Manuals / Brands / Computer Equipment / Software / HP / Computer Equipment / Software

HP Manager Software ACL C, SECURITY ACL COMMANDS, Usage, Commands by, Security ACL

1 616

Download 616 pages, 4.36 Mb

12	SECURITY ACL COMMANDS

Use security ACL commands to configure and monitor security access control lists (ACLs). Security ACLs filter packets to restrict or permit network usage by certain users or traffic types, and can assign to packets a class of service (CoS) to define the priority of treatment for packet filtering.

(Security ACLs are different from the location policy on a WX switch, which helps you locally control user access. For location policy commands, see “AAA Commands” on page 199.)

Security ACL	This chapter presents security ACL commands alphabetically. Use
Commands by	Table 80 to locate commands in this chapter based on their use.
Usage	Table 80 Security ACL Commands by Usage
	Table 80 Security ACL Commands by Usage

	Type	Command

	Create Security ACLs	set security acl on page 439

		display security acl dscp on page 428

		display security acl on page 429

		display security acl info on page 431

		clear security acl on page 424

	Commit Security ACLs	commit security acl on page 427

		rollback security acl on page 438

	Map Security ACLs	set security acl map on page 444

		display security acl map on page 432

		clear security acl map on page 425

	Monitor Security ACLs	display security acl hits on page 430

		hit-sample-rate on page 437

display security acl resource-usage on page 433

Contents

Wireless LAN Mobility System Page CONTENTS ABOUT THIS GUIDE 1USING THE COMMAND-LINE INTERFACE 2 ACCESS COMMANDS 3SYSTEM SERVICE COMMANDS 4PORT COMMANDS VLAN C IP S Page AAA C Page 8MOBILITY DOMAIN COMMANDS 9MANAGED ACCESS POINT COMMANDS Page STP C IGMP S ACL C RADIUS 15802.1X MANAGEMENT COMMANDS 16SESSION MANAGEMENT COMMANDS RF D 19TRACE COMMANDS 21SYSTEM LOG COMMANDS 22BOOT PROMPT COMMANDS AOBTAINING SUPPORT FOR YOUR PRODUCT INDEX Page ABOUT THIS GUIDE Conventions Documentation Comments pddtechpubs_comments@3com.com Page USING THE COMMAND-LINE CLI Conventions Command Prompts Syntax Notation dynamic Text Entry Conventions and MAC Address Notation Subnet Masks Wildcard Masks VLAN Globs User Globs MAC Address Globs Matching Order for Globs Port Lists Command-Line Editing Keyboard Shortcuts Tabs Double-Asterisk Wildcard Characters Using CLI Help Understanding Command Descriptions ACCESS COMMANDS Syntax — enable Access — All enablepass command „ set enablepass on page „ set confirm on page set enablepass Enter old password Retype new password Page SYSTEM SERVICE COMMANDS clear banner motd set banner motd ^^ „ display banner motd on page „ set banner motd on page clear history history clear prompt set prompt „ display config on page „ display system on page „ set system contact on page „ set system countrycode on page „ set system ip-address on page „ clear banner motd on page base-information „display boot on page „display config on page „display license on page display license „ set license on page display system display system output „clear system on page „set system contact on page „set system countrycode on page „set system ip-address on page „set system location on page Syntax — help history Syntax — history „ clear history on page set auto-config Page Page „crypto generate key on page „crypto generate self-signed on page „save config on page „set interface dhcp-client on page „set vlan port on page „clear banner motd on page „display banner motd on page set confirm set confirm set length set license set prompt „clear prompt on page set system contact countrycode Page set ap „set interface on page set system location set system name „set prompt on page Page PORT COMMANDS clear dap set dap „set port type ap on page clear port counters „display port counters on page „monitor port counters on page clear port-group „set port-group on page clear port name „display port status on page „set port name on page clear port preference „ display port preference on page „ set port preference on page clear port type „ set port type ap on page „ set port type wired-auth on page display port counters „clear port counters on page port-group „clear port-group on page display port poe „ set port poe on page „clear port preference on page „set port preference on page display port status Page „ clear port type on page set port „ set port name on page „ set port negotiation on page „ set port speed on page Page Page Page Page reset port set dap type ap display version details 11g-only radio antennatype „clear dap on page „clear port type on page „set radio-profile 11g-only on page set port „ reset port on page set port-group off set port name „clear port name on page set port negotiation set port poe „set port type wired-auth on page set port preference „display port preference on page set port speed set port trap set snmp profile command display snmp configuration „display snmp configuration on page „set ip snmp server on page „set snmp community on page „set snmp profile on page „set snmp notify target on page Page ap Page „ clear dap on page „ set {ap | dap} radio antennatype on page „ set radio-profile 11g-only on page set port type wired-auth web-auth Page Page VLAN COMMANDS VLAN C clear fdb „ display fdb on page set fdb clear vlan tag port „display vlan config on page display fdb „clear fdb on page agingtime „set fdb agingtime on page display fdb count display roaming station „display roaming vlan on page vlan „display roaming station on page display tunnel display vlan config „clear vlan on page „set vlan name on page „set vlan tunnel-affinity on page set fdb „display fdb on page set fdb agingtime „display fdb agingtime on page set vlan name „ set vlan port on page set vlan port „ clear vlan on page „ display vlan config on page „ set vlan name on page set vlan tunnel-affinity Page IP SERVICES COMMANDS IP S Page clear interface „set interface status on page „display interface on page clear ip alias „display ip alias on page clear ip dns domain „clear ip dns server on page „display ip dns on page „set ip dns on page „set ip dns domain on page „ clear ip dns domain on page „ display ip dns on page „ set ip dns on page „ set ip dns domain on page „ set ip dns server on page clear ip telnet „display ip https on page „display ip telnet on page „set ip https server on page „set ip telnet on page clear ntp update-interval clear snmp community Syntax — clear snmp community name comm-string „ set snmp community on page „ display snmp community on page „ set snmp notify target on page „ display snmp notify target on page clear snmp profile Syntax — clear snmp profile profile-name „ set snmp profile on page clear summertime clear timezone „clear snmp usm on page display arp Usage — All set arp „set arp agingtime on page display interface display ip alias „ clear ip alias on page „ set ip alias on page display ip dns „ clear ip dns server on page display ip https „clear ip telnet on page display ip route „clear ip route on page display ip telnet display ntp Page display snmp configuration „set port trap on page summertime display timedate display timezone ping „count — dnf interval „ traceroute on page set arp set arp agingtime Page „ clear interface on page „ display interface on page „ set interface status on page dhcp-client Syntax — set interface vlan-id ip dhcp-client {enable | disable} „ display dhcp-client on page dhcp-server Syntax — set interface vlan-id ip dhcp-server [enable | disable] stop „display dhcp-server on page set interface status „clear interface on page set ip alias „clear ip alias on page set ip dns „clear ip dns domain on page set ip dns domain set ip dns server set ip https server set ip route Page set ip snmp server See Also — „ clear snmp notify target on page „ display snmp configuration on page „ set port trap on page „ set ip ssh absolute-timeout on page „ set ip ssh idle-timeout on page „ set ip ssh server on page absolute-timeout „set ip ssh on page idle-timeout „ set ip ssh on page set ip ssh server „ crypto generate key on page set ip telnet set ip telnet server „clear ntp update-interval on page set ntp server „ clear ntp server on page set snmp read-notify notify-only „clear snmp community on page „set snmp protocol on page „set snmp security on page set snmp notify SNMPv3 with Informs usm snmp-engine-id SNMPv3 with Traps SNMPv2c with Informs SNMPv2c with Traps SNMPv1 with Traps inform trap v2c „clear snmp notify target on page „display snmp notify target on page set snmp profile