Manuals / HP / Computer Equipment / Software

HP Manager Software manual Describes the fields that can appear in display aaa output

Models: Manager Software

1 616

Download 616 pages 38.63 Kb

Page 218

218CHAPTER 7: AAA COMMANDS

set authentication admin Jose sg3 set authentication console * none

set authentication mac ssid mycorp * local

set authentication dot1x ssid mycorp Geetha eap-tls

set authentication dot1x ssid mycorp * peap-mschapv2 sg1 sg2 sg3 set authentication dot1x ssid any ** peap-mschapv2 sg1 sg2 sg3 set accounting dot1x Nin ssid mycorp stop-only sg2

set accounting admin Natasha start-stop local

set authentication last-resort ssid guestssid local

user Nin

Password = 082c6c64060b (encrypted) Filter-Id = acl-999.in

Filter-Id = acl-999.out user last-resort-guestssid Vlan-Name = k2

user last-resort-any Vlan-Name = foo mac-user 01:02:03:04:05:06 usergroup eastcoasters

session-timeout = 99

Table 45 describes the fields that can appear in display aaa output.

Table 45 display aaa Output

Field	Description

Default Values	RADIUS default values for all parameters.

authport	UDP port on the WX switch for transmission of RADIUS
	authorization and authentication messages. The default
	port is 1812.

acctport	UDP port on the WX switch for transmission of RADIUS
	accounting records. The default is port 1813.

timeout	Number of seconds the WX switch waits for a RADIUS
	server to respond before retransmitting. The default is
	5 seconds.

acct-timeout	Number of seconds the WX switch waits for a RADIUS
	server to respond to an accounting request before
	retransmitting. The default is 5 seconds.

retrans	Number of times the WX switch retransmits a message
	before determining a RADIUS server unresponsive. The
	default is 3 times.

Image 218

HP Manager Software manual Describes the fields that can appear in display aaa output, Display aaa Output

