Manuals / HP / Computer Equipment / Software

HP Manager Software manual Set security acl, Protocol, or IP, ICMP, TCP, or UDP packet information

Models: Manager Software

1 616

Page 439

set security acl 439

Examples — The following commands show the edit buffer before a rollback, clear any changes in the edit buffer to security acl_122, and show the edit buffer after the rollback:

WX4400# display security acl info all editbuffer ACL edit-buffer information for all

set security acl ip acl_122 (ACEs 3, add 3, del 0, modified 0)

---------------------------------------------------------

1.permit IP source IP 20.0.1.11 0.0.0.255 destination IP any enable-hits

2.deny IP source IP 20.0.2.11 0.0.0.0 destination IP any

3.deny SRC source IP 192.168.1.234 255.255.255.255 enable-hits

WX4400# rollback security acl acl_122

WX4400# display security acl info all editbuffer

ACL edit-buffer information for all

	See Also
	display security acl on page 429

set security acl	In the edit buffer, creates a security access control list (ACL), adds one
	access control entry (ACE) to a security ACL, and/or reorders ACEs in the
	ACL. The ACEs in an ACL filter IP packets by source IP address, a Layer 4
	protocol, or IP, ICMP, TCP, or UDP packet information.
	By source address
	Syntax — set security acl ip acl-name{permit [cos cos] deny}
	source-ip-addr mask [before editbuffer-index modify
	editbuffer-index] [hits]
	By Layer 4 protocol
	Syntax — set security acl ip acl-name{permit [cos cos] deny}
	protocol-number {source-ip-addr mask destination-ip-addr
	mask} [precedence precedence] [tos tos] [before
	editbuffer-index modify editbuffer-index] [hits]
	By IP packets
	Syntax — set security acl ip acl-name{permit [cos cos] deny}
	ip {source-ip-addr mask destination-ip-addr mask} [precedence
	precedence] [tos tos] [before editbuffer-index modify
	editbuffer-index] [hits]

Page 439

Image 439

HP Manager Software manual Set security acl, Protocol, or IP, ICMP, TCP, or UDP packet information

