Extreme Networks AP3917E Users Guide

WiNG™ 5.9.1
Access Point, Wireless Controller and

Service Platform

CLI Reference Guide

Published September 2017

9035205

Published September 2017

9035205

9035205

Copyright © 2017 Extreme Networks, Inc. All Rights Reserved.

Legal Notices

Extreme Networks, Inc. reserves the right to make changes in specifications and other
information contained in this document and its website without prior notice. The reader
should in all cases consult representatives of Extreme Networks to determine whether any
such changes have been made.

The hardware, firmware, software or any specifications described or referred to in this
document are subject to change without notice.

Trademarks

Extreme Networks and the Extreme Networks logo are trademarks or registered
trademarks of Extreme Networks, Inc. in the United States and/or other countries.

All other names (including any product names) mentioned in this document are the
property of their respective owners and may be trademarks or registered trademarks of
their respective companies/owners.

For additional information about Extreme Networks trademarks, go to:

www.extremenetworks.com/company/legal/trademarks/

Support

For product support, including documentation, visit: www.extremenetworks.com/support/

Contents

ABOUT THIS GUIDE

Chapter 1, INTRODUCTION

1.1 CLI Overview ....................................................................................................................................................................................................................1-2

1.2 Getting Context Sensitive Help ................................................................................................................................................................................1-7

1.3 Using the No Command ............................................................................................................................................................................................. 1-9

1.3.1 Basic Conventions ............................................................................................................................................................................................. 1-9

1.4 Using CLI Editing Features and Shortcuts ......................................................................................................................................................... 1-9

1.4.1 Moving the Cursor on the Command Line .............................................................................................................................................1-10

1.4.2 Completing a Partial Command Name ...................................................................................................................................................1-10

1.4.3 Command Output Pagination ..................................................................................................................................................................... 1-11

1.5 Using CLI to Create Profiles and Enable Remote Administration ............................................................................................................. 1-11

1.5.1 Creating Profiles ................................................................................................................................................................................................ 1-12

1.5.2 Changing the default profile by creating vlan 150 and mapping to ge3 Physical interface ............................................. 1-13

1.5.3 Enabling Remote Administration ..............................................................................................................................................................1-14

Chapter 2, USER EXEC MODE COMMANDS

2.1 User Exec Commands .................................................................................................................................................................................................2-2

2.1.1 captive-portal-page-upload ......................................................................................................................................................................... 2-4

2.1.2 change-passwd ................................................................................................................................................................................................ 2-8

2.1.3 clear ....................................................................................................................................................................................................................... 2-9

2.1.4 clock ....................................................................................................................................................................................................................2-20

2.1.5 cluster .................................................................................................................................................................................................................. 2-21

2.1.6 connect ..............................................................................................................................................................................................................2-22

2.1.7 create-cluster .................................................................................................................................................................................................. 2-23

2.1.8 crypto .................................................................................................................................................................................................................2-24

2.1.9 crypto-cmp-cert-update ............................................................................................................................................................................ 2-33

2.1.10 database ..........................................................................................................................................................................................................2-34

2.1.11 database-backup ..........................................................................................................................................................................................2-38

2.1.12 database-restore ......................................................................................................................................................................................... 2-40

2.1.13 device-upgrade ..............................................................................................................................................................................................2-41

2.1.14 disable ..............................................................................................................................................................................................................2-49

2.1.15 enable ...............................................................................................................................................................................................................2-50

2.1.16 file-sync .............................................................................................................................................................................................................2-51

2.1.17 join-cluster ......................................................................................................................................................................................................2-54

2.1.18 l2tpv3 ................................................................................................................................................................................................................2-56

2.1.19 logging ............................................................................................................................................................................................................. 2-58

2.1.20 mint ................................................................................................................................................................................................................. 2-60

2.1.21 no ........................................................................................................................................................................................................................2-62

2.1.22 on .......................................................................................................................................................................................................................2-64

2.1.23 opendns ..........................................................................................................................................................................................................2-65

2.1.24 page ..................................................................................................................................................................................................................2-67

2.1.25 ping ...................................................................................................................................................................................................................2-68

2.1.26 ping6 ................................................................................................................................................................................................................2-70

2.1.27 ssh ....................................................................................................................................................................................................................... 2-71

2.1.28 telnet ................................................................................................................................................................................................................2-72

2.1.29 terminal ...........................................................................................................................................................................................................2-73

2.1.30 time-it ..............................................................................................................................................................................................................2-74

2.1.31 traceroute ........................................................................................................................................................................................................ 2-75

2.1.32 traceroute6 2-76

Access Point, Wireless Controller and Service Platform CLI Reference Guide

i

Contents

2.1.33 virtual-machine ............................................................................................................................................................................................ 2-77

2.1.34 watch ............................................................................................................................................................................................................... 2-83

2.1.35 exit .....................................................................................................................................................................................................................2-84

Chapter 3, PRIVILEGED EXEC MODE COMMANDS

3.1 Privileged Exec Mode Commands ........................................................................................................................................................................ 3-3

3.1.1 archive ................................................................................................................................................................................................................... 3-6

3.1.2 boot ....................................................................................................................................................................................................................... 3-8

3.1.3 captive-portal-page-upload ....................................................................................................................................................................... 3-9

3.1.4 cd ..........................................................................................................................................................................................................................3-13

3.1.5 change-passwd ...............................................................................................................................................................................................3-14

3.1.6 clear ......................................................................................................................................................................................................................3-15

3.1.7 clock ....................................................................................................................................................................................................................3-28

3.1.8 cluster .................................................................................................................................................................................................................3-29

3.1.9 configure ...........................................................................................................................................................................................................3-30

3.1.10 connect .............................................................................................................................................................................................................3-31

3.1.11 copy ....................................................................................................................................................................................................................3-32

3.1.12 cpe ......................................................................................................................................................................................................................3-33

3.1.13 create-cluster .................................................................................................................................................................................................3-35

3.1.14 crypto ............................................................................................................................................................................................................... 3-37

3.1.15 crypto-cmp-cert-update ...........................................................................................................................................................................3-46

3.1.16 database ..........................................................................................................................................................................................................3-47

3.1.17 database-backup .........................................................................................................................................................................................3-50

3.1.18 database-restore .......................................................................................................................................................................................... 3-52

3.1.19 delete ................................................................................................................................................................................................................3-53

3.1.20 device-upgrade ...........................................................................................................................................................................................3-54

3.1.21 diff ..................................................................................................................................................................................................................... 3-60

3.1.22 dir ........................................................................................................................................................................................................................3-61

3.1.23 disable ..............................................................................................................................................................................................................3-62

3.1.24 edit ....................................................................................................................................................................................................................3-63

3.1.25 enable ..............................................................................................................................................................................................................3-64

3.1.26 erase .................................................................................................................................................................................................................3-65

3.1.27 ex3500 ............................................................................................................................................................................................................3-67

3.1.28 factory-reset ................................................................................................................................................................................................. 3-75

3.1.29 file-sync ........................................................................................................................................................................................................... 3-79

3.1.30 halt ....................................................................................................................................................................................................................3-82

3.1.31 join-cluster ......................................................................................................................................................................................................3-83

3.1.32 l2tpv3 ............................................................................................................................................................................................................... 3-85

3.1.33 logging .............................................................................................................................................................................................................3-87

3.1.34 mint ...................................................................................................................................................................................................................3-89

3.1.35 mkdir .................................................................................................................................................................................................................3-91

3.1.36 more .................................................................................................................................................................................................................3-92

3.1.37 no .......................................................................................................................................................................................................................3-93

3.1.38 on .......................................................................................................................................................................................................................3-95

3.1.39 opendns ..........................................................................................................................................................................................................3-96

3.1.40 page ...............................................................................................................................................................................................................3-100

3.1.41 ping ................................................................................................................................................................................................................... 3-101

3.1.42 ping6 .............................................................................................................................................................................................................. 3-103

3.1.43 pwd .................................................................................................................................................................................................................3-104

3.1.44 re-elect .......................................................................................................................................................................................................... 3-105

3.1.45 reload ............................................................................................................................................................................................................. 3-106

3.1.46 rename .............................................................................................................................................................................................................3-111

3.1.47 rmdir .................................................................................................................................................................................................................3-112

Access Point, Wireless Controller and Service Platform CLI Reference Guide

ii

Contents

3.1.48 self .....................................................................................................................................................................................................................3-113

3.1.49 ssh .................................................................................................................................................................................................................... 3-114

3.1.50 t5 .......................................................................................................................................................................................................................3-115

3.1.51 telnet .................................................................................................................................................................................................................3-117

3.1.52 terminal ...........................................................................................................................................................................................................3-118

3.1.53 time-it ............................................................................................................................................................................................................. 3-119

3.1.54 traceroute ....................................................................................................................................................................................................3-120

3.1.55 traceroute6 ....................................................................................................................................................................................................3-121

3.1.56 upgrade ..........................................................................................................................................................................................................3-122

3.1.57 upgrade-abort ............................................................................................................................................................................................ 3-126

3.1.58 virtual-machine ...........................................................................................................................................................................................3-127

3.1.59 watch ..............................................................................................................................................................................................................3-133

3.1.60 exit .................................................................................................................................................................................................................. 3-134

3.1.61 raid ....................................................................................................................................................................................................................3-135

Chapter 4, GLOBAL CONFIGURATION COMMANDS

4.1 Global Configuration Commands .........................................................................................................................................................................4-4

4.1.1 aaa-policy ............................................................................................................................................................................................................4-9

4.1.2 alias .......................................................................................................................................................................................................................4-11

4.1.3 aaa-tacacs-policy ......................................................................................................................................................................................... 4-20

4.1.4 ap6521 ................................................................................................................................................................................................................4-22

4.1.5 ap6522 ...............................................................................................................................................................................................................4-23

4.1.6 ap6532 ...............................................................................................................................................................................................................4-24

4.1.7 ap6562 ...............................................................................................................................................................................................................4-25

4.1.8 ap71xx ................................................................................................................................................................................................................4-26

4.1.9 ap7502 ...............................................................................................................................................................................................................4-27

4.1.10 ap7522 .............................................................................................................................................................................................................4-28

4.1.11 ap7532 ...............................................................................................................................................................................................................4-29

4.1.12 ap7562 ............................................................................................................................................................................................................. 4-30

4.1.13 ap7602 ..............................................................................................................................................................................................................4-31

4.1.14 ap7612 ...............................................................................................................................................................................................................4-32

4.1.15 ap7622 ..............................................................................................................................................................................................................4-33

