3Com Corporation reserves the right to revise this documentation and to make changes in content from time
to time without obligation on the part of 3Com Corporation to provide notification of such revision or change.
3Com Corporation provides this documentation without warranty, term, or condition of any kind, either
implied or expressed, including, but not limited to, the implied warranties, terms or conditions of
merchantability, satisfactory quality, and fitness for a particular purpose. 3Com may make improvements or
changes in the product(s) and/or the program(s) described in this documentation at any time.
If there is any software on removable media described in this documentation, it is furnished under a license
agreement included with the product as a separate document, in the hard copy documentation, or on the
removable media in a directory file named LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy,
please contact 3Com and a copy will be provided to you.
UNITED STATES GOVERNMENT LEGEND
If you are a United States government agency, then this documentation and the software described herein are
provided to you subject to the following:
All technical data and computer software are commercial in nature and developed solely at private expense.
Software is delivered as “Commercial Computer Software” as defined in DFARS 252.227-7014 (June 1995) or
as a “commercial item” as defined in FAR 2.101(a) and as such is provided with only such rights as are
provided in 3Com’s standard commercial license for the Software. Technical data is provided with limited rights
only as provided in DFAR 252.227-7015 (Nov 1995) or FAR 52.227-14 (June 1987), whichever is applicable.
You agree not to remove or deface any portion of any legend provided on any licensed program or
documentation contained in, or delivered to you in conjunction with, this User Guide.
Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may
not be registered in other countries.
3Com is a registered trademark of 3Com Corporation. The 3Com logo is a trademark of 3Com Corporation.
Mobility Domain, Managed Access Point, Mobility Profile, Mobility System, Mobility System Software, MP,
MSS, and SentrySweep are trademarks of Trapeze Networks, Inc.
Intel and Pentium are registered trademarks of Intel Corporation. Microsoft, MS-DOS, Windows, Windows XP,
and Windows NT are registered trademarks of Microsoft Corporation.
All other company and product names may be trademarks of the respective companies with which they are
associated.
ENVIRONMENTAL STATEMENT
It is the policy of 3Com Corporation to be environmentally-friendly in all operations. To uphold our policy, we
are committed to:
Establishing environmental performance standards that comply with national legislation and regulations.
Conserving energy, materials and natural resources in all operations.
Reducing the waste generated by all operations. Ensuring that all waste conforms to recognized environmental
standards. Maximizing the recyclable and reusable content of all products.
Ensuring that all products can be recycled, reused and disposed of safely.
Ensuring that all products are labelled according to recognized environmental standards.
Improving our environmental record on a continual basis.
End of Life Statement
3Com processes allow for the recovery, reclamation and safe disposal of all end-of-life electronic components.
Regulated Materials Statement
3Com products do not contain any hazardous or ozone-depleting material.
Environmental Statement about the Documentation
The documentation for this product is printed on paper that comes from sustainable, managed forests; it is
fully biodegradable and recyclable, and is completely chlorine-free. The varnish is environmentally-friendly, and
the inks are vegetable-based with a low heavy-metal content.
Command Prompts28
Syntax Notation28
Text Entry Conventions and Allowed Characters28
User Globs, MAC Address Globs, and VLAN Globs30
Port Lists32
Virtual LAN Identification33
Command-Line Editing33
Keyboard Shortcuts33
History Buffer34
Tabs34
Single-Asterisk (*) Wildcard Character34
Double-Asterisk (**) Wildcard Characters34
Using CLI Help34
Understanding Command Descriptions36
2WX SETUP METHODS
Overview37
Quick Starts37
3Com Wireless Switch Manager38
CLI38
Web Manager38
How a WX Switch Gets its Configuration39
