3Com 3CRWX440095A, 3CRWX120695A User Manual
Wireless LAN Mobility System
Wireless LAN Switch and Controller
Command Reference
3CRWX120695A, 3CRWX440095A
http://www.3com.com/
Part No. 730-9502-0072, Revision B
Published April 2005
3Com Corporation
350 Campus Drive
Marlborough, MA USA
01752-3064
Copyright © 2004, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced
in any form or by any means or used to make any derivative work (such as translation, transformation, or
adaptation) without written permission from 3Com Corporation.
3Com Corporation reserves the right to revise this documentation and to make changes in content from time
to time without obligation on the part of 3Com Corporation to provide notification of such revision or change.
3Com Corporation provides this documentation without warranty, term, or condition of any kind, either
implied or expressed, including, but not limited to, the implied warranties, terms or conditions of
merchantability, satisfactory quality, and fitness for a particular purpose. 3Com may make improvements or
changes in the product(s) and/or the program(s) described in this documentation at any time.
If there is any software on removable media described in this documentation, it is furnished under a license
agreement included with the product as a separate document, in the hard copy documentation, or on the
removable media in a directory file named LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy,
please contact 3Com and a copy will be provided to you.
UNITED STATES GOVERNMENT LEGEND
If you are a United States government agency, then this documentation and the software described herein are
provided to you subject to the following:
All technical data and computer software are commercial in nature and developed solely at private expense.
Software is delivered as “Commercial Computer Software” as defined in DFARS 252.227-7014 (June 1995) or
as a “commercial item” as defined in FAR 2.101(a) and as such is provided with only such rights as are
provided in 3Com’s standard commercial license for the Software. Technical data is provided with limited rights
only as provided in DFAR 252.227-7015 (Nov 1995) or FAR 52.227-14 (June 1987), whichever is applicable.
You agree not to remove or deface any portion of any legend provided on any licensed program or
documentation contained in, or delivered to you in conjunction with, this User Guide.
Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may
not be registered in other countries.
3Com is a registered trademark of 3Com Corporation. The 3Com logo is a trademark of 3Com Corporation.
Mobility Domain, Mobility Point, Mobility Profile, Mobility System, Mobility System Software, MP, MSS, and
SentrySweep are trademarks of Trapeze Networks, Inc.
Intel and Pentium are registered trademarks of Intel Corporation. Microsoft, MS-DOS, Windows, Windows XP,
and Windows NT are registered trademarks of Microsoft Corporation.
All other company and product names may be trademarks of the respective companies with which they are
associated.
ENVIRONMENTAL STATEMENT
It is the policy of 3Com Corporation to be environmentally-friendly in all operations. To uphold our policy, we
are committed to:
Establishing environmental performance standards that comply with national legislation and regulations.
Conserving energy, materials and natural resources in all operations.
Reducing the waste generated by all operations. Ensuring that all waste conforms to recognized environmental
standards. Maximizing the recyclable and reusable content of all products.
Ensuring that all products can be recycled, reused and disposed of safely.
Ensuring that all products are labelled according to recognized environmental standards.
Improving our environmental record on a continual basis.
End of Life Statement
3Com processes allow for the recovery, reclamation and safe disposal of all end-of-life electronic components.
Regulated Materials Statement
3Com products do not contain any hazardous or ozone-depleting material.
Environmental Statement about the Documentation
The documentation for this product is printed on paper that comes from sustainable, managed forests; it is
fully biodegradable and recyclable, and is completely chlorine-free. The varnish is environmentally-friendly, and
the inks are vegetable-based with a low heavy-metal content.