4.1.16 ap7632 ............................................................................................................................................................................................................ 4-34

4.1.17 ap7662 ..............................................................................................................................................................................................................4-35

4.1.18 ap81xx ...............................................................................................................................................................................................................4-36

4.1.19 ap82xx ..............................................................................................................................................................................................................4-37

4.1.20 ap8432 ............................................................................................................................................................................................................4-38

4.1.21 ap8533 ..............................................................................................................................................................................................................4-39

4.1.22 application ....................................................................................................................................................................................................4-40

4.1.23 application-group ...................................................................................................................................................................................... 4-48

4.1.24 application-policy .......................................................................................................................................................................................4-55

4.1.25 association-acl-policy ...............................................................................................................................................................................4-78

4.1.26 auto-provisioning-policy .........................................................................................................................................................................4-79

4.1.27 bgp .....................................................................................................................................................................................................................4-81

4.1.28 bonjour-gateway-discovery-policy .....................................................................................................................................................4-83

4.1.29 bonjour-gw-forwarding-policy ............................................................................................................................................................ 4-90

4.1.30 bonjour-gw-query-forwarding-policy ...............................................................................................................................................4-92

4.1.31 captive portal ................................................................................................................................................................................................4-93

4.1.32 clear ................................................................................................................................................................................................................4-146

4.1.33 client-identity ............................................................................................................................................................................................. 4-147

4.1.34 client-identity-group ............................................................................................................................................................................... 4-156

4.1.35 clone ...............................................................................................................................................................................................................4-164

4.1.36 crypto-cmp-policy ................................................................................................................................................................................... 4-165

Access Point, Wireless Controller and Service Platform CLI Reference Guide

iii

Contents

4.1.37 customize ..................................................................................................................................................................................................... 4-166

4.1.38 database-client-policy ............................................................................................................................................................................ 4-177

4.1.39 database-policy ......................................................................................................................................................................................... 4-184

4.1.40 device ............................................................................................................................................................................................................ 4-192

4.1.41 device-categorization ..............................................................................................................................................................................4-194

4.1.42 dhcp-server-policy ................................................................................................................................................................................. 4-200

4.1.43 dhcpv6-server-policy ..............................................................................................................................................................................4-201

4.1.44 dns-whitelist ..............................................................................................................................................................................................4-203

4.1.45 end .................................................................................................................................................................................................................4-208

4.1.46 event-system-policy ..............................................................................................................................................................................4-209

4.1.47 ex3500 ......................................................................................................................................................................................................... 4-226

4.1.48 ex3500-management-policy .............................................................................................................................................................. 4-233

4.1.49 ex3500-qos-class-map-policy ...........................................................................................................................................................4-254

4.1.50 ex3500-qos-policy-map ...................................................................................................................................................................... 4-262

4.1.51 ex3524 ........................................................................................................................................................................................................... 4-277

4.1.52 ex3548 .......................................................................................................................................................................................................... 4-279

4.1.53 firewall-policy ............................................................................................................................................................................................4-280

4.1.54 global-association-list ............................................................................................................................................................................ 4-282

4.1.55 guest-management ................................................................................................................................................................................ 4-285

4.1.56 host ................................................................................................................................................................................................................ 4-297

4.1.57 inline-password-encryption ................................................................................................................................................................ 4-298

4.1.58 ip .....................................................................................................................................................................................................................4-299

4.1.59 ipv6 .................................................................................................................................................................................................................4-301

4.1.60 ipv6-router-advertisement-policy ...................................................................................................................................................4-302

4.1.61 l2tpv3 .............................................................................................................................................................................................................4-320

4.1.62 mac ................................................................................................................................................................................................................ 4-322

4.1.63 management-policy ............................................................................................................................................................................... 4-323

4.1.64 meshpoint ................................................................................................................................................................................................... 4-325

4.1.65 meshpoint-qos-policy ............................................................................................................................................................................ 4-327

4.1.66 mint-policy ................................................................................................................................................................................................. 4-328

4.1.67 nac-list .......................................................................................................................................................................................................... 4-329

4.1.68 no ................................................................................................................................................................................................................... 4-335

4.1.69 nsight-policy .............................................................................................................................................................................................. 4-339

4.1.70 passpoint-policy ......................................................................................................................................................................................4-350

4.1.71 password-encryption .............................................................................................................................................................................. 4-352

4.1.72 profile ............................................................................................................................................................................................................ 4-353

4.1.73 radio-qos-policy ....................................................................................................................................................................................... 4-357

4.1.74 radius-group ..............................................................................................................................................................................................4-358

4.1.75 radius-server-policy ................................................................................................................................................................................ 4-359

4.1.76 radius-user-pool-policy .......................................................................................................................................................................... 4-361

4.1.77 rename ......................................................................................................................................................................................................... 4-362

4.1.78 replace ..........................................................................................................................................................................................................4-364

4.1.79 rf-domain ....................................................................................................................................................................................................4-366

4.1.80 rfs6000 ........................................................................................................................................................................................................4-403

4.1.81 rfs4000 .................................................................................................................

4.1.82 nx5500 .........................................................................................................................................................................................................4-405

4.1.83 nx75xx ......................................................................................................................................................................................................... 4-406

4.1.84 nx9000 ........................................................................................................................................................................................................4-407

4.1.85 roaming-assist-policy ........................................................................................................................................................................... 4-408

4.1.86 role-policy ....................................................................................................................................................................................................4-410

4.1.87 route-map ..................................................................................................................................................................................................... 4-411

4.1.88 routing-policy ............................................................................................................................................................................................. 4-412

4.1.89 rtl-server-policy ......................................................................................................................................................................................... 4-413

4.1.90 schedule-policy ......................................................................................................................................................................................... 4-419

....................................................................................... 4-404

Access Point, Wireless Controller and Service Platform CLI Reference Guide

iv

Contents

4.1.91 self ...................................................................................................................................................................................................................4-426

4.1.92 sensor-policy .............................................................................................................................................................................................4-427

4.1.93 smart-rf-policy ..........................................................................................................................................................................................4-436

4.1.94 t5 ....................................................................................................................................................................................................................4-438

4.1.95 web-filter-policy ...................................................................................................................................................................................... 4-440

4.1.96 wips-policy .................................................................................................................................................................................................. 4-451

4.1.97 wlan ............................................................................................................................................................................................................... 4-452

4.1.98 wlan-qos-policy ........................................................................................................................................................................................4-549

4.1.99 url-filter ......................................................................................................................................................................................................... 4-551

4.1.100 url-list ..........................................................................................................................................................................................................4-565

4.1.101 vx9000 ......................................................................................................................................................................................................... 4-571

Chapter 5, COMMON COMMANDS

5.1 Common Commands ................................................................................................................................................................................................. 5-2

5.1.1 clrscr ....................................................................................................................................................................................................................... 5-3

5.1.2 commit ................................................................................................................................................................................................................. 5-4

5.1.3 exit ......................................................................................................................................................................................................................... 5-5

5.1.4 help ........................................................................................................................................................................................................................ 5-6

5.1.5 no ........................................................................................................................................................................................................................... 5-9

5.1.6 revert ................................................................................................................................................................................................................... 5-12

5.1.7 service ................................................................................................................................................................................................................. 5-13

5.1.8 show ....................................................................................................................................................................................................................5-58

5.1.9 write ................................................................................................................................................................................................................... 5-60

Chapter 6, SHOW COMMANDS

6.1 show commands .......................................................................................................................................................................................................... 6-2

6.1.1 show ....................................................................................................................................................................................................................... 6-5

6.1.2 adoption ............................................................................................................................................................................................................ 6-10

6.1.3 bluetooth ...........................................................................................................................................................................................................6-14

6.1.4 boot .....................................................................................................................................................................................................................6-16

6.1.5 bonjour ............................................................................................................................................................................................................... 6-17

6.1.6 captive-portal ..................................................................................................................................................................................................6-18

6.1.7 captive-portal-page-upload .................................................................................................................................................................... 6-20

6.1.8 cdp .......................................................................................................................................................................................................................6-22

6.1.9 classify-url ........................................................................................................................................................................................................6-24

6.1.10 clock ..................................................................................................................................................................................................................6-25

6.1.11 cluster ................................................................................................................................................................................................................6-26

6.1.12 cmp-factory-certs ........................................................................................................................................................................................6-28

6.1.13 commands ......................................................................................................................................................................................................6-29

6.1.14 context ............................................................................................................................................................................................................ 6-30

6.1.15 critical-resources ........................................................................................................................................................................................... 6-31

6.1.16 crypto ...............................................................................................................................................................................................................6-32

6.1.17 database ..........................................................................................................................................................................................................6-35

6.1.18 device-upgrade ............................................................................................................................................................................................6-37

6.1.19 dot1x ..................................................................................................................................................................................................................6-39

6.1.20 dpi ......................................................................................................................................................................................................................6-41

6.1.21 eguest .............................................................................................................................................................................................................. 6-44

6.1.22 environmental-sensor ...............................................................................................................................................................................6-45

6.1.23 event-history ............................................................................................................................................................................................... 6-48

6.1.24 event-system-policy ................................................................................................................................................................................. 6-49

6.1.25 ex3500 ........................................................................................................................................................................................................... 6-50

6.1.26 extdev ..............................................................................................................................................................................................................6-53

Access Point, Wireless Controller and Service Platform CLI Reference Guide

v

Contents

6.1.27 file-sync ...........................................................................................................................................................................................................6-54

6.1.28 firewall .............................................................................................................................................................................................................6-56

6.1.29 global .............................................................................................................................................................................................................. 6-60

6.1.30 gre .....................................................................................................................................................................................................................6-62

6.1.31 guest-registration ........................................................................................................................................................................................6-63

6.1.32 interface ...........................................................................................................................................................................................................6-71

6.1.33 ip ........................................................................................................................................................................................................................6-75

6.1.34 ip-access-list .................................................................................................................................................................................................6-82

6.1.35 ipv6 .................................................................................................................................................................................................................. 6-84

6.1.36 ipv6-access-list ............................................................................................................................................................................................6-88

6.1.37 l2tpv3 ...............................................................................................................................................................................................................6-89

6.1.38 lacp ...................................................................................................................................................................................................................6-92

6.1.39 ldap-agent .....................................................................................................................................................................................................6-95

6.1.40 licenses .......................................................................................................................................................................................................... 6-96

6.1.41 lldp .................................................................................................................................................................................................................... 6-99

6.1.42 logging ......................................................................................................................................................................................................... 6-100

