Wireless LAN Mobility System
3CRWXR10095A, 3CRWX120695A, 3CRWX440095A
3Com Corporation 350 Campus Drive Marlborough, MA USA
Contents
Clear banner motd Clear history Clear prompt
Set system location
102
104
126 Display ip alias 127
183 Display snmp community 186
174 Set summertime 177 Set system ip-address 179
180 Set timezone 181 Display dhcp-client 182
187
245
Set user group 258 Set usergroup 259 Set web-aaa 260
MAP Access Point Commands by Usage
272 Clear radio-profile 274 Clear service-profile 275 276
267
318
STP Commands
Set spantree portvlanpri 396 Set spantree priority 397
Security ACL Commands by Usage 423 clear security acl
395
414
432
Commands by Usage 447
Display security acl hits 430 Display security acl info 431
448 Crypto certificate 449
500
503
528
525
525 Display rfdetect visible 526
530
561
Dir Display boot 547 Display config 548
549
Clear log trace 562 Clear trace
System LOG Commands
Register Your Product 607
Page
Conventions
List conventions that are used throughout this guide
„ Wireless LAN Switch and Controller Release Notes
„ Wireless LAN Switch Manager 3WXM Release Notes
Documentation
„ Document title
Comments
Pddtechpubscomments@3com.com
„ Document part number and revision on the title
Example
Overview
Clear interface vlan-idip
Set enablepass
Clear fdb dynamic port port-list vlan vlan-id
MAC Address
Text Entry
Conventions
Notation
Wildcard Masks
Masks
Subnet Masks
User Globs
MAC Address Globs
Gives examples of user globs
User Globs
Matching Order for Globs
WX1200# set port enable
Vlan Globs
„ a single port number. For example
Editing
Command-Line
WX1200# reset port
Operating systems
WX1200# display i Tab
At your access level, type the help command. For example
Using CLI Help
WX1200# display i?
WX1200# display ip ?
Understanding Command Descriptions
Set ap dap name command has the following complete syntax
WX1200# display ip telnet
Syntax disable Defaults None
Commands by
Disable
Usage
Enable
Quit
Set enablepass
Access Commands
System Service Commands
To located commands in this chapter based on their use
Clear history
Banner with an empty banner by typing the following command
Clear banner motd
„ display banner motd on
Clear prompt
Clear system
Display banner
Motd
Base-information
Display
„ clear banner motd on
Display system
Defaults None Access All
Display license
See Also „ set license on
Describes the fields of display system output
Display system output
Nvram size /SDRAM size percent of total
Help
WX switch
„ Using CLI Help on
Syntax help
Syntax history
Set auto-config
History
„ clear history on
Set auto-config
WX-1200#crypto generate key admin 1024 key pair generated
Enable the Dhcp client on Vlan
Enable the auto-config option
Common Name remoteswitch1@example.com
„ Delimiting character that begins and ends the message
Save the configuration changes
Syntax set banner motd text
That might have a large impact on the network
Set confirm
See Also „ clear banner motd on „ display banner motd on
Syntax set confirm on off
WX4400# clear vlan red
Set length
Examples To turn off these confirmation messages, type
WX4400# set confirm off
Set license
Installs an upgrade license, for managing more MAPs
See Also „ display license on
Set prompt
Syntax set prompt string
Countrycode
Set system contact Stores a contact name for the WX switch
Set system
Country Codes
Country Code
Country Codes
„ ip-addr- IP address, in dotted decimal notation
Ip-address
Mobility Domain
WX1200# set system country code CA
Syntax set system location string
Syntax set system name string
Set system name
System Service Commands
Port Commands
Locate commands in this chapter based on their use
Removes a Distributed MAP
That are using the MAP
Clear dap
„ set dap on
See Also „ set port-groupon „ display port-groupon
Clear port-group
„ name name Name of the port group
Syntax clear port-group name name
Clear port name Removes the name assigned to a port
Clear port
Preference
See Also „ display port status on „ set port name on
„ set port preference on
Clear port type
„ display port preference on
Port
Display port
Counters
WX1200 display port counters octets port
Display port-groupShows port group information
Syntax display port-group all name group-name
Describes the fields in this display
Describes the fields in the display port-group output
See Also „ clear port-groupon „ set port-groupon
Output for display port-group
Display port
WX4400# display port preference Port Preference
Output for display port preference
Syntax display port status port-list
Output for display port status
WX1200# display port status
„ set port negotiation on
Monitor port
See Also „ clear port type on
„ set port speed on
Key Controls for Monitor Port Counters Display
Output for monitor port counters
WX4400# monitor port counters
Correct length but contained an invalid
See Also „ display port counters on
Reset port
Set dap
Port Commands
Set dap
Syntax set port enable disable port-list
Following command removes Distributed MAP
Administratively disables or reenables a port
Set port
Single logical link
See Also „ reset port on
Configured together as a single logical link
With no spaces
See Also „ clear port-groupon „ display port-groupon
Name or number in other CLI commands
