Manuals / Brands / Computer Equipment / Switch / 3Com / Computer Equipment / Switch

3Com WX1200 - page 468

1 646

Download 646 pages, 4.48 Mb

468 CHAPTER 14: SECURITY ACL COMMANDS

Contents

Main 3Com Corporation 350 Campus Drive Marlborough, MA USA 01752-3064 C ABOUT THIS GUIDE 1 2 3 4 5 6 7 Page 8 9 10 11 Page 12 13 14 15 16 17 18 19 20 21 22 23 24 A I ABOUT THIS GUIDE Conventions Documentation Documentation Comments Page 1 I Overview CLI Conventions Page Page Page Page Command-Line Editing Page Using CLI Help at your access level, type the help command. For example: Understanding Command Descriptions 2 Commands by disable enable quit set enablepass Page 3 Use system services commands to configure and monitor system information for a WX switch. Tabl e 6 System Services Commands by Usage clear banner motd clear history clear prompt clear system display banner motd display base-information display license display load display system Examples To show system information, type the following command: Table7 describes the fields of display system output. Tabl e 7 display system output Tabl e 7 display system output (continued) help history quickstart set auto-config Page Page set banner motd set confirm set length set license set prompt set system contact set system countrycode Tabl e 8 Country Codes (continued) set system idle-timeout set system set system location set system name Page Page 4 Use port commands to configure and manage individual ports and load-sharing port groups. Tabl e 9 Port Commands by Usage clear dap clear port counters clear port-group clear port media-type clear port name clear port preference clear port type Page display port-group display port poe display port preference display port status Examples The following command displays information for all ports on a WX1200 switch: Table14 describes the fields in this display. Table14 Output for display port status display port media-type monitor port Page Page Page Table17 Output for monitor port counters (continued) reset port set dap Page set port set port-group set port media-type set port name set port negotiation set port poe set port preference set port speed set port trap set port type ap Page Page set port type wired-auth Page Page 5 Table20 VLAN Commands by Usage clear fdb clear security 12-restrict clear security 12-restrict counters clear vlan display fdb Page display fdb agingtime display fdb count display roaming station Table22 Output for display roaming station (continued) display roaming vlan display security 12-restrict display tunnel display vlan config Table26 describes the fields in this display. Table26 Output for display vlan config set fdb set fdb agingtime set security l 2-restrict Page set vlan name set vlan port set vlan tunnel-affinity QUALITY OF SERVICE COMMANDS clear qos set qos cos-to-dscp-map set qos dscp-to-cos-map display qos display qos dscp-table 7 Table28 IP Services Commands by Usage Table28 IP Services Commands by Usage (continued) clear interface clear ip alias clear ip dns domain clear ip dns server clear ip route clear ip telnet clear ntp server clear ntp update-interval clear snmp clear snmp notify clear snmp usm clear summertime clear system clear timezone display arp display dhcp-client Examples The following command displays DHCP client information: Table30 describes the fields in this display. Table30 Output for display dhcp-client display dhcp-server Table31 and Table 32 describe the fields in these displays. Table31 Output for display dhcp-server Table32 Output for display dhcp-server verbose display interface display ip alias display ip dns display ip https display ip route Page display ip telnet display ntp Examples To display NTP information for a WX switch, type the following command: Table39 describes the fields in this display. Table39 Output for display ntp Page display snmp display snmp notify display snmp status display snmp usm display summertime display timedate display timezone ping Page set arp set arp agingtime set interface set interface dhcp-client set interface dhcp-server set interface status set ip alias set ip dns set ip dns domain set ip dns server set ip https server set ip route Page set ip snmp server set ip ssh set ip ssh server set ip telnet set ip telnet server set ntp set ntp server set ntp update-interval set snmp Page Page Page Page Page set snmp notify Page Page Page Page set snmp protocol set snmp security set snmp usm Page Page set summertime Page set timedate set timezone telnet Page traceroute Page Page Page 8 Table41 AAA Commands by Usage (continued) clear accounting clear authentication admin clear authentication console clear authentication dot1x clear authentication last-resort Page clear authentication proxy clear authentication web clear location policy clear mac-user clear mac-user attr clear mac-user group clear mac-usergroup clear mac-usergroup attr clear mobility-profile clear user clear user attr clear user group clear usergroup clear usergroup attr display aaa Table42 describes the fields that can appear in display aaa output. Table42 display aaa Output Table42 display aaa Output (continued) display accounting Table43 display accounting statistics Output (continued) display location policy display mobility-profile set accounting {admin | console} Page set accounting {dot1x | mac | web | last-resort} Page set authentication admin Page set