CLI Reference Guide 21.1.6.2.
PAGE 991
WIPS-POLICY 21 - 17 21.1.6.2.
PAGE 992
21 - 18 WiNG 5.2.6 Wireless Controller CLI Reference Guide 21.1.6.2.3 filter-ageout signature mode commands Configures the filter ageout interval in seconds. This is the duration a client, triggering a WIPS event, is excluded from RF Domain manager radio association.
PAGE 993
WIPS-POLICY 21 - 19 21.1.6.2.
PAGE 994
21 - 20 WiNG 5.2.6 Wireless Controller CLI Reference Guide 21.1.6.2.
PAGE 995
WIPS-POLICY 21 - 21 21.1.6.2.6 payload signature mode commands Configures payload settings. The payload command sets a numerical index pattern and offset for this WIPS signature.
PAGE 996
21 - 22 WiNG 5.2.6 Wireless Controller CLI Reference Guide 21.1.6.2.
PAGE 997
WIPS-POLICY 21 - 23 21.1.6.2.
PAGE 998
21 - 24 WiNG 5.2.6 Wireless Controller CLI Reference Guide 21.1.6.2.9 threshold-client signature mode commands Configures wireless client’s threshold limit. When the wireless client exceeds the specified limit, an event is triggered.
PAGE 999
WIPS-POLICY 21 - 25 21.1.6.2.10 threshold-radio signature mode commands Configures radio’s threshold limit. When the radio exceeds the specified limit, an event is triggered.
PAGE 1000
21 - 26 WiNG 5.2.6 Wireless Controller CLI Reference Guide 21.1.6.2.11 no signature mode commands Negates a command or resets settings to their default. When used in the config WIPS policy signature mode, the no command resets or removes WIPS signature settings.
PAGE 1001
WIPS-POLICY 21 - 27 Examples The following is the WIPS signature before the execution of the no command: rfs7000-37FABE(config-test-signature-test)#show context signature symbol bssid 11-22-33-44-55-66 src-mac 00-1E-E5-EA-1D-60 dst-mac 55-66-77-88-99-00 frame-type beacon ssid-match ssid PrinterLan filter-ageout 8 threshold-client 88 threshold-radio 88 payload 1 pattern motorola offset 1 rfs7000-37FABE(config-test-signature-test)# The following is the WIPS signature after the execution of the no command: r
PAGE 1002
21 - 28 WiNG 5.2.6 Wireless Controller CLI Reference Guide 21.1.7 use config-wips policy config command Enables device categorization on this WIPS policy. This command uses an existing device categorization list, or creates a new device categorization list. The list categorizes devices as authorized or unauthorized.
PAGE 1003
CHAPTER 22 WLAN-QOS-POLICY This chapter summarizes the WLAN QoS policy in detail. A WLAN QoS policy increases network efficiency by prioritizing data traffic. Prioritization reduces congestion. This is essential because of the lack of bandwidth for all users and applications. QoS ensures WLANs get a share of the bandwidth equally or per the configured proportion. Each WLAN QoS policy has a set of parameters which it groups into categories, such as management, voice and data.
PAGE 1004
22 - 2 WiNG 5.2.6 Wireless Controller CLI Reference Guide 22.1 wlan-qos-policy Table 22.1 summarizes WLAN QoS policy configuration commands. Table 22.
PAGE 1005
WLAN-QOS-POLICY 22 - 3 22.1.
PAGE 1006
22 - 4 WiNG 5.2.6 Wireless Controller CLI Reference Guide 22.1.2 classification wlan-qos-policy Specifies how traffic on this WLAN is classified. This classification is based on relative prioritization on the radio.
PAGE 1007
WLAN-QOS-POLICY 22 - 5 normal Specifies all WLAN non-WMM client traffic is classified and treated as normal priority packets (best effort) low Specifies all WLAN non-WMM client traffic is classified and treated as low priority packets (background) Examples rfs7000-37FABE(config-wlan-qos-test)#classification wmm rfs7000-37FABE(config-wlan-qos-test)#classification non-wmm video rfs7000-37FABE(config-wlan-qos-test)#classification non-unicast normal rfs7000-37FABE(config-wlan-qos-test)#show context wlan-q
PAGE 1008
22 - 6 WiNG 5.2.6 Wireless Controller CLI Reference Guide 22.1.3 multicast-mask wlan-qos-policy Configure an egress prioritization multicast mask for this WLAN QoS policy. By configuring a primary or secondary prioritization multicast mask, the network administrator can indicate which packets are to be transmitted immediately.
PAGE 1009
WLAN-QOS-POLICY 22 - 7 22.1.
