Manuals / Nortel Networks / Computer Equipment / Switch

Nortel Networks 2300 Series manual Set authentication last-resort, Set authentication mac, Wired

Models: 2300 Series

1 622

Download 622 pages 48.74 Kb

Page 199

Image 199

AAA Commands 199

•set service-profileauth-fallthru on page 308

•show aaa on page 210

set authentication last-resort

Deprecated in WSS Software Version 5.0. The last-resortuser is not required or supported in WSS Software Version 5.0. Instead, a user who accesses the network on an SSID by using the fallthru access type last-resortis automatically a last-resortuser. The authorization attributes assigned to the user come from the default authorization attributes set on the SSID.

set authentication mac

Configures authentication and defines where it is performed for specified non-802.1X users with network access through a media access control (MAC) address.

Syntax set authentication mac {ssid ssid-namewired} mac-addr-wildcardmethod1 [method2] [method3] [method4]

	ssid ssid-name	SSID name to which this authentication rule applies. To apply the rule to
		all SSIDs, type any.
	wired	Applies this authentication rule specifically to users connected to a wired
		authentication port.
	mac-addr-wildcard	A single user or set of users with access via a MAC address. Specify a
		MAC address, or use the wildcard (*) character to specify a set of MAC
		addresses. (For details, see “MAC Address Wildcards” on page 13.)
	method1	At least one of up to four methods that WSS Software uses to handle
	method2	authentication. Specify one or more of the following methods in priority
	method3	order. WSS Software applies multiple methods in the order you enter
	method3	them.
	method4	them.
	method4	A method can be one of the following:
		A method can be one of the following:
		• local—Uses the local database of usernames and user
		groups on the WSS for authentication.
		• server-group-name—Uses the defined group of
		RADIUS servers for authentication. You can enter up to
		four names of existing RADIUS server groups as
		methods.
		For more information, see “Usage.”

Defaults By default, authentication is deactivated for all MAC users, which means MAC address authentication fails by default. When using RADIUS for authentication, the default well-known password for MAC and last-resort users is nortel.

Access Enabled.

Nortel WLAN—Security Switch 2300 Series Command Line Reference

Page 199

Image 199

Nortel Networks 2300 Series manual Set authentication last-resort, Set authentication mac, Wired

