Manuals / 3Com / Computer Equipment / Switch

3Com WX4400 3CRWX440095A, WXR100 3CRWXR10095A, WX1200 3CRWX120695A Vlan Names, Roaming and VLANs

Models: WX1200 3CRWX120695A WX4400 3CRWX440095A WXR100 3CRWXR10095A WX2200 3CRWX220095A

1 728

Download 728 pages 48.88 Kb

Page 89

Configuring and Managing VLANs 89

You assign a user to a VLAN by setting one of the following attributes on the RADIUS servers or in the local user database:

Tunnel-Private-Group-ID— This attribute is described in RFC 2868, RADIUS Attributes for Tunnel Protocol Support.

VLAN-Name— This attribute is a 3Com vendor-specific attribute (VSA).

You cannot configure the Tunnel-Private-Group-ID attribute in the local user database.

Specify the VLAN name, not the VLAN number. The examples in this chapter assume the VLAN is assigned on a RADIUS server with either of the valid attributes. (For more information, see Chapter 21, “Configuring AAA for Network Users,” on page 433.)

VLAN Names

To create a VLAN, you must assign a name to it. VLAN names must be globally unique across a Mobility Domain to ensure the intended user connectivity as determined through authentication and authorization.

Every VLAN on a WX switch has both a VLAN name, used for authorization purposes, and a VLAN number. VLAN numbers can vary uniquely for each WX switch and are not related to 802.1Q tag values.

You cannot use a number as the first character in a VLAN name.

Roaming and VLANs

WX switches in a Mobility Domain contain a user’s traffic within the VLAN that the user is assigned to. For example, if you assign a user to VLAN red, the WX switches in the Mobility Domain contain the user’s traffic within VLAN red configured on the switches.

The WX switch through which a user is authenticated is not required to be a member of the VLAN the user is assigned to. You are not required to configure the VLAN on all WX switches in the Mobility Domain. When a user roams to a switch that is not a member of the VLAN the user is assigned to, the switch can tunnel traffic for the user through another switch that is a member of the VLAN. The traffic can be of any protocol type. (For more information about Mobility Domains, see Chapter 8, “Configuring and Managing Mobility Domain Roaming,” on page 153.)

Image 89

3Com WX4400 3CRWX440095A, WXR100 3CRWXR10095A, WX1200 3CRWX120695A, WX2200 3CRWX220095A manual Vlan Names, Roaming and VLANs