Set port name
Syntax set port port name name
WX1200# set port negotiation 3,5 disable
Following command enables autonegotiation on port
Syntax set port negotiation port-listenable disable
WX1200# set port negotiation 2 enable
See Also „ set port type ap on „ set port type wired-authon
Access points
Following command enables PoE on ports 4
Set port poe
Syntax set port preference port-listrj45
Set port speed
Changes the speed of a port
WX4400# set port preference 2 rj45
Set snmp profile command
Set port trap
Mp-352mp-372- MAP access point model
WX1200# set port trap 3-4 enable
„ 11a 802.11a „ 11b 802.11b „ 11g 802.11g
„ poe enable disable Power over Ethernet PoE state
„ radiotype 11a 11b 11g Radio type
Defaults All WX ports are network ports by default
WX1200# set port type ap 1-3,5 model ap3750 poe enable
MAP Access Port Defaults
WX1200# set port type ap 1-3,5 model ap8250 poe enable
Command
Wired-auth
Before changing the port type from ap to wired-author from
Set port type
Wired Authentication Port Details
Vlan membership
See Also „ clear port type on „ set port type ap on
Port Commands
Vlan Commands
Deletes an entry from the forwarding database FDB
Clear fdb
Syntax clear fdb perm static dynamic
„ display fdb on
Clear vlan
Port from the VLAN, make sure you specify the port number
Display fdb
Following command completely removes Vlan marigold
See Also „ set vlan port on „ display vlan config on
Displays entries in the forwarding database
WX4400# display fdb all
Output for display fdb
Describes the fields in the display fdb output
See Also „ clear fdb on
WX4400# display fdb
Agingtime
See Also „ set fdb agingtime on
Display roaming
Station
See Also „ display roaming vlan on
Describes the fields in the display
Output for display roaming station
Syntax display roaming vlan
Output for display roaming vlan
WX4400# display roaming vlan
Output for display tunnel
See Also „ display vlan config on
Display tunnel
Syntax display tunnel
Syntax display vlan config vlan-id
Display vlan config
Output for display vlan config
WX1200# display vlan config burgundy
Adds a permanent or static entry to the forwarding database
Set fdb
Syntax set fdb perm static
See Also „ clear fdb on „ display fdb on
Syntax set fdb agingtime vlan-idage seconds
Creates a Vlan and assigns a number and name to it
Set vlan name
See Also „ display fdb agingtime on
Syntax set vlan vlan-numname name
Set vlan port
Tunnel-affinity
Tag value to be the same but some other switches do
Set vlan
Adds ports 1 through 3 to the Vlan
See Also „ display roaming vlan on „ display vlan config on
IP Services Commands
To locate commands in this chapter based on their use
IP Services Commands by Usage
DNS
Removes an IP interface
Access Enabled History Introduced in MSS Version
Clear interface
Syntax clear interface vlan-idip
See Also „ display ip alias on
Clear ip alias
Syntax clear ip alias name
Syntax clear ip dns domain
Clear ip dns domain Removes the default DNS domain name
„ ip-addr- IP address of a DNS server
WX1200# clear ip dns domain
„ clear ip dns domain on
Default is an alias for IP address 0.0.0.0/0
Clear ip route
See Also „ display ip route on „ set ip route on
Removes an NTP server from a WX switch configuration
Defaults The default Telnet port number is
Telnet management traffic to its default
Clear ip telnet
Update-interval
Clear ntp
Syntax clear snmp community name comm-string
Clear snmp
Community
„ display snmp community on
Receiver
Clear snmp profile
Clear snmp trap
Clear snmp usm
See Also „ set snmp usm on „ display snmp usm on
Syntax clear summertime
Clear timezone
Use the address
Shows the ARP table
Display arp
Usage All
Syntax display arp ip-addr
„ set arp agingtime on
„ set arp on
Output for display arp
See Also „ set interface on „ set interface status on
Shows the IP aliases configured on the wireless LAN switch
Display ip alias
Output for display interface
„ clear ip alias on
Examples The following command displays the DNS information
Display ip dns
„ set ip alias on
Output for display ip dns
Display ip https
Shows information about the Https management port
Syntax display ip https
Output for display ip https
WX4400# display ip https
Syntax display ip route destination
Display ip route
Shows the IP route table
WX4400# display ip route
Output of display ip route
FieldDescription
Syntax display ip telnet
Output for display ip telnet
WX4400 display ip telnet
Shows NTP client information
Examples To display NTP information for a WX switch, type
Display ntp
Output for display ntp
„ set ntp server on „ set summertime on „ set timezone on
Examples To display Snmp settings on a WX switch, type
Configuration
Shows Snmp settings on a wireless LAN switch
Display snmp
Output of display snmp configuration
Syntax display summertime
Defaults There is no summertime offset by default
Summertime
WX1200# display summertime
Syntax display timezone
WX1200# display timedate
WX4400# display timezone
Defaults „ count
„ set timedate on „ set timezone on
Set arp
„ traceroute on
Syntax set arp agingtime seconds
Following command disables ARP aging
See Also „ set arp agingtime on
WX1200# set arp agingtime
Set interface
Dhcp-client
Syntax set interface vlan-idip dhcp-client enable disable