Contents

Page Copyright 2007-2008 Nortel Networks. All rights reserved Nortel Networks software license agreement Legal Information Exclusive Remedy Software License Agreement Page SSH Source Code Statement OpenSSL Project License Statements NN47250-100 Version How to get help Introducing the Nortel Wlan 2300 System NN47250-102 Version Getting help from the Nortel web site How to get helpHow to get help NN47250-100 Version Nortel Wlan 2300 System Documentation Introducing the Nortel Wlan 2300 SystemInstallation Planning, Configuration, and DeploymentConfiguration and Management Safety and Advisory Notices Bold text Menu Name CommandItalic text CLI Conventions Using the Command-Line InterfaceCommand Prompts Clear fdb dynamic port port-list vlan vlan-id Set enablepassSet port enable disable port-list Clear interface vlan-idipMAC Address Notation MAC Address Wildcards Port Lists Command-Line Editing Using CLI Help Set ap port-list ap-numname name WSS# show i?WSS# show ip ? WSS# show ip telnetUsing the Command-Line Interface NN47250-100 Version See Also enable on Access CommandsDisable EnableQuit Set enablepassSyntax set enablepass WSS# set enablepass Enter old password old-passwordDisable on Enable on Access Commands NN47250-100 Version Clear ap on Port CommandsPort Type Set port type ap on Set ap on Clear port type onClear port counters Clear apClear port media-type Clear port-groupClear port name Clear port mirrorSyntax clear port type port-list Network Port DefaultsConfiguration from all the specified ports Clear port typeMonitor port counters Set port type ap on Set port type wired-auth onWSS# clear port type WSS# monitor port counters Key Controls for Monitor Port Counters DisplayDisplayed for All Options Output for monitor port countersOctets Number of packets received that were 64 bytes long See Also show port counters on Reset portSyntax reset port port-list WSS# reset portSee Also set port on Set ap2350-1 to 2382-1 to2380-1 to 2360/61-1 toSet port See Also reset port onSet port-group Syntax set port-group name group-nameport-listmode on off WSS# set port-group name server1 1-5 mode onMode on off Set port media-typeSyntax set port mirror source-portobserver observer-port Set port mirrorSyntax set port media-type port-listrj45 2380# set port media-type 2 rj45Syntax set port port name name WSS# set port 17 name adminpoolSet port name WSS# set port 1 observerSet port poe Set port negotiationSyntax set port speed port-list10 100 1000 auto WSS# set port poe 7,9 disableWSS# set port poe 7,9 enable Set port speedSet port type ap Syntax set port trap port-listenable disableWSS# set port trap 17-18 enable Set port trapList of physical ports Port-listRadiotype 11a 11b 11g Radio type Version New values for model option added AP Access Port DefaultsWSS# set ap 1 radio 1 antennatype Set port type wired-authWSS# set port type ap 2 model 2330 poe enable WSS# set port type ap 4-6 model 2330 poe enableWeb-portal Wired Authentication Port DefaultsLast-resort NonePort port-list WSS# set port type wired-authShow port counters Clear port type on Set port type ap onSyntax show port-group name group-name Show port-groupOutput for show port-group WSS show port counters octets portOutput for show port media-type GBIC-The Gbic fiber interface is enabledRJ45-The RJ-45 copper interface is enabled Show port media-typeShow port poe Show port mirrorSee Also set port poe on Output for show port poeWSS# show port status Show port statusOutput for show port status Syntax show port status port-listNo connector-GBIC slot is empty Up-The port is enabledDown-The port is disabled Wa-Wired authentication portSystem Services Commands Clear history Clear banner motdSee Also history on Wildebeest# clear prompt success change accepted. WSS# Clear promptClear system Syntax clear promptNone HelpWSS# clear system location HelpSee Also clear history on Set auto-configHistory QuickstartSyntax set auto-config enable disable 2360# set vlan 1 port 7 success change accepted WSS# set auto-config enable success change acceptedWSS# save config Set banner motdSet length Set confirmSyntax set license activation-key Set licenseSyntax set length number-of-lines WSS# set lengthSyntax set prompt string Set promptSet system contact See Also show licenses on23x0#set system country code CA Set system countrycode23x0#set system contact tamara@example.com Syntax set system countrycode codeWSS# set system idle-timeout Set system idle-timeoutSee Also show config on Syntax set system idle-timeout secondsSet system location Set system ip-addressSyntax set system name string Set system nameSee Also set license on Show banner motdShow licenses Show loadSyntax show system Show license commandShow system See Also show system onShow system output Show tech-support System Services Commands System Services Commands NN47250-100 Version Vlan Commands WSS# clear fdb port 3,5 Clear fdbWSS# clear fdb static vlan blue WSS# clear fdb dynamicAll Clear security l2-restrictClear security l2-restrict counters Syntax clear security l2-restrict counters vlan vlan-idallVlan-id Port port-list Clear vlanWSS# clear security l2-restrict counters vlan abcair Syntax clear vlan vlan-id port port-list tag tag-valueWSS# clear vlan red port 4 tag Set vlan port on Show vlan config onSet fdb WSS# clear vlan green portSet security l2-restrict Set fdb agingtimeSee Also show fdb agingtime on Mode Enable disableSet vlan name Syntax set vlan vlan-numname nameSyntax set vlan vlan-id port port-list tag tag-value Set vlan portSee Also set vlan port on WSS# set vlan 3 name marigoldSyntax set vlan vlan-idtunnel-affinity num Set vlan tunnel-affinityShow fdb WSS# set vlan beige port 16 tagWSS# show fdb WSS# show fdb allWSS# show fdb agingtime Show fdb agingtimeOutput for show fdb Syntax show fdb agingtime vlan vlan-idSee Also show fdb on Show fdb countShow roaming station See Also set fdb agingtime onOutput for show roaming station Show roaming vlanSee Also show roaming vlan on WSS# show roaming vlan Syntax show roaming vlanSyntax show security l2-restrict vlan vlan-idall Show roaming station on Show vlan config onShow security l2-restrict Output for show roaming vlanOutput for show security l2-restrict Enabled. Forwarding of Layer 2 traffic from clients isDisabled. Layer 2 forwarding is not restricted Show tunnelOutput for show tunnel Show vlan configSee Also show vlan config on Syntax show vlan config vlan-idOutput for show vlan config See Also Vlan Commands NN47250-100 Version Clear qos Quality of Service CommandsSyntax set qos cos-to-dscp-map level dscp dscp-value Set qos cos-to-dscp-mapWSS# clear qos WSS# clear qos dscp-to-qos-mapShow qos Set qos dscp-to-cos-mapSee Also show qos dscp-table on Show qos dscp-tableSee Also show qos on IP Services Commands Show ntp on Set ntp update-interval onSet ntp on Set ntp server onSyntax clear interface vlan-idip Clear interfaceWSS# clear interface mauve ip Clear ip dns domain Clear ip aliasWSS# clear ip dns server Clear ip dns serverClear ip route Syntax clear ip dns server ip-addrWSS# clear ip telnet success change accepted Clear ip telnetClear ntp server Syntax clear ip telnetClear snmp community Clear ntp update-intervalSyntax clear ntp update-interval WSS# clear ntp update-interval success change acceptedSyntax clear snmp notify target target-num Clear snmp notify profileClear snmp notify target Syntax clear snmp notify profile profile-nameClear summertime Clear snmp usmClear timezone Clear system ip-addressHost Count num-packets PingCount-5 Syntax set arp permanent static dynamic ip-addrmac-addr Set arpSee Also traceroute on