Page Page drop send „clear snmp profile on page „display snmp notify profile on page set snmp protocol „display snmp status on page set snmp security and set snmp trap set snmp profile set snmp usm set snmp community Page auth-pass-phrase auth-key des 3des aes set summertime first, second, third, fourth last sun, mon, tue, wed, thu, fri sat end „clear system ip-address on page set timedate set timezone Page Page Page „set interface dhcp-server on page Page „ clear snmp community on page display snmp notify profile Page Page display snmp status „display snmp counters on page display snmp usm Page telnet Ctrl logout clear sessions telnet client „clear sessions on page „display sessions on page traceroute no-dns „queries — „size — „ttl — wait ping AAA COMMANDS AAA C Page clear accounting „set accounting {admin | console} on page „display accounting statistics on page Page consoleConsole clear authentication clear authentication console „clear authentication admin on page „set authentication console on page „set authentication dot1x on page „set authentication last-resort on page „set authentication mac on page proxy „set authentication proxy on page clear location policy clear mac-user „set mac-usergroupattr on page „set mac-userattr on page „ display aaa on page „ set mac-userattr on page „ clear mac-usergroup on page „ set mac-user on page mac-user group „clear mac-usergroupattr on page mac-usergroupattr „clear mac-usergroup on page „ set mobility-profile on page „ set mobility-profilemode on page „ display mobility-profile on page clear user clear user attr „set user attr on page clear user group usergroup „ clear usergroup on page „ set user group on page clear usergroup „clear usergroup attr on page „set usergroup on page clear usergroup attr „ set usergroup on page display aaa Page Page display accounting statistics statistics output „clear accounting on page display location policy „ clear location policy on page „ set location policy on page „ clear mobility-profile on page set accounting {admin | console} „ clear accounting on page „ display accounting statistics on page {dot1x | mac | web} mac start-stop stop-only Page Page „ clear authentication admin on page „ set authentication console on page „ set authentication dot1x on page „ set authentication last-resort on page „ set authentication mac on page Page any Page Page web „set service-profile auth-fallthru on page Page auth-fall-thru Page Page „ clear authentication mac on page „ set authentication admin on page clear authentication proxy on page set radius proxy client on page set radius proxy port on page Syntax — Page set location policy .in .out Condition options Page clear location policy inacl outacl „ display location policy on page set mac-user „clear mac-user on page Page Page Page Page Page „clear mac-userattr on page Page „clear mobility-profile on page „display mobility-profile on page „set mobility-profilemode on page „set mobility-profile on page set user encrypted „ clear user on page set user attr clear user attr „ clear user attr on page set user group „clear user group on page set usergroup set user group „clear usergroup on page set web-aaa MOBILITY DOMAIN COMMANDS „ clear mobility-domainmember on page „ set mobility-domainmember on page „ set mobility-domainmode member seed-ip on page „ set mobility-domainmode seed domain-name on page „set mobility-domainmember on page display mobility-domainconfig „clear mobility-domain on page „display mobility-domainstatus on page status „set mobility-domainmode member seed-ip on page „clear mobility-domainmember on page „display mobility-domainconfig on page „set mobility-domainmode seed domain-name on page mode member seed-ip set mobility-domainmode seed domain-name ip-address Page MANAGED ACCESS POINT Page Page set dap security on page clear {ap | dap} radio clear ap radio „set {ap | dap} radio mode on page „set {ap | dap} radio radio-profile on page beaconed-interval „display radio-profile on page „set radio-profilemode on page „clear radio-profile on page display {ap | dap} config Page „display dap connection on page „display dap global on page „display dap unconfigured on page „set {ap | dap} bias on page „set {ap | dap} group on page „set {ap | dap} name on page „set {ap | dap} upgrade-firmware on page „set {ap | dap} radio antennatype on page „set {ap | dap} radio channel on page Page „display sessions network on page qos-stats Page etherstats Page Page Page Page Page display auto-tune attributes „display auto-tuneneighbors on page neighbors „display auto-tuneattributes on page display dap connection the display dap global command „display {ap | dap} config on page display dap global Page „ display {ap | dap} config on page „ display dap connection on page „ display dap unconfigured on page „ set {ap | dap} bias on page unconfigured „ display dap global on page Page Page Page Page Page Page „ set service-profilewep active-multicast-index on page „ set service-profilewep active-unicast-index on page set service-profilewep key-index on page set service-profile wpa-ie on page reset {ap | dap} dap auto mode enable command Page set dap auto mode radiotype set {ap | dap} bias set {ap | dap} blink set dap fingerprint display dap status display dap config „set dap security on page „display {ap | dap} status on page „display {ap | dap} group on page set {ap | dap} name Changes an MAP name antennatype Page set {ap | dap} radio auto-tune max-power set {ap | dap} radio auto-tunemax- retransmissions Page set {ap | dap} radio channel tx-power set {ap | dap} radio auto-tune min-client-rate 18 Examples — set {ap | dap} radio mode set ap radio „clear {ap | dap} radio on page set {ap | dap} radio tx-power channel set dap security required „set dap fingerprint on page set {ap | dap} upgrade-firmware set radio-profile 11g-only active-scan set radio-profile auto-tune channel-config set radio-profile auto-tune channel-holddown set radio-profile auto-tune channel-interval set radio-profile auto-tune power-backoff-timer set radio-profile auto-tune power-config set radio-profile auto-tune power-interval „ set {ap | dap} radio auto-tune max-power on page „ set radio-profile auto-tune power-backoff-timer on page „ set radio-profile auto-tune power-config on page beacon-interval countermeasures dtim-interval frag-threshold long-retry max-rx-lifetime max-tx-lifetime „ display radio-profile on page „ set radio-profilemode on page „ set radio-profile max-rx-lifetime on page Use this command without the mode enable or mode disable Page Page preamble-length long rts-threshold Page Page „display service-profile on page „set service-profilewep active-multicast-index on page „set service-profilewep active-unicast-index on page „set service-profilewep key-index on page „set service-profile wpa-ie on page short-retry „ set radio-profile long-retry on page wmm auth-dot1x auth-dot1x auth-fallthru Page „set web-aaa on page auth-psk auth-psk beacon „ display service-profile on page „ set radio-profile beacon-interval on page „ set service-profile ssid-name on page „ set service-profile ssid-type on page set service-profile „ set service-profile cipher-wep40 on page „ set service-profile wpa-ie on page cipher-tkip cipher-wep104 WEP with 40-bitkeys. Use the set service-profile cipher-wep40 and use the set service-profilewep commands „ set service-profile cipher-ccmp on page „ set service-profile cipher-tkip on page „ set service-profilewep key-index on page cipher-wep40 cipher-wep104 command psk-phrase psk-raw rsn-ie shared-key-auth set service-profile auth-psk command ssid-name private ssid-type tkip-mc-time web-aaa-form web set port type mkdir set service-profilewep active-multicast-index wep key-index set service-profilewep active-unicast-index wep key-index wpa-ie STP COMMANDS STP C clear spantree portcost „clear spantree portvlancost on page „display spantree on page „display spantree portvlancost on page portpri clear spantree portvlanpri „ clear spantree portvlanpri on page „ display spantree on page „ set spantree portpri on page „ clear spantree portcost on page „ display spantree portvlancost on page „ set spantree portcost on page „ set spantree portvlancost on page portvlanpri „ clear spantree portpri on page „display spantree statistics on page Page Page „ display spantree blockedports on page backbonefast „ set spantree backbonefast on page blockedports portfast „set spantree portfast on page „clear spantree portcost on page Page Page Page Page Page „clear spantree statistics on page uplinkfast „ set spantree