PAGE 1010
22 - 8 WiNG 5.2.6 Wireless Controller CLI Reference Guide • no rate-limit [client|wlan] [from-air|to-air] [max-burst-size|rate| red-threshold [background|best-effort|video|voice] no rate-limit [client|wlan] Disables traffic rate limit parameters • Disables client traffic rate limits • Disables WLAN traffic rate limits [from-air|to-air] The following are common to the client and WLAN parameters: • from-air – Removes client/WLAN traffic rate limits in the up link direction.
PAGE 1011
WLAN-QOS-POLICY 22 - 9 Related Commands accelerated-multicast Configures the accelerated multicast streams address and forwards the QoS classification classification Classifies WLAN traffic based on priority multicast-mask Configures the egress prioritization multicast mask qos Defines the QoS configuration rate-limit Configures a WLAN’s traffic rate limits svp-prioritization Enables Spectralink voice protocol support on a WLAN voice-prioritization Prioritizes voice client over other clients
PAGE 1012
22 - 10 WiNG 5.2.6 Wireless Controller CLI Reference Guide 22.1.5 qos wlan-qos-policy Enables QoS on this WLAN Supported in the following platforms: • Access Points — AP300, AP621, AP622, AP650, AP6511, AP6521, AP6532, AP71XX, AP81XX • Wireless Controllers — RFS4000, RFS6000, RFS7000, NX9000, WF5100 Syntax qos trust [dscp|wmm] Parameters • qos trust [dscp|wmm] trust [dscp|wmm] Trusts the QoS values of ingressing packets • dscp – Trusts the IP DSCP values of ingressing packets • wmm – Trusts the 802.
PAGE 1013
WLAN-QOS-POLICY 22 - 11 22.1.
PAGE 1014
22 - 12 WiNG 5.2.
PAGE 1015
WLAN-QOS-POLICY 22 - 13 22.1.7 svp-prioritization wlan-qos-policy Enables WLAN SVP support on this WLAN QoS policy. Enabling SVP enables the wireless controller to identify and prioritize traffic from Spectralink/Ploycomm phones. This feature is enabled by default.
PAGE 1016
22 - 14 WiNG 5.2.6 Wireless Controller CLI Reference Guide 22.1.8 voice-prioritization wlan-qos-policy Prioritizes voice clients over other clients (for non-WMM clients). This feature is enabled by default.
PAGE 1017
WLAN-QOS-POLICY 22 - 15 22.1.9 wmm wlan-qos-policy Configures 802.
PAGE 1018
22 - 16 WiNG 5.2.6 Wireless Controller CLI Reference Guide cw-max <0-15> Configures the maximum contention window. Wireless clients pick a number between 0 and the minimum contention window to wait before retransmission. Wireless clients then double their wait time on a collision, until it reaches the maximum contention window. This parameter is common to background, best effort, video and voice.
PAGE 1019
CHAPTER 23 INTERFACE-RADIO COMMANDS Use the (config-profile-default-RFS4000) instance to configure radio instances associated with the wireless controller.
PAGE 1020
23 - 2 WiNG 5.2.
PAGE 1021
INTERFACE-RADIO COMMANDS 23 - 3 23.1 interface-radio Instance Table 23.1 summarizes interface radio configuration commands. Table 23.1 interface-radio config commands Commands Description Reference aeroscout Enables Aeroscout Multicast packet forwarding page 23-5 aggregation Configures 802.
PAGE 1022
23 - 4 WiNG 5.2.6 Wireless Controller CLI Reference Guide Table 23.
PAGE 1023
INTERFACE-RADIO COMMANDS 23 - 5 23.1.1 aeroscout interface-radio Instance Enables Aeroscout Multicast packet forwarding Supported in the following platforms: • Wireless Controller — RFS4011 Syntax aeroscout [forward|mac ] Parameters • aeroscout [forward|mac ] forward Enables Aeroscout Multicast packet forwarding mac Configures the multicast MAC address to forward the packets • – Specify the multicast MAC address in the AA-BB-CC-DD-EE-FF format.
PAGE 1024
23 - 6 WiNG 5.2.6 Wireless Controller CLI Reference Guide 23.1.2 aggregation interface-radio Instance Configures 802.11n frame aggregation. Frame aggregation increases throughput by sending two or more data frames in a single transmission. There are two types of frame aggregation: MAC Service Data Unit (MSDU) aggregation and MAC Protocol Data Unit (MPDU) aggregation. Both modes group several data frames into one large data frame.
PAGE 1025
INTERFACE-RADIO COMMANDS 23 - 7 max-aggr-size Configures AMPDU packet size limits. Configure the packet size limit on packets both transmitted and received. rx [8191|16383| 32767|65535] Configures the limit on received frames • 8191 – Advertises a maximum of 8191 bytes • 16383 – Advertises a maximum of 16383 bytes • 32767 – Advertises a maximum of 32767 bytes • 65536 – Advertises a maximum of 65535 bytes • aggregation ampdu max-aggr-size tx [<0-65535>] aggregation Configures 802.