6.1.43 mac-access-list ........................................................................................................................................................................................... 6-101

6.1.44 mac-address-table ................................................................................................................................................................................... 6-102

6.1.45 mac-auth ......................................................................................................................................................................................................6-103

6.1.46 mac-auth-clients .......................................................................................................................................................................................6-105

6.1.47 mint ................................................................................................................................................................................................................ 6-107

6.1.48 nsight ............................................................................................................................................................................................................... 6-111

6.1.49 ntp .................................................................................................................................................................................................................... 6-112

6.1.50 password-encryption ............................................................................................................................................................................... 6-114

6.1.51 pppoe-client .................................................................................................................................................................................................. 6-115

6.1.52 privilege ......................................................................................................................................................................................................... 6-116

6.1.53 radius .............................................................................................................................................................................................................. 6-117

6.1.54 reload .............................................................................................................................................................................................................. 6-119

6.1.55 rf-domain-manager ................................................................................................................................................................................. 6-120

6.1.56 role ................................................................................................................................................................................................................... 6-121

6.1.57 route-maps .................................................................................................................................................................................................. 6-122

6.1.58 rtls ................................................................................................................................................................................................................... 6-123

6.1.59 running-config ........................................................................................................................................................................................... 6-125

6.1.60 session-changes ....................................................................................................................................................................................... 6-132

6.1.61 session-config ............................................................................................................................................................................................. 6-133

6.1.62 sessions ......................................................................................................................................................................................................... 6-134

6.1.63 site-config-diff ........................................................................................................................................................................................... 6-135

6.1.64 smart-rf ......................................................................................................................................................................................................... 6-136

6.1.65 spanning-tree .............................................................................................................................................................................................6-140

6.1.66 startup-config ............................................................................................................................................................................................ 6-142

6.1.67 t5 ......................................................................................................................................................................................................................6-143

6.1.68 terminal .......................................................................................................................................................................................................... 6-151

6.1.69 timezone ...................................................................................................................................................................................................... 6-152

6.1.70 traffic-shape ............................................................................................................................................................................................... 6-153

6.1.71 upgrade-status ............................................................................................................................................................................................ 6-155

6.1.72 version ........................................................................................................................................................................................................... 6-156

6.1.73 vrrp ................................................................................................................................................................................................................. 6-157

6.1.74 web-filter ...................................................................................................................................................................................................... 6-159

6.1.75 what ................................................................................................................................................................................................................. 6-161

6.1.76 wireless ......................................................................................................................................................................................................... 6-162

6.1.77 wwan .............................................................................................................................................................................................................. 6-185

6.1.78 virtual-machine ..........................................................................................................................................................................................6-186

6.1.79 raid .................................................................................................................................................................................................................. 6-189

Access Point, Wireless Controller and Service Platform CLI Reference Guide

vi

Contents

Chapter 7, PROFILES

7.1 Profile Config Commands .........................................................................................................................................................................................7-7

7.1.1 adopter-auto-provisioning-policy-lookup ............................................................................................................................................. 7-11

7.1.2 adoption ............................................................................................................................................................................................................. 7-13

7.1.3 alias ....................................................................................................................................................................................................................... 7-15

7.1.4 application-policy .......................................................................................................................................................................................... 7-22

7.1.5 area ......................................................................................................................................................................................................................7-24

7.1.6 arp ........................................................................................................................................................................................................................ 7-25

7.1.7 auto-learn ......................................................................................................................................................................................................... 7-27

7.1.8 autogen-uniqueid .......................................................................................................................................................................................... 7-28

7.1.9 autoinstall .........................................................................................................................................................................................................7-30

7.1.10 bridge ................................................................................................................................................................................................................ 7-31

7.1.11 captive-portal .................................................................................................................................................................................................7-62

7.1.12 cdp .....................................................................................................................................................................................................................7-63

7.1.13 cluster ...............................................................................................................................................................................................................7-64

7.1.14 configuration-persistence ........................................................................................................................................................................7-67

7.1.15 controller .........................................................................................................................................................................................................7-68

7.1.16 critical-resource ............................................................................................................................................................................................ 7-72

7.1.17 crypto ............................................................................................................................................................................................................... 7-80

7.1.18 database ........................................................................................................................................................................................................ 7-143

7.1.19 device-onboard .......................................................................................................................................................................................... 7-144

7.1.20 device-upgrade ......................................................................................................................................................................................... 7-145

7.1.21 diag .................................................................................................................................................................................................................. 7-147

7.1.22 dot1x ............................................................................................................................................................................................................... 7-148

7.1.23 dpi .................................................................................................................................................................................................................... 7-150

7.1.24 dscp-mapping .............................................................................................................................................................................................7-153

7.1.25 eguest-server (VX9000 only) ............................................................................................................................................................. 7-154

7.1.26 eguest-server (NOC Only) .....................................................................................................................................................................7-155

7.1.27 email-notification ...................................................................................................................................................................................... 7-156

7.1.28 enforce-version .......................................................................................................................................................................................... 7-158

7.1.29 environmental-sensor ............................................................................................................................................................................. 7-159

7.1.30 events ............................................................................................................................................................................................................. 7-161

7.1.31 export .............................................................................................................................................................................................................. 7-162

7.1.32 file-sync ......................................................................................................................................................................................................... 7-163

7.1.33 floor ................................................................................................................................................................................................................. 7-164

7.1.34 gre ................................................................................................................................................................................................................... 7-165

7.1.35 http-analyze .................................................................................................................................................................................................7-177

7.1.36 interface ........................................................................................................................................................................................................7-180

7.1.37 ip ..................................................................................................................................................................................................................... 7-348

7.1.38 ipv6 ................................................................................................................................................................................................................ 7-358

7.1.39 l2tpv3 ............................................................................................................................................................................................................ 7-362

7.1.40 l3e-lite-table ..............................................................................................................................................................................................7-364

7.1.41 led .................................................................................................................................................................................................................... 7-365

7.1.42 led-timeout ................................................................................................................................................................................................. 7-366

7.1.43 legacy-auto-downgrade ....................................................................................................................................................................... 7-368

7.1.44 legacy-auto-update ................................................................................................................................................................................ 7-369

7.1.45 lldp ................................................................................................................................................................................................................. 7-370

7.1.46 load-balancing ..........................................................................................................

7.1.47 logging ..........................................................................................................................................................................................................7-377

7.1.48 mac-address-table .................................................................................................................................................................................. 7-379

7.1.49 mac-auth .......................................................................................................................................................................................................7-381

7.1.50 management-server ............................................................................................................................................................................... 7-384

7.1.51 memory-profile .......................................................................................................................................................................................... 7-385

.................................................................................7-372

Access Point, Wireless Controller and Service Platform CLI Reference Guide

vii

Contents

7.1.52 meshpoint-device .................................................................................................................................................................................... 7-386

7.1.53 meshpoint-monitor-interval ................................................................................................................................................................ 7-388

7.1.54 min-misconfiguration-recovery-time .............................................................................................................................................. 7-389

7.1.55 mint ................................................................................................................................................................................................................7-390

7.1.56 misconfiguration-recovery-time ....................................................................................................................................................... 7-397

7.1.57 neighbor-inactivity-timeout ................................................................................................................................................................ 7-398

7.1.58 neighbor-info-interval ............................................................................................................................................................................ 7-399

7.1.59 no ................................................................................................................................................................................................................... 7-400

7.1.60 noc .................................................................................................................................................................................................................7-402

7.1.61 nsight .............................................................................................................................................................................................................7-403

7.1.62 ntp ..................................................................................................................................................................................................................7-408

7.1.63 otls .................................................................................................................................................................................................................... 7-411

7.1.64 offline-duration .......................................................................................................................................................................................... 7-414

7.1.65 power-config .............................................................................................................................................................................................. 7-415

7.1.66 preferred-controller-group ................................................................................................................................................................... 7-417

7.1.67 preferred-tunnel-controller .................................................................................................................................................................. 7-418

7.1.68 radius ............................................................................................................................................................................................................. 7-419

7.1.69 rf-domain-manager ................................................................................................................................................................................7-420

7.1.70 router ............................................................................................................................................................................................................. 7-421

7.1.71 spanning-tree .............................................................................................................................................................................................. 7-423

7.1.72 traffic-class-mapping ............................................................................................................................................................................. 7-426

7.1.73 traffic-shape ............................................................................................................................................................................................... 7-428

7.1.74 trustpoint (profile-config-mode) ...................................................................................................................................................... 7-434

7.1.75 tunnel-controller ....................................................................................................................................................................................... 7-436

7.1.76 use .................................................................................................................................................................................................................. 7-437

7.1.77 vrrp ................................................................................................................................................................................................................. 7-443

7.1.78 vrrp-state-check ....................................................................................................................................................................................... 7-447

7.1.79 virtual-controller .......................................................................................................................................................................................7-448

7.1.80 wep-shared-key-auth ............................................................................................................................................................................7-450

7.1.81 service ............................................................................................................................................................................................................. 7-451

7.1.82 zone ............................................................................................................................................................................................................... 7-456

7.2 Device Config Commands .................................................................................................................................................................................. 7-457

7.2.1 adoption-site ................................................................................................................................................................................................7-464

7.2.2 area .................................................................................................................................................................................................................. 7-465

7.2.3 channel-list ...................................................................................................................................................................................................7-466

7.2.4 contact ........................................................................................................................................................................................................... 7-467

7.2.5 country-code ...............................................................................................................................................................................................7-468

7.2.6 floor .................................................................................................................................................................................................................7-469

7.2.7 geo-coordinates .........................................................................................................................................................................................7-470

7.2.8 hostname ....................................................................................................................................................................................................... 7-471

7.2.9 lacp .................................................................................................................................................................................................................. 7-472

7.2.10 layout-coordinates .................................................................................................................................................................................. 7-473

7.2.11 license ............................................................................................................................................................................................................ 7-474

7.2.12 location ......................................................................................................................................................................................................... 7-477

7.2.13 mac-name ................................................................................................................................................................................................... 7-478

7.2.14 no .................................................................................................................................................................................................................... 7-479

7.2.15 nsight ............................................................................................................................................................................................................7-480

7.2.16 override-wlan ............................................................................................................................................................................................ 7-484

7.2.17 remove-override ....................................................................................................................................................................................... 7-486

7.2.18 rsa-key ..........................................................................................................................................................................................................7-488

7.2.19 sensor-server .............................................................................................................................................................................................7-489

7.2.20 timezone .....................................................................................................................................................................................................7-490

