Wireless LAN Mobility System
Wireless LAN Switch and Controller
Command Reference
WX4400 3CRWX440095A
WX2200 3CRWX220095A
WX1200 3CRWX120695A
WXR100 3CRWXR10095A
http://www.3Com.com/
Part No. 10015910 Rev AC
Published July 2008
3Com Corporation
350 Campus Drive
Marlborough, MA USA
01752-3064
Copyright © 2007, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced
in any form or by any means or used to make any derivative work (such as translation, transformation, or
adaptation) without written permission from 3Com Corporation.
3Com Corporation reserves the right to revise this documentation and to make changes in content from time
to time without obligation on the part of 3Com Corporation to provide notification of such revision or change.
3Com Corporation provides this documentation without warranty, term, or condition of any kind, either
implied or expressed, including, but not limited to, the implied warranties, terms or conditions of
merchantability, satisfactory quality, and fitness for a particular purpose. 3Com may make improvements or
changes in the product(s) and/or the program(s) described in this documentation at any time.
If there is any software on removable media described in this documentation, it is furnished under a license
agreement included with the product as a separate document, in the hard copy documentation, or on the
removable media in a directory file named LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy,
please contact 3Com and a copy will be provided to you.
UNITED STATES GOVERNMENT LEGEND
If you are a United States government agency, then this documentation and the software described herein are
provided to you subject to the following:
All technical data and computer software are commercial in nature and developed solely at private expense.
Software is delivered as “Commercial Computer Software” as defined in DFARS 252.227-7014 (June 1995) or
as a “commercial item” as defined in FAR 2.101(a) and as such is provided with only such rights as are
provided in 3Com’s standard commercial license for the Software. Technical data is provided with limited rights
only as provided in DFAR 252.227-7015 (Nov 1995) or FAR 52.227-14 (June 1987), whichever is applicable.
You agree not to remove or deface any portion of any legend provided on any licensed program or
documentation contained in, or delivered to you in conjunction with, this User Guide.
Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may
not be registered in other countries.
3Com is a registered trademark of 3Com Corporation. The 3Com logo is a trademark of 3Com Corporation.
Mobility Domain, Managed Access Point, Mobility Profile, Mobility System, Mobility System Software, MP,
MSS, and SentrySweep are trademarks of Trapeze Networks.
Intel and Pentium are registered trademarks of Intel Corporation. Microsoft, MS-DOS, Windows, Windows XP,
and Windows NT are registered trademarks of Microsoft Corporation.
All other company and product names may be trademarks of the respective companies with which they are
associated.
ENVIRONMENTAL STATEMENT
It is the policy of 3Com Corporation to be environmentally-friendly in all operations. To uphold our policy, we
are committed to:
Establishing environmental performance standards that comply with national legislation and regulations.
Conserving energy, materials and natural resources in all operations.
Reducing the waste generated by all operations. Ensuring that all waste conforms to recognized environmental
standards. Maximizing the recyclable and reusable content of all products.
Ensuring that all products can be recycled, reused and disposed of safely.
Ensuring that all products are labelled according to recognized environmental standards.
Improving our environmental record on a continual basis.
End of Life Statement
3Com processes allow for the recovery, reclamation and safe disposal of all end-of-life electronic components.
Regulated Materials Statement
3Com products do not contain any hazardous or ozone-depleting material.
Environmental Statement about the Documentation
The documentation for this product is printed on paper that comes from sustainable, managed forests; it is
fully biodegradable and recyclable, and is completely chlorine-free. The varnish is environmentally-friendly, and
the inks are vegetable-based with a low heavy-metal content.
CONTENTS
ABOUT THIS GUIDE
Conventions 25
Documentation 26
Documentation Comments 27
NEW FEATURES SUMMARY
Virtual Controller Clustering Configuration 30
set cluster mode 30
set cluster preempt 30
AP 3950 PoE Configuration 31
set ap power-mode 31
802.11n Configuration 31
set service-profile 11n 32
set service-profile transmit-rates 32
set radio-profile 11n 33
External Captive Portal Support 33
Simultaneous Login Support 34
Dynamic RADIUS Extensions 34
set radius dac 34
set radius das-port 34
clear radius das-port 35
set authorization dynamic 35
termination-action Attribute 35
MAC User Range Authentication 36
set authentication mac-prefix 36
MAC Authentication Request Format 37
User Attribute Enhancements 37
Enhancements to Location Policy Configuration 38
RADIUS Ping Utility 39
radping 39
Unique AP Number Support 40
Bandwidth Management 40
set qos profile 40
set radio-profile weighted-fair-queuing 41
set service-profile max-bw 42
clear qos-profile 42
RF Scanning Enhancements 43
set radio-profile rf-scanning mode 43
set radio-profile rf-scanning channel-scope 44
RF Detection Configuration 44
Deprecated Commands 44
Replaced Commands 45
set rfdetect ssid-list 45
set rfdetect classification ad-hoc 45
set rfdetect classification default 46
set rfdetect classification seen-in-network 46
set rfdetect classification ssid-masquerade 47
display rfdetect classification 47
display aaa Command Replacements 48
display radius 48
display user 49
display mac-user 51
display usergroup 52
display mac-usergroup 53
display ap config Enhancements 54
display ap config 54
display ap config verbose 54
display ap config 55
display ap config radio 55
display load Enhancements 55
display load memory 56
display load cpu 57
display load cpu history 58
display radio-profile Enhancements 58
display radio-profile 59
display sessions network ap Enhancements 60
display sessions network ap 60
display sessions network ap radio 60
clear sessions network Enhancements 61
display service-profile Enhancements 61
display rfdetect Changes 66
Deprecated Commands 66
display rfdetect data 66
display rfdetect data ap 69
display rfdetect data clients 70
display rfdetect data verbose 70
display rfdetect data summary 72
1 USING THE COMMAND-LINE INTERFACE
Overview 75
CLI Conventions 76
Command Prompts 76
Syntax Notation 76
Text Entry Conventions and Allowed Characters 77
MAC Address Notation 77
IP Address and Mask Notation 78
User Globs, MAC Address Globs, and VLAN Globs 78
Port Lists 80
Virtual LAN Identification 81
Command-Line Editing 81
Keyboard Shortcuts 81
History Buffer 82
Ta bs 8 2
Single-Asterisk (*) Wildcard Character 82
Double-Asterisk (**) Wildcard Characters 82
Using CLI Help 83
Understanding Command Descriptions 84
2 ACCESS COMMANDS
Commands by Usage 85
disable 85
enable 86
quit 86
set enablepass 87
3 SYSTEM SERVICE COMMANDS
Commands by Usage 89
clear banner motd 90
clear history 91
clear prompt 91
clear system 92
display banner motd 93
display base-information 93
display license 94
display load 95
display system 95
help 98
history 99
quickstart 100
set auto-config 100
set banner acknowledge 102
set banner motd 104
set confirm 105
set length 105
set license 106
set prompt 107
set system contact 108
set system countrycode 109
set system idle-timeout 113
set system ip-address 114
set system location 115
set system name 116
4 PORT COMMANDS
Commands by Usage 117
clear ap 118
clear port counters 119
clear port-group 119
clear port media-type 120
clear port name 120
clear port mirror 121
clear port preference 121
clear port type 122
display port counters 123
display port-group 124
display port mirror 125
display port poe 126
display port status 127
display port media-type 129
monitor port counters 130
reset port 135
set ap 135
set port 137
set port-group 138
set port media-type 139
set port mirror 140
set port name 141
set port negotiation 141
set port poe 142
set port speed 143
set port trap 144
set port type ap 145
set port type wired-auth 148
5 VLAN COMMANDS
Commands by usage 151
clear fdb 152
clear security L2-restrict 153
clear security L2-restrict counters 154
clear vlan 155
clear vlan-profile 156
display fdb 157
display fdb agingtime 159
display fdb count 160
display roaming station 161
display roaming vlan 163
display security L2-restrict 164
display tunnel 165
display vlan config 166
display vlan-profile 168
set fdb 169
set fdb agingtime 170
set security L2-restrict 171
set vlan name 172
set vlan port 173
set vlan tunnel-affinity 174
set vlan profile 175
6 QUALITY OF SERVICE COMMANDS
Commands by Usage 177
clear qos 177
set qos cos-to-dscp-map 179
set qos dscp-to-cos-map 180
display qos 181
display qos dscp-table 182
7 IP SERVICES COMMANDS
Commands by Usage 183
clear interface 185
clear ip alias 186
clear ip dns domain 187
clear ip dns server 187
clear ip route 188
clear ip telnet 189
clear ntp server 189
clear ntp update-interval 190
clear snmp community 191
clear snmp notify profile 191
clear snmp notify target 192
clear snmp usm 192
clear summertime 193
clear system ip-address 194
clear timezone 194
display arp 195
display dhcp-client 196
display dhcp-server 198
display interface 200
display ip alias 201
display ip dns 202
display ip https 203
display ip route 204
display ip telnet 206
display ntp 207
display snmp community 209
display snmp counters 210
display snmp notify profile 210
display snmp notify target 210
display snmp status 211
display snmp usm 212
display summertime 212
display timedate 213
display timezone 213
ping 214
set arp 216
set arp agingtime 217
set interface 218
set interface dhcp-client 219
set interface dhcp-server 220
set interface status 221
set ip alias 222
set ip dns 223
set ip dns domain 223
set ip dns server 224
set ip https server 225
set ip route 226
set ip snmp server 228
set ip ssh 228
set ip ssh server 229
set ip telnet 229
set ip telnet server 230
set ntp 231
set ntp server 232
set ntp update-interval 233
set snmp community 233
set snmp notify profile 235
set snmp notify target 240
SNMPv3 with Informs 240
SNMPv3 with Traps 241
SNMPv2c with Informs 242
SNMPv2c with Traps 243
SNMPv1 with Traps 243
set snmp protocol 245
set snmp security 246
set snmp usm 247
set summertime 250
set system ip-address 251
set timedate 252
set timezone 253
telnet 254
traceroute 255
8 AAA COMMANDS
Commands by Usage 259
clear accounting 261
clear authentication admin 262
clear authentication console 263
clear authentication dot1x 264
clear authentication mac 265
clear authentication proxy 266
clear authentication web 266
clear location policy 267
clear mac-user 268
clear mac-user attr 269
clear mac-user group 269
clear mac-usergroup 270
clear mac-usergroup attr 271
clear mobility-profile 272
clear user 272
clear user attr 273
clear user group 274
clear user lockout 274
clear usergroup 275
clear usergroup attr 276
display aaa 277
display accounting statistics 280
display location policy 282
display mobility-profile 283
set accounting {admin | console} 283
set accounting {dot1x | mac | web | last-resort} 285
set authentication admin 287
set authentication console 289
set authentication dot1x 291
set authentication mac 295
set authentication max-attempts 297
set authentication max-attempts 298
set authentication minimum-password-length 299
set authentication password-restrict 300
set authentication proxy 301
set authentication web 302
set location policy 304
set mac-user 308
set mac-user attr 309
set mac-usergroup attr 315
set mobility-profile 317
set mobility-profile mode 319
set user 319
set user attr 321
set user expire-password-in 322
set user group 323
set usergroup 323
set usergroup expire-password-in 325
set web-portal 326
9 MOBILITY DOMAIN COMMANDS
Commands by Usage 327
clear mobility-domain 328
clear mobility-domain member 328
display mobility-domain 329
display mobility-domain config 330
display mobility-domain status 331
set mobility-domain member 332
set mobility-domain mode member secondary seed-ip 333
set mobility-domain mode member seed-ip 334
set mobility-domain mode secondary-seed domain-name 335
set mobility-domain mode seed domain-name 336
set domain security 337
10 NETWORK DOMAIN COMMANDS
Network Domain Commands by Usage 339
clear network-domain 340
clear network-domain mode 341
clear network-domain peer 342
clear network-domain seed-ip 343
display network-domain 344
set network-domain mode member seed-ip 346
set network-domain peer 347
set network-domain mode seed domain-name 348
11 MANAGED ACCESS POINT COMMANDS
MAP Access Point Commands by Usage 349
clear ap local-switching vlan-profile 355
clear ap radio 356
clear ap boot-configuration 358
clear ap radio load-balancing group 359
clear radio-profile 360
clear service-profile 361
display ap arp 362
display ap config 364
display ap counters 367
display ap fdb 373
display ap qos-stats 374
display ap etherstats 375
display ap group 377
display ap mesh-links 377
display ap status 379
display ap vlan 385
display auto-tune attributes 386
display auto-tune neighbors 388
display ap boot-configuration 390
display ap connection 391
display ap global 393
display ap unconfigured 395
display load-balancing group 396
display radio-profile 398
display service-profile 401
reset ap 410
set ap auto 410
set ap auto persistent 412
set ap auto radiotype 413
set ap auto mode 414
set ap bias 415
set ap blink 416
set ap boot- configuration ip 417
set ap boot- configuration mesh mode 418
set ap boot-configuration mesh psk-phrase 419
set ap boot-configuration mesh psk-raw 420
set ap boot-configuration mesh ssid 421
set ap boot- configuration switch 422
set ap boot-configuration vlan 423
set ap contact 424
set ap fingerprint 424
set ap force-image-
download 426
set ap group 427
set ap location 427
set ap local-switching mode 427