Contents

Wireless LAN Mobility System 3CRWXR10095A, 3CRWX120695A, 3CRWX440095A3Com Corporation 350 Campus Drive Marlborough, MA USA Contents Clear banner motd Clear history Clear prompt Set system location102 104126 Display ip alias 127 183 Display snmp community 186 174 Set summertime 177 Set system ip-address 179180 Set timezone 181 Display dhcp-client 182 187245 Set user group 258 Set usergroup 259 Set web-aaa 260 MAP Access Point Commands by Usage272 Clear radio-profile 274 Clear service-profile 275 276 267318 STP Commands Set spantree portvlanpri 396 Set spantree priority 397 Security ACL Commands by Usage 423 clear security acl395 414432 Commands by Usage 447Display security acl hits 430 Display security acl info 431 448 Crypto certificate 449500 503528 525525 Display rfdetect visible 526 530561 Dir Display boot 547 Display config 548549 Clear log trace 562 Clear traceSystem LOG Commands Register Your Product 607Page Conventions List conventions that are used throughout this guideDocumentation „ Wireless LAN Switch Manager 3WXM Release Notes„ Wireless LAN Switch and Controller Release Notes „ Document title CommentsPddtechpubscomments@3com.com „ Document part number and revision on the titleExample Overview Clear fdb dynamic port port-list vlan vlan-id Set enablepassClear interface vlan-idip MAC Address Text EntryConventions NotationWildcard Masks MasksSubnet Masks User GlobsUser Globs Gives examples of user globsMAC Address Globs Matching Order for Globs WX1200# set port enableVlan Globs „ a single port number. For exampleEditing Command-LineWX1200# reset port Operating systemsWX1200# display i Tab WX1200# display i? Using CLI HelpAt your access level, type the help command. For example WX1200# display ip ? Understanding Command DescriptionsSet ap dap name command has the following complete syntax WX1200# display ip telnetSyntax disable Defaults None Commands byDisable UsageEnable QuitSet enablepass Access Commands System Service Commands To located commands in this chapter based on their useClear history Banner with an empty banner by typing the following commandClear banner motd „ display banner motd onClear prompt Clear systemDisplay banner Motd„ clear banner motd on DisplayBase-information Display system Defaults None Access AllDisplay license See Also „ set license onDescribes the fields of display system output Display system outputNvram size /SDRAM size percent of total Help WX switch„ Using CLI Help on Syntax helpSyntax history Set auto-configHistory „ clear history onSet auto-config WX-1200#crypto generate key admin 1024 key pair generated Enable the Dhcp client on VlanEnable the auto-config option Common Name remoteswitch1@example.comSyntax set banner motd text Save the configuration changes„ Delimiting character that begins and ends the message That might have a large impact on the network Set confirmSee Also „ clear banner motd on „ display banner motd on Syntax set confirm on offWX4400# clear vlan red Set lengthExamples To turn off these confirmation messages, type WX4400# set confirm offSee Also „ display license on Installs an upgrade license, for managing more MAPsSet license Set prompt Syntax set prompt stringCountrycode Set system contact Stores a contact name for the WX switchSet system Country CodesCountry Code Country Codes „ ip-addr- IP address, in dotted decimal notation Ip-addressMobility Domain WX1200# set system country code CASyntax set system location string Syntax set system name stringSet system name System Service Commands Port Commands Locate commands in this chapter based on their useRemoves a Distributed MAP That are using the MAPClear dap „ set dap onSee Also „ set port-groupon „ display port-groupon Clear port-group„ name name Name of the port group Syntax clear port-group name nameClear port name Removes the name assigned to a port Clear portPreference See Also „ display port status on „ set port name on„ set port preference on Clear port type„ display port preference on PortDisplay port CountersSyntax display port-group all name group-name Display port-groupShows port group informationWX1200 display port counters octets port Describes the fields in this display Describes the fields in the display port-group outputSee Also „ clear port-groupon „ set port-groupon Output for display port-groupDisplay port Syntax display port status port-list Output for display port preferenceWX4400# display port preference Port Preference Output for display port status WX1200# display port status„ set port negotiation on Monitor portSee Also „ clear port type on „ set port speed onKey Controls for Monitor Port Counters Display Output for monitor port counters WX4400# monitor port countersCorrect length but contained an invalid See Also „ display port counters on Reset port Set dapPort Commands Set dap Syntax set port enable disable port-list Following command removes Distributed MAPAdministratively disables or reenables a port Set portSingle logical link See Also „ reset port onConfigured together as a single logical link With no spacesSee Also „ clear port-groupon „ display port-groupon Name or number in other CLI commandsSet port name Syntax set port port name nameWX1200# set port negotiation 3,5 disable Following command enables autonegotiation on portSyntax set port negotiation port-listenable disable WX1200# set port negotiation 2 enableSee Also „ set port type ap on „ set port type wired-authon Access pointsFollowing command enables PoE on ports 4 Set port poeSyntax set port preference port-listrj45 Set port speedChanges the speed of a port WX4400# set port preference 2 rj45Set snmp profile command Set port trapMp-352mp-372- MAP access point model WX1200# set port trap 3-4 enable„ radiotype 11a 11b 11g Radio type „ poe enable disable Power over Ethernet PoE state„ 11a 802.11a „ 11b 802.11b „ 11g 802.11g Defaults All WX ports are network ports by default WX1200# set port type ap 1-3,5 model ap8250 poe enable MAP Access Port DefaultsWX1200# set port type ap 1-3,5 model ap3750 