WSS# pingWSS# set arp agingtime Set arp agingtimeSet interface Syntax set arp agingtime secondsSet interface dhcp-client WSS# set interface default ip 10.10.10.10/24Syntax set interface vlan-idip dhcp-client enable disable Enables the Dhcp client on the VlanClear interface on Show dhcp-client on Show interface on WSS# set interface corpvlan ip dhcp-client enableDefault-router ip-addr Set interface dhcp-serverPrimary-dns and secondary-dns Default-routerSet interface status Dns-domainSyntax set ip alias name ip-addr Syntax set ip dns enable disableSet ip alias Set ip dnsWSS# set ip dns domain example.com WSS# set ip dns enableSet ip dns domain Syntax set ip dns domain nameSecondary Set ip dns serverSyntax set ip dns server ip-addrprimary secondary PrimarySet ip https server Syntax set ip https server enable disableWSS# set ip https server enable Enable Enables the Https server DisableWSS# set ip route 192.168.4.0 255.255.255.0 10.5.4.2 WSS# set ip route default 10.5.4.1WSS# set ip route 192.168.5.0/24 10.5.5.2 Set ip ssh Syntax set ip snmp server enable disableWSS# set ip snmp server enable Set ip snmp serverCrypto generate key on Set ip ssh on Set ip ssh server on Syntax set ip ssh server enable disableSet ip ssh server WSS# set ip ssh portSyntax set ip telnet port-num Syntax set ip telnet server enable disableSet ip telnet Set ip telnet serverEnable Enables the NTP client Disable WSS# set ip telnet server enableSyntax set ntp enable disable WSS# set ntp enableSet ntp server Set ntp update-intervalSet snmp community Read-notify Notify-only Notify-read-write WSS# set snmp community name switchmgr1 notify-read-writeWSS# set snmp community read-write goodcommunity Set snmp notify profile Default profile-nameDrop send ApOperRadioStatusTraps-Generated when AutoTuneRadioPowerChangeTraps-GeneratedClientAuthorizationSuccessTraps-Generated ClientAuthenticationFailureTraps-GeneratedCont RFDetectUnAuthorizedSsidTraps-Generated RFDetectSpoofedSsidAPTraps-Generated whenSee Also Show snmp notify profile on Snmp-engine-id Security unsecured authenticated encryptedSet snmp notify target SNMPv3 with InformsSNMPv3 with Traps Security unsecured authenticated encryptedTimeout num Retries numCommunity-string Community string Profile profile-name SNMPv2c with InformsSNMPv2c with Traps SNMPv1 with Traps WSS# set snmp notify target 2 10.10.40.10 v1 trapV2c Syntax set snmp protocol v1 v2c usm all enable disableWSS# set snmp protocol all enable Set snmp protocolSet snmp usm Set snmp securityWSS# set snmp security encrypted Allow get and set operations and so on Snmp-engine-id ip ip-addr local hex hexSpecifies a unique identifier for the Snmp String EngineSpecifies the access level of the user Auth-pass-phrase string option Second , third , fourth , or last Set summertimeWSS# set snmp usm snmpmgr1 snmp-engine-id local StartEnd 23x0# set summertime PDT success change acceptedEnd of the time change period Yyyy-year Set timedateMmm-month Dd-daySyntax set timezone zone-name -hours minutes Set timezone23x0# set timezone PST WSS# show arp Show arpOutput for show arp Syntax show arp ip-addrShow dhcp-client WSS# show dhcp-client Output for show dhcp-clientWSS# show dhcp-server Show dhcp-serverSee Also set interface dhcp-client on Syntax show dhcp-server interface vlan-id verboseOutput for show dhcp-server verbose Output for show dhcp-serverWSS# show interface Show interfaceSee Also set interface dhcp-server on Syntax show interface vlan-idOutput for show interface Show ip aliasSyntax show ip dns Show ip dnsOutput for show ip alias Output for show ip dnsShow ip https Show ip httpsWSS show ip https Destination Show ip routeOutput for show ip https Syntax show ip route destinationOutput for show ip route Show ip telnet Show ip telnetWSS show ip telnet WSS show ntp Show ntpOutput for show ip telnet Syntax show ntpSynced Output for show ntpShow snmp counters Show snmp communityShow snmp notify profile Syntax show snmp status Show snmp notify targetShow snmp status Syntax show snmp notify target23x0# show summertime Show snmp usmShow summertime Syntax show summertimeShow timezone Show timedateWSS-remote show vlan TelnetSyntax telnet ip-addr hostname port port-num WSS# telnetWSS-remote Session 0 pty tty2.d terminated tt name tty2.d TracerouteSee Also ping on Error Messages for tracerouteWSS# traceroute server1 AAA Commands Clear accounting Syntax clear accounting admin dot1x system user-wildcardSystem Clear authentication adminSyntax clear authentication admin user-wildcard WSS# clear accounting dot1x NinWSS# clear authentication console Regina Clear authentication consoleWSS# clear authentication admin Jose Syntax clear authentication console user-wildcardWired Clear authentication dot1xClear authentication last-resort WSS# clear authentication dot1x ssid finance *@thiscorp.comWSS# clear authentication proxy ssid mycorp Clear authentication macClear authentication proxy WSS# clear authentication mac ssid thatcorp aabbccSyntax clear location policy rule-number Clear authentication webSet authentication proxy on Show aaa on Clear location policySyntax clear mac-user mac-addr Clear mac-userClear mac-user attr WSS# clear location policySyntax clear mac-user mac-addrgroup Clear mac-user groupSyntax clear mac-usermac-addr attr attribute-name WSS# clear mac-user 010203040506 attr filter-idWSS# clear mac-usergroup eastcoasters Clear mac-usergroupClear mac-usergroup attr Syntax clear mac-usergroup group-nameClear user Clear mobility-profileSyntax clear user username attr attribute-name WSS# clear user Hosni attr session-timeoutClear user attr WSS# clear user NinClear usergroup Clear user groupWSS# clear usergroup cardiology attr time-of-day Set accounting admin consoleClear usergroup attr Syntax clear usergroup group-name attr attribute-nameMethod1 Method2 Method3 Method4 WSS# set accounting admin Natasha start-stop localSet accounting dot1x mac web last-resort Start-stop Stop-onlySsid ssid-name Method1 method2 method3 method4Mac WebWSS# set accounting dot1x Nin stop-only sg2 Set accounting systemWSS# set accounting system shorebirds For more information, see Usage Set authentication adminWSS# set authentication admin Jose sg3 Set authentication consoleUser-wildcard Method1 Method2 Method3 Method4 WSS# set authentication console * none Set authentication dot1xOr a period .. For details, see User Wildcards on Already been authenticatedBonded Protocol Method1 Method2 Method3 Method4 Sg1 sg2 sg3 success change accepted Wired Set authentication last-resortSet authentication mac Set service-profileauth-fallthru on Show aaa onWSS# set authentication ssid mycorp2 mac ** local Set authentication proxyWSS# set authentication proxy ssid mycorp ** srvrgrp1 Set authentication webWSS# set authentication web ssid ourcorp rnd* local Optionally, you can add the suffix .out to the name Set location policyDeny PermitNeq-Applies the location policy rule to all usernames Show location policy commandClear location policy rule-numbercommand Eq-Applies the location policy rule to all usernamesClear location policy on Show location policy on Set mac-userWSS# set location policy deny if user eq *.theirfirm.com WSS# set location policy permit vlan floor2 if port 3-7,12WSS# set mac-user 010203040506 group eastcoasters Syntax set mac-user mac-addrgroup group-nameClear mac-user on Show aaa on Syntax set mac-usermac-addr attr attribute-name value Set mac-user attrEncryption-type Authentication Attributes for Local UsersEnd-date Mobility-profile Filter-idMobility-profile on Ssid Service-typeSession-timeout By the set dot1x reauth-period command isWith