„ clear interface on
„ disable Disables the Dhcp server
Configures the MSS Dhcp server
„ enable Enables the Dhcp server
Defaults The Dhcp server is enabled by default on a new
See Also „ display dhcp-serveron
Syntax set interface vlan-idstatus up down
Set ip dns
Aliases as shortcuts in CLI commands
Set ip alias
See Also „ clear ip alias on „ display ip alias on
Syntax set ip dns domain name
WX1200# set ip dns domain example.com
Syntax set ip dns server ip-addrprimary secondary
Syntax set ip route default ip-addr mask
WX switch is disabled
Syntax set ip https server enable disable
Set ip route
Set ip route
Syntax set ip snmp server enable disable
„ clear snmp notify target on
WX4400# set ip snmp server enable
Set ip ssh
Secure Shell SSH management traffic
„ set ip ssh idle-timeouton
Absolute-timeout
„ set ip ssh absolute-timeouton
„ set ip ssh server on
Also disabled
Idle-timeout
Set ip ssh server
History -Introduced in MSS Version
Maximum number of SSH sessions supported on a WX switch is
Set ip telnet
Telnet management traffic
Syntax set ip telnet server enable disable
Set ntp
Enables or disables the NTP client on a wireless LAN switch
Configures a wireless LAN switch to use an NTP server
Set ntp server
Implementation and Analysis
RFC 1305, Network Time Protocol Version 3 Specification
Defaults The default NTP update interval is 64 seconds
NTP server
Set snmp
User. SNMPv3 does not use community strings
Set snmp community
Target
Set snmp notify
SNMPv3 with Informs
SNMPv3 with Traps
Usm trap user username
SNMPv2c with Informs
SNMPv2c with Traps
SNMPv1 with Traps
Success change accepted
„ notification-type- Any of the items in Table
Snmp notification types
Point
Snmp notification types
WX-1200#set snmp notify profile snmpprofrfdetect send
RFDetectRogueDisappearTraps success change accepted
Syntax set snmp protocol v1 v2c usm all enable disable
WX-1200# set snmp security encrypted success change accepted
Set snmp usm
Versions, use the set snmp community command to configure
Set snmp trap
Community strings
„ auth-type none md5 sha auth-pass-phrase string
IP Services Commands
Auth-type sha auth-pass-phrase myauthpword
WX-1200# set snmp usm securesnmpmgr1 snmp-engine-id
Encrypt-type 3des encrypt-pass-phrase mycryptpword
WX1200# set summertime PDT success change accepted
Following
WX4400# set interface taupe ip 10.10.20.20/24
Syntax set timedate date mmm dd yyyy time hhmmss
Sets the time of day and date on the wireless LAN switch
Set timedate
WX4400# set timedate date feb 29 2004 time 235800
Set timezone
It is enabled
WX1200# set timezone PST
Syntax display dhcp-client
Output for display dhcp-client
WX-1200# display dhcp-client
Syntax display dhcp-server interface vlan-id verbose
See Also „ set interface dhcp-clienton
Display dhcp-serverDisplays MSS Dhcp server information
WX-1200#display dhcp-server
Output for display dhcp-server
Describe the fields in these displays
Display dhcp-server
See Also „ set interface dhcp-serveron
Output for display dhcp-client verbose
Syntax display snmp community
Displays the configured Snmp community strings
Outpot for display snmp community
WX-1200#display snmp community
Syntax display snmp counters
Displays Snmp statistics counters
WX-1200#display snmp counters
Syntax display snmp notify profile
WX-1200#display snmp notify profile
Syntax display snmp notify target
See Also „ clear snmp profile on „ set snmp profile on
WX-1200#display snmp notification target
Output for display snmp notification target
User Name of the Snmp user EngineID
Output for display Snmp status
WX-1200#display snmp status
Switch has booted
Output for display snmp usm
„ display snmp notify target on „ display snmp usm on
WX-1200#display snmp usm USM users
See Also „ clear snmp usm on „ display snmp usm on
Opens a Telnet client session with a remote device
Telnet
WX4400# telnet
Traceroute
Defaults
„ dnf Disabled
See Also „ clear sessions on „ display sessions on
„ wait
„ no-dns- Disabled „ port
„ queries „ size „ ttl
Ctrl+C
Error messages for traceroute
„ ping on
This chapter presents AAA commands alphabetically. Use to
Locate commands in this chapter based on their use
AAA Commands by Usage
Display accounting statistics on
Syntax clear accounting admin dot1x user-glob
WX4400# clear accounting dot1x Nin
Clear authentication
Admin
WX4400# clear authentication console Regina
Syntax clear authentication console user-glob
ConsoleConsole
Syntax clear authentication dot1x ssid ssid-namewired
WX4400# clear authentication last-resort wired
Clear authentication Removes a MAC authentication rule. mac
Syntax clear authentication last-resort ssid ssid-namewired
Syntax clear authentication mac ssid ssid-namewired
WX4400# clear authentication mac ssid thatcorp aabbcc
Access Enabled History -Introduced in MSS
Syntax clear authentication proxy ssid ssid-nameuser-glob
„ on Clear authentication Removes a WebAAA rule. web
See Also „ set authentication proxy on
WX-1200#clear authentication proxy ssid mycorp
Syntax clear location policy rule-number
Radius server
User who is authenticated by a MAC address
Clear mac-user
Syntax clear mac-user mac-addr
ACL from the profile of a user at MAC address