Web Quick Start (WXR100, WX1200 and WX2200 Only)40
Web Quick Start Parameters40
Web Quick Start Requirements41
Accessing the Web Quick Start41
CLI quickstart Command44
Quickstart Example46
Remote WX Configuration49
Opening the QuickStart Network Plan in 3Com Wireless Switch
Manager49
3CONFIGURING AAA FOR ADMINISTRATIVEAND LOCAL ACCESS
Overview51
Before You Start54
About Administrative Access54
Access Modes54
Types of Administrative Access54
First-Time Configuration via the Console55
Enabling an Administrator55
Setting the WX Switch Enable Password56
Authenticating at the Console57
Customizing AAA with “Globs” and Groups58
Setting User Passwords58
Adding and Clearing Local Users for Administrative Access59
Configuring Accounting for Administrative Users59
Displaying the AAA Configuration61
Saving the Configuration61
Administrative AAA Configuration Scenarios62
Local Authentication62
Local Authentication for Console Users and RADIUS Authentication for
Telnet Users62
Authentication When RADIUS Servers Do Not Respond63
Local Override and Backup Local Authentication64
4MANAGING USER PASSWORDS
Overview65
Configuring Passwords66
Setting Passwords for Local Users66
Enabling Password Restrictions67
Setting the Maximum Number of Login Attempts67
Specifying Minimum Password Length68
Configuring Password Expiration Time69
Restoring Access to a Locked-Out User70
Displaying Password Information70
5CONFIGURINGAND MANAGING PORTSAND VLANS
Configuring and Managing Ports71
Setting the Port Type71
Configuring a Port Name77
Configuring Interface Preference on a Dual-Interface Gigabit Ethernet
Port (WX4400 only)78
Configuring Port Operating Parameters79
Displaying Port Information81
Configuring Load-Sharing Port Groups85
Configuring and Managing VLANs87
Understanding VLANs in 3Com MSS87
Configuring a VLAN91
Changing Tunneling Affinity93
Restricting Layer 2 Forwarding Among Clients94
Displaying VLAN Information95
Managing the Layer 2 Forwarding Database96
Types of Forwarding Database Entries96
How Entries Enter the Forwarding Database96
Displaying Forwarding Database Information97
Adding an Entry to the Forwarding Database98
Removing Entries from the Forwarding Database98
Configuring the Aging Timeout Period99
Port and VLAN Configuration Scenario100
6CONFIGURINGAND MANAGING IP INTERFACESAND SERVICES
MTU Support103
Configuring and Managing IP Interfaces104
Adding an IP Interface104
Disabling or Reenabling an IP Interface107
Removing an IP Interface107
Displaying IP Interface Information107
Configuring the System IP Address108
Designating the System IP Address108
Displaying the System IP Address108
Clearing the System IP Address108
Configuring and Managing IP Routes108
Displaying IP Routes110
Adding a Static Route111
Removing a Static Route112
Managing the Management Services113
Managing SSH113
Managing Telnet116
Managing HTTPS118
Changing the Idle Timeout for CLI Management Sessions119
Setting a Message of the Day (MOTD) Banner120
Prompting the User to Acknowledge the MOTD Banner120
Configuring and Managing DNS121
Enabling or Disabling the DNS Client121
Configuring DNS Servers121
Configuring a Default Domain Name122
Displaying DNS Server Information122
Configuring and Managing Aliases123
Adding an Alias123
Removing an Alias123
Displaying Aliases123
Configuring and Managing Time Parameters124
Setting the Time Zone125
Configuring the Summertime Period125
Statically Configuring the System Time and Date127
Displaying the Time and Date127
Configuring and Managing NTP127
Adding an NTP Server128
Removing an NTP Server128
Changing the NTP Update Interval128
Resetting the Update Interval to the Default129
Enabling the NTP Client129
Displaying NTP Information129
Managing the ARP Table130
Displaying ARP Table Entries130
Adding an ARP Entry131
Changing the Aging Timeout131
Pinging Another Device132
Logging In to a Remote Device132
Tracing a Route133
IP Interfaces and Services Configuration Scenario135
7CONFIGURING SNMP
Overview139
Configuring SNMP139
Setting the System Location and Contact Strings140
Enabling SNMP Versions140
Configuring Community Strings (SNMPv1 and SNMPv2c Only)140
Creating a USM User for SNMPv3141
Setting SNMP Security143
Configuring a Notification Profile144
Configuring a Notification Target148
Enabling the SNMP Service151
Displaying SNMP Information151
