HP Manager Software specs

set snoop 573

If the snoop filter is running on a Distributed MAP, and the MAP used a DHCP server in its local subnet to configure its IP information, and the MAP did not receive a default gateway address as a result, the observer must also be in the same subnet. Without a default gateway, the MAP cannot find the observer.

The MAP that is running a snoop filter forwards snooped packets directly to the observer. This is a one-way communication, from the MAP to the observer. If the observer is not present, the MAP still sends the snoop packets, which use bandwidth. If the observer is present but is not listening to TZSP traffic, the observer continuously sends ICMP error indications back to the MAP. These ICMP messages can affect network and MAP performance.

Examples — The following command configures a snoop filter named snoop1 that matches on all traffic, and copies the traffic to the device that has IP address 10.10.30.2:

WX1200# set snoop snoop1 observer 10.10.30.2 snap-length 100

The following command configures a snoop filter named snoop2 that matches on all data traffic between the device with MAC address aa:bb:cc:dd:ee:ff and the device with MAC address 11:22:33:44:55:66, and copies the traffic to the device that has IP address 10.10.30.3:

WX1200# set snoop snoop2 frame-type eq data mac-pair aa:bb:cc:dd:ee:ff 11:22:33:44:55:66 observer 10.10.30.3 snap-length 100

See Also

clear snoop on page 570

set snoop map on page 574

set snoop mode on page 575

display snoop info on page 577

display snoop stats on page 578

Image 573

HP Manager Software manual WX1200# set snoop snoop1 observer 10.10.30.2 snap-length