PAGE 1026
23 - 8 WiNG 5.2.
PAGE 1027
INTERFACE-RADIO COMMANDS 23 - 9 23.1.3 airtime-fairness interface-radio Instance Enables equal access for wireless clients based on their airtime usage Supported in the following platforms: • Wireless Controller — RFS4011 Syntax airtime-fairness {prefer-ht} {weight [<1-10>]} Parameters • airtime-fairness {prefer-ht} {weight [<1-10>]} airtime-fairness Enables equal access for wireless clients based on their airtime usage prefer-ht Optional. Gives preference to high throughput (802.
PAGE 1028
23 - 10 WiNG 5.2.6 Wireless Controller CLI Reference Guide 23.1.
PAGE 1029
INTERFACE-RADIO COMMANDS 23 - 11 23.1.5 antenna-gain interface-radio Instance Configures the antenna gain value of the selected radio. Antenna gain defines the ability of an antenna to convert power into radio waves and vice versa. Supported in the following platforms: • Wireless Controller — RFS4011 Syntax antenna-gain <0.0-15.0> Parameters • antenna-gain <0.0-15.0> <0.0-15.0> Sets the antenna gain from 0.0 - 15.
PAGE 1030
23 - 12 WiNG 5.2.6 Wireless Controller CLI Reference Guide 23.1.
PAGE 1031
INTERFACE-RADIO COMMANDS 23 - 13 23.1.7 beacon interface-radio Instance Configures radio beacon parameters. Beacons are packets sent by the access point to synchronize a wireless network.
PAGE 1032
23 - 14 WiNG 5.2.
PAGE 1033
INTERFACE-RADIO COMMANDS 23 - 15 23.1.
PAGE 1034
23 - 16 WiNG 5.2.6 Wireless Controller CLI Reference Guide 23.1.9 data-rates interface-radio Instance Configures the 802.11 data rates on this radio Supported in the following platforms: • Wireless Controller — RFS4011 Syntax data-rates [b-only|g-only|a-only|bg|bgn|gn|an|default|custom|mcs] data-rates [b-only|g-only|a-only|bg|bgn|gn|an|default] data-rates custom [1|2|5.5|6|9|11|12|18|24|36|48|54|mcs0-7|mcs8-15|mcs16-23| mcs0-15|mcs8-23|mcs0-23|basic-1|basic-2| basic-5.
PAGE 1035
INTERFACE-RADIO COMMANDS 23 - 17 • • • • • • • • • • • • • • • • • • • mcs0-7 – Modulation and Coding Scheme 0-7 mcs8-15 – Modulation and Coding Scheme 8-15 mcs16-23 – Modulation and Coding Scheme 16-23 mcs0-15 – Modulation and Coding Scheme 0-15 mcs8-23 – Modulation and Coding Scheme 8-23 mcs0-23 – Modulation and Coding Scheme 0-23 basic-1 – Basic 1-Mbps basic-2 – Basic 2-Mbps basic-5.5 – Basic 5.
PAGE 1036
23 - 18 WiNG 5.2.
PAGE 1037
INTERFACE-RADIO COMMANDS 23 - 19 23.1.
PAGE 1038
23 - 20 WiNG 5.2.6 Wireless Controller CLI Reference Guide 23.1.
PAGE 1039
INTERFACE-RADIO COMMANDS 23 - 21 23.1.
PAGE 1040
23 - 22 WiNG 5.2.6 Wireless Controller CLI Reference Guide 23.1.13 ekahau interface-radio Instance Enables Ekahau multicast packet forwarding Supported in the following platforms: • Wireless Controller — RFS4011 Syntax ekahau [forward|mac ] ekahau forward ip port <0-65535> Parameters • ekahau [forward|mac ] forward ip port <0-65535> Enables multicast packet forwarding to the Ekahau engine • ip – Configures the IP address of the Ekahau engine in the A.B.C.
PAGE 1041
INTERFACE-RADIO COMMANDS 23 - 23 23.1.14 guard-interval interface-radio Instance Configures the 802.11n guard interval. A guard interval ensures distinct transmissions do not interfere with one another. It provides immunity to propagation delays, echoes and reflection of radio signals.
PAGE 1042
23 - 24 WiNG 5.2.6 Wireless Controller CLI Reference Guide 23.1.
PAGE 1043
INTERFACE-RADIO COMMANDS 23 - 25 23.1.16 max-clients interface-radio Instance Configures the maximum number of wireless clients allowed to associate with this radio Supported in the following platforms: • Wireless Controller — RFS4011 Syntax max-clients <0-256> Parameters • max-clients <0-256> <0-256> Configures the maximum number of clients allowed to associate with a radio. Specify a value from 0 - 256.