7.2.21 trustpoint (device-config-mode) ....................................................................................................................................................... 7-491

7.2.22 raid ................................................................................................................................................................................................................ 7-493

Access Point, Wireless Controller and Service Platform CLI Reference Guide

viii

Contents

7.3 T5 Profile Config Commands ............................................................................................................................................................................7-494

7.3.1 cpe ....................................................................................................................................................................................................................7-495

7.3.2 interface ......................................................................................................................................................................................................... 7-497

7.3.3 ip .......................................................................................................................................................................................................................7-499

7.3.4 no .....................................................................................................................................................................................................................7-500

7.3.5 ntp ..................................................................................................................................................................................................................... 7-501

7.3.6 override-wlan .............................................................................................................................................................................................. 7-502

7.3.7 t5 ....................................................................................................................................................................................................................... 7-503

7.3.8 t5-logging .....................................................................................................................................................................................................7-504

7.3.9 use ...................................................................................................................................................................................................................7-505

7.4 EX3524 & EX3548 Profile/Device Config Commands ............................................................................................................................7-506

7.4.1 interface ......................................................................................................................................................................................................... 7-507

7.4.2 ip ........................................................................................................................................................................................................................7-527

7.4.3 power ............................................................................................................................................................................................................. 7-528

7.4.4 upgrade ......................................................................................................................................................................................................... 7-529

7.4.5 use ................................................................................................................................................................................................................... 7-530

7.4.6 no .......................................................................................................................................................................................................................7-531

Chapter 8, AAA-POLICY

8.1 aaa-policy ....................................................................................................................................................................................................................... 8-3

8.1.1 accounting ...........................................................................................................................................................................................................8-4

8.1.2 attribute ............................................................................................................................................................................................................... 8-8

8.1.3 authentication ................................................................................................................................................................................................... 8-11

8.1.4 health-check .....................................................................................................................................................................................................8-16

8.1.5 mac-address-format ..................................................................................................................................................................................... 8-17

8.1.6 no ..........................................................................................................................................................................................................................8-19

8.1.7 proxy-attribute ................................................................................................................................................................................................ 8-21

8.1.8 server-pooling-mode ................................................................................................................................................................................... 8-22

8.1.9 use .......................................................................................................................................................................................................................8-23

Chapter 9, AUTO-PROVISIONING-POLICY

9.1 auto-provisioning-policy .......................................................................................................................................................................................... 9-4

9.1.1 adopt ..................................................................................................................................................................................................................... 9-5

9.1.2 auto-create-rfd-template .......................................................................................................................................................................... 9-10

9.1.3 default-adoption .............................................................................................................................................................................................9-12

9.1.4 deny .....................................................................................................................................................................................................................9-13

9.1.5 evaluate-always ..............................................................................................................................................................................................9-16

9.1.6 redirect ...............................................................................................................................................................................................................9-17

9.1.7 upgrade ..............................................................................................................................................................................................................9-21

9.1.8 no .........................................................................................................................................................................................................................9-24

Chapter 10, ASSOCIATION-ACL-POLICY

10.1 association-acl-policy .............................................................................................................................................................................................10-2

10.1.1 deny .....................................................................................................................................................................................................................10-3

10.1.2 no .........................................................................................................................................................................................................................10-5

10.1.3 permit ............................................................................................................................................................................................................... 10-6

Chapter 11, ACCESS-LIST

11.1 ip-access-list ..................................................................................................................................................................................................................11-4

11.1.1 deny .......................................................................................................................................................................................................................11-5

11.1.2 disable .................................................................................................................................................................................................................11-17

Access Point, Wireless Controller and Service Platform CLI Reference Guide

ix

Contents

11.1.3 insert .................................................................................................................................................................................................................. 11-20

11.1.4 no .........................................................................................................................................................................................................................11-22

11.1.5 permit .................................................................................................................................................................................................................11-23

11.2 mac-access-list ......................................................................................................................................................................................................... 11-34

11.2.1 deny ....................................................................................................................................................................................................................11-35

11.2.2 disable ...............................................................................................................................................................................................................11-38

11.2.3 ex3500 ............................................................................................................................................................................................................ 11-40

11.2.4 insert ................................................................................................................................................................................................................ 11-43

11.2.5 no ....................................................................................................................................................................................................................... 11-45

11.2.6 permit .............................................................................................................................................................................................................. 11-46

11.3 ipv6-access-list ......................................................................................................................................................................................................... 11-49

11.3.1 deny ................................................................................................................................................................................................................... 11-50

11.3.2 no ....................................................................................................................................................................................................................... 11-56

11.3.3 permit ................................................................................................................................................................................................................11-57

11.4 ip-snmp-access-list ................................................................................................................................................................................................ 11-63

11.4.1 deny ................................................................................................................................................................................................................... 11-64

11.4.2 permit .............................................................................................................................................................................................................. 11-65

11.4.3 no ....................................................................................................................................................................................................................... 11-66

11.5 ex3500-ext-access-list ......................................................................................................................................................................................... 11-67

11.5.1 deny ................................................................................................................................................................................................................... 11-68

11.5.2 permit .................................................................................................................................................................................................................11-71

11.5.3 no ....................................................................................................................................................................................................................... 11-74

11.6 ex3500-std-access-list ..........................................................................................................................................................................................11-75

11.6.1 deny ................................................................................................................................................................................................................... 11-76

11.6.2 permit ...............................................................................................................................................................................................................11-77

11.6.3 no ........................................................................................................................................................................................................................11-78

Chapter 12, DHCP-SERVER-POLICY

12.1 dhcp-server-policy ................................................................................................................................................................................................... 12-3

12.1.1 bootp ...................................................................................................................................................................................................................12-4

12.1.2 dhcp-class ........................................................................................................................................................................................................ 12-5

12.1.3 dhcp-pool .........................................................................................................................................................................................................12-11

12.1.4 dhcp-server .................................................................................................................................................................................................. 12-56

12.1.5 no ...................................................................................................................................................................................................................... 12-58

12.1.6 option .............................................................................................................................................................................................................. 12-59

12.1.7 ping .................................................................................................................................................................................................................. 12-60

12.2 dhcpv6-server-policy ........................................................................................................................................................................................... 12-61

12.2.1 dhcpv6-pool ................................................................................................................................................................................................. 12-62

12.2.2 option ..............................................................................................................................................................................................................12-73

12.2.3 restrict-vendor-options ...........................................................................................................................................................................12-75

12.2.4 server-preference ..................................................................................................................................................................................... 12-76

12.2.5 no ......................................................................................................................................................................................................................12-77

Chapter 13, FIREWALL-POLICY

13.1 firewall-policy ............................................................................................................................................................................................................. 13-3

13.1.1 acl-logging ........................................................................................................................................................................................................13-4

13.1.2 alg ........................................................................................................................................................................................................................13-5

13.1.3 clamp ..................................................................................................................................................................................................................13-7

13.1.4 dhcp-offer-convert ......................................................................................................................................................................................13-8

13.1.5 dns-snoop ........................................................................................................................................................................................................13-9

13.1.6 firewall ............................................................................................................................................................................................................. 13-10

13.1.7 flow .....................................................................................................................................................................................................................13-11

Access Point, Wireless Controller and Service Platform CLI Reference Guide

x

Contents

13.1.8 ip .........................................................................................................................................................................................................................13-13

13.1.9 ip-mac ............................................................................................................................................................................................................. 13-20

13.1.10 ipv6 .................................................................................................................................................................................................................13-22

13.1.11 ipv6-mac ....................................................................................................................................................................................................... 13-26

13.1.12 logging .......................................................................................................................................................................................................... 13-28

13.1.13 no ..................................................................................................................................................................................................................... 13-30

13.1.14 proxy-arp ......................................................................................................................................................................................................13-32

13.1.15 proxy-nd ........................................................................................................................................................................................................13-33

13.1.16 stateful-packet-inspection-12 .............................................................................................................................................................. 13-34

13.1.17 storm-control ..............................................................................................................................................................................................13-35

13.1.18 virtual-defragmentation .........................................................................................................................................................................13-37

Chapter 14, MINT-POLICY

14.1 mint-policy ...................................................................................................................................................................................................................14-2

14.1.1 level ......................................................................................................................................................................................................................14-3

14.1.2 lsp ........................................................................................................................................................................................................................14-4

14.1.3 mtu ......................................................................................................................................................................................................................14-5

14.1.4 router .................................................................................................................................................................................................................14-6

14.1.5 udp ......................................................................................................................................................................................................................14-7

14.1.6 no .........................................................................................................................................................................................................................14-8

Chapter 15, MANAGEMENT-POLICY

15.1 management-policy .................................................................................................................................................................................................15-3

15.1.1 aaa-login ............................................................................................................................................................................................................ 15-5

15.1.2 allowed-locations .......................................................................................................................................................................................... 15-7

15.1.3 banner ................................................................................................................................................................................................................15-9

15.1.4 ftp ...................................................................................................................................................................................................................... 15-10

15.1.5 http ....................................................................................................................................................................................................................15-12

15.1.6 https ..................................................................................................................................................................................................................15-13

15.1.7 idle-session-timeout ...................................................................................................................................................................................15-15

15.1.8 ipv6 ................................................................................................................................................................................................................... 15-16

15.1.9 no ....................................................................................................................................................................................................................... 15-18

15.1.10 passwd-entry ............................................................................................................................................................................................. 15-20

15.1.11 privilege-mode-password .......................................................................................................................................................................15-22

15.1.12 rest-server ................................................................................................................................................................................................... 15-24

15.1.13 restrict-access .............................................................................................................................................................................................15-25

15.1.14 snmp-server ................................................................................................................................................................................................ 15-28

15.1.15 ssh ....................................................................................................................................................................................................................15-33

15.1.16 t5 ..................................................................................................................................................................................................................... 15-34

15.1.17 telnet .............................................................................................................................................................................................................. 15-36

15.1.18 user ..................................................................................................................................................................................................................15-37

15.1.19 service ............................................................................................................................................................................................................ 15-41

Chapter 16, RADIUS-POLICY

16.1 radius-group ................................................................................................................................................................................................................16-2

16.1.1 guest ....................................................................................................................................................................................................................16-4

16.1.2 policy ..................................................................................................................................................................................................................16-5

16.1.3 rate-limit ...........................................................................................................................................................................................................16-9

16.1.4 no .......................................................................................................................................................................................................................16-10

16.2 radius-server-policy .............................................................................................................................................................................................. 16-12