CONTENTS
ABOUT THIS GUIDE
Conventions 17
Documentation 18
Documentation Comments 19
1 USING THE COMMAND-LINE INTERFACE
Overview 21
CLI Conventions 22
Command Prompts 22
Syntax Notation 22
Text Entry Conventions and Allowed Characters 23
MAC Address Notation 23
IP Address and Mask Notation 24
User Globs, MAC Address Globs, and VLAN Globs 24
Port Lists 26
Virtual LAN Identification 27
Command-Line Editing 27
Keyboard Shortcuts 27
History Buffer 28
Tabs 28
Single-Asterisk (*) Wildcard Character 28
Double-Asterisk (**) Wildcard Characters 28
Using CLI Help 29
Understanding Command Descriptions 30
2 ACCESS COMMANDS
Commands by Usage 33
disable 33
enable 34
quit 34
set enablepass 35
3 SYSTEM SERVICE COMMANDS
Commands by Usage 37
clear banner motd 38
clear history 38
clear prompt 39
clear system 39
display banner motd 40
display base-information 41
display license 41
display system 42
help 45
history 46
set banner motd 46
set confirm 47
set length 48
set license 49
set prompt 50
set system contact 51
set system countrycode 51
set system ip-address 53
set system location 54
set system name 55
4 PORT COMMANDS
Commands by Usage 57
clear dap 58
clear port counters 58
clear port-group 59
clear port name 59
clear port preference 60
clear port type 61
display port counters 62
display port-group 63
display port poe 64
display port preference 65
display port status 66
monitor port counters 68
reset port 73
set dap 73
set port 76
set port-group 77
set port name 78
set port negotiation 79
set port poe 79
set port preference 80
set port speed 81
set port trap 82
set port type ap 83
set port type wired-auth 86
5 VLAN COMMANDS
Commands by usage 89
clear fdb 90
clear vlan 91
display fdb 92
display fdb agingtime 94
display fdb count 95
display roaming station 96
display roaming vlan 98
display tunnel 99
display vlan config 100
set fdb 101
set fdb agingtime 102
set vlan name 103
set vlan port 104
set vlan tunnel-affinity 105
6 IP SERVICES COMMANDS
Commands by Usage 107
clear interface 109
clear ip alias 110
clear ip dns domain 110
clear ip dns server 111
clear ip route 111
clear ip telnet 112
clear ntp server 113
clear ntp update-interval 113
clear snmp trap receiver 114
clear summertime 115
clear system ip-address 115
clear timezone 116
display arp 117
display interface 118
display ip alias 119
display ip dns 120
display ip https 121
display ip route 123
display ip telnet 125
display ntp 126
display snmp configuration 128
display summertime 130
display timedate 130
display timezone 131
ping 132
set arp 133
set arp agingtime 134
set interface 135
set interface status 136
set ip alias 137
set ip dns 137
set ip dns domain 138
set ip dns server 139
set ip https server 140
set ip route 140
set ip snmp server 142
set ip ssh 143
set ip ssh absolute-timeout 144
set ip ssh idle-timeout 145
set ip ssh server 145
set ip telnet 146
set ip telnet server 147
set ntp 148
set ntp server 148
set ntp update-interval 149
set snmp community 150
set snmp trap 151
set snmp trap receiver 153
set summertime 154
set system ip-address 155
set timedate 156
set timezone 157
telnet 158
traceroute 160
7 AAA COMMANDS
Commands by Usage 163
clear accounting 165
clear authentication admin 166
clear authentication console 167
clear authentication dot1x 168
clear authentication last-resort 169
clear authentication mac 169
clear authentication web 170
clear location policy 171
clear mac-user 172
clear mac-user attr 173
clear mac-user group 173
clear mac-usergroup 174
clear mac-usergroup attr 175
clear mobility-profile 176
clear user 176
clear user attr 177
clear user group 178
clear usergroup 178
clear usergroup attr 179
display aaa 180
display accounting statistics 183
display location policy 185
display mobility-profile 185
set accounting {admin | console} 186
set accounting {dot1x | mac | web} 187
set authentication admin 189
set authentication console 191
set authentication dot1x 193
set authentication last-resort 197
set authentication mac 199
set authentication web 201
set location policy 203
set mac-user 207
set mac-user attr 208
set mac-usergroup attr 214
set mobility-profile 215
set mobility-profile mode 217
set user 218
set user attr 219
set user group 220
set usergroup 220
set web-aaa 221
8 MOBILITY DOMAIN COMMANDS
Commands by Usage 223
clear mobility-domain 224
clear mobility-domain member 224