Displaying SNMP Version and Status Information151
Displaying the Configured SNMP Community Strings151
Displaying USM Settings151
Displaying Notification Profiles152
Displaying Notification Targets152
Displaying SNMP Statistics Counters152
8CONFIGURINGAND MANAGING MOBILITY DOMAIN ROAMING
About the Mobility Domain Feature153
Configuring a Mobility Domain154
Configuring the Seed154
Configuring Member WX Switches on the Seed155
Configuring a Member155
Configuring Mobility Domain Seed Redundancy156
Displaying Mobility Domain Status157
Displaying the Mobility Domain Configuration157
Clearing a Mobility Domain from a WX Switch157
Clearing a Mobility Domain Member from a Seed157
Configuring WX-WX Security158
Monitoring the VLANs and Tunnels in a Mobility Domain159
Displaying Roaming Stations159
Displaying Roaming VLANs and Their Affinities160
Displaying Tunnel Information160
Understanding the Sessions of Roaming Users161
Requirements for Roaming to Succeed161
Effects of Timers on Roaming162
Monitoring Roaming Sessions162
Mobility Domain Scenario163
9CONFIGURING NETWORK DOMAINS
About the Network Domain Feature165
Network Domain Seed Affinity168
Configuring a Network Domain169
Configuring Network Domain Seeds169
Specifying Network Domain Seed Peers170
Configuring Network Domain Members171
Displaying Network Domain Information172
Clearing Network Domain Configuration from a WX Switch173
Clearing a Network Domain Seed from a WX Switch173
Clearing a Network Domain Peer from a Network Domain Seed173
Clearing Network Domain Seed or Member Configuration from a WX
Switch173
Network Domain Scenario174
10CONFIGURING MAP ACCESS POINTS
MAP Overview177
Country of Operation179
Directly Connected MAPs and Distributed MAPs179
Boot Process for Distributed MAPs189
Contacting a WX Switch190
Loading and Activating an Operational Image195
Obtaining Configuration Information from the WX Switch195
Service Profiles202
Radio Profiles209
Configuring MAPs213
Specifying the Country of Operation213
Configuring an Auto-AP Profile for Automatic MAP Configuration218
Configuring MAP Port Parameters224
Configuring MAP-WX Security229
Configuring a Service Profile233
Configuring a Radio Profile240
Configuring Radio-Specific Parameters246
Mapping the Radio Profile to Service Profiles249
Assigning a Radio Profile and Enabling Radios249
Disabling or Reenabling Radios250
Enabling or Disabling Individual Radios250
Disabling or Reenabling All Radios Using a Profile250
Resetting a Radio to its Factory Default Settings251
Restarting a MAP251
Configuring Local Packet Switching on MAPs252
Configuring Local Switching253
Displaying MAP Information256
Displaying MAP Configuration Information256
Displaying Connection Information for Distributed MAPs257
Displaying a List of Distributed MAPs that Are Not Configured258
Displaying Active Connection Information for Distributed MAPs258
Displaying Service Profile Information259
Displaying Radio Profile Information260
Displaying MAP Status Information260
Displaying Static IP Address Information for Distributed MAPs261
Configuring the Mesh AP275
Configuring the Service Profile for Mesh Services276
Configuring Security276
Enabling Link Calibration Packets on the Mesh Portal MAP277
Using the Client’s DSCP Value to Classify QoS Level344
Enabling Broadcast Control345
Displaying QoS Information345
Displaying a Radio Profile’s QoS Settings345
Displaying a Service Profile’s QoS Settings346
Displaying CoS Mappings347
Displaying the DSCP Table349
Displaying MAP Forwarding Queue Statistics349
17CONFIGURINGAND MANAGING SPANNING TREE PROTOCOL
Overview351
Enabling the Spanning Tree Protocol352
Changing Standard Spanning Tree Parameters352
Bridge Priority352
Port Cost353
Port Priority353
Changing the Bridge Priority353
Changing STP Port Parameters354
Changing Spanning Tree Timers357
Configuring and Managing STP Fast Convergence Features358
Configuring Port Fast Convergence359
Displaying Port Fast Convergence Information360
Configuring Backbone Fast Convergence360
Displaying the Backbone Fast Convergence State360
Configuring Uplink Fast Convergence361
Displaying Uplink Fast Convergence Information361
Displaying Spanning Tree Information361
Displaying STP Bridge and Port Information361
Displaying the STP Port Cost on a VLAN Basis362
Displaying Blocked STP Ports363