poe enable Command Wired-authBefore changing the port type from ap to wired-author from Set port typeWired Authentication Port Details Vlan membershipSee Also „ clear port type on „ set port type ap on Port Commands Vlan Commands Syntax clear fdb perm static dynamic Clear fdbDeletes an entry from the forwarding database FDB Port from the VLAN, make sure you specify the port number Clear vlan„ display fdb on Display fdb Following command completely removes Vlan marigoldSee Also „ set vlan port on „ display vlan config on Displays entries in the forwarding databaseWX4400# display fdb all Output for display fdb Describes the fields in the display fdb outputSee Also „ clear fdb on WX4400# display fdbAgingtime See Also „ set fdb agingtime onDisplay roaming StationOutput for display roaming station Describes the fields in the displaySee Also „ display roaming vlan on WX4400# display roaming vlan Output for display roaming vlanSyntax display roaming vlan Output for display tunnel See Also „ display vlan config onDisplay tunnel Syntax display tunnelSyntax display vlan config vlan-id Display vlan configOutput for display vlan config WX1200# display vlan config burgundySyntax set fdb perm static Set fdbAdds a permanent or static entry to the forwarding database See Also „ clear fdb on „ display fdb on Syntax set fdb agingtime vlan-idage secondsCreates a Vlan and assigns a number and name to it Set vlan nameSee Also „ display fdb agingtime on Syntax set vlan vlan-numname nameSet vlan port Tunnel-affinity Tag value to be the same but some other switches doSet vlan Adds ports 1 through 3 to the VlanSee Also „ display roaming vlan on „ display vlan config on IP Services Commands To locate commands in this chapter based on their useIP Services Commands by Usage DNSRemoves an IP interface Access Enabled History Introduced in MSS VersionClear interface Syntax clear interface vlan-idipSyntax clear ip alias name Clear ip aliasSee Also „ display ip alias on Syntax clear ip dns domain Clear ip dns domain Removes the default DNS domain name„ ip-addr- IP address of a DNS server WX1200# clear ip dns domain„ clear ip dns domain on Default is an alias for IP address 0.0.0.0/0Clear ip route See Also „ display ip route on „ set ip route onRemoves an NTP server from a WX switch configuration Defaults The default Telnet port number isTelnet management traffic to its default Clear ip telnetUpdate-interval Clear ntpSyntax clear snmp community name comm-string Clear snmpCommunity „ display snmp community onReceiver Clear snmp profileClear snmp trap Clear snmp usmSee Also „ set snmp usm on „ display snmp usm on Syntax clear summertimeClear timezone Use the addressShows the ARP table Display arpUsage All Syntax display arp ip-addrOutput for display arp „ set arp on„ set arp agingtime on See Also „ set interface on „ set interface status on Shows the IP aliases configured on the wireless LAN switchDisplay ip alias Output for display interface„ clear ip alias on Examples The following command displays the DNS informationDisplay ip dns „ set ip alias onOutput for display ip dns Display ip httpsShows information about the Https management port Syntax display ip httpsOutput for display ip https WX4400# display ip httpsSyntax display ip route destination Display ip routeShows the IP route table WX4400# display ip routeOutput of display ip route FieldDescriptionWX4400 display ip telnet Output for display ip telnetSyntax display ip telnet Shows NTP client information Examples To display NTP information for a WX switch, typeDisplay ntp Output for display ntp„ set ntp server on „ set summertime on „ set timezone on Examples To display Snmp settings on a WX switch, type ConfigurationShows Snmp settings on a wireless LAN switch Display snmpOutput of display snmp configuration Syntax display summertime Defaults There is no summertime offset by defaultSummertime WX1200# display summertimeWX4400# display timezone WX1200# display timedateSyntax display timezone Defaults „ count „ set timedate on „ set timezone onSet arp „ traceroute onSyntax set arp agingtime seconds Following command disables ARP agingSee Also „ set arp agingtime on WX1200# set arp agingtimeSet interface „ clear interface on Syntax set interface vlan-idip dhcp-client enable disableDhcp-client „ disable Disables the Dhcp server Configures the MSS Dhcp server„ enable Enables the Dhcp server Defaults The Dhcp server is enabled by default on a newSee Also „ display dhcp-serveron Syntax set interface vlan-idstatus up downSet ip dns Aliases as shortcuts in CLI commandsSet ip alias See Also „ clear ip alias on „ display ip alias onSyntax set ip dns domain name WX1200# set ip dns domain example.comSyntax set ip dns server ip-addrprimary secondary Syntax set ip route default ip-addr mask WX switch is disabledSyntax set ip https server enable disable Set ip routeSet ip route Syntax set ip snmp server enable disable „ clear snmp notify target on WX4400# set ip snmp server enableSet ip ssh Secure Shell SSH management traffic„ set ip ssh idle-timeouton Absolute-timeout„ set ip ssh absolute-timeouton „ set ip ssh server onSet ip ssh server Idle-timeoutAlso disabled History -Introduced in MSS Version Maximum number of SSH sessions supported on a WX switch isSet ip telnet Telnet management trafficSyntax set ip telnet server enable disable Set ntp Enables or disables the NTP client on a wireless LAN switchConfigures a wireless LAN switch to use an NTP server Set ntp serverImplementation and Analysis RFC 1305, Network Time Protocol Version 3 SpecificationDefaults The default NTP update interval is 64 seconds NTP serverSet snmp User. SNMPv3 does not use community stringsSet snmp community SNMPv3 with Informs Set snmp notifyTarget SNMPv3 with Traps Usm trap user usernameSNMPv2c with Informs SNMPv2c with Traps SNMPv1 with TrapsSuccess change accepted „ notification-type- Any of the items in Table Snmp notification typesPoint Snmp notification types WX-1200#set snmp notify profile snmpprofrfdetect send