WS2000 CRG 72e-121351-01 Reva en PDF

M
WS2000 Wireless Switch

CLI Reference Guide
2009 Motorola, Inc. All rights reserved.
MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. Symbol is a registered
trademark of Symbol Technologies, Inc. All other product or service names are the property of their respective owners.
Contents
Chapter 1: Product Overview

1.1 WS2000 Wireless Switch CLI Reference Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
1.2 System Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4
1.3 Hardware Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5
1.4 Software Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7
Chapter 2: Admin and Common Commands

2.1 Common Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2
? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3
help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4
quit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5
save . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6
.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7
/ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8
2.2 Admin Menu Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9
passwd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-10
summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11
Chapter 3: Network CLI Commands Reference

3.1 network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
3.2 Network AP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3
ap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4
copydefaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6
forget . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7
list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8
remap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9
reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10
revert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-11
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-15
3.3 Network AP Default Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17
default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-18
loadfromcf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-20
TOC-2 WS2000 Wireless Switch CLI Reference Guide
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-21
3.4 Network AP Test Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22
test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22
new . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-23
3.5 Network AP Selfheal commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24
selfheal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-25
detect-neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-26
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-27
del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-28
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-29
3.6 Network AP Denyap Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-30
denyap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-30
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-31
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-32
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-33
3.7 Network AP Smartscan Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-34
smartscan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-34
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-35
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-36
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-37
3.8 Network AP Test Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-38
test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-38
new . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-39
3.9 Network AP Mesh Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-40
mesh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-40
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-41
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-43
del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-44
preferred-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-45
available-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-46
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-47
3.10 Network DCHP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-48
dhcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-48
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-49
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-50
3.11 Network Firewall Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-51
fw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-51
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-52
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-54
timeradd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-55
timerdel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-56
timerlist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-57
timerset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-58
3.12 Network Firewall Intrusion Prevention System Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-59
ips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-59
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-60
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-62
TOC-3
3.13 Network Firewall Policy Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-63

policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-63
import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-64
3.14 Network Firewall Policy Inbound Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-65
inbound . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-65
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-66
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-67
insert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-68
list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-69
move . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-70
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-71
3.15 Network Firewall Policy Outbound Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-72
outbound . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-72
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-73
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-74
insert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-75
list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-76
move . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-77
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-78
3.16 Network Firewall Submap Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-79
submap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-79
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-80
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-82
list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-83
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-84
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-85
3.17 Network LAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-86
lan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-86
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-87
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-89
updateDNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-90
updateAllDNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-91
3.18 Network LAN DHCP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-92
dhcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-92
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-93
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-94
list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-95
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-96
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-98
renew . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-99
3.19 Network LAN Bridge commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-100
bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-100
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-101
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-103
3.20 Network QoS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-104
qos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-104
clear . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-105
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-106
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-107
3.21 Network Router Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-108
router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-108
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-109
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-110
list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-111
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-112
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-113
3.22 Network VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-114
vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-114
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-115
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-116
3.23 Network WAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-117
wan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-117
renew . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-118
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-119
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-121
3.24 Network WAN App Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-122
app . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-122
addcmd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-123
delcmd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-125
list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-127
3.25 Network WAN DynDNS Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-128
dyndns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-128
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-129
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-130
update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-131
3.26 Network WAN L2TPVPN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-132
l2tpvpn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-132
show-connected-users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-133
3.27 Network WAN L2TPVPN LNS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-134
lns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-134
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-135
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-137
3.28 Network WAN L2TPVPN Users Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-138
users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-138
add-user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-139
delete-user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-140
delete-all-users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-141
show-user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-142
show-all-users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-143
3.29 Network WAN TrunkIPFPolicy Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-144
trunkipfpolicy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-144
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-145
del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-146
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-147
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-148
TOC-5
3.30 Network WAN NAT Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-149

nat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-149
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-150
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-151
list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-152
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-153
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-154
3.31 Network WAN VPN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-155
vpn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-155
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-156
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-157
ikestate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-158
list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-159
reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-160
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-161
stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-166
3.32 Network WAN VPN Cmgr Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-167
cmgr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-167
delca . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-168
delprivkey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-169
delself . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-170
expcert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-171
export-req . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-172
genreq . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-173
3.33 Network WAN VPN Cmgr impcert Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-174
impcert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-174
listca . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-175
listprivkey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-176
listself . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-177
loadca . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-178
loadself . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-179
showreq . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-180
3.34 Network WLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-181
wlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-181
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-182
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-183
list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-184
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-185
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-190
3.35 Network WLAN Rogue AP Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-192
rogueap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-192
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-193
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-194
3.36 Network WLAN Rogue AP Approvedlist Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-195
approvedlist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-195
ageoute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-196
approve . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-197
erase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-198
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-199
3.37 Network WLAN Rogue AP Roguelist Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-200
roguelist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-200
ageout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-201
approve . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-202
erase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-203
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-204
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-205
deauth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-206
3.38 Network WLAN Rogue AP Rogue List Locate Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-207
locate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-207
list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-208
start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-209
3.39 Network WLAN Rogue AP Rogue List MU Scan Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-210
muscan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-210
list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-211
start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-212
3.40 Network WLAN Rogue AP Rule List Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-213
rulelist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-213
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-214
authsymbolap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-215
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-216
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-217
3.41 Network WLAN Enhanced Rogue AP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-218
enhancedrogueap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-218
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-219
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-220
3.42 Network WLAN MU Probe Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-221
muprobe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-221
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-222
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-223
3.43 Network WLAN Hotspot Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-224
hotspot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-224
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-225
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-227
import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-228
3.44 Network WLAN Hotspot RADIUS commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-229
radius . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-229
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-230
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-231
3.45 Network WLAN Hotstpot White-list Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-233
white-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-233
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-234
clear . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-235
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-236
3.46 Network WLAN WLAN IP Fiter Policy Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-237
wlanipfpolicy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-237
TOC-7
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-238
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-239
del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-240
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-241
3.47 Network Port Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-242
port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-242
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-243
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-244
3.48 Network IP Filter Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-245
ipfilter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-245
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-246
del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-247
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-248
3.49 Network WIPS Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-249
wips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-249
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-250
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-251
list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-252
convert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-253
revert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-254
update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-255
3.50 Network WIPS Default commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-256
defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-256
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-257
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-258
3.51 Network WIDS Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-259
wids . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-259
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-260
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-261
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-265
3.52 Network URL Filter Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-266
urlfilter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-266
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-267
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-268
3.53 Network URL Filter Keyword Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-269
keyword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-269
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-270
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-271
removeall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-272
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-273
3.54 Network URL Filter White list Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-274
whitelist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-274
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-275
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-276
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-277
3.55 Network URL Filter Black List Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-278
blacklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-278
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-279
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-280
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-281
3.56 Network URL Filter Trusted IP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-282
trustip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-282
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-283
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-284
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-285
Chapter 4: System CLI Commands Reference

4.1 system. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
lastpw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2
exec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3
4.2 System Authentication Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4
authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-5
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6
4.3 System Authentication RADIUS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7
radius . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9
4.4 System Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-10
config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-10
default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-11
export . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12
import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-14
partial . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-15
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-18
update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-19
sensor-fw-update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-20
loadtocf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-21
4.5 System Logs Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-22
logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-22
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-23
send . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-24
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-25
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-26
view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-27
4.6 System NTP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-28
ntp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-28
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-29
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-30
date-zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-31
zone-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-32
4.7 System RADIUS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-33
radius . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-33
generate-dh-param . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-34
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-35
TOC-9
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-36
4.8 System RADIUS Client Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37
client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-37
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-38
del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-39
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-40
4.9 System RADIUS EAP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-41
eap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-41
import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-42
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-43
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-44
4.10 System RADIUS EAP PEAP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-45
peap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-45
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-46
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-47
4.11 System RADIUS EAP TTLS Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-48
ttls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-48
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-49
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-50
4.12 System RADIUS LDAP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-51
ldap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-51
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-52
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-54
import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-55
join . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-56
4.13 System RADIUS Policy Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-57
policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-57
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-58
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-59
4.14 System RADIUS Proxy Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-60
proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-60
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-61
del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-62
clearall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-63
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-64
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-65
4.15 System Redundancy Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-66
redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-66
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-67
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-69
4.16 System SNMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-70
snmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-70
4.17 System SNMP Access Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-71
access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-71
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-72
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-74
list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-76
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-77
4.18 System SNMP Traps Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-78
traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-78
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-79
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-81
list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-82
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-83
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-87
4.19 System SSH Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-89
ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-89
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-90
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-91
4.20 System User Database Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-92
userdb . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-92
4.21 System User Database Group Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-93
group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-93
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-94
create . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-95
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-96
clearall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-98
remove . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-99
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-100
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-102
4.22 System User Database User Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-103
user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-103
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-104
del . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-105
clearall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-106
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-107
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-108
4.23 System User Database User Guest commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-109
guest . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-109
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-110
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-111
clear . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-112
4.24 System WS2000 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-113
WS2000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-113
add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-114
delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-115
restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-116
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-117
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-120
4.25 System CF commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-121
cf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-121
ls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-122
4.26 System HTTP commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-123
http . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-123
import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-124
TOC-11
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-125
4.27 System Test Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-126
test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-126
set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-127
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-128
Chapter 5: Statistics Commands

5.1 stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1
5.2 Stats Show Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2
5.3 Statistics RF Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5
rf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5
reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6
show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7
Product Overview
1.1 WS2000 Wireless Switch CLI Reference Guide
This guide is intended to support administrators responsible for understanding, configuring and maintaining
the Wireless Switch. This document provides information for the system administrator to use the command
line interface during the initial setup and configuration of the system. It also serves as a reference guide for
the administrator to use while updating or maintaining the system.
1.1.1 About this Document

This document contains information on all command that configure the WS2000 Wireless Switch. To view
the command syntax and a brief help on each command on your WS2000 Wireless Switch console, use the
following syntax:
admin> <command> ?
We recommend viewing this Command Line Reference Guide with Adobe Acrobat 5.0 or higher.
1-2 WS2000 Wireless Switch CLI Reference Guide
1.1.2 Document Conventions

Notes and Warnings
NOTE: Indicates special tips or requirements
CAUTION: Indicates a condition that can cause equipment damage or data loss
WARNING! Indicates a condition or procedure that could result in personal injury or equip-
ment damage
CLI Conventions
command / keyword The first word is always a command. Keywords are words that must be entered
as is. Commands and keywords are mandatory.
For example, the command,
admin(network.wan)> show ip 1
is documented as
show ip <idx>
where:
show The command
ip The keyword
<variable> Variables are described with a short description enclosed within a < and a >
pair.
For example, the command,
admin(network.wan)> show ip 1
is documented as
show ip <idx>
where:
show The command Display information.
ip The keyword The IP address
<idx> The variable WAN Index value.
Product Overview 1-3
| The pipe symbol. This is used to separate the variables/keywords in a list.

For example, the command
admin(network.wan.vpn)> set .....
is documented as
set [ike|type|sub|remip|......]
where:
set The command
[ike|type|sub|remip|...] Indicates the different commands that can be combined with
the set command. However, only one of the above list can be used at a time.
set ike ...
set type ...
set sub ...
set remip ...
[] Of the different keywords and variables listed inside a [ & ] pair, only one can
be used. Each choice in the list is separated with a | (pipe) symbol.
admin(network.wan)> show ...
is documented as
show [ip|pppoe]
where:
show The command
[ip|pppoe] Indicates that two keywords are available for this command and only one
can be used at a time
{} Any command/keyword/variable or a combination of them inside a { & } pair
is optional. All optional commands follow the same conventions as listed
above. However they are displayed italicized.
admin(network.wan.vpn)> list ....
is documented as
list {<name>}
Here:
list The command. This command can also be used as
list
{<name>} The optional variable <name>.. The command can also be extended as
list vpn_tunnel_01
Here the value vpn_tunnel_01 is an optional tunnel name.
values Values to be entered as shown in Blue.
admin(network.wan)> show ip ....
is documented as
show ip <idx>
This commands parameter <idx> is described as under:
<idx> <idx> (1-8) is the Wlan Index.
1.2 System Overview

The WS2000 Wireless Switch provides a low-cost, feature-rich option for sites with one to six Access Ports.
The WS2000 Wireless Switch works at the center of a networks infrastructure to seamlessly and securely
combine wireless LANs (WLANs) and wired networks. The switch sits on the network. Wireless Access Ports
connect to one of the six available ports on the switch and the external wired network (WAN) connects to a
single 10/100 Mbit/sec. WAN port.
Mobile units (MUs) associate with the switch via an Access Port. When an MU contacts the switch, the
switch cell controller services attempt to authenticate the device for access to the network.
The WS2000 Wireless Switch acts as a WAN/LAN gateway and a wired/wireless switch.
1.2.1 Management of Access Ports

This wireless switch provides six 10/100 Mbit/sec. LAN ports for internal wired or wireless traffic. Four of
these ports provide IEEE 802.3af-compliant Power over Ethernet (PoE) support for devices that require power
from the Ethernet connection (such as Access Ports). Administrators can configure the six ports to
communicate with a private LAN or with an Access Port for a wireless LAN (WLAN). The switch provides up
to four extended service set identifiers (ESSIDs) for each Access Port connected to the switch.
1.2.1.1 Firewall Security

The LAN and Access Ports are placed behind a user-configurable firewall that provides stateful packet
inspection. The wireless switch performs network address translation (NAT) on packets passing to and from
the WAN port. This combination provides enhanced security by monitoring communication with the wired
network.
1.2.1.2 Wireless LAN (WLAN) Security

Administrators can configure security settings independently for each ESSID. Security settings and protocols
available with this switch include:
Kerberos
WEP-64
WEP-128
802.1x with RADIUS
802.1x with Shared Key
KeyGuard
WPA/WPA2-TKIP
WPA2/CCMP (802.11i)
1.2.1.3 VPN Security

Virtual Private Networks (VPNs) are IP-based networks that use encryption and tunneling to give users
remote access to a secure LAN. In essence, the trust relationship is extended from one LAN across the public
network to another LAN, without sacrificing security. A VPN behaves similarly to a private network; however,
because the data travels through the public network, it needs several layers of security. The WS2000
Wireless Switch acts as a robust VPN gateway.
1.3 Hardware Overview

The WS2000 Wireless Switch provides a fully integrated solution for managing every aspect of connecting
wireless LANs (WLANs) to a wired network. This wireless switch can connect directly to a cable or DSL
modem, and can also connect to other wide area networks through a Layer 2/3 device (such as a switch or
router). The switch includes the following features:
One WAN (RJ-45) port for connection to a DSL modem, cable modem, or any other Layer 2/3 network
device.
Six 10/100 Mbit/sec. LAN (RJ-45) ports: four ports provide 802.3af Power over Ethernet (PoE) support;
the other two do not provide power.
Each port has two LEDs, one indicating the speed of the transmission (10 or 100 Mbit/sec.), the other
indicating whether there is activity on the port. The four LAN ports with PoE have a third LED that
indicates whether power is being delivered over the line to a power device (such as an Access Port). (See
the WS 2000 Wireless Switch LED explanation for more information on the meaning of the different state
of the LEDs.)
A DB-9 serial port for direct access to the command-line interface from a PC. Use Symbols Null-Modem
cable (Part No. 25-632878-0) for the best fitting connection.
A CompactFlash slot that provides AirBEAM support.
1.3.1 Technical Specifications

1.3.1.1 Physical Specifications
Width: 203 mm
Height: 38 mm
Depth: 286 mm
Weight: 0.64 kg
1.3.1.2 Power Specifications

Maximum Power Consumption: 90-256 VAC, 47-63 Hz, 3A
Operating Voltage: 48 VDC
Operating Current: 1A
Peak Current: 1.6A
1.3.1.3 Environmental Specifications

Operating Temperature: 0C to 40C
Storage Temperature: -40C to 70C
Operating Humidity: 10% to 85% Non-condensing
Storage Humidity: 10% to 85% Non-condensing
Operating Altitude: 2.4 Km
Storage Altitude: 4.6 km
1.3.2 WS 2000 Wireless Switch LED Functions

The switch has a large blue LED on the right front that indicates that the switch is powered on.
Each port on the WS 2000 Wireless Switch has either two or three LEDs that indicate the status of the port.
Ports 1-4, which supply 802.3af Power over Ethernet (PoE), have three LEDs. The remaining two non-powered
LAN ports and the WAN port have two LEDs.
Location Function
Upper left LED This LED is present on all ports and indicates the speed of the transmissions through
the port. The LED is on when the transmission rate is 100 Mbit per second (100BaseT).
The light is off when the transmission rate is 10 Mbit per second.
Upper right LED This LED indicates activity on the port. This light is solid yellow when a link to a device
is made. The light flashes when traffic is being transferred over the line.
Lower LED This LED is only present on Ports 1-4. These ports provide 802.3af Power over Ethernet
(PoE) support to devices (such as Access Ports). The LED has several states:
OFFA non-power device (or no device) is connected; no power is being delivered.
GREENThe switch is delivering 48 volts to the power device connected to that port.
REDThere was a valid PoE connection; however, the switch has detected that the
power device is faulty. The red light will remain until a non-faulty connection is made
to the port.
1.4 Software Overview

The WS2000 Wireless Switch software provides a fully integrated solution for managing every aspect of
connecting Wireless LANs (WLANs) to a wired network, and includes the following components:
1.4.1 Operating System (OS) Services

Operating System (OS) Services determine how the WS2000 Wireless Switch communicates with existing
network and operating system-centric software services, including:
Dynamic Host Configuration Protocol (DHCP)
Telnet and File Transfer Protocol (FTP/TFTP) servers
The Simple Network Time Protocol (SNTP) client, used to keep switch time synchronized for Kerberos
authentication
A mechanism for setting up a redundant (secondary) switch that takes over if the primary switch fails
1.4.2 Cell Controller Services

The Cell Controller provides the ongoing communication between mobile units (MUs) on the Wireless LAN
(WLAN) and the wired network. Cell Controller services perform the following:
Initialize the Access Ports
Maintain contact with Access Ports by sending a synchronized electronic heartbeat at regular intervals
Track MUs when they roam from one location to another
Manage security schemes based on system configuration
Maintain system statistics
Store policies and Access Port information
Detect and manage rogue Access Ports
Management of communications QoS
1.4.3 Gateway Services

Gateway services provide interconnectivity between the Cell Controller and the wired network, and include
the following:
System management through a Web-based Graphical User Interface (GUI) and SNMP
802.1x RADIUS client
Security, including Secure Sockets Layer (SSL) and Firewall
Network Address Translation (NAT), DHCP services, and Layer 3 Routing
Virtual Private Network (VPN)
Admin and Common Commands
The term Common Commands is used to indicate that these commands are available through the WS2000
Wireless Switchs CLI. These commands provide easy access to help, navigation, and to save configuration
changes.
This chapter also lists of commands available at the admin menu.
Common Commands
Admin Menu Commands
2-2 WS2000 Wireless Switch System Reference Guide
2.1 Common Commands

The following commands are available through the WS2000 CLI.
Command Description Ref.

? Displays the list of commands in the current menu. page 2-3
help Displays general user interface help. page 2-4
save Saves the configuration to the system flash. page 2-6
quit Quits the CLI. page 2-5
.. Goes to the parent menu. page 2-7
/ Goes to the root menu. page 2-8
Admin and Common Commands 2-3
2.1.1 ? Command
?
Common Commands
Displays the commands available under the admin menu.
Syntax
?
Parameters
None
Example
admin> ?
admin>?
help : display general user interface help

passwd : change password
summary : show system summary
network : go to network sub menu
stats : go to stats sub menu
system : go to system sub menu
save : save cfg to system flash
quit : quit cli
.. : go to parent menu
/ : go to root menu
2.1.2 help Command
help
Common Commands
Displays general CLI user interface help.
Syntax
help
Parameters
None
Example
admin>help
? : display command help - Eg. ?, show ?, s?

<ctrl-q> : go backwards in command history
<ctrl-p> : go forwards in command history
* Note : commands can be incomplete - Eg. sh = sho = show
2.1.3 quit Command
quit
Common Commands
Quits the command line interface. Requires you to logon again.
This command appears in all the submenus under admin menu. In each case, it has the same function, to exit
out of the CLI.
Syntax
quit
Parameters
None
Example
admin>quit
2.1.4 save Command
save
Common Commands
Saves the configuration to system flash.
This command appears in all of the submenus under admin. In each case, it has the same function, to save
the configuration. The save command must be issued before leaving the CLI for the settings to be retained.
Syntax
save
Parameters
none
Example
admin> save
admin>
2.1.5 .. Command
..
Common Commands
Displays the parent menu of the current menu.
This command appears in all of the submenus under admin. In each case, it has the same function, to move
up one level in the directory structure.
Syntax
..
Parameters
None
Example
admin(network.ap) ..
admin(network)
admin(network) ..
admin>
2.1.6 / Command
/
Common Commands
Displays the root menu, that is, the top-level CLI menu.
This command appears in all of the submenus under admin. In each case, it has the same function, to move
up to the top level in the directory structure.
Syntax
/
Parameters
None
Example
admin(network.wan.nat)> /
admin>
2.2 Admin Menu Commands

The following commands are only available at the admin menu.

passwd Changes the admin password. page 2-10
summary Displays a system summary. page 2-11
network Goes to the network menu. page 3-1
system Goes to the system menu. page 4-1
stats Goes to the statistics menu. page 5-1
2.2.1 passwd Command
passwd
Admin Menu Commands
Changes the password for the administrative logins - admin, guest-admin, and manager.
Syntax
passwd [admin|manager|guest-admin]
Parameters
passwd Passwords for the Administrator, Guest-admin, and Manager accounts

[admin|manager|guest-admin] can be changed.
To change password, type the old password once and the new password
twice at their respective prompts. Passwords can be up to 11 characters.
Example:
admin>passwd admin
Old Admin Password:******

New Admin Password:******
Verify Admin Password:******
2.2.2 summary Command
summary
Admin Menu Commands
Displays system summary for the WS2000 Wireless Switch. The information displayed includes high-level
characteristics and settings for WAN, subnet, and WLAN.
Syntax
summary
Parameters
None
Example
admin> summary
System Information
WS2000 firmware version : 2.4.0.0-005X

country code : us
WLAN 1 Information
ess identifier : Bharat

wlan mode : enable
vlan_id : 1
enc type : none
auth type : none
WLAN 2 Information
ess identifier : 102

wlan mode : disable
vlan_id : 2
enc type : none
auth type : none
WLAN 3 Information

wlan mode : disable
vlan_id : 3
enc type : none
auth type : none
WLAN 4 Information

wlan mode : disable
vlan_id : 4
enc type : none
auth type : none
WLAN 5 Information

wlan mode : disable
vlan_id : 5
enc type : none
auth type : none
WLAN 6 Information

wlan mode : disable
vlan_id : 6
enc type : none
auth type : none
WLAN 7 Information

wlan mode : disable
vlan_id : 7
enc type : none
auth type : none
WLAN 8 Information

wlan mode : disable
vlan_id : 8
enc type : none
auth type : none
Subnet 1 Information
subnet interface : enable

ip address : 192.168.0.50
network mask : 255.255.255.0
dhcp mode : server
default gateway : 192.168.0.50
ports : port1 port2 port3 port4 port5 port6
wlan : wlan1
subnet interface : disable

ip address : 192.168.1.1
network mask : 255.255.255.0
dhcp mode : server
ports :
wlan : wlan2

ip address : 192.168.2.1
network mask : 255.255.255.0
dhcp mode : server
ports :
wlan : wlan3

ip address : 192.168.3.1
network mask : 255.255.255.0
dhcp mode : server
ports :
wlan : wlan4

ip address : 192.168.4.1
network mask : 255.255.255.0
dhcp mode : server
ports :
wlan :

ip address : 192.168.5.1
network mask : 255.255.255.0
dhcp mode : server
ports :
Network CLI Commands Reference
Network commands are used to configure the different network parameters of the WS2000 Wireless Switch.
3.1 network
Admin Menu Commands
Use the network command to go the Network menu.
admin> network
admin(network)>
The following commands are available under the Network menu:

ap Goes to the Access Port Submenu. page 3-3
dhcp Goes to the DHCP Submenu page 3-48
fw Goes to the Firewall Submenu page 3-51
ipfilter Goes to the IP Filter Submenu page 3-245
lan Goes to the LAN Submenu page 3-86
port Goes to the Port Submenu page 3-242
qos Goes to the QOS Submenu page 3-104
router Goes to the Router Submenu page 3-108
urlfilter Goes to the URL Filter Submenu page 3-266
vlan Goes to the VLAN Submenu page 3-114
wan Goes to the WAN Submenu page 3-117
wids Goes to the WIDS Submenu page 3-259
wips Goes to the WIPS Submenu page 3-249
wlan Goes to the WLAN Submenu page 3-181
save Saves the configuration to system flash page 2-6
quit Quits the CLI page 2-5
.. Goes to the parent menu page 2-7
/ Goes to the root menu page 2-8
Network CLI Commands Reference 3-3
3.2 Network AP Commands
ap
network
Displays the Access Port submenu. The functionality provided by this menu is supplied by various screen
under the Wireless menu item of the Web interface.
Syntax
admin(network)> ap
admin(network.ap)>
The items available under this command are shown below.
Command Description Ref

add Adds entries to the Access Port adoption list. page 3-4
copydefaults Copies default AP settings to a connected AP. page 3-5
default Goes to the default submenu. page 3-17
delete Deletes entries from the Access Port adoption lists. page 3-6
denyap Goes to the Deny AP submenu page 3-30
forget Forgets AP parameters page 3-7
list Lists entries in the Access Port adoption list. page 3-8
mesh Goes to the Mesh submenu page 3-40
remap Remaps channels for the AP in auto mode. page 3-9
reset Resets an Access Port. page 3-10
revert Reverts AP to Access Point (AP4131 or AP4121) page 3-11
selfheal Goes to the Self-heal submenu page 3-24
set Sets Access Port parameters. page 3-12
show Shows Access Port parameters. page 3-15
smartscan Goes to the Smart scan submenu page 3-34
test Goes to the test submenu. page 3-38
3.2.1 Network AP add Command
add
Network AP Commands
Adds entries to the Access Port adoption list. This allows the Access Ports with the MAC addresses specified
in the command to associate with the specified WLAN.
Performs functionality available in the Access Port Adoption List area of the Wireless screen.
Syntax
add <idx> <mac1> <mac2>
Parameters
<idx> The WLAN ID (1-8)

<mac1> The starting mac address for the range
<mac2> The last mac address in the range
Example
admin(network.ap)> add 1 00A0F8BFE9B0 00A0F8BFE9B0
admin(network.ap)list 1
admin(network.ap)>list 1
-------------------------------------------------------------------
index start mac end mac
-------------------------------------------------------------------
1 00A0F8BFE9B0 00A0F8BFE9B0
2 001570165200 001570165200
3 00A0F8B54D68 00A0F8B54D68
4 00A0F8BFEE3C 00A0F8BFEE3C
admin(network.ap)>
Related Commands
delete Removes the MAC address range from the adoption list for the specified WLAN.
list Displays entries in the Access Port adoption list.
3.2.2 Network AP copydefaults Command
copydefaults
Network AP Commands
Copies default Access Port settings to a connected Access Port.
In the Web interface, the defaults are set on the Wireless, default AP screens (one for each radio type).
Syntax
copydefault <idx>
Parameters
<idx> The id of the AP to copy the defaults to

Example
admin(network.ap)>copydefaults 1
admin(network.ap)>
Related Commands
network.ap.default)> Lists the current default settings for a selected Access Port type.
show default
show status Lists the index numbers for all currently connected Access Ports.
show ap Gets information about a particular Access Port.
3.2.3 Network AP delete Command
delete
Network AP Commands
Deletes entries from the Access Port adoption list. In the Web interface, this functionality is found on the
Wireless screen in the Access Port Adoption list area.
Syntax
delete <idx> [<entry>|all]
Parameters
<idx> [<entry>|all] Deletes an entry in the Access Port adoption list as specified by <entry>, which is
the number listed in the adopted list (use the list command) for WLAN <idx>
(1-8).
all indicates deleting all the adoption list entries.
Example
The following example first lists out the adoption list entries for WLAN 1, deletes the second entry for WLAN
1, and finally displays the list for WLAN 1 showing that the entry has been deleted.
-------------------------------------------------------------------------
-------------------------------------------------------------------------
1 000000000000 00306542B965
2 004000000000 005000000000
admin(network.ap)>delete 1 2
-------------------------------------------------------------------------
-------------------------------------------------------------------------
1 000000000000 00306542B965
Related Commands
add Adds entries to the adoption list.

list Lists entries in the Access Port adoption list.
3.2.4 Network AP forget Command
forget
Network AP Commands
Forgets the AP parameters at a particular index specified by the <idx> value.
Syntax
forget [<idx>|all]
Parameters
<idx>|all <idx> The index to remove the AP parameters.

all Removes all AP parameters from all the indices in the AP adoption list.
Example
The following syntax shows the forget command.
admin(network.ap)>forget 1
admin(network.ap)>save
3.2.5 Network AP list Command
list
Network AP Commands
Displays entries in the Access Port adoption list for a specified wireless LAN.
Syntax
list <idx>
Parameters
<idx> Lists the Access Port adoption entries for WLAN <idx> (1-8).
Example
The following example shows the access port adoption list for WLAN 1.
----------------------------------------------------------------------
----------------------------------------------------------------------1
2 001570165200 001570165200
3 00A0F8B54D68 00A0F8B54D68
Related Commands
add Adds entries to the adoption list.

delete Deletes entries from the adoption list.
3.2.6 Network AP remap Command
remap
Network AP Commands
Remaps the channels for a radio at index specified by <idx>.
Syntax
remap [<idx>|all]
Parameters
<idx>|all <idx> Remaps all channels for a radio specified by the index <idx>
all Remaps all channels for all the radios in auto channel selection mode.
Example
--------------------------------------------
--------------------------------------------
2 001570165200 001570165200
3 00A0F8B54D68 00A0F8B54D68
admin(network.ap)>remap 3
3.2.7 Network AP reset Command
reset
Network AP Commands
Resets an Access Port.
Syntax
reset ap <idx>
Parameters
ap <idx> <idx> Resets the Access Port with index <idx> in the Access Port Adoption list.
Example
---------------------------------------
---------------------------------------
2 001570165200 001570165200
3 00A0F8B54D68 00A0F8B54D68
admin(network.ap)>reset ap 2
admin(network.ap)>
3.2.8 Network AP revert Command
revert
Network AP Commands
Reverts an Access Port to an Access Point (Only on AP4131 or AP4121).
Syntax
revert ap <idx>
Parameters
ap <idx> <idx> Reverts the Access Port with index <idx> to an Access Point. Only on
AP4131 and AP 4121.
Example
admin(network.ap)>revert ap 1
admin(network.ap)>
3.2.9 Network AP set Commands
set
Network AP Commands
Sets Access Port parameters.
Syntax
set [beacon|ch_mode|div|dtim|loc|name|primary|rate|
reg|rts|short-pre|802.1x|ap_scan|mac|radio_type|
ap_type|sip_cac_mode|allowed_sip_session]
Parameters
beacon intvl Sets the beacon interval for Access Port <idx> (112) to <interval> in K-us (50
<idx> <interval> 200).
ch_mode <idx> Sets the channel mode for Access Port <idx> (112) to fixed, random or auto.
[fixed|random|auto]
div <idx> <mode> Sets the default antenna diversity to <mode> (one of full, primary, or
secondary).
dtim <idx> Sets the DTIM period for Access Port <idx> to <period> (number of beacons from
[<period>|<bss_idx 150).
<period>]] <bss_idx> is the index of the BSSID. If not specified for the AP300, the default
value of 1 is assumed for this parameter. For other APs, the <period> value is
used for all the BSSIDs.
loc <idx> <loc> Sets Access Port <idx> location description to <loc> (113 characters).
name <idx> <name> Sets Access Port <idx> name to <name> (113 characters).
primary <idx> <widx> Sets the primary WLAN <widx> (the WLAN index from 1 to 8) for 802.11a radio
associated with Access Port <idx> (1-12). The ESS ID configured for this WLAN
will be used in the 802.11a beacon as the primary ESS.
Note: This parameter is used only for AP200 APs with 802.11a radios
rate <idx> <basic> Sets Access Port <idx> (1-12) basic and supported rates. <basic> and
<supported> <supported> must be comma-separated lists of rates, such as 6,9,11,15 with
no spaces. Basic rates are a subset of supported rates. The different types of
radio support the following rates.
A - 6|9|12|18|24|36|48|54
B - 1|2|5.5|11
G - 1|2|5.5|6|9|11|12|18|24|36|48|54
Note: For a G radio, basic rates must be a subset of B Rates in order to associate legacy
B stations.
reg <idx> <indoor> <ch> Sets Access Port <idx> (1-12)regulatory parameters, which <indoor> is one of
<pwr> in or in/out; <ch> is the channel to use, and <pwr> is the power (in dB from 4
to 20). Select the value of <ch> from the appropriate list.
802.11b ch -- 1 to 14
802.11a ch -- 36,40,44,48,52,56,60,64,149,153,157,161
Note: Regulatory parameter values depend on country of operation and radio type. Refer
to documentation for regulatory information.
rts <idx> <bytes> Sets the RTS threshold for Access Port <idx> (1-12) to <bytes> (e.g., 2341).
short-pre <idx> Enables or disables the short preamble mode for Access Port <idx> (1-12)
[enable|disable]
802.1x <username> Sets the 802.1x username and password on AP 300 Access Ports. Both
<password> parameters can be up to 64 characters long.
mac <idx> <mac> Sets the MAC address of AP <idx> (1-12) to <mac> (MAC address format is
XX:XX:XX:XX:XX:XX)
ap_scan <idx> <mode> Sets the scan mode for Rogue AP detection where <idx> (1-12) is the access
port index and <mode> is one of none, detector, on-chan, full-detector.
radio_type <idx> Sets the Radio Type of an access port where <idx> (1-12) is the access port
<radio_type> index and <radio_type> is one of 802.11a, 802.11b,
802.11b/g.
ap_type <idx> Sets the AP type of an Access Port <idx> (1-12) to AP type. AP type
<radio_type> <radio_type> is one of AP100, AP200, AP300
sip_cac_mode Enables or disables SIP Call Admission Control.
[enable|disable]
allowed_sip_session Sets the allowed number of SIP sessions for this portal. The value for
<idx> <sip_session> <sip_session> lies between 1 and 100. <idx> (1-12) is the access port index.
legacy_mode Enables or disables legacy mode support for AP300s.
[enable|disable]
mu-power-adjustment Sets Symbol MUs operating power in dBm. <ap-index> is the index of the
<ap-index> <adjvalue> Symbol AP and <adjvalue> is the MU power adjustment value in dBm (valid 0-
20)
asset-name <idx> Sets asset name for the Access Port with <idx> (1-12) with <asset-name> (1-
<asset-name> 50 characters)
Example:
admin(network.ap)>set short-pre enable
admin(network.ap)>set shor 1 enable
admin(network.ap)>set name 1 BigOffice
admin(network.ap)>set dtim 1 25
admin(network.ap)>set loc 1 BigBldg
admin(network.ap)>show ap 1
ap name : BigOffice
ap location : BigBldg
ap mac address : 00A0F8565656
ap serial number : 00A0F8565656
ap radio type : 802.11 B
adopted by : WLAN1
ap indoor use : indoor/outdoor

ap channel : 1
ap radio power : 4 dB
antenna gain : 0 dBi
rf power : 3 mW
antenna type : external
ap diversity : full
basic rates : 1 2
supported rates : 1 2 5.5 11
rts threshold : 2341

beacon interval : 100

dtim period : 25
short preamble : enable
security beacon (hide ess) : disable
primary wlan index : wlan1
admin(network.ap)>
3.2.10 Network AP show Command
show
Network AP Commands
Shows Access Port parameters.
Syntax
show [ap|status|sip|legacy-mode]
Parameters
ap <idx> Shows Access Port <idx> (1-12) radio parameters.

status Shows a list of Access Ports and their status.
sip <idx> Shows SIP statistics for the portal <idx> (1-12).
legacy-mode Shows the legacy mode configuration for the switch
Example
admin(network.ap)>show ap 1
ap name : BigOffice
ap location : BigBldg
ap mac address : 00A0F8565656
ap serial number : 00A0F8565656
ap radio type : 802.11 B
adopted by : WLAN1
ap indoor use : indoor/outdoor

ap channel : 1
ap radio power : 4 dB
antenna gain : 0 dBi
rf power : 3 mW
antenna type : external

ap diversity : full
basic rates : 1 2
supported rates : 1 2 5.5 11

dtim period : 25
short preamble : enable
security beacon (hide ess) : disable
detector ap : disable
admin(network.ap)>show status
ap index : 1
ap status : connected
ap index : 2
ap status : not connected
ap index : 3
ap index : 4
ap index : 6
ap index : 7
ap index : 8
ap index : 9
ap index : 10
ap index : 11
ap index : 12
admin(network.ap)>show legacy-mode
Legacy mode is enabled.
Related Commands
set Sets Access Port parameters.