Contents

3CRWXR10095A, 3CRWX120695A, 3CRWX440095A Wireless LAN Mobility System 3Com Corporation 350 Campus Drive Marlborough, MA USA Contents Set system location Clear banner motd Clear history Clear prompt 104 102 126 Display ip alias 127 180 Set timezone 181 Display dhcp-client 182 174 Set summertime 177 Set system ip-address 179183 Display snmp community 186 187 245 272 Clear radio-profile 274 Clear service-profile 275 276 MAP Access Point Commands by UsageSet user group 258 Set usergroup 259 Set web-aaa 260 267 318 STP Commands 395 Security ACL Commands by Usage 423 clear security aclSet spantree portvlanpri 396 Set spantree priority 397 414 Display security acl hits 430 Display security acl info 431 Commands by Usage 447432 448 Crypto certificate 449 503 500 525 Display rfdetect visible 526 525528 530 549 Dir Display boot 547 Display config 548561 Clear log trace 562 Clear trace Register Your Product 607 System LOG CommandsPage List conventions that are used throughout this guide Conventions „ Wireless LAN Switch Manager 3WXM Release Notes „ Wireless LAN Switch and Controller Release NotesDocumentation Pddtechpubscomments@3com.com Comments„ Document title „ Document part number and revision on the title Example Overview Set enablepass Clear interface vlan-idipClear fdb dynamic port port-list vlan vlan-id Conventions Text EntryMAC Address Notation Subnet Masks MasksWildcard Masks User Globs Gives examples of user globs MAC Address GlobsUser Globs Vlan Globs WX1200# set port enableMatching Order for Globs „ a single port number. For example WX1200# reset port Command-LineEditing Operating systems WX1200# display i Tab Using CLI Help At your access level, type the help command. For exampleWX1200# display i? Set ap dap name command has the following complete syntax Understanding Command DescriptionsWX1200# display ip ? WX1200# display ip telnet Disable Commands bySyntax disable Defaults None Usage Quit Enable Set enablepass Access Commands To located commands in this chapter based on their use System Service Commands Clear banner motd Banner with an empty banner by typing the following commandClear history „ display banner motd on Clear system Clear prompt Motd Display banner Display Base-information„ clear banner motd on Display license Defaults None Access AllDisplay system See Also „ set license on Display system output Describes the fields of display system output Nvram size /SDRAM size percent of total „ Using CLI Help on WX switchHelp Syntax help History Set auto-configSyntax history „ clear history on Set auto-config Enable the auto-config option Enable the Dhcp client on VlanWX-1200#crypto generate key admin 1024 key pair generated Common Name remoteswitch1@example.com Save the configuration changes „ Delimiting character that begins and ends the messageSyntax set banner motd text See Also „ clear banner motd on „ display banner motd on Set confirmThat might have a large impact on the network Syntax set confirm on off Examples To turn off these confirmation messages, type Set lengthWX4400# clear vlan red WX4400# set confirm off Installs an upgrade license, for managing more MAPs Set licenseSee Also „ display license on Syntax set prompt string Set prompt Set system Set system contact Stores a contact name for the WX switchCountrycode Country Codes Country Code Country Codes Mobility Domain Ip-address„ ip-addr- IP address, in dotted decimal notation WX1200# set system country code CA Syntax set system name string Syntax set system location string Set system name System Service Commands Locate commands in this chapter based on their use Port Commands Clear dap That are using the MAPRemoves a Distributed MAP „ set dap on „ name name Name of the port group Clear port-groupSee Also „ set port-groupon „ display port-groupon Syntax clear port-group name name Preference Clear portClear port name Removes the name assigned to a port See Also „ display port status on „ set port name on „ display port preference on Clear port type„ set port preference on Port Counters Display port Display port-groupShows port group information WX1200 display port counters octets portSyntax display port-group all name group-name See Also „ clear port-groupon „ set port-groupon Describes the fields in the display port-group outputDescribes the fields in this display Output for display port-group Display port Output for display port preference WX4400# display port preference Port PreferenceSyntax display port status port-list WX1200# display port status Output for display port status See Also „ clear port type on Monitor port„ set port negotiation on „ set port speed on Key Controls for Monitor Port Counters Display WX4400# monitor port counters Output for monitor port counters Correct length but contained an invalid See Also „ display port counters on Set dap Reset port Port Commands Set dap Administratively disables or reenables a port Following command removes Distributed MAPSyntax set port enable disable port-list Set port Configured together as a single logical link See Also „ reset port onSingle logical link With no spaces Set port name Name or number in other CLI commandsSee Also „ clear port-groupon „ display port-groupon Syntax set port port name name Syntax set port negotiation port-listenable disable Following command enables autonegotiation on portWX1200# set port negotiation 3,5 disable WX1200# set port negotiation 2 enable Following command enables PoE on ports 4 Access pointsSee Also „ set port type ap on „ set port type wired-authon Set port poe Changes the speed of a port Set port speedSyntax set port preference port-listrj45 WX4400# set port preference 2 rj45 Set port trap Set snmp profile command WX1200# set port trap 3-4 enable Mp-352mp-372- MAP access point model „ poe enable disable Power over Ethernet PoE state „ 11a 802.11a „ 11b 802.11b „ 11g 802.11g„ radiotype 11a 11b 11g Radio type Defaults All WX ports are network ports by default MAP Access Port Defaults WX1200# set port type ap 1-3,5 model ap3750 poe enableWX1200# set port type ap 1-3,5 model