set ap local-switching vlan-profile 428
set ap name 429
set ap radio antenna-location 430
set ap radio antennatype 431
set ap radio auto-tune max-power 432
set ap radio auto-tune max-
retransmissions 433
set ap radio channel 435
set ap radio link-calibration 436
set ap radio load balancing 437
set ap radio load balancing group 438
set ap radio mode 439
set ap radio radio-profile 440
set ap radio tx-power 441
set ap security 443
set ap upgrade-firmware 444
set band-preference 445
set load-balancing mode 446
set load-balancing strictness 447
set radio-profile 11g-only 448
set radio-profile active-scan 448
set radio-profile auto-tune 11a-channel-range 449
set radio-profile auto-tune channel-config 450
set radio-profile auto-tune channel-holddown 451
set radio-profile auto-tune channel-interval 452
set radio-profile auto-tune channel-lockdown 453
set radio-profile auto-tune power-config 454
set radio-profile auto-tune power-interval 455
set radio-profile auto-tune power-lockdown 456
set radio-profile auto-tune power-ramp-interval 457
set radio-profile beacon-interval 457
set radio-profile countermeasures 458
set radio-profile dtim-interval 460
set radio-profile frag-threshold 461
set radio-profile long-retry 462
set radio-profile max-rx-lifetime 462
set radio-profile max-tx-lifetime 463
set radio-profile mode 464
set radio-profile preamble-length 467
set radio-profile qos-mode 468
set radio-profile rfid-mode 469
set radio-profile rate-enforcement 469
set radio-profile rts-threshold 471
set radio-profile service-profile 472
set radio-profile short-retry 478
set radio-profile wmm 478
set radio-profile wmm-powersave 478
set service-profile attr 479
set service-profile auth-dot1x 481
set service-profile auth-fallthru 482
set service-profile auth-psk 483
set service-profile beacon 484
set service-profile bridging 485
set service-profile cac-mode 486
set service-profile cac-session 487
set service-profile cipher-ccmp 488
set service-profile cipher-tkip 489
set service-profile cipher-wep104 490
set service-profile cipher-wep40 491
set service-profile cos 492
set service-profile dhcp-restrict 493
set service-profile idle-client-probing 494
set service-profile keep-initial-vlan 495
set service-profile load-balancing-
exempt 496
set service-profile long-retry-count 497
set service-profile mesh 498
set service-profile no-broadcast 499
set service-profile proxy-arp 500
set service-profile psk-phrase 501
set service-profile psk-raw 502
set service-profile rsn-ie 503
set service-profile shared-key-auth 504
set service-profile short-retry-count 504
set service-profile soda agent-directory 505
set service-profile soda enforce-checks 506
set service-profile soda failure-page 507
set service-profile soda logout-page 508
set service-profile soda mode 510
set service-profile soda remediation-acl 511
set service-profile soda success-page 512
set service-profile ssid-name 513
set service-profile ssid-type 514
set service-profile tkip-mc-time 514
set service-profile static-cos 515
set service-profile transmit-rates 516
set service-profile use-client-dscp 518
set service-profile user-idle-timeout 519
set service-profile web-portal-acl 520
set service-profile web-portal-form 521
set service-profile web-portal-logout logout-url 523
set service-profile web-portal-logout mode 524
set service-profile web-portal-session-timeout 525
set service-profile wep active-multicast-
index 526
set service-profile wep active-unicast-
index 527
set service-profile wep key-index 528
set service-profile wpa-ie 529
12 STP COMMANDS
STP Commands by Usage 531
clear spantree portcost 532
clear spantree portpri 533
clear spantree portvlancost 533
clear spantree portvlanpri 534
clear spantree statistics 535
display spantree 536
display spantree backbonefast 539
display spantree blockedports 540
display spantree portfast 541
display spantree portvlancost 542
display spantree statistics 542
display spantree uplinkfast 548
set spantree 549
set spantree backbonefast 550
set spantree fwddelay 551
set spantree hello 551
set spantree maxage 552
set spantree portcost 553
set spantree portfast 554
set spantree portpri 555
set spantree portvlancost 556
set spantree portvlanpri 557
set spantree priority 558
set spantree uplinkfast 558
13 IGMP SNOOPING COMMANDS
Commands by usage 561
clear igmp statistics 562
display igmp 562
display igmp mrouter 566
display igmp querier 567
display igmp receiver-table 569
display igmp statistics 571
set igmp 573
set igmp lmqi 574
set igmp mrouter 575
set igmp mrsol 576
set igmp mrsol mrsi 576
set igmp oqi 577
set igmp proxy-report 578
set igmp qi 579
set igmp qri 580
set igmp querier 581
set igmp receiver 581
set igmp rv 582
14 SECURITY ACL COMMANDS
Security ACL Commands by Usage 585
clear security acl 586
clear security acl map 587
commit security acl 589
display security acl 590
display security acl editbuffer 591
display security acl hits 592
display security acl info 593
display security acl map 594
display security acl resource-usage 595
rollback security acl 599
set security acl 600
set security acl map 605
set security acl hit-sample-rate 607
15 CRYPTOGRAPHY COMMANDS
Commands by Usage 610
crypto ca-certificate 610
crypto certificate 612
crypto generate key 613
crypto generate request 614
crypto generate self-signed 616
crypto otp 618
crypto pkcs12 620
display crypto ca-certificate 621
display crypto certificate 622
display crypto key domain 624
display crypto key ssh 624
16 RADIUS AND SERVER GROUP COMMANDS
Commands by Usage 625
clear radius 626
clear radius client system-ip 627
clear radius proxy client 628
clear radius proxy port 628
clear radius server 629
clear server group 629
set radius 630
set radius client system-ip 632
set radius proxy client 633
set radius proxy port 634
set radius server 635
set server group 637
set server group load-balance 638
17 802.1X MANAGEMENT COMMANDS
Commands by Usage 641
clear dot1x bonded-period 642
clear dot1x max-req 643
clear dot1x port-control 643
clear dot1x quiet-period 644
clear dot1x reauth-max 645
clear dot1x reauth-period 645
clear dot1x timeout auth-server 646
clear dot1x timeout supplicant 646
clear dot1x tx-period 647
display dot1x 647
set dot1x authcontrol 650
set dot1x bonded-period 651
set dot1x key-tx 652
set dot1x max-req 653
set dot1x port-control 654
set dot1x quiet-period 655
set dot1x reauth 655
set dot1x reauth-max 656
set dot1x reauth-period 657
set dot1x timeout auth-server 657
set dot1x timeout supplicant 658
set dot1x tx-period 658
set dot1x wep-rekey 659
set dot1x wep-rekey-period 660
18 SESSION MANAGEMENT COMMANDS
Commands by Usage 661
clear sessions 661
clear sessions network 663
display sessions 664
display sessions mesh-ap 667
display sessions network 668
19 RF DETECTION COMMANDS
Commands by Usage 677
clear rfdetect attack-list 678
clear rfdetect black-list 679
clear rfdetect ignore 679
clear rfdetect ssid-list 680
clear rfdetect vendor-list 681
rfping 682
display rfdetect attack-list 683
display rfdetect black-list 684
display rfdetect clients 685
display rfdetect countermeasures 687
display rfdetect counters 688
display rfdetect data 690
display rfdetect ignore 692
display rfdetect mobility-domain 692
display rfdetect ssid-list 697
display rfdetect vendor-list 697
display rfdetect visible 698
set rfdetect active-scan 700
set rfdetect attack-list 701
set rfdetect black-list 702
set rf detect countermeasures 702
set rfdetect countermeasures mac 703
set rfdetect ignore 704
set rfdetect log 705
set rfdetect signature 706
set rfdetect signature key 707
set rfdetect ssid-list 707
set rfdetect vendor-list 708
test rflink 709
20 FILE MANAGEMENT COMMANDS
Commands by Usage 711
backup 712
clear boot backup-configuration 714
clear boot config 714
copy 715
delete 717
dir 718
install soda agent 721
display boot 722
display config 723
display version 725
load config 727
md5 729
mkdir 729
reset system 731
restore 732
rmdir 733
save config 733
set boot backup-configuration 734
set boot configuration-file 735
set boot partition 736
uninstall soda agent 736
21 TRACE COMMANDS
Commands by Usage 739
clear log trace 740
clear trace 740
display trace 741
save trace 742
set trace authentication 742
set trace authorization 743
set trace dot1x 744
set trace sm 745
22 SNOOP COMMANDS
Commands by Usage 747
clear snoop 748
clear snoop map 748
set snoop 749
set snoop map 752
set snoop mode 753
display snoop 754
display snoop info 754
display snoop map 755
display snoop stats 756
23 SYSTEM LOG COMMANDS
Commands by Usage 759
clear log 759
display log buffer 760
display log config 762
display log trace 763
set log 764
set log mark 767
24 BOOT PROMPT COMMANDS
Boot Prompt Commands by Usage 769
autoboot 770
boot 771
change 773
create 774
delete 775
dhcp 776
diag 777
dir 777
display 778
fver 780
help 781
ls 782
next 783
reset 784
test 785
version 786
A OBTAINING SUPPORT FOR YOUR 3COM PRODUCTS
Register Your Product to Gain Service Benefits 787
Solve Problems Online 787
Purchase Extended Warranty and Professional Services 788
Access Software Downloads 788
Contact Us 788
Telephone Technical Support and Repair 789
INDEX
Conventions 25
ABOUT THIS GUIDE
This command reference explains Mobility System Software (MSS™)
command line interface (CLI) that you enter on a 3Com WXR100 or
WX1200 Wireless Switch or WX4400 or WX2200 Wireless LAN
Controller to configure and manage the Mobility System™ wireless LAN
(WLAN).
Read this reference if you are a network administrator responsible for
managing WXR100, WX1200, WX4400, or WX2200 wireless switches
and their Managed Access Points (MAPs) in a network.
If release notes are shipped with your product and the information there
differs from the information in this guide, follow the instructions in the
release notes.
Most user guides and release notes are available in Adobe Acrobat
Reader Portable Document Format (PDF) or HTML on the 3Com
World Wide Web site:
http://www.3com.com/
Conventions Table 1 and Table 2 list conventions that are used throughout this guide.
Tab le 1 Notice Icons
Icon Notice Type Description
Information note Information that describes important features or
instructions
Caution Information that alerts you to potential loss of data or
potential damage to an application, system, or device
26 ABOUT THIS GUIDE
This manual uses the following text and syntax conventions:
Tab le 2 Text Conventions
Convention Description
Monospace text Sets off command syntax or sample commands and system
responses.
Bold text Highlights commands that you enter or items you select.
Italic text Designates command variables that you replace with
appropriate values, or highlights publication titles or words
requiring special emphasis.
[ ] (square brackets) Enclose optional parameters in command syntax.
{ } (curly brackets) Enclose mandatory parameters in command syntax.
| (vertical bar) Separates mutually exclusive options in command syntax.
Keyboard key names If you must press two or more keys simultaneously, the key
names are linked with a plus sign (+). Example:
Press Ctrl+Alt+Del
Words in italics Italics are used to:
Emphasize a point.
Denote a new term at the place where it is defined in the
text.
Highlight an example string, such as a username or SSID.
Documentation The MSS documentation set includes the following documents.
Wireless Switch Manager (3WXM) Release Notes
These notes provide information about the 3WXM software release,
including new features and bug fixes.
Wireless LAN Switch and Controller Release Notes
These notes provide information about the MSS software release,
including new features and bug fixes.
Wireless LAN Switch and Controller Quick Start Guide
This guide provides instructions for performing basic setup of secure
(802.1X) and guest (WebAAA
Domain for roaming, and for accessing a sample network plan in
3WXM for advanced configuration and management.
™) access, for configuring a Mobility
Documentation Comments 27
Wireless Switch Manager Reference Manual
This manual shows you how to plan, configure, deploy, and manage a
Mobility System wireless LAN (WLAN) using the 3Com Wireless Switch
Manager (3WXM).
Wireless Switch Manager User’s Guide
This manual shows you how to plan, configure, deploy, and manage the
entire WLAN with the 3WXM tool suite. Read this guide to learn how to
plan wireless services, how to configure and deploy 3Com equipment to
provide those services, and how to optimize and manage your WLAN.
Wireless LAN Switch and Controller Hardware Installation Guide
This guide provides instructions and specifications for installing a WX
wireless switch in a Mobility System WLAN.
Wireless LAN Switch and Controller Configuration Guide
This guide provides instructions for configuring and managing the
system through the Mobility System Software (MSS) CLI.
Wireless LAN Switch and Controller Command Reference
Documentation Comments
This reference provides syntax information for all MSS commands
supported on WX switches.
Your suggestions are very important to us. They will help make our
documentation more useful to you. Please e-mail comments about this
document to 3Com at:
pddtechpubs_comments@3com.com
Please include the following information when contacting us:
Document title
Document part number and revision (on the title page)
Page number (if appropriate)
Example:
Wireless LAN Switch and Controller Configuration Guide
Part number 730-9502-0071, Revision B
Page 25
28 ABOUT THIS GUIDE
Please note that we can only respond to comments and questions about
3Com product documentation at this e-mail address. Questions related to
Technical Support or sales should be directed in the first instance to your
network supplier.
NEW FEATURES SUMMARY
This summary describes new features and commands available in Version
7.0 of the Wireless LAN Mobility System that affect this guide. Each
feature section includes:
A brief description of the feature or command
Basic configuration procedures, if applicable
It is important to note that new MSS 7.0 features and commands are not
described within the individual chapters of this guide. They are only
covered in this summary section.