uplinkfast on page set spantree Page „ display spantree backbonefast on page fwddelay set spantree hello maxage Page set spantree portvlancost command „ clear spantree portvlancost on page „display spantree portfast on page set spantree portpri set spantree portvlanpri „clear spantree portpri on page „clear spantree portvlanpri on page Page „set spantree portpri on page priority „display spantree uplinkfast on page IGMP SNOOPING COMMANDS IGMP S clear igmp statistics History — See Also — display igmp statistics on page Page Page Page „ display igmp mrouter on page „ display igmp querier on page „ display igmp receiver-table on page „ display igmp statistics on page mrouter „ set igmp mrouter on page querier Page „ set igmp querier on page receiver-table „set igmp receiver on page Page Page „ clear igmp statistics on page set igmp „set igmp rv on page set igmp lmqi Defaults — „set igmp oqi on page „set igmp qi on page „set igmp mrouter on page set igmp mrouter „display igmp statistics on page set igmp mrsol „set igmp mrsol mrsi on page set igmp mrsol mrsi „set igmp mrsol on page set igmp oqi Usage — set igmp querier „ set igmp lmqi on page „ set igmp qi on page „ set igmp qri on page „ set igmp rv on page proxy-report set igmp qi „set igmp lmqi on page „set igmp qri on page „set igmp querier on page set igmp qri set igmp querier „display igmp querier on page set igmp receiver set igmp rv Page Page SECURITY ACL COMMANDS ACL C clear security acl commit security acl „clear security acl map on page „commit security acl on page „display security acl info on page „set security acl on page clear security acl Page „clear security acl on page „display security acl map on page „set security acl map on page commit security acl commit security acl all „display security acl on page „rollback security acl on page dscp precedence Page hits „hit-sample-rate on page info Page „ clear security acl map on page „ display security acl map on page „ set security acl map on page resource-usage resource-usage Page Page hit-sample-rate acl-name display security acl hits „display security acl hits on page rollback security acl „ display security acl on page set security acl By source address By Layer 4 protocol By IP packets By ICMP packets By TCP packets By UDP packets all default-action Page Page display security acl editbuffer editbuffer-index editbuffer-index set security acl map set user attr, set mac-user attr, set usergroup attr mac-usergroup Page Page CRYPTOGRAPHY COMMANDS crypto ca-certificate crypto ca-certificate „display crypto ca-certificate on page crypto certificate crypto certificate „crypto generate request on page crypto generate key See Also display crypto key ssh on page request Page „crypto certificate on page self-signed Page „ crypto certificate on page crypto otp crypto pkcs12 Note: „ crypto pkcs12 on page crypto pkcs12 crypto otp „crypto otp on page Page „ crypto ca-certificate on page „ display crypto certificate on page certificate display crypto key ssh See Also crypto generate key on page Page RADIUS AND SERVER GROUP RADIUS clear radius set radius serve „set radius on page „set radius server on page clear radius client „set radius client system-ip on page clear radius proxy client „set radius proxy client on page „set radius proxy port on page clear radius server clear server group „ set server group on page set radius „ clear radius server on page „ set radius server on page set radius client „clear radius client system-ip on page set radius proxy „ clear radius proxy client on page „ set authentication proxy on page „ set radius proxy port on page „clear radius proxy port on page auth-port acct-port author-password „set server group on page load-balance „clear server group on page „set server group load-balance on page load-balance group set accounting „clear radius server on page 802.1X MANAGEMENT bonded-period „display dot1x on page „set dot1x bonded-period on page „ display dot1x on page „ set dot1x max-req on page port-control „ set dot1x port-control on page quiet-period „set dot1x quiet-period on page reauth-max „ set dot1x reauth-max on page reauth-period „set dot1x reauth-period on page auth-server „ set dot1x timeout auth-server on page supplicant „ set dot1x timeout supplicant on page tx-period „ set dot1x tx-period on page display dot1x Page display dot1x stats authcontrol set dot1X port-control command Page bonded „clear dot1x bonded-period on page key-tx „clear dot1x max-req on page authentication dot1X command auto „clear dot1x quiet-period on page „set dot1x wep-rekey-period on page set dot1x reauth „set dot1x reauth-max on page „clear dot1x reauth-max on page „clear dot1x reauth-period on page set dot1x timeout „clear dot1x timeout auth-server on page „clear dot1x tx-period on page wep-rekey wep-rekey wep-rekey-period „set dot1x wep-rekey on page SESSION MANAGEMENT „ display sessions on page vlan „ display sessions network on page Access — All, except for display sessions telnet client, which has Page display sessions telnet client Page Summary display Verbose display „display sessions network session-id display — See Table 93 on page Page session-id Page Page „clear sessions network on page Page RF DETECTION COMMANDS RF D attack-list „ set rfdetect attack-list on page „ display rfdetect attack-list on page black-list „ set rfdetect black-list on page „ display rfdetect black-list on page „ display rfdetect ignore on page „ set rfdetect ignore on page ssid-list „ set rfdetect ssid-list on page „ display rfdetect ssid-list on page vendor-list „ set rfdetect vendor-list on page „ display rfdetect vendor-list on page Page Page „ clear rfdetect attack-list on page „ set rf detect countermeasures on page „ set rfdetect countermeasures mac on page data display rfdetect visible Page „ display rfdetect mobility-domain on page „ display rfdetect visible on page „clear rfdetect ignore on page „set rfdetect ignore on page display rfdetect data Page Page Page „ display rfdetect data on page „ clear rfdetect ssid-list on page „ clear rfdetect vendor-list on page visible display {ap | dap} status command Page Page Page set rf detect set rfdetect ignore „ clear rfdetect ignore on page set rfdetect log display log buffer „display log buffer on page signature Page „clear rfdetect vendor-list on page „display rfdetect vendor-list on page „clear rfdetect attack-list on page „set rfdetect attack-list on page „clear rfdetect black-list on page „set rfdetect black-list on page clients mac Page Page Page FILE MANAGEMENT COMMANDS backup Defaults — All critical restore clear boot config „ reset system on page copy tmp: boot0 boot1 boot0: boot1: Syntax — delete url subdir_a/file_a Page Page display boot „reset system on page „set boot configuration-file on page display config „load config on page display version Defaults — None Page „ display boot on page load config backup_configs/config_c mkdir rmdir reset system „ display version on page „ save config on page restore rmdir save config „ load config on page set boot configuration-file backup_configs/config_c set boot partition Page TRACE COMMANDS clear log trace set log clear trace display trace save trace set trace authentication „ clear trace on page „ display trace on page authorization set trace dot1x set trace sm Page SNOOP COMMANDS clear snoop „ display snoop info on page clear snoop map „ set snoop map on page „ display snoop on page „ display snoop map on page set snoop dest-mac frame-type neq „clear snoop on page „set snoop map on page „set snoop mode on page „display snoop info on page „display snoop stats on page set snoop map „ clear snoop map on page 570 „ set snoop on page „ set snoop mode on page „ display snoop map on page 577 „ display snoop stats on page set snoop mode stop-after display snoop display snoop info display snoop map display snoop stats Page Page SYSTEM LOG COMMANDS „clear log trace on page display log buffer +100 log buffer facility Page clear log „display log config on page display log config display log trace /100 display log trace facility „ display log config on page set log Page set log buffer enable set log buffer disable set log trace mbytes Page BOOT PROMPT COMMANDS autoboot boot boot Page change Syntax — change create Syntax — create Syntax — delete diag Syntax — diag fver Boot type Boot device Filename Options Page fver Syntax — ls help boot next Syntax — next reset Syntax — reset test ON OFF version Syntax — version OBTAINING SUPPORT FOR YOUR Troubleshoot Online Access Software Downloads Telephone Contact Us Page INDEX