Ericsson Wi Fi 40002001 User Manual

BelAir20E

BelAir20E

User Guide

Release: 12.0

Document Date: April 2, 2012
Document Number: BDTM02201-A01
Document Status: Standard

Security Status: Confidential

Customer Support: 613-254-7070

1-877-BelAir1 (235-2471)
techsupport@belairnetworks.com

© Copyright 2012 by BelAir Networks.

The information contained in this document is confidential and proprietary to BelAir Networks. Errors and Omissions Excepted.
Specification may be subject to change. All trademarks are the property of their respective owners.
Protected by U.S. Patents: 7,171,223, 7,164,667, 7,154,356, 7,030,712 and D501,195. Patents pending in the U.S. and other countries.
BelAir Networks, the BelAir Logo, BelAir200, BelAir200D, BelAir100, BelAir100S, BelAir100C, BelAir100T, BelAir20, BelAir20M, BelAir20E, BelAir20EO, BelAir100M,
BelAir100i, BelAir100SN, BelAir100SNE, BelAir100N, BelAir100P, BelView and BelView NMS are trademarks of BelAir Networks Inc.

Page 1 of 255

BelAir20E User Guide Contents

Contents

About This Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

System Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

BelAir20E Configuration Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . 6

Command Line Interface Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

BelAir20E Access Methods. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

User and Session Administration . . . . . . . . . . . . . . . . . . . . . . . . . . 35

IP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

System Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

BelAir20E Auto-configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

Ethernet or LAN Interface Settings . . . . . . . . . . . . . . . . . . . . . . . . 64

Card Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Wi-Fi Radio Configuration Overview . . . . . . . . . . . . . . . . . . . . . . 71

Configuring Wi-Fi Radio Parameters . . . . . . . . . . . . . . . . . . . . . . . 72

Configuring Wi-Fi Access Point Parameters . . . . . . . . . . . . . . . . . 80

Wi-Fi AP Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Wi-Fi Backhaul Link Configuration . . . . . . . . . . . . . . . . . . . . . . . 115

Mobile Backhaul Mesh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

Mobile Backhaul Point-to-point Links . . . . . . . . . . . . . . . . . . . . . 127

Operating in High Capacity and Interference Environments. . . . 138

DHCP Relay Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

Network Address Translation . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

Universal Access Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

Using Layer 2 Tunnels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

Quality of Service Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177

Layer 2 Network Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . 183

Performing a Software Upgrade. . . . . . . . . . . . . . . . . . . . . . . . . . 197

For More Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

Technical Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

Definitions and Acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208

Appendix A: Node Configuration Sheets . . . . . . . . . . . . . . . . . . 210

Appendix B: Mesh Auto-connection Example . . . . . . . . . . . . . . 213

Appendix C: Scripting Guidelines . . . . . . . . . . . . . . . . . . . . . . . . 223

Appendix D: BelAir20E Factory Defaults . . . . . . . . . . . . . . . . . . 240

Detailed Table of Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242

April 2, 2012 Confidential Page 2 of 255

Document Number BDTM02201-A01 Standard

BelAir20E User Guide About This Document

About This Document

This document provides the information you need to install and configure the
BelAir20E™, and the procedures for using the BelAir20E Command Line
Interface (CLI).

This document may contain alternate references to the product. Ta bl e 1 shows
possible synonyms to the product name.

Table 1: Product Name Synonyms

Product Name Synonym

BelAir20™, BelAir20E™, BelAir20EO™ BA20

Ty pog raph ica l Conventions

Related Documentation

This document uses the following typographical conventions:

• Text in < > indicates a parameter required as input for a CLI command;
for example, < IP address >

• Text in [ ] indicates optional parameters for a CLI command.

• Text in { } refers to a list of possible entries with | as the separator.

• Parameters in ( ) indicate that at least one of the parameters must entered.

The following titles are BelAir reference documents:

•

BelAir20E Quick Install Guide

•

BelAir20E Troubleshooting Guide

April 2, 2012 Confidential Page 3 of 255

Document Number BDTM02201-A01 Standard

BelAir20E User Guide System Overview

System Overview

The BelAir20E Access Point (AP) is an evolution of BelAir Networks indoor
solution and part of BelAir Networks industry leading product portfolio. The
BelAir20E adds standards-based beamforming, five Gigabit Ethernet ports
(one WAN port with PoE and four LAN ports), integrated antennas, and full

802.11n compliance (802.11n-2009) to BelAir Networks leading low cost, high

capacity indoor access.

The next generation BelAir20E continues to lead with the industry’s highest
performance and most flexible indoor access node. Offering all the same
features and management as the other BelAir products, the BelAir20E has been
optimized for managed hot spot applications, with Edge Policy Enforcement
using centralized control and a true Plug-and-Play architecture. And, with the
latest fully compliant 802.11n, it is ideal for even the most demanding
applications, including voice and video. The BelAir20E also provides
connectivity between indoor and outdoor networks, enabling true
standards-based seamless mobility as users move from outside to inside.

The operating temperature of the BelAir20E is -20 ºC to +45 ºC.

The BelAir20E is available in following models:

• The BelAir20E-11 contains both a 2.4 GHz radio and a 5.8 GHz radio.

• The BelAir20E-10 contains only a 2.4 GHz radio.

This document may describe 5.8 GHz radio functionality. In such case, the
descriptions apply to the BelAir20E-11 model only. They do not apply to the
BelAir20E-10 model.