Displaying Spanning Tree Statistics363
Clearing STP Statistics365
Spanning Tree Configuration Scenario365
18CONFIGURINGAND MANAGING IGMP SNOOPING
Overview369
Disabling or Reenabling IGMP Snooping369
Disabling or Reenabling Proxy Reporting370
Enabling the Pseudo-Querier370
Changing IGMP Timers370
Changing the Router Solicitation Interval372
Configuring Static Multicast Ports372
Adding or Removing a Static Multicast Router Port373
Adding or Removing a Static Multicast Receiver Port373
Displaying Multicast Information373
Displaying Multicast Configuration Information and Statistics373
Displaying Multicast Queriers375
Displaying Multicast Routers375
Displaying Multicast Receivers376
19CONFIGURINGAND MANAGING SECURITY ACLS
About Security Access Control Lists377
Overview of Security ACL Commands377
Security ACL Filters378
Order in Which ACLs are Applied to Traffic379
Creating and Committing a Security ACL380
Setting a Source IP ACL380
Setting an ICMP ACL383
Setting TCP and UDP ACLs385
Determining the ACE Order386
Committing a Security ACL387
Viewing Security ACL Information387
Clearing Security ACLs390
Mapping Security ACLs390
Mapping User-Based Security ACLs390
Mapping Security ACLs to Ports, VLANs, Virtual Ports, or Distributed
MAPs392
Modifying a Security ACL394
Adding Another ACE to a Security ACL394
Placing One ACE before Another395
Modifying an Existing Security ACL396
Clearing Security ACLs from the Edit Buffer397
Using ACLs to Change CoS399
Filtering Based on DSCP Values399
Enabling Prioritization for Legacy Voice over IP401
General Guidelines402
Enabling VoIP Support for TeleSym VoIP403
Enabling SVP Optimization for SpectraLink Phones404
Restricting Client-To-Client Forwarding Among IP-Only Clients409
Security ACL Configuration Scenario410
20MANAGING KEYSAND CERTIFICATES
Why Use Keys and Certificates?413
Wireless Security through TLS414
PEAP-MS-CHAP-V2 Security414
About Keys and Certificates415
Public Key Infrastructures416
Public and Private Keys416
Digital Certificates416
PKCS #7, PKCS #10, and PKCS #12 Object Files417
Certificates Automatically Generated by MSS418
Creating Keys and Certificates419
Choosing the Appropriate Certificate Installation Method for Your
Network420
Creating Public-Private Key Pairs421
Generating Self-Signed Certificates422
Installing a Key Pair and Certificate from a PKCS #12 Object File423
Creating a CSR and Installing a Certificate from a PKCS #7 Object
File424
Installing a CA’s Own Certificate425
Displaying Certificate and Key Information426
Key and Certificate Configuration Scenarios427
Creating Self-Signed Certificates427
Installing CA-Signed Certificates from PKCS #12 Object Files429
Installing CA-Signed Certificates Using a PKCS #10 Object File (CSR) and a
PKCS #7 Object File431
21CONFIGURING AAA FOR NETWORK USERS
About AAA for Network Users433
Authentication433
Authorization438
Accounting440
Summary of AAA Features440
AAA Tools for Network Users441
“Globs” and Groups for Network User Classification442
AAA Methods for IEEE 802.1X and Web Network Access442
IEEE 802.1X Extensible Authentication Protocol Types446
Ways a WX Switch Can Use EAP447
Effects of Authentication Type on Encryption Method448
Configuring 802.1X Authentication449
Configuring EAP Offload449
Using Pass-Through450
Authenticating via a Local Database450
Binding User Authentication to Machine Authentication451
Configuring Authentication and Authorization by MAC Address456
Adding and Clearing MAC Users and User Groups Locally456
Configuring MAC Authentication and Authorization457
Changing the MAC Authorization Password for RADIUS459
Configuring Web Portal WebAAA460
How WebAAA Portal Works460
WebAAA Requirements and Recommendations462
Configuring Web Portal WebAAA467
Using a Custom Login Page471
Using Dynamic Fields in WebAAA Redirect URLs475
Using an ACL Other Than portalacl476
Configuring the Web Portal WebAAA Session Timeout Period477
Configuring the Web Portal Logout Function478
Configuring Last-Resort Access479
Configuring Last-Resort Access for Wired Authentication Ports481
Configuring AAA for Users of Third-Party APs482
Authentication Process for Users of a Third-Party AP482
Requirements483
Configuring Authentication for 802.1X Users of a Third-Party AP with
Tagged SSIDs484
Configuring Authentication for Non-802.1X Users of a Third-Party AP
with Tagged SSIDs487