Contents

3CRWXR10095A, 3CRWX120695A, 3CRWX440095A Wireless LAN Mobility System3Com Corporation 350 Campus Drive Marlborough, MA USA Contents Set system location Clear banner motd Clear history Clear prompt104 102126 Display ip alias 127 187 174 Set summertime 177 Set system ip-address 179180 Set timezone 181 Display dhcp-client 182 183 Display snmp community 186245 267 MAP Access Point Commands by Usage272 Clear radio-profile 274 Clear service-profile 275 276 Set user group 258 Set usergroup 259 Set web-aaa 260318 STP Commands 414 Security ACL Commands by Usage 423 clear security acl395 Set spantree portvlanpri 396 Set spantree priority 397448 Crypto certificate 449 Commands by Usage 447Display security acl hits 430 Display security acl info 431 432503 500530 525525 Display rfdetect visible 526 528Clear log trace 562 Clear trace Dir Display boot 547 Display config 548549 561Register Your Product 607 System LOG CommandsPage List conventions that are used throughout this guide Conventions„ Wireless LAN Switch and Controller Release Notes „ Wireless LAN Switch Manager 3WXM Release NotesDocumentation „ Document part number and revision on the title CommentsPddtechpubscomments@3com.com „ Document titleExample Overview Clear interface vlan-idip Set enablepassClear fdb dynamic port port-list vlan vlan-id Notation Text EntryConventions MAC AddressUser Globs MasksSubnet Masks Wildcard MasksMAC Address Globs Gives examples of user globsUser Globs „ a single port number. For example WX1200# set port enableVlan Globs Matching Order for GlobsOperating systems Command-LineWX1200# reset port EditingWX1200# display i Tab At your access level, type the help command. For example Using CLI HelpWX1200# display i? WX1200# display ip telnet Understanding Command DescriptionsSet ap dap name command has the following complete syntax WX1200# display ip ?Usage Commands byDisable Syntax disable Defaults NoneQuit EnableSet enablepass Access Commands To located commands in this chapter based on their use System Service Commands„ display banner motd on Banner with an empty banner by typing the following commandClear banner motd Clear historyClear system Clear promptMotd Display bannerBase-information Display„ clear banner motd on See Also „ set license on Defaults None Access AllDisplay license Display systemDisplay system output Describes the fields of display system outputNvram size /SDRAM size percent of total Syntax help WX switch„ Using CLI Help on Help„ clear history on Set auto-configHistory Syntax historySet auto-config Common Name remoteswitch1@example.com Enable the Dhcp client on VlanEnable the auto-config option WX-1200#crypto generate key admin 1024 key pair generated„ Delimiting character that begins and ends the message Save the configuration changesSyntax set banner motd text Syntax set confirm on off Set confirmSee Also „ clear banner motd on „ display banner motd on That might have a large impact on the networkWX4400# set confirm off Set lengthExamples To turn off these confirmation messages, type WX4400# clear vlan redSet license Installs an upgrade license, for managing more MAPsSee Also „ display license on Syntax set prompt string Set promptCountry Codes Set system contact Stores a contact name for the WX switchSet system CountrycodeCountry Code Country Codes WX1200# set system country code CA Ip-addressMobility Domain „ ip-addr- IP address, in dotted decimal notationSyntax set system name string Syntax set system location stringSet system name System Service Commands Locate commands in this chapter based on their use Port Commands„ set dap on That are using the MAPClear dap Removes a Distributed MAPSyntax clear port-group name name Clear port-group„ name name Name of the port group See Also „ set port-groupon „ display port-grouponSee Also „ display port status on „ set port name on Clear portPreference Clear port name Removes the name assigned to a portPort Clear port type„ display port preference on „ set port preference onCounters Display portWX1200 display port counters octets port Display port-groupShows port group informationSyntax display port-group all name group-name Output for display port-group Describes the fields in the display port-group outputSee Also „ clear port-groupon „ set port-groupon Describes the fields in this displayDisplay port WX4400# display port preference Port Preference Output for display port preferenceSyntax display port status port-list WX1200# display port status Output for display port status„ set port speed on Monitor portSee Also „ clear port type on „ set port negotiation onKey Controls for Monitor Port Counters Display WX4400# monitor port counters Output for monitor port countersCorrect length but contained an invalid See Also „ display port counters on Set dap Reset portPort Commands Set dap Set port Following command removes Distributed MAPAdministratively disables or reenables a port Syntax set port enable disable port-listWith no spaces See Also „ reset port onConfigured together as a single logical link Single logical linkSyntax set port port name name Name or number in other CLI commandsSet port name See Also „ clear port-groupon „ display port-grouponWX1200# set port negotiation 2 enable Following command enables autonegotiation on portSyntax set port negotiation port-listenable disable WX1200# set port negotiation 3,5 disableSet port poe Access pointsFollowing command enables PoE on ports 4 See Also „ set port type ap on „ set port type wired-authonWX4400# set port preference 2 rj45 Set port speedChanges the speed of a port Syntax set port preference port-listrj45Set port trap Set snmp profile commandWX1200# set port trap 3-4 enable Mp-352mp-372- MAP access point model„ 11a 802.11a „ 11b 802.11b „ 11g 802.11g „ poe enable disable Power over Ethernet PoE state„ radiotype 11a 11b 11g Radio type Defaults All WX ports are network ports by default WX1200# set port type ap 1-3,5 model ap3750 poe enable MAP Access Port DefaultsWX1200# set port type ap 1-3,5 model ap8250 poe enable Set port