WX switch, for a user who is authenticated by a MAC address
Group
For your Radius server
Clear
Mac-usergroup
Mac-usergroup attr
Clear user
„ set mobility-profile mode on
Mobility-profile
„ set mobility-profileon
Nin
Database on the WX switch, for a user with a password
Clear user attr
„ set user on
Usergroup
Clear user group
Clear usergroup
„ clear usergroup on
Syntax clear usergroup group-name attr attribute-name
Display aaa
Displays all current AAA settings
Secion added to indicate the state of the WebAAA feature
Time-Of-Day attribute from the group
Describes the fields that can appear in display aaa output
Display aaa Output
Display aaa Output
Statistics
Stored in the local database on the WX switch
Display accounting
Statistics output
Display accounting statistics
Policy
On an WX switch
Display location
„ clear location policy on
Set accounting
Admin console
Are sent
Authenticated by
Server when the user roams
Accesses the switch using Telnet or Web Manager
Authenticated by MAC authentication
Set accounting dot1x mac web
Set authentication
Set authentication admin
Globs on
Through the switch’s console
Completing logon
Following methods in priority order. MSS applies multiple
For more information, see Usage
Syntax set authentication dot1x ssid ssid-namewired
Set authentication dot1x
AAA Commands
Success change accepted
Syntax set authentication last-resort
235
Syntax set authentication mac
Set authentication mac
Proxy
WX-1200#set authentication proxy ssid mycorp ** srvrgrp1
Syntax set authentication web ssid ssid-namewired
AAA Commands
Set location policy
For details, see Vlan Globs on
Set location policy
WX4400# set location policy deny if user eq *.theirfirm.com
Set mac-user
Tempvendora into Vlan kiosk1
See Also „ clear mac-useron „ display aaa on
Authentication Attributes for Local Users
Authentication Attributes for Local Users
Filter-id outboundacl.out
YY/MM/DD-HHMM
Time-of-day
WX4400# set mac-user 010203040506 attr filter-id acl-03.in
See Also „ clear mac-user attr on „ display aaa on
Syntax set mac-usergroup
See Also „ clear mac-usergroup attr on „ display aaa on
Syntax set mobility-profile name name port none all
AAA Commands
Syntax set mobility-profile mode enable disable
„ set user attr on „ set usergroup on
Set user
„ clear user on
Set user attr
29Jan04
Orange
„ clear user attr on
That exists in the local database on the WX switch
Set user group
Server
To add a user to a group, user the command set user group
Assigns authorization attributes for the group
Set usergroup
Syntax set web-aaa enable disable
Examples To disable WebAAA, type the following command
Set web-aaa
To locate commands in this chapter based on their use
Mobility Domain Commands by Usage
Mobility-domain
Member
Status
Display mobility-domain config
Displays the configuration of the Mobility Domain
See Also „ set mobility-domain member on
Display mobility-domain Output
WX4400# display mobility-domain status
Set
Command is rejected
Syntax set mobility-domain member ip-addr
Seed-ip
Mode member
Seed, this command overwrites that configuration
192.168.1.8
Set mobility-domain mode seed domain-name
Syntax set mobility-domain mode seed domain-name
Mobility Domain Commands
Commands
Type Command Set ap dap radio auto-tune max-power on
Set ap dap radio auto-tunemin-client-rateon
Radio
Clear ap dap
Syntax clear ap port-listdap dap-num radio 1 2 all
Radio-Specific Parameters
WX1200# clear ap 3 radio
Syntax clear radio-profile name parameter
„ name Service profile name
Syntax clear service-profile name
See Also „ clear radio-profileon „ set radio-profile mode on
WX1200# display ap config
WX4400# display dap config
Output for display ap config
DAP
„ set port type ap on „ set ap dap bias on
WX1200# display ap counters
Output for display ap counters
Tkip Pkt Replays
See Also „ display sessions network on
Ccmp Pkt Replays
Output for display ap dap qos-stats
WX-1200#display dap qos-stats
Syntax display ap dap etherstats port-listdap-num
Output of display ap etherstats
WX4400# display dap etherstats
„ name Name of an MAP group or Distributed MAP group
Access point groups
Syntax display ap dap group name
Output for display ap group
„ set ap dap group on
WX1200# display ap group loadbalance1
MAP
WX4400# display dap status
Output for display ap status
WX1200# display ap status
Output for display ap status
Attributes
Decide whether to change channel or power settings
Display auto-tune
Syntax display auto-tune attributes
Output for display auto-tune attributes
See Also „ display auto-tune neighbors on
WX1200# display auto-tune attributes ap 2 radio
Syntax display auto-tune neighbors
Neighbors
3Com radio can hear
Ap map-numradio 1 2all
Output for display auto-tune neighbors
Display auto-tune Neighbors ap 2 radio
Display dap
Display dap global command
Connection
Dap connection serial-id M9DE48B6EAD00
Output of display dap connection
Syntax display dap global dap-numserial-id serial-ID
Output for display dap global
WX4400# display dap global
Longer appears in the command’s output
Unconfigured
But that are not configured on any WX switches
Network port is a member of a Vlan
Displays radio profile information
Output for display dap unconfigured
Radio-profile
Syntax display radio-profile name ?