display mobility-domain config 225
display mobility-domain status 225
set mobility-domain member 227
set mobility-domain mode member seed-ip 227
set mobility-domain mode seed domain-name 228
9 MANAGED ACCESS POINT COMMANDS
MAP Access Point Commands by Usage 231
clear {ap | dap} radio 234
clear radio-profile 235
clear service-profile 236
display {ap | dap} config 237
display {ap | dap} counters 241
display {ap | dap} etherstats 243
display {ap | dap} group 245
display {ap | dap} status 246
display auto-tune attributes 249
display auto-tune neighbors 251
display dap connection 253
display dap global 254
display dap unconfigured 256
display radio-profile 257
display service-profile 261
reset {ap | dap} 264
set {ap | dap} bias 264
set {ap | dap} blink 266
set {ap | dap} group 267
set {ap | dap} name 268
set {ap | dap} radio antennatype 269
set {ap | dap} radio auto-tune max-power 270
set {ap | dap} radio auto-tune max-
retransmissions 271
set {ap | dap} radio channel 273
set {ap | dap} radio min-client-rate 274
set {ap | dap} radio mode 276
set {ap | dap} radio radio-profile 277
set {ap | dap} radio tx-power 278
set {ap | dap} upgrade-firmware 279
set radio-profile 11g-only 280
set radio-profile auto-tune channel-config 281
set radio-profile auto-tune channel-holddown 282
set radio-profile auto-tune channel-interval 283
set radio-profile auto-tune power-backoff- timer 284
set radio-profile auto-tune power-config 285
set radio-profile auto-tune power-interval 286
set radio-profile beacon-interval 287
set radio-profile dtim-interval 287
set radio-profile frag-threshold 288
set radio-profile long-retry 289
set radio-profile max-rx-lifetime 290
set radio-profile max-tx-lifetime 291
set radio-profile mode 291
set radio-profile preamble-length 294
set radio-profile rts-threshold 295
set radio-profile service-profile 296
set radio-profile short-retry 299
set service-profile auth-dot1x 300
set service-profile auth-fallthru 301
set service-profile auth-psk 302
set service-profile beacon 303
set service-profile cipher-ccmp 304
set service-profile cipher-tkip 305
set service-profile cipher-wep104 306
set service-profile cipher-wep40 307
set service-profile psk-phrase 308
set service-profile psk-raw 309
set service-profile rsn-ie 310
set service-profile shared-key-auth 311
set service-profile ssid-name 311
set service-profile ssid-type 312
set service-profile tkip-mc-time 313
set service-profile web-aaa-form 314
set service-profile wep active-multicast-
index 315
set service-profile wep active-unicast-
index 316
set service-profile wep key-index 317
set service-profile wpa-ie 318
10 STP COMMANDS
STP Commands by Usage 319
clear spantree portcost 320
clear spantree portpri 321
clear spantree portvlancost 321
clear spantree portvlanpri 322
clear spantree statistics 323
display spantree 324
display spantree backbonefast 326
display spantree blockedports 327
display spantree portfast 328
display spantree portvlancost 329
display spantree statistics 329
display spantree uplinkfast 335
set spantree 336
set spantree backbonefast 337
set spantree fwddelay 338
set spantree hello 338
set spantree maxage 339
set spantree portcost 340
set spantree portfast 341
set spantree portpri 342
set spantree portvlancost 343
set spantree portvlanpri 344
set spantree priority 344
set spantree uplinkfast 345
11 IGMP SNOOPING COMMANDS
Commands by usage 347
clear igmp statistics 348
display igmp 348
display igmp mrouter 352
display igmp querier 353
display igmp receiver-table 355
display igmp statistics 356
set igmp 359
set igmp lmqi 360
set igmp mrouter 360
set igmp mrsol 361
set igmp mrsol mrsi 362
set igmp oqi 363
set igmp proxy-report 364
set igmp qi 364
set igmp qri 365
set igmp querier 366
set igmp receiver 367
set igmp rv 368
12 SECURITY ACL COMMANDS
Security ACL Commands by Usage 369
clear security acl 370
clear security acl map 371
commit security acl 373
display security acl 374
display security acl hits 375
display security acl info 376
display security acl map 377
display security acl resource-usage 378
hit-sample-rate 382
rollback security acl 383
set security acl 384
set security acl map 389
13 CRYPTOGRAPHY COMMANDS
Commands by Usage 393
crypto ca-certificate 394
crypto certificate 395
crypto generate key 397
crypto generate request 398
crypto generate self-signed 400