type Wired-authBefore changing the port type from ap to wired-author from CommandVlan membership Wired Authentication Port DetailsSee Also „ clear port type on „ set port type ap on Port Commands Vlan Commands Deletes an entry from the forwarding database FDB Clear fdbSyntax clear fdb perm static dynamic „ display fdb on Clear vlanPort from the VLAN, make sure you specify the port number Displays entries in the forwarding database Following command completely removes Vlan marigoldSee Also „ set vlan port on „ display vlan config on Display fdbWX4400# display fdb all WX4400# display fdb Describes the fields in the display fdb outputSee Also „ clear fdb on Output for display fdbSee Also „ set fdb agingtime on AgingtimeStation Display roamingSee Also „ display roaming vlan on Describes the fields in the displayOutput for display roaming station Syntax display roaming vlan Output for display roaming vlanWX4400# display roaming vlan Syntax display tunnel See Also „ display vlan config onDisplay tunnel Output for display tunnelWX1200# display vlan config burgundy Display vlan configOutput for display vlan config Syntax display vlan config vlan-idAdds a permanent or static entry to the forwarding database Set fdbSyntax set fdb perm static Syntax set fdb agingtime vlan-idage seconds See Also „ clear fdb on „ display fdb onSyntax set vlan vlan-numname name Set vlan nameSee Also „ display fdb agingtime on Creates a Vlan and assigns a number and name to itSet vlan port Adds ports 1 through 3 to the Vlan Tag value to be the same but some other switches doSet vlan Tunnel-affinitySee Also „ display roaming vlan on „ display vlan config on To locate commands in this chapter based on their use IP Services CommandsDNS IP Services Commands by UsageSyntax clear interface vlan-idip Access Enabled History Introduced in MSS VersionClear interface Removes an IP interfaceSee Also „ display ip alias on Clear ip aliasSyntax clear ip alias name WX1200# clear ip dns domain Clear ip dns domain Removes the default DNS domain name„ ip-addr- IP address of a DNS server Syntax clear ip dns domainSee Also „ display ip route on „ set ip route on Default is an alias for IP address 0.0.0.0/0Clear ip route „ clear ip dns domain onClear ip telnet Defaults The default Telnet port number isTelnet management traffic to its default Removes an NTP server from a WX switch configurationClear ntp Update-interval„ display snmp community on Clear snmpCommunity Syntax clear snmp community name comm-stringClear snmp usm Clear snmp profileClear snmp trap ReceiverSyntax clear summertime See Also „ set snmp usm on „ display snmp usm onUse the address Clear timezoneSyntax display arp ip-addr Display arpUsage All Shows the ARP table„ set arp agingtime on „ set arp onOutput for display arp Output for display interface Shows the IP aliases configured on the wireless LAN switchDisplay ip alias See Also „ set interface on „ set interface status on„ set ip alias on Examples The following command displays the DNS informationDisplay ip dns „ clear ip alias onSyntax display ip https Display ip httpsShows information about the Https management port Output for display ip dnsWX4400# display ip https Output for display ip httpsWX4400# display ip route Display ip routeShows the IP route table Syntax display ip route destinationFieldDescription Output of display ip routeSyntax display ip telnet Output for display ip telnetWX4400 display ip telnet Output for display ntp Examples To display NTP information for a WX switch, typeDisplay ntp Shows NTP client information„ set ntp server on „ set summertime on „ set timezone on Display snmp ConfigurationShows Snmp settings on a wireless LAN switch Examples To display Snmp settings on a WX switch, typeOutput of display snmp configuration WX1200# display summertime Defaults There is no summertime offset by defaultSummertime Syntax display summertimeSyntax display timezone WX1200# display timedateWX4400# display timezone „ set timedate on „ set timezone on Defaults „ count„ traceroute on Set arpWX1200# set arp agingtime Following command disables ARP agingSee Also „ set arp agingtime on Syntax set arp agingtime secondsSet interface Dhcp-client Syntax set interface vlan-idip dhcp-client enable disable„ clear interface on Defaults The Dhcp server is enabled by default on a new Configures the MSS Dhcp server„ enable Enables the Dhcp server „ disable Disables the Dhcp serverSyntax set interface vlan-idstatus up down See Also „ display dhcp-serveronSee Also „ clear ip alias on „ display ip alias on Aliases as shortcuts in CLI commandsSet ip alias Set ip dnsWX1200# set ip dns domain example.com Syntax set ip dns domain nameSyntax set ip dns server ip-addrprimary secondary Set ip route WX switch is disabledSyntax set ip https server enable disable Syntax set ip route default ip-addr maskSet ip route Syntax set ip snmp server enable disable Secure Shell SSH management traffic WX4400# set ip snmp server enableSet ip ssh „ clear snmp notify target on„ set ip ssh server on Absolute-timeout„ set ip ssh absolute-timeouton „ set ip ssh idle-timeoutonAlso disabled Idle-timeoutSet ip ssh server Telnet management traffic Maximum number of SSH sessions supported on a WX switch isSet ip telnet History -Introduced in MSS VersionSyntax set ip telnet server enable disable Set ntp server Enables or disables the NTP client on a wireless LAN switchConfigures a wireless LAN switch to use an NTP server Set ntpNTP server RFC 1305, Network Time Protocol Version 3 SpecificationDefaults The default NTP update interval is 64 seconds Implementation and AnalysisUser. SNMPv3 does not use community strings Set snmpSet snmp community Target Set snmp notifySNMPv3 with Informs Usm trap user username SNMPv3 with TrapsSNMPv2c with Informs SNMPv1 with Traps SNMPv2c with TrapsSuccess change accepted Snmp notification types „ notification-type- Any of the items in TablePoint Snmp notification types WX-1200#set snmp notify profile snmpprofrfdetect send RFDetectRogueDisappearTraps success change