Manuals / Nortel Networks / Computer Equipment / Switch

Nortel Networks 2300 Series Routine precedence, Priority precedence, Immediate precedence, Normal

Models: 2300 Series

1 622

Page 467

		Security ACL Commands 467

precedence precedence	Filters packets by precedence level. Specify a value from 0 through
	7:
	•	0—routine precedence
	•	1—priority precedence
	•	2—immediate precedence
	•	3—flash precedence
	•	4—flash override precedence
	•	5—critical precedence
	•	6—internetwork control precedence
	•	7—network control precedence
tos tos	Filters packets by type of service (TOS) level. Specify one of the
	following values, or any sum of these values up to 15. For example,
	a tos value of 9 filters packets with the TOS levels minimum delay
	(8) and minimum monetary cost (1).
	•	8—minimum delay
	•	4—maximum throughput
	•	2—maximum reliability
	•	1—minimum monetary cost
	•	0—normal
dscp codepoint	Filters packets by Differentiated Services Code Point (DSCP)
	value. You can specify a number from 0 to 63, in decimal or binary
	format.
	Note: You cannot use the dscp option along with the precedence
	and tos options in the same ACE. The CLI rejects an ACE that has
	this combination of options.
established	For TCP packets only, applies the ACE only to established TCP
	sessions and not to new TCP sessions.
before editbuffer-index	Inserts the new ACE in front of another ACE in the security ACL.
	Specify the number of the existing ACE in the edit buffer. Index
	numbers start at 1. (To display the edit buffer, use show security acl
	editbuffer.)
modify editbuffer-index	Replaces an ACE in the security ACL with the new ACE. Specify
	the number of the existing ACE in the edit buffer. Index numbers
	start at 1. (To display the edit buffer, use show security acl
	editbuffer.)
hits	Tracks the number of packets that are filtered based on a security
	ACL, for all mappings.

Defaults By default, permitted packets are classified based on DSCP value, which is converted into an internal CoS value in the switch’s CoS map. The packet is then marked with a DSCP value based on the internal CoS value. If the ACE contains the cos option, this option overrides the switch’s CoS map and marks the packet based on the ACE.

Access Enabled.

Nortel WLAN—Security Switch 2300 Series Command Line Reference

Page 467

Image 467

Nortel Networks 2300 Series Routine precedence, Priority precedence, Immediate precedence, Flash precedence, Minimum delay

