Manuals / 3Com / Computer Equipment / Switch

3Com 3CRWX120695A, 3CRWX440095A manual By Icmp packets, By TCP packets, By UDP packets

Models: 3CRWX120695A 3CRWX440095A

1 536

Download 536 pages 47.14 Kb

Page 385

set security acl 385

By ICMP packets

Syntax — set security acl ip acl-name{permit [cos cos] deny} icmp {source-ip-addr mask destination-ip-addr mask [type icmp-type] [code icmp-code] [precedence precedence ] [tos tos] [before editbuffer-index modify editbuffer-index] [hits]

By TCP packets

Syntax — set security acl ip acl-name{permit [cos cos] deny} tcp {source-ip-addr mask [operator port [port2]] destination-ip-addr mask [operator port [port2]]} [precedence precedence] [tos tos] [established] [before editbuffer-index modify editbuffer-index] [hits]

By UDP packets

Syntax — set security acl ip acl-name{permit [cos cos] deny} udp {source-ip-addr mask [operator port [port2]] destination-ip-addr mask [operator port [port2]]} [precedence precedence] [tos tos] [before editbuffer-index modify editbuffer-index] [hits]

acl-name— Security ACL name. ACL names must be unique within the WX switch, must start with a letter, and are case-insensitive. Specify an ACL name of up to 32 of the following characters:

Letters a through z and A through Z

Numbers 0 through 9

Hyphen (-), underscore (_), and period (.)

3Com recommends that you do not use the same name with different capitalizations for ACLs. For example, do not configure two separate ACLs with the names acl_123 and ACL_123.

In an ACL name, do not include the term all, default-action, map, help, or editbuffer.

permit — Allows traffic that matches the conditions in the ACE.

cos cos — For permitted packets, a class-of-service (CoS) level for packet handling. Specify a value from 0 through 7:

1 or 2—Background. Packets are queued in MAP forwarding queue 4.

Image 385

3Com 3CRWX120695A, 3CRWX440095A manual By Icmp packets, By TCP packets, By UDP packets