accepted Syntax set snmp protocol v1 v2c usm all enable disable WX-1200# set snmp security encrypted success change accepted Community strings Versions, use the set snmp community command to configureSet snmp trap Set snmp usm„ auth-type none md5 sha auth-pass-phrase string IP Services Commands Auth-type sha auth-pass-phrase myauthpword WX-1200# set snmp usm securesnmpmgr1 snmp-engine-idEncrypt-type 3des encrypt-pass-phrase mycryptpword WX1200# set summertime PDT success change accepted WX4400# set interface taupe ip 10.10.20.20/24 FollowingWX4400# set timedate date feb 29 2004 time 235800 Sets the time of day and date on the wireless LAN switchSet timedate Syntax set timedate date mmm dd yyyy time hhmmssSet timezone It is enabledWX1200# set timezone PST Syntax display dhcp-client Output for display dhcp-clientWX-1200# display dhcp-client WX-1200#display dhcp-server See Also „ set interface dhcp-clientonDisplay dhcp-serverDisplays MSS Dhcp server information Syntax display dhcp-server interface vlan-id verboseOutput for display dhcp-server Describe the fields in these displaysDisplay dhcp-server Output for display dhcp-client verbose See Also „ set interface dhcp-serveronWX-1200#display snmp community Displays the configured Snmp community stringsOutpot for display snmp community Syntax display snmp communitySyntax display snmp counters Displays Snmp statistics countersWX-1200#display snmp counters WX-1200#display snmp notify profile Syntax display snmp notify profileSyntax display snmp notify target See Also „ clear snmp profile on „ set snmp profile onWX-1200#display snmp notification target User Name of the Snmp user EngineID Output for display snmp notification targetWX-1200#display snmp status Output for display Snmp statusSwitch has booted Output for display snmp usm „ display snmp notify target on „ display snmp usm onWX-1200#display snmp usm USM users See Also „ clear snmp usm on „ display snmp usm on Opens a Telnet client session with a remote device TelnetWX4400# telnet See Also „ clear sessions on „ display sessions on Defaults„ dnf Disabled TracerouteCtrl+C „ no-dns- Disabled „ port„ queries „ size „ ttl „ wait„ ping on Error messages for tracerouteThis chapter presents AAA commands alphabetically. Use to Locate commands in this chapter based on their useAAA Commands by Usage Display accounting statistics on WX4400# clear accounting dot1x Nin Syntax clear accounting admin dot1x user-globAdmin Clear authenticationWX4400# clear authentication console Regina Syntax clear authentication console user-globConsoleConsole Syntax clear authentication dot1x ssid ssid-namewired Syntax clear authentication mac ssid ssid-namewired Clear authentication Removes a MAC authentication rule. macSyntax clear authentication last-resort ssid ssid-namewired WX4400# clear authentication last-resort wiredWX4400# clear authentication mac ssid thatcorp aabbcc Access Enabled History -Introduced in MSSSyntax clear authentication proxy ssid ssid-nameuser-glob „ on Clear authentication Removes a WebAAA rule. web See Also „ set authentication proxy onWX-1200#clear authentication proxy ssid mycorp Syntax clear location policy rule-number Syntax clear mac-user mac-addr User who is authenticated by a MAC addressClear mac-user Radius serverFor your Radius server WX switch, for a user who is authenticated by a MAC addressGroup ACL from the profile of a user at MAC addressMac-usergroup ClearMac-usergroup attr „ set mobility-profileon „ set mobility-profile mode onMobility-profile Clear user„ set user on Database on the WX switch, for a user with a passwordClear user attr Nin„ clear usergroup on Clear user groupClear usergroup UsergroupSyntax clear usergroup group-name attr attribute-name Time-Of-Day attribute from the group Displays all current AAA settingsSecion added to indicate the state of the WebAAA feature Display aaaDisplay aaa Output Describes the fields that can appear in display aaa outputDisplay aaa Output Statistics output Stored in the local database on the WX switchDisplay accounting StatisticsDisplay accounting statistics „ clear location policy on On an WX switchDisplay location PolicySet accounting Admin consoleAre sent Authenticated by MAC authentication Server when the user roamsAccesses the switch using Telnet or Web Manager Authenticated bySet accounting dot1x mac web Set authentication Set authentication admin Following methods in priority order. MSS applies multiple Through the switch’s consoleCompleting logon Globs onFor more information, see Usage Syntax set authentication dot1x ssid ssid-namewired Set authentication dot1x AAA Commands Success change accepted Syntax set authentication last-resort 235 Syntax set authentication mac Set authentication mac Proxy Syntax set authentication web ssid ssid-namewired WX-1200#set authentication proxy ssid mycorp ** srvrgrp1AAA Commands Set location policy For details, see Vlan Globs on Set location policy WX4400# set location policy deny if user eq *.theirfirm.com Tempvendora into Vlan kiosk1 Set mac-userSee Also „ clear mac-useron „ display aaa on Authentication Attributes for Local Users Filter-id outboundacl.out Authentication Attributes for Local UsersYY/MM/DD-HHMM Time-of-day WX4400# set mac-user 010203040506 attr filter-id acl-03.in Syntax set mac-usergroup See Also „ clear mac-user attr on „ display aaa onSyntax set mobility-profile name name port none all See Also „ clear mac-usergroup attr on „ display aaa onAAA Commands „ set user attr on „ set usergroup on Syntax set mobility-profile mode enable disableSet user Orange Set user attr29Jan04 „ clear user onServer That exists in the local database on the WX switchSet user group „ clear user attr onTo add a user to a group, user the command set user group Assigns authorization attributes for the groupSet usergroup Syntax set web-aaa enable disable Examples To disable WebAAA, type the following commandSet web-aaa Mobility Domain Commands by Usage To locate commands in this chapter based on their useMember Mobility-domainSee Also „ set