RFDetectRogueDisappearTraps success change accepted Syntax set snmp protocol v1 v2c usm all enable disable WX-1200# set snmp security encrypted success change accepted Set snmp usm Versions, use the set snmp community command to configureSet snmp trap Community strings„ auth-type none md5 sha auth-pass-phrase string IP Services Commands Encrypt-type 3des encrypt-pass-phrase mycryptpword WX-1200# set snmp usm securesnmpmgr1 snmp-engine-idAuth-type sha auth-pass-phrase myauthpword WX1200# set summertime PDT success change accepted Following WX4400# set interface taupe ip 10.10.20.20/24Syntax set timedate date mmm dd yyyy time hhmmss Sets the time of day and date on the wireless LAN switchSet timedate WX4400# set timedate date feb 29 2004 time 235800WX1200# set timezone PST It is enabledSet timezone WX-1200# display dhcp-client Output for display dhcp-clientSyntax display dhcp-client Syntax display dhcp-server interface vlan-id verbose See Also „ set interface dhcp-clientonDisplay dhcp-serverDisplays MSS Dhcp server information WX-1200#display dhcp-serverDisplay dhcp-server Describe the fields in these displaysOutput for display dhcp-server See Also „ set interface dhcp-serveron Output for display dhcp-client verboseSyntax display snmp community Displays the configured Snmp community stringsOutpot for display snmp community WX-1200#display snmp communityWX-1200#display snmp counters Displays Snmp statistics countersSyntax display snmp counters Syntax display snmp notify profile WX-1200#display snmp notify profileWX-1200#display snmp notification target See Also „ clear snmp profile on „ set snmp profile onSyntax display snmp notify target Output for display snmp notification target User Name of the Snmp user EngineIDOutput for display Snmp status WX-1200#display snmp statusSwitch has booted WX-1200#display snmp usm USM users „ display snmp notify target on „ display snmp usm onOutput for display snmp usm See Also „ clear snmp usm on „ display snmp usm on WX4400# telnet TelnetOpens a Telnet client session with a remote device Traceroute Defaults„ dnf Disabled See Also „ clear sessions on „ display sessions on„ wait „ no-dns- Disabled „ port„ queries „ size „ ttl Ctrl+CError messages for traceroute „ ping onAAA Commands by Usage Locate commands in this chapter based on their useThis chapter presents AAA commands alphabetically. Use to Display accounting statistics on Syntax clear accounting admin dot1x user-glob WX4400# clear accounting dot1x NinClear authentication AdminConsoleConsole Syntax clear authentication console user-globWX4400# clear authentication console Regina Syntax clear authentication dot1x ssid ssid-namewired WX4400# clear authentication last-resort wired Clear authentication Removes a MAC authentication rule. macSyntax clear authentication last-resort ssid ssid-namewired Syntax clear authentication mac ssid ssid-namewiredSyntax clear authentication proxy ssid ssid-nameuser-glob Access Enabled History -Introduced in MSSWX4400# clear authentication mac ssid thatcorp aabbcc WX-1200#clear authentication proxy ssid mycorp See Also „ set authentication proxy on„ on Clear authentication Removes a WebAAA rule. web Syntax clear location policy rule-number Radius server User who is authenticated by a MAC addressClear mac-user Syntax clear mac-user mac-addrACL from the profile of a user at MAC address WX switch, for a user who is authenticated by a MAC addressGroup For your Radius serverClear Mac-usergroupMac-usergroup attr Clear user „ set mobility-profile mode onMobility-profile „ set mobility-profileonNin Database on the WX switch, for a user with a passwordClear user attr „ set user onUsergroup Clear user groupClear usergroup „ clear usergroup onSyntax clear usergroup group-name attr attribute-name Display aaa Displays all current AAA settingsSecion added to indicate the state of the WebAAA feature Time-Of-Day attribute from the groupDescribes the fields that can appear in display aaa output Display aaa OutputDisplay aaa Output Statistics Stored in the local database on the WX switchDisplay accounting Statistics outputDisplay accounting statistics Policy On an WX switchDisplay location „ clear location policy onAre sent Admin consoleSet accounting Authenticated by Server when the user roamsAccesses the switch using Telnet or Web Manager Authenticated by MAC authenticationSet accounting dot1x mac web Set authentication Set authentication admin Globs on Through the switch’s consoleCompleting logon Following methods in priority order. MSS applies multipleFor more information, see Usage Syntax set authentication dot1x ssid ssid-namewired Set authentication dot1x AAA Commands Success change accepted Syntax set authentication last-resort 235 Syntax set authentication mac Set authentication mac Proxy WX-1200#set authentication proxy ssid mycorp ** srvrgrp1 Syntax set authentication web ssid ssid-namewiredAAA Commands Set location policy For details, see Vlan Globs on Set location policy WX4400# set location policy deny if user eq *.theirfirm.com Set mac-user Tempvendora into Vlan kiosk1See Also „ clear mac-useron „ display aaa on Authentication Attributes for Local Users Authentication Attributes for Local Users Filter-id outboundacl.outYY/MM/DD-HHMM Time-of-day WX4400# set mac-user 010203040506 attr filter-id acl-03.in See Also „ clear mac-user attr on „ display aaa on Syntax set mac-usergroupSee Also „ clear mac-usergroup attr on „ display aaa on Syntax set mobility-profile name name port none allAAA Commands Syntax set mobility-profile mode enable disable „ set user attr on „ set usergroup onSet user „ clear user on Set user attr29Jan04 Orange„ clear user attr on That exists in the local database on the WX switchSet user group ServerSet usergroup Assigns authorization attributes for the groupTo add a user to a group, user the command set user group Set web-aaa Examples To disable WebAAA, type the following commandSyntax set web-aaa enable disable To locate commands in this chapter based on their use Mobility Domain