This summary covers the following topics:
Virtual Controller Clustering Configuration on page 30
AP 3950 PoE Configuration on page 31
External Captive Portal Support on page 33
Simultaneous Login Support on page 34
Dynamic RADIUS Extensions on page 34
MAC User Range Authentication on page 36
MAC Authentication Request Format on page 37
User Attribute Enhancements on page 37
Enhancements to Location Policy Configuration on page 38
RADIUS Ping Utility on page 39
Unique AP Number Support on page 40
Bandwidth Management on page 40
RF Scanning Enhancements on page 43
RF Detection Configuration on page 44
display aaa Command Replacements on page 48
30 NEW FEATURES SUMMARY
display ap config Enhancements on page 54
display load Enhancements on page 55
display radio-profile Enhancements on page 58
display sessions network ap Enhancements on page 60
clear sessions network Enhancements on page 61
display service-profile Enhancements on page 61
display rfdetect Changes on page 66
For more detailed application and usage information on the commands
described in this section, consult the Wireless LAN Switch and Controller
Configuration Guide.
Virtual Controller Clustering Configuration
set cluster mode Enable virtual controller cluster configuration on WXs in a mobility
New commands support configuration of virtual controller clustering on a
mobility domain.
domain.
Syntax —
| disable}
set cluster mode {enable | disable} preempt {enable
Defaults — None.
Access — Enabled.
History —Introduced in MSS Version 7.0.
Usage — You must enable cluster mode on all WXs that are members of
the cluster.
Examples — The following command enables cluster mode on a WX in a
mobility domain:
WX# set cluster mode enable
success:change accepted
set cluster preempt Use this command on the secondary seed of the cluster to allow the
secondary seed to become active if the primary seed fails.
AP 3950 PoE Configuration 31
Syntax — set cluster preempt {enable | disable}
Defaults — None.
Access — Enabled.
History —Introduced in MSS Version 7.0.
Usage — You can only use this command on the secondary seed of the
mobility domain.
Examples — The following command enables preempt mode on a
secondary seed:
WX# set cluster preempt enable
success:change accepted
AP 3950 PoE Configuration
set ap power-mode Syntax —
802.11n Configuration
A new command supports PoE configuration on the AP 3950.
set ap apnum power-mode {auto | high}
auto — Power is managed automatically by sensing the power level
on the AP. If low power is detected, unused Ethernet is disabled and
reduces the traffic on the 2.4 GHz radio. If high power is detected,
then both radios operate at 3x3 (3 transmit chains and 3 receive
chains).
high — Both radios operate at the maximum power available, which
requires either 802.3at PoE or both ports using 802.3af PoE.
Defaults — None.
Access — Enabled.
History —Introduced in MSS Version 7.0.
These commands support configuration of 802.11n frame aggregation,
data rates, and channel width on the AP 3950.
32 NEW FEATURES SUMMARY
set service-profile 11n A new command to configure maximum MPDU and MSDU packet
length, frame aggregation, and the short guard interval for 11n network
traffic.
Definitions of terms used in syntax:
Aggregrate MAC Protocol Data Unit (A-MPDU) — Allows multiple
MPDUs to be transmitted as a single PDU frame.
Aggregrate MAC Service Data Unit (A-MSDU) — Allows multiple
MSDUs to be transmitted within a single or multiple data MSDUs.
Only MSDUs whose destination address and source address map to
the same receiver address and transmitter address are aggregated.
Short Guard Interval — Used to prevent inter-symbol interference
for 802.11n. When enabled, the interval is 400 nanoseconds and it
enhances throughput when multipath delay is low.
set service-profile
transmit-rates
Syntax —
16K | 32K | 64K] a-msdu-max-length [4K | 8K] frame-aggregation [msdu | mpdu | all | disable] {mode-na | mode-ng [enable
| disable | required]} short-guard-interval [enable | disable]
a-mpdu-max-length — Configures the length of the MPDU packet in
set service-profile name 11n a-mpdu-max-length [8K |
kilobytes. Select from 8, 16, 32, or 64K.
a-msdu-max-length — Configures the length of the MSDU packet in
kilobytes. Select from 4 or 8K.
frame-aggregation — Enables aggregation of MPDU and MSDU
packets. Select either MPDU or MSDU or all. You can also disable this
option.
short-guard-interval — Configure this option to prevent
inter-symbol interference on the 802.11n network.
Defaults — None.
Access — Enabled.
History —Introduced in MSS Version 7.0.
Configures the data rates supported by MAP radios for a service-profile
SSID. This is an existing command. The only change in MSS 7.0 is to add
support and transmit rates for 11ng and 11na.
External Captive Portal Support 33
Syntax — set service-profile profile-name transmit-rates
11ng mandatory {1.0 |2.0 |5.5 |6.0 |9.0 |11.0 |12.0 |18.0
|24.0 |36.0 |48.0 |54.0 |m0 |m1 |m2 |m3 |m4 |m5 |m6 |m7 |m8
|m9 |m10 |m11 |m12 |m13 |m14 |m15} beacon-rate radio-rate
disabled multicast-rate {auto |1.0 |2.0 |5.5 |6.0 |18.0 |24.0
|36.0 |48.0 |54.0 |m0 |m1 |m2 |m3 |m4 |m5 |m6 |m7 |m8 |m9 |m10
|m11 |m12 |m13 |m14 |m15}
set service-profile profile-name transmit-rates 11na
mandatory {6.0 |9.0 |12.0 |18.0 |24.0 |36.0 |48.0 |54.0 |m0
|m1 |m2 |m3 |m4 |m5 |m6 |m7 |m8 |m9 |m10 | m11 |m12 |m13 |m14
|m15} beacon-rate radio-rate disabled multicast-rate {auto
|6.0 |9.0 |12.0 |18.0 |24.0 |36.0 |48.0 |54.0 |m0 |m1 |m2 |m3
|m4 |m5 |m6 |m7 |m8 |m9 |m10 |m11 |m12 |m13 |m14 |m15}
set radio-profile 11n Configures 11n radio ranges on the AP 3950.
External Captive Portal Support
Syntax —
40MHz}
name — Radio profile name.
11n channel-width-na — Set the channel width to 20 MHz or 40
set radio-profile name 11n channel-width-na {20MHz |
MHz.
Defaults — None.
Access — Enabled.
History — Introduced in MSS Version 7.0.
Examples — The following command sets the channel width to 40 MHz:
WX# set radio-profile boardroom 11n channel-width-na 40MHz
The ability to redirect Web portal authentication to a Web server on a
network rather than a local WX database or RADIUS is now available in
MSS 7.0. For For more information on this function, refer to the Wireless
LAN Switch and Controller Configuration Guide.
The following MSS command supports this function:
WX# set service-profile profile-name web-portal-form URL
34 NEW FEATURES SUMMARY
Simultaneous Login Support
Dynamic RADIUS Extensions
You can now limit the number of concurrent sessions that a user can have
on the network. You can use the vendor-specific attribute (VSA) on a
RADIUS server or configure it as part of a service profile. You can apply
the attribute to users and user groups.
The attribute,
simultaneous-logins, has been added to the following
commands:
set user username attr simultaneous-logins value
set usergroup group-name attr simultaneous-logins value
set service-profile name attr simultaneous-logins value
where value is between 0-1000. In the case of the set user attr
command, if you set the value to 0, then the user is locked out of the
network. The default value is unlimited access. In addition, setting this
value applies only to user sessions in the mobility domain and not a
specific WX.
To clear the configuration, use one of the following commands:
clear user username attr simultaneous-logins
clear usergroup group-name attr simultaneous-logins
These commands and attributes support configuration of dynamic
RADIUS extensions per RFC 3576 (Dynamic Authorization Server MIB).
set radius dac Configures dynamic RADIUS extensions in support of RFC 3576.
Syntax —
[enable | disable] | [change-of-author [enable | disable] |
replay-protection [enable | disable] | replay-window seconds]
set radius dac name ip-addr key string [disconnect
Defaults — None.
Access — Enabled.
History —Introduced in MSS Version 6.2.
set radius das-port Configures the dynamic authorization port for dynamic RADIUS servers.
Syntax —
set radius das-port port_number
Defaults — None.
Dynamic RADIUS Extensions 35
Access — Enabled.
History —Introduced in MSS Version 6.2.
Examples —
WX# set radius das-port 65539
success:change accepted
clear radius das-port Clears a configured dynamic RADIUS server authorization port.
set authorization
dynamic
Syntax —
clear radius das-port port_number
Defaults — None.
Access — Enabled.
History — Introduced in MSS Version 6.2.
Examples — To clear a dynamic RADIUS server port of 3799, use the
following command:
WX# clear radius das-port 3799
Configures SSIDs for dynamic RADIUS clients.
Syntax —
|8021X |any |name] | wired name}
set authorization dynamic {ssid [wireless_8021X
Defaults — None.
Access — Enabled.
History — Introduced in MSS Version 6.2.
Examples — To configure an SSID named dac_clients, use the following
command:
WX# set authorization dynamic ssid dac_clients
success:change accepted
termination-action
Attribute
The termination-action dynamic RADIUS attribute is now supported
in MSS 7.0. The attribute has been added to the following commands:
set user username attr termination-action value
36 NEW FEATURES SUMMARY
set usergroup group-name attr termination-action value
where value is 0 or 1. This attribute supports reauthentication of all
access types: dot1x, web-portal, MAC, and last-resort. When the value is
set to 0, the user session is terminated after the session expires. If the
value is set to 1, the user session is reauthenticated by sending a RADIUS
request message after the session expires.
MAC User Range Authentication
set authentication
mac-prefix
Version 7.0 modifies the User MAC Address field in the existing set
mac-user and set mac-user attr commands to allow input such as
00:11:00:* instead of just a single MAC address. Only one * (asterisk) is
allowed in the address format and it must be the last character.
During authentication of the MAC User client, the most specific entry
that matches the MAC-user glob is selected. Therefore, an entry for
00:11:30:21:ab:cd overrides an entry for 00:11:30:21:*, and an entry
for
00:11:30:21:* overrides an entry for 00:11:30:*.
To configure a MAC User Range with MSS, use these commands:
set mac-user 00:11:*
set mac-user 00:11:* attr attribute-name value
set mac-user 00:11:* [group group_name]
To configure this feature for authentication on a RADIUS server, use the
new command
set authentication mac-prefix (see the next section).
Specifies the MAC address prefix for SSID authentication.
Syntax —
wired mac-glob
mac-glob — Represents the range of MAC addresses for this rule and
set authentication mac-prefix {ssid [ssid | any]}
determines the prefix used for authentication. During authentication,
the MAC prefix is extracted from the MAC-glob and used as the
user-name in the Access-Request portion of the handshake.
Defaults — None.
Access — Enabled.
History — Introduced in MSS Version 7.0.
MAC Authentication Request Format 37
Usage — You can configure different authentication methods for
different groups of MAC addresses by “globbing.”
Examples — To set the MAC address glob for authenticating an SSID,
use the following command:
WX# set authentication mac-prefix ssid any 00:00*
success: change accepted.
MAC Authentication Request Format
A new parameter, mac-addr-format, is available in the set radius
server
command to configure a MAC address format to be sent as a
username to a RADIUS server for MAC authentication.
To configure the MAC address format with MSS, use the following
command:
WX# set radius server name mac-addr-format {hyphens | colons
| one-hyphen | raw}
For example:
WX# set radius server sp1 mac-addr-format ?
hyphens 12-34-56-78-9a-bc
colons 12:34:56:78:9a:bc
one-hyphen 123456-789abc
raw 123456789abc
You can also configure all RADIUS servers to use a specific MAC address
format with the following command:
WX# set radius mac-addr-format {hyphens | colons | one-hyphen
| raw}
User Attribute Enhancements
The RADIUS standard (RFC 2865) allows the attribute user-name to be
returned as part of the access-accept handshake. The
user-name string is
used as the user-name for the session. MSS supports this functionality on
the RADIUS server but not the WX local database. With the release of
MSS and 3WXM Version 7.0, this attribute is now supported as part of
the login session.
The attribute has been added to the following commands:
set user username attr user-name value
38 NEW FEATURES SUMMARY
set mac-user mac-addr attr user-name value
set usergroup group-name attr user-name value
set mac-usergroup group-name attr user-name value
where value is the username that is displayed in session information. It
can be up to 80 characters, including numbers and special characters.
To clear the configuration, use one of the following commands:
clear user username attr user-name
clear usergroup group-name attr user-name
clear mac-usergroup group-name attr user-name
If configured, usernames are now part of display output such as
display sessions:
WX# display sessions
User
Name
-----------------
engineering-05:0c:78 28* 10.7.255.2 yellow 5/1
engineering-79:86:73 29* 10.7.254.3 red 2/1
engineering-1a:68:78 30* 10.7.254.8 red 7/1
engineering-45:12:34 35* 10.9.254.7 blue 2/1
Enhancements to Location Policy Configuration
Sess
ID
------------
IP or MAC
Address
----------------------
VLAN
Name
------
Port/
Radio
------
Since the session user name is replaced by the user-name attribute, the
display sessions output displays this attribute as the user name for
the session. When the attribute is obtained from a user group, the user
name of all users in the group appears the same and you cannot
differentiate between them. However, the MAC address is added to the
user group name in the output.
MSS Version 7.0 adds a time-of-day attribute to the following
command for controlling wireless access during certain times of day:
set location policy {deny | permit} if [time-of-day operator
time-of-day]
operator
eq - Defines a specific timeframe
neq - Defines any time other than a specific timeframe
time-of-day
RADIUS Ping Utility 39
RADIUS Ping Utility A command provides a diagnostic tool to enhance troubleshooting
capabilities for RADIUS servers on the network.
radping This command sends an authentication request to the RADIUS server to
determine if it is offline.
