Reference Manual
Airborne Enterprise 802.11abgn
Command Line Interface (CLI)
WLNN-SE/SP/AN/ER/EK-DP500 Series
ABDN-ER-DP500 Series
ABDN-SE/ER-IN5000 Series
APXN-Q5000 Series
Revision 1.4
April 2013
International Headquarters:
707 Dayton Road
Ottawa, IL 61350 USA
Phone (815) 433-5100
Website: www.bb-elec.com
Sales e-mail: orders@bb-elec.com
Technical Support: support@bb.elec.com
European Headquarters
B&B Electronics
Westlink Commercial Park
Oranmore, Co. Galway, Ireland
Phone +353 91-792444
Website: www.bb-europe.com
Sales e-mail: sales@bb-europe.com
Technical Support: support@bb-europe.com
©2013 No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photography,
recording, or any information storage and retrieval system without written consent. Information in this manual is subject to change without notice, and
does not represent a commitment on the part.
B&B Electronics Manufacturing shall not be liable for incidental or consequential damages resulting from the furnishing, performance, or use of this
manual. All brand names used in this manual are the registered trademarks of their respective owners. The use of trademarks or other designations
in this publication is for reference purposes only and does not constitute an endorsement by the trademark holder.
2 Airborne Enterprise CLI Reference Manual
Contents
1.0 Overview ............................................................................................................................ 14
2.0 Conventions ....................................................................................................................... 15
2.1 Terminology ...............................................................................................................................15
2.2 Notes ...........................................................................................................................................15
2.3 Caution ........................................................................................................................................15
2.4 File Format .................................................................................................................................15
2.5 Courier Typeface .......................................................................................................................16
3.0 Scope ................................................................................................................................. 17
3.1 CLI Overview..............................................................................................................................17
3.2 Understanding the CLI ..............................................................................................................17
3.3 Typical Development System ..................................................................................................17
3.4 Serial Device Server Use .........................................................................................................17
3.5 Ethernet Bridge Use ..................................................................................................................17
3.6 WLAN Security ..........................................................................................................................18
3.7 Using Configuration Files .........................................................................................................18
3.8 Protecting Configuration Settings ...........................................................................................18
3.9 WLAN Roaming .........................................................................................................................18
3.10 FTP Configuration .....................................................................................................................18
3.11 Firmware Update .......................................................................................................................18
3.12 U-Boot Update ...........................................................................................................................18
3.13 Power Management ..................................................................................................................18
3.14 Digital GPIO ...............................................................................................................................19
3.15 Command Line Descriptions ...................................................................................................19
4.0 Supported Devices ............................................................................................................ 20
5.0 CLI Overview ..................................................................................................................... 21
5.1 UART...........................................................................................................................................21
5.2 Serial ...........................................................................................................................................21
5.3 SPI ...............................................................................................................................................21
5.4 Ethernet ......................................................................................................................................22
6.0 Understanding the CLI ....................................................................................................... 23
6.1 Connecting to the CLI Server ..................................................................................................23
6.2 CLI Security ................................................................................................................................23
6.3 CLI Session Modes ...................................................................................................................24
6.3.1 CLI Mode ............................................................................................................... 24
6.3.2 PASS Mode ........................................................................................................... 24
6.3.3 PASS Mode for the Serial Interface ....................................................................... 25
6.3.4 PASS Mode for a TCP CLI Session ...................................................................... 25
Airborne Enterprise CLI Reference Manual 3
6.3.5 LISTEN Mode (Serial/UART/SPI Interface Only) .................................................. 25
6.3.6 CLI Session Startup Modes ................................................................................... 26
6.4 CLI Server Escape Processing ...............................................................................................26
6.5 Detecting and Executing the Escape Sequence ..................................................................26
6.6 CLI Conventions ........................................................................................................................27
6.7 ASCHEX vs. Binary Values .....................................................................................................28
6.8 Command Responses ..............................................................................................................28
7.0 A Typical Development System ......................................................................................... 29
8.0 Serial Device Server Use .................................................................................................. 30
8.1 Data Bridging .............................................................................................................................30
8.1.1 Bridging from the Serial Interface .......................................................................... 30
8.1.2 Bridging from a TCP connection on the wl-telnet-port ........................................... 34
8.1.3 Bridging from a TCP connection on the wl-tunnel-port .......................................... 35
8.1.4 Bridging Using UDP ............................................................................................... 37
8.1.5 Data Bridging with XMODEM Guidelines .............................................................. 38
8.1.6 Bridging from a SSH connection on the wl-ssh-port .............................................. 39
8.1.7 Bridging using SSH ................................................................................................ 40
9.0 Ethernet Bridge Use .......................................................................................................... 42
9.1 Public Network Interface ..........................................................................................................43
9.2 Private Network Interface .........................................................................................................45
9.3 Ethernet Firewall Configuration ...............................................................................................46
9.4 Router Port Forwarding Configuration ...................................................................................49
9.5 Ethernet Port mode: Router vs. Client vs. Bridge .................................................................52
10.0 WLAN Security .................................................................................................................. 56
10.1 Disabled (No Security) ..............................................................................................................56
10.2 WEP Security .............................................................................................................................56
10.2.1 WPA Migration Mode ............................................................................................. 57
10.3 WPA Security .............................................................................................................................58
10.4 WPA2 Security ................................................................ ................................ ...........................58
10.5 Enterprise Security ....................................................................................................................59
10.6 Configuring EAP-FAST.............................................................................................................64
10.7 Managing Certificates and Private Keys ................................................................................65
11.0 Using Configuration Files .................................................................................................. 70
11.1 Configuration File Format ................................................................................................ .........72
12.0 Protecting Configuration Settings ...................................................................................... 73
12.1 Transferring Encrypted Configurations ..................................................................................74
13.0 WLAN Roaming ................................................................................................................. 76
14.0 FTP Configuration .............................................................................................................. 78
15.0 Firmware Update ............................................................................................................... 79
15.1 Using FTP to Update Firmware ...............................................................................................80
15.2 Using Xmodem to Update Firmware ......................................................................................80
4 Airborne Enterprise CLI Reference Manual
16.0 U-Boot Update ................................................................................................................... 82
17.0 Power Management........................................................................................................... 84
17.1 Mode: Active ..............................................................................................................................85
17.2 Mode: Doze ................................................................................................................................85
17.3 Mode: Sleep ...............................................................................................................................85
17.4 Mode: Wakeup ................................................................................................ ...........................86
17.5 Using Sleep Mode .....................................................................................................................86
18.0 Digital GPIO ....................................................................................................................... 88
18.1 Available GPIO Interfaces ........................................................................................................88
18.2 Default Configuration of GPIO .................................................................................................89
18.3 Configuring GPIO ports ............................................................................................................89
18.4 Using GPIO ports ......................................................................................................................92
19.0 Command Descriptions ..................................................................................................... 93
? [Question Mark] .................................................................................................................. 94
alt-subject-match ................................................................................................................... 95
alt-subject-match2 ................................................................................................................. 95
apply-cfg ................................................................................................................................ 96
arp-reachable-time ................................................................................................................. 98
arp-staleout-time .................................................................................................................... 98
auth-level ............................................................................................................................... 99
blink-post-led ....................................................................................................................... 100
bit-rate / bit-rate-p1 .............................................................................................................. 100
bit-rate-p2 ............................................................................................................................ 100
br-client-mac ........................................................................................................................ 101
ca-cert-filename ................................................................................................................... 102
ca-cert2-filename ................................................................................................................. 102
cfg-dump .............................................................................................................................. 103
cfg-encrypt ........................................................................................................................... 104
cfg-oem-protect .................................................................................................................... 106
clear ..................................................................................................................................... 107
clear-buf / clear-buf-p1......................................................................................................... 108
clear-buf-p2 .......................................................................................................................... 108
clear-cred ............................................................................................................................. 109
clear-wep ............................................................................................................................. 110
client-cert-filename .............................................................................................................. 110
client-cert2-filename ............................................................................................................ 110
conn-led ............................................................................................................................... 111
data-bits / data-bits-p1 ......................................................................................................... 111
data-bits-p2 .......................................................................................................................... 111
daylight-saving-name........................................................................................................... 112
daylight-saving-offset ........................................................................................................... 112
daylight-saving-startday ....................................................................................................... 112
daylight-saving-startmonth .................................................................................................. 113
daylight-saving-startweek .................................................................................................... 113
daylight-saving-stopday ....................................................................................................... 113
daylight-saving-stopmonth ................................................................................................... 114
daylight-saving-stopweek .................................................................................................... 114
daylight-saving-time ............................................................................................................. 114
debug-port ........................................................................................................................... 115
del-cert ................................................................................................................................. 116
Airborne Enterprise CLI Reference Manual 5
del-cfg .................................................................................................................................. 116
del-eth-route ........................................................................................................................ 117
del-wl-route .......................................................................................................................... 118
dev-type ............................................................................................................................... 119
device-type .......................................................................................................................... 119
dh-parm-filename ................................................................................................................. 120
dh-parm2-filename ............................................................................................................... 120
discover ............................................................................................................................... 121
disk-free ............................................................................................................................... 121
dns-lookup ........................................................................................................................... 122
dns-server1 .......................................................................................................................... 122
dns-server2 .......................................................................................................................... 122
dump-script .......................................................................................................................... 123
eap-anon-ident ..................................................................................................................... 123
eap-fast-max-pac-list ........................................................................................................... 124
eap-fast-provisioning ........................................................................................................... 124
eap-ident .............................................................................................................................. 125
eap-password ...................................................................................................................... 125
eap-phase1 .......................................................................................................................... 126
eap-phase2 .......................................................................................................................... 127
escape ................................................................................................................................. 128
esc-mode-lan / esc-mode-lan-p1 ......................................................................................... 129
esc-mode-lan-p2 .................................................................................................................. 129
esc-mode-serial / esc-mode-serial-p1 ................................................................................. 130
esc-mode-serial-p2 .............................................................................................................. 130
esc-str / esc-str-p1 ............................................................................................................... 131
esc-str-p2 ............................................................................................................................. 131
eth-dhcp ............................................................................................................................... 132
eth-dhcp-acqlimit ................................................................................................................. 132
eth-dhcp-client ..................................................................................................................... 133
eth-dhcp-clients ................................................................................................................... 133
eth-dhcp-fb ........................................................................................................................... 134
eth-dhcp-fbauto .................................................................................................................... 135
eth-dhcp-fbgateway ............................................................................................................. 136
eth-dhcp-fbip ........................................................................................................................ 136
eth-dhcp-fbper ..................................................................................................................... 137
eth-dhcp-fbsubnet ................................................................................................................ 137
eth-dhcp-rel .......................................................................................................................... 138
eth-dhcp-renew .................................................................................................................... 138
eth-dhcp-server .................................................................................................................... 139
eth-dhcp-vendorid ................................................................................................................ 139
eth-gateway ......................................................................................................................... 140
eth-info ................................................................................................................................. 140
eth-ip .................................................................................................................................... 141
eth-mac ................................................................................................................................ 141
eth-mode .............................................................................................................................. 142
eth-role ................................................................................................................................. 142
eth-route .............................................................................................................................. 143
eth-route-default .................................................................................................................. 144
eth-subnet ............................................................................................................................ 145
eth-udap ............................................................................................................................... 145
ethernet-port ........................................................................................................................ 146
flow / flow-p1 ........................................................................................................................ 147
flow-p2 ................................................................................................................................. 147
ftp-filename .......................................................................................................................... 148
ftp-password ........................................................................................................................ 148
ftp-server .............................................................................................................................. 149
6 Airborne Enterprise CLI Reference Manual
ftp-server-address ................................................................................................................ 149
ftp-server-listen-port............................................................................................................. 150
ftp-server-path ..................................................................................................................... 150
ftp-user ................................................................................................................................. 151
get-cert ................................................................................................................................. 151
get-cfg .................................................................................................................................. 152
get-script .............................................................................................................................. 153
get-web ................................................................................................................................ 153
goto ...................................................................................................................................... 154
help ...................................................................................................................................... 154
http-port ............................................................................................................................... 155
input-size / input-size-p1 ...................................................................................................... 156
input-size-p2 ........................................................................................................................ 156
intf-type ................................................................................................................................ 157
io-dir ..................................................................................................................................... 158
io-dir-f ................................................................................................................................... 159
io-dir-g .................................................................................................................................. 160
io-pullup ............................................................................................................................... 161
io-pullup-f ............................................................................................................................. 162
io-pullup-g ............................................................................................................................ 163
io-read .................................................................................................................................. 164
io-write ................................................................................................................................. 165
led-mode .............................................................................................................................. 166
list-cert ................................................................................................................................. 167
list-cfg .................................................................................................................................. 167
list-script ............................................................................................................................... 167
modelname .......................................................................................................................... 168
ntp-refresh ........................................................................................................................... 168
ntp-refresh-interval ............................................................................................................... 168
ntp-server-address ............................................................................................................... 169
ntp-startup-sync ................................................................................................................... 169
parity / parity-p1 ................................................................................................................... 170
parity-p2 ............................................................................................................................... 170
pass / pass-p1 ..................................................................................................................... 171
pass-any .............................................................................................................................. 172
pass-p2 ................................................................................................................................ 173
ping ...................................................................................................................................... 174
pm-mode .............................................................................................................................. 175
post-led ................................................................................................................................ 177
ppp-idle-timeout ................................................................................................................... 178
ppp-idle-timeout-p2 .............................................................................................................. 178
ppp-local-ip .......................................................................................................................... 179
ppp-local-ip-p2 ..................................................................................................................... 179
ppp-remote-ip ...................................................................................................................... 180
ppp-remote-ip-p2 ................................................................................................................. 180
priv-key-filename ................................................................................................................. 181
priv-key-password ................................................................................................................ 181
priv-key2-filename ............................................................................................................... 182
priv-key2-password.............................................................................................................. 182
put-cert ................................................................................................................................. 183
put-cfg .................................................................................................................................. 183
put-script .............................................................................................................................. 184
put-web ................................................................................................................................ 184
putexpect ............................................................................................................................. 185
putexpect-any ...................................................................................................................... 185
putexpect-p2 ........................................................................................................................ 186
putget ................................................................................................................................... 186
Airborne Enterprise CLI Reference Manual 7
putget-any ............................................................................................................................ 187
putget-p2 .............................................................................................................................. 187
pw ........................................................................................................................................ 188
pw-cfg .................................................................................................................................. 188
pw-leap ................................................................................................................................ 188
pw-manuf ............................................................................................................................. 189
pw-oem ................................................................................................................................ 189
pw-root ................................................................................................................................. 189
pw-wpa-psk .......................................................................................................................... 190
radio-off ................................................................................................................................ 190
radio-on ................................................................................................................................ 190
radio-startup ......................................................................................................................... 191
return ................................................................................................................................... 192
rf-link-led .............................................................................................................................. 192
run ........................................................................................................................................ 193
run-at ................................................................................................................................... 193
save ..................................................................................................................................... 194
serial-assert / serial-assert-p1 ............................................................................................. 195
serial-assert-p2 .................................................................................................................... 195
serial-default / serial-default-p1 ........................................................................................... 196
serial-default-p2 ................................................................................................................... 197