ap8250 poe enable Before changing the port type from ap to wired-author from Wired-authCommand Set port type Vlan membership Wired Authentication Port Details See Also „ clear port type on „ set port type ap on Port Commands Vlan Commands Clear fdb Deletes an entry from the forwarding database FDBSyntax clear fdb perm static dynamic Clear vlan „ display fdb onPort from the VLAN, make sure you specify the port number See Also „ set vlan port on „ display vlan config on Following command completely removes Vlan marigoldDisplay fdb Displays entries in the forwarding database WX4400# display fdb all See Also „ clear fdb on Describes the fields in the display fdb outputOutput for display fdb WX4400# display fdb See Also „ set fdb agingtime on Agingtime Station Display roaming Describes the fields in the display See Also „ display roaming vlan onOutput for display roaming station Output for display roaming vlan Syntax display roaming vlanWX4400# display roaming vlan Display tunnel See Also „ display vlan config onOutput for display tunnel Syntax display tunnel Output for display vlan config Display vlan configSyntax display vlan config vlan-id WX1200# display vlan config burgundy Set fdb Adds a permanent or static entry to the forwarding databaseSyntax set fdb perm static Syntax set fdb agingtime vlan-idage seconds See Also „ clear fdb on „ display fdb on See Also „ display fdb agingtime on Set vlan nameCreates a Vlan and assigns a number and name to it Syntax set vlan vlan-numname name Set vlan port Set vlan Tag value to be the same but some other switches doTunnel-affinity Adds ports 1 through 3 to the Vlan See Also „ display roaming vlan on „ display vlan config on To locate commands in this chapter based on their use IP Services Commands DNS IP Services Commands by Usage Clear interface Access Enabled History Introduced in MSS VersionRemoves an IP interface Syntax clear interface vlan-idip Clear ip alias See Also „ display ip alias onSyntax clear ip alias name „ ip-addr- IP address of a DNS server Clear ip dns domain Removes the default DNS domain nameSyntax clear ip dns domain WX1200# clear ip dns domain Clear ip route Default is an alias for IP address 0.0.0.0/0„ clear ip dns domain on See Also „ display ip route on „ set ip route on Telnet management traffic to its default Defaults The default Telnet port number isRemoves an NTP server from a WX switch configuration Clear ip telnet Clear ntp Update-interval Community Clear snmpSyntax clear snmp community name comm-string „ display snmp community on Clear snmp trap Clear snmp profileReceiver Clear snmp usm Syntax clear summertime See Also „ set snmp usm on „ display snmp usm on Use the address Clear timezone Usage All Display arpShows the ARP table Syntax display arp ip-addr „ set arp on „ set arp agingtime onOutput for display arp Display ip alias Shows the IP aliases configured on the wireless LAN switchSee Also „ set interface on „ set interface status on Output for display interface Display ip dns Examples The following command displays the DNS information„ clear ip alias on „ set ip alias on Shows information about the Https management port Display ip httpsOutput for display ip dns Syntax display ip https WX4400# display ip https Output for display ip https Shows the IP route table Display ip routeSyntax display ip route destination WX4400# display ip route FieldDescription Output of display ip route Output for display ip telnet Syntax display ip telnetWX4400 display ip telnet Display ntp Examples To display NTP information for a WX switch, typeShows NTP client information Output for display ntp „ set ntp server on „ set summertime on „ set timezone on Shows Snmp settings on a wireless LAN switch ConfigurationExamples To display Snmp settings on a WX switch, type Display snmp Output of display snmp configuration Summertime Defaults There is no summertime offset by defaultSyntax display summertime WX1200# display summertime WX1200# display timedate Syntax display timezoneWX4400# display timezone „ set timedate on „ set timezone on Defaults „ count „ traceroute on Set arp See Also „ set arp agingtime on Following command disables ARP agingSyntax set arp agingtime seconds WX1200# set arp agingtime Set interface Syntax set interface vlan-idip dhcp-client enable disable Dhcp-client„ clear interface on „ enable Enables the Dhcp server Configures the MSS Dhcp server„ disable Disables the Dhcp server Defaults The Dhcp server is enabled by default on a new Syntax set interface vlan-idstatus up down See Also „ display dhcp-serveron Set ip alias Aliases as shortcuts in CLI commandsSet ip dns See Also „ clear ip alias on „ display ip alias on WX1200# set ip dns domain example.com Syntax set ip dns domain name Syntax set ip dns server ip-addrprimary secondary Syntax set ip https server enable disable WX switch is disabledSyntax set ip route default ip-addr mask Set ip route Set ip route Syntax set ip snmp server enable disable Set ip ssh WX4400# set ip snmp server enable„ clear snmp notify target on Secure Shell SSH management traffic „ set ip ssh absolute-timeouton Absolute-timeout„ set ip ssh idle-timeouton „ set ip ssh server on Idle-timeout Also disabledSet ip ssh server Set ip telnet Maximum number of SSH sessions supported on a WX switch isHistory -Introduced in MSS Version Telnet management traffic Syntax set ip telnet server enable disable Configures a wireless LAN switch to use an NTP server Enables or disables the NTP client on a wireless LAN switchSet ntp Set ntp server Defaults The default NTP update interval is 64 seconds RFC 1305, Network Time Protocol Version 3 SpecificationImplementation and Analysis NTP server User. SNMPv3 does not use community strings Set snmp Set snmp community Set snmp notify TargetSNMPv3 with Informs Usm trap user username SNMPv3 with Traps SNMPv2c with Informs SNMPv1 with Traps SNMPv2c with Traps Success change accepted Snmp notification types „ notification-type- Any of the items in Table Point Snmp notification types WX-1200#set snmp notify profile snmpprofrfdetect send