Contents

Page Copyright 2007-2008 Nortel Networks. All rights reserved Nortel Networks software license agreement Legal Information Exclusive Remedy Software License Agreement Page SSH Source Code Statement OpenSSL Project License Statements NN47250-100 Version How to get help Introducing the Nortel Wlan 2300 System NN47250-102 Version Getting help from the Nortel web site How to get helpHow to get help NN47250-100 Version Nortel Wlan 2300 System Documentation Introducing the Nortel Wlan 2300 SystemConfiguration and Management Planning, Configuration, and DeploymentInstallation Safety and Advisory Notices Italic text Menu Name CommandBold text CLI Conventions Using the Command-Line InterfaceCommand Prompts Clear fdb dynamic port port-list vlan vlan-id Set enablepassSet port enable disable port-list Clear interface vlan-idipMAC Address Notation MAC Address Wildcards Port Lists Command-Line Editing Using CLI Help Set ap port-list ap-numname name WSS# show i?WSS# show ip ? WSS# show ip telnetUsing the Command-Line Interface NN47250-100 Version See Also enable on Access CommandsDisable EnableQuit Set enablepassSyntax set enablepass WSS# set enablepass Enter old password old-passwordDisable on Enable on Access Commands NN47250-100 Version Clear ap on Port CommandsPort Type Set port type ap on Set ap on Clear port type onClear port counters Clear apClear port media-type Clear port-groupClear port name Clear port mirrorSyntax clear port type port-list Network Port DefaultsConfiguration from all the specified ports Clear port typeWSS# clear port type Set port type ap on Set port type wired-auth onMonitor port counters WSS# monitor port counters Key Controls for Monitor Port Counters DisplayOctets Output for monitor port countersDisplayed for All Options Number of packets received that were 64 bytes long See Also show port counters on Reset portSyntax reset port port-list WSS# reset portSee Also set port on Set ap2350-1 to 2382-1 to2380-1 to 2360/61-1 toSet port-group See Also reset port onSet port Syntax set port-group name group-nameport-listmode on off WSS# set port-group name server1 1-5 mode onMode on off Set port media-typeSyntax set port mirror source-portobserver observer-port Set port mirrorSyntax set port media-type port-listrj45 2380# set port media-type 2 rj45Syntax set port port name name WSS# set port 17 name adminpoolSet port name WSS# set port 1 observerSet port poe Set port negotiationSyntax set port speed port-list10 100 1000 auto WSS# set port poe 7,9 disableWSS# set port poe 7,9 enable Set port speedSet port type ap Syntax set port trap port-listenable disableWSS# set port trap 17-18 enable Set port trapRadiotype 11a 11b 11g Radio type Port-listList of physical ports Version New values for model option added AP Access Port DefaultsWSS# set ap 1 radio 1 antennatype Set port type wired-authWSS# set port type ap 2 model 2330 poe enable WSS# set port type ap 4-6 model 2330 poe enableWeb-portal Wired Authentication Port DefaultsLast-resort NonePort port-list WSS# set port type wired-authShow port counters Clear port type on Set port type ap onSyntax show port-group name group-name Show port-groupOutput for show port-group WSS show port counters octets portOutput for show port media-type GBIC-The Gbic fiber interface is enabledRJ45-The RJ-45 copper interface is enabled Show port media-typeShow port poe Show port mirrorSee Also set port poe on Output for show port poeWSS# show port status Show port statusOutput for show port status Syntax show port status port-listNo connector-GBIC slot is empty Up-The port is enabledDown-The port is disabled Wa-Wired authentication portSystem Services Commands See Also history on Clear banner motdClear history Wildebeest# clear prompt success change accepted. WSS# Clear promptClear system Syntax clear promptNone HelpWSS# clear system location HelpSee Also clear history on Set auto-configHistory QuickstartSyntax set auto-config enable disable 2360# set vlan 1 port 7 success change accepted WSS# set auto-config enable success change acceptedWSS# save config Set banner motdSet length Set confirmSyntax set license activation-key Set licenseSyntax set length number-of-lines WSS# set lengthSyntax set prompt string Set promptSet system contact See Also show licenses on23x0#set system country code CA Set system countrycode23x0#set system contact tamara@example.com Syntax set system countrycode codeWSS# set system idle-timeout Set system idle-timeoutSee Also show config on Syntax set system idle-timeout secondsSet system location Set system ip-addressSyntax set system name string Set system nameSee Also set license on Show banner motdShow licenses Show loadSyntax show system Show license commandShow system See Also show system onShow system output Show tech-support System Services Commands System Services Commands NN47250-100 Version Vlan Commands WSS# clear fdb port 3,5 Clear fdbWSS# clear fdb static vlan blue WSS# clear fdb dynamicAll Clear security l2-restrictClear security l2-restrict counters Syntax clear security l2-restrict counters vlan vlan-idallVlan-id Port port-list Clear vlanWSS# clear security l2-restrict counters vlan abcair Syntax clear vlan vlan-id port port-list tag tag-valueWSS# clear vlan red port 4 tag Set vlan port on Show vlan config onSet fdb WSS# clear vlan green portSee Also show fdb agingtime on Set fdb agingtimeSet security l2-restrict Mode Enable disableSet vlan name Syntax set vlan vlan-numname nameSyntax set vlan vlan-id port port-list tag tag-value Set vlan portSee Also set vlan port on WSS# set vlan 3 name marigoldSyntax set vlan vlan-idtunnel-affinity num Set vlan tunnel-affinityShow fdb WSS# set vlan beige port 16 tagWSS# show fdb WSS# show fdb allWSS# show fdb agingtime Show fdb agingtimeOutput for show fdb Syntax show fdb agingtime vlan vlan-idSee Also show fdb on Show fdb countShow roaming station See Also set fdb agingtime onSee Also show roaming vlan on Show roaming vlanOutput for show roaming station WSS# show roaming vlan Syntax show roaming vlanSyntax show security l2-restrict vlan vlan-idall Show roaming station on Show vlan config onShow security l2-restrict Output for show roaming vlanOutput for show security l2-restrict Enabled. Forwarding of Layer 2 traffic from clients isDisabled. Layer 2 forwarding is not restricted Show tunnelOutput for show tunnel Show vlan configSee Also show vlan config on Syntax show vlan config vlan-idOutput for show vlan config See Also Vlan Commands NN47250-100 Version Clear qos Quality of Service CommandsSyntax set qos cos-to-dscp-map level dscp dscp-value Set qos cos-to-dscp-mapWSS# clear qos WSS# clear qos dscp-to-qos-mapShow qos Set qos dscp-to-cos-mapSee Also show qos on Show qos dscp-tableSee Also show qos dscp-table on IP Services Commands Show ntp on Set ntp update-interval onSet ntp on Set ntp server onWSS# clear interface mauve ip Clear interfaceSyntax clear interface vlan-idip Clear ip dns domain Clear ip aliasWSS# clear ip dns server Clear ip dns serverClear ip route Syntax clear ip dns server ip-addrWSS# clear ip telnet success change accepted Clear ip telnetClear ntp server Syntax clear ip telnetClear snmp community Clear ntp update-intervalSyntax clear ntp update-interval WSS# clear ntp update-interval success change acceptedSyntax clear snmp notify target target-num Clear snmp notify profileClear snmp notify target Syntax clear snmp notify profile profile-nameClear summertime Clear snmp usmClear timezone Clear system ip-addressCount-5 PingHost Count num-packets Syntax set arp permanent static dynamic ip-addrmac-addr Set arpSee Also traceroute on WSS# pingWSS# set arp