serial-port / serial-port-p1 .................................................................................................... 198
serial-port-p2 /serial-port2 ................................................................................................... 198
speedlink .............................................................................................................................. 199
ssh-default-password........................................................................................................... 199
ssh-default-user ................................................................................................................... 200
ssh-keygen .......................................................................................................................... 200
ssh-keysize .......................................................................................................................... 201
ssh-port ................................................................................................................................ 201
ssh-trust ............................................................................................................................... 202
startup-msg .......................................................................................................................... 203
startup-text ........................................................................................................................... 203
stats ..................................................................................................................................... 204
stop-bit / stop-bit-p1 ............................................................................................................. 205
stop-bit-p2 ............................................................................................................................ 205
subject-match ...................................................................................................................... 206
subject-match2 .................................................................................................................... 206
sys-info ................................................................................................................................ 207
tcp-retries ............................................................................................................................. 207
telnet-echo ........................................................................................................................... 208
telnet-port ............................................................................................................................. 208
timer-action .......................................................................................................................... 209
timer-enable ......................................................................................................................... 209
timer-initial-delay .................................................................................................................. 210
timer-period .......................................................................................................................... 210
timezone-name .................................................................................................................... 211
timezone-offset .................................................................................................................... 211
update .................................................................................................................................. 212
update-uboot ........................................................................................................................ 213
user ...................................................................................................................................... 214
user-cfg ................................................................................................................................ 214
user-leap .............................................................................................................................. 214
user-manuf ........................................................................................................................... 215
user-oem .............................................................................................................................. 215
ver-fw ................................................................................................................................... 216
ver-radio ............................................................................................................................... 216
ver-uboot .............................................................................................................................. 216
8 Airborne Enterprise CLI Reference Manual
wins-server1 ........................................................................................................................ 217
wins-server2 ........................................................................................................................ 217
wl-acl-mac ............................................................................................................................ 218
wl-acl-policy ......................................................................................................................... 218
wl-ant ................................................................................................................................... 219
wl-ap-max-clients ................................................................................................................. 219
wl-assoc-backoff .................................................................................................................. 219
wl-assoc-retries .................................................................................................................... 220
wl-band-pref ......................................................................................................................... 220
wl-beacon-int ....................................................................................................................... 220
wl-beacons-missed .............................................................................................................. 221
wl-chan ................................................................................................................................ 221
wl-clients .............................................................................................................................. 221
wl-deauth ............................................................................................................................. 222
wl-dhcp-clients ..................................................................................................................... 222
wl-dhcp-server ..................................................................................................................... 223
wl-dhcp-vendorid ................................................................................................................. 223
wl-dtim-int ............................................................................................................................ 223
wl-eap-advanced ................................................................................................................. 224
wl-fixed-rate ......................................................................................................................... 224
wl-gateway ........................................................................................................................... 224
wl-hide-ssid .......................................................................................................................... 225
wl-http-def ............................................................................................................................ 225
wl-http-port ........................................................................................................................... 225
wl-link-timeout ...................................................................................................................... 225
wl-mac ................................................................................................................................. 226
wl-mac-clone ........................................................................................................................ 227
wl-max-retries ...................................................................................................................... 227
wl-mode ............................................................................................................................... 228
wl-noise ................................................................................................................................ 229
wl-rate .................................................................................................................................. 229
wl-retry-time / wl-retry-time-p1 ............................................................................................. 230
wl-retry-time-p2 .................................................................................................................... 230
wl-route ................................................................................................................................ 231
wl-route-default .................................................................................................................... 232
wl-rssi ................................................................................................................................... 233
wl-rts-threshold .................................................................................................................... 233
wl-security ............................................................................................................................ 234
wl-sleep-status ..................................................................................................................... 235
wl-sleep-timer / wl-sleep-timer-p1 ........................................................................................ 235
wl-sleep-timer-p2 ................................................................................................................. 236
wl-specific-scan ................................................................................................................... 236
wl-ssh-port ........................................................................................................................... 237
wl-tcp-ip / wl-tcp-ip-p1 .......................................................................................................... 237
wl-tcp-ip2 / wl-tcp-ip2-p1 ...................................................................................................... 237
wl-tcp-ip-p2 .......................................................................................................................... 238
wl-tcp-ip2-p2 ........................................................................................................................ 238
wl-tcp-port / wl-tcp-port-p1 ................................................................................................... 239
wl-tcp-port-p2 ....................................................................................................................... 239
wl-tcp-timeout / wl-tcp-timeout-p1 ........................................................................................ 240
wl-tcp-timeout-p2 ................................................................................................................. 240
wl-telnet-port ........................................................................................................................ 241
wl-tunnel / wl-tunnel-p1 ........................................................................................................ 242
wl-tunnel-p2 ......................................................................................................................... 243
wl-tunnel-mode / wl-tunnel-mode-p1 ................................................................................... 244
wl-tunnel-mode-p2 ............................................................................................................... 244
wl-tunnel-port / wl-tunnel-port-p1 ......................................................................................... 245
Airborne Enterprise CLI Reference Manual 9
wl-tunnel-port-p2 .................................................................................................................. 245
wl-tx-power .......................................................................................................................... 246
wl-type ................................................................................................................................. 246
wl-udp-ip / wl-udp-ip-p1 ....................................................................................................... 247
wl-udp-ip-p2 ......................................................................................................................... 247
wl-udp-ping .......................................................................................................................... 248
wl-udp-port / wl-udp-port-p1 ................................................................................................ 249
wl-udp-port-p2 ...................................................................................................................... 249
wl-udp-rxport / wl-udp-rxport-p1 .......................................................................................... 250
wl-udp-rxport-p2 ................................................................................................................... 250
wl-udp-xmit / wl-udp-xmit-p1 ................................................................................................ 251
wl-udp-xmit-p2 ..................................................................................................................... 251
wl-wins1 ............................................................................................................................... 252
wl-wins2 ............................................................................................................................... 252
wl-wpa-proto ........................................................................................................................ 253
Wl-xmit-type / wl-xmit-type-p1 ............................................................................................. 254
Wl-xmit-type-p2 .................................................................................................................... 254
Wln-cfg-led ........................................................................................................................... 255
20.0 Error Codes ..................................................................................................................... 256
21.0 Glossary ........................................................................................................................... 259
10 Airborne Enterprise CLI Reference Manual
Figures
Figure 1 – Bridging from a serial Interface Manually Using the pass Command .......................... 33
Figure 2 – Bridging from a serial Interface Automatically at Startup Using the Serial-Default
Command ...................................................................................................................................... 34
Figure 3 – Bridging from a TCP Connection on the wl-telnet-port ................................................ 35
Figure 4 – Bridging From a TCP Connection on the wl-tunnel-port .............................................. 37
Figure 5 – Ethernet Bridge Functionality ....................................................................................... 42
Figure 6 – Airborne Ethernet Bridge IP Configuration ................................................................... 45
Figure 7 – Port Forwarding Example ............................................................................................. 50
Figure 8 – Certificate and Private Key Delivery Methods .............................................................. 67
Airborne Enterprise CLI Reference Manual 11
Tables
Table 1 – CLI Session Default PASS mode parameters ............................................................... 31
Table 2 – SSH Initial Configuration ............................................................................................... 39
Table 3 – Public Network Configuration ........................................................................................ 43
Table 4 – Private Network Interface Configuration ........................................................................ 45
Table 5 – Ethernet Firewall Commands ........................................................................................ 47
Table 6 – Port Forwarding Configuration ...................................................................................... 50
Table 7 – Configuring the Ethernet Module as a Router ............................................................... 53
Table 8 – Configuring the Ethernet Module as an Ethernet Client ................................................ 54
Table 9 – Configuring the Ethernet Module as a Bridge ............................................................... 55
Table 10 – WEP Configuration Parameters .................................................................................. 57
Table 11 – WEP-LEAP Configuration Settings ............................................................................. 57
Table 12 – WPA-Personal (PSK) Configuration ............................................................................ 58
Table 13 – WPA-LEAP Configuration............................................................................................ 58
Table 14 – WPA2-Personal (PSK) ASCII PSK Configuration ....................................................... 59
Table 15 – WPA2-Personal (PSK) Precalculated Key Configuration ............................................ 59
Table 16 – EAP-TLS/MSCHAPv2 Configuration ........................................................................... 61
Table 17 – PEAPv0/EAP-MSCHAPv2 Configuration .................................................................... 61
Table 18 – EAP-TTLS/MSCHAPV2 Configuration ........................................................................ 62
Table 19 – EAP-TLS/MSCHAPv2 Configuration Using .PFX or .P12 Private Key ....................... 63
Table 20 – EAP-FAST Configuration ............................................................................................ 64
Table 21 – Certificate Delivery Commands ................................................................................... 66
Table 22 – Certificate Management Commands ........................................................................... 67
Table 23 – Using Configuration Files ............................................................................................ 71
Table 24 – Encryption of Configuration Files ................................................................................ 73
Table 25 – Encrypted Configuration Delivery ................................................................................ 74
Table 26 – Commands that Affect Roaming ................................................................................. 76
Table 27 – FTP Configuration Commands .................................................................................... 78
Table 28 – FTP Upload Commands .............................................................................................. 78
Table 29 – update command description .................................................................................... 79
Table 30 – FTP Firmware Update ................................................................................................. 80
Table 31 – Xmodem Firmware Update.......................................................................................... 81
Table 32- U-Boot Update Process ................................................................................................. 82
Table 33 – Power-Save Modes ..................................................................................................... 84
Table 34 – pm-mode Parameters .................................................................................................. 84
Table 35 – UART Mode Affect on Sleep Mode ............................................................................. 86
Table 36 – Port Type Summary ..................................................................................................... 88
Table 37 – Port f Configuration ...................................................................................................... 88
Table 38 – Port g Configuration ..................................................................................................... 88
Table 39 – GPIO Default Settings Command List ......................................................................... 89
Table 40 – GPIO Read/Write CLI Commands .............................................................................. 92
Table 41 – Error Codes ............................................................................................................... 256
12 Airborne Enterprise CLI Reference Manual
<Page Intentionally Left Blank>
Airborne Enterprise CLI Reference Manual 13
1.0 Overview
Airborne is a line of highly integrated 802.11 radios and device servers, designed to
address the demands of the complex M2M market. Utilizing the latest 802.11, CPU and
network technologies, the Airborne™ family of products provide a broad, encompassing
solution for wireless applications requiring performance, reliability and advanced
technology.
The Airborne Wireless Device Server family includes everything necessary to connect a
Serial or Ethernet device to a high-performance 802.11 network. The WLNN-XX-DP500
series includes a full featured 802.11a/b/g/n radio and a high performance 32bit ARM9
processor running an embedded OS and B&B Electronics‟ exclusive Airborne Device
Server firmware, allowing the wireless network enabling of almost any device or system.
WPA2-Enterprise (AES-CCMP + EAP) is the security standard for leading-edge
enterprise networks. The Airborne Enterprise Device Server supports the latest security
standards and more. Fully compliant to the WPA2-Enterprise specification, the device
includes a wide range of EAP methods (with certificates), including support for legacy
functionality (WPA, WEP and LEAP).
The best security and advanced networking is no good if you cannot connect your device
to the Airborne Enterprise Device Server. Airborne offers the widest range of Serial and
Ethernet based interfaces in the industry. With flexibility and performance the WLNN-XXDP500 series lets you decide how you want to use it.
Designed by the B&B Electronics engineers specifically to meet the demands of the
industrial, automotive and medical markets, the Airborne Enterprise Device Server has
the widest operating temperature range and highest level of reliability available, all
backed by a lifetime warranty. B&B Electronics also provides FCC Modular certification,
potentially removing the need for further regulatory work.
The previous generations of Airborne Wireless Device Servers have been integrated and
deployed into a wide range of applications and markets, including Medical, Industrial,
Telematics and Logistics.
B&B Electronics 4th Generation Wireless Device Server extends the reputation of the
family further by expanding the wireless connectivity to use the latest technologies. The
Airborne Enterprise Device Server family is the industry-leading solution, and represents
a breakthrough, in 802.11 connectivity for all M2M markets.
The following manual covers a detailed description of the Airborne Command Line
Interface (CLI) used for management, configuration and integration of the Airborne and
AirborneDirect Enterprise Device Server products into embedded systems.
14 Airborne Enterprise CLI Reference Manual
The area next to the indicator will identify the specific information and make any
references necessary.
The area next to the indicator will identify the specific information and make any
references necessary.
2.0 Conventions
The following section outlines the conventions used within the document, where
convention is deviated from, the deviation takes precedence and should be followed. If
you have any question related to the conventions used or clarification of indicated
deviation please contact B&B Electronics Sales or Wireless Support.
2.1 Terminology
Airborne Enterprise Device Server and AirborneDirect Enterprise Device
Server is used in the opening section to describe the devices detailed in this
document, after this section the term module will be used to describe the
devices.
2.2 Notes
A note contains information that requires special attention. The following
convention will be used. The area to the right of the indicator will identify the
specific information and make any references necessary.
2.3 Caution
A caution contains information that, if not followed, may cause damage to the
product or injury to the user. The area to the right of the indicator will identify the
specific information and make any references necessary.
2.4 File Format
These documents are provided as Portable Document Format (PDF) files. To
read them, you need Adobe Acrobat Reader 4.0.5 or higher. For your
convenience, Adobe Acrobat Reader is provided on the Radio Evaluation Kit CD.
Should you not have the CD, for the latest version of Adobe Acrobat Reader, go
to the Adobe Web site (www.adobe.com).
Airborne Enterprise CLI Reference Manual 15
2.5 Courier Typeface
Commands and other input that a user is to provide are indicated with Courier
typeface. For example, typing the following command and pressing the Enter key
displays the result of the command:
wl-info <cr>
Module Firmware Version: 1.00
Radio Firmware Version: 5.0.21-210.p17
Link Status: Connected
SSID: Quatech_Connected
MAC Address: 000B6B77619E
BSSID: 0016B637880D
Transmit Rate (Mb/s): 54
Signal Level (dBm): -40
Noise Level (dBm): -92
IP Address: 192.168.1.100
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.1.1
Primary DNS: 68.107.28.42
Secondary DNS: 68.107.29.42
Up Time (Sec): 48313
16 Airborne Enterprise CLI Reference Manual
3.0 Scope
The CLI Reference Manual documents the Command Line Interface (CLI) for the module.
This document replaces the Airborne CLI reference manual and includes the commands
introduced or updated with the Enterprise Class product family.
The CLI is one of a number of management interfaces for the product family and is
comprised of a set of ASCII text commands and parameters used to provision the
module, provide module status and environmental feedback, as well as support firmware
and file delivery to the module.
This reference manual includes the following sections.
3.1 CLI Overview
In this section we will review the different device configurations and basic
operation and functionality of the module. Support for a specific function is
dependent upon the device configuration chosen. It will be noted within each
section to which configuration it applies.
3.2 Understanding the CLI
This section will cover the use of the CLI and describe the action and reaction to
the specific functional calls and commands.
Methods of connection and delivery of the CLI will also be reviewed. CLI
conventions, data types and command responses will also be addressed in this
section.
3.3 Typical Development System
An outline and description of a basic development and evaluation system will be
covered in this section. It is not necessary to use this exact configuration;
however descriptions of connectivity and use, utilized on other sections of the
manual, will be based upon the system structure described in this section.
3.4 Serial Device Server Use
In this section the base functionality of the module will be described and
examples of use and configuration will be provided to highlight the use of the
both it and the CLI. Refer to this section to understand the differences between a
command port, data tunnel, TCP/IP vs. UDP use and server vs. device operation.
3.5 Ethernet Bridge Use
A full description of the operation of the Airborne Ethernet Bridge, its place in the
network infrastructure and the required parameters will be covered in this
section.
Airborne Enterprise CLI Reference Manual 17
3.6 WLAN Security
This section will cover the use of the advanced security features available in the
module. Configuration of the module, requirements for successful deployment,
examples of configuration for the use of the advanced authentication and
wireless security options will be provided.
Descriptions of how to use WEP, WPA and WPA2 will be included. Outlines of
the authentication methods supported (EAP), certificate delivery and deployment
will be reviewed.
3.7 Using Configuration Files
This section will cover the use of configuration files to predefine device
configuration, to be delivered and stored on the module.
3.8 Protecting Configuration Settings
This section will cover the use of encryption to protect sensitive configuration
settings from prying eyes. This is used on the parts of the configuration that are
considered sensitive, like encryption keys, passwords, etc.
3.9 WLAN Roaming
This section will outline the commands that impact the roaming performance of
the module. Discussion of configuration options based upon application
requirements is also included.
3.10 FTP Configuration
The Airborne Enterprise Device Server family supports delivery of certificates,
private keys, configuration files and module firmware via FTP. This section
describes how to configure and use the FTP capabilities.
3.11 Firmware Update
The Airborne Enterprise Device Server family supports in-field updating of the
devices firmware. This allows devices already deployed access to the latest
feature updates and enhancements.
3.12 U-Boot Update
This section describes the ability to update the U-Boot. This should be an
infrequent event, however when required, a procedure exists to install an update.
3.13 Power Management
A review of the CLI commands impacting device power usage will include a
description of the power save modes and how to utilize them. A discussion on
the impact of power, data latency and module status will be included.
18 Airborne Enterprise CLI Reference Manual
3.14 Digital GPIO
The Airborne Enterprise Device Server family supports two Digital GPIO ports.
The two ports can be configured to be used as general IO. Some modules allow
the LED pins to be re-assigned as GPIO pins.
3.15 Command Line Descriptions
This section will describe in detail the syntax, arguments and use of the available
commands.
Airborne Enterprise CLI Reference Manual 19
Part No.
Description
WLNN-SE-DP5XX
802.11 to RS232/422/485 and UART Serial Device Server Module,
Enterprise Class
WLNN-AN-DP5XX
802.11 to UART Serial Device Server Module, Enterprise Class
WLNN-SP-DP5XX
802.11 to SPI Serial Device Server Module, Enterprise Class
WLNN-ER-DP5XX
802.11 to 10/100 Ethernet Router (NAT Level3) Module, Enterprise Class
WLNN-EK-DP5XX
Enterprise Class Airborne Development and Evaluation Kit
ABDN-ER-DP5XX
802.11 to 10/100 Ethernet Router (NAT Level3), Enterprise Class
ABDN-ER-IN5XXX
802.11 to 10/100 Industrial Ethernet Router (NAT Level3), 5-36VDC ,
Enterprise Class
ABDN-SE-IN5XXX
802.11 to RS232/422/485 Device Server (Single and Dual Port), Ethernet,
5-36VDC , Enterprise Class
APXN-Q50xx
Industrial Access Point, Ethernet to 802.11, 5-36VDC, Enterprise Class
APXN-Q54xx
Industrial Access Point, Serial to 802.11, Ethernet, 5-36VDC, Enterprise
Class
4.0 Supported Devices
This manual supports the Enterprise set of CLI commands across all platforms. Not all
commands are supported on all platforms; the command descriptions in Section 19.0
provide guidance on which devices support it.
At the time of writing, the CLI command list represents the v3.16 release of the WLNNXX-DP500 series of Airborne Device Server firmware. The part numbers supporting the
commands described in this document include, but aren‟t limited to, the following:
Note: 802.11 includes 802.11a/b/g/n bands
20 Airborne Enterprise CLI Reference Manual
5.0 CLI Overview
The module includes a Command Line Interface (CLI) Server. The CLI Server is the
primary user interface for configuring, controlling, and monitoring the module. Users and
OEM applications can establish CLI Sessions to the CLI Server via the serial interface or
a TCP connection on the wireless and Ethernet interfaces.
This document describes the Command Line Interface commands, including the
extensions introduced or updated with the introduction of the Enterprise module (WLNNXX-DP500 family). Since different Airborne™ modules differ in functionality, there may be
differences in the use of the CLI for each particular device. These differences are clearly
identified as part of this document.
There are four primary configurations supported by the module family: these are UART,
Serial, SPI and Ethernet. Each device type will be described below. In some cases
multiple interface options are available within a specific configuration; the functionality of
these interfaces does not vary between device configurations unless specifically noted
within the device description.
5.1 UART
The UART (Universal Asynchronous Receiver/Transmitter) interface is a digital
interface that supports full-duplex transfer of data serially between the module
and a connected host. It supports the following settings:
BAUD: 300, 600, 1200, 2400, 4800, 9600, 14400, 19200, 28800, 38400,
57600, 115200, 230400, 460800, 921600
Flow Control: None, Hardware (CTS/RTS), Software (XON/XOFF)
Default settings: 9600, N, 8, 1, No Flow Control.
5.2 Serial
The Serial device includes both a UART interface control and I/O lines to
manage external logic for RS232/422/485 line drivers. It supports the following
settings:
BAUD: 300, 600, 1200, 2400, 4800, 9600, 14400, 19200, 28800, 38400,
57600, 115200, 230400, 460800, 921600
Flow Control: None, Hardware (CTS/RTS), Software (XON/XOFF)
Mode (RS232/422/485), Tx Enable, Rx Enable.
Default settings: 9600, N, 8, 1, No Flow Control.
Note: the second serial port doesn‟t support Hardware Flow Control and only
supports a 4-wire interface for 422/485.
5.3 SPI
The SPI interface is a five (5) pin interface that supports full duplex operation.
The module acts as a SPI slave and requires the master to supply the SPI clock.
The default configuration for the interface is:
Airborne Enterprise CLI Reference Manual 21
Master SPI Clock: up to 8MHz
Airborne SPI protocol (see WLNN DP500 Family Data Book, section 7.0 for
details)
5.4 Ethernet
The module supports a fully-compliant 10/100 Ethernet interface capable of
supporting all full- and half-duplex rates. The rates are configurable through the
CLI interface.
The module includes a Broadcom BCM5241A Ethernet PHY; please refer to the
manufacturer‟s datasheet for interface details and appropriate design guidelines.
The interface supports the following settings:
Auto Negotiate, 10Mbps Half Duplex, 10Mbps Full Duplex, 100Mbps Half
Duplex, 100Mbps Full Duplex
Default settings: Auto Negotiate.
22 Airborne Enterprise CLI Reference Manual
6.0 Understanding the CLI
CLI Sessions established to the CLI Server may operate in one of three modes: CLI,
PASS, or LISTEN. Not all modes are supported on all interfaces of the device. A CLI
Session established on the serial interface may operate in any of the three modes. CLI
Sessions established on the wireless or Ethernet interfaces are restricted to CLI or PASS
Modes.
6.1 Connecting to the CLI Server
Users may connect to the CLI Server on the serial interface using a terminal
emulation program such as HyperTerminal or TeraTerm. The module default
settings for the serial interface are:
Bits per second: 9600
Data bits: 8
Stop bits: 1
Parity: none
Flow control: none
Users may also connect to the CLI Server on the wireless or Ethernet interface
using a TCP client such as Windows Telnet or an SSH client. The Module‟s CLI
Server supports a Telnet connection with the following restrictions:
Telnet commands such as DO, WONT, and DON, must not be issued.
Network Virtual Terminal codes are not supported.
The CLI Server‟s network interface is characterized as follows:
The CLI Server listens on the TCP port specified by the wl-telnet-port
parameter. The default is 23.
The CLI Server listens on the SSH port specified by the wl-ssh-port
parameter. The default is 22.
The CLI Server inactivity timer is configured via the wl-telnet-timeout
command.
The CLI Server uses the wl-telnet-timeout value to timeout and close
TCP connections that are inactive.
The CLI Server supports multiple, simultaneous TCP sessions.