Contents

3CRWX120695A, 3CRWX440095A Wireless LAN Mobility System3Com Corporation 350 Campus Drive Marlborough, MA USA Contents Set system location Clear banner motd Clear history Clear promptVlan Commands 142 Set ip ssh 143 131 Ping 132 Set arp 133 Set arp agingtime 134144 147 Set ntp 148183 169Display location policy 185 Display mobility-profile 228 MAP Access Point Commands by Usage234 241261 Reset ap dap 264 254 Display dap unconfigured 256 Display radio-profile 257319 311326 327Set spantree 335337 345369 Commands by Usage 393Clear security acl 370 Clear security acl map 371 373444 435446 466 465 Set rf detect countermeasuresSet rfdetect ignore 467 Set rfdetect log 468 480Fver 519 Help 520 Next 521 Reset 522 Test 523 Commands by Usage 491 Clear log trace Clear trace 492496 Set trace sm 497 517Register Your Product 527 VersionList conventions that are used throughout this guide Conventions„ Wireless LAN Switch and Controller Release Notes „ Wireless LAN Switch Manager 3WXM Release NotesDocumentation Pddtechpubscomments@3com.com Comments„ Document title „ Document part number and revision on the titleAbout this Guide Overview Clear interface vlan-idip Set enablepassClear fdb dynamic port port-list vlan vlan-id Conventions Text EntryMAC Address NotationSubnet Masks MasksWildcard Masks User GlobsMAC Address Globs Gives examples of user globsUser Globs Vlan Globs WX1200# set port enableMatching Order for Globs „ a single port number. For exampleWX1200# reset port Command-LineEditing Operating systemsWX1200# display i Tab At your access level, type the help command. For example Using CLI HelpWX1200# display i? Set ap dap name command has the following complete syntax Understanding Command DescriptionsWX1200# display ip ? WX1200# display ip telnetUnderstanding Command Descriptions Using the COMMAND-LINE Interface Disable Commands byTo located commands in this chapter based on their use Syntax disable Defaults NoneQuit EnableSet enablepass Access Commands To located commands in this chapter based on their use System Service CommandsClear banner motd Banner with an empty banner by typing the following commandClear history „ display banner motd onClear system Clear promptMotd Display bannerBase-information DisplayDisplay license Display system Defaults None Access All„ set license on Shows system informationDisplay system output Describes the fields of display system outputNvram size /SDRAM size percent of total Help WX switchSyntax help Syntax history HistorySee Also „ clear history on See Also „ clear banner motd on „ display banner motd on Set confirmThat might have a large impact on the network Syntax set confirm on offExamples To turn off these confirmation messages, type Set lengthWX4400# clear vlan red WX4400# set confirm offSet license Installs an upgrade license, for managing more MAPsSee Also „ display license on Syntax set prompt string Set promptSet system Set system contact Stores a contact name for the WX switchCountrycode Syntax set system contact stringCountry Code Using any set ap commands to configure a MAP Defaults The factory default country code is NoneIp-address Mobility DomainSyntax set system location string See Also „ clear system on „ display system onSyntax set system name string „ set system contact on „ set system name onSystem Service Commands Locate commands in this chapter based on their use Port CommandsClear dap That are using the MAPRemoves a Distributed MAP „ set dap on„ name name Name of the port group Clear port-groupSee Also „ set port-groupon „ display port-groupon Clear port name Removes the name assigned to a portPreference Clear portSee Also „ display port status on „ set port name on Interface for the active linkClear port type Network port defaultsNetwork port PortCounters Display portDescribes the fields in the display port-group output Display port-groupShows port group informationOutput for display port-group Describes the fields in this display See Also „ clear port-groupon „ set port-grouponOutput for display port poe Syntax display port poe port-listAll four ports of a WX4400 switch Usage This command applies only to the WX4400„ set port poe on Specified portsSyntax display port status port-list Output for display port preferenceWX1200# display port status Output for display port statusSee Also „ clear port type on Monitor port„ set port negotiation on „ set port speed onKey Controls for Monitor Port Counters Display WX4400# monitor port counters Output for monitor port countersCorrect length but contained an invalid See Also „ display port counters on Set dap Reset portPort Commands Set dap Fol1owing command reenables the port Examples The following command disables portAdministratively disables or reenables a port Set portSingle logical link Configured together as a single logical linkWith no spaces Set port name Name or number in other CLI commandsSee Also „ clear port-groupon „ display port-groupon See Also „ clear port name on „ display port status onSet port poe Set port negotiationResult See Also „ set port type ap on „ set port type wired-authon Following command enables PoE on ports 4WX1200# set port poe 4,5 