Syntax —
radping {server | servername | group servergroup}
request [acct-off | acct-on | acct-start | acct-stop |
acct-update | authentication] user username password password
auth-type {plain | mschap2}
servername — Name of a RADIUS server configured to perform remote AAA
services for WX switches.
servergroup — Name of a RADIUS server group configured to perform
remote AAA services for WX switches.
acct-off, acct-on, acct-start, acct-stop, acct-update —
Send accounting requests to the RADIUS server to collect and start or stop user
statistics.
authentication — Send an authentication request to the RADIUS server.
username — A user name configured on the RADIUS server.
password — The password configured for user.
auth type {plain | mschap2}— Authentication type used by the RADIUS
server or server group.
Defaults — None.
Access — Enabled.
History —Introduced in MSS Version 6.2.
Examples — To verify that a RADIUS server alpha with the username
smith5 and password swordfish is active on the network, use the
following command:
WX# radping alpha request authentication user smith5 password
swordfish auth-type mschap2
Sending authentication request to server test-27708
(10.20.30.40:1812)
40 NEW FEATURES SUMMARY
To send an accounting request to the RADIUS server, use the following
command:
WX# radping alpha request acct-start
To stop the accounting requests, use the following commands:
WX# radping alpha request acct-stop
Unique AP Number Support
Bandwidth Management
MSS 7.0 now allows APs to be numbered from 1 to 9999 on a network.
However, there is no change to the maximum number of APs that can be
configured on a WX.
This affects the following command:
set ap apnum
where apnum is a number in the range 1-9999.
Bandwidth management allows you to manage network traffic on your
network by configuring certain traffic for higher priority over other
traffic—for example, VoIP traffic over normal network traffic. You can
configure this feature when you implement QoS profiles. You can
configure bandwidth management on a per-SSID, per-user, or queuing
weights basis.
The QoS profile contains a set of parameters that are applied to clients to
assure a specific service level on the network. A QoS profile is an AAA
attribute assigned to a client when the client associates on the network.
Prior to this release, some QoS parameters were configured as part of the
service profile attributes.
Commands and attributes used to implement bandwidth management
are described in the remainder of this section. For more detailed
information on use of these commands when configuring bandwidth
management, see the New Features Summary section in the Wireless
Switch Manager User Guide.
set qos profile Configures QoS parameters for multiple clients.
Syntax —
background | best effort | video | voice] [permit | demote] |
set qos-profile profile-name [access-category
Bandwidth Management 41
[cos static-cos-value][max-bandwidth
max-bw-kb][use-client-dscp enable | disable]
profile-name — Name of the QoS profile.
access-category, background, best-effort, video, voice —
Types of forwarding queues to configure QoS.
static-cos-value — Mark QoS traffic with a specific CoS value from 0 to 7.
max-bw-kb — Configure the bandwidth for the QoS profile, from 0 to 100000
Kbps.
use-client-dscp [enable | disable]— MSS classifies QoS level of IP
packets based on a DSCP value. You can specify a number from 0 to 7.
Defaults — None.
Access — Enabled.
History —Introduced in MSS Version 6.2.
set radio-profile
weighted-fair-queuing
Configures a minimum service level for specific radio profiles. Medium
time weights determine the relative transmit utilization of the radio
between service profiles.
Syntax —
weighted-fair-queuing {enable | disable} weight
service-profile-name weight
profile-name — Name of the radio profile.
weighted-fair-queuing— Enable or disable weighted fair queuing.
service-profile-name — Name of the service profile to apply weighted
queuing.
weight — Configure a weight value from 1 to 100. All profiles with weighted
queuing add up to 100.
set radio-profile profile-name
Defaults — None.
Access — Enabled.
History —Introduced in MSS Version 6.2.
42 NEW FEATURES SUMMARY
Examples — To configure weighted queuing for a radio and service
profile, use the following command:
WX# set radio-profile wireless weighted-fair-queuing enable
weight mp_conference 25
success: change accepted.
set service-profile
Configures the maximum bandwidth for a service profile.
max-bw
Syntax —
profile-name — Name of the service profile.
max-bw-kb — Configure a bandwidth from 1-300000 Kbps. 0 = unlimited
bandwidth.
set service-profile profile-name max-bw max-bw-kb
Defaults — None.
Access — Enabled.
History —Introduced in MSS Version 7.0.
Usage — Use this command to configure specific bandwidth
requirements for a service profile. Once configured, the service profile can
be mapped to a specific radio profile.
clear qos-profile Clears a QoS profile from the configuration.
Syntax —
clear qos-profile profile_name
Defaults — None.
Access — Enabled.
History — Introduced in MSS Version 6.2.
Usage — You can also use
clear qos-profile profile_name use-client-dscp, and clear
qos-profile profile_name max-bw
clear qos-profile profile_name cos,
to clear these parameters,
respectively.
Examples — To clear a QoS profile with the profile name, best_voice,
from the MSS configuration, use the following command:
WX# clear qos-profile best_voice
success: change accepted
RF Scanning Enhancements 43
RF Scanning Enhancements
set radio-profile
rf-scanning mode
A new attribute, sentry, is now available to independently configure and
control scanning behaviors on radios. For example, a disabled radio does
not transmit or receive, and a radio that is scanning, but not providing
radio service to clients, is in sentry mode.
times on scanning channels than the
sentry allows longer dwell
enable mode. This attribute has
been added to the following commands:
set ap apnum radio [1 | 2] mode [enable | sentry | disable]
set radio-profile profile-name mode [enable | sentry |
disable]
The remainder of this section describes commands used to configure RF
scanning.
Configures RF scanning on radios running MSS 7.0.
Syntax —
[passive | active]
profile-name — Name of the radio profile.
passive — The radio scans once per predefined time and audits the packets on
the wireless network. The default time is 1 second.
active — The radio actively sends probes to other channels and then audits the
packets on the wireless network.
set radio-profile profile-name rf-scanning mode
Defaults — None.
Access — Enabled.
History —Introduced in MSS Version 6.2.
Examples — To configure active rf-scanning mode for radio profile
gofish, use the following command:
WX# set radio-profile gofish rf-scanning mode active
success: change accepted
44 NEW FEATURES SUMMARY
set radio-profile
rf-scanning
channel-scope
Configures the channel scope for RF scanning.
Syntax —
channel-scope [operating | regulatory | all]
profile-name — Name of the radio profile.
regulatory — Scans and audits regulatory channels for 802.11a or802.11b/g.
operating — Scans and audits the current channel.
all — Scans and audits all channels on the radio
set radio-profile profile-name rf-scanning
Defaults — None.
Access — Enabled.
History —Introduced in MSS Version 6.2.
Examples — To scan only operating channels on radio profile, gofish,
use the following command:
WX# set radio-profile gofish rf-scanning channel-scope
operating
success: change accepted
RF Detection Configuration
This section describes deprecated, replaced, modified, and new rfdetect
commands for configuring RF classifications in MSS 7.0.
Deprecated Commands The following commands were deprecated as of MSS 6.2:
set rfdetect vendor-list [client | ap]
display rfdetect vendor-list
clear rfdetect vendor-list
set radio-profile profile-name countermeasures configured
RF Detection Configuration 45
Replaced Commands The following table lists pre-MSS 7.0 commands that are now obsolete
and their MSS 7.0 replacements:
Tab le 3 RF Detection Commands Replaced in MSS 7.0
Old Command Group Equivalent Replacement Commands
set rfdetect ignore transmit-mac
display rfdetect ignore
clear rfdetect ignore
set rfdetect neighbor-list [transmit-mac | oui]
display rfdetect neighbor-list
clear rfdetect neighbor-list [transmit-mac | oui |
all]
set rfdetect attack-list mac
display rfdetect attack-list
clear rfdetect attack-list
set rfdetect rogue-list mac-addr
display rfdetect rogue-list
clear rfdetect rogue-list [mac-addr | all]
Parameters:
transmit-mac or mac-addr — Basic service set identifier (BSSID), i.e.
a MAC address, of the device in the neighbor list.
OUI — Vendor device ID.
all — All devices in the neighbor list.
set rfdetect ssid-list This command has been modified to allow a wildcard for SSID names.
Only the changes are shown below:
set rfdetect ssid-list [ssid-name | ssid*]
set rfdetect
Syntax —
ssid-name — SSID name you want to add to the permitted SSID list.
ssid* — SSID glob at add to the permitted SSID list.
New command used to classify devices as ad-hoc devices on the network.
classification ad-hoc
Syntax —
skip-test]
rogue — Detects ad-hoc networks and classifies them as rogues.
skip-test — Omit looking for ad-hoc networks and go to the next
classification step.
set rfdetect classification ad-hoc [rogue |
Defaults — None.
Access — Enabled.
History —Introduced in MSS Version 6.2.
46 NEW FEATURES SUMMARY
Examples — To configure MSS to detect ad-hoc networks and classify them as
rogue devices, use the following command:
WX# set rfdetect classification ad-hoc rogue
set rfdetect
classification default
set rfdetect
classification
seen-in-network
New command used to configure the default classification of unknown
devices on the network.
Syntax —
suspect | neighbor]
rogue — Sets the default classification as rogue.
suspect — Sets the default classification as suspect.
neighbor — Sets the default classification as neighbor.
set rfdetect classification default [rogue |
Defaults — None.
Access — Enabled.
History —Introduced in MSS Version 6.2.
Examples — To configure MSS to detect unknown devices and classify
them as rogue devices, use the following command:
WX# set rfdetect classification default rogue
New command used to configure devices seen on the network as rogue
devices.
Syntax —
| skip-test]
set rfdetect classification seen-in-network [rogue
rogue — Sets the classification as rogue.
skip-test — Sets the default classification as suspect.
Defaults — None.
Access — Enabled.
History —Introduced in MSS Version 6.2.
RF Detection Configuration 47
Examples — To configure MSS to detect devices seen on the network
and classify them as rogue devices, use the following command:
WX# set rfdetect classification seen-in-network rogue
set rfdetect
classification
ssid-masquerade
display rfdetect
classification
New command used to configure devices with spoofed SSIDs as rogue
devices.
Syntax —
| skip-test]
rogue — Sets the classification as rogue.
skip-test — Sets the default classification as suspect.
set rfdetect classification ssid-masquerade [rogue
Defaults — None.
Access — Enabled.
History —Introduced in MSS Version 6.2.
Examples — To configure MSS to detect unknown devices and classify
them as rogue devices, use the following command:
WX# set rfdetect classification ssid-masquerade rogue
New command that displays information about the RF detect
classifications configured on the network.
Syntax —
display rfdetect classification
Defaults — None.
Access — Enabled.
History —Introduced in MSS Version 6.2.
Examples — The following shows the RF detect classification on the WX:
WX# set rfdetect classification
User
Rule
N If in Rogue list Rogue
N If AP is part of Mobility Domain Member
Rules for Classification Classification
48 NEW FEATURES SUMMARY
N If in the Neighbor List Neighbor
Y If SSID Masquerade Rogue
Y Client or Client DST MAC seen in
Y If Ad hoc device Rogue
N If SSID in SSID list Neighbor
Y Default Classification Suspect
Rogue
network
display aaa Command Replacements
display radius Displays RADIUS configuration information and status.
Server
-------
rs1 172.21.14.30 1812 1813 5 3 0 UP
rs2 1.1.1.1 1812 1813 5 3 0 UP
dummy 172.21.14.31 1812 1813 5 3 0 UP
In previous releases, the display aaa command displayed RADIUS, users,
and mac-users configuration on the WX. This command is now
deprecated and replaced by the
display mac-user, display usergroup, and display mac-usergroup
display radius, display user,
commands.
WX# display radius
Radius servers Default Values
Auth-Port=1812 Acct-Port=1813 Timeout=5 Acct-Timeout=5
Retrans=3 Deatime=0 Key=(null) Author-Pass=(null)
Radius Servers
IP Address
----------
Server groups
SG1:rs1
SG2:dummy
Auth
Port
-------
-
Acct
Port
-------
Time
Out
------
Retry
--------
Dead
Time
--------
State
-------
Radius Dynamic Authorization Configuration
Server port: 3799
Dynamic Author
display aaa Command Replacements 49
Dynamic Author
Clients
--------------
IP Address
--------------
Disconnect
--------
Change
Author
-------
Replay
Protect
------
Replay
Win (s)
--------
display user Displays summary or verbose status relating to users or users matching a
glob. For user globs, wildcards (*) are allowed at the beginning or end of
the string.
WX# display user[name-glob | verbose]
User Name
--------------
johndoe disabled Admin red
johnsmith enabled Admin red
guest_access disabled Guests red
User Name
--------------
johndoe disabled Admin red
johnsmith enabled Admin red
Status
-------------
WX# display user *john*
Status
-------------
Group
--------
Group
--------
VLAN
-------
VLAN
-------
WX# display user verbose
User name: johndoe
Status: disabled
Password: iforgot(encypted)
Group: Admin
VLAN: red
Password-expires-in: 12 days
Other attributes:
ssid: trapeze
end-date: 01/08/23-12:00
idle-timeout: 120
50 NEW FEATURES SUMMARY
acct-interim-interval: 180
User name: johnsmith
Status: enabled
Password: iforgot2(encypted)
Group: Admin
VLAN: red
Password-expires-in: 12 days
Other attributes:
None
User name: guest_access
Status: disabled
Password: iforgot3(encypted)
Group: Admin
VLAN: red
Password-expires-in: 5 days
Other attributes:
ssid: trapeze1
end-date: 01/08/20-9:00
idle-timeout: 100
acct-interim-interval: 600
WX# display user *john* verbose
User name: johndoe
Status: disabled
Password: iforgot(encypted)
Group: Admin
VLAN: red
Password-expires-in: 12 days
Other attributes:
ssid: trapeze
end-date: 01/08/23-12:00
idle-timeout: 120
acct-interim-interval: 180
User name: johnsmith
Status: enabled
display aaa Command Replacements 51
Password: iforgot2(encypted)
Group: Admin
VLAN: red
Password-expires-in: 12 days
Other attributes:
None
display mac-user Displays summary or verbose status relating to a specific mac-user or all
mac-users.