6.2 CLI Security
The CLI Server supports five (5) levels of security for each CLI Session. The
security levels provide a safeguard for the set of CLI commands that may be
executed by users. CLI Sessions that are authenticated at a particular security
level may execute all CLI commands specified for that security level and below.
The Module‟s five (5) levels of security are:
Level 0 (L0) = connectionless
Level 1 (L1) = connection, not logged in (default)
Airborne Enterprise CLI Reference Manual 23
Level 2 (L2) = data
Level 3 (L3) = config
Level 4 (L4) = OEM
Level 5 (L5) = Manufacturing (manuf)
Level 0 is the connectionless access level. Access over UDP will use this access
level. The L0 level provides access to the name query services. It is not an
authenticated level.
Level 1 is the default security level for CLI Sessions over TCP or the serial
interface.
CLI Sessions must execute the CLI command auth in order to authenticate the
CLI Sessions to another security level. The CLI command logout returns the
CLI Session back to security Level 1.
6.3 CLI Session Modes
The mode of the CLI Session governs the set of actions allowed in the CLI
session. The following are descriptions of each mode:
6.3.1 CLI Mode
CLI Mode is the command processing mode of the CLI Session. CLI Mode allows
users and OEM applications to simply execute module commands as described
in the section, “CLI Commands.”
A CLI Session may transition into CLI Mode automatically at startup of the CLI
Session (if so configured). See section “CLI Session Startup Modes” for details
on startup modes.
CLI Sessions may transition manually to CLI Mode from the other modes via the
use of the CLI escape processing feature in the CLI Server. See section “CLI
Server Escape Processing” for details.
6.3.2 PASS Mode
PASS Mode is an active data bridging mode of the CLI Server. PASS Mode
allows the user or OEM application to transfer data between a CLI Session on
the network interface and the CLI Session on the serial interface.
A CLI Session may transition to PASS Mode automatically at startup of the CLI
session (if so configured) or manually from the CLI Mode using the CLI pass
command. See section “CLI Session Startup Modes” for details on startup
modes.
The transition from CLI Mode into PASS Mode differs depending on the attributes
of the CLI session. The following sections describe the two PASS Modes.
24 Airborne Enterprise CLI Reference Manual
6.3.3 PASS Mode for the Serial Interface
When the CLI Session on the serial interface attempts a transition to PASS
Mode, the CLI Server establishes an outbound connection from the module to a
user-specified TCP server and/or UDP server on the network interface. Once a
connection is established, data bridging becomes possible between the CLI
Session on the serial interface and the TCP Server and/or UDP server. If the
connection to the primary TCP server failed, the CLI Server will attempt to
connect to a secondary TCP server, if configured. If the transition to PASS Mode
was triggered by the automatic startup configuration, the CLI Server will use the
wl-retry-time configuration parameter to continuously retry connection to
the servers.
The IP addresses of the primary TCP and UDP servers are configured using wl-
tcp-ip and wl-udp-ip CLI commands. The secondary TCP server is
configured using the wl-tcp-ip2 command. The TCP server port is
configured using wl-tcp-port and wl-udp-port CLI commands. The retry
timer is configured using the wl-retry-time CLI command. See section “CLI
Commands” for more details on these commands.
6.3.4 PASS Mode for a TCP CLI Session
When the CLI Session on the network interface (TCP CLI session) attempts to
transition to PASS Mode, the CLI Server establishes a data bridge to the CLI
Session on the serial interface if the following conditions are both true:
The CLI Session on one or more of the serial interfaces is in LISTEN Mode.
The number of CLI Session on the network interface, in PASS Mode, is less
than the CLI sessions on the serial interfaces in LISTEN mode.
If more than one of the Serial interfaces is in LISTEN mode, it is possible to
direct the TCP CLI Session PASS mode connection to either of the available
sessions.
6.3.5 LISTEN Mode (Serial/UART/SPI Interface Only)
LISTEN Mode is a passive data bridging mode of the CLI Session. The LISTEN
Mode is only applicable on the serial, UART and SPI interfaces. When the CLI
Session on the serial interface enters LISTEN Mode, the module passively waits
for a data bridge to be established from a TCP CLI session. The data bridge
may be initiated using a CLI Session via the PASS Mode or using the tunneling
feature. The CLI Session may transition to CLI Mode using CLI Server escape
processing. See section “CLI Server Escape Processing” for details.
When the serial interface CLI Session is in LISTEN Mode, the following are
possible:
TCP connections on the network interface can use the CLI commands pass,
putget or putexpect to establish a data bridge.
TCP connection can establish a data bridge if tunneling is enabled.
Airborne Enterprise CLI Reference Manual 25
The esc-str CLI command supersedes the escape command. It is recommended
that the esc-str be used.
6.3.6 CLI Session Startup Modes
The startup behavior of the CLI Session on each interface is determined as
follows:
The CLI Session on the serial interface startup behavior is determined by the
value of the serial-default parameter.
CLI Sessions on the network interface using the TCP port specified by wl-
telnet-port always start in CLI Mode.
CLI Sessions on the network interface using the TCP port specified by the
wl-tunnel-port or the UDP port specified by wl-udp-rxport, always
start in PASS Mode. However, if the CLI Session on the serial interface is not
in LISTEN Mode, the TCP connection on the wl-tunnel-port will be
rejected by the Module.
Each of the serial ports can have a different CLI Session startup behavior.
Each serial port can have different configuration settings for the tunnel port.
6.4 CLI Server Escape Processing
The CLI Server includes an escape processing feature which allows CLI
Sessions to transition from PASS or LISTEN (data bridging) Mode back to CLI
Mode. Escape processing is configurable to:
disable escape processing
process the receipt of a user-defined escape string as an escape signal
process the receipt of the BREAK signal as an escape signal
When escape processing is disabled, the CLI Server will not parse the data
stream for any escape sequence. When escape processing is configured to use
an escape string, the CLI Server will perform pattern matching for the userdefined escape string in the data stream. The escape sequence must be the last
characters delivered to the module for escape parse to be successful. The
escape string is a five (5)-character string configurable via the escape or esc-
str CLI commands. When escape processing is configured to use the BREAK
signal, the CLI Server will parse the data stream for the BREAK signal.
6.5 Detecting and Executing the Escape Sequence
Upon detection of the escape sequence, the CLI Server applies the follow rules
for transitions of the CLI Session on that interface:
If the CLI Session is in LISTEN Mode and there is no data bridge
established, the CLI Session will transition to CLI Mode and send an OK
response to the CLI Session.
If the CLI Session is in LISTEN Mode and there is an active data bridge
established, the CLI Server will terminate the active data bridge and the CLI
Session will remain in LISTEN Mode. Note that, two escapes are required to
transition from active data bridge to CLI mode.
26 Airborne Enterprise CLI Reference Manual
If the CLI Session is in PASS Mode, the CLI Server will send an OK response
to the CLI Session and transition to CLI Mode.
The following effects of escape processing require the attention of system
implementations:
If the escape sequence is an escape string, the escape string received on
one CLI Session is transmitted to the CLI Session on the other end of the
data bridge prior to performing the CLI Session transition. This allows the
other end to parse the received data and determine when the data bridge is
shutdown.
If the escape sequence is the BREAK signal, the BREAK received on the
serial interface is not transmitted to the wireless interface, but the transition
takes place internally.
The CLI Session that detects the escape sequence will post an OK response
on its interface if the escape sequence caused the CLI Session to transition
to the CLI Mode.
Escape detection does not close the TCP connection. It only terminates the
data bridge. Subsequent use of the pass CLI command will re-establish the
bridge for that interface.
The CLI Server allows independent configuration of escaping processing for
each serial port and for TCP CLI session. The serial interface escape processing
is configurable using the CLI parameter esc-mode-serial. The TCP CLI
Session escape processing is configurable using the CLI parameter esc-
mode-lan. See section “CLI Commands” for details on these parameters.
6.6 CLI Conventions
The CLI uses the following conventions:
All commands consist of a string of printable characters, including the
command and optional arguments delimited by one or more spaces or tabs.
Multiple consecutive spaces or tabs are generally considered as one
delimiter.
Commands and arguments are case sensitive, except hexadecimal values
and port IDs, which can be uppercase or lowercase.
Arguments enclosed within […] are optional.
All arguments are literal ASCII text, except where indicated.
Most commands that set the value of a parameter can also obtain the value
of the parameter by omitting the argument. Numeric values are returned in
aschex format.
A choice between arguments is indicated with the | character. Only one of
the choices can be selected.
All CLI commands are terminated with a <CR>.
The maximum length of a CLI command line is 256 characters, including
spaces and terminating characters.
Argument types include:
<ASCII Text> literal ASCII character string without delimiters (no
spaces or tabs).
Airborne Enterprise CLI Reference Manual 27
The TCP CLI interface by default echoes back CLI session input. It is possible to turn
this feature off by issuing the telnet-echo disable command.
<integer> value represented as a decimal integer or as “aschex” value
in the form 0xhhh…hhh.
<aschex> one or more pairs of hexadecimal digits with no prefix in the
form hhh…hhh.
<portid> an I/O port bit number, from 0 to 7.
<IPadrs> - Internet Protocol address string in the format:
nnn.nnn.nnn.nnn; for example: 192.168.10.3.
6.7 ASCHEX vs. Binary Values
Data can be sent to the module as either binary data or a hexadecimal
representation of the actual data being transmitted.
When a LAN device or serial port Host issues a pass command, the data is
transmitted as binary data. By comparison, when the command putget or
putexpect is issued, the senddata content must be encoded as ASCII
hexadecimal digit pairs. The data is translated across the Module and received
as an ASCII representation of the actual data. This is true whether the
transmission initiates from the LAN device or from the Host.
For example, the digits 31 correspond to the ASCII character 1. If you issue a
putget or putexpect command with the senddata value of 314151, the
destination receives the ASCII characters 1, A, and Q.
6.8 Command Responses
The Module responds to CLI commands with a response indicating whether the
CLI command was executed successfully. All responses are terminated by
<CR><LF>.
Multiline responses have each line terminated with <LF><CR> with the response
terminated by <CR><LF>.
After the Module executes a CLI command successfully, it returns the response:
OK<CR><LF>
Otherwise, it returns an error response. Error responses are returned in the
following general format:
Error 0xhhhh: error text<CR><LF>
In the response the aschex value is the error code. A summary of error code can
be found in section 0.
28 Airborne Enterprise CLI Reference Manual
7.0 A Typical Development System
A typical evaluation system includes:
A Serial Host: A computer connected to of the serial ports of the Airborne™
Enterprise Development Board.
A LAN Host: A computer that communicates wirelessly with the Module through an
Access Point (AP).
An Access Point.
An Airborne™ Enterprise Development kit.
Airborne Enterprise CLI Reference Manual 29
Only one CLI session on the network (802.11/Ethernet) interface may be bridged with
any single CLI session on the serial interface at a time.
8.0 Serial Device Server Use
In this section the base functionality of the module will be described, examples of use and
configuration will be provided. Refer to this section to understand the differences between
a command port, data tunnel, TCP/IP vs. UDP use and server vs. device operation.
The UART, Serial and SPI versions of the module provide the ability to connect a raw
serial data stream to a TCP/IP based network, using 802.11 or Ethernet as the primary
network connection media. To facilitate this functionality the module supports a number
of management and data bridging interfaces on both the serial (Serial/UART/SPI) and
network (802.11/Ethernet) interfaces. As described in section 3.2, there are multiple
states for the CLI interface; this section will describe the data bridging options and the
required CLI configuration for each.
8.1 Data Bridging
The module provides data bridging via the PASS and LISTEN Modes of the CLI
Session. During data bridging, the raw payload of an incoming TCP or UDP
packet is transmitted to the serial interface while the raw data stream from the
serial interface is transmitted as the payload of an outgoing TCP or UDP packet.
There are multiple ways to setup a data bridge using the module. A bridge may
be initiated from the Serial Host, from a TCP connection on the wl-telnet-
port, from a TCP connection on the wl-tunnel-port, from a UDP message
on the wl-udp-rxport or from a Secure Shell (SSH) connection on the wl-
ssh-port.
8.1.1 Bridging from the Serial Interface
The CLI Session on a serial interface may initiate a data bridge via the use of the
serial-default parameter set to “pass” or by manually issuing the pass CLI
command. Prior to establishing the data bridge, the module must be properly
configured to connect to a server on the network that will accept the
communications; Table 1 below identifies the parameters that need to be set.
30 Airborne Enterprise CLI Reference Manual
Command
Description
pass
Creates a data bridge between the network and
serial interface. When issued from the serial
CLI session the CLI server initiates a TCP
connection using the IP, port and timeout
parameters defined for the serial interface
issuing the command.
This command supports the serial port suffix p1 or -p2, however they will only apply if
issued on the serial port referenced in the
suffix.
If the suffix is not included, the command
applies to the port the serial CLI session is
open on.
serial-default-pX pass
Configures the default setting for a serial port
to behave as if a pass command had been
issued by the serial interface CLI session.
Creates a data bridge between the network and
serial interface. When issued from the serial
CLI session the CLI server initiates a TCP
connection using the IP, port and timeout
parameters defined for the serial interface
issuing the command.
This command supports the serial port suffix,
by replacing the pX with p1 or p2 the
command parameter can be applied to a
specific serial port.
If the suffix is not included, the command
applies to the port the serial CLI session is
open on.
wl-tcp-ip-pX [IP Address]
The primary target IP address of the TCP
server on the network to be used when the CLI
session on a serial port issues the PASS
command or if the serial-default setting is
PASS.
If the IP address is empty or the connection
attempt is unsuccessful the CLI server will
attempt to connect to the IP address defined
by wl-tcp-ip2 (Secondary target IP)
This command supports the serial port suffix,
by replacing the pX with p1 or p2 the
command parameter can be applied to a
specific serial port.
If the suffix is not included, the command
applies to the port the serial CLI session is
open on.
Table 1 - CLI Session Default PASS mode parameters
Airborne Enterprise CLI Reference Manual 31
Command
Description
wl-tcp-ip2-pX [IP Address]
The secondary target IP address of the TCP
server on the network to be used when the CLI
session on a serial port issues the PASS
command or if the serial-default setting is
PASS.
This command supports the serial port suffix,
by replacing the pX with p1 or p2 the
command parameter can be applied to a
specific serial port.
If the suffix is not included, the command
applies to the port the serial CLI session is
open on.
wl-tcp-port-pX [Port Number]
The port number used by the CLI server when
a serial interface initiates a TCP connection.
This value must match the port on which the
target TCP server is listening.
The port range is 0 – 65535 (default 2571).
This command supports the serial port suffix,
by replacing the pX with p1 or p2 the
command parameter can be applied to a
specific serial port.
If the suffix is not included, the command
applies to the port the serial CLI session is
open on.
Wl-tcp-timeout-pX [Time seconds]
Establishes the inactivity timeout for a TCP
connection initiated by the CLI session on a
serial interface using the pass or serial-
default pass command.
A value of 0 disables the timeout.
This command supports the serial port suffix,
by replacing the pX with p1 or p2 the
command parameter can be applied to a
specific serial port.
If the suffix is not included, the command
applies to the port the serial CLI session is
open on.
32 Airborne Enterprise CLI Reference Manual
The following examples illustrate how to configure the Module to initiate a
connection to a TCP server:
Figure 1 - Bridging from a serial Interface Manually Using the pass Command
Airborne Enterprise CLI Reference Manual 33
Figure 2 - Bridging from a serial Interface Automatically at Startup Using the Serial-Default
Command
8.1.2 Bridging from a TCP connection on the wl-telnet-port
A user or OEM application connected over TCP to the wl-telnet-port of the
module may create a data bridge to a serial interface by issuing the pass
command. The pass command will succeed if there is no other data bridge
active and the CLI Session on a serial interface is in LISTEN Mode. The following
figure illustrates a sequence of commands that create a data bridge from the
TCP connection:
34 Airborne Enterprise CLI Reference Manual
Figure 3 - Bridging from a TCP Connection on the wl-telnet-port
8.1.3 Bridging from a TCP connection on the wl-tunnel-port
The module supports a tunneling feature that allows bridging between a specific
TCP address/port and the module‟s serial port without requiring authentication
with the module. TCP port tunneling is supported by the wl-tunnel, wl-
tunnel-mode, and wl-tunnel-port commands. The rules for TCP
connections to the wl-tunnel-port are as follows:
wl-tunnel must be enabled (set to 1).
wl-tunnel-mode must be set to tcp.
wl-tunnel-port must be set to a non-zero value which is not the same as
any previously defined port on the module.
The CLI Session on a serial interface must be in LISTEN Mode.
There must be an available serial interface in LISTEN mode, which is not
already bridged.
If all of the conditions are met, this TCP connection will become the active bridge.
All data payload will be bridged between the CLI Session on a serial interface
and the CLI Session on this TCP port.
Airborne Enterprise CLI Reference Manual 35
The data bridge may terminate for any one of the following reasons:
The close CLI command is issued from a secondary network CLI
session.
The radio-off CLI command is issued from a secondary network
CLI session.
The network server or host terminates the TCP/IP or UDP session.
The TCP/IP connection inactivity timer (wl-tcp-timeout) expires.
The escape sequence is detected.
After the data bridge is terminated, the CLI Session on a serial interface remains
in LISTEN Mode and escape detection, if configured, is enabled.
Since a tunnel connection does not require authentication to the module it is less
secure than other connection type, like SSH or telnet. The tunnel port can only
be used for a data connection; it does not support access to the CLI server.
Using the following sequence, a user can configure the module to operate in TCP
tunneling mode:
36 Airborne Enterprise CLI Reference Manual
Figure 4 - Bridging from a TCP Connection on the wl-tunnel-port
8.1.4 Bridging Using UDP
The module supports UDP tunneling. This allows the module to forward data
from a serial interface to a specific server listening on a specified UDP port or to
broadcast a UDP datagram on a specific UDP port. This also allows the module
to forward data received on its specified UDP receive port to a serial interface.
The UDP port tunneling feature is configurable via the wl-tunnel, wl-
tunnel-mode, wl-udp-xmit, wl-xmit-type, wl-udp-rxport, wl-udpport, and wl-udp-ip CLI commands.
Airborne Enterprise CLI Reference Manual 37
If wl-xmit-type is set for both, then the TCP bridge must remain active for the
UDP bridge to remain active. If the TCP server becomes inactive, the UDP bridge will
be terminated.
Only the data payload of the UDP packet is forwarded to a serial interface. All serial
data received is sent as the UDP packet payload.
Whenever the CLI Server transitions to PASS Mode, either via the startup
„serial-default pass’ parameter or the „pass-p?’ command, the module
will use the UDP tunneling configurations to operate the UDP data bridge as
follows:
wl-xmit-type is used to enable UDP transmission of data from a serial
interface.
wl-udp-xmit is used to enable unicast, or broadcast UDP datagram
transmission, or both.
wl-udp-ip/wl-udp-port is used to set the UDP transmission destination
IP address/port.
wl-udp-rxport sets the UDP port that the module will receive data on for
the bridge.
8.1.5 Data Bridging with XMODEM Guidelines
Once a data bridge is established, the endpoints may transfer raw binary data.
Some systems may choose to apply a protocol such as ZMODEM or XMODEM,
etc.