RFDetectRogueDisappearTraps success change accepted Syntax set snmp protocol v1 v2c usm all enable disable WX-1200# set snmp security encrypted success change accepted Set snmp trap Versions, use the set snmp community command to configureSet snmp usm Community strings „ auth-type none md5 sha auth-pass-phrase string IP Services Commands WX-1200# set snmp usm securesnmpmgr1 snmp-engine-id Auth-type sha auth-pass-phrase myauthpwordEncrypt-type 3des encrypt-pass-phrase mycryptpword WX1200# set summertime PDT success change accepted WX4400# set interface taupe ip 10.10.20.20/24 Following Set timedate Sets the time of day and date on the wireless LAN switchSyntax set timedate date mmm dd yyyy time hhmmss WX4400# set timedate date feb 29 2004 time 235800 It is enabled Set timezoneWX1200# set timezone PST Output for display dhcp-client Syntax display dhcp-clientWX-1200# display dhcp-client Display dhcp-serverDisplays MSS Dhcp server information See Also „ set interface dhcp-clientonSyntax display dhcp-server interface vlan-id verbose WX-1200#display dhcp-server Describe the fields in these displays Output for display dhcp-serverDisplay dhcp-server Output for display dhcp-client verbose See Also „ set interface dhcp-serveron Outpot for display snmp community Displays the configured Snmp community stringsSyntax display snmp community WX-1200#display snmp community Displays Snmp statistics counters Syntax display snmp countersWX-1200#display snmp counters WX-1200#display snmp notify profile Syntax display snmp notify profile See Also „ clear snmp profile on „ set snmp profile on Syntax display snmp notify targetWX-1200#display snmp notification target User Name of the Snmp user EngineID Output for display snmp notification target WX-1200#display snmp status Output for display Snmp status Switch has booted „ display snmp notify target on „ display snmp usm on Output for display snmp usmWX-1200#display snmp usm USM users See Also „ clear snmp usm on „ display snmp usm on Telnet Opens a Telnet client session with a remote deviceWX4400# telnet „ dnf Disabled DefaultsTraceroute See Also „ clear sessions on „ display sessions on „ queries „ size „ ttl „ no-dns- Disabled „ port„ wait Ctrl+C „ ping on Error messages for traceroute Locate commands in this chapter based on their use This chapter presents AAA commands alphabetically. Use toAAA Commands by Usage Display accounting statistics on WX4400# clear accounting dot1x Nin Syntax clear accounting admin dot1x user-glob Admin Clear authentication Syntax clear authentication console user-glob WX4400# clear authentication console ReginaConsoleConsole Syntax clear authentication dot1x ssid ssid-namewired Syntax clear authentication last-resort ssid ssid-namewired Clear authentication Removes a MAC authentication rule. macWX4400# clear authentication last-resort wired Syntax clear authentication mac ssid ssid-namewired Access Enabled History -Introduced in MSS WX4400# clear authentication mac ssid thatcorp aabbccSyntax clear authentication proxy ssid ssid-nameuser-glob See Also „ set authentication proxy on „ on Clear authentication Removes a WebAAA rule. webWX-1200#clear authentication proxy ssid mycorp Syntax clear location policy rule-number Clear mac-user User who is authenticated by a MAC addressRadius server Syntax clear mac-user mac-addr Group WX switch, for a user who is authenticated by a MAC addressACL from the profile of a user at MAC address For your Radius server Mac-usergroup Clear Mac-usergroup attr Mobility-profile „ set mobility-profile mode onClear user „ set mobility-profileon Clear user attr Database on the WX switch, for a user with a passwordNin „ set user on Clear usergroup Clear user groupUsergroup „ clear usergroup on Syntax clear usergroup group-name attr attribute-name Secion added to indicate the state of the WebAAA feature Displays all current AAA settingsDisplay aaa Time-Of-Day attribute from the group Display aaa Output Describes the fields that can appear in display aaa output Display aaa Output Display accounting Stored in the local database on the WX switchStatistics Statistics output Display accounting statistics Display location On an WX switchPolicy „ clear location policy on Admin console Set accountingAre sent Accesses the switch using Telnet or Web Manager Server when the user roamsAuthenticated by Authenticated by MAC authentication Set accounting dot1x mac web Set authentication Set authentication admin Completing logon Through the switch’s consoleGlobs on Following methods in priority order. MSS applies multiple For more information, see Usage Syntax set authentication dot1x ssid ssid-namewired Set authentication dot1x AAA Commands Success change accepted Syntax set authentication last-resort 235 Syntax set authentication mac Set authentication mac Proxy Syntax set authentication web ssid ssid-namewired WX-1200#set authentication proxy ssid mycorp ** srvrgrp1 AAA Commands Set location policy For details, see Vlan Globs on Set location policy WX4400# set location policy deny if user eq *.theirfirm.com Tempvendora into Vlan kiosk1 Set mac-user See Also „ clear mac-useron „ display aaa on Authentication Attributes for Local Users Filter-id outboundacl.out Authentication Attributes for Local Users YY/MM/DD-HHMM Time-of-day WX4400# set mac-user 010203040506 attr filter-id acl-03.in Syntax set mac-usergroup See Also „ clear mac-user attr on „ display aaa on Syntax set mobility-profile name name port none all See Also „ clear mac-usergroup attr on „ display aaa on AAA Commands „ set user attr on „ set usergroup on Syntax set mobility-profile mode enable disable Set user 29Jan04 Set user attr„ clear user on Orange Set user group That exists in the local database on the WX switch„ clear user attr on Server Assigns authorization attributes for the group To add a user to a group, user the command set user groupSet usergroup Examples To disable WebAAA, type the following command Syntax set web-aaa enable disableSet web-aaa Mobility Domain Commands by Usage To locate commands in this chapter