16.2.1 authentication .............................................................................................................................................................................................. 16-14

Access Point, Wireless Controller and Service Platform CLI Reference Guide

xi

Contents

16.2.2 bypass ............................................................................................................................................................................................................. 16-16

16.2.3 chase-referral .............................................................................................................................................................................................. 16-17

16.2.4 crl-check ........................................................................................................................................................................................................ 16-18

16.2.5 ldap-agent .................................................................................................................................................................................................... 16-19

16.2.6 ldap-group-verification ........................................................................................................................................................................... 16-21

16.2.7 ldap-server ................................................................................................................................................................................................... 16-22

16.2.8 local ................................................................................................................................................................................................................ 16-25

16.2.9 nas ................................................................................................................................................................................................................... 16-26

16.2.10 no ................................................................................................................................................................................................................... 16-28

16.2.11 proxy ..............................................................................................................................................................................................................16-30

16.2.12 session-resumption ................................................................................................................................................................................ 16-32

16.2.13 termination ................................................................................................................................................................................................. 16-33

16.2.14 use ................................................................................................................................................................................................................. 16-34

16.3 radius-user-pool-policy ...................................................................................................................................................................................... 16-35

16.3.1 duration .......................................................................................................................................................................................................... 16-36

16.3.2 user ................................................................................................................................................................................................................. 16-37

16.3.3 no .....................................................................................................................................................................................................................16-40

Chapter 17, RADIO-QOS-POLICY

17.1 radio-qos-policy .........................................................................................................................................................................................................17-4

17.1.1 accelerated-multicast ................................................................................................................................................................................... 17-5

17.1.2 admission-control ......................................................................................................................................................................................... 17-6

17.1.3 no ....................................................................................................................................................................................................................... 17-10

17.1.4 smart-aggregation ......................................................................................................................................................................................17-12

17.1.5 service .............................................................................................................................................................................................................. 17-14

17.1.6 wmm ................................................................................................................................................................................................................ 17-16

Chapter 18, ROLE-POLICY

18.1 role-policy ....................................................................................................................................................................................................................18-2

18.1.1 default-role .......................................................................................................................................................................................................18-3

18.1.2 ldap-deadperiod ............................................................................................................................................................................................18-5

18.1.3 ldap-query .......................................................................................................................................................................................................18-6

18.1.4 ldap-server ......................................................................................................................................................................................................18-7

18.1.5 ldap-timeout ...................................................................................................................................................................................................18-9

18.1.6 no .......................................................................................................................................................................................................................18-10

18.1.7 user-role ............................................................................................................................................................................................................18-11

Chapter 19, SMART-RF-POLICY

19.1 smart-rf-policy ...........................................................................................................................................................................................................19-3

19.1.1 area ......................................................................................................................................................................................................................19-4

19.1.2 assignable-power .........................................................................................................................................................................................19-5

19.1.3 avoidance-time ..............................................................................................................................................................................................19-6

19.1.4 channel-list ......................................................................................................................................................................................................19-8

19.1.5 channel-width .................................................................................................................................................................................................19-9

19.1.6 coverage-hole-recovery ........................................................................................................................................................................... 19-11

19.1.7 enable .............................................................................................................................................................................................................. 19-13

19.1.8 group-by ......................................................................................................................................................................................................... 19-14

19.1.9 interference-recovery ............................................................................................................................................................................... 19-15

19.1.10 neighbor-recovery .................................................................................................................................................................................... 19-17

19.1.11 no ...................................................................................................................................................................................................................... 19-19

19.1.12 sensitivity ...................................................................................................................................................................................................... 19-21

Access Point, Wireless Controller and Service Platform CLI Reference Guide

xii

Contents

19.1.13 smart-ocs-monitoring ............................................................................................................................................................................ 19-23

Chapter 20, WIPS-POLICY

20.1 wips-policy ............................................................................................................................................................................................................... 20-4

20.1.1 ap-detection ..................................................................................................................................................................................................20-5

20.1.2 enable ..............................................................................................................................................................................................................20-7

20.1.3 event ............................................................................................................................................................................................................... 20-8

20.1.4 history-throttle-duration ....................................................................................................................................................................... 20-12

20.1.5 interference-event ...................................................................................................................................................................................20-13

20.1.6 no ....................................................................................................................................................................................................................20-14

20.1.7 signature .......................................................................................................................................................................................................20-16

20.1.8 use ................................................................................................................................................................................................................. 20-33

Chapter 21, WLAN-QOS-POLICY

21.1 wlan-qos-policy ......................................................................................................................................................................................................... 21-2

21.1.1 accelerated-multicast ................................................................................................................................................................................... 21-3

21.1.2 classification .................................................................................................................................................................................................... 21-5

21.1.3 multicast-mask ...............................................................................................................................................................................................21-7

21.1.4 no .........................................................................................................................................................................................................................21-8

21.1.5 qos .......................................................................................................................................................................................................................21-9

21.1.6 rate-limit ......................................................................................................................................................................................................... 21-10

21.1.7 svp-prioritization ..........................................................................................................................................................................................21-13

21.1.8 voice-prioritization ..................................................................................................................................................................................... 21-14

21.1.9 wmm .................................................................................................................................................................................................................21-15

Chapter 22, L2TPV3-POLICY

22.1 l2tpv3-policy-commands ..................................................................................................................................................................................... 22-3

22.1.1 cookie-size ......................................................................................................................................................................................................22-5

22.1.2 failover-delay ................................................................................................................................................................................................22-6

22.1.3 force-l2-path-recovery ............................................................................................................................................................................. 22-7

22.1.4 hello-interval ................................................................................................................................................................................................. 22-8

22.1.5 no .......................................................................................................................................................................................................................22-9

22.1.6 reconnect-attempts ................................................................................................................................................................................. 22-10

22.1.7 reconnect-interval ......................................................................................................................................................................................22-11

22.1.8 retry-attempts .............................................................................................................................................................................................22-12

22.1.9 retry-interval ................................................................................................................................................................................................22-13

22.1.10 rx-window-size ......................................................................................................................................................................................... 22-14

22.1.11 tx-window-size ...........................................................................................................................................................................................22-15

22.2 l2tpv3-tunnel-commands ................................................................................................................................................................................. 22-16

22.2.1 establishment-criteria ..............................................................................................................................................................................22-17

22.2.2 fast-failover ................................................................................................................................................................................................ 22-19

22.2.3 hostname .................................................................................................................................................................................................... 22-20

22.2.4 local-ip-address .........................................................................................................................................................................................22-21

22.2.5 mtu .................................................................................................................................................................................................................22-22

22.2.6 no ....................................................................................................................................................................................................................22-23

22.2.7 peer ............................................................................................................................................................................................................... 22-24

22.2.8 router-id ...................................................................................................................................................................................................... 22-28

22.2.9 session ......................................................................................................................................................................................................... 22-29

22.2.10 use .................................................................................................................................................................................................................22-31

22.3 l2tpv3-manual-session-commands ..............................................................................................................................................................22-32

22.3.1 local-cookie ................................................................................................................................................................................................ 22-34

Access Point, Wireless Controller and Service Platform CLI Reference Guide

xiii

Contents

22.3.2 local-ip-address ........................................................................................................................................................................................22-35

22.3.3 local-session-id ........................................................................................................................................................................................ 22-36

22.3.4 mtu .................................................................................................................................................................................................................22-37

22.3.5 no ................................................................................................................................................................................................................... 22-38

22.3.6 peer ............................................................................................................................................................................................................... 22-39

22.3.7 remote-cookie ..........................................................................................................................................................................................22-40

22.3.8 remote-session-id .................................................................................................................................................................................... 22-41

22.3.9 traffic-source ............................................................................................................................................................................................ 22-42

Chapter 23, ROUTER-MODE COMMANDS

23.1 router-mode ..............................................................................................................................................................................................................23-2

23.1.1 area ....................................................................................................................................................................................................................23-3

23.1.2 auto-cost .......................................................................................................................................................................................................23-12

23.1.3 default-information ...................................................................................................................................................................................23-13

23.1.4 ip ...................................................................................................................................................................................................................... 23-14

23.1.5 network ..........................................................................................................................................................................................................23-15

23.1.6 ospf ................................................................................................................................................................................................................. 23-16

23.1.7 passive ............................................................................................................................................................................................................23-17

23.1.8 redistribute .................................................................................................................................................................................................. 23-18

23.1.9 route-limit .................................................................................................................................................................................................... 23-19

23.1.10 router-id .......................................................................................................................................................................................................23-21

23.1.11 no .....................................................................................................................................................................................................................23-22

Chapter 24, ROUTING-POLICY

24.1 routing-policy-commands ...................................................................................................................................................................................24-2

24.1.1 apply-to-local-packets ..............................................................................................................................................................................24-3

24.1.2 logging ............................................................................................................................................................................................................24-4

24.1.3 route-map ......................................................................................................................................................................................................24-5

24.1.4 route-map-mode ........................................................................................................................................................................................24-8

24.1.5 use ................................................................................................................................................................................................................... 24-18

24.1.6 no .................................................................................................................................................................................................................... 24-19

Chapter 25, AAA-TACACS-POLICY

25.1 aaa-tacacs-policy .................................................................................................................................................................................................... 25-2

25.1.1 accounting ......................................................................................................................................................................................................25-3

25.1.2 authentication ..............................................................................................................................................................................................25-6

25.1.3 authorization .................................................................................................................................................................................................25-9

25.1.4 no ......................................................................................................................................................................................................................25-12

Chapter 26, MESHPOINT

26.1 meshpoint-config-instance .................................................................................................................................................................................26-2

26.1.1 allowed-vlans .................................................................................................................................................................................................26-4

26.1.2 beacon-format .............................................................................................................................................................................................26-5

26.1.3 control-vlan ...................................................................................................................................................................................................26-6

26.1.4 data-rates ......................................................................................................................................................................................................26-7

26.1.5 description .................................................................................................................................................................................................... 26-11

26.1.6 force ............................................................................................................................................................................................................... 26-12

26.1.7 meshid ........................................................................................................................................................................................................... 26-13

26.1.8 neighbor ....................................................................................................................................................................................................... 26-14

26.1.9 no ..................................................................................................................................................................................................................... 26-15

26.1.10 root ............................................................................................................................................................................................................... 26-17

Access Point, Wireless Controller and Service Platform CLI Reference Guide

xiv

Contents

26.1.11 security-mode ............................................................................................................................................................................................ 26-19

26.1.12 service .........................................................................................................................................................................................................26-20