crypto otp 402
crypto pkcs12 403
display crypto ca-certificate 405
display crypto certificate 406
display crypto key ssh 407
14 RADIUS AND SERVER GROUP COMMANDS
Commands by Usage 409
clear radius 410
clear radius client system-ip 411
clear radius server 412
clear server group 412
set radius 413
set radius client system-ip 414
set radius server 415
set server group 417
set server group load-balance 418
15 802.1X MANAGEMENT COMMANDS
Commands by Usage 421
clear dot1x bonded-period 422
clear dot1x max-req 423
clear dot1x port-control 423
clear dot1x quiet-period 424
clear dot1x reauth-max 425
clear dot1x reauth-period 425
clear dot1x timeout auth-server 426
clear dot1x timeout supplicant 426
clear dot1x tx-period 427
display dot1x 427
set dot1x authcontrol 430
set dot1x bonded-period 431
set dot1x key-tx 432
set dot1x max-req 433
set dot1x port-control 433
set dot1x quiet-period 434
set dot1x reauth 435
set dot1x reauth-max 436
set dot1x reauth-period 436
set dot1x timeout auth-server 437
set dot1x timeout supplicant 437
set dot1x tx-period 438
set dot1x wep-rekey 439
set dot1x wep-rekey-period 439
16 SESSION MANAGEMENT COMMANDS
Commands by Usage 441
clear sessions 441
clear sessions network 442
display sessions 444
display sessions network 446
17 RF DETECTION COMMANDS
Commands by Usage 455
clear rfdetect countermeasures mac 456
clear rfdetect ignore 457
display rfdetect countermeasures 458
display rfdetect data 459
display rfdetect ignore 461
display rfdetect mobility-domain 461
display rfdetect visible 463
set rfdetect active-scan 465
set rf detect countermeasures 465
set rfdetect countermeasures mac 466
set rfdetect ignore 467
set rfdetect log 468
18 FILE MANAGEMENT COMMANDS
Commands by Usage 469
backup 470
clear boot config 471
copy 472
delete 474
dir 475
display boot 477
display config 478
display version 480
load config 482
mkdir 483
reset system 485
restore 486
rmdir 487
save config 487
set boot configuration-file 488
set boot partition 489
19 TRACE COMMANDS
Commands by Usage 491
clear log trace 491
clear trace 492
display trace 493
save trace 494
set trace authentication 494
set trace authorization 495
set trace dot1x 496
set trace sm 497
20 SYSTEM LOG COMMANDS
Commands by Usage 499
clear log 499
display log buffer 500
display log config 502
display log trace 503
set log 504
set log trace mbytes 506
21 BOOT PROMPT COMMANDS
Boot Prompt Commands by Usage 509
autoboot 510
boot 511
change 513
create 514
delete 515
diag 516
dir 516
display 517
fver 519
help 520
ls 520
next 521
reset 522
test 523
version 524
A OBTAINING SUPPORT FOR YOUR PRODUCT
Register Your Product 527
Purchase Value-Added Services 527
Troubleshoot Online 528
Access Software Downloads 528
Telephone Technical Support and Repair 528
Contact Us 529
INDEX
Conventions 17
ABOUT THIS GUIDE
This command reference explains Mobility System Software (MSS™)
command line interface (CLI) that you enter on a 3Com WX1200 Wireless
Switch or WX4400 Wireless LAN Controller to configure and manage the
Mobility System™ wireless LAN (WLAN).
Read this reference if you are a network administrator responsible for
managing WX1200 or WX4400 wireless switches and their Managed
Access Points (MAPs) in a network.
If release notes are shipped with your product and the information there
differs from the information in this guide, follow the instructions in the
release notes.
Most user guides and release notes are available in Adobe Acrobat
Reader Portable Document Format (PDF) or HTML on the 3Com
World Wide Web site:
http://www.3com.com/
Conventions Table 1 and Table 2 list conventions that are used throughout this guide.
Tab le 1 Notice Icons
Icon Notice Type Description
Information note Information that describes important features or
Caution Information that alerts you to potential loss of data or
instructions
potential damage to an application, system, or device
18 ABOUT THIS GUIDE
This manual uses the following text and syntax conventions:
Tab le 2 Text Conventions
Convention Description
Monospace text Sets off command syntax or sample commands and system
responses.
Bold text Highlights commands that you enter or items you select.
Italic text Designates command variables that you replace with
appropriate values, or highlights publication titles or words
requiring special emphasis.