PAGE 1044
23 - 26 WiNG 5.2.6 Wireless Controller CLI Reference Guide 23.1.17 mesh interface-radio Instance Use this command to configure radio mesh parameters. A Wireless Mesh Network (WMN) is a network of radio nodes organized in a mesh topology. It consists of mesh clients, mesh routers, and gateways.
PAGE 1045
INTERFACE-RADIO COMMANDS 23 - 27 23.1.18 no interface-radio Instance Negates a command or resets settings to their default. When used in the config RFS4000 radio Interface mode, the no command disables or resets radio interface settings. Supported in the following platforms: • Wireless Controller — RFS4011 Syntax no Parameters None Usage Guidelines The no command negates any command associated with it. Wherever required, use the same parameters associated with the command getting negated.
PAGE 1046
23 - 28 WiNG 5.2.
PAGE 1047
INTERFACE-RADIO COMMANDS 23 - 29 antenna-mode Configures the radio antenna mode (the number of transmit and receive antennas) beacon Configure beacon parameters channel Configures a radio channel of operation data-rates Configures 802.
PAGE 1048
23 - 30 WiNG 5.2.6 Wireless Controller CLI Reference Guide 23.1.19 non-unicast interface-radio Instance Configures the handling of non unicast frames on this radio. Enables the forwarding of multicast and broadcast frames by this radio.
PAGE 1049
INTERFACE-RADIO COMMANDS 23 - 31 dynamic-all Dynamically selects a rate from all supported rates based on current traffic conditions dynamic-basic Dynamically selects a rate from all supported basic rates based on current traffic conditions highest-basic Uses the highest configured basic rate lowest-basic Uses the lowest configured basic rate Examples RFS4000-880DA7(config-profile-default_RFS4000-if-radio1)#non-unicast queue bss 2 3 RFS4000-880DA7(config-profile-default_RFS4000-if-radio1)#non-unic
PAGE 1050
23 - 32 WiNG 5.2.6 Wireless Controller CLI Reference Guide 23.1.20 off-channel-scan interface-radio Instance Enables selected radio’s off channel scanning parameters Supported in the following platforms: • Wireless Controller — RFS4011 Syntax off-channel-scan {channel-list|max-multicast|scan-interval|sniffer-redirect} off-channel-scan {channel-list [2.
PAGE 1051
INTERFACE-RADIO COMMANDS 23 - 33 Examples RFS4000-880DA7(config-profile-default_RFS4000-if-radio1)#off-channel-scan channellist 2.4GHz 1 RFS4000-880DA7(config-profile-default_RFS4000-if-radio1)#show context interface radio1 data-rates custom basic-mcs0-7 mesh preferred-peer 2 11-22-33-44-55-66 beacon period 50 off-channel-scan channel-list 2.
PAGE 1052
23 - 34 WiNG 5.2.6 Wireless Controller CLI Reference Guide 23.1.
PAGE 1053
INTERFACE-RADIO COMMANDS 23 - 35 23.1.
PAGE 1054
23 - 36 WiNG 5.2.6 Wireless Controller CLI Reference Guide 23.1.
PAGE 1055
INTERFACE-RADIO COMMANDS 23 - 37 23.1.24 probe-response interface-radio Instance Configures transmission parameters for probe response frames.
PAGE 1056
23 - 38 WiNG 5.2.6 Wireless Controller CLI Reference Guide 23.1.
PAGE 1057
INTERFACE-RADIO COMMANDS 23 - 39 23.1.26 rf-mode interface-radio Instance Configures the radio’s RF mode Supported in the following platforms: • Wireless Controller — RFS4011 Syntax rf-mode [2.4GHz-wlan|4.9GHz-wlan|5GHz-wlan|sensor] Parameters • rf-mode [2.4GHz-wlan|4.9GHz-wlan|5GHz-wlan|sensor] rf-mode Configures the radio RF mode 2.4GHz-wlan Provides WLAN service in the 2.4GHz bandwidth 4.9GHz-wlan Provides WLAN service in the 4.
PAGE 1058
23 - 40 WiNG 5.2.6 Wireless Controller CLI Reference Guide 23.1.
PAGE 1059
INTERFACE-RADIO COMMANDS 23 - 41 23.1.28 rts-threshold interface-radio Instance Configures the RTS threshold value on this radio Supported in the following platforms: • Wireless Controller — RFS4011 Syntax rts-threshold <1-2347> Parameters • rts-threshold <1-2347> <1-2347> Specify the RTS threshold value from 0 - 2347 bytes.
PAGE 1060
23 - 42 WiNG 5.2.6 Wireless Controller CLI Reference Guide 23.1.
PAGE 1061
INTERFACE-RADIO COMMANDS 23 - 43 23.1.