start-date,end-date, or both Time-of-day1600,th1000-1600 Day wk0900-1700,sa2200-0200Vlan-name $u-Username $v-VLAN $s-SSID $p-Service profile nameWSS# set mac-user 010203040506 attr filter-id acl-03.in UrlClear mac-user attr on Show aaa on For a list of authorization attributes, see onSet mac-usergroup attr WSS# set mac-usergroup eastcoasters attr vlan-name orangePorts and wired authentication port on the WSS Or wired authentication port on the WSSSet mobility-profile WSS# set mobility-profile name magnolia port Set mobility-profile modeSyntax set mobility-profile mode enable disable WSS# set mobility-profile mode enableSet user Syntax set user username password encrypted stringWSS# set user Nin password goody WSS# set user admin password chey3nneWSS# set user Tamara attr mobility-profile tulip WSS# set user Nin password 29Jan04Set user attr WSS# set user Tamara attr vlan-name orangeWSS# set user Hosni group cardiology Set user groupSet usergroup Syntax set user username group group-nameClear usergroup on Clear usergroup attr on Show aaa on Syntax set web-portal enable disableSet web-portal Syntax set usergroup group-name attr attribute-name valueShow aaa User Nin Show aaa OutputUP operating Show accounting statisticsWSS# show accounting statistics Syntax show accounting statisticsRadius server Show accounting statistics OutputLocal WSS database Show mobility-profile Show location policyAAA Commands NN47250-100 Version 23x0# clear domain security Mobility Domain CommandsClear domain security Syntax clear domain securitySee Also set mobility-domain member on Clear mobility-domainClear mobility-domain member Set domain securitySyntax set mobility-domain member ip-addrkey hex-bytes Set mobility-domain memberSyntax set domain security none required WSS# set domain security requiredWSS# set mobility-domain member Set mobility-domain mode member seed-ipSet mobility-domain mode member secondary-seed- ip Clear mobility-domain on Show mobility-domain config onWSS# set mobility-domain mode member secondary-seed-ip Set mobility-domain mode seed domain-nameClear mobility-domain member on Show mobility-domain on Show mobility-domain Show mobility-domain configSyntax show mobility-domain config WSS# show mobility-domain configSyntax show mobility-domain Show mobility-domain OutputWSS# show mobility-domain Mobility Domain Commands NN47250-100 Version 23x0# clear network-domain Network Domain CommandsClear network-domain Syntax clear network-domainSyntax clear network-domain peer ip-addrall Clear network-domain modeSyntax clear network-domain mode seed member Clear network-domain peerSee Also set network-domain peer on Set network-domain mode member seed-ipSee Also set network-domain mode member seed-ip on Clear network-domain seed-ipClear network-domain on Show network-domain on WSS# set network-domain mode member seed-ipSet network-domain peer Syntax set network-domain peer ip-addrShow network-domain Set network-domain mode seed domain-nameWSS# set network-domain mode seed domain-name California Set network domain peer commandOutput if WSS is the Network Domain seed Show network-domain OutputSyntax show network-domain WSS# show network-domainOutput if WSS is a Network Domain member Network Domain Commands NN47250-100 Version Set ap radio radio-profile on AP CommandsSet ap radio mode on Set ap upgrade-firmware onSet service-profilersn-ie on Set service-profileweb-portal-acl onSet service-profileauth-psk on Set service-profilewpa-ie onSet service-profile psk-raw on Set service-profile cipher-wep104 onSet service-profile cipher-wep40 on Set service-profile psk-phrase onSet ap radio auto-tunemax-power on Set radio-profileauto-tunepower-config onSet radio-profileauto-tunepower-interval on Set radio-profileauto-tunepower-lockdown onSyntax clear ap ap-numberimage Clear ap imageSee Also set ap image on Clear ap local-switching vlan-profileSyntax clear ap ap-numberlocal-switching vlan-profile WSS# clear ap 7 local-switching vlan-profileRadio Clear ap radioRadio-Specific Parameters Syntax clear ap port-listap ap-numradio 1 2 allOption dap removed for AP 802.11b/g-6802.11a-Lowest valid Channel number for Country of operationClear ap radio load-balancing group Clear ap boot-configurationSyntax clear ap boot-configuration ap-num WSS# clear ap 1 boot-configurationClear radio-profile Countermeasures parameter added Clear service-profileLong-retry Short-retrySoda logout-page Soda failure-pageSoda remediation-acl Soda success-pageOption radio num auto-tune min-client-rate Reset apSet ap auto Option force-image-download addedWSS# set ap auto Configurable Profile Parameters for APsSet ap auto persistent Set ap auto modeSyntax set ap auto mode enable disable WSS# set ap auto mode enableWSS# set ap auto persistent 10 success change accepted Set ap auto radiotype11a-802.11a Syntax set ap auto persistent ap-numallWSS# set ap auto radiotype 11b Set ap biasSyntax set ap port-listap ap-numauto bias high low WSS# set ap 1 bias low See Also show ap config onSyntax set ap port-list ap ap-num auto blink enable disable Set ap blinkEnables or disables the static IP address for the AP Set ap boot-configuration ipWSS# set ap 3-4 blink enable Mode enable disableSet ap boot-configuration mesh psk-phrase Set ap boot-configuration mesh modeWSS# set ap 7 boot-configuration mesh mode enable Syntax set ap ap-numberboot-configuration mesh psk-raw hex Set ap boot-configuration mesh psk-rawWSS# set ap 7 boot-configuration mesh ssid wlan-mesh Set ap boot-configuration mesh ssidSwitch-ip ip-addr Set ap boot-configuration switchVlan tag value. You can specify a number from Set ap boot-configuration vlanEnables or disables use of the specified Vlan tag on the AP Vlan-tag tag-valueSyntax set ap num fingerprint hex Set ap security on Show ap config on Show ap status onSet ap fingerprint Set ap force-image-downloadAuto on WSS# set ap 69 force-image-download enableSet ap group Syntax set ap port-list ap ap-num auto group nameWSS# set ap 4 group none Show ap config on Show ap group onSet ap image WSS# set ap 1,4,7 group loadbalance1WSS# set ap 7 local-switching mode enable Set ap local-switching modeSet ap local-switching vlan-profile Syntax set ap ap-numberlocal-switching mode enable disableSet ap name WSS# set ap 7 local-switching vlan-profile localsSyntax set ap port-list ap ap-numname name Indoors Set ap radio antenna-locationWSS# set ap 1 name techpubs WSS# set ap 22 radio 1 antenna-location outdoorSee Also set ap radio antennatype on Set ap radio antennatypeAp port-list Ap ap-num radio 1 radio Set ap radio auto-tune max-power Deprecated in WSS Software Version WSS# set ap 7 radio 1 auto-tune max-powerSet ap radio auto-tune max-retransmissions Set ap radio auto-tune min-client-rateWSS# set ap 5 radio 1 channel WSS# set ap 11 radio 1 channel 1 tx-powerSet ap radio tx-power on Show ap config on Set ap radio channelAp ap-number Set ap radio min-tx-datarateSet ap radio link-calibration Set ap radio load-balancingWSS# set ap 7 radio 1 load-balancing disable Syntax set ap ap-numradio 1 2 load-balancing enable disableSet ap radio load-balancing group Syntax set ap port-listauto radio 1 2 mode enable disable Set ap radio modeWSS# set ap 7 radio 1 load-balancing group room1 Radio-profile name WSS# set ap 1-5 radio 1 mode enableWSS# set ap 1-3 radio 2 mode enable Set ap radio radio-profileSet ap radio tx-power Set ap radio channel on Show ap config on WSS# set ap 5 radio 1 tx-powerSyntax set ap security require optional none Set ap securityWSS# set ap security none Set ap sticky-bit Set ap upgrade-firmwareSyntax set ap port-listauto