The BelAir20E is available in following variants:

• The BelAir20E-11 and the BelAir20E-10 are available for the USA only.
Operators of the BelAir20E-11 and the BelAir20E-10 can set the country of

US

operation only to
transmit power levels can be set only to values that are valid for the USA.

• The BelAir20E-11R and the BelAir20E-10R are available for countries other
than the USA. Operators of the BelAir20E-11R and the BelAir20E-10R can
set the country of operation to any BelAir approved country. Similarly, the
operating channels, antenna gain, and the transmit power levels can be set
to values that are valid for the specified country of operation.

. Similarly, the operating channels, antenna gain, and the

April 2, 2012 Confidential Page 4 of 255

Document Number BDTM02201-A01 Standard

BelAir20E User Guide System Overview

HTME

5.8 GHz
Radio

AC Power

Adapter

Antenna 0

LAN

48 V DC

Antenna 1 Antenna 2

2.4 GHz
Radio

100-240 V AC

Reset

Antenna 3

WAN

PoE

LAN LAN LAN

-11 model only

-11 model only

-11 model only

Hardware Description

Figure 1 on page 5 shows the relationship between the main BelAir20E

hardware modules.

Figure 1: BelAir20E Hardware Module Block Diagram

The BelAir20E consists of the following modules:

• one High Throughput Module Evolved (HTME) providing:

—a wireline 10/100/1000 Base-TX WAN Ethernet interface to the Internet

—four wireline 10/100/1000 Base-TX LAN Ethernet interfaces

—a 2.4 GHz Wi-Fi radio and a 5.8 GHz Wi-Fi radio (-11 model only) using

fully compliant 802.11n links. Each radio can act as an Access Point (AP)
or provide backhaul links. An AP provides user traffic wireless access to
the BelAir20E. Backhaul links connect to other BelAir radios to create a
radio mesh.

• four integrated dual-band antennas (-11 model only)

• an external connector field

April 2, 2012 Confidential Page 5 of 255

Document Number BDTM02201-A01 Standard

BelAir20E User Guide BelAir20E Configuration Interfaces

BelAir20E Configuration Interfaces

The BelAir20E can be accessed and configured using the following configuration
interfaces:

• the command line interface (CLI)

• the SNMP interface

• the Web interface (using either HTTPS or HTTP)

All three interfaces (CLI, SNMP and Web) have the same public IP address. All
three also access the same BelAir20E node database. That means that changes
made with one interface are seen immediately through the other interfaces.

Command Line Interface

SNMP Interface

The CLI allows you to configure and display all the parameters of a BelAir20E
unit, including:

• system parameters

• system configuration and status

• radio module configuration and status

• user accounts

• BelAir20E traffic statistics

• layer 2 functionality, such as those related to bridging and VLANs

• Quality of Service parameters

• alarm system configuration and alarms history

Each unit can have up to nine simultaneous CLI sessions (Telnet or SSH). For a
description of basic CLI commands and tasks see “Command Line Interface

Basics” on page 12.

The Simple Network Management Protocol (SNMP) provides a means of
communication between SNMP managers and SNMP agents. The SNMP
manager is typically a part of a network management system (NMS) such as HP
OpenView, while the BelAir20E provides the services of an SNMP agent.
Configuring the BelAir20E SNMP agent means configuring the SNMP
parameters to establish a relationship between the manager and the agent.

April 2, 2012 Confidential Page 6 of 255

Document Number BDTM02201-A01 Standard

BelAir20E User Guide BelAir20E Configuration Interfaces

The BelAir20E SNMP agent contains Management Information Base (MIB)
variables. A manager can query an agent for the value of MIB variables, or
request the agent to change the value of a MIB variable.

Refer to the following sections:

• “SNMP Configuration Guidelines” on page 27

• “SNMP Command Reference” on page 28

Integrating the BelAir20E with a Pre-deployed NMS

Table 2: Standard SNMP MIBs

File Name Description

BRIDGE-MIB.mib implements RFC1493

IANAifType-MIB.mib defines standard interface types assigned by the Internet

IEEE802dot11-MIB.mib IEEE MIB to manage 802.11 devices

IF-MIB.mib implements RFC2863

IP-MIB.mib defines IP and ICMO data types

PerfHist-TC-MIB.mib defines data types to support 15-minute performance history

In addition to providing support for the SNMP MIBs described in Tab l e 2, BelAir
Networks provides a number of enterprise MIB definitions that you can
integrate with your Network Management System (NMS). Table 3 on page 8
describes the BelAir20E SNMP MIBs. A copy of the BelAir20E SNMP MIBs is
available from the BelAir Networks online support center at:
www.belairnetworks.com/support/index.cfm.