WX# display mac-user [mac-glob | verbose]
MAC
----------------
00:11:11:21:11:12 Guests insecure
00:11:11:21:11:* Guests red
WX# display mac-user 00:11:11:21:11:12
MAC
----------------
00:11:11:21:11:12 Guests insecure
WX# display mac-user verbose
MAC: 00:11:11:21:12
Group: Guests
VLAN insecure
Other attributes:
ssid: trapeze
end-date: 01/08/23-12:00
idle-timeout: 120
acct-interim-interval: 180
MAC: 00:11:11:21:*
Group: Guests
VLAN insecure
Other attributes:
ssid: trapeze
end-date: 01/08/23-12:00
Group
--------
Group
--------
VLAN
-------
VLAN
-------
52 NEW FEATURES SUMMARY
idle-timeout: 120
acct-interim-interval: 180
WX# display mac-user 00:11:11:21:11* verbose
MAC: 00:11:11:21:*
Group: Guests
VLAN insecure
Other attributes:
ssid: trapeze
end-date: 01/08/23-12:00
idle-timeout: 120
acct-interim-interval: 180
display usergroup Displays summary status for all user groups or verbose status for a specific
user group.
WX# display usergroup [ug-name]
Users Mapped
Usergroup
-------------
Admin 2 red 4
Guests 1 red 2
Guests2 0 blue 0
Usergroup: Admin
VLAN: red
Password-expires-in: 12 days
Other attributes:
ssid: trapeze
end-date: 01/08/23-12:00
idle-timeout: 120
acct-interim-interval: 180
to Group
--------------
WX# display usergroup Admin
VLAN
------
Other Attr. of
Group
Users in this group:
display aaa Command Replacements 53
User Name
------------
johndoe red
johnsmith red
WX# display usergroup Guests2
Usergroup: Guests2
VLAN: blue
Other attributes:
None
No users in this group.
VLAN
--------
display mac-usergroup Displays summary status for all MAC user groups or verbose status for a
specific MAC user group.
WX# display mac-usergroup [mac-ug-name | verbose]
Users Mapped
MAC Usergroup
------------------
Admin 0 red 3
Guests 2 insecure 4
to Group
--------------
VLAN
------
Other
Attr. of
Group
WX# display mac-usergroup Guests
MAC Usergroup: Guests2
VLAN: blue
Other attributes:
ssid: trapeze
end-date: 01/08/23-12:00
idle-timeout: 120
acct-interim-interval: 180
54 NEW FEATURES SUMMARY
MAC users in this group:
MAC
------------
00:11:11:21:11:12 insecure
00:11:11:21:11:* red
MAC Usergroup: Admin
VLAN: red
Other attributes:
ssid: trapeze
idle-timeout: 120
acct-interim-interval: 180
display ap config Enhancements
display ap config Displays a summary of all APs configured on the network.
VLAN
--------
WX# display mac-usergroup Admin
No MAC users in this group.
New commands and output now allow you to see AP configurations on
your network.
AP AP Name Model Mode Radio 1 profile Radio 2 profile
auto disabled default default
3 AP03 AP-3750 default aaaaaaaa123456
display ap config
verbose
Model: AP-3750
Mode: high
Bias: updgrade-firmware,
Option:
Connection: port 2
Serial number: 123456789
Displays all attributes of all APs.
AP 2
force-image-download,
blink
display load Enhancements 55
Fingerprint: finger_print
Communication timeout: 10 seconds
Location: USA
Contact: contact_name
Vlan-profile:
Radio 1 (11a)
Mode: enabled Radio profile: default
Channel: 36 Load balancing: Yes
Tx power: 13 Load balancing group: heavy_traffic
Auto tune max power: default Force rebalance: no
Antenna location: outdoors Antenna type: ANT5060
Service-profile:
clear-service
Radio 2 (11g)
Mode: enabled Radio profile: default
Channel: 36 Load balancing: enabled
Tx power: 13 Load balancing group: heavy_traffic
Auto tune max power: default Force rebalance: no
Antenna location: outdoors Antenna type: ANT5060
Service-profile:
clear-service
clear-service2 (bridge)
display ap config Displays all attributes of the specified AP.
WX# display ap config apnum
display ap config radio Displays all attributes of the specified AP and specified radio.
WX# display ap config apnum radio [1 | 2]
display load Enhancements
Changes to the display load command allow you to obtain
instantaneous CPU and memory load information in a more useful
format. In addition, more information is provided to assist with
troubleshooting the WX on the network.
56 NEW FEATURES SUMMARY
The following information is displayed:
System CPU load
Summary data displayed:
Last second (also called instant load)
Last minute
Last 5 minutes
Last hour
Last day
Last three days
Historical values drawn as a graph, showing peaks and averages:
Last minute
Last hour
Last three days
System memory load
Summary data displayed:
Last second (also called instant load)
Last minute
Last 5 minutes
Last hour
Last day
Last three days
Historical values drawn as a graph, showing peaks and averages:
Last minute
Last hour
Last three days
display load memory Output example:
Period Usage
------------------------------Last second: 38456 KB
Last minute: 38452 KB
Last 5 minutes: 38048 KB
Last hour: 38486 KB
Last day: 40708 KB
Last 3 days: 40931 KB
Total system memory: 131072 KB
display load cpu Output example:
Period Usage
-------------------Last second: 2%
Last minute: 2%
Last 5 minutes: 2%
Last hour: 2%
Last day: 1%
Last 3 days: 33141%
display load Enhancements 57
58 NEW FEATURES SUMMARY
display load cpu history Output example:
display radio-profile Enhancements
The display radio-profile command is used to display attributes
assigned to a radio. The output of the command is now reformatted to
accommodate additional features in MSS 7.0.
display radio-profile Enhancements 59
display radio-profile Displays all configured attributes of the specified radio profile.
WX# display radio-profile default2
Options
802.11: Long-preamble, WMM-power save, Fair-queuing,
Rate-enforcement
QoS:
Auto tune: Channel-config, Ignore-clients, Power-config
RF-scanning: CTS-to-self
Other: RFID-mode
802.11
Beacon Interval: 100 Max Tx lifetime: 2000
DTIM interval: 1 Max Rx lifetime: 2000
RTS threshold: 2346 Frag threshold 2346
Auto tune
Tune channel range: lower-bands Tune power interval: 600
Tune channel
interval:
Channel holddown: 300
RF-scanning
Mode: ACTIVE Channel-scope: REGULATO
Other
Countermeasures: None
DFS channels: disabled
QoS mode: wmm
Queue ACM Max % Police
Background NO 0 YES
BestEffort NO 0 YES
Video NO 0 YES
Voice NO 0 YES
3600 Power ramp interval: 60
RY
The information under QoS mode is displayed only if QoS mode is
configured for WMM.
60 NEW FEATURES SUMMARY
display sessions network ap Enhancements
display sessions
network ap
User Name
last-resort-user1 2* 172.17.55.166 user-vlan 2 11a
last-resort-user2 5* 172.17.55.166 user-vlan 1 11bg
last-resort-user3 10* 172.17.55.167 user-vlan 2 11a
last-resort-user4 12* 172.17.55.168 user-vlan 1 11bg
New commands and output now allow you to see AP statistics of a
network session. The new commands are as follows:
display sessions network ap apnum
display sessions network ap apnum verbose
display sessions network ap apnum qos-stats
display sessions network ap apnum radio radionum
display sessions network ap apnum radio radionum verbose
display sessions network ap apnum radio radionum qos-stats
Output for selected commands is shown below.
Output example:
WX# display sessions network ap 1,7,8
8 of 18 sessions matched
AP 1, conference room
Sess Address VLAN Radio Band
AP 7, kitchen
User Name
last-resort-user5 22* 172.17.55.175 user-vlan 2 11a
last-resort-user6 25* 172.17.55.176 user-vlan 1 11bg
last-resort-user7 26* 172.17.55.177 user-vlan 2 11a
last-resort-user8 27* 172.17.55.178 user-vlan 1 11bg
display sessions
network ap radio
User Name
Output examples:
WX# display sessions network ap 1 radio 1
2 of 18 sessions matched
AP 1, Conference room
Sess Address VLAN Radio Band
Sess Address VLAN Radio Band
clear sessions network Enhancements 61
last-resort-user2 5* 172.17.55.166 user-vlan 1 11bg
last-resort-user4 12* 172.17.55.168 user-vlan 1 11bg
WX# display sessions network ap 1, 7, 8 radio 1
6 of 16 sessions matched
AP 1, Conference Room
AP 1, Conference Room
Name Sess Address VLAN Radio Band
User
last-resort-user2 5* 172.17.55.166 user-vlan 1 11bg
last-resort-user4 12* 172.17.55.168 user-vlan 1 11bg
AP 7, Kitchen
User Name
last-resort-user5 22* 172.17.55.175 user-vlan 1 11a
last-resort-user6 25* 172.17.55.176 user-vlan 1 11a
last-resort-user6 26* 172.17.55.177 user-vlan 1 11a
last-resort-user6 27* 172.17.55.178 user-vlan 1 11a
clear sessions network Enhancements
Sess Address VLAN Radio Band
New clear sessions network commands have the following syntax:
clear sessions network ap apnum
clear session networks ap apnum radio radionum
The apnum parameter can be specified as one of the following:
A number - for example, 1.
A number list - for example, 1,2,7, 9 to show sessions on the specified
APs.
A number interval - for example, 1-10, 12-14 displays sessions on APs
1, 2, 3...10 and 12, 13, and 14.
The specified number is limited to the maximum number of supported
APs on the WX.
display service-profile Enhancements
The display service-profile command is used to display attributes of
a given service profile. Several changes are now in place to allow you to
easily view the attributes of each configured service profile.
62 NEW FEATURES SUMMARY
There are two possible forms for the display service-profile
command:
display service-profile name
display service-profile name area area_name
where name is the service profile name and area_name is one of the
following formats:
general
options
crypto
ssid
wep
web-portal
soda
misc
802.11
The attributes of a service-profile are grouped into nine different areas
(attributes). The display format of the output is as follows:
General attributes
SSID name: string
SSID type: string
Options List
Auth {fallthrough (none | last-resort | web-aaa-portal)
DHCP-restrict, SODA} None
Mesh {Bridge, Mesh} | None
CAC {CAC, load-balance-exempt} | None
L2 {No-broadcast, Proxy-ARP, keep-initial-VLAN} | None
802.11 {Beacon, Idle-client-probing} | None
Crypto
Authentication {802.1X. PSK, Shared-key} | None
Encryption {RSN, WPA}| None
Cipher {CCMP, TKIP, WEP40, WEP104} | None
Pre-shared key string*
SSID
Vlan Name string*
Encryption type string*
End date string*
Filter ID string [, string]*
Idle timeout string*
Mobility profile string*
Qos profile string*
Service type string*
Session timeout string*
Start date string*
URL: string*
WEP
Active-unicast-index int 1...4
Active-multicast-index int 1...4
Preset keys {int...4} | None
Web Portal
ACL string*
Form string*
Logout mode enabled | disabled
Logout URL string*
Session Timeout string*
SODA
Agent directory string*
Enforce checks enabled | disabled
Failure page string*
Remediation ACL string*
Success Page string*
Logout Page string*
Miscellaneous
CAC Session int 0...500
Short Retry Counter int 1...15
Long Retry Count int 1...15
Max Bandwidth int 1...100000 Kbps
User Idle Timeout int 20...86400
802.11 Settings
11a
display service-profile Enhancements 63
64 NEW FEATURES SUMMARY
Beacon Rate list_of_rates
Multicast Rate list_of_rates
Mandatory Rates list_of_rates
Standard Rates list_of_rates
11b
Beacon Rate list_of_rates
Multicast Rate list_of_rates
Mandatory Rates list_of_rates
Standard Rates list_of_rates
11g
Beacon Rate list_of_rates
Multicast Rate list_of_rates
Mandatory Rates list_of_rates
Standard Rates list_of_rates
* - option present only if a value is set
The Options list displays only enabled attributes.
Output example:
WX# display service-profile sp-1
General attributes
SSID Name: sp-1
SSID Type: clear
Options list
Auth: Fallthru none, DHCP-restrict, SODA
Mesh: Mesh, Bridge
CAC: CAC, Load-balance-exempt
L2: No-broadcast, Proxy-ARP, Keep-initial-vlan
802.11: Beacon
Crypto attributes
Authentication: 802.1X, PSK, Shared-key
Encryption: RSN, WPA
Cipher: CCMP, TKIP (countermeasures time 30000 ms), WEP40,
WEP104
display service-profile Enhancements 65
Pre-shared-key:
e647c43e9a166bb15724384b5b57f98c664dbe2069aaa1352ec1d28dacb1
975
SSID attributes
Filter id: traffic.in, filter.out
Mobility profile: mob-pro
Service type: 2
Start date: 06/06/07, 12:38
End date: 06/12/07, 00:00
Time of day: su0800-2000
Session timeout: 8000
Idle timeout: 600
URL: http:test.com/index.html
WEP attributes
Active-unicast-index: 2
Active-multicast-index: 1
Preset keys: 1,2,4
Web-Portal attributes
ACL: acl-test
Session timeout: 5
Logout mode: disabled
Form: web-portal-login
SODA attributes
Enforce SODA checks: enabled
Remediation ACL: acl-soda1
Success web-page: web-success-soda
Failure web-page: web-fail-soda
Logout web-page: web-logout-soda
Agent directory: agent-soda-dir
Miscellaneous attributes
CAC sessions: 8
Max bandwidth: 3000 kb/s
User idle timeout: 180
802.11 settings
11a
Beacon rate: 6
Multicast rate: auto
Mandatory ratse: 6, 12, 24
Standard rates: 9, 18, 36, 48, 54
66 NEW FEATURES SUMMARY
11b
Beacon rate: 2
Multicast rate: auto
Mandatory rates: 1, 2
Standard rates: 5.5, 11
11g
Beacon rate: 2
Multicast rate: auto
Mandatory rates: 1, 2, 5.5, 11
Standard rates: 6, 9, 12, 18, 24, 36, 48, 54
display rfdetect Changes
The display rfdetect command is updated in MSS 7.0 and allows you
to specify options to narrow down the display output.