26.1.13 shutdown .................................................................................................................................................................................................... 26-21

26.1.14 use ................................................................................................................................................................................................................ 26-22

26.1.15 wpa2 ............................................................................................................................................................................................................ 26-23

26.2 meshpoint-qos-policy-config-instance ...................................................................................................................................................... 26-26

26.2.1 accelerated-multicast ............................................................................................................................................................................ 26-27

26.2.2 no ................................................................................................................................................................................................................... 26-29

26.2.3 rate-limit .....................................................................................................................................................................................................26-30

26.3 meshpoint-device-config-instance ..............................................................................................................................................................26-34

26.3.1 meshpoint-device .................................................................................................................................................................................... 26-35

26.3.2 meshpoint-device-commands .......................................................................................................................................................... 26-37

Chapter 27, PASSPOINT POLICY

27.1 passpoint-policy ...................................................................................................................................................................................................... 27-2

27.1.1 3gpp ................................................................................................................................................................................................................... 27-3

27.1.2 access-network-type .................................................................................................................................................................................27-4

27.1.3 connection-capability ................................................................................................................................................................................ 27-5

27.1.4 domain-name ............................................................................................................................................................................................... 27-7

27.1.5 hessid ...............................................................................................................................................................................................................27-8

27.1.6 internet ............................................................................................................................................................................................................27-9

27.1.7 ip-address-type ......................................................................................................................................................................................... 27-10

27.1.8 nai-realm ........................................................................................................................................................................................................27-12

27.1.9 net-auth-type ..............................................................................................................................................................................................27-18

27.1.10 no ................................................................................................................................................................................................................... 27-19

27.1.11 operator ....................................................................................................................................................................................................... 27-20

27.1.12 osu ...................................................................................................................................................................................................................27-21

27.1.13 roam-consortium ......................................................................................................................................................................................27-31

27.1.14 venue ............................................................................................................................................................................................................27-32

27.1.15 wan-metrics .............................................................................................................................................................................................. 27-36

Chapter 28, BORDER GATEWAY PROTOCOL

28.1 bgp-ip-prefix-list-config commands ............................................................................................................................................................... 28-2

28.1.1 deny ...................................................................................................................................................................................................................28-4

28.1.2 permit .............................................................................................................................................................................................................. 28-5

28.1.3 no .......................................................................................................................................................................................................................28-6

28.2 bgp-ip-access-list-config commands ............................................................................................................................................................28-7

28.2.1 deny ..................................................................................................................................................................................................................28-8

28.2.2 permit .............................................................................................................................................................................................................28-9

28.2.3 no ....................................................................................................................................................................................................................28-10

28.3 bgp-as-path-list-config commands ...............................................................................................................................................................28-11

28.3.1 deny ................................................................................................................................................................................................................ 28-12

28.3.2 permit ........................................................................................................................................................................................................... 28-13

28.3.3 no .................................................................................................................................................................................................................... 28-14

28.4 bgp-community-list-config commands ..................................................................................................................................................... 28-15

28.4.1 deny .................................................................................................................................................................................................................28-17

28.4.2 permit ........................................................................................................................................................................................................... 28-19

28.4.3 no ................................................................................................................................................................................................................... 28-21

28.5 bgp-extcommunity-list-config commands .............................................................................................................................................. 28-22

28.5.1 deny ............................................................................................................................................................................................................... 28-23

28.5.2 permit .......................................................................................................................................................................................................... 28-25

28.5.3 no ................................................................................................................................................................................................................... 28-27

Access Point, Wireless Controller and Service Platform CLI Reference Guide

xv

Contents

28.6 bgp-route-map-config commands ............................................................................................................................................................. 28-28

28.6.1 description ..................................................................................................................................................................................................28-30

28.6.2 match ............................................................................................................................................................................................................ 28-31

28.6.3 no ................................................................................................................................................................................................................... 28-34

28.6.4 set ................................................................................................................................................................................................................. 28-35

28.7 bgp-router-config commands ....................................................................................................................................................................... 28-39

28.7.1 aggregate-address ................................................................................................................................................................................... 28-41

28.7.2 asn ................................................................................................................................................................................................................. 28-42

28.7.3 bgp ................................................................................................................................................................................................................ 28-43

28.7.4 bgp-route-limit ........................................................................................................................................................................................ 28-48

28.7.5 distance ....................................................................................................................................................................................................... 28-49

28.7.6 ip ....................................................................................................................................................................................................................28-50

28.7.7 network ........................................................................................................................................................................................................ 28-51

28.7.8 no ................................................................................................................................................................................................................... 28-52

28.7.9 route-redistribute ................................................................................................................................................................................... 28-53

28.7.10 timers ......................................................................................................................................................................................................... 28-55

28.8 bgp-neighbor-config commands ................................................................................................................................................................. 28-56

28.8.1 activate ......................................................................................................................................................................................................... 28-59

28.8.2 advertisement-interval .........................................................................................................................................................................28-60

28.8.3 allowas-in .................................................................................................................................................................................................... 28-61

28.8.4 attribute-unchanged ............................................................................................................................................................................. 28-62

28.8.5 capability .................................................................................................................................................................................................... 28-63

28.8.6 default-originate ..................................................................................................................................................................................... 28-64

28.8.7 description ................................................................................................................................................................................................. 28-65

28.8.8 disable-connected-check ....................................................................................................................................................................28-66

28.8.9 dont-capability-negotiate ................................................................................................................................................................... 28-67

28.8.10 ebgp-multihop ....................................................................................................................................................................................... 28-68

28.8.11 enforce-multihop .................................................................................................................................................................................... 28-69

28.8.12 local-as .......................................................................................................................................................................................................28-70

28.8.13 maximum-prefix ......................................................................................................................................................................................28-71

28.8.14 next-hop-self .......................................................................................................................................................................................... 28-72

28.8.15 no ................................................................................................................................................................................................................. 28-73

28.8.16 override-capability ............................................................................................................................................................................... 28-74

28.8.17 passive ....................................................................................................................................................................................................... 28-75

28.8.18 password .................................................................................................................................................................................................. 28-76

28.8.19 peer-group ................................................................................................................................................................................................28-77

28.8.20 port ............................................................................................................................................................................................................ 28-78

28.8.21 remote-as ................................................................................................................................................................................................. 28-79

28.8.22 remove-private-as ...............................................................................................................................................................................28-80

28.8.23 route-server-client ................................................................................................................................................................................ 28-81

28.8.24 send-community .................................................................................................................................................................................. 28-82

28.8.25 shutdown ................................................................................................................................................................................................. 28-83

28.8.26 soft-reconfiguration ............................................................................................................................................................................ 28-84

28.8.27 strict-capability-match ....................................................................................................................................................................... 28-85

28.8.28 timers ........................................................................................................................................................................................................ 28-86

28.8.29 unsuppress-map ................................................................................................................................................................................... 28-88

28.8.30 update-source ....................................................................................................................................................................................... 28-89

28.8.31 use ...............................................................................................................................................................................................................28-90

28.8.32 weight ........................................................................................................................................................................................................ 28-91

Chapter 29, CRYPTO-CMP-POLICY

29.1 crypto-cmp-policy-instance ...............................................................................................................................................................................29-2

29.1.1 ca-server ..........................................................................................................................................................................................................29-3

Access Point, Wireless Controller and Service Platform CLI Reference Guide

xvi

Contents

29.1.2 cert-key-size ................................................................................................................................................................................................. 29-5

29.1.3 cert-renewal-timeout ................................................................................................................................................................................29-6

29.1.4 cross-cert-validate .....................................................................................................................................................................................29-7

29.1.5 subjectAltName ...........................................................................................................................................................................................29-8

29.1.6 trustpoint .......................................................................................................................................................................................................29-9

29.1.7 use .................................................................................................................................................................................................................... 29-11

29.1.8 no ..................................................................................................................................................................................................................... 29-12

29.2 other-cmp-related-commands ...................................................................................................................................................................... 29-13

29.2.1 use ................................................................................................................................................................................................................... 29-14

29.2.2 show .............................................................................................................................................................................................................. 29-15

Chapter 30, ROAMING ASSIST POLICY

30.1 roaming-assist-policy-instance .........................................................................................................................................................................30-2

30.1.1 action ................................................................................................................................................................................................................30-3

30.1.2 aggressiveness ........................................................................................................................................................................................... 30-4

30.1.3 detection-threshold ...................................................................................................................................................................................30-5

30.1.4 disassoc-time .............................................................................................................................................................................................. 30-6

30.1.5 handoff-count ..............................................................................................................................................................................................30-7

30.1.6 handoff-threshold ..................................................................................................................................................................................... 30-8

30.1.7 monitoring-interval ................................................................................................................................................................................... 30-9

30.1.8 sampling-interval ......................................................................................................................................................................................30-10

30.1.9 no ..................................................................................................................................................................................................................... 30-11

Appendix A, CONTROLLER MANAGED WLAN USE CASE

A.1 Creating a First Controller Managed WLAN .....................................................................................................................................................A-1

A.1.1 Assumptions .......................................................................................................................................................................................................A-1

A.1.2 Design ..................................................................................................................................................................................................................A-2

A.1.3 Using the Command Line Interface to Configure the WLAN .......................................................................................................A-2

Appendix B, PUBLICLY AVAILABLE SOFTWARE

B.1 General Information .................................................................................................................................................................................................... B-1

B.2 Open Source Software Used ................................................................................................................................................................................. B-2

B.3 OSS Licenses ..............................................................................................................................................................................................................B-15

B.3.1 Apache License, Version 2.0 .....................................................................................................................................................................B-15

B.3.2 The BSD License ............................................................................................................................................................................................B-17

B.3.3 Creative Commons Attribution-ShareAlike License, version 3.0 ............................................................................................. B-18

B.3.4 DropBear License ........................................................................................................................................................................................B-23

B.3.5 GNU General Public License, version 2 ...............................................................................................................................................B-25

B.3.6 GNU GENERAL PUBLIC LICENSE ........................................................................................................................................................ B-26

B.3.7 GNU Lesser General Public License 2.1 ............................................................................................................................................... B-30

B.3.8 CCO 1.0 Universal .........................................................................................................................................................................................B-37

B.3.9 GNU General Public License, version 3 .............................................................................................................................................. B-39

B.3.10 ISC License ................................................................................................................................................................................................... B-48

B.3.11 GNU Lesser General Public License, version 3.0 ............................................................................................................................ B-48

B.3.12 GNU General Public License 2.0 ...........................................................................................................................................................B-51

