How it Works
3com
Loading...
3CWXM10A
User Manual
698 pgs5.04 Mb0
User Manual
680 pgs6.34 Mb0
Table of contents
Loading...

3com 3CWXM10A User Manual

Wireless LAN Mobility System
Wireless LAN Switch and Controller Command Reference
WX4400 3CRWX440095A WX1200 3CRWX120695A WXR100 3CRWXR10095A WX2200 3CRWX220095A
http://www.3Com.com/
Part No. 10015409 Rev. AA Published August 2006
3Com Corporation 350 Campus Drive Marlborough, MA USA 01752-3064
Copyright © 2006, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3Com Corporation.
3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of 3Com Corporation to provide notification of such revision or change.
3Com Corporation provides this documentation without warranty, term, or condition of any kind, either implied or expressed, including, but not limited to, the implied warranties, terms or conditions of merchantability, satisfactory quality, and fitness for a particular purpose. 3Com may make improvements or changes in the product(s) and/or the program(s) described in this documentation at any time.
If there is any software on removable media described in this documentation, it is furnished under a license agreement included with the product as a separate document, in the hard copy documentation, or on the removable media in a directory file named LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy, please contact 3Com and a copy will be provided to you.
UNITED STATES GOVERNMENT LEGEND
If you are a United States government agency, then this documentation and the software described herein are provided to you subject to the following:
All technical data and computer software are commercial in nature and developed solely at private expense. Software is delivered as “Commercial Computer Software” as defined in DFARS 252.227-7014 (June 1995) or as a “commercial item” as defined in FAR 2.101(a) and as such is provided with only such rights as are provided in 3Com’s standard commercial license for the Software. Technical data is provided with limited rights only as provided in DFAR 252.227-7015 (Nov 1995) or FAR 52.227-14 (June 1987), whichever is applicable. You agree not to remove or deface any portion of any legend provided on any licensed program or documentation contained in, or delivered to you in conjunction with, this User Guide.
Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may not be registered in other countries.
3Com is a registered trademark of 3Com Corporation. The 3Com logo is a trademark of 3Com Corporation. Mobility Domain, Mobility Point, Mobility Profile, Mobility System, Mobility System Software, MP, MSS, and
SentrySweep are trademarks of Trapeze Networks, Inc. Intel and Pentium are registered trademarks of Intel Corporation. Microsoft, MS-DOS, Windows, Windows XP,
and Windows NT are registered trademarks of Microsoft Corporation. All other company and product names may be trademarks of the respective companies with which they are
associated.
ENVIRONMENTAL STATEMENT
It is the policy of 3Com Corporation to be environmentally-friendly in all operations. To uphold our policy, we are committed to:
Establishing environmental performance standards that comply with national legislation and regulations. Conserving energy, materials and natural resources in all operations. Reducing the waste generated by all operations. Ensuring that all waste conforms to recognized environmental
standards. Maximizing the recyclable and reusable content of all products. Ensuring that all products can be recycled, reused and disposed of safely. Ensuring that all products are labelled according to recognized environmental standards. Improving our environmental record on a continual basis.
End of Life Statement
3Com processes allow for the recovery, reclamation and safe disposal of all end-of-life electronic components.
Regulated Materials Statement