agingtime Set arp agingtimeSet interface Syntax set arp agingtime secondsSet interface dhcp-client WSS# set interface default ip 10.10.10.10/24Syntax set interface vlan-idip dhcp-client enable disable Enables the Dhcp client on the VlanClear interface on Show dhcp-client on Show interface on WSS# set interface corpvlan ip dhcp-client enableDefault-router ip-addr Set interface dhcp-serverPrimary-dns and secondary-dns Default-routerSet interface status Dns-domainSyntax set ip alias name ip-addr Syntax set ip dns enable disableSet ip alias Set ip dnsWSS# set ip dns domain example.com WSS# set ip dns enableSet ip dns domain Syntax set ip dns domain nameSecondary Set ip dns serverSyntax set ip dns server ip-addrprimary secondary PrimarySet ip https server Syntax set ip https server enable disableWSS# set ip https server enable Enable Enables the Https server DisableWSS# set ip route 192.168.5.0/24 10.5.5.2 WSS# set ip route default 10.5.4.1WSS# set ip route 192.168.4.0 255.255.255.0 10.5.4.2 Set ip ssh Syntax set ip snmp server enable disableWSS# set ip snmp server enable Set ip snmp serverCrypto generate key on Set ip ssh on Set ip ssh server on Syntax set ip ssh server enable disableSet ip ssh server WSS# set ip ssh portSyntax set ip telnet port-num Syntax set ip telnet server enable disableSet ip telnet Set ip telnet serverEnable Enables the NTP client Disable WSS# set ip telnet server enableSyntax set ntp enable disable WSS# set ntp enableSet ntp server Set ntp update-intervalSet snmp community WSS# set snmp community read-write goodcommunity WSS# set snmp community name switchmgr1 notify-read-writeRead-notify Notify-only Notify-read-write Drop send Default profile-nameSet snmp notify profile ApOperRadioStatusTraps-Generated when AutoTuneRadioPowerChangeTraps-GeneratedClientAuthorizationSuccessTraps-Generated ClientAuthenticationFailureTraps-GeneratedCont RFDetectUnAuthorizedSsidTraps-Generated RFDetectSpoofedSsidAPTraps-Generated whenSee Also Show snmp notify profile on Snmp-engine-id Security unsecured authenticated encryptedSet snmp notify target SNMPv3 with InformsSNMPv3 with Traps Security unsecured authenticated encryptedTimeout num Retries numSNMPv2c with Traps SNMPv2c with InformsCommunity-string Community string Profile profile-name SNMPv1 with Traps WSS# set snmp notify target 2 10.10.40.10 v1 trapV2c Syntax set snmp protocol v1 v2c usm all enable disableWSS# set snmp protocol all enable Set snmp protocolWSS# set snmp security encrypted Set snmp securitySet snmp usm Allow get and set operations and so on Snmp-engine-id ip ip-addr local hex hexSpecifies a unique identifier for the Snmp String EngineSpecifies the access level of the user Auth-pass-phrase string option Second , third , fourth , or last Set summertimeWSS# set snmp usm snmpmgr1 snmp-engine-id local StartEnd of the time change period 23x0# set summertime PDT success change acceptedEnd Yyyy-year Set timedateMmm-month Dd-day23x0# set timezone PST Set timezoneSyntax set timezone zone-name -hours minutes WSS# show arp Show arpOutput for show arp Syntax show arp ip-addrShow dhcp-client WSS# show dhcp-client Output for show dhcp-clientWSS# show dhcp-server Show dhcp-serverSee Also set interface dhcp-client on Syntax show dhcp-server interface vlan-id verboseOutput for show dhcp-server verbose Output for show dhcp-serverWSS# show interface Show interfaceSee Also set interface dhcp-server on Syntax show interface vlan-idOutput for show interface Show ip aliasSyntax show ip dns Show ip dnsOutput for show ip alias Output for show ip dnsWSS show ip https Show ip httpsShow ip https Destination Show ip routeOutput for show ip https Syntax show ip route destinationOutput for show ip route WSS show ip telnet Show ip telnetShow ip telnet WSS show ntp Show ntpOutput for show ip telnet Syntax show ntpSynced Output for show ntpShow snmp notify profile Show snmp communityShow snmp counters Syntax show snmp status Show snmp notify targetShow snmp status Syntax show snmp notify target23x0# show summertime Show snmp usmShow summertime Syntax show summertimeShow timezone Show timedateWSS-remote show vlan TelnetSyntax telnet ip-addr hostname port port-num WSS# telnetWSS-remote Session 0 pty tty2.d terminated tt name tty2.d TracerouteWSS# traceroute server1 Error Messages for tracerouteSee Also ping on AAA Commands Clear accounting Syntax clear accounting admin dot1x system user-wildcardSystem Clear authentication adminSyntax clear authentication admin user-wildcard WSS# clear accounting dot1x NinWSS# clear authentication console Regina Clear authentication consoleWSS# clear authentication admin Jose Syntax clear authentication console user-wildcardWired Clear authentication dot1xClear authentication last-resort WSS# clear authentication dot1x ssid finance *@thiscorp.comWSS# clear authentication proxy ssid mycorp Clear authentication macClear authentication proxy WSS# clear authentication mac ssid thatcorp aabbccSyntax clear location policy rule-number Clear authentication webSet authentication proxy on Show aaa on Clear location policySyntax clear mac-user mac-addr Clear mac-userClear mac-user attr WSS# clear location policySyntax clear mac-user mac-addrgroup Clear mac-user groupSyntax clear mac-usermac-addr attr attribute-name WSS# clear mac-user 010203040506 attr filter-idWSS# clear mac-usergroup eastcoasters Clear mac-usergroupClear mac-usergroup attr Syntax clear mac-usergroup group-nameClear user Clear mobility-profileSyntax clear user username attr attribute-name WSS# clear user Hosni attr session-timeoutClear user attr WSS# clear user NinClear usergroup Clear user groupWSS# clear usergroup cardiology attr time-of-day Set accounting admin consoleClear usergroup attr Syntax clear usergroup group-name attr attribute-nameMethod1 Method2 Method3 Method4 WSS# set accounting admin Natasha start-stop localSet accounting dot1x mac web last-resort Start-stop Stop-onlySsid ssid-name Method1 method2 method3 method4Mac WebWSS# set accounting system shorebirds Set accounting systemWSS# set accounting dot1x Nin stop-only sg2 For more information, see Usage Set authentication adminWSS# set authentication admin Jose sg3 Set authentication consoleUser-wildcard Method1 Method2 Method3 Method4 WSS# set authentication console * none Set authentication dot1xBonded Already been authenticatedOr a period .. For details, see User Wildcards on Protocol Method1 Method2 Method3 Method4 Sg1 sg2 sg3 success change accepted Wired Set authentication last-resortSet authentication mac Set service-profileauth-fallthru on Show aaa onWSS# set authentication ssid mycorp2 mac ** local Set authentication proxyWSS# set authentication proxy ssid mycorp ** srvrgrp1 Set authentication webWSS# set authentication web ssid ourcorp rnd* local Optionally, you can add the suffix .out to the name Set location policyDeny PermitNeq-Applies the location policy rule to all usernames Show location policy commandClear location policy rule-numbercommand Eq-Applies the location policy rule to all usernamesClear location policy on Show location policy on Set mac-userWSS# set location policy deny if user eq *.theirfirm.com WSS# set location policy permit vlan floor2 if port 3-7,12Clear mac-user on Show aaa on Syntax set mac-user mac-addrgroup group-nameWSS# set mac-user 010203040506 group eastcoasters Syntax set mac-usermac-addr attr attribute-name value Set mac-user attrEnd-date Authentication Attributes for Local UsersEncryption-type Mobility-profile on Filter-idMobility-profile Ssid Service-typeSession-timeout By the set dot1x reauth-period command isWith start-date,end-date, or both Time-of-day1600,th1000-1600 