B.3.13 GNU Lesser General Public License, version 2.0 ............................................................................................................................B-57

B.3.14 GNU Lesser General Public License, version 2.1 ............................................................................................................................ B-63

B.3.15 GNU LESSER GENERAL PUBLIC LICENSE ...................................................................................................................................... B-65

B.3.16 MIT License .................................................................................................................................................................................................. B-69

B.3.17 Mozilla Public License, version 2 .......................................................................................................................................................... B-70

B.3.18 The Open LDAP Public License ........................................................................................................................................................... B-74

Access Point, Wireless Controller and Service Platform CLI Reference Guide

xvii

Contents

B.3.19 OpenSSL License ........................................................................................................................................................................................B-75

B.3.20 WU-FTPD Software License ................................................................................................................................................................ B-76

B.3.21 zlib License ....................................................................................................................................................................................................B-77

B.3.22 Python License, Version 2 (Python-2.0) ......................................................................................................................................... B-78

B.3.23 BEOPEN.COM LICENSE AGREEMENT FOR PYTHON 2.0 ........................................................................................................ B-78

B.3.24 CNRI OPEN SOURCE LICENSE AGREEMENT (for Python 1.6b1) .......................................................................................... B-79

B.3.25 CWI LICENSE AGREEMENT FOR PYTHON 0.9.0 THROUGH 1.2 ........................................................................................... B-80

B.3.26 Zope Public License (ZPL) Version 2.0 ............................................................................................................................................ B-81

B.3.27 Zope Public License (ZPL) Version 2.1 ............................................................................................................................................. B-82

Access Point, Wireless Controller and Service Platform CLI Reference Guide

xviii

ABOUT THIS GUIDE

This manual supports the following wireless controllers, service platformss, and access points:

• Wireless Controllers – RFS4000, RFS6000

• Service Platformss – NX5500, NX7500, NX7510, NX7520, NX7530, NX9500, NX9510, NX9600,
VX9000

• Access Points – AP6521, AP6522, AP6532, AP6562, AP7161, AP7502, AP7522, AP7532, AP7562,
AP7602, AP7612, AP7622, AP7632, AP7662, AP8122, AP8132, AP8163, AP8232, AP8432, AP8533

NOTE: In this document AP8122, AP8132, AP8163 are collectively referred to as

AP81XX.

CAUTION: To configure a WE access point, exclusively use the WE UI. Do not

use the command line interface (CLI) along with it. Similarly, when using the
CLI to configure the WE access point, do not use the WE UI along with it.

A simplified version of the WiNG operating system user interface (UI) is available on the following access
point and service platforms models:

• AP6521E, AP6522E, AP6562E, AP7502E, AP7522E, AP7532E, AP7562E, AP7602, AP7612, AP7632,
AP7662

• NX5500E, NX7510E, and VX9000E

This new WiNG Express (WE) UI, simplifies configuration and monitoring of small access point
deployments by limiting monitoring, analytics, and configuration capabilities. The WE UI is designed for
single-site access point deployments not exceeding more than 24 access points of the same model.

This section is organized into the following topics:

• Document Conventions

• Notational Conventions

• End-User Software License Agreement

Access Point, Wireless Controller and Service Platform CLI Reference Guide

i

ABOUT THIS GUIDE

!

Document Conventions

The following conventions are used in this document to draw your attention to important information:

NOTE: Indicates tips or special requirements.

CAUTION: Indicates conditions that can cause equipment damage or data

loss.

WARN IN G! Indicates a condition or procedure that could result in personal

injury or equipment damage.

Switch Note: Indicates caveats unique to a RFS4000, RFS6000, NX5500,

NX7500, NX7510, NX7520, NX7530, NX9500, NX9510, or NX9600 model
controller.

Notational Conventions

The following notational conventions are used in this document:

• Italics are used to highlight specific items in the general text, and to identify chapters and sections
in this and related documents

• Bullets (•) indicate:

- lists of alternatives

- lists of required steps that are not necessarily sequential

-action items

• Sequential lists (those describing step-by-step procedures) appear as numbered lists

Understanding Command Syntax

<variable> Variables are described with a short description enclosed within a

‘<‘ and a ‘>’ pair.

For example, the command,

nx9500-6C8809>show interface ge 1

is documented as:

show interface ge <1-2>

where:

• show – is the command – displays information

• interface – is the keyword – represents the interface type

• <1-2> – is the variable – represents the ge interface index value

Access Point, Wireless Controller and Service Platform CLI Reference Guide

ii

ABOUT THIS GUIDE

| The pipe symbol. This is used to separate the variables/keywords

in a list.
For example, the command,

nx9500-6C8809> show .....

is documented as:

show [adoption|bluetooth|bonjour|boot|

......

where:

• show – is the command – displays information

• [adoption|bluetooth|bonjour|boot|.......] – indicates the different

keywords that can be combined with the show command.
However, only one of the above option can be used at a time.

show adoption ...

show bluetooth ...

show bonjour ...

[] Of the different keywords and variables listed inside a ‘[‘ & ‘]’ pair,

only one can be used. Each choice in the list is separated with a ‘|’
(pipe) symbol.

For example, the command,

nx9500-6C8809#clear ...

is documented as:

clear [arp-cache|bonjour|cdp|counters|crypto|
event-history|firewall|gre|ip|ipv6|l2tpv3­stats|lacp|license|lldp|logging|mac-address­table|mint|role|rtls|spanning-tree|traffic­shape|vrrp]

where:

• clear – is the command

• [arp-cache|cdp|bonjour|counters|crypto|event-history|firewall|
gre|ip|ipv6|l2tpv3-stats|lacp|license|lldp|logging|mac-address­table|mint|role|rtls|spanning-tree|traffic-shape|vrrp] – indicates
that these keywords are available for this command. However,
only one can be used at a time.

Access Point, Wireless Controller and Service Platform CLI Reference Guide

iii

ABOUT THIS GUIDE

{ } Any command/keyword/variable or a combination of them inside

a ‘{‘ &‘}’ pair is optional. All optional commands follow the same
conventions as listed above. However, they are displayed italicized.

For example, the command,

nx9500-6C8809> show adoption ....

is documented as:

show adoption info {on <DEVICE-NAME>}

here:

• show adoption info – is the command. This command can also
be used as:

show adoption info

The command can also be extended as:

show adoption info {on <DEVICE-NAME>}

here:

• {on <DEVICE-NAME>} – is the keyword, which is optional.

command / keyword The first word is always a command. Keywords are words that must

be entered as is. Commands and keywords are mandatory.
For example, the command,

nx9500-6C8809>show wireless

is documented as:

show wireless

where:

• show – is the command

• wireless – is the keyword

() Any command/keyword/variable or a combination of them inside

a ‘(‘ & ‘)’ pair are recursive. All recursive commands can be listed in
any order and can be used once along with the rest of the
commands.

For example, the command,

crypto pki export request generate-rsa-key
test autogen-subject-name ...

is documented as:

nx9500-6C8809#crypto pki export request
generate-rsa-key test autogen-subject-name
(<URL>,email <EMAIL>,fqdn <FQDN>,ip-address
<IP>)

here:

• crypto pki export request generate-rsa-key <RSA-KEYPAIR­NAME> auto-gen-subject-name – is the command

• <RSA-KEYPAIR-NAME> – is the RSA keypair name (in this
example, the keypair name is ‘test’), and is a variable

• (<URL>,email <EMAIL>,fqdn <FQDN>,ip-address <IP>) – is
the set of recursive parameters (separated by commas) that can
be used in any order.

Access Point, Wireless Controller and Service Platform CLI Reference Guide

iv

ABOUT THIS GUIDE

End-User Software License Agreement

This document is an agreement (“Agreement”) between You, the end user, and Extreme Networks, Inc., on
behalf of itself and its Affiliates (“Extreme”) that sets forth your rights and obligations with respect to the
“Licensed Materials”. BY INSTALLING SOFTWARE AND/OR THE LICENSE KEY FOR THE SOFTWARE
(“License Key”) (collectively, “Licensed Software”), IF APPLICABLE, COPYING, OR OTHERWISE USING THE
LICENSED SOFTWARE AND/OR ANY OF THE LICENSED MATERIALS UNDER THIS AGREEMENT, YOU ARE
AGREEING TO BE BOUND BY THE TERMS OF THIS AGREEMENT, WHICH INCLUDES THE LICENSE(S) AND
THE LIMITATION(S) OF WARRANTY AND DISCLAIMER(S)/LIMITATION(S) OF LIABILITY. IF YOU DO NOT
AGREE TO THE TERMS OF THIS AGREEMENT, RETURN THE LICENSE KEY (IF APPLICABLE) TO EXTREME
OR YOUR DEALER, IF ANY, OR DO NOT USE THE LICENSED SOFTWARE AND/OR LICENSED MATERIALS
AND CONTACT EXTREME OR YOUR DEALER WITHIN TEN (10) DAYS FOLLOWING THE DATE OF RECEIPT
TO ARRANGE FOR A REFUND. IF YOU HAVE ANY QUESTIONS ABOUT THIS AGREEMENT, CONTACT
EXTREME, Attn: LegalTeam@extremenetworks.com.

1 DEFINITIONS

form of enterprise that directly or indirectly through one or more intermediaries, controls, or is
controlled by, or is under common control with the party specified. “Server Application” means the
software application associated to software authorized for installation (per License Key, if applicable) on
one or more of Your servers as further defined in the Ordering Documentation. “Client Application” shall
refer to the application to access the Server Application. “Network Device” for purposes of this
Agreement shall mean a physical computer device, appliance, appliance component, controller, wireless
access point, or virtual appliance as further described within the applicable product documentation,
which includes the Order Documentation. “Licensed Materials” means the Licensed Software (including
the Server Application and Client Application), Network Device (if applicable), Firmware, media
embodying software, and the accompanying documentation. “Concurrent User” shall refer to any of
Your individual employees who You provide access to the Server Application at any one time.
“Firmware” refers to any software program or code embedded in chips or other media. “Standalone”
software is software licensed for use independent of any hardware purchase as identified in the
Ordering Documentation. “Licensed Software” collectively refers to the software, including Standalone
software, Firmware, Server Application, Client Application or other application licensed with conditional
use parameters as defined in the Ordering Documentation. “Ordering Documentation” shall mean the
applicable price quotation, corresponding purchase order, relevant invoice, order acknowledgement, and
accompanying documentation or specifications for the products and services purchased, acquired or
licensed hereunder from Extreme either directly or indirectly.