disable WX1200# set port poe 4,5 enableChanges the speed of a port Set port speedWX4400# set port preference 2 rj45 Syntax set port speed port-list10 100 1000 autoSet port trap Set snmp trap commandSet port type ap „ poe enable disable Power over Ethernet PoE state Antenna model, use the following commandDefaults All WX ports are network ports by default „ 11a 802.11a „ 11b 802.11b „ 11g 802.11gSTP MAP Access Port DefaultsSet port type Wired-authWX1200# set port type wired-auth 2 success change accepted Wired Authentication Port DetailsSee Also „ clear port type on „ set port type ap on Vlan Commands Deletes an entry from the forwarding database FDB Clear fdbSyntax clear fdb perm static dynamic WX4400# clear fdb static vlan blue success change accepted„ display fdb on Clear vlanPort from the VLAN, make sure you specify the port number See Also „ set vlan port on „ display vlan config on Following command completely removes Vlan marigoldDisplay fdb Displays entries in the forwarding databaseWX4400# display fdb all Describes the fields in the display fdb output AgingtimeSee Also „ clear fdb on Output for display fdbWX1200# display fdb agingtime See Also „ set fdb agingtime onSyntax display fdb count perm static dynamic Station Display roamingSee Also „ display roaming vlan on Describes the fields in the displayOutput for display roaming station Syntax display roaming vlan Output for display roaming vlanWX4400# display roaming vlan Display tunnel See Also „ display vlan config onOutput for display tunnel Syntax display tunnelOutput for display vlan config Display vlan configSyntax display vlan config vlan-id WX1200# display vlan config burgundyAdds a permanent or static entry to the forwarding database Set fdbSyntax set fdb perm static See Also „ clear fdb on „ display fdb on See Also „ display fdb agingtime on Set vlan nameVlan 4094 is reserved for WebAAA Creates a Vlan and assigns a number and name to itSet vlan port Tunnel-affinity Set vlanSee Also „ display roaming vlan on „ display vlan config on To locate commands in this chapter based on their use IP Services CommandsDNS IP Services Commands by UsageRemoves an IP interface Clear interfaceSyntax clear interface vlan-idip History Introduced in MSS Version Access EnabledSee Also „ display ip alias on WX1200# clear ip dns domainClear ip route Clear ip dns server„ set ip dns domain on „ set ip dns server on„ display ip route on Clear ip telnet„ set ip route on Clear ntp server Update-intervalClear ntp Clear snmp trap „ set ntp server on „ set ntp update-intervalonReceiver See Also „ clear ntp server on „ display ntp onClear summertime Following command CommandClear timezone Examples To clear the system IP address, type the followingDisplay timedate on Display arpDisplay timezone on Shows the ARP table„ set arp agingtime on „ set arp onSyntax display interface vlan-id Display ip alias Shows the IP aliases configured on the wireless LAN switchSee Also „ set interface on „ set interface status on Output for display interfaceDisplay ip dns Examples The following command displays the DNS information„ clear ip alias on „ set ip alias onShows information about the Https management port Display ip httpsOutput for display ip dns Syntax display ip httpsWX4400# display ip https Output for display ip httpsShows the IP route table Display ip routeSyntax display ip route destination WX4400# display ip routeFieldDescription Output of display ip routeSyntax display ip telnet Output for display ip telnetWX4400 display ip telnet Display ntp Examples To display NTP information for a WX switch, typeShows NTP client information Output for display ntp„ set ntp server on „ set summertime on „ set timezone on Shows Snmp settings on a wireless LAN switch ConfigurationExamples To display Snmp settings on a WX switch, type Display snmpOutput of display snmp configuration Summertime Defaults There is no summertime offset by defaultSyntax display summertime WX1200# display summertimeSyntax display timezone WX1200# display timedateWX4400# display timezone „ set timedate on „ set timezone on Defaults „ count„ traceroute on Set arpSee Also „ set arp agingtime on Following command disables ARP agingSyntax set arp agingtime seconds WX1200# set arp agingtimeSet interface Syntax set interface vlan-idstatus up down WX1200# set interface mauve ip 10.10.20.10Set ip alias Aliases as shortcuts in CLI commandsSet ip dns See Also „ clear ip alias on „ display ip alias onWX1200# set ip dns domain example.com Syntax set ip dns domain nameSyntax set ip dns server ip-addrprimary secondary Set ip route WX switch is also disabledAdds a static route to the IP route table Set ip route Syntax set ip snmp server enable disable Set ip ssh See Also „ set ip ssh absolute-timeouton„ clear snmp trap receiver on Secure Shell SSH management traffic„ set ip ssh idle-timeouton „ set ip ssh server on Absolute-timeoutSyntax set ip ssh absolute-timeout minutes Or idleAlso disabled Idle-timeoutSet ip ssh server Set ip telnet WX4400# set ip telnet server enable success change accepted Syntax set ip telnet server enable disableEnables or disables the NTP client on a wireless LAN