MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. Symbol is a registered
trademark of Symbol Technologies, Inc. All other product or service names are the property of their respective owners.
Contents
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-21
3.4 Network AP Test Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22
test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22
new . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-23
3.5 Network AP Selfheal commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24
selfheal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-25
detect-neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-26
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-27
del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-28
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-29
3.6 Network AP Denyap Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-30
denyap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-30
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-31
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-32
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-33
3.7 Network AP Smartscan Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-34
smartscan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-34
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-35
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-36
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-37
3.8 Network AP Test Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-38
test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-38
new . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-39
3.9 Network AP Mesh Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-40
mesh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-40
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-41
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-43
del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-44
preferred-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-45
available-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-46
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-47
3.10 Network DCHP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-48
dhcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-48
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-49
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-50
3.11 Network Firewall Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-51
fw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-51
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-52
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-54
timeradd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-55
timerdel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-56
timerlist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-57
timerset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-58
3.12 Network Firewall Intrusion Prevention System Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-59
ips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-59
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-60
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-62
TOC-3
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-107
3.21 Network Router Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-108
router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-108
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-109
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-110
list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-111
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-112
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-113
3.22 Network VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-114
vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-114
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-115
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-116
3.23 Network WAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-117
wan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-117
renew . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-118
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-119
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-121
3.24 Network WAN App Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-122
app . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-122
addcmd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-123
delcmd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-125
list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-127
3.25 Network WAN DynDNS Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-128
dyndns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-128
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-129
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-130
update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-131
3.26 Network WAN L2TPVPN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-132
l2tpvpn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-132
show-connected-users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-133
3.27 Network WAN L2TPVPN LNS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-134
lns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-134
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-135
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-137
3.28 Network WAN L2TPVPN Users Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-138
users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-138
add-user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-139
delete-user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-140
delete-all-users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-141
show-user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-142
show-all-users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-143
3.29 Network WAN TrunkIPFPolicy Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-144
trunkipfpolicy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-144
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-145
del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-146
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-147
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-148
TOC-5
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-199
3.37 Network WLAN Rogue AP Roguelist Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-200
roguelist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-200
ageout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-201
approve . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-202
erase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-203
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-204
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-205
deauth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-206
3.38 Network WLAN Rogue AP Rogue List Locate Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-207
locate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-207
list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-208
start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-209
3.39 Network WLAN Rogue AP Rogue List MU Scan Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-210
muscan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-210
list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-211
start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-212
3.40 Network WLAN Rogue AP Rule List Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-213
rulelist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-213
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-214
authsymbolap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-215
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-216
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-217
3.41 Network WLAN Enhanced Rogue AP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-218
enhancedrogueap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-218
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-219
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-220
3.42 Network WLAN MU Probe Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-221
muprobe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-221
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-222
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-223
3.43 Network WLAN Hotspot Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-224
hotspot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-224
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-225
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-227
import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-228
3.44 Network WLAN Hotspot RADIUS commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-229
radius . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-229
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-230
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-231
3.45 Network WLAN Hotstpot White-list Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-233
white-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-233
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-234
clear . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-235
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-236
3.46 Network WLAN WLAN IP Fiter Policy Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-237
wlanipfpolicy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-237
TOC-7
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-238
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-239
del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-240
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-241
3.47 Network Port Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-242
port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-242
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-243
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-244
3.48 Network IP Filter Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-245
ipfilter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-245
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-246
del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-247
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-248
3.49 Network WIPS Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-249
wips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-249
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-250
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-251
list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-252
convert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-253
revert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-254
update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-255
3.50 Network WIPS Default commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-256
defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-256
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-257
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-258
3.51 Network WIDS Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-259
wids . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-259
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-260
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-261
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-265
3.52 Network URL Filter Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-266
urlfilter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-266
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-267
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-268
3.53 Network URL Filter Keyword Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-269
keyword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-269
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-270
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-271
removeall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-272
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-273
3.54 Network URL Filter White list Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-274
whitelist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-274
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-275
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-276
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-277
3.55 Network URL Filter Black List Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-278
blacklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-278
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-279
TOC-8 WS2000 Wireless Switch CLI Reference Guide
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-280
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-281
3.56 Network URL Filter Trusted IP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-282
trustip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-282
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-283
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-284
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-285
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-36
4.8 System RADIUS Client Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37
client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-38
del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-39
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-40
4.9 System RADIUS EAP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-41
eap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-41
import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-42
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-43
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-44
4.10 System RADIUS EAP PEAP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-45
peap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-45
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-46
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-47
4.11 System RADIUS EAP TTLS Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-48
ttls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-48
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-49
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-50
4.12 System RADIUS LDAP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-51
ldap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-51
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-52
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-54
import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-55
join . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-56
4.13 System RADIUS Policy Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-57
policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-57
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-58
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-59
4.14 System RADIUS Proxy Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-60
proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-60
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-61
del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-62
clearall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-63
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-64
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-65
4.15 System Redundancy Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-66
redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-66
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-67
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-69
4.16 System SNMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-70
snmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-70
4.17 System SNMP Access Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-71
access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-71
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-72
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-74
list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-76
TOC-10 WS2000 Wireless Switch CLI Reference Guide
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-77
4.18 System SNMP Traps Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-78
traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-78
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-79
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-81
list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-82
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-83
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-87
4.19 System SSH Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-89
ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-89
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-90
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-91
4.20 System User Database Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-92
userdb . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-92
4.21 System User Database Group Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-93
group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-93
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-94
create . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-95
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-96
clearall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-98
remove . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-99
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-100
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-102
4.22 System User Database User Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-103
user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-103
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-104
del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-105
clearall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-106
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-107
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-108
4.23 System User Database User Guest commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-109
guest . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-109
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-110
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-111
clear . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-112
4.24 System WS2000 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-113
WS2000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-113
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-114
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-115
restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-116
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-117
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-120
4.25 System CF commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-121
cf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-121
ls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-122
4.26 System HTTP commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-123
http . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-123
import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-124
TOC-11
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-125
4.27 System Test Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-126
test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-126
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-127
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-128
This guide is intended to support administrators responsible for understanding, configuring and maintaining
the Wireless Switch. This document provides information for the system administrator to use the command
line interface during the initial setup and configuration of the system. It also serves as a reference guide for
the administrator to use while updating or maintaining the system.
CAUTION: Indicates a condition that can cause equipment damage or data loss
WARNING! Indicates a condition or procedure that could result in personal injury or equip-
ment damage
CLI Conventions
command / keyword The first word is always a command. Keywords are words that must be entered
as is. Commands and keywords are mandatory.
For example, the command,
admin(network.wan)> show ip 1
is documented as
show ip <idx>
where:
show The command
ip The keyword
<variable> Variables are described with a short description enclosed within a < and a >
pair.
For example, the command,
admin(network.wan)> show ip 1
is documented as
show ip <idx>
where:
show The command Display information.
ip The keyword The IP address
<idx> The variable WAN Index value.
Product Overview 1-3
Location Function
Upper left LED This LED is present on all ports and indicates the speed of the transmissions through
the port. The LED is on when the transmission rate is 100 Mbit per second (100BaseT).
The light is off when the transmission rate is 10 Mbit per second.
Upper right LED This LED indicates activity on the port. This light is solid yellow when a link to a device
is made. The light flashes when traffic is being transferred over the line.
Lower LED This LED is only present on Ports 1-4. These ports provide 802.3af Power over Ethernet
(PoE) support to devices (such as Access Ports). The LED has several states:
OFFA non-power device (or no device) is connected; no power is being delivered.
GREENThe switch is delivering 48 volts to the power device connected to that port.
REDThere was a valid PoE connection; however, the switch has detected that the
power device is faulty. The red light will remain until a non-faulty connection is made
to the port.
Product Overview 1-7
The term Common Commands is used to indicate that these commands are available through the WS2000
Wireless Switchs CLI. These commands provide easy access to help, navigation, and to save configuration
changes.
This chapter also lists of commands available at the admin menu.
Common Commands
Admin Menu Commands
2-2 WS2000 Wireless Switch System Reference Guide
2.1.1 ? Command
?
Common Commands
Displays the commands available under the admin menu.
Syntax
?
Parameters
None
Example
admin> ?
admin>?
help
Common Commands
Displays general CLI user interface help.
Syntax
help
Parameters
None
Example
admin>help
quit
Common Commands
Quits the command line interface. Requires you to logon again.
This command appears in all the submenus under admin menu. In each case, it has the same function, to exit
out of the CLI.
Syntax
quit
Parameters
None
Example
admin>quit
2-6 WS2000 Wireless Switch System Reference Guide
save
Common Commands
Saves the configuration to system flash.
This command appears in all of the submenus under admin. In each case, it has the same function, to save
the configuration. The save command must be issued before leaving the CLI for the settings to be retained.
Syntax
save
Parameters
none
Example
admin> save
admin>
Admin and Common Commands 2-7
2.1.5 .. Command
..
Common Commands
Displays the parent menu of the current menu.
This command appears in all of the submenus under admin. In each case, it has the same function, to move
up one level in the directory structure.
Syntax
..
Parameters
None
Example
admin(network.ap) ..
admin(network)
admin(network) ..
admin>
2-8 WS2000 Wireless Switch System Reference Guide
2.1.6 / Command
/
Common Commands
Displays the root menu, that is, the top-level CLI menu.
This command appears in all of the submenus under admin. In each case, it has the same function, to move
up to the top level in the directory structure.
Syntax
/
Parameters
None
Example
admin(network.wan.nat)> /
admin>
Admin and Common Commands 2-9
passwd
Admin Menu Commands
Changes the password for the administrative logins - admin, guest-admin, and manager.
Syntax
passwd [admin|manager|guest-admin]
Parameters
Example:
admin>passwd admin
summary
Admin Menu Commands
Displays system summary for the WS2000 Wireless Switch. The information displayed includes high-level
characteristics and settings for WAN, subnet, and WLAN.
Syntax
summary
Parameters
None
Example
admin> summary
System Information
WLAN 1 Information
WLAN 2 Information
WLAN 3 Information
WLAN 4 Information
WLAN 5 Information
WLAN 6 Information
WLAN 7 Information
WLAN 8 Information
Subnet 1 Information
Subnet 2 Information
Subnet 3 Information
Subnet 4 Information
Subnet 5 Information
Subnet 6 Information
Network commands are used to configure the different network parameters of the WS2000 Wireless Switch.
3.1 network
Admin Menu Commands
Use the network command to go the Network menu.
admin> network
admin(network)>
The following commands are available under the Network menu:
ap
network
Displays the Access Port submenu. The functionality provided by this menu is supplied by various screen
under the Wireless menu item of the Web interface.
Syntax
admin(network)> ap
admin(network.ap)>
The items available under this command are shown below.
add
Network AP Commands
Adds entries to the Access Port adoption list. This allows the Access Ports with the MAC addresses specified
in the command to associate with the specified WLAN.
Performs functionality available in the Access Port Adoption List area of the Wireless screen.
Syntax
add <idx> <mac1> <mac2>
Parameters
admin(network.ap)>
Related Commands
delete Removes the MAC address range from the adoption list for the specified WLAN.
list Displays entries in the Access Port adoption list.
Network CLI Commands Reference 3-5
copydefaults
Network AP Commands
Copies default Access Port settings to a connected Access Port.
In the Web interface, the defaults are set on the Wireless, default AP screens (one for each radio type).
Syntax
copydefault <idx>
Parameters
network.ap.default)> Lists the current default settings for a selected Access Port type.
show default
show status Lists the index numbers for all currently connected Access Ports.
show ap Gets information about a particular Access Port.
3-6 WS2000 Wireless Switch System Reference Guide
delete
Network AP Commands
Deletes entries from the Access Port adoption list. In the Web interface, this functionality is found on the
Wireless screen in the Access Port Adoption list area.
Syntax
delete <idx> [<entry>|all]
Parameters
<idx> [<entry>|all] Deletes an entry in the Access Port adoption list as specified by <entry>, which is
the number listed in the adopted list (use the list command) for WLAN <idx>
(1-8).
all indicates deleting all the adoption list entries.
Example
The following example first lists out the adoption list entries for WLAN 1, deletes the second entry for WLAN
1, and finally displays the list for WLAN 1 showing that the entry has been deleted.
admin(network.ap)>list 1
-------------------------------------------------------------------------
index start mac end mac
-------------------------------------------------------------------------
1 000000000000 00306542B965
2 004000000000 005000000000
admin(network.ap)>delete 1 2
admin(network.ap)>list 1
-------------------------------------------------------------------------
index start mac end mac
-------------------------------------------------------------------------
1 000000000000 00306542B965
Related Commands
forget
Network AP Commands
Forgets the AP parameters at a particular index specified by the <idx> value.
Syntax
forget [<idx>|all]
Parameters
list
Network AP Commands
Displays entries in the Access Port adoption list for a specified wireless LAN.
Syntax
list <idx>
Parameters
<idx> Lists the Access Port adoption entries for WLAN <idx> (1-8).
Example
The following example shows the access port adoption list for WLAN 1.
admin(network.ap)>list 1
----------------------------------------------------------------------
index start mac end mac
----------------------------------------------------------------------1
1 00A0F8BFE9B0 00A0F8BFE9B0
2 001570165200 001570165200
3 00A0F8B54D68 00A0F8B54D68
4 00A0F8BFEE3C 00A0F8BFEE3C
Related Commands
remap
Network AP Commands
Remaps the channels for a radio at index specified by <idx>.
Syntax
remap [<idx>|all]
Parameters
<idx>|all <idx> Remaps all channels for a radio specified by the index <idx>
all Remaps all channels for all the radios in auto channel selection mode.
Example
admin(network.ap)>list 1
--------------------------------------------
index start mac end mac
--------------------------------------------
1 00A0F8BFE9B0 00A0F8BFE9B0
2 001570165200 001570165200
3 00A0F8B54D68 00A0F8B54D68
4 00A0F8BFEE3C 00A0F8BFEE3C
admin(network.ap)>remap 3
3-10 WS2000 Wireless Switch System Reference Guide
reset
Network AP Commands
Resets an Access Port.
Syntax
reset ap <idx>
Parameters
ap <idx> <idx> Resets the Access Port with index <idx> in the Access Port Adoption list.
Example
---------------------------------------
index start mac end mac
---------------------------------------
1 00A0F8BFE9B0 00A0F8BFE9B0
2 001570165200 001570165200
3 00A0F8B54D68 00A0F8B54D68
4 00A0F8BFEE3C 00A0F8BFEE3C
admin(network.ap)>reset ap 2
admin(network.ap)>
Network CLI Commands Reference 3-11
revert
Network AP Commands
Reverts an Access Port to an Access Point (Only on AP4131 or AP4121).
Syntax
revert ap <idx>
Parameters
ap <idx> <idx> Reverts the Access Port with index <idx> to an Access Point. Only on
AP4131 and AP 4121.
Example
admin(network.ap)>revert ap 1
admin(network.ap)>
3-12 WS2000 Wireless Switch System Reference Guide
set
Network AP Commands
Sets Access Port parameters.
Syntax
set [beacon|ch_mode|div|dtim|loc|name|primary|rate|
reg|rts|short-pre|802.1x|ap_scan|mac|radio_type|
ap_type|sip_cac_mode|allowed_sip_session]
Parameters
beacon intvl Sets the beacon interval for Access Port <idx> (112) to <interval> in K-us (50
<idx> <interval> 200).
ch_mode <idx> Sets the channel mode for Access Port <idx> (112) to fixed, random or auto.
[fixed|random|auto]
div <idx> <mode> Sets the default antenna diversity to <mode> (one of full, primary, or
secondary).
dtim <idx> Sets the DTIM period for Access Port <idx> to <period> (number of beacons from
[<period>|<bss_idx 150).
<period>]] <bss_idx> is the index of the BSSID. If not specified for the AP300, the default
value of 1 is assumed for this parameter. For other APs, the <period> value is
used for all the BSSIDs.
loc <idx> <loc> Sets Access Port <idx> location description to <loc> (113 characters).
name <idx> <name> Sets Access Port <idx> name to <name> (113 characters).
primary <idx> <widx> Sets the primary WLAN <widx> (the WLAN index from 1 to 8) for 802.11a radio
associated with Access Port <idx> (1-12). The ESS ID configured for this WLAN
will be used in the 802.11a beacon as the primary ESS.
Note: This parameter is used only for AP200 APs with 802.11a radios
rate <idx> <basic> Sets Access Port <idx> (1-12) basic and supported rates. <basic> and
<supported> <supported> must be comma-separated lists of rates, such as 6,9,11,15 with
no spaces. Basic rates are a subset of supported rates. The different types of
radio support the following rates.
A - 6|9|12|18|24|36|48|54
B - 1|2|5.5|11
G - 1|2|5.5|6|9|11|12|18|24|36|48|54
Note: For a G radio, basic rates must be a subset of B Rates in order to associate legacy
B stations.
reg <idx> <indoor> <ch> Sets Access Port <idx> (1-12)regulatory parameters, which <indoor> is one of
<pwr> in or in/out; <ch> is the channel to use, and <pwr> is the power (in dB from 4
to 20). Select the value of <ch> from the appropriate list.
802.11b ch -- 1 to 14
802.11a ch -- 36,40,44,48,52,56,60,64,149,153,157,161
Note: Regulatory parameter values depend on country of operation and radio type. Refer
to documentation for regulatory information.
rts <idx> <bytes> Sets the RTS threshold for Access Port <idx> (1-12) to <bytes> (e.g., 2341).
Network CLI Commands Reference 3-13
short-pre <idx> Enables or disables the short preamble mode for Access Port <idx> (1-12)
[enable|disable]
802.1x <username> Sets the 802.1x username and password on AP 300 Access Ports. Both
<password> parameters can be up to 64 characters long.
mac <idx> <mac> Sets the MAC address of AP <idx> (1-12) to <mac> (MAC address format is
XX:XX:XX:XX:XX:XX)
ap_scan <idx> <mode> Sets the scan mode for Rogue AP detection where <idx> (1-12) is the access
port index and <mode> is one of none, detector, on-chan, full-detector.
radio_type <idx> Sets the Radio Type of an access port where <idx> (1-12) is the access port
<radio_type> index and <radio_type> is one of 802.11a, 802.11b,
802.11b/g.
ap_type <idx> Sets the AP type of an Access Port <idx> (1-12) to AP type. AP type
<radio_type> <radio_type> is one of AP100, AP200, AP300
sip_cac_mode Enables or disables SIP Call Admission Control.
[enable|disable]
allowed_sip_session Sets the allowed number of SIP sessions for this portal. The value for
<idx> <sip_session> <sip_session> lies between 1 and 100. <idx> (1-12) is the access port index.
legacy_mode Enables or disables legacy mode support for AP300s.
[enable|disable]
mu-power-adjustment Sets Symbol MUs operating power in dBm. <ap-index> is the index of the
<ap-index> <adjvalue> Symbol AP and <adjvalue> is the MU power adjustment value in dBm (valid 0-
20)
asset-name <idx> Sets asset name for the Access Port with <idx> (1-12) with <asset-name> (1-
<asset-name> 50 characters)
Example:
admin(network.ap)>set short-pre enable
admin(network.ap)>set shor 1 enable
admin(network.ap)>set name 1 BigOffice
admin(network.ap)>set dtim 1 25
admin(network.ap)>set loc 1 BigBldg
admin(network.ap)>show ap 1
ap name : BigOffice
ap location : BigBldg
ap mac address : 00A0F8565656
ap serial number : 00A0F8565656
ap radio type : 802.11 B
adopted by : WLAN1
basic rates : 1 2
supported rates : 1 2 5.5 11
admin(network.ap)>
Network CLI Commands Reference 3-15
show
Network AP Commands
Shows Access Port parameters.
Syntax
show [ap|status|sip|legacy-mode]
Parameters
ap name : BigOffice
ap location : BigBldg
ap mac address : 00A0F8565656
ap serial number : 00A0F8565656
ap radio type : 802.11 B
adopted by : WLAN1
basic rates : 1 2
supported rates : 1 2 5.5 11
admin(network.ap)>show status
ap index : 1
ap status : connected
ap index : 2
ap status : not connected
ap index : 3
3-16 WS2000 Wireless Switch System Reference Guide
ap index : 4
ap status : not connected
ap index : 6
ap status : not connected
ap index : 7
ap status : not connected
ap index : 8
ap status : not connected
ap index : 9
ap status : not connected
ap index : 10
ap status : not connected
ap index : 11
ap status : not connected
ap index : 12
ap status : not connected
admin(network.ap)>show legacy-mode
Legacy mode is enabled.
Related Commands
default
Network AP Commands
Displays the default Access Port (AP) submenu. Use these commands to set the default values for all APs.
Syntax
admin(network.ap)> default
The items available under this command are shown below.
set
Network AP Default Commands
Sets the default Access Port parameters.
Syntax
set [beacon|ch_mode|div|dtim|primary|reg|rate|rts|short-pre|sensor-img|
ap4131-img|ap4121-img]
Parameters
beacon intvl <type> Sets the default beacon interval for specified radio type <type> (one of
<interval> 802.11a, 802.11b, or 802.11b/g) to <interval> in K-us (50200).
ch-mode <type> Sets the default channel mode for radios of <type> (one of 802.11a, 802.11b,
[fixed|random|auto] or 802.11b/g) to fixed, random, or auto.
div <type> <mode> Sets the default antenna diversity for radios of <type> (one of 802.11a,
802.11b, or 802.11b/g) to <mode> (one of full, primary, or secondary).
dtim <type> Sets the default DTIM period for radios of specified <type> (one of 802.11a,
[<bss_idx>|<period>] 802.11b, or 802.11b/g) to <period> number of beacons (150).
<bss_idx> is the index of the BSSID. If not specified for the AP300, the
default value of 1 is assumed for this parameter. For other APs, the <period>
value is used for all the BSSIDs.
primary <type> <wdix> Sets the default primary WLAN <widx> (1 to 8) for 802.11a radios of
specified <type> (one of 802.11a, 802.11b, or 802.11b/g). The ESS ID
configured for this WLAN will be used in the 802.11a beacon as the primary
ESS.
Note: This parameter is used only for AP200 APs with 802.11a radios.
rate <type> <basic> Sets the default basic and supported rates for radios of specified <type> (one
<supported> of 802.11a, 802.11b, or 802.11b/g). <basic> and <supported> must be a
comma separated list of rates, such as 6,9,11,15 with no spaces. Basic rates
are a subset of supported rates. The different types of radio support the
following rates.
A - 6|9|12|18|24|36|48|54
B - 1|2|5.5|11
G - 1|2|5.5|6|9|11|12|18|24|36|48|54
Note: For a G radio, basic rates must be a subset of B Rates in order to associate legacy
B stations.
reg <type> <indoor> <ch> Sets the default regulatory parameters for radios of specified type (one of
<pwr> 802.11a, 802.11b, or 802.11b/g), where <indoor> is one of in or in/out;
<ch> is the channel to use, and <pwr> is the power (in dB from 4 to 20).
Select the value of <ch> from the appropriate list.
802.11b ch -- 1 to 14
802.11a ch -- 36,40,44,48,52,56,60,64,149,153,157,161
Note: Note: Regulatory parameter values depend on the country of operation and radio
type. Refer to the documentation for specific regulatory information.
rts <type> <bytes> Sets the default RTS threshold for radios of specified <type> (one of 802.11a,
802.11b, or 802.11b/g) to <bytes> (e.g., 2341).
Network CLI Commands Reference 3-19
short-pre <type> By default, enables or disables the short preamble mode for radios of
[enable|disable] specified <type> (one of 802.11a, 802.11b, or 802.11b/g).
sensor-img <loc> Sets the default location of the sensor image. Location is specified in the
<loc> parameter.
ap4131-img <loc> Sets the default location <loc> of the AP 4131 image. Select from cf or def.
ap4121-img <loc> Sets the default location <loc> of the AP 4121 image. Select from cf or def.
Example
admin(network.ap.default)>set ch_mode 802.11a fixed
admin(network.ap.default)>set dtim 802.11a 10
admin(network.ap.default)>set short 802.11b/g enable
admin(network.ap.default)>show default 802.11a
ap diversity : full
basic rates : 6 12 24
supported rates : 6 9 12 18 24 36 48 54
admin(network.ap.default)>
Related Commands
show default Displays the default AP settings for a particular radio type.
3-20 WS2000 Wireless Switch System Reference Guide
loadfromcf
Network AP Default Commands
Immediately loads configured images from the CF card.
Syntax
loadfromcf
Parameters
None
Example
admin(network.ap.default)>loadfromcf
Network CLI Commands Reference 3-21
show
Network AP Default Commands
Shows the default Access Port parameters for a particular radio type.
Syntax
show [default|img-location]
Parameters
default <type> Shows the default Access Port parameters for radio type <type> (802.11a, 802.11b,
802.11bg).
img-location Shows the Sensor/Access Port image locations.
Example
admin(network.ap.default)>set ch_mode 802.11a fixed
admin(network.ap.default)>set dtim 802.11a 10
admin(network.ap.default)>set short 802.11b/g enable
admin(network.ap.default)>show default 802.11a
ap diversity : full
basic rates : 6 12 24
supported rates : 6 9 12 18 24 36 48 54
set Sets the default parameters for the specified radio type.
3-22 WS2000 Wireless Switch System Reference Guide
test
Network AP Commands
Displays the test submenu.
Syntax
admin(network.ap)> test
admin(network.ap.test)>
The items available under this command are shown below
new
Network AP Test Commands
Switches the specified Access Port to a new channel.
Syntax
new <idx> <ch>
Parameters
<idx> <ch> Switches the Access Port indexed with <idx> (112) to channel <ch> (which must be
a valid channel for the specified Access Port.
Example
admin(network.ap.test)>new 2 15
admin(network.ap.test)>
3-24 WS2000 Wireless Switch System Reference Guide
selfheal
Network AP Commands
Displays the selfheal submenu.
Syntax
admin(network.ap)> selfheal
The items available under this menu are shown below.
set
Network AP Selfheal commands
Sets the different self-heal parameters.
Syntax
set [interference-avoidance|neighbor-recovery]
Parameters
detect-neighbor
Network AP Selfheal commands
Detects the neighbor devices.
Syntax
detect-neighbor
Parameters
None
Example
admin(network.ap.selfheal)>detect-neighbor
admin(network.ap.selfheal)>
Network CLI Commands Reference 3-27
add
Network AP Selfheal commands
Adds entries into the selfheal AP-AP neighbor table.
Syntax
add <from-ap> <to-ap>
Parameters
<from-ap> <to-ap> Adds the specified APs into the neighbor-recovery table. <from-ap> and <to-
ap> accepts values 1 to 12 and all. all indicates all the APs.
Example
admin(network.ap.selfheal)>add 2 4
admin(network.ap.selfheal)>show
FROM-AP TO-AP
2 4
4 2
del
Network AP Selfheal commands
Deletes entries from the selfheal AP-AP neighbor table.