[ ] (square brackets) Enclose optional parameters in command syntax.
{ } (curly brackets) Enclose mandatory parameters in command syntax.
| (vertical bar) Separates mutually exclusive options in command syntax.
Keyboard key names If you must press two or more keys simultaneously, the key
names are linked with a plus sign (+). Example:
Press Ctrl+Alt+Del
Words in italics Italics are used to:
Emphasize a point.
Denote a new term at the place where it is defined in the
text.
Highlight an example string, such as a username or SSID.
Documentation The MSS documentation set includes the following documents.
Wireless LAN Switch Manager (3WXM) Release Notes
These notes provide information about the system software release,
including new features and bug fixes.
Wireless LAN Switch and Controller Release Notes
These notes provide information about the system software release,
including new features and bug fixes.
Wireless LAN Switch and Controller Quick Start Guide
This guide provides instructions for performing basic setup of secure
(802.1X) and guest (WebAAA
Domain for roaming, and for accessing a sample network plan in
3WXM for advanced configuration and management.
™) access, for configuring a Mobility
Documentation Comments 19
Wireless LAN Switch Manager Reference Manual
This manual shows you how to plan, configure, deploy, and manage a
Mobility System wireless LAN (WLAN) using the 3Com Wireless LAN
Switch Manager (3WXM).
Wireless LAN Switch and Controller Installation and Basic
Configuration Guide
This guide provides instructions and specifications for installing a WX
wireless switch in a Mobility System WLAN, and basic instructions for
deploying a secure IEEE 802.11 wireless service.
Wireless LAN Switch and Controller Configuration Guide
This guide provides instructions for configuring and managing the
system through the Mobility System Software (MSS) CLI.
Wireless LAN Switch and Controller Command Reference
This reference provides syntax information for all MSS commands
supported on WX switches.
Documentation Comments
Your suggestions are very important to us. They will help make our
documentation more useful to you. Please e-mail comments about this
document to 3Com at:
pddtechpubs_comments@3com.com
Please include the following information when contacting us:
Document title
Document part number and revision (on the title page)
Page number (if appropriate)
Example:
Wireless LAN Switch and Controller Configuration Guide
Part number 730-9502-0071, Revision B
Page 25
Please note that we can only respond to comments and questions about
3Com product documentation at this e-mail address. Questions related to
Technical Support or sales should be directed in the first instance to your
network supplier.
20 ABOUT THIS GUIDE
USING THE COMMAND-LINE
1
INTERFACE
This chapter discusses the 3Com Wireless Switch Manager (3WXM)
command-line interface (CLI). Described are the CLI conventions (see “CLI
Conventions” on page 22), editing on the command line (see
“Command-Line Editing” on page 27), using the CLI help feature (see
“Using CLI Help” on page 29), and information about the command
descriptions in this reference (see “Understanding Command
Descriptions” on page 30).
Overview Mobility System Software (MSS) operates a 3Com Mobility System
wireless LAN (WLAN) consisting of 3Com Wireless Switch Manager
(3WXM) software and 3Com Wireless LAN Switch or 3Com Wireless LAN
Controller (WX switch) and 3Com Wireless LAN Managed Access Point
(MAP) hardware. There is a command-line interface (CLI) on the WX
switch that you can use to configure and manage the WX and its
attached access points.
You configure the wireless LAN switches and access points primarily with
set, clear, and display commands. Use set commands to change
parameters. Use clear commands to reset parameters to their defaults. In
many cases, you can overwrite a parameter with another set command.
Use display commands to show the current configuration and monitor
the status of network operations.
The wireless LAN switches support two connection modes:
Administrative access mode, which enables the network administrator
to connect to the WX switch and configure the network
Network access mode, which enables network users to connect
through the WX switch to access the network
22 CHAPTER 1: USING THE COMMAND-LINE INTERFACE
CLI Conventions Be aware of the following MSS CLI conventions for command entry:
“Command Prompts” on page 22
“Syntax Notation” on page 22
“Text Entry Conventions and Allowed Characters” on page 23
“User Globs, MAC Address Globs, and VLAN Globs” on page 24
“Port Lists” on page 26
“Virtual LAN Identification” on page 27
Command Prompts By default, the MSS CLI provides the following prompt for restricted
users. The mmmm portion shows the wireless LAN switch model number
(for example, 1200).