authentication console Page set authentication dot1x Page Page set authentication last-resort Page Page Page Page set authentication proxy set authentication web Page set location policy Page Page Page set mac-user set mac-user attr Page Page Page Page set mac-usergroup attr set mobility-profile Page set mobility-profile set user set user attr set user group set usergroup set web-portal Page Page 9 clear clear mobility-domain member display mobility-domain config display mobility-domain status Page set mobility-domain member set mobility-domain mode member set mobility-domain mode seed domain-name Page NETWORK DOMAIN COMMANDS Network Domain Commands by Page Page clear network-domain peer Page Page Table48 describes the fields in the display. Table48 Radio-Specific Parameters set network-domain mode member set network-domain peer set network-domain mode seed domain-name 11 MAP Access Point Commands by Page Table49 Map Access Point Commands by Usage (continued) clear {ap | dap} radio Page clear radio-profile clear service-profile display {ap | dap} config Table51 describes the fields in this display. Table51 Output for display ap config Table51 Output for display ap config (continued) Page Page Examples The following command shows statistics counters for Distributed MAP 7: Table52 describes the fields in this display. Table52 Output for display ap counters Page Page Page display {ap | dap} qos-stats display {ap | dap} etherstats Table54 describes the fields in this display. Table54 Output of display ap etherstats display {ap | dap} group display {ap | dap} status Examples The following command displays the status of a Distributed MAP: The following command displays the status of a directly connected MAP: The following command uses the terse option to display brief information for Distributed MAPs: Table56 and Table 57 describe the fields in this display. Table56 Output for display ap status Page Table56 Output for display ap status (continued) display auto-tune attributes Page display auto-tune neighbors Page display dap connection display dap global Page display dap unconfigured display radio-profile Table63 describes the fields in this display. Table63 Output for display radio-profile Table63 Output for display radio-profile (continued) Page display service-profile Table64 Output for display service-profile (continued) Page reset {ap | dap} set dap auto set dap auto radiotype set dap auto mode set {ap | dap} bias Page set {ap | dap} blink set dap fingerprint set {ap | dap} group set {ap | dap} name set {ap | dap} radio antennatype set {ap | dap} radio auto-tune max-power Page set {ap | dap} radio auto-tune max- retransmissions Page set {ap | dap} radio channel set {ap | dap} radio auto-tune min-client-rate Page Page set {ap | dap} radio radio-profile set {ap | dap} radio tx-power set dap security set {ap | dap} upgrade-firmware set radio-profile 11g-only set radio-profile active-scan set radio-profile auto-tune channel-config set radio-profile auto-tune channel-holddown set radio-profile auto-tune channel-interval set radio-profile auto-tune power-backoff- timer set radio-profile auto-tune power-config set radio-profile auto-tune power-interval set radio-profile beacon-interval set radio-profile Page set radio-profile dtim-interval set radio-profile frag-threshold set radio-profile long-retry set radio-profile max-rx-lifetime set radio-profile max-tx-lifetime Page Page set radio-profile preamble-length set radio-profile rts-threshold set radio-profile service-profile Table67 Defaults for Service Profile Parameters (continued) Page set radio-profile short-retry set radio-profile wmm set service-profile attr Page set service-profile auth-dot1x set service-profile auth-fallthru set service-profile auth-psk set service-profile beacon set service-profile cipher-ccmp set service-profile cipher-tkip set service-profile cipher-wep104 set service-profile cipher-wep40 set service-profile psk-phrase set service-profile psk-raw set service-profile rsn-ie set service-profile shared-key-auth set service-profile ssid-name set service-profile ssid-type set service-profile tkip-mc-time set service-profile web-portal-form set service-profile wep active-multicast- index set service-profile wep active-unicast- index set service-profile wep key-index set service-profile wpa-ie Page 12 STP Commands by Table68 STP Commands by Usage clear spantree portcost clear spantree portpri clear spantree clear spantree portvlanpri Page display spantree Table69 describes the fields in this display. Table69 Output for display spantree display spantree backbonefast display spantree blockedports display spantree portfast Page Page Table71 describes the fields in this display. Table71 Output for display spantree statistics Page Table71 Output for display spantree statistics (continued) display spantree uplinkfast set spantree set spantree backbonefast set spantree fwddelay set spantree hello set spantree maxage set spantree portcost set spantree portfast set spantree portpri Page set spantree portvlanpri set spantree priority set spantree uplinkfast Page 13 Table74 IGMP Commands by Usage clear igmp statistics display igmp Table75 describes the fields in this display. Table75 Output for display igmp Table75 Output for display igmp (continued) display igmp mrouter display igmp querier Page display igmp receiver-table Table78 describes the fields in this