Commands by UsageMobility-domain MemberStatus Display mobility-domain configDisplays the configuration of the Mobility Domain See Also „ set mobility-domain member onDisplay mobility-domain Output WX4400# display mobility-domain statusSyntax set mobility-domain member ip-addr Command is rejectedSet Seed-ip Mode memberSeed, this command overwrites that configuration 192.168.1.8Set mobility-domain mode seed domain-name Syntax set mobility-domain mode seed domain-nameMobility Domain Commands Commands Type Command Set ap dap radio auto-tune max-power on Set ap dap radio auto-tunemin-client-rateon Syntax clear ap port-listdap dap-num radio 1 2 all Clear ap dapRadio Radio-Specific Parameters WX1200# clear ap 3 radioSyntax clear radio-profile name parameter „ name Service profile name Syntax clear service-profile nameSee Also „ clear radio-profileon „ set radio-profile mode on WX1200# display ap config WX4400# display dap configOutput for display ap config DAP„ set port type ap on „ set ap dap bias on WX1200# display ap counters Output for display ap counters Tkip Pkt ReplaysSee Also „ display sessions network on Ccmp Pkt ReplaysOutput for display ap dap qos-stats WX-1200#display dap qos-statsWX4400# display dap etherstats Output of display ap etherstatsSyntax display ap dap etherstats port-listdap-num Syntax display ap dap group name Access point groups„ name Name of an MAP group or Distributed MAP group WX1200# display ap group loadbalance1 „ set ap dap group onOutput for display ap group MAP WX4400# display dap statusOutput for display ap status WX1200# display ap statusOutput for display ap status Attributes Decide whether to change channel or power settingsDisplay auto-tune Syntax display auto-tune attributesWX1200# display auto-tune attributes ap 2 radio See Also „ display auto-tune neighbors onOutput for display auto-tune attributes Syntax display auto-tune neighbors Neighbors3Com radio can hear Ap map-numradio 1 2allOutput for display auto-tune neighbors Display auto-tune Neighbors ap 2 radioConnection Display dap global commandDisplay dap Syntax display dap global dap-numserial-id serial-ID Output of display dap connectionDap connection serial-id M9DE48B6EAD00 Output for display dap global WX4400# display dap globalLonger appears in the command’s output UnconfiguredBut that are not configured on any WX switches Network port is a member of a VlanDisplays radio profile information Output for display dap unconfiguredRadio-profile Syntax display radio-profile name ?WX4400# display radio-profile default Output for display radio-profileTune Channel Ssid „ name Displays information about the named service profile Service-profileDisplays service profile information „ ? Displays a list of service profilesDisplay service-profile Other WPA parameters Reset ap dap Listed in . The commands are listed in the See Also section Dap auto mode enable commandUsage lists the configurable template parameters and their Configurable Template Parameters for Distributed MAPsWX1200# set dap auto success change accepted Syntax set dap auto mode enable disable „ Radio type „ 11a-802.11a „ 11b-802.11b „ 11g-802.11g RadiotypeTemplate See Also „ set dap auto onSyntax set ap port-listdap dap-numauto bias high low See Also „ display ap dap config on Blink enable disable Syntax set dap num fingerprint hex„ ap port-list- List of MAP access ports to add to the group WX1200# set ap 4 group none success change accepted Set ap dap name Changes an MAP name „ antennatype ANT1060 ANT1120 ANT1180 internal „ antennatype ANT5060 ANT5120 ANT5180 internalSet ap dap radio auto-tune max-power Radio 1 2 auto-tune max-power power-levelSet ap dap radio auto-tune max- retransmissions Radio 1 2 auto-tune max-retransmissions retransmissionsSet ap dap radio auto-tune max- retransmissions Syntax set ap port-listdap dap-numradio 1 Set ap dap radio channelSets an MAP radio’s channel Radio 1 2 auto-tune min-client-rate rate „ display ap dap config onSet ap dap radio auto-tune min-client-rate Examples Set ap 6 radio 1 min-client-rateFollowing command enables radio 2 on ports 1 through Set ap dap radio modeEnables or disables a radio on an MAP access point Radio 1 2 mode enable disableDefaults None Set ap dap radio tx-power Sets an MAP radio’s transmit powerSyntax set dap security require none optional WX-1200#set dap security require Upgrade-firmware Set ap dapSet radio-profile 11g-onlySet radio-profile auto-tune channel-config Syntax set radio-profile name active-scan enable disableSet radio-profile auto-tune channel-holddown Syntax set radio-profile name auto-tune channel-holddownSet radio-profile auto-tune channel-interval Syntax set radio-profile name auto-tune channel-intervalSet radio-profile auto-tune power-backoff- timer Syntax set radio-profile name auto-tune power-backoff-timerSet radio-profile auto-tune power-config WX4400# set radio-profile rp2 auto-tune power-backoff-timerSet radio-profile auto-tune power-interval Beacon-interval Defaults Countermeasures are disabled by default Clients from being able to use rogue access points„ rogue Configures radios to attack rogues only Following command disables countermeasures in radio profileSyntax set radio-profile name dtim-interval interval Syntax set radio-profile name frag-threshold threshold Syntax set radio-profile name long-retry thresholdSyntax set radio-profile name max-rx-lifetime time Syntax set radio-profile name max-tx-lifetime time Mode Set radio-profile mode WX4400# set radio-profile rp1 mode enable Syntax set radio-profile name Syntax set radio-profile name service-profile name Syntax set radio-profile name rts-threshold thresholdDefaults for Service Profile Parameters Parameter Default Value To Default ValueSet radio-profile auth-psk command 349 Short-retry WmmSyntax set service-profile Name auth-dot1x enable disable WPA IE Set service-profile auth-fallthru Syntax set service-profile name auth-psk enable disable Syntax set service-profile name beaconed enable disable Set service-profile