Day wk0900-1700,sa2200-0200Vlan-name $u-Username $v-VLAN $s-SSID $p-Service profile nameWSS# set mac-user 010203040506 attr filter-id acl-03.in UrlClear mac-user attr on Show aaa on For a list of authorization attributes, see onSet mac-usergroup attr WSS# set mac-usergroup eastcoasters attr vlan-name orangeSet mobility-profile Or wired authentication port on the WSSPorts and wired authentication port on the WSS WSS# set mobility-profile name magnolia port Set mobility-profile modeSyntax set mobility-profile mode enable disable WSS# set mobility-profile mode enableSet user Syntax set user username password encrypted stringWSS# set user Nin password goody WSS# set user admin password chey3nneWSS# set user Tamara attr mobility-profile tulip WSS# set user Nin password 29Jan04Set user attr WSS# set user Tamara attr vlan-name orangeWSS# set user Hosni group cardiology Set user groupSet usergroup Syntax set user username group group-nameClear usergroup on Clear usergroup attr on Show aaa on Syntax set web-portal enable disableSet web-portal Syntax set usergroup group-name attr attribute-name valueShow aaa User Nin Show aaa OutputUP operating Show accounting statisticsWSS# show accounting statistics Syntax show accounting statisticsLocal WSS database Show accounting statistics OutputRadius server Show mobility-profile Show location policyAAA Commands NN47250-100 Version 23x0# clear domain security Mobility Domain CommandsClear domain security Syntax clear domain securitySee Also set mobility-domain member on Clear mobility-domainClear mobility-domain member Set domain securitySyntax set mobility-domain member ip-addrkey hex-bytes Set mobility-domain memberSyntax set domain security none required WSS# set domain security requiredWSS# set mobility-domain member Set mobility-domain mode member seed-ipSet mobility-domain mode member secondary-seed- ip Clear mobility-domain on Show mobility-domain config onClear mobility-domain member on Show mobility-domain on Set mobility-domain mode seed domain-nameWSS# set mobility-domain mode member secondary-seed-ip Show mobility-domain Show mobility-domain configSyntax show mobility-domain config WSS# show mobility-domain configWSS# show mobility-domain Show mobility-domain OutputSyntax show mobility-domain Mobility Domain Commands NN47250-100 Version 23x0# clear network-domain Network Domain CommandsClear network-domain Syntax clear network-domainSyntax clear network-domain peer ip-addrall Clear network-domain modeSyntax clear network-domain mode seed member Clear network-domain peerSee Also set network-domain peer on Set network-domain mode member seed-ipSee Also set network-domain mode member seed-ip on Clear network-domain seed-ipClear network-domain on Show network-domain on WSS# set network-domain mode member seed-ipSet network-domain peer Syntax set network-domain peer ip-addrShow network-domain Set network-domain mode seed domain-nameWSS# set network-domain mode seed domain-name California Set network domain peer commandOutput if WSS is the Network Domain seed Show network-domain OutputSyntax show network-domain WSS# show network-domainOutput if WSS is a Network Domain member Network Domain Commands NN47250-100 Version Set ap radio radio-profile on AP CommandsSet ap radio mode on Set ap upgrade-firmware onSet service-profilersn-ie on Set service-profileweb-portal-acl onSet service-profileauth-psk on Set service-profilewpa-ie onSet service-profile psk-raw on Set service-profile cipher-wep104 onSet service-profile cipher-wep40 on Set service-profile psk-phrase onSet ap radio auto-tunemax-power on Set radio-profileauto-tunepower-config onSet radio-profileauto-tunepower-interval on Set radio-profileauto-tunepower-lockdown onSyntax clear ap ap-numberimage Clear ap imageSee Also set ap image on Clear ap local-switching vlan-profileSyntax clear ap ap-numberlocal-switching vlan-profile WSS# clear ap 7 local-switching vlan-profileRadio Clear ap radioRadio-Specific Parameters Syntax clear ap port-listap ap-numradio 1 2 allOption dap removed for AP 802.11b/g-6802.11a-Lowest valid Channel number for Country of operationClear ap radio load-balancing group Clear ap boot-configurationSyntax clear ap boot-configuration ap-num WSS# clear ap 1 boot-configurationClear radio-profile Countermeasures parameter added Clear service-profileLong-retry Short-retrySoda logout-page Soda failure-pageSoda remediation-acl Soda success-pageOption radio num auto-tune min-client-rate Reset apSet ap auto Option force-image-download addedWSS# set ap auto Configurable Profile Parameters for APsSet ap auto persistent Set ap auto modeSyntax set ap auto mode enable disable WSS# set ap auto mode enableWSS# set ap auto persistent 10 success change accepted Set ap auto radiotype11a-802.11a Syntax set ap auto persistent ap-numallSyntax set ap port-listap ap-numauto bias high low Set ap biasWSS# set ap auto radiotype 11b WSS# set ap 1 bias low See Also show ap config onSyntax set ap port-list ap ap-num auto blink enable disable Set ap blinkEnables or disables the static IP address for the AP Set ap boot-configuration ipWSS# set ap 3-4 blink enable Mode enable disableWSS# set ap 7 boot-configuration mesh mode enable Set ap boot-configuration mesh modeSet ap boot-configuration mesh psk-phrase Syntax set ap ap-numberboot-configuration mesh psk-raw hex Set ap boot-configuration mesh psk-rawWSS# set ap 7 boot-configuration mesh ssid wlan-mesh Set ap boot-configuration mesh ssidSwitch-ip ip-addr Set ap boot-configuration switchVlan tag value. You can specify a number from Set ap boot-configuration vlanEnables or disables use of the specified Vlan tag on the AP Vlan-tag tag-valueSyntax set ap num fingerprint hex Set ap security on Show ap config on Show ap status onSet ap fingerprint Set ap force-image-downloadAuto on WSS# set ap 69 force-image-download enableSet ap group Syntax set ap port-list ap ap-num auto group nameWSS# set ap 4 group none Show ap config on Show ap group onSet ap image WSS# set ap 1,4,7 group loadbalance1WSS# set ap 7 local-switching mode enable Set ap local-switching modeSet ap local-switching vlan-profile Syntax set ap ap-numberlocal-switching mode enable disableSyntax set ap port-list ap ap-numname name WSS# set ap 7 local-switching vlan-profile localsSet ap name Indoors Set ap radio antenna-locationWSS# set ap 1 name techpubs WSS# set ap 22 radio 1 antenna-location outdoorSee Also set ap radio antennatype on Set ap radio antennatypeAp port-list Ap ap-num radio 1 radio Set ap radio auto-tune max-power Deprecated in WSS Software Version WSS# set ap 7 radio 1 auto-tune max-powerSet ap radio auto-tune max-retransmissions Set ap radio auto-tune min-client-rateWSS# set ap 5 radio 1 channel WSS# set ap 11 radio 1 channel 1 tx-powerSet ap radio tx-power on Show ap config on Set ap radio channelAp ap-number Set ap radio min-tx-datarateSet ap radio link-calibration Set ap radio load-balancingSet ap radio load-balancing group Syntax set ap ap-numradio 1 2 load-balancing enable disableWSS# set ap 7 radio 1 load-balancing disable WSS# set ap 7 radio 1 load-balancing group room1 Set ap radio modeSyntax set ap port-listauto radio 1 2 mode enable disable Radio-profile name WSS# set ap 1-5 radio 1 mode enableWSS# set ap 1-3 radio 2 mode enable Set ap radio radio-profileSet ap radio tx-power Set ap radio channel on Show ap config on WSS# set ap 5 radio 1 tx-powerWSS# set ap security none Set ap securitySyntax set ap security require optional none Set ap sticky-bit Set ap upgrade-firmwareSyntax set ap port-listauto upgrade-firmware enable disable WSS# set ap 9 upgrade-firmware disableWSS# set