Contents

Wireless LAN Mobility System United States Government Legend 3Com Corporation 350 Campus Drive Marlborough, MA USAContents Managing User Passwords Configuring AAA for Administrative and Local AccessDisplaying Password Information Configuring and Managing Ports and VlansConfiguring and Managing IP Interfaces and Services 108 Configuring and Managing Mobility Domain Roaming Configuring SnmpMAP Overview Country of Operation 179 Configuring Network DomainsConfiguring MAP Access Points 268 Configuring RF Load Balancing for MapsRF Load Balancing Overview 267 Configuring User Encryption Configuring Wlan Mesh ServicesConfiguring Quality of Service Configuring RF AUTO-TUNINGConfiguring Maps to be Aeroscout Listeners Configuring and Managing Spanning Tree Protocol 380 Configuring and Managing Igmp SnoopingConfiguring and Managing Security Acls Managing Keys and Certificates Why Use Keys and Certificates? 413414 416475 Using an ACL Other Than portalacl Configuring AAA for Network Users460 479496 494 Clearing a Security ACL from a User or Group 495503 514Managing 802.1X on the WX Switch Configuring Communication with RadiusManaging Sessions Configuring Soda Endpoint Security for a WX SwitchRogue Detection and Countermeasures Managing System Files Troubleshooting a WX Switch631 Using the Trace Command Enabling and Logging Into WEB View Supported Radius Attributes Glossary Index Command IndexTraffic Ports Used by MSS Obtaining Support for Your 3COM ProductsIcon Description ConventionsList conventions that are used throughout this guide 3WXM for advanced configuration and management Including new features and bug fixesDocumentation This manual uses the following text and syntax conventionsPddtechpubscomments@3com.com CommentsAbout this Guide Overwrite a parameter with another set command. Use display To configure and manage the switch and its attached MAPsOverview Network operationsConventions Text EntryCase-insensitive Alphanumeric characters, except for tabs and spaces, and isIP Address and Mask Notation MAC Address NotationUser Glob Users Designated User GlobsUser Globs Vlan Globs MAC Address GlobsWX1200# reset port WX1200# set port enableMatching Order for Globs WX1200# display port poe 1,2,4,6Editing Command-LineOperating systems CLI Keyboard ShortcutsCommands that begin with those characters. For example Using CLI HelpAt your access level, type the following command Wildcard CharactersWX1200# display ip telnet WX1200# display i?WX1200# display ip ? Set ap name command has the following complete syntax Understanding Command DescriptionsSet ap Set ap apnumber auto security„ CLI quickstart command SwitchesMethods „ Web Quick Start WXR100, WX1200, and WX2200WX Setup Methods Gets its Configuration How a WX SwitchWX2200 Only Quick Start Accessing the Web To access the Web Quick StartWX Setup Methods Web Quick Start WXR100, WX1200 and WX2200 Only CLI quickstart Set enablepass command WX Setup Methods Single-Switch Deployment Verify the configuration changes Remote WX To open the network plan Select File Switch Network PlanStart 3WXM by doing one of the following „ On Linux systems, change directories toOperation 3Com Mobility System Software MSS supports authenticationHere is an overview of configuration topics Configuring AAA for Administrative and Local Access Building Access AdministrativeBefore You Start AboutAdministrator Configuration viaFirst-Time ConsoleSetting the WX Enable Password for the First Time PasswordWX1200# set enablepass WX1200# save configWX1200# set authentication console * none 3WXM Enable PasswordWX1200# set authentication console * local Configuring AAA for Administrative and Local Access Configuring Configuring AAA for Administrative and Local Access Configuration, all changes are lost Configday. To do this, type the following commandDisplaying the AAA SavingRadius Administrative AAAScenarios Administrative AAA Configuration Scenarios Success configuration saved Restrictions apply to user passwords Passwords, and how to display password informationSet user username password encrypted password Configuring PasswordsWX# set user Jose password spRin9 Clear user usernameSet authentication password-restrict enable disable Setting the Maximum Number of Login AttemptsWX# set authentication password-restrict enable Set authentication max-attempts numberPassword Length Configuring Password Expiration Time WX# display aaa Clear user username lockoutWX# clear user Nin lockout Managing Ports ConfiguringVlan Port Type Parameter MAP Access Wired Authentication NetworkMaximum MAPs Supported Per Switch Setting a Port for a Directly Connected MAPConfiguring a MAP Connection Switch Model Valid Range Setting a Port for a Wired Authentication UserWX1200# set port type wired-auth 7 success change accepted Valid dap-num ValuesClearing a Port Removing a Port Name Name Setting a Port NameClearing a Distributed MAP Display port media-type port-list Set port media-type port-listrj45Clear port media-type port-list Set port speed port-list10 100 auto Parameters10/100 Ports-Autonegotiation and Port Speed Disabling or Reenabling a Port Disabling or Reenabling Power over EthernetGigabit Ports Autonegotiation and Flow Control Displaying Port Configuration and Status Resetting a PortTo reset a port, use the following command Displaying Port Statistics To display port statistics, use the following commandDisplaying PoE State Counters begin incrementing again, starting from Clearing Statistics CountersMonitoring Port Statistics Clear port countersKey Controls for Monitor Port Counters Display Use the keys listed in to control the monitor displayKey Effect on monitor display WX1200# monitor port countersTo configure a port group, use the following command Configuring a Port GroupGroups can participate in a port group Load SharingWX1200# display vlan config To remove a port group, use the following commandRemoving a Port Group Clear port-group name nameInteroperating with Cisco Systems EtherChannel Displaying Port Group InformationDisplay port-group name group-name WX1200# display port-group name server2Users and VLANs VLANs, IP Subnets, and IP AddressingRoaming and VLANs Vlan NamesTunnel Affinity Traffic Forwarding802.1Q Tagging Set vlan vlan-numname name To create a VLAN, use the following commandCreating a Vlan Adding Ports to a Vlan To add a port to a VLAN, use the following commandYou can specify a tag value from 1 through WX1200# set vlan 2 name redTo change the tunneling affinity, use the following command To completely remove Vlan ecru, type the following commandSpecify a value from 1 through 10. The default is Removing an Entire Vlan or a Vlan PortDisplay security l2-restrict vlan vlan-idall WX1200# display vlan config burgundy Display vlan config vlan-idSecurity l2-restrict Clear security l2-restrict counters vlan vlan-idallPort associated with the MAC address ForwardingDatabase Displaying Forwarding Database Entries DisplayingInformation Displaying the Size of the Forwarding Database Removing Entries from the Forwarding Database Adding an Entry to the Forwarding DatabaseWX1200# display fdb WX1200# clear fdb dynamic success change acceptedChanging the Aging Timeout Period Displaying the Aging Timeout PeriodScenario Configuration change. Type the following