WX4400# display radio-profile default
Output for display radio-profile
Tune Channel
Ssid
„ name Displays information about the named service profile
Service-profile
Displays service profile information
„ ? Displays a list of service profiles
Display service-profile
Other WPA parameters
Reset ap dap
Listed in . The commands are listed in the See Also section
Dap auto mode enable command
Usage lists the configurable template parameters and their
Configurable Template Parameters for Distributed MAPs
WX1200# set dap auto success change accepted
Syntax set dap auto mode enable disable
„ Radio type „ 11a-802.11a „ 11b-802.11b „ 11g-802.11g
Radiotype
Template
See Also „ set dap auto on
Syntax set ap port-listdap dap-numauto bias high low
See Also „ display ap dap config on
Blink enable disable
Syntax set dap num fingerprint hex
„ ap port-list- List of MAP access ports to add to the group
WX1200# set ap 4 group none success change accepted
Set ap dap name Changes an MAP name
„ antennatype ANT1060 ANT1120 ANT1180 internal
„ antennatype ANT5060 ANT5120 ANT5180 internal
Set ap dap radio auto-tune max-power
Radio 1 2 auto-tune max-power power-level
Set ap dap radio auto-tune max- retransmissions
Radio 1 2 auto-tune max-retransmissions retransmissions
Set ap dap radio auto-tune max- retransmissions
Sets an MAP radio’s channel
Set ap dap radio channel
Syntax set ap port-listdap dap-numradio 1
Set ap dap radio auto-tune min-client-rate
„ display ap dap config on
Radio 1 2 auto-tune min-client-rate rate
Examples
Set ap 6 radio 1 min-client-rate
Following command enables radio 2 on ports 1 through
Set ap dap radio mode
Enables or disables a radio on an MAP access point
Radio 1 2 mode enable disable
Defaults None
Set ap dap radio tx-power
Sets an MAP radio’s transmit power
Syntax set dap security require none optional
WX-1200#set dap security require
Upgrade-firmware
Set ap dap
Set radio-profile
11g-only
Set radio-profile auto-tune channel-config
Syntax set radio-profile name active-scan enable disable
Set radio-profile auto-tune channel-holddown
Syntax set radio-profile name auto-tune channel-holddown
Set radio-profile auto-tune channel-interval
Syntax set radio-profile name auto-tune channel-interval
Set radio-profile auto-tune power-backoff- timer
Syntax set radio-profile name auto-tune power-backoff-timer
Set radio-profile auto-tune power-config
WX4400# set radio-profile rp2 auto-tune power-backoff-timer
Set radio-profile auto-tune power-interval
Beacon-interval
Defaults Countermeasures are disabled by default
Clients from being able to use rogue access points
„ rogue Configures radios to attack rogues only
Following command disables countermeasures in radio profile
Syntax set radio-profile name dtim-interval interval
Syntax set radio-profile name frag-threshold threshold
Syntax set radio-profile name long-retry threshold
Syntax set radio-profile name max-rx-lifetime time
Syntax set radio-profile name max-tx-lifetime time
Mode
Set radio-profile mode
WX4400# set radio-profile rp1 mode enable
Syntax set radio-profile name
Syntax set radio-profile name service-profile name
Syntax set radio-profile name rts-threshold threshold
Defaults for Service Profile Parameters
Parameter Default Value To Default Value
Set radio-profile auth-psk command
349
Short-retry
Wmm
Syntax set service-profile Name auth-dot1x enable disable
WPA IE
Set service-profile auth-fallthru
Syntax set service-profile name auth-psk enable disable
Syntax set service-profile name beaconed enable disable
Set service-profile
Cipher-ccmp
Cipher-tkip
Use the set service-profile wep commands
Cipher-wep104
Cipher-wep40
Syntax set service-profile name psk-phrase passphrase
Syntax set service-profile name psk-raw hex
See Also „ set service-profilecipher-ccmpon
Syntax set service-profile name rsn-ie enable disable
Set service-profile auth-psk command
Syntax set service-profile name ssid-name ssid-name
See Also „ set service-profilessid-typeon
Syntax
See Also „ set service-profilessid-nameon
Syntax set service-profile name tkip-mc-time wait-time
Web-aaa-form
Ssid managed by the service profile
Syntax set service-profile name web-aaa-form url
WX4400# mkdir corpa-ssid success change accepted
„ copy on „ dir on
Set service-profile wep active-multicast- index
„ mkdir on
Set service-profile wep active-unicast- index
Syntax set service-profile name wep active-unicast-index num
Wep key-index
Syntax set service-profile name wpa-ie enable disable
Table to locate commands in this chapter based on their use
STP Commands by
STP Commands by Usage
Portcost
STP root bridge in all VLANs on a WX switch
Clear spantree
Syntax clear spantree portcost port-list
„ clear spantree portvlanpri on
Portpri
Portvlancost
„ set spantree portpri on
Portvlanpri
„ clear spantree portcost on
„ clear spantree portpri on
See Also „ display spantree statistics on
Spantree vlan default
Syntax display spantree
Output for display spantree
Root
Backbonefast
Or disabled
Display spantree
„ display spantree blockedports on
„ set spantree backbonefast on
Blockedports
See Also „ display spantree on
See Also „ set spantree portfast on
Portfast
For one or more network ports
Output for display spantree portfast
Syntax display spantree portvlancost port-list
Port’s VLANs
„ port-list- List of ports
Syntax display spantree statistics
WX4400# display spantree statistics
Topology change Timer value Hold timer
Output for display spantree statistics
Vlan Vlan ID
Configpending