WXmmmm>
After you become enabled as an administrative user by typing enable
and supplying a suitable password, MSS displays the following prompt:
WXmmmm#
For information about changing the CLI prompt on a wireless LAN switch,
see “set prompt” on page 50.
Syntax Notation The MSS CLI uses standard syntax notation:
Bold monospace font identifies the command and keywords you must
type. For example:
set enablepass
Italics indicate a placeholder for a value. For example, you replace
vlan-id in the following command with a virtual LAN (VLAN) ID:
clear interface vlan-id ip
Curly brackets ({}) indicate a mandatory parameter, and square
brackets ([]) indicate an optional parameter. For example, you must
enter dynamic or port and a port list in the following command, but
a VLAN ID is optional:
clear fdb {dynamic | port port-list} [vlan vlan-id]
CLI Conventions 23
A vertical bar (|) separates mutually exclusive options within a list of
possibilities. For example, you enter either enable or disable, not
both, in the following command:
set port {enable | disable} port-list
Text Entry
Conventions and
Allowed Characters
MAC Address
Notation
Unless otherwise indicated, the MSS CLI accepts standard ASCII
alphanumeric characters, except for tabs and spaces, and is
case-insensitive.
The CLI has specific notation requirements for MAC addresses, IP
addresses, and masks, and allows you to group usernames, MAC
addresses, virtual LAN (VLAN) names, and ports in a single command.
3Com recommends that you do not use the same name with different
capitalizations for VLANs or access control lists (ACLs). For example, do
not configure two separate VLANs with the names red and RED.
The CLI does not support the use of special characters including the
following in any named elements such as SSIDs and VLANs: ampersand
(&), angle brackets (< >), number sign (#), question mark (?), or quotation
marks (“”).
In addition, the CLI does not support the use of international characters
such as the accented É in DÉCOR.
MSS displays MAC addresses in hexadecimal numbers with a colon (:)
delimiter between bytes — for example, 00:01:02:1a:00:01. You can
enter MAC addresses with either hyphen (-) or colon (:) delimiters, but
colons are preferred.
For shortcuts:
You can exclude leading zeros when typing a MAC address. MSS
displays of MAC addresses include all leading zeros.
In some specified commands, you can use the single-asterisk (*)
wildcard character to represent from 1 byte to 5 bytes of a MAC
address. (For more information, see “MAC Address Globs” on
page 25.)
24 CHAPTER 1: USING THE COMMAND-LINE INTERFACE
IP Address and Mask
Notation
User Globs, MAC
Address Globs, and
VLAN Globs
MSS displays IP addresses in dotted decimal notation — for example,
192.168.1.111. MSS makes use of both subnet masks and wildcard
masks.
Subnet Masks
Unless otherwise noted, use classless interdomain routing (CIDR) format
to express subnet masks — for example, 192.168.1.112/24. You indicate
the subnet mask with a forward slash (/) and specify the number of bits in
the mask.
Wildcard Masks
Security access control lists (ACLs) use source and destination IP addresses
and wildcard masks to determine whether the wireless LAN switch filters
or forwards IP packets. Matching packets are either permitted or denied
network access. The ACL checks the bits in IP addresses that correspond
to any 0s (zeros) in the mask, but does not check the bits that correspond
to 1s (ones) in the mask. You specify the wildcard mask in dotted decimal
notation.
For example, the address 10.0.0.0 and mask 0.255.255.255 match all IP
addresses that begin with 10 in the first octet.
Name “globbing” is a way of using a wildcard pattern to expand a single
element into a list of elements that match the pattern. MSS accepts user
globs, MAC address globs, and VLAN globs. The order in which globs
appear in the configuration is important, because once a glob is matched,
processing stops on the list of globs.
User Globs
A user glob is shorthand method for matching an authentication,
authorization, and accounting (AAA) command to either a single user or
a set of users.
A user glob can be up to 80 characters long and cannot contain spaces or
tabs. The double-asterisk (**) wildcard characters with no delimiter
characters match all usernames. The single-asterisk (*) wildcard character
matches any number of characters up to, but not including, a delimiter
character in the glob. Valid user glob delimiter characters are the at (@)
sign and the period (.).