Syntax
del <from-ap> <to-ap>
Parameters
<from-ap> <to-ap> Removes the specified APs from the neighbor-recovery table. <from-ap> and
<to-ap> accepts values 1 to 12 and all. all indicates all the APs.
Example
admin(network.ap.selfheal)> del 2 4
admin(network.ap.selfheal)> show
FROM-AP TO-AP
show
Network AP Selfheal commands
Shows the selfheal parameter details.
Syntax
show
Parameters
None
Example
admin(network.ap.selfheal)>show
FROM-AP TO-AP
1 2
2 1
denyap
Network AP Commands
Displays the denyap submenu. Use the denyap submenu to manage APs that have been denied access to the
switch.
Syntax
admin(network.ap)> denyap
admin(network.ap.denyap)>
The items available under this menu are shown below.
add
Network AP Denyap Commands
Add entries to the Access Port Deny List.
Syntax
add <mac>
Parameters
<mac> Adds the MAC specified in the <mac> parameter to the Access Port Deny List. MAC
entries are to be entered without the :. For example 00b4c2114534.
Example
admin(network.ap.denyap)>add 00b4c2114534
admin(network.ap.denyap)>
admin(network.ap.denyap)>show
-------------------------------------------------------------------------
Idx AP NIC MAC
-------------------------------------------------------------------------
1 00b4c2114535
2 00b4c2114534
admin(network.ap.denyap)>
3-32 WS2000 Wireless Switch System Reference Guide
delete
Network AP Denyap Commands
Deletes an entry in the Access Port Deny List.
Syntax
delete [<mac>|all]
Parameters
<mac> Deletes the MAC specified in the <mac> parameter from the Access Port Deny List.
all Deletes all the entries in the Access Port Deny List
Example
admin(network.ap.denyap)>show
-------------------------------------------------------------------------
Idx AP NIC MAC
-------------------------------------------------------------------------
1 00b4c2114535
2 00b4c2114534
admin(network.ap.denyap)>delete 00b4c2114535
admin(network.ap.denyap)>show
-------------------------------------------------------------------------
Idx AP NIC MAC
-------------------------------------------------------------------------
1 00b4c2114534
Network CLI Commands Reference 3-33
show
Network AP Denyap Commands
Displays the Access Port Deny List.
Syntax
show
Parameters
None
Example
admin(network.ap.denyap)>show
----------------------------------------------------------------------
Idx AP NIC MAC
----------------------------------------------------------------------
1 00b4c2114535
2 00b4c2114534
3-34 WS2000 Wireless Switch System Reference Guide
smartscan
Network AP Commands
Displays the smartscan submenu.
Syntax
admin(network.ap)> smartscan
admin(network.ap.smartscan)>
set
Network AP Smartscan Commands
Sets the smartscan channels. These channels are the ones that are scanned for presence of WLANs.
Syntax
set [11a <11a>|11bg <11bg>]
Parameters
11a <11a> Sets the smart scan channel list for the 5 GHz band. Channel list <11a> should
be a comma separated list. For example, 36,40,44,48
11bg <11bg> Sets the smart scan channel list for the 2.4 GHz band. Channel list <11bg>
should be a comma separated list. For example, 1-4,6,8
Note: When using a range for selecting multiple channels, all the channels that are
included in the range should be valid channel numbers for the current regulatory domain.
Example
admin<network.ap.smartscan>> set 11bg 1-6,8,10-12
admin(network.ap.smartscan)> show all
smart scan 11a channels :
smart scan 11bg channels : 1 2 3 4 5 6 8 10 11 12
Available valid 11a channels : 36 40 44 48 52 56 60 64 149 153 157
161 165
Available valid 11bg channels : 1 2 3 4 5 6 7 8 9 10 11 12 13
3-36 WS2000 Wireless Switch System Reference Guide
delete
Network AP Smartscan Commands
Deletes all the channels in the smartscan list for a specific radio.
Syntax
delete [11a <11a>|11bg <11bg>]
Parameters
11a <11a> Sets the smart scan channel list for the 5 GHz band. Channel list <11a> should be a
comma separated list. For example, 36,40,44,48
11bg <11bg> Sets the smart scan channel list for the 2.4 GHz band. Channel list <11bg> should be a
comma separated list. For example, 1-4,6,8
Note: When using a range for selecting multiple channels, all the channels that are included in
the range should be valid channel numbers for the current regulatory domain.
Example
admin(network.ap.smartscan)> show all
smart scan 11a channels :
smart scan 11bg channels : 1 2 3 4 5 6 8 10 11 12
Available valid 11a channels : 36 40 44 48 52 56 60 64 149 153 157
161 165
Available valid 11bg channels : 1 2 3 4 5 6 7 8 9 10 11 12 13
admin(network.ap.smartscan)> delete 11bg
admin(network.ap.smartscan)> show all
smart scan 11a channels :
smart scan 11bg channels :
Available valid 11a channels : 36 40 44 48 52 56 60 64 149 153 157
161 165
Available valid 11bg channels : 1 2 3 4 5 6 7 8 9 10 11 12 13
admin(network.ap.smartscan)>
Network CLI Commands Reference 3-37
show
Network AP Smartscan Commands
Displays the list of channels used for smartscan for the different radios.
Syntax
show [all]
Parameters
test
Network AP Commands
Displays the test submenu. Use this submenu commands to test APs.
Syntax
admin(network.ap)> test
admin(network.ap.test)>
new
Network AP Test Commands
Switches AP to a new channel.
Syntax
test <idx> <ch>
Parameters
<idx> The access port index for which the channel has to be changed
<ch> The channel to change to. This must be a channel that is valid for the selected AP <idx>.
Example
admin(network.ap.test)> new 1 24
admin(network.ap.test)>
3-40 WS2000 Wireless Switch System Reference Guide
mesh
Network AP Commands
Displays the mesh submenu. Use this menu to configure the different Mesh Network parameters.
Syntax
admin(network.ap)> mesh
admin(network.ap.mesh)>
The items available under this command are shown below.
set
Network AP Mesh Commands
Sets the mesh related parameters.
Syntax
set [client|vlan|auto|base|max-clients]
Parameters
client <radio-idx> Enables or disables the mesh client for the radio with the index
[enable|disable] <radio-idx> (1-12).
wlan <radio-idx> <wlan-id> Selects the WLAN <wlan-id> (1-8) for the mesh client radio index
<radio-idx> (1-12).
auto <radio-idx> Enables or disables automatic base selection for the radio with the index
[enable|disable] <radio-idx> (1-12).
base <radio-idx> Enables or disables the radio <radio-idx> (1-12) as the mesh base.
[enable|disable]
max-clients <radio-idx> Sets the maximum number of client <max-clients> for the radio
<max-clients> <radio-idx> (1-12).
Example
admin(network.ap.mesh)> set client 1 enable
admin(network.ap.mesh)> show 1
-------------------------------------------------------------------------
"Mode" "WLAN" "Base Auto Selection" "Max Clients"
-------------------------------------------------------------------------
Client Only WLAN1 Enabled N/A
admin(network.ap.mesh)> set base 1 enable
admin(network.ap.mesh)> show 1
-------------------------------------------------------------------------
"Mode" "WLAN" "Base Auto Selection" "Max Clients"
-------------------------------------------------------------------------
Base and Client WLAN1 Enabled 6
admin(network.ap.mesh)> set wlan 1 3
admin(network.ap.mesh)> show 1
-------------------------------------------------------------------------
"Mode" "WLAN" "Base Auto Selection" "Max Clients"
-------------------------------------------------------------------------
Base and Client WLAN3 Enabled 6
admin(network.ap.mesh)> set max-clients 1 4
admin(network.ap.mesh)> show 1
-------------------------------------------------------------------------
"Mode" "WLAN" "Base Auto Selection" "Max Clients"
-------------------------------------------------------------------------
Base and Client WLAN3 Enabled 4
3-42 WS2000 Wireless Switch System Reference Guide
admin(network.ap.mesh)>
Network CLI Commands Reference 3-43
add
Network AP Mesh Commands
Adds a preferred base to the devices Preferred Base Bridge List.
Syntax
add <radio-idx> <mac>
Parameters
<radio-idx> Adds the base to the devices Preferred Base Bridge List. The <radio-idx> (1-12) is the
<mac> unique ID for the radio. <mac> is the address of the base device to be added to the
list.
Example
admin(network.ap.mesh)> add 3 001570419F9F
admin(network.ap.mesh)> preferred-list 3
-------------------------------------------------------------------------
"Priority" "Base MAC"
-------------------------------------------------------------------------
1 00:15:70:41:9F:9F
admin(network.ap.mesh)>
Related Commands
del
Network AP Mesh Commands
Removes a Mesh Base from the devices Preferred Base Bridge List.
Syntax
del [<radio-idx>] [all|<index>]
Parameters
<radio-idx> Removes all preferred bases from the devices Preferred Base Bridge List for the
[all|<index>] radio specified by the <radio-idx> (1-12).
all Indicates all the preferred base devices.
<index> Indicates the selected preferred base device.
Example
admin(network.ap.mesh)> preferred-list 3
-------------------------------------------------------------------------
"Priority" "Base MAC"
-------------------------------------------------------------------------
1 00:15:70:41:9F:9F
2 00:15:45:70:9C:8D
3 15:03:54:07:23:45
admin(network.ap.mesh)> del 3 2
admin(network.ap.mesh)> preferred-list 3
-------------------------------------------------------------------------
"Priority" "Base MAC"
-------------------------------------------------------------------------
1 00:15:70:41:9F:9F
2 15:03:54:07:23:45
admin(network.ap.mesh)>
Related Commands
preferred-list
Network AP Mesh Commands
Displays the Preferred Base Bridge List for the device
Syntax
preferred-list <radio-idx>
Parameters
<radio-idx> Displays the selected radios (<radio-idx> (1-12)) Preferred Base Bridge List.
Example
admin(network.ap.mesh)> preferred-list 3
-------------------------------------------------------------------------
"Priority" "Base MAC"
-------------------------------------------------------------------------
1 00:15:70:41:9F:9F
2 00:15:45:70:9C:8D
3 15:03:54:07:23:45
admin(network.ap.mesh)>
Related Commands
available-list
Network AP Mesh Commands
Displays the list of available base bridges along with their MAC addresses and the RSSI.
Syntax
available-list <radio-idx>
Parameters
<radio-idx> Displays the available base bridges for a particular radio indicated by the <radio-idx>
(1-12) value.
Example
admin(network.ap.mesh)> available-list 3
-------------------------------------------------------------------------
"MAC" "Channel" "RSSI"
-------------------------------------------------------------------------
00:15:70:41:9A:9A 11 189
admin(network.ap.mesh)>
Related Commands
show
Network AP Mesh Commands
Displays the mesh details for a particular radio.
Syntax
show <radio-idx>
Parameters
<radio-idx> Displays the mesh configuration information for the radio indicated by the
<radio-idx> (1-12) value.
Example
admin(network.ap.mesh)> show 3
-------------------------------------------------------------------------
"Mode" "WLAN" "Base Auto Selection" "Max Clients"
-------------------------------------------------------------------------
Base and Client WLAN2 Enabled 4
3-48 WS2000 Wireless Switch System Reference Guide
dhcp
network
Displays the DHCP submenu.
Syntax
admin(network)> dhcp
admin(network.dhcp)>
set
Network DCHP Commands
Sets parameters for automated firmware and configuration upgrades.
Syntax
set [firmwareupgrade|configureupgrade|interface|
dhcpvendorclassid|autoupgradeinterval]
firmwareupgrade [0|1] Enables (1) or disables (0) automatic switch firmware upgrade.
configupgrade [0|1] Enables (1) or disables (0) automatic switch configuration update.
interface <iface> Sets the interface <iface> for the upgrades to the device:
s1 subnet 1
s2 subnet 2
s3 subnet 3
s4 subnet 4
s5 subnet 5
s6 subnet 6
w WAN
dhcpvendorclassid Sets the DHCP vendor class id to <dhcp vendor class id>.
<dhcp vendor class id> Note: Vendor class id must be preceded by Sym.
autoupgradeinterval Sets the Light Weight DHCP Client Auto Upload time interval to
<autoupgradeinterval> <autoupgradeinterval> (1-65535) seconds.
Example
admin(network.dhcp)>show all
admin(network.dhcp)>set firmwareupgrade 1
admin(network.dhcp)>set con 1
admin(network.dhcp)>set inter s1
admin(network.dhcp)>show all
Related Commands
show all Shows the settings for all the automatic update parameters.
3-50 WS2000 Wireless Switch System Reference Guide
show
Network DCHP Commands
Displays system updated flags.
Syntax
show all
Parameters
Related Commands
set Sets the DHCP-related parameters for updating system firmware and configuration.
Network CLI Commands Reference 3-51
fw
network
Displays the firewall submenu.
Syntax
admin(network)> fw
admin(network.fw)>
The items available under this command are shown below.
set
Network Firewall Commands
Sets firewall parameters. In the Web interface, this functionality is provide by the Network->Firewall screen.
Syntax
set [mode|override|ftp|ip|seq|src|syn|win|spoof|rst|
range|netbios-alg] [enable|disable]
Parameters
Related Commands
show
Network Firewall Commands
Displays the firewall parameters.
Syntax
show all
Parameters
admin(network.fw)>
Related Commands
timeradd
Network Firewall Commands
Adds a new named timeout value.
Syntax
timeradd <name> <protocol> <port> <value>
Parameters
admin(network.fw)
3-56 WS2000 Wireless Switch System Reference Guide
timerdel
Network Firewall Commands
Deletes a named timeout value.
Syntax
timerdell <timer name>
Parameters
admin(network.fw)timerdel newtcp
admin(network.fw)>timerlist
-----------------------------------------------------------
Name Protocol Port Timeout ( Secs )
-----------------------------------------------------------
newudp udp 21 4500
Network CLI Commands Reference 3-57
timerlist
Network Firewall Commands
Displays all named time outs.
Syntax
timerlist
Parameters
None
Example
admin(network.fw)>timerlist
-----------------------------------------------------------
Name Protocol Port Timeout ( Secs )
-----------------------------------------------------------
newtcp tcp 21 4500
newudp udp 21 4500
admin(network.fw)
3-58 WS2000 Wireless Switch System Reference Guide
timerset
Network Firewall Commands
Sets the timeout value for a named timer.
Syntax
timerset <timer name> <value>
Parameters
timerset <timer name> Sets the timer value <value> (60-268400000) for a timer named
<value> <timer name>.
Example
admin(network.fw)>timerset newudp 5000
admin(network.fw)>timerlist
-----------------------------------------------------------
Name Protocol Port Timeout ( Secs )
-----------------------------------------------------------
newtcp tcp 21 4500
newudp udp 21 5000
Network CLI Commands Reference 3-59
ips
Network Firewall Commands
Displays the firewall Intrusion Prevention System (IPS) submenu.
Syntax
admin(network.fw)> ips
admin(network.fw.ips)>
set
Network Firewall Intrusion Prevention System Commands
Sets the Intrusion Prevention System (IPS) parameters.
Syntax
set [mode|anomaly-config|signature-categories|direction]
show
Network Firewall Intrusion Prevention System Commands
Displays the Intrusion Prevention System (IPS) configurations.
Syntax
show all
Parameters
policy
Network Firewall Commands
Displays the firewall policy submenu.
Syntax
admin(network.fw)> policy
admin(network.fw.policy)>
NOTE: The Policy menu can only be accessed when Subnet Access Override mode
is enabled. To enable Subnet Access Override use the command
admin(network.fw)> set override enable
import
Network Firewall Policy Commands
Imports subnet access rules from current subnet access settings created in the GUI interface (Network->
Firewall -> Subnet Access menu item) or using the CLI submap menu commands. Previously set outbound
firewall policies will be deleted.
Syntax
import
Parameters
None
Example
admin(network.fw.policy)>import
WARNING : You will loose all your current advanced access policies.
Do you want to continue [n/y]?y
admin(network.fw.policy)>
admin(network.fw.policy.outb)>list
-------------------------------------------------------------------------
----
Idx Src IP-Netmask Dst IP-Netmask Tp Src Ports Dst Ports NAT Action
-------------------------------------------------------------------------
----
1 192.168.0.1- 192.168.1.1- all 1:65535 1:65535 none allow
255.255.255.0 255.255.255.0
2 192.168.0.1- 192.168.2.1- all 1:65535 1:65535 none allow
255.255.255.0 255.255.255.0
3 192.168.1.1- 192.168.0.1- all 1:65535 1:65535 none allow
255.255.255.0 255.255.255.0
4 192.168.1.1- 192.168.2.1- all 1:65535 1:65535 none allow
255.255.255.0 255.255.255.0
5 192.168.2.1- 192.168.0.1- all 1:65535 1:65535 none allow
255.255.255.0 255.255.255.0
6 192.168.2.1- 192.168.1.1- all 1:65535 1:65535 none allow
255.255.255.0 255.255.255.0
7 192.168.0.0- 192.168.32.2- all 1:65535 1:65535 none allow
255.255.255.0 255.255.255.0
8 192.168.0.0- 0.0.0.0- all 1:65535 1:65535 wan1 allow
255.255.255.0 0.0.0.0
9 192.168.1.0- 0.0.0.0- all 1:65535 1:65535 none allow
255.255.255.0 0.0.0.0
10 192.168.2.0- 0.0.0.0- all 1:65535 1:65535 none allow
255.255.255.0 0.0.0.0
Related Commands
submap > list Lists the currently defined subnet to subnet/WAN communication rules into the
outbound firewall policy list.
outb > list Lists the current outbound firewall policies.
Network CLI Commands Reference 3-65
inbound
Network Firewall Policy Commands
Displays the inbound policy submenu.
Syntax
admin(network.fw.policy)> inb
admin(network.fw.policy.inb)>
add
Network Firewall Policy Inbound Commands
Adds an inbound firewall policy.
Syntax
add <sip> <netmask> <dip> <dnetmask>
Parameters
<sip> <netmask> Adds a firewall policy to be effective on communications between a source site
<dip> <dnetmask> and a destination site.
<sip> The source IP
<snetmask> The source IPs network mask
<dip> The destination site IP
<dnetmask> The destination IPs network mask
Example
admin(network.fw.policy.inb)>add 192.168.24.0 255.255.255.0
209.239.170.45 255.2 55.255.224
Related Commands
delete
Network Firewall Policy Inbound Commands
Deletes a firewall policy.
Syntax
delete [all|<idx>]
Parameters
<idx> Deletes inbound firewall policy <idx> from the policy list.
all Deletes all inbound firewall policies.
Example
admin(network.fw.policy.inb)>list
-------------------------------------------------------------------------
Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action
-------------------------------------------------------------------------
1 209.239.179.52- 168.192.56.4- all 1: 1: 0.0.0.0 deny
255.255.255.224 255.255.255.0 65535 65535 nat port 0
2 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow
255.255.255.224 255.255.255.0 201 nat port 0
admin(network.fw.policy.inb)>del 1
admin(network.fw.policy.inb)>list
-------------------------------------------------------------------------
Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action
-------------------------------------------------------------------------
1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow
255.255.255.224 255.255.255.0 201 nat port 0
3-68 WS2000 Wireless Switch System Reference Guide
insert
Network Firewall Policy Inbound Commands
Inserts a new firewall policy before an existing policy.
Syntax
insert <idx> <sip> <snetmask> <dip> <dnetmask>
Parameters
<idx> <sip> Inserts a new policy into the inbound firewall policy list at a specified index.
<snetmask> <dip>
<dnetmask>
<idx> The index in the firewall policy list where this policy is to be inserted.
<sip> The source IP
<snetmask> The source IPs network mask
<dip> The destination site IP
<dnetmask> The destination IPs network mask
Example
admin(network.fw.policy.inb)>list
-------------------------------------------------------------------------
Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action
-------------------------------------------------------------------------
1 209.239.170.88- 192.168.42.2- all 1: 1: 0.0.0.0 deny
255.255.255.224 255.255.255.0 65535 65535 nat port 0
admin(network.fw.policy.inb)>insert 1 209.239.160.44 255.255.255.224
192.168.55.
44 255.255.255.0
Inbound Policy Successfully inserted at index 1
admin(network.fw.policy.inb)>list
-------------------------------------------------------------------------
Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action
-------------------------------------------------------------------------
1 209.239.160.44- 192.168.55.44- all 1: 1: 0.0.0.0 deny
255.255.255.224 255.255.255.0 65535 65535 nat port 0
2 209.239.170.88- 192.168.42.2- all 1: 1: 0.0.0.0 deny
255.255.255.224 255.255.255.0 65535 65535 nat port 0
Network CLI Commands Reference 3-69
list
Network Firewall Policy Inbound Commands
Lists inbound firewall policies.
Syntax
list {<idx>}
Parameters
admin(network.fw.policy.inb)>list
-------------------------------------------------------------------------
Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT
Action
-------------------------------------------------------------------------
1 192.168.24.0- 209.239.170.45- all 1: 1: 0.0.0.0
deny
255.255.255.0 255.255.255.224 65535 65535 nat port 0
3-70 WS2000 Wireless Switch System Reference Guide
move
Network Firewall Policy Inbound Commands
Moves a firewall policy to a different position in the list and renumbers all affected items in the list.
Syntax
move [up|down] <idx>
Parameters
[up|down] <idx> Moves policy with index <idx> up or down one (to a lower or a higher number) in
the policy list.
Example
admin(network.fw.policy.inb)>list
----------------------------------------------------------------------
Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action
-------------------------------------------------------------------------
1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow
255.255.255.224 255.255.255.0 201 nat port 0
set
Network Firewall Policy Inbound Commands
Sets inbound firewall policy parameters.
Syntax
set [saddr|daddr|tp|sport}dport|rnat|rport|action|logging]
Parameters
saddr <idx> <Ip Addr> Sets source IP address <Ip Addr> and IP netmask <netmask> for inbound
<netmask> firewall policy <idx>.
daddr <idx> <Ip Addr> Sets destination IP address <Ip Addr> and IP netmask <netmask> for
<netmask> inbound firewall policy <idx>.
tp <idx> <tp> Sets transport protocol for inbound firewall policy <idx> to <tp> (one of all,
tcp, udp, icmp, ah, esp, gre).
sport <idx> <port1> Sets source port range for inbound firewall policy <idx> from <port1>
[<port2>] (165535) to <port2> (165535). If <port2> is not specified, <port1> is used
as the top end of the range.
dport <idx> <port1> Sets destination port range for inbound firewall policy <idx> from <port1> (1
[<port2>] 65535) to <port2> (165535). If <port2> is not specified, <port1> is used as
the top end of the range.
rnat <idx> <Ip Addr> Sets reverse NAT IP address for inbound firewall policy <idx> to
<Ip Addr> (a.b.c.d).
rport <idx> <rport> Sets reverse NAT port for inbound firewall policy <idx> to <rport>
(065535).
action <idx> [allow|deny] Sets action of inbound firewall policy <idx> to allow or deny.
Example
admin(network.fw.policy.inb)>set tp 1 gre
admin(network.fw.policy.inb)>list
-------------------------------------------------------------------------
Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action
-------------------------------------------------------------------------
1 209.239.160.202- 168.192.36.4- gre 1: 1: 0.0.0.0 deny
255.255.255.224 255.255.255.0 65535 65535 nat port 0
admin(network.fw.policy.inb)>set sport 1 20 21
admin(network.fw.policy.inb)>set dport 1 200 201
admin(network.fw.policy.inb)>set action 1 allow
admin(network.fw.policy.inb)>list
-------------------------------------------------------------------------
Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action
-------------------------------------------------------------------------
1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow
255.255.255.224 255.255.255.0 201 nat port 0
3-72 WS2000 Wireless Switch System Reference Guide
outbound
Network Firewall Policy Commands
Displays the outbound policy submenu.
Syntax
admin(network.fw.policy)> outbound
admin(network.fw.policy.outbound)>
The items available under this command are shown below.
add
Network Firewall Policy Outbound Commands
Adds an outbound firewall policy.
Syntax
add <sip> <netmask> <dip> <netmask>
Parameters
<sip> <netmask> Adds a firewall policy to be effective on communications between a source site
<dip> <dnetmask> and a destination site.
<sip> The source IP
<snetmask> The source IPs network mask
<dip> The destination site IP
<dnetmask> The destination IPs network mask
Example
admin(network.fw.policy.outb)>add 192.168.24.0 255.255.255.0
209.239.170.45 255.255.255.224
Related Commands
delete
Network Firewall Policy Outbound Commands
Deletes an outbound firewall policy.
Syntax
delete [all|<idx>]
Parameters
<idx> Deletes inbound firewall policy <idx> from the policy list.
all Deletes all outbound firewall policies.
Example
admin(network.fw.policy.outb)>list
-------------------------------------------------------------------------
----
Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action
-------------------------------------------------------------------------
----
1 209.239.179.52- 168.192.56.4- all 1: 1: 0.0.0.0 deny
255.255.255.224 255.255.255.0 65535 65535 nat port 0
2 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow
255.255.255.224 255.255.255.0 201 nat port 0
admin(network.fw.policy.outb)>del 1
admin(network.fw.policy.outb)>list
-------------------------------------------------------------------------
----
Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action
-------------------------------------------------------------------------
----
1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow
255.255.255.224 255.255.255.0 201 nat port 0
Network CLI Commands Reference 3-75
insert
Network Firewall Policy Outbound Commands
Inserts a new outbound firewall policy before an existing policy.
Syntax
insert <idx> <sip> <netmask> <dip> <netmask>
Parameters
<idx> <sip> Inserts a new policy into the outbound firewall policy list at a specified index.
<snetmask> <dip>
<dnetmask>
<idx> The index in the firewall policy list where this policy is to be inserted.
<sip> The source IP
<snetmask> The source IPs network mask
<dip> The destination site IP
<dnetmask> The destination IPs network mask
Example
admin(network.fw.policy.outb)>list
-------------------------------------------------------------------------
Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action
-------------------------------------------------------------------------
1 209.239.170.88- 192.168.42.2- all 1: 1: 0.0.0.0 deny
255.255.255.224 255.255.255.0 65535 65535 nat port 0
admin(network.fw.policy.outb)>insert 1 209.239.160.44 255.255.255.224
192.168.55.
44 255.255.255.0
Outbound Policy Successfully inserted at index 1
admin(network.fw.policy.outb)>list
-------------------------------------------------------------------------
Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action
-------------------------------------------------------------------------
1 209.239.160.44- 192.168.55.44- all 1: 1: 0.0.0.0 deny
255.255.255.224 255.255.255.0 65535 65535 nat port 0
2 209.239.170.88- 192.168.42.2- all 1: 1: 0.0.0.0 deny
255.255.255.224 255.255.255.0 65535 65535 nat port 0
3-76 WS2000 Wireless Switch System Reference Guide
list
Network Firewall Policy Outbound Commands
Lists outbound firewall policies.