3Com products do not contain any hazardous or ozone-depleting material.
Environmental Statement about the Documentation
The documentation for this product is printed on paper that comes from sustainable, managed forests; it is fully biodegradable and recyclable, and is completely chlorine-free. The varnish is environmentally-friendly, and the inks are vegetable-based with a low heavy-metal content.
CONTENTS
ABOUT THIS GUIDE
Conventions 21 Documentation 22 Documentation Comments 23
1 USING THE COMMAND-LINE INTERFACE
Overview 25 CLI Conventions 26
Command Prompts 26 Syntax Notation 26 Text Entry Conventions and Allowed Characters 27 MAC Address Notation 27 IP Address and Mask Notation 28 User Globs, MAC Address Globs, and VLAN Globs 28 Port Lists 30 Virtual LAN Identification 31
Command-Line Editing 31
Keyboard Shortcuts 31 History Buffer 32 Tabs 32 Single-Asterisk (*) Wildcard Character 32
Double-Asterisk (**) Wildcard Characters 32 Using CLI Help 33 Understanding Command Descriptions 34
2 ACCESS COMMANDS
Commands by Usage 35 disable 35 enable 36 quit 36 set enablepass 37
3 SYSTEM SERVICE COMMANDS
Commands by Usage 39 clear banner motd 40 clear history 41 clear prompt 41 clear system 42 display banner motd 43 display base-information 43 display license 44 display load 45 display system 45 help 48 history 49 quickstart 50 set auto-config 50 set banner motd 52 set confirm 53 set length 54 set license 55 set prompt 56 set system contact 57 set system countrycode 58 set system idle-timeout 62 set system ip-address 63 set system location 64 set system name 65
4 PORT COMMANDS
Commands by Usage 67 clear dap 68 clear port counters 69 clear port-group 69 clear port media-type 70 clear port name 70 clear port mirror 71 clear port preference 71 clear port type 72
display port counters 73 display port-group 74 display port mirror 75 display port poe 76 display port status 77 display port media-type 79 monitor port counters 80 reset port 85 set dap 85 set port 87 set port-group 88 set port media-type 89 set port mirror 90 set port name 91 set port negotiation 91 set port poe 92 set port speed 93 set port trap 94 set port type ap 95 set port type wired-auth 98
5 VLAN COMMANDS
Commands by usage 101 clear fdb 102 clear security 12-restrict 103 clear security 12-restrict counters 104 clear vlan 105 display fdb 106 display fdb agingtime 108 display fdb count 109 display roaming station 110 display roaming vlan 112 display security 12-restrict 113 display tunnel 114 display vlan config 115 set fdb 117 set fdb agingtime 118
set security l2-restrict 118 set vlan name 120 set vlan port 121 set vlan tunnel-affinity 122
6 QUALITY OF SERVICE COMMANDS
Commands by Usage 123 clear qos 124 set qos cos-to-dscp-map 125 set qos dscp-to-cos-map 126 display qos 127 display qos dscp-table 128
7 IP SERVICES COMMANDS
Commands by Usage 129 clear interface 131 clear ip alias 132 clear ip dns domain 133 clear ip dns server 133 clear ip route 134 clear ip telnet 135 clear ntp server 135 clear ntp update-interval 136 clear snmp community 137 clear snmp notify profile 137 clear snmp notify target 138 clear snmp usm 138 clear summertime 139 clear system ip-address 140 clear timezone 140 display arp 141 display dhcp-client 142 display dhcp-server 144 display interface 146 display ip alias 147 display ip dns 148 display ip https 149
display ip route 150 display ip telnet 152 display ntp 153 display snmp community 155 display snmp counters 156 display snmp notify profile 156 display snmp notify target 156 display snmp status 157 display snmp usm 158 display summertime 158 display timedate 159 display timezone 159 ping 160 set arp 162 set arp agingtime 163 set interface 164 set interface dhcp-client 165 set interface dhcp-server 166 set interface status 167 set ip alias 168 set ip dns 168 set ip dns domain 169 set ip dns server 170 set ip https server 171 set ip route 171 set ip snmp server 173 set ip ssh 174 set ip ssh server 175 set ip telnet 175 set ip telnet server 176 set ntp 177 set ntp server 178 set ntp update-interval 179 set snmp community 179 set snmp notify profile 181 set snmp notify target 185