PAGE 1062
23 - 44 WiNG 5.2.6 Wireless Controller CLI Reference Guide 23.1.31 stbc interface-radio Instance Configures radio’s Space Time Block Coding (STBC) mode. STBC is a pre-transmission encoding scheme providing an improved SNR ratio (even at a single RF receiver). STBC transmits multiple data stream copies across multiple antennas. The receiver combines the multiple copies into one to retrieve data from the signal.
PAGE 1063
INTERFACE-RADIO COMMANDS 23 - 45 23.1.32 txbf interface-radio Instance Enables transmit Beamforming on the selected radio. Transmit Beamforming enhances the reliability and performance of beamformed links by allowing the transmitter to generate signals that can be optimally received. The transmitter sends out a sounding signal and listens for a response from the receiver.
PAGE 1064
23 - 46 WiNG 5.2.6 Wireless Controller CLI Reference Guide Examples RFS4000-880DA7(config-profile-default_RFS4000-if-radio1)#txbf explicitnoncompressed-compressed RFS4000-880DA7(config-profile-default_RFS4000-if-radio1)#show context interface radio1 rf-mode sensor placement outdoor mesh preferred-peer 2 11-22-33-44-55-66 .........................................................
PAGE 1065
INTERFACE-RADIO COMMANDS 23 - 47 23.1.
PAGE 1066
23 - 48 WiNG 5.2.6 Wireless Controller CLI Reference Guide 23.1.34 wireless-client interface-radio Instance Configures wireless client parameters on this radio Supported in the following platforms: • Wireless Controller — RFS4011 Syntax wireless-client tx-power [<0-20>|mode] wireless-client tx-power mode [802.11d {symbol-ie}|symbol-ie {802.
PAGE 1067
INTERFACE-RADIO COMMANDS 23 - 49 23.1.35 wlan interface-radio Instance Enables a WLAN on this radio Supported in the following platforms: • Wireless Controller — RFS4011 Syntax wlan {bss|primary} wlan bss <1-8> {primary} Parameters • wlan bss <1-8> {primary} {bss <1-8> |primary} Specify the WLAN name (it must have been already created and configured) • bss <1-8> – Optional.
PAGE 1068
23 - 50 WiNG 5.2.
PAGE 1069
CHAPTER 24 AAA-TACACS-POLICY This chapter summarizes the Terminal Access Control Access-Control System (TACACS) policy commands within the CLI structure. Use the (config) instance to configure AAA-TACACS policy commands.
PAGE 1070
24 - 2 WiNG 5.2.6 Wireless Controller CLI Reference Guide 24.1 aaa-tacacs-policy Table 24.1 summarizes AAA-TACACS policy configuration commands. Table 24.
PAGE 1071
AAA-TACACS-POLICY 24 - 3 24.1.1 accounting aaa-tacacs-policy Configures the server type and interval at which interim accounting updates are sent to the server. Up to 2 accounting servers can be configured.
PAGE 1072
24 - 4 WiNG 5.2.6 Wireless Controller CLI Reference Guide authenticated-servernumber Sets the authentication server as the accounting server This parameter indicates the same server is used for authentication and accounting. The server is referred to by its index or number. authorized-server-host Sets the authentication server as the accounting server This parameter indicates the same server is used for authentication and accounting. The server is referred to by its hostname.
PAGE 1073
AAA-TACACS-POLICY 24 - 5 Examples rfs7000-37FABE(config-aaa-tacacs-policy-test)#accounting auth-fail rfs7000-37FABE(config-aaa-tacacs-policy-test)# rfs7000-37FABE(config-aaa-tacacs-policy-test)#accounting commands rfs7000-37FABE(config-aaa-tacacs-policy-test)# rfs7000-37FABE(config-aaa-tacacs-policy-test)#accounting server preference none rfs7000-37FABE(config-aaa-tacacs-policy-test)# rfs7000-37FABE(config-aaa-tacacs-policy-test)#accounting server preference authenticated-server-host rfs7000-37FABE(config
PAGE 1074
24 - 6 WiNG 5.2.6 Wireless Controller CLI Reference Guide 24.1.
PAGE 1075
AAA-TACACS-POLICY 24 - 7 port <1-65535> Optional. Specifies the RADIUS server port (this port is used to connect to the RADIUS server) • <1-65535> – Specify a value from 1 - 65535. • authentication server <1-2> retry-timeout-factor <50-200> server <1-2> Configures a RADIUS authentication server. Up to 2 RADIUS servers can be configured • <1-2> – Specify the RADIUS server index from 1 - 2.
PAGE 1076
24 - 8 WiNG 5.2.6 Wireless Controller CLI Reference Guide 24.1.