mobility-domain member on Display mobility-domain configDisplays the configuration of the Mobility Domain StatusWX4400# display mobility-domain status Display mobility-domain OutputSet Command is rejectedSyntax set mobility-domain member ip-addr 192.168.1.8 Mode memberSeed, this command overwrites that configuration Seed-ipSyntax set mobility-domain mode seed domain-name Set mobility-domain mode seed domain-nameMobility Domain Commands Commands Type Command Set ap dap radio auto-tune max-power on Set ap dap radio auto-tunemin-client-rateon Radio Clear ap dapSyntax clear ap port-listdap dap-num radio 1 2 all WX1200# clear ap 3 radio Radio-Specific ParametersSyntax clear radio-profile name parameter Syntax clear service-profile name „ name Service profile nameSee Also „ clear radio-profileon „ set radio-profile mode on WX4400# display dap config WX1200# display ap configDAP Output for display ap config„ set port type ap on „ set ap dap bias on WX1200# display ap counters Tkip Pkt Replays Output for display ap countersCcmp Pkt Replays See Also „ display sessions network onWX-1200#display dap qos-stats Output for display ap dap qos-statsSyntax display ap dap etherstats port-listdap-num Output of display ap etherstatsWX4400# display dap etherstats „ name Name of an MAP group or Distributed MAP group Access point groupsSyntax display ap dap group name Output for display ap group „ set ap dap group onWX1200# display ap group loadbalance1 WX4400# display dap status MAPWX1200# display ap status Output for display ap statusOutput for display ap status Syntax display auto-tune attributes Decide whether to change channel or power settingsDisplay auto-tune AttributesOutput for display auto-tune attributes See Also „ display auto-tune neighbors onWX1200# display auto-tune attributes ap 2 radio Ap map-numradio 1 2all Neighbors3Com radio can hear Syntax display auto-tune neighborsDisplay auto-tune Neighbors ap 2 radio Output for display auto-tune neighborsDisplay dap Display dap global commandConnection Dap connection serial-id M9DE48B6EAD00 Output of display dap connectionSyntax display dap global dap-numserial-id serial-ID WX4400# display dap global Output for display dap globalNetwork port is a member of a Vlan UnconfiguredBut that are not configured on any WX switches Longer appears in the command’s outputSyntax display radio-profile name ? Output for display dap unconfiguredRadio-profile Displays radio profile informationOutput for display radio-profile WX4400# display radio-profile defaultTune Channel Ssid „ ? Displays a list of service profiles Service-profileDisplays service profile information „ name Displays information about the named service profileDisplay service-profile Other WPA parameters Reset ap dap Configurable Template Parameters for Distributed MAPs Dap auto mode enable commandUsage lists the configurable template parameters and their Listed in . The commands are listed in the See Also sectionWX1200# set dap auto success change accepted Syntax set dap auto mode enable disable See Also „ set dap auto on RadiotypeTemplate „ Radio type „ 11a-802.11a „ 11b-802.11b „ 11g-802.11gSyntax set ap port-listdap dap-numauto bias high low See Also „ display ap dap config on Syntax set dap num fingerprint hex Blink enable disable„ ap port-list- List of MAP access ports to add to the group WX1200# set ap 4 group none success change accepted Set ap dap name Changes an MAP name „ antennatype ANT5060 ANT5120 ANT5180 internal „ antennatype ANT1060 ANT1120 ANT1180 internalRadio 1 2 auto-tune max-power power-level Set ap dap radio auto-tune max-powerRadio 1 2 auto-tune max-retransmissions retransmissions Set ap dap radio auto-tune max- retransmissionsSet ap dap radio auto-tune max- retransmissions Sets an MAP radio’s channel Set ap dap radio channelSyntax set ap port-listdap dap-numradio 1 Set ap dap radio auto-tune min-client-rate „ display ap dap config onRadio 1 2 auto-tune min-client-rate rate Set ap 6 radio 1 min-client-rate ExamplesRadio 1 2 mode enable disable Set ap dap radio modeEnables or disables a radio on an MAP access point Following command enables radio 2 on ports 1 throughDefaults None Sets an MAP radio’s transmit power Set ap dap radio tx-powerSyntax set dap security require none optional WX-1200#set dap security require Set ap dap Upgrade-firmware11g-only Set radio-profileSyntax set radio-profile name active-scan enable disable Set radio-profile auto-tune channel-configSyntax set radio-profile name auto-tune channel-holddown Set radio-profile auto-tune channel-holddownSyntax set radio-profile name auto-tune channel-interval Set radio-profile auto-tune channel-intervalSyntax set radio-profile name auto-tune power-backoff-timer Set radio-profile auto-tune power-backoff- timerWX4400# set radio-profile rp2 auto-tune power-backoff-timer Set radio-profile auto-tune power-configSet radio-profile auto-tune power-interval Beacon-interval Following command disables countermeasures in radio profile Clients from being able to use rogue access points„ rogue Configures radios to attack rogues only Defaults Countermeasures are disabled by defaultSyntax set radio-profile name dtim-interval interval Syntax set radio-profile name long-retry threshold Syntax set radio-profile name frag-threshold thresholdSyntax set radio-profile name max-rx-lifetime time Syntax set radio-profile name max-tx-lifetime time Mode Set radio-profile mode WX4400# set radio-profile rp1 mode enable Syntax set radio-profile name Syntax set radio-profile name rts-threshold threshold Syntax set radio-profile name service-profile nameParameter Default Value To Default Value Defaults for Service Profile ParametersSet radio-profile auth-psk command 349 Wmm Short-retrySyntax set service-profile Name auth-dot1x enable disable WPA IE Set service-profile auth-fallthru Syntax set service-profile name auth-psk enable disable Syntax set service-profile name beaconed enable disable Cipher-ccmp Set service-profileCipher-tkip Cipher-wep104 Use the set service-profile wep commandsCipher-wep40 