For systems using XMODEM protocol, the following guildelines must be adhered
to:
XMODEM works with 8-bit connections only. If you communicate with the
Module via a serial port connection, configure your communication settings
as follows:
Data bits: 8
Parity: None
Stop bits: 1
Run XMODEM with either no flow control or hardware (RTS/CTS) flow
control because the protocol provides no encoding or transparency of control
characters. If you run XMODEM with software (XON/XOFF) flow control, your
connection will hang. For this reason, configure the flow control parameter in
your communication settings to NONE or RTS/CTS, not to XON/XOFF or
BOTH.
During transmission, XMODEM pads files to the nearest 128 bytes. As a
result, original file sizes are not retained.
38 Airborne Enterprise CLI Reference Manual
These guideline apply to the use of Xmodem during firmware, certificate, Private key
and configuration file upload to the device server.
Command
Description
Decide SSH Key size
ssh-keysize
The module's administrator must decide the
strength of the SSH encryption to use. This is
generally a customer site-specific policy (ask
your IT department) and is reflected in the
value of ssh-keysize.
The default value of 1024 makes use of 1024bit RSA public/private key pairs, and is a good
compromise of performance vs. strength. The
maximum value of 2048 takes significant time
both to generate the public/private key pair
and to establish connections with the SSH
server.
Generate SSH key on module
ssh-keygen
The RSA public/private key pair used by SSH
must be generated by the ssh-keygen
command.
This command can take several minutes to
complete, but need only be performed once per
module.
Save the generated key
commit
After the RSA public/private key pair is
generated, they must be used to the module's
FLASH to be persistent across restarts.
If they are not saved they will need to
recalculated before the SSH port can be used.
Restart or power cycle the module
restart
The module must be restarted or power cycled
to launch the SSH server.
After the module has been restarted the SSH
server will then listen to incoming SSH client
requests on wl-ssh-port.
The configuration of ssh-port is off until
keys are generated and committed.
For an SSH client program, B&B Electronics has verified proper operation of
TeraTerm, PuTTY and OpenSSH.
The modules own internal SSH client has also been verified.
8.1.6 Bridging from a SSH connection on the wl-ssh-port
The module supports secure CLI operation and data bridging through use of a
Secure Shell (SSH) CLI Session. This feature behaves very similarly to a
TELNET CLI Session (see Section 8.1.2). To access the SSH port the
connection must use the wl-ssh-port value (default 22), in addition the SSH
server must be enabled and correctly configured.
In order to enable use of SSH CLI Sessions it is necessary to perform the
following steps to prepare the module for accepting SSH connections:
Table 2 - SSH Initial Configuration
Airborne Enterprise CLI Reference Manual 39
If the module is configured for DHCP on the network interface being used the SSH
client will consider it a "new" module any time it's assigned IP address changes and
require that the username and password be reentered, even if that client has
successfully connected to that module before.
For an SSH server program, B&B Electronics has verified proper operation of
OpenSSH with the module's built-in SSH client.
The modules own SSH server has also been verified.
The first time a given SSH client on a given workstation attempts to connect with
the module's SSH server, the SSH client will identify that the SSH
Client/Workstation has not connected to the module before and will ask the user
to accept the connection. If the connection is accepted the credentials (RSA
public key which was generated in Table 2) will be saved for use with subsequent
connections.
Authentication via the SSH client is functionally identical to authentication over
the module's Debug Port. The module's SSH server will prompt the SSH Client
for a user name, and the SSH client will accordingly request the user to login and
provide a username (actual input request is determined by the SSH Client being
used) a similar prompt. After the desired username is entered, the modules SSH
server will prompt for the corresponding password. The username and password
are the same as used for the CLI auth command. Once the password challenge
is successful, the user will be in a standard CLI Session, just as if initiated over
TELNET. There is no need to re-enter the auth command in the CLI Session;
the SSH login procedure already securely identified the user to the module.
All CLI commands available to a TELNET CLI Session are available to a SSH
CLI Session; establishing a data bridge to a serial interface is identical to the
steps described in Section 8.1.2.
8.1.7 Bridging using SSH
The module supports module-initiated secure data bridging through use of a
Secure Shell (SSH) tunnel. This feature behaves very similarly to TCP pass
communication (see Section 8.1.1).
In order for the module to communicate with an SSH server, the same keygeneration preparation is necessary as for use of SSH CLI Sessions. This is
described in Table 2.
The first time the module attempts to communicate with a given SSH server, it
will, by default, not trust that server and will refuse to connect.
This is proper security protocol to avoid SSH server-identity theft. To tell the
module that it is acceptable to connect to a previously-unknown SSH server, you
must issue the CLI command ssh-trust 1. This instructs the module to
automatically trust new SSH servers until either the CLI command ssh-trust
0 is issued, or the module is restarted (for security purposes, ssh-trust 0 is
always set after a restart).
40 Airborne Enterprise CLI Reference Manual
A commit command must be used to save the SSH server credentials to the module,
this will make them persistent across restarts or power cycles.
If the credentials are not saved the module/server will need to be re-trusted the next
time the module restarts.
Use of SSH for pass data bridging is configured by setting wl-xmit-type ssh
(for the primary serial/UART interface) or wl-xmit-type-p2 ssh (for the
secondary serial/UART interface).
If the user is communicating with the module over a CLI Session on a serial
interface, when authenticating with the SSH server, the username and password
utilized by the modules SSH client is the same as that with which the user
entered when the auth command was issued at the start of the CLI Session. If
the module is automatically establishing the data bridge via serial-default
pass or serial-default-p2 pass, the username and password configured
through ssh-default-user and ssh-default-password are utilized.
Airborne Enterprise CLI Reference Manual 41
9.0 Ethernet Bridge Use
The Airborne Ethernet Adapter is a fully functional NAT Level 3 router, supporting a
public IP address for the wireless interface and a private network for the attached devices
on the wired interface.
Network Address Translation (NAT) is the process of modifying network address
information in Internet Protocol (IP) packet headers while in transit across a traffic routing
device for the purpose of remapping a given address space into another. In the case of a
NAT Level 3 device, the modification of the packet headers provides for a translation
between a single public IP address (that of the wireless interface) and the IP addresses
of the devices on the private network (wired Ethernet interface).
The modules wireless interface is considered the public address and will be the point of
contact on the target network (see Figure 5). This interface supports all the wireless and
network authentication requirements, including support for WPA2-Enterprise. It can
acquire an IP address either through DHCP or user configured static IP. Once
configured, association and authentication are handled entirely by the module and
require no interaction from an Ethernet client on the private network.
Figure 5 - Ethernet Bridge Functionality
42 Airborne Enterprise CLI Reference Manual
Command
Description
wl-ssid
This identifies the target network for the Ethernet
bridge.
The Private network is the wired interface provided by the bridge. This interface includes
a DHCP server and supports dynamic or static IP address assignment. This means any
Ethernet client supporting DHCP can be connected to the wired interface without
configuration changes. The private network host can communicate with the module using
the bridges Ethernet IP address on the private network.
The modules Ethernet personality supports NAT Level 3 and as such provides the
following advantages over the more traditional bridge functionality:
A single network IP address on the public network. This simplifies
management of the devices on the network and avoids issues with some
network infrastructure that does not permit a single device to have multiple IP
addresses.
A single point of authentication. The module handles authentication for the
public network; this means a single point of contact for all security interaction,
simplifying deployment for the network.
Zero security footprint on the private network host.
Support for DHCP and static IP on the private network. This capability allows
the host to be shipped without any configuration changes.
Port forwarding. Allows you to decide if web page, TELNET or FTP access
should be forwarded to the private network or handled by the module.
Plug-n-Play. In most cases all that is required for full functionality is
configuration of the wireless interface for the target network. This can be
done before deployment to minimize deployment time and complexity.
9.1 Public Network Interface
The public network interface is the module‟s wireless port. This interface must be
configured to associate and authenticate with the target network. To successfully
configure this interface the following must be configured correctly:
Table 3 - Public Network Configuration
Airborne Enterprise CLI Reference Manual 43
Command
Description
wl-dhcp
This defines whether or not the device will use DHCP or
a static IP address. This address will become the target
address for any devices on the network wanting to
communicate with the bridge or the device attached to
the wired interface.
If DHCP is not being used it is necessary to configure
the following parameters:
wl-ip
Module Static IP address
wl-subnet
Subnet mask
wl-gateway
Network gateway IP address
wl-dns1
Primary DNS server IP
address
wl-dns2
Secondary DNS server IP
address
Security (various commands)
It is necessary to configure this interface for the
appropriate security profile required for authentication
to the target network. Please see section 10.0 for details
on configuring the security profile.
http-port
This parameter allows directed traffic on the defined
http port to be directed to either the Airborne device
server or the device connected on the wired port.
If enabled all traffic on the http port will be handled by
the Airborne device.
If the application requires that a web server on the host,
attached to the wired port, respond to web page
accesses this parameter must be disabled or turned off,
alternately the wl-http-port must be changed from
the default port to another which does not conflict with
the devices http port on the Ethernet interface.
telnet-port
This parameter allows directed traffic on the configured
telnet port to be directed to either the Airborne device
server or the device connected on the wired port.
If enabled, all traffic on the telnet port will be handled
by the Airborne device.
If the application requires that a telnet server on the
host, attached to the wired port, respond to remote
accesses this parameter must be disabled.
ssh-port
This parameter controls the availability of the modules
SSH server. The SSH port (wl-ssh-port) availability
will depend upon the setting for this parameter.
If enabled, all traffic on the SSH port will be handled by
the Airborne device.
44 Airborne Enterprise CLI Reference Manual
The public address becomes the target address for all accesses to the Ethernet
clients connected to the private network. In the example shown in Figure 6, any
device on the public network wanting to communicate with the Ethernet client (1st
Host Device IP: 192.168.2.100), would use the IP address 123.45.67.89, the
module will forward all traffic to the private address 192.168.2.100.
Command
Description
eth-ip
This is the base IP address of the private network DHCP server address pool,
and is the first IP address the DHCP server will lease to a client on the private
network when the client is using DHCP. It is also the default private network
IP address used for forwarding traffic from the public network.
This address must match the private network client IP address when a single
client is attached and is using a static IP address. If this does not match the
address, traffic from the public network will NOT be routed correctly.
Traffic originating from Ethernet clients will be routed correctly.
eth-subnet
This is the subnet mask the DHCP server will provide to the client when the
client is using DHCP.
eth-gateway
This is the IP address of the Ethernet Interface on the Airborne Ethernet
Bridge and is the target address for communications between the Ethernet
client and the Airborne Bridge.
The network infrastructure will show the MAC and IP address of the modules
wireless interface as the network presence, as a consequence of this all traffic
will be identified as being from or to this address.
Figure 6 - Airborne Ethernet Bridge IP Configuration
The public network interface supports the Airborne™ discovery protocol and will
respond to discovery requests issued on the public network. Discovery protocol
requests are not forwarded to the private network.
9.2 Private Network Interface
The private network interface is on the Ethernet port of the module. The interface
supports multiple Ethernet clients with either a static or DHCP sourced IP
address. This interface needs minimal configuration and requires the parameters
in Table 4 to be configured.
Table 4 - Private Network Interface Configuration
Airborne Enterprise CLI Reference Manual 45
Command
Description
eth-mode
The Ethernet interface supports the following configurations; this parameter
determines the default mode of the interface.
auto
Auto negotiate
10half
10Mbps, half duplex
10full
10Mbps, full duplex
100half
100Mbps, half duplex
100full
100Mbps, full duplex
It is recommended that auto be used as this will provided the greatest level
of compatibility on the Ethernet interface.
The subnet for the private network IP addresses (Ethernet Client and Gateway) and
public IP address (802.11), obtained by the module via the wireless interface, MUST
NOT be the same.
Failure to observe this requirement will result in unpredictable behavior of the bridge.
The private network supports the Airborne™ discovery protocol and will respond
to discovery requests on the private network. Discovery protocol requests are not
forwarded to the public network.
When attempting to make an out-bound connection to a device on the public
network, the public network IP address of the device should be used e.g. In
Figure 6 the client with address 192.168.2.100 wants to connect to an FTP
server, with the address of 123.45.67.99, on the public network to perform a
firmware download. The FTP address that would be used in the ftp-server-
address parameter would be 123.45.67.99. Note that this is not within the
subnet of the Ethernet client, however the NAT router will do the necessary
address translations and packet header manipulations to ensure the out-bound
and in-bound connections are maintained.
Any traffic between the Airborne Ethernet Bridge Ethernet interface and Ethernet
client, on the private network, will not be broadcast on to the public network
unless it is directed at the public network.
For most users there will be no modification of the private network settings
needed and if the target Ethernet client uses DHCP to obtain an IP address, no
change in configuration will be required either.
9.3 Ethernet Firewall Configuration
The module has an in-built rule based firewall, designed to provide a simple
solution for limiting access on the network the wireless interface is associated
with to just the resources required for the target application. When configured this
prevents any system using the Ethernet interface for accessing unauthorized
data or resources, protecting the connected network from illegal use by an rogue
Ethernet Client.
46 Airborne Enterprise CLI Reference Manual
Command
Description
eth-route-default
<access>
This sets the default firewall settings.
accept
All packets are relayed to the wireless interface.
drop
All packets are dropped and are not relayed to the
wireless interface.
If <access> configured for accept all outgoing requests will be
forwarded, except broadcast messages, essentially turning off the
firewall. Relaying of broadcast messages must be explicitly enabled
with the firewall rules for each port used by the broadcast messages.
If <access> configured for drop no traffic will be forwarded to the
wireless interface. In this case adding rules will allow specific traffic to
be forwarded to the wireless interface.
The default is accept.
To utilize the firewall the module must be configured to allow traffic from the
Ethernet interface to the wireless interface based upon IP traffic rules, these
rules include the ability to block or allow access based upon target IP address,
protocol and port. The module supports the use of multiple rules and applies
them based upon the priority in the rule list. Priority of the list is based upon the
order in which the rules were entered, first being highest last being lowest.
Configuring the firewall requires a use of the commands listed in Table 5.
Table 5 - Ethernet Firewall Commands
Airborne Enterprise CLI Reference Manual 47
Command
Description
eth-route
<forwarding rule>
Specifies a rule against which traffic will be compared and the
specified action taken. The rule can apply to the protocol, the IP
address and port and will cause the packets to be dropped, forwarded
or relayed to the wireless interface.
The format of the rule is:
[protocol] [ip XXX.XXX.XXX.XXX] [port XXXX] [action]
The details of the protocol options include:
tcp
Apply rule to traffic identified as TCP.
udp
Apply rule to traffic identified as UDP.
icmp
Apply rule to traffic identified as ICMP.
bcast
Apply rule to broadcast traffic.
all
Apply rule to all traffic.
The details of the action options include:
accept
If the packet meets the conditions of the rule, relay it
to the wireless interface.
drop
If the packet meets the conditions of the rule, do not
relay it to the wireless interface and drop it.
relay
If the protocol option is bcast, assigning the action
to relay will cause UDP traffic with destination
address 255.255.255.255 received on the
specified port to be relayed to the wireless interface.
It is not necessary to include both an IP address and Port number if
one is omitted the rule will apply to all variants of the missing
parameter.
The ip and port prefixes, shown in the rule format, must be
included with the address and port number for the rule to be
accepted. The port number cannot be specified if the protocol is set
for icmp or all.
If the eth-route command is entered without a forwarding rule, the
current installed rules will be displayed in the order by which they are
applied.
del-eth-route
<forwarding rule>
Deletes the defined eth-route rule defined by the <forwarding
rule> parameter. There must be a matching forwarding rule in the
rule list for any action to be taken. The full forwarding rule description
must be used; the command does not recognize partial rule
description.
The format of the rule is:
[protocol] [ip XXX.XXX.XXX.XXX] [port XXXX]
It can be seen in Table 5 the eth-route forwarding rules can have a number of
formats and are able to support a wide range of options; the following examples
provide descriptions of some of the different uses of the rule:
eth-route tcp ip 192.168.1.100 port 80 accept
Allows TCP/IP traffic for IP address 192.168.1.100 on port 80 to be
forwarded to the wireless network.
48 Airborne Enterprise CLI Reference Manual
eth-route all ip 192.168.1.100 drop
Blocks all traffic for IP address 192.168.1.100.
eth-route udp port 55899 accept
Allows all UDP traffic on port 55899 to be forwarded to the wireless network.
eth-route bcast ip 255.255.255.255 port 55899 relay
Allows UDP broadcast traffic on port 55899 to be forwarded to the wireless
network.
eth-route icmp ip 192.168.1.100 accept
Allows all ICMP traffic for IP address 192.168.1.100 to be relayed to the
wireless network.
When using the Ethernet firewall it is recommended that the eth-route-
default be set to drop and rules entered to address the exceptions. For
instance where an Ethernet client on the modules wired interface needs to
access a data server at 192.168.1.100 on port 2929 and a FTP server at
192.168.1.200, while allowing the Ethernet client to ping the data server, the
firewall configuration should look like the following:
eth-route-default drop
eth-route tcp ip 192.168.1.100 port 2929 allow
eth-route tcp ip 192.168.1.200 port 21 allow
eth-route icmp ip 192.168.1.100 allow
9.4 Router Port Forwarding Configuration
The modules Ethernet interface supports multiple Ethernet clients at one time.
The built-in DHCP server will provide IP addresses for multiple devices when the
appropriate DHCP requests are seen. When those client wish to access
resources on the wireless interface (public network) they can initiate the
connection (TCP, UDP, ICMP) and the router will handle all packet forwarding to
and from the Ethernet interface. When a resource on the public network wants to
access one of the clients on the Ethernet interface this can only be done, in case
where there is more than one client, if power forwarding is enabled and an
appropriate rule is configured.
To access a specific device on the Ethernet interface, from the public network, it
is necessary to create a rule which maps a port on the public interface to an
individual IP and port configuration on the Ethernet interface. Since this is a static
mapping (is part of a predefined rule) it is recommended that static IP addresses
be used on the Ethernet interface when port forwarding is being used.
When configured the public network IP interface will have a number of ports
defined and mapped to a group of IP/Port combinations. A single IP address can
have multiple rules; there is no restriction on the number of public ports linked to
any specific IP/Port combination on the Ethernet interface. Figure 7
demonstrates the use of this.
Airborne Enterprise CLI Reference Manual 49
Public Network
Private Network
Sever 1
IP: 192.168.2.100
Sever 2
IP: 192.168.2.150
Sever 3
IP: 192.168.2.200
Network Client
IP: 192.168.1.100
Port 8080 ð
IP: 192168.2.100:80
Port 8081 ð
IP: 192168.2.150:80
Port 8082 ð
IP: 192168.2.200:80
Port 21 ð
IP: 192168.2.100:21
Port Forwarding
Rules
Command
Description
wl-route-default
<access>
This sets the default port forwarding setting.
forward
All incoming packets on the wireless interface are
forwarded to the address defined by eth-ip.
drop
All incoming packets on the wireless interface are
dropped.
If <access> configured for forward all incoming requests, except
broadcast messages, will be forwarded to the IP address defined by
the eth-ip setting. Relaying of broadcast messages must be
explicitly enabled with the firewall rules for each port used by the
broadcast messages.
If <access> configured for drop no traffic will be forwarded to the
Ethernet interface, essentially creating a firewall to the Ethernet
interface and clients on the interface. In this case adding rules will
allow specific traffic to be forwarded to the Ethernet interface.
The default is forward.
Figure 7 - Port Forwarding Example
Configuring the firewall requires a use of the commands listed in Table 5.