PAGE 1077
AAA-TACACS-POLICY 24 - 9 • authorization server <1-2> retry-timeout-factor <50-200> server <1-2> Configures a RADIUS authorization server. Up to 2 RADIUS servers can be configured • <1-2> – Specify the RADIUS server index from 1 - 2. retry-timeout-factor <50-200> Configures the scaling of timeouts between two consecutive RADIUS authorization retries • <50-200> – Specify the scaling factor from 50 - 200.
PAGE 1078
24 - 10 WiNG 5.2.6 Wireless Controller CLI Reference Guide 24.1.
PAGE 1079
CHAPTER 25 FIREWALL LOGGING This chapter summarizes firewall logging commands within the CLI. The firewall uses logging to send system messages to one or more logging destinations, where they can be collected, archived and reviewed. Set the logging level to define which messages are sent to each of the target destinations.
PAGE 1080
25 - 2 WiNG 5.2.6 Wireless Controller CLI Reference Guide 25.
PAGE 1081
FIREWALL LOGGING 25 - 3 25.1.
PAGE 1082
25 - 4 WiNG 5.2.6 Wireless Controller CLI Reference Guide 25.1.2 FTP data connection log An ACL rule has to be applied and logging has to be enabled to generate a FTP data collection log. The FTP connection is Control Connection Jul 25 11:10:17 2011: %DATAPLANE-5-LOGRULEHIT: Matched ACL:ftpuser:ip Rule:0 Disposition:Allow Packet Src MAC:<00-19-B9-6B-DA-77> Dst MAC:<00-15-70-81-91-6A> Ethertype:0x0800 Src IP:192.168.1.99 Dst IP:192.168.2.
PAGE 1083
FIREWALL LOGGING 25 - 5 25.1.3 UDP packets log In both DHCP release and DHCP renew scenarios, the destination port 67 is logged. DHCP Release Jul 25 11:57:43 2011: %DATAPLANE-5-LOGRULEHIT: Matched ACL:ftpuser:ip Rule:1 Disposition:Allow Packet Src MAC:<00-11-25-14-D9-E2> Dst MAC:<00-15-70-81-91-6A> Ethertype:0x0800 Src IP:192.168.2.102 Dst IP:172.16.31.196 Proto:17 Src Port:68 Dst Port:67.
PAGE 1084
25 - 6 WiNG 5.2.6 Wireless Controller CLI Reference Guide 25.1.4 ICMP type logs The example below displays an ICMP Type as 13 and an ICMP Code as 0: Jul 25 12:00:00 2011: %DATAPLANE-5-LOGRULEHIT: Matched ACL:ftpuser:ip Rule:0 Disposition:Allow Packet Src MAC:<00-11-25-14-D9-E2> Dst MAC:<00-15-70-81-91-6A> Ethertype:0x0800 Src IP:192.168.2.102 Dst IP:192.168.1.103 Proto:1 ICMP Type:13 ICMP Code:0.
PAGE 1085
FIREWALL LOGGING 25 - 7 25.1.5 ICMP type logs The following example displays an ICMP Type as 3 and a Code as 3: Jul 25 12:03:00 2011: %DATAPLANE-5-ICMPPKTDROP: Dropping ICMP Packet from 192.168.1.104 to 192.168.2.102, with ProtocolNumber:1 ICMP code 3 and ICMP type 3. Reason: no flow matching payload of ICMP Error.
PAGE 1086
25 - 8 WiNG 5.2.6 Wireless Controller CLI Reference Guide 25.1.6 Raw IP Protocol logs The following example displays a TCP header length as less than 20 bytes: Jul 25 12:11:50 2011: %DATAPLANE-4-DOSATTACK: INVALID PACKET: TCP header length less than 20 bytes : Src IP : 192.168.2.102, Dst IP: 192.168.1.104, Src Mac: 00-11-25-14-D9-E2, Dst Mac: 00-15-70-81-91-6A, Proto = 6.
PAGE 1087
FIREWALL LOGGING 25 - 9 25.1.7 Raw IP Protocol logs The following example displays TCP without data: Jul 25 12:16:50 2011: %DATAPLANE-4-DOSATTACK: INVALID PACKET: TCP header length less than 20 bytes : Src IP : 192.168.2.102, Dst IP: 192.168.1.104, Src Mac: 00-11-25-14-D9-E2, Dst Mac: 00-15-70-81-91-6A, Proto = 6. Jul 25 12:16:55 2011: %DATAPLANE-5-MALFORMEDIP: Dropping IPv4 Packet from 192.168.2.102 to 192.168.1.104 Protocol Number: 6. Reason: malformed TCP header.