switch Examples The following command enables the NTP clientConfigures a wireless LAN switch to use an NTP server Set ntpImplementation and Analysis RFC 1305, Network Time Protocol Version 3 SpecificationNTP server From 16 through 1,024 secondsCommunity Set snmpPublic and private „ disable Disables the sending of trap information „ enable Enables trap information to be sent„ all Enables or disables all traps Sends an Snmp trap message to any network management systemSnmp Trap Names Defaults All traps are disabled by default Access EnabledSee Also „ clear snmp trap receiver on Set snmp trapIP Services Commands Values To PDT Pacific Daylight Time, type the following commandDate is within the summertime period FollowingSet timedate Sets the time of day and date on the wireless LAN switch„ date mmm dd yyyy System date „ time hhmmss System time, in hours, minutes, and secondsWX4400# set timedate date feb 29 2004 time Set timezoneTime now is Sun Feb 29 2004, 235802 PST Opens a Telnet client session with a remote device TelnetWX1200# set timezone PST WX4400# telnet See Also „ clear sessions on „ display sessions on„ dnf Disabled „ no-dns- Disabled „ port DefaultsTraceroute „ queries „ size „ ttlWX4400# traceroute server1 Error messages for traceroute„ ping on This chapter presents AAA commands alphabetically. Use to Locate commands in this chapter based on their useAAA Commands by Usage Display accounting statistics on WX4400# clear accounting dot1x Nin Syntax clear accounting admin dot1x user-globAdmin Clear authenticationWX4400# clear authentication console Regina Syntax clear authentication console user-globConsoleConsole Syntax clear authentication dot1x ssid ssid-namewired Syntax clear authentication last-resort ssid ssid-namewired Clear authentication Removes a MAC authentication rule. macWX4400# clear authentication last-resort wired Syntax clear authentication mac ssid ssid-namewiredWX4400# clear authentication mac ssid thatcorp aabbcc Clear authentication Removes a WebAAA rule. webSyntax clear authentication web ssid ssid-namewired Syntax clear location policy rule-number „ display location policy on Clear mac-user„ set location policy on See Also „ display aaa on „ set mac-usergroup attr onGroup Clear mac-user attr„ set mac-user attr on Mac-usergroup ClearMac-usergroup attr Mac-user group command„ clear mac-usergroup attr on Clear user Mobility-profileSee Also „ display aaa on Clear user attrClear usergroup Clear user groupSyntax clear usergroup group-name „ group-name- Name of an existing user groupWX4400# clear usergroup cardiology success change accepted Display aaa Displays all current AAA settingsTime-Of-Day attribute from the group Display aaa Output Describes the fields that can appear in display aaa outputUser’s password, and no global password is set Display accounting Stored in the local database on the WX switchStatistics Statistics outputAaattyattr Policy Display location„ clear location policy on Set accounting Admin consoleAre sent Accesses the switch using Telnet or Web Manager Server when the user roamsAuthenticated by Authenticated by MAC authenticationAAA Commands Set authentication AAA Commands Completing logon Through the switch’s consoleGlobs on Following methods in priority order. MSS applies multipleFor more information, see Usage Syntax set authentication dot1x ssid ssid-namewired AAA Commands Set authentication dot1x Success change accepted Syntax set authentication last-resort AAA Commands Syntax set authentication mac AAA Commands Syntax set authentication web ssid ssid-namewired AAA Commands Set location policy AAA Commands Set location policy WX4400# set location policy deny if user eq *.theirfirm.com Tempvendora into Vlan kiosk1 Set mac-userSee Also „ clear mac-useron „ display aaa on Authentication Attributes for Local Users Filter-id outboundacl.out Authentication Attributes for Local UsersYY/MM/DD-HHMM Time-of-day WX4400# set mac-user 010203040506 attr filter-id acl-03.in Syntax set mac-usergroup See Also „ clear mac-user attr on „ display aaa onSyntax set mobility-profile name name port none all See Also „ clear mac-usergroup attr on „ display aaa onAAA Commands „ set user attr on „ set usergroup on Syntax set mobility-profile mode enable disable29Jan04 Set userSee Also „ clear user on „ display aaa on Orange Set user attrSee Also „ clear user attr on „ display aaa on Set usergroup Set user group„ clear user group on Syntax set web-aaa enable disable To add a user to a group, user the command set user groupSet web-aaa WX4400# set web-aaa disable success change accepted Examples To disable WebAAA, type the following commandMobility Domain Commands by Usage To locate commands in this chapter based on their useMember Mobility-domainDisplays the configuration of the Mobility Domain Display mobility-domain configStatus See Also „ set mobility-domain member onWX4400# display mobility-domain status Display mobility-domain Output„ display mobility-domain config on Mode memberSet Seed-ipSyntax set mobility-domain mode seed domain-name Set mobility-domain mode seed domain-nameDomain name is Pleasanton Mobility Domain Commands Commands