Syntax
list {<idx>}
Parameters
admin(network.fw.policy.outb)>list
-------------------------------------------------------------------------
Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT
Action
-------------------------------------------------------------------------
1 192.168.24.0- 209.239.170.45- all 1: 1: 0.0.0.0
deny
255.255.255.0 255.255.255.224 65535 65535 nat port 0
Network CLI Commands Reference 3-77
move
Network Firewall Policy Outbound Commands
Moves an outbound firewall policy up or down in the policy list and renumbers the policy affected by the
move.
Syntax
move [up|down] <idx>
Parameters
[up|down] <idx> Moves policy with index <idx> up or down one (to a lower or a higher number) in
the policy list.
Example
admin(network.fw.policy.outb)>list
-------------------------------------------------------------------------
Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action
-------------------------------------------------------------------------
1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow
255.255.255.224 255.255.255.0 201 nat port 0
set
Network Firewall Policy Outbound Commands
Sets firewall policy parameters.
Syntax
set [saddr|daddr|tp|sport|dport|nat|action|logging]
Parameters
saddr <idx> <Ip Addr> Sets source IP address <Ip Addr> and IP netmask <netmask> for outbound
<netmask> firewall policy <idx>.
daddr <idx> <Ip Addr> Sets destination IP address <Ip Addr> and IP netmask <netmask> for
<netmask> outbound firewall policy <idx>.
tp <idx> <tp> Sets transport protocol for outbound firewall policy <idx> to <tp> (one of all,
tcp, udp, icmp, ah, esp, gre).
sport <idx> <port1> Sets source port range for outbound firewall policy <idx> from <port1>
[<port2>] (165535) to <port2> (165535). If <port2> is not specified, <port1> is used
as the top end of the range.
dport <idx> <port1> Sets destination port range for outbound firewall policy <idx> from <port1>
[<port2>] (165535) to <port2> (165535). If <port2> is not specified, <port1> is used
as the top end of the range.
nat <idx> <wan id> Sets NAT WAN ID for outbound firewall policy <idx> to
<wan id> (0-8) where 0 = none, 1 = WAN 1, 2 = WAN 2, etc.
action <idx> [allow|deny] Sets action of outbound firewall policy <idx> to allow or deny.
logging <idx> Sets logging of outbound firewall policy <idx> to enable or disable.
[enable|disable]
Example
admin(network.fw.policy.outb)>set tp 1 gre
admin(network.fw.policy.outb)>list
-------------------------------------------------------------------------
Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action
-------------------------------------------------------------------------
1 209.239.160.202- 168.192.36.4- gre 1: 1: 0.0.0.0 deny
255.255.255.224 255.255.255.0 65535 65535 nat port 0
admin(network.fw.policy.outb)>set sport 1 20 21
admin(network.fw.policy.outb)>set dport 1 200 201
admin(network.fw.policy.outb)>set action 1 allow
admin(network.fw.policy.outb)>list
-------------------------------------------------------------------------
Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action
-------------------------------------------------------------------------
1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow
255.255.255.224 255.255.255.0 201 nat port 0
Network CLI Commands Reference 3-79
submap
Network Firewall Commands
Displays the subnet mapping submenu.
Syntax
admin(network.fw)> submap
admin(network.fw.submap)>
NOTE: The submap menu can only be accessed when Subnet Access Override
mode is disabled. To disable Subnet Access Override use the command
admin(network.fw)> set override disable
add
Network Firewall Submap Commands
Adds subnet access exception rules.
Syntax
add <from> <to> <name> <tran> <port1> <port2>
Parameters
add <from> <to> Adds a subnet access exception rule for communication.
<name> <tran> <from> The source subnet (one of s1 = subnet1, s2 =
<port1> <port2> subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 =
subnet6)
<to> The destination subnet (one of s1 = subnet1, s2 =
subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 =
subnet6, w=WAN)
<name> The name of this exception rule.
(1-7 characters)
<trans> The transport protocol to deny access. (one of
the following transport protocols: tcp, udp, icmp, ah,
esp, gre, or all)
<port1> <port2> Ports in the range <port1> to
<port2>
Example
admin(network.fw.submap)>add s1 w test gre 21 101
admin(network.fw.submap)>list s1
-------------------------------------------------------------------------
index from to name prot start port end port
-------------------------------------------------------------------------
1 subnet1 wan test gre 21 101
admin(network.fw.submap)>add s1 s2 test2 ah 20 80
admin(network.fw.submap)>add s2 s3 test3 all 20 300
admin(network.fw.submap)>list s1
-------------------------------------------------------------------------
index from to name prot start port end port
-------------------------------------------------------------------------
1 subnet1 wan test gre 21 101
2 subnet1 subnet2 test2 ah 20 80
Network CLI Commands Reference 3-81
admin(network.fw.submap)>list s2
-------------------------------------------------------------------------
index from to name prot start port end port
-------------------------------------------------------------------------
1 subnet2 subnet3 test3 all 20 300
admin(network.fw.submap)>delete s2 all
admin(network.fw.submap)>list s2
-------------------------------------------------------------------------
index from to name prot start port end port
-------------------------------------------------------------------------
3-82 WS2000 Wireless Switch System Reference Guide
delete
Network Firewall Submap Commands
Deletes subnet access exception rules.
Syntax
delete <from> [<idx>|all]
Parameters
<from> [<idx>|all] <idx> Deletes access exception rule entry <idx> from subnet <from> (one
of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6
= subnet6).
all Deletes all access exception rule entries from subnet <from> (one of s1
= subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 =
subnet6).
Example
admin(network.fw.submap)>list s1
-------------------------------------------------------------------------
index from to name prot start port end port
-------------------------------------------------------------------------
1 subnet1 wan test gre 21 101
2 subnet1 subnet2 test2 ah 20 80
admin(network.fw.submap)>delete s1 2
admin(network.fw.submap)>list s1
-------------------------------------------------------------------------
index from to name prot start port end port
-------------------------------------------------------------------------
1 subnet1 wan test gre 21 101
admin(network.fw.submap)>list s2
-------------------------------------------------------------------------
index from to name prot start port end port
-------------------------------------------------------------------------
1 subnet2 subnet3 test3 all 20 300
admin(network.fw.submap)>delete s2 all
admin(network.fw.submap)>list s2
-------------------------------------------------------------------------
index from to name prot start port end port
-------------------------------------------------------------------------
Network CLI Commands Reference 3-83
list
Network Firewall Submap Commands
Lists subnet access exception rules.
Syntax
list <from>
Parameters
<from> Lists the access exception entries for <from> (one of s1 = subnet1, s2 = subnet2, s3 = subnet3,
s4 = subnet4, s5 = subnet5, s6 = subnet6).
Example
admin(network.fw.submap)>list s1
-------------------------------------------------------------------------
index from to name prot start port end port
-------------------------------------------------------------------------
1 subnet1 wan test gre 21 101
admin(network.fw.submap)>add s1 s2 test2 ah 20 80
admin(network.fw.submap)>add s2 s3 test3 all 20 300
admin(network.fw.submap)>list s1
-------------------------------------------------------------------------
index from to name prot start port end port
-------------------------------------------------------------------------
1 subnet1 wan test gre 21 101
2 subnet1 subnet2 test2 ah 20 80
admin(network.fw.submap)>list s2
-------------------------------------------------------------------------
index from to name prot start port end port
-------------------------------------------------------------------------
1 subnet2 subnet3 test3 all 20 300
admin(network.fw.submap)>delete s2 all
admin(network.fw.submap)>list s2
-------------------------------------------------------------------------
index from to name prot start port end port
3-84 WS2000 Wireless Switch System Reference Guide
set
Network Firewall Submap Commands
Sets a default subnet access rule to allow or deny communication.
Syntax
set [default|subnet-logging|logging]
Parameters
admin(network.fw.submap)>
Network CLI Commands Reference 3-85
show
Network Firewall Submap Commands
Displays default subnet access exception rules for indicated subnet.
Syntax
show default <from>
Parameters
default <from> Shows all default access exception rules for subnet <from> (one of s1 = subnet1, s2 =
subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6) to all other subnets.
Example
admin(network.fw.submap)>set default s2 w deny
admin(network.fw.submap)>set default s2 s4 deny
admin(network.fw.submap)>set subnet-logging s2 s3 enable
admin(network.fw.submap)>set logging s1 s2 s1s2allow default
admin(network.fw.submap)>show default s2
-------------------------------------------------------------------------
wan subnet1 subnet2 subnet3 subnet4 subnet5
subnet6
-------------------------------------------------------------------------
deny allow allow allow deny allow
allow
(log enabled)
admin(network.fw.submap)>
3-86 WS2000 Wireless Switch System Reference Guide
lan
network
Displays the LAN submenu.
Syntax
admin(network)>lan
admin(network.lan)>
set
Network LAN Commands
Sets the LAN parameters for the six subnets.
Syntax
set [ipadr|mask|dgw|mode|name|port|wlan|stp]
Parameters
ipadr <idx> <ip> Sets the IP address of subnet <idx> (16) to the IP address <ip> in the form
a.b.c.d.
mask <idx> <netmask> Sets the netmask of subnet <idx> (16) to IP address mask <netmask> in the
form a.b.c.d.
dgw <idx> <ip> Sets the default gateway for the subnet <idx> (1-6) to the IP <ip>.
mode <idx> Enables or disables the subnet identified by <idx> (16).
[enable|disable]
name <idx> <name> Sets the name of the subnet <idx>(16) to <name> (can be up to 7 characters).
port <port> <subnet> Assigns port <port>(16) to the subnet indicated by <subnet> (none, s1, s2,
s3, s4, s5, s6). Unassigns a port with <subnet> = none.
wlan <wlan> <subnet> Assigns WLAN number <wlan> to the subnet indicated by (none, s1, s2, s3,
s4, s5, s6). Unassigns a WLAN with <subnet> = none.
stp <mode> Enables or disables Spanning Tree Protocol (STP) for the subnets. Choose
<mode> from enable or disable.
NOTE: STP is applied on mesh networks even if it is disabled through the set
command.
Example
admin(network.lan)>show lan 1
show lan Shows the current settings for the specified subnet (LAN).
Network CLI Commands Reference 3-89
show
Network LAN Commands
Shows the LAN parameters.
Syntax
show [lan|stp]
Parameters
lan <idx> Shows the settings for the subnet <idx> (14).
stp Shows the STP status for the device
Example
admin(network.lan)>show lan 1
updateDNS
Network LAN Commands
Updates the DNS for the selected subnet.
Syntax
updateDNS <idx>
Parameters
updateAllDNS
Network LAN Commands
Updates the DNS for all the active subnets.
Syntax
updateAllDNS
Parameters
None
Example
admin(network.lan)> updateAllDNS
admin(network.lan)>
Related Commands
dhcp
Network LAN Commands
Displays the DHCP submenu.
Syntax
admin(network.lan)> dhcp
admin(network.lan.dhcp)>
The items available under this command are shown below.
add
Network LAN DHCP Commands
Adds static DHCP address assignments.
Syntax
add <idx> <mac> <ip>
Parameters
<idx> <mac> <ip> Adds a static DHCP address assignment for subnet <idx> (1-6) where the device
with the MAC address <mac> (aabbccddeeff format) is assigned the IP address
<ip> (a.b.c.d format).
Example
admin(network.lan.dhcp)>add 1 00A0F8F01234 192.160.24.6
admin(network.lan.dhcp)>add 1 00A1F1F24321 192.169.24.7
admin(network.lan.dhcp)>list 1
-------------------------------------------------------------------------
index mac address ip address
-------------------------------------------------------------------------
1 00A0F8F01234 192.160.24.6
2 00A1F1F24321 192.169.24.7
admin(network.lan.dhcp)>
3-94 WS2000 Wireless Switch System Reference Guide
delete
Network LAN DHCP Commands
Deletes static DHCP address assignments.
Syntax
delete <idx> [<entry>|all]
Parameters
-------------------------------------------------------------------------
index mac address ip address
-------------------------------------------------------------------------
admin(network.lan.dhcp)>add 1 0011223344FF 191.168.0.42
admin(network.lan.dhcp)>add 1 4433221100AA 191.168.0.43
admin(network.lan.dhcp)>list 1
-------------------------------------------------------------------------
index mac address ip address
-------------------------------------------------------------------------
1 0011223344FF 191.168.0.42
2 4433221100AA 191.168.0.43
admin(network.lan.dhcp)>delete 1 1
admin(network.lan.dhcp)>list 1
-------------------------------------------------------------------------
index mac address ip address
-------------------------------------------------------------------------
1 4433221100AA 191.168.0.43
-------------------------------------------------------------------------
index mac address ip address
-------------------------------------------------------------------------
1 0011223344FF 191.168.0.42
2 4433221100AA 191.168.0.43
Network CLI Commands Reference 3-95
list
Network LAN DHCP Commands
Lists static DHCP address assignments.
Syntax
list <idx>
Parameters
<idx> Lists the static DHCP address assignments for subnet <idx> (16).
Example
admin(network.lan.dhcp)>add 1 00A0F8F01234 192.168.63.5
admin(network.lan.dhcp)>list 1
-------------------------------------------------------------------------
index mac address ip address
-------------------------------------------------------------------------
1 00A0F8F01234 192.168.63.5
admin(network.lan.dhcp)>
set
Network LAN DHCP Commands
Sets DHCP parameters for the subnets.
Syntax
set [dgw|dns|wins|lease|domain|mode|range|
relayserverip|ddnsmode|fwdzone|ddnsusrcls|
tftp-server|bootfile|option-189|option-43]
Parameters
dgw <idx> <a.b.c.d> Sets the default gateway for subnet <idx> (16) to the IP address
<a.b.c.d>.
dns <a> <b> <c> Sets the primary/secondary DNS servers for the selected subnet.
<a> The subnet (1-6)
<b> The DNS server type (1=primary, 2=secondary)
<c> The IP address of the server type selected in <b> in the a.b.c.d form.
wins <idx> <a.b.c.d> Sets the WINS server for subnet <idx> (16) to the IP address <a.b.c.d>.
lease <idx> <lease> Sets the DHCP lease time for subnet <idx> (16) to <lease> seconds
(1999999).
domain <idx> <dn> Sets the domain name for subnet <idx> (16) to the domain name <dn>
(1 to 63 characters).
mode <idx> <mode> Sets the DHCP mode for subnet <idx> (14) to <mode>.
<mode> can be one of (none, client, server, relay) where:
none disables DHCP node
client enables the subnet to be a DHCP client
server enables the subnet to be a DHCP server
relay enables the subnet to be a DHCP relay
range <a> <b> <c> Sets the DHCP assignment range for subnet <a> (16) from IP address <b>
to another IP address <c>.
relayserverip <idx> <a.b.c.d> Sets the DHCP relay server IP for subnet <idx> (1-6) to the IP <a.b.c.d>.
ddnsmode <idx> <mode> Enables or disables DDNS for the subnet <idx> (1-6). <mode> can be one
of enable or disable.
fwdzone <idx> <fwdzone> Sets the DHCP forward zone for the subnet <idx> (1-6) to the zone specified
by <fwdzone> (1 to 63 characters)
ddnsusrcls <idx> <usrcls> Sets the DDNS user class <usrcls> to single or multiple for the subnet
<idx> (1-6).
tftp-server <idx> Sets the tftp-server IP for the subnet <idx> (1-6) to the IP <tftp-server>
<tftp-server>
bootfile <idx> <bootfile> Sets the bootfile name for the subnet <idx> (1-6) to the boot file name
<boot-file> (max 31 characters)
Network CLI Commands Reference 3-97
option-189 <idx> <ip list> Sets the IP addresses and ports numbers for WIAP enabled switches for the
subnet <idx> (1-6). <ip-list> (max 63 characters) must be in the format
a.b.c.d:xx and multiple addresses must be separated by comma.
option-43 <idx> <ip list> Sets the IP address for WIAP enabled switches for the subnet <idx> (1-6).
<ip-list> (max 63 characters) must be in the format a.b.c.d and multiple
addresses must be separated by a comma.
Example
admin(network.lan.dhcp)>set dns 1 1 209.160.0.18
admin(network.lan.dhcp)>set dns 1 2 209.160.0.218
admin(network.lan.dhcp)>show dhcp 1
dhcp mode : server
default gateway : 192.168.0.1
primary dns server : 209.160.0.18
secondary dns server : 209.160.0.218
wins server : 192.168.0.254
starting ip address : 192.168.0.11
ending ip address : 192.168.0.254
lease time : 10000
domain name :
admin(network.lan.dhcp)>set domain 1 BigFishCo
admin(network.lan.dhcp)>show dhcp 1
dhcp mode : server
default gateway : 192.168.0.1
primary dns server : 209.160.0.18
secondary dns server : 209.160.0.218
wins server : 192.168.0.254
starting ip address : 192.168.0.11
ending ip address : 192.168.0.254
lease time : 10000
domain name : BigFishCo
admin(network.lan.dhcp)>
3-98 WS2000 Wireless Switch System Reference Guide
show
Network LAN DHCP Commands
Shows DHCP parameter settings for specified subnets.
Syntax
show dhcp <idx>
Parameters
show dhcp <idx> Displays the DHCP parameter settings for subnet <idx> (16). These parameters are
set with the set command.
Example
admin(network.lan.dhcp)>set dns 1 2 192.168.0.242
admin(network.lan.dhcp)>set dns 1 2 192.168.0.1
admin(network.lan.dhcp)>show dhcp 1
dhcp mode : server
ddns mode : disable
user class :
default gateway : 192.168.0.50
primary dns server : 192.168.10.1
secondary dns server : 192.168.0.1
wins server : 192.168.0.254
starting ip address : 192.168.0.100
ending ip address : 192.168.0.254
relay server ip address : 0.0.0.0
lease time : 86400
domain name :
forward zone :
tftp-server : 0.0.0.0
bootfile :
option-189 :
option-43 :
admin(network.lan.dhcp)>set domain 1 BigFishCo
admin(network.lan.dhcp)>show dhcp 1
admin(network.lan.dhcp)>show dhcp 1
dhcp mode : server
ddns mode : disable
user class :
default gateway : 192.168.0.50
primary dns server : 192.168.10.1
secondary dns server : 192.168.0.1
wins server : 192.168.0.254
starting ip address : 192.168.0.100
ending ip address : 192.168.0.254
relay server ip address : 0.0.0.0
lease time : 86400
domain name : BigFishCo
forward zone :
tftp-server : 0.0.0.0
bootfile :
option-189 :
option-43 :
Network CLI Commands Reference 3-99
renew
Network LAN DHCP Commands
Renews the IP address assigned by DHCP.
Syntax
renew
Parameters
None
Example
admin(network.lan.dhcp)> renew
3-100 WS2000 Wireless Switch System Reference Guide
bridge
Network LAN Commands
Displays the Bridge submenu.
Syntax
admin(network.lan)> bridge
admin(network.lan.bridge)>
show
Network LAN Bridge commands
Displays the bridge configuration parameters.
Syntax
show
Parameters
None
Example
admin(network.lan.bridge)> show
admin(network.lan.bridge)>show
set
Network LAN Bridge commands
Sets the bridge configuration parameters.
Syntax
set [priority|hello|msgage|fwddelay|ageout|wireless-trunking]
Parameters
priority <LAN-idx> <priority> Sets the bridge priority to <priority> (0-65535) for the lan <LAN-
idx> (1-6)
hello <LAN-idx> <hello> Sets the bridges hello time to <hello> (1-10) seconds for the lan
<LAN-idx> (1-6)
msgage <LAN-idx> <msgage> Sets the bridge message age time to <msgage> (6-40) seconds for
lan <LAN-idx> (1-6)
fwddelay <LAN-idx> <fwddelay> Sets the bridge forward delay time to <fwddelay> (4-30) seconds
for lan <LAN-idx> (1-6)
ageout <LAN-idx> <ageout> Sets the bridge forward table entry ageout to <ageout> (4-3600)
seconds for lan <LAN-idx> (1-6).
wireless-trunking <LAN-idx> <mode> Sets the wireless trunking mode <mode> (enable/disable) for lan
<LAN-idx> (1-6)
Example
admin(network.lan.bridge)>set priority 1 5
admin(network.lan.bridge)>set wireless-trunking 1 enable
admin(network.lan.bridge)>show
[...]
3-104 WS2000 Wireless Switch System Reference Guide
qos
network
Displays the quality of service (QoS) submenu.
Syntax
admin(network)> qos
admin(network.qos)>
clear
Network QoS Commands
Clears QoS radio statistics.
Syntax
clear queuing
Parameters
None
Example
admin(network.qos)>clear queue
Related Commands
set
Network QoS Commands
Sets QoS parameters.
Syntax
set bw-share [mode|weight|threshold]
Parameters
admin(network.qos)>
Related Commands
show
Network QoS Commands
Shows QoS parameters and queuing statistics.
Syntax
show [bw-sharing|queuing]
Parameters
admin(network.qos)>show qu 1
BW Share Mode:static
-------------------------------------------------------------------------
Priority In Out Dropped
-------------------------------------------------------------------------
-------------------------------------------------------------------------
WLAN: 1
-------------------------------------------------------------------------
0 0 0 0
1 0 0 0
2 0 0 0
admin(network.qos)>
Related Commands
router
network
Displays the router submenu.
Syntax
admin(network)> router
admin(network.router)>
add
Network Router Commands
Adds user-defined routes.
Syntax
add <dest> <netmask> <gw> <iface> <metric>
Parameters
<dest> <netmask> <gw> Adds a route with destination IP address <dest>, IP netmask
<iface> <metric> <netmask>, gateway IP address <gw>, interface subnet or WAN set to
<iface> (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4,
s5 = subnet5, s6 = subnet6 or w = WAN), and metric set to <metric> (1
15).
Example
admin(network.router)>add 202.57.42.6 255.255.255.224 202.57.42.1 s2 3
admin(network.router)>list
------------------------------------------------------------------
index destination netmask gateway interface
metric
------------------------------------------------------------------
1 202.57.42.6 255.255.255.224 202.57.42.1 subnet2 3
delete
Network Router Commands
Deletes user-defined routes.
Syntax
delete [all|<idx>]
Parameters
<idx> Deletes the user-defined route <idx> (120) from the list.
all Deletes all user-defined routes.
Example
admin(network.router)>list
------------------------------------------------------------------
index destination netmask gateway interface metric
------------------------------------------------------------------
1 202.57.42.6 255.255.255.224 202.57.42.1 subnet2 3
2 234.44.33.212 255.255.255.234 234.44.33.2 subnet3 5
admin(network.router)>delete 2
admin(network.router)>list
------------------------------------------------------------------
index destination netmask gateway interface metric
------------------------------------------------------------------
1 202.57.42.6 255.255.255.224 202.57.42.1 subnet2 3
Network CLI Commands Reference 3-111
list
Network Router Commands
Lists user-defined routes.
Syntax
list
Parameters
None
Example
admin(network.router)>add 234.44.33.212 255.255.255.234 234.44.33.2 s3 5
admin(network.router)>list
-------------------------------------------------------------------------
index destination netmask gateway interface metric
-------------------------------------------------------------------------
1 202.57.42.6 255.255.255.224 202.57.42.1 subnet2 3
2 234.44.33.212 255.255.255.234 234.44.33.2 subnet3 5
3-112 WS2000 Wireless Switch System Reference Guide
set
Network Router Commands
Sets routing information protocol (RIP) parameters.
Syntax
set [auth|dir|id|key|passwd|type|dgw-if]
Parameters
auth <auth> Sets RIP authentication type to <auth> to one of none, simple, or md5
dir <dir> Sets RIP direction to <dir> to one of rx = receive, tx = transmit, or both).
id <idx> <id> Sets MD5 authentication ID for key <idx> (12) to the MD5 key id <id> (1
256).
key <idx> <key> Sets the MD5 authentication ID for key <idx> (12) to MD5 key <key> (up to
16 characters).
passwd <passwd> Sets password for simple authentication to <passwd> (1 to 16 characters).
type <type> Sets RIP type to <type> to ne of off, ripv1, ripv2, or ripv1v2.
dgw-if <if> Sets the Default Gateway Interface to <if> one of none, wan, s1, s2, s3, s4,
s5, s6, and default.
Example
admin(network.router)>set auth md5
admin(network.router)>set key 1 12345678
admin(network.router)>set key 2 87654321
admin(network.router)>show rip
admin(network.router)>show rip
show
Network Router Commands
Shows connected routes and routing information protocol (RIP) parameters.
Syntax
show [rip|routes]
Parameters
vlan
network
Displays the VLAN submenu.
Syntax
admin(network)> vlan
admin(network.vlan)>
set
Network VLAN Commands
Sets VLAN parameters.
Syntax
set [assign-mode|default|vlan-id|trunk-port|allow]
Syntax:
assign-mode <mode> Assigns the VLAN assignment mode <mode> to one of user or port.
default <vlan_id> Assigns the default VLAN ID to <vlan_id>, which is a number between 1
and 4094.
vlan-id <subnet_id> Sets the VLAN ID for subnet <subnet_id> (one of s1, s2, s3, s4, s5,or s6)
<vlan_id> to <vlan_id> (14094).
trunk-port <port> Sets the Trunk Port <port> to one of none or wan.
allow [vlans <list>|all|none] Sets the list of VLANs allowed access to the trunk port.
vlans <list> Sets the allowed VLANs from <list>, a comma separated
list of VLAN Ids.
all Sets the allowed VLANs to all VLANs.
none Sets the list of allowed VLANs to none.
Example
admin(network.vlan)>set assign-mode user
admin(network.vlan)>set default 3
admin(network.vlan)>show vlan 3
Related Commands
show
Network VLAN Commands
Shows VLAN parameters.
Syntax
show [vlan|trunk]
Parameters
vlan <id> Displays the VLAN settings for the VLAN specified by <id> (14094).
trunk Displays the Trunk settings.
Example
admin(network.vlan)>show vlan 3
admin(network.vlan)>show vlan 2
Related Commands
wan
network
Displays the WAN submenu.
Syntax
admin(network)> wan
admin(network.wan)>
renew
Network WAN Commands
Renews the IP address.
Syntax
renew
Parameters
None
Example
admin(network.wan)>renew
admin(network.wan)>
Network CLI Commands Reference 3-119
set
Network WAN Commands
Sets the WAN parameters. In the Web interface, this functionality if provided by the Network->WAN screen.