based on their use Member Mobility-domain Displays the configuration of the Mobility Domain Display mobility-domain configStatus See Also „ set mobility-domain member on WX4400# display mobility-domain status Display mobility-domain Output Command is rejected SetSyntax set mobility-domain member ip-addr Seed, this command overwrites that configuration Mode memberSeed-ip 192.168.1.8 Syntax set mobility-domain mode seed domain-name Set mobility-domain mode seed domain-name Mobility Domain Commands Commands Type Command Set ap dap radio auto-tune max-power on Set ap dap radio auto-tunemin-client-rateon Clear ap dap RadioSyntax clear ap port-listdap dap-num radio 1 2 all WX1200# clear ap 3 radio Radio-Specific Parameters Syntax clear radio-profile name parameter Syntax clear service-profile name „ name Service profile name See Also „ clear radio-profileon „ set radio-profile mode on WX4400# display dap config WX1200# display ap config DAP Output for display ap config „ set port type ap on „ set ap dap bias on WX1200# display ap counters Tkip Pkt Replays Output for display ap counters Ccmp Pkt Replays See Also „ display sessions network on WX-1200#display dap qos-stats Output for display ap dap qos-stats Output of display ap etherstats Syntax display ap dap etherstats port-listdap-numWX4400# display dap etherstats Access point groups „ name Name of an MAP group or Distributed MAP groupSyntax display ap dap group name „ set ap dap group on Output for display ap groupWX1200# display ap group loadbalance1 WX4400# display dap status MAP WX1200# display ap status Output for display ap status Output for display ap status Display auto-tune Decide whether to change channel or power settingsAttributes Syntax display auto-tune attributes See Also „ display auto-tune neighbors on Output for display auto-tune attributesWX1200# display auto-tune attributes ap 2 radio 3Com radio can hear NeighborsSyntax display auto-tune neighbors Ap map-numradio 1 2all Display auto-tune Neighbors ap 2 radio Output for display auto-tune neighbors Display dap global command Display dapConnection Output of display dap connection Dap connection serial-id M9DE48B6EAD00Syntax display dap global dap-numserial-id serial-ID WX4400# display dap global Output for display dap global But that are not configured on any WX switches UnconfiguredLonger appears in the command’s output Network port is a member of a Vlan Radio-profile Output for display dap unconfiguredDisplays radio profile information Syntax display radio-profile name ? Output for display radio-profile WX4400# display radio-profile default Tune Channel Ssid Displays service profile information Service-profile„ name Displays information about the named service profile „ ? Displays a list of service profiles Display service-profile Other WPA parameters Reset ap dap Usage lists the configurable template parameters and their Dap auto mode enable commandListed in . The commands are listed in the See Also section Configurable Template Parameters for Distributed MAPs WX1200# set dap auto success change accepted Syntax set dap auto mode enable disable Template Radiotype„ Radio type „ 11a-802.11a „ 11b-802.11b „ 11g-802.11g See Also „ set dap auto on Syntax set ap port-listdap dap-numauto bias high low See Also „ display ap dap config on Syntax set dap num fingerprint hex Blink enable disable „ ap port-list- List of MAP access ports to add to the group WX1200# set ap 4 group none success change accepted Set ap dap name Changes an MAP name „ antennatype ANT5060 ANT5120 ANT5180 internal „ antennatype ANT1060 ANT1120 ANT1180 internal Radio 1 2 auto-tune max-power power-level Set ap dap radio auto-tune max-power Radio 1 2 auto-tune max-retransmissions retransmissions Set ap dap radio auto-tune max- retransmissions Set ap dap radio auto-tune max- retransmissions Set ap dap radio channel Sets an MAP radio’s channelSyntax set ap port-listdap dap-numradio 1 „ display ap dap config on Set ap dap radio auto-tune min-client-rateRadio 1 2 auto-tune min-client-rate rate Set ap 6 radio 1 min-client-rate Examples Enables or disables a radio on an MAP access point Set ap dap radio modeFollowing command enables radio 2 on ports 1 through Radio 1 2 mode enable disable Defaults None Sets an MAP radio’s transmit power Set ap dap radio tx-power Syntax set dap security require none optional WX-1200#set dap security require Set ap dap Upgrade-firmware 11g-only Set radio-profile Syntax set radio-profile name active-scan enable disable Set radio-profile auto-tune channel-config Syntax set radio-profile name auto-tune channel-holddown Set radio-profile auto-tune channel-holddown Syntax set radio-profile name auto-tune channel-interval Set radio-profile auto-tune channel-interval Syntax set radio-profile name auto-tune power-backoff-timer Set radio-profile auto-tune power-backoff- timer WX4400# set radio-profile rp2 auto-tune power-backoff-timer Set radio-profile auto-tune power-config Set radio-profile auto-tune power-interval Beacon-interval „ rogue Configures radios to attack rogues only Clients from being able to use rogue access pointsDefaults Countermeasures are disabled by default Following command disables countermeasures in radio profile Syntax set radio-profile name dtim-interval interval Syntax set radio-profile name long-retry threshold Syntax set radio-profile name frag-threshold threshold Syntax set radio-profile name max-rx-lifetime time Syntax set radio-profile name max-tx-lifetime time Mode Set radio-profile mode WX4400# set radio-profile rp1 mode enable Syntax set radio-profile name Syntax set radio-profile name rts-threshold threshold Syntax set radio-profile name service-profile name Parameter Default Value To Default Value Defaults for Service Profile Parameters Set radio-profile auth-psk command 349 Wmm Short-retry Syntax set service-profile Name auth-dot1x enable disable WPA IE Set service-profile auth-fallthru Syntax set service-profile name auth-psk enable disable Syntax set service-profile name beaconed enable disable Cipher-ccmp Set service-profile