SNMPv3 with Informs 185
SNMPv3 with Traps 187
SNMPv2c with Informs 187 SNMPv2c with Traps 188
SNMPv1 with Traps 188 set snmp protocol 190 set snmp security 191 set snmp usm 192 set summertime 195 set system ip-address 196 set timedate 197 set timezone 198 telnet 199 traceroute 201
8 AAA COMMANDS
Commands by Usage 205 clear accounting 207 clear authentication admin 208 clear authentication console 209 clear authentication dot1x 210 clear authentication last-resort 211 clear authentication mac 212 clear authentication proxy 213 clear authentication web 213 clear location policy 214 clear mac-user 215 clear mac-user attr 216 clear mac-user group 216 clear mac-usergroup 217 clear mac-usergroup attr 218 clear mobility-profile 219 clear user 219 clear user attr 220 clear user group 221 clear usergroup 221 clear usergroup attr 222 display aaa 223 display accounting statistics 226
display location policy 228 display mobility-profile 229 set accounting {admin | console} 229 set accounting {dot1x | mac | web | last-resort} 231 set authentication admin 233 set authentication console 235 set authentication dot1x 237 set authentication last-resort 240 set authentication mac 243 set authentication proxy 245 set authentication web 246 set location policy 248 set mac-user 252 set mac-user attr 253 set mac-usergroup attr 258 set mobility-profile 259 set mobility-profile mode 261 set user 262 set user attr 263 set user group 264 set usergroup 265 set web-portal 266
9 MOBILITY DOMAIN COMMANDS
Commands by Usage 269 clear mobility-domain 270 clear mobility-domain member 270 display mobility-domain config 271 display mobility-domain status 272 set mobility-domain member 273 set mobility-domain mode member seed-ip 274 set mobility-domain mode seed domain-name 275
10 NETWORK DOMAIN COMMANDS
Network Domain Commands by Usage 277 clear network-domain 278 clear network-domain mode 279
clear network-domain peer 280 clear network-domain seed-ip 281 display network-domain 282 set network-domain mode member seed-ip 284 set network-domain peer 285 set network-domain mode seed domain-name 286
11 MANAGED ACCESS POINT COMMANDS
MAP Access Point Commands by Usage 287 clear {ap | dap} radio 291 clear dap boot-configuration 293 clear radio-profile 293 clear service-profile 295 display {ap | dap} config 296 display {ap | dap} counters 300 display {ap | dap} qos-stats 306 display {ap | dap} etherstats 307 display {ap | dap} group 309 display {ap | dap} status 310 display auto-tune attributes 317 display auto-tune neighbors 319 display dap boot-configuration 321 display dap connection 322 display dap global 324 display dap unconfigured 325 display radio-profile 327 display service-profile 330 reset {ap | dap} 338 set dap auto 339 set dap auto persistent 341 set dap auto radiotype 342 set dap auto mode 342 set {ap | dap} bias 343 set {ap | dap} blink 345 set dap boot-ip 346 set dap boot-switch 347 set dap boot-vlan 349
set dap fingerprint 350 set {ap | dap} group 351 set {ap | dap} name 352 set {ap | dap} radio antennatype 353 set {ap | dap} radio auto-tune max-power 354 set {ap | dap} radio auto-tune max-retransmissions 356 set {ap | dap} radio channel 358 set {ap | dap} radio auto-tune min-client-rate 359 set {ap | dap} radio mode 360 set {ap | dap} radio radio-profile 362 set {ap | dap} radio tx-power 363 set dap security 364 set {ap | dap} upgrade-firmware 365 set radio-profile 11g-only 366 set radio-profile active-scan 366 set radio-profile auto-tune channel-config 367 set radio-profile auto-tune channel-holddown 368 set