Syntax
set [dhcp|dgw|dns|ipadr|mask|mode|ppope]
Parameters
dhcp <mode> Enables or disables the switch as a DHCP client. <mode> can be one of
enable or disable.
dgw <a.b.c.d> Sets the default gateway IP address to <a.b.c.d>.
dns <idx> <a.b.c.d> Sets the IP address of one or two DNS servers, where <idx> indicates
either the primary (1) or secondary (2) server, and <a.b.c.d> is the IP
address of the server.
ipadr <idx> <a.b.c.d> Sets up to 8 (using <idx> from 1 to 8) IP addresses <a.b.c.d> for the WAN
interface of the switch.
mask <a.b.c.d> Sets the subnet mask to <a.b.c.d>.
mode <idx> <mode> Enables or disables the WAN interface associated with the given <idx> (1
8) as set using the set ipadr command. <mode> can be one of enable or
disable.
pppoe [idle|ka|mode|passwd| Sets PPPoE parameters.
type|user|mss] idle <val> Sets the PPPoE idle value <val> (165535) seconds.
ka <mode> Sets the PPPoE keep alive mode <mode> (enable,
disable).
mode <mode> Enables or disables PPPoE. <mode> can be one of
enable or disable.
passwd <password> Sets the PPPoE password to <password> (1 39
Characters)
type <type> Sets the PPPoE authentication type to <type> (none, pap/
chap, pap, chap).
user <username> Sets the PPPoE user name to <username> (1 47
Characters).
mss <msssize> Sets the PPPoE maximum segment size to <msssize>
(201460).
Example
admin(network.wan)>set dhcp enable
admin(network.wan)>set dgw 192.168.122.25
admin(network.wan)>set pppoe mode enable
admin(network.wan)>set pppoe type chap
admin(network.wan)>set pppoe user JohnDoe
admin(network.wan)>set pppoe passwd @#$goodpassword%$#
admin(network.wan)>set pppoe keepalive enable
3-120 WS2000 Wireless Switch System Reference Guide
Related Commands
show
Network WAN Commands
Shows the WAN parameters.
Syntax
show [ip|pppoe]
Parameters
ip <idx> Shows the general IP parameters for the WAN along with settings for the WAN interface
associated with <idx> (where <idx> is in the range 18).
Note: If the WAN interface IP addresses have not been specified for <idx>, the IP and Mask values
will be shown as 0.0.0.0.
pppoe Shows all PPPoE settings.
Example
admin(network.wan)>show ip 3
admin(network.wan)>show pppoe
app
Network WAN Commands
Displays the outbound content filtering submenu.
Syntax
admin(network.wan)> app
admin(network.wan.app)>
addcmd
Network WAN App Commands
Adds app control commands to the deny list.
Syntax
addcmd [web|ftp|smtp]
Parameters
admin(network.wan.app)>list ftp
FTP Commands
SMTP Commands
HELO : deny
MAIL : allow
RCPT : allow
DATA : allow
QUIT : allow
SEND : allow
SAML : allow
RESET : allow
VRFY : deny
EXPN : allow
admin(network.wan.app)>
Related Commands
delcmd
Network WAN App Commands
Deletes application control commands from the deny list.
Syntax
delcmd [web|ftp|smtp]
Parameters
web [file Deletes the specified web files from the access denied list.
<filename>.<ext>| file <filename>.<ext> Denied web file name. <filename> can be up to 15
proxy|activex] characters and * can be used to match any string. <ext> can be up to 10 characters
(such as htm, html, or java). Up to 10 files can be specified.
proxy Web proxies
activex ActiveX files
ftp Deletes the following FTP commands from the access denied list.
[put|get|ls|mkdir|c put FTP put command
d|pasv]
get FTP get command
ls FTP ls command
mkdir FTP mkdir command
cd FTP cd command
pasv FTP pasv command
smtp Deletes the following SMTP command from the access denied list.
[helo|mail|rcpt| helo SMTP helo command
data|quit|send|
mail SMTP mail command
saml|rset|vrfy|
expn] rcpt SMTP rcpt command
data SMTP data command
quit SMTP quit command
send SMTP send command
saml SMTP saml command
rset SMTP rset command
vrfy SMTP vrfy command
expn SMTP expn command
Example
admin(network.wan.app)>list ftp
FTP Commands
admin(network.wan.app)>list ftp
FTP Commands
admin(network.wan.app)>list smtp
SMTP Commands
HELO : deny
MAIL : allow
RCPT : allow
DATA : allow
QUIT : allow
SEND : allow
SAML : allow
RESET : allow
VRFY : deny
EXPN : allow
SMTP Commands
HELO : allow
MAIL : allow
RCPT : allow
DATA : allow
QUIT : allow
SEND : allow
SAML : allow
RESET : allow
VRFY : deny
EXPN : allow
Related Commands
list
Network WAN App Commands
Lists the app control records.
Syntax
list [web|ftp|smtp]
Parameters
HTTP Files/Commands
admin(network.wan.app)>list ftp
FTP Commands
admin(network.wan.app)>list smtp
SMTP Commands
HELO : deny
MAIL : allow
RCPT : allow
DATA : allow
QUIT : allow
SEND : allow
SAML : allow
RESET : allow
VRFY : deny
EXPN : allow
admin(network.wan.app)>
3-128 WS2000 Wireless Switch System Reference Guide
dyndns
Network WAN Commands
Displays the Dynamic DNS menu. DynDNS provides a facility to update the domain name information when
the IP address associated with the domain name changes.
Syntax
admin(network.wan)> dyndns
admin(network.wan.dyndns)>
set
Network WAN DynDNS Commands
Sets the DynDNS parameters
Syntax
set [mode|username|password|hostname]
Parameters
admin(network.wan.dyndns)>show
DynDNS Configuration
Mode : enable
Username : JohnDoe
Password : ********
Hostname : motPropServ
IP Address : 192.168.10.1
Hostname : motPropServ
Status : Connected
3-130 WS2000 Wireless Switch System Reference Guide
show
Network WAN DynDNS Commands
Displays the Dynamic DNS parameter information and the current status.
Syntax
show
Parameters
None
Example
admin(network.wan.dyndns)>show
DynDNS Configuration
Mode : enable
Username : JohnDoe
Password : ********
Hostname : motPropServ
IP Address : 192.168.10.1
Hostname : motPropServ
Status : Connected
Network CLI Commands Reference 3-131
update
Network WAN DynDNS Commands
Manually updates the Dynamic DNS information.
Syntax
update
Parameters
None
Example
admin(network.wan.dyndns)>update
IP Address : 192.168.10.1
Hostname : motPropServ
3-132 WS2000 Wireless Switch System Reference Guide
l2tpvpn
Network WAN Commands
Displays the Remote Access VPN submenu.
Syntax
admin(network.wan)>l2tpvp
admin(network.wan.l2tpvpn)>
show-connected-users
Network WAN L2TPVPN Commands
Displays the users connected to LAN side devices using Remote Access VPN feature.
Syntax
show-connected-users
Parameters
None
Example
admin(network.wan.l2tpvpn)>show-connected-users
3-134 WS2000 Wireless Switch System Reference Guide
lns
Network WAN L2TPVPN Commands
Displays the L2TP Network Server submenu.
Syntax
admin(network.wan.l2tpvpn)>lns
admin(network.wan.l2tpvpn.lns)>
set
Network WAN L2TPVPN LNS Commands
Sets the different LNS parameters
Syntax
set [vip|netmask|pdns|sdns|type-local-id|local-id|ike-auth-mode|
ike-ex-type|ike-lifetime|ike-dh-group|ike-auth-algo|ike-enc-algo|
ipsec-sec-proto|ipsec-lifetime|ipsec-auth-algo|ipsec-enc-algo]
Parameters
vip <ip> Sets the virtual IP for the LNS to <ip> (a.b.c.d)
netmask <netmask> Sets the netmask for the virtual IP for LNS to <netmask>.
pdns <ip> Sets the primary DNS server for LNS to <ip> (a.b.c.d)
sdns <ip> Sets the secondary DNS server for LNS to <ip> (a.b.c.d)
type-local-id <id-type> Sets the type of local-id to <id-type> (IP, FQDN, UFQDN) for the LNS
local-id <local-id> Sets the local-id string to <local-id>.
ike-auth-mode <authtype> Sets the IKE authentication type to <authtype> (RSA). Only RSA is
supported.
ike-ex-type <exchange- Sets the IKE exchange type to <exchange-type> (main). Only main is
type> supported
ike-lifetime <life-time> Sets the IKE lifetime to <life-time> (in seconds)
ike-dh-group <DH-group> Sets the IKE Diffie-Hellman group value to <DH-group> (G768 or G1024).
Group G768 uses the 768-bit prime modulus group when performing DH key
exchange. Group G1024 uses the 1024-bit prime modulus group when
performing the DH key exchange. G1024 provides more security with a higher
processing time.
ike-auth-algo <auth-algo> Sets IKE authentication algorithm to <auth-algo> (MD5 or SHA1).
3-136 WS2000 Wireless Switch System Reference Guide
ike-enc-algo <enc-algo> Sets IKE encryption algorithm to <enc-algo> (DES, 3DES, AES128,
AES192, AES256).
ipsec-lifetime <life-time> Sets the IPSec lifetime to <life-time> (in seconds)
ipsec-sec-proto <sec-proto> Sets the IPSec security protocol to <sec-proto> (ESP or AH). AH
(Authentication Header) provides connection less origin authentication for IP
datagrams and provides protection against repeat attacks. ESP
(Encapsulating Security Payload) provides confidentiality, origin
authentication, connection integrity, and an anti-replay service.
ipsec-auth-algo <auth- Sets IPSec authentication algorithm to <auth-algo> (MD5 or SHA1).
algo>
ipsec-enc-algo <enc-algo> Sets IPSec encryption algorithm to <enc-algo> (DES, 3DES, AES128,
AES192, AES256).
Example
admin(network.wan.l2tpvpn.lns)>set vip 111.111.111.111
admin(network.wan.l2tpvpn.lns)>set netmask 255.255.0.0
admin(network.wan.l2tpvpn.lns)>set pdns 192.168.10.255
admin(network.wan.l2tpvpn.lns)>set sdns 192.168.11.255
admin(network.wan.l2tpvpn.lns)>set type-local-id IP
admin(network.wan.l2tpvpn.lns)>set local-id 111.111.111.1
admin(network.wan.l2tpvpn.lns)>set ike-auth-mode RSA
admin(network.wan.l2tpvpn.lns)>set ike-ex-type Main
admin(network.wan.l2tpvpn.lns)>set ike-lifetime 86000
admin(network.wan.l2tpvpn.lns)>set ike-dh-group G1024
admin(network.wan.l2tpvpn.lns)>set ike-auth-algo SHA1
admin(network.wan.l2tpvpn.lns)>set ike-enc-algo AES192
admin(network.wan.l2tpvpn.lns)>set ipsec-sec-proto AH
IPSec Encryption Algorithm configuration will be not be
considered if IPSec Security protocol is configured as AH.
admin(network.wan.l2tpvpn.lns)>show
show
Network WAN L2TPVPN LNS Commands
Displays the L2TPVPN LNS configuration information.
Syntax
show
Parameters
None
Example
admin(network.wan.l2tpvpn.lns)>show
admin(network.wan.l2tpvpn.lns)>
3-138 WS2000 Wireless Switch System Reference Guide
users
Network WAN L2TPVPN Commands
Displays the L2TP Network Server users submenu.
Syntax
admin(network.wan.l2tpvpn)> users
admin(network.wan.l2tpvpn.users)>
add-user
Network WAN L2TPVPN Users Commands
Adds a remote access VPN user account.
Syntax
add-user <remote-user-name> <remote-user-virutal-ip-address>
<remote-user-virtual-ip-netmask>
<remote-user-authenticator-option>
<remote-user-authenticator-password>
Parameters
<remote-user-name> The name assigned to the remote access VPN user account
<remote-user-virtual-ip-address> The address to be assigned to this user account when the user logs in.
<remote-user-virtual-ip-netmask> The netmask for the <remote-user-virtual-ip-address> IP address.
<remote-user-authentication- The authentication protocol used by the remote user. Select from
option> chap, pap, both, none.
<remote-user-authentication- The authentication password for the remote user name <remote-
password> user-name>. 1-15 bytes long.
Example
admin(network.wan.l2tpvpn.users)>add-user JohnDoe 111.111.111.6
255.255.0.0 both JohnDoe
admin(network.wan.l2tpvpn.users)>show-all-users
delete-user
Network WAN L2TPVPN Users Commands
Deletes a specific remote access VPN user account.
Syntax
delete-user <username>
Parameters
admin(network.wan.l2tpvpn.users)>delete-user JaneDoe
admin(network.wan.l2tpvpn.users)>show-all-users
delete-all-users
Network WAN L2TPVPN Users Commands
Deletes all remote access VPN user accounts.
Syntax
delete-all-users
Parameters
None
Example
admin(network.wan.l2tpvpn.users)>show-all-users
admin(network.wan.l2tpvpn.users)>delete-all-users
admin(network.wan.l2tpvpn.users)>show-all-users
admin(network.wan.l2tpvpn.users)>
3-142 WS2000 Wireless Switch System Reference Guide
show-user
Network WAN L2TPVPN Users Commands
Displays information for the selected remote access VPN user account.
Syntax
show-user <username>
Parameters
show-all-users
Network WAN L2TPVPN Users Commands
Displays information for the selected remote access VPN user account.
Syntax
show-all-users
Parameters
None
Example
admin(network.wan.l2tpvpn.users)>show-all-users
trunkipfpolicy
Network WAN Commands
Displays the Trunk IP Filter Policy submenu.
Syntax
admin(network.wan)>trunkipfpolicy
admin(network.wan.trunkipfpolicy)>
add
Network WAN TrunkIPFPolicy Commands
Adds a Trunk Port IP Filter association table entry.
Syntax
add <filter-name> <direction> <action>
Parameters
del
Network WAN TrunkIPFPolicy Commands
Deletes an entry from the Trunk Port IP Filter association table.
Syntax
del [all|<index>]
Parameters
set
Network WAN TrunkIPFPolicy Commands
Sets the different Trunk Port IP Filter Policy configuration settings
Syntax
set [ipf-mode|default]
Parameters
show
Network WAN TrunkIPFPolicy Commands
Displays the Trunk Port IP Filter policy configuration information.
Syntax
show
Parameters
None
Example
admin(network.wan.trunkipfpolicy)>show
----------------------------------------------------
Filter-Name Direction Action
----------------------------------------------------
admin(network.wan.trunkipfpolicy)>?
Network CLI Commands Reference 3-149
nat
Network WAN Commands
Displays the nat submenu.
Syntax
admin(network.wan)> nat
admin(network.wan.net)>
add
Network WAN NAT Commands
Adds NAT records.
Syntax
add inb <idx> <name> <tran> <port1> <port2> <ip> <dst_port>
Parameters
inb <idx> <name> Sets an inbound Network Address Translation (NAT) entry.
<tran> <port1> <idx> The WAN address
<port2> <ip>
<name> The NAT entry name
<dst_port>
<tran> The transport protocol (one of cp, udp, icmp, ah, esp, gre, or all)
<port1> The starting port number in a port range
<port2> The ending port number in a port range
<ip> The internal IP address
<dst_port> The optional internal translation port
Example
admin(network.wan.nat)>add inb 2 special tcp 20 21 192.168.42.16 21
admin(network.wan.nat)>list inb 2
-------------------------------------------------------------------------
index name prot start port end port internal ip
translation port
-------------------------------------------------------------------------
1 special tcp 20 21 192.168.42.16 21
Related Commands
delete inb Deletes one of the inbound NAT entries from the list.
list inb Displays the list of inbound NAT entries.
Network CLI Commands Reference 3-151
delete
Network WAN NAT Commands
Deletes NAT records.
Syntax
delete inb <idx> [<entry>|all]
Syntax:
Related Commands
list
Network WAN NAT Commands
Lists NAT records.
Syntax
list inb <idx>
Parameters
list inb <idx> Lists the inbound NAT entries associated with WAN port <idx> (18).
Example
admin(network.wan.nat)>add inb 2 special tcp 20 21 192.168.42.16 21
admin(network.wan.nat)>list inb 2
-------------------------------------------------------------------------
index name prot start port end port internal ip
translation port
-------------------------------------------------------------------------
1 special tcp 20 21 192.168.42.16 21
Related Commands
delete inb Deletes one of the inbound NAT entries from the list.
add inb Adds entries to the list of inbound NAT entries.
Network CLI Commands Reference 3-153
set
Network WAN NAT Commands
Sets NAT inbound and outbound parameters.
Syntax
set [inb|outb|type]
Parameters
show
Network WAN NAT Commands
Shows NAT parameters.
Syntax
show nat <idx>
Parameters
show nat <idx> Shows NAT settings for WAN <idx> (18).
Example
admin(network.wan.nat)>set inb mode 1 enable
admin(network.wan.nat)>show nat 1
vpn
Network WAN Commands
Displays the VPN submenu.
Syntax
admin(network.wan)> vpn
admin(network.wan.vpn)>
add
Network WAN VPN Commands
Adds a security policy database (SPD) entry.
Syntax
add <name> <LSubnet> <LWANIP> <RSubnetIP> <RSubnetMask> <RGatewayIP>
Parameters
admin(network.wan.vpn)>list
------------------------------------------------------------------------
Tunnel Name Type Remote IP/Mask Remote Gateway Local WAN IP
Subnet
-------------------------------------------------------------------------
Eng2EngAnnex Manual 192.168.32.2/24 192.168.33.1 192.168.24.198
1
Bob Manual 206.107.22.45/27 206.107.22.2 209.239.160.55
1
admin(network.wan.vpn)>
Network CLI Commands Reference 3-157
delete
Network WAN VPN Commands
Deletes security policy database (SPD) entries.
Syntax
delete [*|<name>]
Parameters
admin(network.wan.vpn)>delete Bob
admin(network.wan.vpn)>list
-------------------------------------------------------------------------
Tunnel Name Type Remote IP/Mask Remote Gateway Local WAN IP
Subnet
-------------------------------------------------------------------------
Eng2EngAnnex Manual 192.168.32.2/24 192.168.33.1 192.168.24.198
1
admin(network.wan.vpn)>
3-158 WS2000 Wireless Switch System Reference Guide
ikestate
Network WAN VPN Commands
Displays statistics for all active tunnels using Internet Key Exchange (IKE). In particular, the table indicates
whether IKE is connected for any of the tunnels, it provides the destination IP address, and the remaining
lifetime of the IKE key.
Syntax
ikestate
Parameters
None
Example
admin(network.wan.vpn)>ikestate
----------------------------------------------------------------------
Tunnel Name IKE State Dest IP Remaining Life
----------------------------------------------------------------------
Eng2EngAnnex Not Connected ---- ---
Bob Not Connected ---- ---
admin(network.wan.vpn)>
Network CLI Commands Reference 3-159
list
Network WAN VPN Commands
Lists security policy database (SPD) entries.
Syntax
list {<name>}
Parameters
admin(network.wan.vpn)>list bob
admin(network.wan.vpn)>list Bob
-------------------------------------------------------------------------
Detail listing of VPN entry:
-------------------------------------------------------------------------
Name : Bob
Local Subnet : 1
Tunnel Type : Manual
Remote IP : 206.107.22.45
Remote IP Mask : 255.255.255.224
Remote Security Gateway : 206.107.22.2
Local Security Gateway : 209.239.160.55
AH Algorithm : None
Encryption Type : ESP
Encryption Algorithm : DES
ESP Inbound SPI : 0x00000100
ESP Outbound SPI : 0x00000100
3-160 WS2000 Wireless Switch System Reference Guide
reset
Network WAN VPN Commands
Resets all VPN tunnels.
Syntax
reset
Parameters
None
Example
admin(network.wan.vpn)>reset
admin(network.wan.vpn)>
Network CLI Commands Reference 3-161
set
Network WAN VPN Commands
Sets security policy database (SPD) entry parameters.
Syntax
set [ike|type|sub|remip|remmask|remgw|authalgo|espauthalgo|enckey|spi|
localgw|usepfs|pfsgrp|salife|ipsecdel|auto-initiation|
auto-initiate-interval]
Parameters
ike myidtype <name> Sets the Local ID type for IKE authentication for SPD <name> (1 to 13 characters)
<idtype> to <idtype> (one of IP, FQDN, or UFQDN).
ike remidtype <name> Sets the Remote ID type for IKE authentication for SPD <name> (1 to 13
<idtype> characters) to <idtype> (one of IP, FQDN, or UFQDN).
ike myiddata <name> Sets the Local ID data for IKE authentication for SPD <name> (1 to 13 characters)
<iddata> to <iddata>. This value is not required when the ID type is set to IP.
ike remiddata <name> Sets the Remote ID data for IKE authentication for SPD <name> (1 to 13
<iddata> characters) to <idtype>.
ike opmode <name> Sets the Operation Mode of IKE for SPD <name> (1 to 13 characters) to 4.
<opmode> <opmode> can be one of Main or Aggr(essive).
ike authtype <name> Sets the IKE Authentication type for SPD <name> (1 to 13 characters) to
<authtype> <authtype> (one of PSK or RSA).
ike authalgo <name> Sets the IKE Authentication Algorithm for SPD <name> (1 to 13 characters) to
<authalgo> <authalgo>. <authalgo> can be either MD5 or SHA1.
ike psk <name> <psk> Sets the IKE Pre-Shared Key for SPD <name> (1 to 13 characters) to <psk> (149
characters).
ike encalgo <name> Sets the IKE Encryption Algorithm for SPD <name> (1 to 13 characters) to
<encalgo> <encalgo> (one of DES, 3DES, AES128, AES192, or AES256).
ike lifetime <name> Sets the IKE Key life time in seconds for SPD <name> (1 to 13 characters) to
<lifetime> <lifetime> seconds.
ike group <name> Sets the IKE Diffie-Hellman Group for SPD <name> (1 to 13 characters) to
<group> <group> (one of G768 or G1024)
type <name> <type> Sets the authentication type of SPD <name> (1 to 13 characters) to <type> (Auto
or Manual).
sub <name> <sub> Sets the Local Subnet (1, 2, 3, 4, 5 or 6) for SPD <name> (1 to 13 characters) to
subnet number <sub> (1, 2, 3, 4, 5 or 6).
remip <name> <remip> Sets the IP address for the remote end of SPD <name> (1 to 13 characters) to
remote ip <remip> (a.b.c.d).
remmask <name> Sets the IP Mask for the remote end of SPD <name> (1 to 13 characters) to
<remmask> <remmask> (a.b.c.d).
remgw <name> Sets the Remote IP gateway for SPD <name> (1 to 13 characters) to be <remgw>
<remgw> (a.b.c.d).
Set this value to 0.0.0.0 to support tunneling to VPN peer which is a DHCP client.
authalgo <name> Sets the authentication algorithm for SPD <name> (1 to 13 characters) to
<authalgo> <authalgo> (one of None, MD5, or SHA1).
authkey <name> Sets the AH authentication key (if SPD type is Manual) for tunnel <name> (1 to 13
<direction> <authkey> characters) with the direction <direction> set to IN or OUT, and the manual
authentication key set to <authkey>. (The key size is 32 hex characters for MD5,
and 40 hex characters for SHA1).
Network CLI Commands Reference 3-163
enctype <name> Sets the Encryption type for SPD <name> (1 to 13 characters) to <enctype> (one
<enctype> of None, ESP, or ESP-AUTH).
encalgo <name> Sets the Encryption Algorithm for SPD <name> (1 to 13 characters) to <encalgo>
<encalgo> (one of DES, 3DES, AES128, AES192, or AES256).
espauthalgo <name> Sets ESP Authentication Algorithm for SPD <name> to <espauthalgo> (one of
<espauthalgo> MD5 or SHA1).
enckey <name> Sets the Manual Encryption Key in ASCII for SPD <name> and direction
<direction> <enckey> <direction> (IN or OUT) to the key <enckey>. The size of the key depends on
the encryption algorithm.
- 16 hex chars for DES
- 48 hex chars for 3DES
- 32 hex chars for AES128
- 48 hex chars for AES192
- 64 hex chars for AES256
espauthkey <name> Sets Manual ESP Authentication Key for SPD <name> (1 to 13 characters) either
<direction> for direction <direction> (IN or OUT) to <espauthkey>, an ASCII string of hex
<espauthkey> characters. If authalgo is set to MD5, the provide 32 hex characters. If authalgo is
set to SHA1, provide 40 hex characters.
spi <name> <algo> Sets the direction <direction> (IN(bound) or OUT(bound)) SPI for <algo> (AUTH
<direction> <spi> (Manual Authentication) or ESP) for SPD <name> (1 to 13 characters) to <spi> (a
hex value more than 0xFF).
localgw <name> <ip> Sets the Local WAN IP to <ip> (a.b.c.d) for a SPI <name> (1 to 13 characters).
The local WAN IP (local gateway) can be set to 0.0.0.0 for a DHCP client. Any IP
address obtained from the DHCP server is then used to initiate the VPN tunnel.
The VPN peer must set its Remote Gateway address to 0.0.0.0 to indicate an IP
value of ANY and shall operate as a responder only.
usepfs <name> Enables or disables Perfect Forward Secrecy for SPD <name> (1 to 13 characters).
<usepfs>
salife <name> <life Sets SA life time to <lifetime> seconds (minimum 300).
time>
ipsecdel <name> Enables the deletion of IPSEC SA when IKE SA is deleted for the tunnel named
<mode> <name> (1 to 13 characters).
auto-initiation <name> Enables / disables auto-initiation by WS2000 for the tunnel named <name> (1 to
<mode> 13 characters).
auto-initiate-interval Sets the time duration between two consecutive auto-initiation attempts. This
<time> time duration is in seconds.
Example
admin(network.wan.vpn)>list Bob
-------------------------------------------------------------------------
Detail listing of VPN entry:
------------------------------------------------------------------------
Name : Bob
Local Subnet : 1
Tunnel Type : Manual
Remote IP : 206.107.22.45
Remote IP Mask : 255.255.255.224
Remote Security Gateway : 206.107.22.2
Local Security Gateway : 209.239.160.55
3-164 WS2000 Wireless Switch System Reference Guide
AH Algorithm : None
Encryption Type : ESP
Encryption Algorithm : DES
ESP Inbound SPI : 0x00000100
ESP Outbound SPI : 0x00000100
Remote IP : 206.107.22.45
Remote IP Mask : 255.255.255.224
Remote Security Gateway : 206.107.22.2
Local Security Gateway : 209.239.160.55
AH Algorithm : MD5
Encryption Type : ESP
Encryption Algorithm : DES
Auth Inbound SPI : 0x02233445
Auth Outbound SPI : 0x00033344
ESP Inbound SPI : 0x000ABCDE
ESP Outbound SPI : 0x00CDEF23
3-166 WS2000 Wireless Switch System Reference Guide
stats
Network WAN VPN Commands
Lists statistics for all active tunnels.
Syntax
stats
Parameters
None
Example
admin(network.wan.vpn)>stats
------------------------------------------------------------------------
Tunnel Name Status SPI(OUT/IN) Life Time Bytes(Tx/Rx)
------------------------------------------------------------------------
Eng2EngAnnex Not Active
Bob Not Active
Network CLI Commands Reference 3-167
cmgr
Network WAN VPN Commands
Displays to the Certificate Manager submenu.