Syntax set service-profile name psk-phrase passphrase Syntax set service-profile name psk-raw hex Syntax set service-profile name rsn-ie enable disable See Also „ set service-profilecipher-ccmponSyntax set service-profile name ssid-name ssid-name Set service-profile auth-psk commandSyntax See Also „ set service-profilessid-typeonSyntax set service-profile name tkip-mc-time wait-time See Also „ set service-profilessid-nameonWX4400# mkdir corpa-ssid success change accepted Ssid managed by the service profileSyntax set service-profile name web-aaa-form url Web-aaa-form„ copy on „ dir on Set service-profile wep active-multicast- index„ mkdir on Syntax set service-profile name wep active-unicast-index num Set service-profile wep active-unicast- indexWep key-index Syntax set service-profile name wpa-ie enable disable Table to locate commands in this chapter based on their use STP Commands bySTP Commands by Usage Syntax clear spantree portcost port-list STP root bridge in all VLANs on a WX switchClear spantree Portcost„ set spantree portpri on PortpriPortvlancost „ clear spantree portvlanpri on„ clear spantree portcost on PortvlanpriSee Also „ display spantree statistics on „ clear spantree portpri onSyntax display spantree Spantree vlan defaultRoot Output for display spantree„ display spantree blockedports on Or disabledDisplay spantree Backbonefast„ set spantree backbonefast on BlockedportsSee Also „ display spantree on Output for display spantree portfast PortfastFor one or more network ports See Also „ set spantree portfast onSyntax display spantree statistics Port’s VLANs„ port-list- List of ports Syntax display spantree portvlancost port-listWX4400# display spantree statistics Topology change Timer value Hold timer Vlan Vlan ID Output for display spantree statisticsConfigpending Switch is the root or is attempting to become the root Syntax display spantree uplinkfast vlan vlan-id See Also „ clear spantree statistics on„ set spantree uplinkfast on Set spantreeAn indirect link Examples The following command enables STP on all VLANsConfigured on a WX switch Following command disables STP on Vlan burgundy„ display spantree backbonefast on Fwddelay„ all Changes the maximum age on all VLANs Issues a topology change messageMaxage VLANs to 4 seconds65,535. STP selects lower-cost paths over higher-cost paths Type. lists the defaults for STP port path costSTP Port Path Cost Defaults Path to the STP root bridgePortvlancost command Syntax set spantree portpri port-listpriority value See Also „ display spantree portfast onTo 20 in Vlan mauve Bridge for a specific Vlan on a wireless LAN switch„ all Changes the cost on all VLANs Type. See on„ all Changes the priority on all VLANs Path to the STP root bridge, on one Vlan or all VLANsPorts Highest priority through 255 lowest priorityUplinkfast PrioritySee Also „ display spantree uplinkfast on Igmp Commands by Usage Igmp Snooping CommandsDisplay igmp Clear igmp statisticsSee Also display igmp statistics on TTL Output for display igmp TTL Syntax display igmp mrouter vlan vlan-id MrouterWX1200# display igmp Mrouter vlan orange Only one querier Defaults None Access EnabledSyntax display igmp querier vlan vlan-id WX1200# display igmp querier vlan red WX1200# display igmp querier vlan defaultOutput for display igmp mrouter WX1200# display igmp querier vlan orange„ set igmp querier on Receiver-tableOutput for display igmp receiver-table See Also „ set igmp receiver onIgmp Receiver-table group 237.255.255.0/24 WX1200# display igmp statistics vlan orange Shows Igmp statistics„ vlan vlan-id Vlan name or number. If you do not specify a Syntax display igmp statistics vlan vlan-idFrom the multicast routers in the subnet Output of display igmp statisticsSee Also „ set igmp rv on Wireless LAN switchFrom 1 through 65,535 VLANs on a wireless LAN switchVLAN, the timer change applies to all VLANs Set igmp lmqiSee Also „ display igmp statistics on Syntax set igmp mrouter port port-listenable disableSee Also „ set igmp mrsol mrsi on Enables or disables multicast router solicitation by a WXSyntax set igmp mrsol enable disable vlan vlan-id Set igmp mrsolSyntax set igmp oqi seconds vlan vlan-id Set igmp oqiSee Also „ set igmp mrsol on All VLANs on a WX„ set igmp qri on Set igmpProxy-report „ set igmp lmqi onSyntax set igmp qi seconds vlan vlan-id Set igmp qiVLANs on a WX Set igmp qriGroup. You can specify a value from 1 through 65,535 Syntax set igmp receiver port port-listenable disable Syntax set igmp querier enable disable vlan vlan-idSee Also „ display igmp querier on Set igmp rv Set igmp rv Igmp Snooping Commands Security ACL Security ACL CommandsSyntax clear security acl acl-name all editbuffer-index WX4400# commit security acl acl133 configuration accepted Syntax clear security acl map acl-nameall vlan vlan-id Syntax commit security acl acl-nameall WX4400# display security acl WX4400# commit security acl allSyntax display security acl dscp Syntax display security acl editbuffer Examples The following command displays the tableSee Also „ set security acl on WX-1200#display security acl dscpSyntax display security acl hits WX4400# display security acl editbufferWX4400# display security acl hits See Also „ hit-sample-rateon „ set security acl onSyntax display security acl info acl-nameall editbuffer Syntax display security acl map acl-name Display security aclMap Security ACL is assignedWX4400# display security acl map acl111 Resource-usageACL acl111 is mapped Support for your Product onWX4400# display security acl resource-usage Output of display security acl resource-usage Output of display security acl resource-usage Packets filtered by the security ACL or hits Hit-sample-rateSyntax hit-sample-rate seconds Syntax rollback security acl acl-nameall Protocol, or IP, ICMP, TCP, or UDP packet information Set security aclBy TCP packets By Icmp packetsBy UDP packets „ ip „ tcp „ udp „ icmp Security ACL Commands Set security acl WX4400# set security acl ip acl123 deny 192.168.2.11 Set security acl map Security