Deprecated Commands The following commands are deprecated in MSS 7.0:
display rfdetect visible
display rfdetect clients
display rfdetect data This command has been simplified in MSS 7.0 — the number of items
displayed by the command has been reduced.
display rfdetect data bssid macglob | vendor vendor-name |
class [none | member | neighbor | suspect | rogue] clients
[mac macglob | ap macglob ap-number-list] | [radio
radio-number | adhoc | tag | unknown] [verbose | summary]
Output example:
WX# display rfdetect data
Total number of entries: 13
Detected BSSID Vendor Class AP
Name
00:0b:0e:09:1e:41 Trapeze suspt AP02 149 -62 198 rack3-guest-11b
00:0b:0e:09:28:00 Trapeze none AP02 11 -53 33 silviu-ssud-4
00:0b:0e:09:28:01 Trapeze none AP02 36 -59 18 wpa2pmk
00:0b:0e:0a:32:80 Trapeze suspt AP02 6 -78 3 trapezewlan_psk
00:0b:0e:0a:32:81 Trapeze suspt AP02 36 -76 63 trapezewlan_psk
00:0b:0e:0a:32:82 Trapeze suspt AP02 6 -76 78 trapezewlan
Ch RSSI Age SSID
display rfdetect Changes 67
00:0b:0e:0a:32:83 Trapeze suspt AP02 36 -76 78 trapezewlan
00:0b:0e:0a:bc:00 Trapeze suspt AP02 1 -66 33 alina_dot
00:0b:0e:0a:bc:02 Trapeze suspt AP02 1 -66 78 alina_mac
00:0b:0e:0a:bc:04 Trapeze suspt AP02 1 -65 78 alina_s
00:0b:0e:0a:bc:06 Trapeze suspt AP02 1 -65 33 alina_web
00:0b:0e:0e:0a:40 Trapeze rogue AP02 6 -56 589 test
00:0b:0e:14:68:81 Trapeze membr AP02 52 -58 3 rde-wpa
You can further refine the output using the options listed below:
bssid
The entire BSSID in the format XX:XX:XX:XX:XX:XX or in a macglob
format of consisting of a subset of the BSSIDs. The subset can be from 1
to 5 bytes of data, for instance, 01:02:03:04 displays all records
beginning with those bytes.
WX# display rfdetect data [bssid | bssid**]
vendor-name
Display by vendor name.
WX# display rfdetect data vendor vendor-name
SSID
Can be specified as a string or glob with the format ssid-name for the full
name and ssid* to match all SSIDs beginning with SSID.
WX# display rfdetect data ssid
Total number of entries: 13
SSID:alina_web
Detected BSSID
--------------
00:0b:0e:09:1e:41 Trapeze suspt AP02 149 -62 198
00:0b:0e:09:28:00 Trapeze none AP02 11 -53 33
SSID:
bedre-pendulum
Detected BSSID
--------------
00:0b:0e:0a:32:80 Trapeze suspt AP02 6 -78 3
00:0b:0e:0a:32:81 Trapeze suspt AP02 36 -76 63
Vendor
-------
Vendor
-------
Class
-----
Class
-----
AP Name
-------
AP Name
-------
Ch
---
Ch
---
RSSI
----
RSSI
----
Age
---
Age
---
68 NEW FEATURES SUMMARY
SSID: clear-vlad
Detected BSSID
--------------
00:0b:0e:0a:32:83 Trapeze suspt AP02 36 -76 78
00:0b:0e:0a:bc:00 Trapeze suspt AP02 1 -66 33
class: member
Detected BSSID
--------------
00:0b:0e:09:1e:41 Trapeze AP02 149 -62 198 rde-wpa part of mob do
00:0b:0e:09:28:00 Trapeze AP02 11 -53 33 snmp-radu-
class: suspect
Detected BSSID
--------------
00:0b:0e:0a:32:80 Trapeze AP02 6 -78 3
Vendor
-------
Class
-----
AP Name
-------
Ch
---
RSSI
----
Age
---
class
Sort output by classification as a rogue, neighbor, member, suspect, or
none.
WX# display rfdetect data class
Total number of entries: 6
Vendor
-------
Vendor
-------
AP Name
-------Ch---
AP Name
-------Ch---
RSSI
----
RSSI
----
Age
---
SSID
----
Reason
------
part of mob do
lung
Age
radu2 default class
---
WX# display rfdetect data class rogue
5 of 6 entries matched
class: rogue
Detected BSSID
--------------
Vendor
-------
AP Name
-------Ch---
RSSI
----
Age
---
SSID
----
Reason
------
00:0b:0e:09:1e:41 Trapeze AP02 149 -62 198 rde-wpa part of mob do
00:0b:0e:09:28:00 Trapeze AP02 11 -53 33 snmp-radu-
part of mob do
lung
00:0b:0e:0a:32:80 Trapeze AP02 6 -78 3 radu part of mob do
Values displayed in the Reason column can be any one of the following:
If the class value is set to None, there are two possible Reason codes:
Has not been classified
Not enough information to classify
display rfdetect Changes 69
If the class is set to Member, there are two possible Reason codes:
AP is part of the Mobility Domain
AP is not part of the Mobility Domain but passes the fingerprint test
If the class is set to Neighbor, there are three possible Reason codes:
AP is in the Neighbor list
AP is in the SSID list
AP is in the Vendor list
If the class is set to Suspect, there are two possible Reason codes:
List of all unskipped user tests
Not SSID-spoof; not seen in network; not in Vendor-list
If the class is set to Rogue, there are six possible Reason codes:
In Rogue list
SSID spoof
Seen in the network
Ad hoc device
Not in SSID list
Not in Vendor list
display rfdetect data ap The output for the
AP number, radio band, and then by detected BSSID.
Output example:
WX# display rfdetect data ap 1-6
5 of 13 entries matched
AP: 1 - Room-237
Detected BSSID
--------------
00:0b:0e:09:1e:41 Trapeze 149 rogue -62 198 rde-wpa
00:0b:0e:09:28:00 Trapeze 11 rogue -53 33 snmp-radu-lung
00:0b:0e:0a:32:80 Trapeze 6 membr -78 3 radu
00:0b:0e:09:1e:42 Trapeze 149 membr -62 198 rde-wpa
AP: 2 -AP02
Vendor
-------Ch---
display rfdetect data ap command is sorted by
Class
------
RSSI
----
Age
---
SSID
----
70 NEW FEATURES SUMMARY
Detected BSSID
--------------
00:0b:0e:09:1e:42 Trapeze 149 suspt -62 198 rde-wpa
display rfdetect data
clients
Detected Client
--------------
00:0e:35:ca:d2:5f Intel suspt 00:0b:0e:2c:c8:41 AP01 149 -62 198
00:0f:b5:86:cc:54 Netgear rogue unknown AP01 11 -53 33
00:0f:b5:86:8f:54 Netgear membr 00:0b:0e:2f:9b:c4 AP01 6 -78 3
00:0b:0e:09:1e:42 D-link suspt 00:0b:0e:2f:71:c1 AP01 149 -62 198
00:11:95:87:38:e2 D-link suspt unknown AP01 149 -62 4
Connected BSSID
---------------
00:0b:0e:2c:c8:41 00:0e:35:ca:d2:5f Intel suspt AP01 149 -62 198
00:0b:0e:a3:9b:c4 00:0f:b5:86:cc:54 Netgear rogue AP01 11 -53 33
00:0b:0e:2f:71:c1 00:0b:95:87:38:e2 D-Link suspt AP01 6 -78 3
00:0b:0e:09:28:01 00:11:95:8b:a0:cf D-link suspt AP01 149 -62 198
Vendor
-------Ch---
Class
------
RSSI
----
Age
---
SSID
----
This command can be used to display client data in two ways: generic,
and based on the MAC address of the AP connected to the client.
WX# display rfdetect data clients
Total number of entries: 5
Vendor
-------
WX# display rfdetect data clients ap 00:0b:0e
4 or 5 entries matched
Detected Client
---------------
Class
------
Connected BSSID
---------
Vendor
-------
Class
------
AP Name
-------Ch---
AP Name
-------Ch---
RSSI
----
RSSI
----
Age
---
Age
---
display rfdetect data
verbose
This command displays additional details about the rfdetect configuration
and can be used to display more information about client configuration
or generic configurations. Up to 3400
rfdtect verbose entries can be
displayed at one time.
WX# display rfdetect clients verbose
Total number of entries: 22
Client: 00:14:6c:a1:b3:b9
Client vendor: Netgear
Class: Rogue
Reason: seen in the network
display rfdetect Changes 71
Connected BSSID: 00:0b:0e:14:d4:81
BSSID vendor: Trapeze
AP Number: 10
AP Name: room-pn2-1
Radio: 1
Radio band: 11bg
Rate: 54 MB/s
RSSI: -70
Age 584
WX# display rfdetect data ssid Trapeze* verbose
3 of 12 entries matched
BSSID: 01:02:03:04:05:06
SSID: Trapeze_MX20
Class: Member
Reason: In-ignore-list
Type: Infrastructure
Encryption: CCMP, TKIP, WEP40
Vendor: Trapeze
Listeners:
AP
----------------Ch-----
Room-237 11 -66 123
Room-238 11 -85 15
Room-236 11 -90 15 Trapeze_MX20
RSSI
-----
Age
---
SSID
----
BSSID: 01:02:03:04:35:76
SSID: Trapeze_secure
Class: Rogue
Reason: Not-in-Vendor-list
Type: Infrastructure
Encryption: CCMP, TKIP, WEP140
Vendor: Trapeze
Listeners:
72 NEW FEATURES SUMMARY
AP
----------------Ch-----
Room-237 11 -66 123 Trapeze_secure
Room-238 11 -85 15 Trapeze_secure
BSSID: 01:02:03:04:35:80
SSID: Rack117-WX-105-Clear
Class: Rogue
Reason: Not-in-SSID-list
Type: Ad-hoc
Encryption: None
Vendor: Trapeze
Listeners:
AP
----------------Ch-----
Room-237 11 -66 123 Rack117-WX-105-C
Room-238 11 -85 15
Room-236 11 -90 15
RSSI
-----
RSSI
-----
Age
---
Age
---
SSID
----
SSID
----
lear
display rfdetect data
summary
AP Name
---------------
AP_Room_2111 b/g 5 0 1 0 0 129
AP_Room_553 b/g 1 1 0 0 0 32
AP_Room_941 b/g 10 0 0 0 0 32
=================
Totals:
This command has two forms: client and general. The client form displays
a summary of all detected clients by AP. The general form displays a
summary of all rfdetect data by both SSID and Vendor.
WX# display rfdetect data clients summary
Radio
----- susp
a1000029
a3300032
a9000032
======= =======29=======4====1====0====0====
Clients
knwn roge adhc tag
Last
Seen
---
129
display rfdetect Changes 73
74 NEW FEATURES SUMMARY
USING THE COMMAND-LINE
1
I
NTERFACE
This chapter discusses the 3Com Wireless Switch Manager (3WXM)
command-line interface (CLI). Described are:
CLI conventions (see “CLI Conventions” on page 76)
Editing on the command line (see “Command-Line Editing” on
page 81)
Using the CLI help feature (see “Using CLI Help” on page 83)
Information about the command descriptions in this reference (see
“Understanding Command Descriptions” on page 84)
Overview Mobility System Software (MSS) operates a 3Com Mobility System
wireless LAN (WLAN) consisting of 3Com Wireless Switch Manager
(3WXM) software and 3Com Wireless LAN Switch or 3Com Wireless LAN
Controller (WX switch) and 3Com Wireless LAN Managed Access Point
(MAP) hardware. There is a command-line interface (CLI) on the WX
switch that you can use to configure and manage the WX and its
attached access points.
You configure the wireless LAN switches and access points primarily with
set, clear, and display commands. Use set commands to change
parameters. Use clear commands to reset parameters to their defaults. In
many cases, you can overwrite a parameter with another set command.
Use display commands to show the current configuration and monitor
the status of network operations.
The wireless LAN switches support two connection modes:
Administrative access mode, which enables the network administrator
to connect to the WX switch and configure the network
Network access mode, which enables network users to connect
through the WX switch to access the network
76 CHAPTER 1: USING THE COMMAND-LINE INTERFACE
CLI Conventions Be aware of the following MSS CLI conventions for command entry:
“Command Prompts” on page 76
“Syntax Notation” on page 76
“Text Entry Conventions and Allowed Characters” on page 77
“User Globs, MAC Address Globs, and VLAN Globs” on page 78
“Port Lists” on page 80
“Virtual LAN Identification” on page 81
Command Prompts By default, the MSS CLI provides the following prompt for restricted
users. The mmmm portion shows the wireless LAN switch model number
(for example, 1200).