Syntax
admin(network.wan.vpn)> cmgr
admin(network.wan.vpn.cmgr)>
delca
Network WAN VPN Commands
Deletes a trusted certificate.
Syntax
delca <IDname>
Parameters
delprivkey
Network WAN VPN Commands
Deletes a private key.
Syntax
delprivkey <IDName>
Parameters
delself
Network WAN VPN Cmgr Commands
Deletes a self certificate.
Syntax
delself <IDName>
Parameters
expcert
Network WAN VPN Cmgr Commands
Exports the certificate file.
Syntax
expcert [ftp|tftp] <filename>
Parameters
[ftp|tftp] <file name> Exports the certificate with specified filename <file name> by either ftp or tftp.
The tftp or ftp options for this file transfer will use the settings for the
configuration file settings. See System Config set Command for information on
how to set the tftp/ftp options.
Example
admin(system.config)>set server 192.168.22.12
admin(system.config)>set user myadmin
admin(system.config)>set passwd
Related Commands
export-req
Network WAN VPN Cmgr Commands
Exports the private key ID name to a file. The exported file will be in the same directory as used for importing
or exporting configuration files.
Syntax
export-req ftp <idname> <filename>
Parameters
ftp <idname> Exports the private key ID name to a file. This file is exported to the same
<filename> directory as used for exporting or importing configuration files.
Example
admin(network.wan.vpn.cmgr)> export-req ftp key1 filekey1
Network CLI Commands Reference 3-173
genreq
Network WAN VPN Cmgr Commands
Generates a Certificate Request.
Syntax
genreq <IDName> <subject> {-ou <Organization Unit>} {-on <Organization
Name>} {-cn <City Name>} {-st <State>} {-p <Postal Code>} {-cc <Country
Code>} {-e <Email Address>} { -d <Domain Name>} {-i <IP Address>} {-sa
<Signature Algorithm>} {-k <Key Size>}
Syntax:
genreq Generates a self-certificate request for a Certification Authority (CA), where <IDname> is
<IDname> the private key ID (up to 7 characters) and <subject> is the subject name (up to 49
<Subject> characters). A number of optional arguments can also be specified as indicated below.
...optional
arguments...
-ou <Organization Unit> Organization Unit (1 to 49 chars)
-on <Organization Name> Organization Name (1 to 49 chars)
-cn <City Name> City Name of Organization (1 to 49 chars)
-st <State> State Name (1 to 49 chars)
-p <Postal Code> Postal code (9 digits)
-cc <Country Code> Country code (2 chars)
-e <Email Address> E-mail Address (1 to 49 chars)
-d <Domain Name> Domain Name (1 to 49 chars)
-i <IP Address> IP Address (a.b.c.d)
-sa <Signature Algorithm> Signature Algorithm (one of MD5-RSA or SHA1-RSA)
-k <Key Size> Key size in bits (one of 512, 1024, or 2048)
Note: The parameters in {curly brackets} are optional. Check with the CA to determine what fields are necessary. For example,
most CAs require an email address and an IP address, but not the address of the organization.
Example
admin(network.wan.vpn.cmgr)>genreq MyCert2 MySubject -ou MyDept -on
MyCompany
Please wait. It may take some time...
impcert
Network WAN VPN Cmgr Commands
Imports the certificate file.
Syntax
impcert <type> <filename>
Parameters
[ftp|tftp] <filename> Imports the certificate with specified filename <file name> by either ftp or tftp.
The tftp or ftp options for this file transfer will use the settings for the
configuration file settings. See System Config set Command for information on
how to set the tftp/ftp options.
Example
admin(system.config)>set server 192.168.22.12
admin(system.config)>set user myadmin
admin(system.config)>set passwd
Related Commands
listca
Network WAN VPN Cmgr Commands
Lists the loaded trusted certificate.
Syntax
listca
Parameters
None
Example
admin(network.wan.vpn.cmgr)>listca
Trusted Certificate List:
3-176 WS2000 Wireless Switch System Reference Guide
listprivkey
Network WAN VPN Cmgr Commands
Lists the names of private keys.
Syntax
listprivkey
Parameters
None
Example
admin(network.wan.vpn.cmgr)>listprivkey
-------------------------------------------------------------------------
Private Key Name Certificate Associated
-------------------------------------------------------------------------
Network CLI Commands Reference 3-177
listself
Network WAN VPN Cmgr Commands
Lists the loaded self certificates.
Syntax
listself
Parameters
None
Example
admin(network.wan.vpn.cmgr)>listself
loadca
Network WAN VPN Cmgr Commands
Loads a trusted certificate from the Certificate Authority.
Syntax
loadca {ftp <filename>}
Parameters
loadca Loads the trusted certificate (in PEM format) that is pasted into the command line.
ftp <filename> (Optional parameter) Loads a CA certificate from a FTP server. <filename> is
the name of the certificate file to load. The default path for loading the file is the same as
used for importing or exporting configuration files.
Example
admin(network.wan.vpn.cmgr)>loadca
Currently Only certificates in PEM format can be uploaded
Enter 'Ctrl C' to abort. Paste the certificate:
Network CLI Commands Reference 3-179
loadself
Network WAN VPN Cmgr Commands
Loads a self certificate signed by the Certificate Authority.
Syntax
loadself [<IDname>|ftp <IDname> <filename>]
Parameters
<IDname> Loads the self certificate signed by the CA with name <IDname>.
ftp <IDname> Loads the self certificate <IDName> from a file <filename> on an FTP server. The
<filename> certificate file is loaded from the same directory as used for importing or exporting
configuration files.
Example
admin(network.wan.vpn.cmgr)> loadself ftp MyCert mycert.cert
Starting file transfer ...
admin(network.wan.vpn.cmgr)>
admin(network.wan.vpn.cmgr)>loadself MyCert
Currently Only certificates in PEM format can be uploaded.
Paste the certificate:
3-180 WS2000 Wireless Switch System Reference Guide
showreq
Network WAN VPN Cmgr Commands
Displays a certificate request in PEM format.
Syntax
showreq <IDname>
Parameters
showreq Displays a certificate request named <IDname> generated from the genreq command.
<IDname>
Network CLI Commands Reference 3-181
wlan
network
Displays the WLAN submenu.
Syntax
admin(network)> wlan
admin(network.wlan)>
add
Network WLAN Commands
Adds entries to the mobile unit (MU) access control list.
Syntax
add <idx> <mac1> <mac2> <name>
Parameters
<idx> <mac1> <mac2> Adds an entry to the MU access control list, where <idx> is the WLAN
<name> index (18), <mac1> is the starting MAC address (e.g., 001122334455), and
<mac2> is ending MAC address in the acceptable range. <name> is the
name of the MU ACL.
Example
admin(network.wlan)>add 1 000000000000 112233445566
admin(network.wlan)>list 1
------------------------------------------------------------------------
index start mac end mac
------------------------------------------------------------------------
1 000000000000 112233445566
admin(network.wlan)>
Related Commands
delete
Network WLAN Commands
Deletes specified entry or entries from mobile unit (MU) access control list.
Syntax
delete <idx> [<entry>|all]
Parameters
admin(network.wlan)>delete 1 2
admin(network.wlan)>list 1
-------------------------------------------------------------------------
index start mac end mac
------------------------------------------------------------------------
1 000000000000 112233445566
admin(network.wlan)>
Related Commands
list
Network WLAN Commands
Lists the entries in the mobile unit (MU) access control list.
Syntax
list <idx>
Parameters
list <idx> Displays the entries in the MU access control list for WLAN <idx> (18).
Example
admin(network.wlan)>list 1
-------------------------------------------------------------------------
index start mac end mac
-------------------------------------------------------------------------
1 000000000000 112233445566
Related Commands
set
Network WLAN Commands
Sets WLAN parameters.
Syntax
set [acl|adopt|auth|bcast|eap|enc|ess|kerb|mcast|mode|name|
vlan-id|no-mu-mu|vop|tkip|ccmp|wep-mcm|mu-inact|wep_shared|
handshake-timeout|handshake-retry-count]
Parameters
acl <idx> <mode> Sets the default MU access control mode <mode> to allow or deny for
WLAN <idx> (18).
adopt <idx> <mode> Sets default Access Port adoption mode <mode> to allow or deny for
WLAN <idx> (18).
auth <idx> <type> Sets the authentication type for WLAN <idx> (18) to <type> (none,
eap, or kerberos).
Note: EAP parameters are only in effect if eap is specified for the authentication
method (set auth <idx> <type>).
bcast <idx> <mode> Enables or disables the broadcast ESS answer for the WLAN <idx> (1
8).
eap adv mu-quiet <idx> Sets the EAP MU/supplicant quiet period for WLAN <idx> (18) to
<period> <period> seconds (165535).
eap adv mu-tx <idx> <period> Sets the EAP MU/supplicant TX period for WLAN <idx> (18) to
<period> seconds (165535).
eap adv mu-timeout <idx> Sets the EAP MU/supplicant timeout for WLAN <idx> (18) to <timeout>
<timeout> seconds (1255).
eap adv mu-retry <idx> <retry> Sets the EAP maximum number of MU retries to <retry> (110) for WLAN
<idx> (18).
eap adv server-timeout <idx> Sets the server timeout for WLAN <idx> (18) to <timeout> seconds (1
<timeout> 255).
eap adv server-retry <idx> Sets the maximum number of server retries for WLAN <idx> (18) to
<retry> <retry> (110).
Network CLI Commands Reference 3-187
eap server <idx> <rsidx> <ip> Sets the RADIUS server <rsidx> (1-primary or 2-secondary) for WLAN
<idx> (18) to IP address <ip>.
eap port <idx> <rsidx> <port> Sets the RADIUS server <rsidx> (1-primary or 2-secondary) for WLAN
<idx> (18) to <port>.
eap rad-acct mode <idx> Enables/disables RADIUS accounting for WLAN <idx> (18).
<mode>
eap rad-acct retry-count <idx> Sets RADIUS accounting retry count to <count> (110) for WLAN <idx>
<count> (18).
eap rad-acct timeout <idx> Sets RADIUS accounting retry timeout to <time> seconds (1255) for
<time> WLAN <idx> (18). 0 indicates no timeout.
eap rad-bind-interface <idx> Binds the RADIUS server type <server> (1 - Primary, 2 - Secondary) to the
<server> <interface> interface <interface> (one of s1-s6, w, none - s1- Subnet 1, s2-subnet 2,
...s6-Subnet 6, w-wan) for the WLAN <idx> (18).
eap reauth mode <idx> enable/ Enables or disables the EAP reauthentication parameters for WLAN <idx>
disable (18).
eap reauth period <idx> Sets the reauthentication period for WLAN <idx> (18) to <period>
<period> seconds (309999).
eap reauth retry <idx> <retry> Sets the maximum number of reauthentication retries to <retry> (199)
for WLAN <idx> (18).
eap secret <idx> <rsidx> Sets the EAP shared secret <secret> (1127 characters) for server
<secret> <rsidx> (1-primary or 2-secondary) on WLAN <idx> (18).
Note: Kerberos parameters are only in effect if kerberos is specified for the
authentication method (set auth <idx> <type>).
eap syslog ip <idx> <ip> Sets the remote syslog server for WLAN <idx> (18) to the IP address
<ip> (a.b.c.d).
eap syslog mode <idx> enable/ Enables/disables remote syslog for WLAN <idx> (18).
disable
enc <idx> <type> Sets the encryption type to <type> (one of none, wep40, wep104,
keyguard, tkip, or ccmp) for WLAN <idx> (18).
Note: TKIP parameters are only in effect if tkip is selected as the encryption
type.
ess <idx> <ess> Sets the 802.11 ESS ID for WLAN <idx> (18) to <ess>.
kerb passwd <idx> Sets the Kerberos password to <password> (121 characters) for WLAN
<password> <idx> (18).
kerb port <idx> <ksidx> <port> Sets the Kerberos port to <port> (KDC port) for server <ksidx> (1-primary,
2-backup, or 3-remote) for WLAN <idx> (18).
kerb realm <idx> <realm> Sets the Kerberos realm name for WLAN <idx> (18) to <realm> (163
characters).
kerb server <idx> <ksidx> <ip> Sets the Kerberos server <ksidx> (1-primary, 2-backup, or 3-remote) IP
address for WLAN <idx> (18) to <ip>.
kerb user <idx> <name> Sets the Kerberos user name for WLAN <idx> (18) to <name> (121
characters).
mcast <idx> <midx> <mic> Sets the multicast group address <midx>
(1, 2) for WLAN <idx> (18) to MAC address <mac>.
mode <idx> <mode> Enables or disables WLAN <idx> (18).
name <idx> <name> Sets the name of WLAN <idx> (18) to <name> (17 characters).
3-188 WS2000 Wireless Switch System Reference Guide
no-mu-mu <idx> <mode> Enables or disables the stoppage of MU-to-MU communication for WLAN
<idx> (18).
vop <idx> <mode> Enables or disables the voice priority mode for WLAN <idx> (18).
tkip key <idx> <key> Sets the TKIP key to <key> (164 hex digits) for WLAN <idx> (18).
tkip type <idx> <type> Sets the TKIP key type to phrase or key for WLAN <idx> (18).
tkip phrase <idx> <phrase> Sets the TKIP ASCII pass phrase to <phrase> (863 characters) for WLAN
<idx> (18).
tkip rotate-mode <idx> <mode> Enables or disabled the broadcast key rotation for WLAN <idx> (18).
tkip interval <idx> <interval> Sets the broadcast key rotation interval to <interval> seconds (300
604800) for WLAN <idx> (18).
ccmp key <idx> <key> Sets the CCMP key to <key> (164 hex digits) for WLAN <idx> (18).
Must be specified when type parameter is set to key.
ccmp type <idx> phrase/ Sets the CCMP key type to phrase or key for WLAN <idx> (18).
key
ccmp phrase <idx> <phrase> Sets the CCMP ASCII pass phrase for WLAN <idx> (18) to <phrase> (8
63 characters). Must be specified when type parameter is set to phrase.
ccmp rotate-mode <idx> Enables or disables the broadcast key rotation for WLAN <idx> (18).
enable/disable
ccmp interval <idx> <interval> Sets the broadcast key rotation interval for WLAN <idx> (18) to
<interval> (300604800) seconds.
ccmp mixed-mode <idx> Enables or disables mixed mode (allowing WPA-TKIP clients) for WLAN
enable/disable <idx> (18).
ccmp preauth <idx> enable/ Enables or disables pre-authentication (fast roaming) for WLAN <idx> (1
disable 8).
ccmp opp-pmk <idx> enable/ Enables or disables opportunistic PMK caching (fast roaming) for WLAN
disable <idx> (18).
Note: The WEP authentication mechanism saves up to four different keys (one for
each WLAN). It is not a requirement to set all keys, but you must associate a WLAN
with the appropriate key.
wep-mcm index <idx> <kidx> Selects the WEP/KeyGuard key (from one of the four potential values of
<kidx> (14) for WLAN <idx> (18).
wep-mcm key <idx> <kidx> Sets the WEP/KeyGuard key for key index <kidx> (14) for WLAN <idx>
<key> (18) to <key> 1 to 26 (hex digits).
vlan-id <idx> <vlan-id> Sets the VLAN-ID mapping to WLAN <idx> (18) to VLAN <vlan-id> (1
4094).
mu-inact <timeout> Sets the MU inactivity timeout value to <timeout> (1-60) minutes.
wep_shared <mode> Enables or disables WEP shared mode.
handshake-timeout <idx> Sets the 802.11i handshake timeout value to <timeout> (100-2000 ms) for
<timeout> the WLAN <idx> (18). This feature is provided to prevent those MUs that
do not receive EAPOL messages from restarting the association
procedure. The default retry for these MUs is 2 seconds. This switch is
provided to control the retry for EAPOL messages to a value that is less
than 2 seconds.
Network CLI Commands Reference 3-189
handshake-retry-count <idx> Sets the 802.11i handshake retry count to <retry-count> (1-10) for the
<retry-count> WLAN <idx> (18). This in conjunction with the handshake-timeout
command controls the handshake retry time and retry count for those MUs
that do not receive EAPOL messages.
Example
admin(network.wlan)>set name 1 store
admin(network.wlan)>set name 2 backoff
admin(network.wlan)>set auth 1 kerberos
Kerberos requires WEP 104 or Keyguard. The encryption type has been
changed to W
EP104.
admin(network.wlan)>
3-190 WS2000 Wireless Switch System Reference Guide
show
Network WLAN Commands
Displays the WLAN parameters.
Syntax
show [eap|kerb|tkip|ccmp|wep-mcm|wlan|mu-inact|wep_shared] <idx>
Syntax:
eap <idx> Shows the EAP parameters for WLAN <idx> (18).
kerb <idx> Shows the Kerberos parameters for WLAN <idx> (18).
tkip <idx> Shows the TKIP parameters for WLAN <idx> (18).
ccmp <idx> Shows the CCMP parameters for WLAN <idx> (18).
wep-mcm <idx> Shows the WEP/Keyguard parameters for WLAN <idx> (18).
wlan <idx> Shows the basic WLAN parameters for WLAN <idx> (18).
mu-inact Shows the MU inactivity timeout value.
wep_shared Shows the WEP Shared parameters.
Example
admin(network.wlan)>show tkip 1
admin(network.wlan)>show ccmp 1
admin(network.wlan)>show wep-mcm 1
admin(network.wlan)>show wlan 1
admin(network.wlan)>show eap 1
server ip 1 : 0.0.0.0
server ip 2 : 0.0.0.0
server port 1 : 1812
server port 2 : 1812
eap secret 1 : ********
eap secret 2 : ********
Related Commands
rogueap
Network WLAN Commands
Displays the rogue AP submenu.
Syntax
admin(network.wlan)> rogueap
admin(network.wlan.rogueap)>
The items available under this command are shown below.
set
Network WLAN Rogue AP Commands
Sets rogue access point parameters.
Syntax
set [muscan|apscan|detscan|fullapscan] [mode <mode>|interval <interval>]
Parameters
Related Commands
show
Network WLAN Rogue AP Commands
Shows the current rogue AP configuration.
Syntax
show
Parameters
None
Example
admin(network.wlan.rogueap)>show
mu scan : disabled
mu scan interval : 60 minutes
ap scan : disabled
ap scan interval : 60 minutes
detector ap scan : disabled
detector ap scan interval : 60 minutes
full detector ap scan : disabled
full detector ap scan interval : 60 seconds
Related Commands
approvedlist
Network WLAN Rogue AP Commands
Displays the approved AP list submenu.
Syntax
admin(network.wlan.rogueap)> approvedlist
admin(network.wlan.rogueap.approvedlist)>
The items available under this command are shown below.
ageoute
Network WLAN Rogue AP Approvedlist Commands
Displays ageout time for an approved list entry.
Syntax
ageout <interval>
Parameters
ageout <interval> Sets the number of minutes, the <interval> (01000), before an entry in the
approved list is automatically removed.
Example
admin(network.wlan.rogueap.approvedlist)>ageout 30
admin(network.wlan.rogueap.approvedlist)>
Related Commands
approve
Network WLAN Rogue AP Approvedlist Commands
Approves an AP.
Syntax
approve [<index>|all]
Parameters
approve approve <index> Approves an access point from the list based on the location
[<index>|all] specified by <index>.
approve all Approves all access points in the list.
Example
admin(network.wlan.rogueap.approvedlist)>approve 1
admin(network.wlan.rogueap.approvedlist)>approve all
admin(network.wlan.rogueap.approvedlist)>
Related Commands
erase
Network WLAN Rogue AP Approvedlist Commands
Erases the approved AP list.
Syntax
erase all
Parameters
none
Example
admin(network.wlan.rogueap.approvedlist)>erase all
admin(network.wlan.rogueap.approvedlist)>show
approved ap list
++++++++++++++++
index ap essid
----- -- ------
Related Commands
show
Network WLAN Rogue AP Approvedlist Commands
Shows the approved AP list.
Syntax
show
Parameters
None
Example
admin(network.wlan.rogueap.approvedlist)>show
approved ap list
++++++++++++++++
index ap essid
----- -- ------
Related Commands
roguelist
Network WLAN Rogue AP Commands
Displays the rogue AP list submenu.
Syntax
admin(network.wlan.rogueap)> roguelist
admin(network.wlan.rogueap.roguelist)>
ageout
Network WLAN Rogue AP Commands
Displays the ageout time for a rogue list entry.
Syntax
ageout <time>
Parameters
ageout <time> Sets the ageout time for the entry associated to <time> (11000) minutes.
Example
admin(network.wlan.rogueap.roguelist)>ageout 50
Related Commands
approve
Network WLAN Rogue AP Commands
Moves a rogue AP into the approved AP list.
Syntax
approve [<index>|all]
Parameters
approve approve <index> Puts the rogue AP <index> into the approved AP list.
[<index>|all] approve all Puts all the entries of the rogue list into the approved AP list.
Example
admin(network.wlan.rogueap.approvedlist)>approve all
Related Commands
erase
Network WLAN Rogue AP Commands
Erases the rogue AP list.
Syntax
erase all
Parameters
None
Example
admin(network.wlan.rogueap.roguelist)>erase all
Example
show
Network WLAN Rogue AP Commands
Displays the rogue list entries.
Syntax
show [all|<index>|deauth-list]
Parameters
rogue ap list
++++++++++++++++++++
-------------------------------------------------------------------------
Idx AP Essid Channel
-------------------------------------------------------------------------
Related Commands
set
Network WLAN Rogue AP Commands
Sets rogue list parameters.
Syntax
set [rap-containment|deauth-interval|deauth-all]
Syntax:
Related Commands
deauth
Network WLAN Rogue AP Commands
Manages the Rogue AP Containment list by adding APs, their MAC address to the list and deleting APs from
the list.
Syntax
deauth [add-to-list|add-mac-to-list|remove-from-list] <index>
deauth all
Parameters
locate
Network WLAN Rogue AP Roguelist Commands
Displays the locate submenu.
Syntax
admin(network.wlan.rogueap.roguelist)> locate
admin(network.wlan.rogueap.roguelist.locate)>
list
Network WLAN Rogue AP Rogue List Locate Commands
Lists the results of the locate rogue AP scan.
Syntax
list
Parameters
None
Example
admin(network.wlan.rogueap.roguelist.locate)>list
Related Commands
start
Network WLAN Rogue AP Rogue List Locate Commands
Locates a rogue AP.
Syntax
start <MAC> <ESSID>
Parameters
start <MAC> <ESSID> Starts locating a rogue AP where <MAC> is the MAC address (or BSSID) of the
rogue AP, and <essid> is the ESSID for the rogue AP.
Example
admin(network.wlan.rogueap.roguelist.locate)>start 00A0f8fe2344 wlan-engg
Related Commands
list Lists information for the rogue AP found during the scan.
3-210 WS2000 Wireless Switch System Reference Guide
muscan
Network WLAN Rogue AP Roguelist Commands
Displays the MU scan submenu.
Syntax
admin(network.wlan.rogueap.roguelist)> muscan
admin(network.wlan.rogueap.roguelist.muscan)>
list
Network WLAN Rogue AP Roguelist Commands
Lists the results of the locate rogue AP scan.
Syntax
list
Parameters
None
Example
admin(network.wlan.rogueap.roguelist.muscan)>list
Related Commands
start
Network WLAN Rogue AP Roguelist Commands
Starts an on-demand MU polling for rogue APs.
Syntax
start <MAC> <ESSID>
Parameters
start <MAC> <ESSID> Starts locating a rogue AP where <MAC> is the MAC address (or BSSID) of the
rogue AP, and <ESSID> is the ESSID for the rogue AP.
Example
admin(network.wlan.rogueap.roguelist.muscan)>start 00A0f8fe2344
Related Commands
list Lists information for the rogue AP found during the scan.
Network CLI Commands Reference 3-213
rulelist
Network WLAN Rogue AP Commands
Displays the rule list submenu.
Syntax
admin(network.wlan.rogueap)> rulelist
admin(network.wlan.rogueap.rulelist)>
add
Network WLAN Rogue AP Rule List Commands
Adds an entry to the rule list.
Syntax
add <MAC> <ESSID>
Parameters
add <MAC> <ESSID> Adds an entry into the rule list to allow an AP with the mac address <MAC> and
the ESSID <ESSID>.
Example
admin(network.wlan.rogueap.rulelist)>add 00a0f8f31212 mywlan
admin(network.wlan.rogueap.rulelist)>show
rule list
+++++++++
index ap essid
----- -- ------
1 00:a0:f8:f3:12:12 mywlan
admin(network.wlan.rogueap.rulelist)>?
Related Commands
authsymbolap
Network WLAN Rogue AP Rule List Commands
Authorizes all Symbol APs.
Syntax
authsymbolap <mode>
Parameters
authsymbolap <mode> Enables or disables automatic authorization of all Symbol APs. <mode> can be
enable or disable.
Example
admin(network.wlan.rogueap.rulelist)>auth enable
admin(network.wlan.rogueap.rulelist)>show
rule list
+++++++++
index ap essid
----- -- ------
1 00:a0:f8:f3:12:12 mywlan
Related Commands
show Shows all the rules in the rule list and shows status of the Symbol AP automatic authorization.
3-216 WS2000 Wireless Switch System Reference Guide
delete
Network WLAN Rogue AP Rule List Commands
Deletes an entry from the rule list.
Syntax
delete [all|<idx>]
Parameters
rule list
+++++++++
index ap essid
----- -- ------
Related Commands
show
Network WLAN Rogue AP Rule List Commands
Displays the rule list.
Syntax
show
Parameters
None
Example
admin(network.wlan.rogueap.rulelist)>show
rule list
+++++++++
index ap essid
----- -- ------
1 00:a0:f8:f3:12:12 mywlan
Related Commands
enhancedrogueap
Network WLAN Commands
Displays the Enhanced Rogue AP detection submenu.
Syntax
admin(network.wlan)> enhancedrogueap
admin(network.wlan.enhancedrogueap)>
show
Network WLAN Enhanced Rogue AP Commands
Displays the Enhanced Rogue AP parameters.
Syntax
show
Parameters
None
Example
admin(network.wlan.enhancedrogueap)>show
admin(network.wlan.enhancedrogueap)>
3-220 WS2000 Wireless Switch System Reference Guide
set
Network WLAN Enhanced Rogue AP Commands
Sets the Enhanced Rogue AP parameters.
Syntax
set [mode|scaninterval|scanduration|A_channels|BG_channels|erase]
Parameters
muprobe
Network WLAN Commands
Displays the MU Probe sub menu.
Syntax
admin(network.wlan)> muprobe
admin(network.wlan.muprobe)>
show
Network WLAN MU Probe Commands
Displays the MU Probe Table configuration information.
Syntax
show
Parameters
None
Example
admin(network.wlan.muprobe)> show
set
Network WLAN MU Probe Commands
Sets the different MU Probe Table configurations.