Managed Access Point Commands Map Access Point Commands by Usage Radio Clear ap dapSyntax clear radio-profile name parameter WX1200# clear ap 3 radioSyntax clear service-profile name „ name Service profile nameSee Also „ clear radio-profileon „ set radio-profile mode on WX1200# display ap config Output for display ap configWX4400# display dap config Does not belong to any load balancing groups An associated client MAP access point on port Displays MAP access point and radio statistics countersDisplay ap dap Radio 1 Shows statistics counters for radioTkip Pkt Replays Output for display ap countersSyntax display ap dap etherstats port-listdap-num See Also „ display sessions network onWX4400# display dap etherstats TxMaxColl Output of display ap etherstats„ name Name of an MAP group or Distributed MAP group Syntax display ap status port-listall radio 1 SyntaxWX1200# display ap status WX4400# display dap statusOutput for display ap status Output for display ap status Decide whether to change channel or power settingsOutput for display auto-tune attributes See Also „ display auto-tune neighbors onWX1200# display auto-tune attributes ap 2 radio Neighbors Display auto-tuneDisplay auto-tune Neighbors ap 2 radio Output for display auto-tune neighborsConnection Display dap„ display dap global on „ display dap unconfigured on „ display ap dap config onOutput of display dap connection Dap connection serial-id M9DE48B6EAD00WX4400# display dap global Output for display dap global„ display ap dap config on UnconfiguredBut that are not configured on any WX switches Longer appears in the command’s outputDisplays radio profile information Describes the fields in this displayOutput for display radio-profile WX4400# display radio-profile defaultSetting and tuning channels Ssid Displays service profile information Service-profile„ name Displays information about the named service profile „ ? Displays a list of service profilesUsername „ Tkip countermeasures time Indicates the amount WX1200# reset ap Reset ap dapSyntax set ap port-listdap dap-numbias high low WX4400# set dap 1 bias low success change accepted See Also „ display ap dap config onSyntax set ap port-listdap dap-numblink enable disable WX1200# set ap 3-4 blink enable success change accepted „ display ap dap group on Set ap dap name Changes an MAP nameWX1200# set ap 4 group none success change accepted WX1200# set ap 1 name techpubs success change accepted„ antennatype ANT1060 ANT1120 ANT1180 internal Set ap dap radio antennatype„ antennatype ANT5060 ANT5120 ANT5180 internal Set ap dap radio auto-tune max-power Set ap dap radio auto-tune max- retransmissions Managed Access Point Commands Sets an MAP radio’s channel Set ap dap radio channelSyntax set ap port-listdap dap-numradio 1 WX1200# set ap 5 radio 1 channel 36 success change accepted Set ap dap radio min-client-rateSet ap dap radio min-client-rate Enables or disables a radio on an MAP access point Set ap dap radio modeFollowing command enables radio 2 on ports 1 through Set ap dap radio radio-profile Sets an MAP radio’s transmit power Set ap dap radio tx-powerSet ap dap Upgrade-firmware11g-only Set radio-profileSet radio-profile auto-tune channel-config Syntax set radio-profile name auto-tune channel-holddown Set radio-profile auto-tune channel-holddownSyntax set radio-profile name auto-tune channel-interval Set radio-profile auto-tune channel-intervalSyntax set radio-profile name auto-tune power-backoff-timer Set radio-profile auto-tune power-backoff- timerWX4400# set radio-profile rp2 auto-tune power-backoff-timer Set radio-profile auto-tune power-config Set radio-profile auto-tune power-interval Beacon-interval Service set identifier SsidSpecify from 25 ms to 8191 ms Radio profile rp1 to 200 msSyntax set radio-profile name frag-threshold threshold Syntax set radio-profile name long-retry threshold Syntax set radio-profile name max-rx-lifetime time Mode Max-tx-lifetimeParameter Default Value Defaults for Radio Profile ParametersWX4400# set radio-profile rp1 success change accepted WX4400# set radio-profile rp1 mode enableSyntax set radio-profile name Syntax set radio-profile name rts-threshold threshold Syntax set radio-profile name service-profile name Defaults for Service Profile Parameters297 Defaults for Service Profile Parameters Syntax set radio-profile name short-retry threshold WPA IE Syntax set service-profile Name auth-dot1x enable disableSet service-profile auth-fallthru Syntax set service-profile name auth-psk enable disable Syntax set service-profile name beaconed enable disable Cipher-ccmp Set service-profileCipher-tkip See Also „ set service-profilecipher-ccmpon Use the set service-profile wep commandsCipher-wep104 „ disable Disables 40-bit WEP encryption for WPA clients „ enable Enables 40-bit WEP encryption for WPA clientsDefaults 40-bit WEP encryption is disabled by default Cipher-wep104 commandSyntax set service-profile name psk-phrase passphrase Syntax set service-profile name psk-raw hex Syntax set service-profile name rsn-ie enable disable Syntax set service-profile name ssid-name ssid-name Set service-profile auth-psk commandSee Also „ set