WXmmmm>
After you become enabled as an administrative user by typing enable
and supplying a suitable password, MSS displays the following prompt:
WXmmmm#
For information about changing the CLI prompt on a wireless LAN switch,
see “set prompt” on page 107.
Syntax Notation The MSS CLI uses standard syntax notation:
Bold monospace font identifies the command and keywords you must
type. For example:
set enablepass
Italics indicate a placeholder for a value. For example, you replace
vlan-id in the following command with a virtual LAN (VLAN) ID:
clear interface vlan-id ip
Curly brackets ({}) indicate a mandatory parameter, and square
brackets ([]) indicate an optional parameter. For example, you must
enter dynamic or port and a port list in the following command, but
a VLAN ID is optional:
clear fdb {dynamic | port port-list} [vlan vlan-id]
CLI Conventions 77
A vertical bar (|) separates mutually exclusive options within a list of
possibilities. For example, you enter either enable or disable, not
both, in the following command:
set port {enable | disable} port-list
Text Entry
Conventions and
Allowed Characters
MAC Address
Notation
Unless otherwise indicated, the MSS CLI accepts standard ASCII
alphanumeric characters, except for tabs and spaces, and is
case-insensitive.
The CLI has specific notation requirements for MAC addresses, IP
addresses, and masks, and allows you to group usernames, MAC
addresses, virtual LAN (VLAN) names, and ports in a single command.
3Com recommends that you do not use the same name with different
capitalizations for VLANs or access control lists (ACLs). For example, do
not configure two separate VLANs with the names red and RED.
The CLI does not support the use of special characters including the
following in any named elements such as SSIDs and VLANs: ampersand
(&), angle brackets (< >), number sign (#), question mark (?), or quotation
marks (“”).
In addition, the CLI does not support the use of international characters
such as the accented É in DÉCOR.
MSS displays MAC addresses in hexadecimal numbers with a colon (:)
delimiter between bytes — for example, 00:01:02:1a:00:01. You can
enter MAC addresses with either hyphen (-) or colon (:) delimiters, but
colons are preferred.
For shortcuts:
You can exclude leading zeros when typing a MAC address. MSS
displays of MAC addresses include all leading zeros.
In some specified commands, you can use the single-asterisk (*)
wildcard character to represent from 1 byte to 5 bytes of a MAC
address. (For more information, see “MAC Address Globs” on
page 79.)
78 CHAPTER 1: USING THE COMMAND-LINE INTERFACE
IP Address and Mask
Notation
MSS displays IP addresses in dotted decimal notation — for example,
192.168.1.111. MSS makes use of both subnet masks and wildcard
masks.
Subnet Masks
Unless otherwise noted, use classless interdomain routing (CIDR) format
to express subnet masks — for example, 192.168.1.112/24. You indicate
the subnet mask with a forward slash (/) and specify the number of bits in
the mask.
Wildcard Masks
Security access control lists (ACLs) use source and destination IP addresses and
wildcard masks to determine whether the wireless LAN switch filters or
forwards IP packets. Matching packets are either permitted or denied network
access. The ACL checks the bits in IP addresses that correspond to any 0s
(zeros) in the mask, but does not check the bits that correspond to 1s (ones) in
the mask. You specify the wildcard mask in dotted decimal notation.
For example, the address 10.0.0.0 and mask 0.255.255.255 match all IP
addresses that begin with 10 in the first octet.
The ACL mask must be a contiguous set of zeroes starting from the first
bit. For example, 0.255.255.255, 0.0.255.255, and 0.0.0.255 are valid
ACL masks. However, 0.255.0.255 is not a valid ACL mask.
User Globs, MAC
Address Globs, and
VLAN Globs
Name “globbing” is a way of using a wildcard pattern to expand a single
element into a list of elements that match the pattern. MSS accepts user
globs, MAC address globs, and VLAN globs. The order in which globs
appear in the configuration is important, because once a glob is matched,
processing stops on the list of globs.
User Globs
A user glob is shorthand method for matching an authentication,
authorization, and accounting (AAA) command to either a single user or
a set of users.
A user glob can be up to 80 characters long and cannot contain spaces or
tabs. The double-asterisk (**) wildcard characters with no delimiter
characters match all usernames. The single-asterisk (*) wildcard character
matches any number of characters up to, but not including, a delimiter
character in the glob. Valid user glob delimiter characters are the at (@)
sign and the period (.).
CLI Conventions 79
Table 4 gives examples of user globs.
Tab le 4 User Globs
User Glob User(s) Designated
jose@example.com User jose at example.com
*@example.com All users at example.com whose usernames do not
contain periods — for example, jose@example.com
and tamara@example.com, but not
nin.wong@example.com, because nin.wong
contains a period
*@marketing.example.com All marketing users at example.com whose
*.*@marketing.example.com All marketing users at example.com whose
* All users with usernames that have no delimiters
EXAMPLE\* All users in the Windows Domain EXAMPLE with
EXAMPLE\*.* All users in the Windows Domain EXAMPLE whose
** All users
usernames do not contain periods
usernames contain periods
usernames that have no delimiters
usernames contain periods
MAC Address Globs
A media access control (MAC) address glob is a similar method for
matching some authentication, authorization, and accounting (AAA) and
forwarding database (FDB) commands to one or more 6-byte MAC
addresses. In a MAC address glob, you can use a single asterisk (*) as a
wildcard to match all MAC addresses, or as follows to match from 1 byte
to 5 bytes of the MAC address:
00:*
00:01:*
00:01:02:*
00:01:02:03:*
00:01:02:03:04:*
For example, the MAC address glob 02:06:8c* represents all MAC
addresses starting with 02:06:8c. Specifying only the first 3 bytes of a
MAC address allows you to apply commands to MAC addresses based on
an organizationally unique identity (OUI).
80 CHAPTER 1: USING THE COMMAND-LINE INTERFACE
VLAN Globs
A VLAN glob is a method for matching one of a set of local rules on an
wireless LAN switch, known as the location policy, to one or more users.
MSS compares the VLAN glob, which can optionally contain wildcard
characters, against the VLAN-Name attribute returned by AAA, to
determine whether to apply the rule.
To match all VLANs, use the double-asterisk (**) wildcard characters with
no delimiters. To match any number of characters up to, but not
including, a delimiter character in the glob, use the single-asterisk (*)
wildcard. Valid VLAN glob delimiter characters are the at (@) sign and the
period (.).
For example, the VLAN glob bldg4.* matches bldg4.security and bldg4.hr
and all other VLAN names with bldg4. at the beginning.
Matching Order for Globs
In general, the order in which you enter AAA commands determines the
order in which MSS matches the user, MAC address, or VLAN to a glob.
To verify the order, view the output of the display aaa or display config
command. MSS checks globs that appear higher in the list before items
lower in the list and uses the first successful match.
Port Lists The physical Ethernet ports on a WX switch can be set for connection to
MAP access points, authenticated wired users, or the network backbone.
You can include a single port or multiple ports in one MSS CLI command
by using the appropriate list format.
The ports on a WX switch are numbered 1 through 4 (for the 3Com
Wireless LAN Controller WX4400) and 1 through 8 (for the 3Com
Wireless Lan Switch WX1200). No port 0 exists on the WX switch. You
can include a single port or multiple ports in a command that includes
port port-list. Use one of the following formats for port-list:
A single port number. For example:
WX1200# set port enable 6
A comma-separated list of port numbers, with no spaces. For
example:
WX1200# display port poe 1,2,4
Command-Line Editing 81
A hyphen-separated range of port numbers, with no spaces. For
example:
WX1200# reset port 1-3
Any combination of single numbers, lists, and ranges. Hyphens take
precedence over commas. For example:
WX1200# display port status 1-3,6
Virtual LAN
Identification
The names of virtual LANs (VLANs), which are used in Mobility Domain™
communications, are set by you and can be changed. In contrast, VLAN
ID numbers, which the wireless LAN uses locally, are determined when
the VLAN is first configured and cannot be changed. Unless otherwise
indicated, you can refer to a VLAN by either its VLAN name or its VLAN
number. CLI set and display commands use a VLAN’s name or number
to uniquely identify the VLAN within the WX.
Command-Line Editing
MSS editing functions are similar to those of many other network
operating systems.
Keyboard Shortcuts The following table lists the keyboard shortcuts for entering and editing
CLI commands.
Tab le 5 Keyboard Shortcuts
Keyboard Shortcut(s) Function
Ctrl+A Jumps to the first character of the command line.
Ctrl+B or Left Arrow key Moves the cursor back one character.
Ctrl+C Escapes and terminates prompts and tasks.
Ctrl+D Deletes the character at the cursor.
Ctrl+E Jumps to the end of the current command line.
Ctrl+F or Right Arrow key Moves the cursor forward one character.
Ctrl+K Deletes from the cursor to the end of the command
line.
Ctrl+L or Ctrl+R Repeats the current command line on a new line.
Ctrl+N or Down Arrow key Enters the next command line in the history buffer.
Ctrl+P or Up Arrow key Enters the previous command line in the history
buffer.
82 CHAPTER 1: USING THE COMMAND-LINE INTERFACE
Tab le 5 Keyboard Shortcuts (continued)
Keyboard Shortcut(s) Function
Ctrl+U or Ctrl+X Deletes characters from the cursor to the beginning
Ctrl+W Deletes the last word typed.
Esc B Moves the cursor back one word.
Esc D Deletes characters from the cursor forward to the
Delete key or Backspace key Erases mistake made during command entry. Reenter
History Buffer The history buffer stores the last 63 commands you entered during a
terminal session. You can use the Up Arrow and Down Arrow keys to
select a command that you want to repeat from the history buffer.
Tab s The MSS CLI uses the Tab key for command completion. You can type the
first few characters of a command and press the Tab key to show the
command(s) that begin with those characters. For example:
WX1200# display i <Tab>
ifm display interfaces maintained by the interface
manager
igmp display igmp information
interface display interfaces
ip display ip information
of the command line.
end of the word.
the command after using this key.
Single-Asterisk (*)
Wildcard Character
Double-Asterisk (**)
Wildcard Characters
You can use the single-asterisk (*) wildcard character in globbing. (For
details, see “User Globs, MAC Address Globs, and VLAN Globs” on
page 78.)
The double-asterisk (**) wildcard character matches all usernames. For
details, see “User Globs” on page 78.
Using CLI Help 83
Using CLI Help The CLI provides online help. To see the full range of commands available
at your access level, type the help command. For example:
WX1200# help
Commands:
------------------------------------------------------------------------clear Clear, use 'clear help' for more information
commit Commit the content of the ACL table
copy Copy from filename (or url) to filename (or url)
crypto Crypto, use 'crypto help' for more information
delete Delete url
dir Show list of files on flash device
disable Disable privileged mode
display Display, use 'display help' for more information
exit Exit from the Admin session
help Show this help screen
history Show contents of history substitution buffer
load Load, use 'load help' for more information
logout Exit from the Admin session
monitor Monitor, use 'monitor help' for more information
ping Send echo packets to hosts
quit Exit from the Admin session
reset Reset, use 'reset help' for more information
rollback Remove changes to the edited ACL table
save Save the running configuration to persistent storage
set Set, use 'set help' for more information
telnet telnet IP address [server port]
traceroute Print the route packets take to network host
For more information on help, see “help” on page 98.
To see a subset of the online help, type the command for which you want
more information. For example, to show all the commands that begin
with the letter i, type the following command:
WX1200# display i?
ifm Show interfaces maintained by the interface manager
igmp Show igmp information
interface Show interfaces
ip Show ip information
84 CHAPTER 1: USING THE COMMAND-LINE INTERFACE
To see all the variations, type one of the commands followed by a
question mark (?). For example:
WX1200# display ip ?
alias display ip aliases
dns display DNS status
https display ip https
route display ip route table
telnet display ip telnet
To determine the port on which Telnet is running, type the following
command:
WX1200# display ip telnet
Server Status Port
---------------------------------Enabled 23
Understanding Command Descriptions
Each command description in the 3Com Mobility System Software
Command Reference contains the following elements:
A command name, which shows the keywords but not the variables.
For example, the following command name appears at the top of a
command description and in the index:
set ap name
A brief description of the command’s functions.
The full command syntax.
Any command defaults.
The command access, which is either enabled or all. All indicates that
anyone can access this command. Enabled indicates that you must
enter the enable password before entering the command.
The command history, which identifies the MSS version in which the command
was introduced and the version numbers of any subsequent updates.
Special tips for command usage. These are omitted if the command
requires no special usage.
One or more examples of the command in context, with the
appropriate system prompt and response.
One or more related commands.
2
ACCESS COMMANDS
This chapter describes access commands used to control access to the
Mobility Software System (MSS) command-line interface (CLI).
Commands by Usage
disable Changes the CLI session from enabled mode to restricted access.
This chapter presents access services commands alphabetically. Use
Table 6 to located commands in this chapter based on their use.
Tab le 6 Access Commands by Usage
Type Command
Access Privileges enable on page 86
set enablepass on page 87
disable on page 85
quit on page 86
Syntax —
Defaults — None.
Access — Enabled.
History — Introduced in MSS Version 3.0.
Examples — The following command restricts access to the CLI for the
current session:
WX1200# disable
WX1200>
disable
See Also
enable on page 86
86 CHAPTER 2: ACCESS COMMANDS
enable Places the CLI session in enabled mode, which provides access to all
commands required for configuring and monitoring the system.