Syntax
set [mode|size|erase|windows]
Parameters
mode <mode> Enables or disables MU Probe scans. <mode> can be enable or disable.
size <size> Sets the size <size> in number of rows of the MU Probe Table.
erase Erases the MU Probe Table
window <value> Sets the MU Probe time window to <value> (5-300) seconds.
Example
admin(network.wlan.muprobe)> show
hotspot
Network WLAN Commands
Displays the Hotspot sub menu.
Syntax
admin(network.wlan)> hotspot
admin(network.wlan.hotspot)>
set
Network WLAN Hotspot Commands
Sets the different Hotspot parameters.
Syntax
set [mode|page-loc|exturl|http-mode|hotspot-session-timeout|
hotspot-cred-cache]
mode <idx> <mode> Enables or disables hotspot for a WLAN with the index value <idx> (1-
8).
page-loc <idx> <page-loc> Sets the location of the welcome page for Hotspot for a WLAN with the
index <idx> (1-8). <page-loc> can be one of default, cf, url.
When <page-loc> is default, the default pages are shown.
When <page-loc> is cf, the pages for login, welcome, and fail are
stored on the CF card and are displayed from there.
When <page-loc> is url, the pages are displayed from a URL. The
URL information is provided through the set exturl command.
exturl <idx> <page> <url> Sets the URL locations for the hotspot login, welcome, and fail pages
for a WLAN with the index value <idx> (1-8). <page> should be one of
login, welcome, or fail and indicates the page type. <url> is the fully
qualified path to the page indicated by the <page> value.
http-mode <idx> <http-mode> Sets the HTTP mode for the hotspot for the WLAN with index
<idx> (1-8). <http-mode> can be one of http or https. HTTP indicates
that connections to the hotspot does not use security. HTTPS indicates
use of security.
hotspot-session-timeout Sets the timeout value for the hotspot to <hotspot-session-timeout>
<hotspot-session-timeout> minutes. This value is global and is applicable to all WLANs. The
default value for <hotspot-session-timeout> is 20 minutes and the
maximum value that can be entered is 1440 minutes (1 day).
hotspot-cred-cache Enables or disables hotspot user credential caching for the WS2000.
<hotspot-cred-cache>
Example
admin(network.wlan.hotspot)> show hotspot 1
WLAN 1
Hotspot Mode : disable
Hotspot Page Location : default
External Login URL :
External Welcome URL :
3-226 WS2000 Wireless Switch System Reference Guide
WLAN 1
Hotspot Mode : enable
Hotspot Page Location : url
External Login URL : //192.168.1.10/wlan1/hotspt/login.htm
External Welcome URL : //192.168.1.10/wlan1/hotspt/
welcome.htm
External Fail URL : //192.168.1.10/wlan1/hotspt/fail.htm
Http Mode : https
Network CLI Commands Reference 3-227
show
Network WLAN Hotspot Commands
Displays the different hotspot configuration settings.
Syntax
show [hotspot|white-list|hs-session-timeout|hs-cred-cache]
Parameters
WLAN 1
Hotspot Mode : enable
Hotspot Page Location : url
External Login URL : //192.168.1.10/wlan1/hotspt/login.htm
External Welcome URL : //192.168.1.10/wlan1/hotspt/
welcome.htm
External Fail URL : //192.168.1.10/wlan1/hotspt/fail.htm
Http Mode : https
WhiteList Rules
-------------------------------------------------------------------------
Idx IP Address
-------------------------------------------------------------------------
1 192.168.1.32
2 192.168.1.45
3 192.168.1.55
4 192.168.1.56
import
Network WLAN Hotspot Commands
Imports the html pages for the welcome, login, and fail screens.
Syntax
import <idx> <page>
Parameters
import <idx> <page> Imports the specified page for the WLAN with index <idx> (1-8). <page> must be
one of login, welcome, or fail. Paste the html page into the console.
Example
admin(network.wlan.hotspot)> import 1 login
Enter 'Ctrl C' to abort. Paste the HTML Page:
<html>
<Head>
<title>Office1 WLAN - Login Page</title>
</head>
<body>
<h1 align="center">Office1 Wireless LAN - Login Page</h1>
<HR width=50%>
<p align ="center"><b>Please enter your login information below</b></p>
<form action="login.asp>
<center>
<table width=25%>
<tr>
<tD>User Name</td>
<td><input > </input></td>
</tr>
<tr>
<td>Password</td>
<td><input type=password> </input></td>
</tr>
</table>
<br>
<button type=submit>
<strong>Login</strong>
</button>
<hr width=50%>
<p>Page usage monitored and IP captured. Do not login if not
authorized.</p>
</center>
</form>
</body>
</html>
Network CLI Commands Reference 3-229
radius
Network WLAN Hotspot Commands
Displays the RADIUS server commands for hotspot. RADIUS is used to authenticate hotspot users.
Syntax
admin(network.wlan.hotspot)> radius
admin(network.wlan.hotspot.radius)>
show
Network WLAN Hotspot RADIUS commands
Displays the RADIU ?S server information for each hotspot.
Syntax
show radius <idx>
Parameters
show radius <idx> Displays the RADIUS information for the WLAN with the index <idx> (1-8).
Example
admin(network.wlan.hotspot.radius)> show radius 1
Primary Server Ip adr : 127.0.0.1
Primary Server Port : 1812
Primary Server Secret : ******
Secondary Server Ip adr : 0.0.0.0
Secondary Server Port : 1812
Secondary Server Secret : ******
Accounting Mode : disable
Accounting Timeout : 1
Accounting Retry-count : 1
Network CLI Commands Reference 3-231
set
Network WLAN Hotspot RADIUS commands
Configures the RADIUS server information for hotspots for each WLAN.
Syntax
set [server|port|secret|acct-mode|acct-timeout|acct-retry|
bind-interface|auth-mode]
Parameters
server <idx> <srvr_type> Sets the IP address <ipadr> of the RADIUS server for the WLAN with
<ipadr> index <idx> (1-8). The <srvr_type> (primary, secondary) identifies the
RADIUS server as a primary or a secondary server.
port <idx> <srvr_type> <port> Sets the port <port> of the RADIUS server for the WLAN with the index
<idx> (1-8). The <srvr_type> (primary, secondary) identifies the
RADIUS server as a primary or a secondary server.
secret <idx> <srvr_type Sets the secret <secret> for accessing the RADIUS server for the WLAN
<secret> with the index <idx> (1-8). The <srvr_type> (primary, secondary)
identifies the RADIUS server as a primary or a secondary server.
acct-mode <idx> <mode> Enables or disables accounting mode for the RADIUS server for the
WLAN with the index <idx> (1-8). When enabled, RADIUS accounting
log is written to the CF card when the RADIUS server is not reachable.
acct-timeout <idx> <timeout> Sets the time duration <timeout> (1-255) seconds after which RADIUS
logs are written to the CF card.
acct-retry <idx> <retry-count> Sets the number of re-tries <retry-count> (1-10) made before RADIUS
logs are written to the CF card.
bind-interface <idx> <server> Binds the RADIUS server type <server> (Primary or Secondary) to the
<interface> interface <interface> (one of s1-s6, w, none - s1- Subnet 1, s2-subnet 2,
...s6-Subnet 6, w-wan) for the WLAN <idx> (18).
auth-mode <idx> <mode> Sets the radius authentication mode to either PAP or CHAP. This is used
to encrypt authentication packets when authenticating with radius
servers located on the WAN side of WS2000.
Example
admin(network.wlan.hotspot.radius)> set server 1 primary 192.169.1.222
admin(network.wlan.hotspot.radius)> set server 1 secondary 192.169.1.223
admin(network.wlan.hotspot.radius)> set port 1 primary 1812
admin(network.wlan.hotspot.radius)> set port 1 secondary 1812
admin(network.wlan.hotspot.radius)> set secret 1 primary hello1
3-232 WS2000 Wireless Switch System Reference Guide
admin(network.wlan.hotspot.radius)>
Network CLI Commands Reference 3-233
white-list
Network WLAN Hotspot Commands
Displays the White-list submenu. White-list is a list of devices that can use the hotspot.
Syntax
admin(network.wlan.hotspot)> white-list
admin(network.wlan.hotspot.whitelist)>
add
Network WLAN Hotstpot White-list Commands
Adds an entry to the WLAN hotspot white-list. White-list is a list of devices that can access the hotspot.
Syntax
add rule <wlan_idx> <ipadr>
Parameters
add rule <wlan_idx> Adds an IP entry <ipadr> to the White-list for the WLAN specified by the index
<ipadr> <wlan_idx> (1-8)
Example
admin(network.wlan.hotspot.whitelist)> add rule 1 192.168.1.67
admin(network.wlan.hotspot.whitelist)> show white-rules 1
WhiteList Rules
-------------------------------------------------------------------------
Idx IP Address
-------------------------------------------------------------------------
1 192.168.1.32
2 192.168.1.45
3 192.168.1.55
4 192.168.1.56
5 192.168.1.67
Network CLI Commands Reference 3-235
clear
Network WLAN Hotstpot White-list Commands
Clears or deletes the WLAN hotspot white-list entries.
Syntax
clear rule [all|<wlan_idx> [all|<ipadr>]]
Parameters
clear rule [all|<wlan_idx> clear rule all Clears all the hotspot white-list entries.
[all|<ipadr>]] clear rule <wlan_idx> all Clears all the hotspot white-list entries for
the WLAN specified by the <wlan_idx> (1-8) value.
clear rule <wlan_idx> <ipadr> Clears a specific IP address <ipadr>
from the hotspot white-list entries for the WLAN specified by the
<wlan_idx> (1-8) value.
Example
admin(network.wlan.hotspot.whitelist)> show white-rules 1
WhiteList Rules
-------------------------------------------------------------------------
Idx IP Address
-------------------------------------------------------------------------
1 192.168.1.32
2 192.168.1.45
3 192.168.1.55
4 192.168.1.56
5 192.168.1.67
WhiteList Rules
-------------------------------------------------------------------------
Idx IP Address
-------------------------------------------------------------------------
1 192.168.1.32
2 192.168.1.45
3 192.168.1.55
4 192.168.1.56
WhiteList Rules
-------------------------------------------------------------------------
Idx IP Address
-------------------------------------------------------------------------
3-236 WS2000 Wireless Switch System Reference Guide
show
Network WLAN Hotstpot White-list Commands
Displays the WLAN hotspot white-list entries.
Syntax
show white-rules <idx>
Parameters
show white-rule <idx> Displays the hotspot white-list for the WLAN with the index <idx> (1-8).
Example
admin(network.wlan.hotspot.whitelist)> show white-rules 1
WhiteList Rules
-------------------------------------------------------------------------
Idx IP Address
-------------------------------------------------------------------------
1 192.168.1.32
2 192.168.1.45
3 192.168.1.55
4 192.168.1.56
5 192.168.1.67
Network CLI Commands Reference 3-237
wlanipfpolicy
Network WLAN Commands
Displays the WLAN IP Filter Policy submenu.
Syntax
admin(network.wlan)> wlanipfpolicy
admin(network.wlan.wlanipfpolicy)>
set
Network WLAN WLAN IP Fiter Policy Commands
Sets the WLAN IP filter policy configuration. IP Filters have to be set up through the Network > IPFilter menu.
Syntax
set [ipf-mode|default]
Syntax:
ipf-mode <wlan-idx> Sets the IP filter mode <ipf-mode> (enable/disable) for the WLAN with
<ipf-mode> the index <idx> (1-8).
default [incoming|outgoing] incoming Sets the default incoming action to <action> (allow/deny)
<wlan-idx> <action> for IP filtering for he WLAN with the index <idx> (1-8).
outgoing Sets the default outgoing action to <action> (allow/deny) for
IP filtering for he WLAN with the index <idx> (1-8).
Example
admin(network.wlan.wlanipfpolicy)> show 1
-------------------------------------------------------------------------
Filter-Name Direction Action
-------------------------------------------------------------------------
add
Network WLAN WLAN IP Fiter Policy Commands
Adds a new IP Filter association table entry. IP Filters have to be set up through the Network > IPFilter menu.
Syntax
add <wlan-idx> <filter-name> <direction> <action>
Parameters
del
Network WLAN WLAN IP Fiter Policy Commands
Deletes a entry from the IP Filter association table.
Syntax
del <wlan-idx> [all|<index>]
Syntax:
delete <wlan-idx> Deletes an IP Filter association table entry. The WLAN is specified by the
[all|<index>] <wlan-idx> (1-8). <index> indicates the filter to delete. all is used to delete
all entries from the IP Filter association table.
Example
admin(network.wlan.wlanipfpolicy)> show 1
-------------------------------------------------------------------------
Filter-Name Direction Action
-------------------------------------------------------------------------
allow_tcp incoming allow
allow_tcp outgoing deny
admin(network.wlan.wlanipfpolicy)> del 1 2
admin(network.wlan.wlanipfpolicy)> show 1
-------------------------------------------------------------------------
Filter-Name Direction Action
-------------------------------------------------------------------------
allow_tcp incoming allow
show
Network WLAN WLAN IP Fiter Policy Commands
Displays the contents of the IP Filter association table.
Syntax
show <wlan-idx>
Parameters
show <wlan-idx> Displays the IP filter association table for the WLAN with the index <wlan-idx> (1-8).
Example
admin(network.wlan.wlanipfpolicy)> show 1
-------------------------------------------------------------------------
Filter-Name Direction Action
-------------------------------------------------------------------------
allow_tcp incoming allow
allow_tcp outgoing deny
port
network
Displays the port configuration submenu.
Syntax
admin(network)>port
admin(network.port)>
set
Network Port Commands
Sets the port configuration parameters.
Syntax
set [auto-negotiation|speed|duplex]
Parameters
auto-negotiation Enables or disables auto negotiation. When enabled, the port negotiates the speed
<idx> <auto- and the duplex type. <auto-negotiation> can be one of enable or disable. <idx>
negotiation> (port1-port6, wan) is the port number.
speed <idx> Sets the speed for the port with the index <idx> (port1-port6, wan). Set <speed>
<speed> from 10M or 100M.
duplex <idx> Sets the duplex mode for the port with the index <idx> (port1-port6, wan). Set the
<duplex> <duplex> value from full or half.
Example
admin(network.port)> show port1
auto-negotiation : disable
speed : 10M
duplex : half
auto-negotiation : enable
speed : 100M
duplex : full
3-244 WS2000 Wireless Switch System Reference Guide
show
Network Port Commands
Displays the port configuration parameters.
Syntax
show <idx>
Parameters
show <idx> Displays the port configuration settings for the port <idx> (port1-port6, wan).
Example
admin(network.port)> show port1
auto-negotiation : enable
speed : 100M
duplex : full
Network CLI Commands Reference 3-245
ipfilter
network
Displays the IP Filter submenu.
IP based filtering allows administrators to configure Incoming and Outgoing IP filtering policies on packets
within the same Subnet / WLAN and between wired and wireless hosts. Filters can be set up based on IP
Address or as a default rule for all IPs in a given direction.
Syntax
admin(network)> ipfilter
admin(network.ipfilter)>
add
Network IP Filter Commands
Adds an entry into the global IP Filter table.
Syntax
add <filter-name> <protocol> <port> <start-src-address> <end-src-address>
<start-dest-address> <end-dest-address>
Parameters
del
Network IP Filter Commands
Deletes an entry from the global IP Filter table.
Syntax
del [all|<idx>]
Parameters
show
Network IP Filter Commands
Displays the global IP Filter table.
Syntax
show
Parameters
None
Example
admin(network.ipfilter)> show
-------------------------------------------------------------------------
Filter-Name Protocol-Port Start-End-Src-IP Start-End-Dst-IP
In-Use
-------------------------------------------------------------------------
allow_tcp TCP 0.0.0.0 0.0.0.0
YES
ALL 0.0.0.0 0.0.0.0
allow_udp UDP 0.0.0.0 0.0.0.0
NO
ALL 0.0.0.0 0.0.0.0
Network CLI Commands Reference 3-249
wips
network
Description:
Displays the Wireless Intrusion Protection System (WIPS) submenu.
Syntax
admin(network)> wips
admin(network.wips)>
set
Network WIPS Command
Enables or disables WIPS.
Syntax
set mode <mode>
Parameters
set mode <mode> Enables or disables WIPS. <mode> can be either enable or disable.
Example
admin(network.wips)> set mode enable
admin(network.wips)> show mode
State : enable
Network CLI Commands Reference 3-251
show
Network WIPS Command
Displays the WIPS parameters.
Syntax
show mode
Parameters
None
Example
admin(network.wips)> show mode
State : enable
3-252 WS2000 Wireless Switch System Reference Guide
list
Network WIPS Command
Lists the adopted APs and detected sensors for WIPS.
Syntax
list [sensors|aps]
Parameters
convert
Network WIPS Command
Converts an existing AP to a dedicated Sensor device. This command is only valid for Motorola AP300.
Syntax
convert <mac1> <mac2> ...
Parameters
convert <mac1> <mac2> Converts the list of AP represented by their MAC addresses <mac1>
... <mac2>... to dedicated sensor devices.
Example
admin(network.wips)> convert 00a0f8bf8a70
revert
Network WIPS Command
Reverts a dedicated Sensor device to an AP. This command is only valid for Motorola AP300.
Syntax
revert <mac1> <mac2> ...
Syntax:
revert <mac1> <mac2> Converts the list of Sensors represented by their MAC addresses <mac1>
... <mac2>... to APs.
Example
admin(network.wips)> revert 00a0f8bf8a70
update
Network WIPS Command
Sends configuration information to dedicated sensor devices.
Syntax
update <mac> <dhcp_mode> <ipaddr> <mask> <dgw> <pwips> {<swips>}
Parameters
defaults
Network WIPS Command
Goes to the WIPS default configuration menu.
Syntax
admin(network.wips)>defaults
admin(network.wips.defaults)>
set
Network WIPS Default commands
Sets the default WIPS configuration settings. These settings are used when WIPS configurations are not
changed.
Syntax
set mode <mode>
Syntax:
show
Network WIPS Default commands
Displays the default WIPS configuration.
Syntax
show
Parameters
None
Example
admin(network.wips.default)> show
wids
network
Displays the Wireless Intrusion Detection System (WIDS) commands.
Syntax
admin(network)>wids
admin(network.wids)>
delete
Network WIDS Commands
Deletes WIDS MU list entries.
Syntax
delete [all|<idx>]
Parameters
set
Network WIDS Commands
Sets the WIDPS parameters.
Syntax
set [mode|detect-window|anomaly-detect|excess-op]
Parameters
excess-op Sets the threshold of events allowed in the detection window per MU.
[threshold|filter- threshold [mu|radio|switch] <type> <threshold> Sets the threshold values for mu,
ageout] radio, or switch.
<type> is the violation type and can be one of:
all - all types of excessive operations
probe-req - Probe Request frames
auth-assoc-req - 802.11 Authentication and Association Request
deauth-disassoc-req - Disassociation and Deauthentication frames
auth-fails - Failures reported by Authentication servers
crypto-replay-fails - TKIP/CCMP IV replay check failure
80211-replay-fails - 802.11 replay check failure
decrypt-fails - decryption failures
unassoc-frames - frames from unassociated stations
eap-starts - EAP (802.1x) Start frames
<threshold> (0-65535) is the threshold value in seconds, 0 disables this option
filter-ageout <type> <filter-ageout> Sets the number of seconds a mobile unit is
filtered out.
<type> is the violation type and can be one of:
all - all the anomalies.
null-dst - NULL destination MAC anomaly
same-src-dst - Same source and destination IP anomaly
mcas-src - Multicast source MAC anomaly
weak-wep-iv - Weak WEP initialization vector anomaly
tkip-cntr-meas - TKIP Countermeasures anomaly
invalid-frame-len - Invalid frame length anomaly
<filter-ageout> (0-86400) is the ageout value in seconds. Default is 60 seconds.
0 disables this option.
Example
admin(network.wids)> set mode enable
admin(network.wids)> set detect-window 25
admin(network.wids)> set anomaly-detect mode all enable
admin(network.wids)> set anomaly-detect filter-ageout all 120
admin(network.wids)> set excess-op threshold mu all 80
admin(network.wids)> set excess-op filter-ageout all 80
admin(network.wids)> show wids
crypto-replay-fails : 80 0 0 80
80211-replay-fails : 80 0 0 80
decrypt-fails : 80 0 0 80
unassoc-frames : 80 0 0 80
eap-starts : 80 0 0 80
show
Network WIDS Commands
Displays the default WIDS configuration settings
Syntax
show [wids|filter]
Parameters
urlfilter
network
Displays the URL Filter commands
Syntax
admin(network)> urlfilter
admin(network.urlfilter)>
set
Network URL Filter Commands
Sets URL FIlter parameters.
Syntax
set [mode|tcp-port|error-msg|action]
Parameters
mode <mode> Sets the URL Filter mode. <mode> can be enable or disable.
set tcp-port <tcp-port> Sets the TCP Port for URL Filtering to <tcp-port>.
set error-msg <error-msg> Sets the error message to the string <error-msg> for URL Filtering. This error
message is displayed when there is an error while accessing the page the
user had requested.
set action <action> Sets the default action for URL Filtering when reverse DNS look-up fails.
<action> can be one of allow or deny.
Example
admin(network.urlfilter)> show
show
Network URL Filter Commands
Displays URL Filter configuration information.
Syntax
show
Parameters
None
Example
admin(network.urlfilter)>show
keyword
Network URL Filter Commands
Displays the URL Filter Keyword commands.
Syntax
admin(network.urlfilter)> keyword
admin(network.urlfilter.keyword)>
add
Network URL Filter Keyword Commands
Adds a new keyword and action to the keyword filter table.
Syntax
add <keyword> <action>
Parameters
admin(network.urlfilter.keyword)>
Network CLI Commands Reference 3-271
delete
Network URL Filter Keyword Commands
Deletes a keyword from the keyword table.
Syntax
delete <keyword>
Parameters
delete <keyword> Deletes the keyword <keyword> from the URL Filter keyword table.
Example
admin(network.urlfilter.keyword)>show
--------URL FILTERING KEYWORD DETAILS---------
KeyWord Action
share deny
trading deny
admin(network.urlfilter.keyword)>delete share
admin(network.urlfilter.keyword)>show
--------URL FILTERING KEYWORD DETAILS---------
KeyWord Action
trading Deny
admin(network.urlfilter.keyword)>
3-272 WS2000 Wireless Switch System Reference Guide
removeall
Network URL Filter Keyword Commands
Removes all entries from the Keyword Table.
Syntax
removeall
Parameters
None
Example
admin(network.urlfilter.keyword)>show
--------URL FILTERING KEYWORD DETAILS---------
KeyWord Action
share Deny
trading Deny
stocks Deny
stock Deny
admin(network.urlfilter.keyword)>removeall
admin(network.urlfilter.keyword)>show
--------URL FILTERING KEYWORD DETAILS---------
KeyWord Action
Network CLI Commands Reference 3-273
show
Network URL Filter Keyword Commands
Displays the URL filter keyword table entries.
Syntax
show
Parameters
None
Example
admin(network.urlfilter.keyword)>show
--------URL FILTERING KEYWORD DETAILS---------
KeyWord Action
share Deny
trading Deny
3-274 WS2000 Wireless Switch System Reference Guide
whitelist
Network URL Filter Commands
Displays the whitelist URLs commands.
Syntax
admin(network.urlfilter)> whitelist
admin(network.urlfilter.whitelist)>
add
Network URL Filter White list Commands
Adds a new whitelist entry to the whitelist table.
Syntax
add <whitelist>
Parameters
add <whitelist> Adds a whitelist entry into the whitelist table. <whitelist> is an URL to be added.
Example
admin(network.urlfilter.whitelist)>show
--------URL FILTERING WHITE LIST DETAILS---------
mot.com
admin(network.urlfilter.whitelist)>add moto.com
admin(network.urlfilter.whitelist)>show
--------URL FILTERING WHITE LIST DETAILS---------
mot.com
moto.com
admin(network.urlfilter.whitelist)>
3-276 WS2000 Wireless Switch System Reference Guide
delete
Network URL Filter White list Commands
Deletes a whitelist entry from the whitelist table.
Syntax
delete [<whitelist>|all]
Parameters
admin(network.urlfilter.whitelist)>delete motoo.com
admin(network.urlfilter.whitelist)>show
--------URL FILTERING WHITE LIST DETAILS---------
mot.com
moto.com
admin(network.urlfilter.whitelist)>delete all
admin(network.urlfilter.whitelist)>show
--------URL FILTERING WHITE LIST DETAILS---------
Network CLI Commands Reference 3-277
show
Network URL Filter White list Commands
Displays the URL filter whitelist table entries.
Syntax
show
Parameters
None
Example
admin(network.urlfilter.whitelist)>show
--------URL FILTERING WHITE LIST DETAILS---------
mot.com
moto.com
admin(network.urlfilter.whitelist)>
3-278 WS2000 Wireless Switch System Reference Guide
blacklist
Network URL Filter Commands
Displays the URL Filter black list URLs commands.
Syntax
admin(network.urlfilter)> blacklist
admin(network.urlfilter.blacklist)>
add
Network URL Filter Black List Commands
Adds a new blacklist entry to the blacklist table.
Syntax
add <blacklist>
Parameters
add <blacklist> Adds a blacklist entry into the blacklist table. <blacklist> is an URL.
Example
admin(network.urlfilter.blacklist)>show
--------URL Filtering BLACK LIST DETAILS---------
shares.com
admin(network.urlfilter.blacklist)>add trading.com
admin(network.urlfilter.blacklist)>show
--------URL Filtering BLACK LIST DETAILS---------
shares.com
trading.com
admin(network.urlfilter.blacklist)>
3-280 WS2000 Wireless Switch System Reference Guide
delete
Network URL Filter Black List Commands
Deletes a blacklist entry from the blacklist table.
Syntax
delete [<blacklist>|all]
Parameters
admin(network.urlfilter.blacklist)>delete dipmail.com
admin(network.urlfilter.blacklist)>show
--------URL Filtering BLACK LIST DETAILS---------
shares.com
trading.com
admin(network.urlfilter.blacklist)>delete all
admin(network.urlfilter.blacklist)>show
--------URL Filtering BLACK LIST DETAILS---------
Network CLI Commands Reference 3-281
show
Network URL Filter Black List Commands
Displays the URL filter blacklist table entries.
Syntax
show
Parameters
None
Example
admin(network.urlfilter.blacklist)>show
--------URL Filtering BLACK LIST DETAILS---------
shares.com
trading.com
admin(network.urlfilter.blacklist)>
3-282 WS2000 Wireless Switch System Reference Guide
trustip
Network URL Filter Commands
Displays the URL Trusted IP commands.
Syntax
admin(network.urlfilter)> trustip
admin(network.urlfilter.trustip)>
add
Network URL Filter Trusted IP Commands
Adds a new IP into the trusted IP table.
add <trustip>
Parameters
add <trustip> Adds an IP address <trustip> into the trusted IPs list.