Configuring Access for Any Users of a Non-Tagged SSID487
Assigning Authorization Attributes487
Assigning Attributes to Users and Groups492
Assigning SSID Default Attributes to a Service Profile493
Assigning a Security ACL to a User or a Group494
Clearing a Security ACL from a User or Group495
Assigning Encryption Types to Wireless Users496
Keeping Users on the Same VLAN Even After Roaming498
Overriding or Adding Attributes Locally with a Location Policy499
About the Location Policy500
How the Location Policy Differs from a Security ACL500
Setting the Location Policy501
Clearing Location Policy Rules and Disabling the Location Policy503
Configuring Accounting for Wireless Network Users504
Viewing Local Accounting Records505
Viewing Roaming Accounting Records505
Displaying the AAA Configuration507
Avoiding AAA Problems in Configuration Order508
Using the Wildcard “Any” as the SSID Name in Authentication
Rules508
Using Authentication and Accounting Rules Together508
Configuring a Mobility Profile510
Network User Configuration Scenarios512
General Use of Network User Commands512
Enabling RADIUS Pass-Through Authentication514
Enabling PEAP-MS-CHAP-V2 Authentication514
Enabling PEAP-MS-CHAP-V2 Offload515
Combining EAP Offload with Pass-Through Authentication516
Overriding AAA-Assigned VLANs516
22CONFIGURING COMMUNICATIONWITH RADIUS
RADIUS Overview519
Before You Begin521
Configuring RADIUS Servers521
Configuring Global RADIUS Defaults522
Setting the System IP Address as the Source Address523
Configuring Individual RADIUS Servers523
Deleting RADIUS Servers524
Configuring RADIUS Server Groups524
Creating Server Groups525
Deleting a Server Group527
RADIUS and Server Group Configuration Scenario528
23MANAGING 802.1X ONTHE WX SWITCH
Managing 802.1X on Wired Authentication Ports531
Enabling and Disabling 802.1X Globally531
Setting 802.1X Port Control532
Managing 802.1X Encryption Keys533
Enabling 802.1X Key Transmission533
Configuring 802.1X Key Transmission Time Intervals533
Setting the Maximum Number of 802.1X Reauthentication
Attempts536
Setting the 802.1X Reauthentication Period537
Setting the Bonded Authentication Period538
Managing Other Timers538
Setting the 802.1X Quiet Period538
Setting the 802.1X Timeout for an Authorization Server539
Setting the 802.1X Timeout for a Client539
Displaying 802.1X Information540
Viewing 802.1X Clients540
Viewing the 802.1X Configuration540
Viewing 802.1X Statistics541
24CONFIGURING SODA ENDPOINT SECURITYFORA WX SWITCH
About SODA Endpoint Security543
SODA Endpoint Security Support on WX Switches544
How SODA Functionality Works on WX Switches545
Configuring SODA Functionality546
Configuring Web Portal WebAAA for the Service Profile547
Creating the SODA Agent with SODA Manager547
Copying the SODA Agent to the WX Switch549
Installing the SODA Agent Files on the WX Switch549
Enabling SODA Functionality for the Service Profile550
Disabling Enforcement of SODA Agent Checks550
Specifying a SODA Agent Success Page551
Specifying a SODA Agent Failure Page551
Specifying a Remediation ACL552
Specifying a SODA Agent Logout Page553
Specifying an Alternate SODA Agent Directory for a Service Profile554
Uninstalling the SODA Agent Files from the WX Switch554
Displaying SODA Configuration Information555
25MANAGING SESSIONS
About the Session Manager557
Displaying and Clearing Administrative Sessions557
Displaying and Clearing All Administrative Sessions558
Displaying and Clearing an Administrative Console Session558
Displaying and Clearing Administrative Telnet Sessions559
Displaying and Clearing Client Telnet Sessions559
Displaying and Clearing Network Sessions560
Displaying Verbose Network Session Information561
Displaying and Clearing Network Sessions by Username562
Displaying and Clearing Network Sessions by MAC Address563
Displaying and Clearing Network Sessions by VLAN Name563
Displaying and Clearing Network Sessions by Session ID564
Displaying and Changing Network Session Timers565
Disabling Keepalive Probes566
Changing or Disabling the User Idle Timeout566
Configuring an Ignore List579
Enabling Countermeasures580
Using On-Demand Countermeasures in a Mobility Domain581
Disabling or Reenabling Active Scan582
Enabling MAP Signatures582
Creating an Encrypted RF Fingerprint Key as a MAP Signature583
Disabling or Reenabling Logging of Rogues584