Cipher-ccmpCipher-tkip Use the set service-profile wep commands Cipher-wep104Cipher-wep40 Syntax set service-profile name psk-phrase passphrase Syntax set service-profile name psk-raw hex See Also „ set service-profilecipher-ccmpon Syntax set service-profile name rsn-ie enable disableSet service-profile auth-psk command Syntax set service-profile name ssid-name ssid-nameSee Also „ set service-profilessid-typeon SyntaxSee Also „ set service-profilessid-nameon Syntax set service-profile name tkip-mc-time wait-timeWeb-aaa-form Ssid managed by the service profileSyntax set service-profile name web-aaa-form url WX4400# mkdir corpa-ssid success change accepted„ mkdir on Set service-profile wep active-multicast- index„ copy on „ dir on Set service-profile wep active-unicast- index Syntax set service-profile name wep active-unicast-index numWep key-index Syntax set service-profile name wpa-ie enable disable STP Commands by Usage STP Commands byTable to locate commands in this chapter based on their use Portcost STP root bridge in all VLANs on a WX switchClear spantree Syntax clear spantree portcost port-list„ clear spantree portvlanpri on PortpriPortvlancost „ set spantree portpri onPortvlanpri „ clear spantree portcost on„ clear spantree portpri on See Also „ display spantree statistics onSpantree vlan default Syntax display spantreeOutput for display spantree RootBackbonefast Or disabledDisplay spantree „ display spantree blockedports onSee Also „ display spantree on Blockedports„ set spantree backbonefast on See Also „ set spantree portfast on PortfastFor one or more network ports Output for display spantree portfastSyntax display spantree portvlancost port-list Port’s VLANs„ port-list- List of ports Syntax display spantree statisticsWX4400# display spantree statistics Topology change Timer value Hold timer Output for display spantree statistics Vlan Vlan IDConfigpending Switch is the root or is attempting to become the root See Also „ clear spantree statistics on Syntax display spantree uplinkfast vlan vlan-idSet spantree „ set spantree uplinkfast onFollowing command disables STP on Vlan burgundy Examples The following command enables STP on all VLANsConfigured on a WX switch An indirect linkFwddelay „ display spantree backbonefast onVLANs to 4 seconds Issues a topology change messageMaxage „ all Changes the maximum age on all VLANsPath to the STP root bridge Type. lists the defaults for STP port path costSTP Port Path Cost Defaults 65,535. STP selects lower-cost paths over higher-cost pathsPortvlancost command See Also „ display spantree portfast on Syntax set spantree portpri port-listpriority valueType. See on Bridge for a specific Vlan on a wireless LAN switch„ all Changes the cost on all VLANs To 20 in Vlan mauveHighest priority through 255 lowest priority Path to the STP root bridge, on one Vlan or all VLANsPorts „ all Changes the priority on all VLANsPriority UplinkfastSee Also „ display spantree uplinkfast on Igmp Snooping Commands Igmp Commands by UsageSee Also display igmp statistics on Clear igmp statisticsDisplay igmp TTL Output for display igmp TTL WX1200# display igmp Mrouter vlan orange MrouterSyntax display igmp mrouter vlan vlan-id Syntax display igmp querier vlan vlan-id Defaults None Access EnabledOnly one querier WX1200# display igmp querier vlan orange WX1200# display igmp querier vlan defaultOutput for display igmp mrouter WX1200# display igmp querier vlan redReceiver-table „ set igmp querier onIgmp Receiver-table group 237.255.255.0/24 See Also „ set igmp receiver onOutput for display igmp receiver-table Syntax display igmp statistics vlan vlan-id Shows Igmp statistics„ vlan vlan-id Vlan name or number. If you do not specify a WX1200# display igmp statistics vlan orangeOutput of display igmp statistics From the multicast routers in the subnetWireless LAN switch See Also „ set igmp rv onSet igmp lmqi VLANs on a wireless LAN switchVLAN, the timer change applies to all VLANs From 1 through 65,535Syntax set igmp mrouter port port-listenable disable See Also „ display igmp statistics onSet igmp mrsol Enables or disables multicast router solicitation by a WXSyntax set igmp mrsol enable disable vlan vlan-id See Also „ set igmp mrsol mrsi onAll VLANs on a WX Set igmp oqiSee Also „ set igmp mrsol on Syntax set igmp oqi seconds vlan vlan-id„ set igmp lmqi on Set igmpProxy-report „ set igmp qri onSet igmp qi Syntax set igmp qi seconds vlan vlan-idGroup. You can specify a value from 1 through 65,535 Set igmp qriVLANs on a WX See Also „ display igmp querier on Syntax set igmp querier enable disable vlan vlan-idSyntax set igmp receiver port port-listenable disable Set igmp rv Set igmp rv Igmp Snooping Commands Security ACL Commands Security ACLSyntax clear security acl acl-name all editbuffer-index WX4400# commit security acl acl133 configuration accepted Syntax clear security acl map acl-nameall vlan vlan-id Syntax commit security acl acl-nameall Syntax display security acl dscp WX4400# commit security acl allWX4400# display security acl WX-1200#display security acl dscp Examples The following command displays the tableSee Also „ set security acl on Syntax display security acl editbufferWX4400# display security acl editbuffer Syntax display security acl hitsSyntax display security acl info acl-nameall editbuffer See Also „ hit-sample-rateon „ set security acl onWX4400# display security acl hits Security ACL is assigned Display security aclMap Syntax display security acl map acl-nameSupport for your Product on Resource-usageACL acl111 is mapped WX4400# display security acl map acl111WX4400# display security acl resource-usage Output of display security acl resource-usage Output of display security acl resource-usage Syntax hit-sample-rate seconds Hit-sample-ratePackets filtered by the security ACL or hits Syntax rollback security acl acl-nameall Set security acl Protocol, or IP, ICMP, TCP, or UDP packet informationBy UDP packets By Icmp packetsBy TCP packets „ ip „ tcp „ udp „ icmp Security ACL Commands Set