3.3 Network AP Default Commands
default
Network AP Commands
Displays the default Access Port (AP) submenu. Use these commands to set the default values for all APs.
Syntax
admin(network.ap)> default

set Sets default Access Port parameters. page 3-18
loadfromcf Loads the configured images from the CF card immediately page 3-20
show Shows default Access Port parameters. page 3-21
save Saves the configuration to system flash. page 3-1
The items in this menu are available in the Web interface under the three default Access Port screens (one
for each radio type) within the Wireless menu area.
3.3.1 Network AP Default set Command
set
Network AP Default Commands
Sets the default Access Port parameters.
Syntax
set [beacon|ch_mode|div|dtim|primary|reg|rate|rts|short-pre|sensor-img|
ap4131-img|ap4121-img]
Parameters
beacon intvl <type> Sets the default beacon interval for specified radio type <type> (one of
<interval> 802.11a, 802.11b, or 802.11b/g) to <interval> in K-us (50200).
ch-mode <type> Sets the default channel mode for radios of <type> (one of 802.11a, 802.11b,
[fixed|random|auto] or 802.11b/g) to fixed, random, or auto.
div <type> <mode> Sets the default antenna diversity for radios of <type> (one of 802.11a,
802.11b, or 802.11b/g) to <mode> (one of full, primary, or secondary).
dtim <type> Sets the default DTIM period for radios of specified <type> (one of 802.11a,
[<bss_idx>|<period>] 802.11b, or 802.11b/g) to <period> number of beacons (150).
<bss_idx> is the index of the BSSID. If not specified for the AP300, the
default value of 1 is assumed for this parameter. For other APs, the <period>
value is used for all the BSSIDs.
primary <type> <wdix> Sets the default primary WLAN <widx> (1 to 8) for 802.11a radios of
specified <type> (one of 802.11a, 802.11b, or 802.11b/g). The ESS ID
configured for this WLAN will be used in the 802.11a beacon as the primary
ESS.
Note: This parameter is used only for AP200 APs with 802.11a radios.
rate <type> <basic> Sets the default basic and supported rates for radios of specified <type> (one
<supported> of 802.11a, 802.11b, or 802.11b/g). <basic> and <supported> must be a
comma separated list of rates, such as 6,9,11,15 with no spaces. Basic rates
are a subset of supported rates. The different types of radio support the
following rates.
A - 6|9|12|18|24|36|48|54
B - 1|2|5.5|11
G - 1|2|5.5|6|9|11|12|18|24|36|48|54
Note: For a G radio, basic rates must be a subset of B Rates in order to associate legacy
B stations.
reg <type> <indoor> <ch> Sets the default regulatory parameters for radios of specified type (one of
<pwr> 802.11a, 802.11b, or 802.11b/g), where <indoor> is one of in or in/out;
<ch> is the channel to use, and <pwr> is the power (in dB from 4 to 20).
Select the value of <ch> from the appropriate list.
802.11b ch -- 1 to 14
802.11a ch -- 36,40,44,48,52,56,60,64,149,153,157,161
Note: Note: Regulatory parameter values depend on the country of operation and radio
type. Refer to the documentation for specific regulatory information.
rts <type> <bytes> Sets the default RTS threshold for radios of specified <type> (one of 802.11a,
802.11b, or 802.11b/g) to <bytes> (e.g., 2341).
short-pre <type> By default, enables or disables the short preamble mode for radios of
[enable|disable] specified <type> (one of 802.11a, 802.11b, or 802.11b/g).
sensor-img <loc> Sets the default location of the sensor image. Location is specified in the
<loc> parameter.
ap4131-img <loc> Sets the default location <loc> of the AP 4131 image. Select from cf or def.
ap4121-img <loc> Sets the default location <loc> of the AP 4121 image. Select from cf or def.
Example
admin(network.ap.default)>set ch_mode 802.11a fixed
admin(network.ap.default)>set dtim 802.11a 10
admin(network.ap.default)>set short 802.11b/g enable
admin(network.ap.default)>show default 802.11a
ap indoor use : indoor only

ap channel : 36
ap channel mode : random
ap radio power : 17 dBm
: 50 mW
ap diversity : full
basic rates : 6 12 24
supported rates : 6 9 12 18 24 36 48 54

-------------------------------------------------------------------------
BSSID | DTIM period
-------------------------------------------------------------------------
1 | 10
2 | 10
3 | 10
4 | 10
short preamble : disable

admin(network.ap.default)>
Related Commands
show default Displays the default AP settings for a particular radio type.
3.3.2 Network AP Default loadfromcf Command
loadfromcf
Immediately loads configured images from the CF card.
Syntax
loadfromcf
Parameters
None
Example
admin(network.ap.default)>loadfromcf
3.3.3 Network AP Default show Command
show
Shows the default Access Port parameters for a particular radio type.
Syntax
show [default|img-location]
Parameters
default <type> Shows the default Access Port parameters for radio type <type> (802.11a, 802.11b,
802.11bg).
img-location Shows the Sensor/Access Port image locations.
Example
admin(network.ap.default)>set ch_mode 802.11a fixed
admin(network.ap.default)>set dtim 802.11a 10
admin(network.ap.default)>set short 802.11b/g enable
admin(network.ap.default)>show default 802.11a
ap indoor use : indoor only

ap channel : 36
ap channel mode : random
ap radio power : 17 dBm
: 50 mW
ap diversity : full
basic rates : 6 12 24
supported rates : 6 9 12 18 24 36 48 54

----------------------------------------------------------------------
BSSID | DTIM period
----------------------------------------------------------------------
1 | 10
2 | 10
3 | 10
4 | 10
short preamble : disable
Related Commands
set Sets the default parameters for the specified radio type.
3.4 Network AP Test Commands
test
Network AP Commands
Displays the test submenu.
Syntax
admin(network.ap)> test
admin(network.ap.test)>
The items available under this command are shown below

new Switches the Access Port to a new channel. page 3-23
3.4.1 Network AP Test new Command
new
Network AP Test Commands
Switches the specified Access Port to a new channel.
Syntax
new <idx> <ch>
Parameters
<idx> <ch> Switches the Access Port indexed with <idx> (112) to channel <ch> (which must be
a valid channel for the specified Access Port.
Example
admin(network.ap.test)>new 2 15
3.5 Network AP Selfheal commands
selfheal
Network AP Commands
Displays the selfheal submenu.
Syntax
admin(network.ap)> selfheal
The items available under this menu are shown below.

set Sets self-heal parameters page 3-25
detect-neighbor Detects neighbors and prepares the neighbors list automatically page 3-26
add Adds entries to the self-heal table page 3-27
del Removes entries from the self-heal table page 3-28
show Shows entries in the self-heal table page 3-29
3.5.1 Network AP Selfheal set Command
set
Network AP Selfheal commands
Sets the different self-heal parameters.
Syntax
set [interference-avoidance|neighbor-recovery]
Parameters
interference-avoidance mode [enable|disable] Sets the self-healing interference mode. Can be

[mode one of enable or disable.
[enable|disable] | max-retries [<max-retires|default] Sets the threshold limit on the
max-retries maximum number of retires permitted. <max-retires> (0-15) is the
[<max-retries>|default] | number of allowed retries. default has a value of 14.
hold-time
hold-time [<hold-time>|default] Sets the hold-time between running two
[<hold-time>|default]]
consecutive interference avoidance algorithms. <hold-time> (0-65535) is
the duration in seconds. default has a value of 3600.
neighbor-recovery mode [enable|disable] Enables or disables neighbor recovery.
[mode action <radio-idx> <action> Sets the neighbor recovery action for the
[enable|disable] | portal. <radio-idx> (1-12) is the id of the radio for which action specified
action <radio-idx> <action> | in <action> must be taken. Select <action> from none, raise-power,
offset <radio-idx> open-rates, both.
[<offset>|default]] Sets the radio offset value for the radio <radio-idx> (1-12) when the set
action is raise-power. <offset> value is between 0-65535. default value is
0.
Example - Set interference-avoidance:
admin(network.ap.selfheal)>set interference-avoidance mode enable
admin(network.ap.selfheal)>set interference-avoidance mode disable
admin(network.ap.selfheal)>set interference-avoidance max-retries 15
admin(network.ap.selfheal)>set interference-avoidance max-retries default
admin(network.ap.selfheal)>set interference-avoidance hold-time 24000
admin(network.ap.selfheal)>set interference-avoidance hold-time default
Example - set neighbor-recovery:
admin(network.ap.selfheal)>set neighbor-recovery mode enable
admin(network.ap.selfheal)>set neighbor-recovery mode disable
admin(network.ap.selfheal)>set neighbor-recovery action none radio 1
admin(network.ap.selfheal)>set neighbor-recovery action raise-power radio
1
admin(network.ap.selfheal)>set neighbor-recovery action open-rates radio
1
admin(network.ap.selfheal)>set neighbor-recovery action both radio 1
3.5.2 Network AP Selfheal detect-neighbor Command
detect-neighbor
Detects the neighbor devices.
Syntax
detect-neighbor
Parameters
None
Example
admin(network.ap.selfheal)>detect-neighbor
admin(network.ap.selfheal)>
3.5.3 Network AP Selfheal add Command
add
Adds entries into the selfheal AP-AP neighbor table.
Syntax
add <from-ap> <to-ap>
Parameters
<from-ap> <to-ap> Adds the specified APs into the neighbor-recovery table. <from-ap> and <to-
ap> accepts values 1 to 12 and all. all indicates all the APs.
Example
admin(network.ap.selfheal)>add 2 4
admin(network.ap.selfheal)>show
Interference Avoidance Mode : disable

Retry Count : 14
Hold Time : 3600
Neighbor Recovery Mode : enable
PORTAL-IDX OFFSET-VALUE NEIGHBOR-RECOVERY-ACTION
1 0 none
2 0 open-rates
3 0 none
4 777 raise-power
5 0 none
6 0 none
7 0 none
8 0 none
9 0 none
10 0 none
11 0 none
12 0 none
FROM-AP TO-AP
2 4
4 2
-------------HEALING STATE OF PORTALS------------

PORTAL HEALING-MODE CONFIGURED-POWER(dBm) RAISED-POWER(dBm)
1 Normal 20 0
2 Normal 17 0
3 Normal 20 0
4 Normal 17 0
3.5.4 Network AP Selfheal del Command
del
Deletes entries from the selfheal AP-AP neighbor table.
Syntax
del <from-ap> <to-ap>
Parameters
<from-ap> <to-ap> Removes the specified APs from the neighbor-recovery table. <from-ap> and
<to-ap> accepts values 1 to 12 and all. all indicates all the APs.
Example
admin(network.ap.selfheal)> del 2 4
admin(network.ap.selfheal)> show

Retry Count : 14
Hold Time : 3600
Neighbor Recovery Mode : enable
1 0 none
2 0 open-rates
3 0 none
4 0 none
5 0 none
6 0 none
7 0 none
8 0 none
9 0 none
10 0 none
11 0 none
12 0 none
FROM-AP TO-AP

1 Normal 20 0
2 Normal 17 0
3 Normal 20 0
4 Normal 17 0
3.5.5 Network AP Selfheal show Command
show
Shows the selfheal parameter details.
Syntax
show
Parameters
None
Example
admin(network.ap.selfheal)>show

Retry Count : 14
Hold Time : 3600
Neighbor Recovery Mode : disable
1 0 none
2 0 none
3 0 none
4 0 none
5 0 none
6 0 none
7 0 none
8 0 none
9 0 none
10 0 none
11 0 none
12 0 none
FROM-AP TO-AP
1 2
2 1

1 Normal 20 0
2 Normal 20 0
3.6 Network AP Denyap Commands
denyap
Network AP Commands
Displays the denyap submenu. Use the denyap submenu to manage APs that have been denied access to the
switch.
Syntax
admin(network.ap)> denyap
admin(network.ap.denyap)>

add Adds access port deny list entries page 3-31
delete Deletes access port deny list entries page 3-32
show Shows access port deny list page 3-33
3.6.1 Network AP Denyap add Command
add
Network AP Denyap Commands
Add entries to the Access Port Deny List.
Syntax
add <mac>
Parameters
<mac> Adds the MAC specified in the <mac> parameter to the Access Port Deny List. MAC
entries are to be entered without the :. For example 00b4c2114534.
Example
admin(network.ap.denyap)>add 00b4c2114534
admin(network.ap.denyap)>show
-------------------------------------------------------------------------
Idx AP NIC MAC
-------------------------------------------------------------------------
1 00b4c2114535
2 00b4c2114534
3.6.2 Network AP Denyap delete Command
delete
Deletes an entry in the Access Port Deny List.
Syntax
delete [<mac>|all]
Parameters
<mac> Deletes the MAC specified in the <mac> parameter from the Access Port Deny List.
all Deletes all the entries in the Access Port Deny List
Example
-------------------------------------------------------------------------
Idx AP NIC MAC
-------------------------------------------------------------------------
1 00b4c2114535
2 00b4c2114534
admin(network.ap.denyap)>delete 00b4c2114535
-------------------------------------------------------------------------
Idx AP NIC MAC
-------------------------------------------------------------------------
1 00b4c2114534
3.6.3 Network AP Denyap show Command
show
Displays the Access Port Deny List.
Syntax
show
Parameters
None
Example
----------------------------------------------------------------------
Idx AP NIC MAC
----------------------------------------------------------------------
1 00b4c2114535
2 00b4c2114534
3.7 Network AP Smartscan Commands
smartscan
Network AP Commands
Displays the smartscan submenu.
Syntax
admin(network.ap)> smartscan
admin(network.ap.smartscan)>

set Sets smartscan channels page 3-35
delete Removes smartscan channels page 3-36
show Shows all smartscan channels page 3-37
3.7.1 Network AP Smartscan set Command
set
Network AP Smartscan Commands
Sets the smartscan channels. These channels are the ones that are scanned for presence of WLANs.
Syntax
set [11a <11a>|11bg <11bg>]
Parameters
11a <11a> Sets the smart scan channel list for the 5 GHz band. Channel list <11a> should
be a comma separated list. For example, 36,40,44,48
11bg <11bg> Sets the smart scan channel list for the 2.4 GHz band. Channel list <11bg>
should be a comma separated list. For example, 1-4,6,8
Note: When using a range for selecting multiple channels, all the channels that are
included in the range should be valid channel numbers for the current regulatory domain.
Example
admin<network.ap.smartscan>> set 11bg 1-6,8,10-12
admin(network.ap.smartscan)> show all
smart scan 11a channels :
smart scan 11bg channels : 1 2 3 4 5 6 8 10 11 12
Available valid 11a channels : 36 40 44 48 52 56 60 64 149 153 157
161 165
Available valid 11bg channels : 1 2 3 4 5 6 7 8 9 10 11 12 13
3.7.2 Network AP Smartscan delete Command
delete
Deletes all the channels in the smartscan list for a specific radio.
Syntax
delete [11a <11a>|11bg <11bg>]
Parameters
11a <11a> Sets the smart scan channel list for the 5 GHz band. Channel list <11a> should be a
comma separated list. For example, 36,40,44,48
11bg <11bg> Sets the smart scan channel list for the 2.4 GHz band. Channel list <11bg> should be a
comma separated list. For example, 1-4,6,8
Note: When using a range for selecting multiple channels, all the channels that are included in
the range should be valid channel numbers for the current regulatory domain.
Example
161 165
admin(network.ap.smartscan)> delete 11bg
smart scan 11bg channels :
161 165
admin(network.ap.smartscan)>
3.7.3 Network AP Smartscan show Command
show
Displays the list of channels used for smartscan for the different radios.
Syntax
show [all]
Parameters
all Shows the list of channels in the smartscan list.

Example
161 165
3.8 Network AP Test Commands
test
Network AP Commands
Displays the test submenu. Use this submenu commands to test APs.
Syntax
admin(network.ap)> test

new Switches the AP to a new channel page 3-39
show Shows mesh configuration information page 3-47
3.8.1 Network AP Test new Command
new
Network AP Test Commands
Switches AP to a new channel.
Syntax
test <idx> <ch>
Parameters
<idx> The access port index for which the channel has to be changed
<ch> The channel to change to. This must be a channel that is valid for the selected AP <idx>.
Example
admin(network.ap.test)> new 1 24
3.9 Network AP Mesh Commands
mesh
Network AP Commands
Displays the mesh submenu. Use this menu to configure the different Mesh Network parameters.
Syntax
admin(network.ap)> mesh
admin(network.ap.mesh)>

set Sets mesh parameters page 3-41
add Adds a preferred base to the list page 3-43
del Removes preferred bases from the list page 3-44
preferred-list Shows a list of preferred bases page 3-45
available-list Shows a list of available bases page 3-46
show Shows mesh configuration information page 3-47
3.9.1 Network AP Mesh set Command
set
Network AP Mesh Commands
Sets the mesh related parameters.
Syntax
set [client|vlan|auto|base|max-clients]
Parameters
client <radio-idx> Enables or disables the mesh client for the radio with the index
[enable|disable] <radio-idx> (1-12).
wlan <radio-idx> <wlan-id> Selects the WLAN <wlan-id> (1-8) for the mesh client radio index
<radio-idx> (1-12).
auto <radio-idx> Enables or disables automatic base selection for the radio with the index
[enable|disable] <radio-idx> (1-12).
base <radio-idx> Enables or disables the radio <radio-idx> (1-12) as the mesh base.
[enable|disable]
max-clients <radio-idx> Sets the maximum number of client <max-clients> for the radio
<max-clients> <radio-idx> (1-12).
Example
admin(network.ap.mesh)> set client 1 enable
admin(network.ap.mesh)> show 1
-------------------------------------------------------------------------
"Mode" "WLAN" "Base Auto Selection" "Max Clients"
-------------------------------------------------------------------------
Client Only WLAN1 Enabled N/A
admin(network.ap.mesh)> set base 1 enable
-------------------------------------------------------------------------
-------------------------------------------------------------------------
Base and Client WLAN1 Enabled 6
admin(network.ap.mesh)> set wlan 1 3
-------------------------------------------------------------------------
-------------------------------------------------------------------------
admin(network.ap.mesh)> set max-clients 1 4
-------------------------------------------------------------------------
-------------------------------------------------------------------------
admin(network.ap.mesh)> set auto 1 disable

-------------------------------------------------------------------------
-------------------------------------------------------------------------
Base and Client WLAN3 Disabled 4
3.9.2 Network AP Mesh add Command
add
Adds a preferred base to the devices Preferred Base Bridge List.
Syntax
add <radio-idx> <mac>
Parameters
<radio-idx> Adds the base to the devices Preferred Base Bridge List. The <radio-idx> (1-12) is the
<mac> unique ID for the radio. <mac> is the address of the base device to be added to the
list.
Example
admin(network.ap.mesh)> add 3 001570419F9F
admin(network.ap.mesh)> preferred-list 3
-------------------------------------------------------------------------
"Priority" "Base MAC"
-------------------------------------------------------------------------
1 00:15:70:41:9F:9F
Related Commands
del Removes preferred bases from the list

preferred-list Shows a list of preferred bases
3.9.3 Network AP Mesh del Command
del
Removes a Mesh Base from the devices Preferred Base Bridge List.
Syntax
del [<radio-idx>] [all|<index>]
Parameters
<radio-idx> Removes all preferred bases from the devices Preferred Base Bridge List for the
[all|<index>] radio specified by the <radio-idx> (1-12).
all Indicates all the preferred base devices.
<index> Indicates the selected preferred base device.
Example
-------------------------------------------------------------------------
-------------------------------------------------------------------------
1 00:15:70:41:9F:9F
2 00:15:45:70:9C:8D
3 15:03:54:07:23:45
admin(network.ap.mesh)> del 3 2
-------------------------------------------------------------------------
-------------------------------------------------------------------------
1 00:15:70:41:9F:9F
2 15:03:54:07:23:45
admin(network.ap.mesh)> del 3 all

-------------------------------------------------------------------------
-------------------------------------------------------------------------
Related Commands
add Adds a preferred base to the list

3.9.4 Network AP Mesh preferred-list Command
preferred-list
Displays the Preferred Base Bridge List for the device
Syntax
preferred-list <radio-idx>
Parameters
<radio-idx> Displays the selected radios (<radio-idx> (1-12)) Preferred Base Bridge List.
Example
-------------------------------------------------------------------------
-------------------------------------------------------------------------
1 00:15:70:41:9F:9F
2 00:15:45:70:9C:8D
3 15:03:54:07:23:45
Related Commands

3.9.5 Network AP Mesh available-list Command
available-list
Displays the list of available base bridges along with their MAC addresses and the RSSI.
Syntax
available-list <radio-idx>
Parameters
<radio-idx> Displays the available base bridges for a particular radio indicated by the <radio-idx>
(1-12) value.
Example
admin(network.ap.mesh)> available-list 3
-------------------------------------------------------------------------
"MAC" "Channel" "RSSI"
-------------------------------------------------------------------------
00:15:70:41:9A:9A 11 189
Related Commands

3.9.6 Network AP Mesh show Command
show
Displays the mesh details for a particular radio.
Syntax
show <radio-idx>
Parameters
<radio-idx> Displays the mesh configuration information for the radio indicated by the
<radio-idx> (1-12) value.
Example
-------------------------------------------------------------------------
-------------------------------------------------------------------------
3.10 Network DCHP Commands
dhcp
network
Displays the DHCP submenu.
Syntax
admin(network)> dhcp
admin(network.dhcp)>

set Sets system updated flags. page 3-49
show Shows system updated flags. page 3-50
3.10.1 Network DHCP set Command
set
Network DCHP Commands
Sets parameters for automated firmware and configuration upgrades.
Syntax
set [firmwareupgrade|configureupgrade|interface|
dhcpvendorclassid|autoupgradeinterval]
firmwareupgrade [0|1] Enables (1) or disables (0) automatic switch firmware upgrade.
configupgrade [0|1] Enables (1) or disables (0) automatic switch configuration update.
interface <iface> Sets the interface <iface> for the upgrades to the device:
s1 subnet 1
s2 subnet 2
s3 subnet 3
s4 subnet 4
s5 subnet 5
s6 subnet 6
w WAN
dhcpvendorclassid Sets the DHCP vendor class id to <dhcp vendor class id>.
<dhcp vendor class id> Note: Vendor class id must be preceded by Sym.
autoupgradeinterval Sets the Light Weight DHCP Client Auto Upload time interval to
<autoupgradeinterval> <autoupgradeinterval> (1-65535) seconds.
Example
admin(network.dhcp)>show all
Auto Firmware upgrade flag : 0

Auto Config upgrade flag : 0
Interface : w
admin(network.dhcp)>set firmwareupgrade 1
admin(network.dhcp)>set con 1
admin(network.dhcp)>set inter s1

Interface : s1
Related Commands
show all Shows the settings for all the automatic update parameters.
3.10.2 Network DHCP show Command
show
Network DCHP Commands
Displays system updated flags.
Syntax
show all
Parameters
all Displays all of the DHCP-related system update parameters.

Example

Interface : w
Dhcp Vendor Class Id : SymbolWS.WS2K-V2-0
Auto Upgrade Interval : 600
Related Commands
set Sets the DHCP-related parameters for updating system firmware and configuration.
3.11 Network Firewall Commands
fw
network
Displays the firewall submenu.
Syntax
admin(network)> fw
admin(network.fw)>

set Sets firewall parameters. page 3-52
show Shows firewall parameters. page 3-54
submap Goes to the subnet mapping submenu. page 3-79
policy Goes to the advanced subnet mapping submenu. page 3-63
timeradd Creates a new timeout value page 3-55
timerset Sets timeout values page 3-58
timerdel Deletes a named timer page 3-56
timerlist Shows the list of timers page 3-57
ips Goes to the Intrusion Prevention System submenu. page 3-59
The commands in this menu are available in the Web interface on the Network>Firewall screen.
3.11.1 Network Firewall set Command
set
Network Firewall Commands
Sets firewall parameters. In the Web interface, this functionality is provide by the Network->Firewall screen.
Syntax
set [mode|override|ftp|ip|seq|src|syn|win|spoof|rst|
range|netbios-alg] [enable|disable]
set mime [filter|hdr|len]

set mime filter [enable|disable]
set mime hdr <count>
set mime len <length>
set timeout <time>

set fin <time>
Parameters
mode [enable|disable] Enables or disables the firewall.

override [enable|disable] Enables or disables subnet access override.
ftp [enable|disable] Enables or disables FTP bounce attack check.
ip [enable|disable] Enables or disables IP unaligned timestamp check.
mime filter [enable|disable] Enables or disables MIME flood attack check.
[filter [enable|disable]| hdr <count> Sets the max number of headers as specified in <count>
hdr <count>| (12-34463)
len <length>]
len <length> Sets the max header length in bytes as specified by <length>
(256-34463)
seq [enable|disable] Enables or disables sequence number prediction check.
src [enable|disable] Enables or disables source routing check.
syn [enable|disable] Enables or disables SYN flood attack check.
timeout <time> Sets the firewall timeout to <time> minutes (190).
win [enable|disable] Enables or disables Winnuke attack check.
spoof [enable|disable] Enables or disables IP Spoofing attack check
rst [enable|disable] Enables or disable reset attack check
range [enable|disable] Enables or disable sequence out of range check
fin <time> Sets fin timeout to <time> seconds.
netbios-alg Enables or disables NetBIOS ALG support.
[enable|disable]
Example
admin(network.fw)>show all
Firewall Status : enable
Subnet Access Override : disable
Configurable Firewall Filters

ftp bounce attack filter : enable

syn flood attack filter : enable
unaligned ip timestamp filter : enable
source routing attack filter : enable
winnuke attack filter : enable
seq num prediction attack filter : enable
mime flood attack filter : enable
max mime header length : 8192
max mime headers : 16
nat timeout interval in minutes : 30
ip spoofing attack filter : enable
reset attack filter : enable
ack/seq number out of range check : enable
fin timeout : 20
Always On Firewall Filters
land attack filter : enable

ping of death attack filter : enable
reassembly attack filter : enable
NetBIOS alg : disable
admin(network.fw)>
Related Commands
show Shows the current firewall settings.

3.11.2 Network Firewall show Command
show
Displays the firewall parameters.
Syntax
show all
Parameters
all Shows all firewall settings.

Example
admin(network.fw)>show all
Firewall Status : enable
Subnet Access Override : disable
Configurable Firewall Filters
ftp bounce attack filter : enable

syn flood attack filter : enable
unaligned ip timestamp filter : enable
source routing attack filter : enable
winnuke attack filter : enable
seq num prediction attack filter : enable
mime flood attack filter : enable
max mime header length : 8192
max mime headers : 16
nat timeout interval in minutes : 30
ip spoofing attack filter : enable
reset attack filter : enable
ack/seq number out of range check : enable
fin timeout : 20
Always On Firewall Filters
land attack filter : enable

ping of death attack filter : enable
reassembly attack filter : enable
NetBIOS alg : disable
admin(network.fw)>
Related Commands
set Sets firewall settings.

3.11.3 Network Firewall timeradd Command
timeradd
Adds a new named timeout value.
Syntax
timeradd <name> <protocol> <port> <value>
Parameters
timeradd <name> Adds a new named timeout value.

<protocol> <name> is the name of the time out value (1-15 characters)
<port> <value>
<protocol> is the protocol to be used. (tcp or udp)
<port> is the port number (0-32767)
<value> is the timeout value in seconds
(60-268400000)
Example
admin(network.fw)> timeradd newtcp tcp 21 4500
admin(network.fw)> timerlist
-----------------------------------------------------------
Name Protocol Port Timeout ( Secs )
-----------------------------------------------------------
newtcp tcp 21 4500
admin(network.fw)
3.11.4 Network Firewall timerdel Command
timerdel
Deletes a named timeout value.
Syntax
timerdell <timer name>
Parameters
timerdel <timername> Deletes a timer named <timer name>.

Example
admin(network.fw)>timeradd newudp udp 21 4500
admin(network.fw)>timerlist
-----------------------------------------------------------
-----------------------------------------------------------
newtcp tcp 21 4500
newudp udp 21 4500
admin(network.fw)timerdel newtcp
-----------------------------------------------------------
-----------------------------------------------------------
newudp udp 21 4500
3.11.5 Network Firewall timerlist Command
timerlist
Displays all named time outs.
Syntax
timerlist
Parameters
None
Example
-----------------------------------------------------------
-----------------------------------------------------------
newtcp tcp 21 4500
newudp udp 21 4500
admin(network.fw)
3.11.6 Network Firewall timerset Command
timerset
Sets the timeout value for a named timer.
Syntax
timerset <timer name> <value>
Parameters
timerset <timer name> Sets the timer value <value> (60-268400000) for a timer named
<value> <timer name>.
Example
admin(network.fw)>timerset newudp 5000
-----------------------------------------------------------
-----------------------------------------------------------
newtcp tcp 21 4500
newudp udp 21 5000
3.12 Network Firewall Intrusion Prevention System Commands
ips
Displays the firewall Intrusion Prevention System (IPS) submenu.
Syntax
admin(network.fw)> ips
admin(network.fw.ips)>

set Sets the IPS parameters page 3-60
show Displays the IPS settings page 3-62
3.12.1 Network Firewall IPS set Command
set
Network Firewall Intrusion Prevention System Commands
Sets the Intrusion Prevention System (IPS) parameters.
Syntax
set [mode|anomaly-config|signature-categories|direction]
set mode [enable|disable]

set signature-categorises <category-list>
set direction [default|bi-directional]
set anomaly-config[-sl <smtplen>|-ml <mimelen>|-md <mimedepth>|
-hl <httpline>|-hz <httpsize>|-hlz <httplinesize>|
-huz <httpurisize>]
mode [enable|disable] Enables or disables IPS.

anomaly-config -sl <smtplen> Sets the SMTP header length.
[-sl <smtplen>| -ml <mimelen> Sets the MIME header length.
-ml <mimelen>|
-md <mimedepth> Sets the depth of MIME boundary header.
-md <mimedepth>|
-hl <httphline>| -hl <httphline> Sets the field in the HTTP header.
-hz <httphsize>| -hz <httphsize> Sets the HTTP header size.
-hlz <httplinesize>| -hlz <httplinesize> Sets the HTTP header line size.
-huz <httpurisize>] -huz <httpurisize> Sets the HTTP URI size.
signature-categories Sets the signature categories for IPS. Select <category-list> from
<category-list> TELNET, POP3, IMAP, NNTP, FTP, SNMP, TCPDNS, UDPDNS,
TCPRPC, UDPRPC, HTTP, SMTP, TCPGEN, UDPGEN, ICMP, TCP,
UDP, IP.
If more than one signature category is specified, separate each category
with a space. Each of the signature category must be specified in Upper
Case only.
direction [default|bi-directional] Sets the direction to inspect packets.
default Sets direction as default. This is defined in the signature.
bi-directional Sets direction as bi-directional. Packets are inspected
when received or sent.
Example
admin(network.fw.ips)>set mode enable
admin(network.fw.ips)>set anomaly-config -sl 100
admin(network.fw.ips)>set direction default
admin(network.fw.ips)>set signature-categories TELNET POP3 TCP UDP
admin(network.fw.ips)>show all
IPS mode : enable
SMTP Header length : 1024
MIME header length : 1024
Depth of MIME boundary header : 5
Field in HTTP header : 50
HTTP header size : 4096
HTTP header line size : 3072
HTTP URI size : 3072

Loaded Signature Categories : TELNET POP3 TCP UDP IMAP HTTP SMTP
Packet Direction of signatures : default
3.12.2 Network Firewall IPS show Command
show
Network Firewall Intrusion Prevention System Commands
Displays the Intrusion Prevention System (IPS) configurations.
Syntax
show all
Parameters
all Displays the IPS configuration.

Example
admin(network.fw.ips)>show all
IPS mode : enable
SMTP Header length : 1024
MIME header length : 1024
Depth of MIME boundary header : 5
Field in HTTP header : 50
HTTP header size : 4096
HTTP header line size : 3072
HTTP URI size : 3072
Loaded Signature Categories : TELNET POP3 TCP UDP IMAP HTTP SMTp
Packet Direction of signatures : default
3.13 Network Firewall Policy Commands
policy
Displays the firewall policy submenu.
Syntax
admin(network.fw)> policy
admin(network.fw.policy)>
NOTE: The Policy menu can only be accessed when Subnet Access Override mode
is enabled. To enable Subnet Access Override use the command
admin(network.fw)> set override enable

inbound Goes to the inbound policy submenu. page 3-65
outbound Goes to the outbound policy submenu. page 3-72
import Imports subnet access rules. page 3-64
3.13.1 Network Firewall Policy import command
import
Network Firewall Policy Commands
Imports subnet access rules from current subnet access settings created in the GUI interface (Network->
Firewall -> Subnet Access menu item) or using the CLI submap menu commands. Previously set outbound
firewall policies will be deleted.
Syntax
import
Parameters
None
Example
admin(network.fw.policy)>import
WARNING : You will loose all your current advanced access policies.
Do you want to continue [n/y]?y
admin(network.fw.policy)>
admin(network.fw.policy.outb)>list
-------------------------------------------------------------------------
----
Idx Src IP-Netmask Dst IP-Netmask Tp Src Ports Dst Ports NAT Action
-------------------------------------------------------------------------
----
1 192.168.0.1- 192.168.1.1- all 1:65535 1:65535 none allow
255.255.255.0 255.255.255.0
2 192.168.0.1- 192.168.2.1- all 1:65535 1:65535 none allow
255.255.255.0 255.255.255.0
3 192.168.1.1- 192.168.0.1- all 1:65535 1:65535 none allow
255.255.255.0 255.255.255.0
4 192.168.1.1- 192.168.2.1- all 1:65535 1:65535 none allow
255.255.255.0 255.255.255.0
5 192.168.2.1- 192.168.0.1- all 1:65535 1:65535 none allow
255.255.255.0 255.255.255.0
6 192.168.2.1- 192.168.1.1- all 1:65535 1:65535 none allow
255.255.255.0 255.255.255.0
7 192.168.0.0- 192.168.32.2- all 1:65535 1:65535 none allow
255.255.255.0 255.255.255.0
8 192.168.0.0- 0.0.0.0- all 1:65535 1:65535 wan1 allow
255.255.255.0 0.0.0.0
9 192.168.1.0- 0.0.0.0- all 1:65535 1:65535 none allow
255.255.255.0 0.0.0.0
10 192.168.2.0- 0.0.0.0- all 1:65535 1:65535 none allow
255.255.255.0 0.0.0.0
Related Commands
submap > list Lists the currently defined subnet to subnet/WAN communication rules into the
outbound firewall policy list.
outb > list Lists the current outbound firewall policies.
3.14 Network Firewall Policy Inbound Commands
inbound
Displays the inbound policy submenu.
Syntax
admin(network.fw.policy)> inb
admin(network.fw.policy.inb)>

add Adds a firewall policy. page 3-66
set Sets firewall policy parameters. page 3-71
delete Deletes a firewall policy. page 3-67
list Lists firewall policies. page 3-69
move Moves a firewall policy to a different position in the list. page 3-70
insert Inserts a new firewall policy before an existing policy. page 3-68
3.14.1 Network Firewall Policy Inbound add Command
add
Network Firewall Policy Inbound Commands
Adds an inbound firewall policy.
Syntax
add <sip> <netmask> <dip> <dnetmask>
Parameters
<sip> <netmask> Adds a firewall policy to be effective on communications between a source site
<dip> <dnetmask> and a destination site.
<sip> The source IP
<snetmask> The source IPs network mask
<dip> The destination site IP
<dnetmask> The destination IPs network mask
Example
admin(network.fw.policy.inb)>add 192.168.24.0 255.255.255.0
209.239.170.45 255.2 55.255.224
Inbound Policy Successfully added at index 1

admin(network.fw.policy.inb)>list
-------------------------------------------------------------------------
Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT
Action
-------------------------------------------------------------------------
1 192.168.24.0- 209.239.170.45- all 1: 1: 0.0.0.0
deny
255.255.255.0 255.255.255.224 65535 65535 nat port 0
Related Commands
delete Deletes firewall policies from the inbound list.

move Moves firewall policies either up or down in the list of policies.
3.14.2 Network Firewall Policy Inbound delete Command
delete
Deletes a firewall policy.
Syntax
delete [all|<idx>]
Parameters
<idx> Deletes inbound firewall policy <idx> from the policy list.
all Deletes all inbound firewall policies.
Example
-------------------------------------------------------------------------
Idx Src IP-Netmask Dst IP-Netmask Tp SPorts DPorts Rev. NAT Action
-------------------------------------------------------------------------
1 209.239.179.52- 168.192.56.4- all 1: 1: 0.0.0.0 deny
255.255.255.224 255.255.255.0 65535 65535 nat port 0
2 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow
255.255.255.224 255.255.255.0 201 nat port 0
admin(network.fw.policy.inb)>del 1
-------------------------------------------------------------------------
-------------------------------------------------------------------------
1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow
255.255.255.224 255.255.255.0 201 nat port 0
3.14.3 Network Firewall Policy Inbound insert Command
insert
Inserts a new firewall policy before an existing policy.
Syntax
insert <idx> <sip> <snetmask> <dip> <dnetmask>
Parameters
<idx> <sip> Inserts a new policy into the inbound firewall policy list at a specified index.
<snetmask> <dip>
<dnetmask>
<idx> The index in the firewall policy list where this policy is to be inserted.
<sip> The source IP
Example
-------------------------------------------------------------------------
-------------------------------------------------------------------------
1 209.239.170.88- 192.168.42.2- all 1: 1: 0.0.0.0 deny
255.255.255.224 255.255.255.0 65535 65535 nat port 0
admin(network.fw.policy.inb)>insert 1 209.239.160.44 255.255.255.224
192.168.55.
44 255.255.255.0
Inbound Policy Successfully inserted at index 1
-------------------------------------------------------------------------
-------------------------------------------------------------------------
1 209.239.160.44- 192.168.55.44- all 1: 1: 0.0.0.0 deny
255.255.255.224 255.255.255.0 65535 65535 nat port 0
2 209.239.170.88- 192.168.42.2- all 1: 1: 0.0.0.0 deny
255.255.255.224 255.255.255.0 65535 65535 nat port 0
3.14.4 Network Firewall Policy Inbound list Command
list
Lists inbound firewall policies.
Syntax
list {<idx>}
Parameters
<idx> Displays firewall policy with number <idx>.

Example:
admin(network.fw.policy.inb)>add 192.168.24.0 255.255.255.0
209.239.170.45 255.255.255.224
-------------------------------------------------------------------------
Action
-------------------------------------------------------------------------
1 192.168.24.0- 209.239.170.45- all 1: 1: 0.0.0.0
deny
255.255.255.0 255.255.255.224 65535 65535 nat port 0
3.14.5 Network Firewall Policy Inbound move Command
move
Moves a firewall policy to a different position in the list and renumbers all affected items in the list.
Syntax
move [up|down] <idx>
Parameters
[up|down] <idx> Moves policy with index <idx> up or down one (to a lower or a higher number) in
the policy list.
Example
----------------------------------------------------------------------
-------------------------------------------------------------------------
1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow
255.255.255.224 255.255.255.0 201 nat port 0
2 209.239.179.52- 168.192.56.4- all 1: 1: 0.0.0.0 deny

255.255.255.224 255.255.255.0 65535 65535 nat port 0
admin(network.fw.policy.inb)>move up 2
-------------------------------------------------------------------------
-------------------------------------------------------------------------
1 209.239.179.52- 168.192.56.4- all 1: 1: 0.0.0.0 deny
255.255.255.224 255.255.255.0 65535 65535 nat port 0
2 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow

255.255.255.224 255.255.255.0 201 nat port 0
3.14.6 Network Firewall Policy Inbound set Command
set
Sets inbound firewall policy parameters.
Syntax
set [saddr|daddr|tp|sport}dport|rnat|rport|action|logging]
Parameters
saddr <idx> <Ip Addr> Sets source IP address <Ip Addr> and IP netmask <netmask> for inbound
<netmask> firewall policy <idx>.
daddr <idx> <Ip Addr> Sets destination IP address <Ip Addr> and IP netmask <netmask> for
<netmask> inbound firewall policy <idx>.
tp <idx> <tp> Sets transport protocol for inbound firewall policy <idx> to <tp> (one of all,
tcp, udp, icmp, ah, esp, gre).
sport <idx> <port1> Sets source port range for inbound firewall policy <idx> from <port1>
[<port2>] (165535) to <port2> (165535). If <port2> is not specified, <port1> is used
as the top end of the range.
dport <idx> <port1> Sets destination port range for inbound firewall policy <idx> from <port1> (1
[<port2>] 65535) to <port2> (165535). If <port2> is not specified, <port1> is used as
the top end of the range.
rnat <idx> <Ip Addr> Sets reverse NAT IP address for inbound firewall policy <idx> to
<Ip Addr> (a.b.c.d).
rport <idx> <rport> Sets reverse NAT port for inbound firewall policy <idx> to <rport>
(065535).
action <idx> [allow|deny] Sets action of inbound firewall policy <idx> to allow or deny.
Example
admin(network.fw.policy.inb)>set tp 1 gre
-------------------------------------------------------------------------
-------------------------------------------------------------------------
1 209.239.160.202- 168.192.36.4- gre 1: 1: 0.0.0.0 deny
255.255.255.224 255.255.255.0 65535 65535 nat port 0
admin(network.fw.policy.inb)>set sport 1 20 21
admin(network.fw.policy.inb)>set dport 1 200 201
admin(network.fw.policy.inb)>set action 1 allow
-------------------------------------------------------------------------
-------------------------------------------------------------------------
1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow
255.255.255.224 255.255.255.0 201 nat port 0
3.15 Network Firewall Policy Outbound Commands
outbound
Displays the outbound policy submenu.
Syntax
admin(network.fw.policy)> outbound
admin(network.fw.policy.outbound)>

add Adds a firewall policy. page 3-73
set Sets firewall policy parameters. page 3-78
delete Deletes a firewall policy. page 3-74
list Lists firewall policies. page 3-76
move Moves a firewall policy to a different position in the list. page 3-77
insert Inserts a new firewall policy before an existing policy. page 3-75
3.15.1 Network Firewall Policy Outbound add Command
add
Network Firewall Policy Outbound Commands
Adds an outbound firewall policy.
Syntax
add <sip> <netmask> <dip> <netmask>
Parameters
<sip> <netmask> Adds a firewall policy to be effective on communications between a source site
<dip> <dnetmask> and a destination site.
<sip> The source IP
Example
admin(network.fw.policy.outb)>add 192.168.24.0 255.255.255.0
209.239.170.45 255.255.255.224
Outbound Policy Successfully added at index 1

-------------------------------------------------------------------------
Action
-------------------------------------------------------------------------
1 192.168.24.0- 209.239.170.45- all 1: 1: 0.0.0.0
deny
255.255.255.0 255.255.255.224 65535 65535 nat port 0
Related Commands
delete Deletes firewall policies from the outbound list.

move Moves policies either up or down in the list of policies.
3.15.2 Network Firewall Policy Outbound delete Command
delete
Deletes an outbound firewall policy.
Syntax
delete [all|<idx>]
Parameters
<idx> Deletes inbound firewall policy <idx> from the policy list.
all Deletes all outbound firewall policies.
Example
-------------------------------------------------------------------------
----
-------------------------------------------------------------------------
----
1 209.239.179.52- 168.192.56.4- all 1: 1: 0.0.0.0 deny
255.255.255.224 255.255.255.0 65535 65535 nat port 0
2 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow
255.255.255.224 255.255.255.0 201 nat port 0
admin(network.fw.policy.outb)>del 1
-------------------------------------------------------------------------
----
-------------------------------------------------------------------------
----
1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow
255.255.255.224 255.255.255.0 201 nat port 0
3.15.3 Network Firewall Policy Outbound insert Command
insert
Inserts a new outbound firewall policy before an existing policy.
Syntax
insert <idx> <sip> <netmask> <dip> <netmask>
Parameters
<idx> <sip> Inserts a new policy into the outbound firewall policy list at a specified index.
<snetmask> <dip>
<dnetmask>
<idx> The index in the firewall policy list where this policy is to be inserted.
<sip> The source IP
Example
-------------------------------------------------------------------------
-------------------------------------------------------------------------
1 209.239.170.88- 192.168.42.2- all 1: 1: 0.0.0.0 deny
255.255.255.224 255.255.255.0 65535 65535 nat port 0
admin(network.fw.policy.outb)>insert 1 209.239.160.44 255.255.255.224
192.168.55.
44 255.255.255.0
Outbound Policy Successfully inserted at index 1
-------------------------------------------------------------------------
-------------------------------------------------------------------------
1 209.239.160.44- 192.168.55.44- all 1: 1: 0.0.0.0 deny
255.255.255.224 255.255.255.0 65535 65535 nat port 0
2 209.239.170.88- 192.168.42.2- all 1: 1: 0.0.0.0 deny
255.255.255.224 255.255.255.0 65535 65535 nat port 0
3.15.4 Network Firewall Policy Outbound list Command
list
Lists outbound firewall policies.
Syntax
list {<idx>}
Parameters
<idx> Displays firewall outbound policy with number <idx>.