commandsPort and Vlan WX1200# display port poe WX1200# set port type ap 2-4 model ap2750 poe enablePort status Set port type wired-auth 5,6 Save the configuration. Type the following commandWX1200# set vlan default port Display Port statusMTU Support Statically Configuring an IP Interface Configuring Managing IP InterfacesTo add an IP interface to a VLAN, use the following command Adding an IP InterfaceConfiguring and Managing IP Interfaces WX1200# display interface Set interface vlan-idip dhcp-client enable disableWX1200# set interface corpvlan ip dhcp-client enable Displaying IP To remove an IP interface, use the following commandDisabling or Reenabling an IP Interface To clear the system IP address, use the following command Configuring the System IP AddressTo display the system IP address, use the following command Configuring and Managing IP Routes WX1200# display ip route Display ip route destinationWX1200# display ip route To remove a static route, use the following command Login Timeouts Managing Management ServicesSet ip ssh server enable disable Managing SSHAdding an SSH User You can verify the key using the following commandFor example Use the following commands to manage SSH server sessions Changing the SSH Service Port NumberThese commands display and clear SSH server sessions Managing SSH Server SessionsSet ip telnet server enable disable Telnet Login TimersEnabling Telnet Adding a Telnet UserResetting the Telnet Service Port Number to Its Default Changing the Telnet Service Port NumberUse the following commands to manage Telnet server sessions Displaying Telnet StatusDisplaying Https Information Managing Https Enabling HttpsSessions Set system idle-timeout secondsClear system idle-timeout Prompting the User to Acknowledge the Motd Banner To specify a Motd banner, use the following commandFollowing command sets the Motd banner on the WX To remove a DNS server, use the following command To add a DNS server, use the following commandAdding a DNS Server Removing a DNS ServerTo add the default domain name, use the following command Adding the Default Domain NameRemoving the Default Domain Name Specify a domain name of up to 64 alphanumeric charactersSet ip alias name ip-addr Here is an exampleClear ip alias name Display ip alias nameDaylight savings time or similar summertime period Managing TimeParameters To clear the time zone, use the following command To display the time zone, use the following commandDisplaying the Time Zone Clearing the Time ZoneTo clear the summertime period, use the following command To display the summertime period, use the following commandDisplaying the Summertime Period Clearing the Summertime PeriodSet timedate date mmm dd yyyy time hhmmss Statically Configuring System Time DateWX1200# set timedate date feb 29 2004 time 235800 Display timedateTo remove an NTP server, use the following command NTP client is disabled by defaultDisplaying NTP Information Resetting the Update Interval to DefaultTo display NTP information, use the following command IP address to the ARP table Managing the ARPPermanent entries to the ARP table EntriesWX1200# set arp agingtime Set arp permanent static dynamic ip-addrmac-addrSet arp agingtime seconds Device Pinging AnotherLogging In to a Remote DeviceTracing a Route WX1200# traceroute server1 Time and date parameters IP InterfacesIp dns WX1200# set ip dns enableWX1200# Set ip Dns Server Sun Feb 29 2004, 235902 PST Configuring and Managing IP Interfaces and Services USM users, with individually configurable access levels „ SNMPv3-SNMPv3 adds authentication and encryption optionsAuthentication options, and encryption options All Snmp versions are disabled by defaultConfiguring Community Strings SNMPv1 SNMPv2c Only To enable an Snmp protocol, use the following commandSet snmp protocol v1 v2c usm all enable disable Set system location string set system contact stringTo clear a USM user, use the following command To create a USM user for SNMPv3, use the following commandClear snmp community name comm-string Clear snmp usm usm-usernameConfiguring Snmp Command Examples Clear snmp notify profile profile-name To clear a notification profile, use the following commandWX1200# set snmp security encrypted success change accepted ClientRoamingTraps-Generated when a client roams Configuring Snmp Command Examples Configuring Snmp Clear snmp notify target target-num To clear a notification target, use the following commandSecurity unsecured authenticated encrypted Command Examples Following command enables the Snmp service To enable the MSS Snmp service, use the following commandTo display USM settings, use the following command InformationDisplay snmp notify profile To display notification profiles, use the following commandDisplay snmp notify target Display snmp countersMobility Domain Roaming Configuring the System IP Address on Configuring aSet mobility-domain mode seed domain-name mob-domain-name Mobility DomainSet mobility-domain member ip-addr Set mobility-domain mode member seed-ip ip-addrOn the secondary seed On the other member switches in the Mobility DomainOn the primary seed Switch Domain Status display mobility-domain command. For exampleDisplaying Mobility Domain Configuration WX-WX Security VLANs and Tunnels MonitoringA Mobility DomainWX1200# display tunnel WX1200# display roaming vlanUnderstanding Sessions Roaming Users Vlan WX1200 display sessions network verboseMobility-domain WX1200# set mobility-domain member seed-ipVlan-wep 192.168.12.7 192.168.15.5 Domains Network Domain How a user connects to a remote Vlan in a Network Domain Configuring a WX Switch’s affinity for a Network Domain seed Network Domain Set network-domain mode seed domain-name net-domain-nameSet network-domain peer ip-addr Set network-domain mode member seed-ip ip-addraffinity numSet network-domain mode member seed-ip ip-addraffinity num WX4400# display network-domain Clear network-domain mode seed member WX Switch following commandClear network-domain Clear network-domain seed-ip ip-addrConfiguring Network Domains WX1200# display network-domain Upseed Upmember 30.30.30.1 „ Two direct connections to a single WX or two WX switches Through radio signalsMAP Overview Combinations of multiple connectionsExample 3Com Network MAP Overview Distributed MAP Network Requirements Distributed MAPs and STP Distributed MAPs and Dhcp Option No configuration is required on the WXMAP Parameters Resiliency and Dual-Homing Options for MAPs Dual-Homed Direct Connections to a Single WX Dual-Homed Configuration ExamplesDual-Homed Direct and Distributed Connections to WX Switches Network Backbone WX switch How a Distributed MAP Obtains an IP Address through Dhcp Establishing Connectivity on the NetworkStatic IP Address Configuration for Distributed MAPs DNS server replies with the system IP address of a WX switch Configuring MAP Access Points MAP Overview Configuring MAP Access Points MAP Boot Examples MAP Booting over Layer 2 Network MAP Overview MAP sends Dhcp Discover message from the MAP’s port MAP Booting over Layer 3 NetworkMAP sends a unicast Find WX message to WX1 Dual-Homed MAP Booting MAP sends a Dhcp Discover message from the MAP’s port MAP Booting with a Static IP AddressAuth-dot1x Enable Defaults for Service Profile