radio-profile auto-tune channel-interval 369 set radio-profile auto-tune power-backoff- timer 370 set radio-profile auto-tune power-config 371 set radio-profile auto-tune power-interval 372 set radio-profile beacon-interval 373 set radio-profile countermeasures 374 set radio-profile dtim-interval 375 set radio-profile frag-threshold 376 set radio-profile long-retry 377 set radio-profile max-rx-lifetime 378 set radio-profile max-tx-lifetime 379 set radio-profile mode 380 set radio-profile preamble-length 382 set radio-profile qos-mode 383 set radio-profile rts-threshold 384 set radio-profile service-profile 385 set radio-profile short-retry 391 set radio-profile wmm 391 set service-profile attr 391 set service-profile auth-dot1x 393 set service-profile auth-fallthru 394
set service-profile auth-psk 395 set service-profile beacon 396 set service-profile cac-mode 397 set service-profile cac-session 398 set service-profile cipher-ccmp 399 set service-profile cipher-tkip 400 set service-profile cipher-wep40 401 set service-profile cipher-wep104 402 set service-profile cos 403 set service-profile dhcp-restrict 404 set service-profile idle-client-probing 405 set service-profile long-retry-count 406 set service-profile no-broadcast 407 set service-profile proxy-arp 408 set service-profile psk-phrase 409 set service-profile psk-raw 410 set service-profile rsn-ie 411 set service-profile shared-key-auth 412 set service-profile short-retry-count 412 set service-profile soda agent-directory 413 set service-profile soda enforce-checks 414 set service-profile soda failure-page 415 set service-profile soda logout-page 416 set service-profile soda mode 418 set service-profile soda remediation-acl 419 set service-profile soda success-page 420 set service-profile ssid-name 421 set service-profile ssid-type 422 set service-profile tkip-mc-time 422 set service-profile static-cos 423 set service-profile transmit-rates 424 set service-profile user-idle-timeout 426 set service-profile web-portal-form 427 set service-profile web-portal-session-timeout 429 set service-profile wep active-multicast-index 430 set service-profile wep active-unicast-index 431 set service-profile wep key-index 432 set service-profile wpa-ie 433
12 STP COMMANDS
STP Commands by Usage 435 clear spantree portcost 436 clear spantree portpri 437 clear spantree portvlancost 437 clear spantree portvlanpri 438 clear spantree statistics 439 display spantree 440 display spantree backbonefast 443 display spantree blockedports 444 display spantree portfast 445 display spantree portvlancost 446 display spantree statistics 446 display spantree uplinkfast 452 set spantree 453 set spantree backbonefast 454 set spantree fwddelay 455 set spantree hello 455 set spantree maxage 456 set spantree portcost 457 set spantree portfast 458 set spantree portpri 459 set spantree portvlancost 460 set spantree portvlanpri 461 set spantree priority 462 set spantree uplinkfast 462
13 IGMP SNOOPING COMMANDS
Commands by usage 465 clear igmp statistics 466 display igmp 466 display igmp mrouter 470 display igmp querier 471 display igmp receiver-table 473 display igmp statistics 475 set igmp 477 set igmp lmqi 478
set igmp mrouter 479 set igmp mrsol 480 set igmp mrsol mrsi 480 set igmp oqi 481 set igmp proxy-report 482 set igmp qi 483 set igmp qri 484 set igmp querier 485 set igmp receiver 485 set igmp rv 486
14 SECURITY ACL COMMANDS
Security ACL Commands by Usage 489 clear security acl 490 clear security acl map 491 commit security acl 493 display security acl 494 display security acl editbuffer 495 display security acl hits 496 display security acl info 497 display security acl map 498 display security acl resource-usage 499 rollback security acl 503 set security acl 504 set security acl map 509 set security acl hit-sample-rate 511
15 CRYPTOGRAPHY COMMANDS