Example
admin(network.fw.policy.outb)>add 192.168.24.0 255.255.255.0
209.239.170.45 255.2 55.255.224
-------------------------------------------------------------------------
Action
-------------------------------------------------------------------------
1 192.168.24.0- 209.239.170.45- all 1: 1: 0.0.0.0
deny
255.255.255.0 255.255.255.224 65535 65535 nat port 0
3.15.5 Network Firewall Policy Outbound move Command
move
Moves an outbound firewall policy up or down in the policy list and renumbers the policy affected by the
move.
Syntax
move [up|down] <idx>
Parameters
[up|down] <idx> Moves policy with index <idx> up or down one (to a lower or a higher number) in
the policy list.
Example
-------------------------------------------------------------------------
-------------------------------------------------------------------------
1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow
255.255.255.224 255.255.255.0 201 nat port 0
2 209.239.179.52- 168.192.56.4- all 1: 1: 0.0.0.0 deny

255.255.255.224 255.255.255.0 65535 65535 nat port 0
admin(network.fw.policy.outb)>move up 2
-------------------------------------------------------------------------
-------------------------------------------------------------------------
----
1 209.239.179.52- 168.192.56.4- all 1: 1: 0.0.0.0 deny
255.255.255.224 255.255.255.0 65535 65535 nat port 0
2 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow

255.255.255.224 255.255.255.0 201 nat port 0
3.15.6 Network Firewall Policy Outbound set Command
set
Sets firewall policy parameters.
Syntax
set [saddr|daddr|tp|sport|dport|nat|action|logging]
Parameters
saddr <idx> <Ip Addr> Sets source IP address <Ip Addr> and IP netmask <netmask> for outbound
<netmask> firewall policy <idx>.
daddr <idx> <Ip Addr> Sets destination IP address <Ip Addr> and IP netmask <netmask> for
<netmask> outbound firewall policy <idx>.
tp <idx> <tp> Sets transport protocol for outbound firewall policy <idx> to <tp> (one of all,
tcp, udp, icmp, ah, esp, gre).
sport <idx> <port1> Sets source port range for outbound firewall policy <idx> from <port1>
dport <idx> <port1> Sets destination port range for outbound firewall policy <idx> from <port1>
nat <idx> <wan id> Sets NAT WAN ID for outbound firewall policy <idx> to
<wan id> (0-8) where 0 = none, 1 = WAN 1, 2 = WAN 2, etc.
action <idx> [allow|deny] Sets action of outbound firewall policy <idx> to allow or deny.
logging <idx> Sets logging of outbound firewall policy <idx> to enable or disable.
[enable|disable]
Example
admin(network.fw.policy.outb)>set tp 1 gre
-------------------------------------------------------------------------
-------------------------------------------------------------------------
1 209.239.160.202- 168.192.36.4- gre 1: 1: 0.0.0.0 deny
255.255.255.224 255.255.255.0 65535 65535 nat port 0
admin(network.fw.policy.outb)>set sport 1 20 21
admin(network.fw.policy.outb)>set dport 1 200 201
admin(network.fw.policy.outb)>set action 1 allow
-------------------------------------------------------------------------
-------------------------------------------------------------------------
1 209.239.160.202- 168.192.36.4- gre 20:21 200: 0.0.0.0 allow
255.255.255.224 255.255.255.0 201 nat port 0
3.16 Network Firewall Submap Commands
submap
Displays the subnet mapping submenu.
Syntax
admin(network.fw)> submap
admin(network.fw.submap)>
NOTE: The submap menu can only be accessed when Subnet Access Override
mode is disabled. To disable Subnet Access Override use the command
admin(network.fw)> set override disable

add Adds subnet access exception rules. page 3-80
delete Deletes subnet access exception rules. page 3-82
list Lists subnet access exception rules. page 3-83
set Sets subnet access parameters. page 3-84
show Shows subnet access parameters. page 3-85
3.16.1 Network Firewall Submap add Command
add
Network Firewall Submap Commands
Adds subnet access exception rules.
Syntax
add <from> <to> <name> <tran> <port1> <port2>
Parameters
add <from> <to> Adds a subnet access exception rule for communication.
<name> <tran> <from> The source subnet (one of s1 = subnet1, s2 =
<port1> <port2> subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 =
subnet6)
<to> The destination subnet (one of s1 = subnet1, s2 =
subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 =
subnet6, w=WAN)
<name> The name of this exception rule.
(1-7 characters)
<trans> The transport protocol to deny access. (one of
the following transport protocols: tcp, udp, icmp, ah,
esp, gre, or all)
<port1> <port2> Ports in the range <port1> to
<port2>
Example
admin(network.fw.submap)>add s1 w test gre 21 101
admin(network.fw.submap)>list s1
-------------------------------------------------------------------------
index from to name prot start port end port
-------------------------------------------------------------------------
1 subnet1 wan test gre 21 101
admin(network.fw.submap)>add s1 s2 test2 ah 20 80
admin(network.fw.submap)>add s2 s3 test3 all 20 300
-------------------------------------------------------------------------
-------------------------------------------------------------------------
2 subnet1 subnet2 test2 ah 20 80
-------------------------------------------------------------------------
-------------------------------------------------------------------------
1 subnet2 subnet3 test3 all 20 300
admin(network.fw.submap)>delete s2 all
-------------------------------------------------------------------------
-------------------------------------------------------------------------
3.16.2 Network Firewall Submap delete Command
delete
Deletes subnet access exception rules.
Syntax
delete <from> [<idx>|all]
Parameters
<from> [<idx>|all] <idx> Deletes access exception rule entry <idx> from subnet <from> (one
of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6
= subnet6).
all Deletes all access exception rule entries from subnet <from> (one of s1
= subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 =
subnet6).
Example
-------------------------------------------------------------------------
-------------------------------------------------------------------------
admin(network.fw.submap)>delete s1 2
-------------------------------------------------------------------------
-------------------------------------------------------------------------
-------------------------------------------------------------------------
-------------------------------------------------------------------------
-------------------------------------------------------------------------
-------------------------------------------------------------------------
3.16.3 Network Firewall Submap list Command
list
Lists subnet access exception rules.
Syntax
list <from>
Parameters
<from> Lists the access exception entries for <from> (one of s1 = subnet1, s2 = subnet2, s3 = subnet3,
s4 = subnet4, s5 = subnet5, s6 = subnet6).
Example
-------------------------------------------------------------------------
-------------------------------------------------------------------------
admin(network.fw.submap)>add s1 s2 test2 ah 20 80
admin(network.fw.submap)>add s2 s3 test3 all 20 300
-------------------------------------------------------------------------
-------------------------------------------------------------------------
-------------------------------------------------------------------------
-------------------------------------------------------------------------
-------------------------------------------------------------------------
3.16.4 Network Firewall Submap set Command
set
Sets a default subnet access rule to allow or deny communication.
Syntax
set [default|subnet-logging|logging]
Parameters
default <from> Sets the default subnet access rule.

<to> <rule> <from> The source subnet. (one of s1 = subnet1, s2 = subnet2, s3 = subnet3,
s4 = subnet4, s5 = subnet5, s6 = subnet6).
<to> The destination subnet. (one of s1 = subnet1, s2 = subnet2, s3 = subnet3,
s4 = subnet4, s5 = subnet5, s6 = subnet6, w = WAN).
<rule> The rule to be enforced. Select from allow or deny.
subnet-logging Enables or disables logging for a subnet access rule.
<from> <to> <from> The source subnet. (one of s1 = subnet1, s2 = subnet2, s3 = subnet3,
[enable|disable] s4 = subnet4, s5 = subnet5, s6 = subnet6).
enable Enables he logging
disable Disables logging
logging <from> Enables, disables, or sets to default the logging for a subnet access exception rule.
<to> <rule-name> <from> The source subnet. (one of s1 = subnet1, s2 = subnet2, s3 = subnet3,
[enable|disable|d s4 = subnet4, s5 = subnet5, s6 = subnet6).
efault]
enable Enables he logging
disable Disables logging
default Adopts subnet access configuration.
Example
admin(network.fw.submap)>set default s2 w deny
admin(network.fw.submap)>set default s2 s4 deny
admin(network.fw.submap)>set subnet-logging s2 s3 enable
admin(network.fw.submap)>set logging s1 s2 s1s2allow default
admin(network.fw.submap)>show default s2
-------------------------------------------------------------------------
wan subnet1 subnet2 subnet3 subnet4 subnet5
subnet6
-------------------------------------------------------------------------
deny allow allow allow deny allow
allow
(log enabled)
3.16.5 Network Firewall Submap show Command
show
Displays default subnet access exception rules for indicated subnet.
Syntax
show default <from>
Parameters
default <from> Shows all default access exception rules for subnet <from> (one of s1 = subnet1, s2 =
subnet2, s3 = subnet3, s4 = subnet4, s5 = subnet5, s6 = subnet6) to all other subnets.
Example
admin(network.fw.submap)>set default s2 w deny
admin(network.fw.submap)>set default s2 s4 deny
admin(network.fw.submap)>set subnet-logging s2 s3 enable
admin(network.fw.submap)>set logging s1 s2 s1s2allow default
admin(network.fw.submap)>show default s2
-------------------------------------------------------------------------
wan subnet1 subnet2 subnet3 subnet4 subnet5
subnet6
-------------------------------------------------------------------------
deny allow allow allow deny allow
allow
(log enabled)
3.17 Network LAN Commands
lan
network
Displays the LAN submenu.
Syntax
admin(network)>lan
admin(network.lan)>

dhcp Goes to the DHCP submenu. page 3-92
set Sets LAN parameters. page 3-87
show Shows LAN parameters. page 3-89
updateDNS Updates DNS for a subnet page 3-90
updateAllDNS Updates DNS for all subnets page 3-91
bridge Goes to the bridge submenu page 3-100
3.17.1 Network LAN set Command
set
Network LAN Commands
Sets the LAN parameters for the six subnets.
Syntax
set [ipadr|mask|dgw|mode|name|port|wlan|stp]
set ipadr <idx> <ip>

set mask <idx> <netmask>
set dgw <idx> <ip>
set mode [enable|disable]
set name <idx> <name>
set port <port> <subnet>
set wlan <wlan> <subnet>
set stp <mode>
Parameters
ipadr <idx> <ip> Sets the IP address of subnet <idx> (16) to the IP address <ip> in the form
a.b.c.d.
mask <idx> <netmask> Sets the netmask of subnet <idx> (16) to IP address mask <netmask> in the
form a.b.c.d.
dgw <idx> <ip> Sets the default gateway for the subnet <idx> (1-6) to the IP <ip>.
mode <idx> Enables or disables the subnet identified by <idx> (16).
[enable|disable]
name <idx> <name> Sets the name of the subnet <idx>(16) to <name> (can be up to 7 characters).
port <port> <subnet> Assigns port <port>(16) to the subnet indicated by <subnet> (none, s1, s2,
s3, s4, s5, s6). Unassigns a port with <subnet> = none.
wlan <wlan> <subnet> Assigns WLAN number <wlan> to the subnet indicated by (none, s1, s2, s3,
s4, s5, s6). Unassigns a WLAN with <subnet> = none.
stp <mode> Enables or disables Spanning Tree Protocol (STP) for the subnets. Choose
<mode> from enable or disable.
NOTE: STP is applied on mesh networks even if it is disabled through the set
command.
Example
admin(network.lan)>show lan 1
subnet name : Subnet1

ip address : 192.168.0.1
network mask : 255.255.255.0
wlans : wlan1
admin(network.lan)>set name 1 NewName

admin(network.lan)>set port 4 none

admin(network.lan)>set wlan 2 s1
subnet name : OfficeN

ip address : 192.168.0.1
network mask : 255.255.255.0
ports : port1 port2 port3 port4 port5
wlan : wlan1 wlan3
vlan tag : 1
admin(network.lan)> set stp enable

admin(network.lan)> show stp
STP Mode : Enable

Related Commands
show lan Shows the current settings for the specified subnet (LAN).
3.17.2 Network LAN show Command
show
Shows the LAN parameters.
Syntax
show [lan|stp]
Parameters
lan <idx> Shows the settings for the subnet <idx> (14).
stp Shows the STP status for the device
Example
subnet name : Subnet1

ip address : 192.168.0.1
network mask : 255.255.255.0
wlans : wlan1
admin(network.lan)>set name 1 NewName

admin(network.lan)>set port 4 none
admin(network.lan)>set wlan 2 s1
subnet name : NewName

ip address : 192.168.0.1
network mask : 255.255.255.0
ports : port1 port2 port3 port5 port6
wlans : wlan1 wlan2
admin(network.lan)> set stp enable

admin(network.lan)> show stp
STP Mode : Enable

Example
set Sets the parameters for a specified subnet (LAN).

set stp Enables or disables Spanning Tree Protocol for the device.
3.17.3 Network LAN updateDNS Command
updateDNS
Updates the DNS for the selected subnet.
Syntax
updateDNS <idx>
Parameters
<idx> The subnet ID (1-6)

Example
admin(network.lan)>updateDNS 1
admin(network.lan)>
Related Commands
updateAllDNS Updates the DNS for all subnets.

3.17.4 Network LAN updateAllDNS Command
updateAllDNS
Updates the DNS for all the active subnets.
Syntax
updateAllDNS
Parameters
None
Example
admin(network.lan)> updateAllDNS
admin(network.lan)>
Related Commands
updateDNS Updates the DNS for a selected subnet.

3.18 Network LAN DHCP Commands
dhcp
Displays the DHCP submenu.
Syntax
admin(network.lan)> dhcp
admin(network.lan.dhcp)>

add Adds static DHCP address assignments. page 3-93
delete Deletes static DHCP address assignments. page 3-94
list Lists static DHCP address assignments. page 3-95
set Sets DHCP parameters. page 3-96
show Shows DHCP parameters. page 3-98
renew Renews the DHCP IP address. page 3-99
3.18.1 Network LAN DHCP add Command
add
Network LAN DHCP Commands
Adds static DHCP address assignments.
Syntax
add <idx> <mac> <ip>
Parameters
<idx> <mac> <ip> Adds a static DHCP address assignment for subnet <idx> (1-6) where the device
with the MAC address <mac> (aabbccddeeff format) is assigned the IP address
<ip> (a.b.c.d format).
Example
admin(network.lan.dhcp)>add 1 00A0F8F01234 192.160.24.6
admin(network.lan.dhcp)>list 1
-------------------------------------------------------------------------
index mac address ip address
-------------------------------------------------------------------------
1 00A0F8F01234 192.160.24.6
2 00A1F1F24321 192.169.24.7
3.18.2 Network LAN DHCP delete Command
delete
Deletes static DHCP address assignments.
Syntax
Parameters
<idx> [<entry>|all] Deletes static DHCP assignment entries.

<idx> The subnet index (1-6)
<entry> The DHCP entry (1-30)
all All entries.
Example
-------------------------------------------------------------------------
-------------------------------------------------------------------------
admin(network.lan.dhcp)>add 1 0011223344FF 191.168.0.42
admin(network.lan.dhcp)>add 1 4433221100AA 191.168.0.43
-------------------------------------------------------------------------
-------------------------------------------------------------------------
1 0011223344FF 191.168.0.42
2 4433221100AA 191.168.0.43
admin(network.lan.dhcp)>delete 1 1
-------------------------------------------------------------------------
-------------------------------------------------------------------------
1 4433221100AA 191.168.0.43
-------------------------------------------------------------------------
-------------------------------------------------------------------------
1 0011223344FF 191.168.0.42
2 4433221100AA 191.168.0.43
3.18.3 Network LAN DHCP list Command
list
Lists static DHCP address assignments.
Syntax
list <idx>
Parameters
<idx> Lists the static DHCP address assignments for subnet <idx> (16).
Example
-------------------------------------------------------------------------
-------------------------------------------------------------------------
1 00A0F8F01234 192.168.63.5
admin(network.lan.dhcp)>add 1 12332244AABB 192.168.64.3

-------------------------------------------------------------------------
-------------------------------------------------------------------------
1 00A0F8F01234 192.168.63.5
2 12332244AABB 192.168.64.3
3.18.4 Network LAN DHCP set Command
set
Sets DHCP parameters for the subnets.
Syntax
set [dgw|dns|wins|lease|domain|mode|range|
relayserverip|ddnsmode|fwdzone|ddnsusrcls|
tftp-server|bootfile|option-189|option-43]
Parameters
dgw <idx> <a.b.c.d> Sets the default gateway for subnet <idx> (16) to the IP address
<a.b.c.d>.
dns <a> <b> <c> Sets the primary/secondary DNS servers for the selected subnet.
<a> The subnet (1-6)
<b> The DNS server type (1=primary, 2=secondary)
<c> The IP address of the server type selected in <b> in the a.b.c.d form.
wins <idx> <a.b.c.d> Sets the WINS server for subnet <idx> (16) to the IP address <a.b.c.d>.
lease <idx> <lease> Sets the DHCP lease time for subnet <idx> (16) to <lease> seconds
(1999999).
domain <idx> <dn> Sets the domain name for subnet <idx> (16) to the domain name <dn>
(1 to 63 characters).
mode <idx> <mode> Sets the DHCP mode for subnet <idx> (14) to <mode>.
<mode> can be one of (none, client, server, relay) where:
none disables DHCP node
client enables the subnet to be a DHCP client
server enables the subnet to be a DHCP server
relay enables the subnet to be a DHCP relay
range <a> <b> <c> Sets the DHCP assignment range for subnet <a> (16) from IP address <b>
to another IP address <c>.
relayserverip <idx> <a.b.c.d> Sets the DHCP relay server IP for subnet <idx> (1-6) to the IP <a.b.c.d>.
ddnsmode <idx> <mode> Enables or disables DDNS for the subnet <idx> (1-6). <mode> can be one
of enable or disable.
fwdzone <idx> <fwdzone> Sets the DHCP forward zone for the subnet <idx> (1-6) to the zone specified
by <fwdzone> (1 to 63 characters)
ddnsusrcls <idx> <usrcls> Sets the DDNS user class <usrcls> to single or multiple for the subnet
<idx> (1-6).
tftp-server <idx> Sets the tftp-server IP for the subnet <idx> (1-6) to the IP <tftp-server>
<tftp-server>
bootfile <idx> <bootfile> Sets the bootfile name for the subnet <idx> (1-6) to the boot file name
<boot-file> (max 31 characters)
option-189 <idx> <ip list> Sets the IP addresses and ports numbers for WIAP enabled switches for the
subnet <idx> (1-6). <ip-list> (max 63 characters) must be in the format
a.b.c.d:xx and multiple addresses must be separated by comma.
option-43 <idx> <ip list> Sets the IP address for WIAP enabled switches for the subnet <idx> (1-6).
<ip-list> (max 63 characters) must be in the format a.b.c.d and multiple
addresses must be separated by a comma.
Example
admin(network.lan.dhcp)>set dns 1 1 209.160.0.18
admin(network.lan.dhcp)>show dhcp 1
dhcp mode : server
primary dns server : 209.160.0.18
secondary dns server : 209.160.0.218
wins server : 192.168.0.254
starting ip address : 192.168.0.11
ending ip address : 192.168.0.254
lease time : 10000
domain name :
admin(network.lan.dhcp)>set domain 1 BigFishCo
dhcp mode : server
wins server : 192.168.0.254
lease time : 10000
domain name : BigFishCo
3.18.5 Network LAN DHCP show Command
show
Shows DHCP parameter settings for specified subnets.
Syntax
show dhcp <idx>
Parameters
show dhcp <idx> Displays the DHCP parameter settings for subnet <idx> (16). These parameters are
set with the set command.
Example
dhcp mode : server
ddns mode : disable
user class :
wins server : 192.168.0.254
relay server ip address : 0.0.0.0
lease time : 86400
domain name :
forward zone :
tftp-server : 0.0.0.0
bootfile :
option-189 :
option-43 :
admin(network.lan.dhcp)>set domain 1 BigFishCo
dhcp mode : server
ddns mode : disable
user class :
wins server : 192.168.0.254
relay server ip address : 0.0.0.0
lease time : 86400
domain name : BigFishCo
forward zone :
tftp-server : 0.0.0.0
bootfile :
option-189 :
option-43 :
3.18.6 Network LAN DHCP renew Command
renew
Renews the IP address assigned by DHCP.
Syntax
renew
Parameters
None
Example
admin(network.lan.dhcp)> renew
3.19 Network LAN Bridge commands
bridge
Displays the Bridge submenu.
Syntax
admin(network.lan)> bridge
admin(network.lan.bridge)>

show Shows the bridge configuration parameters page 3-101
set Sets bridge configuration parameters page 3-103
3.19.1 Network LAN Bridge show Command
show
Network LAN Bridge commands
Displays the bridge configuration parameters.
Syntax
show
Parameters
None
Example
admin(network.lan.bridge)> show
admin(network.lan.bridge)>show
** LAN1 Bridge Configuration **

Bridge Priority : 32768
Hello Time (seconds) : 2
Message Age Time (seconds) : 20
Forward Delay Time (seconds) : 15
Entry Ageout Time (seconds) : 60
Wireless Trunking : disable







admin(network.lan.bridge)>
3.19.2 Network LAN Bridge set Command
set
Network LAN Bridge commands
Sets the bridge configuration parameters.
Syntax
set [priority|hello|msgage|fwddelay|ageout|wireless-trunking]
Parameters
priority <LAN-idx> <priority> Sets the bridge priority to <priority> (0-65535) for the lan <LAN-
idx> (1-6)
hello <LAN-idx> <hello> Sets the bridges hello time to <hello> (1-10) seconds for the lan
<LAN-idx> (1-6)
msgage <LAN-idx> <msgage> Sets the bridge message age time to <msgage> (6-40) seconds for
lan <LAN-idx> (1-6)
fwddelay <LAN-idx> <fwddelay> Sets the bridge forward delay time to <fwddelay> (4-30) seconds
for lan <LAN-idx> (1-6)
ageout <LAN-idx> <ageout> Sets the bridge forward table entry ageout to <ageout> (4-3600)
seconds for lan <LAN-idx> (1-6).
wireless-trunking <LAN-idx> <mode> Sets the wireless trunking mode <mode> (enable/disable) for lan
<LAN-idx> (1-6)
Example
admin(network.lan.bridge)>set priority 1 5
admin(network.lan.bridge)>set wireless-trunking 1 enable
admin(network.lan.bridge)>show

Bridge Priority : 5
Wireless Trunking : enable

[...]
3.20 Network QoS Commands
qos
network
Displays the quality of service (QoS) submenu.
Syntax
admin(network)> qos
admin(network.qos)>

clear Clears QoS parameters. page 3-105
set Sets QoS parameters. page 3-106
show Shows QoS parameters. page 3-107
3.20.1 Network QOS clear Command
clear
Network QoS Commands
Clears QoS radio statistics.
Syntax
clear queuing
Parameters
None
Example
admin(network.qos)>clear queue
Related Commands
set Sets the QoS parameters.

show Shows the QoS parameters and the QoS queuing statistics.
3.20.2 Network QOS set Command
set
Sets QoS parameters.
Syntax
set bw-share [mode|weight|threshold]
Parameters
mode <mode> Set bandwidth share mode <mode> (none, static,

weighted or rate-limit)
weight <idx> <weight> Set the weight for WLAN <idx> (18) to <weight>
(110). A weight can only be set if the bandwidth
share mode is set to weighted.
threshold <idx> <speed> Sets the bandwidth share threshold for WLAN
<idx> (16) to speed <speed> <054000>
Example
admin(network.qos)>set bw-share mode weighted
admin(network.qos)>set bw-share weight 1 6
admin(network.qos)>set bw-share threshold 1 12000
admin(network.qos)>show bw-share
BW Share Mode:weighted
--------------------------------
WLAN BW Share Weight
--------------------------------
1 6
2 1
3 1
4 1
5 1
6 1
7 1
8 1
admin(network.qos)>
Related Commands
show Shows the bandwidth settings and the queuing statistics.

clear Clears the queuing statistics.
3.20.3 Network QOS show Command
show
Shows QoS parameters and queuing statistics.
Syntax
show [bw-sharing|queuing]
Parameters
bw-share Shows the bandwidth sharing settings.

queuing Displays the radio QoS queuing statistics.
Example
admin(network.qos)>show bw
BW Share Mode:static
admin(network.qos)>show qu 1
BW Share Mode:static
-------------------------------------------------------------------------
Priority In Out Dropped
-------------------------------------------------------------------------
-------------------------------------------------------------------------
WLAN: 1
-------------------------------------------------------------------------
0 0 0 0
1 0 0 0
2 0 0 0
admin(network.qos)>
Related Commands
set Sets the QoS parameters.

clear Clears the QoS queuing statistics.
3.21 Network Router Commands
router
network
Displays the router submenu.
Syntax
admin(network)> router
admin(network.router)>

add Adds user-defined routes. page 3-109
delete Deletes user-defined routes. page 3-110
list Lists user-defined routes. page 3-111
set Sets RIP parameters. page 3-112
show Shows routes/RIP parameters. page 3-113
3.21.1 Network Router add Command
add
Network Router Commands
Adds user-defined routes.
Syntax
add <dest> <netmask> <gw> <iface> <metric>
Parameters
<dest> <netmask> <gw> Adds a route with destination IP address <dest>, IP netmask
<iface> <metric> <netmask>, gateway IP address <gw>, interface subnet or WAN set to
<iface> (one of s1 = subnet1, s2 = subnet2, s3 = subnet3, s4 = subnet4,
s5 = subnet5, s6 = subnet6 or w = WAN), and metric set to <metric> (1
15).
Example
admin(network.router)>add 202.57.42.6 255.255.255.224 202.57.42.1 s2 3
admin(network.router)>list
------------------------------------------------------------------
index destination netmask gateway interface
metric
------------------------------------------------------------------
1 202.57.42.6 255.255.255.224 202.57.42.1 subnet2 3

------------------------------------------------------------------
metric
------------------------------------------------------------------
1 202.57.42.6 255.255.255.224 202.57.42.1 subnet2 3
2 234.44.33.212 255.255.255.234 234.44.33.2 subnet3 5
3.21.2 Network Routes delete Command
delete
Deletes user-defined routes.
Syntax
delete [all|<idx>]
Parameters
<idx> Deletes the user-defined route <idx> (120) from the list.
all Deletes all user-defined routes.
Example
------------------------------------------------------------------
index destination netmask gateway interface metric
------------------------------------------------------------------
1 202.57.42.6 255.255.255.224 202.57.42.1 subnet2 3
2 234.44.33.212 255.255.255.234 234.44.33.2 subnet3 5
admin(network.router)>delete 2
------------------------------------------------------------------
------------------------------------------------------------------
1 202.57.42.6 255.255.255.224 202.57.42.1 subnet2 3
3.21.3 Network Router list Command
list
Lists user-defined routes.
Syntax
list
Parameters
None
Example
-------------------------------------------------------------------------
-------------------------------------------------------------------------
1 202.57.42.6 255.255.255.224 202.57.42.1 subnet2 3
2 234.44.33.212 255.255.255.234 234.44.33.2 subnet3 5
3.21.4 Network Router set Command
set
Sets routing information protocol (RIP) parameters.
Syntax
set [auth|dir|id|key|passwd|type|dgw-if]
Parameters
auth <auth> Sets RIP authentication type to <auth> to one of none, simple, or md5
dir <dir> Sets RIP direction to <dir> to one of rx = receive, tx = transmit, or both).
id <idx> <id> Sets MD5 authentication ID for key <idx> (12) to the MD5 key id <id> (1
256).
key <idx> <key> Sets the MD5 authentication ID for key <idx> (12) to MD5 key <key> (up to
16 characters).
passwd <passwd> Sets password for simple authentication to <passwd> (1 to 16 characters).
type <type> Sets RIP type to <type> to ne of off, ripv1, ripv2, or ripv1v2.
dgw-if <if> Sets the Default Gateway Interface to <if> one of none, wan, s1, s2, s3, s4,
s5, s6, and default.
Example
admin(network.router)>set auth md5
admin(network.router)>set key 1 12345678
admin(network.router)>set key 2 87654321
admin(network.router)>show rip
rip type : off

rip direction : both
rip authentication type : md5
rip simple auth password : ********
rip md5 id 1 : 1
rip md5 key 1 : ********
rip md5 id 2 : 1
rip md5 key 2 : ********S
admin(network.router)>set type ripv1
Warning: Having RIP enabled compromises your Subnet to Subnet firewall.
rip type : ripv1

rip md5 id 1 : 1
rip md5 key 1 : ********
rip md5 id 2 : 1
rip md5 key 2 : ********
3.21.5 Network Router show Command
show
Shows connected routes and routing information protocol (RIP) parameters.
Syntax
show [rip|routes]
Parameters
rip Shows RIP parameters.

routes Shows connected routes.
Example
rip type : off
rip md5 id 1 : 1
rip md5 key 1 : ********
rip md5 id 2 : 1
rip md5 key 2 : ********
admin(network.router)>show routes
-------------------------------------------------------------------------
---
metric
-------------------------------------------------------------------------
---
1 192.168.2.0 255.255.255.0 0.0.0.0 subnet3 0
2 192.168.1.0 255.255.255.0 0.0.0.0 subnet2 0
3 192.168.0.0 255.255.255.0 0.0.0.0 subnet1 0
4 192.168.24.0 255.255.255.0 0.0.0.0 wan 0
5 0.0.0.0 0.0.0.0 192.168.24.1 wan 0
3.22 Network VLAN Commands
vlan
network
Displays the VLAN submenu.
Syntax
admin(network)> vlan
admin(network.vlan)>

set Sets VLAN parameters. page 3-115
show Shows VLAN parameters. page 3-116
3.22.1 Network VLAN set Command
set
Network VLAN Commands
Sets VLAN parameters.
Syntax
set [assign-mode|default|vlan-id|trunk-port|allow]
Syntax:
assign-mode <mode> Assigns the VLAN assignment mode <mode> to one of user or port.
default <vlan_id> Assigns the default VLAN ID to <vlan_id>, which is a number between 1
and 4094.
vlan-id <subnet_id> Sets the VLAN ID for subnet <subnet_id> (one of s1, s2, s3, s4, s5,or s6)
<vlan_id> to <vlan_id> (14094).
trunk-port <port> Sets the Trunk Port <port> to one of none or wan.
allow [vlans <list>|all|none] Sets the list of VLANs allowed access to the trunk port.
vlans <list> Sets the allowed VLANs from <list>, a comma separated
list of VLAN Ids.
all Sets the allowed VLANs to all VLANs.
none Sets the list of allowed VLANs to none.
Example
admin(network.vlan)>set assign-mode user
admin(network.vlan)>set default 3
admin(network.vlan)>show vlan 3
VLAN assignment mode : user

VLAN ID : 3
VLAN Mapped Subnet : Subnet3
Default VLAN ID : Yes
Related Commands
show Displays the VLAN settings.

3.22.2 Network VLAN show Command
show
Network VLAN Commands
Shows VLAN parameters.
Syntax
show [vlan|trunk]
Parameters
vlan <id> Displays the VLAN settings for the VLAN specified by <id> (14094).
trunk Displays the Trunk settings.
Example

VLAN ID : 3
Default VLAN ID : Yes

VLAN ID : 2
Default VLAN ID : No
admin(network.vlan)>set trunk-port wan

admin(network.vlan)>set all vlans 1-20
admin(network.vlan)>show trunk
Trunk Port : WAN

Allowed VLANs : 1-20
Related Commands
set Sets the VLAN parameters.

3.23 Network WAN Commands
wan
network
Displays the WAN submenu.
Syntax
admin(network)> wan
admin(network.wan)>

vpn Goes to the VPN submenu. page 3-155
nat Goes to the NAT submenu. page 3-149
app Goes to the outbound content filtering submenu. page 3-122
dyndns Goes to the Dynamic DNS submenu page 3-128
trunkipfpolicy Goes to the Trunk Port IP Filter Policy submenu page 3-144
l2tpvpn Goes to the Level 2 Network Server submenu page 3-132
renew Renews the IP address. page 3-118
set Sets WAN parameters. page 3-119
show Shows WAN parameters. page 3-121
3.23.1 Network WAN renew Command
renew
Network WAN Commands
Renews the IP address.
Syntax
renew
Parameters
None
Example
admin(network.wan)>renew
admin(network.wan)>
3.23.2 Network WAN set Command
set
Sets the WAN parameters. In the Web interface, this functionality if provided by the Network->WAN screen.
Syntax
set [dhcp|dgw|dns|ipadr|mask|mode|ppope]
Parameters
dhcp <mode> Enables or disables the switch as a DHCP client. <mode> can be one of
enable or disable.
dgw <a.b.c.d> Sets the default gateway IP address to <a.b.c.d>.
dns <idx> <a.b.c.d> Sets the IP address of one or two DNS servers, where <idx> indicates
either the primary (1) or secondary (2) server, and <a.b.c.d> is the IP
address of the server.
ipadr <idx> <a.b.c.d> Sets up to 8 (using <idx> from 1 to 8) IP addresses <a.b.c.d> for the WAN
interface of the switch.
mask <a.b.c.d> Sets the subnet mask to <a.b.c.d>.
mode <idx> <mode> Enables or disables the WAN interface associated with the given <idx> (1
8) as set using the set ipadr command. <mode> can be one of enable or
disable.
pppoe [idle|ka|mode|passwd| Sets PPPoE parameters.
type|user|mss] idle <val> Sets the PPPoE idle value <val> (165535) seconds.
ka <mode> Sets the PPPoE keep alive mode <mode> (enable,
disable).
mode <mode> Enables or disables PPPoE. <mode> can be one of
enable or disable.
passwd <password> Sets the PPPoE password to <password> (1 39
Characters)
type <type> Sets the PPPoE authentication type to <type> (none, pap/
chap, pap, chap).
user <username> Sets the PPPoE user name to <username> (1 47
Characters).
mss <msssize> Sets the PPPoE maximum segment size to <msssize>
(201460).
Example
admin(network.wan)>set dhcp enable
admin(network.wan)>set dgw 192.168.122.25
admin(network.wan)>set pppoe mode enable
admin(network.wan)>set pppoe type chap
admin(network.wan)>set pppoe user JohnDoe
admin(network.wan)>set pppoe passwd @#$goodpassword%$#
admin(network.wan)>set pppoe keepalive enable
Related Commands
show ip Shows the IP settings for the WAN.

show pppoe Shows the PPPoE settings for the WAN.
3.23.3 Network WAN show Command
show
Shows the WAN parameters.
Syntax
show [ip|pppoe]
Parameters
ip <idx> Shows the general IP parameters for the WAN along with settings for the WAN interface
associated with <idx> (where <idx> is in the range 18).
Note: If the WAN interface IP addresses have not been specified for <idx>, the IP and Mask values
will be shown as 0.0.0.0.
pppoe Shows all PPPoE settings.
Example
admin(network.wan)>show ip 3
wan interface : enable

ip address : 0.0.0.0
network mask : 0.0.0.0
dhcp mode : enable
admin(network.wan)>show pppoe
pppoe mode : disable

ip address : 0.0.0.0
pppoe keepalive mode : disable
pppoe authentication type : pap/chap
pppoe idle time : 600
pppoe user name :
pppoe password : ********
pppoe MSS : 1452
3.24 Network WAN App Commands
app
Displays the outbound content filtering submenu.
Syntax
admin(network.wan)> app
admin(network.wan.app)>

addcmd Adds app control commands to the deny list. page 3-123
delcmd Deletes app control commands from the deny list. page 3-125
list Lists app control records. page 3-127
3.24.1 Network WAN APP addcmd Command
addcmd
Network WAN App Commands
Adds app control commands to the deny list.
Syntax
addcmd [web|ftp|smtp]
Parameters
web [file Denies access to the specified web files.

<filename>.<ext>| file <filename>.<ext> Denies specified web file name. <filename> can be up to 15
proxy|activex] characters and * can be used to match any string. <ext> can be up to 10 characters
(such as htm, html, or java). Up to 10 files can be specified.
proxy Denies web proxies
activex Denies ActiveX files
ftp Denies access to the following FTP commands:
[put|get|ls|mkdir|c put Denies access to FTP put command
d|pasv]
get Denies access to FTP get command
ls Denies access to FTP ls command
mkdir Denies access to FTP mkdir command
cd Denies access to FTP cd command
pasv Denies access to FTP pasv command
smtp Denies access to the following SMTP command:
[helo|mail|rcpt| helo Denies access to the SMTP helo command
data|quit|send|
mail Denies access to the SMTP mail command
saml|rset|vrfy|
expn] rcpt Denies access to the SMTP rcpt command
data Denies access to the SMTP data command
quit Denies access to the SMTP quit command
send Denies access to the SMTP send command
saml Denies access to the SMTP saml command
rset Denies access to the SMTP rset command
vrfy Denies access to the SMTP vrfy command
expn Denies access to the SMTP expn command
Example
admin(network.wan.app)>addcmd ftp ?
put : store command

get : retrieve command
ls : directory list command
mkdir : create directory command
cd : change directory command
pasv : passive mode command
admin(network.wan.app)>addcmd ftp put

admin(network.wan.app)>addcmd ftp cd
admin(network.wan.app)>addcmd ftp pasv
admin(network.wan.app)>list ftp
FTP Commands
Storing Files : deny

Retrieving Files : allow
Directory List : allow
Create Directory : allow
Change Directory : deny
Passive Operation : deny
admin(network.wan.app)>addcmd smtp helo

admin(network.wan.app)>addcmd smtp vrfy
admin(network.wan.app)>list smtp
SMTP Commands
HELO : deny
MAIL : allow
RCPT : allow
DATA : allow
QUIT : allow
SEND : allow
SAML : allow
RESET : allow
VRFY : deny
EXPN : allow
Related Commands
delcmd Removes a file or command from the deny list.

3.24.2 Network WAN APP delcmd Command
delcmd
Deletes application control commands from the deny list.
Syntax
delcmd [web|ftp|smtp]
Parameters
web [file Deletes the specified web files from the access denied list.
<filename>.<ext>| file <filename>.<ext> Denied web file name. <filename> can be up to 15
proxy|activex] characters and * can be used to match any string. <ext> can be up to 10 characters
(such as htm, html, or java). Up to 10 files can be specified.
proxy Web proxies
activex ActiveX files
ftp Deletes the following FTP commands from the access denied list.
[put|get|ls|mkdir|c put FTP put command
d|pasv]
get FTP get command
ls FTP ls command
mkdir FTP mkdir command
cd FTP cd command
pasv FTP pasv command
smtp Deletes the following SMTP command from the access denied list.
[helo|mail|rcpt| helo SMTP helo command
data|quit|send|
mail SMTP mail command
saml|rset|vrfy|
expn] rcpt SMTP rcpt command
data SMTP data command
quit SMTP quit command
send SMTP send command
saml SMTP saml command
rset SMTP rset command
vrfy SMTP vrfy command
expn SMTP expn command
Example
FTP Commands
Storing Files : deny

admin(network.wan.app)>delcmd ftp put

admin(network.wan.app)>delcmd ftp cd
FTP Commands
Storing Files : allow

Change Directory : allow
SMTP Commands
HELO : deny
MAIL : allow
RCPT : allow
DATA : allow
QUIT : allow
SEND : allow
SAML : allow
RESET : allow
VRFY : deny
EXPN : allow
admin(network.wan.app)>delcmd smtp helo

SMTP Commands
HELO : allow
MAIL : allow
RCPT : allow
DATA : allow
QUIT : allow
SEND : allow
SAML : allow
RESET : allow
VRFY : deny
EXPN : allow
Related Commands
addcmd Adds a file or command to the deny list.