CLI Conventions 25
Table 3 gives examples of user globs.
Tab le 3 User Globs
User Glob User(s) Designated
jose@example.com User jose at example.com
*@example.com All users at example.com whose usernames do not
contain periods — for example, jose@example.com
and tamara@example.com, but not
nin.wong@example.com, because nin.wong
contains a period
*@marketing.example.com All marketing users at example.com whose
*.*@marketing.example.com All marketing users at example.com whose
* All users with usernames that have no delimiters
EXAMPLE\* All users in the Windows Domain EXAMPLE with
EXAMPLE\*.* All users in the Windows Domain EXAMPLE whose
** All users
usernames do not contain periods
usernames contain periods
usernames that have no delimiters
usernames contain periods
MAC Address Globs
A media access control (MAC) address glob is a similar method for
matching some authentication, authorization, and accounting (AAA) and
forwarding database (FDB) commands to one or more 6-byte MAC
addresses. In a MAC address glob, you can use a single asterisk (*) as a
wildcard to match all MAC addresses, or as follows to match from 1 byte
to 5 bytes of the MAC address:
00:*
00:01:*
00:01:02:*
00:01:02:03:*
00:01:02:03:04:*
For example, the MAC address glob 02:06:8c* represents all MAC
addresses starting with 02:06:8c. Specifying only the first 3 bytes of a
MAC address allows you to apply commands to MAC addresses based on
an organizationally unique identity (OUI).
26 CHAPTER 1: USING THE COMMAND-LINE INTERFACE
VLAN Globs
A VLAN glob is a method for matching one of a set of local rules on an
wireless LAN switch, known as the location policy, to one or more users.
MSS compares the VLAN glob, which can optionally contain wildcard
characters, against the VLAN-Name attribute returned by AAA, to
determine whether to apply the rule.
To match all VLANs, use the double-asterisk (**) wildcard characters with
no delimiters. To match any number of characters up to, but not
including, a delimiter character in the glob, use the single-asterisk (*)
wildcard. Valid VLAN glob delimiter characters are the at (@) sign and the
period (.).
For example, the VLAN glob bldg4.* matches bldg4.security and bldg4.hr
and all other VLAN names with bldg4. at the beginning.
Matching Order for Globs
In general, the order in which you enter AAA commands determines the
order in which MSS matches the user, MAC address, or VLAN to a glob.
To verify the order, view the output of the display aaa or display config
command. MSS checks globs that appear higher in the list before items
lower in the list and uses the first successful match.
Port Lists The physical Ethernet ports on a WX switch can be set for connection to
MAP access points, authenticated wired users, or the network backbone.
You can include a single port or multiple ports in one MSS CLI command
by using the appropriate list format.
The ports on a WX switch are numbered 1 through 4 (for the 3Com
Wireless LAN Controller WX4400) and 1 through 8 (for the 3Com
Wireless Lan Switch WX1200). No port 0 exists on the WX switch. You
can include a single port or multiple ports in a command that includes
port port-list. Use one of the following formats for port-list:
A single port number. For example:
WX1200# set port enable 6
A comma-separated list of port numbers, with no spaces. For
example:
WX1200# display port poe 1,2,4
Command-Line Editing 27
A hyphen-separated range of port numbers, with no spaces. For
example:
WX1200# reset port 1-3
Any combination of single numbers, lists, and ranges. Hyphens take
precedence over commas. For example:
WX1200# display port status 1-3,6
Virtual LAN
Identification
The names of virtual LANs (VLANs), which are used in Mobility Domain™
communications, are set by you and can be changed. In contrast, VLAN
ID numbers, which the wireless LAN uses locally, are determined when
the VLAN is first configured and cannot be changed. Unless otherwise
indicated, you can refer to a VLAN by either its VLAN name or its VLAN
number. CLI set and display commands use a VLAN’s name or number
to uniquely identify the VLAN within the WX.
Command-Line Editing
MSS editing functions are similar to those of many other network
operating systems.
Keyboard Shortcuts The following table lists the keyboard shortcuts for entering and editing
CLI commands.
Tab le 4 Keyboard Shortcuts
Keyboard Shortcut(s) Function
Ctrl+A Jumps to the first character of the command line.
Ctrl+B or Left Arrow key Moves the cursor back one character.
Ctrl+C Escapes and terminates prompts and tasks.