display. Table78 Output for display igmp receiver-table Page Table79 Output of display igmp statistics set igmp set igmp lmqi set igmp mrouter set igmp mrsol set igmp mrsol mrsi set igmp oqi set igmp proxy-report set igmp qi set igmp qri set igmp querier set igmp receiver set igmp rv Page Page 14 Security ACL Commands by clear security acl clear security acl map Page commit security acl display security acl display security acl hits display security acl info display security acl map display security acl resource-usage Examples To display security ACL resource usage, type the following command: Table81 explains the fields in the display security acl resource-usage output. Table81 Output of display security acl resource-usage Table81 Output of display security acl resource-usage (continued) rollback security acl set security acl Page Page Page Page set security acl map Page set security acl hit-sample-rate Page Page 15 crypto ca-certificate crypto certificate Page crypto generate key crypto generate request Page crypto generate self-signed Page crypto otp crypto pkcs12 Page display crypto ca-certificate display crypto certificate display crypto key ssh Page 16 clear radius clear radius client system-ip clear radius proxy client clear radius proxy port clear radius server clear server group set radius set radius client system-ip set radius proxy client set radius proxy port set radius server Page set server group set server group load-balance Page 17 clear dot1x bonded-period clear dot1x max-req clear dot1x port-control clear dot1x quiet-period clear dot1x reauth-max clear dot1x reauth-period clear dot1x timeout auth-server clear dot1x timeout supplicant clear dot1x tx-period display dot1x Type the following command to display the 802.1X configuration: Type the following command to display 802.1X statistics: Table87 explains the counters in the display dot1x stats output. set dot1x authcontrol use the authentication specified per port by the set dot1X port-control command. unconditionally accept all 802.1X authentication attempts with an EAP Success message (ForceAuth). Table87 display dot1x stats Output set dot1x bonded-period set dot1x key-tx set dot1x max-req set dot1x port-control set dot1x quiet-period set dot1x reauth set dot1x reauth-max set dot1x reauth-period set dot1x timeout auth-server set dot1x timeout supplicant set dot1x tx-period set dot1x wep-rekey set dot1x wep-rekey-period 18 Use session management commands to display and clear administrative and network user sessions. Commands by clear sessions Page clear sessions network display sessions Page Page display sessions network Page The following command displays verbose output about the sessions of all current network users: Table91 display sessions network (summary) Output Table92 Additional display sessions network verbose Output Table93 display sessions network session-id Output Table93 display sessions network session-id Output (continued) Page 19 Page clear rfdetect clear rfdetect ignore clear rfdetect ssid-list Page Page display rfdetect clients Table95 display rfdetect clients Output Table96 display rfdetect clients mac Output Page Page Examples The following command shows counters for rogue activity detected by a WX switch: display rfdetect data Table98 display rfdetect data Output display rfdetect ignore display rfdetect Page Page Table99 display rfdetect mobility-domain Output Table100 display rfdetect mobility-domain ssid or bssid Output display rfdetect ssid-list Page display rfdetect visible Table101 describes the fields in this display. Table101 display rfdetect visible Output set rfdetect active-scan set rfdetect Page set rf detect Page set rfdetect ignore set rfdetect log set rfdetect signature set rfdetect ssid-list Page Page 20 Use file management commands to manage system files and to display software and boot information. Table102 File Management Commands by Usage backup Page clear boot backup-configuration clear boot config copy Page delete dir Examples The following command displays the files in the root directory: The following command displays the files in the old subdirectory: Page display boot Table105 describes the fields in the display boot output. display config Syntax display config [area area] [all] following: Table105 Output for display boot Page display version Table106 describes the fields in the display version output. Table106 Output for display version load config Page md5 mkdir Page reset system restore rmdir save config set boot backup-configuration set boot configuration-file set boot partition Page 21 clear log trace clear trace display trace save trace set trace authentication set trace authorization set trace dot1x set trace sm Page SNOOP COMMANDS clear snoop clear snoop map set snoop Page Page set snoop map set snoop mode display snoop display snoop info display snoop map display snoop stats Table109 describes the fields in this display. Table109 display snoop stats Output Page 23 Commands by clear log display log buffer Page display log config display log trace set log Page set log mark Page Page 24 Boot Prompt Commands by autoboot boot Page change create delete dhcp diag dir display Page fver help ls next reset test version A P Register Your Product Purchase Value-Added Services Troubleshoot Online Access Software Downloads Telephone Technical Support and Repair Contact Us Page I A B C D E F H L M