upgrade-firmware enable disable WSS# set ap 9 upgrade-firmware disableWSS# set band-preference 11a Set load-balancing modeSyntax set load-balancing mode enable disable Syntax set band-preference none 11bg 11aMax WSS# set load-balancing mode disableSet load-balancing strictness Syntax set load-balancing strictness low med high maxWSS# set load-balancing strictness max Syntax set radio-profile name active-scan enable disableSet radio-profile 11g-only Set radio-profile active-scanSet radio-profile auth-psk Set radio-profile auto-tune channel-configWSS# set radio-profile radprof3 active-scan disable Set radio-profile auth-dot1xSet radio-profile auto-tune channel-holddown WSS# set radio-profile rp2 auto-tune channel-config disableWSS# set radio-profile rp2 auto-tune channel-holddown WSS# set radio-profile rp2 auto-tune channel-interval Set radio-profile auto-tune channel-intervalSyntax set radio-profile name auto-tune channel-lockdown Set radio-profile auto-tune power-backoff-timerSet radio-profile auto-tune power-config Set radio-profile auto-tune channel-lockdownStarted Set radio-profile auto-tune power-intervalWSS# set radio-profile rp2 auto-tune power-config enable Defaults The default power tuning interval is 300 secondsWSS# set radio-profile rp2 auto-tune power-lockdown Set radio-profile auto-tune power-lockdownWSS# set radio-profile rp2 auto-tune power-interval Syntax set radio-profile name auto-tune power-lockdownSyntax set radio-profile name beacon-interval interval Set radio-profile auto-tune power-ramp-intervalWSS# set radio-profile rp2 auto-tune power-ramp-interval Set radio-profile beacon-intervalSet radio-profile cipher-wep104 Set radio-profile beaconed-ssidSet radio-profile cipher-ccmp Set radio-profile cipher-tkipRogue ConfiguredSet radio-profile countermeasures WSS# set radio-profile radprof3 countermeasures rogueSet radio-profile dtim-interval Set radio-profile crypto-ssidSyntax set radio-profile name frag-threshold threshold Set radio-profile frag-thresholdWSS# set radio-profile rp1 frag-threshold Set radio-profile max-rx-lifetime Set radio-profile long-retrySet radio-profile max-tx-lifetime WSS# set radio-profile rp1 max-tx-lifetime Set radio-profile modeDefaults for Radio Profile Parameters Syntax set radio-profile name mode enable disableCountermeasures Rfid-mode DisableService-profile Wmm-powersave Disable11g-only Wmm-powersaveRfid-mode Syntax set radio-profile name preamble-length long short Set radio-profile preamble-lengthSet radio-profile psk-phrase Set radio-profile psk-rawWSS# set radio-profile rp1 qos-mode svp Set radio-profile qos-modeSet radio-profile rate-enforcement Syntax set radio-profile name qos-mode svp wmmDisables data rate enforcement for the radios in the radio Enables data rate enforcement for the radios in the radioSet radio-profile rfid-mode Syntax set radio-profile name rts-threshold threshold Syntax set radio-profile name rfid-mode enable disableWSS# set radio-profile rfid-mode enable Set radio-profile rts-thresholdDefaults for Service Profile Parameters Set radio-profile service-profileSyntax set radio-profile name service-profile name Cipher-wep40 Disable Cipher-ccmp DisableCipher-tkip Enable Cipher-wep104 DisableShared-key-auth Disable No-broadcast DisableProxy-arp Disable Rsn-ie Disable2.0,5.5,11.0 12.0,24.0Auto 2.0Web-portal-acl Portalacl Portal-acl settingTimeout Wpa-ie DisableWSS# set radio-profile rp2 service-profile wpaclients Set radio-profile wep active-multicast-index Set radio-profile shared-key-authSet radio-profile short-retry Set radio-profile tkip-mc-timeSee set service-profilewpa-ie on Set radio-profile wmm-powersaveSyntax set radio-profile name wmm-powersave enable disable WSS# set radio-profile rp1 wmm-powersave enableSyntax set service-profile name attr attribute-name value Set service-profile attrWSS# set service-prof sp2 attr vlan-name blue WSS# set service-profile wpaclients auth-dot1x disable Set service-profile auth-dot1xWSS# set service-prof sp2 attr mobility-profile tulip Syntax set service-profile name auth-dot1x enable disableLast-resort Set service-profile auth-fallthruWeb-portal WSS# set service-profile wpaclients auth-psk enable Set service-profile auth-pskWSS# set service-profile rndlab auth-fallthru web-portal Syntax set service-profile name auth-psk enable disableMesh-service-profile Mesh service profile Set service-profile beaconSet service-profile bridging Syntax set service-profile name beacon enable disableSet service-profilecac-session on Show service-profile on Set service-profile cac-modeSyntax set service-profile name cac-mode none session WSS# set service-profile sp1 cac-mode sessionWSS# set service-profile sp1 cac-session Set service-profile cac-sessionSet service-profile cipher-ccmp Syntax set service-profile name cac-session max-sessionsWSS# set service-profile sp2 cipher-tkip disable Set service-profile cipher-tkipWSS# set service-profile sp2 cipher-ccmp enable Syntax set service-profile name cipher-tkip enable disableWSS# set service-profile sp2 cipher-wep104 enable Set service-profile cipher-wep104Enables 104-bit WEP encryption for WPA clients WSS# set service-profile sp2 cipher-wep40 enable Set service-profile cipher-wep40Set service-profile cos Syntax set service-profile name cipher-wep40 enable disableWSS# set service-profile sp1 dhcp-restrict enable Set service-profile dhcp-restrictSyntax set service-profile name cos level WSS# set service-profile sp1 cosEnables keepalives Set service-profile idle-client-probingSet service-profile keep-initial-vlan WSS# set service-profile sp1 idle-client-probing disableSee Also show service-profile on Set service-profile load-balancing-exemptWSS# set service-profile sp3 keep-initial-vlan enable WSS# set service-profile sp1 long-retry-count Set service-profile long-retry-countWSS# set service-profile sp3 load-balancing-exempt enable Syntax set service-profile name long-retry-count thresholdEnables mesh services for the service profile Set service-profile meshSet service-profile no-broadcast Syntax set service-profile name mesh mode enable disableSyntax set service-profile name proxy-arp enable disable Set service-profile proxy-arpSyntax set service-profile name no-broadcast enable disable WSS# set service-profile sp1 no-broadcast enableWSS# set service-profile sp1 proxy-arp enable Set service-profile psk-phraseSyntax set service-profile name psk-phrase passphrase Set service-profile rsn-ie Set service-profile psk-rawSyntax set service-profile name psk-raw hex Syntax set service-profile name rsn-ie enable disable Set service-profile shared-key-authWSS# set service-profile sprsn rsn-ie enable WSS# set service-profile sp1 short-retry-count Set service-profile short-retry-countWSS# set service-profile sp4 shared-key-auth enable Syntax set service-profile name short-retry-count thresholdSet service-profile soda enforce-checks Set service-profile soda agent-directoryNetwork Set service-profile soda mode on Show service-profile on Set service-profile soda failure-pageWSS# set service-profile sp1 enforce-checks disable Syntax set service-profile name soda failure-pageSyntax set service-profile name soda logout-page Set service-profile soda logout-pageWSS# set service-profile sp1 soda mode enable Set service-profile soda modeWSS# set service-profile sp1 soda logout-page logout.html Syntax set service-profile name soda mode enable disableSet service-profile soda success-page Set service-profile soda remediation-aclSyntax set service-profile name soda success-page WSS# set service-profile sp1 soda success-page success.html Set service-profile ssid-nameSyntax