service-profilessid-nameon See Also „ set service-profilessid-typeonSyntax set service-profile name tkip-mc-time wait-time Syntax set service-profile name web-aaa-form url Ssid managed by the service profileWeb-aaa-form „ copy on „ dir on Set service-profile wep active-multicast- index„ mkdir on Syntax set service-profile name wep active-unicast-index num Set service-profile wep active-unicast- indexWep key-index Syntax set service-profile name wpa-ie enable disable Table to locate commands in this chapter based on their use STP Commands bySTP Commands by Usage Clear spantree STP root bridge in all VLANs on a WX switchPortcost Syntax clear spantree portcost port-listPortvlancost Portpri„ clear spantree portvlanpri on „ set spantree portpri on„ clear spantree portcost on PortvlanpriSee Also „ display spantree statistics on „ clear spantree portpri onSyntax display spantree Spantree vlan defaultRoot Output for display spantreeDisplay spantree Or disabledBackbonefast „ display spantree blockedports onBlockedports WX switch with backbone fast convergence enabled„ set spantree backbonefast on One or all of its VLANsFor one or more network ports PortfastSee Also „ set spantree portfast on Output for display spantree portfast„ port-list- List of ports Port’s VLANsSyntax display spantree portvlancost port-list Syntax display spantree statisticsWX4400# display spantree statistics Topology change Timer value Hold timer Vlan Vlan ID Output for display spantree statisticsConfigpending Switch is the root or is attempting to become the root Syntax display spantree uplinkfast vlan vlan-id See Also „ clear spantree statistics on„ set spantree uplinkfast on Set spantreeConfigured on a WX switch Examples The following command enables STP on all VLANsFollowing command disables STP on Vlan burgundy An indirect link„ display spantree backbonefast on FwddelayMaxage Issues a topology change messageVLANs to 4 seconds „ all Changes the maximum age on all VLANsSnmp Port Path Cost Defaults Type. lists the defaults for STP port path costPath to the STP root bridge 65,535. STP selects lower-cost paths over higher-cost pathsPortvlancost command Syntax set spantree portpri port-listpriority value See Also „ display spantree portfast on„ all Changes the cost on all VLANs Bridge for a specific Vlan on a wireless LAN switchType. See on To 20 in Vlan mauvePriority 32,768 UplinkfastPink to Primary link failsSee Also „ display spantree uplinkfast on Igmp Commands by Usage Igmp Snooping CommandsDisplay igmp Clear igmp statisticsSee Also display igmp statistics on TTL Output for display igmp TTL Syntax display igmp mrouter vlan vlan-id MrouterWX1200# display igmp Mrouter vlan orange Only one querier Defaults None Access EnabledSyntax display igmp querier vlan vlan-id Output for display igmp mrouter WX1200# display igmp querier vlan defaultWX1200# display igmp querier vlan orange WX1200# display igmp querier vlan red„ set igmp querier on Receiver-tableShows Igmp statistics See Also „ set igmp receiver onVLAN, MSS displays Igmp statistics for all VLANs WX1200# display igmp receiver-table group 237.255.255.0/24WX1200# display igmp statistics vlan orange From the multicast routers in the subnet Output of display igmp statisticsSee Also „ set igmp rv on Wireless LAN switchVLAN, the timer change applies to all VLANs VLANs on a wireless LAN switchSet igmp lmqi From 1 through 65,535Syntax set igmp mrsol enable disable vlan vlan-id Enables or disables multicast router solicitation by a WXSet igmp mrsol See Also „ display igmp statistics onSee Also „ set igmp mrsol on See Also „ set igmp mrsol mrsi onSyntax set igmp mrsol mrsi seconds vlan vlan-id WX1200# set igmp mrsol mrsi 60 success change acceptedAll VLANs on a WX Set igmp oqiSyntax set igmp oqi seconds vlan vlan-id Proxy-report Set igmpSet igmp qi VLANs on a WX Set igmp qriGroup. You can specify a value from 1 through 65,535 WX1200# set igmp qi 100 vlan orange success change acceptedWX1200# set igmp qri 50 vlan orange success change accepted Syntax set igmp querier enable disable vlan vlan-idSee Also „ display igmp querier on Syntax set igmp receiver port port-listenable disableSet igmp rv Defaults The default robustness value for all VLANs isOccurs on the network VLAN, MSS changes the robustness value for all VLANsSecurity ACL Security ACL CommandsSyntax clear security acl acl-name all editbuffer-index Clear security acl map Syntax clear security acl map acl-nameall vlan vlan-id Syntax commit security acl acl-nameall WX4400# clear security acl map all success change acceptedWX4400# display security acl WX4400# commit security acl allSyntax display security acl editbuffer Syntax display security acl hits WX4400# display security acl editbufferWX4400# display security acl hits See Also „ hit-sample-rateon „ set security acl onSyntax display security acl info acl-nameall editbuffer Map Display security aclSecurity ACL is assigned Syntax display security acl map acl-nameACL acl111 is mapped Resource-usageSupport for your Product on WX4400# display security acl map acl111WX4400# display security acl resource-usage Output of display security acl resource-usage Output