Enabling Rogue and Countermeasures Notifications584
IDS and DoS Alerts584
Displaying SSID or BSSID Information for a Mobility Domain594
Displaying RF Detect Data596
Displaying the APs Detected by MAP Radio596
Displaying Countermeasures Information597
27MANAGING SYSTEM FILES
About System Files599
Displaying Software Version Information599
Displaying Boot Information601
Working with Files602
Displaying a List of Files602
Copying a File604
Using an Image File’s MD5 Checksum To Verify Its Integrity606
Deleting a File607
Creating a Subdirectory608
Removing a Subdirectory608
Managing Configuration Files609
Displaying the Running Configuration609
Saving Configuration Changes610
Specifying the Configuration File to Use After the Next Reboot611
Loading a Configuration File611
Specifying a Backup Configuration File612
Resetting to the Factory Default Configuration612
Backing Up and Restoring the System613
Managing Configuration Changes615
Backup and Restore Examples615
Upgrading the System Image616
Preparing the WX Switch for the Upgrade616
Upgrading an Individual Switch Using the CLI617
Command Changes During Upgrade618
ATROUBLESHOOTINGA WX SWITCH
Fixing Common WX Setup Problems619
Recovering the System When the Enable Password is Lost622
WXR100622
WX1200, WX2200, or WX4400622
Configuring and Managing the System Log623
Log Message Components623
Logging Destinations and Levels623
Using Log Commands625
Running Traces631
Using the Trace Command631
Displaying a Trace632
Stopping a Trace632
About Trace Results633
Displaying Trace Results633
Copying Trace Results to a Server634
Clearing the Trace Log634
List of Trace Areas634
Using display Commands635
Viewing VLAN Interfaces635
Viewing AAA Session Statistics635
Viewing FDB Information636
Viewing ARP Information636
Port Mirroring637
Configuration Requirements637
Configuring Port Mirroring637
Displaying the Port Mirroring Configuration637
Clearing the Port Mirroring Configuration637
Remotely Monitoring Traffic638
Preparing an Observer and Capturing Traffic643
Capturing System Information and Sending it to Technical Support645
The display tech-support Command645
Core Files646
Debug Messages647
Sending Information to 3Com Technical Support648
BENABLINGAND LOGGING INTO WEB VIEW
System Requirements649
Browser Requirements649
WX Switch Requirements649
Logging Into Web View650
CSUPPORTED RADIUS ATTRIBUTES
Attributes651
Supported Standard and Extended Attributes652
3Com Vendor-Specific Attributes659
DTRAFFIC PORTS USEDBY MSS
EDHCP SERVER
How the MSS DHCP Server Works664
Configuring the DHCP Server665
Displaying DHCP Server Information666
FOBTAINING SUPPORTFOR YOUR 3COM PRODUCTS
Register Your Product to Gain Service Benefits667
Solve Problems Online667
Purchase Extended Warranty and Professional Services668
Access Software Downloads668
Contact Us668
Telephone Technical Support and Repair669
GLOSSARY
INDEX
COMMAND INDEX
ABOUT THIS GUIDE
This guide describes the configuration commands for the 3Com Wireless
LAN Switch WXR100, WX1200, or 3Com Wireless LAN Controller
WX4400, WX2200.
This guide is intended for System integrators who are configuring the
WXR100, WX1200, WX4400, or WX2200.
If release notes are shipped with your product and the information there
differs from the information in this guide, follow the instructions in the
release notes.
Most user guides and release notes are available in Adobe Acrobat
Reader Portable Document Format (PDF) or HTML on the 3Com
World Wide Web site:
http://www.3com.com/
ConventionsTable 1 and Table 2 list conventions that are used throughout this guide.
Tab le 1 Notice Icons
IconNotice TypeDescription
Information noteInformation that describes important features or
instructions
CautionInformation that alerts you to potential loss of data or
potential damage to an application, system, or device
24ABOUT THIS GUIDE
This manual uses the following text and syntax conventions:
Tab le 2 Text Conventions
ConventionDescription
Monospace textSets off command syntax or sample commands and system
responses.
Bold textHighlights commands that you enter or items you select.
Italic textDesignates command variables that you replace with
appropriate values, or highlights publication titles or words
requiring special emphasis.
[ ] (square brackets)Enclose optional parameters in command syntax.