set service-profile name ssid-name ssid-name Syntax set service-profile name ssid-type clear crypto Set service-profile ssid-typeSet service-profile static-cos WSS# set service-profile clearwlan ssid-name guestSyntax set service-profile name tkip-mc-time wait-time Set service-profile tkip-mc-timeSyntax set service-profile name static-cos enable disable WSS# set service-profile sp1 static-cos enableWSS# set service-profile sp3 tkip-mc-time Set service-profile transmit-rates11g-1.0, 2.0, 5.5, 6.0, 9.0, 11.0, 12.0, 18.0 Multicast-rate Beacon-rate rateBeacon-rate WSS# set service-profile sp1 user-idle-timeout Set service-profile user-idle-timeoutSet service-profile web-portal-acl Syntax set service-profile name user-idle-timeout secondsSyntax set service-profile name web-portal-form url Set service-profile web-portal-formSyntax set service-profile name web-portal-acl aclname WSS# set service-profile sp3 web-portal-acl creditsrvrWSS# dir corpa WSS# mkdir corpaWSS# set service-profile sp1 web-portal-logout mode enable Set service-profile web-portal-logoutSet service-profile web-portal-logout logout-url Set service-profile web-portal-session-timeoutWSS# set service-profile sp1 web-portal-session-timeout Set service-profile wep active-multicast-indexWSS# set service-profile sp2 wep active-multicast-index Set service-profile wep active-unicast-indexWSS# set service-profile sp2 wep active-unicast-index WSS# set service-profile sp2 wep key-index 1 key aabbccddee Set service-profile wep key-indexSet service-profile wpa-ie Syntax set service-profile name wep key-index num key valueWSS# show ap arp WSS# set service-profile sp2 wpa-ie enableShow ap arp Syntax show ap arp ap-numberOutput for show ap arp Show ap configSyntax show ap config port-listradio 1 Set ap local-switching mode on Set vlan-profileWSS# show ap config Output for show ap config 802.11b 802.11a802.11g WSS# show ap counters Show ap unconfigured on Show radio-profile onShow ap counters Syntax show ap counters port-listradio 1Output for show ap counters Use the show sessions network session-id session-idcommand Output for show ap counters See Also show sessions network on Show ap dual-homeWSS# show ap fdb Show ap fdbOutput for show ap fdb Syntax show ap fdb ap-numberWSS# show ap qos-stats Show ap qos-statsClears the counters after displaying their current values WSS# show ap etherstats Show ap etherstatsOutput for show ap qos-stats Syntax show ap etherstats port-listap-numOutput for show ap etherstats WSS# show ap mesh-links Show ap groupShow ap mesh-links Syntax show ap mesh-links ap-numberTerse Show ap statusOutput for show ap mesh-links Syntax show ap status terse port-listall radio 1Tuning Radio state information, to indicate when anConfigured antenna model number Power settings that are configured by RF AutoWSS# show ap status terse Output for show ap status Image downloaded-The AP has received a boot But has not yet begun bootingBooting-The AP has asked the WSS for a boot Image downloading-The AP is receiving a bootSweep Mode indicates that a disabled radio is Configure succeed state indicates that the APHas received configuration parameters for Protection mode remains in effect untilRadio But no external antenna is configured onAntenna is configured on the radio but no Indicates that an external antenna was detectedOutput for show ap status terse and show ap status terse Show ap vlanWSS# show ap vlan Set vlan-profile Set ap local-switching mode onOutput for show ap vlan Syntax show ap vlan ap-numberWSS# show auto-tune attributes ap 2 radio Show auto-tune attributesOutput for show auto-tune attributes Syntax show auto-tune attributes ap ap-numradio 1 2allShow auto-tune neighbors Set radio-profileauto-tunepower-backoff-timer onSyntax show auto-tune neighbors ap ap-numradio 1 2all Rssi Output for show auto-tune neighborsWSS# show ap boot-configuration Show ap boot-configurationOutput for show ap boot-configuration Syntax show ap boot-configuration ap-numSerial-id serial-ID Show ap connectionSyntax show ap connection ap-numserial-id serial-ID ConnectionWSS# show ap connection serial-id Show ap config on Show ap global on Show ap unconfigured onOutput for show ap connection WSS# show ap connection Total number of entriesWSS# show ap global Show ap globalOutput for show ap global Syntax show ap global ap-numserial-id serial-IDSyntax show ap unconfigured Show ap unconfiguredWSS# show ap unconfigured Show ap connection on Show ap global on Output for show ap unconfiguredThis WSS switch as a member Show load-balancing groupSyntax show radio-profile name ? Show radio-profileOutput for show load-balancing group WSS# show load-balancing group blueWSS# show radio-profile default Output for show radio-profile SpectraLink Voice Priority SVP Wmm-AP forwarding queues provide standardPriority handling for WMM devices Svp-AP forwarding queues are optimized forSyntax show service-profile name ? Show service-profileProfile output Unencrypted Output for show service-profileCrypto-Wireless traffic for the Ssid is Clear-Wireless traffic for the Ssid isNone-Denies authentication and prohibits Last-resort-Automatically authenticates the userAllows access to the Ssid requested by User, without requiring a username and passwordSession-CAC is based on the number of active None-CAC is disabledNone-The key is not configured Preset-The key is configuredPSK-preshared key authentication Radios in the radio profile mapped to this serviceAuthentication-Lists the authentication methods 802.1X-dynamic authenticationFieldDescription AP Commands AP Commands NN47250-100 Version Set spantree uplinkfast on STP CommandsShow spantree uplinkfast on Clear spantree portpri Clear spantree portcostClear spantree portvlancost Resets the cost for all VLANsClear spantree portvlanpri WSS# clear spantree statistics 5,11,19-22 Clear spantree statisticsSyntax clear spantree portvlanpri port-listall vlan vlan-id Syntax clear spantree statistics port-listvlan vlan-idSee Also show spantree on Set spantreeSet spantree backbonefast See Also show spantree statistics onSet spantree hello Set spantree fwddelaySee Also show spantree backbonefast on Set spantree portcost Set spantree maxageWSS# set spantree portcost 3,4 cost Snmp Port Path Cost DefaultsSyntax set spantree portfast port port-listenable disable Set spantree portfastSet spantree portvlancost Set spantree portpriSee Also show spantree portfast on Priority value All Set spantree portvlanpriWSS# set spantree portvlancost 3,4 cost 20 vlan mauve Cost cost AllSet spantree uplinkfast Set spantree prioritySee Also show spantree uplinkfast on WSS# set spantree uplinkfast enableWSS# show spantree vlan default Show spantreeBridge Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec Output for show spantree See Also show spantree blockedports on Show spantree backbonefastSyntax show spantree backbonefast WSS# show spantree backbonefast WSS# show spantree blockedports vlan defaultShow spantree blockedports See Also set spantree backbonefast onUplink fast convergence information for all ports Show spantree portfastSyntax show spantree portfast port-list WSS# show spantree portfastSyntax show spantree portvlancost port-list Show spantree portvlancostOutput for show spantree portfast See Also set spantree portfast onStatistics for all ports Show spantree statisticsSyntax show spantree statistics port-listvlan vlan-id WSS# show spantree statisticsInactive Output for show spantree statistics Output for show spantree statistics Output for show spantree statistics Syntax show spantree uplinkfast vlan vlan-id Show spantree