band-preference 11a Set load-balancing modeSyntax set load-balancing mode enable disable Syntax set band-preference none 11bg 11aMax WSS# set load-balancing mode disableSet load-balancing strictness Syntax set load-balancing strictness low med high maxWSS# set load-balancing strictness max Syntax set radio-profile name active-scan enable disableSet radio-profile 11g-only Set radio-profile active-scanSet radio-profile auth-psk Set radio-profile auto-tune channel-configWSS# set radio-profile radprof3 active-scan disable Set radio-profile auth-dot1xWSS# set radio-profile rp2 auto-tune channel-holddown WSS# set radio-profile rp2 auto-tune channel-config disableSet radio-profile auto-tune channel-holddown WSS# set radio-profile rp2 auto-tune channel-interval Set radio-profile auto-tune channel-intervalSyntax set radio-profile name auto-tune channel-lockdown Set radio-profile auto-tune power-backoff-timerSet radio-profile auto-tune power-config Set radio-profile auto-tune channel-lockdownStarted Set radio-profile auto-tune power-intervalWSS# set radio-profile rp2 auto-tune power-config enable Defaults The default power tuning interval is 300 secondsWSS# set radio-profile rp2 auto-tune power-lockdown Set radio-profile auto-tune power-lockdownWSS# set radio-profile rp2 auto-tune power-interval Syntax set radio-profile name auto-tune power-lockdownSyntax set radio-profile name beacon-interval interval Set radio-profile auto-tune power-ramp-intervalWSS# set radio-profile rp2 auto-tune power-ramp-interval Set radio-profile beacon-intervalSet radio-profile cipher-wep104 Set radio-profile beaconed-ssidSet radio-profile cipher-ccmp Set radio-profile cipher-tkipRogue ConfiguredSet radio-profile countermeasures WSS# set radio-profile radprof3 countermeasures rogueSet radio-profile dtim-interval Set radio-profile crypto-ssidWSS# set radio-profile rp1 frag-threshold Set radio-profile frag-thresholdSyntax set radio-profile name frag-threshold threshold Set radio-profile max-tx-lifetime Set radio-profile long-retrySet radio-profile max-rx-lifetime WSS# set radio-profile rp1 max-tx-lifetime Set radio-profile modeDefaults for Radio Profile Parameters Syntax set radio-profile name mode enable disableCountermeasures Rfid-mode DisableService-profile Wmm-powersave DisableRfid-mode Wmm-powersave11g-only Syntax set radio-profile name preamble-length long short Set radio-profile preamble-lengthSet radio-profile psk-phrase Set radio-profile psk-rawWSS# set radio-profile rp1 qos-mode svp Set radio-profile qos-modeSet radio-profile rate-enforcement Syntax set radio-profile name qos-mode svp wmmSet radio-profile rfid-mode Enables data rate enforcement for the radios in the radioDisables data rate enforcement for the radios in the radio Syntax set radio-profile name rts-threshold threshold Syntax set radio-profile name rfid-mode enable disableWSS# set radio-profile rfid-mode enable Set radio-profile rts-thresholdSyntax set radio-profile name service-profile name Set radio-profile service-profileDefaults for Service Profile Parameters Cipher-wep40 Disable Cipher-ccmp DisableCipher-tkip Enable Cipher-wep104 DisableShared-key-auth Disable No-broadcast DisableProxy-arp Disable Rsn-ie Disable2.0,5.5,11.0 12.0,24.0Auto 2.0Web-portal-acl Portalacl Portal-acl settingTimeout Wpa-ie DisableWSS# set radio-profile rp2 service-profile wpaclients Set radio-profile wep active-multicast-index Set radio-profile shared-key-authSet radio-profile short-retry Set radio-profile tkip-mc-timeSee set service-profilewpa-ie on Set radio-profile wmm-powersaveSyntax set radio-profile name wmm-powersave enable disable WSS# set radio-profile rp1 wmm-powersave enableWSS# set service-prof sp2 attr vlan-name blue Set service-profile attrSyntax set service-profile name attr attribute-name value WSS# set service-profile wpaclients auth-dot1x disable Set service-profile auth-dot1xWSS# set service-prof sp2 attr mobility-profile tulip Syntax set service-profile name auth-dot1x enable disableWeb-portal Set service-profile auth-fallthruLast-resort WSS# set service-profile wpaclients auth-psk enable Set service-profile auth-pskWSS# set service-profile rndlab auth-fallthru web-portal Syntax set service-profile name auth-psk enable disableMesh-service-profile Mesh service profile Set service-profile beaconSet service-profile bridging Syntax set service-profile name beacon enable disableSet service-profilecac-session on Show service-profile on Set service-profile cac-modeSyntax set service-profile name cac-mode none session WSS# set service-profile sp1 cac-mode sessionWSS# set service-profile sp1 cac-session Set service-profile cac-sessionSet service-profile cipher-ccmp Syntax set service-profile name cac-session max-sessionsWSS# set service-profile sp2 cipher-tkip disable Set service-profile cipher-tkipWSS# set service-profile sp2 cipher-ccmp enable Syntax set service-profile name cipher-tkip enable disableEnables 104-bit WEP encryption for WPA clients Set service-profile cipher-wep104WSS# set service-profile sp2 cipher-wep104 enable WSS# set service-profile sp2 cipher-wep40 enable Set service-profile cipher-wep40Set service-profile cos Syntax set service-profile name cipher-wep40 enable disableWSS# set service-profile sp1 dhcp-restrict enable Set service-profile dhcp-restrictSyntax set service-profile name cos level WSS# set service-profile sp1 cosEnables keepalives Set service-profile idle-client-probingSet service-profile keep-initial-vlan WSS# set service-profile sp1 idle-client-probing disableWSS# set service-profile sp3 keep-initial-vlan enable Set service-profile load-balancing-exemptSee Also show service-profile on WSS# set service-profile sp1 long-retry-count Set service-profile long-retry-countWSS# set service-profile sp3 load-balancing-exempt enable Syntax set service-profile name long-retry-count thresholdEnables mesh services for the service profile Set service-profile meshSet service-profile no-broadcast Syntax set service-profile name mesh mode enable disableSyntax set service-profile name proxy-arp enable disable Set service-profile proxy-arpSyntax set service-profile name no-broadcast enable disable WSS# set service-profile sp1 no-broadcast enableSyntax set service-profile name psk-phrase passphrase Set service-profile psk-phraseWSS# set service-profile sp1 proxy-arp enable Syntax set service-profile name psk-raw hex Set service-profile psk-rawSet service-profile rsn-ie WSS# set service-profile sprsn rsn-ie enable Set service-profile shared-key-authSyntax set service-profile name rsn-ie enable disable WSS# set service-profile sp1 short-retry-count Set service-profile short-retry-countWSS# set service-profile sp4 shared-key-auth enable Syntax set service-profile name short-retry-count thresholdNetwork Set service-profile soda agent-directorySet service-profile soda enforce-checks Set service-profile soda mode on Show service-profile on Set service-profile soda failure-pageWSS# set service-profile sp1 enforce-checks disable Syntax set service-profile name soda failure-pageSyntax set service-profile name soda logout-page Set service-profile soda logout-pageWSS# set service-profile sp1 soda mode enable Set service-profile soda modeWSS# set service-profile sp1 soda logout-page logout.html Syntax set service-profile name soda mode enable disableSyntax set service-profile name soda success-page Set service-profile soda remediation-aclSet service-profile soda success-page Syntax set service-profile name ssid-name ssid-name Set service-profile ssid-nameWSS# set service-profile sp1 soda success-page success.html Syntax set service-profile name ssid-type