Commands by Usage 514 crypto ca-certificate 514 crypto certificate 516 crypto generate key 517 crypto generate request 518 crypto generate self-signed 520 crypto otp 522 crypto pkcs12 524 display crypto ca-certificate 525
display crypto certificate 526 display crypto key ssh 528
16 RADIUS AND SERVER GROUP COMMANDS
Commands by Usage 529 clear radius 530 clear radius client system-ip 531 clear radius proxy client 532 clear radius proxy port 532 clear radius server 533 clear server group 533 set radius 534 set radius client system-ip 536 set radius proxy client 537 set radius proxy port 538 set radius server 539 set server group 541 set server group load-balance 542
17 802.1X MANAGEMENT COMMANDS
Commands by Usage 545 clear dot1x bonded-period 546 clear dot1x max-req 547 clear dot1x port-control 547 clear dot1x quiet-period 548 clear dot1x reauth-max 549 clear dot1x reauth-period 549 clear dot1x timeout auth-server 550 clear dot1x timeout supplicant 550 clear dot1x tx-period 551 display dot1x 551 set dot1x authcontrol 554 set dot1x bonded-period 555 set dot1x key-tx 556 set dot1x max-req 557 set dot1x port-control 558 set dot1x quiet-period 559
set dot1x reauth 559 set dot1x reauth-max 560 set dot1x reauth-period 561 set dot1x timeout auth-server 561 set dot1x timeout supplicant 562 set dot1x tx-period 562 set dot1x wep-rekey 563 set dot1x wep-rekey-period 564
18 SESSION MANAGEMENT COMMANDS
Commands by Usage 565 clear sessions 565 clear sessions network 567 display sessions 568 display sessions network 571
19 RF DETECTION COMMANDS
Commands by Usage 579 clear rfdetect attack-list 580 clear rfdetect black-list 581 clear rfdetect ignore 581 clear rfdetect ssid-list 582 clear rfdetect vendor-list 583 display rfdetect attack-list 583 display rfdetect black-list 584 display rfdetect clients 585 display rfdetect countermeasures 587 display rfdetect counters 588 display rfdetect data 590 display rfdetect ignore 592 display rfdetect mobility-domain 592 display rfdetect ssid-list 597 display rfdetect vendor-list 597 display rfdetect visible 598 set rfdetect active-scan 600 set rfdetect attack-list 601 set rfdetect black-list 602
set rf detect countermeasures 602 set rfdetect countermeasures mac 603 set rfdetect ignore 604 set rfdetect log 605 set rfdetect signature 606 set rfdetect ssid-list 607 set rfdetect vendor-list 608 test rflink 609
20 FILE MANAGEMENT COMMANDS
Commands by Usage 611 backup 612 clear boot backup-configuration 614 clear boot config 614 copy 615 delete 617 dir 618 install soda agent 621 display boot 622 display config 623 display version 625 load config 627 md5 629 mkdir 629 reset system 631 restore 632 rmdir 633 save config 633 set boot backup-configuration 634 set boot configuration-file 635 set boot partition 636 uninstall soda agent 636
21 TRACE COMMANDS
Commands by Usage 639 clear log trace 640 clear trace 640
display trace 641 save trace 642 set trace authentication 642 set trace authorization 643 set trace dot1x 644 set trace sm 645
22 SNOOP COMMANDS
Commands by Usage 647 clear snoop 648 clear snoop map 648 set snoop 649 set snoop map 652 set snoop mode 653 display snoop 654 display snoop info 654 display snoop map 655 display snoop stats 656
23 SYSTEM LOG COMMANDS
Commands by Usage 659 clear log 659 display log buffer 660 display log config 662 display log trace 663 set log 664 set log mark 667
24 BOOT PROMPT COMMANDS
Boot Prompt Commands by Usage 669 autoboot 670 boot 671 change 673 create 674 delete 675 dhcp 676
diag 677 dir 677 display 678 fver 680 help 681 ls 682 next 683 reset 684 test 685 version 686
A OBTAINING SUPPORT FOR YOUR 3COM PRODUCTS
Register Your Product to Gain Service Benefits 687 Solve Problems Online 687 Purchase Extended Warranty and Professional Services 688 Access Software Downloads 688 Contact Us 688
Telephone Technical Support and Repair 689
INDEX