Table 6 - Port Forwarding Configuration
50 Airborne Enterprise CLI Reference Manual
Command
Description
wl-route
<forwarding rule>
Specifies a rule against which traffic will be compared and the
specified action taken. The rule can apply to the protocol and the
target port and will cause the packets to be dropped, forwarded or
relayed to the Ethernet interface.
The format of the rule is:
[protocol] [port XXXX] [action] [IP Address:Port#]
The details of the protocol options include:
tcp
Apply rule to traffic identified as TCP.
udp
Apply rule to traffic identified as UDP.
icmp
Apply rule to traffic identified as ICMP.
bcast
Apply rule to broadcast traffic.
all
Apply rule to all traffic.
The port number cannot be set if the protocol selection is all or
icmp.
The details of the action options include:
forward
If the packet meets the conditions of the rule relay it
to the specified IP address and port number on the
Ethernet interface.
drop
If the packet meets the conditions of the rule drop it
and do not relay it to the Ethernet interface.
relay
If the protocol option is bcast assigning the action
to relay will cause UDP traffic with destination
address 255.255.255.255 received on the
specified port to be relayed to the Ethernet interface.
If selected the IP address [IP Address:Port#]
should not be included in the rule.
It is not necessary to include a Port number as part of the target IP
address for the forwarding rule, if one is omitted the rule will apply
the incoming port number to the redirected packet.
The port prefix, shown in the rule format, must be included with the
port number for the rule to be accepted.
If the wl-route command is entered without a <forwarding
rule>, the current installed rules will be displayed in the order by
which they are applied.
del-wl-route
<forwarding rule>
Deletes the defined wl-route rule defined by the <forwarding
rule> parameter. There must be a matching forwarding rule in the
rule list for any action to be taken. The full forwarding rule description
must be used; the command does not recognize partial rule
description.
The format of the rule is:
[protocol] [ip XXX.XXX.XXX.XXX] [port XXXX]
It can be seen in Table 6 the wl-route port forwarding rules can have a number
of formats and are able to support a wide range of options; the following
examples provide descriptions of some of the different uses of the rule:
Airborne Enterprise CLI Reference Manual 51
wl-route tcp port 80 forward 192.168.2.101:80
Forwards incoming TCP/IP traffic on port 80 to IP address 192.168.2.101 on
port 80.
wl-route all forward 192.168.2.105
Forwards all traffic to IP address 192.168.2.105.
wl-route udp port 55899 drop
Drops all UDP traffic on port 55899.
wl-route bcast port 55899 relay
Allows UDP broadcast traffic on port 55899 to be relayed to the Ethernet
interface.
wl-route icmp drop
Drops all ICMP traffic.
When using port forwarding you have the choice of opening the interface and
allowing everything to be relayed (wl-route-default forward) or to stop all
traffic except that which is specific to the Ethernet clients (wl-route-default
drop) in both cases including rules will allow the specific services to be handled
appropriately by allowing to be relayed across the device correctly.
When wl-route-default drop is applied -it is necessary to have at least one
rule for any traffic to be relayed.
As an example let‟s look at the port forwarding configuration for the system
shown in Figure 7. Within the configuration of the networks it is necessary to get
access to the individual devices web interfaces for configuration and also to
access the FTP server on 192.168.2.100, the port forwarding configuration
should look like the following:
wl-route-default drop
wl-route tcp port 8080 forward 192.168.2.100:80
wl-route tcp port 8081 forward 192.168.2.150:80
wl-route tcp port 8082 forward 192.168.2.200:80
wl-route tcp port 21 forward 192.168.2.100
In this case addressing 192.168.1.217:8080 will access the web server on server
1, 192.168.1.217:8081 will access the web server on server 2,
192.168.1.217:8082 will access the web server on server 3 and any FTP access
on port 21 will access the FTP server on server 1.
9.5 Ethernet Port mode: Router vs. Client vs. Bridge
The Ethernet of the module supports three distinct functional modes: router,
client and bridge. It is important to understand the differences between them,
when they should be used and the appropriate settings for each.
The router setting must be used when the device is to be an Ethernet Client
adapter, where packet routing between the Ethernet and 802.11 interfaces will be
used. In this mode the module is configured as a NAT3 router, the Ethernet
interface is capable of serving IP addresses from its DHCP server. The Ethernet
interface of the module will act as the gateway to the 802.11 network for devices
attached to the network on the Ethernet interface.
52 Airborne Enterprise CLI Reference Manual
Command
Description
eth-role router
This configures the Ethernet interface as the gateway for the
Ethernet connected network and as a NAT3 router.
eth-ip
This is the base IP address of the private network DHCP server
address pool, and is the first IP address the DHCP server will
lease to a client on the private network when the client is
using DHCP. It is also the default private network IP address
used for forwarding traffic from the public network.
This address must match the private network client IP address
when a single client is attached and is using a static IP
address. If this does not match the address, traffic from the
public network will NOT be routed correctly.
When using static IP addresses it is necessary for the Ethernet
host to be capable of responding to the ICMP ARP protocol or
for the host to issue a Gratuitous ARP. This is required to
make sure wireless traffic is routed correctly.
Traffic originating from Ethernet clients will be routed
correctly.
eth-subnet
This is the subnet mask the DHCP server will provide to the
client when the client is using DHCP.
eth-gateway
This is the IP address of the Ethernet Interface on the
Airborne Ethernet Bridge and is the target address for
communications between the Ethernet client and the Airborne
Bridge.
The client setting must be used when the module is to be used as a serial device
server and no Ethernet to 802.11 bridging will be required. In this configuration
the Ethernet or 802.11 interfaces will be network clients to which the serial ports
will tunnel and establish data connections. In this mode only one of the network
interfaces (Ethernet or 802.11) is allowed to support DHCP, the other must use a
static IP address.
The bridge setting must be used when the device is to be an Ethernet Client
adapter, where data bridging between the Ethernet and 802.11 interfaces will be
used. In this mode the module will forward all packets between the Ethernet and
802.11 interfaces. The Ethernet IP configuration is used and the 802.11 IP
configuration is ignored. If traffic to any of the configured ports (http, telnet, ftp,
ssh, etc) need to pass through the module, then the ports need to be
reconfigured to use non-default settings.
For router and bridge modes, if the network is configured to not allow multiple
MAC address for the same IP address, MAC address cloning should be enabled.
MAC address cloning will cause the WLAN module to adopt the MAC address of
the first Ethernet client that it sees traffic from. If the Ethernet client uses DHCP,
the module will sniff the DHCP transactions and learn the MAC and IP that the
client will use, and adopts them as its own. When in bridge mode, this makes the
module look like a “cable replacement” and should be transparent to the network.
The following tables (Table 7, Table 8, and Table 9) address the specific
requirements for each mode and identify the relayed parameters for correct
configuration.
Airborne Enterprise CLI Reference Manual 53
Table 7 - Configuring the Ethernet Module as a Router
Command
Description
eth-dhcp-server [state]
Enables or disables the DHCP server on the private network. If
the Ethernet host is using DHCP to acquire an IP address this
must be enabled.
The [state] can be one of the following:
enabled
Enables the DHCP server. The address
configured by eth-ip is the first address
issued; subsequent requests will issue
address incrementally.
disabled
Disables the DHCP server. Requires the
Ethernet hosts to be configured with static
IP addresses, subnet masks and gateway
addresses.
wl-mac-clone
Enables or disables MAC address cloning for the module. When
this mode is enabled the modules wireless interface will use
the MAC address of the first Ethernet host as its own.
Command
Description
eth-role client
This configures the Ethernet interface as the gateway for the
Ethernet connected network and as a NAT3 router.
eth-dhcp-acqlimit
Determines the number of seconds the module should wait to
acquire its IP configuration using DHCP before applying the DHCP
fallback algorithm (if enabled).
The value should always exceed the DHCP acquire time for the
target network. It is recommended that the typical acquire time
should be exceeded by a minimum of 15 seconds.
A value of zero (0) will disable IP fallback.
eth-dhcp-client
Configures the DHCP Client Host Name. This can be used to uniquely
identify the client in the DHCP server IP address tables.
The default configuration is AirborneXXXXXX, where XXXXXX are
the last six (6) hexadecimal digits of the modules MAC address.
eth-dhcp-fb
Enables or disables the fall back algorithm for the Ethernet port.
When enabled the eth-dhcp-fbip, eth-dhcp-subnet and eth-
dhcp-gateway will be applied after the eth-dhcp-acqlimit has
been exceeded.
When disabled 0.0.0.0 is applied as the IP address of the Ethernet
interface.
eth-dhcp-fbauto
Enabling the fallback auto mode will cause the module to use the last
successful DHCP IP configuration to set eth-dhcp-fbip, eth-
dhcp-fbsubnet, eth-dhcp-gateway, dns-server1 and dnsserver2.
This command requires that eth-dhcp-fb is enabled and the ethdhcp-acqlimit is none zero.
The changes are not persistent across power cycles or restarts. To
make the setting changes persistent please see eth-dhcp-fbper.
eth-dhcp-fbip
Configures the IP address used by the DHCP fallback algorithm when
DHCP fails.
Table 8 - Configuring the Ethernet Module as an Ethernet Client
54 Airborne Enterprise CLI Reference Manual
Command
Description
eth-dhcp-fbsubnet
Configures the IP subnet used by the DHCP fallback algorithm when
DHCP fails.
eth-dhcp-fbgateway
Configures the Gateway IP address used by the DHCP fallback
algorithm when DHCP fails.
eth-dhcp-fbper
Enabling the fallback auto mode will cause the last successful DHCP
IP configuration to be persistent across power cycles and restarts.
When enabled the last successful configuration will be stored to
eth-dhcp-fbip, eth-dhcp-fbsubnet, eth-dhcp-gateway,
dns-server1 and dns-server2.
This command requires that eth-dhcp-fb and eth-dhcp-fbauto are
enabled and the eth-dhcp-acqlimit is none zero.
eth-dhcp-vendorid
Configures the DHCP Vendor Class ID string to use in the DHCP
requests for the Ethernet interface.
Command
Description
eth-role bridge
This configures the Ethernet interface as the bridge for the
Ethernet connected network.
eth-dhcp
This configures the Ethernet interface to use either, a static IP
and Subnet Mask, or to request the IP configuration from a
DHCP server on the network. If disabled, the Static IP Address
and Subnet Mask will be used.
eth-ip
This configures the static IP address of the Ethernet interface
via which the Ethernet client device can access the module.
eth-subnet
This is the subnet mask that the Ethernet client will use to
route IP traffic.
wl-http-port
This configures the TCP port number used by the HTTP (Web)
server.
wl-telnet-port
This configures the TCP port number that the Module CLI
Server listens on for a LAN application connection
ftp-server-listen-port
This configures the port number that the internal FTP server
listens on.
wl-ssh-port
This configures the TCP port number used by the SSH (Secure
Shell) server.
wl-mac-clone
Enables or disables MAC address cloning for the module. When
this mode is enabled the modules wireless interface will use
the MAC address of the first Ethernet host as its own.
Table 9 - Configuring the Ethernet Module as a Bridge
Airborne Enterprise CLI Reference Manual 55
A wireless network using this protocol is not secure and is open to attack and intrusion.
Devices and data on such a network should be considered at risk. This configuration is
not recommended for anything other than initial set-up of the device.
If this security setting is to be used it is recommended all data traffic be performed
over SSH (Section 8.1.6 and 8.1.7).
10.0 WLAN Security
The Airborne Enterprise Wireless Device Server family supports all the latest WiFi
security interoperability requirements for 802.11 products; this includes WEP, WPA and
WPA2. The Airborne product family supports both Personal and Enterprise versions of
WPA2, allowing delivery and storage of certificates and private keys to the module.
The configuration of the module for each of these security configurations is similar,
utilizing common security commands with parameter variations to identify the method
required. Each method does have supporting information and parameters to be defined,
the following sections identify the typical requirements for these different security type.
It is assumed in all of the following descriptions that a valid Service Set Identifier (SSID)
has been entered into the device server.
10.1 Disabled (No Security)
Under this mode there is no security applied. The only condition of association is
compatibility of the radio with the infrastructure.
10.2 WEP Security
Wired Equivalent Privacy (WEP) was the original security protocol adopted by
802.11. WEP uses the stream cipher RC4 for confidentiality and CRC-32
checksum for message integrity. The standard was compromised in 2004 and
has been deprecated as a security method. Although organizations still utilize
WEP, it is not a recommended security protocol.
Standard 64-bit WEP uses a 40 bit key and a 24 bit initialization vector (IV), to
form the RC4 traffic key, this is also known as WEP-40. The 128-bit version of
WEP utilizes the same 24 bit IV but includes a 104 bit key (WEP-104).
The 64 bit and 128 bit keys are entered manually into the device server. These
must match the keys in the target AP.
To configure the module for WEP the following commands must be completed,
note that the full description of the commands and available parameters can be
found in section 19.0:
56 Airborne Enterprise CLI Reference Manual
Command
Description
wl-security wep128
Defines WEP with a 128 bit key.
wl-auth auto
Allows the client and AP to decide the most
appropriate authentication type.
wl-def-key 1
Configures the default WEP key to be used.
wl-key-1 12345678901234567890123456
Defines the 128 bit key as 26 hex digits. This
key must match the key on the AP.
clear-wep
Removes all WEP keys from the device.
This command requires a commit for the keys
to be removed permanently.
Once removed the device will no longer be able
to establish a connection to any WLAN that
requires them.
Command
Description
wl-security wep-leap
Defines WPA with EAP-LEAP authentication.
This requires the use of a RADIUS server on
the target network; the server must support
the LEAP authentication process.
user-leap MyUserName
Defines the username to be used for
authentication with the RADIUS server. There
must be a valid user account with the defined
name.
pw-leap MyUserPassword
Defines the password for the user name
defined by user-leap. This must match the
password on the RADIUS authentication server.
wl-def-key 1
Configures the default WEP key to be used.
The key must be Key 1.
wl-key-1 12345678901234567890123456
Defines the 128 bit key as 26 hex digits. This
key must match the key 1 on the AP.
Table 10 - WEP Configuration Parameters
In addition to the standard WEP configuration the module also supports a
security protocol that utilizes LEAP with WEP encryption; the required
configuration for these security settings is shown in Table 11.
Table 11 - WEP-LEAP Configuration Settings
10.2.1 WPA Migration Mode
WPA migration mode is a Cisco specific mode, where both WPA and non-WPA
client can associate to an Access Point using the same Service Set Identifier
(SSID).
B&B Electronics has developed and provides a number of options for support of
the WPA migration mode, if it is being used by the target infrastructure. These
optional parameters are fully described in section 19.0. They allow the use of
WPA or WEP as the authentication process.
Airborne Enterprise CLI Reference Manual 57
Command
Description
wl-security wpa-psk
Defines WPA with a Preshared Key (PSK).
pw-wpa-psk password
Defines the preshared key used by the module
and must match the same PSK passphrase
used by the AP.
Must be 8-63 ASCII characters long and cannot
include spaces.
Command
Description
wl-security wpa-leap
Defines WPA with EAP-LEAP authentication.
This requires the use of a RADIUS server on
the target network; the server must support
the LEAP authentication process.
user-leap MyUserName
Defines the username to be used for
authentication with the RADIUS server. There
must be a valid user account with the defined
name.
pw-leap MyUserPassword
Defines the password for the user name
defined by user-leap. This must match the
password on the RADIUS authentication server.
10.3 WPA Security
WiFi Protected Access (WPA) is a compatibility certification program created by
the WiFi Alliance to indicate compliance to a minimum set of security and
functional capabilities for 802.11 devices. The WPA certification program was
created to mitigate the issues created by the devaluation of the WEP security
standard.
WPA utilizes part of the 802.11i security standard but relies upon the same RC4
cipher as WEP. WPA introduced Temporal Key Interchange Protocol (TKIP) to
802.11 security and this significantly mitigated the flaws that existed in WEP. It
not only hid the key more securely but provided packet sequencing and Message
Integrity Checking (Michael MIC).
The module supports both WPA Personal and WPA-LEAP, the following tables
identify the settings required for configuration of these security methods.
Table 12 - WPA-Personal (PSK) Configuration
10.4 WPA2 Security
WiFi Protected Access 2 (WPA2) is a compatibility certification program created
by the WiFi Alliance to indicate compliance to a minimum set of security and
functional capabilities for 802.11 devices. The WPA2 certification program was
created to enhance the security provided by WPA and utilize more fully the IEEE
802.11i standard and the available advanced hardware.
Table 13 - WPA-LEAP Configuration
58 Airborne Enterprise CLI Reference Manual
Command
Description
wl-security wpa2-psk
Defines WPA2 with a Preshared Key (PSK).
pw-wpa-psk password
Defines the preshared key used by the module
and must match the same PSK passphrase
used by the AP.
Must be 8-63 ASCII characters long and cannot
include spaces.
Command
Description
wl-security wpa2-psk
Defines WPA2 with a Preshared Key (PSK).
pre-calc-psk password
Defines the precalculated hex key used by the
AP. Must be 64 ASCII Hex digits long.
WPA2 implements the mandatory elements of the IEEE 802.11i standard and
replaces TKIP with AES-CCMP encryption and is considered fully secure at this
time. WPA2 has two configurations: Personal and Enterprise. WPA2-Personal
utilizes the same Pre-Shared Key (PSK) as supported by WPA, but uses AESCCMP instead of TKIP.
The implementation of WPA2-Personal follows very closely the WPA example, in
fact to the user the configuration is identical, and the underlying security
improvements are hidden by the device. The device supports both ASCII string
and pre-calculated hex keys as valid input, a description of the configuration
requirements can be seen in Table 14 and Table 15.
Table 14 - WPA2-Personal (PSK) ASCII PSK Configuration
Table 15 - WPA2-Personal (PSK) Precalculated Key Configuration
10.5 Enterprise Security
Enterprise supports a set of EAP (802.1x) protocols to provide the highest level
of security available for 802.11 implementations. As defined by the WiFi Alliance,
any product claiming WPA-Enterprise or WPA2-Enterprise capability should
support the following group of EAP processes:
EAP-TLS (Mandatory)
PEAPv0/EAP-MSCHAPv2
PEAPv1/EAP-GTC
EAP-TTLS/MSCHAPv2
EAP-SIM
Since all but the EAP-TLS are optional, many companies claim WPA2-Enterprise
compliance with minimal support (EAP-TLS only). Since there is no requirement
from the WiFi Alliance to make the implementation of the security standards
user-friendly, it is not always the case that configuring an embeddable WiFi
device for these advanced security methods is easy, let alone possible. The B&B
Electronics module supports all EAP processes except PEAPv1 and EAP-SIM.
The modules support WPA (TKIP) and WPA2 (AES-CCMP) encryption without
requiring separate configuration of the EAP process type.
Airborne Enterprise CLI Reference Manual 59
The implementation of WPA2-Enterprise is more complex and requires not only
configuration of the device but, in most cases, delivery of certificates and private
keys as well. These are small (2K-6K files) that the client uses to authenticate
with an infrastructures‟ RADIUS server. For the different EAP processes to work
it is required to define which process and underlying encryption methods to use,
along with identification of the appropriate certificates and private keys. Each
EAP process has a different requirement. Although they utilize the same
common elements, each treats the authentication process differently and
accordingly requires the credentials to be presented in a particular way.