Cipher-tkip Cipher-wep104 Use the set service-profile wep commands Cipher-wep40 Syntax set service-profile name psk-phrase passphrase Syntax set service-profile name psk-raw hex Syntax set service-profile name rsn-ie enable disable See Also „ set service-profilecipher-ccmpon Syntax set service-profile name ssid-name ssid-name Set service-profile auth-psk command Syntax See Also „ set service-profilessid-typeon Syntax set service-profile name tkip-mc-time wait-time See Also „ set service-profilessid-nameon Syntax set service-profile name web-aaa-form url Ssid managed by the service profileWeb-aaa-form WX4400# mkdir corpa-ssid success change accepted Set service-profile wep active-multicast- index „ copy on „ dir on„ mkdir on Syntax set service-profile name wep active-unicast-index num Set service-profile wep active-unicast- index Wep key-index Syntax set service-profile name wpa-ie enable disable STP Commands by Table to locate commands in this chapter based on their useSTP Commands by Usage Clear spantree STP root bridge in all VLANs on a WX switchPortcost Syntax clear spantree portcost port-list Portvlancost Portpri„ clear spantree portvlanpri on „ set spantree portpri on „ clear spantree portcost on Portvlanpri See Also „ display spantree statistics on „ clear spantree portpri on Syntax display spantree Spantree vlan default Root Output for display spantree Display spantree Or disabledBackbonefast „ display spantree blockedports on Blockedports „ set spantree backbonefast onSee Also „ display spantree on For one or more network ports PortfastSee Also „ set spantree portfast on Output for display spantree portfast „ port-list- List of ports Port’s VLANsSyntax display spantree portvlancost port-list Syntax display spantree statistics WX4400# display spantree statistics Topology change Timer value Hold timer Vlan Vlan ID Output for display spantree statistics Configpending Switch is the root or is attempting to become the root Syntax display spantree uplinkfast vlan vlan-id See Also „ clear spantree statistics on „ set spantree uplinkfast on Set spantree Configured on a WX switch Examples The following command enables STP on all VLANsFollowing command disables STP on Vlan burgundy An indirect link „ display spantree backbonefast on Fwddelay Maxage Issues a topology change messageVLANs to 4 seconds „ all Changes the maximum age on all VLANs STP Port Path Cost Defaults Type. lists the defaults for STP port path costPath to the STP root bridge 65,535. STP selects lower-cost paths over higher-cost paths Portvlancost command Syntax set spantree portpri port-listpriority value See Also „ display spantree portfast on „ all Changes the cost on all VLANs Bridge for a specific Vlan on a wireless LAN switchType. See on To 20 in Vlan mauve Ports Path to the STP root bridge, on one Vlan or all VLANsHighest priority through 255 lowest priority „ all Changes the priority on all VLANs Uplinkfast Priority See Also „ display spantree uplinkfast on Igmp Commands by Usage Igmp Snooping Commands Clear igmp statistics Display igmpSee Also display igmp statistics on TTL Output for display igmp TTL Mrouter Syntax display igmp mrouter vlan vlan-idWX1200# display igmp Mrouter vlan orange Defaults None Access Enabled Only one querierSyntax display igmp querier vlan vlan-id Output for display igmp mrouter WX1200# display igmp querier vlan defaultWX1200# display igmp querier vlan orange WX1200# display igmp querier vlan red „ set igmp querier on Receiver-table See Also „ set igmp receiver on Output for display igmp receiver-tableIgmp Receiver-table group 237.255.255.0/24 „ vlan vlan-id Vlan name or number. If you do not specify a Shows Igmp statisticsSyntax display igmp statistics vlan vlan-id WX1200# display igmp statistics vlan orange From the multicast routers in the subnet Output of display igmp statistics See Also „ set igmp rv on Wireless LAN switch VLAN, the timer change applies to all VLANs VLANs on a wireless LAN switchSet igmp lmqi From 1 through 65,535 See Also „ display igmp statistics on Syntax set igmp mrouter port port-listenable disable Syntax set igmp mrsol enable disable vlan vlan-id Enables or disables multicast router solicitation by a WXSet igmp mrsol See Also „ set igmp mrsol mrsi on See Also „ set igmp mrsol on Set igmp oqiAll VLANs on a WX Syntax set igmp oqi seconds vlan vlan-id Proxy-report Set igmp„ set igmp lmqi on „ set igmp qri on Syntax set igmp qi seconds vlan vlan-id Set igmp qi Set igmp qri VLANs on a WXGroup. You can specify a value from 1 through 65,535 Syntax set igmp querier enable disable vlan vlan-id Syntax set igmp receiver port port-listenable disableSee Also „ display igmp querier on Set igmp rv Set igmp rv Igmp Snooping Commands Security ACL Security ACL Commands Syntax clear security acl acl-name all editbuffer-index WX4400# commit security acl acl133 configuration accepted Syntax clear security acl map acl-nameall vlan vlan-id Syntax commit security acl acl-nameall WX4400# commit security acl all WX4400# display security aclSyntax display security acl dscp See Also „ set security acl on Examples The following command displays the tableWX-1200#display security acl dscp Syntax display security acl editbuffer Syntax display security acl hits WX4400# display security acl editbuffer See Also „ hit-sample-rateon „ set security acl on WX4400# display security acl hitsSyntax display security acl info acl-nameall editbuffer Map Display security aclSecurity ACL is assigned Syntax display security acl map acl-name ACL acl111 is mapped Resource-usageSupport for your Product on WX4400# display security acl map acl111 WX4400# display security acl resource-usage Output of display security acl resource-usage Output of display security acl resource-usage Hit-sample-rate Packets filtered by the security ACL or hitsSyntax hit-sample-rate seconds Syntax rollback security acl acl-nameall Protocol, or IP, ICMP, TCP, or UDP packet information Set security acl By Icmp packets By TCP packetsBy UDP packets „ ip „ tcp „ udp „ icmp Security ACL Commands Set