3.24.3 Network WAN APP list Command
list
Lists the app control records.
Syntax
list [web|ftp|smtp]
Parameters
web Lists Web/HTTP app control settings.

ftp Lists FTP app control settings.
smtp Lists SMTP app control record.
Example
admin(network.wan.app)>list web
HTTP Files/Commands
Web Proxy : deny

ActiveX : deny
filename :
FTP Commands
Storing Files : allow

Create Directory : deny
SMTP Commands
HELO : deny
MAIL : allow
RCPT : allow
DATA : allow
QUIT : allow
SEND : allow
SAML : allow
RESET : allow
VRFY : deny
EXPN : allow
3.25 Network WAN DynDNS Commands
dyndns
Displays the Dynamic DNS menu. DynDNS provides a facility to update the domain name information when
the IP address associated with the domain name changes.
Syntax
admin(network.wan)> dyndns
admin(network.wan.dyndns)>

set Sets the different Dynamic DNS parameters page 3-129
show Displays the Dynamic DNS parameters and current status page 3-130
update Manually updates the Dynamic DNS status page 3-131
3.25.1 Network WAN DynDNS set Command
set
Network WAN DynDNS Commands
Sets the DynDNS parameters
Syntax
set [mode|username|password|hostname]
set mode <mode>

set username <username>
set password <password>
set hostname <hostname>
Parameters
mode <mode> Enables or disables DynDNS. <mode> can be enable or disable.

username <username> Sets the DynDNS user name to <username> (1-32 characters)
password <password> Sets the password to <password> (1-32 characters) for the DynDNS username
<username>.
hostname <hostname> Sets the DynDNS server host name to <hostname> (1-32 characters).
Example
admin(network.wan.dyndns)>set mode enable
admin(network.wan.dyndns)>set username JohnDoe
admin(network.wan.dyndns)>set password JohnDoe
admin(network.wan.dyndns)>set hostname motPropServ
admin(network.wan.dyndns)>show
DynDNS Configuration
Mode : enable
Username : JohnDoe
Password : ********
Hostname : motPropServ
DynDNS Update Response
IP Address : 192.168.10.1
Status : Connected
3.25.2 Network WAN DynDNS show Command
show
Displays the Dynamic DNS parameter information and the current status.
Syntax
show
Parameters
None
Example
admin(network.wan.dyndns)>show
DynDNS Configuration
Mode : enable
Username : JohnDoe
Password : ********
DynDNS Update Response
IP Address : 192.168.10.1
Status : Connected
3.25.3 Network WAN DynDNS update Command
update
Manually updates the Dynamic DNS information.
Syntax
update
Parameters
None
Example
admin(network.wan.dyndns)>update
IP Address : 192.168.10.1
3.26 Network WAN L2TPVPN Commands
l2tpvpn
Displays the Remote Access VPN submenu.
Syntax
admin(network.wan)>l2tpvp
admin(network.wan.l2tpvpn)>

lns Goes to the L2TP Network Server submenu page 3-134
users Goes to the L2TP users submenu page 3-138
show-connected-users Displays a list of connected users page 3-133
3.26.1 Network WAN L2TPVPN show-connected-users Command
show-connected-users
Network WAN L2TPVPN Commands
Displays the users connected to LAN side devices using Remote Access VPN feature.
Syntax
show-connected-users
Parameters
None
Example
admin(network.wan.l2tpvpn)>show-connected-users
3.27 Network WAN L2TPVPN LNS Commands
lns
Displays the L2TP Network Server submenu.
Syntax
admin(network.wan.l2tpvpn)>lns
admin(network.wan.l2tpvpn.lns)>

set Sets LNS parameters page 3-135
show Displays LNS information page 3-137
3.27.1 Network WAN L2TPVPN LNS set Command
set
Network WAN L2TPVPN LNS Commands
Sets the different LNS parameters
Syntax
set [vip|netmask|pdns|sdns|type-local-id|local-id|ike-auth-mode|
ike-ex-type|ike-lifetime|ike-dh-group|ike-auth-algo|ike-enc-algo|
ipsec-sec-proto|ipsec-lifetime|ipsec-auth-algo|ipsec-enc-algo]
set vip <ip>

set netmask <netmask>
set pdns <ip>
set sdns <ip>
set type-local-id <id-type>
set local-id <local-id>
set ike-auth-mode <authtype>

set ike-ex-type <exchange-type>
set ike-lifetime <life-time>
set ike-dh-group <DH-group>
set ike-auth-algo <auth-algo>
set ike-enc-algo <enc-algo>
set ipsec-sec-proto <sec-proto>

set ipsec-lifetime <life-time>
set ipsec-auth-algo <auth-algo>
set ipsec-enc-algo <enc-algo>
Parameters
vip <ip> Sets the virtual IP for the LNS to <ip> (a.b.c.d)
netmask <netmask> Sets the netmask for the virtual IP for LNS to <netmask>.
pdns <ip> Sets the primary DNS server for LNS to <ip> (a.b.c.d)
sdns <ip> Sets the secondary DNS server for LNS to <ip> (a.b.c.d)
type-local-id <id-type> Sets the type of local-id to <id-type> (IP, FQDN, UFQDN) for the LNS
local-id <local-id> Sets the local-id string to <local-id>.
ike-auth-mode <authtype> Sets the IKE authentication type to <authtype> (RSA). Only RSA is
supported.
ike-ex-type <exchange- Sets the IKE exchange type to <exchange-type> (main). Only main is
type> supported
ike-lifetime <life-time> Sets the IKE lifetime to <life-time> (in seconds)
ike-dh-group <DH-group> Sets the IKE Diffie-Hellman group value to <DH-group> (G768 or G1024).
Group G768 uses the 768-bit prime modulus group when performing DH key
exchange. Group G1024 uses the 1024-bit prime modulus group when
performing the DH key exchange. G1024 provides more security with a higher
processing time.
ike-auth-algo <auth-algo> Sets IKE authentication algorithm to <auth-algo> (MD5 or SHA1).
ike-enc-algo <enc-algo> Sets IKE encryption algorithm to <enc-algo> (DES, 3DES, AES128,
AES192, AES256).
ipsec-lifetime <life-time> Sets the IPSec lifetime to <life-time> (in seconds)
ipsec-sec-proto <sec-proto> Sets the IPSec security protocol to <sec-proto> (ESP or AH). AH
(Authentication Header) provides connection less origin authentication for IP
datagrams and provides protection against repeat attacks. ESP
(Encapsulating Security Payload) provides confidentiality, origin
authentication, connection integrity, and an anti-replay service.
ipsec-auth-algo <auth- Sets IPSec authentication algorithm to <auth-algo> (MD5 or SHA1).
algo>
ipsec-enc-algo <enc-algo> Sets IPSec encryption algorithm to <enc-algo> (DES, 3DES, AES128,
AES192, AES256).
Example
admin(network.wan.l2tpvpn.lns)>set vip 111.111.111.111
admin(network.wan.l2tpvpn.lns)>set netmask 255.255.0.0
admin(network.wan.l2tpvpn.lns)>set pdns 192.168.10.255
admin(network.wan.l2tpvpn.lns)>set sdns 192.168.11.255
admin(network.wan.l2tpvpn.lns)>set type-local-id IP
admin(network.wan.l2tpvpn.lns)>set local-id 111.111.111.1
admin(network.wan.l2tpvpn.lns)>set ike-auth-mode RSA
admin(network.wan.l2tpvpn.lns)>set ike-ex-type Main
admin(network.wan.l2tpvpn.lns)>set ike-lifetime 86000
admin(network.wan.l2tpvpn.lns)>set ike-dh-group G1024
admin(network.wan.l2tpvpn.lns)>set ike-auth-algo SHA1
admin(network.wan.l2tpvpn.lns)>set ike-enc-algo AES192
admin(network.wan.l2tpvpn.lns)>set ipsec-sec-proto AH
IPSec Encryption Algorithm configuration will be not be
considered if IPSec Security protocol is configured as AH.
admin(network.wan.l2tpvpn.lns)>set ipsec-lifetime 80000

admin(network.wan.l2tpvpn.lns)>set ipsec-auth-algo MD5
admin(network.wan.l2tpvpn.lns)>show
LNS Virtual IP Address : 111.111.111.111

LNS Virtual IP Netmask : 255.255.0.0
LNS Primary DNS : 192.168.10.255
LNS Secondary DNS : 192.168.11.255
Local ID Type : IP
Local ID Data : 111.111.111.1
IKE Authentication Mode : RSA
IKE Exchange Type : Main
Preshared Key : ********
IKE Lifetime in Seconds : 86000
IKE DH Group : G1024
IKE Authentication Algorithm : SHA1
IKE Encryption Mode : AES192
Security Protocol : AH
IPSec Lifetime in seconds : 80000
IPSec Authentication Algorithm : MD5
IPSec Encryption Algorithm : DES
3.27.2 Network WAN L2TPVPN LNS show Command
show
Network WAN L2TPVPN LNS Commands
Displays the L2TPVPN LNS configuration information.
Syntax
show
Parameters
None
Example
admin(network.wan.l2tpvpn.lns)>show
LNS Virtual IP Address : 111.111.111.111

LNS Virtual IP Netmask : 255.255.0.0
LNS Primary DNS : 192.168.10.255
LNS Secondary DNS : 192.168.11.255
Local ID Type : IP
Local ID Data : 111.111.111.1
IKE Authentication Mode : RSA
IKE Exchange Type : Main
Preshared Key : ********
IKE Lifetime in Seconds : 86000
IKE DH Group : G1024
IKE Authentication Algorithm : SHA1
IKE Encryption Mode : AES192
Security Protocol : AH
IPSec Lifetime in seconds : 80000
IPSec Authentication Algorithm : MD5
IPSec Encryption Algorithm : DES
admin(network.wan.l2tpvpn.lns)>
3.28 Network WAN L2TPVPN Users Commands
users
Displays the L2TP Network Server users submenu.
Syntax
admin(network.wan.l2tpvpn)> users
admin(network.wan.l2tpvpn.users)>

add-user Adds remote access VPN user account page 3-139
delete-user Removes remote access VPN user account page 3-140
delete-all-users Removes all remote access VPN user accounts page 3-141
show-user Displays user information for a selected user page 3-142
show-all-users Displays information for all users page 3-143
3.28.1 Network WAN L2TPVPN Users add-user Command
add-user
Network WAN L2TPVPN Users Commands
Adds a remote access VPN user account.
Syntax
add-user <remote-user-name> <remote-user-virutal-ip-address>
<remote-user-virtual-ip-netmask>
<remote-user-authenticator-option>
<remote-user-authenticator-password>
Parameters
<remote-user-name> The name assigned to the remote access VPN user account
<remote-user-virtual-ip-address> The address to be assigned to this user account when the user logs in.
<remote-user-virtual-ip-netmask> The netmask for the <remote-user-virtual-ip-address> IP address.
<remote-user-authentication- The authentication protocol used by the remote user. Select from
option> chap, pap, both, none.
<remote-user-authentication- The authentication password for the remote user name <remote-
password> user-name>. 1-15 bytes long.
Example
admin(network.wan.l2tpvpn.users)>add-user JohnDoe 111.111.111.6
255.255.0.0 both JohnDoe
admin(network.wan.l2tpvpn.users)>show-all-users
Remote User Name : JohnDoe

Remote User Virtual IP address : 111.111.111.6
Remote User Netmask : 255.255.0.0
Authenticator Mode : both
Authenticator Password : ********
admin(network.wan.l2tpvpn.users)>add-user JaneDoe 111.111.111.7

255.255.0.0 chap JaneDoe

Remote User Name : JaneDoe

Authenticator Mode : chap
3.28.2 Network WAN L2TPVPN Users delete-user Command
delete-user
Deletes a specific remote access VPN user account.
Syntax
delete-user <username>
Parameters
<username> The username to delete.

Example


admin(network.wan.l2tpvpn.users)>delete-user JaneDoe

3.28.3 Network WAN L2TPVPN Users delete-all-users Command
delete-all-users
Deletes all remote access VPN user accounts.
Syntax
delete-all-users
Parameters
None
Example


admin(network.wan.l2tpvpn.users)>delete-all-users
admin(network.wan.l2tpvpn.users)>
3.28.4 Network WAN L2TPVPN Users show-user Command
show-user
Displays information for the selected remote access VPN user account.
Syntax
show-user <username>
Parameters
<username> The username to display information for.

Example
admin(network.wan.l2tpvpn.users)>show-user JohnDoe

3.28.5 Network WAN L2TPVPN Users show-all-users Command
show-all-users
Displays information for the selected remote access VPN user account.
Syntax
show-all-users
Parameters
None
Example


3.29 Network WAN TrunkIPFPolicy Commands
trunkipfpolicy
Displays the Trunk IP Filter Policy submenu.
Syntax
admin(network.wan)>trunkipfpolicy
admin(network.wan.trunkipfpolicy)>

add Adds Trunk Port IP Filter association table entry page 3-145
del Removes Trunk Port IP Filter association table entry page 3-146
set Sets Trunk Port IP Filter association parameters page 3-147
show Displays Trunk Port IP Filter association parameters page 3-148
3.29.1 Network WAN TrunkIPFPolicy add Command
add
Network WAN TrunkIPFPolicy Commands
Adds a Trunk Port IP Filter association table entry.
Syntax
add <filter-name> <direction> <action>
Parameters
<filter-name> Name of the Trunk Port Filter entry

<direction> The direction for the filter
<action> One of allow or deny.
Example
3.29.2 Network WAN TrunkIPFPolicy del Command
del
Deletes an entry from the Trunk Port IP Filter association table.
Syntax
del [all|<index>]
Parameters
all Removes all trunk port IP filter association table entries.

<index> Remove trunk port ip filter association table entry at the index <index>.
Example
admin(network.wan.trunkipfpolicy)> del 1
admin(network.wan.trunkipfpolicy)>
3.29.3 Network WAN TrunkIPFPolicy set Command
set
Sets the different Trunk Port IP Filter Policy configuration settings
Syntax
set [ipf-mode|default]
set ipf-mode <mode>
set default [incoming|outgoing] [allow|deny]
Parameters
ipf-mode <mode> Enables or disables the Trunk Port IP Filtering

default Sets the default properties for incoming and outgoing direction to either allow or
[incoming|outgoing] deny.
[allow|deny]
Example
admin(network.wan.trunkipfpolicy)>show
----------------------------------------------------------------
Filter-Name Direction Action
----------------------------------------------------------------
IP Filter Mode : enable
Default Incoming Action : allow
Default Outgoing Action : allow
admin(network.wan.trunkipfpolicy)>set default outgoing deny

------------------------------------------------------------
------------------------------------------------------------
Default Outgoing Action : deny

3.29.4 Network WAN TrunkIPFPolicy show Command
show
Displays the Trunk Port IP Filter policy configuration information.
Syntax
show
Parameters
None
Example
----------------------------------------------------
----------------------------------------------------
admin(network.wan.trunkipfpolicy)>?
3.30 Network WAN NAT Commands
nat
Displays the nat submenu.
Syntax
admin(network.wan)> nat
admin(network.wan.net)>

add Adds NAT records. page 3-150
delete Deletes NAT records. page 3-151
listt Lists NAT records. page 3-152
set Sets NAT parameters. page 3-153
show Shows NAT parameters. page 3-154
3.30.1 Network WAN NAT add Command
add
Network WAN NAT Commands
Adds NAT records.
Syntax
add inb <idx> <name> <tran> <port1> <port2> <ip> <dst_port>
Parameters
inb <idx> <name> Sets an inbound Network Address Translation (NAT) entry.
<tran> <port1> <idx> The WAN address
<port2> <ip>
<name> The NAT entry name
<dst_port>
<tran> The transport protocol (one of cp, udp, icmp, ah, esp, gre, or all)
<port1> The starting port number in a port range
<port2> The ending port number in a port range
<ip> The internal IP address
<dst_port> The optional internal translation port
Example
admin(network.wan.nat)>add inb 2 special tcp 20 21 192.168.42.16 21
admin(network.wan.nat)>list inb 2
-------------------------------------------------------------------------
index name prot start port end port internal ip
translation port
-------------------------------------------------------------------------
1 special tcp 20 21 192.168.42.16 21
Related Commands
delete inb Deletes one of the inbound NAT entries from the list.
list inb Displays the list of inbound NAT entries.
3.30.2 Network WAN NAT delete Command
delete
Deletes NAT records.
Syntax
delete inb <idx> [<entry>|all]
Syntax:
inb <idx> [<entry>|all] Deletes a NAT table entry.

<idx> The WAN index (18)
<entry> The NAT entry (120)
all All NAT entries associated with the WAN <idx> (18)
Example
-------------------------------------------------------------------------
translation port
-------------------------------------------------------------------------
1 special tcp 20 21 192.168.42.16 21
admin(network.wan.nat)>delete inb 2 all

^
-------------------------------------------------------------------------
translation port
-------------------------------------------------------------------------
Related Commands
add inb Adds entries to the list of inbound NAT entries.

list inb Displays the list of inbound NAT entries.
3.30.3 Network WAN NAT list Command
list
Lists NAT records.
Syntax
list inb <idx>
Parameters
list inb <idx> Lists the inbound NAT entries associated with WAN port <idx> (18).
Example
admin(network.wan.nat)>add inb 2 special tcp 20 21 192.168.42.16 21
-------------------------------------------------------------------------
translation port
-------------------------------------------------------------------------
1 special tcp 20 21 192.168.42.16 21
Related Commands
delete inb Deletes one of the inbound NAT entries from the list.
add inb Adds entries to the list of inbound NAT entries.
3.30.4 Network WAN NAT set Command
set
Sets NAT inbound and outbound parameters.
Syntax
set [inb|outb|type]
Parameters
inb [mode|ip] Sets the inbound NAT parameters.

mode <idx> <mode> Sets the inbound NAT mode for the WAN with index <idx>
(18). <mode> can be one of enable or disable.
ip <idx> <a.b.c.d> Forward unspecified ports and to the IP <a.b.c.d> for the WAN
with index <idx> (18).
outb [ip|map] Sets the outbound NAT parameters.
ip <idx> <a.b.c.d> Sets 1-to-1 NAT IP mapping entries where <idx> (18) is the
index of the WAN to the ip address <a.b.c.d>.
map <from> <to> Sets 1-to-many NAT mapping entries where <from> is one of s1,
s2, s3, s4, s5, and s6. <to> is the Wan index (18) or none.
type <idx> <type> Sets the type of NAT translation for WAN address index <idx> (18) to one of none,
1-to-1, or 1-to-many.
Example
admin(network.wan.nat)>set type 1 1-to-1
admin(network.wan.nat)>set outb ip 1 209.239.44.36
admin(network.wan.nat)>set inb mode 1 enable
admin(network.wan.nat)>show nat 1
nat type : 1-to-1

one to one nat ip address : 209.239.44.36
port forwarding mode : enable
port forwarding ip address : 0.0.0.0
one to many nat mapping : subnet1 subnet2 subnet3 subnet4 _
3.30.5 Network WAN NAT show Command
show
Shows NAT parameters.
Syntax
show nat <idx>
Parameters
show nat <idx> Shows NAT settings for WAN <idx> (18).
Example
admin(network.wan.nat)>set inb mode 1 enable
admin(network.wan.nat)>show nat 1
nat type : 1-to-1

one to one nat ip address : 209.239.44.36
port forwarding mode : enable
port forwarding ip address : 0.0.0.0
one to many nat mapping : subnet1 subnet2 subnet3 subnet4
3.31 Network WAN VPN Commands
vpn
Displays the VPN submenu.
Syntax
admin(network.wan)> vpn
admin(network.wan.vpn)>

cmgr Goes to the cmgr (Certificate Manager) submenu. page 3-167
add Adds an security policy database (SPD) entry. page 3-156
set Sets SPD parameters. page 3-161
list Lists SPD entries. page 3-159
delete Deletes SPD entries. page 3-157
stats Lists statistics for all active tunnels. page 3-166
ikestate Lists statistics for all active tunnels. page 3-158
reset Resets all VPN tunnels. page 3-160
3.31.1 Network WAN VPN add Command
add
Network WAN VPN Commands
Adds a security policy database (SPD) entry.
Syntax
add <name> <LSubnet> <LWANIP> <RSubnetIP> <RSubnetMask> <RGatewayIP>
Parameters
<name> <LSubnet> <LWanIP> <RSubnetIP> <RSubnetMask> <RGatewayIP>

Creates a tunnel named <name> (1 to 13 characters) to gain access to local subnet <LSubnet>
(1, 2, 3, 4, 5, 6), through local WAN IP <LWanIP> from the remote subnet with address
<RSubnetIP> and subnet mask <RSubnetMask> using the remote gateway <RGatewayIP>.
The local WAN IP can be set to 0.0.0.0 for a DHCP client. Any IP address obtained from the DHCP
server is then used to initiate the VPN tunnel. The VPN peer must set its Remote Gateway
address to 0.0.0.0 to indicate an IP value of ANY and shall operate as a responder only.
Example
admin(network.wan.vpn)>add Bob 1 209.239.160.55 206.107.22.45
255.255.255.224 206.107.22.2
If tunnel type is Manual, proper SPI values and Keys must be configured
after adding the tunnel
admin(network.wan.vpn)>list
------------------------------------------------------------------------
Tunnel Name Type Remote IP/Mask Remote Gateway Local WAN IP
Subnet
-------------------------------------------------------------------------
Eng2EngAnnex Manual 192.168.32.2/24 192.168.33.1 192.168.24.198
1
Bob Manual 206.107.22.45/27 206.107.22.2 209.239.160.55
1
3.31.2 Network WAN VPN delete Command
delete
Deletes security policy database (SPD) entries.
Syntax
delete [*|<name>]
Parameters
* Deletes all SPD entries.

<name> Deletes SPD entries named <name>.
Example
-------------------------------------------------------------------------
Subnet
-------------------------------------------------------------------------
1
Bob Manual 206.107.22.45/27 206.107.22.2 209.239.160.55
1
admin(network.wan.vpn)>delete Bob
-------------------------------------------------------------------------
Subnet
-------------------------------------------------------------------------
1
3.31.3 Network WAN VPN ikestate Command
ikestate
Displays statistics for all active tunnels using Internet Key Exchange (IKE). In particular, the table indicates
whether IKE is connected for any of the tunnels, it provides the destination IP address, and the remaining
lifetime of the IKE key.
Syntax
ikestate
Parameters
None
Example
admin(network.wan.vpn)>ikestate
----------------------------------------------------------------------
Tunnel Name IKE State Dest IP Remaining Life
----------------------------------------------------------------------
Eng2EngAnnex Not Connected ---- ---
Bob Not Connected ---- ---
3.31.4 Network WAN VPN list Command
list
Lists security policy database (SPD) entries.
Syntax
list {<name>}
Parameters
Lists all tunnel entries.

<name> Lists detailed information about tunnel named <name>. Note that the <name> must
match case with the name in the SPD entry. Bob is not equal to bob, as shown in the
example below.
Example
-------------------------------------------------------------------------
Subnet
-------------------------------------------------------------------------
1
Bob Manual 206.107.22.45/27 206.107.22.2 209.239.160.55
1
admin(network.wan.vpn)>list bob
bad index value
admin(network.wan.vpn)>list Bob
-------------------------------------------------------------------------
Detail listing of VPN entry:
-------------------------------------------------------------------------
Name : Bob
Local Subnet : 1
Tunnel Type : Manual
Remote IP : 206.107.22.45
Remote IP Mask : 255.255.255.224
Remote Security Gateway : 206.107.22.2
Local Security Gateway : 209.239.160.55
AH Algorithm : None
Encryption Type : ESP
Encryption Algorithm : DES
ESP Inbound SPI : 0x00000100
ESP Outbound SPI : 0x00000100
3.31.5 Network WAN VPN reset Command
reset
Resets all VPN tunnels.
Syntax
reset
Parameters
None
Example
admin(network.wan.vpn)>reset
VPN tunnels reset.
3.31.6 Network WAN VPN set Command
set
Sets security policy database (SPD) entry parameters.
Syntax
set [ike|type|sub|remip|remmask|remgw|authalgo|espauthalgo|enckey|spi|
localgw|usepfs|pfsgrp|salife|ipsecdel|auto-initiation|
auto-initiate-interval]
set ike [myidtype|remidtype|myiddata|opmode|authtype|authalgo|psk|

encalgo|lifetime|group]
set ike myidtype <name> <idtype>
set ike remidtype <name> <idtype>
set ike myiddata <name> <idtype>
set ike opmode <name> <opmode>
set ike authtype <name> <authtype>
set ike authalgo <name> <authalgo>
set ike psk <name> <psk>
set ike encalgo <name> <encalgo>
set ike lifetime <name> <lifetime>
set ike group <name> <group>
set type <name> <type>
set sub <name> <sub>
set remip <name> <remip>
set remmask <name> <remmask>
set remgw <name> <remgw>
set authalgo <name> <auth>
set enctype <name> <enctype>
set encalgo <name> <encalgo>
set espauthalgo <name> <espauthalgo>
set enckey <name> <direction> <enckey>
set espauthkey <name> <direction> <espauthkey>
set spi <name> <algo> <direction> <spi>
set localgw <name> <localgw>
set usepfs <name> <usepfs>
set pfsgrp <name> <pfsgrp>
set salife <name> <lifetime>

set ipsecdel <name> <mode>
set auto-initiation <name> <mode>
set auto-initiate-interval <interval>
Parameters
ike myidtype <name> Sets the Local ID type for IKE authentication for SPD <name> (1 to 13 characters)
<idtype> to <idtype> (one of IP, FQDN, or UFQDN).
ike remidtype <name> Sets the Remote ID type for IKE authentication for SPD <name> (1 to 13
<idtype> characters) to <idtype> (one of IP, FQDN, or UFQDN).
ike myiddata <name> Sets the Local ID data for IKE authentication for SPD <name> (1 to 13 characters)
<iddata> to <iddata>. This value is not required when the ID type is set to IP.
ike remiddata <name> Sets the Remote ID data for IKE authentication for SPD <name> (1 to 13
<iddata> characters) to <idtype>.
ike opmode <name> Sets the Operation Mode of IKE for SPD <name> (1 to 13 characters) to 4.
<opmode> <opmode> can be one of Main or Aggr(essive).
ike authtype <name> Sets the IKE Authentication type for SPD <name> (1 to 13 characters) to
<authtype> <authtype> (one of PSK or RSA).
ike authalgo <name> Sets the IKE Authentication Algorithm for SPD <name> (1 to 13 characters) to
<authalgo> <authalgo>. <authalgo> can be either MD5 or SHA1.
ike psk <name> <psk> Sets the IKE Pre-Shared Key for SPD <name> (1 to 13 characters) to <psk> (149
characters).
ike encalgo <name> Sets the IKE Encryption Algorithm for SPD <name> (1 to 13 characters) to
<encalgo> <encalgo> (one of DES, 3DES, AES128, AES192, or AES256).
ike lifetime <name> Sets the IKE Key life time in seconds for SPD <name> (1 to 13 characters) to
<lifetime> <lifetime> seconds.
ike group <name> Sets the IKE Diffie-Hellman Group for SPD <name> (1 to 13 characters) to
<group> <group> (one of G768 or G1024)
type <name> <type> Sets the authentication type of SPD <name> (1 to 13 characters) to <type> (Auto
or Manual).
sub <name> <sub> Sets the Local Subnet (1, 2, 3, 4, 5 or 6) for SPD <name> (1 to 13 characters) to
subnet number <sub> (1, 2, 3, 4, 5 or 6).
remip <name> <remip> Sets the IP address for the remote end of SPD <name> (1 to 13 characters) to
remote ip <remip> (a.b.c.d).
remmask <name> Sets the IP Mask for the remote end of SPD <name> (1 to 13 characters) to
<remmask> <remmask> (a.b.c.d).
remgw <name> Sets the Remote IP gateway for SPD <name> (1 to 13 characters) to be <remgw>
<remgw> (a.b.c.d).
Set this value to 0.0.0.0 to support tunneling to VPN peer which is a DHCP client.
authalgo <name> Sets the authentication algorithm for SPD <name> (1 to 13 characters) to
<authalgo> <authalgo> (one of None, MD5, or SHA1).
authkey <name> Sets the AH authentication key (if SPD type is Manual) for tunnel <name> (1 to 13
<direction> <authkey> characters) with the direction <direction> set to IN or OUT, and the manual
authentication key set to <authkey>. (The key size is 32 hex characters for MD5,
and 40 hex characters for SHA1).
enctype <name> Sets the Encryption type for SPD <name> (1 to 13 characters) to <enctype> (one
<enctype> of None, ESP, or ESP-AUTH).
encalgo <name> Sets the Encryption Algorithm for SPD <name> (1 to 13 characters) to <encalgo>
<encalgo> (one of DES, 3DES, AES128, AES192, or AES256).
espauthalgo <name> Sets ESP Authentication Algorithm for SPD <name> to <espauthalgo> (one of
<espauthalgo> MD5 or SHA1).
enckey <name> Sets the Manual Encryption Key in ASCII for SPD <name> and direction
<direction> <enckey> <direction> (IN or OUT) to the key <enckey>. The size of the key depends on
the encryption algorithm.
- 16 hex chars for DES
- 48 hex chars for 3DES
- 32 hex chars for AES128
espauthkey <name> Sets Manual ESP Authentication Key for SPD <name> (1 to 13 characters) either
<direction> for direction <direction> (IN or OUT) to <espauthkey>, an ASCII string of hex
<espauthkey> characters. If authalgo is set to MD5, the provide 32 hex characters. If authalgo is
set to SHA1, provide 40 hex characters.
spi <name> <algo> Sets the direction <direction> (IN(bound) or OUT(bound)) SPI for <algo> (AUTH
<direction> <spi> (Manual Authentication) or ESP) for SPD <name> (1 to 13 characters) to <spi> (a
hex value more than 0xFF).
localgw <name> <ip> Sets the Local WAN IP to <ip> (a.b.c.d) for a SPI <name> (1 to 13 characters).
The local WAN IP (local gateway) can be set to 0.0.0.0 for a DHCP client. Any IP
address obtained from the DHCP server is then used to initiate the VPN tunnel.
The VPN peer must set its Remote Gateway address to 0.0.0.0 to indicate an IP
value of ANY and shall operate as a responder only.
usepfs <name> Enables or disables Perfect Forward Secrecy for SPD <name> (1 to 13 characters).
<usepfs>
salife <name> <life Sets SA life time to <lifetime> seconds (minimum 300).
time>
ipsecdel <name> Enables the deletion of IPSEC SA when IKE SA is deleted for the tunnel named
<mode> <name> (1 to 13 characters).
auto-initiation <name> Enables / disables auto-initiation by WS2000 for the tunnel named <name> (1 to
<mode> 13 characters).
auto-initiate-interval Sets the time duration between two consecutive auto-initiation attempts. This
<time> time duration is in seconds.
Example
-------------------------------------------------------------------------
------------------------------------------------------------------------
Name : Bob
Local Subnet : 1
Remote IP : 206.107.22.45
Remote IP Mask : 255.255.255.224
AH Algorithm : None
ESP Inbound SPI : 0x00000100
ESP Outbound SPI : 0x00000100
admin(network.wan.vpn)>set usepfs Bob enable

admin(network.wan.vpn)>set spi Bob ESP IN abcde
admin(network.wan.vpn)>set spi Bob ESP OUT cdef23
-------------------------------------------------------------------------
-------------------------------------------------------------------------
Name : Bob
Local Subnet : 1
Remote IP : 206.107.22.45
Remote IP Mask : 255.255.255.224
AH Algorithm : None
ESP Inbound SPI : 0x000ABCDE
ESP Outbound SPI : 0x00CDEF23
admin(network.wan.vpn)>set authalgo Bob MD5

-------------------------------------------------------------------------
------------------------------------------------------------------------
Name : Bob
Local Subnet : 1
Remote IP : 206.107.22.45
Remote IP Mask : 255.255.255.224
AH Algorithm : MD5
Auth Inbound SPI : 0x00000100
Auth Outbound SPI : 0x00000100
admin(network.wan.vpn)>set authkey Bob IN

12345678901234567890123456789012
admin(network.wan.vpn)>set authkey Bob OUT
11111111112222222222333333333344
admin(network.wan.vpn)>set spi Bob AUTH IN 2233445
admin(network.wan.vpn)>set spi Bob AUTH OUT 33344
-------------------------------------------------------------------------
------------------------------------------------------------------------
Name : Bob
Local Subnet : 1
Remote IP : 206.107.22.45
Remote IP Mask : 255.255.255.224
AH Algorithm : MD5
Auth Inbound SPI : 0x02233445
Auth Outbound SPI : 0x00033344
3.31.7 Network WAN VPN stats Command
stats
Lists statistics for all active tunnels.
Syntax
stats
Parameters
None
Example
admin(network.wan.vpn)>stats
------------------------------------------------------------------------
Tunnel Name Status SPI(OUT/IN) Life Time Bytes(Tx/Rx)
------------------------------------------------------------------------
Eng2EngAnnex Not Active
Bob Not Active
3.32 Network WAN VPN Cmgr Commands
cmgr
Displays to the Certificate Manager submenu.
Syntax
admin(network.wan.vpn)> cmgr
admin(network.wan.vpn.cmgr)>

genreq Generates a Certificate Request. page 3-173
loadca Loads a trusted certificate from CA. page 3-178
loadself Loads a self certificate signed by CA. page 3-179
showreq Displays a certificate request in PEM format. page 3-180
listprivkey Lists names of private keys. page 3-176
listself Lists the self certificate loaded. page 3-177
listca Lists the trusted certificate loaded. page 3-175
delprivkey Deletes the private key. page 3-169
delself Deletes the self certificate. page 3-170
delca Deletes the trusted certificate. page 3-168
expcert Exports the certificate file. page 3-171
impcert Imports the certificate file. page 3-174
3.32.1 Network WAN VPN Cmgr delca Command
delca
Deletes a trusted certificate.
Syntax
delca <IDname>
Parameters
<IDname> Deletes the trusted certificate <IDname>.

Example
admin(network.wan.vpn.cmgr)>delca CAfinance
3.32.2 Network WAN VPN Cmgr delprivkey Command
delprivkey
Deletes a private key.
Syntax
delprivkey <IDName>
Parameters
<IDname> The key name to be deleted.

Example
admin(network.wan.vpn.cmgr)>delprivkey <IDname>
3.32.3 Network WAN VPN Cmgr delself Command
delself
Network WAN VPN Cmgr Commands
Deletes a self certificate.
Syntax
delself <IDName>
Parameters
<IDname> The name of the self certificate to be deleted.

Example
admin(network.wan.vpn.cmgr)>delself<IDname>
3.32.4 Network WAN VPN Cmgr expcert Command
expcert
Exports the certificate file.
Syntax
expcert [ftp|tftp] <filename>
Parameters
[ftp|tftp] <file name> Exports the certificate with specified filename <file name> by either ftp or tftp.
The tftp or ftp options for this file transfer will use the settings for the
configuration file settings. See System Config set Command for information on
how to set the tftp/ftp options.
Example
admin(system.config)>set server 192.168.22.12
admin(system.config)>set user myadmin
admin(system.config)>set passwd
admin(network.wan.vpn.cmgr)>expcert ftp mycertificate

Related Commands
impcert Imports a certificate.

3.32.5 Network WAN VPN Cmgr export-req Command
export-req
Exports the private key ID name to a file. The exported file will be in the same directory as used for importing
or exporting configuration files.
Syntax
export-req ftp <idname> <filename>
Parameters
ftp <idname> Exports the private key ID name to a file. This file is exported to the same
<filename> directory as used for exporting or importing configuration files.
Example
admin(network.wan.vpn.cmgr)> export-req ftp key1 filekey1
3.32.6 Network WAN VPN Cmgr genreq Command
genreq
Generates a Certificate Request.
Syntax
genreq <IDName> <subject> {-ou <Organization Unit>} {-on <Organization
Name>} {-cn <City Name>} {-st <State>} {-p <Postal Code>} {-cc <Country
Code>} {-e <Email Address>} { -d <Domain Name>} {-i <IP Address>} {-sa
<Signature Algorithm>} {-k <Key Size>}
Syntax:
genreq Generates a self-certificate request for a Certification Authority (CA), where <IDname> is
<IDname> the private key ID (up to 7 characters) and <subject> is the subject name (up to 49
<Subject> characters). A number of optional arguments can also be specified as indicated below.
...optional
arguments...
-ou <Organization Unit> Organization Unit (1 to 49 chars)
-on <Organization Name> Organization Name (1 to 49 chars)
-cn <City Name> City Name of Organization (1 to 49 chars)
-st <State> State Name (1 to 49 chars)
-p <Postal Code> Postal code (9 digits)
-cc <Country Code> Country code (2 chars)
-e <Email Address> E-mail Address (1 to 49 chars)
-d <Domain Name> Domain Name (1 to 49 chars)
-i <IP Address> IP Address (a.b.c.d)
-sa <Signature Algorithm> Signature Algorithm (one of MD5-RSA or SHA1-RSA)
-k <Key Size> Key size in bits (one of 512, 1024, or 2048)
Note: The parameters in {curly brackets} are optional. Check with the CA to determine what fields are necessary. For example,
most CAs require an email address and an IP address, but not the address of the organization.
Example
admin(network.wan.vpn.cmgr)>genreq MyCert2 MySubject -ou MyDept -on
MyCompany
Please wait. It may take some time...
-----BEGIN CERTIFICATE REQUEST-----

MIHzMIGeAgEAMDkxEjAQBgNVBAoTCU15Q29tcGFueTEPMA0GA1UECxMGTXlEZXB0
MRIwEAYDVQQDEwlNeVN1YmplY3QwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAtKcX
plKFCFAJymTFX71yuxY1fdS7UEhKjBsH7pdqnJnsASK6ZQGAqerjpKScWV1mzYn4
1q2+mgGnCvaZUlIo7wIDAQABoAAwDQYJKoZIhvcNAQEEBQADQQCClQ5LHdbG/C1f
Bj8AszttSo/bA4dcX3vHvhhJcmuuWO9LHS2imPA3xhX/d6+Q1SMbs+tG4RP0lRSr
iWDyuvwx
-----END CERTIFICATE REQUEST-----
3.33 Network WAN VPN Cmgr impcert Command
impcert
Imports the certificate file.
Syntax
impcert <type> <filename>
Parameters
[ftp|tftp] <filename> Imports the certificate with specified filename <file name> by either ftp or tftp.
The tftp or ftp options for this file transfer will use the settings for the
configuration file settings. See System Config set Command for information on
how to set the tftp/ftp options.
Example
admin(network.wan.vpn.cmgr)>impcert ftp mycertificate

Related Commands
expcert Exports a certificate.

3.33.1 Network WAN VPN Cmgr listca Command
listca
Lists the loaded trusted certificate.
Syntax
listca
Parameters
None
Example
admin(network.wan.vpn.cmgr)>listca
Trusted Certificate List:
3.33.2 Network WAN VPN Cmgr listprivkey Command
listprivkey
Lists the names of private keys.
Syntax
listprivkey
Parameters
None
Example
admin(network.wan.vpn.cmgr)>listprivkey
-------------------------------------------------------------------------
Private Key Name Certificate Associated
-------------------------------------------------------------------------
3.33.3 Network WAN Vpn Cmgr listself Command
listself
Lists the loaded self certificates.
Syntax
listself
Parameters
None
Example
admin(network.wan.vpn.cmgr)>listself
Self Certificate List:

3.33.4 Network WAN VPN Cmgr loadca Command
loadca
Loads a trusted certificate from the Certificate Authority.
Syntax
loadca {ftp <filename>}
Parameters
loadca Loads the trusted certificate (in PEM format) that is pasted into the command line.
ftp <filename> (Optional parameter) Loads a CA certificate from a FTP server. <filename> is
the name of the certificate file to load. The default path for loading the file is the same as
used for importing or exporting configuration files.
Example
admin(network.wan.vpn.cmgr)>loadca ftp cert1

Starting file transfer ...
Certificate transferred successfully
admin(network.wan.vpn.cmgr)>loadca
Currently Only certificates in PEM format can be uploaded
Enter 'Ctrl C' to abort. Paste the certificate:
3.33.5 Network WAN VPN Cmgr loadself Command
loadself
Loads a self certificate signed by the Certificate Authority.
Syntax
loadself [<IDname>|ftp <IDname> <filename>]
Parameters
<IDname> Loads the self certificate signed by the CA with name <IDname>.
ftp <IDname> Loads the self certificate <IDName> from a file <filename> on an FTP server. The
<filename> certificate file is loaded from the same directory as used for importing or exporting
configuration files.
Example
admin(network.wan.vpn.cmgr)> loadself ftp MyCert mycert.cert
Starting file transfer ...
admin(network.wan.vpn.cmgr)>loadself MyCert
Currently Only certificates in PEM format can be uploaded.
Paste the certificate:
3.33.6 Network WAN VPN Cmgr showreq Command
showreq
Displays a certificate request in PEM format.
Syntax
showreq <IDname>
Parameters
showreq Displays a certificate request named <IDname> generated from the genreq command.
<IDname>
3.34 Network WLAN Commands
wlan
network
Displays the WLAN submenu.
Syntax
admin(network)> wlan
admin(network.wlan)>

add Adds MU access control list entries. page 3-182
delete Deletes MU access control list entries. page 3-183
list Lists MU access control list entries. page 3-184
rogueap Goes to the rogue AP submenu. page 3-192
enhancedrogueap Goes to the Enhanced Rogue AP submenu. page 3-218
muprobe Goes to the MU Probe submenu page 3-221
hotspot Goes to the Hotspot submenu page 3-224
wlanipfpolicy Goes to WLAN IPF policy submenu. page 3-237
set Sets WLAN parameters. page 3-185
show Shows WLAN parameters. page 3-190
3.34.1 Network WLAN add Command
add
Network WLAN Commands
Adds entries to the mobile unit (MU) access control list.
Syntax
add <idx> <mac1> <mac2> <name>
Parameters
<idx> <mac1> <mac2> Adds an entry to the MU access control list, where <idx> is the WLAN
<name> index (18), <mac1> is the starting MAC address (e.g., 001122334455), and
<mac2> is ending MAC address in the acceptable range. <name> is the
name of the MU ACL.
Example
admin(network.wlan)>add 1 000000000000 112233445566
admin(network.wlan)>list 1
------------------------------------------------------------------------
------------------------------------------------------------------------
1 000000000000 112233445566
Related Commands
delete Deletes entries from the MU access control list.

list Shows entries in the MU access control list.
3.34.2 Network WLAN delete Command
delete
Deletes specified entry or entries from mobile unit (MU) access control list.
Syntax
Parameters
<idx> [<entry>|all] Deletes MU ACL entries.