of display security acl resource-usage Packets filtered by the security ACL or hits Hit-sample-rateSyntax hit-sample-rate seconds Syntax rollback security acl acl-nameall Protocol, or IP, ICMP, TCP, or UDP packet information Set security aclBy TCP packets By Icmp packetsBy UDP packets „ ip „ tcp „ udp „ icmp Set security acl Security ACL Commands WX4400# set security acl ip acl123 deny 192.168.2.11 WX4400# commit security acl all configuration acceptedDefaults None Set security acl map Security ACL Commands Cryptography Commands by Usage To locate commands in this chapter based on their useSyntax crypto ca-certificate admin eap webaaa See Also „ display crypto ca-certificateon Syntax crypto certificate admin eap webaaaExamples The following command installs a certificate WX4400# crypto generate key admin 1024 key pair generated Syntax crypto generate key admin eap ssh webaaa 512 1024See Also display crypto key ssh on Syntax crypto generate request admin eap webaaa Email Address admin@example.com WX4400# crypto generate request adminSee Also „ crypto certificate on „ crypto generate key on Syntax crypto generate self-signed admin eap webaaaWX4400# crypto generate self-signed admin Crypto otp „ crypto pkcs12 on Crypto pkcs12See Also „ crypto otp on Ca-certificate Display cryptoPkcs #7 certificate Display crypto ca-certificate OutputSyntax display crypto certificate admin eap webaaa On the WX switchCertificate Describes the fields of the displaySyntax display crypto key ssh See Also crypto generate key onCryptography Commands Radius Commands by Usage Locate commands in this chapter based on their usesClear radius See Also „ display aaa on „ set radius client system-ipon WX4400# clear radius timeout success change acceptedSyntax clear radius client system-ip Syntax clear radius server server-name See Also „ display aaa on „ set radius server onWX4400# clear radius server rs42 success change accepted Syntax clear server group group-nameload-balance„ set server group on Set radiusSystem-ip Set radius client„ clear radius server on WX4400# set radius client system-ip success change accepted Radius and Server Group Commands Syntax set server group group-namemembers server-name1 „ group-name- Server group name of up to 32 characters Load-balance groupSet server group load-balance Radius and Server Group Commands Commands on On the switch802.1X Commands by Usage PerformanceExamples To reset the Bonded period to its default, type Which disables the featureClear dot1x Bonded-periodSee Also „ display dot1x on „ set dot1x bonded-periodon Port-control„ set dot1x max-reqon „ set dot1x port-controlon Quiet-periodSee Also „ display dot1x on „ set dot1x quiet-periodon Reauth-period Reauth-max„ set dot1x reauth-maxon See Also „ display dot1x on „ set dot1x reauth-periodonAuthentication server, type the following command Defaults The default is 30 secondsAuth-server Before the WX times out a request to a Radius serverTx-period „ set dot1x timeout supplicant onDisplay dot1x „ set dot1x tx-periodonWX4400# display dot1x clients WX1200# display dot1x configExplains the counters in the display dot1x stats output Type the following command to display 802.1X statisticsWX4400# display dot1x stats Set dot1x Port-control commandAuthcontrol Examples To enable per-port 802.1X authentication on wired Authentication is enabledAuthentication ports, type the following command Machine to start reauthentication for the userWX4400# set dot1x key-tx enable Syntax set dot1x key-tx enable disableSee Also „ display dot1x on „ clear dot1x bonded-periodon WX4400# set dot1x bonded-period 60 success change accepted„ clear dot1x max-reqon Set dot1x max-reqSee Also „ display port status on „ display dot1x on To a supplicant after a failed authenticationSyntax set dot1x quiet-period seconds Syntax set dot1x reauth enable disable Before the supplicant client becomes unauthorized Attempts reauthenticationSee Also „ display dot1x on „ clear dot1x reauth-maxon Syntax set dot1x reauth-max number-of-attemptsOut a request to a Radius authentication server Set dot1x timeoutOut an authentication session with a supplicant client SupplicantSyntax set dot1x tx-period seconds See Also „ display dot1x on „ clear dot1x tx-periodonWep-rekey-period Wep-rekeySee Also „ display dot1x on „ set dot1x wep-rekeyon Telnet sessions Clear sessionsVLANs, or session ID NetworkUsers WX4400# clear sessions network mac-addr To clear session 9, type the following commandWX1200# clear sessions network session-id WX1200# clear sessions network user NatashaDisplay sessions WX4400 display sessions console WX4400 display sessions adminWX4400 display sessions telnet Display sessions telnet client Output See Also „ clear sessions onSyntax display sessions network „ display sessions network session-id display See on „ Summary display See on „ Verbose display See onWX1200# display sessions network WX1200# display sessions network mac-addr 00055d7e981aWX1200# display sessions network session-id WX1200# display sessions network verboseAdditional display sessions network verbose Output Display sessions network summary OutputTime Display sessions network