security acl WX4400# set security acl ip acl123 deny 192.168.2.11 Set security acl map Security ACL Commands Cryptography Commands by Usage To locate commands in this chapter based on their use Syntax crypto ca-certificate admin eap webaaa See Also „ display crypto ca-certificateon Syntax crypto certificate admin eap webaaa Access Enabled History -Introduced in MSS Version See Also display crypto key ssh on Syntax crypto generate key admin eap ssh webaaa 512 1024 Syntax crypto generate request admin eap webaaa Email Address admin@example.com WX4400# crypto generate request admin See Also „ crypto certificate on „ crypto generate key on Syntax crypto generate self-signed admin eap webaaa WX4400# crypto generate self-signed admin Crypto otp „ crypto pkcs12 on Crypto pkcs12 WX4400# crypto otp eap hap9iN#ss See Also „ crypto otp on Ca-certificate Display cryptoPkcs #7 certificate Display crypto ca-certificate Output Syntax display crypto certificate admin eap webaaa On the WX switchCertificate Describes the fields of the display Syntax display crypto key ssh See Also crypto generate key on Cryptography Commands Radius Commands by Usage Locate commands in this chapter based on their uses Clear radius Syntax clear radius client system-ip See Also „ display aaa on „ set radius client system-ipon See Also „ set radius proxy port on See Also „ set radius proxy client onSyntax clear radius proxy client all Syntax clear radius proxy port all See Also „ display aaa on „ set radius server on Syntax clear radius server server-nameSyntax clear server group group-nameload-balance „ set server group on Set radius Set radius client System-ip„ clear radius server on WX4400# set radius client system-ipsuccess change accepted Set radius proxy Port„ clear radius proxy client on To 32 characters long, with no spaces or tabs Set radius server WX1200# set server group shorebirds members heron egret Load-balance group „ group-name- Server group name of up to 32 charactersSandpiper Radius and Server Group Commands Commands on On the switch802.1X Commands by Usage Performance Clear dot1x Resets the Bonded Auth period to its default valueBonded-period See Also „ display dot1x on „ set dot1x bonded-periodon „ set dot1x max-reqon Port-control Quiet-period Reauth-period Reauth-max„ set dot1x reauth-maxon See Also „ display dot1x on „ set dot1x reauth-periodon „ set dot1x timeout supplicant on „ set dot1x timeout auth-serveronAuth-server Supplicant Tx-period Display dot1x„ set dot1x tx-periodon WX4400# display dot1x clients WX1200# display dot1x config Type the following command to display 802.1X statistics Explains the counters in the display dot1x stats outputWX4400# display dot1x stats Port-control command Set dot1xAuthcontrol Examples To enable per-port 802.1X authentication on wired Authentication is enabledAuthentication ports, type the following command Machine to start reauthentication for the user See Also „ display dot1x on „ clear dot1x bonded-periodon Syntax set dot1x key-tx enable disable See Also „ clear dot1x max-reqon „ display dot1x on See Also „ display dot1x on See Also „ display port status on „ display dot1x on Authentication dot1X command To a supplicant after a failed authentication Syntax set dot1x reauth enable disableSyntax set dot1x quiet-period seconds Before the supplicant client becomes unauthorized See Also „ display dot1x on „ clear dot1x reauth-maxonSyntax set dot1x reauth-max number-of-attempts Attempts reauthentication Set dot1x timeoutOut a request to a Radius authentication server See Also „ display dot1x on „ clear dot1x reauth-periodon Out an authentication session with a supplicant client Syntax set dot1x timeout supplicant secondsSyntax set dot1x tx-period seconds Wep-rekey Syntax set dot1X wep-rekey enable disableSee Also „ display dot1x on „ clear dot1x tx-periodon Broadcast and multicast encryption keys Wep-rekey-period Defaults The default is 1800 seconds 30 minutes„ seconds Specify a value between 30 and 1,641,600 19 days To 300 seconds Telnet sessions Clear sessions VLANs, or session ID Network To clear session 9, type the following command WX4400# clear sessions network mac-addrWX1200# clear sessions network session-id Display sessions WX4400 display sessions admin WX4400 display sessions consoleWX4400 display sessions telnet Display sessions telnet client Output See Also „ clear sessions on Syntax display sessions network „ display sessions network session-id display See on „ Summary display See on „ Verbose display See onWX1200# display sessions network WX1200# display sessions network mac-addr 00055d7e981a WX1200# display sessions network session-id WX1200# display sessions network verbose Additional display sessions network verbose Output Display sessions network summary Output Time Display sessions network session-id Output 802.1X protocol on a wired authentication port See Also „ clear sessions network on Session Management Commands RF Detection Commands by Usage To locate the commands in this chapter based on their use Clear rfdetect Examples The following command clears MAC addressAttack-list Removes a MAC address from the attack list Black-list Countermeasures Mac Clear rfdetectIgnore „ display rfdetect ignore on Ssid-list„ set rfdetect ignore on „ set rfdetect ssid-liston Display rfdetect Vendor-list„ set rfdetect vendor-liston „ display rfdetect vendor-liston RF Detection Commands Mobility Domain CountermeasuresDomain Display rfdetect countermeasures Output Displays information about the APs detected by a WX switch DataSyntax display rfdetect data WX1200# display rfdetect data Display rfdetect data Output Ignore list Syntax display rfdetect ignoreWX4400# display rfdetect ignore Total number of entries During RF detection scans Bssid mac-addr Displays rogues that are using the specifiedSyntax display rfdetect mobility-domain WS1200# display rfdetect mobility-domain WS1200# display rfdetect mobility-domain ssid 3Com-webaaa Ssid 3Com-webaaa Following command displays detailed information for a Bssid Display rfdetect mobility-domain