<entry> Deletes MU access control list entry <entry> (130) for WLAN
<idx> (18).
all Deletes all access control list entries for the WLAN specified by
<idx>.
Example
admin(network.wlan)>add 1 223344556677 334455667788
------------------------------------------------------------------------
------------------------------------------------------------------------
1 000000000000 112233445566
2 223344556677 334455667788
admin(network.wlan)>delete 1 2
-------------------------------------------------------------------------
------------------------------------------------------------------------
1 000000000000 112233445566
Related Commands
add Adds entries to the MU access control list.

list Displays entries in the MU access control list.
3.34.3 Network WLAN list Command
list
Lists the entries in the mobile unit (MU) access control list.
Syntax
list <idx>
Parameters
list <idx> Displays the entries in the MU access control list for WLAN <idx> (18).
Example
-------------------------------------------------------------------------
-------------------------------------------------------------------------
1 000000000000 112233445566
Related Commands
add Adds entries to the MU access control list.

delete Deletes entries from the MU access control list.
3.34.4 Network WLAN set Command
set
Sets WLAN parameters.
Syntax
set [acl|adopt|auth|bcast|eap|enc|ess|kerb|mcast|mode|name|
vlan-id|no-mu-mu|vop|tkip|ccmp|wep-mcm|mu-inact|wep_shared|
handshake-timeout|handshake-retry-count]
set [acl|adopt|bcast] <idx> <mode>
set auth <idx> <type>
set eap [adv|server|port|syslog|rad-acct|reauth|secret|

rad-bind-interface]
set eap adv [mu-quite|mu-tx|mu-timeout|mu-retry|
server-timeout|server-retry]
set eap adv [mu-quite|mu-tx] <idx> <period>
set eap adv [mu-timeout|server-timeout] <idx> <timeout>
set eap adv [mu-retry|server-retry] <idx> <retry>
set eap server <a> <b> <c>
set eap port <a> <b> <c>
set eap syslog [ip|mode]
set eap syslog ip <a> <b>
set eap syslog mode <idx> <mode>
set eap rad-acct [mode|timeout|retry-count]
set eap rad-acct mode <idx> <mode>
set eap rad-acct timeout <idx> <timeout>
set eap rad-acct retry-count <idx> <retry>
set eap reauth mode <idx> <mode>
set eap reauth period <idx> <period>
set eap reauth retry <idx> <retry>
set eap secret <a> <b> <c>
set eap rad-bind-interface <idx> <server> <interface>
set enc <idx> <type>
set ess <idx> <ess>
set kerb [passwd|port|realm|server|user]

set kerb passwd <idx> <passwd>
set kerb port <a> <b> <c>
set kerb realm <idx> <realm>
set kerb server <a> <b> <c>
set kerb user <idx> <name>
set mcast <widx> <midx> <mac>
set [mode|no-mu-mu|vop] <idx> <mode>
set name <idx> <name>
set vlan-id <idx> <vlan-id>

set tkip [key|type|phrase|rotate-mode|interval|wpa2|preauth|pmk]

set tkip key <idx> <key>
set tkip type <idx> <type>
set tkip phrase <idx> <phrase>
set tkip [rotate-mode|wpa2|preauth|pmk] <idx> <mode>
set tkip interval <idx> <interval>
set ccmp [key|type|phrase|rotate-mode|interval|mixed-mode|preauth|opp-

pmk]
set ccmp key <idx> <key>
set ccmp type <idx> <type>
set tkip phrase <idx> <phrase>
set tkip [rotate-mode|mixed-mode|preauth|opp-pmk] <idx> <mode>
set tkip interval <idx> <interval>
set wep-mcm [index|key]

set wep-mcm index <a> <b>
set wep-mcm key <a> <b> <c>
set mu-inact <timeout>
set wep_shared <mode>
set handshake-timeout <idx> <timeout>
set handshake-retry-count <idx> <retry-count>
Parameters
acl <idx> <mode> Sets the default MU access control mode <mode> to allow or deny for
WLAN <idx> (18).
adopt <idx> <mode> Sets default Access Port adoption mode <mode> to allow or deny for
WLAN <idx> (18).
auth <idx> <type> Sets the authentication type for WLAN <idx> (18) to <type> (none,
eap, or kerberos).
Note: EAP parameters are only in effect if eap is specified for the authentication
method (set auth <idx> <type>).
bcast <idx> <mode> Enables or disables the broadcast ESS answer for the WLAN <idx> (1
8).
eap adv mu-quiet <idx> Sets the EAP MU/supplicant quiet period for WLAN <idx> (18) to
<period> <period> seconds (165535).
eap adv mu-tx <idx> <period> Sets the EAP MU/supplicant TX period for WLAN <idx> (18) to
<period> seconds (165535).
eap adv mu-timeout <idx> Sets the EAP MU/supplicant timeout for WLAN <idx> (18) to <timeout>
<timeout> seconds (1255).
eap adv mu-retry <idx> <retry> Sets the EAP maximum number of MU retries to <retry> (110) for WLAN
<idx> (18).
eap adv server-timeout <idx> Sets the server timeout for WLAN <idx> (18) to <timeout> seconds (1
<timeout> 255).
eap adv server-retry <idx> Sets the maximum number of server retries for WLAN <idx> (18) to
<retry> <retry> (110).
eap server <idx> <rsidx> <ip> Sets the RADIUS server <rsidx> (1-primary or 2-secondary) for WLAN
<idx> (18) to IP address <ip>.
eap port <idx> <rsidx> <port> Sets the RADIUS server <rsidx> (1-primary or 2-secondary) for WLAN
<idx> (18) to <port>.
eap rad-acct mode <idx> Enables/disables RADIUS accounting for WLAN <idx> (18).
<mode>
eap rad-acct retry-count <idx> Sets RADIUS accounting retry count to <count> (110) for WLAN <idx>
<count> (18).
eap rad-acct timeout <idx> Sets RADIUS accounting retry timeout to <time> seconds (1255) for
<time> WLAN <idx> (18). 0 indicates no timeout.
eap rad-bind-interface <idx> Binds the RADIUS server type <server> (1 - Primary, 2 - Secondary) to the
<server> <interface> interface <interface> (one of s1-s6, w, none - s1- Subnet 1, s2-subnet 2,
...s6-Subnet 6, w-wan) for the WLAN <idx> (18).
eap reauth mode <idx> enable/ Enables or disables the EAP reauthentication parameters for WLAN <idx>
disable (18).
eap reauth period <idx> Sets the reauthentication period for WLAN <idx> (18) to <period>
<period> seconds (309999).
eap reauth retry <idx> <retry> Sets the maximum number of reauthentication retries to <retry> (199)
for WLAN <idx> (18).
eap secret <idx> <rsidx> Sets the EAP shared secret <secret> (1127 characters) for server
<secret> <rsidx> (1-primary or 2-secondary) on WLAN <idx> (18).
Note: Kerberos parameters are only in effect if kerberos is specified for the
authentication method (set auth <idx> <type>).
eap syslog ip <idx> <ip> Sets the remote syslog server for WLAN <idx> (18) to the IP address
<ip> (a.b.c.d).
eap syslog mode <idx> enable/ Enables/disables remote syslog for WLAN <idx> (18).
disable
enc <idx> <type> Sets the encryption type to <type> (one of none, wep40, wep104,
keyguard, tkip, or ccmp) for WLAN <idx> (18).
Note: TKIP parameters are only in effect if tkip is selected as the encryption
type.
ess <idx> <ess> Sets the 802.11 ESS ID for WLAN <idx> (18) to <ess>.
kerb passwd <idx> Sets the Kerberos password to <password> (121 characters) for WLAN
<password> <idx> (18).
kerb port <idx> <ksidx> <port> Sets the Kerberos port to <port> (KDC port) for server <ksidx> (1-primary,
2-backup, or 3-remote) for WLAN <idx> (18).
kerb realm <idx> <realm> Sets the Kerberos realm name for WLAN <idx> (18) to <realm> (163
characters).
kerb server <idx> <ksidx> <ip> Sets the Kerberos server <ksidx> (1-primary, 2-backup, or 3-remote) IP
address for WLAN <idx> (18) to <ip>.
kerb user <idx> <name> Sets the Kerberos user name for WLAN <idx> (18) to <name> (121
characters).
mcast <idx> <midx> <mic> Sets the multicast group address <midx>
(1, 2) for WLAN <idx> (18) to MAC address <mac>.
mode <idx> <mode> Enables or disables WLAN <idx> (18).
name <idx> <name> Sets the name of WLAN <idx> (18) to <name> (17 characters).
no-mu-mu <idx> <mode> Enables or disables the stoppage of MU-to-MU communication for WLAN
<idx> (18).
vop <idx> <mode> Enables or disables the voice priority mode for WLAN <idx> (18).
tkip key <idx> <key> Sets the TKIP key to <key> (164 hex digits) for WLAN <idx> (18).
tkip type <idx> <type> Sets the TKIP key type to phrase or key for WLAN <idx> (18).
tkip phrase <idx> <phrase> Sets the TKIP ASCII pass phrase to <phrase> (863 characters) for WLAN
<idx> (18).
tkip rotate-mode <idx> <mode> Enables or disabled the broadcast key rotation for WLAN <idx> (18).
tkip interval <idx> <interval> Sets the broadcast key rotation interval to <interval> seconds (300
604800) for WLAN <idx> (18).
ccmp key <idx> <key> Sets the CCMP key to <key> (164 hex digits) for WLAN <idx> (18).
Must be specified when type parameter is set to key.
ccmp type <idx> phrase/ Sets the CCMP key type to phrase or key for WLAN <idx> (18).
key
ccmp phrase <idx> <phrase> Sets the CCMP ASCII pass phrase for WLAN <idx> (18) to <phrase> (8
63 characters). Must be specified when type parameter is set to phrase.
ccmp rotate-mode <idx> Enables or disables the broadcast key rotation for WLAN <idx> (18).
enable/disable
ccmp interval <idx> <interval> Sets the broadcast key rotation interval for WLAN <idx> (18) to
<interval> (300604800) seconds.
ccmp mixed-mode <idx> Enables or disables mixed mode (allowing WPA-TKIP clients) for WLAN
enable/disable <idx> (18).
ccmp preauth <idx> enable/ Enables or disables pre-authentication (fast roaming) for WLAN <idx> (1
disable 8).
ccmp opp-pmk <idx> enable/ Enables or disables opportunistic PMK caching (fast roaming) for WLAN
disable <idx> (18).
Note: The WEP authentication mechanism saves up to four different keys (one for
each WLAN). It is not a requirement to set all keys, but you must associate a WLAN
with the appropriate key.
wep-mcm index <idx> <kidx> Selects the WEP/KeyGuard key (from one of the four potential values of
<kidx> (14) for WLAN <idx> (18).
wep-mcm key <idx> <kidx> Sets the WEP/KeyGuard key for key index <kidx> (14) for WLAN <idx>
<key> (18) to <key> 1 to 26 (hex digits).
vlan-id <idx> <vlan-id> Sets the VLAN-ID mapping to WLAN <idx> (18) to VLAN <vlan-id> (1
4094).
mu-inact <timeout> Sets the MU inactivity timeout value to <timeout> (1-60) minutes.
wep_shared <mode> Enables or disables WEP shared mode.
handshake-timeout <idx> Sets the 802.11i handshake timeout value to <timeout> (100-2000 ms) for
<timeout> the WLAN <idx> (18). This feature is provided to prevent those MUs that
do not receive EAPOL messages from restarting the association
procedure. The default retry for these MUs is 2 seconds. This switch is
provided to control the retry for EAPOL messages to a value that is less
than 2 seconds.
handshake-retry-count <idx> Sets the 802.11i handshake retry count to <retry-count> (1-10) for the
<retry-count> WLAN <idx> (18). This in conjunction with the handshake-timeout
command controls the handshake retry time and retry count for those MUs
that do not receive EAPOL messages.
Example
admin(network.wlan)>set name 1 store
admin(network.wlan)>set name 2 backoff
admin(network.wlan)>set auth 1 kerberos
Kerberos requires WEP 104 or Keyguard. The encryption type has been
changed to W
EP104.
admin(network.wlan)>set no-mu-mu 1 enable

admin(network.wlan)>show wlan 1
wlan name : WLAN1

wlan mode : enable
subnet : s1
vlan_id : 1
enc type : none
auth type : none
voice prioritization : enable
disallow mu to mu : disable
answer broadcast ess : disable
secure beacon mode : disable
default mu acl mode : allow all
default ap adopt mode : allow all
multicast address 1 : 01005E000000
handshake timeout in milliseconds : 2000
handshake retry count : 3
3.34.5 Network WLAN show Command
show
Displays the WLAN parameters.
Syntax
show [eap|kerb|tkip|ccmp|wep-mcm|wlan|mu-inact|wep_shared] <idx>
Syntax:
eap <idx> Shows the EAP parameters for WLAN <idx> (18).
kerb <idx> Shows the Kerberos parameters for WLAN <idx> (18).
tkip <idx> Shows the TKIP parameters for WLAN <idx> (18).
ccmp <idx> Shows the CCMP parameters for WLAN <idx> (18).
wep-mcm <idx> Shows the WEP/Keyguard parameters for WLAN <idx> (18).
wlan <idx> Shows the basic WLAN parameters for WLAN <idx> (18).
mu-inact Shows the MU inactivity timeout value.
wep_shared Shows the WEP Shared parameters.
Example
admin(network.wlan)>show tkip 1
tkip key type : phrase

tkip phrase : ********
tkip key : ********
tkip rotate mode : disable
tkip rotate interval : 86400
admin(network.wlan)>show ccmp 1
ccmp key type : phrase

ccmp phrase : ********
ccmp key : ********
ccmp rotate mode : disable
ccmp rotate interval : 86400
ccmp mixed mode (allow WPA) : disable
802.11i preauthentication : disable
Opportunistic PMK Caching : enable
admin(network.wlan)>show wep-mcm 1
wep key index : 1

wep key 1 : ********
wep key 2 : ********
wep key 3 : ********
wep key 4 : ********
admin(network.wlan)>show wlan 1
wlan name : WLAN1

wlan mode : enable
enc type : none

auth type : none
voice prioritization : enable
disallow mu to mu : disable
answer broadcast ess : disable
default mu acl mode : allow all
default ap adopt mode : allow all
admin(network.wlan)>show eap 1
server ip 1 : 0.0.0.0
server ip 2 : 0.0.0.0
server port 1 : 1812
server port 2 : 1812
eap secret 1 : ********
eap secret 2 : ********
eap remote syslog mode : disable

syslog server ip : 0.0.0.0
Bind interface (for server 1) : s1
Bind interface (for server 2) : none
eap reauth mode : disable

eap reauth retries : 2
eap reauth period : 3600
eap mu quiet period : 10

eap mu tx period : 5
eap mu timeout : 10
eap mu retries : 2
eap server timeout : 5
eap server retries : 2
radius accounting retry mode : disable

radius accounting retry timeout : 10
radius accounting retry count : 2
Related Commands
set Sets WLAN parameters.

3.35 Network WLAN Rogue AP Commands
rogueap
Displays the rogue AP submenu.
Syntax
admin(network.wlan)> rogueap
admin(network.wlan.rogueap)>

show Shows current rogue AP configuration. page 3-194
set Sets rogue AP parameters. page 3-193
rulelist Goes to the rule list submenu. page 3-213
approvedlist Goes to the approved AP list submenu. page 3-195
roguelist Goes to the rogue AP list submenu. page 3-200
3.35.1 Network WLAN Rogueap set Command
set
Network WLAN Rogue AP Commands
Sets rogue access point parameters.
Syntax
set [muscan|apscan|detscan|fullapscan] [mode <mode>|interval <interval>]
Parameters
[muscan|apscan|detscan|fullapscan] [mode Sets the different Rogue AP parameters

<mode>|interval <interval> muscan Sets MU scanning parameters
apscan Sets AP scanning parameters.
detscan Sets Detector scanning parameters. For
this feature to work, you must set one of the
Access Ports as a Detector AP.
fullapscan Sets full AP scanning parameter. For
this feature to work, you must set one of the
Access Ports as a Full Detector AP.
Each of the above options have these settings
mode <mode> <mode> can be enable or
disable. Use this to enable or disable a rogue ap
parameter
interval <interval> Sets the scanning interval for
rogue ap detection. <interval> can be between 5
to 65535 minutes. For fullapscan, the interval is
in seconds.
Enables or disables mobile unit scanning.
Example
admin(network.wlan.rogueap)>set apscan mode enable
admin(network.wlan.rogueap)>set apscan int 60
Related Commands
show Displays the rogue AP parameters.

3.35.2 Network WLAN Rogueap show Command
show
Shows the current rogue AP configuration.
Syntax
show
Parameters
None
Example
admin(network.wlan.rogueap)>show
mu scan : disabled
mu scan interval : 60 minutes
ap scan : disabled
ap scan interval : 60 minutes
detector ap scan : disabled
detector ap scan interval : 60 minutes
full detector ap scan : disabled
full detector ap scan interval : 60 seconds
Related Commands
set Sets the rogue AP scanning parameters.

3.36 Network WLAN Rogue AP Approvedlist Commands
approvedlist
Displays the approved AP list submenu.
Syntax
admin(network.wlan.rogueap)> approvedlist
admin(network.wlan.rogueap.approvedlist)>

show Shows the approved AP list. page 3-199
ageoute Displays the ageout time for an approved list entry. page 3-196
approve Approves an AP. page 3-197
erase Erases the list. page 3-198
3.36.1 Network WLAN Rogueap Approvedlist ageout Command
ageoute
Network WLAN Rogue AP Approvedlist Commands
Displays ageout time for an approved list entry.
Syntax
ageout <interval>
Parameters
ageout <interval> Sets the number of minutes, the <interval> (01000), before an entry in the
approved list is automatically removed.
Example
admin(network.wlan.rogueap.approvedlist)>ageout 30
Related Commands
erase Erases the approved AP list.

3.36.2 Network WLAN Rogueap Approvedlist approve Command
approve
Approves an AP.
Syntax
approve [<index>|all]
Parameters
approve approve <index> Approves an access point from the list based on the location
[<index>|all] specified by <index>.
approve all Approves all access points in the list.
Example
admin(network.wlan.rogueap.approvedlist)>approve 1
admin(network.wlan.rogueap.approvedlist)>approve all
Related Commands
erase Erases all access points in the list.

3.36.3 Network WLAN Rogueap Approvedlist erase Command
erase
Erases the approved AP list.
Syntax
erase all
Parameters
none
Example
admin(network.wlan.rogueap.approvedlist)>erase all
admin(network.wlan.rogueap.approvedlist)>show
approved ap list
++++++++++++++++
approved list ageout : 30 minutes
index ap essid
----- -- ------
Related Commands
approve Adds an Access Port to the approved list.

show Displays the approved list.
3.36.4 Network WLAN Rogueap Approvedlist show Command
show
Shows the approved AP list.
Syntax
show
Parameters
None
Example
admin(network.wlan.rogueap.approvedlist)>show
approved ap list
++++++++++++++++
approved list ageout : 30 minutes
index ap essid
----- -- ------
Related Commands
approve Adds an AP to the approved list.

3.37 Network WLAN Rogue AP Roguelist Commands
roguelist
Displays the rogue AP list submenu.
Syntax
admin(network.wlan.rogueap)> roguelist
admin(network.wlan.rogueap.roguelist)>

show Displays the rogue list entries. page 3-204
locate Goes to the submenu for locating a rogue AP. page 3-207
muscan Goes to the submenu for on-demand MU polling. page 3-210
ageout Displays the ageout time for a rogue list entry. page 3-201
approve Approves a rogue AP. page 3-202
erase Erases the list. page 3-203
set Sets rogue AP related parameters page 3-205
deauth Configuration related to Rogue AP Containment. page 3-206
3.37.1 Network WLAN Rogue AP Roguelist ageout Command
ageout
Displays the ageout time for a rogue list entry.
Syntax
ageout <time>
Parameters
ageout <time> Sets the ageout time for the entry associated to <time> (11000) minutes.
Example
admin(network.wlan.rogueap.roguelist)>ageout 50
Related Commands
locate Locates a rogue AP.

show Shows the rogue AP list parameters and entries.
3.37.2 Network WLAN Rogue AP Roguelist approve Command
approve
Moves a rogue AP into the approved AP list.
Syntax
approve [<index>|all]
Parameters
approve approve <index> Puts the rogue AP <index> into the approved AP list.
[<index>|all] approve all Puts all the entries of the rogue list into the approved AP list.
Example
admin(network.wlan.rogueap.approvedlist)>approve all
Related Commands
show Shows the rogue list entries.

3.37.3 Network WLAN Rogue AP Roguelist erase Command
erase
Erases the rogue AP list.
Syntax
erase all
Parameters
None
Example
admin(network.wlan.rogueap.roguelist)>erase all
Example
show Lists all entries in the rogue AP list.

3.37.4 Network WLAN Rogue AP Roguelist show Command
show
Displays the rogue list entries.
Syntax
show [all|<index>|deauth-list]
Parameters
show Displays Rogue AP lists.

[all|<index>|deauth- all Displays the complete list of rogue APs.
list]
<index> Displays detailed information for the rogue AP with index number
<index>.
deauth-list Displays the Rogue AP Containment list
Example
admin(network.wlan.rogueap.roguelist)>show all
rogue ap list
++++++++++++++++++++
rogue list ageout : 0 minutes
-------------------------------------------------------------------------
Idx AP Essid Channel
-------------------------------------------------------------------------
Related Commands
locate Locates a rogue AP.

approve Approves a rogue AP
3.37.5 Network WLAN Rogue AP Roguelist set Command
set
Sets rogue list parameters.
Syntax
set [rap-containment|deauth-interval|deauth-all]
set RAP-Containment <mode>

set deauth-interval <interval>
set dauth-all <mode>
Syntax:
RAP-Containment Enables or disables Rogue AP Containment feature.

<mode>
deauth-interval Sets the Rogue AP de-authentication interval to <interval> (1300) seconds. This
<interval> is the time after which MUs associated to a Rogue AP is deauthenticated.
deauth-all <mode> Enables or disables deauthenticating all rogue APs in the containment list.
Example
admin(network.wlan.rogueap)>set RAP-Containment enable
admin(network.wlan.rogueap)>set deauth-interval 10
admin(network.wlan.rogueap)>set deauth-all enable
Related Commands
show Displays the rogue AP parameters.

3.37.6 Network WLAN Rogue AP Roguelist deauth Command
deauth
Manages the Rogue AP Containment list by adding APs, their MAC address to the list and deleting APs from
the list.
Syntax
deauth [add-to-list|add-mac-to-list|remove-from-list] <index>
deauth all
Parameters
deauth [add-to- Adds or removes APs from the ACL.

list|add-mac-to- add-to-list <index> Adds an AP to the Rogue AP containment list at the position
list|remove-from-list] specified by <index>.
<index>
add-mac-to-list <index> Adds the MAC address of a Rogue AP to the Rogue AP
containment list at the position specified by <index>.
remove-from-list <index> Removes a MAC from the Rogue AP Containment
list.
deauth all Removes all the contents from the Rogue AP Containment list
Example
Editors Note : Example to be provided.

3.38 Network WLAN Rogue AP Rogue List Locate Commands
locate
Network WLAN Rogue AP Roguelist Commands
Displays the locate submenu.
Syntax
admin(network.wlan.rogueap.roguelist)> locate
admin(network.wlan.rogueap.roguelist.locate)>

start Starts locating a rogue AP. page 3-209
list Lists results of the locate rogue AP scan. page 3-211
3.38.1 Network WLAN Rogue AP Rogue List Locate list Command
list
Network WLAN Rogue AP Rogue List Locate Commands
Lists the results of the locate rogue AP scan.
Syntax
list
Parameters
None
Example
admin(network.wlan.rogueap.roguelist.locate)>list
Related Commands
start Starts the rogue AP location process.

3.38.2 Network WLAN Rogue AP Rogue List Locate start Command
start
Network WLAN Rogue AP Rogue List Locate Commands
Locates a rogue AP.
Syntax
start <MAC> <ESSID>
Parameters
start <MAC> <ESSID> Starts locating a rogue AP where <MAC> is the MAC address (or BSSID) of the
rogue AP, and <essid> is the ESSID for the rogue AP.
Example
admin(network.wlan.rogueap.roguelist.locate)>start 00A0f8fe2344 wlan-engg
Related Commands
list Lists information for the rogue AP found during the scan.
3.39 Network WLAN Rogue AP Rogue List MU Scan Commands
muscan
Displays the MU scan submenu.
Syntax
admin(network.wlan.rogueap.roguelist)> muscan
admin(network.wlan.rogueap.roguelist.muscan)>

start Starts a rogue AP scan using on-demand MU polling. page 3-212
list Lists the rogue APs found during the scan. page 3-211
3.39.1 Network WLAN Rogue AP Rogue List MU Scan list Command
list
Lists the results of the locate rogue AP scan.
Syntax
list
Parameters
None
Example
admin(network.wlan.rogueap.roguelist.muscan)>list
Related Commands
start Starts the MU scan process.

3.39.2 Network WLAN Rogue AP Rogue List MU Scan start Command
start
Starts an on-demand MU polling for rogue APs.
Syntax
start <MAC> <ESSID>
Parameters
start <MAC> <ESSID> Starts locating a rogue AP where <MAC> is the MAC address (or BSSID) of the
rogue AP, and <ESSID> is the ESSID for the rogue AP.
Example
admin(network.wlan.rogueap.roguelist.muscan)>start 00A0f8fe2344
Related Commands
list Lists information for the rogue AP found during the scan.
3.40 Network WLAN Rogue AP Rule List Commands
rulelist
Displays the rule list submenu.
Syntax
admin(network.wlan.rogueap)> rulelist
admin(network.wlan.rogueap.rulelist)>

show Displays the rule list. page 3-217
add Adds an entry to the rule list. page 3-214
delete Deletes an entry from the rule list. page 3-216
authsymbolap Authorizes all Symbol APs. page 3-215
3.40.1 Network WLAN Rogue AP Rule List add Command
add
Network WLAN Rogue AP Rule List Commands
Adds an entry to the rule list.
Syntax
add <MAC> <ESSID>
Parameters
add <MAC> <ESSID> Adds an entry into the rule list to allow an AP with the mac address <MAC> and
the ESSID <ESSID>.
Example
admin(network.wlan.rogueap.rulelist)>add 00a0f8f31212 mywlan
admin(network.wlan.rogueap.rulelist)>show
rule list
+++++++++
symbol ap authorization : disabled
index ap essid
----- -- ------
1 00:a0:f8:f3:12:12 mywlan
admin(network.wlan.rogueap.rulelist)>?
Related Commands
show Shows the entries in the rule list.

3.40.2 Network WLAN Rogue AP Rule List authsymbolap Command
authsymbolap
Authorizes all Symbol APs.
Syntax
authsymbolap <mode>
Parameters
authsymbolap <mode> Enables or disables automatic authorization of all Symbol APs. <mode> can be
enable or disable.
Example
admin(network.wlan.rogueap.rulelist)>auth enable
rule list
+++++++++
symbol ap authorization : enabled
index ap essid
----- -- ------
1 00:a0:f8:f3:12:12 mywlan
Related Commands
show Shows all the rules in the rule list and shows status of the Symbol AP automatic authorization.
3.40.3 Network WLAN Rogue AP Rule List delete Command
delete
Deletes an entry from the rule list.
Syntax
delete [all|<idx>]
Parameters
delete [all|<idx>] Deletes entries in the rule list.

all Deletes all entries in the rule list.
<idx> Deletes the entry at the <idx> index in the rule list.
Example
admin(network.wlan.rogueap.rulelist)>delete all
rule list
+++++++++
index ap essid
----- -- ------
Related Commands
show Displays the entries in the rule list.

3.40.4 Network WLAN Rogue AP Rule List show Command
show
Displays the rule list.
Syntax
show
Parameters
None
Example
rule list
+++++++++
index ap essid
----- -- ------
1 00:a0:f8:f3:12:12 mywlan
Related Commands
delete Deletes entries from the rule list.

add Adds entries to the rule list.
3.41 Network WLAN Enhanced Rogue AP Commands
enhancedrogueap
Displays the Enhanced Rogue AP detection submenu.
Syntax
admin(network.wlan)> enhancedrogueap
admin(network.wlan.enhancedrogueap)>

show Displays the Enhanced Rogue AP parameters. page 3-219
set Sets the Enhanced Rogue AP parameters page 3-220
3.41.1 Network WLAN Enhanced Rogue AP show Command
show
Network WLAN Enhanced Rogue AP Commands
Displays the Enhanced Rogue AP parameters.
Syntax
show
Parameters
None
Example
admin(network.wlan.enhancedrogueap)>show
Enhanced RAP mode : disabled

ERAP scan interval : 10 seconds
ERAP scan duration : 100 milli seconds
Channel Set for Radio A :
Channel Set for Radio B/G :
admin(network.wlan.enhancedrogueap)>
3.41.2 Network WLAN Enhanced Rogue AP set Command
set
Network WLAN Enhanced Rogue AP Commands
Sets the Enhanced Rogue AP parameters.
Syntax
set [mode|scaninterval|scanduration|A_channels|BG_channels|erase]
set mode <mode>

set scaninterval <scaninterval>
set scanduration <scanduration>
set A_channel {channelset}
set BG_channel {channelset}
set erase
Parameters
mode <mode> Enables or disables the Enhanced Rogue AP feature

scaninterval Sets the Enhanced Rogue AP feature scan interval.
<scaninterval>
scanduration Sets the Enhanced Rogue AP feature scan duration
<scanduration>
A_channels Sets A channels to scan for Enhanced Rogue AP feature.
{<channelset>} <channelset> (Optional) Enter a list of valid channels for A Radio.
BG_channels Sets BG channels to scan for Enhanced Rogue AP feature
{<channelset>} <channelset> (Optional) Enter a list of valid channels for b/g Radio.
erase Clears the Enhanced Rogue AP feature list.
Example
admin(network.wlan.enhancedrogueap)> show
Enhanced RAP mode : disabled

Channel Set for Radio A :
Channel Set for Radio B/G :
admin(network.wlan.enhancedrogueap)> set mode enable
admin(network.wlan.enhancedrogueap)> set scaninterval 33
admin(network.wlan.enhancedrogueap)> set scanduration 110
admin(network.wlan.enhancedrogueap)> set A_channels 36 40
admin(network.wlan.enhancedrogueap)> set BG_channels 1 2 3
admin(network.wlan.enhancedrogueap)> show
Enhanced RAP mode : enabled

Channel Set for Radio A : 36, 40,
Channel Set for Radio B/G : 1, 2, 3,
3.42 Network WLAN MU Probe Commands
muprobe
Displays the MU Probe sub menu.
Syntax
admin(network.wlan)> muprobe
admin(network.wlan.muprobe)>

show Shows the MU Probe Table configuration page 3-222
set Sets the MU Probe Table configuration page 3-223
3.42.1 Network WLAN MU Probe show Command
show
Network WLAN MU Probe Commands
Displays the MU Probe Table configuration information.
Syntax
show
Parameters
None
Example
admin(network.wlan.muprobe)> show
mu probe table : disabled

mu probe table size : 200 MUs (number of rows could be more)
mu probe window : 30 seconds
3.42.2 Network WLAN MU Probe set Command
set
Network WLAN MU Probe Commands
Sets the different MU Probe Table configurations.
Syntax
set [mode|size|erase|windows]
set mode <mode>

set size <size>
set erase
set window <value>
Parameters
mode <mode> Enables or disables MU Probe scans. <mode> can be enable or disable.
size <size> Sets the size <size> in number of rows of the MU Probe Table.
erase Erases the MU Probe Table
window <value> Sets the MU Probe time window to <value> (5-300) seconds.
Example
mu probe table : disabled

admin(network.wlan.muprobe)> set mode enable

admin(network.wlan.muprobe)> set size 100
admin(network.wlan.muprobe)> set window 50
mu probe table : enabled

3.43 Network WLAN Hotspot Commands
hotspot
Displays the Hotspot sub menu.
Syntax
admin(network.wlan)> hotspot
admin(network.wlan.hotspot)>

set Sets the hotspot parameters page 3-225
show Displays the hotspot parameters page 3-227
import Imports hotspot display pages page 3-228
radius Sets hotspot RADIUS configuration. Goes to a submenu. page 3-229
white-list Sets the hotspot white-list. Goes to a submenu. page 3-233
3.43.1 Network WLAN Hotspot set Command
set
Network WLAN Hotspot Commands
Sets the different Hotspot parameters.
Syntax
set [mode|page-loc|exturl|http-mode|hotspot-session-timeout|
hotspot-cred-cache]
set mode <idx> <mode>

set page-loc <idx> <page-loc>
set exturl <idx> <page> <url>
set http-mode <idx> <http-mode>
set hotspot-session-timeout <timeout>
set hotspot-cred-cache <hotspot-cred-cache>
Parameters
mode <idx> <mode> Enables or disables hotspot for a WLAN with the index value <idx> (1-
8).
page-loc <idx> <page-loc> Sets the location of the welcome page for Hotspot for a WLAN with the
index <idx> (1-8). <page-loc> can be one of default, cf, url.
When <page-loc> is default, the default pages are shown.
When <page-loc> is cf, the pages for login, welcome, and fail are
stored on the CF card and are displayed from there.
When <page-loc> is url, the pages are displayed from a URL. The
URL information is provided through the set exturl command.
exturl <idx> <page> <url> Sets the URL locations for the hotspot login, welcome, and fail pages
for a WLAN with the index value <idx> (1-8). <page> should be one of
login, welcome, or fail and indicates the page type. <url> is the fully
qualified path to the page indicated by the <page> value.
http-mode <idx> <http-mode> Sets the HTTP mode for the hotspot for the WLAN with index
<idx> (1-8). <http-mode> can be one of http or https. HTTP indicates
that connections to the hotspot does not use security. HTTPS indicates
use of security.
hotspot-session-timeout Sets the timeout value for the hotspot to <hotspot-session-timeout>
<hotspot-session-timeout> minutes. This value is global and is applicable to all WLANs. The
default value for <hotspot-session-timeout> is 20 minutes and the
maximum value that can be entered is 1440 minutes (1 day).
hotspot-cred-cache Enables or disables hotspot user credential caching for the WS2000.
<hotspot-cred-cache>
Example
admin(network.wlan.hotspot)> show hotspot 1
WLAN 1
Hotspot Mode : disable
Hotspot Page Location : default
External Login URL :
External Welcome URL :
External Fail URL :

Http Mode : https
admin(network.wlan.hotspot)> set mode 1 enable

admin(network.wlan.hotspot)> set page-loc 1 url
admin(network.wlan.hotspot)> set exturl 1 login //192.168.1.10/wlan1/
hotspt/login.htm
admin(network.wlan.hotspot)> set exturl 1 welcome //192.168.1.10/wlan1/
hotspt/welcome.htm
admin(network.wlan.hotspot)> set exturl 1 fail //192.168.1.10/wlan1/
hotspt/fail.htm
WLAN 1
Hotspot Mode : enable
Hotspot Page Location : url
External Login URL : //192.168.1.10/wlan1/hotspt/login.htm
External Welcome URL : //192.168.1.10/wlan1/hotspt/
welcome.htm
External Fail URL : //192.168.1.10/wlan1/hotspt/fail.htm
Http Mode : https
3.43.2 Network WLAN Hotspot show Command
show
Displays the different hotspot configuration settings.
Syntax
show [hotspot|white-list|hs-session-timeout|hs-cred-cache]
show hotspot <idx>

show white-list <idx>
Parameters
hotspot <idx> Displays the hotspot configuration settings.

white-list <idx> Displays the white list rules.
hs-session-timeout Displays the global hotspot session timeout value.
hs-cred-cache Displays the enable/disable status for hotspot user credentials caching.
Example
WLAN 1
Hotspot Mode : enable
Hotspot Page Location : url
External Login URL : //192.168.1.10/wlan1/hotspt/login.htm
External Welcome URL : //192.168.1.10/wlan1/hotspt/
welcome.htm
External Fail URL : //192.168.1.10/wlan1/hotspt/fail.htm
Http Mode : https
admin(network.wlan.hotspot)> show white-list 1
WhiteList Rules
-------------------------------------------------------------------------
Idx IP Address
-------------------------------------------------------------------------
1 192.168.1.32
2 192.168.1.45
3 192.168.1.55
4 192.168.1.56
admin(network.wlan.hotspot)> show hs-session-timeout