Switch is the root or is attempting to become the root
See Also „ clear spantree statistics on
Syntax display spantree uplinkfast vlan vlan-id
Set spantree
„ set spantree uplinkfast on
Following command disables STP on Vlan burgundy
Examples The following command enables STP on all VLANs
Configured on a WX switch
An indirect link
Fwddelay
„ display spantree backbonefast on
VLANs to 4 seconds
Issues a topology change message
Maxage
„ all Changes the maximum age on all VLANs
Path to the STP root bridge
Type. lists the defaults for STP port path cost
STP Port Path Cost Defaults
65,535. STP selects lower-cost paths over higher-cost paths
Portvlancost command
See Also „ display spantree portfast on
Syntax set spantree portpri port-listpriority value
Type. See on
Bridge for a specific Vlan on a wireless LAN switch
„ all Changes the cost on all VLANs
To 20 in Vlan mauve
Highest priority through 255 lowest priority
Path to the STP root bridge, on one Vlan or all VLANs
Ports
„ all Changes the priority on all VLANs
Priority
Uplinkfast
See Also „ display spantree uplinkfast on
Igmp Snooping Commands
Igmp Commands by Usage
Display igmp
Clear igmp statistics
See Also display igmp statistics on
TTL
Output for display igmp
TTL
Syntax display igmp mrouter vlan vlan-id
Mrouter
WX1200# display igmp Mrouter vlan orange
Only one querier
Defaults None Access Enabled
Syntax display igmp querier vlan vlan-id
WX1200# display igmp querier vlan orange
WX1200# display igmp querier vlan default
Output for display igmp mrouter
WX1200# display igmp querier vlan red
Receiver-table
„ set igmp querier on
Output for display igmp receiver-table
See Also „ set igmp receiver on
Igmp Receiver-table group 237.255.255.0/24
Syntax display igmp statistics vlan vlan-id
Shows Igmp statistics
„ vlan vlan-id Vlan name or number. If you do not specify a
WX1200# display igmp statistics vlan orange
Output of display igmp statistics
From the multicast routers in the subnet
Wireless LAN switch
See Also „ set igmp rv on
Set igmp lmqi
VLANs on a wireless LAN switch
VLAN, the timer change applies to all VLANs
From 1 through 65,535
Syntax set igmp mrouter port port-listenable disable
See Also „ display igmp statistics on
Set igmp mrsol
Enables or disables multicast router solicitation by a WX
Syntax set igmp mrsol enable disable vlan vlan-id
See Also „ set igmp mrsol mrsi on
All VLANs on a WX
Set igmp oqi
See Also „ set igmp mrsol on
Syntax set igmp oqi seconds vlan vlan-id
„ set igmp lmqi on
Set igmp
Proxy-report
„ set igmp qri on
Set igmp qi
Syntax set igmp qi seconds vlan vlan-id
VLANs on a WX
Set igmp qri
Group. You can specify a value from 1 through 65,535
Syntax set igmp receiver port port-listenable disable
Syntax set igmp querier enable disable vlan vlan-id
See Also „ display igmp querier on
Set igmp rv
Set igmp rv
Igmp Snooping Commands
Security ACL Commands
Security ACL
Syntax clear security acl acl-name all editbuffer-index
WX4400# commit security acl acl133 configuration accepted
Syntax clear security acl map acl-nameall vlan vlan-id
Syntax commit security acl acl-nameall
WX4400# display security acl
WX4400# commit security acl all
Syntax display security acl dscp
WX-1200#display security acl dscp
Examples The following command displays the table
See Also „ set security acl on
Syntax display security acl editbuffer
WX4400# display security acl editbuffer
Syntax display security acl hits
WX4400# display security acl hits
See Also „ hit-sample-rateon „ set security acl on
Syntax display security acl info acl-nameall editbuffer
Security ACL is assigned
Display security acl
Map
Syntax display security acl map acl-name
Support for your Product on
Resource-usage
ACL acl111 is mapped
WX4400# display security acl map acl111
WX4400# display security acl resource-usage
Output of display security acl resource-usage
Output of display security acl resource-usage
Packets filtered by the security ACL or hits
Hit-sample-rate
Syntax hit-sample-rate seconds
Syntax rollback security acl acl-nameall
Set security acl
Protocol, or IP, ICMP, TCP, or UDP packet information
By TCP packets
By Icmp packets
By UDP packets
„ ip „ tcp „ udp „ icmp
Security ACL Commands
Set security acl
WX4400# set security acl ip acl123 deny 192.168.2.11
Set security acl map
Security ACL Commands
To locate commands in this chapter based on their use
Cryptography Commands by Usage
Syntax crypto ca-certificate admin eap webaaa
Syntax crypto certificate admin eap webaaa
See Also „ display crypto ca-certificateon
Access Enabled History -Introduced in MSS Version
Syntax crypto generate key admin eap ssh webaaa 512 1024
See Also display crypto key ssh on
Syntax crypto generate request admin eap webaaa
WX4400# crypto generate request admin
Email Address admin@example.com
Syntax crypto generate self-signed admin eap webaaa
See Also „ crypto certificate on „ crypto generate key on
WX4400# crypto generate self-signed admin
Crypto otp
Crypto pkcs12
„ crypto pkcs12 on
See Also „ crypto otp on
WX4400# crypto otp eap hap9iN#ss
Pkcs #7 certificate
Display crypto
Ca-certificate
Display crypto ca-certificate Output
Certificate
On the WX switch
Syntax display crypto certificate admin eap webaaa
Describes the fields of the display
See Also crypto generate key on
Syntax display crypto key ssh
Cryptography Commands
Locate commands in this chapter based on their uses
Radius Commands by Usage
Clear radius
See Also „ display aaa on „ set radius client system-ipon