OutputWX1200# display rfdetect mobility-domain bssid 000b0e0004d1 Display rfdetect mobility-domain ssid or bssid Output „ display rfdetect data on WX switchDisplays the entries in the permitted Ssid list „ clear rfdetect ssid-liston Visible Display ap dap status command WX1200# display rfdetect visible Radio Display rfdetect visible Output Set rfdetect Active-scanAddresses of APs and clients Examples The following command adds MAC address Configured. WX switches do not share attack listsDefaults The client black list is empty by default Configured. WX switches do not share client black lists Countermeasures Mac Set rfdetect ignore Set rf detect See Also „ display log buffer on Signature WX switches in a Mobility Domain Only for the SSIDs that are on the list Examples The following command adds Ssid mycorp to the listPermitted SSIDs Device’s OUI is in the permitted vendor list Trailing 000000 value is required Syntax display rfdetect attack-listWX1200# display rfdetect attack-list Clients Displays the wireless clients detected by an WX switchSyntax display rfdetect black-list WX1200# display rfdetect black-list WX1200# display rfdetect Clients Display rfdetect clients Output Display rfdetect clients mac Output From the wired side of the network addressed to File Management Commands Locally on the switch Dir command outputTape archive tar format „ tftp/ip-addr/filename- Name of the archive file to create Syntax clear boot config Copy „ reset system onPerforms the following copy operations „ Copies a file from a Tftp server to nonvolatile storage WX4400# copy floorwx tftp//10.1.1.1/floorwx WX4400# copy test-config new-config Delete File or the running configurationImmediately deletes the specified file Syntax delete url Dir Describes the fields in the dir output „ copy on „ delete onOutput for dir Reboot and configured for use after the next reboot Display bootAccess Access Describes the fields in the display boot output Display config Displays the configuration running on the WX switchSyntax display config area area all And, optionally, for any attached MAP access points See Also „ load config on „ save config onWX4400# display config area vlan Display version WX1200# display version details WX1200# display version Running configuration with the commands in the loaded file Load configDescribes the fields in the display version output Output for display version Syntax load config url Following command loads configuration file testconfig1WX4400# load config WX4400# load config testconfig1 Creates a new subdirectory in nonvolatile storage Mkdir Reset system Restarts an WX switch and reboots the software„ dir on „ rmdir on Generate new key pairs and certificates on the switch Restore WX1200# restore system tftp/10.10.20.9/sysabak „ backup onRmdir Removes a subdirectory from nonvolatile storage Saves the running configuration to a configuration file Save configSyntax save config filename „ dir on „ mkdir on Configuration-file Set bootConfiguration Testconfig1 Syntax set boot partition boot0 boot1 File Management Commands Trace Commands Clear log trace Deletes running trace commands and ends trace processesClear trace Deletes the log messages stored in the trace buffer Display trace WX switch, or all possible trace optionsSyntax display trace all WX4400# display trace Authentication Save traceSet trace See Also „ clear trace on „ display trace on Authorization Set trace dot1x Syntax set trace sm mac-addr mac-address port port-num Set trace sm Trace Commands Snoop Commands Clear snoop Clear snoop map„ display snoop info on „ set snoop map on Set snoop„ display snoop on „ display snoop map on Chapter Snoop Commands WX1200# set snoop snoop1 observer 10.10.30.2 snap-length Filter Set snoop mapRadio 1 of the MAP Radio 2 of the MAP. This option does not apply to To an MAP radio and enable the filter Set snoop modeEnable stop-afternum-pkts- Enables the snoop filter All snoop filters For all snoop filters configured on a WX switch Display snoop map commandDisplay snoop Displays the MAP radio mapping for all snoop filters See Also „ clear snoop on Display snoop info Shows the configured snoop filtersSyntax display snoop filter-name WX1200# display snoop info snoop1 Examples display snoop stats filter-namedap-numradio Snoop map snoop1 Snoop1 Display snoop stats OutputSnoop stats snoop1 Chapter Snoop Commands Syntax clear log buffer server ip-addr Clear log See Also „ clear log trace on You can view event messages archived in the buffer Log buffer facility ?WX4400# display log buffer facility AAA Log config „ display log config on„ clear log on „ set log on „ clear log on Syntax display log trace +-/number-of-messages Storage Set log„ console Sets log parameters for console sessions Address in dotted decimal notation „ trace Sets log parameters for trace files See Also See Also „ display log config on Set log traceMbytes System LOG Commands Boot Prompt Boot Prompt Commands Autoboot „ BT=type Boot type Boot„ DEV=device Location of the system image file „ FN=filename System image filename „ change on „ display on Syntax change Change Syntax create Create Examples To remove the currently active boot profile, type Usage When you type the delete command, the next-lowerProfiles, see display on Syntax delete Syntax diag Diag Syntax display Defaults None „ change on „ create on „ delete on „ next on Output of display command Fver „ command-name- Boot prompt command For an individual commandDisplays a list of the boot prompt commands „ ls on Syntax next Next Resets a WX switch’s hardware ResetSyntax reset Command at the boot prompt „ OFF Disables the poweron test flag „ on Enables the poweron test flagDefaults The poweron test flag is disabled by default Test Type the following command at the boot prompt Dir or fver commandVersion Syntax version Register Your ServicesProduct Purchase Troubleshoot Access SoftwareOnline Downloads Contact Us Latsupportanc@3com.com Country Telephone Number Index Delete 544, 597 diag Dir 545, 598 disable 33 display Index Index Index Traceroute Version