ParametersBeacon Enable Auth-psk DisableCipher-ccmp Disable Cipher-tkip EnableProxy-arp Disable No-broadcast DisableSet radio-profile auth-psk command Soda Disable12.0,24.0 User-idle-timeout 180Web-portal TimeoutWeb-portal-form Web-portal-sessionEach radio can support the following types of SSIDs Public and Private SSIDsMAC Address Allocations on MAPs Model Address AllocationSSIDs Radios AP2750AP7250 AP8250Not configured Defaults for Radio Profile ParametersEncryption Beacon-interval 100Rfid-mode Disable Parameter Default Value Frag-threshold 2346Service-profile Max-rx-lifetime 2000Default Radio Profile RF Auto-TuningLists the defaults for these parameters Radio-Specific ParametersMax-power Parameter Default Value Description AntennatypeMode Disable ANT-5360-OUTSet system countrycode code To specify the country, use the following commandYou specify the country of operation Country Codes Country Codes Country Codes CountryCode How an Unconfigured MAP Finds a WX To Configure It WX switch can have one Auto-AP profileWX1200 a WX1200 B Configured MAPs Have Precedence Over Unconfigured MAPsExample WX1200 MAP Capacities and Loads WX1200# set ap auto success change accepted Configuring an Auto-AP ProfileConfigurable Profile Parameters for Distributed MAPs Radio Parameters WX# set ap auto mode enable success change acceptedMAP Parameters Set ap auto persistent apnumber all WX# display ap status autoMAP configuration persistent across switch restarts Auto-AP profile is not used to configure the MAP. Instead,Configuring a MAP Configure the MAP using the following commandConfiguring Static IP Addresses on Distributed MAPs Success change accepted To clear a MAP, use the following command Clearing a MAP from the ConfigurationChanging MAP Names Changing BiasSet ap apnumber upgrade-firmware enable disable Disabling or Reenabling Automatic Firmware UpgradesForcing a MAP To Download its Operational Image from the WX WX# set ap 1 bias low success change acceptedSet ap apnumber blink enable disable Enabling LED Blink ModeEncryption Options Encryption Key FingerprintWX# display ap status Verifying a MAP Fingerprint on a WX SwitchMAP Can Establish WX# set ap security require Setting the MAP Security Requirement on a WXSet ap security require optional none Set service-profile name ssid-name ssid-name Creating a Service ProfileFingerprint Log Message An Ssid can be up to 32 alphanumeric characters longChanging a Service Profile Setting Removing a Service ProfileDisabling or Reenabling Encryption for an Ssid Disabling or Reenabling Beaconing of an SsidChanging the Fallthru Authentication Type SSIDs are beaconed by defaultTo change the fallthru method, use the following command Lists the rate settings and their defaults11b-1.0,2.0 Transmit Rates11g-1.0,2.0,5.5,11.0 Beacon-rateTransmit Rates Enforcing the Data RatesDisabling Idle-Client Probing WX# set radio-profile rp1 rate-enforcement mode enableWX# set radio-profile rp1 service-profile sp1 Changing the Short Retry Threshold Changing the User Idle TimeoutThreshold can be a value from 1 through 15. The default is Changing the Long Retry Threshold Set service-profile name long-retry thresholdChanging Radio Parameters To create a radio profile, use the following commandCreating a New Profile Set radio-profile name dtim-interval interval To change the Dtim interval, use the following commandSet radio-profile name rts-threshold threshold To change the RTS threshold, use the following commandSet radio-profile name frag-threshold threshold Set radio-profile name max-rx-lifetime timeSet radio-profile name max-tx-lifetime time Removing a Radio Profile Resetting a Radio Profile Parameter to its Default ValueTo remove a radio profile, use the following command Configuring the Channel and Transmit Power Model Type Gain dBi Description Configuring the External Antenna Model and LocationMP-341, MP-352, MP-262 External Antenna Models Specifying the External Antenna ModelMP-620 External Antenna Models Beamwidth Model Type Horizontal VerticalSpecifying the External Antenna Location Set radio-profile name service-profile nameProfiles Assigning a Radio Profile and Enabling RadiosReenabling Radios Disabling orReset ap apnumber To restart a MAP, use the following commandClear ap apnumber radio 1 2 all WX1200# clear ap 3 radioConfiguring MAP Access Points Set ap apnumber local-switching mode enable disable Configuring a Vlan ProfileEnabling Local Switching on a MAP Clear ap ap-numberlocal-switching vlan-profile Set ap apnumber local-switching vlan-profile profile-nameApplying a Vlan Profile to a MAP Clearing the Vlan Profile from a MAPTo remove Vlan profile locals, type the following command Removing a Vlan Profile from the WX SwitchClear vlan-profile profile-namevlan vlan-name WX# clear vlan-profile locals vlan redDisplay ap config apnumber radio 1 Displaying MAP Configuration InformationWX1200# display ap config Displaying MAP InformationWX4400# display ap global Displaying Connection Information for Distributed MAPsDisplay ap global apnumber serial-id serial-ID Information for Displaying a List Distributed MAPs That Are Not ConfiguredConnection WX# display service-profile sp1 Display service-profile name ?Displaying MAP WX# display radio-profile defaultDisplay radio-profile name ? Display ap status terse apnumber all radio 1Displaying Static IP Following command displays the status of a Distributed MAPWX# display ap counters Display ap counters apnumber radio 1Displaying the ARP Table for a MAP Following command displays ARP entries for APDisplaying Vlan Profile Information Displaying Forwarding Database For a MAP Following command displays FDB entries for APDisplay ap acl map ap-number Display ap acl hits ap-numberWX# display ap acl hits WX# display ap acl map Configuring RF Load Disabling or Re-Enabling RF Load Balancing Configuring RF Load BalancingSet load-balancing mode enable disable Set band-preference none 11bg 11a Clear ap apnumber radio radio-numload-balancing groupSet load-balancing strictness low med high max Exempting an Ssid From RF Load Balancing Displaying RF Load Balancing InformationRadios in the same load-balancing group as ap2/radio1 WX# display load-balancing group ap 2 radioConfiguring RF Load Balancing for Maps Services Mesh Services Configuring WlanSet ap num boot-configuration mesh ssid mesh-ssid Use the following command to specify the pre-shared keySet ap num boot-configuration mesh mode enable disable Mesh Services following commands Set ap num radio num link-calibration mode enable disable Following illustration Wireless BridgingDisplaying Wlan Rfid Reports Inactive Antenna Link Calibration EnabledWX# display ap status terse Total number of entries AP, m = mesh AP = mesh portalBssid1 000b0efdfdcd, ssid mesh-ssid mesh Then authorized to join a Vlan Encryption settings are configured in the service profile„ WPA2 Robust Security Network 802.11i standardEncryption Type Client Support Default State MSS Wireless Encryption DefaultsConfiguration Required Default Encryption Configuring User Encryption WPA Encryption with Tkip Only WPA Encryption with Tkip and WEP Configuring WPA Configuring User Encryption Configuring WPA Encryption Support for WPA and Non-WPA Clients Lists the encryption support for WPA and non-WPA