clear crypto Set service-profile ssid-typeSet service-profile static-cos WSS# set service-profile clearwlan ssid-name guestSyntax set service-profile name tkip-mc-time wait-time Set service-profile tkip-mc-timeSyntax set service-profile name static-cos enable disable WSS# set service-profile sp1 static-cos enable11g-1.0, 2.0, 5.5, 6.0, 9.0, 11.0, 12.0, 18.0 Set service-profile transmit-ratesWSS# set service-profile sp3 tkip-mc-time Beacon-rate Beacon-rate rateMulticast-rate WSS# set service-profile sp1 user-idle-timeout Set service-profile user-idle-timeoutSet service-profile web-portal-acl Syntax set service-profile name user-idle-timeout secondsSyntax set service-profile name web-portal-form url Set service-profile web-portal-formSyntax set service-profile name web-portal-acl aclname WSS# set service-profile sp3 web-portal-acl creditsrvrWSS# dir corpa WSS# mkdir corpaWSS# set service-profile sp1 web-portal-logout mode enable Set service-profile web-portal-logoutSet service-profile web-portal-logout logout-url Set service-profile web-portal-session-timeoutWSS# set service-profile sp1 web-portal-session-timeout Set service-profile wep active-multicast-indexWSS# set service-profile sp2 wep active-unicast-index Set service-profile wep active-unicast-indexWSS# set service-profile sp2 wep active-multicast-index WSS# set service-profile sp2 wep key-index 1 key aabbccddee Set service-profile wep key-indexSet service-profile wpa-ie Syntax set service-profile name wep key-index num key valueWSS# show ap arp WSS# set service-profile sp2 wpa-ie enableShow ap arp Syntax show ap arp ap-numberOutput for show ap arp Show ap configSyntax show ap config port-listradio 1 Set ap local-switching mode on Set vlan-profileWSS# show ap config Output for show ap config 802.11g 802.11a802.11b WSS# show ap counters Show ap unconfigured on Show radio-profile onShow ap counters Syntax show ap counters port-listradio 1Output for show ap counters Use the show sessions network session-id session-idcommand Output for show ap counters See Also show sessions network on Show ap dual-homeWSS# show ap fdb Show ap fdbOutput for show ap fdb Syntax show ap fdb ap-numberClears the counters after displaying their current values Show ap qos-statsWSS# show ap qos-stats WSS# show ap etherstats Show ap etherstatsOutput for show ap qos-stats Syntax show ap etherstats port-listap-numOutput for show ap etherstats WSS# show ap mesh-links Show ap groupShow ap mesh-links Syntax show ap mesh-links ap-numberTerse Show ap statusOutput for show ap mesh-links Syntax show ap status terse port-listall radio 1Tuning Radio state information, to indicate when anConfigured antenna model number Power settings that are configured by RF AutoWSS# show ap status terse Output for show ap status Image downloaded-The AP has received a boot But has not yet begun bootingBooting-The AP has asked the WSS for a boot Image downloading-The AP is receiving a bootSweep Mode indicates that a disabled radio is Configure succeed state indicates that the APHas received configuration parameters for Protection mode remains in effect untilRadio But no external antenna is configured onAntenna is configured on the radio but no Indicates that an external antenna was detectedOutput for show ap status terse and show ap status terse Show ap vlanWSS# show ap vlan Set vlan-profile Set ap local-switching mode onOutput for show ap vlan Syntax show ap vlan ap-numberWSS# show auto-tune attributes ap 2 radio Show auto-tune attributesOutput for show auto-tune attributes Syntax show auto-tune attributes ap ap-numradio 1 2allSyntax show auto-tune neighbors ap ap-numradio 1 2all Set radio-profileauto-tunepower-backoff-timer onShow auto-tune neighbors Rssi Output for show auto-tune neighborsWSS# show ap boot-configuration Show ap boot-configurationOutput for show ap boot-configuration Syntax show ap boot-configuration ap-numSerial-id serial-ID Show ap connectionSyntax show ap connection ap-numserial-id serial-ID ConnectionWSS# show ap connection serial-id Show ap config on Show ap global on Show ap unconfigured onOutput for show ap connection WSS# show ap connection Total number of entriesWSS# show ap global Show ap globalOutput for show ap global Syntax show ap global ap-numserial-id serial-IDWSS# show ap unconfigured Show ap unconfiguredSyntax show ap unconfigured Show ap connection on Show ap global on Output for show ap unconfiguredThis WSS switch as a member Show load-balancing groupSyntax show radio-profile name ? Show radio-profileOutput for show load-balancing group WSS# show load-balancing group blueWSS# show radio-profile default Output for show radio-profile SpectraLink Voice Priority SVP Wmm-AP forwarding queues provide standardPriority handling for WMM devices Svp-AP forwarding queues are optimized forSyntax show service-profile name ? Show service-profileProfile output Unencrypted Output for show service-profileCrypto-Wireless traffic for the Ssid is Clear-Wireless traffic for the Ssid isNone-Denies authentication and prohibits Last-resort-Automatically authenticates the userAllows access to the Ssid requested by User, without requiring a username and passwordSession-CAC is based on the number of active None-CAC is disabledNone-The key is not configured Preset-The key is configuredPSK-preshared key authentication Radios in the radio profile mapped to this serviceAuthentication-Lists the authentication methods 802.1X-dynamic authenticationFieldDescription AP Commands AP Commands NN47250-100 Version Show spantree uplinkfast on STP CommandsSet spantree uplinkfast on Clear spantree portpri Clear spantree portcostClear spantree portvlanpri Resets the cost for all VLANsClear spantree portvlancost WSS# clear spantree statistics 5,11,19-22 Clear spantree statisticsSyntax clear spantree portvlanpri port-listall vlan vlan-id Syntax clear spantree statistics port-listvlan vlan-idSee Also show spantree on Set spantreeSet spantree backbonefast See Also show spantree statistics onSee Also show spantree backbonefast on Set spantree fwddelaySet spantree hello Set spantree portcost Set spantree maxageWSS# set spantree portcost 3,4 cost Snmp Port Path Cost DefaultsSyntax set spantree portfast port port-listenable disable Set spantree portfastSee Also show spantree portfast on Set spantree portpriSet spantree portvlancost Priority value All Set spantree portvlanpriWSS# set spantree portvlancost 3,4 cost 20 vlan mauve Cost cost AllSet spantree uplinkfast Set spantree prioritySee Also show spantree uplinkfast on WSS# set spantree uplinkfast enableWSS# show spantree vlan default Show spantreeBridge Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec Output for show spantree Syntax show spantree backbonefast Show spantree backbonefastSee Also show spantree blockedports on WSS# show spantree backbonefast WSS# show spantree blockedports vlan defaultShow spantree blockedports See Also set spantree backbonefast onUplink fast convergence information for all ports Show spantree portfastSyntax show spantree portfast port-list WSS# show spantree portfastSyntax show spantree portvlancost port-list Show spantree portvlancostOutput for show spantree portfast See Also set spantree portfast onStatistics for all ports Show spantree statisticsSyntax show spantree statistics port-listvlan vlan-id WSS# show spantree statisticsInactive Output for show spantree statistics Output for show spantree statistics Output for show spantree statistics Syntax show spantree uplinkfast vlan vlan-id Show spantree uplinkfastOutput for show spantree uplinkfast See Also clear spantree statistics onSee Also set spantree uplinkfast on