Example
admin(network.urlfilter.trustip)>show
--------URL FILTERING TRUST IP---------
192.168.10.20
admin(network.urlfilter.trustip)>add 192.168.10.10
admin(network.urlfilter.trustip)>show
--------URL FILTERING TRUST IP---------
192.168.10.20
192.168.10.10
admin(network.urlfilter.trustip)>
3-284 WS2000 Wireless Switch System Reference Guide
delete
Network URL Filter Black List Commands
Deletes an entry from the trusted IPs list.
Syntax
delete [<trustip>|all]
Parameters
admin(network.urlfilter.trustip)>del 192.168.11.9
admin(network.urlfilter.trustip)>show
--------URL FILTERING TRUST IP---------
192.168.10.20
192.168.10.10
admin(network.urlfilter.trustip)>
Network CLI Commands Reference 3-285
show
Network URL Filter Trusted IP Commands
Displays the trusted IPs list
Syntax
show
Parameters
None
Example
admin(network.urlfilter.trustip)>show
--------URL FILTERING TRUST IP---------
192.168.10.20
192.168.10.10
admin(network.urlfilter.trustip)>
3-286 WS2000 Wireless Switch System Reference Guide
System CLI Commands Reference
System commands are used to set the system parameters for the WS 2000 Wireless Switch.
4.1 system
Admin Menu Commands
Use the system command to go to the System menu.
admin> system
admin(system)>
lastpw
system
This command displays the MAC address for the switch, the previous admin password for the switch, and
the number of times the current admin password has been used along with how many more times it will be
valid.
Syntax
lastpw
Parameters
None
Example
admin(system)>lastpw
exec
system
Executes a linux command
Syntax
exec <command>
Parameters
authentication
system
Displays the authentication submenu.
Syntax
admin(system)> authentication
admin(system.authentication)>
The items available under this command are shown below.
set
System Authentication Commands
Sets the parameter that specifies how user authentication is taking place.
Syntax
set [mode|auth-loc] [local|radius]
Syntax:
set mode [local|radius] Sets the authentication mode. If set to local, the internal User Database will
serve as the data source. If set to radius, the switch will use an external
LDAP server for the information. If radius is the mode, then the parameters
under the radius submenu must to be set.
set auth-loc [local|radius] Sets the Airbeam user authentication to either the local database or the
RADIUS server. If set to radius, the switch will use an external LDAP server
for the authentication. If radius is the authentication location, then the
RADIUS server is used for authentication.
Example
admin(system.authentication)>set mode local
admin(system.authentication)>show all
authentication mode : local
admin(system.authentication)>
Related Commands
set Sets the parameters to specify that the external RADIUS server is used for user
authentication.
4-6 WS2000 Wireless Switch System Reference Guide
show
System Authentication Commands
Shows the main user authentication parameters.
Syntax
show all
Parameters
None
Example
admin(system.authentication)>set mode local
admin(system.authentication)>show all
authentication mode : local
radius user location and type : radius
admin(system.authentication)>
Related Commands
radius
System Authentication Commands
Displays the RADIUS submenu.
Syntax
admin(system.authentication)> radius
admin(system.authentication.radius)>
The items available under this command are shown below.
set
System Authentication RADIUS Commands
Sets the RADIUS proxy server authentication parameters.
Syntax
set [auth-server-ip|auth-server-port|shared-secret]
Parameters
set auth-server-ip <IP> Sets the IP address for the RADIUS authentication proxy server to the IP
address <IP>.
auth-server-port <port> Specifies the TCP/IP port number <port> for the RADIUS server that will act as
a proxy server. The default port is 1812.
shared-secret <password> Sets a shared secret <password> for each suffix that is used for
authentication with the RADIUS proxy server.
Example
admin(system.authentication.radius)>set auth-server-ip 192.168.0.4
admin(system.authentication.radius)>set auth-server-port 1812
admin(system.authentication.radius)>set shared mysecret
admin(system.authentication.radius)>
admin(system.authentication.radius)>show all
radius server ip : 192.168.0.4
radius server port : 1812
radius server shared secret : ********
System CLI Commands Reference 4-9
show
System Authentication RADIUS Commands
Shows the RADIUS authentication parameters.
Syntax
show all
Parameters
None
Example
admin(system.authentication.radius)> set auth-server-ip 192.168.0.4
admin(system.authentication.radius)> set auth-server-port 1812
admin(system.authentication.radius)> set shared mysecret
admin(system.authentication.radius)>show all
radius server ip : 192.168.0.4
radius server port : 1812
radius server shared secret : ********
Related Commands
config
system
Displays the config submenu.
Syntax
admin(system)> config
admin(system.config)>
default
System Configuration Commands
Restores the switch to the factory default configuration.
Syntax
default
Parameters
None
Example
admin(system.config)>default
*************************************************************************
System will now restore default configuration. You will need to set the
country code for correct operation.
*************************************************************************
export
System Configuration Commands
Exports the configuration from the system.
Syntax
export [ftp|tftp|terminal]
Syntax:
admin(system.config)>export ftp
import
System Configuration Commands
Imports the configuration to the system.
Syntax
import [ftp|tftp] {default-and-apply}
Parameters
partial
System Configuration Commands
Resets the switch's configuration to the factory default settings for all settings except the WAN and some
SNMP related settings. The following settings will remain intact when using Restore Partial Default
Configuration:
All settings on the WAN page
SNMP access to the WS 2000 on the WS 2000 Access page
All settings on the SNMP Access page
Before using this feature, consider exporting the current configuration for safekeeping.
Syntax
partial
Parameters
None
Example
admin(system.config)>partial
*************************************************************************
System will now restore default configuration. You will need to set the
country code for correct operation.
*************************************************************************
Related Commands
set
System Configuration Commands
Sets the import/export parameters.
Syntax
set [server|user|passwd|file|cfgpath|fw|sensor-fw|import-enc-password|
bind-interface]
set fw [file|path|boot|active-partition]
set fw file <filename>
set fw path <path>
set fw boot [on-board-flash|compact-flash]
set fw active-partition [primary|secondary]
Parameters
server <ipaddress> Sets the FTP/TFTP server IP address to <ipaddress> in the format a.b.c.d.
user <username> Sets the FTP user name to <username> (up to 47 characters).
passwd <password> Sets the FTP password to <password> (up to 39 characters).
file <filename> Sets the configuration file name to <filename> (up to 39 characters).
cfgpath <path> Sets the configuration file path to <path> (up to 31 characters)
fw [ Sets the firmware information for the device.
file <filename>| file <filename> Sets the firmware filename to <filename> (up to 39
path <path>| characters).
boot [on-board-flash|
path <path> Sets the firmware file path to <path> (up to 39 characters).
compact-flash]|
active-partition boot [on-board-flash|compact-flash] Sets the firmware boot device to either
[primary|secondary] the on board flash (on-board-flash) or the compact flash card (compact-
flash) attached to the WS 2000 Wireless Switch.
active-partition [primary|secondary] Sets the active partition on the compact
flash card to either of primary or secondary.
System CLI Commands Reference 4-17
admin(system.config)>export ftp
Firmware Example
admin(system.config)>set fw file mf_01050000160B.bin
admin(system.config)>set fw path /tftp/myadmin/
admin(system.config)>update tftp s1
4-18 WS2000 Wireless Switch System Reference Guide
show
System Configuration Commands
Shows the import/export parameters.
Syntax
show all
Parameters
None
Example
admin(system.config)> show all
ftp/tftp server ip address : 157.235.208.196
ftp user name : admin
ftp password : ********
cfg filename : v23.26b.bin
config filepath : /home/ftp/admin/2k/
firmware filepath : /home/ftp/admin/2k/
firmware filename : v23.26b.bin
sensor firmware filepath : /home/ftp/admin/2k/
sensor firmware filename : leo_sensor.bin
max size of sensor firmware file : 512000
import enc admin password mode : disable
boot source device : on-board-flash
active partition of Compact Flash : primary
System CLI Commands Reference 4-19
update
System Configuration Commands
Performs a firmware update.
Syntax
update <mode> {<interface>}
Parameters
update [tftp|ftp] <iface> Sets how firmware updates will occur. Select between ftp and tftp.
<iface> specifies the interface (location), as follows:
s1 = subnet1
s2 = subnet2
s3 = subnet3
s4 = subnet4
s5 = subnet5
s6 = subnet6
w = wan
Before using this command, use set server to set the IP address for the FTP/TFTP
server. If using the ftp mode, also use set user and set passwd to allow login to
the FTP server.
update cf Indicates that firmware updates will occur from the switchs compact flash slot.
(Undoes an ftp/tftp setting.)
Example
admin(system.config)>set fw file mf_01050000200B.bin
admin(system.config)>set fw path /tftp/myadmin/
admin(system.config)>update tftp s1
4-20 WS2000 Wireless Switch System Reference Guide
sensor-fw-update
System Configuration Commands
Performs firmware update for the sensors. When sensor firmware update is done,
No restart is required.
New sensors receive the updated firmware.
Existing sensors must be reverted and then reassigned for them to get the new sensor firmware image.
Syntax
sensor-fw-update [ftp|tftp]
Parameters
admin(system.config)>
System CLI Commands Reference 4-21
loadtocf
System Configuration Commands
This command loads and updates the firmware to the CF card. This is used for dual boot.
Syntax
loadtocf [cf|ftp|tftp] <image-type>
Syntax:
cf <image-type> Loads the image to the CF card. The <image-type> (primary, secondary) is the
target partition on the CF card to store the image on. In this case, the image source
is the CF card and the destination is also the CF card.
ftp <image-type> Loads the image to a CF card. The <image-type> (primary, secondary) is the
target partition on the CF card to store the image on. This command downloads the
image using FTP and stores it on the target partition.
tftp <image-type> Loads the image to a CF card. The <image-type> (primary, secondary) is the
target partition on the CF card to store the image on. This command downloads the
image using TFTP and stores it on the target partition.
Example
admin(system.config)> loadtocf cf primary
admin(system.config)>
4-22 WS2000 Wireless Switch System Reference Guide
logs
system
Displays the logs submenu.
Syntax
admin(system)> logs
admin(system.logs)>
The items available under this command are shown below.
delete
System Logs Commands
Deletes the core log files.
Syntax
delete
Parameters
None
Example
admin(system.logs)>delete
4-24 WS2000 Wireless Switch System Reference Guide
send
System Logs Commands
Sends log and core files through FTP to a location specified with the set command. Use the set command to
set the FTP login and site information first.
Syntax
send
Parameters
None
Example
admin(system.logs)>set user fred
admin(system.logs)>set passwd mygoodness
admin(system.logs)>show all
admin(system.logs)>send
admin(system.logs)>
Related Commands
set Sets the parameters associated with log operations, such as send.
show all Displays the log related settings.
System CLI Commands Reference 4-25
set
System Logs Commands
Sets log options and parameters.
Syntax
set [ipadr|level|mode|cf_logging_mode|server|user|passwd]
Parameters
ipadr <ip> Sets the external syslog server IP address to <ip> (a.b.c.d).
level <level> Sets the level of the events that will be logged. All event with a level at or
above <level> (L0L7) will be saved in the system log.
L0:Emergency
L1:Alert
L2:Critical
L3:Errors
L4:Warning
L5:Notice
L6:Info
L7:Debug
mode <mode> Enables or disables ext syslog server logging. <mode> is either enable or
disable.
cf_logging_mode <mode> Enables or disables logging to CF card if connection to the Syslog server fails.
<mode> is either enable or disable.
server <ip> Sets the FTP server IP address to <ip> (a.b.c.d).
user <username> Sets the FTP user name to <username> (147 characters).
passwd <password> Sets the FTP password to <password> (139 characters).
Example
admin(system.logs)>set user fred
admin(system.logs)>set passwd mygoodness
admin(system.logs)>show all
show
System Logs Commands
Shows logging options.
Syntax
show all
Parameters
None
Example
admin(system.logs)>set user user1
admin(system.logs)>set passwd hello
admin(system.logs)>show all
Related Commands
view
System Logs Commands
Views the system log file.
Syntax
view
Parameters
None
Example
admin(system.logs)>view
. . .
4-28 WS2000 Wireless Switch System Reference Guide
ntp
system
Displays the NTP submenu.
Syntax
admin(system)> ntp
admin(system.ntp)>
set
System NTP Commands
Sets NTP parameters.
Syntax
set [mode|intrvl|server|port|time|zone]
Syntax:
admin(system.ntp)>
4-30 WS2000 Wireless Switch System Reference Guide
show
System NTP Commands
Shows all NTP server settings.
Syntax
show all
Parameters
None
Example
admin(system.ntp)>show all
Related Commands
date-zone
System NTP Commands
Shows the WS2000 date, time and time zone.
Syntax
date-zone
Parameters
None
Example
admin(system.ntp)> date-zone
Date/Time : Thu 1970-Jan-01 05:53:25 +0530 IST
Time Zone : Asia/Calcutta
admin(system.ntp)>
4-32 WS2000 Wireless Switch System Reference Guide
zone-list
System NTP Commands
Displays the different time zones.
Syntax
zone-list
Parameters
None
Example
admin(system.ntp)>zone-list
----------------------------------------------
Index | TimeZone
----------------------------------------------
1 | Africa/Abidjan
2 | Africa/Accra
3 | Africa/Addis_Ababa
4 | Africa/Algiers
5 | Africa/Asmera
6 | Africa/Bamako
7 | Africa/Bangui
8 | Africa/Banjul
9 | Africa/Bissau
10 | Africa/Blantyre
radius
system
Displays the RADIUS submenu.
Syntax
admin(system)> radius
admin(system.radius)>
generate-dh-param
System RADIUS Commands
Generates the DH Params file for supporting Cipher Suit v 0x13
(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA) for EAP-TLS./TTLS protocols. If this file does not exist when
the WS2000 is booted, it is created. This command provides a facility to create the DH Params file as
required.
Syntax
generate-dh-param
Parameters
None
Example
admin(system.radius)>generate-dh-param
This will take several minutes.
Please wait until the operation is complete.
DH Parameter file will not get created if interrupted...
admin(system.radius)>
System CLI Commands Reference 4-35
set
System RADIUS Commands
Sets the RADIUS database to either the local database or an LDAP server.
Syntax
set database [local|ldap|ldaps]
Parameters
set database Sets the RADIUS server to the local database (local) or an LDAP server (ldap) or
[local|ldap|ldaps] a secured LDAP server (ldaps).
Example
admin(system.radius)>set database ldap
admin(system.radius)>show all
Database : ldap
Related Commands
show
System RADIUS Commands
Shows the RADIUS parameters.
Syntax
show all
Parameters
None
Example
admin(system.radius)>set database ldap
admin(system.radius)>show all
Database : ldap
Related Commands
client
System RADIUS Commands
Displays the client submenu.
Syntax
admin(system.radius)>client
admin(system.radius.client)>
add
System RADIUS Client Commands
Adds a RADIUS client.
Syntax
add <ip> <mask> <secret>
Parameters
add <ip> <mask> <secret> Adds a RADIUS client with IP address <ip>, netmask <mask>, and
shared secret <secret>.
Example
admin(system.radius.client)>add 192.168.46.4 225.225.225.0 mysecret
admin(system.radius.client)>show
List of Radius Clients :
-------------------------------------------------------------------------
Idx Subnet/Host Netmask SharedSecret
------------------------------------------------------------------------
Related Commands
del
System RADIUS Client Commands
Deletes a RADIUS client with the provided IP address.
Syntax
del <ip>
Parameters
-------------------------------------------------------------------------
Idx Subnet/Host Netmask SharedSecret
-------------------------------------------------------------------------
1 192.168.46.4 225.225.225.0 ******
2 192.168.101.43 225.225.225.0 ******
admin(system.radius.client)>del 192.168.46.4
admin(system.radius.client)>show
List of Radius Clients :
-------------------------------------------------------------------------
Idx Subnet/Host Netmask SharedSecret
-------------------------------------------------------------------------
1 192.168.101.43 225.225.225.0 ******
admin(system.radius.client)>
Related Commands
show
System RADIUS Client Commands
Displays a list of configured RADIUS clients.
Syntax
show
Parameters
None
Example
admin(system.radius.client)>show
List of Radius Clients :
-------------------------------------------------------------------------
Idx Subnet/Host Netmask SharedSecret
-------------------------------------------------------------------------
1 192.168.46.4 225.225.225.0 ******
2 192.168.101.43 225.225.225.0 ******
admin(system.radius.client)>
Related Commands
eap
System RADIUS Commands
Displays the EAP submenu.
Syntax
admin(system.radius)> eap
admin(system.radius.eap)>
The items available under this command are shown below.
import
System RADIUS EAP Commands
Imports the EAP certificates.
Syntax
import [server|cacert] <cert ID>
Parameters
server <cert id> Imports a server certificate with the certificate ID <cert id>.
cacert <cert id> Imports a Trusted Certificate with certificate ID <cert id>.
Example
admin(system.radius.eap)>import server mycert
admin(system.radius.eap)>import cacert NETE3443
Related Commands
set
System RADIUS EAP Commands
Sets the EAP parameters. To configure each of the selected authentication types, go to the submenu
associated with each type.
Syntax
set auth [peap|ttls|both]
Parameters
auth [peap|ttls|both] Sets the default authorization type to one of PEAP or TTLS or both. When
selected, go to the submenu associated with the selection to finish the setup.
Example
admin(system.radius.eap)>set auth peap
admin(system.radius.eap)>show all
Default EAP Type : peap
Related Commands
show
System RADIUS EAP Commands
Displays the EAP parameters.
Syntax
show [all|cert]
Parameters
Example
peap
System RADIUS EAP Commands
Displays the PEAP submenu.
Syntax
admin(system.radius.eap)> peap
admin(system.radius.eap.peap)>
The items available under this command are shown below.
set
System RADIUS EAP PEAP Commands
Sets the PEAP authentication type.
Syntax
set auth <peap type>
Parameters
set auth <peap type> Sets the authentication type for PEAP to <peap type> (GTC or MTCHAPv2).
Example
admin(system.radius.eap.peap)>set auth gtc
admin(system.radius.eap.peap)>show
PEAP Auth Type : gtc
Related Commands
show
System RADIUS EAP PEAP Commands
Displays the PEAP authentication type.
Syntax
show
Parameters
None
Example
admin(system.radius.eap.peap)>set auth gtc
admin(system.radius.eap.peap)>show
PEAP Auth Type : gtc
Related Commands
ttls
System RADIUS EAP Commands
Displays the TTLS submenu.
Syntax
admin(system.radius.eap)> ttls
admin(system.radius.eap.ttls)>
The items available under this command are shown below.
set
System RADIUS EAP TTLS Commands
Sets the TTLS authentication type.
Syntax
set auth <ttls type>
Parameters
set auth <auth type> Sets the authentication type for TTLS to <auth type> (PAP, MD5, or
MSCHAPv2).
Example
admin(system.radius.eap.ttls)>set auth md5
admin(system.radius.eap.ttls)>show
TTLS Auth Type : md5
Related Commands
show
System RADIUS EAP TTLS Commands
Shows the TTLS authentication type.
Syntax
show
Parameters
None
Example
admin(system.radius.eap.ttls)>set auth md5
admin(system.radius.eap.ttls)>show
TTLS Auth Type : md5
Related Commands
ldap
System RADIUS Commands
Displays the LDAP submenu.
Syntax
admin(system.radius)> ldap
admin(system.radius.ldap)>
The items available under this command are shown below.
set
System RADIUS LDAP Commands
Sets the LDAP parameters.
Syntax
set [ipadr|domain|port|binddn|basedn|passwd|login|pass_attr|
groupname|filter|membership|adagent|pri-domain|admin-uname|admin-pass]
Parameters
Example
admin(system.radius.ldap)>set ipadr 192.168.42.23
admin(system.radius.ldap)>set port 356
admin(system.radius.ldap)>show all
LDAP Server IP : 192.168.42.23
LDAP Server Port : 56
LDAP Bind DN : dfkjkkj
LDAP Base DN : o=mobion
LDAP Login Attribute : (uid=%{Stripped-User-Name:-%{User-
Name}})
LDAP Password Attribute : userPassword
LDAP Group Name Attribute : cn
LDAP Group Membership Filter :
LDAP Group Membership Attribute : mygroup
admin(system.radius.ldap)>
Related Commands
show
System RADIUS LDAP Commands
Description:
Displays the LDAP parameters.
Syntax
show all
Parameters
None
Example
admin(system.radius.ldap)>set ipadr 192.168.42.23
admin(system.radius.ldap)>set port 356
admin(system.radius.ldap)>show all
LDAP Server IP : 192.168.42.23
LDAP Server Port : 56
LDAP Bind DN : dfkjkkj
LDAP Base DN : o=mobion
LDAP Login Attribute : (uid=%{Stripped-User-Name:-%{User-
Name}})
LDAP Password Attribute : userPassword
LDAP Group Name Attribute : cn
LDAP Group Membership Filter :
LDAP Group Membership Attribute : mygroup
admin(system.radius.ldap)>
Related Commands
import
System RADIUS LDAP Commands
Imports Secure LDAP certificates.
Syntax
import [client|cacert] <cert-id>
Parameters
join
System RADIUS LDAP Commands
Joins the device to the A D domain.
Syntax
join
Parameters
None
Example
admin(system.radius.ldap)> join
System CLI Commands Reference 4-57
policy
System RADIUS Commands
Displays the policy submenu.
Syntax
admin(system.radius)> policy
admin(system.radius.policy)>
set
System RADIUS Policy Commands
Sets a groups access to WLANs.
Syntax
set <group> <idx>
Parameters
set <group> <idx> Gives the group <group> access to WLAN with a list of indexes <idx>. The list <idx>
can either be a single index or several indexes separated by spaces. The group
<group> must be already defined. See System User Database Group Commands for
information about defining groups.
Example
admin(system.radius.policy)>set g1 2 3 4
admin(system.radius.policy)>show
List of Access Policies :
g1 : 2 3 4
g2 : No Wlans
Related Commands
show
System RADIUS Policy Commands
Displays the access policy details for all groups.
Syntax
show
Parameters
None
Example
admin(system.radius.policy)>set g1 2 3 4
admin(system.radius.policy)>show
List of Access Policies :
g1 : 2 3 4
g2 : No Wlans
Related Commands
proxy
System RADIUS Commands
Displays the proxy submenu.
Syntax
admin(system.radius)> proxy
admin(system.radius.proxy)>
The items available under this command are shown below.
add
System RADIUS Proxy Commands
Adds a proxy realm.
Syntax
add <name> <ip> <port> <secret>
Parameters
add <realm> <ip> <port> Add a proxy realm with realm name <realm>, RADIUS server IP address <ip>,
<secret> port <port>, and shared secret <secret>.
Example
admin(system.radius.proxy)>add realm1 192.168.102.42 225 realmpass
admin(system.radius.proxy)>show realm
Proxy Realms :
-------------------------------------------------------------------------
Idx Suffix RadiusServerIP Port
SharedSecret
-------------------------------------------------------------------------
1 realm1 192.168.102.42 225
******
Related Commands
del
System RADIUS Proxy Commands
Deletes a proxy realm.
Syntax
del <realm>
Parameters
-------------------------------------------------------------------------
Idx Suffix RadiusServerIP Port
SharedSecret
-------------------------------------------------------------------------
1 realm1 192.168.102.42 225
******
admin(system.radius.proxy)>del realm1
admin(system.radius.proxy)>show realm
Proxy Realms :
-------------------------------------------------------------------------
Idx Suffix RadiusServerIP Port
SharedSecret
-------------------------------------------------------------------------
Related Commands
clearall
System RADIUS Proxy Commands
Clears all the proxy server records.
Syntax
clearall
Parameters
None
Example
admin(system.radius.proxy)> clearall
4-64 WS2000 Wireless Switch System Reference Guide
set
System RADIUS Proxy Commands
Sets the proxy server parameters.
Syntax
set delay <delay>
set count <count>
Syntax:
delay <delay> Sets the retry delay of the proxy server to <delay> minute (510).
count <count> Sets the retry count of the proxy server to <count> (36).
Example
admin(system.radius.proxy)>set delay 7
admin(system.radius.proxy)>set count 4
admin(system.radius.proxy)>show proxy
Proxy Server Retry Count : 4
Proxy Server Retry Delay : 7
admin(system.radius.proxy)>
Example
show
System RADIUS Proxy Commands
Shows the proxy server parameters.
Syntax
show [proxy|realm]
Parameters
-------------------------------------------------------------------------
Idx Suffix RadiusServerIP Port
SharedSecret
-------------------------------------------------------------------------
1 realm1 192.168.102.42 225
******
admin(system.radius.proxy)>set delay 7
admin(system.radius.proxy)>set count 4
admin(system.radius.proxy)>show proxy
Proxy Server Retry Count : 4
Proxy Server Retry Delay : 7
admin(system.radius.proxy)>
Related Commands
redundancy
system
Displays the redundancy submenu.
Syntax
admin(system)> redundancy
admin(system.redundancy)>
The items available under this command are shown below.
set
System Redundancy Commands
Sets the parameters for redundant switch mode.
Syntax
set [op_state|mode|heartbeat|revertdelay|redundancy|preempt|virtualip]
Parameters
mode <mode> Sets the switch to the <mode> (primary or secondary). Indicates that the switch
is either the primary or secondary (standby) switch when redundancy is enabled.
This parameter can only be set if the op_state parameter is set to redundancy.
op-state <state> Sets the redundancy operation state of the switch to one of the following <state>:
standaloneThe switch has no redundancy capabilities and operates
independently of any other WS 2000 switches on the network. This is the default
setting.
redundancyTwo WS 2000 switches are connected, with one set as a primary
and the other as a standby.
upgradeThe primary and standby switches must run the same version of the
switch firmware for redundancy to work correctly. If the firmware on only one of
the switches is updated, redundancy is disabled and the Operational State is
automatically set to Upgrade.
heartbeat <interval> Sets the heartbeat interval for the switch to <interval> (160) seconds.
revertdelay <delay> Specifies the amount of time <delay> (120 minutes) after not receiving a
heartbeat packet before the secondary (standby) switch will take over.
redundancy <subnet> Sets the redundancy state <state> (enable or disable) for the subnet <subnet>
<state> (s1, s2. s3, s4, s5, s6).
preempt <mode> Enables to prevent system stand-by on redundant switches. <mode> can be
enable or disable.
virtualip <subnet> Sets the virtual IP address to <ip> for each redundant subnet <subnet>.
<ip>
Example
admin(system.redundancy)>set mode standby
can not set the value when the op_state is either upgrade or standalone
Related Commands
show
System Redundancy Commands
Displays the switch redundancy settings.
Syntax
show all
Parameters
None
Example
admin(system.redundancy)>show all
Related Commands
snmp
system
Displays the SNMP submenu.