Assigned Numbers Authority (IANA)

counts

RADIUS-ACC-CLIENT-MIB.mib implements RFC2620

RADIUS-AUTH-CLIENT-MIB.mib implements RFC2618

RSTP-MIB.mib implements 802.1w RSTP

SNMP-COMMUNITY-MIB.mib defines data types to support co-existence between SNMP

versions

SNMP-FRAMEWORK-MIB.mib implements RFC3411

SNMP-MPD-MIB.mib implements RFC3412

April 2, 2012 Confidential Page 7 of 255

Document Number BDTM02201-A01 Standard

BelAir20E User Guide BelAir20E Configuration Interfaces

Table 2: Standard SNMP MIBs (Continued)

File Name Description

SNMP-NOTIFICATION-MIB.mib implements RFC3413

SNMP-TARGET-MIB.mib implements RFC3413

SNMP-USER-BASED-SM-MIB.mib implements RFC3414

SNMPv2-CONF.mib implements RFC1450

SNMPv2-MIB.mib implements RFC1907

SNMPv2-SMI.mib implements RFC1450

SNMPv2-TC.mib implements RFC1450

SNMP-VIEW-BASED-ACM-MIB.mib implements RFC3415

Table 3: BelAir Enterprise MIBs

File Name Description

BELAIR-IEEE802DOT11-CLIENT.mib
BELAIR-IEEE802DOT11.mib

BELAIR-IP.mib defines BelAir IP data types

BELAIR-MESH.mib defines BelAir multipoint-to-multipoint data types

BELAIR-MOBILITY.mib defines data types to support mobile backhaul mesh and

BELAIR-PHYIF-MAPPING.mib defines data types to support universal slots

BELAIR-PRODUCTS.mib defines product object IDs

BELAIR-RSTP.mib defines RSTP data types

BELAIR-SMI.mib defines BelAir top level OID tree

BELAIR-SYSTEM.mib defines basic OAM features such as software download,

BELAIR-TC.mib defines BelAir data types

BELAIR-TUNNEL.mib defines L2TP data types

defines features that are not supported by the standard
IEEE802.11 MIB

point-to-point links

temperature and BelAir alarms

April 2, 2012 Confidential Page 8 of 255

Document Number BDTM02201-A01 Standard

BelAir20E User Guide BelAir20E Configuration Interfaces

Table 3: BelAir Enterprise MIBs (Continued)

File Name Description

BELAIR-WRM.mib defines BelAir WiMAX data types

The procedure for importing the SNMP MIB definition files depends on the
deployed NMS platform. Refer to your NMS platform documentation for
details.

Web Interface

Accessing the Web Interface

Accessing the System Page with Secure HTTP or with HTTP

BelAir Networks has verified that the BelAir20E Web interface operates
correctly with the following web browsers:

• Microsoft Internet Explorer version 6.0, service pack 2

• Mozilla Firefox version 1.5, or later

You can access the Web interface using either secure HTTP (HTTPS) or HTTP.
Both HTTP and HTTPS are enabled when each BelAir20E node is shipped. Each
unit can have up to five simultaneous CLI sessions (HTTP or HTTPS).

By default, the BelAir20E Web interface has an associated time-out value. If the
interface is inactive for 9 minutes, then you are disconnected from the
interface. To reconnect to the interface, you need to log in again.

To log in to the BelAir20E Web interface and access the main page using HTTPS
or HTTP, do the following steps:

1 Open your Web browser and specify the IP address of the BelAir20E node

you want to access.
The default IP address of each BelAir20E node is: 10.1.1.10.

Figure 2 shows the resulting Login page.

April 2, 2012 Confidential Page 9 of 255

Document Number BDTM02201-A01 Standard

BelAir20E User Guide BelAir20E Configuration Interfaces

Figure 2: Typical Login Page

2 Enter a valid user name, such as root, and a valid password.

Note:The specified password is case sensitive.

Figure 3 on page 10

interface.

Figure 3: Typical Web Interface Main Page

shows a typical resulting main page for the Web

April 2, 2012 Confidential Page 10 of 255

Document Number BDTM02201-A01 Standard

BelAir20E User Guide BelAir20E Configuration Interfaces

Stopping a Session To stop a Web interface session, click on the Logout button located in the top

right corner each page. See Figure 3.

Additional Troubleshooting Tools

The Web interface provides the following tools to display radio performance
metrics:

• a throughput meter

• histogram display of various performance metrics

These tools are only available with the Web interface. For full details, see the

BelAir20E Troubleshooting Guide

.

April 2, 2012 Confidential Page 11 of 255

Document Number BDTM02201-A01 Standard

BelAir20E User Guide Command Line Interface Basics

Command Line Interface Basics

Use this chapter to familiarize yourself with basic CLI tasks, including:

• “Connecting to the BelAir20E” on page 12

• “Starting a CLI Session” on page 12

• “Command Modes” on page 14

• “Abbreviating Commands ” on page 18

• “Command History” on page 18

• “Special CLI Keys ” on page 19

• “Help Command” on page 19

• “Common CLI Commands” on page 23

Connecting to the BelAir20E

CAUTION! Do not connect the BelAir20E to an operational data network before you

You can connect to the BelAir20E default address using one of the following
methods:

• through the BelAir20E radio interface

• by connecting directly to the Ethernet port on the BelAir20E

configure its desired IP network parameters. This may cause traffic disruptions
due to potentially duplicated IP addresses.

The BelAir20E unit must connect to an isolated LAN, or to a desktop or laptop
PC configured to communicate on the same IP sub-network as the BelAir20E.

Using the Radio Interface

Use a desktop or laptop PC equipped with a wireless 802.11a, 802.11b, 802.11g
or 802.11n compliant interface as required, configured with a static IP address
on the same subnet as the default OAM IP address (for example, 10.1.1.1/24).
For the required configuration procedure, refer to your PC and wireless
interface configuration manuals or contact your network administrator. The PC
will connect to the BelAir20E through the radio interface.