uplinkfastOutput for show spantree uplinkfast See Also clear spantree statistics onSee Also set spantree uplinkfast on STP Commands NN47250-100 Version Statistics Show igmp statistics on Clear igmp statistics on Igmp Snooping CommandsClear igmp statistics Syntax clear igmp statistics vlan vlan-idSee Also show igmp on Set igmpSet igmp lmqi See Also show igmp statistics onSet igmp mrsol Set igmp mrouterSee Also show igmp mrouter on See Also set igmp mrsol on Set igmp mrsol mrsiSet igmp oqi See Also set igmp mrsol mrsi onVlan vlan-id Syntax set igmp proxy-report enable disable vlan vlan-idSet igmp proxy-report WSS# set igmp oqi 200 vlan orangeSyntax set igmp qi seconds vlan vlan-id WSS# set igmp proxy-report disable vlan orangeSet igmp qi Set igmp qriWSS# set igmp qri 50 vlan orange Syntax set igmp querier enable disable vlan vlan-idSet igmp querier Syntax set igmp qri tenth-seconds vlan vlan-idSee Also show igmp receiver-table on Set igmp receiverSet igmp rv See Also show igmp querier onWSS# show igmp vlan orange Show igmpWSS# set igmp rv 4 vlan orange Syntax show igmp vlan vlan-idDvmrp PIM Output for show igmpQuer-IGMP query Conf Static multicast port configured by anAdministrator Madv-Multicast advertisementSyntax show igmp mrouter vlan vlan-id Show igmp mrouterWSS# show igmp mrouter vlan orange Set igmp mrouter on Show igmp mrouter on Show igmp querierOutput for show igmp mrouter Syntax show igmp querier vlan vlan-idWSS# show igmp querier vlan orange See Also set igmp querier on WSS# show igmp querier vlan defaultShow igmp receiver-table Output for show igmp querierVLANs WSS# show igmp receiver-table vlan orangeWSS# show igmp receiver-table group 237.255.255.0/24 WSS Software displays the multicast receivers on allSyntax show igmp statistics vlan vlan-id Show igmp statisticsOutput for show igmp receiver-table See Also set igmp receiver onOutput for show igmp statistics See Also clear igmp statistics on Igmp Snooping Commands NN47250-100 Version WSS# clear sessions console Session Management CommandsWSS# clear sessions admin Clear sessionsWSS# clear sessions network mac-addr Clear sessions networkSee Also show sessions on WSS# clear sessions telnet clientShow sessions Telnet ConsoleMac-addr mac-addr Show sessions networkShow sessions telnet client Output See Also clear sessions onSession-id output Verbose outputWSS show sessions network verbose WSS show sessions networkWSS show sessions network mac-addr 00055d7e981a WSS show sessions network user EWSS# show sessions network session-id Show sessions network summary OutputDescription Additional show sessions network verboseAAA-VLAN is from Radius or the local database IP address and port number of the WSS managing the APSerial number and radio number of the AP Amount of time the session has been on this APShow sessions network session-id Output DOT1X See Also clear sessions network on Session Management Commands NN47250-100 Version Clears all security ACLs Security ACL CommandsClear security acl Syntax clear security acl acl-name all editbuffer-indexSet security acl ip acl135 hits #2 WSS# show security acl info allSet security acl ip acl133 hits #1 Set security acl ip acl134 hits #3WSS# clear security acl map acljoe port 4 Clear security acl mapOut Type Class Mapping Commit security aclWSS# clear security acl map all Syntax commit security acl acl-nameallSyntax rollback security acl acl-nameall Hit-sample-rateRollback security acl See Also show security acl onSet security acl By UDP packets Any Immediate precedence Minimum delayRoutine precedence Priority precedenceWSS# commit security acl all WSS# set security acl ip acl123 deny 192.168.2.11Tag tag-list Set security acl mapWSS set security acl map acl133 port 4 WSS port or portsSet security acl ip acl153 hits #3 Configuration fileSet security acl hit-sample-rate Syntax set security acl hit-sample-rate secondsIndex Counter ACL-name Show security aclShow security acl dscp WSS# show security acl hitsWSS# show security acl editbuffer Show security acl editbufferShow security acl hits Syntax show security acl info all editbufferWSS# show security acl info Show security acl infoSyntax show security acl hits Syntax show security acl info acl-nameall editbufferShow security acl map Show security acl resource-usage Show security acl resource-usage Output False-No security ACLs are mapped True-A default action types is definedFalse-No default action type is defined True-Security ACLs are mappedFalse-No security ACLs are mapped to incoming True-Security ACLs are mapped to incoming trafficCryptography Commands Certificate Crypto ca-certificateEap PEM-formattedCrypto certificate WSS# crypto certificate adminSee Also show crypto ca-certificate on Ssh Crypto generate keyCrypto generate request on Crypto generate self-signed on DomainSee Also show crypto key ssh on WSS# crypto generate key adminSyntax crypto generate request admin eap web Crypto generate requestMaximum string length for State Name increased WSS# crypto generate request adminEmail Address admin@example.com Webaaa option renamed to webCrypto generate self-signed Syntax crypto generate self-signed admin eap webCrypto certificate on Crypto generate key on Syntax crypto otp admin eap web one-time-password WSS# crypto generate self-signed adminCrypto otp WSS# crypto generate otp eap hap9iN#ss Syntax crypto pkcs12 admin eap web file-location-urlCrypto pkcs12 See Also crypto pkcs12 onWSS# crypto pkcs12 eap 2048full.p12 See Also crypto otp onWSS# copy tftp//192.168.253.1/2048full.p12 2048full.p12 WSS# crypto otp eap hap9iN#ssWSS# show crypto ca-certificate Syntax show crypto ca-certificate admin eap webShow crypto ca-certificate Show crypto ca-certificate OutputWSS# show crypto certificate eap Syntax show crypto certificate admin eap webShow crypto certificate Crypto certificate OutputShow crypto key ssh Show crypto key domainSee Also crypto generate key on Cryptography Commands NN47250-100 Version Clear server group on Radius and Server Groups CommandsSyntax clear radius deadtime key retransmit timeout Clear radiusClear radius client system-ip See Also set radius proxy port on Clear radius proxy clientClear radius proxy port See Also set radius proxy client onClear server group Clear radius serverSee Also set server group on Set radiusSet radius client system-ip WSS# set radius proxy client address 10.20.20.9 key radkey1 Set radius proxy clientSet radius proxy port Syntax set radius proxy client address ip-addressWSS# set radius proxy port 3-4 tag 104 ssid mycorp Set radius serverSsid ssid-name Ssid supported by the third-party AP Encrypted-key-No key Author-password-nortel Members server Set server groupGroup-name Server group name of up to 32 characters 23x0# set server group shorebirds load-balance enable23x0# set server group shorebirds load-balance disable Set server group load-balanceRadius and Server Groups Commands NN47250-100 Version 802.1X Management Commands WSS# clear dot1x bonded-period Clear dot1x bonded-periodClear dot1x max-req Syntax clear dot1x max-reqClear dot1x quiet-period Clear dot1x port-controlClear dot1x reauth-max Clear dot1x reauth-period Clear dot1x timeout auth-serverClear dot1x tx-period Clear dot1x timeout supplicantSet dot1x bonded-period Syntax set dot1x authcontrol enable disableWSS# set dot1x authcontrol enable Set dot1x authcontrolSet dot1x max-req Set dot1x key-txSee Also show dot1x on WSS# set dot1x max-req Set dot1x port-controlWSS# set dot1x port-control forceauth Set dot1x reauth Set dot1x quiet-periodSet dot1x reauth-period Set dot1x reauth-maxSet dot1x timeout supplicant Set dot1x