{ } (curly brackets)Enclose mandatory parameters in command syntax.
| (vertical bar)Separates mutually exclusive options in command syntax.
Keyboard key names If you must press two or more keys simultaneously, the key
names are linked with a plus sign (+). Example:
Press Ctrl+Alt+Del
Words in italicsItalics are used to:
Emphasize a point.
Denote a new term at the place where it is defined in the
text.
Highlight an example string, such as a username or SSID.
DocumentationThe MSS documentation set includes the following documents.
Wireless Switch Manager (3WXM) Release Notes
These notes provide information about the 3WXM software release,
including new features and bug fixes.
Wireless LAN Switch and Controller Release Notes
These notes provide information about the MSS software release,
including new features and bug fixes.
Wireless LAN Switch and Controller Quick Start Guide
This guide provides instructions for performing basic setup of secure
(802.1X) and guest (WebAAA
Domain for roaming, and for accessing a sample network plan in
3WXM for advanced configuration and management.
™) access, for configuring a Mobility
Documentation Comments25
Wireless Switch Manager Reference Manual
This manual shows you how to plan, configure, deploy, and manage a
Mobility System wireless LAN (WLAN) using the 3Com Wireless Switch
Manager (3WXM).
Wireless Switch Manager User’s Guide
This manual shows you how to plan, configure, deploy, and manage the
entire WLAN with the 3WXM tool suite. Read this guide to learn how to
plan wireless services, how to configure and deploy 3Com equipment to
provide those services, and how to optimize and manage your WLAN.
Wireless LAN Switch and Controller Hardware Installation Guide
This guide provides instructions and specifications for installing a WX
wireless switch in a Mobility System WLAN.
Wireless LAN Switch and Controller Configuration Guide
This guide provides instructions for configuring and managing the
system through the Mobility System Software (MSS) CLI.
Wireless LAN Switch and Controller Command Reference
Documentation
Comments
This reference provides syntax information for all MSS commands
supported on WX switches.
Your suggestions are very important to us. They will help make our
documentation more useful to you. Please e-mail comments about this
document to 3Com at:
pddtechpubs_comments@3com.com
Please include the following information when contacting us:
Document title
Document part number and revision (on the title page)
Page number (if appropriate)
Example:
Wireless LAN Switch and Controller Configuration Guide
Part number 730-9502-0071, Revision B
Page 25
26ABOUT THIS GUIDE
Please note that we can only respond to comments and questions about
3Com product documentation at this e-mail address. Questions related to
technical support or sales should be directed in the first instance to your
network supplier.
USINGTHE COMMAND-LINE
1
INTERFACE
Mobility System Software (MSS) operates a 3Com Mobility System
wireless LAN (WLAN) consisting of 3Com Wireless Switch Manager
software, Wireless LAN Switches (WX1200 or WXR100), Wireless LAN
Controllers (WX4400 or WX2200), and Managed Access Points (MAPs).
MSS has a command-line interface (CLI) on a WX switch that you can use
to configure and manage the switch and its attached MAPs.
OverviewYou configure the WX switch and MAPs primarily with set, clear, and
display commands. Use set commands to change parameters. Use clear
commands to reset parameters to their defaults. In many cases, you can
overwrite a parameter with another set command. Use display
commands to display the current configuration and monitor the status of
network operations.
The WX switch supports two connection modes:
Administrative access mode, which enables the network administrator
to connect to the WX and configure the network
Network access mode, which enables network users to connect
through the WX to access the network
CLI ConventionsBe aware of the following MSS CLI conventions for command entry:
“Command Prompts” on page 28
“Syntax Notation” on page 28
“Text Entry Conventions and Allowed Characters” on page 28
“User Globs, MAC Address Globs, and VLAN Globs” on page 30
“Port Lists” on page 32
“Virtual LAN Identification” on page 33
28CHAPTER 1: USINGTHE COMMAND-LINE INTERFACE
Command PromptsBy default, the MSS CLI provides the following prompt for restricted
users. The mmmm portion shows the WX model number (for example,
1200) and the nnnnnn portion shows the last 6 digits of the WX media
access control (MAC) address.
WXmmmm>
After you become enabled as an administrative user by typing enable
and supplying a suitable password, MSS displays the following prompt:
WXmmmm#
For information about changing the CLI prompt on a WX, see the set
prompt command description in the Wireless LAN Switch and Controller
Command Reference.