Ctrl+D Deletes the character at the cursor.
Ctrl+E Jumps to the end of the current command line.
Ctrl+F or Right Arrow key Moves the cursor forward one character.
Ctrl+K Deletes from the cursor to the end of the command
Ctrl+L or Ctrl+R Repeats the current command line on a new line.
Ctrl+N or Down Arrow key Enters the next command line in the history buffer.
Ctrl+P or Up Arrow key Enters the previous command line in the history
line.
buffer.
28 CHAPTER 1: USING THE COMMAND-LINE INTERFACE
Tab le 4 Keyboard Shortcuts (continued)
Keyboard Shortcut(s) Function
Ctrl+U or Ctrl+X Deletes characters from the cursor to the beginning
Ctrl+W Deletes the last word typed.
Esc B Moves the cursor back one word.
Esc D Deletes characters from the cursor forward to the
Delete key or Backspace key Erases mistake made during command entry. Reenter
History Buffer The history buffer stores the last 63 commands you entered during a
terminal session. You can use the Up Arrow and Down Arrow keys to
select a command that you want to repeat from the history buffer.
Ta bs The MSS CLI uses the Tab key for command completion. You can type
the first few characters of a command and press the Tab key to show the
command(s) that begin with those characters. For example:
WX1200# display i <Tab>
ifm display interfaces maintained by the interface
manager
igmp display igmp information
interface display interfaces
ip display ip information
of the command line.
end of the word.
the command after using this key.
Single-Asterisk (*)
Wildcard Character
Double-Asterisk (**)
Wildcard Characters
You can use the single-asterisk (*) wildcard character in globbing. (For
details, see “User Globs, MAC Address Globs, and VLAN Globs” on
page 24.)
The double-asterisk (**) wildcard character matches all usernames. For
details, see “User Globs” on page 24.
Using CLI Help 29
Using CLI Help The CLI provides online help. To see the full range of commands available
at your access level, type the help command. For example:
WX1200# help
Commands:
------------------------------------------------------------------------clear Clear, use 'clear help' for more information
commit Commit the content of the ACL table
copy Copy from filename (or url) to filename (or url)
crypto Crypto, use 'crypto help' for more information
delete Delete url
dir Show list of files on flash device
disable Disable privileged mode
display Display, use 'display help' for more information
exit Exit from the Admin session
help Show this help screen
history Show contents of history substitution buffer
hit-sample-rate Set NP hit-counter sample rate
load Load, use 'load help' for more information
logout Exit from the Admin session
monitor Monitor, use 'monitor help' for more information
ping Send echo packets to hosts
quit Exit from the Admin session
reset Reset, use 'reset help' for more information
rollback Remove changes to the edited ACL table
save Save the running configuration to persistent storage
set Set, use 'set help' for more information
telnet telnet IP address [server port]
traceroute Print the route packets take to network host
For more information on help, see “help” on page 45.
To see a subset of the online help, type the command for which you want
more information. For example, to show all the commands that begin
with the letter i, type the following command:
WX1200# display i?
ifm Show interfaces maintained by the interface manager
igmp Show igmp information
interface Show interfaces
ip Show ip information
30 CHAPTER 1: USING THE COMMAND-LINE INTERFACE
To see all the variations, type one of the commands followed by a
question mark (?). For example:
WX1200# display ip ?
alias display ip aliases
dns display DNS status
https display ip https
route display ip route table
telnet display ip telnet
To determine the port on which Telnet is running, type the following
command:
WX1200# display ip telnet
Server Status Port
---------------------------------Enabled 23
Understanding Command Descriptions
Each command description in the 3Com Mobility System Software
Command Reference contains the following elements:
A command name, which shows the keywords but not the variables.
For example, the following command name appears at the top of a
command description and in the index:
set {ap | dap} name
The set {ap | dap} name command has the following complete syntax:
set {ap port-list | dap dap-num} name name
A brief description of the command’s functions.
The full command syntax.
Any command defaults.
The command access, which is either enabled or all. All indicates that
anyone can access this command. Enabled indicates that you must
enter the enable password before entering the command.
The command history, which identifies the MSS version in which the
command was introduced and the version numbers of any subsequent
updates.
Special tips for command usage. These are omitted if the command
requires no special usage.
Loading...