Hotspot Session Timeout : 10
admin(network.wlan.hotspot)> show hs-cred-caching

Hotspot Credential Cache Mode : Disabled
3.43.3 Network WLAN Hotspot Import Command
import
Imports the html pages for the welcome, login, and fail screens.
Syntax
import <idx> <page>
Parameters
import <idx> <page> Imports the specified page for the WLAN with index <idx> (1-8). <page> must be
one of login, welcome, or fail. Paste the html page into the console.
Example
admin(network.wlan.hotspot)> import 1 login
Enter 'Ctrl C' to abort. Paste the HTML Page:
<html>
<Head>
<title>Office1 WLAN - Login Page</title>
</head>
<body>
<h1 align="center">Office1 Wireless LAN - Login Page</h1>
<HR width=50%>
<p align ="center"><b>Please enter your login information below</b></p>
<form action="login.asp>
<center>
<table width=25%>
<tr>
<tD>User Name</td>
<td><input > </input></td>
</tr>
<tr>
<td>Password</td>
<td><input type=password> </input></td>
</tr>
</table>
<br>
<button type=submit>
<strong>Login</strong>
</button>
<hr width=50%>
<p>Page usage monitored and IP captured. Do not login if not
authorized.</p>
</center>
</form>
</body>
</html>
3.44 Network WLAN Hotspot RADIUS commands
radius
Displays the RADIUS server commands for hotspot. RADIUS is used to authenticate hotspot users.
Syntax
admin(network.wlan.hotspot)> radius
admin(network.wlan.hotspot.radius)>

show Shows RADIUS configuration settings. page 3-230
set Sets RADIUS configuration page 3-231
3.44.1 Network WLAN Hotspot RADIUS show Command
show
Network WLAN Hotspot RADIUS commands
Displays the RADIU ?S server information for each hotspot.
Syntax
show radius <idx>
Parameters
show radius <idx> Displays the RADIUS information for the WLAN with the index <idx> (1-8).
Example
admin(network.wlan.hotspot.radius)> show radius 1
Primary Server Ip adr : 127.0.0.1
Primary Server Port : 1812
Primary Server Secret : ******
Secondary Server Ip adr : 0.0.0.0
Secondary Server Port : 1812
Secondary Server Secret : ******
Accounting Mode : disable
Accounting Timeout : 1
Accounting Retry-count : 1
3.44.2 Network WLAN Hotspot RADIUS set Command
set
Network WLAN Hotspot RADIUS commands
Configures the RADIUS server information for hotspots for each WLAN.
Syntax
set [server|port|secret|acct-mode|acct-timeout|acct-retry|
bind-interface|auth-mode]
set server <idx> <srvr_type> <ipadr>

set port <idx> <srvr_type> <port>
set secret <idx> <srvr_type> <secret>
set acct-mode <idx> <mode>
set acct-timeout <idx> <timeout>
set acct-retry <idx> <retry_count>
set bind-interface <idx> <server> <interface>
set auth-mode <idx> <mode>
Parameters
server <idx> <srvr_type> Sets the IP address <ipadr> of the RADIUS server for the WLAN with
<ipadr> index <idx> (1-8). The <srvr_type> (primary, secondary) identifies the
RADIUS server as a primary or a secondary server.
port <idx> <srvr_type> <port> Sets the port <port> of the RADIUS server for the WLAN with the index
<idx> (1-8). The <srvr_type> (primary, secondary) identifies the
RADIUS server as a primary or a secondary server.
secret <idx> <srvr_type Sets the secret <secret> for accessing the RADIUS server for the WLAN
<secret> with the index <idx> (1-8). The <srvr_type> (primary, secondary)
identifies the RADIUS server as a primary or a secondary server.
acct-mode <idx> <mode> Enables or disables accounting mode for the RADIUS server for the
WLAN with the index <idx> (1-8). When enabled, RADIUS accounting
log is written to the CF card when the RADIUS server is not reachable.
acct-timeout <idx> <timeout> Sets the time duration <timeout> (1-255) seconds after which RADIUS
logs are written to the CF card.
acct-retry <idx> <retry-count> Sets the number of re-tries <retry-count> (1-10) made before RADIUS
logs are written to the CF card.
bind-interface <idx> <server> Binds the RADIUS server type <server> (Primary or Secondary) to the
<interface> interface <interface> (one of s1-s6, w, none - s1- Subnet 1, s2-subnet 2,
...s6-Subnet 6, w-wan) for the WLAN <idx> (18).
auth-mode <idx> <mode> Sets the radius authentication mode to either PAP or CHAP. This is used
to encrypt authentication packets when authenticating with radius
servers located on the WAN side of WS2000.
Example
admin(network.wlan.hotspot.radius)> set server 1 primary 192.169.1.222
admin(network.wlan.hotspot.radius)> set server 1 secondary 192.169.1.223
admin(network.wlan.hotspot.radius)> set port 1 primary 1812
admin(network.wlan.hotspot.radius)> set port 1 secondary 1812
admin(network.wlan.hotspot.radius)> set secret 1 primary hello1
admin(network.wlan.hotspot.radius)> set secret 1 secondary hello2

admin(network.wlan.hotspot.radius)> set acct-mode 1 enable
admin(network.wlan.hotspot.radius)> set acct-timeout 1 90
admin(network.wlan.hotspot.radius)> set acct-retry 1 8
admin(network.wlan.hotspot.radius)> set bind-interface 1 primary s1
admin(network.wlan.hotspot.radius)> set auth-mode 1 PAP
admin(network.wlan.hotspot.radius)>show radius 1
Primary Server Ip adr : 192.168.1.222
Primary Server Port : 1812
Primary Server Secret : ******
Primary client bind interface : s1
Secondary Server Ip adr : 192.169.1.223
Secondary Server Port : 1812
Secondary Server Secret : ******
Secondary client bind interface : none
Accounting Mode : disable
Accounting Timeout : 10
Accounting Retry-count : 3
RADIUS auth-mode : PAP
admin(network.wlan.hotspot.radius)>
3.45 Network WLAN Hotstpot White-list Commands
white-list
Displays the White-list submenu. White-list is a list of devices that can use the hotspot.
Syntax
admin(network.wlan.hotspot)> white-list
admin(network.wlan.hotspot.whitelist)>

add Adds hotspot white-list entries. page 3-234
clear Clears the hotspot white-list entries. page 3-236
show Displays the hotspot white-list entries. page 3-236
3.45.1 Network WLAN Hotspot White-list add Command
add
Network WLAN Hotstpot White-list Commands
Adds an entry to the WLAN hotspot white-list. White-list is a list of devices that can access the hotspot.
Syntax
add rule <wlan_idx> <ipadr>
Parameters
add rule <wlan_idx> Adds an IP entry <ipadr> to the White-list for the WLAN specified by the index
<ipadr> <wlan_idx> (1-8)
Example
admin(network.wlan.hotspot.whitelist)> add rule 1 192.168.1.67
admin(network.wlan.hotspot.whitelist)> show white-rules 1
WhiteList Rules
-------------------------------------------------------------------------
Idx IP Address
-------------------------------------------------------------------------
1 192.168.1.32
2 192.168.1.45
3 192.168.1.55
4 192.168.1.56
5 192.168.1.67
3.45.2 Network WLAN Hotspot White-list clear Command
clear
Clears or deletes the WLAN hotspot white-list entries.
Syntax
clear rule [all|<wlan_idx> [all|<ipadr>]]
clear rule all

clear rule <wlan_idx> all
clear rule <wlan_idx> <ipadr>
Parameters
clear rule [all|<wlan_idx> clear rule all Clears all the hotspot white-list entries.
[all|<ipadr>]] clear rule <wlan_idx> all Clears all the hotspot white-list entries for
the WLAN specified by the <wlan_idx> (1-8) value.
clear rule <wlan_idx> <ipadr> Clears a specific IP address <ipadr>
from the hotspot white-list entries for the WLAN specified by the
<wlan_idx> (1-8) value.
Example
WhiteList Rules
-------------------------------------------------------------------------
Idx IP Address
-------------------------------------------------------------------------
1 192.168.1.32
2 192.168.1.45
3 192.168.1.55
4 192.168.1.56
5 192.168.1.67
admin(network.wlan.hotspot.whitelist)> clear rule 1 192.168.1.67

WhiteList Rules
-------------------------------------------------------------------------
Idx IP Address
-------------------------------------------------------------------------
1 192.168.1.32
2 192.168.1.45
3 192.168.1.55
4 192.168.1.56
admin(network.wlan.hotspot.whitelist)> clear rule all

WhiteList Rules
-------------------------------------------------------------------------
Idx IP Address
-------------------------------------------------------------------------
3.45.3 Network WLAN Hotspot White-list show Command
show
Displays the WLAN hotspot white-list entries.
Syntax
show white-rules <idx>
Parameters
show white-rule <idx> Displays the hotspot white-list for the WLAN with the index <idx> (1-8).
Example
WhiteList Rules
-------------------------------------------------------------------------
Idx IP Address
-------------------------------------------------------------------------
1 192.168.1.32
2 192.168.1.45
3 192.168.1.55
4 192.168.1.56
5 192.168.1.67
3.46 Network WLAN WLAN IP Fiter Policy Commands
wlanipfpolicy
Displays the WLAN IP Filter Policy submenu.
Syntax
admin(network.wlan)> wlanipfpolicy
admin(network.wlan.wlanipfpolicy)>

set Sets the WLAN IP Filter Policy configurations. page 3-238
add Adds entries to the WLAN IP Filter table. page 3-239
del Deletes entries from the WLAN IP Filter table. page 3-240
show Displays the WLAN IP filter table. page 3-241
3.46.1 Network WLAN WLAN IP Filter Policy set Command
set
Network WLAN WLAN IP Fiter Policy Commands
Sets the WLAN IP filter policy configuration. IP Filters have to be set up through the Network > IPFilter menu.
Syntax
set [ipf-mode|default]
set ipf-mode <wlan-idx> <ipf-mode>

set default [incoming|outgoing] <wlan-idx> <action>
Syntax:
ipf-mode <wlan-idx> Sets the IP filter mode <ipf-mode> (enable/disable) for the WLAN with
<ipf-mode> the index <idx> (1-8).
default [incoming|outgoing] incoming Sets the default incoming action to <action> (allow/deny)
<wlan-idx> <action> for IP filtering for he WLAN with the index <idx> (1-8).
outgoing Sets the default outgoing action to <action> (allow/deny) for
IP filtering for he WLAN with the index <idx> (1-8).
Example
admin(network.wlan.wlanipfpolicy)> show 1
-------------------------------------------------------------------------
-------------------------------------------------------------------------
IP Filter Mode : disable

Default Incoming Action : deny
admin(network.wlan.wlanipfpolicy)> set ipf-mode 1 enable

admin(network.wlan.wlanipfpolicy)> set default outgoing 1 allow
admin(network.wlan.wlanipfpolicy)> set default incoming 1 allow
admin(network.wlan.wlanipfpolicy)>show 1
-------------------------------------------------------------------------
-------------------------------------------------------------------------

3.46.2 Network WLAN WLAN IP Filter Policy add Command
add
Adds a new IP Filter association table entry. IP Filters have to be set up through the Network > IPFilter menu.
Syntax
add <wlan-idx> <filter-name> <direction> <action>
Parameters
add <wlan-idx> <filter-name> <direction> <action>

Adds a new IP Filter association table entry. The <filter-name> is the name of the filter to be
added to the WLAN specified by the <wlan-idx> (1-8). The <direction> could be incoming or
outgoing. The <action> could be allow or deny.
Example
admin(network.wlan.wlanipfpolicy)> add 1 allow_tcp incoming allow
admin(network.wlan.wlanipfpolicy)> add 1 allow_tcp outgoing deny
-------------------------------------------------------------------------
-------------------------------------------------------------------------
allow_tcp incoming allow
allow_tcp outgoing deny

3.46.3 Network WLAN WLAN IP Filter Policy del Command
del
Deletes a entry from the IP Filter association table.
Syntax
del <wlan-idx> [all|<index>]
Syntax:
delete <wlan-idx> Deletes an IP Filter association table entry. The WLAN is specified by the
[all|<index>] <wlan-idx> (1-8). <index> indicates the filter to delete. all is used to delete
all entries from the IP Filter association table.
Example
-------------------------------------------------------------------------
-------------------------------------------------------------------------

admin(network.wlan.wlanipfpolicy)> del 1 2
-------------------------------------------------------------------------
-------------------------------------------------------------------------

3.46.4 Network WLAN WLAN IP Filter Policy show Command
show
Displays the contents of the IP Filter association table.
Syntax
show <wlan-idx>
Parameters
show <wlan-idx> Displays the IP filter association table for the WLAN with the index <wlan-idx> (1-8).
Example
-------------------------------------------------------------------------
-------------------------------------------------------------------------

3.47 Network Port Commands
port
network
Displays the port configuration submenu.
Syntax
admin(network)>port
admin(network.port)>

show Shows the port configuration settings. page 3-244
set Sets the port configuration page 3-243
3.47.1 Network Port set Command
set
Network Port Commands
Sets the port configuration parameters.
Syntax
set [auto-negotiation|speed|duplex]
set auto-negotiation <idx> <auto-negotiation>

set speed <idx> <speed>
set duplex <idx> <duplex>
Parameters
auto-negotiation Enables or disables auto negotiation. When enabled, the port negotiates the speed
<idx> <auto- and the duplex type. <auto-negotiation> can be one of enable or disable. <idx>
negotiation> (port1-port6, wan) is the port number.
speed <idx> Sets the speed for the port with the index <idx> (port1-port6, wan). Set <speed>
<speed> from 10M or 100M.
duplex <idx> Sets the duplex mode for the port with the index <idx> (port1-port6, wan). Set the
<duplex> <duplex> value from full or half.
Example
admin(network.port)> show port1
auto-negotiation : disable
speed : 10M
duplex : half
admin(network.port)> set auto-negotiation port1 enable

admin(network.port)> set speed port1 100M
admin(network.port)> set duplex port1 full
auto-negotiation : enable
speed : 100M
duplex : full
3.47.2 Network Port show Command
show
Network Port Commands
Displays the port configuration parameters.
Syntax
show <idx>
Parameters
show <idx> Displays the port configuration settings for the port <idx> (port1-port6, wan).
Example
auto-negotiation : enable
speed : 100M
duplex : full
3.48 Network IP Filter Commands
ipfilter
network
Displays the IP Filter submenu.
IP based filtering allows administrators to configure Incoming and Outgoing IP filtering policies on packets
within the same Subnet / WLAN and between wired and wireless hosts. Filters can be set up based on IP
Address or as a default rule for all IPs in a given direction.
Syntax
admin(network)> ipfilter
admin(network.ipfilter)>

add Adds a filter to the global IP Filter table. page 3-246
del Deletes a filter from the global IP Filter table. page 3-247
show Shows the global IP Filter table. page 3-248
3.48.1 Network IP Filter add Command
add
Network IP Filter Commands
Adds an entry into the global IP Filter table.
Syntax
add <filter-name> <protocol> <port> <start-src-address> <end-src-address>
<start-dest-address> <end-dest-address>
Parameters
add <filter-name> <protocol> <port> <start-src-address> <end-src-address> <start-dest-address> <end-

dest-address>
Adds an IP Filter with <filter-name> to the IP Filter table.
<protocol> can be one of tcp, udp, icmp, pim, gre, rsvp, idp, pup, egp, ipip, esp, ah, igmp,
ipv6, compr_h, raw_ip.
<port> is the port number. Could also be all.
<start-src-address> to <end-src-address> is the source ip range for which this filter is applied
<start-dest-address> to <end-dest-address> is the destination ip range for which this filter is
applied.
Example
admin(network.ipfilter)> add port80tcp TCP 80 192.168.1.100 192.168.1.250
0.0.0.0 0.0.0.0
admin(network.ipfilter)> show
-------------------------------------------------------------------------
Filter-Name Protocol-Port Start-End-Src-IP Start-End-Dst-IP
In-Use
-------------------------------------------------------------------------
allow_tcp TCP 0.0.0.0 0.0.0.0
YES
ALL 0.0.0.0 0.0.0.0
allow_udp UDP 0.0.0.0 0.0.0.0
NO
ALL 0.0.0.0 0.0.0.0
port80tcp TCP 192.168.1.100 0.0.0.0
NO
80 192.168.1.250 0.0.0.0
3.48.2 Network IP Filter del Command
del
Deletes an entry from the global IP Filter table.
Syntax
del [all|<idx>]
Parameters
del [all|<index>] Deletes IP Filter table entries.

del <index> Deletes the global IP Filter table entry at <index>.
del all Deletes all entries of the global IP Filter table.
Example
admin(network.ipfilter)> del 3
-------------------------------------------------------------------------
In-Use
-------------------------------------------------------------------------
allow_tcp TCP 0.0.0.0 0.0.0.0
YES
ALL 0.0.0.0 0.0.0.0
allow_udp UDP 0.0.0.0 0.0.0.0
NO
ALL 0.0.0.0 0.0.0.0
3.48.3 Network IP Filter Shlow Command
show
Displays the global IP Filter table.
Syntax
show
Parameters
None
Example
-------------------------------------------------------------------------
In-Use
-------------------------------------------------------------------------
allow_tcp TCP 0.0.0.0 0.0.0.0
YES
ALL 0.0.0.0 0.0.0.0
allow_udp UDP 0.0.0.0 0.0.0.0
NO
ALL 0.0.0.0 0.0.0.0
3.49 Network WIPS Command
wips
network
Description:
Displays the Wireless Intrusion Protection System (WIPS) submenu.
Syntax
admin(network)> wips
admin(network.wips)>

set Sets WIPS parameters. page 3-250
show Displays WIPS parameters page 3-251
list Lists the APs and Sensors discovered. page 3-252
convert Converts APs to dedicated WIPS sensors page 3-253
revert Revers dedicated WIPS sensors to APs page 3-254
update Sends WIPS configuration to the sensors page 3-255
defaults Goes to the Defaults submenu. page 3-256
3.49.1 Network WIPS set Command
set
Network WIPS Command
Enables or disables WIPS.
Syntax
set mode <mode>
Parameters
set mode <mode> Enables or disables WIPS. <mode> can be either enable or disable.
Example
admin(network.wips)> set mode enable
admin(network.wips)> show mode
State : enable
3.49.2 Network WIPS show Command
show
Displays the WIPS parameters.
Syntax
show mode
Parameters
None
Example
admin(network.wips)> show mode
State : enable
3.49.3 Network WIPS list Command
list
Lists the adopted APs and detected sensors for WIPS.
Syntax
list [sensors|aps]
Parameters
list [sensors|aps] list aps Lists the sensor APs

list sensors Lists the discovered APs
Example
admin(network.wips)> list sensors
-------------------------------------------------------------------------
Idx Sensor MAC IP address
-------------------------------------------------------------------------
1 00a0f8bf8a70 192.168.0.167
admin(network.wips)> list APs

-------------------------------------------------------------------------
Idx AP MAC Conversion State
-------------------------------------------------------------------------
1 00a0f8bf8a70
3.49.4 Network WIPS convert Command
convert
Converts an existing AP to a dedicated Sensor device. This command is only valid for Motorola AP300.
Syntax
convert <mac1> <mac2> ...
Parameters
convert <mac1> <mac2> Converts the list of AP represented by their MAC addresses <mac1>
... <mac2>... to dedicated sensor devices.
Example
admin(network.wips)> convert 00a0f8bf8a70
Conversion is started in the background

admin(network.wips)> list sensors
-------------------------------------------------------------------------
Idx Sensor MAC IP address
-------------------------------------------------------------------------
1 00a0f8bf8a70 192.168.0.167
3.49.5 Network WIPS revert Command
revert
Reverts a dedicated Sensor device to an AP. This command is only valid for Motorola AP300.
Syntax
revert <mac1> <mac2> ...
Syntax:
revert <mac1> <mac2> Converts the list of Sensors represented by their MAC addresses <mac1>
... <mac2>... to APs.
Example
admin(network.wips)> revert 00a0f8bf8a70
Revert is started in the background

admin(network.wips)> list aps
-------------------------------------------------------------------------
----
Idx AP MAC Conversion State
-------------------------------------------------------------------------
----
1 00a0f8bf8a70
3.49.6 Network WIPS update Command
update
Sends configuration information to dedicated sensor devices.
Syntax
update <mac> <dhcp_mode> <ipaddr> <mask> <dgw> <pwips> {<swips>}
Parameters
update <mac> <dhcp_mode> <ipaddr> <mask> <dgw> <pwips> {<swips>}

Sends the configuration information to the sensor device, where:
<mac> is the MAC address of the sensor device.
<dhcp_mode> is the dhcp mode. Mode can be either client or static.
<ipaddr> is the IP address of the sensor device. This field is only required when the
<dhcp_mode> is static.
<mask> is the subnet mask for the IP address of the sensor device. This field is only required
when the <dhcp_mode> is static.
<dgw> is the default gateway for the sensor device. This field is only required when the
<dhcp_mode> is static.
<pwips> is the IP address of the primary WIPS server.
<swips> is the IP address of the secondary WIPS server. This value is optional.
Example
admin(network.wips)> show sensor 00a0f8bf8a70
Sensor MAC : 00a0f8bf8a70

DHCP Mode : client
IP Address : 192.168.1.107
IP Mask : 255.255.255.0
Default Gateway : 192.168.1.1
Primary WIPS Server : 192.168.0.20
Secondary WIPS Server : 192.168.0.21
admin(network.wips)> update 00a0f8bf8a70 static 192.168.1.108

255.255.255.0 192.168.1.10 192.168 .0.20 192.168.0.21
admin(network.wips)> show sensor 00a0f8bf8a70
Sensor MAC : 00a0f8bf8a70

DHCP Mode : client
IP Address : 192.168.2.100
IP Mask : 255.255.255.0
3.50 Network WIPS Default commands
defaults
Goes to the WIPS default configuration menu.
Syntax
admin(network.wips)>defaults
admin(network.wips.defaults)>
Default Description Ref.

show Shows the WIPS default configuration settings. page 3-258
set Sets the Sensor default configuration for WIPS. page 3-257
3.50.1 Network WIPS set Command
set
Network WIPS Default commands
Sets the default WIPS configuration settings. These settings are used when WIPS configurations are not
changed.
Syntax
set mode <mode>
set [ipaddr|mask|dgw|pwips|swips] <a.b.c.d>
Syntax:
mode <mode> Sets the default mode to enable or disable.

ipaddr Sets the IP address to <a.b.c.d> for the WIPS sensor.
<a.b.c.d>
mask <a.b.c.d> Sets the network mask to <a.b.c.d> for the WIPS sensor
dgw <a.b.c.d> Sets the default gateway for the WIPS sensor to <a.b.c.d>
pwips Sets the primary WIPS server to <a.b.c.d>
<a.b.c.d>
swips Sets the secondary WIPS server to <a.b.c.d>.
<a.b.c.d>
Example
admin(network.wips.default)> set mode enable
admin(network.wips.default)> set ipaddr 192.168.0.10
admin(network.wips.default)> set mask 255.255.255.0
admin(network.wips.default)> set dgw 192.168.0.1
admin(network.wips.default)> set pwips 192.168.0.20
admin(network.wips.default)> set swips192.168.0.21
admin(network.wips.default)> show
DHCP Mode : client

IP Address : 192.168.0.10
IP Mask : 255.255.255.0
3.50.2 Network WIPS show Command
show
Network WIPS Default commands
Displays the default WIPS configuration.
Syntax
show
Parameters
None
Example
admin(network.wips.default)> show
DHCP Mode : client

IP Address : 192.168.0.10
IP Mask : 255.255.255.0
3.51 Network WIDS Commands
wids
network
Displays the Wireless Intrusion Detection System (WIDS) commands.
Syntax
admin(network)>wids
admin(network.wids)>

show Shows WIDS status and statistics page 3-265
set Sets WIDS parameters page 3-261
delete Removes WIDS MU List entries page 3-260
3.51.1 Network WIDS delete Command
delete
Network WIDS Commands
Deletes WIDS MU list entries.
Syntax
delete [all|<idx>]
Parameters
delete [all|<idx>] all Deletes all the MU from the list.

<idx> Deletes MU list entry at the index <idx>.
Example
admin(network.wids)> delete 1
admin(network.wids)> delete all
admin(network.wids)>
3.51.2 Network WIDS set Command
set
Sets the WIDPS parameters.
Syntax
set [mode|detect-window|anomaly-detect|excess-op]
set mode <mode>

set detect-window <detect-window>
set anomaly-mode [mode|filter-ageout]
set anomaly-mode mode <violation-type> <mode>
set anomaly-mode filter-ageout <type> <filter-ageout>
set excess-op [threshold|filter-ageout]
set excess-op threshold [mu|radio|switch] <type> <threshold>
set excess-op filter-ageout <type> <filter-ageout>
Parameters
mode <mode> Enables or disables WIDS. <mode> can be enable or disable.

detect-window Sets the duration for which WIDS information is collected to <detect-window> (5-
<detect-window> 300) seconds. Once collected, the information is sent for analysis. The deafult value for
<detect-window> is 10 seconds.
anomaly-detect Configures the anomaly detection mode.

[mode|filter- mode <violation-type> <mode> Enables or disables anomaly detection for each
ageout] violation type <violation-type>. <mode> can be enable or disable.
<violation-type> can be one of the following:
all - all the anomalies.
null-dst - NULL destination MAC anomaly
same-src-dst - Same source and destination IP anomaly
mcas-src - Multicast source MAC anomaly
weak-wep-iv - Weak WEP initialization vector anomaly
tkip-cntr-meas - TKIP Countermeasures anomaly
invalid-frame-len - Invalid frame length anomaly
filter-ageout <type> <filter-ageout> Sets the number of seconds a mobile unit is
filtered out.
<type> is the violation type and can be one of:
<filter-ageout> (0-86400) is the ageout value in seconds. Default is 60 seconds.
0 disables this option.
excess-op Sets the threshold of events allowed in the detection window per MU.
[threshold|filter- threshold [mu|radio|switch] <type> <threshold> Sets the threshold values for mu,
ageout] radio, or switch.
all - all types of excessive operations
probe-req - Probe Request frames
auth-assoc-req - 802.11 Authentication and Association Request
deauth-disassoc-req - Disassociation and Deauthentication frames
auth-fails - Failures reported by Authentication servers
crypto-replay-fails - TKIP/CCMP IV replay check failure
80211-replay-fails - 802.11 replay check failure
decrypt-fails - decryption failures
unassoc-frames - frames from unassociated stations
eap-starts - EAP (802.1x) Start frames
<threshold> (0-65535) is the threshold value in seconds, 0 disables this option
filter-ageout <type> <filter-ageout> Sets the number of seconds a mobile unit is
filtered out.
<filter-ageout> (0-86400) is the ageout value in seconds. Default is 60 seconds.
0 disables this option.
Example
admin(network.wids)> set mode enable
admin(network.wids)> set detect-window 25
admin(network.wids)> set anomaly-detect mode all enable
admin(network.wids)> set anomaly-detect filter-ageout all 120
admin(network.wids)> set excess-op threshold mu all 80
admin(network.wids)> set excess-op filter-ageout all 80
admin(network.wids)> show wids
WIDS feature is : Enabled

Detect Window : 10 (Secs)
Excessive Operations :: Threshold (0 == disabled) Filter-Ageout

(Secs)
-------------------- mu radio switch
probe-req : 80 0 0 80
auth-assoc-req : 80 0 0 80
deauth-disassoc-req : 80 0 0 80
auth-fails : 80 0 0 80
crypto-replay-fails : 80 0 0 80
80211-replay-fails : 80 0 0 80
decrypt-fails : 80 0 0 80
unassoc-frames : 80 0 0 80
eap-starts : 80 0 0 80
Anomaly Analysis :: Status Filter-Ageout (Secs)

----------------
null-dst : enabled 120
same-src-dst : enabled 120
mcast-src : enabled 120
weak-wep-iv : enabled 120
tkip-cntr-meas : enabled 120
invalid-frame-len : enabled 120
3.51.3 Network WIDS show Command
show
Displays the default WIDS configuration settings
Syntax
show [wids|filter]
Parameters
show [wids|filter] wids Displays the default WIDS configuration values.

filter Displays the filter configuration values.
Example
admin(network.wids)> show wids
WIDS feature is : Enabled

Detect Window : 10 (Secs)
Excessive Operations :: Threshold (0 == disabled) Filter-Ageout

(Secs)
-------------------- mu radio switch
probe-req : 80 0 0 80
auth-assoc-req : 80 0 0 80
deauth-disassoc-req : 80 0 0 80
auth-fails : 80 0 0 80
crypto-replay-fails : 80 0 0 80
80211-replay-fails : 80 0 0 80
decrypt-fails : 80 0 0 80
unassoc-frames : 80 0 0 80
eap-starts : 80 0 0 80
Anomaly Analysis :: Status Filter-Ageout (Secs)

----------------
null-dst : enabled 120
same-src-dst : enabled 120
mcast-src : enabled 120
weak-wep-iv : enabled 120
tkip-cntr-meas : enabled 120
invalid-frame-len : enabled 120
3.52 Network URL Filter Commands
urlfilter
network
Displays the URL Filter commands
Syntax
admin(network)> urlfilter
admin(network.urlfilter)>

keyword Goes to the Keyword submenu page 3-269
whitelist Goes to the Whitelist submenu page 3-274
blacklist Goes to the Blacklist submenu page 3-278
trustip Goes to the Trusted IP submenu page 3-282
set Sets the URL Filter configuration information page 3-267
show Displays URL Filter configuration information page 3-268
3.52.1 Network URL Filter set Command
set
Network URL Filter Commands
Sets URL FIlter parameters.
Syntax
set [mode|tcp-port|error-msg|action]
set mode <mode>

set tcp-port <tcp-port>
set error-msg <error-msg>
set action <action>
Parameters
mode <mode> Sets the URL Filter mode. <mode> can be enable or disable.
set tcp-port <tcp-port> Sets the TCP Port for URL Filtering to <tcp-port>.
set error-msg <error-msg> Sets the error message to the string <error-msg> for URL Filtering. This error
message is displayed when there is an error while accessing the page the
user had requested.
set action <action> Sets the default action for URL Filtering when reverse DNS look-up fails.
<action> can be one of allow or deny.
Example
admin(network.urlfilter)> show
URL Filter Mode : Disable

TCP Port Number : 0
Error Message :
admin(network.urlfilter)>admin(network.urlfilter)>set mode enable

admin(network.urlfilter)>set tcp-port 100
admin(network.urlfilter)>set error-msg "Error message"
admin(network.urlfilter)>set action deny
admin(network.urlfilter)>show

TCP Port Number : 80
Error Message : policies of your service provider
Action on DNSRD reply failure : deny
3.52.2 Network URL Filter show Command
show
Displays URL Filter configuration information.
Syntax
show
Parameters
None
Example
admin(network.urlfilter)>show

TCP Port Number : 80
Error Message : policies of your service provider
Action on DNSRD reply failure : deny
3.53 Network URL Filter Keyword Commands
keyword
Displays the URL Filter Keyword commands.
Syntax
admin(network.urlfilter)> keyword
admin(network.urlfilter.keyword)>

add Adds a new keyword and action to the keyword filter table page 3-270
delete Deletes keyword from the keyword filter table page 3-271
removeall Removes all keywords in the keyword filter table page 3-272
show Displays the URL Filter Keyword table entries page 3-273
3.53.1 Network URL Filter Keyword add Command
add
Network URL Filter Keyword Commands
Adds a new keyword and action to the keyword filter table.
Syntax
add <keyword> <action>
Parameters
add <keyword> Adds a filter to the keyword filter table.

<action> <keyword> The keyword to be searched
<action> allow or deny. The action to be performed when the <keyword> is found.
Example
admin(network.urlfilter.keyword)>add share deny
admin(network.urlfilter.keyword)>show
--------URL FILTERING KEYWORD DETAILS---------
KeyWord Action
share deny
admin(network.urlfilter.keyword)>add trading deny

KeyWord Action
share deny
trading deny
3.53.2 Network URL Filter Keyword delete Command
delete
Deletes a keyword from the keyword table.
Syntax
delete <keyword>
Parameters
delete <keyword> Deletes the keyword <keyword> from the URL Filter keyword table.
Example
KeyWord Action
share deny
trading deny
admin(network.urlfilter.keyword)>delete share
KeyWord Action
trading Deny
3.53.3 Network URL Filter Keyword removeall Command
removeall
Removes all entries from the Keyword Table.
Syntax
removeall
Parameters
None
Example
KeyWord Action
share Deny
trading Deny
stocks Deny
stock Deny
admin(network.urlfilter.keyword)>removeall
KeyWord Action
3.53.4 Network URL Filter Keyword show Command
show
Displays the URL filter keyword table entries.
Syntax
show
Parameters
None
Example
KeyWord Action
share Deny
trading Deny
3.54 Network URL Filter White list Commands
whitelist
Displays the whitelist URLs commands.
Syntax
admin(network.urlfilter)> whitelist
admin(network.urlfilter.whitelist)>

add Adds a whitelist entry to the URL whitelist table. page 3-275
delete Deletes a whitelist entry from the URL whitelist table. page 3-276
show Displays the URL whitelist table entries. page 3-277
3.54.1 Network URL Filter White List add Command
add
Network URL Filter White list Commands
Adds a new whitelist entry to the whitelist table.
Syntax
add <whitelist>
Parameters
add <whitelist> Adds a whitelist entry into the whitelist table. <whitelist> is an URL to be added.
Example
admin(network.urlfilter.whitelist)>show
--------URL FILTERING WHITE LIST DETAILS---------
mot.com
admin(network.urlfilter.whitelist)>add moto.com
mot.com
moto.com
3.54.2 Network URL Filter White List delete Command
delete
Deletes a whitelist entry from the whitelist table.
Syntax
delete [<whitelist>|all]
Parameters
delete Deletes the entries from the URL whitelist table.

[<whitelist>|all] <whitelist> deletes the specified URL from the URL whitelist table
all deletes all URLs from the URL whitelist table
Example
mot.com
moto.com
motoo.com
admin(network.urlfilter.whitelist)>delete motoo.com
mot.com
moto.com
admin(network.urlfilter.whitelist)>delete all
3.54.3 Network URL Filter White List show Command
show
Displays the URL filter whitelist table entries.
Syntax
show
Parameters
None
Example
mot.com
moto.com
3.55 Network URL Filter Black List Commands
blacklist
Displays the URL Filter black list URLs commands.
Syntax
admin(network.urlfilter)> blacklist
admin(network.urlfilter.blacklist)>

add Adds an URL to the blacklist table page 3-279
delete Deletes a URL from the blacklist table page 3-280
show Displays the URL blacklist table entries page 3-281
3.55.1 Network URL Filter Black List add Command
add
Network URL Filter Black List Commands
Adds a new blacklist entry to the blacklist table.
Syntax
add <blacklist>
Parameters
add <blacklist> Adds a blacklist entry into the blacklist table. <blacklist> is an URL.
Example
admin(network.urlfilter.blacklist)>show
--------URL Filtering BLACK LIST DETAILS---------
shares.com
admin(network.urlfilter.blacklist)>add trading.com
shares.com
trading.com
3.55.2 Network URL Filter Black List delete Command
delete
Deletes a blacklist entry from the blacklist table.
Syntax
delete [<blacklist>|all]
Parameters
del Deletes the entries from the URL blacklist table.

[<blacklist>|all] <blacklist> The URL to be removed from the blacklist table.
all Removes all URLs from the URL blacklist table.
Example
shares.com
trading.com
dipmail.com
admin(network.urlfilter.blacklist)>delete dipmail.com
shares.com
trading.com
admin(network.urlfilter.blacklist)>delete all
3.55.3 Network URL Filter Black List show Command
show
Displays the URL filter blacklist table entries.
Syntax
show
Parameters
None
Example
shares.com
trading.com
3.56 Network URL Filter Trusted IP Commands
trustip
Displays the URL Trusted IP commands.
Syntax
admin(network.urlfilter)> trustip
admin(network.urlfilter.trustip)>

add Adds an IP to the trusted IP list page 3-283
delete Deletes an IP from the trusted IP list page 3-284
show Displays the list of trusted IPs page 3-285
3.56.1 Network URL Filter Trusted IP add Command
add
Network URL Filter Trusted IP Commands
Adds a new IP into the trusted IP table.
add <trustip>
Parameters
add <trustip> Adds an IP address <trustip> into the trusted IPs list.
Example
admin(network.urlfilter.trustip)>show
--------URL FILTERING TRUST IP---------
192.168.10.20
admin(network.urlfilter.trustip)>add 192.168.10.10
192.168.10.20
192.168.10.10
3.56.2 Network URL Filter Trusted IP delete Command
delete
Deletes an entry from the trusted IPs list.
Syntax
delete [<trustip>|all]
Parameters
del [<trustip>|all] Deletes trusted IP entries from the trusted IP list.

<trustedip> Deletes the IP <trustedip> from the trusted IP list
all Deletes all trusted IPs from the trusted IP list.
Example
192.168.10.20
192.168.10.10
192.168.11.9
admin(network.urlfilter.trustip)>del 192.168.11.9
192.168.10.20
192.168.10.10
3.56.3 Network URL Filter Trusted IP show Command
show
Network URL Filter Trusted IP Commands
Displays the trusted IPs list
Syntax
show
Parameters
None
Example
192.168.10.20
192.168.10.10
System CLI Commands Reference
System commands are used to set the system parameters for the WS 2000 Wireless Switch.
4.1 system
Admin Menu Commands
Use the system command to go to the System menu.
admin> system
admin(system)>
The following commands are available under the System menu:

lastpw Displays the last debug password. page 4-2
exec Execute a linux command. page 4-3
config Goes to the config submenu. page 4-10
logs Goes to the logs submenu. page 4-22
ntp Goes to the NTP submenu. page 4-28
snmp Goes to the SNMP submenu. page 4-70
userdb Goes to the userdb submenu. page 4-92
radius Goes to the RADIUS submenu. page 4-33
test Goes to the test submenu. page 4-126
WS2000 Goes to the WS2000 submenu. page 4-113
authentication Goes to the authentication submenu. page 4-4
ssh Goes to the SSH submenu. page 4-89
redundancy Goes to the redundancy submenu. page 4-66
cf Goes to the CF submenu. page 4-121
http Goes to the HTTP submenu page 4-123
4.1.1 System lastpw Command
lastpw
system
This command displays the MAC address for the switch, the previous admin password for the switch, and
the number of times the current admin password has been used along with how many more times it will be
valid.
Syntax
lastpw
Parameters
None
Example
admin(system)>lastpw
WS2000 MAC Address is 00:a0:f8:6f:d8:fc

Last Password was symbol12
Current password used 0 times, valid 4 more time(s)
System CLI Commands Reference 4-3
4.1.2 System exec Command
exec
system
Executes a linux command
Syntax
exec <command>
Parameters
exec <command> Executes a linux command <command>.

Example
admin(system)> exec df -h /mnt
Filesystem Size Used Avail Use% Mounted on
automount(pid153) 0 0 0 - /mnt
4.2 System Authentication Commands
authentication
system
Displays the authentication submenu.
Syntax
admin(system)> authentication
admin(system.authentication)>

radius Goes to the RADIUS submenu. page 4-7
set Sets the mode. page 4-5
show Shows the authentication parameters. page 4-6
4.2.1 System Authentication set Command
set
System Authentication Commands
Sets the parameter that specifies how user authentication is taking place.
Syntax
set [mode|auth-loc] [local|radius]
Syntax:
set mode [local|radius] Sets the authentication mode. If set to local, the internal User Database will
serve as the data source. If set to radius, the switch will use an external
LDAP server for the information. If radius is the mode, then the parameters
under the radius submenu must to be set.
set auth-loc [local|radius] Sets the Airbeam user authentication to either the local database or the
RADIUS server. If set to radius, the switch will use an external LDAP server
for the authentication. If radius is the authentication location, then the
RADIUS server is used for authentication.
Example
admin(system.authentication)>set mode local
admin(system.authentication)>show all
authentication mode : local
Related Commands
set Sets the parameters to specify that the external RADIUS server is used for user
authentication.
4.2.2 System Authentication show Command
show
Shows the main user authentication parameters.
Syntax
show all
Parameters
None
Example
admin(system.authentication)>set mode local
admin(system.authentication)>show all
authentication mode : local
radius user location and type : radius
Related Commands
set Sets the authentication parameters.

4.3 System Authentication RADIUS Commands
radius
Displays the RADIUS submenu.
Syntax
admin(system.authentication)> radius
admin(system.authentication.radius)>

set Sets the RADIUS authentication parameters. page 4-8
show Shows the RADIUS authentication parameters. page 4-9
4.3.1 System Authentication RADIUS set Command
set
System Authentication RADIUS Commands
Sets the RADIUS proxy server authentication parameters.
Syntax
set [auth-server-ip|auth-server-port|shared-secret]
set auth-server-ip <IP>

set auth-server-port <port>
set shared-secret <password>
Parameters
set auth-server-ip <IP> Sets the IP address for the RADIUS authentication proxy server to the IP
address <IP>.
auth-server-port <port> Specifies the TCP/IP port number <port> for the RADIUS server that will act as
a proxy server. The default port is 1812.
shared-secret <password> Sets a shared secret <password> for each suffix that is used for
authentication with the RADIUS proxy server.
Example
admin(system.authentication.radius)>set auth-server-ip 192.168.0.4
admin(system.authentication.radius)>set auth-server-port 1812
admin(system.authentication.radius)>set shared mysecret
admin(system.authentication.radius)>
admin(system.authentication.radius)>show all
radius server ip : 192.168.0.4
radius server port : 1812
radius server shared secret : ********
4.3.2 System Authentication RADIUS show Command
show
System Authentication RADIUS Commands
Shows the RADIUS authentication parameters.
Syntax
show all
Parameters
None
Example
admin(system.authentication.radius)> set auth-server-ip 192.168.0.4
admin(system.authentication.radius)> set auth-server-port 1812
admin(system.authentication.radius)> set shared mysecret
admin(system.authentication.radius)>show all
radius server ip : 192.168.0.4
radius server port : 1812
radius server shared secret : ********
Related Commands
set Sets the RADIUS authentication parameters.

4.4 System Configuration Commands
config
system
Displays the config submenu.
Syntax
admin(system)> config
admin(system.config)>

default Restores default configuration page 4-11
export Exports configuration from the system page 4-12
import Imports configuration to the system page 4-14
partial Restores partial default configuration page 4-15
set Sets import/export parameters page 4-16
show Shows import/export parameters page 4-18
update Performs firmware update page 4-19
sensor-fw-update Performs firmware update for the sensors page 4-20
loadtocf Loads the current firmware to a CF card page 4-21
4.4.1 System Config default Command
default
System Configuration Commands
Restores the switch to the factory default configuration.
Syntax
default
Parameters
None
Example
admin(system.config)>default
Are you sure you want to default the configuration? (yes/no):yes
*************************************************************************
System will now restore default configuration. You will need to set the
country code for correct operation.
*************************************************************************
Restoring default configuration : [ In progress ]

4.4.2 System Config export Command
export
Exports the configuration from the system.
Syntax
export [ftp|tftp|terminal]
Syntax:
export Exports the system configuration.