The certificates are typically owned and generated by the Information
Technology (IT) department of the organization that owns the infrastructure. The
certificates have standard formats. It is critical to make sure that all certificates
are in the appropriate format for the client to utilize.
Since there are different configuration requirements for each EAP process the
following tables (Table 16, Table 17 and Table 18) identify the typical
requirements for implementing each type when using a certificate type other than
.P12 and .PFX.
60 Airborne Enterprise CLI Reference Manual
Command
Description
wl-security tls
Sets the EAP authentication process to be used.
eap-ident [client username from
RADIUS server]
Sets the username/EAP Identity for the client.
There must be a valid username on the
RADIUS server that matches this name.
Replace the [client username from
RADIUS server] with the user name (no
parenthesis).
priv-key-password [client private
key password]
Sets the password for the client private key file.
This must be the password on the RADIUS
server that matches the key used to build the
private key file. Replace the [client
private key password] with the password
for the private key file (no parenthesis).
ca-cert-filename [CA root cert
name].pem
Identifies the CA root certificate name to be
used. Replace [CA root cert name].pem
with the required filename (no parenthesis).
The certificate must be saved to the module
with the name identified by this command.
client-cert-filename [client cert
name].pem
Identifies the client certificate name to be
used. Replace [client cert name].pem
with the required filename (no parenthesis).
The certificate must be saved to the module
with the name identified by this command.
priv-key-filename [client private
key name].pem
Identifies he client private key file to be used.
Replace [client private key name].pem
with the required filename (no parenthesis).
The private key file must be saved to the
module with the name identified by this
command.
Command
Description
wl-security peap
Sets the EAP authentication process to be used.
eap-ident [client username from
RADIUS server]
Sets the username/EAP Identity for the client.
There must be a valid username on the
RADIUS server that matches this name.
Replace the [client username from
RADIUS server] with the user name (no
parenthesis).
eap-password [Password for client
username]
Sets the password for the client. This must be
the password on the RADIUS server that
matches the username. Replace the
[Password for client username] with
the password for the account (no parenthesis).
Table 16 - EAP-TLS/MSCHAPv2 Configuration
Airborne Enterprise CLI Reference Manual 61
Table 17 - PEAPv0/EAP-MSCHAPv2 Configuration
Command
Description
ca-cert-filename [CA root cert
name].pem
Identifies the CA root certificate name to be
used. Replace [CA root cert name].pem
with the required filename (no parenthesis).
The certificate must be saved to the module
with the name identified by this command.
eap-phase1 peaplabel=0
Identifies the outer authentication type to be
used. In this case PEAPv0.
eap-phase2 auth=MSCHAPV2
Identifies the inner authentication type to be
used. In this case MSCHAPv2
The module does support PEAPv0 without certificates. Set up for this configuration
requires the ca-cert-filename to be blank.
This security configuration compromises the strength of the PEAPv0 authentication
and is not recommended for implementation.
Command
Description
wl-security ttls
Sets the EAP authentication process to be used.
eap-ident [client username from
RADIUS server]
Sets the username/EAP Identity for the client.
There must be a valid username on the
RADIUS server that matches this name.
Replace the [client username from
RADIUS server] with the user name (no
parenthesis).
eap-password [Password for client
username]
Sets the password for the client. This must be
the password on the RADIUS server that
matches the username. Replace the
[Password for client username] with
the password for the account (no parenthesis).
ca-cert-filename [CA root cert
name].pem
Identifies the CA root certificate name to be
used. Replace [CA root cert name].pem
with the required filename (no parenthesis).
The certificate must be saved to the module
with the name identified by this command.
eap-anon-ident username@example.com
The unencrypted anonymous identity string
used by EAP-TTLS.
eap-phase2 auth=MSCHAPV2
Identifies the inner authentication type to be
used. In this case MSCHAPv2
Table 18 - EAP-TTLS/MSCHAPV2 Configuration
If you are using the Personal Information Exchange format for your certificates
please follow the configurations in Table 19.
The .PFX and .P12 private key formats commonly store multiple objects,
including the private keys and user certificates required for authentication to a
network. Using this format removes the need to identify all the individual
certificates for authentication using TLS.
62 Airborne Enterprise CLI Reference Manual
Command
Description
wl-security tls
Sets the EAP authentication process to be used.
eap-ident [client username from
RADIUS server]
Sets the username/EAP Identity for the client.
There must be a valid username on the
RADIUS server that matches this name.
Replace the [client username from
RADIUS server] with the user name (no
parenthesis).
ca-cert-filename [CA root cert
name].pem
Identifies the CA root certificate name to be
used. Replace [CA root cert name].pem
with the required filename (no parenthesis).
The certificate must be saved to the module
with the name identified by this command.
priv-key-password [client private
key password]
Sets the password for the client private key file
or Personal Information Exchange certificate.
This must be the password on the RADIUS
server that matches the key used to build the
private key file. Replace the [client
private key password] with the password
for the private key file (no parenthesis).
priv-key-filename [client private
key name].[pem/pfx/p12]
Identifies he client private key file or Personal
Information Exchange certificate to be used.
Replace [client private key
name].[pem/pfx/p12] with the required
filename (no parenthesis).
The private key file must be saved to the
module with the name identified by this
command.
When using .PFX/.P12 certificates with the module it is possible to authenticate to the
network without defining the CA Certificate. This is a non-preferred configuration and
is not recommended.
Table 19 – EAP-TLS/MSCHAPv2 Configuration Using .PFX or .P12 Private Key
It is important to know that there are many variations and additional
configurations that the module supports. Please contact B&B Electronics
Technical Support if your configuration is not covered by the documentation.
There are additional parameters available; these are listed in section 19.0.
Airborne Enterprise CLI Reference Manual 63
Command
Description
wl-security wpa-fast
Sets the EAP-FAST authentication process using
TKIP encryption.
wl-security wpa2-fast
Sets the EAP-FAST authentication process using
AES-CCMP encryption.
10.6 Configuring EAP-FAST
EAP-FAST (Flexible Authentication via Secure Tunneling) is a protocol proposal
by Cisco Systems as a replacement for LEAP. The protocol was designed to
address the weaknesses of LEAP while preserving a lightweight implementation.
Use of server certificates is optional in EAP-FAST. EAP-FAST uses a Protected
Access Credential (PAC) to establish a TLS tunnel in which client credentials are
verified.
The EAP-FAST protocol has three phases:
Phase 0 is an optional phase in which the PAC can be provisioned manually
or dynamically, but is outside the scope of EAP-FAST as defined in
RFC4851. PAC provisioning is still officially Work-in-progress, even though
there are many implementations. PAC provisioning typically only needs to be
done once for a RADIUS server, client pair.
Phase 1, the client and the AAA server uses the PAC to establish a TLS
tunnel.
Phase 2, the client credentials are exchanged inside the encrypted tunnel.
It is worth noting that the PAC file is issued on a per-user basis. If a new user
logs on the network from a device, he needs a new PAC file provisioned first.
This is one reason why it is difficult not to run EAP-FAST in the unsecure
anonymous provisioning mode. The alternative is to use device passwords
instead, but then it is not the user that is validated on the network.
Due to the use of PAC files for provisioning and credential validation the
configuration and use of EAP-FAST on the module is slightly different than the
earlier enterprise security modes. The module supports the use of EAP fast with
either WPA (TKIP) or WPA2 (AES-CCMP), Table 20 highlights the commands
required and their use when implementing EAP-FAST on the module.
Table 20 - EAP-FAST Configuration
64 Airborne Enterprise CLI Reference Manual
Command
Description
eap-fast-provisioning <option>
Determines the method by which the EAP-FAST
credentials (PAC) are provisioned between the
module and the AAA server.
The <option> defines the method of interaction
and the level of security to be used in the
automatic provisioning of the modules credentials
by the AAA server. The options are:
authenticated
The AA server‟s identity is validated by the module
before the credentials are provisioned.
unauthenticated
The AA server‟s identity is not validated by the
module before the credentials are provisioned.
either
The module will attempt to use the
authenticated method first; if this is not
possible then the module will use the
unauthenticated.
If using authenticated or either the ca-
cert-filename must be set for the AAA server
to be authenticated during the provisioning
process. If no ca-cert-filename is set the
provisioning process will not fail.
To use the ca-cert-filename the certificate
must be stored on the module.
eap-fast-max-pac-list <#ofServers>
Configures the number of AAA server credentials
that can be held by the module.
Changing the default value can impact memory
resources, although the memory will only be used
if the credentials are installed.
ca-cert-filename [CA root cert
name].pem
Identifies the CA root certificate name to be used
for authentication. Replace [CA root cert
name].pem with the required filename (no
parenthesis).
The certificate must be saved to the module with
the name identified by this command.
If no CE root certificate is being used the file
name must be blank.
Airborne Enterprise CLI Reference Manual 65
10.7 Managing Certificates and Private Keys
Since certificates are used by most of the supported EAP protocols it is
necessary to upload these files to the module before attempting to configure the
device for WPA2-Enterprise security.
The module supports both pushing and pulling of certificates and private key files
to the device, utilizing FTP and Xmodem transfer protocols. The different
methods can be seen in Figure 8.
The CLI commands that manage the delivery process are described in Table 21.
Command
Description
put-cert [file name]
Will cause the device server that you are going to push the
certificate to, to wait for the attached host to initiate the
Xmodem transfer to the module. This method supports
Xmodem transfer over a serial interface or in a telnet session.
The filename included as the argument will be the name the file
is saved with on the device server. This name is the one to be
referenced when a certificate is called.
No file path should be included.
An extension must be included.
Once the command is issued the device server waits for the
attached host to initiate an Xmodem transfer. Once the transfer
of the file is complete the command returns an OK.
Once the download is complete it is necessary for the save
command to be issued, this will cause the certificate to be
stored to the device server.
get-cert [file name]
Will cause the device server to retrieve a certificate from the
FTP server identified by the parameters associated with the
following commands:
ftp-server-path
ftp-server-address
ftp-user
ftp-password
ftp-filename
Once the download is complete it is necessary for the save
command to be issued, this will cause the certificate to be
stored to the device server.
No file path should be included.
It is required that the device server is associated and
authenticated with a network and has a valid IP address before
issuing this command.
ftp-server-address
This defines the IP address of the target FTP server. The
address must be in the standard format XXX.XXX.XXX.XXX.
Where XXX can have a value between 0 and 255. The resultant
IP address must not be 0.0.0.0.
ftp-server-path
This defines the directory path for the subdirectory that
contains the target certificate to be downloaded.
This does not need to be set if the file is in the default directory
for the specified ftp-user.
ftp-user
Defines the username for the FTP account, associated to the
FTP server defined by ftp-server-address.
ftp-password
Defines the password for the FTP account, associated to the
FTP server defined by ftp-server-address.
ftp-filename
Defines the name of the certificate or private key file to be
uploaded or downloaded. The file extension must be included.
The filename does not support wildcards.
Table 21 - Certificate Delivery Commands
66 Airborne Enterprise CLI Reference Manual
The use of these commands depends upon the transfer protocol being used.
Command
Description
list-cert
This provides a list of certificates resident on the module,
including files that have been transferred but not yet saved to the
module.
del-cert [cert name]
The command deletes certificates that are stored on the module;
the command requires a filename argument to be supplied. The
filename argument does support wild cards e.g.
del-cert *.* : Will delete all certificates.
del-cert user*.* : Will delete all certificates beginning with
user
It is required to issue the save command after this command to
make the changes permanent.
Figure 8 - Certificate and Private Key Delivery Methods
Control of the certificate and private key files is handled by a separate group of
commands these are described in Table 22.
Table 22 - Certificate Management Commands
Airborne Enterprise CLI Reference Manual 67
Command
Description
clear-cred
This command allows the credentials stored in the module to be
cleared prior to any new ones being applied. The use of this
command is recommended to guarantee that no artifacts of a
previous security configuration impact the success of any new
applied configuration.
The command clears the following:
pre-calc-psk
ca-cert-filename
ca-cert2-filename
client-cert-filename
client-cert2-filename
priv-key-filename
priv-key2-filename
dh-parm-filename
dh-parm2-filename
priv-key-password
priv-key2-password
eapfast-pac-filename
eap-password
eap-ident
eap-anon-ident
eap-phase1
eap-phase2
subject-match
subject-match2
alt-subject-match
alt-subject-match2
user-wpa-supp-filename
cfg-encrypt
Resets command to default:
pw-wpa-psk passphrase
Clears the following files::
EAP-FAST PAC
clear [parameter]
This command allows a single parameter to be cleared.
The following commands can be cleared:
ca-cert-filename
ca-cert2-filename
client-cert-filename
client-cert2-filename
priv-key-filename
priv-key2-filename
dh-parm-filename
dh-parm2-filename
priv-key-password
priv-key2-password
eapfast-pac-filename
eap-password
eap-ident
eap-anon-ident
eap-phase1
eap-phase2
subject-match
subject-match2
alt-subject-match
alt-subject-match2
user-wpa-supp-filename
ftp-server-address
ftp-server-path
ftp-user
ftp-password
ftp-filename
ssh-key
68 Airborne Enterprise CLI Reference Manual
Command
Description
save
This command moves any uploaded certificates or private keys to
permanent storage, making them persistent across restarts or
power cycles.
Issuing save after del-cert makes any certificate deletions
permanent.
The module is capable of storing multiple certificates. The number of certificates is
limited only by available resources; typically up to twenty (20) certificates can be held
by the module at any one time.
This allows multiple individual WPA2-Enterprise configurations to be applied to the
device server without needing additional certificates or private keys to be delivered to
the module.
Airborne Enterprise CLI Reference Manual 69
11.0 Using Configuration Files
The module allows configuration files, describing a predefined device configuration, to be
delivered and stored on the module. There are several advantages to using the
configuration files instead of command line or web interface input when configuring the
module, the process is not only quicker but is less error prone and can better support
configuration control, en mass and in-field updates.
There are two types of configuration file that can be delivered to the module, these are:
User This configuration file contains configuration information from a particular installation.
These parameters are ones which may change from location to location within multiple
or single deployments of devices. The file which contains these parameters is called
user_config.txt.
OEM This configuration file contains parameters that would be specific to the required factory
defaults of the module integrator. These would represent the out-of-the-box
configuration for the OEM product or a pre-defined configuration known by installers or
technicians. The file which contains these parameters is called oem_config.txt.
The two types of configuration file provide an option for the user to establish a set of their
own factory defaults should a module need to be redeployed or recovered, or an installer
incorrectly configures the device. When the device is to be recovered or redeployed the
user may use the factory RESET command or hardware input to return the configuration
to its original factory state. When the factory RESET is performed the
user_config.txt file is deleted but the oem_config.txt is retained.
The user type configuration file supports encryption of sensitive parameters, like
passwords, passphrases and keys. To use this option it is necessary to turn on the
encryption, section 12.0 describes how to use this feature.
The module supports delivery of the configuration files using either Xmodem or the builtin FTP client; Table 23 outlines the processes for creating, delivering and managing the
configuration file options.
70 Airborne Enterprise CLI Reference Manual
Command
Description
Obtain or create configuration
file
A file is required before the transfer to the module is performed.
This file must be a plain text file containing the parameters
which are to be configured, section XX outlines the file and
command format.
The file may be created in any text editor and does not need to
be called user_config.txt or oem_config.txt; it is
recommended that the file be named in a way that indicates the
installation and revision of the configuration. This name will be
used by the ftp-filename command to identify the file to be
uploaded when suing FTP for the transfer.
Alternately a configuration file can be pulled from an existing
module. Using the web interface it is possible to list the
configuration files available on the module and copy the
contents to a local host. This way supports the use of a pretested golden unit for configuration in large deployments or in a
configuration control system. This method is recommended by
B&B Electronics.
get-cfg [config_filename]
This command uses the configuration settings for the FTP client
and will upload the file identified by ftp-filename to the
module with the name [config_filename].
It is necessary that a valid configuration exist for the FTP client
before this command is used. See section 14.0 for details.
[config_filename]can be set as:
user_config.txt
oem_config.txt
user_enc_config.uue
It is necessary to issue a save after this command for the
configuration file to be persistent across power cycles or
restarts.
put-cfg [config_filename]
This will use Xmodem to upload the user configuration file to
the module with the name [config_filename].
Once the command has been issued the host connected
through the CLI session will need to start the Xmodem transfer
using Xmodem or Xmodem-1K.to the module.
[config_filename]can be set as:
user_config.txt
oem_config.txt
user_enc_config.uue
It is necessary to issue a save after this command for the
configuration file to be persistent across power cycles or
restarts.
list-cfg
This will list the installed configuration files on the module.
The command will list files that have been uploaded but have
not yet been saved to the module as well as those saved to the
module.
del-cfg [config_filename]
The command deletes configuration files that are stored on the
module; the command requires a filename argument
[config_filename] to be supplied.
The save command must be issued after this command to
make the changes persistent across power cycles and restarts.
Table 23 - Using Configuration Files
Airborne Enterprise CLI Reference Manual 71
Command
Description
save
This command moves any uploaded configuration files to
permanent storage, making them persistent across restarts or
power cycles.
Issuing save after del-cfg makes any certificate deletions
permanent.
11.1 Configuration File Format
The unencrypted configuration files are plain text files. The files contain the
configuration information for the module. The format of the file contents follows
the standard CLI command+parameter format; each line containing a separate
command and parameter.
The following is an example of a user_config.txt file:
#!/bin/qtsh
# /var/etc/config/user_config.txt
#
wl-ssid RADIUS_TEST
wl-security wpa2-psk
esc-mode-serial-p2 off
bit-rate-p2 921600
parity-p2 e
flow-p2 h
eth-dhcp-server enable
eth-role router
wl-route-default forward
eth-route-default accept
The first three lines are part of the system generated file and are not necessary
for manually generated configuration files.
72 Airborne Enterprise CLI Reference Manual
Command
Description
cfg-encrypt
[enable|disable|locked|
protected|permanent]
The command controls the securing of parameters in the
user_config.txt file by removing them from the user_config.txt
and creating an encrypted file user_enc_config.uue that contain the
parameters.
When enable is selected the module will split the contents of the
unencrypted user_config.txt (if it exists) into two files by removing the
sensitive parameters that are present in the files into encrypted versions of
the file. These encrypted files will be visible when the configuration files
are listed by the list-cfg command but cannot be viewed in a plain text
editor. A full description of the parameters is shown in section 19.0.
The new file created is named user_enc_config.uue.
If disable is selected subsequent to enable being selected the contents
of the encrypted file are merged with the user_config.txt file and the
parameters in the encrypted file become visible in plain text. This is useful
for testing out the process and confirming the parameter encryption is
working.
When deploying in the field it is recommended that locked, protected
or permanent be used.
list-cfg
This command lists the configuration files available on the module. If cfgencrypt is enabled the encrypted file (user_enc_config.uue) will be
listed in the response.
clear cfg-encrypt
Clears the state of the cfg-encrypt setting when one of the encrypted
option has been enabled. The resultant state of the module depends upon
the option applied.
If the state is locked, issuing the command will change the state of cfg-
encrypt to enable. This is a Level 5 (manufacturer) command.
If the state is protected, issuing the command will change the state of
cfg-encrypt to disable and will delete the user_enc_config.uue
file. This will remove all protected settings. This is a Level 5 (manufacturer)
command. Caution should be taken when using this option as it may impact
the user‟s ability to connect to the module.