clientsSpecifying the WPA Cipher Suites Creating a Service Profile for WPAEnabling WPA Enabling PSK Authentication Changing the Tkip Countermeasures Timer ValueSet service-profile name tkip-mc-time wait-time Set service-profile name auth-psk enable disableSet service-profile name auth-dot1x enable disable Set service-profile name psk-raw hexWX1200# display service-profile sp1 Displaying WPA SettingsWPA settings appear at the bottom of the output Set radio-profile name service-profile name Set service-profile name rsn-ie enable disable WX1200# set service-profile rsn success change acceptedCcmp RSN settings appear at the bottom of the output Assigning the Service Profile to Radios Enabling the RadiosConfiguring WEP Encryption for Dynamic and Static WEP Set service-profile name wep key-index num key value To set the value of a WEP key, use the following commandTraffic, use the following commands Tkip Encryption Configuration ScenariosEncryption Configuration Scenarios WX1200# set service-profile wpa-wep success change accepted 305 Clients WX1200# display aaa Default Values WX1200# display service-profile sp1 Save the configuration. Type the following command Configuring User Encryption Power setting if needed RF Auto-Tuning can perform the following tasksDisabled for power configuration RF Auto-TuningHow Channels Are Selected Channel Tuning Power TuningDefaults for RF Auto-Tuning Parameters Tuning the Transmit Data RateDefaults for RF Auto-Tuning Parameters Changing RF Auto-TuningSettings Enabling Power Tuning Changing the Channel Tuning IntervalChanging the Channel Holddown Interval Set radio-profile name auto-tune channel-interval secondsChanging the Power Tuning Interval Tuned SettingsChanging the Maximum Default Power Allowed On a Radio Channel or set ap dap radio tx-power command for each radioDisplaying Displaying RF Auto-Tuning SettingsRadios in radio profile rp2 Values of RF attributesWX# display ap config WX# display ap config 2 radioWX1200# display auto-tune attributes ap 2 radio CommandsDisplay auto-tune Neighbors ap 2 radio Configuring RF AUTO-TUNING Aeroscout Listeners Configuring MAP Radios to Listen for AeroScout Rfid Tags Status Using an AeroScout EngineSelect Locate AeroScout Tag Optimized forwarding of wireless traffic for time-sensitive MSS and how to configure and manage themAbout QoS QoS ParametersSet service-profile cac-mode QoS Parameters Set service-profile proxy-arp QoS Feature Description Configuration CommandKeepalives and timeouts for clients set service-profile Set service-profile idle-client-probingOn page 332 shows how WX switches classify ingress traffic QoS on WX Switches-Classification of Ingress Packets QoS on WX Switches-Marking of Egress Packets Configuring Quality of Service WMM QoS Mode Service Forwarding Type WMM QoS on the WX SwitchWMM Priority Mappings IP ToSCoS MAP Forwarding Queue Default CoS-to-MAP-Forwarding-Queue MappingsWMM QoS in a 3Com Network MAP B receives the packet and does the following To configure CAC, see Configuring Call Admission Control on SVP QoS ModeWMM QoS Mode Set radio-profile name qos-mode svp wmm Changing QoS SettingsSet radio-profile name wmm-powersave enable disable Set service-profile name cac-session max-sessions Set service-profile name cac-mode none sessionEnabling CAC Changing the Maximum Number of Active SessionsUsing the Client’s Dscp Value to Classify QoS Level To change CoS mappings, use the following commandsSet service-profile name use-client-dscp enable disable Changing CoS MappingsWX1200# display radio-profile rp1 Profile’s QoS Settings following commandDisplaying QoS Information QoS Mode Wmm This example, the QoS mode is WMMDisplaying a Service Display service-profile name cac session Displaying the Default CoS MappingsWX# display service-profile sp1 cac session WX1200# display qos defaultDisplaying a CoS-to-DSCP Mapping Displaying a DSCP-to-CoS MappingDisplay qos dscp-to-cos-map dscp-value Display qos cos-to-dscp-map cos-valueWX1200# display qos dscp-table Displaying MAP Forwarding Queue StatisticsDisplay ap qos-stats apnumber clear WX# display ap qos-statsConfiguring Quality of Service Tree protocol PVST+ Loop in the topology and blocks one or more redundant pathsAll network ports as untagged members of the same Vlan Separate instance of PVST+ on each tagged VlanProtocol EnablingSpanning Tree Port Speed Link Type Default Port Path Cost Snmp Port Path Cost DefaultsPort Priority Set spantree priority value all vlan vlan-idChanging the STP Port Cost Resetting the STP Port Cost to the Default ValueWX1200# clear spantree portcost 3-4 success change accepted Changing the STP Port PriorityResetting the STP Port Priority to the Default Value Changing the STP Forwarding Delay To change the hello interval, use the following commandTo change the forwarding delay, use the following command Changing the STP Hello IntervalManaging STP Fast FeaturesConvergence Changing the STP Maximum AgeSet spantree portfast port port-listenable disable This example, backbone fast convergence is enabled Configuring Backbone Fast ConvergenceDisplaying Port Fast Convergence Information Displaying Backbone Fast Convergence StateDisplaying Uplink Fast Convergence Information Displaying Spanning Tree InformationFast Convergence Displaying the STP Port Cost on a Vlan Basis Active optionWX1200# display spantree vlan mauve Display spantree portvlancost port-listDisplay spantree blockedports vlan vlan-id WX1200# display spantree blockedports Vlan defaultDisplay spantree statistics port-listvlan vlan-id WX1200# display spantree statisticsInactive Clearing STP Statistics Enables STP on the Vlan to prevent loopsCounters again Clear spantree statistics port-listvlan vlan-idWX1200# set vlan 10 name backbone port Set port enable Configuring and Managing Spanning Tree Protocol Feature on an individual Vlan basis Traffic. Igmp snooping is enabled by defaultDisabling or Reenabling Igmp Snooping IP address, the group addressReenabling Proxy Changing Igmp TimersReporting Pseudo-QuerierChanging the Last Member Query Interval You can specify a value from 2 through 255. The default isChanging Other-Querier Present Interval Set igmp mrsol mrsi seconds vlan vlan-id Set igmp mrsol enable disable vlan vlan-idDisplaying Multicast Information Displaying Multicast Configuration Information StatisticsClearing Multicast Statistics Displaying Multicast Statistics OnlyDisplay igmp statistics vlan vlan-id Clear igmp statistics vlan vlan-idDisplay igmp querier vlan orange Display igmp querier vlan vlan-idDisplay igmp mrouter vlan vlan-id WX1200# display igmp Mrouter vlan orangeIgmp receiver-table group 237.255.255.0/24 ACL Commands Access Control ListsAbout Security Overview of SecuritySetting Security ACLs Traffic Direction „ VlanCommitting a CreatingSecurity ACL ACLSet security acl ip acl-namepermit cos cos deny WX1200# set security acl ip acl-1 permit 192.168.1.4Wildcard Masks Class of ServiceCommon IP Protocol Numbers Number ProtocolClass-of-Service CoS Packet Handling Icmp Message Type Number Icmp Message Code Number Common Icmp Message Types and CodesFollowing command filters TCP packets Setting a TCP ACLFollowing command filters UDP packets Setting a UDP ACLWX1200# commit security acl all success change accepted Commit