STP Commands NN47250-100 Version Statistics Show igmp statistics on Clear igmp statistics on Igmp Snooping CommandsClear igmp statistics Syntax clear igmp statistics vlan vlan-idSee Also show igmp on Set igmpSet igmp lmqi See Also show igmp statistics onSee Also show igmp mrouter on Set igmp mrouterSet igmp mrsol See Also set igmp mrsol on Set igmp mrsol mrsiSet igmp oqi See Also set igmp mrsol mrsi onVlan vlan-id Syntax set igmp proxy-report enable disable vlan vlan-idSet igmp proxy-report WSS# set igmp oqi 200 vlan orangeSyntax set igmp qi seconds vlan vlan-id WSS# set igmp proxy-report disable vlan orangeSet igmp qi Set igmp qriWSS# set igmp qri 50 vlan orange Syntax set igmp querier enable disable vlan vlan-idSet igmp querier Syntax set igmp qri tenth-seconds vlan vlan-idSee Also show igmp receiver-table on Set igmp receiverSet igmp rv See Also show igmp querier onWSS# show igmp vlan orange Show igmpWSS# set igmp rv 4 vlan orange Syntax show igmp vlan vlan-idDvmrp PIM Output for show igmpQuer-IGMP query Conf Static multicast port configured by anAdministrator Madv-Multicast advertisementWSS# show igmp mrouter vlan orange Show igmp mrouterSyntax show igmp mrouter vlan vlan-id Set igmp mrouter on Show igmp mrouter on Show igmp querierOutput for show igmp mrouter Syntax show igmp querier vlan vlan-idWSS# show igmp querier vlan orange See Also set igmp querier on WSS# show igmp querier vlan defaultShow igmp receiver-table Output for show igmp querierVLANs WSS# show igmp receiver-table vlan orangeWSS# show igmp receiver-table group 237.255.255.0/24 WSS Software displays the multicast receivers on allSyntax show igmp statistics vlan vlan-id Show igmp statisticsOutput for show igmp receiver-table See Also set igmp receiver onOutput for show igmp statistics See Also clear igmp statistics on Igmp Snooping Commands NN47250-100 Version WSS# clear sessions console Session Management CommandsWSS# clear sessions admin Clear sessionsWSS# clear sessions network mac-addr Clear sessions networkSee Also show sessions on WSS# clear sessions telnet clientShow sessions Telnet ConsoleMac-addr mac-addr Show sessions networkShow sessions telnet client Output See Also clear sessions onSession-id output Verbose outputWSS show sessions network verbose WSS show sessions networkWSS show sessions network mac-addr 00055d7e981a WSS show sessions network user EWSS# show sessions network session-id Show sessions network summary OutputDescription Additional show sessions network verboseAAA-VLAN is from Radius or the local database IP address and port number of the WSS managing the APSerial number and radio number of the AP Amount of time the session has been on this APShow sessions network session-id Output DOT1X See Also clear sessions network on Session Management Commands NN47250-100 Version Clears all security ACLs Security ACL CommandsClear security acl Syntax clear security acl acl-name all editbuffer-indexSet security acl ip acl135 hits #2 WSS# show security acl info allSet security acl ip acl133 hits #1 Set security acl ip acl134 hits #3Out Clear security acl mapWSS# clear security acl map acljoe port 4 Type Class Mapping Commit security aclWSS# clear security acl map all Syntax commit security acl acl-nameallSyntax rollback security acl acl-nameall Hit-sample-rateRollback security acl See Also show security acl onSet security acl By UDP packets Any Immediate precedence Minimum delayRoutine precedence Priority precedenceWSS# commit security acl all WSS# set security acl ip acl123 deny 192.168.2.11Tag tag-list Set security acl mapWSS set security acl map acl133 port 4 WSS port or portsSet security acl ip acl153 hits #3 Configuration fileSet security acl hit-sample-rate Syntax set security acl hit-sample-rate secondsIndex Counter ACL-name Show security aclShow security acl dscp WSS# show security acl hitsWSS# show security acl editbuffer Show security acl editbufferShow security acl hits Syntax show security acl info all editbufferWSS# show security acl info Show security acl infoSyntax show security acl hits Syntax show security acl info acl-nameall editbufferShow security acl map Show security acl resource-usage Show security acl resource-usage Output False-No security ACLs are mapped True-A default action types is definedFalse-No default action type is defined True-Security ACLs are mappedFalse-No security ACLs are mapped to incoming True-Security ACLs are mapped to incoming trafficCryptography Commands Certificate Crypto ca-certificateEap PEM-formattedSee Also show crypto ca-certificate on WSS# crypto certificate adminCrypto certificate Ssh Crypto generate keyCrypto generate request on Crypto generate self-signed on DomainSee Also show crypto key ssh on WSS# crypto generate key adminSyntax crypto generate request admin eap web Crypto generate requestMaximum string length for State Name increased WSS# crypto generate request adminEmail Address admin@example.com Webaaa option renamed to webCrypto certificate on Crypto generate key on Syntax crypto generate self-signed admin eap webCrypto generate self-signed Crypto otp WSS# crypto generate self-signed adminSyntax crypto otp admin eap web one-time-password WSS# crypto generate otp eap hap9iN#ss Syntax crypto pkcs12 admin eap web file-location-urlCrypto pkcs12 See Also crypto pkcs12 onWSS# crypto pkcs12 eap 2048full.p12 See Also crypto otp onWSS# copy tftp//192.168.253.1/2048full.p12 2048full.p12 WSS# crypto otp eap hap9iN#ssWSS# show crypto ca-certificate Syntax show crypto ca-certificate admin eap webShow crypto ca-certificate Show crypto ca-certificate OutputWSS# show crypto certificate eap Syntax show crypto certificate admin eap webShow crypto certificate Crypto certificate OutputSee Also crypto generate key on Show crypto key domainShow crypto key ssh Cryptography Commands NN47250-100 Version Clear server group on Radius and Server Groups CommandsSyntax clear radius deadtime key retransmit timeout Clear radiusClear radius client system-ip See Also set radius proxy port on Clear radius proxy clientClear radius proxy port See Also set radius proxy client onClear server group Clear radius serverSee Also set server group on Set radiusSet radius client system-ip WSS# set radius proxy client address 10.20.20.9 key radkey1 Set radius proxy clientSet radius proxy port Syntax set radius proxy client address ip-addressSsid ssid-name Ssid supported by the third-party AP Set radius serverWSS# set radius proxy port 3-4 tag 104 ssid mycorp Encrypted-key-No key Author-password-nortel Members server Set server groupGroup-name Server group name of up to 32 characters 23x0# set server group shorebirds load-balance enable23x0# set server group shorebirds load-balance disable Set server group load-balanceRadius and Server Groups Commands NN47250-100 Version 802.1X Management Commands WSS# clear dot1x bonded-period Clear dot1x bonded-periodClear dot1x max-req Syntax clear dot1x max-reqClear dot1x reauth-max Clear dot1x port-controlClear dot1x quiet-period Clear dot1x reauth-period Clear dot1x timeout auth-serverClear dot1x tx-period Clear dot1x timeout supplicantSet dot1x bonded-period Syntax set dot1x authcontrol enable disableWSS# set dot1x authcontrol enable Set dot1x authcontrolSee Also show dot1x on Set dot1x key-txSet dot1x max-req WSS# set dot1x port-control forceauth Set dot1x port-controlWSS# set dot1x max-req Set dot1x reauth Set dot1x quiet-periodSet dot1x reauth-period Set dot1x reauth-maxSet dot1x timeout supplicant Set dot1x timeout auth-serverSyntax set dot1x tx-period seconds Syntax set dot1X wep-rekey enable disableSet dot1x tx-period Set dot1x wep-rekeyShow dot1x