Connecting to the Ethernet Port

Use a cross-connect RJ45 cable to connect the Ethernet port of the unit.

For a detailed procedure, refer to the

BelAir20E Installation Guide

.

Starting a CLI Session

April 2, 2012 Confidential Page 12 of 255

Start a Telnet or secure shell (SSH) client and connect to the BelAir20E IP
address. If you are configuring the BelAir20E for the first time, you must use the

Document Number BDTM02201-A01 Standard

BelAir20E User Guide Command Line Interface Basics

BelAir20E default IP address (10.1.1.10). The BelAir20E prompts you for your
user name and password.

The default super-user account is “root”. The default password is “admin123”.

If the login is successful, the BelAir20E prompt is displayed. The default prompt
is “#”, if you login as root. Otherwise, the default prompt string is “>”.

Note 1: The terminal session locks after four unsuccessful login attempts. To

unlock the terminal session, you must enter the super-user password.

Note 2: BelAir20E CLI commands are not case sensitive (uppercase and

lowercase characters are equivalent). However, some command
parameters are case sensitive. For example, passwords and any Service
Set Identifier (SSID) supplied with the
sensitive. Also, all parameters of the
sensitive.

Note 3: Later, you will see that you can configure the BelAir20E to have more

than one interface with an IP address. For example, you can configure
Virtual LANs and management interfaces each with their own IP
address. If you do this, make sure your Telnet or secure shell (SSH)
connections are to a management interface. This ensures maximum
responsiveness for your session by keeping higher priority management
IP traffic separate from other IP traffic.

radio

syscmd

commands are case

commands are case

April 2, 2012 Confidential Page 13 of 255

Document Number BDTM02201-A01 Standard

BelAir20E User Guide Command Line Interface Basics

SSH Session Example of Initial Login

With secure shell, the system prompts you twice for your password.

ssh -l root 10.1.1.10
root@10.1.1.10's password:
BelAir Backhaul and Access Wireless Router
BelAir User: root
Password:
/#

Telnet Session Example of Initial Login

With Telnet, the system prompts you only once for your password.

telnet 10.1.1.10
BelAir Backhaul and Access Wireless Router
BelAir User: root
Password:
/#

Command Modes

The BelAir20E CLI has different configuration “modes”. Different commands
are available to you, depending on the selected mode.

Each card in the BelAir20E has at least one associated physical interface. Some
examples of physical interfaces are a Wi-Fi radio or an Ethernet interface.

Use the

mode

command to display the modes that are available. Because each
physical interface and each card in the BelAir20E has its own mode, displaying
the modes also displays a profile summary of the BelAir20E. See Figure 4.

April 2, 2012 Confidential Page 14 of 255

Document Number BDTM02201-A01 Standard

BelAir20E User Guide Command Line Interface Basics

/# mode
/card
/htme-1

/interface
/wifi-1-1 (HTMEv1 5GHz 802.11n)
/wifi-1-2 (HTMEv1 2.4GHz 802.11n)
/eth-1-1 (1000BASE-T)
/lan-1 (1000BASE-T)
/lan-2 (1000BASE-T)
/lan-3 (1000BASE-T)
/lan-4 (1000BASE-T)

/mgmt

/protocol
/ip
/nat
/radius
/rstp
/snmp
/sntp
/te-syst (tunnel)

/qos

/services
/auto-conn
/mobility

/ssh
/ssl
/syslog
/system
/diagnostics

• The node has one card. The HTME
card is in slot 1.

• The node has the following physical
interfaces:

—Interface

wifi-1-1

is associated

with the HTME 5.8 GHz radio.

—Interface

wifi-1-2

is associated

with the HTME 2.4 GHz radio.

—Interface

eth-1-1

is associated with
the HTME card’s Ethernet
interface.

—Interfaces

lan-1

to

lan-4

are
associated with the HTME card’s
LAN interfaces.

• The

mgmt

mode allows you to
control user accounts, which
authentication to use, and whether
you can access the node with Telnet.

• You can control the IP, RADIUS,
RSTP, SNMP, SNTP, L2TP and NAT
protocols through the

protocol

mode and its submodes.

• You can control auto-connect and
backhaul mobility through the

services

mode and its submodes.

• These modes allow you to control
SSH, SSL, Syslog and system settings.
You can also run diagnostics.

Figure 4: Sample Output of mode Command

April 2, 2012 Confidential Page 15 of 255

Document Number BDTM02201-A01 Standard

BelAir20E User Guide Command Line Interface Basics

Ta bl e 4

Table 4: Command Line Interface Modes

describes the modes that are supported.

Mode Description

“root” mode (/) The top or root level of the CLI commands.

Card Management: /card/<card_type>-<n>

one of:

•htme-<n>

Physical Interfaces: /interface/<iface>-<n>-<m>

one of:

• wifi-<n>-<m>

• eth-<n>-<m>

•lan-<n>

Configure hardware:

•

htme

is High Throughput Module, evolved

•<n> is slot number

Configure the BelAir20E physical interfaces:

• <iface> is the type of physical interface. One of:
—

wifi

: 802.11a/b/g/n, HTME radios

—

eth

: 1000Base-TX, HTME Ethernet

—

lan

: 1000Base-TX, HTME LAN

•<n> is the slot number where the interface is located
in the BelAir platform

• <m> is port number. <m> is 1 for most interfaces.
The HTME card can have multiple ports representing
multiple Wi-Fi radios operating different frequencies.
Some configurations may have multiple Ethernet or
LAN ports.