security acl WX4400# set security acl ip acl123 deny 192.168.2.11 Set security acl map Security ACL Commands To locate commands in this chapter based on their use Cryptography Commands by UsageSyntax crypto ca-certificate admin eap webaaa Syntax crypto certificate admin eap webaaa See Also „ display crypto ca-certificateonAccess Enabled History -Introduced in MSS Version Syntax crypto generate key admin eap ssh webaaa 512 1024 See Also display crypto key ssh onSyntax crypto generate request admin eap webaaa WX4400# crypto generate request admin Email Address admin@example.comSyntax crypto generate self-signed admin eap webaaa See Also „ crypto certificate on „ crypto generate key onWX4400# crypto generate self-signed admin Crypto otp Crypto pkcs12 „ crypto pkcs12 onSee Also „ crypto otp on WX4400# crypto otp eap hap9iN#ssPkcs #7 certificate Display cryptoCa-certificate Display crypto ca-certificate OutputCertificate On the WX switchSyntax display crypto certificate admin eap webaaa Describes the fields of the displaySee Also crypto generate key on Syntax display crypto key sshCryptography Commands Locate commands in this chapter based on their uses Radius Commands by UsageClear radius See Also „ display aaa on „ set radius client system-ipon Syntax clear radius client system-ipSyntax clear radius proxy client all See Also „ set radius proxy client onSee Also „ set radius proxy port on Syntax clear radius proxy port allSyntax clear server group group-nameload-balance See Also „ display aaa on „ set radius server onSyntax clear radius server server-name Set radius „ set server group on„ clear radius server on Set radius clientSystem-ip WX4400# set radius client system-ipsuccess change accepted „ clear radius proxy client on Set radius proxyPort To 32 characters long, with no spaces or tabs Set radius server WX1200# set server group shorebirds members heron egret Sandpiper Load-balance group„ group-name- Server group name of up to 32 characters Radius and Server Group Commands 802.1X Commands by Usage On the switchCommands on PerformanceBonded-period Resets the Bonded Auth period to its default valueClear dot1x See Also „ display dot1x on „ set dot1x bonded-periodonPort-control „ set dot1x max-reqonQuiet-period „ set dot1x reauth-maxon Reauth-maxReauth-period See Also „ display dot1x on „ set dot1x reauth-periodonAuth-server „ set dot1x timeout auth-serveron„ set dot1x timeout supplicant on Supplicant„ set dot1x tx-periodon Tx-periodDisplay dot1x WX1200# display dot1x config WX4400# display dot1x clientsWX4400# display dot1x stats Type the following command to display 802.1X statisticsExplains the counters in the display dot1x stats output Authcontrol Port-control commandSet dot1x Authentication ports, type the following command Authentication is enabledExamples To enable per-port 802.1X authentication on wired Machine to start reauthentication for the userSyntax set dot1x key-tx enable disable See Also „ display dot1x on „ clear dot1x bonded-periodonSee Also „ display dot1x on See Also „ clear dot1x max-reqon „ display dot1x onAuthentication dot1X command See Also „ display port status on „ display dot1x onSyntax set dot1x quiet-period seconds To a supplicant after a failed authenticationSyntax set dot1x reauth enable disable Syntax set dot1x reauth-max number-of-attempts Before the supplicant client becomes unauthorizedSee Also „ display dot1x on „ clear dot1x reauth-maxon Out a request to a Radius authentication server Set dot1x timeoutAttempts reauthentication See Also „ display dot1x on „ clear dot1x reauth-periodonSyntax set dot1x tx-period seconds Out an authentication session with a supplicant clientSyntax set dot1x timeout supplicant seconds See Also „ display dot1x on „ clear dot1x tx-periodon Syntax set dot1X wep-rekey enable disableWep-rekey Broadcast and multicast encryption keys„ seconds Specify a value between 30 and 1,641,600 19 days Defaults The default is 1800 seconds 30 minutesWep-rekey-period To 300 secondsClear sessions Telnet sessionsNetwork VLANs, or session IDWX1200# clear sessions network session-id To clear session 9, type the following commandWX4400# clear sessions network mac-addr Display sessions WX4400 display sessions telnet WX4400 display sessions adminWX4400 display sessions console See Also „ clear sessions on Display sessions telnet client OutputSyntax display sessions network WX1200# display sessions network „ Summary display See on „ Verbose display See on„ display sessions network session-id display See on WX1200# display sessions network mac-addr 00055d7e981aWX1200# display sessions network verbose WX1200# display sessions network session-idDisplay sessions network summary Output Additional display sessions network verbose OutputTime 802.1X protocol on a wired authentication port Display sessions network session-id OutputSee Also „ clear sessions network on Session Management Commands To locate the commands in this chapter based on their use RF Detection Commands by UsageAttack-list Examples The following command clears MAC addressClear rfdetect Removes a MAC address from the attack listIgnore Black-listCountermeasures Mac Clear rfdetect „ set rfdetect ignore on Ssid-list„ display rfdetect ignore on „ set rfdetect ssid-liston„ set rfdetect vendor-liston Vendor-listDisplay rfdetect „ display rfdetect vendor-listonRF Detection Commands Domain CountermeasuresMobility Domain Display rfdetect countermeasures OutputSyntax display rfdetect data Displays information about the APs detected by a WX switchData Display rfdetect data Output WX1200# display rfdetect dataWX4400# display rfdetect ignore Total number of entries Ignore listSyntax display rfdetect ignore Syntax display rfdetect mobility-domain Bssid mac-addr Displays rogues that are using the specifiedDuring RF detection scans WS1200# display rfdetect mobility-domainSsid 3Com-webaaa WS1200# display rfdetect mobility-domain ssid 3Com-webaaaWX1200# display rfdetect mobility-domain bssid 000b0e0004d1 Following command displays