acl-99, type the following commandWX1200# commit security acl acl-99 success change accepted Viewing Security ACL Details Viewing the Edit BufferViewing Committed Security ACLs WX1200# display security acl hits Displaying Security ACL HitsACLs Mapping SecurityWX1200# commit security acl acl-222 success change accepted To map a security ACL to a user session, follow these stepsWX1200# display security acl map Acl-999 Displaying ACL Maps to Ports, VLANs, and Virtual PortsWX1200# display security acl map acljoe Clearing a Security ACL MapModifying a Security ACL Modifying a Security ACL Set security acl ip acl-111 hits #4 To view the results, type the following commandWX1200# display security acl info ACL edit-buffer table WX1200# rollback security acl acl-111 Change CoS Using ACLs toFiltering Based on Dscp ValuesUsing the precedence and tos Options Using the dscp OptionPrioritization for Following commands perform the same CoS reassignment asLegacy Voice over Are forwarded to any 10.10.90.x address on Distributed MAPConfiguring and Managing Security Acls WX4400# set security acl ip voip permit any ServiceVoIP WX4400# commit security acl voip Commit the ACL to the configurationKnown Limitations Configuring a Service Profile for WPA Configuring a Service Profile for RSN WPA2Configuring a Radio Profile Configuring an ACL to Prioritize Voice Traffic Configuring a Vlan for Voice ClientsConfiguring and Managing Security Acls Client-To-Client RestrictingForwarding Among IP-Only ClientsWX1200# set security acl ip c2c permit 0.0.0.0 Address, and how to map the ACL to a port and a userWX1200# commit security acl c2c WX1200# set security acl map c2c vlan vlan-1 OutTo save your configuration, type the following command Configuring and Managing Security Acls Certificates Managing Keys and Certificates About Keys and Certificates Managing Keys and Certificates Generate request command. Copy Generate key commandPkcs Object Files Supported by 3Com File Type Standard PurposeGenerated by MSS CertificatesAutomatically Creating Keys and Certificates For Your Network more complex to use Procedures for Creating and Validating CertificatesFile Type Steps Required Instructions Self-signed Certificate# crypto generate key admin 1024 admin key pair generated Crypto generate key admin domain eap ssh web 128 512 1024# crypto generate self-signed admin Country Name US Crypto generate self-signed admin eap webFilename is the location of the file on the WX switch To enter the one-time password, use the following commandCrypto otp admin eap web one-time-password Crypto pkcs12 admin eap web filenameCrypto certificate admin eap web PEM-formatted Crypto generate request admin eap web# crypto generate request admin Country Name US END Certificate # crypto ca-certificate admin Enter PEM-encoded certificateDisplaying Certificate and Key Information # display crypto certificate admin CertificateKey and Certificate For SSH configuration information, see Managing SSH onObject files Generate self-signed certificatesDisplay certificate information for verification WX1200# display crypto certificate adminWX1200# crypto generate self-signed web WX1200# display crypto certificate eapWX1200# display crypto certificate web Pkcs12 admin 2048admn.p12 WX1200# crypto otp admin SeC%#6@o%cWX1200# crypto otp eap SeC%#6@o%d WX1200# crypto otp web SeC%#6@o%eCSR and a Pkcs #7 Object File WX1200# crypto generate request adminWX1200# display crypto ca-certificate admin WX1200# crypto certificate adminWX1200# crypto ca-certificate admin About AAA for Network Users AuthenticationMSS provides the following types of authentication Authentication Types„ Web „ Last-resort „ None Authentication AlgorithmAuthentication Flowchart for Network Users User Credential Requirements Ssid Name AnyLast-Resort Processing Configuring AAA for Network Users About AAA for Network Users Configuring AAA for Network Users Network Users AAA Tools forWildcard Any for Ssid Matching Local Override Exception AAA Rollover ProcessRemote Authentication with Local Backup Shows the results of this combination of methods EAP Type Description Use EAP Authentication Protocols for Local ProcessingApproach Description Three Basic WX Approaches to EAP AuthenticationEncryption Available to Various Authentication Methods Effects Authentication Type On Encryption MethodAuthentication Last-Resort WebAAA EapConfiguring 802.1X Authentication Success change accepted Configuring 802.1X Authentication Authentication Rule Requirements Bonded Auth Period To set the Bonded Auth period, use the following commandSet dot1x bonded-period seconds Clear dot1x bonded-periodDisplaying Bonded Auth Configuration Information Bonded Auth Configuration ExampleDisplay dot1x config WX1200# set dot1x bonded-period 60 success change acceptedWX1200# display dot1x config MAC Address AuthenticationAuthorization by Clear mac-user mac-addrgroup Clearing MAC Users and GroupsClear mac-user mac-address WX1200# clear mac-user 010f03040506 success change acceptedFor example, to add the MAC user 000102030405 to Vlan red For a complete list of authorization attributes, see onSet radius server server-nameauthor-password password How WebAAA Portal Works Display of the Login WebAAA WX Switch RequirementsConfiguring Web Portal WebAAA Configuring AAA for Network Users Portal ACL and User ACLs „ Configure the NIC to use Dhcp to obtain its IP address WX Switch RecommendationsNetwork Requirements Client NIC RequirementsPortal WebAAA Configuring Web To configure Web Portal WebAAAWeb Portal WebAAA Configuration Example Configure individual WebAAA users Display the service profile to verify the changesWX1200# display config Display the configurationWX4400# display sessions network ssid mycorp Displaying Session Information for Web Portal WebAAA UsersDisplay sessions network user user-glob Configuring Web Portal WebAAA Copying and Modifying the Web Login „ If the switch nonvolatile storage has a page in web namedMap a radio to the temporary radio profile and enable it Custom Login Page ScenarioSave the modified Change the logoChange the warning statement if desired Change the greetingValues for Literal Characters URLs variables you can include in a redirect URLVariables for Redirect URLs Display security acl info acl-nameall editbuffer Add the last rule contained in portalaclCommit security acl Set service-profile name web-portal-acl aclnamePeriod Set service-profile name web-portal-session-timeout seconds Last-Resort Access WX1200# display service-profile last-resort-srvcprof 481 Process for Users of a Third-Party AP Configuring AAA for Users of Third-Party APsRequirements Third-Party AP Requirements Radius Server Requirements Set radius proxy port port-listtag tag-valuessid Set authentication mac wired mac-addr-glob method1Set authentication proxy ssid ssid-nameuser-glob WX4400# set authentication proxy ssid mycorp ** srvrgrp1 WX4400# set authentication mac wired aabbcc010101 srvrgrp1Attributes AuthorizationAssigning Authentication Attributes for Local Users Attribute Description Valid Values End-date Idle-timeoutStart-date,end-date, or both Filter-idSsid Attribute Description Valid Values Service-typeSession-timeout Time-of-day Attribute Description Valid Values Start-dateVlan-name Or group in the