12.0 Protecting Configuration Settings
Included in the module is the ability to protect sensitive configuration settings from prying
eyes. This is achieved through enabling the encryption of those parts of the configuration
that are considered sensitive. When enabled the sensitive settings like passwords,
passphrase and keys are removed from the displayed configurations and stored in a
separate encrypted file.
The default configuration for the module is to include all settings when the
user_config.txt file is viewed. In this case passwords, passphrases and WEP keys
are stored in plain text, in the configuration file. Although access to this file still requires
authentication to the module, once authenticated anyone can view the settings.
The encryption setting for the device removes the sensitive parameters for the
user_config.txt and places them in an encrypted file that cannot be directly viewed
even when fully authenticated to the module. The following table describes the settings
used to enable and disable the encryption of the sensitive settings; it also describes the
impacted parameters.
Table 24 - Encryption of Configuration Files
Airborne Enterprise CLI Reference Manual 73
Command
Description
reset
Returns the module to OEM defaults.
If the state is permanent, issuing the command will return the module to
OEM defaults and delete the user_enc_config.uue file. This is a Level 5
(manufacturer) command.
auth-level
This command allows the required authentication level required for a given
command to be changed.
When using cfg-encrypt permanent it is recommend that the reset
commands authentication level be raised to the same level as the cfg-
encrypt command (level 5 - manufacturer).
Use the command as follows:
auth-level reset 5
Command
Description
Copy source configuration
files from example module
The user_config.txt and
user_enc_config.uue files must be copied from a
configured module and saved on the configuration
station.
The user_config.txt must contain the line:
cfg-encrypt enable
get-cfg user_config.txt
This will use the FTP settings (See section 14.0) to
upload the user configuration file.
get-cfg user_enc_config.txt
This will use the FTP settings (See section 14.0) to
upload the encrypted user configuration file.
put-cfg user_config.txt
This will use Xmodem to upload the user configuration
file. Once the command has been issued the host
connected through the CLI session will need to start
the Xmodem transfer using Xmodem or Xmodem-1K.
put-cfg user_enc_config.txt
This will use Xmodem to upload the encrypted user
configuration file. Once the command has been issued
the host connected through the CLI session will need
to start the Xmodem transfer using Xmodem or
Xmodem-1K.
save
This command moves any uploaded configuration files
to permanent storage, making them persistent across
restarts or power cycles.
12.1 Transferring Encrypted Configurations
It is possible to transfer encrypted configurations in the same way unencrypted
configurations can be moved. When transferring the encrypted configuration it is
necessary to deliver both the user_config.txt and the
user_enc_config.uue files to the module. The target module must have
cfg-encrypt enable set, this must be part of the delivered userconfig.txt file.
The transfer an encrypted configuration the steps in Table 25 must be taken.
Table 25 - Encrypted Configuration Delivery
74 Airborne Enterprise CLI Reference Manual
Only FTP or Xmodem need to be used for the transfer of the configuration files to the
module.
IMPORTANT: Both the user_config.txt and user_enc_config.uue files
must be delivered to the module when using the encrypted option. Failure to deliver
both files may cause incorrect operation of the module and cause it to become
inaccessible.
If both files are not delivered and the module is inaccessible it is necessary to apply a
factory default reset to the module.
Airborne Enterprise CLI Reference Manual 75
Command
Description
wl-type
This determines the network type being used by the device server, roaming
applies to Infrastructure type only.
wl-band-pref
This determines the 802.11 band that will be used by the device. Options
include 2.4GHz, 5GHz or auto (scans both bands).
wl-ssid
This defines the Service Set Identifier or network name the device is to
associate to.
wl-rate
This defines the maximum connection rate that the device will connect with in
Mbps. It will limit the upper level connection rate but will not prevent auto-fall
back rates should network coverage cause a lower rate to be selected.
Using a lower rate may provide a better connection and longer range.
wl-fixed-rate
This parameter locks the wl-rate and prevents auto fallback.
Use of this feature can cause the device server to not function in most 802.11
networks, unless a basic rate (1Mbps or 2Mbps) is selected by the wl-rate
command.
Use of this command is not recommended.
wl-specific-scan
Determines how the device server scans for AP.
0
Use Broadcast Probes to attempt to find an Access Point.
1
Use Directed Probes to attempt to find an Access Point. In this
mode only AP‟s with matching SSID‟s to the module will be
probed.
When using Broadcast probes all AP advertising their SSID‟s will respond to the
scan, this will cause a result for wl-scan command that will provide a list of
all responding AP‟s within range of the device server.
Directed probes will limit responses to only those AP‟s with matching SSID‟s to
the device servers. This will also restrict the wl-scan response to only those
AP‟s with identical SSID‟s within range.
wl-assoc-backoff
The amount of time in milliseconds to back-off after the configured number of
failed association attempts (defined by wl-assoc-retries). During the
back-off period the device will not attempt to associate with the AP.
The back-off time has a range of 0-20,000 milliseconds (0 to 20 seconds).
This parameter will impact the aggressiveness of the association process for a
device server in fringe coverage or noisy environments.
wl-assoc-retries
The number of time the device server will attempt to retry an association
attempt, after a failure, before backing off.
The number of attempts can range from 0-32; the default is three (3).
This parameter will impact the aggressiveness of the association process for a
device server in fringe coverage or noisy environments.
13.0 WLAN Roaming
When configured for Infrastructure mode using the wl-type command, the Module
supports roaming in accordance with the IEEE 802.11 specification. The following set of
commands affect the Module‟s roaming capabilities:
Table 26 - Commands that Affect Roaming
76 Airborne Enterprise CLI Reference Manual
Command
Description
wl-beacons-missed
Configures the number of missed beacons, from an associated AP, that are
missed before a roam is attempted.
The number of beacons can range from 0-256; the default is six (6).
It is not recommended to set this parameter to zero (0).
This parameter will impact the roaming aggressiveness of the device server, the
smaller the number the faster the device will attempt to roam.
If wl-ssid is set to the value any, the Device Server will perform a scan of APs and
attempt to associate with the first AP that matches the security settings of the module,
this is typically the AP with the strongest signal strength. The use of the any SSID allows
the Device Server to associate with any AP that matches the modules security settings
and is in range. Therefore, as the Device Server becomes mobile, it may associate with
an AP that is not in your expected network. Due to the functionality of the any SSID you
have little to no control over the roaming behavior of the device server. The factory
default setting require the AP to be open (security disabled).
If wl-ssid is set to a value that is not the any string, the Device Server will scan for APs
that match the SSID and 802.11 capability information header. If a matching AP is found,
the Device Server will authenticate and attempt to associate. As the Device Server
becomes mobile, it will only roam to APs that match the SSID and 802.11 capability
information header.
The decision to roam is made entirely by the device server based upon the conditions of
the environment, which includes signal strength, noise, etc. The device server will
attempt to maintain as good a connection as possible and, based upon parameter
settings in the device server, will decide to move from one AP to another AP when it
cannot attain the quality of connection required.
Airborne Enterprise CLI Reference Manual 77
Command
Description
ftp-server-address
This defines the IP address of the target FTP server. The address must be in
the standard format XXX.XXX.XXX.XXX.
Where XXX must have an integer value between 0 and 255. The resultant Ip
address must not be 0.0.0.0.
ftp-server-path
This defines the directory path for the subdirectory that contains the target
certificate to be downloaded, from the default directory of the ftp-user.
This does not need to be set if the file is in the default directory for the
specified ftp-user.
ftp-user
Defines the username for the FTP account, associated to the FTP server
defined by ftp-server-address.
ftp-password
Defines the password for the FTP account, associated to the FTP server
defined by ftp-server-address.
ftp-filename
Defines the name of the certificate or private key file to be uploaded or
downloaded. The file extension must be included.
The filename does not support wildcards.
Command
Description
get-cert
Uploads Certificates and Private keys from the designated FTP server.
Requires the Certificate or Private Key file name as a parameter.
get-cfg
Uploads user or OEM configuration files from the designated FTP server.
Requires the Certificate or Private Key file name as a parameter.
update ftp
Uploads Airborne Device Server firmware image from the designated FTP
server.
14.0 FTP Configuration
The module includes an FTP client capable of uploading files to the device. The
embedded FTP client is capable of authenticating with a network based FTP server and
transferring a file to the device using the FTP protocol.
Table 27 - FTP Configuration Commands
To use this function it is necessary to configure the internal FTP Client with the necessary
information for the file upload, the related commands can be seen in Table 27. Once the
FTP configuration is applied all that is needed is the filename, as listed on the FTP server
target directory, to be updated.
The FTP client supports upload of Certificates, Private Keys, Configuration files and
Firmware. Separate commands determine the file type to be uploaded; Table 28 shows
the different commands. All of these commands require the correct configuration of the
FTP server parameters before being used; these parameters are described in Table 27.
Table 28 - FTP Upload Commands
78 Airborne Enterprise CLI Reference Manual
Only firmware authorized by B&B Electronics should be used. Any attempt to use an alternative
image will void the modules warranty.
CRITICAL: When updating firmware, power must be maintained during the entire update
process. Removal or interruption of the power supply may cause a corruption of the firmware
update and cause the module to stop functioning. If this occurs please contact B&B Electronics
Technical Support.
Command
Description
update
This single command is used for both the FTP and Xmodem firmware
updates.
An ftp argument is required to initiate an FTP download of the firmware
image. A valid FTP configuration must exist for the update to be successful.
If Xmodem is used the module will wait for the host to initiate the file
transfer after the update command is issued.
The modules configuration (user_config.txt, oem_config.txt and user_enc_config.uue), saved
certificates and private key files are preserved across any firmware update.
15.0 Firmware Update
The Airborne Enterprise Device Server supports in-field updating of the devices firmware,
to allow devices already deployed access to the latest feature updates and
enhancements. The process of firmware update is supported through both the serial and
the network ports. A single command is required to initiate and complete the update
process.
Delivery of the firmware image can be performed by either a FTP transfer (section 14.0)
or through Xmodem transfer (section 15.2). When the FTP process is used the device
server will locate the FTP server and pull the identified image file, once the download is
complete the firmware update will start automatically.
If Xmodem is used it is necessary for the module to be told that the updated image is
going to be sent before the attached host initiates an Xmodem transfer of the file to the
module. Once the download is completed the firmware update will start automatically.
The update process can take a significant amount of time depending upon the transfer
process used to deliver the firmware files. The Firmware image files can be 3MB or
larger, use of a slow serial interface (e.g. UART 9600 BAUD) will make file delivery a long
process, however when FTP is used the file delivery can take only a few seconds.
Regardless of the delivery process the actual firmware update process, once the file is
delivered, takes approximately 90 seconds. During the update process it is critical that
power is maintained to the device server.
Table 29 - update command description
Airborne Enterprise CLI Reference Manual 79
Command
Description
ftp-server-address
This defines the IP address of the FTP server on which the firmware
image is being stored. The address must be in the standard format
XXX.XXX.XXX.XXX.
Where XXX must have an integer value between 0 and 255. The
resultant IP address cannot be 0.0.0.0.
ftp-server-path
This defines the directory path for the subdirectory that contains the
target firmware image to be downloaded, from the default directory
of the ftp-user.
This does not need to be set if the file is in the default directory for
the specified ftp-user.
ftp-user
Defines the username for the FTP account, associated to the FTP
server defined by ftp-server-address.
ftp-password
Defines the password for the FTP account, associated to the FTP
server defined by ftp-server-address.
ftp-filename
Defines the name of the image file to be uploaded. The file extension
must be included.
update ftp
This initiates the firmware update process. The update process is
fully automatic once the command has been sent.
The module will automatically download the image file, install the
firmware update and restart the module.
Note that any user configuration settings will not be lost during the
process.
15.1 Using FTP to Update Firmware
To use the embedded FTP capabilities of the module for firmware update, it is
necessary to make sure the following settings are configured and the update
command is used as defined in Table 30. It is also required that the module is
associated to a wireless network or the Ethernet port is connected to a network
containing the FTP server defined in the configuration.
It is important to note that the FTP based update provides the quickest update
process due to the speed of the image download.
Table 30 - FTP Firmware Update
15.2 Using Xmodem to Update Firmware
When using Xmodem to do the firmware update there are no configuration
changes required on the module. The process does require that a host device on
either the serial or network ports can initiate an Xmodem file transfer, once the
device server is ready to receive the firmware image file.
To complete the update process the command in Table 31, must be executed in
a CLI session before any file transfer is initiated. Once executed the device
server is ready to receive the firmware image, the network host must then initiate
the file transfer using Xmodem. This can be done over the serial or network
interfaces.
80 Airborne Enterprise CLI Reference Manual
Command
Description
update
This initiates the firmware update process. The update process starts
when the host system initiates the firmware image file transfer.
The module will automatically download the image file, install the
firmware update and restart the module.
Note that any user configuration settings will not be lost during the
process.
Table 31 - Xmodem Firmware Update
Airborne Enterprise CLI Reference Manual 81
Step/Command
Description
ver-uboot
Issuing the ver-uboot command will allow identification of the current UBoot version installed on the Airborne device. The last three numbers of the
response indicate the version installed.
U-Boot 1.3.2 (Jul 16 2009 - 15:41:48) Quatech WLNx-9260 1.1.1
The above version of U-Boot is v1.1.1
Obtain U-Boot .img
file
The U-boot file can be downloaded from the B&B Electronics Support
website or requested from B&B Electronics Technical support.
Configure FTP Server
If using the FTP client to download the U-Boot firmware image, an FTP
server is required to deliver the u-boot file to the module. This server must
be on the same network and subnet as the module being updated.
An account for the unit must be set-up, the username and password will be
needed for configuration of the module.
The U-Boot file should be placed in the home directory of the FTP account.
If this is not possible the actual directory path from the home directory will
need to be known for the configuration of the module.
Configure Airborne
device
If using the FTP client to download the U-Boot firmware image the module
will need the FTP settings configured. See section 14.0 for details of how to
do this.
It is not necessary to commit the FTP settings to the Airborne unit before
using. However of not saved they will be lost on any restart or power cycle.
update-uboot [option]
Issue the update-uboot command with either the FTP or Xmodem update
option.
If [option] is ftp the device will download the U-Boot image from the
FTP server and automatically start the update process. This requires that the
FTP settings are already configured and correct.
If [option] is xmodem the device will wait for an Xmodem transfer to be
initiated by the connected host. The U-Boot image file will then be uploaded
and the module will automatically start the update process.
16.0 U-Boot Update
The update of the device servers U-Boot code is an infrequent event, however when
required the following procedure must be followed. Delivery of the U-Boot image can be
made using either the FTP or Xmodem update process. This procedure may be used for
U-Boot versions v1.0.0 and higher, if your unit has a U-Boot earlier than this please
contact B&B Electronics Technical support.
To successfully achieve the U-Boot update the sequence identified in Table 32 must be
followed.
The update cannot be done from the web interface, it is required that a CLI session on
the network or serial interface be used to initiate the U-Boot update process.
The FTP update process requires that the unit is successfully associated to a wireless
network.
Table 32- U-Boot Update Process
82 Airborne Enterprise CLI Reference Manual
Step/Command
Description
restart
The Airborne device should be restarted after the update process. This can
be achieved by issuing the restart command or power cycling the unit.
Only firmware authorized by B&B Electronics may be used. Any attempt to use an alternative
image will void the modules warranty and potentially cause the module to stop functioning.
CRITICAL: When updating any firmware, power must be maintained during the entire update
process. Removal or interruption of the power supply, during the update, may produce a
corruption of the firmware update and cause the module to stop functioning. If this occurs
please contact B&B Electronics Technical Support.
Airborne Enterprise CLI Reference Manual 83
Command
Description
radio-on
Enables the 802.11b/g radio. The radio will utilize the power profile defined
by pm-mode.
After this command is issued the radio will initiate and attempt to locate a
valid wireless network to associate with. If one is found it will attempt to
associate/authenticate.
radio-off
Disables the 802.11b/g radio.
After the command is issued the device server will close all TCP/IP and UDP
connections and power down the radio. When in this state the device server
will no longer be associated with a wireless network and any network based
communication will not be possible.
pm-mode
Sets the device server power management mode. Currently supports the
modes described in Table 34.
wl-sleep-timer
Sets the inactivity timer for the UART and network interfaces before the
module moves into sleep mode.
radio-startup
Determines the power state the radio after a device power up or restart.
This command allows the radio to be placed into one of three states after
the device server has completed its boot cycle. The three states include on
(normal operation), sleep (puts the radio into the sleep mode defined in the
pm-mode) and off (this is commonly called airplane mode).
Mode
CPU
OSC/PLL
Radio
Wakeup
active
ON
ON
ON
None.
doze
STOP
ON
PSPoll
UART/Serial Traffic or directed/broadcast radio
packet.
Radio wakes on DTIM Period.
17.0 Power Management
Control of the operating and standby power of the module can be critical in many
applications; the Airborne Enterprise Device Server family offers various levels of control
through the CLI interface, the following power save options are currently supported.
Table 33 – Power-Save Modes
The commands in Table 33 provide the most flexible power management options
available for any device server. The most important command is pm-mode, as this
provides automatic power management based upon the device operations and state, the
following section covers the various options available for this command.
To correctly utilize the pm-mode command it is necessary to understand the available
power modes and their impact upon the operation of the device and how this affects use
of the device.
The pm-mode command allows control of the operation of the radio and its power mode.
The available modes can be seen in Table 34, the following sections will detail the impact
of each of these modes on the radios state and operation of the device server.
Table 34 - pm-mode Parameters
84 Airborne Enterprise CLI Reference Manual
Mode
CPU
OSC/PLL
Radio
Wakeup
sleep
STOP
ON
Deep Sleep
UART/Serial Traffic.
Device disassociated from network.
wakeup
N/A
N/A
N/A
This parameter causes the radio to transition from
the sleep mode to either active or doze mode,
depending upon the power mode the radio was in
prior to entering sleep mode.
17.1 Mode: Active
This is the highest power mode; while active the radio is always on. This mode
represents 802.11 operation under which the radio will fully interact with the
medium and provides no power save functionality for the radio.
While in this mode the CPU utilizes its internal power management processes
and attempt to minimize power usage, however the radio will function continually
with this state enabled. While in the mode the radio will transmit and receive
packets to and from the 802.11 media.
The radio will continue to be associated with any network it has successfully
authenticated with.
17.2 Mode: Doze
While in this mode the device server‟s radio utilizes the 802.11 power save
standard PSPoll. When in the power save mode the radio remains is a low power
state and wakes to the active state to receive management frames called
beacons.
The period between waking to the active state is determined by the Access Point
(AP) and is determined by the DTIM (Delivery Traffic Indication Message) value
established by the AP. The greater the number the lower the power; however this
impacts the latency of the data.
While in this mode the CPU utilizes its internal power management processes
and attempt to minimize power usage, the radio will function in the power save
PSPoll mode with this state enabled. While in the mode the radio will transmit
and receive packets to and from the 802.11 media based upon the DTIM setting.
The radio will continue to be associated with any network it has successfully
authenticated with.
17.3 Mode: Sleep
While in this mode the radio is in its lowest power state.
The radio will lose association with any network it was attached to prior to
entering sleep mode. It will not re-associate while in the sleep mode.
Airborne Enterprise CLI Reference Manual 85
UART Mode
CLI
Actions
CLI
pm-mode sleep
Puts the radio into sleep mode.
pm-mode wakeup
Transitions radio from sleep mode to
either active or doze mode.