Node Management

mgmt • Configure user accounts, user authentication and

Te l n e t a c c e s s

Protocol Management: /protocol/<protocol>

April 2, 2012 Confidential Page 16 of 255

Document Number BDTM02201-A01 Standard

BelAir20E User Guide Command Line Interface Basics

Table 4: Command Line Interface Modes (Continued)

Mode Description

one of:

•ip

•nat

•radius

•rstp

• snmp

• sntp

• te-<eng>

Configure the following protocols:

• IP parameters for node and VLANs

•NAT

• RADIUS for user sessions

•RSTP

• SNMP

•SNTP

• L2TP tunnel engine (te). BelAir platforms can have one
tunnel engine per system (syst).

Services: /services/<service>

one of:

• auto-conn

• mobility

Configure the following services:

• Auto-configuration

•Backhaul mobility

Administration

qos Configure Quality of Service (QoS) parameters

ssh Configure Secure Shell (SSH) parameters

ssl Configure Secure Socket Layer (SSL) parameters

syslog Configure the destination of SYSLOG messages

See the

BelAir20E Troubleshooting Guide

for details.

system System and node configuration and administration

diagnostics Run link diagnostics.

You can move between modes with the cd command. For instance, you can
move from

/# cd /system
/system#

root

mode to

system

mode using the command:

April 2, 2012 Confidential Page 17 of 255

Document Number BDTM02201-A01 Standard

BelAir20E User Guide Command Line Interface Basics

Note 1: The prompt changes to match the current mode. You can further

customize the prompt to show the switch name or a 20-character
string that you define.

Note 2: Access to a mode is only allowed if the user has sufficient privileges to

execute commands in that mode.

When you access a given mode, only the commands pertaining to that mode
are available. For example, accessing

snmp

mode provides access to SNMP
commands. For a physical interface, this means that only the commands that
apply to that specific type and version of interface are available when you access
a particular physical interface. For example, if you access an HTMEv1 interface,
only the commands that apply to an HTMEv1 Wi-Fi radio are available.

Entering ? displays the commands that apply to the currently accessed mode.
Entering ?? or

help

displays the commands that apply to the currently accessed

mode plus common commands that are available in all modes.

Users may execute commands from other modes than the current one, by
prefixing the desired command with the slash character ‘/’ followed by the
mode’s name. For instance, entering:

Abbreviating Commands

Command History

/system# /protocol/snmp/show community

executes a command from

snmp

mode while in

system

mode.

You must enter only enough characters for the CLI to recognize the command
as unique.

The following example shows how to enter the

telnet status

/mgmt# sh t s

You can use the

:

history

command to display a list of the last commands that

mgmt

mode command

show

you have typed.

Example

/# history
8 h
9 hi
10 ?
11 show user
12 cd /system
13 show loads
14 show sessions
15 cd /

April 2, 2012 Confidential Page 18 of 255

Document Number BDTM02201-A01 Standard

BelAir20E User Guide Command Line Interface Basics

16 cd interface/wifi-1-1/
17 ?
18 show
19 show ssid table
20 show statistics
21 history

Special CLI Keys Command Completion

You can ask the CLI to complete a partially typed command or mode name by
pressing the
unambiguously, the CLI presents you with a list of possible completions. For
instance, entering:

/system# show co{tab}

produces the following output:

Available commands :
show communications
show config-download status
show coordinates
show country [detail]

Execution of the Last Typed Command

tab

key. If the command or mode name cannot be completed

Help Command ?

You may repeat the last command, by entering the ! key twice, followed by
carriage return.

Executing the Previous Commands

You may browse through the command history by using the up and down arrow
keys of a VT100 or compatible terminal. You can also execute a certain
command from the command history by entering the ! key, followed by the
command number (as displayed in the

history

command output) and carriage

return.

?? [<command>]
help [<command>]

These commands display:

• a list of commands available in the current mode

• help on a particular command available in the current mode

• help on commands starting with the given keyword in the current mode

Entering "??" is equivalent to entering "help".

April 2, 2012 Confidential Page 19 of 255

Document Number BDTM02201-A01 Standard

BelAir20E User Guide Command Line Interface Basics

Available Commands

Entering

?

displays the commands that apply to the currently accessed mode.

For example:

/mgmt# ?
Available commands :

adduser <user-name> -p <passwd> [ -d <default-mode>] [-g <grp-name>]
deluser <user-name>
moduser <user-name> [ -p <passwd>] [ -d <default-mode>] [-g <grp-name>]
set authentication-login {local | radius <list>}
set telnet {enabled|disabled}
show authentication-login
show telnet status
show user

Entering ?? or

help

displays the commands that apply to the currently accessed

mode plus common commands that are available in all modes. For example:

/mgmt# ??
Available commands :

adduser <user-name> -p <passwd> [ -d <default-mode>] [-g <grp-name>]
deluser <user-name>
moduser <user-name> [ -p <passwd>] [ -d <default-mode>] [-g <grp-name>]
set authentication-login {local | radius <list>}
set telnet {enabled|disabled}
show authentication-login
show telnet status
show user

alias [<replacement string> <token to be replaced>]
cd <path>
clear-screen
console lock
exit
help [ command ]
history
mode [<mode_name>]
passwd
ping <ip addr> [-l <size>]
run script <script file> [<output file>]
version
whoami
config-save [{active|backup} remoteip <server> remotefile <filename>
[{tftp | ftp [user <username> password <password>]}]]
config-restore remoteip <ipaddress> remotefile <filename> [{tftp | ftp