detailed information for a BssidDisplay rfdetect mobility-domain Output Display rfdetect mobility-domain ssid or bssid Output Displays the entries in the permitted Ssid list WX switch„ display rfdetect data on „ clear rfdetect ssid-listonDisplay ap dap status command VisibleDisplay rfdetect visible Output WX1200# display rfdetect visible RadioAddresses of APs and clients Set rfdetectActive-scan Defaults The client black list is empty by default Configured. WX switches do not share attack listsExamples The following command adds MAC address Configured. WX switches do not share client black listsSet rf detect Countermeasures Mac Set rfdetect ignoreSee Also „ display log buffer on WX switches in a Mobility Domain SignaturePermitted SSIDs Examples The following command adds Ssid mycorp to the listOnly for the SSIDs that are on the list Device’s OUI is in the permitted vendor listWX1200# display rfdetect attack-list Trailing 000000 value is requiredSyntax display rfdetect attack-list Syntax display rfdetect black-list Displays the wireless clients detected by an WX switchClients WX1200# display rfdetect black-listDisplay rfdetect clients Output WX1200# display rfdetect ClientsDisplay rfdetect clients mac Output From the wired side of the network addressed to File Management Commands Tape archive tar format Dir command outputLocally on the switch „ tftp/ip-addr/filename- Name of the archive file to createSyntax clear boot config Performs the following copy operations „ reset system onCopy „ Copies a file from a Tftp server to nonvolatile storageWX4400# copy test-config new-config WX4400# copy floorwx tftp//10.1.1.1/floorwxImmediately deletes the specified file File or the running configurationDelete Syntax delete urlDir Output for dir Describes the fields in the dir output„ copy on „ delete on Access Access Display bootReboot and configured for use after the next reboot Describes the fields in the display boot outputSyntax display config area area all Display configDisplays the configuration running on the WX switch WX4400# display config area vlan See Also „ load config on „ save config onAnd, optionally, for any attached MAP access points Display versionWX1200# display version WX1200# display version detailsDescribes the fields in the display version output Load configRunning configuration with the commands in the loaded file Output for display versionWX4400# load config Following command loads configuration file testconfig1Syntax load config url WX4400# load config testconfig1Mkdir Creates a new subdirectory in nonvolatile storage„ dir on „ rmdir on Reset systemRestarts an WX switch and reboots the software Restore Generate new key pairs and certificates on the switchRmdir „ backup onWX1200# restore system tftp/10.10.20.9/sysabak Removes a subdirectory from nonvolatile storageSyntax save config filename Save configSaves the running configuration to a configuration file „ dir on „ mkdir onConfiguration Set bootConfiguration-file Testconfig1Syntax set boot partition boot0 boot1 File Management Commands Trace Commands Clear trace Deletes running trace commands and ends trace processesClear log trace Deletes the log messages stored in the trace bufferSyntax display trace all WX switch, or all possible trace optionsDisplay trace WX4400# display traceSet trace AuthenticationSave trace Authorization See Also „ clear trace on „ display trace onSet trace dot1x Set trace sm Syntax set trace sm mac-addr mac-address port port-numTrace Commands Snoop Commands „ display snoop info on Clear snoopClear snoop map „ display snoop on Set snoop„ set snoop map on „ display snoop map onChapter Snoop Commands WX1200# set snoop snoop1 observer 10.10.30.2 snap-length Radio 1 of the MAP Set snoop mapFilter Radio 2 of the MAP. This option does not apply toEnable stop-afternum-pkts- Enables the snoop filter Set snoop modeTo an MAP radio and enable the filter All snoop filtersDisplay snoop Display snoop map commandFor all snoop filters configured on a WX switch Displays the MAP radio mapping for all snoop filtersSyntax display snoop filter-name Display snoop info Shows the configured snoop filtersSee Also „ clear snoop on WX1200# display snoop info snoop1Snoop map snoop1 Examples display snoop stats filter-namedap-numradioSnoop stats snoop1 Snoop1Display snoop stats Output Chapter Snoop Commands Clear log Syntax clear log buffer server ip-addrSee Also „ clear log trace on WX4400# display log buffer facility AAA You can view event messages archived in the bufferLog buffer facility ? „ clear log on „ display log config onLog config „ set log on „ clear log onSyntax display log trace +-/number-of-messages „ console Sets log parameters for console sessions Set logStorage Address in dotted decimal notation„ trace Sets log parameters for trace files See Also Mbytes See Also „ display log config onSet log trace System LOG Commands Boot Prompt Commands Boot PromptAutoboot „ DEV=device Location of the system image file Boot„ BT=type Boot type „ FN=filename System image filename„ change on „ display on Change Syntax changeCreate Syntax createProfiles, see display on Usage When you type the delete command, the next-lowerExamples To remove the currently active boot profile, type Syntax deleteDiag Syntax diagSyntax display Defaults None Output of display command „ change on „ create on „ delete on „ next onFver Displays a list of the boot prompt commands For an individual command„ command-name- Boot prompt command „ ls onNext Syntax nextSyntax reset ResetResets a WX switch’s hardware Command at the boot promptDefaults The poweron test flag is disabled by default „ on Enables the poweron test flag„ OFF Disables the poweron test flag TestVersion Dir or fver commandType the following command at the boot prompt Syntax versionProduct ServicesRegister Your PurchaseOnline Access SoftwareTroubleshoot DownloadsContact Us Country Telephone Number Latsupportanc@3com.comIndex Delete 544, 597 diag Dir 545, 598 disable 33 display Index Index Index Traceroute Version