ACL Commands Cryptography Commands by Usage To locate commands in this chapter based on their useSyntax crypto ca-certificate admin eap webaaa See Also „ display crypto ca-certificateon Syntax crypto certificate admin eap webaaaAccess Enabled History -Introduced in MSS Version See Also display crypto key ssh on Syntax crypto generate key admin eap ssh webaaa 512 1024Syntax crypto generate request admin eap webaaa Email Address admin@example.com WX4400# crypto generate request adminSee Also „ crypto certificate on „ crypto generate key on Syntax crypto generate self-signed admin eap webaaaWX4400# crypto generate self-signed admin Crypto otp „ crypto pkcs12 on Crypto pkcs12WX4400# crypto otp eap hap9iN#ss See Also „ crypto otp onDisplay crypto ca-certificate Output Display cryptoCa-certificate Pkcs #7 certificateDescribes the fields of the display On the WX switchSyntax display crypto certificate admin eap webaaa CertificateSyntax display crypto key ssh See Also crypto generate key onCryptography Commands Radius Commands by Usage Locate commands in this chapter based on their usesClear radius Syntax clear radius client system-ip See Also „ display aaa on „ set radius client system-iponSyntax clear radius proxy port all See Also „ set radius proxy client onSee Also „ set radius proxy port on Syntax clear radius proxy client allSyntax clear radius server server-name See Also „ display aaa on „ set radius server onSyntax clear server group group-nameload-balance „ set server group on Set radiusSystem-ip Set radius client„ clear radius server on WX4400# set radius client system-ipsuccess change accepted Port Set radius proxy„ clear radius proxy client on To 32 characters long, with no spaces or tabs Set radius server WX1200# set server group shorebirds members heron egret „ group-name- Server group name of up to 32 characters Load-balance groupSandpiper Radius and Server Group Commands Performance On the switchCommands on 802.1X Commands by UsageSee Also „ display dot1x on „ set dot1x bonded-periodon Resets the Bonded Auth period to its default valueClear dot1x Bonded-period„ set dot1x max-reqon Port-controlQuiet-period See Also „ display dot1x on „ set dot1x reauth-periodon Reauth-maxReauth-period „ set dot1x reauth-maxonSupplicant „ set dot1x timeout auth-serveron„ set dot1x timeout supplicant on Auth-serverDisplay dot1x Tx-period„ set dot1x tx-periodon WX4400# display dot1x clients WX1200# display dot1x configExplains the counters in the display dot1x stats output Type the following command to display 802.1X statisticsWX4400# display dot1x stats Set dot1x Port-control commandAuthcontrol Machine to start reauthentication for the user Authentication is enabledExamples To enable per-port 802.1X authentication on wired Authentication ports, type the following commandSee Also „ display dot1x on „ clear dot1x bonded-periodon Syntax set dot1x key-tx enable disableSee Also „ clear dot1x max-reqon „ display dot1x on See Also „ display dot1x onSee Also „ display port status on „ display dot1x on Authentication dot1X commandSyntax set dot1x reauth enable disable To a supplicant after a failed authenticationSyntax set dot1x quiet-period seconds See Also „ display dot1x on „ clear dot1x reauth-maxon Before the supplicant client becomes unauthorizedSyntax set dot1x reauth-max number-of-attempts See Also „ display dot1x on „ clear dot1x reauth-periodon Set dot1x timeoutAttempts reauthentication Out a request to a Radius authentication serverSyntax set dot1x timeout supplicant seconds Out an authentication session with a supplicant clientSyntax set dot1x tx-period seconds Broadcast and multicast encryption keys Syntax set dot1X wep-rekey enable disableWep-rekey See Also „ display dot1x on „ clear dot1x tx-periodonTo 300 seconds Defaults The default is 1800 seconds 30 minutesWep-rekey-period „ seconds Specify a value between 30 and 1,641,600 19 daysTelnet sessions Clear sessionsVLANs, or session ID NetworkWX4400# clear sessions network mac-addr To clear session 9, type the following commandWX1200# clear sessions network session-id Display sessions WX4400 display sessions console WX4400 display sessions adminWX4400 display sessions telnet Display sessions telnet client Output See Also „ clear sessions onSyntax display sessions network WX1200# display sessions network mac-addr 00055d7e981a „ Summary display See on „ Verbose display See on„ display sessions network session-id display See on WX1200# display sessions networkWX1200# display sessions network session-id WX1200# display sessions network verboseAdditional display sessions network verbose Output Display sessions network summary OutputTime Display sessions network session-id Output 802.1X protocol on a wired authentication portSee Also „ clear sessions network on Session Management Commands RF Detection Commands by Usage To locate the commands in this chapter based on their useRemoves a MAC address from the attack list Examples The following command clears MAC addressClear rfdetect Attack-listCountermeasures Mac Clear rfdetect Black-listIgnore „ set rfdetect ssid-liston Ssid-list„ display rfdetect ignore on „ set rfdetect ignore on„ display rfdetect vendor-liston Vendor-listDisplay rfdetect „ set rfdetect vendor-listonRF Detection Commands Display rfdetect countermeasures Output CountermeasuresMobility Domain DomainData Displays information about the APs detected by a WX switchSyntax display rfdetect data WX1200# display rfdetect data Display rfdetect data OutputSyntax display rfdetect ignore Ignore listWX4400# display rfdetect ignore Total number of entries WS1200# display rfdetect mobility-domain Bssid mac-addr Displays rogues that are using the specifiedDuring RF detection scans Syntax display rfdetect mobility-domainWS1200# display rfdetect mobility-domain ssid 3Com-webaaa Ssid 3Com-webaaaDisplay rfdetect mobility-domain Output Following command displays detailed information for a BssidWX1200# display rfdetect mobility-domain bssid 000b0e0004d1 Display rfdetect mobility-domain ssid