Set dot1x wep-rekey-periodWSS# show dot1x clients WSS# show dot1x configWSS # show dot1x stats Show dot1x stats Output520 802.1X Management Commands Show rfdetect visible on RF Detection CommandsRogue Information Show rfdetect clients on Show rfdetect data onSyntax clear rfdetect black-list mac-addr Clear rfdetect attack-listClear rfdetect black-list Syntax clear rfdetect attack-list mac-addrClear rfdetect ssid-list Clear rfdetect ignoreWSS# clear rfdetect vendor-list client aabbcc000000 Clear rfdetect vendor-listSet rfdetect attack-list Syntax clear rfdetect vendor-list client ap mac-addrallSet rfdetect ignore Set rfdetect black-list23x0# set rfdetect ignore aabbcc112233 Syntax set rfdetect log enable disable23x0# set rfdetect log enable Set rfdetect logSee Also show log buffer on Set rfdetect signatureSet rfdetect ssid-list WSS# set rfdetect vendor-list client aabbcc000000 Set rfdetect vendor-listWSS# set rfdetect ssid-list mycorp Syntax set rfdetect vendor-list client ap mac-addrShow rfdetect black-list Show rfdetect attack-listWSS# show rfdetect clients mac 000c4163fd6d Show rfdetect clientsShow rfdetect clients Output Syntax show rfdetect clients mac mac-addrShow rfdetect clients mac Output WSS# show rfdetect countermeasures Show rfdetect countermeasuresSyntax show rfdetect countermeasures Syntax show rfdetect counters Show rfdetect countersShow rfdetect countermeasures Output See Also set radio-profile countermeasures onSyntax show rfdetect data Show rfdetect dataShow rfdetect data Output WSS# show rfdetect ignore Total number of entries Show rfdetect ignoreShow rfdetect mobility-domain Syntax show rfdetect ignoreWSS# show rfdetect mobility-domain ssid nrtl-webaaa Bssid and ssid options addedVendor, Type, and Flags fields added WSS# show rfdetect mobility-domainShow rfdetect mobility-domain Output Show rfdetect mobility-domain ssid or bssid Output Show rfdetect ssid-list WSS# show rfdetect vendor-list Show rfdetect vendor-listShow rfdetect visible Syntax show rfdetect vendor-listVersion Vendor, Type, and Flags fields added Show ap status commandMac-addr Base MAC address of the Nortel radio Shows neighbor information for radioShow rfdetect data on Show rfdetect mobility-domain on RfpingShow rfdetect visible Output Syntax rfping mac mac-addrsession-id session-idWSS# rfping mac 000e9bbfad13 Rfping OutputBackup File Management CommandsTftp/ip-addr / filename Syntax backup system tftp/ip-addr/filenameall criticalWSS# backup system tftp/10.10.20.9/sysabak critical Dir on Restore onCopy Clear boot backup-configurationClear boot config Be one of the following Syntax copy source-url destination-urlSource-url Destination-urlWSS# copy tftp//10.1.1.1/closetwss closetwss WSS# copy tftp//10.1.1.107/WSS020101.020 boot1WSS020101.020Delete WSS# copy floorwss tftp//10.1.1.1/floorwssDir WSS# copy testconfig tftp//10.1.1.1/testconfigWSS# delete testconfig Syntax dir subdirname file core boot0 boot1WSS# dir file WSS# dirWSS# dir old WSS# dir core Install soda agentWSS# dir boot0 Output for dirUninstall soda agent on Set service-profile soda mode on Load configWSS# install soda agent soda.ZIP agent-directory sp1 Syntax load config urlSave config on Show boot on Show config on WSS# load configWSS# load config testconfig1 Syntax md5 boot0 boot1filenameWSS# mkdir corp2 Pubs# md5 boot0WSS040003.020Mkdir Syntax mkdir subdirnameWSS# reset system Reset systemSyntax reset system force Restore Rmdir Save configSee Also backup on Syntax set boot backup-configuration filename Set boot backup-configurationSyntax save config filename WSS# save config testconfig1Set boot partition Set boot configuration-fileBoot configuration, added Show bootNew fields, Configured boot version and Backup Output for show boot Area area Show configSyntax show config area area all Configuration area. You can specify one of the followingRfdevice changed to rfdetect Show versionNew options added for remote traffic monitoring snoop WSS# show version details WSS# uninstall soda agent agent-directory sp1 Uninstall soda agentSee Also show boot on Syntax uninstall soda agent agent-directory directoryInstall soda agent on Set service-profile soda mode on File Management Commands NN47250-100 Version WSS# clear log trace Trace CommandsClear log trace Syntax clear log traceSave trace Clear traceWSS# save trace traces/trace1 Set trace authenticationSet trace authorization WSS# set trace authentication user joseUser-readable information. If you do not specify a level Level 5 is the defaultSet trace dot1x WSS# set trace sm mac-addr Set trace smWSS# show trace Show traceSyntax show trace all WSS# clear snoop snoop1 Snoop CommandsClear snoop Syntax clear snoop filter-nameExamples clear snoop map filter-nameap ap-numradio 1 Clear snoop mapWSS# clear snoop map snoop2 ap 3 radio WSS# clear snoop map allSet snoop Examples set snoop map filter-nameap ap-numradio 1 Set snoop mapWSS# set snoop snoop1 observer 10.10.30.2 snap-length Filter. See show snoop stats on Set snoop modeEnable Stop-after num-pkts WSS# set snoop map snoop1 ap 3 radioWSS# show snoop WSS# set snoop snoop1 mode enable stop-afterShow snoop Syntax show snoopShow snoop map Show snoop infoExamples show snoop stats filter-nameap-numradio 1 Show snoop statsClear snoop map on Set snoop map on Show snoop on Show snoop stats Output Snoop Commands NN47250-100 Version WSS# clear log server System Log CommandsClear log Syntax clear log buffer server ip-addrSeverity Logging state enabled or disabledSet log Defaults Set log mark Show log buffer See Also show log config onSet log trace mbytes Diagnostic purposes. No action is required Reboot or shut downError-The WSS is missing data or is unable to Problems have occurred. These are logged forShow log trace Show log configSyntax show log config WSS# show log configNumber of log entries starting from the oldest Conditions are not resolved, the WSS can rebootError-The WSS is missing data or is unable to form Positive number for example, +100, displays thatWSS# show log trace +5 facility Rogue WSS# show log trace facility ?System Log Commands NN47250-100 Version Boot Prompt Commands Boot autoboot AutobootSee Also boot on Syntax autoboot on on OFF offBoot Change on Show on Boot boot FN=WSS010101.020 DEV=boot1Change Boot on Create on Delete on Dhcp on Next on Show on Boot changeChange on Delete on Next on Show on Boot createCreate Syntax dhcp on on OFF off Boot deleteBoot dhcp DhcpFver on Version on Syntax dir c d e f boot0 boot1Boot dir DiagFver Syntax fver c d e f boot0 boot1 filenameBoot fver boot1 Syntax help command-nameSee Also ls on Boot help fverSee Also help on ResetBoot next NextShow Boot resetStorage or a flash card Compact flash. Boots using nonvolatileBoot show Output for showSecondary partition of the flash card Nonvolatile storage area containing bootPartition Primary partition of the flash card in the flashVersion Boot versionEnables the poweron test flag TestDir on Fver on Numerics Command IndexNN47250-100 320658-G Version Delete 539 Command Index 282 340 Command Index Command Index MAC addresses 12 in user globs Vlan globs Command Index NN47250-100 320658-G Version Page Nortel WLAN-Security Switch 2300 Series Release

Security ACL Commands 467

0—routine precedence

1—priority precedence

2—immediate precedence

3—flash precedence

4—flash override precedence

5—critical precedence

6—internetwork control precedence

7—network control precedence

tos tos

8—minimum delay

4—maximum throughput

2—maximum reliability

1—minimum monetary cost

0—normal

dscp codepoint

established

before editbuffer-index

editbuffer.)

modify editbuffer-index

hits