Conventions 21

ABOUT THIS GUIDE

This command reference explains Mobility System Software (MSS™) command line interface (CLI) that you enter on a 3Com WXR100 or WX1200 Wireless Switch or WX4400 or WX2200 Wireless LAN Controller to configure and manage the Mobility System™ wireless LAN (WLAN).
Read this reference if you are a network administrator responsible for managing WXR100, WX1200, WX4400, or WX2200 wireless switches and their Managed Access Points (MAPs) in a network.
If release notes are shipped with your product and the information there differs from the information in this guide, follow the instructions in the release notes.
Most user guides and release notes are available in Adobe Acrobat Reader Portable Document Format (PDF) or HTML on the 3Com World Wide Web site:
http://www.3com.com/
Conventions Table 1 and Table 2 list conventions that are used throughout this guide.
Tab le 1 Notice Icons
Icon Notice Type Description
Information note Information that describes important features or
instructions
Caution Information that alerts you to potential loss of data or
potential damage to an application, system, or device
22 ABOUT THIS GUIDE
This manual uses the following text and syntax conventions:
Tab le 2 Text Conventions
Convention Description
Monospace text Sets off command syntax or sample commands and system
responses.
Bold text Highlights commands that you enter or items you select. Italic text Designates command variables that you replace with
appropriate values, or highlights publication titles or words
requiring special emphasis. [ ] (square brackets) Enclose optional parameters in command syntax. { } (curly brackets) Enclose mandatory parameters in command syntax. | (vertical bar) Separates mutually exclusive options in command syntax. Keyboard key names If you must press two or more keys simultaneously, the key
names are linked with a plus sign (+). Example:
Press Ctrl+Alt+Del
Words in italics Italics are used to:
Emphasize a point.
Denote a new term at the place where it is defined in the
text.
Highlight an example string, such as a username or SSID.

Documentation The MSS documentation set includes the following documents.

Wireless LAN Switch Manager (3WXM) Release Notes
These notes provide information about the 3WXM software release, including new features and bug fixes.
Wireless LAN Switch and Controller Release Notes
These notes provide information about the MSS software release, including new features and bug fixes.
Wireless LAN Switch and Controller Quick Start Guide
This guide provides instructions for performing basic setup of secure (802.1X) and guest (WebAAA Domain for roaming, and for accessing a sample network plan in 3WXM for advanced configuration and management.
) access, for configuring a Mobility
Documentation Comments 23
Wireless LAN Switch Manager Reference Manual
This manual shows you how to plan, configure, deploy, and manage a Mobility System wireless LAN (WLAN) using the 3Com Wireless LAN Switch Manager (3WXM).
Wireless LAN Switch Manager User’s Guide
This manual shows you how to plan, configure, deploy, and manage the entire WLAN with the 3WXM tool suite. Read this guide to learn how to plan wireless services, how to configure and deploy 3Com equipment to provide those services, and how to optimize and manage your WLAN.
Wireless LAN Switch and Controller Hardware Installation Guide
This guide provides instructions and specifications for installing a WX wireless switch in a Mobility System WLAN.
Wireless LAN Switch and Controller Configuration Guide
This guide provides instructions for configuring and managing the system through the Mobility System Software (MSS) CLI.
Wireless LAN Switch and Controller Command Reference

Documentation Comments

This reference provides syntax information for all MSS commands supported on WX switches.
Your suggestions are very important to us. They will help make our documentation more useful to you. Please e-mail comments about this document to 3Com at:
pddtechpubs_comments@3com.com
Please include the following information when contacting us:
Document titleDocument part number and revision (on the title page)Page number (if appropriate)
Example:
Wireless LAN Switch and Controller Configuration GuidePart number 730-9502-0071, Revision BPage 25
24 ABOUT THIS GUIDE
Please note that we can only respond to comments and questions about 3Com product documentation at this e-mail address. Questions related to Technical Support or sales should be directed in the first instance to your network supplier.
USING THE COMMAND-LINE
1
INTERFACE
This chapter discusses the 3Com Wireless Switch Manager (3WXM) command-line interface (CLI). Described are:
CLI conventions (see “CLI Conventions” on page 26) Editing on the command line (see “Command-Line Editing” on
page 31)
Using the CLI help feature (see “Using CLI Help” on page 33) Information about the command descriptions in this reference (see
“Understanding Command Descriptions” on page 34)

Overview Mobility System Software (MSS) operates a 3Com Mobility System

wireless LAN (WLAN) consisting of 3Com Wireless Switch Manager (3WXM) software and 3Com Wireless LAN Switch or 3Com Wireless LAN Controller (WX switch) and 3Com Wireless LAN Managed Access Point (MAP) hardware. There is a command-line interface (CLI) on the WX switch that you can use to configure and manage the WX and its attached access points.
You configure the wireless LAN switches and access points primarily with set, clear, and display commands. Use set commands to change parameters. Use clear commands to reset parameters to their defaults. In many cases, you can overwrite a parameter with another set command. Use display commands to show the current configuration and monitor the status of network operations.
The wireless LAN switches support two connection modes:
Administrative access mode, which enables the network administrator
to connect to the WX switch and configure the network
Network access mode, which enables network users to connect
through the WX switch to access the network
26 CHAPTER 1: USING THE COMMAND-LINE INTERFACE