PAGE 1088
25 - 10 WiNG 5.2.6 Wireless Controller CLI Reference Guide 25.1.8 Firewall startup log The following example displays an enabled firewall. A firewall enabled message is displayed in bold. System bootup time (via /proc/uptime) was 93.42 42.52 Please press Enter to activate this console. May 19 20:10:09 2010: %NSM-4-IFUP: Interface vlan2 is up Jul 25 12:25:09 2011: KERN: vlan2: add 01:00:5e:00:00:01 mcast address to master interface.
PAGE 1089
FIREWALL LOGGING 25 - 11 25.1.9 Manual time change log The following example displays the manual time change log. The clock is manually set to Jul 25 12:25:33 2011.
PAGE 1090
25 - 12 WiNG 5.2.6 Wireless Controller CLI Reference Guide 25.1.
PAGE 1091
FIREWALL LOGGING 25 - 13 IP ACL on GE Port Remove July 28 12:49:20 2011: %CFGD-6-ACL_ATTACHED_ALTERED: USER: root session 3: ACL attached to interface ge1 is getting altered. MAC ACL on GE Port Attach July 28 12:49:22 2011: %CFGD-6-ACL_ATTACHED_ALTERED: USER: root session 3: ACL attached to interface ge1 is getting altered. MAC ACL on GE Port Remove July 28 12:49:24 2011: %CFGD-6-ACL_ATTACHED_ALTERED: USER: root session 3: ACL attached to interface ge1 is getting altered.
PAGE 1092
25 - 14 WiNG 5.2.6 Wireless Controller CLI Reference Guide 25.1.11 TCP Reset Packets log For any change in the TCP configuration, a TCP reset log is generated. The following example displays the initial TCP packets permitted before the session timedout: July 28 20:31:26 2011: %DATAPLANE-5-LOGRULEHIT: Matched ACL:ftpuser:ip Rule:1 Disposition:Allow Packet Src MAC:<00-19-B9-6B-DA-77> Dst MAC:<00-15-70-81-91-6A> Ethertype:0x0800 Src IP:192.168.1.99 Dst IP:192.168.2.102 Proto:6 Src Port:3318 Dst Port:21.
PAGE 1093
FIREWALL LOGGING 25 - 15 25.1.12 ICMP Destination log The following example displays an ICMP destination as unreachable when no matching payload is found: July 28 19:57:09 2011: %DATAPLANE-5-ICMPPKTDROP: Dropping ICMP Packet from 192.168.1.104 to 192.168.2.102, with ProtocolNumber:1 ICMP code 3 and ICMP type 3. Reason: no flow matching payload of ICMP Error. July 28 19:57:09 2011: %DATAPLANE-5-ICMPPKTDROP: Dropping ICMP Packet from 192.168.1.104 to 192.168.2.
PAGE 1094
25 - 16 WiNG 5.2.6 Wireless Controller CLI Reference Guide 25.1.13 ICMP Packet log July 28 20:37:04 2011: %DATAPLANE-5-LOGRULEHIT: Matched ACL:ftpuser:ip Rule:0 Disposition:Drop Packet Src MAC:<00-19-B9-6B-DA-77> Dst MAC:<00-15-70-81-91-6A> Ethertype:0x0800 Src IP:192.168.1.99 Dst IP:192.168.1.1 Proto:1 ICMP Type:8 ICMP Code:0. July 28 20:37:08 2011: %DATAPLANE-5-ICMPPKTDROP: Dropping ICMP Packet from 192.168.2.1 to 172.16.31.196, with Protocol Number:1 ICMP code 3 and ICMP type 3.
PAGE 1095
FIREWALL LOGGING 25 - 17 25.1.14 SSH connection log A SSH connection is enabled on the wireless controller using factory settings. Running primary software, version 5.2.6.0-048D Alternate software secondary, version 5.0.0.0-81243X Software fallback feature is enabled System bootup time (via /proc/uptime) was 126.10 92.38 Please press Enter to activate this console.
PAGE 1096
25 - 18 WiNG 5.2.6 Wireless Controller CLI Reference Guide 25.1.15 Allowed/Dropped Packets Log The following example displays disposition information regarding allow/deny packets: Allow Packets CCB:0:Matched ACL:ftpuser:ip Rule:1 Disposition:Allow Packet Src MAC:<00-11-25-14-D9-E2> Dst MAC:<00-15-70-8191-6A> Ethertype:0x0800 Src IP:192.168.2.102 Dst IP:192.168.2.
PAGE 1097
APPENDIX A CONTROLLER MANAGED WLAN USE CASE This section describes the activities required to configure a wireless controller managed WLAN. Instructions are provided using the wireless controller CLI.
PAGE 1098
A-2 WiNG 5.2.6 Wireless Controller CLI Reference Guide A.1 Creating a First Controller Managed WLAN It is assumed you have a RFS4000 wireless controller with the latest build available from Motorola Solutions. It is also assumed you have one AP7131 model access point and one AP650 model access point, both with the latest firmware available from Motorola Solutions.