[user <username> password <password>]}] [force]
show date
su <username>

Keyword Help

Entering ?? or

help

followed by a keyword displays all possible commands

starting with that keyword. For example:

/mgmt# ?? show
Available commands :

April 2, 2012 Confidential Page 20 of 255

Document Number BDTM02201-A01 Standard

BelAir20E User Guide Command Line Interface Basics

show authentication-login
Description : show authentication login status and RADIUS servers
configuration
show telnet status
Description : shows the status of the telnet.
show user
Description : List all valid users, along with their permissible mode.
show date
Description : show current system date and time

Help for a Specific Command

When help is needed for a specific command, enter ?? or

help

followed by the

command within quotes. For example:

/mgmt# help "adduser"
Available commands :

adduser <user-name> -p <passwd> [ -d <default-mode>] [-g <grp-name>]
Description : Create a user.

Help with Abbreviations

When an abbreviation is used in the help string, all matching commands are
listed with the description. For example:

/mgmt# ?? s
Available commands :

set authentication-login {local | radius <list>}
Description : defines how login session will be authenticated.
set telnet {enabled|disabled}
Description : enable or disable CLI access via the telnet protocol.
show authentication-login
Description : show authentication login status and RADIUS servers
configuration
show telnet status
Description : shows the status of the telnet.
show user
Description : List all valid users, along with their permissible mode.
show date
Description : show current system date and time
su <username>
Description : Substitute present user with the given user.

Saving your Changes

If you change any settings from the system defaults, you must save those
changes to the configuration database to make sure they are applied the next
time the BelAir20E reboots. Similarly, you can restore the entire configuration
database from a previously saved backup copy.

Saving the Configuration Database

config-save [{active|backup} remoteip <ipaddress>
remotefile <filename>
[{tftp|ftp [user <usrname> password <pword>]}]]

This command allows you to save the current configuration of the entire
BelAir20E node. This includes all system, layer 2 and radio settings.

April 2, 2012 Confidential Page 21 of 255

Document Number BDTM02201-A01 Standard

BelAir20E User Guide Command Line Interface Basics

Restoring the Configuration Database

When used without its optional parameters, the
the configuration database for the active software load to persistent storage.
The stored configuration is automatically applied at the next reboot.

When used with its optional parameters, the
transfers the configuration database to a remote server.

If

active

is specified, the
for the active software load to persistent storage and then transfers it to a
remote server. If
software load is not saved. Instead, the configuration database for the active
software load that was saved previously to persistent storage, is transferred to
a remote server.

You can use either TFTP or FTP to communicate with the remote server. By
default, the
specify the username and password. The default FTP username is
and the default FTP password is
address of node making the request. If you do not use the default FTP
username, the FTP server must be configured to accept your username and
password.

config-restore remoteip <ipaddress> remotefile <filename>
[{tftp|ftp [user <usrname> password <pword>]}]]
[force]

This command transfers the configuration database from a remote server to
the active software load in persistent storage. This allows you to restore the
entire configuration database from a previously saved backup copy.

backup

config-save

config-save

is specified, the configuration database for the active

command uses TFTP. If you specify FTP, you can also

command saves the configuration database

root@<nodeip>

config-save

config-save

command saves

command also

anonymous

, where <nodeip> is the IP

Use the

You can use either TFTP or FTP to communicate with the remote server. By
default, the
specify the user name and password. The default FTP user name is
and the default FTP password is
address of node making the request. If you do not use the default FTP
username, the FTP server must be configured to accept your username and
password.

The optional
file that is being downloaded. You can use a backup copy that was created with
a different version of software than the current software installed on the unit. If
you do, BelAir Networks strongly recommends that you fully and thoroughly
verify the configuration and operation of the unit after you reboot the system
and before you save the restored configuration.

April 2, 2012 Confidential Page 22 of 255

Document Number BDTM02201-A01 Standard

reboot

command for the new configuration to take effect.

config-restore

force

command uses TFTP. If you specify FTP, you can also

anonymous

root@<nodeip>

parameter suppresses version checking on the configuration

, where <nodeip> is the IP

BelAir20E User Guide Command Line Interface Basics

Example

/# cd system
/system# config-restore remoteip 122.45.6.123 remotefile unitA.conf

Common CLI Commands

Terminating your CLI Session

Changing Your Password

CAUTION! If you forget the super-user account password, you may be unable to use all the

In addition to any previously described commands, the following commands are
always available, regardless of your current mode.

exit

Use this command to terminate your own CLI session at any time.

passwd

This command lets you change your current password. First, you are asked to
enter your old password. Then you must enter your new password twice, to
verify that you have typed it correctly.

Note: The specified password is case sensitive, must consist of alphanumeric

characters, must be at least six characters long, and cannot exceed 20
characters.

unit’s management functions and you may need to reset the unit’s configuration
to factory defaults.

Example

passwd
Old Password:

Enter New Password:
Reenter the Password:

Password updated Successfully

Clearing the Console Display

Locking the Console Display

clear-screen

This command clears your console display window.

console lock

This command lock your console display window. You must enter your
password to unlock it.

Displaying the Current Software Version

version

This command displays the version of the currently running BelAir software
load.