CLI Conventions Be aware of the following MSS CLI conventions for command entry:

“Command Prompts” on page 26 “Syntax Notation” on page 26 “Text Entry Conventions and Allowed Characters” on page 27 “User Globs, MAC Address Globs, and VLAN Globs” on page 28 “Port Lists” on page 30 “Virtual LAN Identification” on page 31

Command Prompts By default, the MSS CLI provides the following prompt for restricted

users. The mmmm portion shows the wireless LAN switch model number (for example, 1200).
WXmmmm>
After you become enabled as an administrative user by typing enable and supplying a suitable password, MSS displays the following prompt:
WXmmmm#
For information about changing the CLI prompt on a wireless LAN switch, see “set prompt” on page 56.

Syntax Notation The MSS CLI uses standard syntax notation:

Bold monospace font identifies the command and keywords you must
type. For example:
set enablepass
Italics indicate a placeholder for a value. For example, you replace
vlan-id in the following command with a virtual LAN (VLAN) ID:
clear interface vlan-id ip
Curly brackets ({}) indicate a mandatory parameter, and square
brackets ([]) indicate an optional parameter. For example, you must enter dynamic or port and a port list in the following command, but a VLAN ID is optional:
clear fdb {dynamic | port port-list} [vlan vlan-id]
CLI Conventions 27
A vertical bar (|) separates mutually exclusive options within a list of
possibilities. For example, you enter either enable or disable, not both, in the following command:
set port {enable | disable} port-list
Text Entry
Conventions and
Allowed Characters
MAC Address
Notation
Unless otherwise indicated, the MSS CLI accepts standard ASCII alphanumeric characters, except for tabs and spaces, and is case-insensitive.
The CLI has specific notation requirements for MAC addresses, IP addresses, and masks, and allows you to group usernames, MAC addresses, virtual LAN (VLAN) names, and ports in a single command.
3Com recommends that you do not use the same name with different capitalizations for VLANs or access control lists (ACLs). For example, do not configure two separate VLANs with the names red and RED.
The CLI does not support the use of special characters including the following in any named elements such as SSIDs and VLANs: ampersand (&), angle brackets (< >), number sign (#), question mark (?), or quotation marks (“”).
In addition, the CLI does not support the use of international characters such as the accented É in DÉCOR.
MSS displays MAC addresses in hexadecimal numbers with a colon (:) delimiter between bytes — for example, 00:01:02:1a:00:01. You can enter MAC addresses with either hyphen (-) or colon (:) delimiters, but colons are preferred.
For shortcuts:
You can exclude leading zeros when typing a MAC address. MSS
displays of MAC addresses include all leading zeros.
In some specified commands, you can use the single-asterisk (*)
wildcard character to represent from 1 byte to 5 bytes of a MAC address. (For more information, see “MAC Address Globs” on page 29.)
28 CHAPTER 1: USING THE COMMAND-LINE INTERFACE
IP Address and Mask
Notation
User Globs, MAC
Address Globs, and
VLAN Globs
MSS displays IP addresses in dotted decimal notation — for example,
192.168.1.111. MSS makes use of both subnet masks and wildcard masks.
Subnet Masks
Unless otherwise noted, use classless interdomain routing (CIDR) format to express subnet masks — for example, 192.168.1.112/24. You indicate the subnet mask with a forward slash (/) and specify the number of bits in the mask.
Wildcard Masks
Security access control lists (ACLs) use source and destination IP addresses and wildcard masks to determine whether the wireless LAN switch filters or forwards IP packets. Matching packets are either permitted or denied network access. The ACL checks the bits in IP addresses that correspond to any 0s (zeros) in the mask, but does not check the bits that correspond to 1s (ones) in the mask. You specify the wildcard mask in dotted decimal notation.
For example, the address 10.0.0.0 and mask 0.255.255.255 match all IP addresses that begin with 10 in the first octet.