Syntax NotationThe MSS CLI uses standard syntax notation:
Bold monospace font identifies the command and keywords you must
type. For example:
set enablepass
Italic monospace font indicates a placeholder for a value. For example,
you replace vlan-id in the following command with a virtual LAN
(VLAN) ID:
clear interface vlan-id ip
Curly brackets ({ }) indicate a mandatory parameter, and square
brackets ([ ]) indicate an optional parameter. For example, you must
enter dynamic or port and a port list in the following command, but
a VLAN ID is optional:
clear fdb {dynamic | port port-list} [vlan vlan-id]
Text Entry
Conventions and
Allowed Characters
A vertical bar (|) separates mutually exclusive options within a list of
possibilities. For example, you enter either enable or disable, not
both, in the following command:
set port {enable | disable} port-list
Unless otherwise indicated, the MSS CLI accepts standard ASCII
alphanumeric characters, except for tabs and spaces, and is
case-insensitive.
CLI Conventions29
The CLI has specific notation requirements for MAC addresses, IP
addresses, and masks, and allows you to group usernames, MAC
addresses, virtual LAN (VLAN) names, and ports in a single command.
3Com recommends that you do not use the same name with different
capitalizations for VLANs or access control lists (ACLs). For example, do
not configure two separate VLANs with the names red and RED.
The CLI does not support the use of special characters including the
following in any named elements such as SSIDs and VLANs: ampersand
(&), angle brackets (< >), number sign (#), question mark (?), or quotation
marks (“”).
In addition, the CLI does not support the use of international characters
such as the accented É in DÉCOR.
MAC Address Notation
MSS displays MAC addresses in hexadecimal numbers with a colon (:)
delimiter between bytes—for example, 00:01:02:1a:00:01. You can enter
MAC addresses with either hyphen (-) or colon (:) delimiters, but colons
are preferred.
For shortcuts:
You can exclude leading zeros when typing a MAC address. MSS
displays of MAC addresses include all leading zeros.
In some specified commands, you can use the single-asterisk (*)
wildcard character to represent an entire MAC address or from 1 byte
to 5 bytes of the address. (For more information, see “MAC Address
Globs” on page 31.)
IP Address and Mask Notation
MSS displays IP addresses in dotted decimal notation—for example,
192.168.1.111. MSS makes use of both subnet masks and wildcard
masks.
Subnet Masks Unless otherwise noted, use classless interdomain
routing (CIDR) format to express subnet masks—for example,
192.168.1.112/24. You indicate the subnet mask with a forward slash (/)
and specify the number of bits in the mask.
30CHAPTER 1: USINGTHE COMMAND-LINE INTERFACE
Wildcard Masks Security access control lists (ACLs) use source and
destination IP addresses and wildcard masks to determine whether the
WX filters or forwards IP packets. Matching packets are either permitted
or denied network access. The ACL checks the bits in IP addresses that
correspond to any 0s (zeros) in the mask, but does not check the bits that
correspond to 1s (ones) in the mask. You specify the wildcard mask in
dotted decimal notation.
For example, the address 10.0.0.0 and mask 0.255.255.255 match all IP
addresses that begin with 10 in the first octet.
The ACL mask must be a contiguous set of zeroes starting from the first
bit. For
ACL masks.
example, 0.255.255.255, 0.0.255.255, and 0.0.0.255 are valid
However, 0.255.0.255 is not a valid ACL mask.
User Globs, MAC
Address Globs, and
VLAN Globs
Name “globbing” is a way of using a wildcard pattern to expand a single
element into a list of elements that match the pattern. MSS accepts user
globs, MAC address globs, and VLAN globs. The order in which globs
appear in the configuration is important, because once a glob is matched,
processing stops on the list of globs
User Globs
A user glob is shorthand method for matching an authentication,
authorization, and accounting (AAA) command to either a single user or
a set of users.
A user glob can be up to 80 characters long and cannot contain spaces or
tabs. The double-asterisk (**) wildcard characters with no delimiter
characters match all usernames. The single-asterisk (*) wildcard character
matches any number of characters up to, but not including, a delimiter
character in the glob. Valid user glob delimiter characters are the at (@)
sign and the period (.).
For example, in Table 3, the following globs identify the following users:
Tab le 3 User Globs
User GlobUser(s) Designated
jose@example.comUser jose at example.com
Loading...
+ 698 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.