Listen
wl-sleep-timer <integer>
Defines the sleep activity timeout for
the UART.
Pass
wl-sleep-timer <integer>
Defines the sleep activity timeout for
the UART.
17.4 Mode: Wakeup
This mode causes a radio in sleep mode to transition to active or doze mode.
The mode the radio transitions to is the same as the mode it was in prior to
entering sleep mode.
When the command is issued the radio will transition to the previous power state
and will attempt to re-associate with its configured network, if it is available.
The wakeup parameter is not a persistent condition and is not committed to flash
if it was the last pm-mode parameter issued when a commit command is issued.
17.5 Using Sleep Mode
Sleep mode provides the lowest power draw of any operational mode and as
such provides significant advantage when used with battery or power sensitive
applications. However the use and operation of the sleep mode changes
depending upon the state and use of the UART interface, the following will
outline the differences between these conditions.
Table 35 - UART Mode Affect on Sleep Mode
86 Airborne Enterprise CLI Reference Manual
When the UART is in CLI mode the only way for the radio to enter sleep mode is
to issue the pm-mode sleep command. Similarly to leave sleep mode the pm-
mode wakeup command must be issued. In CLI mode it is assumed the host
system is managing the Device Server and control of the power state would be
completely under the hosts‟ control.
When the UART is in listen mode and the pm-mode has been set to sleep, either
by issuing the pm-mode sleep command or by setting the radio-startup
sleep parameter, the Device Server will wake from sleep mode based upon
UART traffic. When in sleep mode a UART in listen mode, will not be able to
accept incoming connection requests. When UART traffic is detected the radio
will wake from sleep and listen for incoming connection requests, if no requests
are received before the wl-sleep-timer expires, the radio will return to sleep
mode. In this mode the host can manage availability of the device by simply
sending a single character to the radio, lowering the management overhead and
minimizing state changes of the Device Server.
When the UART is in pass mode and a data tunnel has been established the
device server will enter sleep mode only if the wl-sleep-timer is set to a
value greater the zero (0). When is pass mode the data tunnel will remain active
until the inactivity timer wl-sleep-timer expires, when this happens the radio
will enter sleep mode. When in sleep mode the device server is not accessible
from the network interface and will not respond to any network initiated
communications. When UART traffic is detected the radio will wake from sleep
and re-establish the data tunnel, if no traffic is received or sent before the wl-
sleep-timer expires, the radio will return to sleep mode. Any serial transmitted
data sent before the data tunnel has been re-established will be buffered and
transmitted when the connection is available. In this use of the sleep mode, the
host is relieved of any power management monitoring or control of the device
server, while optimizing power usage.
When the UART pass mode is used with power save it is important to note that
the TCP/IP timeout is still running and will close the TCP/IP connection if it
expires before the device server re-establishes the TCP/IP connection from sleep
mode.
If the wl-sleep-timer is being used to manage the power state of the radio,
consideration must be made for the finite time the radio takes to re-establish its
connection with the network. This is true for both listen and pass mode operation.
If the wl-sleep-timer is set to a value that is less than the time it takes for the
radio to re-establish the connection it will place the radio back into sleep mode.
When in listen mode the time to be considered is the time it takes the radio to
associate to the target network (this must include any authentication delays that
may be introduced for the Enterprise authentication processes). When in pass
mode you must account for the additional network set-up time and packet
delivery. We do not recommend setting wl-sleep-timer to a value less than 6
seconds.
Airborne Enterprise CLI Reference Manual 87
Port
Primary Use
Actions
f
UART1 and LED
Indicators
serial-port enable, conn-led enable,
post-led enable, rf-link-led enable,
wln-cfg-led enable will restrict the number of
available GPIO on this port.
serial-port disable, conn-led disable,
post-led disable, rf-link-led disable,
wln-cfg-led disable will allow all pins to be
used as GPIO on this port.
g
UART2
serial-port-p2 enable will restrict the
number of available GPIO on this port.
serial-port-p2 disable will allow all pins to
be used as GPIO on this port.
Port
serial-port enable
serial-port disable
f
0
LED_POST
GPIO
1
TXD1
GPIO
2
LED_RF_LINK
GPIO
3
LED_WLN_CFG
GPIO
4
RTS1
GPIO
5
CTS1
GPIO
6
LED_CON
GPIO
7
RXD1
GPIO
Port
serial-port-p2 enable
serial-port-p2 disable
g
0
GPIO
GPIO
18.0 Digital GPIO
The module supports two Digital GPIO ports. The two ports can be configured and written
or read via the CLI interface, the following describes the functionality of the GPIO
interface.
18.1 Available GPIO Interfaces
There are two GPIO ports available through the CLI interface. These ports are
multipurpose and must be configured correctly for use as Digital GPIO. The ports
different functions are mutually exclusive, with the exception of the LED indicator
interface.
Table 36 - Port Type Summary
88 Airborne Enterprise CLI Reference Manual
Table 37 - Port f Configuration
Table 38 - Port g Configuration
Port
serial-port-p2 enable
serial-port-p2 disable
1
CTS2
GPIO
2
RTS2
GPIO
3
N/A
N/A
4
N/A
N/A
5
N/A
N/A
6
RXD2
GPIO
7
TXD2
GPIO
Command
Description
io-dir <portID> <state>
Sets the direction of the indicated port. This command sets
the direction without requiring a restart or power cycle.
This command is temporary and is not persistent across a
restart or power cycle. To set the default direction of the
ports the io-dir-f or io-dir-g commands must be
used.
The command has the same bit restrictions the io-dir-f
and io-dir-g command have.
The <portID> is a combination of the port name (g or f)
and the bit to apply the state to (0 through 7), for instance
g0 would affect the first pin on port g.
The <state> can be set as either in or out depending
upon the desired direction for the GPIO.
18.2 Default Configuration of GPIO
By default the GPIO interface is not enabled. It is necessary to reconfigure the
GPIO pins as identified in section 18.1 through use of the commands and actions
described in section 18.3.
18.3 Configuring GPIO ports
The available GPIO can be configured as inputs or outputs using a set of CLI
commands. The commands listed in Table 39 provide control of the GPIO and
should be configured to match the application.
Table 39 - GPIO Default Settings Command List
Airborne Enterprise CLI Reference Manual 89
Command
Description
io-pullup <portID> <state>
Enables or disables the internal pull-up resistors for the
specified GPIO pin.
This command is temporary and is not persistent across a
restart or power cycle. To set the default direction of the
ports the io-pullup-f or io-pullup-g commands
must be used.
The command has the same bit restrictions the io-
pullup-f and io-pullup-g command have.
The internal pull-up resistor is enabled by default.
The <portID> is a combination of the port name (g or f)
and the bit to apply the state to (0 through 7), for instance
g0 would affect the first pin on port g.
The <state> can be set as either enable or disable.
io-dir-f <state>
Sets the direction of the GPIO pins in port f. It is required
to issue a commit after the command for the parameters
to be persistent across restarts or power cycles.
This command requires a restart or power cycle to be
applied.
For a pin to be an input it must be set to 1, for output it
must be set to 0.
The <state> for the pins is the decimal value of the 8 bit
binary value that represents the desired state of the 8
GPIO in the port, e.g. 11111111 = 255 (all pins input),
11110000 = 240 (7,6,5,4 = Input, 3,2,1,0 = output).
Requires that the primary UART and LED signals have been
disabled.
io-dir-g <state>
Sets the direction of the GPIO pins in port g. It is required
to issue a commit after the command for the parameters
to be persistent across restarts or power cycles.
This command requires a restart or power cycle to be
applied.
For a pin to be an input it must be set to 1, for output it
must be set to 0. Note that pin 3,4 and 5 are ignored
The <state> for the pins is the decimal value of the 8 bit
binary value that represents the desired state of the 8
GPIO in the port, e.g. 11111111 = 255 (all pins input),
11110000 = 240 (7, 6= Input; 2, 1, 0 = output; 5, 4, 3 =
ignored).
Requires that the secondary UART has been disabled.
90 Airborne Enterprise CLI Reference Manual
Command
Description
io-pullup-f <state>
Enables or disable the internal pull-up resistors of the
GPIO pins in port f. It is required to issue a commit after
the command for the parameters to be persistent across
restarts or power cycles.
This command requires a restart or power cycle to be
applied.
For a pin to be an input it must be set to 1, for output it
must be set to 0.
The <state> for the pins is the decimal value of the 8 bit
binary value that represents the desired state of the 8
GPIO in the port, e.g. 11111111 = 255 (all pins input),
11110000 = 240 (7,6,5,4 = Input, 3,2,1,0 = output).
Requires that the primary UART and LED signals have been
disabled.
io-pullup-g <state>
Enables or disable the internal pull-up resistors of the
GPIO pins in port g. It is required to issue a commit after
the command for the parameters to be persistent across
restarts or power cycles.
This command requires a restart or power cycle to be
applied.
For a pin to be an input it must be set to 1, for output it
must be set to 0. Note that pin 3,4 and 5 are ignored
The <state> for the pins is the decimal value of the 8 bit
binary value that represents the desired state of the 8
GPIO in the port, e.g. 11111111 = 255 (all pins input),
11110000 = 240 (7, 6= Input; 2, 1, 0 = output; 5, 4, 3 =
ignored).
Requires that the secondary UART has been disabled.
conn-led <state>
Enables or disables the CONN LED to allow the pin to be
used as a GPIO.
The <state> can be set as either enable or disable.
post-led <state>
Enables or disables the POST LED to allow the pin to be
used as a GPIO.
The <state> can be set as either enable or disable.
rf-link-led <state>
Enables or disables the RF_LINK LED to allow the pin to be
used as a GPIO.
The <state> can be set as either enable or disable.
wln-cfg-led <state>
Enables or disables the WLN_CFG LED to allow the pin to
be used as a GPIO.
The <state> can be set as either enable or disable.
serial-port-pX <state>
Enables or disables the primary serial port (UART1).
The <state> can be set as either enable or disable.
Airborne Enterprise CLI Reference Manual 91
If your system uses pull-up resistors on the circuit assembly then it is not
necessary to enable the internal pull-up resistors available on the device server,
to do this issue io-pullup-f disable or io-pullup-g disable and
commit the parameter.
Command
Description
io-read <portID>
Reads the state of the GPIO pin identified by the
<portID>.
The <portID> is a combination of the port name (g or f)
and the bit to read (0 through 7), for instance g0 would
read the first pin on port g.
The command requires the <portID> be set to input.
io-write <portID> <state>
Writes the value of <state> to the GPIO pin identified by
the <portID>.
The <portID> is a combination of the port name (g or f)
and the bit to read (0 through 7), for instance g0 would
read the first pin on port g.
The <state> can equal 1 or 0.
The command requires the <portID> be set to output.
18.4 Using GPIO ports
Once enabled the GPIO ports can written to or read using the CLI interface.
Table 40 shows the commands and their use.
Table 40 - GPIO Read/Write CLI Commands
92 Airborne Enterprise CLI Reference Manual
The CLI interface provides the following on-line help support:
1. Trailing a command with a „?’ will return a description of the command function and
valid argument list e.g.
pm-mode ?
returns…
Usage: pm-mode [active | doze]
Sets the Module's power-management mode. Parameters are
active and doze.
Default is active.
2. Entering „?’ (after authenticating with the module) will provide a full list of the
available CLI commands.
3. Entering „?’ after a partial command will return all commands that begin with the
characters that proceeds the „?’.
For example:
io?
returns…
io-dir
io-dir-f
io-dir-g
io-pullup
io-pullup-f
io-pullup-g
io-read
io-write
OK
19.0 Command Descriptions
The following section will describe the commands relating specifically to the Airborne
Enterprise Device Server and Ethernet Bridge family.
Airborne Enterprise CLI Reference Manual 93
Command
? [Question Mark]
Arguments
none
Security
Level
1 (all)
Device Type
All
Default
none
Description
This command provide text help and supports three use cases:
When used by itself at the command prompt it will cause the device server to display all available
commands. The list is not device functionality sensitive. This response is identical to the help command.
When used as the last character of a command or partial command, the device server will display all of
the available commands that start with the command or partial command text. For example to get all
the commands that begin with “ftp” issue “ftp?” (There should not be a space between the command
text and the “?”.
When used as an argument with a command, the device server will display the arguments for the
command and describe the function of the command as an ASCII text response. Note that there must be
no other arguments with the command for the help to be displayed.
get-cfg ?
Usage: get-cfg [String]
Uses FTP to get a configuration file from an FTP server. It
uses the ftp-server-address, ftp-server-path, ftp-user, and
ftp-password to get the specified configuration file. The
filename should not include any path information. A save
command must be issued for the configuration file to be saved
in flash.
Note that there must be no other arguments with the command for the help to be displayed.
? [Question Mark]
94 Airborne Enterprise CLI Reference Manual
Command
alt-subject-match
Arguments
[string]
Security
Level
3 (config)
Device Type
All
Default
[blank]
Description
A string of entries, separated by semicolons that are matched against the alternative subject name of
the authentication server certificate defined by the ca-cert-filename command333333.
If this string is set, the server certificate is only accepted if it contains one of the entries in the
alternative subject extension.
The required string must be entered in the following format: TYPE:VALUE
Where the supported types include EMAIL, DNS, URL
The value format must match the set TYPE e.g.;
EMAIL:guest@example.com
DNS:server.example.com;DNS:server2.example.com
Command
alt-subject-match2
Arguments
[string]
Security
Level
3 (config)
Device Type
All
Default
[blank]
Description
A string of entries, separated by semicolons that are matched against the alternative subject name of
the authentication server certificate defined by the ca-cert2-filename command.
If this string is set, the server certificate is only accepted if it contains one of the entries in the
alternative subject extension.
The required string must be entered in the following format: TYPE:VALUE
Where the supported types include EMAIL, DNS, URL
The value format must match the set TYPE e.g.;
EMAIL:guest@example.com
DNS:server.example.com;DNS:server2.example.com
The string is used during the inner authentication phase.
alt-subject-match
alt-subject-match2
Airborne Enterprise CLI Reference Manual 95
Command
apply-cfg
Arguments
serial | radio | ethernet | firewall | ports
Security
Level
3 (config)
Device Type
All
Default
0
Description
Applies the selected settings immediately, without requiring a restart.
serial-p#
Applies following serial port settings.
Where p# can be p1 or p2. The settings will apply to the port number
indicated. The parameter maybe issued without a suffix, in this case the
module will apply the configuration to the serial port the command was
entered on. If the command was entered from a telnet session without
the suffix, it will apply to serial port 1 (UART1).
This parameter only applies to a serial and UART devices.
bit-rate-p1
parity-p1
flow-p1
data-bits-p1
stop-bit-p1
input-size-p1
intf-type-p1
serial-assert-p1
bit-rate-p2
parity-p2
flow-p2
data-bits-p2
stop-bit-p2
input-size-p2
intf-type-p2
serial-assert-p2
radio
Applies following radio configurations:
wl-ssid
wl-type
wl-chan
wl-ip
wl-subnet
wl-gateway
wl-udap
wl-dhcp
wl-dhcp-client
wl-dns1
wl-dns2
wl-dhcp-mode
wl-dhcp-interval
wl-dhcp-fb
wl-dhcp-acqlimit
wl-dhcp-fbip
wl-dhcp-fbsubnet
wl-dhcp-fbauto
wl-dhcp-fbper
wl-con-led
wl-security
pw-wpa-psk
pw-leap
user-leap
wl-auth
wl-def-key
wl-wpa-format
wl-key1
wl-key2
wl-key3
wl-key4
wl-rate
wl-region
ca-cert-filename
ca-cert2-filename
client-cert-filename
client-cert2-filename
priv-key-filename
priv-key2-filename
dh-parm-filename
dh-parm2-filename
priv-key-password
priv-key2-password
eapfast-pac-filename
eap-password
eap-ident
eap-anon-ident
eap-phase1
eap-phase2
subject-match
subject-match2
alt-subject-match
alt-subject-match2
user-wpa-supp-filename
apply-cfg
96 Airborne Enterprise CLI Reference Manual
ethernet
Applies following Ethernet port settings:
eth-ip
eth-gateway
eth-subnet
telnet-port
http-port
This parameter only applies to the Ethernet device.
firewall
Applies following Ethernet port settings:
wl-route-default
eth-route-default
wl-route
eth-route
This parameter only applies to the Ethernet device.
ports
Applies the following port settings:
telnet-port
http-port
Any settings applied with this command are temporary and will not be persistent across a restart or
power cycle. Any settings applied by this command can be made persistent across restarts and power
cycles by issuing the commit command.
Airborne Enterprise CLI Reference Manual 97
Command
arp-reachable-time
Arguments
[integer]
Security
Level
3 (config)
Device Type
All
Default
120
Description
The average amount of time before sending an ARP to each device in the ARP table. The actual rate is
a random amount of time between 0.5 and 1.5 times this value.
Value has the range of 1-254 seconds. The default time is 120 seconds.
The device server requires a restart or power cycle for this parameter change to take effect.
Command
arp-staleout-time
Arguments
[integer]
Security
Level
3 (config)
Device Type
All
Default
120
Description
The amount of time since the last observation of the IP address before scheduling that entry for
removal from the device severs internal ARP table.
Value has the range of 1-254 seconds. The default time is 120 seconds.
The device server requires a restart or power cycle for this parameter change to take effect.
arp-reachable-time
arp-staleout-time
98 Airborne Enterprise CLI Reference Manual
Command
auth-level
Arguments
[ASCII Text: command] [Integer: 1 - 5]
Security
Level
Read: 3 (config)
Write: 5 (manuf)
Device Type
All
Default
[blank]
Description
Changes the required authentication (user) level for a given command.
The command requires two arguments:
command
This identifies the Command Line Interface (CLI) command whose authentication
level will be changed by the command.
Supported commands:
reset
level
Identifies the authentication level required to execute the command.
0 = connectionless (L0)
1 = connection, not logged in (L1)
2 = data (L2)
3 = config (L3)
4 = OEM (L4)
5 = Manufacturing (manuf) (L5)
The value cannot be lower than the default value for the command.
Changing the commands authentication level will restrict use of the command by users
who do not have the required authentication levels for the command.
auth-level
Airborne Enterprise CLI Reference Manual 99
Command
blink-post-led
Arguments
on | off
Security
Level
3 (config)
Device Type
All
Default
[blank]
Description
Changes the state of the POST LED. This function allows the identification of the unit being talked to by
the network system, through physical indicator.
on
Causes the POST LED output to blink
off
Causes the POST LED to return to normal operation
Command
bit-rate | bit-rate-p1
Arguments
300 | 600 | 1200 | 2400 | 4800| 9600 | 14400 | 19200 | 28800 | 57600 | 115200 | 230400 | 460800 |
921600
Security
Level
3 (config)
Device Type
UART | Serial | Ethernet
Default
9600
Description
Sets the bit-rate of serial port 1 (UART1) in bits per second.
Use of the –p1 suffix on the command is optional.
Command
bit-rate-p2
Arguments
300 | 600 | 1200 | 2400 | 4800| 9600 | 14400 | 19200 | 28800 | 57600 | 115200 | 230400 | 460800 |
921600
Security
Level
3 (config)
Device Type
UART | Serial | Ethernet
Default
9600
Description
Sets the bit-rate of serial port 2 (UART2) in bits per second.
blink-post-led
bit-rate / bit-rate-p1
bit-rate-p2
100 Airborne Enterprise CLI Reference Manual
Loading...