local WX database and specify its valueAttribute Description Valid Values Url Set service-profile name attr attribute-name value Assigning a Security ACL Locally Commands for Assigning a Security ACL LocallyAssigning a Security ACL on a Radius Server Encryption-Type Encryption Algorithm Value Assigned Assigning and Clearing Encryption Types LocallyEncryption Type Values and Associated Algorithms Assigning and Clearing Encryption Types on a Radius ServerVlan Assignment After Roaming from One WX to Another After RoamingLocation Policy Vlan Assigned ByOverriding or Configuring AAA for Network Users WX1200# set location policy deny if user eq *.theirfirm.com Set location policy deny ifSet location policy permit Displaying and Positioning Location Policy Rules Applying Security ACLs in a Location Policy RuleClearing Location Policy Rules Disabling To delete a location policy rule, use the following commandWX1200 display location policy Clear location policy rule-numberAccounting for Wireless NetworkUsers Network resource usageUser roamed to WX1200-0017 User started on WX1200-0013WX1200# display accounting statistics WX1200-0013#display accounting statisticsUser terminated the session on WX1200-0017 WX1200# display aaa Configuration Order ProblemsWX switch and how to avoid them Avoiding AAAConfiguration for a Correct Processing Order Configuration Producing an Incorrect Processing OrderAccessing any MAP access ports, Distributed MAPs, or wired Name and identifying the accessible port or portsMobility Profile All of the ports or Distributed MAPsClear mobility-profile name To remove a Mobility Profile, type the following commandWX1200# display mobility-profile Mobility Profiles Network User NamePorts ========================= Tulip WX1200# set user Natasha password moon Save the configurationWX1200# set radius server r1 address 10.1.1.1 key sunny WX1200# set server group sg1 members r1WX1200 save config WX1200# set user Natasha attr session-timeoutWX1200# set user Natasha attr vlan-name red WX1200# set radius server r1 address 10.1.1.1 key starrySave the configuration WX1200# display location policy Redirect bldga-prof-VLAN users to the Vlan bldgb-engConfiguring AAA for Network Users With Radius Wireless Client, MAP, WX Switch, and Radius Servers Before You Begin „ Timeout WX wait for a server response 5 secondsRadius Servers „ Transmission attemptsClear radius deadtime key retransmit timeout WX switch uses to authenticate itself to the Radius serverWX1200# clear radius deadtime success change accepted Configuring Individual Radius ServersWX1200# set radius client system-ip success change accepted Set radius server server-nameaddress ip-address key stringRadius Server Set server group group-namemembers server-name1 Radius servers, type the following commandOrdering Server Groups To configure load balancing, use the following command Configuring Load BalancingEnable load balancing by typing the following command Set server group group-nameload-balance enableAdding Members to a Server Group To remove a server group, type the following commandSet server group group-namemembers Clear server group group-nameGroup Configure Radius servers. Type the following commandsRadius and Server Display the configuration. Type the following command Configuring Communication with Radius Managing On WiredPorts EnablingWX1200# clear dot1x port-control success change accepted Set dot1x port-control Forceauth forceunauth auto port-listConfiguring Key Transmission Time Intervals AuthenticationSet dot1x key-tx enable disable Set dot1x tx-period secondsWX1200# clear dot1x tx-period success change accepted Attempts Setting EAPRetransmission Setting the Maximum Number Reauthentication Attempts Enabling Disabling ReauthenticationSet dot1x reauth enable disable Set dot1x reauth-max number-of-attemptsWX1200# clear dot1x reauth-max success change accepted Setting Reauthentication PeriodSet dot1x reauth-period seconds WX1200# set dot1x reauth-periodSet dot1x quiet-period seconds Clear dot1x max-reqType the following command to reset the timeout period Setting Timeout for an Authorization ServerSet dot1x timeout auth-server seconds Set dot1x timeout supplicant secondsWX1200# display dot1x clients ConfigurationDisplay dot1x clients stats config WX1200# display dot1x stats Managing 802.1X on the WX Switch Endpoint Security About SodaSoda Endpoint Security Support on WX Switches About Soda Endpoint Security Functionality tasks Configuring Soda Functionality Https//hostname/soda/ssid/xxx.html WX1200# copy tftp//172.21.12.247/soda.ZIP soda.ZIP Install soda agent agent-fileagent-directory directoryWX1200# install soda agent soda.ZIP agent-directory sp1 Set service-profile name enforce-checks enable disable Enabling Soda Functionality for the Service ProfileSet service-profile name soda mode enable disable Set service-profile name soda failure-page Set service-profile name soda success-pageClear service-profile name soda success-page Clear service-profile name soda remediation-acl Clear service-profile name soda failure-pageSet service-profile name soda remediation-acl acl-name Set ip https server enable Set service-profile name soda logout-pageClear service-profile name soda logout-page Set service-profile name soda agent-directory directory Uninstalling the Soda Agent Files from the WX SwitchClear service-profile name soda agent-directory Uninstall soda agent agent-directory directoryWX1200# uninstall soda agent agent-directory sp1 Configuring Soda Endpoint Security for a WX Switch Clear sessions admin console telnet client session-id Displaying Clearing Administrative SessionsDisplay sessions admin console telnet client Displaying Clearing an Administrative Console Session Displaying Clearing All Administrative SessionsWX1200 display sessions admin WX1200# clear sessions adminWX1200 display sessions telnet Displaying Clearing Administrative Telnet SessionsDisplaying Clearing Client Telnet Sessions WX1200# display sessions network Displaying Clearing Network SessionsDisplay sessions network Network Session to get more in-depth information WX1200# display sessions network user E Displaying Clearing Network Sessions by UsernameClear sessions network user user-glob WX1200# clear sessions network user BobFor example, to clear all sessions for MAC address Address set of MAC addresses, type the following commandWX1200 display session network session-id Clear sessions network vlan vlan-globWX1200# clear sessions network vlan red Changing Network Session TimersSession-id command To disable the user idle timeout, use the following command Changing or Disabling the User Idle TimeoutRF Detection About RoguesRogue Classification Rogue Detection Lists Rogue Detection Algorithm Dynamic Frequency Selection DFS Rogue Detection and Countermeasures Rogue Detection Features Detection FeaturesSummary of Rogue lists the rogue detection features in MSS Countermeasures Clear rfdetect vendor-list client ap mac-addrall Set rfdetect vendor-list client ap mac-addrClear rfdetect ssid-list ssid-name Set rfdetect ssid-list ssid-nameWX1200# display rfdetect ssid-list Total number of entries Following example shows the client black list on WX switch To display the client black list, use the following commandSet rfdetect