Example

/# version

April 2, 2012 Confidential Page 23 of 255

Document Number BDTM02201-A01 Standard

BelAir20E User Guide Command Line Interface Basics

Version is BA20E 12.0.0.D.2011.01.19.14.32 (r36096)

Displaying the Current Date and Time

Displaying Current User

show date

This command displays the current date and time.

Example 1

The following example displays the current date and time when it is set
manually.

/# show date
Current date: 2007-05-10 06:52:20

Example 2

The following example displays the current date and time when using a Simple
Network Time Protocol (SNTP) server and a time offset of -4 hours and 30
minutes. See “Configuring the System Date and Time” on page 51 for details.

/# show date
Current date: 2006-07-21 13:15:16 (UTC)

Current date: 2006-07-21 08:45:16

whoami

This command displays current user.

Example

/# whoami
/# Current User is root

Switching User Accounts

su <username>

This command changes the user account you are currently using. To return to

exit

the original user account, use the

command.

Example

/# whoami
Current User is root
/# su guest
/> whoami
Current User is guest
/> exit
/# whoami
Current User is root

Replacing a Token by a String

alias [<replacement string> <token to be replaced>]

This command replaces the specified token by the given string. It is provided for
customers writing scripts. See “Scripting Guidelines” on page 223.

April 2, 2012 Confidential Page 24 of 255

Document Number BDTM02201-A01 Standard

BelAir20E User Guide Command Line Interface Basics

Example

/# alias gu guest

Pinging a Host or Switch

Starting a Telnet Session

ping <host> [-1 <size>]

This command pings a host machine or switch using the host name or IP
address.

The following options are supported:

-l size

specifies the size of the ping request packets to be sent.

Examples

The following example shows typical ping output:

/# ping 10.1.1.100 -l 128
PING 10.1.1.100 (10.1.1.100): 128 data bytes
136 bytes from 10.1.1.100: icmp_seq=0 ttl=128 time=2.0 ms
136 bytes from 10.1.1.100: icmp_seq=1 ttl=128 time=1.2 ms
136 bytes from 10.1.1.100: icmp_seq=2 ttl=128 time=1.0 ms

--- 10.1.1.100 ping statistics --­3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 1.0/1.4/2.0 ms

telnet <ip address> [<port_number>]

This command lets you start a Telnet session to another machine, such as
another BelAir node, by specifying the IP address. By default t, Telnet uses
port 23. You can also specify an alternate port number.

Radio Configuration Summary

show interface summary

This command displays a summary of the configuration of all radio interfaces.

Example

The following example shows a typical output for a BelAir20.

/# show interface summary
wifi-1-1

Radio description:............ HTMv1 5GHz 802.11n

Admin state: ................. Enabled

Channel: ..................... 149

Access:

AP admin state: ............ Enabled

Backhaul:

link admin state: .......... Enabled

link id: ................... BelAirNetworks

topology: .................. mesh

wifi-1-2

Radio description:............ HTMv1 2.4GHz 802.11n

Admin state: ................. Enabled

Channel: ..................... 6

April 2, 2012 Confidential Page 25 of 255

Document Number BDTM02201-A01 Standard

BelAir20E User Guide Command Line Interface Basics

Access:

AP admin state: ............ Enabled

Backhaul:

link admin state: .......... Disabled

link id: ................... BelAirNetworks

topology: .................. mesh

April 2, 2012 Confidential Page 26 of 255

Document Number BDTM02201-A01 Standard

BelAir20E User Guide BelAir20E Access Methods

BelAir20E Access Methods

When a BelAir20E is shipped from the factory, all access methods (CLI, SNMP,
Telnet, HTTP, HTTPS, SSH) are enabled. You can use these interfaces to
configure the system’s IP networking parameters.

This chapter describes the CLI commands you can use to configure these
access methods.

Note: Some access methods, such as HTTP and HTTPS, are configured while

in SSL mode.

SNMP
Configuration

This section describes how to configure the BelAir20E to communicate to
either an SNMPv1/v2 server or an SNMPv3 server.

Guidelines

SNMPv1/v2 Servers To configure an SNMP community, use the

in “Communities” on page 29.
For sending traps, use the

to configure the node with the parameters of the destination SNMP manager.
Refer to “SNMP Command Reference” on page 28 for detailed descriptions of

all SNMP commands.

SNMPv3 Servers To configure an SNMP user, use the

page 30.

For sending notifications, use the

“Notifications” on page 30 to configure the node with the parameters of the

destination SNMP manager.
Refer to “SNMP Command Reference” on page 28 for detailed descriptions of

all SNMP commands, including entities that need to be predefined.

SNMP Naming Restrictions

SNMP community names, user names, and notification names must not contain
the following characters:

set trap

command described in “Traps” on page 29

set user

set notify

set community

command described in “Users” on

command described in

command described

—bar (|)

—semicolon (;)
—percent (%)
—double quotation mark (“)

April 2, 2012 Confidential Page 27 of 255

Document Number BDTM02201-A01 Standard

BelAir20E User Guide BelAir20E Access Methods

SNMP Command

The following sections show you how to configure SNMP functions.