[ftp|tftp|terminal ftp Exports the configuration to the FTP server. Use the set command to set the
] server, user, password, and file name before using this command.
tftp Exports the configuration to the TFTP server. Use the set command to set the IP
address for the TFTP server before using the command.
terminal Exports the configuration to the terminal.
Example
Export FTP Example:
admin(system.config)>export ftp
Export operation : [ Started ]

Building configuration file : [ Done ]
File transfer : [ In progress ]
File transfer : [ Done ]
Export operation : [ Done ]
Export TFTP Example:

admin(system.config)>export tftp

Export Terminal Example:

admin(system.config)>export terminal
//
// WS2000 Configuration Command Script
// System Firmware Version: 1.5.0.0-160b
//
system
ws2000
// WS2000 menu
set name WS2000

set loc Extra\20office
set email fred@symbol.com
set cc us
set airbeam mode disable
set airbeam enc-passwd a11e00942773
set applet lan enable
set applet wan enable
set applet slan enable
set applet swan enable
set cli lan enable
set cli wan enable
set snmp lan enable
set snmp wan enable
/
system
config
--More--
. . . <several pages of settings>
/
// Router configuration
network
router
set type off
set dir both
set auth none
set enc-passwd 8e57
set id 1 1
set enc-key 1 e2565fc57c2a766fb0d55160d6f92952
set id 2 1
set enc-key 2 e2565fc57c2a766fb0d55160d6f92952
delete all
/
save
4.4.3 System Config import Command
import
Imports the configuration to the system.
Syntax
import [ftp|tftp] {default-and-apply}
Parameters
import [ftp|tftp] Imports configuration from external devices.

{default-and-apply} ftp Imports the configuration from the FTP server. Use the set command to set
the server, user, password, and file.
tftp Imports the configuration from the TFTP server. Use the set command to set
the server and file.
default-and-apply Import the configuration from the FTP or TFTP server. Use this
command to first set the device to factory defaults before applying the imported
configuration. This command is optional.
Example
Import FTP Example
admin(system.config)>set passwd mysecret
admin(system.config)>import ftp
Import operation : [ Started ]
Import operation : [ Done ]
admin(system.config)>import ftp default-and-apply

Import TFTP Example

admin(system.config)>import tftp
admin(system.config)>import tftp default-and-apply

4.4.4 System Config partial Command
partial
Resets the switch's configuration to the factory default settings for all settings except the WAN and some
SNMP related settings. The following settings will remain intact when using Restore Partial Default
Configuration:
All settings on the WAN page
SNMP access to the WS 2000 on the WS 2000 Access page
All settings on the SNMP Access page
Before using this feature, consider exporting the current configuration for safekeeping.
Syntax
partial
Parameters
None
Example
admin(system.config)>partial
Are you sure you want to partially default WS 2000? (yes/no):yes
*************************************************************************
System will now restore default configuration. You will need to set the
country code for correct operation.
*************************************************************************
Restoring default configuration : [ In progress ]
Related Commands
export Exports system configuration settings.

4.4.5 System Config set Command
set
Sets the import/export parameters.
Syntax
set [server|user|passwd|file|cfgpath|fw|sensor-fw|import-enc-password|
bind-interface]
set server <IP>

set user <username>
set passwd <password>
set file <filename>
set cfgpath <filepath>
set fw [file|path|boot|active-partition]
set fw file <filename>
set fw path <path>
set fw boot [on-board-flash|compact-flash]
set fw active-partition [primary|secondary]
set sensor-fw [file|path|max-size]

set sensor-fw file <filename>
set sensor-fw path <path>
set sensor-fw max-size <size>
set import-enc-password <mode>

set bind-interface <bind-interface>
Parameters
server <ipaddress> Sets the FTP/TFTP server IP address to <ipaddress> in the format a.b.c.d.
user <username> Sets the FTP user name to <username> (up to 47 characters).
passwd <password> Sets the FTP password to <password> (up to 39 characters).
file <filename> Sets the configuration file name to <filename> (up to 39 characters).
cfgpath <path> Sets the configuration file path to <path> (up to 31 characters)
fw [ Sets the firmware information for the device.
file <filename>| file <filename> Sets the firmware filename to <filename> (up to 39
path <path>| characters).
boot [on-board-flash|
path <path> Sets the firmware file path to <path> (up to 39 characters).
compact-flash]|
active-partition boot [on-board-flash|compact-flash] Sets the firmware boot device to either
[primary|secondary] the on board flash (on-board-flash) or the compact flash card (compact-
flash) attached to the WS 2000 Wireless Switch.
active-partition [primary|secondary] Sets the active partition on the compact
flash card to either of primary or secondary.
sensor-fw [ Sets sensor firmware information.

file <filename>| file <filename> Sets the sensor firmware file name to <filename> (up to 39
path <path| characters).
max-size <size>]
path <path> Sets the firmware file path for the sensor to <path> (up to 39
characters).
max-size <size> Sets the maximum file size of the sensor firmware file to
<size>.
import-enc-password Enables or disables the import of encrypted passwords for the admin and
<mode> manager logins. <mode> can be one of enable or disable.
bind-interface <bind- Sets the interface to bind <bind-interface> (s1-s6, w, none where s1-Subnet 1,
interface> s2-Subnet 2,..., s6-Subnet 6, w-WAN) during ftp.
Example
FTP Set Example
admin(system.config)>export ftp

Firmware Example
admin(system.config)>set fw file mf_01050000160B.bin
admin(system.config)>set fw path /tftp/myadmin/
admin(system.config)>update tftp s1
4.4.6 System Config show Command
show
Shows the import/export parameters.
Syntax
show all
Parameters
None
Example
admin(system.config)> show all
ftp/tftp server ip address : 157.235.208.196
ftp user name : admin
ftp password : ********
cfg filename : v23.26b.bin
config filepath : /home/ftp/admin/2k/
firmware filepath : /home/ftp/admin/2k/
firmware filename : v23.26b.bin
sensor firmware filepath : /home/ftp/admin/2k/
sensor firmware filename : leo_sensor.bin
max size of sensor firmware file : 512000
import enc admin password mode : disable
boot source device : on-board-flash
active partition of Compact Flash : primary
4.4.7 System Config update Command
update
Performs a firmware update.
Syntax
update <mode> {<interface>}
update [tftp|ftp] <interface>

update cf
Parameters
update [tftp|ftp] <iface> Sets how firmware updates will occur. Select between ftp and tftp.
<iface> specifies the interface (location), as follows:
s1 = subnet1
s2 = subnet2
s3 = subnet3
s4 = subnet4
s5 = subnet5
s6 = subnet6
w = wan
Before using this command, use set server to set the IP address for the FTP/TFTP
server. If using the ftp mode, also use set user and set passwd to allow login to
the FTP server.
update cf Indicates that firmware updates will occur from the switchs compact flash slot.
(Undoes an ftp/tftp setting.)
Example
admin(system.config)>set fw file mf_01050000200B.bin
admin(system.config)>set fw path /tftp/myadmin/
admin(system.config)>update tftp s1
4.4.8 System Config sensor-fw-update Command
sensor-fw-update
Performs firmware update for the sensors. When sensor firmware update is done,
No restart is required.
New sensors receive the updated firmware.
Existing sensors must be reverted and then reassigned for them to get the new sensor firmware image.
Syntax
sensor-fw-update [ftp|tftp]
Parameters
sensor-fw-update Updates the sensor firmware.

[ftp|tftp] ftp Updates the sensor firmware from the specified FTP server.
tftp Updates the sensor firmware from the specified TFTP server.
Example
admin(system.config)>sensor-fw-update tftp
File transfer : [Successful]
4.4.9 System Config loadtocf Command
loadtocf
This command loads and updates the firmware to the CF card. This is used for dual boot.
Syntax
loadtocf [cf|ftp|tftp] <image-type>
Syntax:
cf <image-type> Loads the image to the CF card. The <image-type> (primary, secondary) is the
target partition on the CF card to store the image on. In this case, the image source
is the CF card and the destination is also the CF card.
ftp <image-type> Loads the image to a CF card. The <image-type> (primary, secondary) is the
target partition on the CF card to store the image on. This command downloads the
image using FTP and stores it on the target partition.
tftp <image-type> Loads the image to a CF card. The <image-type> (primary, secondary) is the
target partition on the CF card to store the image on. This command downloads the
image using TFTP and stores it on the target partition.
Example
admin(system.config)> loadtocf cf primary
4.5 System Logs Commands
logs
system
Displays the logs submenu.
Syntax
admin(system)> logs
admin(system.logs)>

delete Deletes core files. page 4-23
set Sets log options and parameters. page 4-25
send Sends log and core files. page 4-24
show Shows logging options. page 4-26
view Views system log. page 4-27
4.5.1 System Logs delete Command
delete
System Logs Commands
Deletes the core log files.
Syntax
delete
Parameters
None
Example
admin(system.logs)>delete
4.5.2 System Logs send Command
send
Sends log and core files through FTP to a location specified with the set command. Use the set command to
set the FTP login and site information first.
Syntax
send
Parameters
None
Example
admin(system.logs)>set user fred
admin(system.logs)>set passwd mygoodness
admin(system.logs)>show all
log level : L6 Info

ext syslog server logging : disable
ext syslog server ip address : 0.0.0.0
ftp user name : fred
admin(system.logs)>send
admin(system.logs)>
Related Commands
set Sets the parameters associated with log operations, such as send.
show all Displays the log related settings.
4.5.3 System Logs set Command
set
Sets log options and parameters.
Syntax
set [ipadr|level|mode|cf_logging_mode|server|user|passwd]
set ipadr <ip>

set level <level>
set mode <mode>
set cf_logging_mode <mode>
set server <ip>
set user <username>
Parameters
ipadr <ip> Sets the external syslog server IP address to <ip> (a.b.c.d).
level <level> Sets the level of the events that will be logged. All event with a level at or
above <level> (L0L7) will be saved in the system log.
L0:Emergency
L1:Alert
L2:Critical
L3:Errors
L4:Warning
L5:Notice
L6:Info
L7:Debug
mode <mode> Enables or disables ext syslog server logging. <mode> is either enable or
disable.
cf_logging_mode <mode> Enables or disables logging to CF card if connection to the Syslog server fails.
<mode> is either enable or disable.
server <ip> Sets the FTP server IP address to <ip> (a.b.c.d).
user <username> Sets the FTP user name to <username> (147 characters).
passwd <password> Sets the FTP password to <password> (139 characters).
Example
admin(system.logs)>set user fred
admin(system.logs)>set passwd mygoodness
log level : L6 Info

ext syslog server logging : disable
ftp user name : fred
4.5.4 System Logs Show Command
show
Shows logging options.
Syntax
show all
Parameters
None
Example
admin(system.logs)>set user user1
admin(system.logs)>set passwd hello
log level : L4 Warning

ext syslog server logging : enable
syslog server logging on CF : disable
ftp user name : admin
Related Commands
set Sets logging parameters to be used with send.

4.5.5 System Logs View Command
view
Views the system log file.
Syntax
view
Parameters
None
Example
admin(system.logs)>view
Jan 7 16:14:00 (none) syslogd 1.4.1: restart (remote reception).

Jan 7 16:14:10 (none) klogd: :ps log:fc: queue maintenance
Jan 7 16:15:43 (none) last message repeated 2 times
Jan 7 16:16:01 (none) CC: 4:16pm up 6 days, 16:16, load average:
0.00, 0.01,
0.00
Jan 7 16:16:01 (none) CC: Mem: 62384 32520 29864
0 0
Jan 7 16:16:01 (none) CC: 0000077e 0012e95b 0000d843 00000000 00000003
0000121
e 00000000 00000000 0037ebf7 000034dc 00000000 00000000 00000000
. . .
4.6 System NTP Commands
ntp
system
Displays the NTP submenu.
Syntax
admin(system)> ntp
admin(system.ntp)>

show Shows NTP parameters settings. page 4-30
set Sets NTP parameters. page 4-29
date-zone Shows the date, time and time zone page 4-31
zone-list Shows the list of time zones page 4-32
4.6.1 System NTP Set Command
set
System NTP Commands
Sets NTP parameters.
Syntax
set [mode|intrvl|server|port|time|zone]
set mode <mode>

set intrvl <interval>
set server <idx> <ip/hostname>
set port <idx> <port>
set time <yyyy> <MM> <dd> <hh> <mm> <ss>
set zone <zone-index>
Syntax:
mode <mode> Enables or disables NTP. <mode> is either enable or disable.

intrvl <interval> Sets the length of time to <interval> (in minutes) for the switch to synchronize its
time with an NTP server.
server <idx> Sets the NTP server IP address <ip/hostname> (a.b.c.d or host url); specify one of
<ip/hostname> the three NTP servers with <idx> (1, 2, or 3). This value can also be a host name of
the NTP server. When the value is a host name, the domain name IP should be set
under the (system.ws2000) menu on the CLI.
port <idx> <port> Sets the NTP port for the indicated server <idx> to <port> (165535).
time <yyyy> <MM> Sets the WS2000 system time manually. Time is in the format YYYY MM DD hh mm
<dd> <hh> <mm> ss (Example: 2008 02 24 11 25 32)
<ss>
zone <zone-idx> Sets the time zone to the <zone-idx> value. This value can be found by using the
(system.ntp)>zone-list command.
Example
admin(system.ntp)>set mode enable
admin(system.ntp)>set server 1 203.21.37.18
admin(system.ntp)>set port 1 345
admin(system.ntp)>show all
ntp mode : enable

server ip 1 : 203.21.37.18
server ip 2 : 0.0.0.0
server ip 3 : 0.0.0.0
server port 1 : 345
server port 2 : 123
server port 3 : 123
current time : 1970-01-07 23:29:05
admin(system.ntp)>
4.6.2 System NTP Show Command
show
System NTP Commands
Shows all NTP server settings.
Syntax
show all
Parameters
None
Example
admin(system.ntp)>show all
ntp mode : enable

server ip 1 : 114.233.112.4
server ip 2 : 0.0.0.0
server ip 3 : 0.0.0.0
server port 1 : 123
server port 2 : 123
server port 3 : 123
current time : 2004-10-07 22:58:24
Related Commands
set Sets NTP parameters.

4.6.3 System NTP Date-zone Command
date-zone
System NTP Commands
Shows the WS2000 date, time and time zone.
Syntax
date-zone
Parameters
None
Example
admin(system.ntp)> date-zone
Date/Time : Thu 1970-Jan-01 05:53:25 +0530 IST
Time Zone : Asia/Calcutta
admin(system.ntp)>
4.6.4 System NTP zone-list Command
zone-list
System NTP Commands
Displays the different time zones.
Syntax
zone-list
Parameters
None
Example
admin(system.ntp)>zone-list
----------------------------------------------
Index | TimeZone
----------------------------------------------
1 | Africa/Abidjan
2 | Africa/Accra
3 | Africa/Addis_Ababa
4 | Africa/Algiers
5 | Africa/Asmera
6 | Africa/Bamako
7 | Africa/Bangui
8 | Africa/Banjul
9 | Africa/Bissau
10 | Africa/Blantyre
<Hit any key to continue>

11 | Africa/Brazzaville
12 | Africa/Bujumbura
13 | Africa/Cairo
14 | Africa/Casablanca
15 | Africa/Ceuta
16 | Africa/Conakry
17 | Africa/Dakar
18 | Africa/Dar_es_Salaam
19 | Africa/Djibouti

20 | Africa/Douala
21 | Africa/El_Aaiun
22 | Africa/Freetown
23 | Africa/Gaborone
24 | Africa/Harare
25 | Africa/Johannesburg
26 | Africa/Kampala
27 | Africa/Khartoum
28 | Africa/Kigali

4.7 System RADIUS Commands
radius
system
Displays the RADIUS submenu.
Syntax
admin(system)> radius
admin(system.radius)>

eap Goes to the EAP submenu. page 4-41
policy Goes to the access policy submenu. page 4-57
ldap Goes to the LDAP submenu. page 4-51
proxy Goes to the proxy submenu. page 4-60
client Goes to the client submenu. page 4-37
generate-dh-param Generates the DH Param file required for EAP-TLS/TTLS page 4-34
set Sets the RADIUS parameters. page 4-35
show Shows the RADIUS parameters. page 4-36
4.7.1 System RADIUS generate-dh-param Command
generate-dh-param
System RADIUS Commands
Generates the DH Params file for supporting Cipher Suit v 0x13
(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA) for EAP-TLS./TTLS protocols. If this file does not exist when
the WS2000 is booted, it is created. This command provides a facility to create the DH Params file as
required.
Syntax
generate-dh-param
Parameters
None
Example
admin(system.radius)>generate-dh-param
This will take several minutes.
Please wait until the operation is complete.
DH Parameter file will not get created if interrupted...
admin(system.radius)>
4.7.2 System RADIUS set Command
set
Sets the RADIUS database to either the local database or an LDAP server.
Syntax
set database [local|ldap|ldaps]
Parameters
set database Sets the RADIUS server to the local database (local) or an LDAP server (ldap) or
[local|ldap|ldaps] a secured LDAP server (ldaps).
Example
admin(system.radius)>set database ldap
admin(system.radius)>show all
Database : ldap
Related Commands
show all Shows the top-level RADIUS parameters.

4.7.3 System RADIUS show Command
show
Shows the RADIUS parameters.
Syntax
show all
Parameters
None
Example
admin(system.radius)>set database ldap
admin(system.radius)>show all
Database : ldap
Related Commands
set Sets the RADIUS database source.

4.8 System RADIUS Client Commands
client
Displays the client submenu.
Syntax
admin(system.radius)>client
admin(system.radius.client)>

add Adds a RADIUS client. page 4-38
del Deletes a RADIUS client. page 4-39
show Displays a list of configured clients. page 4-40
4.8.1 System RADIUS Client add Command
add
System RADIUS Client Commands
Adds a RADIUS client.
Syntax
add <ip> <mask> <secret>
Parameters
add <ip> <mask> <secret> Adds a RADIUS client with IP address <ip>, netmask <mask>, and
shared secret <secret>.
Example
admin(system.radius.client)>add 192.168.46.4 225.225.225.0 mysecret
admin(system.radius.client)>show
List of Radius Clients :
-------------------------------------------------------------------------
Idx Subnet/Host Netmask SharedSecret
------------------------------------------------------------------------
1 192.168.46.4 225.225.225.0 ******

Related Commands
del Deletes a RADIUS client.

show Shows a list of RADIUS clients.
4.8.2 System RADIUS Client del Command
del
Deletes a RADIUS client with the provided IP address.
Syntax
del <ip>
Parameters
del <ip> Deletes the RADIUS client with IP address <ip>.

Example
-------------------------------------------------------------------------
-------------------------------------------------------------------------
1 192.168.46.4 225.225.225.0 ******
2 192.168.101.43 225.225.225.0 ******
admin(system.radius.client)>del 192.168.46.4
-------------------------------------------------------------------------
-------------------------------------------------------------------------
1 192.168.101.43 225.225.225.0 ******
Related Commands
add Adds a RADIUS client to the list.

show Displays the list of RADIUS clients.
4.8.3 System RADIUS Client show Command
show
Displays a list of configured RADIUS clients.
Syntax
show
Parameters
None
Example
-------------------------------------------------------------------------
-------------------------------------------------------------------------
1 192.168.46.4 225.225.225.0 ******
2 192.168.101.43 225.225.225.0 ******
Related Commands
add Adds a RADIUS client to the list.

del Deletes a RADIUS client from the list.
4.9 System RADIUS EAP Commands
eap
Displays the EAP submenu.
Syntax
admin(system.radius)> eap
admin(system.radius.eap)>

peap Goes to the PEAP submenu. page 4-45
ttls Goes to the TTLS submenu. page 4-48
import Imports the EAP certificates. page 4-42
set Sets the EAP parameters. page 4-43
show Shows the EAP parameters. page 4-44
4.9.1 System RADIUS EAP import Command
import
System RADIUS EAP Commands
Imports the EAP certificates.
Syntax
import [server|cacert] <cert ID>
Parameters
server <cert id> Imports a server certificate with the certificate ID <cert id>.
cacert <cert id> Imports a Trusted Certificate with certificate ID <cert id>.
Example
admin(system.radius.eap)>import server mycert
admin(system.radius.eap)>import cacert NETE3443
Related Commands
show cert Show the list of certificates.

4.9.2 System RADIUS EAP set Command
set
Sets the EAP parameters. To configure each of the selected authentication types, go to the submenu
associated with each type.
Syntax
set auth [peap|ttls|both]
Parameters
auth [peap|ttls|both] Sets the default authorization type to one of PEAP or TTLS or both. When
selected, go to the submenu associated with the selection to finish the setup.
Example
admin(system.radius.eap)>set auth peap
admin(system.radius.eap)>show all
Default EAP Type : peap
Related Commands
show all Shows the EAP settings.

4.9.3 System RADIUS EAP show Command
show
Displays the EAP parameters.
Syntax
show [all|cert]
Parameters
show [all|cert] Displays EAP parameters

all Displays the default EAP authentication settings.
cert - Displays a list of certificates.
Example
admin(system.radius.eap)>set auth peap
admin(system.radius.eap)>show all
Default EAP Type : peap
Example
set Sets the EAP parameters.

4.10 System RADIUS EAP PEAP Commands
peap
Displays the PEAP submenu.
Syntax
admin(system.radius.eap)> peap
admin(system.radius.eap.peap)>

set Sets the PEAP authentication type. page 4-46
show Shows the PEAP authentication type. page 4-47
4.10.1 System RADIUS EAP PEAP set Command
set
System RADIUS EAP PEAP Commands
Sets the PEAP authentication type.
Syntax
set auth <peap type>
Parameters
set auth <peap type> Sets the authentication type for PEAP to <peap type> (GTC or MTCHAPv2).
Example
admin(system.radius.eap.peap)>set auth gtc
admin(system.radius.eap.peap)>show
PEAP Auth Type : gtc
Related Commands
show Displays the PEAP authentication type.

4.10.2 System RADIUS EAP PEAP show Command
show
System RADIUS EAP PEAP Commands
Displays the PEAP authentication type.
Syntax
show
Parameters
None
Example
admin(system.radius.eap.peap)>set auth gtc
admin(system.radius.eap.peap)>show
PEAP Auth Type : gtc
Related Commands
set Sets the PEAP authentication type.

4.11 System RADIUS EAP TTLS Commands
ttls
Displays the TTLS submenu.
Syntax
admin(system.radius.eap)> ttls
admin(system.radius.eap.ttls)>

set Sets the TTLS authentication type. page 4-49
show Shows the TTLS authentication type. page 4-50
4.11.1 System RADIUS EAP TTLS set Command
set
System RADIUS EAP TTLS Commands
Sets the TTLS authentication type.
Syntax
set auth <ttls type>
Parameters
set auth <auth type> Sets the authentication type for TTLS to <auth type> (PAP, MD5, or
MSCHAPv2).
Example
admin(system.radius.eap.ttls)>set auth md5
admin(system.radius.eap.ttls)>show
TTLS Auth Type : md5
Related Commands
show Show the TTLS authentication type.

4.11.2 System RADIUS EAP TTLS show Command
show
System RADIUS EAP TTLS Commands
Shows the TTLS authentication type.
Syntax
show
Parameters
None
Example
admin(system.radius.eap.ttls)>set auth md5
admin(system.radius.eap.ttls)>show
TTLS Auth Type : md5
Related Commands
set Sets the TTLS authentication type.

4.12 System RADIUS LDAP Commands
ldap
Displays the LDAP submenu.
Syntax
admin(system.radius)> ldap
admin(system.radius.ldap)>

set Sets the LDAP parameters. page 4-52
show Shows the LDAP parameters. page 4-54
import Imports Secured LDAP certificates. page 4-55
join Joins the A D domain. page 4-56
4.12.1 System RADIUS LDAP set Command
set
System RADIUS LDAP Commands
Sets the LDAP parameters.
Syntax
set [ipadr|domain|port|binddn|basedn|passwd|login|pass_attr|
groupname|filter|membership|adagent|pri-domain|admin-uname|admin-pass]
set ipadr <ip>

set domain <domain>
set port <port>
set binddn <binddn>
set basedn <basedn>
set login <login attr>
set pass_attr <password attr>
set groupname <groupname attr>
set filter
set membership <group attr>
set adagent <mode>
set pri-domain <mode>
set admin-uname <username>
set admin-pass <password>
Parameters
ipadr <ip> Sets LDAP server IP address to <ip>.

domain <domain> Sets LDAP domain name to a fully qualified domain name <domain>. Use
when using LDAPS or AD agent
port <port> Sets LDAP server port to <port>.
binddn <binddn> Sets LDAP bind distinguished name to <binddn> (a string of characters).
basedn <basedn> Sets LDAP Base distinguished name to <basedn> (a string of characters).
passwd <password> Sets LDAP server password to <password> (a string of characters).
login <login attr> Sets LDAP login attribute to <login attr> (a string of characters).
pass_attr <password attr> Sets LDAP password attribute to <password attr> (a string of characters).
groupname <groupname Sets LDAP group name attribute to <groupname attr> (a string of
attr> characters).
filter Sets LDAP membership filter with appropriate settings
membership <group attr> Sets LDAP membership attribute to <group attr> (a string of characters).
adagent <mode> Enables or disables the A D agent feature. <mode> is either enable or
disable.
pri-domain <mode> Enables or disables setting primary domain for A D agent. <mode> is either
enable or disable.
admin-uname <username> Sets the administrator user name to <username> for the LDAP domain
admin-pass <password> Sets the administrator password to <password> for the LDAP domain
Example
admin(system.radius.ldap)>set ipadr 192.168.42.23
admin(system.radius.ldap)>set port 356
admin(system.radius.ldap)>show all
LDAP Server IP : 192.168.42.23
LDAP Server Port : 56
LDAP Bind DN : dfkjkkj
LDAP Base DN : o=mobion
LDAP Login Attribute : (uid=%{Stripped-User-Name:-%{User-
Name}})
LDAP Password Attribute : userPassword
LDAP Group Name Attribute : cn
LDAP Group Membership Filter :
LDAP Group Membership Attribute : mygroup
Related Commands
show Displays the set of LDAP server settings.

4.12.2 System RADIUS LDAP show Command
show
Description:
Displays the LDAP parameters.
Syntax
show all
Parameters
None
Example
admin(system.radius.ldap)>set ipadr 192.168.42.23
admin(system.radius.ldap)>set port 356
admin(system.radius.ldap)>show all
LDAP Server IP : 192.168.42.23
LDAP Server Port : 56
LDAP Bind DN : dfkjkkj
LDAP Base DN : o=mobion
LDAP Login Attribute : (uid=%{Stripped-User-Name:-%{User-
Name}})
LDAP Password Attribute : userPassword
LDAP Group Name Attribute : cn
LDAP Group Membership Filter :
LDAP Group Membership Attribute : mygroup
Related Commands
set Sets the LDAP parameters.

4.12.3 System RADIUS LDAP import Command
import
Imports Secure LDAP certificates.
Syntax
import [client|cacert] <cert-id>
Parameters
import Import Secure LDAP certificates.

[client|cacert] client Imports self certificate <cert-id>
<cert-id>
ca-cert Imports the trusted certificate authority certificate <cert-id>
Example
admin(system.radius.ldap)> import client LdapClient
admin(system.radius.ldap)> import cacert LdapTrusted
4.12.4 System RADIUS LDAP join Command
join
Joins the device to the A D domain.
Syntax
join
Parameters
None
Example
admin(system.radius.ldap)> join
4.13 System RADIUS Policy Commands
policy
Displays the policy submenu.
Syntax
admin(system.radius)> policy
admin(system.radius.policy)>

set Sets the groups access policy. page 4-58
show Shows the groups access policy. page 4-59
4.13.1 System RADIUS Policy set Command
set
System RADIUS Policy Commands
Sets a groups access to WLANs.
Syntax
set <group> <idx>
Parameters
set <group> <idx> Gives the group <group> access to WLAN with a list of indexes <idx>. The list <idx>
can either be a single index or several indexes separated by spaces. The group
<group> must be already defined. See System User Database Group Commands for
information about defining groups.
Example
admin(system.radius.policy)>set g1 2 3 4
admin(system.radius.policy)>show
List of Access Policies :
g1 : 2 3 4
g2 : No Wlans
Related Commands
show Displays the groups access policies.

4.13.2 System RADIUS Policy show Command
show
System RADIUS Policy Commands
Displays the access policy details for all groups.
Syntax
show
Parameters
None
Example
admin(system.radius.policy)>set g1 2 3 4
admin(system.radius.policy)>show
List of Access Policies :
g1 : 2 3 4
g2 : No Wlans
Related Commands
set Sets the group WLAN access settings.

4.14 System RADIUS Proxy Commands
proxy
Displays the proxy submenu.
Syntax
admin(system.radius)> proxy
admin(system.radius.proxy)>

add Adds a proxy realm. page 4-61
del Deletes a proxy realm. page 4-62
clearall Removes all proxy server records. page 4-63
set Sets the proxy server parameters. page 4-64
show Shows the proxy server parameters. page 4-65
4.14.1 System RADIUS Proxy add Command
add
System RADIUS Proxy Commands
Adds a proxy realm.
Syntax
add <name> <ip> <port> <secret>
Parameters
add <realm> <ip> <port> Add a proxy realm with realm name <realm>, RADIUS server IP address <ip>,
<secret> port <port>, and shared secret <secret>.
Example
admin(system.radius.proxy)>add realm1 192.168.102.42 225 realmpass
admin(system.radius.proxy)>show realm
Proxy Realms :
-------------------------------------------------------------------------
Idx Suffix RadiusServerIP Port
SharedSecret
-------------------------------------------------------------------------
1 realm1 192.168.102.42 225
******
Related Commands
show realm Displays this list of defined proxy servers.

del Deletes a proxy server from the list.
4.14.2 System RADIUS Proxy del Command
del
Deletes a proxy realm.
Syntax
del <realm>
Parameters
del <realm> Deletes a proxy server realm with name <realm>.

Example
Proxy Realms :
-------------------------------------------------------------------------
SharedSecret
-------------------------------------------------------------------------
1 realm1 192.168.102.42 225
******
admin(system.radius.proxy)>del realm1
Proxy Realms :
-------------------------------------------------------------------------
SharedSecret
-------------------------------------------------------------------------
Related Commands
add Adds a proxy server realm.

show Displays the list of proxy servers.
4.14.3 System RADIUS Proxy clearall Command
clearall
Clears all the proxy server records.
Syntax
clearall
Parameters
None
Example
admin(system.radius.proxy)> clearall
4.14.4 System RADIUS Proxy set Command
set
Sets the proxy server parameters.
Syntax
set delay <delay>
set count <count>
Syntax:
delay <delay> Sets the retry delay of the proxy server to <delay> minute (510).
count <count> Sets the retry count of the proxy server to <count> (36).
Example
admin(system.radius.proxy)>set delay 7
admin(system.radius.proxy)>set count 4
admin(system.radius.proxy)>show proxy
Proxy Server Retry Count : 4
Proxy Server Retry Delay : 7
Example
show proxy Shows the proxy server retry settings.

4.14.5 System RADIUS Proxy show Command
show
Shows the proxy server parameters.
Syntax
show [proxy|realm]
Parameters
show [proxy|realm] Displays proxy server parameters.

proxy Displays the proxy server parameters.
realm Displays proxy server realm information.
Example
Proxy Realms :
-------------------------------------------------------------------------
SharedSecret
-------------------------------------------------------------------------
1 realm1 192.168.102.42 225
******
admin(system.radius.proxy)>set delay 7
admin(system.radius.proxy)>set count 4
admin(system.radius.proxy)>show proxy
Proxy Server Retry Count : 4
Proxy Server Retry Delay : 7
Related Commands
set Sets the proxy server retry parameters.

add Adds a proxy server realm to the list.
4.15 System Redundancy Commands
redundancy
system
Displays the redundancy submenu.
Syntax
admin(system)> redundancy
admin(system.redundancy)>

set Sets redundancy parameters. page 4-67
show Shows redundancy settings. page 4-69
4.15.1 System Redundancy set Command
set
System Redundancy Commands
Sets the parameters for redundant switch mode.
Syntax
set [op_state|mode|heartbeat|revertdelay|redundancy|preempt|virtualip]
set mode <mode>

set op_state <state>
set heartbeat <interval>
set revertdelay <delay>
set redundancy <subnet> <state>
set preempt <mode>
set virtualip <subnet> <ip>
Parameters
mode <mode> Sets the switch to the <mode> (primary or secondary). Indicates that the switch
is either the primary or secondary (standby) switch when redundancy is enabled.
This parameter can only be set if the op_state parameter is set to redundancy.
op-state <state> Sets the redundancy operation state of the switch to one of the following <state>:
standaloneThe switch has no redundancy capabilities and operates
independently of any other WS 2000 switches on the network. This is the default
setting.
redundancyTwo WS 2000 switches are connected, with one set as a primary
and the other as a standby.
upgradeThe primary and standby switches must run the same version of the
switch firmware for redundancy to work correctly. If the firmware on only one of
the switches is updated, redundancy is disabled and the Operational State is
automatically set to Upgrade.
heartbeat <interval> Sets the heartbeat interval for the switch to <interval> (160) seconds.
revertdelay <delay> Specifies the amount of time <delay> (120 minutes) after not receiving a
heartbeat packet before the secondary (standby) switch will take over.
redundancy <subnet> Sets the redundancy state <state> (enable or disable) for the subnet <subnet>
<state> (s1, s2. s3, s4, s5, s6).
preempt <mode> Enables to prevent system stand-by on redundant switches. <mode> can be
enable or disable.
virtualip <subnet> Sets the virtual IP address to <ip> for each redundant subnet <subnet>.
<ip>
Example
admin(system.redundancy)>set mode standby
can not set the value when the op_state is either upgrade or standalone
admin(system.redundancy)>set op-state redundancy

admin(system.redundancy)>set mode standby
admin(system.redundancy)>
Related Commands
show Displays the redundancy settings.

4.15.2 System Redundancy show Command
show
System Redundancy Commands
Displays the switch redundancy settings.
Syntax
show all
Parameters
None
Example
admin(system.redundancy)>show all
redundancy configured mode : primary

redundancy operational mode : VRRP daemon not running
redundancy operational state : standalone
heart beat interval : 3 seconds
revert delay : 5 minutes
heart beat interface : 1
Related Commands
set Sets the redundancy settings.

4.16 System SNMP Commands
snmp
system
Displays the SNMP submenu.
Syntax
admin(system)> snmp
admin(system.snmp)>

access Goes to the SNMP access submenu. page 4-71
traps Goes to the SNMP traps submenu. page 4-78
4.17 System SNMP Access Commands
access
System SNMP Commands
Displays the SNMP access menu.
Syntax
admin(system.snmp)> access
admin(system.snmp.access)>

add Adds SNMP access entries. page 4-72
delete Deletes SNMP access entries. page 4-74
list Lists SNMP access entries. page 4-76
show Shows SNMP v3 engine ID. page 4-77
4.17.1 System SNMP Access add Command
add
System SNMP Access Commands
Adds SNMP access list entries.
Syntax
add [acl|v1v2c|v3]
add acl <ip1> <ip2>

add v1v2c <comm> <access> [<oid>|all]
add v3 <user> <access> [<oid>|all] <sec> <auth> <pass1> <priv> <pass2>
Parameters
add acl <ip1> <ip2> Adds an entry to the SNMP access control list with <ip1> as the starting IP
address and <ip2> and the ending IP address.
v1v2c <comm> Adds an SNMP v1/v2c configuration.
<access> [<oid>|all] <comm> The community (131 characters)
<access> The read/write access set to (ro (read only) or rw (read/write)
<oid> The Object Identifier. <oid> is a string of 1127 numbers in dot
notation, such as 2.3.4.5.6 or all for all objects.
v3 <user> <access> Adds an SNMP v3 user definition.
[<oid> / all] <sec> <user> The username (131 characters).
<auth> <pass1> <priv>
<access> The read/write access set to ro (read only) or rw (read/write)
<pass2>
<oid> The Object Identifier. <oid> is a string of 1127 numbers in dot
notation, such as 1.3.6.1 or all for all objects)
<sec> The security type. <sec> is set to one of none, auth, or auth/priv.
The following parameters must be specified if <sec> is set to auth/priv:
<auth> The authentication algorithm. Can be one of md5 or sha1. Must
be set if <sec> is set to auth or auth/priv.
<pass1> The password (831 characters) for authentication. Must be
provided if <sec> is set to auth or auth/priv.
<priv> The privacy algorithm. Set to des or aes. Must be set if <sec> is
set to auth/priv.
<pass2> Privacy password (831 characters). Must be provided if <sec>
is set to auth/priv.
Example
admin(system.snmp.access)>add acl 209.236.24.1 209.236.24.46
admin(system.snmp.access)>list acl
----------------------------------------------------------------
index start ip end ip
----------------------------------------------------------------
1 209.236.24.1 209.236.24.46
admin(system.snmp.access)>add v3 fred rw 1.3.6.6 none

admin(system.snmp.access)>list v3 all
index : 1
username : fred
access permission : read/write
object identifier : 1.3.6.6
security level : none
auth algorithm : md5
auth password : ********
privacy algorithm : des
privacy password : ********
admin(system.snmp.access)>add v3 judy rw 1.3.6.1 auth/priv md5 changeme

des changemetoo
admin(system.snmp.access)>list v3 2
index : 2
username : judy
security level : auth/priv
privacy password : *******
4.17.2 System SNMP Access delete Command
delete
Deletes SNMP access entries.
Syntax
delete [acl|v1v2c|v3] [<idx>|all]
Parameters
delete Deletes SNMP access entries.

[acl|v1v2c|v3] acl Deletes SNMP access list entries
[<idx>|all]
v1v2c Deletes entries from the SNMP v1/v2 configuration list
v3 Deletes entries from the SNMP v3 configuration list.
<idx> Deletes entry with index <idx>
all Deletes all entries.
Example
-------------------------------------------------------------------------
-------------------------------------------------------------------------
1 209.236.24.1 209.236.24.46
admin(system.snmp.access)>delete acl all

-------------------------------------------------------------------------
-------------------------------------------------------------------------
index : 1
username : fred
index : 2
username : judy
admin(system.snmp.access)>delete v3 2
index : 1
username : fred
4.17.3 System SNMP Access list Command
list
Lists SNMP access entries.
Syntax
list [acl|v1v2c]
list v3 [<idx>|all]
Parameters
list [acl|v1v2c] acl Lists SNMP access control list entries.

v1v2c Lists SNMP v1/v2c configuration entries.
list v3 [<idx>|all] Lists SNMP v3 user definition with index <idx>. all lists all SNMP v3 user definitions.
Example
----------------------------------------------------------------
----------------------------------------------------------------
1 209.236.24.1 209.236.24.46
index : 1
username : fred
admin(system.snmp.access)>list v3 2
index : 2
username : judy
privacy password : *******
4.17.4 System SNMP Access show Command
show
Displays the SNMP v3 engine ID.
Syntax
show eid
Parameters
None
Example
admin(system.snmp.access)>show eid
WS2000 snmp v3 engine id : 0000018457D71CDFF86FD8FC
4.18 System SNMP Traps Commands
traps
System SNMP Commands
Displays the SNMP traps submenu.
Syntax
admin(system.snmp)> traps
admin(system.snmp.traps)>

add Adds SNMP trap entries. page 4-79
delete Deletes SNMP trap entries. page 4-81
list Lists SNMP trap entries. page 4-82
set Sets SNMP trap parameters. page 4-83
show Shows SNMP trap parameters. page 4-87
4.18.1 System SNMP Traps add Command
add
System SNMP Traps Commands
Adds SNMP traps.
Syntax
add [v1v2c|v3]
add v1v2c <ip> <port> <comm> <ver>

add v3 <ip> <port> <user> <sec> <auth> <pass1> <priv> <pass2>
Parameters
v1v2c <ip> <port> Adds an SNMP v1/v2c trap entry.

<comm> <ver> <ip> The destination IP address
<port> The destination UDP port number.
<comm> The community (131 characters)
<ver> The SNMP version number. (v1 or v2)
v3 <ip> <port> <user> Adds an SNMP v3 trap entry.
<sec> <auth> <pass1> <ip> The destination IP address
<priv> <pass2>
<port> The destination UDP port number.
<user> The username (131 characters).
<sec> The security type. <sec> is set to one of none, auth, or auth/priv.
The following parameters must be specified if <sec> is set to auth/priv:
<auth> The authentication algorithm. Can be one of md5 or sha1. Must
be set if <sec> is set to auth or auth/priv.
<pass1> The password (831 characters) for authentication. Must be
provided if <sec> is set to auth or auth/priv.
<priv> The privacy algorithm. Set to des or aes. Must be set if <sec> is
set to auth/priv.
<pass2> Privacy password (831 characters). Must be provided if <sec>
is set to auth/priv.
Example
admin(system.snmp.traps)>add v1v2 203.223.24.2 333 mycomm v1
admin(system.snmp.traps)>list v1v2c
----------------------------------------------------------------------
index dest ip dest port community version
----------------------------------------------------------------------
1 203.223.24.2 333 mycomm v1
admin(system.snmp.traps)>add v1v2 209.255.32.1 334 jumbo v2

admin(system.snmp.traps)>list v1v2c
----------------------------------------------------------------------
index dest ip dest port community version
----------------------------------------------------------------------
1 203.223.24.2 333 mycomm v1
2 209.255.32.1 334 jumbo v2
admin(system.snmp.traps)>add v3 192.168.103.3 80 bomuser auth md5

bomuser1
admin(system.snmp.traps)>add v3 182.168.103.4 80 blistuser auth/priv md5
blistuser des listuser
admin(system.snmp.traps)>list v3 all
index : 1
destination ip : 192.168.103.3
destination port : 80
username : bomuser
security level : auth
index : 2
username : blistuser
4.18.2 System SNMP Traps delete Command
delete
Deletes SNMP trap entries.
Syntax
delete [v1v2c|v3] [<idx>|all]
Parameters
delete Deletes SNMP access entries.