Syntax —
enable
Access — All.
History — Introduced in MSS Version 3.0.
Usage — MSS displays a password prompt to challenge you with the
enable password. To enable a session, your or another administrator must
have configured the enable password to this WX switch with the set
enablepass command.
Examples — The following command plus the enable password provides
enabled access to the CLI for the current sessions:
WX1200> enable
Enter password: password
WX1200#
See Also
set enablepass on page 87
set confirm on page 105
quit Exit from the CLI session.
Syntax —
quit
Defaults — None.
Access — All.
History — Introduced in MSS Version 3.0.
Examples — To end the administrator’s session, type the following
command:
WX1200> quit
set enablepass 87
set enablepass Sets the password that provides enabled access (for configuration and
monitoring) to the WX switch.
Syntax —
set enablepass
Defaults — None.
Access — Enabled.
History — Introduced in MSS Version 3.0.
Usage — After typing the set enablepass command, press Enter. If you
are entering the first enable password on this WX switch, press Enter at
the Enter old password prompt. Otherwise, type the old password.
Then type a password of up to 32 alphanumeric characters with no
spaces, and reenter it at the Retype new password prompt.
CAUTION: Be sure to use a password that you will remember. If you lose
the enable password, the only way to restore it causes the system to
return to its default settings and wipes out the configuration.
Examples — The following example illustrates the prompts that the
system displays when the enable password is changed. The passwords
you enter are not displayed.
WX1200# set enablepass
Enter old password: old-password
Enter new password: new-password
Retype new password: new-password
Password changed
See Also
disable on page 85
enable on page 86
88 CHAPTER 2: ACCESS COMMANDS
3
SYSTEM SERVICE COMMANDS
Use system services commands to configure and monitor system
information for a WX switch.
Commands by Usage
This chapter presents system service commands alphabetically. Use
Table 7 to locate commands in this chapter based on their use.
Tab le 7 System Services Commands by Usage
Type Command
Configuration quickstart on page 100
Auto-Config set auto-config on page 100
Display clear banner motd on page 90
quickstart on page 100
display banner motd on page 93
set banner acknowledge on page 102
set confirm on page 105
set length on page 105
System Identification set prompt on page 107
set system name on page 116
set system location on page 115
set system contact on page 108
set system countrycode on page 109
set system idle-timeout on page 113
set system idle-timeout on page 113
display load on page 95
display system on page 95
90 CHAPTER 3: SYSTEM SERVICE COMMANDS
Tab le 7 System Services Commands by Usage (continued)
Type Command
clear system on page 92
clear prompt on page 91
Help help on page 98
History history on page 99
clear history on page 91
License display license on page 94
set license on page 106
Technical Support display base-information on page 93
clear banner motd Deletes the message-of-the-day (MOTD) banner that is displayed before
the login prompt for each CLI session on the wireless LAN switch.
Syntax —
clear banner motd
Defaults — None.
Access — Enabled.
History — Introduced in MSS Version 3.0.
Examples — To clear a banner, type the following command:
WX4400# clear banner motd
success: change accepted
As an alternative to clearing the banner, you can overwrite the existing
banner with an empty banner by typing the following command:
set banner motd ^^
See Also
display banner motd on page 93
quickstart on page 100
clear history 91
clear history Deletes the command history buffer for the current CLI session.
Syntax —
clear history
Defaults — None.
Access — All.
History — Introduced in MSS Version 3.0.
Examples — To clear the history buffer, type the following command:
WX4400# clear history
success: command buffer was flushed.
See Also
history on page 99
clear prompt Resets the system prompt to its previously configured value. If the prompt
was not configured previously, this command resets the prompt to its
default.
Syntax —
Defaults — None.
clear prompt
Access — Enabled.
History — Introduced in MSS Version 3.0.
Examples — To reset the prompt, type the following command:
wildebeest# clear prompt
success: change accepted.
WX4400#
See Also
set prompt on page 107. (For information about default prompts,
see “Command Prompts” on page 76.)
92 CHAPTER 3: SYSTEM SERVICE COMMANDS
clear system Clears the system configuration of the specified information.
CAUTION: If you change the IP address, any currently configured
Mobility Domain operations cease. You must reset the Mobility Domain.
Syntax —
clear system [contact | countrycode | idle-timeout
| ip-address | location | name]
contact — Resets the name of contact person for the WX switch to
null.
countrycode — Resets the country code for the WX switch to null.
idle-timeout — Resets the number of seconds a CLI management
session can remain idle to the default value (3600 seconds).
ip-address — Resets the IP address of the WX switch to null.
location — Resets the location of the WX switch to null.
name — Resets the name of the WX switch to the default system
name, which is the model number.
Defaults — None.
Access — Enabled.
History — —Introduced in MSS Version 3.0. Option idle-timeout added
in MSS Version 4.1.
Examples — To clear the location of the WX switch, type the following
command:
WX4400# clear system location
success: change accepted.
See Also
display config on page 723
display system on page 95
set system contact on page 108
set system countrycode on page 109
set system idle-timeout on page 113
set system idle-timeout on page 113
set system location on page 115
display banner motd 93
display banner motd
display base-information
Shows the banner that was configured with the set banner motd
command.
Syntax —
display banner motd
Defaults — None.
Access — Enabled.
History — Introduced in MSS Version 3.0.
Examples — To show the banner with the message of the day, type the
following command:
WX4400# display banner motd
hello world
See Also
clear banner motd on page 90
quickstart on page 100
Provides an in-depth snapshot of the status of the wireless LAN switch,
which includes details about the boot image, the version, ports, and
other configuration values. This command also displays the last 100 log
messages.
Syntax —
[file [subdirname/]filename]
[subdirname/]filename — Optional subdirectory name, and a string
display base-information
up to 32 alphanumeric characters. The command’s output is saved
into a file with the specified name in nonvolatile storage.
Defaults — None.
Access — Enabled.
History — Introduced in MSS Version 3.0.
Usage — Enter this command before calling for Technical Support. See
“Obtaining Support for Your 3Com Products” on page 787 for more
information.
94 CHAPTER 3: SYSTEM SERVICE COMMANDS
See Also
display boot on page 722
display config on page 723
display license on page 94
display system on page 95
display version on page 725
display license Displays information about the license currently installed on the WX
switch.
Syntax —
display license
Defaults — None.
Access — All.
Examples — To view the WX switch license, type the following
command:
WX4400# display license
Serial Number : M8XE4IBB8DB10
License Number : 245
License Key : WXL-076E-93E9-62DA-54D8
Activation key : WXA-3E04-4CC2-430D-B508
Feature : 24 additional ports
Expires : Never
The additional ports refers to the number of additional MAPs the switch
can boot and actively manage.
See Also
set license on page 106
display load Displays CPU usage on a WX switch.
display load 95
Syntax —
display load
Defaults — None.
Access — Enabled.
History — Introduced in MSS Version 4.1.
Examples — To display the CPU load recorded from the time the WX
switch was booted, as well as from the previous time the display load
command was run, type the following command:
WX4400# display load
System Load: overall: 2% delta: 5%
The overall field shows the CPU load as a percentage from the time the
WX switch was booted. The delta field shows CPU load as a percentage
from the last time the display load command was entered.
See Also
display system on page 95
display system Shows system information.
Syntax —
display system
Defaults — None.
Access — Enabled.
96 CHAPTER 3: SYSTEM SERVICE COMMANDS
Examples — To show system information, type the following command:
WX4400# display system
===============================================================================
Product Name: WX4400
System Name: WX-bldg3
System Countrycode: US
System Location: first-floor-bldg3
System Contact: tamara@example.com
System IP: 192.168.12.7
System idle timeout: 3600
System MAC: 00:0B:0E:00:04:30
===============================================================================
Boot Time: 2003-11-07 15:45:49
Uptime: 13 days 04:29:10
===============================================================================
Fan status: fan1 OK fan2 OK fan3 OK
Temperature: temp1 ok temp2 ok temp3 ok
PSU Status: Lower Power Supply DC ok AC ok Upper Power Supply missing
Memory: 97.04/744.03 (13%)
Total Power Over Ethernet : 29.000
===============================================================================
Table 8 describes the fields of display system output.
Tab le 8 display system output
Field Description
Product Name Switch model number.
System Name System name (factory default, or optionally configured
System Countrycode Country-specific 802.11 code required for MAP operation
System Location Record of the WX switch’s physical location (optionally
System Contact Contact information about the system administrator or
System IP Common interface, source, and default IP address for the
with set system name).
(configured with set system countrycode).
configured with set system location).
another person to contact about the system (optionally
configured with set system contact).
device, in dotted decimal notation (configured with set
system ip-address).
display system 97
Tab le 8 display system output (continued)
Field Description
System idle timeout Number of seconds MSS allows a CLI management session
(console, Telnet, or SSH) to remain idle before terminating
the session. (The system idle timeout can be configured
using the set system idle-timeout command.)
System MAC WX switch’s media access control (MAC) machine address
set at the factory, in 6-byte hexadecimal format.
License License level installed on the WX switch (if applicable).
Boot Time Date and time of the last system reboot.
Uptime Number of days, hours, minutes, and seconds that the WX
has been operating since its last restart.
Fan status Operating status of the WX switch’s three cooling fans:
OK — Fan is operating.
Failed — Fan is not operating. MSS sends an alert to
the system log every 5 minutes until this condition is
corrected.
Fan 1 is located nearest the front of the chassis, and fan 3
is located nearest the back.
Temperature Status of temperature sensors at three locations in the WX
switch:
ok — Temperature is within the acceptable range of
0° C to 50° C (32° F to 122° F).
Alarm — Temperature is above or below the
acceptable range. MSS sends an alert to the system log
every 5 minutes until this condition is corrected.
PSU Status Status of the lower and upper power supply units:
missing — Power supply is not installed or is
inoperable.
DC ok — Power supply is producing DC power.
DC output failure — Power supply is not producing
DC power. MSS sends an alert to the system log every
5 minutes until this condition is corrected.
AC ok — Power supply is receiving AC power.
AC not present — Power supply is not receiving AC
power.
98 CHAPTER 3: SYSTEM SERVICE COMMANDS
Tab le 8 display system output (continued)
Field Description
Memory Current size (in megabytes) of nonvolatile memory
Total Power Over
Ethernet
See Also
clear system on page 92
set system contact on page 108
set system countrycode on page 109
set system idle-timeout on page 113
set system location on page 115
set system name on page 116
(NVRAM) and synchronous dynamic RAM (SDRAM), plus
the percentage of total memory space in use, in the
following format:
NVRAM size /SDRAM size (percent of total)
Total power that the device is currently supplying to its
directly connected MAP access points, in watts.
help Displays a list of commands that can be used to configure and monitor
the WX switch.
Syntax —
Defaults — None.
Access — All.
History — Introduced in MSS Version 3.0.
Examples — Use this command to see a list of available commands. If
you have restricted access, you see fewer commands than if you have
enabled access. To show a list of CLI commands available at the enabled
access level, type the following command at the enabled access level:
WX4400# help
Commands:
------------------------------------------------------------------------clear Clear, use 'clear help' for more information
commit Commit the content of the ACL table
copy Copy from filename (or url) to filename (or url)
help
history 99
crypto Crypto, use 'crypto help' for more information
delete Delete url
dir Show list of files on flash device
disable Disable privileged mode
display Display, use 'display help' for more information
disp tech support Display technical support information
exit Exit from the Admin session
help Show this help screen
history Show contents of history substitution buffer
hit-sample-rate Set NP hit-counter sample rate
load Load, use 'load help' for more information
logout Exit from the Admin session
monitor Monitor, use 'monitor help' for more information
ping Send echo packets to hosts
quit Exit from the Admin session
reset Reset, use 'reset help' for more information
rollback Remove changes to the edited ACL table
save Save the running configuration to persistent storage
set Set, use 'set help' for more information
telnet telnet IP address [server port]
traceroute Print the route packets take to network host
See Also
Using CLI Help on page 83
history Displays the command history buffer for the current CLI session.
Syntax —
Defaults — None.
Access — All.
History — Introduced in MSS Version 3.0.
Examples — To show the history of your session, type the following
command:
WX4400> history
Display History (most recent first)
----------------------------------[00] display config
[01] display version
[02] enable
history
100 CHAPTER 3: SYSTEM SERVICE COMMANDS
See Also
clear history on page 91
quickstart Runs a script that interactively helps you configure a new switch.
(For more information, see the “CLI quickstart Command” section of the
“WX Setup Methods” chapter in the Wireless LAN Switch and Controller
Configuration Guide.)
CAUTION: The quickstart command is for configuration of a new switch
only. After prompting you for verification, the command erases the
switch’s configuration before continuing. If you run this command on a
switch that already has a configuration, the configuration will be erased.
In addition, error messages such as “Critical AP Notice” for directly
connected MAPs can appear.
set auto-config Enables a WX switch to contact a 3WXM server for its configuration.
Syntax —
enable — Enables the switch to contact a 3WXM server to request a
set auto-config {enable | disable}
configuration.
disable— Disables the auto-config option.
Defaults — The auto-config option is automatically enabled on an
unconfigured WXR100 when the factory reset switch is pressed during
power on. However, auto-config is disabled by default on other models.
Access — Enabled.
History — Introduced in MSS Version 4.0.
Usage — A network administrator at the corporate office can
preconfigure the switch in a 3WXM network plan. The switch
configuration must have a name for the switch, the model must be
WXR100, and the serial number must match the switch’s serial number.
The configuration should also include all other settings required for the
deployment, including MAP configuration, SSIDs, AAA settings, and so
on.
Loading...