or bssid Output „ clear rfdetect ssid-liston WX switch„ display rfdetect data on Displays the entries in the permitted Ssid listVisible Display ap dap status commandWX1200# display rfdetect visible Radio Display rfdetect visible OutputActive-scan Set rfdetectAddresses of APs and clients Configured. WX switches do not share client black lists Configured. WX switches do not share attack listsExamples The following command adds MAC address Defaults The client black list is empty by defaultCountermeasures Mac Set rfdetect ignore Set rf detectSee Also „ display log buffer on Signature WX switches in a Mobility DomainDevice’s OUI is in the permitted vendor list Examples The following command adds Ssid mycorp to the listOnly for the SSIDs that are on the list Permitted SSIDsSyntax display rfdetect attack-list Trailing 000000 value is requiredWX1200# display rfdetect attack-list WX1200# display rfdetect black-list Displays the wireless clients detected by an WX switchClients Syntax display rfdetect black-listWX1200# display rfdetect Clients Display rfdetect clients OutputDisplay rfdetect clients mac Output From the wired side of the network addressed to File Management Commands „ tftp/ip-addr/filename- Name of the archive file to create Dir command outputLocally on the switch Tape archive tar formatSyntax clear boot config „ Copies a file from a Tftp server to nonvolatile storage „ reset system onCopy Performs the following copy operationsWX4400# copy floorwx tftp//10.1.1.1/floorwx WX4400# copy test-config new-configSyntax delete url File or the running configurationDelete Immediately deletes the specified fileDir „ copy on „ delete on Describes the fields in the dir outputOutput for dir Describes the fields in the display boot output Display bootReboot and configured for use after the next reboot Access AccessDisplays the configuration running on the WX switch Display configSyntax display config area area all Display version See Also „ load config on „ save config onAnd, optionally, for any attached MAP access points WX4400# display config area vlanWX1200# display version details WX1200# display versionOutput for display version Load configRunning configuration with the commands in the loaded file Describes the fields in the display version outputWX4400# load config testconfig1 Following command loads configuration file testconfig1Syntax load config url WX4400# load configCreates a new subdirectory in nonvolatile storage MkdirRestarts an WX switch and reboots the software Reset system„ dir on „ rmdir on Generate new key pairs and certificates on the switch RestoreRemoves a subdirectory from nonvolatile storage „ backup onWX1200# restore system tftp/10.10.20.9/sysabak Rmdir„ dir on „ mkdir on Save configSaves the running configuration to a configuration file Syntax save config filenameTestconfig1 Set bootConfiguration-file ConfigurationSyntax set boot partition boot0 boot1 File Management Commands Trace Commands Deletes the log messages stored in the trace buffer Deletes running trace commands and ends trace processesClear log trace Clear traceWX4400# display trace WX switch, or all possible trace optionsDisplay trace Syntax display trace allSave trace AuthenticationSet trace See Also „ clear trace on „ display trace on AuthorizationSet trace dot1x Syntax set trace sm mac-addr mac-address port port-num Set trace smTrace Commands Snoop Commands Clear snoop map Clear snoop„ display snoop info on „ display snoop map on Set snoop„ set snoop map on „ display snoop onChapter Snoop Commands WX1200# set snoop snoop1 observer 10.10.30.2 snap-length Radio 2 of the MAP. This option does not apply to Set snoop mapFilter Radio 1 of the MAPAll snoop filters Set snoop modeTo an MAP radio and enable the filter Enable stop-afternum-pkts- Enables the snoop filterDisplays the MAP radio mapping for all snoop filters Display snoop map commandFor all snoop filters configured on a WX switch Display snoopWX1200# display snoop info snoop1 Display snoop info Shows the configured snoop filtersSee Also „ clear snoop on Syntax display snoop filter-nameExamples display snoop stats filter-namedap-numradio Snoop map snoop1Display snoop stats Output Snoop1Snoop stats snoop1 Chapter Snoop Commands Syntax clear log buffer server ip-addr Clear logSee Also „ clear log trace on Log buffer facility ? You can view event messages archived in the bufferWX4400# display log buffer facility AAA „ set log on „ clear log on „ display log config onLog config „ clear log onSyntax display log trace +-/number-of-messages Address in dotted decimal notation Set logStorage „ console Sets log parameters for console sessions„ trace Sets log parameters for trace files See Also Set log trace See Also „ display log config onMbytes System LOG Commands Boot Prompt Boot Prompt CommandsAutoboot „ FN=filename System image filename Boot„ BT=type Boot type „ DEV=device Location of the system image file„ change on „ display on Syntax change ChangeSyntax create CreateSyntax delete Usage When you type the delete command, the next-lowerExamples To remove the currently active boot profile, type Profiles, see display onSyntax diag DiagSyntax display Defaults None „ change on „ create on „ delete on „ next on Output of display commandFver „ ls on For an individual command„ command-name- Boot prompt command Displays a list of the boot prompt commandsSyntax next NextCommand at the boot prompt ResetResets a WX switch’s hardware Syntax resetTest „ on Enables the poweron test flag„ OFF Disables the poweron test flag Defaults The poweron test flag is disabled by defaultSyntax version Dir or fver commandType the following command at the boot prompt VersionPurchase ServicesRegister Your ProductDownloads Access SoftwareTroubleshoot OnlineContact Us Latsupportanc@3com.com Country Telephone NumberIndex Delete 544, 597 diag Dir 545, 598 disable 33 display Index Index Index Traceroute Version

set security acl

protocol, or IP, ICMP, TCP, or UDP packet information.

By source address

By Layer 4 protocol

By IP packets