timeout auth-serverSyntax set dot1x tx-period seconds Syntax set dot1X wep-rekey enable disableSet dot1x tx-period Set dot1x wep-rekeyShow dot1x Set dot1x wep-rekey-periodWSS# show dot1x clients WSS# show dot1x configWSS # show dot1x stats Show dot1x stats Output520 802.1X Management Commands Show rfdetect visible on RF Detection CommandsRogue Information Show rfdetect clients on Show rfdetect data onSyntax clear rfdetect black-list mac-addr Clear rfdetect attack-listClear rfdetect black-list Syntax clear rfdetect attack-list mac-addrClear rfdetect ssid-list Clear rfdetect ignoreWSS# clear rfdetect vendor-list client aabbcc000000 Clear rfdetect vendor-listSet rfdetect attack-list Syntax clear rfdetect vendor-list client ap mac-addrallSet rfdetect ignore Set rfdetect black-list23x0# set rfdetect ignore aabbcc112233 Syntax set rfdetect log enable disable23x0# set rfdetect log enable Set rfdetect logSet rfdetect ssid-list Set rfdetect signatureSee Also show log buffer on WSS# set rfdetect vendor-list client aabbcc000000 Set rfdetect vendor-listWSS# set rfdetect ssid-list mycorp Syntax set rfdetect vendor-list client ap mac-addrShow rfdetect black-list Show rfdetect attack-listWSS# show rfdetect clients mac 000c4163fd6d Show rfdetect clientsShow rfdetect clients Output Syntax show rfdetect clients mac mac-addrShow rfdetect clients mac Output Syntax show rfdetect countermeasures Show rfdetect countermeasuresWSS# show rfdetect countermeasures Syntax show rfdetect counters Show rfdetect countersShow rfdetect countermeasures Output See Also set radio-profile countermeasures onSyntax show rfdetect data Show rfdetect dataShow rfdetect data Output WSS# show rfdetect ignore Total number of entries Show rfdetect ignoreShow rfdetect mobility-domain Syntax show rfdetect ignoreWSS# show rfdetect mobility-domain ssid nrtl-webaaa Bssid and ssid options addedVendor, Type, and Flags fields added WSS# show rfdetect mobility-domainShow rfdetect mobility-domain Output Show rfdetect mobility-domain ssid or bssid Output Show rfdetect ssid-list WSS# show rfdetect vendor-list Show rfdetect vendor-listShow rfdetect visible Syntax show rfdetect vendor-listVersion Vendor, Type, and Flags fields added Show ap status commandMac-addr Base MAC address of the Nortel radio Shows neighbor information for radioShow rfdetect data on Show rfdetect mobility-domain on RfpingShow rfdetect visible Output Syntax rfping mac mac-addrsession-id session-idWSS# rfping mac 000e9bbfad13 Rfping OutputBackup File Management CommandsTftp/ip-addr / filename Syntax backup system tftp/ip-addr/filenameall criticalWSS# backup system tftp/10.10.20.9/sysabak critical Dir on Restore onClear boot config Clear boot backup-configurationCopy Be one of the following Syntax copy source-url destination-urlSource-url Destination-urlWSS# copy tftp//10.1.1.1/closetwss closetwss WSS# copy tftp//10.1.1.107/WSS020101.020 boot1WSS020101.020Delete WSS# copy floorwss tftp//10.1.1.1/floorwssDir WSS# copy testconfig tftp//10.1.1.1/testconfigWSS# delete testconfig Syntax dir subdirname file core boot0 boot1WSS# dir old WSS# dirWSS# dir file WSS# dir core Install soda agentWSS# dir boot0 Output for dirUninstall soda agent on Set service-profile soda mode on Load configWSS# install soda agent soda.ZIP agent-directory sp1 Syntax load config urlSave config on Show boot on Show config on WSS# load configWSS# load config testconfig1 Syntax md5 boot0 boot1filenameWSS# mkdir corp2 Pubs# md5 boot0WSS040003.020Mkdir Syntax mkdir subdirnameSyntax reset system force Reset systemWSS# reset system Restore See Also backup on Save configRmdir Syntax set boot backup-configuration filename Set boot backup-configurationSyntax save config filename WSS# save config testconfig1Set boot partition Set boot configuration-fileNew fields, Configured boot version and Backup Show bootBoot configuration, added Output for show boot Area area Show configSyntax show config area area all Configuration area. You can specify one of the followingNew options added for remote traffic monitoring snoop Show versionRfdevice changed to rfdetect WSS# show version details WSS# uninstall soda agent agent-directory sp1 Uninstall soda agentSee Also show boot on Syntax uninstall soda agent agent-directory directoryInstall soda agent on Set service-profile soda mode on File Management Commands NN47250-100 Version WSS# clear log trace Trace CommandsClear log trace Syntax clear log traceSave trace Clear traceWSS# save trace traces/trace1 Set trace authenticationSet trace authorization WSS# set trace authentication user joseSet trace dot1x Level 5 is the defaultUser-readable information. If you do not specify a level WSS# set trace sm mac-addr Set trace smSyntax show trace all Show traceWSS# show trace WSS# clear snoop snoop1 Snoop CommandsClear snoop Syntax clear snoop filter-nameExamples clear snoop map filter-nameap ap-numradio 1 Clear snoop mapWSS# clear snoop map snoop2 ap 3 radio WSS# clear snoop map allSet snoop WSS# set snoop snoop1 observer 10.10.30.2 snap-length Set snoop mapExamples set snoop map filter-nameap ap-numradio 1 Filter. See show snoop stats on Set snoop modeEnable Stop-after num-pkts WSS# set snoop map snoop1 ap 3 radioWSS# show snoop WSS# set snoop snoop1 mode enable stop-afterShow snoop Syntax show snoopShow snoop map Show snoop infoClear snoop map on Set snoop map on Show snoop on Show snoop statsExamples show snoop stats filter-nameap-numradio 1 Show snoop stats Output Snoop Commands NN47250-100 Version WSS# clear log server System Log CommandsClear log Syntax clear log buffer server ip-addrSet log Logging state enabled or disabledSeverity Defaults Set log mark Set log trace mbytes See Also show log config onShow log buffer Diagnostic purposes. No action is required Reboot or shut downError-The WSS is missing data or is unable to Problems have occurred. These are logged forShow log trace Show log configSyntax show log config WSS# show log configNumber of log entries starting from the oldest Conditions are not resolved, the WSS can rebootError-The WSS is missing data or is unable to form Positive number for example, +100, displays thatWSS# show log trace +5 facility Rogue WSS# show log trace facility ?System Log Commands NN47250-100 Version Boot Prompt Commands Boot autoboot AutobootSee Also boot on Syntax autoboot on on OFF offBoot Change Boot boot FN=WSS010101.020 DEV=boot1Change on Show on Boot on Create on Delete on Dhcp on Next on Show on Boot changeCreate Boot createChange on Delete on Next on Show on Syntax dhcp on on OFF off Boot deleteBoot dhcp DhcpFver on Version on Syntax dir c d e f boot0 boot1Boot dir DiagFver Syntax fver c d e f boot0 boot1 filenameBoot fver boot1 Syntax help command-nameSee Also ls on Boot help fverSee Also help on ResetBoot next NextShow Boot resetStorage or a flash card Compact flash. Boots using nonvolatileBoot show Output for showSecondary partition of the flash card Nonvolatile storage area containing bootPartition Primary partition of the flash card in the flashVersion Boot versionEnables the poweron test flag TestDir on Fver on Numerics Command IndexNN47250-100 320658-G Version Delete 539 Command Index 282 340 Command Index Command Index MAC addresses 12 in user globs Vlan globs Command Index NN47250-100 320658-G Version Page Nortel WLAN-Security Switch 2300 Series Release

AAA Commands 199

•set service-profileauth-fallthru on page 308

•show aaa on page 210

set authentication last-resort

set authentication mac

ssid ssid-name

wired

addresses. (For details, see “MAC Address Wildcards” on page 13.)

For more information, see “Usage.”