Syntax clear radius client system-ip
Syntax clear radius proxy client all
See Also „ set radius proxy client on
See Also „ set radius proxy port on
Syntax clear radius proxy port all
Syntax clear radius server server-name
See Also „ display aaa on „ set radius server on
Syntax clear server group group-nameload-balance
Set radius
„ set server group on
System-ip
Set radius client
„ clear radius server on
WX4400# set radius client system-ipsuccess change accepted
Port
Set radius proxy
„ clear radius proxy client on
To 32 characters long, with no spaces or tabs
Set radius server
WX1200# set server group shorebirds members heron egret
„ group-name- Server group name of up to 32 characters
Load-balance group
Sandpiper
Radius and Server Group Commands
802.1X Commands by Usage
On the switch
Commands on
Performance
Bonded-period
Resets the Bonded Auth period to its default value
Clear dot1x
See Also „ display dot1x on „ set dot1x bonded-periodon
Port-control
„ set dot1x max-reqon
Quiet-period
„ set dot1x reauth-maxon
Reauth-max
Reauth-period
See Also „ display dot1x on „ set dot1x reauth-periodon
Auth-server
„ set dot1x timeout auth-serveron
„ set dot1x timeout supplicant on
Supplicant
Display dot1x
Tx-period
„ set dot1x tx-periodon
WX1200# display dot1x config
WX4400# display dot1x clients
Explains the counters in the display dot1x stats output
Type the following command to display 802.1X statistics
WX4400# display dot1x stats
Set dot1x
Port-control command
Authcontrol
Authentication ports, type the following command
Authentication is enabled
Examples To enable per-port 802.1X authentication on wired
Machine to start reauthentication for the user
Syntax set dot1x key-tx enable disable
See Also „ display dot1x on „ clear dot1x bonded-periodon
See Also „ display dot1x on
See Also „ clear dot1x max-reqon „ display dot1x on
Authentication dot1X command
See Also „ display port status on „ display dot1x on
Syntax set dot1x reauth enable disable
To a supplicant after a failed authentication
Syntax set dot1x quiet-period seconds
See Also „ display dot1x on „ clear dot1x reauth-maxon
Before the supplicant client becomes unauthorized
Syntax set dot1x reauth-max number-of-attempts
Out a request to a Radius authentication server
Set dot1x timeout
Attempts reauthentication
See Also „ display dot1x on „ clear dot1x reauth-periodon
Syntax set dot1x timeout supplicant seconds
Out an authentication session with a supplicant client
Syntax set dot1x tx-period seconds
See Also „ display dot1x on „ clear dot1x tx-periodon
Syntax set dot1X wep-rekey enable disable
Wep-rekey
Broadcast and multicast encryption keys
„ seconds Specify a value between 30 and 1,641,600 19 days
Defaults The default is 1800 seconds 30 minutes
Wep-rekey-period
To 300 seconds
Clear sessions
Telnet sessions
Network
VLANs, or session ID
WX4400# clear sessions network mac-addr
To clear session 9, type the following command
WX1200# clear sessions network session-id
Display sessions
WX4400 display sessions console
WX4400 display sessions admin
WX4400 display sessions telnet
See Also „ clear sessions on
Display sessions telnet client Output
Syntax display sessions network
WX1200# display sessions network
„ Summary display See on „ Verbose display See on
„ display sessions network session-id display See on
WX1200# display sessions network mac-addr 00055d7e981a
WX1200# display sessions network verbose
WX1200# display sessions network session-id
Display sessions network summary Output
Additional display sessions network verbose Output
Time
802.1X protocol on a wired authentication port
Display sessions network session-id Output
See Also „ clear sessions network on
Session Management Commands
To locate the commands in this chapter based on their use
RF Detection Commands by Usage
Attack-list
Examples The following command clears MAC address
Clear rfdetect
Removes a MAC address from the attack list
Countermeasures Mac Clear rfdetect
Black-list
Ignore
„ set rfdetect ignore on
Ssid-list
„ display rfdetect ignore on
„ set rfdetect ssid-liston
„ set rfdetect vendor-liston
Vendor-list
Display rfdetect
„ display rfdetect vendor-liston
RF Detection Commands
Domain
Countermeasures
Mobility Domain
Display rfdetect countermeasures Output
Data
Displays information about the APs detected by a WX switch
Syntax display rfdetect data
Display rfdetect data Output
WX1200# display rfdetect data
Syntax display rfdetect ignore
Ignore list
WX4400# display rfdetect ignore Total number of entries
Syntax display rfdetect mobility-domain
Bssid mac-addr Displays rogues that are using the specified
During RF detection scans
WS1200# display rfdetect mobility-domain
Ssid 3Com-webaaa
WS1200# display rfdetect mobility-domain ssid 3Com-webaaa
Display rfdetect mobility-domain Output
Following command displays detailed information for a Bssid
WX1200# display rfdetect mobility-domain bssid 000b0e0004d1
Display rfdetect mobility-domain ssid or bssid Output
Displays the entries in the permitted Ssid list
WX switch
„ display rfdetect data on
„ clear rfdetect ssid-liston
Display ap dap status command
Visible
Display rfdetect visible Output
WX1200# display rfdetect visible Radio
Active-scan
Set rfdetect
Addresses of APs and clients
Defaults The client black list is empty by default
Configured. WX switches do not share attack lists
Examples The following command adds MAC address
Configured. WX switches do not share client black lists
Set rf detect
Countermeasures Mac Set rfdetect ignore