Reference

SNMP Agent

SNMP Configuration

EngineId: 80003d9805000d67091448
Community configuration:

-----------------------­Index Name IP Address Privilege

----- ------------------ --------------- ----------­1 public 0.0.0.0 ReadOnly
2 private 10.1.1.70 ReadWrite

Trap configuration:

------------------­Index IP address Community Version

----- --------------- --------------- ------­1 10.1.1.70 public v1v2

/protocol/snmp/set snmp-agent {enabled | disabled}
/protocol/snmp/show snmp-agent

The

set snmp-agent

/protocol/snmp/show config [{v2 | v3 | all}]

Use the
Passwords are only displayed to users with

show config

command enables or disables SNMP access.

command to display the current SNMP configuration.

root

privileges. See “User Privilege

Levels” on page 35 for details.

Example 1

/protocol/snmp# show config v2

Example 2

/protocol/snmp# show config v3

EngineId: 80003d9805000d67006902
User configuration:

------------------­User Name IP address Auth Password Privacy Password Privilege

------------------------- --------------- ---- --------------- -------- --------------- --------­Test 0.0.0.0 MD5 md5md5md5 DES_CBC TEST ReadWrite

Notification configuration:

------------------­Name Type IP address Timeout Retry Auth Password Privacy Password

--------------- ------ --------------- ------- ----- ---- --------------- ------- --------­TRAP trap 10.1.1.70 1250 2 MD5 md5md5md5 DES_CBC TRAP

April 2, 2012 Confidential Page 28 of 255

Document Number BDTM02201-A01 Standard

BelAir20E User Guide BelAir20E Access Methods

Communities

/protocol/snmp/set community <CommunityIndex>
community-name <name> ipaddr <ip_addr>
privilege {readonly|readwrite}

/protocol/snmp/delete community <CommunityIndex>
/protocol/snmp/show community

The

set community

command configures the SNMP community security. You

can configure up to 10 communities. The community is assigned with privileges.

The

delete community

The

show

command displays the SNMP community configuration.

command deletes the specific community information.

Assigning an IP address of 0.0.0.0 to an SNMP community of a node allows node
access by all managers configured for that community. See “Example 1” on

page 29. To limit access to a single manager, enter the manager’s IP address. See
“Example 2” on page 29.

Example 1

/protocol/snmp# set community 1 community-name belair ipaddr 0.0.0.0 privilege readonly

In this example, all managers configured with the SNMP community of

belair

can access the node for read only functions.

Example 2

/protocol/snmp# set community 1 community-name belair200 ipaddr 10.10.10.11 privilege readonly
/protocol/snmp# set community 2 community-name belair100 ipaddr 20.20.20.20 privilege readwrite
/protocol/snmp# set community 3 community-name belcom ipaddr 30.30.30.30 privilege readonly

In the previous example, the manager at IP address 20.20.20.20 configured with
the SNMP community of

belair100

has read-write access to the node.

Example 3

/protocol/snmp# show community

Index Name IP Address Privilege

----- ------------------ --------------- ----------­1 public 0.0.0.0 ReadOnly
2 private 10.1.1.70 ReadWrite

Tr ap s

/protocol/snmp/set trap <index> mgr-addr <ip_addr>
community <name> version {v1|v2|both}

/protocol/snmp/delete trap <index>
/protocol/snmp/show trap

The

set trap

command configures the parameters of the SNMPv2 trap manager.

You can configure up to 10 traps.

delete trap

The

command deletes the specified trap manager information.

April 2, 2012 Confidential Page 29 of 255

Document Number BDTM02201-A01 Standard

BelAir20E User Guide BelAir20E Access Methods

The

show trap

command displays the SNMPv2 trap manager configuration

information.

Example 1

/protocol/snmp# set trap 1 mgr-addr 40.40.40.40 community bel1 version v1
/protocol/snmp# set trap 2 mgr-addr 41.41.41.41 community bel2 version v2

Example 2

/protocol/snmp# show trap
Index IP address Community Version

----- --------------- --------------- ------­1 10.1.1.70 public v1v2

Users

/protocol/snmp/set user <UserName> ipaddr <IP_addr>
access {readonly | readwrite}
[auth {md5 | sha} <password> [priv-DES <passwd>]]

/protocol/snmp/delete user <UserName>
/protocol/snmp/show user

The

set user

command defines an SNMPv3 user. You can define up to 10 users,

each with different authentication and privacy settings.

The

ipaddr

access

The

<password>

parameter specifies the IP address associated with this user. The

parameter specifies the level of access granted to this user.

parameter is the password required by the user to access

SNMP data. A user must supply this password if using a MIB browser.

The BelAir20E uses DES encryption to encrypt SNMP packets. The

priv-DES

parameter specifies the encryption key required to encrypt or decrypt the
packet.

The

delete user

The

show

to users with

command deletes the definition of the specified SNMP user.

command displays the configured users. Passwords are only displayed

root

privileges. See “User Privilege Levels” on page 35 for details.

Example 1

/protocol/snmp# set user v3md5 ipaddr 0.0.0.0 access readwrite auth md5 md5md5md5

Example 2

/protocol/snmp# show user

User Name IP address Auth Password Privacy Password Privilege

-------------- --------------- ---- --------------- -------- --------­v3md5 0.0.0.0 MD5 md5md5md5 None none ReadWrite

Notifications

/protocol/snmp/set notify <NotifyName> type {Trap | Inform}
ipaddr <IP_addr> [timeout <1-1500>]

April 2, 2012 Confidential Page 30 of 255

Document Number BDTM02201-A01 Standard