Name “globbing” is a way of using a wildcard pattern to expand a single element into a list of elements that match the pattern. MSS accepts user globs, MAC address globs, and VLAN globs. The order in which globs appear in the configuration is important, because once a glob is matched, processing stops on the list of globs.
User Globs
A user glob is shorthand method for matching an authentication, authorization, and accounting (AAA) command to either a single user or a set of users.
A user glob can be up to 80 characters long and cannot contain spaces or tabs. The double-asterisk (**) wildcard characters with no delimiter characters match all usernames. The single-asterisk (*) wildcard character matches any number of characters up to, but not including, a delimiter character in the glob. Valid user glob delimiter characters are the at (@) sign and the period (.).
CLI Conventions 29
Table 3 gives examples of user globs.
Tab le 3 User Globs
User Glob User(s) Designated
jose@example.com User jose at example.com *@example.com All users at example.com whose usernames do not
*@marketing.example.com All marketing users at example.com whose
*.*@marketing.example.com All marketing users at example.com whose
* All users with usernames that have no delimiters EXAMPLE\* All users in the Windows Domain EXAMPLE with
EXAMPLE\*.* All users in the Windows Domain EXAMPLE whose
** All users
contain periods — for example, jose@example.com and tamara@example.com, but not nin.wong@example.com, because nin.wong contains a period
usernames do not contain periods
usernames contain periods
usernames that have no delimiters
usernames contain periods
MAC Address Globs
A media access control (MAC) address glob is a similar method for matching some authentication, authorization, and accounting (AAA) and forwarding database (FDB) commands to one or more 6-byte MAC addresses. In a MAC address glob, you can use a single asterisk (*) as a wildcard to match all MAC addresses, or as follows to match from 1 byte to 5 bytes of the MAC address:
00:* 00:01:* 00:01:02:* 00:01:02:03:* 00:01:02:03:04:*
For example, the MAC address glob 02:06:8c* represents all MAC addresses starting with 02:06:8c. Specifying only the first 3 bytes of a MAC address allows you to apply commands to MAC addresses based on an organizationally unique identity (OUI).
30 CHAPTER 1: USING THE COMMAND-LINE INTERFACE
VLAN Globs
A VLAN glob is a method for matching one of a set of local rules on an wireless LAN switch, known as the location policy, to one or more users. MSS compares the VLAN glob, which can optionally contain wildcard characters, against the VLAN-Name attribute returned by AAA, to determine whether to apply the rule.
To match all VLANs, use the double-asterisk (**) wildcard characters with no delimiters. To match any number of characters up to, but not including, a delimiter character in the glob, use the single-asterisk (*) wildcard. Valid VLAN glob delimiter characters are the at (@) sign and the period (.).
For example, the VLAN glob bldg4.* matches bldg4.security and bldg4.hr and all other VLAN names with bldg4. at the beginning.
Matching Order for Globs
In general, the order in which you enter AAA commands determines the order in which MSS matches the user, MAC address, or VLAN to a glob. To verify the order, view the output of the display aaa or display config command. MSS checks globs that appear higher in the list before items lower in the list and uses the first successful match.

Port Lists The physical Ethernet ports on a WX switch can be set for connection to

MAP access points, authenticated wired users, or the network backbone. You can include a single port or multiple ports in one MSS CLI command by using the appropriate list format.
The ports on a WX switch are numbered 1 through 4 (for the 3Com Wireless LAN Controller WX4400) and 1 through 8 (for the 3Com Wireless Lan Switch WX1200). No port 0 exists on the WX switch. You can include a single port or multiple ports in a command that includes port port-list. Use one of the following formats for port-list:
A single port number. For example:
WX1200# set port enable 6
A comma-separated list of port numbers, with no spaces. For
example:
WX1200# display port poe 1,2,4
Loading...
+ 668 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use