Syntax
admin(system)> snmp
admin(system.snmp)>
The items available under this command are shown below.
access
System SNMP Commands
Displays the SNMP access menu.
Syntax
admin(system.snmp)> access
admin(system.snmp.access)>
add
System SNMP Access Commands
Adds SNMP access list entries.
Syntax
add [acl|v1v2c|v3]
Parameters
add acl <ip1> <ip2> Adds an entry to the SNMP access control list with <ip1> as the starting IP
address and <ip2> and the ending IP address.
v1v2c <comm> Adds an SNMP v1/v2c configuration.
<access> [<oid>|all] <comm> The community (131 characters)
<access> The read/write access set to (ro (read only) or rw (read/write)
<oid> The Object Identifier. <oid> is a string of 1127 numbers in dot
notation, such as 2.3.4.5.6 or all for all objects.
v3 <user> <access> Adds an SNMP v3 user definition.
[<oid> / all] <sec> <user> The username (131 characters).
<auth> <pass1> <priv>
<access> The read/write access set to ro (read only) or rw (read/write)
<pass2>
<oid> The Object Identifier. <oid> is a string of 1127 numbers in dot
notation, such as 1.3.6.1 or all for all objects)
<sec> The security type. <sec> is set to one of none, auth, or auth/priv.
The following parameters must be specified if <sec> is set to auth/priv:
<auth> The authentication algorithm. Can be one of md5 or sha1. Must
be set if <sec> is set to auth or auth/priv.
<pass1> The password (831 characters) for authentication. Must be
provided if <sec> is set to auth or auth/priv.
<priv> The privacy algorithm. Set to des or aes. Must be set if <sec> is
set to auth/priv.
<pass2> Privacy password (831 characters). Must be provided if <sec>
is set to auth/priv.
Example
admin(system.snmp.access)>add acl 209.236.24.1 209.236.24.46
admin(system.snmp.access)>list acl
----------------------------------------------------------------
index start ip end ip
----------------------------------------------------------------
1 209.236.24.1 209.236.24.46
index : 1
username : fred
access permission : read/write
object identifier : 1.3.6.6
security level : none
auth algorithm : md5
auth password : ********
privacy algorithm : des
privacy password : ********
admin(system.snmp.access)>list v3 2
index : 2
username : judy
access permission : read/write
object identifier : 1.3.6.1
security level : auth/priv
auth algorithm : md5
auth password : ********
privacy algorithm : des
privacy password : *******
4-74 WS2000 Wireless Switch System Reference Guide
delete
System SNMP Access Commands
Deletes SNMP access entries.
Syntax
delete [acl|v1v2c|v3] [<idx>|all]
Parameters
admin(system.snmp.access)>list v3 all
index : 1
username : fred
access permission : read/write
object identifier : 1.3.6.6
security level : none
auth algorithm : md5
auth password : ********
privacy algorithm : des
privacy password : ********
index : 2
username : judy
access permission : read/write
object identifier : 1.3.6.1
security level : auth/priv
auth algorithm : md5
auth password : ********
privacy algorithm : des
privacy password : ********
System CLI Commands Reference 4-75
admin(system.snmp.access)>delete v3 2
admin(system.snmp.access)>list v3 all
index : 1
username : fred
access permission : read/write
object identifier : 1.3.6.6
security level : none
auth algorithm : md5
auth password : ********
privacy algorithm : des
privacy password : ********
admin(system.snmp.access)>
4-76 WS2000 Wireless Switch System Reference Guide
list
System SNMP Access Commands
Lists SNMP access entries.
Syntax
list [acl|v1v2c]
list v3 [<idx>|all]
Parameters
admin(system.snmp.access)>list v3 all
index : 1
username : fred
access permission : read/write
object identifier : 1.3.6.6
security level : none
auth algorithm : md5
auth password : ********
privacy algorithm : des
privacy password : ********
admin(system.snmp.access)>list v3 2
index : 2
username : judy
access permission : read/write
object identifier : 1.3.6.1
security level : auth/priv
auth algorithm : md5
auth password : ********
privacy algorithm : des
privacy password : *******
System CLI Commands Reference 4-77
show
System SNMP Access Commands
Displays the SNMP v3 engine ID.
Syntax
show eid
Parameters
None
Example
admin(system.snmp.access)>show eid
admin(system.snmp.access)>
4-78 WS2000 Wireless Switch System Reference Guide
traps
System SNMP Commands
Displays the SNMP traps submenu.
Syntax
admin(system.snmp)> traps
admin(system.snmp.traps)>
add
System SNMP Traps Commands
Adds SNMP traps.
Syntax
add [v1v2c|v3]
Parameters
index : 1
destination ip : 192.168.103.3
destination port : 80
username : bomuser
security level : auth
auth algorithm : md5
auth password : ********
privacy algorithm : des
privacy password : ********
index : 2
destination ip : 182.168.103.4
destination port : 80
username : blistuser
security level : auth/priv
auth algorithm : md5
auth password : ********
privacy algorithm : des
privacy password : ********
System CLI Commands Reference 4-81
delete
System SNMP Traps Commands
Deletes SNMP trap entries.
Syntax
delete [v1v2c|v3] [<idx>|all]
Parameters
index : 1
destination ip : 192.168.103.3
destination port : 80
username : bomuser
security level : auth
auth algorithm : md5
auth password : ********
privacy algorithm : des
privacy password : ********
index : 2
destination ip : 182.168.103.4
destination port : 80
username : blistuser
security level : auth/priv
auth algorithm : md5
auth password : ********
privacy algorithm : des
privacy password : ********
admin(system.snmp.traps)>delete v3 1
admin(system.snmp.traps)>list v3 all
index : 1
destination ip : 182.168.103.4
destination port : 80
username : blistuser
security level : auth/priv
auth algorithm : md5
auth password : ********
privacy algorithm : des
privacy password : ********
4-82 WS2000 Wireless Switch System Reference Guide
list
System SNMP Traps Commands
Lists SNMP trap entries.
Syntax
list v1v2c
list v3 [<idx>|all]
Parameters
admin(system.snmp.traps)>list v3 all
index : 1
destination ip : 182.168.103.4
destination port : 80
username : blistuser
security level : auth/priv
auth algorithm : md5
auth password : ********
privacy algorithm : des
privacy password : ********
System CLI Commands Reference 4-83
set
System SNMP Traps Commands
Sets SNMP trap parameters.
Syntax
set [cold|cfg|lowcf|port|dos-attack|snmp-auth|snmp-acl|mu-assoc|
mu-unassoc|mu-deny-assoc|mu-deny-auth|ap-adopt|ap-unadopt|
ap-denied-adopt|ap-radar|rogue-ap|hotspot-mu-state|
user-login-failure|interface|admin-passwd-change|dyndns-update|
wids-mu|wids-radio|wids-switch|ips] <mode>
set cf-thresh <memory_kb>
set min-pkt <pkt>
set dos-rate-limit <seconds>
set rate <rate> <scope> <value>
Parameters
set [cold|cfg|lowcf|port|dos-attack|snmp-auth|snmp-acl|mu-assoc|mu-unassoc|
mu-deny-assoc|mu-deny-auth|ap-adopt|ap-unadopt|ap-denied-adopt|ap-radar|
rogue-ap|hotspot-mu-state|user-login-failure|interface|admin-passwd-change|
dyndns-update|wids-mu|wids-radio|wids-switch|ips] <mode>
Sets the different SNMP parameters. <mode> can be one of enable or disable.
cold Configuration changed trap
cfg Configuration mode trap
lowcf Low compact flash memory trap
port Physical port status change trap
dos-attack Denial of Service (DOS) attack trap
snmp-auth Authentication failure trap
snmp-acl SNMP ACL violation trap
mu-assoc MU associated trap
mu-unassoc MU un-associated trap
mu-deny-assoc MU denied association trap
mu-deny-auth MU authentication denied trap
ap-adop AP adopted trap
ap-unadop AP un-adopted trap
ap-denied-adopt AP denied trap
ap-radar AP radar trap
rogue-ap Rogue AP trap
hotspot-mu-state Hotspot MU change state trap
user-login-failure User login failure trap
ips Intrusion Prevention System trap
interface Interface status change trap
4-84 WS2000 Wireless Switch System Reference Guide
NOTE: <value> can be a number with up to two decimal places, except for
assoc_mus, which must be an integer.
Example
admin(system.snmp.traps)>show trap
SNMP Traps
SNMP MU Traps
mu associated : disable
mu unassociated : disable
mu denied association : disable
mu denied authentication : disable
SNMP AP Traps
ap adopted : disable
ap unadopted : disable
ap denied adoption : disable
ap radar detection : disable
SNMP Traps
SNMP MU Traps
mu associated : disable
mu unassociated : enable
mu denied association : disable
mu denied authentication : disable
SNMP AP Traps
ap adopted : disable
ap unadopted : disable
ap denied adoption : disable
ap radar detection : enable
admin(system.snmp.traps)>
System CLI Commands Reference 4-87
show
System SNMP Traps Commands
Shows SNMP trap parameters.
Syntax
show [trap|rate-trap]
Parameters
SNMP Traps
SNMP MU Traps
mu associated : disable
mu unassociated : enable
mu denied association : disable
mu denied authentication : disable
SNMP AP Traps
ap adopted : disable
ap unadopted : disable
ap denied adoption : disable
ap radar detection : enable
admin(system.snmp.traps)>show rate-trap
admin(system.snmp.traps)>
System CLI Commands Reference 4-89
ssh
system
Displays the secure shell (SSH) submenu.
Syntax
admin(system)> ssh
admin(system.ssh)>
set
System SSH Commands
Sets secure shell parameters for system access.
Syntax
set auth-timeout <authentication timeout>
set inactive-timeout <inactive timeout>
Parameters
auth-timeout Sets the maximum time <authentication timeout> (065535 seconds) allowed for
<authentication SSH authentication to occur before executing a timeout.
timeout>
inactive-timeout Sets the maximum amount of inactive time <inactive timeout> (065535 seconds)
<inactive timeout> for an SSH connection before a timeout occurs and the user is dropped.
Example
admin(system.ssh)>set auth-timeout 60
admin(system.ssh)>set inactiv 2000
admin(system.ssh)>show all
Authentication Timeout : 60
SSH Client Inactivity Timeout : 2000
admin(system.ssh)>
Related Commands
show
System SSH Commands
Shows secure shell timeout parameters.
Syntax
show all
Parameters
None
Example
admin(system.ssh)>set auth-timeout 60
admin(system.ssh)>set inactiv 2000
admin(system.ssh)>show all
Authentication Timeout : 60
SSH Client Inactivity Timeout : 2000
admin(system.ssh)>
Related Commands
set Sets the values for the secure shell timeout parameters.
4-92 WS2000 Wireless Switch System Reference Guide
userdb
system
Displays the userdb submenu.
Syntax
admin(system)> userdb
admin(system.userdb)>
group
System User Database Commands
Displays the group submenu.
Syntax
admin(system.userdb)> group
admin(system.userdb.group)>
add
System User Database Group Commands
Adds a user to a group.
Syntax
add <userid> <group>
Parameters
add <userID> Adds the user specified by <userID> to the group <groupID>. <userID> must
<groupID> already be defined in the database. User the add command from the
(system.userdb.users) menu to add a new user.
Example
admin(system.userdb.group)>add fred g1
admin(system.userdb.group)>add joe g1
admin(system.userdb.group)>add joe g2
admin(system.userdb.group)>show user g1
List of Users of Group :
fred
joe
admin(system.userdb.group)>show user g2
List of Users of Group :
joe
Related Commands
create
System User Database Group Commands
Creates a new group.
Syntax
create <group> <vlan-id>
Parameters
create <group> <vlan-id> Creates a new group with the ID <group>. <group> can be an alphanumeric
string. Users in the group are automatically assigned the vlan-id as specified
by <vlan-id>.
Example:
admin(system.userdb.group)>create g1 10
admin(system.userdb.group)>show groups
List of Group Names :
Groupname : g1
Guest Group : NO
VanId : 10
Start Time : 0000
Expiry Time : 2359
Access on Days : All
admin(system.userdb.group)>
Related Commands
delete
System User Database Group Commands
Deletes a group from the database.
Syntax
delete <group>
Parameters
delete <groupID> Deletes the group <group> from the database. A warning occurs if there are still
users assigned to that group.
Example
admin(system.userdb.group)>show groups
List of Group Names :
Groupname : g1
Guest Group : NO
VanId : 10
Start Time : 0000
Expiry Time : 2359
Access on Days : All
Groupname : g2
Guest Group : NO
VanId : 6
Start Time : 0000
Expiry Time : 2359
Access on Days : All
Groupname : g3
Guest Group : NO
VanId : 1
Start Time : 0000
Expiry Time : 2359
Access on Days : All
admin(system.userdb.group)>delete g2
admin(system.userdb.group)>show groups
List of Group Names :
Groupname : g1
Guest Group : NO
VanId : 10
Start Time : 0000
Expiry Time : 2359
Access on Days : All
Groupname : g3
Guest Group : NO
System CLI Commands Reference 4-97
VanId : 1
Start Time : 0000
Expiry Time : 2359
Access on Days : All
Related Commands
clearall
System User Database Group Commands
Clears all the groups in the Groups list. Before clearing all the groups, ensure that no user account is
associated to the groups.
Syntax
clearall
Parameters
None
Example
admin(system.userdb.group)>show groups
List of Group Names :
Groupname : g1
Guest Group : NO
VanId : 10
Start Time : 0000
Expiry Time : 2359
Access on Days : All
Groupname : g3
Guest Group : NO
VanId : 1
Start Time : 0000
Expiry Time : 2359
Access on Days : All
Groupname : g2
Guest Group : NO
VanId : 15
Start Time : 0000
Expiry Time : 2359
Access on Days : All
admin(system.userdb.group)>clearall
admin(system.userdb.group)>show groups
List of Group Names :
No Groups
admin(system.userdb.group)>
System CLI Commands Reference 4-99
remove
System User Database Group Commands
Removes a user from a group.
Syntax
remove <userid> <group>
Parameters
remove <userid> Removes the user <userid> from the group <group>.
<group>
Example
admin(system.userdb.group)>show users g1
List of Users of Group :
John
Jane
admin(system.userdb.group)>remove Jane g1
admin(system.userdb.group)>show users g1
List of Users of Group :
John
admin(system.userdb.group)>
Related Commands
set
System User Database Group Commands
Sets the different group parameters.
Syntax
set [vlan|day-access|guest-group|start-time|end-time]
Parameters
vlan <group> <vlan> Sets the vlan id of a group <group> to <vlan> (1 4094).
start-time <group> Sets the time when a user belonging to a group <group> can start authenticating
<time> (login) with the WS2000. Start-time is in 24hr format.
end-time <group> Sets the time after which a user belonging to a group <group> cannot
<time> authenticate (login) with the WS2000. End-time is in 24hr format.
day-access <group> Sets the access days for a group <group>.
[all|weekdays|<days> all Sets the access days to all days of the week including Saturdays and
Sundays.
weekday Sets the access days to all week days excluding Saturdays and
Sunday.
<days> Sets the access days as specified. Each item in this list is to be
separated by a space. <days> can be mo, tu, we, th, fr, sa, su.
guest-group <group> Sets the group identified by <group> as a guest group.
Example
admin(system.userdb.group)> set vlan Group1 1
admin(system.userdb.group)> set start-time Group1 0730
admin(system.userdb.group)> set end-time Group1 2230
admin(system.userdb.group)> set day-access Group1 mo tu we fr sa su
admin(system.userdb.group)> show groups
List of Group Names :
Groupname : GroupOfAdmins
Guest Group : NO
VanId : 1
Start Time : 0000
Expiry Time : 2359
Access on Days : All
Groupname : GroupOfLevel1Users
Guest Group : NO
VanId : 1
Start Time : 0730
Expiry Time : 2230
Access on Days : Mo Tu We Fr Sa Su
System CLI Commands Reference 4-101
Groupname : g1
Guest Group : NO
VanId : 10
Start Time : 0000
Expiry Time : 2359
Access on Days : All
Groupname : g2
Guest Group : NO
VanId : 6
Start Time : 0600
Expiry Time : 2000
Access on Days : Weekdays
Groupname : guests
Guest Group : YES
VanId : 9
Start Time : 0000
Expiry Time : 2359
Access on Days : All
4-102 WS2000 Wireless Switch System Reference Guide
show
System User Database Group Commands
Shows the existing groups.
Syntax
show [groups|users <group>]
Parameters
Groupname : g1
Guest Group : NO
VanId : 1
Start Time : 0000
Expiry Time : 2359
Access on Days : All
Groupname : g2
Guest Group : NO
VanId : 1
Start Time : 0000
Expiry Time : 2359
Access on Days : ALL
Groupname : g3
Guest Group : NO
VanId : 1
Start Time : 0000
Expiry Time : 2359
Access on Days : All
admin(system.userdb.group)>show users g1
List of Users of Group :
Admin
L1User
Related Commands
user
System User Database Commands
Displays the user submenu.
Syntax
admin(system.userdb)> user
admin(system.userdb.user)>
The items available under this command are shown below.
add
System User Database User Commands
Adds a new user to the database.
Syntax
add <userid> <password>
Parameters
add <userid> <password> Adds a user to the database with the ID <userid> and password
<password> (1 8 characters).
Example
admin(system.userdb.user)>add fred fredpass
admin(system.userdb.user)>add joe joepass
admin(system.userdb.user)>add sally sallypa
admin(system.userdb.user)>
List of User Ids :
fred
joe
sally
Related Commands
del
System User Database User Commands
Deletes a user from the database.
Syntax
del <userid>
Parameters
del <userid> Deletes the user with the ID <userid> from the database.
Example
admin(system.userdb.user)>show users
List of User Ids : Guest User :
John NO
Jane NO
Bill NO
Amanda NO
admin(system.userdb.user)>del Bill
admin(system.userdb.user)>show users
List of User Ids : Guest User :
John NO
Jane NO
Amanda NO
Related Commands
clearall
System User Database User Commands
Clears all the users from the local database.
Syntax
clearall
Parameters
None
Example
admin(system.userdb.user)>show users
List of User Ids : Guest User :
John NO
Jane NO
Bill NO
Amanda NO
admin(system.userdb.user)>
admin(system.userdb.user)> clearall
admin(system.userdb.user)>
admin(system.userdb.user)> show users
entries = 0
List of User Ids : Guest User :
No Users
System CLI Commands Reference 4-107
set
System User Database User Commands
Sets the password for a user.
Syntax
set <userid> <password>
Parameters
set <userID> Resets the password for user with <userid> to <password>.
<password>
Example
admin(system.userdb.user)>set fred frednew
Related Commands
show
System User Database User Commands
Shows a list of users and group membership for a particular user.
Syntax
show [groups <userid>|users]
Parameters
Related Commands
guest
System User Database User Commands
Displays the Guest submenu.
Syntax
admin(system.userdb.user)> guest
admin(system.userdb.guest)>
set
System User Database User Commands
Sets the parameters for guest users.
Syntax
set [guest-user|start-date|expiry-date]
Parameters
guest-user Adds the guest user <guest-user> to the guest user group <guest-group>.
<guest-user>
<guest-group>
start-date Sets the start date for a guest user <guest-user>. This is the date and time
<guest-user> combination from when a guest user can access the resources. <date-time> value
<date-time> must be in the MM:DD:YYYY-hh:mm format (02:24:2008-21:06).
expiry-date Sets the date when the guest user account <guest-user> expires. This is the date and
<guest-user> time combination after which the account becomes inactive. <date-time> value must
<date-time> be in the MM:DD:YYYY-hh:mm format (02.24:2008-21:06).
Example
admin(system.userdb.user.guest)> set guest-user guest1 GroupOfGuestUsers
admin(system.userdb.user.guest)> show users
show
System User Database User Commands
Displays information for guest users and guest user groups.
Syntax
show [groups|users]
Parameters
clear
System User Database User Commands
Clears all guest user and guest user groups from the local database.
Syntax
clear [guest-group|guest-user]
Parameters
WS2000
system
Displays the WS 2000 submenu.
Syntax
admin(system)> ws2000
admin(system.ws2000)>
add
System WS2000 Commands
Adds a device that is allowed administrative access to the switch over WLAN.
Syntax
add administrator <ip>
Parameters
add administrator Adds the device specified by <ip> as an administrator for this device.
<ip>
Example
admin(system.ws2000)> add administrator 192.168.0.10
admin(system.ws2000)>
System CLI Commands Reference 4-115
delete
System WS2000 Commands
Removes a device that is allowed administrative access to the switch over WLAN.
Syntax
delete administrator [<ip>|all]
Parameters
delete administrator Removes the specified device that is allowed administrative access of the
[<ip>|all] switch from WLAN .
<ip> Removes the device specified by <ip>.
all Removes all devices
Example
admin(system.ws2000)> delete administrator 192.168.0.10
admin(system.ws2000)> delete administrator all
admin(system.ws2000)>
4-116 WS2000 Wireless Switch System Reference Guide
restart
System WS2000 Commands
Restarts the WS 2000 Wireless Switch.
Syntax
restart
Parameters
None
Example
admin(system.ws2000)>restart
Restarting system.
...
Login:
System CLI Commands Reference 4-117
set
System WS2000 Commands
Sets WS 2000 system parameters.
Syntax
set [airbeam|ftp|ssh|applet|cc|cli|email|loc|name|domain-name|snmp|
timeout|limited-access|dns-ip]
Parameters
airbeam mode <mode> Enables or disables airbeam access. <mode> can be one of enable or disable.
airbeam passwd Sets the airbeam password to <passwd> (139 characters).
<passwd>
airbeam logging Sets the logging mode for airbeam access.<mode> can be one of enable or
<mode> disable.
applet Configures access to the applet.
[lan|wan|slan|swan] lan mode <mode> Enables/disables http applet access from LAN.
[mode <mode>|
wlan mode <mode> Enables/disables http applet access from WAN.
logging <mode>]
slan mode <mode> Enables/disables https applet access from LAN.
swan mode <mode> Enables/disables https applet access from WAN.
<mode> can be one of enable or disable.
logging <mode> Enables/disables logging for each access type.
cc <country-code> Sets the WS2000 two-letter country code to <country-code>.
4-118 WS2000 Wireless Switch System Reference Guide
admin(system.ws2000)>
4-120 WS2000 Wireless Switch System Reference Guide
show
System WS2000 Commands
Shows WS 2000 system information.
Syntax
show all
Parameters
None
Example
admin(system.ws2000)>show all
admin(system.ws2000)>
System CLI Commands Reference 4-121
cf
system
Displays the CF submenu.
Syntax
admin(system)> cf
admin(system.cf)>
ls
System CF commands
Displays the CF cards contents.
Syntax
ls {<directory-name>}
Parameters
ls <directory-name> Lists the contents of the CF card. The <directory-name> parameter is optional.
Example
admin(system.cf)> ls
.
..
mf12.bin
mf_02020200003R.bin
admin(system.cf)>
admin(system.cf)>
System CLI Commands Reference 4-123
http
system
Displays the http submenu.
Syntax
admin(system)> http
admin(system.http)>
import
System HTTP commands
Imports Secured HTTP self certificates.
Syntax
import self <cert-id>
Parameters
import self <cert-id> Imports the Secured HTTP Self Certificate identified by the ID <cert-id>.
Example
admin(system.http)> import self 1
System CLI Commands Reference 4-125
show
System HTTP commands
Displays all Secure HTTP certificates on this device.
Syntax
show all
Parameters
None
Example
admin(system.http)> show all
admin(system.http)>
4-126 WS2000 Wireless Switch System Reference Guide
test
system
Displays the test submenu.
Syntax
admin(system)> test
admin(system.test)>
set
System Test Commands
Configures the different test parameters.
Syntax
set flow
hbt
wd
pmd
rs
wme
padding
parp
sip-portcheck
weighted-wme
int1
hosts
mu_limit
int4
str1
str2
str3
str4
interval
4-128 WS2000 Wireless Switch System Reference Guide
show
System Test Commands
Displays the test parameters.
Syntax
show all
Parameters
None
Example
admin(system.test)> show all
admin(system.test)>show all
int1 : 00006C06
max lan hosts : 200
max clients/Portal : 64
int4 : 00000000
str1 :
str2 :
str3 :
str4 :
Statistics Commands
Statistics commands are used to view the different statistical information of the WS2000 Wireless Switch.
5.1 stats
Admin Menu Commands
Use the stats command to go to the Stats menu
admin>stats
admin(stats)>
show
stats
Displays the system status and statistics for either the specified subnet or the WAN.
Syntax
show [leases|subnet|wan|stp|ips]
show leases
show subnet <idx>
show wan
show stp <idx>
show ips [global-stats|category-stats]
show ips global-stats
show ips category-stats <category-name>
Parameters
tx overruns : 0
tx carrier errors : 0
Port 1
link status : up
speed : 100 Mbps
Port 2
link status : up
speed : 100 Mbps
Port 3
link status : down
Port 4
link status : down
Port 5
link status : down
Port 6
link status : down
WLAN Interfaces
wlans : wlan1
rf
stats
Displays the RF statistics submenu.
Syntax
admin(stats)> rf
admin(stats.rf)>
reset
Statistics RF Commands
Resets/clears all RF statistics.
Syntax
reset
Parameters
None
Example
admin(stats.rf)>reset
admin(stats.rf)>
Statistics Commands 5-7
show
Statistics RF Commands
Shows radio frequency (RF) statistics.
Syntax
show [all|wlan|ap|mu|mesh-base|mesh-client|total]
Syntax:
Index : 2
Name : WLAN2
Status : Disabled
Index : 3
Name : WLAN3
Status : Disabled
Index : 4
5-8 WS2000 Wireless Switch System Reference Guide
Name : WLAN4
Status : Disabled
Index : 5
Name : WLAN5
Status : Disabled
Index : 6
Name : WLAN6
Status : Disabled
Index : 7
Name : WLAN7
Status : Disabled
Index : 8
Name : WLAN8
Status : Disabled
admin(stats.rf)>show wlan 1
Name : WLAN1
ESSID : 101
Subnet : Subnet1
Adopted APs : 2
Number of Associated MUs : 0
admin(stats.rf)>show all ap
ap index : 1
ap status : not connected
ap index : 2
ap status : connected
ap index : 3
ap status : not connected
ap index : 4
ap status : not connected
ap index : 5
ap status : not connected
ap index : 6
ap status : not connected
Statistics Commands 5-9
ap index : 7
ap status : not connected
ap index : 8
ap status : not connected
ap index : 9
ap status : not connected
ap index : 10
ap status : not connected
ap index : 11
ap status : not connected
ap index : 12
ap status : not connected
admin(stats.rf)>show ap 2
Name : AP2
Location :
Radio Type : 802.11 B
Current Channel : 1
Adopted By : WLAN1
Number of Associated Mus : 0
72E-121351-01 Revision A
February 2009