session-id Output 802.1X protocol on a wired authentication portSee Also „ clear sessions network on Session Management Commands RF Detection Commands Rfdetect countermeasures mac commands Countermeasures mac commandClear rfdetect CountermeasuresSyntax clear rfdetect ignore mac-addr IgnoreMobility Domain Display rfdetectDomain Syntax display rfdetect countermeasuresSyntax display rfdetect data Radios as well as by third-party access pointsWX1200# display rfdetect data Display rfdetect data OutputRadios, use the display rfdetect data command Display rfdetect data command on that switchIgnore list „ clear rfdetect ignore onWX1200# display rfdetect mobility-domain Display rfdetect mobility-domain Output„ mac-addr- Base MAC address of the 3Com radio Third-party access pointsTo display the base MAC address of a 3Com radio, use Display neighboring BSSIDsWX1200# display rfdetect visible 000b0e000a6a Display rfdetect visible OutputWX1200# display rfdetect Visible ap Radio Active-scan Set rfdetectSet rf detect Starts countermeasures against a specific rogue Set rfdetect countermeasures macSyntax set rfdetect countermeasures mac mac-addr Syntax set rfdetect ignore mac-addr Syntax set rfdetect log enable disable Detected or when they disappearSet rfdetect log See Also „ display log buffer onFile Management Commands Defaults All BackupTape archive tar format HistorySyntax clear boot config Output for backupDescribes the fields in the dir output Copy „ reset system onWX4400# copy floorwx tftp//10.1.1.1/floorwx Delete File or the running configurationImmediately deletes the specified file Syntax delete urlWX4400# delete dang/dangdoc success file deleted DirFollowing command displays the files in the old subdirectory Boot Display boot„ copy on Output for dirDescribes the fields in the display boot output Display configDisplays the configuration running on the WX switch „ area area Configuration area. You can specify oneWX4400# display config area vlan See Also „ load config onAnd, optionally, for any attached MAP access points „ save config onDisplay version Output for display version Describes the fields in the display version outputRunning configuration with the commands in the loaded file Load configSyntax load config url Mkdir Following command loads configuration file testconfig1Creates a new subdirectory in nonvolatile storage „ dir on „ rmdir on Restarts an WX switch and reboots the software Reset systemSyntax reset system force WX4400# reset systemKey pairs and certificates on the switch RestoreOr restoring an archive „ backup on Save configRmdir „ dir on „ mkdir onConfiguration-file Set bootConfiguration Testconfig1Syntax set boot partition boot0 boot1 File Management Commands Deletes the log messages stored in the trace buffer Clear log traceSyntax clear log trace Clear trace Deletes running trace commands and ends trace processes„ set log on Display trace WX switch, or all possible trace optionsSyntax display trace all WX4400# display traceSave trace AuthenticationSet trace About user jose’s authentication AuthorizationTraces authorization information Authorization for MAC addressSee Also „ clear trace on „ display trace on Set trace dot1xSyntax set trace sm mac-addr mac-address port port-num Set trace smTrace Commands Syntax clear log buffer server ip-addr Clear logWX4400# clear log buffer success change accepted See Also „ clear log trace onLog buffer facility ? You can view event messages archived in the bufferWX4400# display log buffer facility AAA Log config „ display log config on„ clear log on „ set log on „ clear log onSyntax display log trace +-/number-of-messages Set log „ enable Enables messages to the specified target „ Logging state enabled or disabled„ trace Sets log parameters for trace files Mbytes Set log traceWX4400# set log trace mbytes 4 success change accepted See Also „ display log config onSystem LOG Commands Boot Prompt Boot Prompt CommandsAutoboot „ BT=type Boot type Boot„ DEV=device Location of the system image file „ FN=filename System image filename„ change on „ display on Syntax change ChangeSyntax create CreateExamples To remove the currently active boot profile, type Usage When you type the delete command, the next-lowerProfiles, see display on Syntax deleteSyntax diag Diag„ fver on „ version on Syntax display Defaults None„ change on „ create on „ delete on „ next on Output of display commandFver „ command-name- Boot prompt command For an individual commandDisplays a list of the boot prompt commands „ ls onNext Syntax next Defaults NoneResets a WX switch’s hardware ResetSyntax reset Command at the boot prompt„ OFF Disables the poweron test flag „ on Enables the poweron test flagDefaults The poweron test flag is disabled by default TestDir or fver command Syntax version Defaults NoneType the following command at the boot prompt Boot version„ dir on „ fver on Boot Prompt Commands Register Your ServicesProduct PurchaseTroubleshoot Access SoftwareOnline DownloadsContact Us Need to apply for a user name and passwordLatsupportanc@3com.com Country Telephone NumberIndex Delete 474, 515 diag Dir 475, 516 disable 33 display Index Index Index Index