See Also „ display log buffer on
WX switches in a Mobility Domain
Signature
Permitted SSIDs
Examples The following command adds Ssid mycorp to the list
Only for the SSIDs that are on the list
Device’s OUI is in the permitted vendor list
Syntax display rfdetect attack-list
Trailing 000000 value is required
WX1200# display rfdetect attack-list
Syntax display rfdetect black-list
Displays the wireless clients detected by an WX switch
Clients
WX1200# display rfdetect black-list
Display rfdetect clients Output
WX1200# display rfdetect Clients
Display rfdetect clients mac Output
From the wired side of the network addressed to
File Management Commands
Tape archive tar format
Dir command output
Locally on the switch
„ tftp/ip-addr/filename- Name of the archive file to create
Syntax clear boot config
Performs the following copy operations
„ reset system on
Copy
„ Copies a file from a Tftp server to nonvolatile storage
WX4400# copy test-config new-config
WX4400# copy floorwx tftp//10.1.1.1/floorwx
Immediately deletes the specified file
File or the running configuration
Delete
Syntax delete url
Dir
„ copy on „ delete on
Describes the fields in the dir output
Output for dir
Access Access
Display boot
Reboot and configured for use after the next reboot
Describes the fields in the display boot output
Displays the configuration running on the WX switch
Display config
Syntax display config area area all
WX4400# display config area vlan
See Also „ load config on „ save config on
And, optionally, for any attached MAP access points
Display version
WX1200# display version
WX1200# display version details
Describes the fields in the display version output
Load config
Running configuration with the commands in the loaded file
Output for display version
WX4400# load config
Following command loads configuration file testconfig1
Syntax load config url
WX4400# load config testconfig1
Mkdir
Creates a new subdirectory in nonvolatile storage
Restarts an WX switch and reboots the software
Reset system
„ dir on „ rmdir on
Restore
Generate new key pairs and certificates on the switch
Rmdir
„ backup on
WX1200# restore system tftp/10.10.20.9/sysabak
Removes a subdirectory from nonvolatile storage
Syntax save config filename
Save config
Saves the running configuration to a configuration file
„ dir on „ mkdir on
Configuration
Set boot
Configuration-file
Testconfig1
Syntax set boot partition boot0 boot1
File Management Commands
Trace Commands
Clear trace
Deletes running trace commands and ends trace processes
Clear log trace
Deletes the log messages stored in the trace buffer
Syntax display trace all
WX switch, or all possible trace options
Display trace
WX4400# display trace
Save trace
Authentication
Set trace
Authorization
See Also „ clear trace on „ display trace on
Set trace dot1x
Set trace sm
Syntax set trace sm mac-addr mac-address port port-num
Trace Commands
Snoop Commands
Clear snoop map
Clear snoop
„ display snoop info on
„ display snoop on
Set snoop
„ set snoop map on
„ display snoop map on
Chapter Snoop Commands
WX1200# set snoop snoop1 observer 10.10.30.2 snap-length
Radio 1 of the MAP
Set snoop map
Filter
Radio 2 of the MAP. This option does not apply to
Enable stop-afternum-pkts- Enables the snoop filter
Set snoop mode
To an MAP radio and enable the filter
All snoop filters
Display snoop
Display snoop map command
For all snoop filters configured on a WX switch
Displays the MAP radio mapping for all snoop filters
Syntax display snoop filter-name
Display snoop info Shows the configured snoop filters
See Also „ clear snoop on
WX1200# display snoop info snoop1
Snoop map snoop1
Examples display snoop stats filter-namedap-numradio
Display snoop stats Output
Snoop1
Snoop stats snoop1
Chapter Snoop Commands
Clear log
Syntax clear log buffer server ip-addr
See Also „ clear log trace on
Log buffer facility ?
You can view event messages archived in the buffer
WX4400# display log buffer facility AAA
„ clear log on
„ display log config on
Log config
„ set log on „ clear log on
Syntax display log trace +-/number-of-messages
„ console Sets log parameters for console sessions
Set log
Storage
Address in dotted decimal notation
„ trace Sets log parameters for trace files
See Also
Set log trace
See Also „ display log config on
Mbytes
System LOG Commands
Boot Prompt Commands
Boot Prompt
Autoboot
„ DEV=device Location of the system image file
Boot
„ BT=type Boot type
„ FN=filename System image filename
„ change on „ display on
Change
Syntax change
Create
Syntax create
Profiles, see display on
Usage When you type the delete command, the next-lower
Examples To remove the currently active boot profile, type
Syntax delete
Diag
Syntax diag
Syntax display Defaults None
Output of display command
„ change on „ create on „ delete on „ next on
Fver
Displays a list of the boot prompt commands
For an individual command
„ command-name- Boot prompt command
„ ls on
Next
Syntax next
Syntax reset
Reset
Resets a WX switch’s hardware
Command at the boot prompt
Defaults The poweron test flag is disabled by default
„ on Enables the poweron test flag
„ OFF Disables the poweron test flag
Test
Version
Dir or fver command
Type the following command at the boot prompt
Syntax version
Product
Services
Register Your
Purchase
Online
Access Software
Troubleshoot
Downloads
Contact Us
Country Telephone Number
Latsupportanc@3com.com
Index
Delete 544, 597 diag Dir 545, 598 disable 33 display
Index
Index
Index
Traceroute Version