PAGE 1099
A-3 On the RFS4000 wireless controller, the GE1 interface is connected to an external network. Interfaces GE3 and GE4 are used by the access points. On the external network, the wireless controller is assigned an IP address of 192.168.10.188. The wireless controller acts as a DHCP server for the wireless clients connecting to it, and assigns IP addresses in the range of 172.16.11.11 to 172.16.11.200. The rest of IPs in the range are reserved for devices requiring static IP addresses. A.1.
PAGE 1100
A-4 WiNG 5.2.6 Wireless Controller CLI Reference Guide A.1.3.2 Creating a RF Domain Using the Command Line Interface to Configure the WLAN A RF Domain is a collection of configuration settings specific to devices located at the same physical deployment, such as a building or a floor. Create a RF Domain and assign the country code where the devices are deployed. This is a mandatory step, and the devices will not function as intended if this step is omitted.
PAGE 1101
A-5 A.1.3.3 Creating a Wireless Controller Profile Using the Command Line Interface to Configure the WLAN The first step in creating a WLAN is to configure a profile defining the parameters applied to a wireless controller. To create a profile: RFS4000(config)#profile RFS4000 RFS4000_UseCase1 RFS4000(config-profile-RFS4000_UseCase1)# This creates a profile with the name RFS4000_UseCase1 and moves the cursor into its context.
PAGE 1102
A-6 WiNG 5.2.6 Wireless Controller CLI Reference Guide RFS4000(config-wlan-1)#ssid WLAN_USECASE_01 Enable the SSID to be broadcast so wireless clients can find it and associate. RFS4000(config-wlan-1)#broadcast-ssid Associate the VLAN to the WLAN and exit. RFS4000(config-wlan-1)#vlan 2 RFS4000(config-wlan-1)#exit Commit the Changes Once these changes have been made, they have to be committed before proceeding. RFS4000(config)#commit write A.1.3.
PAGE 1103
A-7 Commit the changes made to this profile and exit. RFS4000(config-profile-AP650_UseCase1)#commit write RFS4000(config-profile-AP650_UseCase1)#exit RFS4000(config)# Apply this Profile to the Discovered AP650 Access the discovered access point using the following command. The discovered device’s MAC address is used to access its context. RFS4000(config)#AP650 00-A0-F8-00-00-01 RFS4000(config-device-00-A0-F8-00-00-01)# Assign the AP profile to this AP650 access point.
PAGE 1104
A-8 WiNG 5.2.6 Wireless Controller CLI Reference Guide RFS4000(config-profile-AP7131_UseCase1)#interface radio 1 RFS4000(config-profile-AP7131_UseCase1-if-radio1)#wlan 1 RFS4000(config-profile-AP7131_UseCase1-if-radio1)#exit RFS4000(config-profile-AP7131_UseCase1)#interface radio 2 RFS4000(config-profile-AP7131_UseCase1-if-radio2)#wlan 1 RFS4000(config-profile-AP7131_UseCase1-if-radio2)#exit RFS4000(config-profile-AP7131_UseCase1)# Commit the changes made to the profile and exit this context.
PAGE 1105
A-9 In the table, the IP address range of 172.16.11.11 to 172.16.11.200 is available using the DHCP server. To configure the DHCP server: RFS4000-37FABE(config-dhcp-policy-DHCP_POLICY_UseCase1)#dhcp-pool DHCP_POOL_USECASE1_01 RFS4000-37FABE(config-dhcp-policy-DHCP_POLICY_UseCase1-poolDHCP_POOL_USECASE1_01)# Configure the address range as follows: RFS4000-37FABE(config-dhcp-policy-DHCP_POLICY_UseCase1-poolDHCP_POOL_USECASE1_01)#address range 172.16.11.11 172.16.11.
PAGE 1106
A - 10 WiNG 5.2.
PAGE 1107
APPENDIX B CUSTOMER SUPPORT Motorola Solutions Enterprise Mobility Support Center If you have a problem with your equipment, contact support for your region. Support and issue resolution is provided for products under warranty or that are covered by a service agreement. Contact information and Web self-service is available by visiting http://supportcentral.motorola.
PAGE 1108
B-2 WiNG 5.2.
PAGE 1109
PAGE 1110
Motorola Solutions, Inc. 1301 E. Algonquin Rd. Schaumburg, IL 60196-1078, U.S.A. http://www.motorolasolutions.com MOTOROLA, MOTO, MOTOROLA SOLUTIONS and the Stylized M Logo are trademarks or registered trademarks of Motorola Trademark Holdings, LLC and are used under license. All other trademarks are the property of their respective owners. © 2012 Motorola Solutions, Inc. All Rights Reserved.