[acl|v1v2c|v3] acl Deletes SNMP access list entries
[<idx>|all]
v1v2c Deletes entries from the SNMP v1/v2 configuration list
v3 Deletes entries from the SNMP v3 configuration list.
<idx> Deletes entry with index <idx>
all Deletes all entries.
Example
index : 1
username : bomuser
security level : auth
index : 2
admin(system.snmp.traps)>delete v3 1
index : 1
4.18.3 System SNMP Traps list Command
list
Lists SNMP trap entries.
Syntax
list v1v2c
list v3 [<idx>|all]
Parameters
list v1v2c Lists SNMP v1/v2c traps entries.

list v3 [<idx>|all] Lists SNMP v3 traps definition with index <idx>. all lists all SNMP v3 traps definitions.
Example
admin(system.snmp.traps)>list v1
-------------------------------------------------------------------------
index dest ip dest port community
version
-------------------------------------------------------------------------
1 197.168.10.1 80 HTTPUser
v2
2 197.168.10.2 1056 AllUsers
v2
index : 1
4.18.4 System SNMP Traps set Command
set
Sets SNMP trap parameters.
Syntax
set [cold|cfg|lowcf|port|dos-attack|snmp-auth|snmp-acl|mu-assoc|
mu-unassoc|mu-deny-assoc|mu-deny-auth|ap-adopt|ap-unadopt|
ap-denied-adopt|ap-radar|rogue-ap|hotspot-mu-state|
user-login-failure|interface|admin-passwd-change|dyndns-update|
wids-mu|wids-radio|wids-switch|ips] <mode>
set cf-thresh <memory_kb>
set min-pkt <pkt>
set dos-rate-limit <seconds>
set rate <rate> <scope> <value>
Parameters
set [cold|cfg|lowcf|port|dos-attack|snmp-auth|snmp-acl|mu-assoc|mu-unassoc|
mu-deny-assoc|mu-deny-auth|ap-adopt|ap-unadopt|ap-denied-adopt|ap-radar|
rogue-ap|hotspot-mu-state|user-login-failure|interface|admin-passwd-change|
dyndns-update|wids-mu|wids-radio|wids-switch|ips] <mode>
Sets the different SNMP parameters. <mode> can be one of enable or disable.
cold Configuration changed trap
cfg Configuration mode trap
lowcf Low compact flash memory trap
port Physical port status change trap
dos-attack Denial of Service (DOS) attack trap
snmp-auth Authentication failure trap
snmp-acl SNMP ACL violation trap
mu-assoc MU associated trap
mu-unassoc MU un-associated trap
mu-deny-assoc MU denied association trap
mu-deny-auth MU authentication denied trap
ap-adop AP adopted trap
ap-unadop AP un-adopted trap
ap-denied-adopt AP denied trap
ap-radar AP radar trap
rogue-ap Rogue AP trap
hotspot-mu-state Hotspot MU change state trap
user-login-failure User login failure trap
ips Intrusion Prevention System trap
interface Interface status change trap
admin-passwd-change Admin password change trap

dyndns-update Dynamic DNS update trap
wids-mu WIDS MU event trap
wids-radio WIDS radio event trap
wids-switch WIDS switch event trap
cf-thresh Sets the low memory on compact flash trap to the value <memory_kb>
<memory_kb> (0 2147483647 kilobytes).
min-pkt <pkt> Sets the minimum number of packets <pkt> required for the rate traps to fire. <pkt>
can be a value in the range 0 65535.
dos-rate-limit Sets the rate limit to <seconds> ((0 2147483647 seconds) for DOS traps.
<seconds>
rate <rate> Sets the rate value for rate and scope combination for DOS traps.
<scope> <value> <rate> The rate value to monitor. Can be one of
pkts packets greater than <value> (0 9999.99).
mbps throughput greater than <value> (0 108.00) MBPS.
avg-bps bit speed less than <value> (0 108.00) MBPS.
pct-nu non unicast packets percentage greater than <value> (0 100.00)
avg-signal negative average signal worse than <value> (0 100.00)
avg-retries average retries greater than <value> (0 16.00)
pctdropped dropped packet percentage greater than <value> (0 100.00)
pct-undecrypted undecryptable packet percentage greater than <value>
(0 100.00)
assoc-mus number of associated MUs greater than <value> (0 32.00 when
scope is AP, 200.00 otherwise.)
<scope> The scope where the rate applies to. <scope> can be one of switch,
wlan, ap, mu)
<value> The value in the range as specified for each <rate>.
Allowed Range for

<rate> Choices Interpretation <value> Allowed <scope>
pkts Packets/second > <value> 0-9999.99 switch,wlan,ap,mu
mbps Throughput > <value> 0-108.00 switch,wlan,ap,mu
avg-bps Average bit speed in mbps < <value> 0-108.00 wlan,ap,mu
pct-nu % not UNICAST > <value> 0-100.00 wlan,ap,mu
avg-signal Negative average signal < <value> 0-100.00 wlan,ap,mu
avg-retries Average retries > <value> 0-16.00 wlan,ap,mu
pct-dropped % dropped packets > <value> 0-100.00 wlan,ap,mu
pct-undecrypt % undecryptable > <value> 0-100.00 wlan,ap,mu
assoc-mus Number of associated MUs > 0-200 switch,wlan,ap
<value>
NOTE: <value> can be a number with up to two decimal places, except for
assoc_mus, which must be an integer.
Example
admin(system.snmp.traps)>show trap
SNMP System Traps
snmp cold start : disable

snmp config changed : disable
low compact flash memory : disable
SNMP Network Traps
physical port status change : disable

denial of service : disable
SNMP Traps
snmp auth failure : disable

snmp acl violation : disable
SNMP MU Traps
mu associated : disable
mu unassociated : disable
mu denied association : disable
mu denied authentication : disable
SNMP AP Traps
ap adopted : disable
ap unadopted : disable
ap denied adoption : disable
ap radar detection : disable
SNMP Trap Threshold
compact flash memory threshold : 1024

min packets required for rate trap: 800
denial of service trap rate limit : 10
admin(system.snmp.traps)>set cold enable

admin(system.snmp.traps)>set port enable
admin(system.snmp.traps)>set dos-attack enable
admin(system.snmp.traps)>set mu-unassoc enable
admin(system.snmp.traps)>set ap-radar enable
admin(system.snmp.traps)>set min-pkt 1000
SNMP System Traps
snmp cold start : enable

SNMP Network Traps
physical port status change : enable

denial of service : enable
SNMP Traps

SNMP MU Traps
mu unassociated : enable
SNMP AP Traps
ap radar detection : enable
SNMP Trap Threshold

4.18.5 System SNMP Traps show Command
show
Shows SNMP trap parameters.
Syntax
show [trap|rate-trap]
Parameters
show [trap|rate-trap] Displays trap settings.

trap Displays SNMP trap parameter settings.
rate-trap Shows SNMP rate-trap parameter settings.
Example
SNMP System Traps
snmp cold start : enable

SNMP Network Traps
physical port status change : enable

denial of service : enable
SNMP Traps

SNMP MU Traps
mu unassociated : enable
SNMP AP Traps
ap radar detection : enable
SNMP Trap Threshold

admin(system.snmp.traps)>show rate-trap
SNMP Switch Rate Traps
pkts/s greater than : disable

throughput(Mbps) greater than : disable
num of associated mu greater than : disable
SNMP Wlan Rate Traps

avg bit speed(Mbps) less than : disable
pct non-unicast greater than : disable
-average signal worse than : disable
average retry greater than : disable
pct dropped greater than : disable
pct undecryptable greater than : disable
SNMP Portal Rate Traps

SNMP Mu Rate Traps

4.19 System SSH Commands
ssh
system
Displays the secure shell (SSH) submenu.
Syntax
admin(system)> ssh
admin(system.ssh)>

set Sets SSH parameters page 4-90
show Shows SSH parameters. page 4-91
4.19.1 System SSH set Command
set
System SSH Commands
Sets secure shell parameters for system access.
Syntax
set auth-timeout <authentication timeout>
set inactive-timeout <inactive timeout>
Parameters
auth-timeout Sets the maximum time <authentication timeout> (065535 seconds) allowed for
<authentication SSH authentication to occur before executing a timeout.
timeout>
inactive-timeout Sets the maximum amount of inactive time <inactive timeout> (065535 seconds)
<inactive timeout> for an SSH connection before a timeout occurs and the user is dropped.
Example
admin(system.ssh)>set auth-timeout 60
admin(system.ssh)>set inactiv 2000
admin(system.ssh)>show all
Authentication Timeout : 60
SSH Client Inactivity Timeout : 2000
admin(system.ssh)>
Related Commands
show all Shows the SSH parameter values.

4.19.2 System SSH show Command
show
System SSH Commands
Shows secure shell timeout parameters.
Syntax
show all
Parameters
None
Example
admin(system.ssh)>set auth-timeout 60
admin(system.ssh)>set inactiv 2000
admin(system.ssh)>show all
Authentication Timeout : 60
SSH Client Inactivity Timeout : 2000
admin(system.ssh)>
Related Commands
set Sets the values for the secure shell timeout parameters.
4.20 System User Database Commands
userdb
system
Displays the userdb submenu.
Syntax
admin(system)> userdb
admin(system.userdb)>

user Goes to the user submenu. page 4-103
group Goes to the group submenu. page 4-93
4.21 System User Database Group Commands
group
System User Database Commands
Displays the group submenu.
Syntax
admin(system.userdb)> group
admin(system.userdb.group)>

create Creates a new group. page 4-95
delete Deletes a group. page 4-96
clearall Deletes all the listed groups page 4-98
add Adds a user to a group. page 4-94
remove Removes a user from a group. page 4-99
set Sets group parameters. page 4-100
show Shows the existing groups. page 4-102
4.21.1 System Userdb Group add Command
add
System User Database Group Commands
Adds a user to a group.
Syntax
add <userid> <group>
Parameters
add <userID> Adds the user specified by <userID> to the group <groupID>. <userID> must
<groupID> already be defined in the database. User the add command from the
(system.userdb.users) menu to add a new user.
Example
admin(system.userdb.group)>add fred g1
admin(system.userdb.group)>add joe g1
admin(system.userdb.group)>add joe g2
admin(system.userdb.group)>show user g1
List of Users of Group :
fred
joe
admin(system.userdb.group)>show user g2
joe
Related Commands
show users Displays a list of users in a group.

4.21.2 System Userdb Group create Command
create
Creates a new group.
Syntax
create <group> <vlan-id>
Parameters
create <group> <vlan-id> Creates a new group with the ID <group>. <group> can be an alphanumeric
string. Users in the group are automatically assigned the vlan-id as specified
by <vlan-id>.
Example:
admin(system.userdb.group)>create g1 10
admin(system.userdb.group)>show groups
List of Group Names :
Groupname : g1
Guest Group : NO
VanId : 10
Start Time : 0000
Expiry Time : 2359
Access on Days : All
Related Commands
delete Deletes a group.

show groups Displays a list of groups in the database.
4.21.3 System Userdb Group delete Command
delete
Deletes a group from the database.
Syntax
delete <group>
Parameters
delete <groupID> Deletes the group <group> from the database. A warning occurs if there are still
users assigned to that group.
Example
Groupname : g1
Guest Group : NO
VanId : 10
Start Time : 0000
Expiry Time : 2359
Groupname : g2
Guest Group : NO
VanId : 6
Start Time : 0000
Expiry Time : 2359
Groupname : g3
Guest Group : NO
VanId : 1
Start Time : 0000
Expiry Time : 2359
admin(system.userdb.group)>delete g2
Groupname : g1
Guest Group : NO
VanId : 10
Start Time : 0000
Expiry Time : 2359
Groupname : g3
Guest Group : NO
VanId : 1
Start Time : 0000
Expiry Time : 2359
Related Commands
add Adds users to a group.

show user Displays a list of users in a group.
4.21.4 System Userdb Group clearall Command
clearall
Clears all the groups in the Groups list. Before clearing all the groups, ensure that no user account is
associated to the groups.
Syntax
clearall
Parameters
None
Example
Groupname : g1
Guest Group : NO
VanId : 10
Start Time : 0000
Expiry Time : 2359
Groupname : g3
Guest Group : NO
VanId : 1
Start Time : 0000
Expiry Time : 2359
Groupname : g2
Guest Group : NO
VanId : 15
Start Time : 0000
Expiry Time : 2359
admin(system.userdb.group)>clearall
No Groups
4.21.5 System Userdb Group remove Command
remove
Removes a user from a group.
Syntax
remove <userid> <group>
Parameters
remove <userid> Removes the user <userid> from the group <group>.
<group>
Example
admin(system.userdb.group)>show users g1
John
Jane
admin(system.userdb.group)>remove Jane g1
John
Related Commands
add Adds a user to a group.

show users Shows a list of users in a group.
4.21.6 System Userdb Group set Command
set
Sets the different group parameters.
Syntax
set [vlan|day-access|guest-group|start-time|end-time]
set [start-time|end-time} <time>

set vlan <group> <vlan>
set day-access <group> [all|weekdays|<days>]
set guest-group <group>
Parameters
vlan <group> <vlan> Sets the vlan id of a group <group> to <vlan> (1 4094).
start-time <group> Sets the time when a user belonging to a group <group> can start authenticating
<time> (login) with the WS2000. Start-time is in 24hr format.
end-time <group> Sets the time after which a user belonging to a group <group> cannot
<time> authenticate (login) with the WS2000. End-time is in 24hr format.
day-access <group> Sets the access days for a group <group>.
[all|weekdays|<days> all Sets the access days to all days of the week including Saturdays and
Sundays.
weekday Sets the access days to all week days excluding Saturdays and
Sunday.
<days> Sets the access days as specified. Each item in this list is to be
separated by a space. <days> can be mo, tu, we, th, fr, sa, su.
guest-group <group> Sets the group identified by <group> as a guest group.
Example
admin(system.userdb.group)> set vlan Group1 1
admin(system.userdb.group)> set start-time Group1 0730
admin(system.userdb.group)> set end-time Group1 2230
admin(system.userdb.group)> set day-access Group1 mo tu we fr sa su
admin(system.userdb.group)> show groups
Groupname : GroupOfAdmins
Guest Group : NO
VanId : 1
Start Time : 0000
Expiry Time : 2359
Groupname : GroupOfLevel1Users
Guest Group : NO
VanId : 1
Start Time : 0730
Expiry Time : 2230
Access on Days : Mo Tu We Fr Sa Su
admin(system.userdb.group)> set guest-group Group1

admin(system.userdb.group)>set guest-group guests
Groupname : g1
Guest Group : NO
VanId : 10
Start Time : 0000
Expiry Time : 2359
Groupname : g2
Guest Group : NO
VanId : 6
Start Time : 0600
Expiry Time : 2000
Access on Days : Weekdays
Groupname : guests
Guest Group : YES
VanId : 9
Start Time : 0000
Expiry Time : 2359
4.21.7 System Userdb Groups show Command
show
Shows the existing groups.
Syntax
show [groups|users <group>]
Parameters
show [groups| Displays user database groups information.

users <group>] group Displays a list of the defined groups.
users <group> Displays a list of users in group <group>.
Example
Groupname : g1
Guest Group : NO
VanId : 1
Start Time : 0000
Expiry Time : 2359
Groupname : g2
Guest Group : NO
VanId : 1
Start Time : 0000
Expiry Time : 2359
Access on Days : ALL
Groupname : g3
Guest Group : NO
VanId : 1
Start Time : 0000
Expiry Time : 2359
Admin
L1User
Related Commands
create Creates a new group.

delete Deletes a group.
set Sets group parameters
4.22 System User Database User Commands
user
System User Database Commands
Displays the user submenu.
Syntax
admin(system.userdb)> user
admin(system.userdb.user)>

add Adds a new user to the database. page 4-104
del Deletes a user from the database. page 4-105
clearall Removes all User IDs page 4-106
set Sets the password for a user. page 4-107
show Shows a list of users and group information about a user. page 4-108
guest Manages guest users page 4-109
4.22.1 System Userdb User add Command
add
System User Database User Commands
Adds a new user to the database.
Syntax
add <userid> <password>
Parameters
add <userid> <password> Adds a user to the database with the ID <userid> and password
<password> (1 8 characters).
Example
admin(system.userdb.user)>add fred fredpass
admin(system.userdb.user)>add joe joepass
admin(system.userdb.user)>add sally sallypa
List of User Ids :
fred
joe
sally
Related Commands
show users Show a list of the users in the database.

del Deletes a user from the database.
4.22.2 System Userdb User del Command
del
Deletes a user from the database.
Syntax
del <userid>
Parameters
del <userid> Deletes the user with the ID <userid> from the database.
Example
admin(system.userdb.user)>show users
List of User Ids : Guest User :
John NO
Jane NO
Bill NO
Amanda NO
admin(system.userdb.user)>del Bill
John NO
Jane NO
Amanda NO
Related Commands
add Adds a user to the database.

show users Displays a list of users in the database.
4.22.3 System Userdb User clearall Command
clearall
Clears all the users from the local database.
Syntax
clearall
Parameters
None
Example
John NO
Jane NO
Bill NO
Amanda NO
admin(system.userdb.user)> clearall
admin(system.userdb.user)> show users
entries = 0
No Users
4.22.4 System Userdb User set Command
set
Sets the password for a user.
Syntax
set <userid> <password>
Parameters
set <userID> Resets the password for user with <userid> to <password>.
<password>
Example
admin(system.userdb.user)>set fred frednew
Related Commands
add Adds a new user.

4.22.5 System Userdb Users show Command
show
Shows a list of users and group membership for a particular user.
Syntax
show [groups <userid>|users]
Parameters
show Displays group membership and user information.

[groups <userid>|users] groups <userid> Displays the list of groups that a user with <userid>
belongs.
users Displays a list of all defined users in the database.
Example
admin(system.userdb.user)>show user
John NO
Jane NO
Bill NO
Amanda
NOadmin(system.userdb.user)>..
admin(system.userdb.user)>group
admin(system.userdb.group)>create g1
admin(system.userdb.group)>add John g1
admin(system.userdb.group)>..
admin(system.userdb.user)>user
admin(system.userdb.user)>show groups John
List of Groups of user :
g1
Related Commands
add Add a user to the database.

4.23 System User Database User Guest commands
guest
Displays the Guest submenu.
Syntax
admin(system.userdb.user)> guest
admin(system.userdb.guest)>

set Sets the parameters for guest users. page 4-110
show Shows the list of guest users page 4-111
clear Clears guest users and guest groups. page 4-112
4.23.1 System Userdb User Guest set Command
set
Sets the parameters for guest users.
Syntax
set [guest-user|start-date|expiry-date]
set guest-user <guest-user> <guest-group>

set start-date <guest-user> <date-time>
set expiry-date <guest-user> <date-time>
Parameters
guest-user Adds the guest user <guest-user> to the guest user group <guest-group>.
<guest-user>
<guest-group>
start-date Sets the start date for a guest user <guest-user>. This is the date and time
<guest-user> combination from when a guest user can access the resources. <date-time> value
<date-time> must be in the MM:DD:YYYY-hh:mm format (02:24:2008-21:06).
expiry-date Sets the date when the guest user account <guest-user> expires. This is the date and
<guest-user> time combination after which the account becomes inactive. <date-time> value must
<date-time> be in the MM:DD:YYYY-hh:mm format (02.24:2008-21:06).
Example
admin(system.userdb.user.guest)> set guest-user guest1 GroupOfGuestUsers
admin(system.userdb.user.guest)> show users
Guest Username : guest1

Belongs to Group : GroupOfGuestUsers
Start Date Time : 01:16:1970-01:10
Expiry Date Time : 01:17:1970-01:10
admin(system.userdb.user.guest)> set start-date guest1 01:01:2008-00:00

admin(system.userdb.user.guest)> set expiry-date guest1 01:31:2008-23:59

Start Date Time : 01:01:2008-00:00
4.23.2 System Userdb User Guest show Command
show
Displays information for guest users and guest user groups.
Syntax
show [groups|users]
Parameters
show [guests|users] Displays guest information.

groups Displays the list of guest user groups
users Displays the list of guest users.
Example

Start Date Time : 01:01:2008-00:00
admin(system.userdb.user.guest)> show groups
Guest Groupname : GroupOfGuestUsers

VanId : 1
Start Time : 0000
Expiry Time : 2359
Access on Days : Weekdays
4.23.3 System Usredb User Guest clear Command
clear
Clears all guest user and guest user groups from the local database.
Syntax
clear [guest-group|guest-user]
clear guest-group <guest-group>

clear guest-user <guest-user>
Parameters
guest-group Clears the guest group indicated by <guest-group>

<guest-group>
guest-user Clears the guest user indicated by <guest-user>
<guest-user>
Example
admin(system.userdb.user.guest)> clear guest-group GroupOfGuestUsers
admin(system.userdb.user.guest)> clear guest-user guest1
admin(system.userdb.user.guest)> show groups
No Guest Groups
4.24 System WS2000 Commands
WS2000
system
Displays the WS 2000 submenu.
Syntax
admin(system)> ws2000
admin(system.ws2000)>

add Adds an administrative user page 4-114
delete Removes an administrative user page 4-115
restart Restarts the WS 2000 Wireless Switch page 4-116
set Sets WS 2000 system parameters. page 4-117
show Shows WS 2000 system parameter settings. page 4-120
4.24.1 System WS2000 add Command
add
System WS2000 Commands
Adds a device that is allowed administrative access to the switch over WLAN.
Syntax
add administrator <ip>
Parameters
add administrator Adds the device specified by <ip> as an administrator for this device.
<ip>
Example
admin(system.ws2000)> add administrator 192.168.0.10
4.24.2 System WS2000 delete Command
delete
Removes a device that is allowed administrative access to the switch over WLAN.
Syntax
delete administrator [<ip>|all]
Parameters
delete administrator Removes the specified device that is allowed administrative access of the
[<ip>|all] switch from WLAN .
<ip> Removes the device specified by <ip>.
all Removes all devices
Example
admin(system.ws2000)> delete administrator 192.168.0.10
admin(system.ws2000)> delete administrator all
4.24.3 System WS2000 restart Command
restart
Restarts the WS 2000 Wireless Switch.
Syntax
restart
Parameters
None
Example
admin(system.ws2000)>restart
Restarting system.
WS 2000 Wireless Switch 2.4.0.0-011B

Copyright(c) Motorola Inc. 2003-2008. All rights reserved.
Press escape key to run boot firmware ........
Power On Self Test
testing ram : pass

testing nor flash : pass
testing nand flash : pass
testing ethernet : pass
...
Starting iGateway Apps(1)....

Starting iGateway Apps(2)....
Using switch.o
Starting Wireless Switch....
Configuring iGateway....
Starting SNMP....
Using led.o
Starting WS2000 CLI....
Login:
4.24.4 System WS2000 set Command
set
Sets WS 2000 system parameters.
Syntax
set [airbeam|ftp|ssh|applet|cc|cli|email|loc|name|domain-name|snmp|
timeout|limited-access|dns-ip]
set airbeam [mode|passwd|logging]

set airbeam mode <mode>
set airbeam passwd <password>
set airbeam logging <mode>
set [ftp|ssh|snmp] [lan|wan] [mode <mode>|logging <mode>]
set [applet|cli] [lan|wan|slan|swan] [mode <mode>|logging <mode>]
set email <email>

set cc <country-code>
set loc <location>
set name <device-name>
set domain-name <domain>
set timeout <timeout>
set limited-access <mode>
set dns-ip <ip>;
Parameters
airbeam mode <mode> Enables or disables airbeam access. <mode> can be one of enable or disable.
airbeam passwd Sets the airbeam password to <passwd> (139 characters).
<passwd>
airbeam logging Sets the logging mode for airbeam access.<mode> can be one of enable or
<mode> disable.
applet Configures access to the applet.
[lan|wan|slan|swan] lan mode <mode> Enables/disables http applet access from LAN.
[mode <mode>|
wlan mode <mode> Enables/disables http applet access from WAN.
logging <mode>]
slan mode <mode> Enables/disables https applet access from LAN.
swan mode <mode> Enables/disables https applet access from WAN.
<mode> can be one of enable or disable.
logging <mode> Enables/disables logging for each access type.
cc <country-code> Sets the WS2000 two-letter country code to <country-code>.
cli [lan|wan|slan|swan] Configures access to the Command Line Interface (CLI).

[mode <mode>| lan mode <mode> Enables/disables http applet access from LAN.
logging <mode>]
slan mode <mode> Enables/disables https applet access from LAN.
swan mode <mode> Enables/disables https applet access from WAN.
email Sets the WS2000 admin email address to <email> (159 characters).
<email>
ftp [lan|wan] [mode Configures access to FTP
<mode>| lan mode <mode> Enables/disables http applet access from LAN.
logging <mode>]
loc <location> Sets the WS2000 system location to <location> (159 characters).
name <device-name> Sets the WS2000 system name to <device-name> (159 characters).
ssh [lan|wan] [mode Configures secure shell access (SSH) to the device.
logging <mode>]
snmp [lan|wan] [mode Configures SNMP access to the device.
logging <mode>]
timeout <time-out> Sets the idle timeout to <time-out> value in minutes (01440). Setting the value
to 0 indicates not to timeout.
limited-access <mode> Enables/disables management access to the WS2000 across subnets. When
enabled, administrative access to the subnet interface is available only from
hosts in the same subnet. When disabled, hosts from any subnet can access any
subnets interface. <mode> can be one of enable or disable.
dns-ip <ip> Sets the IP address of the Domain Name Server to resolve domain names to the
IP address <ip>.
domain-name <domain- Sets the name of the domain to <domain-name> for this WS2000.
name>
Example
admin(system.ws2000)>show all
system name : Atlanta1

system location : Atlanta Field Office
system Domain Name : docteam.motorola.com
admin email address : LeoExample@motorola.com
system uptime : 0 days 4 hours 33 minutes

WS2000 firmware build time : Sat-May-31-00:42:16-IST-2008
country code : us
applet http access from lan : enable
applet http access from wan : enable
applet https access from lan : enable
applet https access from wan : enable
cli telnet access from lan : enable
cli telnet access from wan : enable
snmp access from lan : enable
snmp access from wan : enable
airbeam/ftp lan access mode : disable
airbeam/ftp wan access mode : disable
ssh wan access mode : enable
ssh lan access mode : enable
airbeam access user name : airbeam
airbeam access password : ********
http/s timeout interval in minutes: 0
limit ws2000 access : disable
System Wide DNS IP Address : 192.168.0.1
admin(system.ws2000)>set name BldgC

admin(system.ws2000)>set email johndoe@motorola.com
admin(system.ws2000)>set applet lan enable
admin(system.ws2000)>set airbeam mode enable
admin(system.ws2000)>set airbeam passwd changeme
system name : BldgC

admin email address : johndoe@motorola.com
country code : us
4.24.5 System WS2000 show Command
show
Shows WS 2000 system information.
Syntax
show all
Parameters
None
Example
system name : Atlanta1

admin email address : LeoExample@motorola.com
country code : us
4.25 System CF commands
cf
system
Displays the CF submenu.
Syntax
admin(system)> cf
admin(system.cf)>

ls Lists the content of the CF card page 4-122
4.25.1 System CF ls Command
ls
System CF commands
Displays the CF cards contents.
Syntax
ls {<directory-name>}
Parameters
ls <directory-name> Lists the contents of the CF card. The <directory-name> parameter is optional.
Example
admin(system.cf)> ls
.
..
mf12.bin
mf_02020200003R.bin
admin(system.cf)>
admin(system.cf)>
4.26 System HTTP commands
http
system
Displays the http submenu.
Syntax
admin(system)> http
admin(system.http)>

import Imports the Secured HTTP self certificate page 4-124
show Shows all the Secured HTTP certificates. page 4-125
4.26.1 System HTTP import Command
import
System HTTP commands
Imports Secured HTTP self certificates.
Syntax
import self <cert-id>
Parameters
import self <cert-id> Imports the Secured HTTP Self Certificate identified by the ID <cert-id>.
Example
admin(system.http)> import self 1
4.26.2 System HTTP show Command
show
System HTTP commands
Displays all Secure HTTP certificates on this device.
Syntax
show all
Parameters
None
Example
admin(system.http)> show all
http self certificate : default
admin(system.http)>
4.27 System Test Commands
test
system
Displays the test submenu.
Syntax
admin(system)> test
admin(system.test)>

set Sets the different test parameters page 4-127
show Displays the different test parameters and their set values. page 4-128
4.27.1 System Test set Command
set
System Test Commands
Configures the different test parameters.
Syntax
set flow
hbt
wd
pmd
rs
wme
padding
parp
sip-portcheck
weighted-wme
int1
hosts
mu_limit
int4
str1
str2
str3
str4
interval
4.27.2 System Test show Command
show
System Test Commands
Displays the test parameters.
Syntax
show all
Parameters
None
Example
admin(system.test)> show all
admin(system.test)>show all
half fc window for ap100 val : [ 0x0000 ........ .......0 ]

broadcasts in psp val : [ 0x0000 ........ ......1. ]
drop bc pre wep val : [ 0x0000 ........ .....1.. ]
rate scale disable val : [ 0x0000 ........ ....0... ]
wireless disable val : [ 0x0000 ........ ...0.... ]
psp fix more data val : [ 0x0000 ........ ..0..... ]
wpa2 tkip disabled val : [ 0x0000 ........ .0...... ]
wpa ie before rsn ie val : [ 0x0000 ........ 0....... ]
disable wpa countermeasures val : [ 0x0000 .......0 ........ ]
WME enable : [ 0x0000 ......0. ........ ]
Wisp alignment padding enable : [ 0x0000 .....1.. ........ ]
Proxy arp enable : [ 0x0000 ....1... ........ ]
Weighted WME enable : [ 0x0000 ...0.... ........ ]
ARP Check enable : [ 0x0000 ..1..... ........ ]
SIP src/dst port check : [ 0x0000 .1...... ........ ]
int1 : 00006C06
max lan hosts : 200
max clients/Portal : 64
int4 : 00000000
str1 :
str2 :
str3 :
str4 :
Statistics Commands
Statistics commands are used to view the different statistical information of the WS2000 Wireless Switch.
5.1 stats
Admin Menu Commands
Use the stats command to go to the Stats menu
admin>stats
admin(stats)>
The following commands are available under the Stats menu:

show Shows system status and statistics page 5-2
rf Goes to the RF Submenu page 5-5
5.2 Stats Show Command
show
stats
Displays the system status and statistics for either the specified subnet or the WAN.
Syntax
show [leases|subnet|wan|stp|ips]
show leases
show subnet <idx>
show wan
show stp <idx>
show ips [global-stats|category-stats]
show ips global-stats
show ips category-stats <category-name>
Parameters
show leases Show the leases issued by the switch.

show subnet <idx> Shows subnet status, where <idx> (16) is the index number of the subnet (LAN)
to show.
show wan Shows WAN status.
show stp <idx> Shows the LAN Spanning Tree Protocol statistics for the subnet <idx> (1-6).
show ips global-stats Shows the IPS Global statistics
show ips category-stats Show the IPS statistics for a category. Select <category> from:
<category> TELNET, POP3, IMAP, NNTP, FTP, SNMP, TCPDNS, UDPDNS, TCPRPC,
UDPRPC, HTTP, SMTP, TCPGEN, UDPGEN, TCP, UDP, ICMP, IP
To display stats for all IPS signature categories do not pass any parameter to
<category>.
Example
show subnet example
admin(stats)>show subnet 1
LAN Interface Information
subnet interface 1 : enable
ip address 1 : 192.168.0.1
network mask : 255.255.255.0
ethernet address : 00A0F86FD8FD
LAN Rx Information
rx packets : 236530
rx bytes : 31581419
rx errors : 0
rx dropped : 0
rx overruns : 0
rx frame errors : 0
LAN Tx Information
tx packets : 100101
tx bytes : 40811508
tx errors : 0
tx dropped : 0
Statistics Commands 5-3
tx overruns : 0
tx carrier errors : 0
Port 1
link status : up
speed : 100 Mbps
Port 2
link status : up
speed : 100 Mbps
Port 3
link status : down
Port 4
link status : down
Port 5
link status : down
Port 6
link status : down
WLAN Interfaces
wlans : wlan1
show wan example

admin(stats)>show wan
WAN Interface Information
wan interface 1 : enable
ip address 1 : 192.168.24.198
wan interface 2 : disable
ip address 2 : 192.168.24.198
ip address 3 : 192.168.24.198
ip address 4 : 192.168.24.198
ip address 5 : 192.168.24.198
ip address 6 : 192.168.24.198
ip address 7 : 192.168.24.198
ip address 8 : 192.168.24.198
network mask : 255.255.255.0
ethernet address : 00A0F86FD8FC
link status : up
speed : 100 Mbps
WAN Rx Information
rx packets : 226809
rx bytes : 311719105
rx errors : 1
rx dropped : 0
rx overruns : 0
rx frame errors : 1
WAN Tx Information
tx packets : 5499
tx bytes : 559567
tx errors : 0
tx dropped : 0
tx overruns : 0
tx carrier errors : 0
show ips global-stats example.

admin(stats)>show ips global-stats
IPS GLOBAL STATISTICS
================================================
Number of Packets Received : 124832934
Number of Packets Processsed : 124832899
Number of Packets Dropped : 35
Number of Connecti ns Disconnected: 6
show ips category-stats example.

admin(stats)>show ips category-stats TCP
Category Name : TCP

Number of rules : 6
Number of alerts : 18
Number of logs : 9
Number of pkts droped : 45
Number of disconnection : 1
show stp example:

admin(stats)>show stp 1
LAN1 Spanning Tree Info:

Spanning Tree : enable
Designated Root : 8000.00157000C851
Bridge ID : 8000.00157000C851
Root Port : 0
Root Path Cost : 0
Bridge Max Msg Age : 20
Bridge Hello Time : 2
Bridge Forward Delay : 15
Port Interface Table:

-------------------------------------------------------------------------
Designated Designated Designated
Port - State - Cost - Root - Bridge - Port -
Designated
Cost
-------------------------------------------------------------------------
ixp0v0 Fwding 100 8000.00157000C851 8000.00157000C851 8001 0
ixp1v0 Fwding 100 8000.00157000C851 8000.00157000C851 8002 0
5.3 Statistics RF Commands
rf
stats
Displays the RF statistics submenu.
Syntax
admin(stats)> rf
admin(stats.rf)>

show Shows RF statistics. page 5-7
reset Resets/clears all RF statistics. page 5-6
5.3.1 Stats RF reset Command
reset
Statistics RF Commands
Resets/clears all RF statistics.
Syntax
reset
Parameters
None
Example
admin(stats.rf)>reset
admin(stats.rf)>
5.3.2 Stats RF show Command
show
Statistics RF Commands
Shows radio frequency (RF) statistics.
Syntax
show [all|wlan|ap|mu|mesh-base|mesh-client|total]
show all [wlan|ap|mu|mesh-base|mesh-client]

show wlan <idx>
show ap <idx>
show mu <mu>
show mesh-base <base>
show mesh-client <client>
show total
Syntax:
show all [wlan|ap|mu| Shows all statistics for:

mesh-base|mesh-client] wlan Shows all WLAN status.
ap Shows all Access Port status.
mu Shows all mobile unit (MU) status.
mesh-base Shows all mesh-base statistics
mesh-client Shows all mesh-client statistics
show wlan <idx> Shows the specified WLANs statistics, where <idx> is the index number of the
WLAN.
show ap <idx> Shows the specified Access Ports statistics, where <idx> is the index number
of the Access Port (112).
show mu <mu> Shows the specified mobile units statistics, where <mu> is the index number of
the mobile unit (1200).
show mesh-base <base> Shows the statistics for the mesh base with index <base> (1-36).
show mesh-client Shows the statistics for the mesh client with index <client> (1-72).
<client>
show total Shows total switch statistics.
Example
admin(stats.rf)>show all wlan
Index : 1
Name : WLAN1
Status : Enabled
Index : 2
Name : WLAN2
Status : Disabled
Index : 3
Name : WLAN3
Status : Disabled
Index : 4
Name : WLAN4
Status : Disabled
Index : 5
Name : WLAN5
Status : Disabled
Index : 6
Name : WLAN6
Status : Disabled
Index : 7
Name : WLAN7
Status : Disabled
Index : 8
Name : WLAN8
Status : Disabled
admin(stats.rf)>show wlan 1
Name : WLAN1
ESSID : 101
Subnet : Subnet1
Adopted APs : 2
Number of Associated MUs : 0
Packets per second : 0.00 pps

Throughput : 0.00 Mbps
Average Bit Speed : 0.00 Mbps
Non-Unicast Packets : 0.00 %
Signal : 0.0 dBm

Noise : 0.0 dBm
Signal-to-Noise : 0.0 dBm
Average Number of Retries : 0.00 Retries

Dropped Packets : 0.00 %
Undecryptable Packets : 0.00 %
admin(stats.rf)>show all ap
ap index : 1
ap index : 2
ap status : connected
ap index : 3
ap index : 4
ap index : 5
ap index : 6
ap index : 7
ap index : 8
ap index : 9
ap index : 10
ap index : 11
ap index : 12
admin(stats.rf)>show ap 2
Name : AP2
Location :
Radio Type : 802.11 B
Current Channel : 1
Adopted By : WLAN1
Number of Associated Mus : 0
Packets per second : 0.13 pps

Throughput : 0.00 Mbps
Average Bit Speed : 0.00 Mbps
Approximate Utilization : 0.00 %
Non-Unicast Packets : 100.00 %
Signal : 0.0 dBm

Noise : 0.0 dBm
Signal-to-Noise : 0.0 dBm
Average Number of Retries : 0.00 Retries

Dropped Packets : 0.00 %
Undecryptable Packets : 0.00 %
MOTOROLA INC.
1303 E. ALGONQUIN ROAD
SCHAUMBURG, IL 60196
http://www.motorola.com
72E-121351-01 Revision A
February 2009

WS2000 CRG 72e-121351-01 Reva en PDF

Diunggah oleh

Informasi Dokumen

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

WS2000 CRG 72e-121351-01 Reva en PDF

Diunggah oleh

Hak Cipta:

Format Tersedia

M

WS2000 Wireless Switch

Chapter 1: Product Overview

Chapter 2: Admin and Common Commands

Chapter 3: Network CLI Commands Reference

3.13 Network Firewall Policy Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-63

3.30 Network WAN NAT Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-149

Chapter 4: System CLI Commands Reference

Chapter 5: Statistics Commands

1.1 WS2000 Wireless Switch CLI Reference Guide

1.1.1 About this Document

1.1.2 Document Conventions

NOTE: Indicates special tips or requirements

| The pipe symbol. This is used to separate the variables/keywords in a list.

1.2 System Overview

1.2.1 Management of Access Ports

1.2.1.1 Firewall Security

1.2.1.2 Wireless LAN (WLAN) Security

1.2.1.3 VPN Security

1.3 Hardware Overview

1.3.1 Technical Specifications

1.3.1.2 Power Specifications

1.3.1.3 Environmental Specifications

1.3.2 WS 2000 Wireless Switch LED Functions

1.4 Software Overview

1.4.1 Operating System (OS) Services

1.4.2 Cell Controller Services

1.4.3 Gateway Services

2.1 Common Commands

Command Description Ref.

help : display general user interface help

2.1.2 help Command

? : display command help - Eg. ?, show ?, s?

2.1.3 quit Command

2.1.4 save Command

2.2 Admin Menu Commands

Command Description Ref.

2.2.1 passwd Command

passwd Passwords for the Administrator, Guest-admin, and Manager accounts

Old Admin Password:******

2.2.2 summary Command

WS2000 firmware version : 2.4.0.0-005X

ess identifier : Bharat

ess identifier : 102

ess identifier : 103

ess identifier : 104

ess identifier : 105

ess identifier : 106

ess identifier : 107

ess identifier : 108

subnet interface : enable

subnet interface : disable

subnet interface : disable

subnet interface : disable

subnet interface : disable

subnet interface : disable

Command Description Ref.

3.2 Network AP Commands

Command Description Ref

3.2.1 Network AP add Command

<idx> The WLAN ID (1-8)

3.2.2 Network AP copydefaults Command

<idx> The id of the AP to copy the defaults to