black-list mac-addr Rfdetect Black-listFollowing example shows the attack list on a switch To display the attack list, use the following commandSet rfdetect attack-list mac-addr Rfdetect Attack-listMac-addris the Bssid of the device you want to ignore To display the ignore list, use the following commandSet rfdetect ignore mac-addr Clear rfdetect ignore mac-addrCountermeasures Enabling Countermeasures Scan Reenabling ActiveEnabling MAP SignaturesSet rfdetect signature key encrypted keyvalue Creating an Encrypted RF Fingerprint Key as MAP SignatureWXR100desk# set rfdetect ? WXR100desk# set rfdetect signature ?Rogues Reenabling LoggingEnabling Rogue NotificationsIDS and DoS Alerts Rogue Detection and Countermeasures Message Type Example Log Message ExamplesIDS and DoS Log Messages Client aabbccddeeff is sending rsvd mgmt frame D IDS and DoS Log Messages Rogue Detection Display Commands You can use the CLI commands listed in to display rogueDisplaying RF DetectionRogue Detection Display Commands WX# display rfdetect clients Display rfdetect clients mac mac-addrWX1200# display rfdetect counters Detection Counters commandDisplay rfdetect counters WX1200# display rfdetect mobility-domain Displaying Ssid or Bssid Information for a Mobility DomainDisplay rfdetect mobility-domain ssid ssid-namebssid Displaying RF Detection Information Display rfdetect data Displaying the APs Detected by MAP RadioWX1200# display rfdetect data WX1200# display rfdetect visible ap RadioWX# display rfdetect countermeasures Displaying Countermeasures InformationDisplay rfdetect countermeasures Rogue Detection and Countermeasures Version Information About System FilesDisplaying Software WX# display version details To also display MAP information, type the following commandWX# display version Boot To display boot information, type the following commandWorking with Files WX1200# dir file Following command displays the files in the old subdirectoryWX1200# dir core WX1200# dir boot0URL can be one of the following WX1200# copy floor2wx tftp//10.1.1.1/floor2wx „ boot0/filename „ boot1/filenameMd5 boot0 boot1filename WX1200# copy tftp//10.1.1.107/wxb04102.rel boot1wxb04102.relDelete url To delete a file, use the following commandWX1200# md5 boot0wxb04102.rel WX1200# rmdir corp2 success change accepted To remove subdirectory corp2, type the following exampleWX1200# mkdir corp2 success change accepted. WX1200# dir Running Configuration FilesSave config filename WX1200# display config area vlanSet boot configuration-file filename WX1200# save config newconfigLoad config url WX1200# load config newconfigWX1200# clear boot backup-config Set boot backup-configuration filenameBackup boot configuration Backup.cfg Clear boot configSystem Managing System Files WX1200# backup system tftp/10.10.20.9/sysabak critical Upgrade Switch forUpgrading System ImageReset system force Upgrading an Individual Switch Using the CLIWX1200# backup system tftp//172.16.0.10/sysabak Upgrade ScenarioWX1200# copy tftp//172.16.0.10/WX040101.20 boot1WX040100.20 WX1200# reset systemTroubleshooting a WX Setup Problems and Remedies Type the save config WX Setup Problems and RemediesEnable Password RecoveringSystem When Is LostLog Message System LogComponents LevelsEvent Severity Levels System Log Destinations and DefaultsClear log server ip-addr Display log buffer traceClear log buffer trace Set log buffer severity severity-level WX1200# display log buffer severity errorLogging to the Log Buffer Logging to the Console To clear the buffer, type the following commandTo disable console logging, type the following command Set log sessions severity severity-levelenable Setting Telnet Session DefaultsLogging Messages to a Syslog Server For information on severity levels, see onChanging the Current Telnet Session Defaults To disable session logging, use the following commandTo disable trace logging, use the following command Logging to the Trace BufferSaving Trace Messages in a File Displaying the Log ConfigurationCommand Using the TraceTracing Authentication Activity Tracing Session Manager ActivityTracing 802.1X Sessions Tracing Authorization ActivityWX1200# display trace Clear trace all trace areaWX1200# display log trace severity error WX1200# set trace ? WX1200# display log trace facilityCommands Using displayFor more information about Vlan interfaces, see Configuring InterfacesDatabase FDB information, type the following command Port Mirroring Configuring PortRequirements MirroringMonitoring Traffic RemotelyMonitoring Remote TrafficWX1200# set snoop snoop1 observer 10.10.30.2 snap-length To delete a snoop filter, use the following command Displaying Configured Snoop FiltersEditing a Snoop Filter Deleting a Snoop FilterDisplaying the Snoop Filters Mapped to a Radio Following command shows the mapping for snoop filter snoop1Displaying the Snoop Filter Mappings for All Radios Removing Snoop Filter MappingsFollowing command enables snoop filter snoop1 Filter operates until you manually disable itFollowing command shows statistics for snoop filter snoop1 Preparing an Observer Capturing TrafficSet snoop filter-nameall mode enable disable Technical Support Capturing SystemSending it to Corenetsys.core.217.tar Corenetsys.core.217.tar Support System Requirements WEB ViewLogging Into Web View On page 652. Also supported are 3Com vendor-specific 3Com Mobility System Software MSS supports the standardAttributes VSAs, listed in on StatedSupported Standard Extended Attributes Rcv Sent Access Acct Attribute Type Resp? Reqst? DescriptionSupported Standard and Extended Attributes Filter-id outboundacl.out Filter-id inboundacl.inDisplayed, they must NAS Radius Acct-Output Yes Users, on 3ComVendor-Specific YY/MM/DD-HHMM 3Com VSAsProtocol Port Function Traffic Ports Used by MSSIP/ICMP Dhcp Server Chapter E Dhcp Server Dhcp Server Set interface dhcp-server command’s primary-dnsSet ip dns server command Displayed instead Displaying DhcpServer Information Solve Problems Online Service BenefitsRegister Your Product to GainAccess Software WarrantyPurchase Extended ProfessionalCountry Telephone Number US and Canada Telephone Technical Support and Repair Latin America Telephone Technical Support and RepairGlossary 802.11a Radio that can receive and transmit signals at Ieee 802.11bGHz and data rates of up to 54 Mbps 802.11bSee security ACL See ACEAES BSS CBC-MAC BssidCCI CcmpCRC ChapCPC CSR Dhcp DESDynamic Host See Dhcp Configuration Protocol EAP-TLS EAPFCC ESSEtsi Gbic FDBFhss Hmac GMKGTK Https HpovIAS ICVIndustry Canada Igmp snoopingInformation element InfrastructureISO ISLLawn LdapMAC MD5 MAPMS-CHAP-V2 MICMpdu MSS MsduMTU NATPEM PeapPIM PkcsPMK PSK PRFPrng PVST+ PTKRC4 Rssi RSARSN SIP SHASSH SsidSTP SSLTtls TLSTLV Vlan NIIVSA Vlan globWatch list Web ViewWEP Wlan WispWPA WPA IEGlossary Glossary Numbers IndexSessions, clearing 557 sessions, displaying Cipher suites, RSN enabling ARP Index Index See also MAC addresses MAC addresses Names Https Radius 717 Repair support, Europe, Middle East, and Africa ConfiguringSeed, Mobility Domain configuring 154 defined STP Index Usernames Invalid certificate Case-sensitive Index Command Index Clear summertime Load config 61 Md5 606 mkdir Monitor port counters Command Index 729 Set radius proxy portCommand Index