2TERM

. This Agreement is effective from the date on which You accept the terms and conditions of this
Agreement via click-through, commence using the products and services or upon delivery of the
License Key if applicable, and shall be effective until terminated. In the case of Licensed Materials
offered on a subscription basis, the term of “licensed use” shall be as defined within Your Ordering
Documentation.

. “Affiliates” means any person, partnership, corporation, limited liability company, or other

3 GRANT OF LICENSE

to use the Licensed Materials and the accompanying documentation for Your own business purposes
subject to the terms and conditions of this Agreement, applicable licensing restrictions, and any term,
user server networking device, field of use, or other restrictions as set forth in Your Ordering
Documentation. If the Licensed Materials are being licensed on a subscription and/or capacity basis, the
applicable term and/or capacity limit of the license shall be specified in Your Ordering Documentation.
You may install and use the Licensed Materials as permitted by the license type purchased as described
below in License Types. The license type purchased is specified on the invoice issued to You by Extreme

Access Point, Wireless Controller and Service Platform CLI Reference Guide

. Extreme will grant You a non-transferable, non-sublicensable, non-exclusive license

v

ABOUT THIS GUIDE

or Your dealer, if any. YOU MAY NOT USE, COPY, OR MODIFY THE LICENSED MATERIALS, IN WHOLE
OR IN PART, EXCEPT AS EXPRESSLY PROVIDED IN THIS AGREEMENT.

4LICENSE TYPES

.

• Single User, Single Network Device. Under the terms of this license type, the license granted to You

by Extreme authorizes You to use the Licensed Materials as bundled with a single Network Device as
identified by a unique serial number for the applicable Term, if and as specified in Your Ordering
Documentation, or any replacement for that network device for that same Term, for internal use only.
A separate license, under a separate License Agreement, is required for any other network device on
which You or another individual, employee or other third party intend to use the Licensed Materials.
A separate license under a separate License Agreement is also required if You wish to use a Client
license (as described below).

• Single User, Multiple Network Device. Under the terms of this license type, the license granted to You

by Extreme authorizes You to use the Licensed Materials with a defined amount of Network Devices
as defined in the Ordering Documentation.

• Client. Under the terms of the Client license, the license granted to You by Extreme will authorize You

to install the License Key for the Licensed Materials on your server and allow the specific number of
Concurrent Users as ordered by you and is set forth in Your Ordering Documentation. A separate
license is required for each additional Concurrent User.

• Standalone. Software or other Licensed Materials licensed to You for use independent of any

Network Device.

• Subscription. Licensed Materials, and inclusive Software, Network Device or related appliance

updates and maintenance services, licensed to You for use during a subscription period as defined in
Your applicable Ordering Documentation.

• Capacity. Under the terms of this license, the license granted to You by Extreme authorizes You to

use the Licensed Materials up to the amount of capacity or usage as defined in the Ordering
Documentation.

5AUDIT RIGHTS

. You agree that Extreme may audit Your use of the Licensed Materials for compliance
with these terms and Your License Type at any time, upon reasonable notice. In the event that such
audit reveals any use of the Licensed Materials by You other than in full compliance with the license
granted and the terms of this Agreement, Extreme reserves the right to charge You for all reasonable
expenses related to such audit in addition to any other liabilities and overages applicable as a result of
such non-compliance, including but not limited to additional fees for Concurrent Users, excess capacity
or usage over and above those specifically granted to You. From time to time, the Licensed Materials
may upload information about the Licensed Materials and the associated usage to Extreme. This is to
verify the Licensed Materials are being used in accordance with a valid license and/or entitlement. By
using the Licensed Materials, you consent to the transmission of this information.

6 RESTRICTION AGAINST COPYING OR MODIFYING LICENSED MATERIALS

permitted in this Agreement, You may not copy or otherwise reproduce the Licensed Materials. In no
event does the limited copying or reproduction permitted under this Agreement include the right to
decompile, disassemble, electronically transfer, or reverse engineer the Licensed Materials, including the
Licensed Software, or to translate the Licensed Materials into another computer language. The media
embodying the Licensed Materials may be copied by You, in whole or in part, into printed or machine
readable form, in sufficient numbers only for backup or archival purposes, or to replace a worn or
defective copy. However, You agree not to have more than two (2) copies of the Licensed Software in
whole or in part, including the original media, in your possession for said purposes without Extreme’
prior written consent, and in no event shall You operate more copies of the Licensed Software than the
specific licenses granted to You. You may not copy or reproduce the documentation. You agree to
maintain appropriate records of the location of the original media and all copies of the Licensed
Software, in whole or in part, made by You. Any portion of the Licensed Software included in any such
modular work shall be used only on a single computer for internal purposes and shall remain subject to

Access Point, Wireless Controller and Service Platform CLI Reference Guide

. Except as expressly

vi

ABOUT THIS GUIDE

all the terms and conditions of this Agreement. You agree to include any copyright or other proprietary
notice set forth on the label of the media embodying the Licensed Software on any copy of the
Licensed Software in any form, in whole or in part, or on any modification of the Licensed Software or
any such modular work containing the Licensed Software or any part thereof.

7 TITLE AND PROPRIETARY RIGHTS

a The Licensed Materials are copyrighted works and are the sole and exclusive property of Extreme,

any company or a division thereof which Extreme controls or is controlled by, or which may result
from the merger or consolidation with Extreme (its “Affiliates”), and/or their suppliers. This
Agreement conveys a limited right to operate the Licensed Materials and shall not be construed to
convey title to the Licensed Materials to You. There are no implied rights. You shall not sell, lease,
transfer, sublicense, dispose of, or otherwise make available the Licensed Materials or any portion
thereof, to any other party.

b You further acknowledge that in the event of a breach of this Agreement, Extreme shall suffer severe

and irreparable damages for which monetary compensation alone will be inadequate. You therefore
agree that in the event of a breach of this Agreement, Extreme shall be entitled to monetary
damages and its reasonable attorney’s fees and costs in enforcing this Agreement, as well as
injunctive relief to restrain such breach, in addition to any other remedies available to Extreme.

8 PROTECTION AND SECURITY

. In the performance of this Agreement or in contemplation thereof, You
and your employees and agents may have access to private or confidential information owned or
controlled by Extreme relating to the Licensed Materials supplied hereunder including, but not limited
to, product specifications and schematics, and such information may contain proprietary details and
disclosures. All information and data so acquired by You or your employees or agents under this
Agreement or in contemplation hereof shall be and shall remain Extreme’ exclusive property, and You
shall use all commercially reasonable efforts to keep, and have your employees and agents keep, any
and all such information and data confidential, and shall not copy, publish, or disclose it to others,
without Extreme’ prior written approval, and shall return such information and data to Extreme at its
request. Nothing herein shall limit your use or dissemination of information not actually derived from
Extreme or of information which has been or subsequently is made public by Extreme, or a third party
having authority to do so.

You agree not to deliver or otherwise make available the Licensed Materials or any part thereof,
including without limitation the object or source code (if provided) of the Licensed Software, to any
party other than Extreme or its employees, except for purposes specifically related to your use of the
Licensed Materials on a single computer as expressly provided in this Agreement, without the prior
written consent of Extreme. You acknowledge that the Licensed Materials contain valuable confidential
information and trade secrets, and that unauthorized use, copying and/or disclosure thereof are
harmful to Extreme or its Affiliates and/or its/their software suppliers.

9 MAINTENANCE AND UPDATES

. Except as otherwise defined below, updates and certain maintenance
and support services, if any, shall be provided to You pursuant to the terms of an Extreme Service and
Maintenance Agreement, if Extreme and You enter into such an agreement. Except as specifically set
forth in such agreement, Extreme shall not be under any obligation to provide updates, modifications,
or enhancements, or maintenance and support services for the Licensed Materials to You. If you have
purchased Licensed Materials on a subscription basis then the applicable service terms for Your
Licensed Materials are as provided in Your Ordering Documentation. Extreme will perform the
maintenance and updates in a timely and professional manner, during the Term of Your subscription,
using qualified and experienced personnel. You will cooperate in good faith with Extreme in the
performance of the support services including, but not limited to, providing Extreme with: (a) access to
the Extreme Licensed Materials (and related systems); and (b) reasonably requested assistance and

Access Point, Wireless Controller and Service Platform CLI Reference Guide

vii

ABOUT THIS GUIDE

information. Further information about the applicable maintenance and updates terms can be found on
Extreme’s website at http://www.extremenetworks.com/company/legal/terms-of-support

10 DEFAULT AND TERMINATION

. In the event that You shall fail to keep, observe, or perform any
obligation under this Agreement, including a failure to pay any sums due to Extreme, or in the event
that you become insolvent or seek protection, voluntarily or involuntarily, under any bankruptcy law,
Extreme may, in addition to any other remedies it may have under law, terminate the License and any
other agreements between Extreme and You.
a Immediately after any termination of the Agreement, Your licensed subscription term, or if You have

for any reason discontinued use of Licensed Materials, You shall return to Extreme the original and
any copies of the Licensed Materials and remove the Licensed Materials, including an Licensed
Software, from any modular works made pursuant to Section 3, and certify in writing that through
your best efforts and to the best of your knowledge the original and all copies of the terminated or
discontinued Licensed Materials have been returned to Extreme.

b Sections 1, 7, 8, 10, 11, 12, 13, 14 and 15 shall survive termination of this Agreement for any reason.

11 EXPORT REQUIREMENTS

. You are advised that the Licensed Materials, including the Licensed Software
is of United States origin and subject to United States Export Administration Regulations; diversion
contrary to United States law and regulation is prohibited. You agree not to directly or indirectly export,
import or transmit the Licensed Materials, including the Licensed Software to any country, end user or
for any Use that is prohibited by applicable United States regulation or statute (including but not limited
to those countries embargoed from time to time by the United States government); or contrary to the
laws or regulations of any other governmental entity that has jurisdiction over such export, import,
transmission or Use.

12 UNITED STATES GOVERNMENT RESTRICTED RIGHTS

. The Licensed Materials (i) were developed solely
at private expense; (ii) contain “restricted computer software” submitted with restricted rights in
accordance with section 52.227-19 (a) through (d) of the Commercial Computer Software-Restricted
Rights Clause and its successors, and (iii) in all respects is proprietary data belonging to Extreme and/or
its suppliers. For Department of Defense units, the Licensed Materials are considered commercial
computer software in accordance with DFARS section 227.7202-3 and its successors, and use,
duplication, or disclosure by the U.S. Government is subject to restrictions set forth herein.

13 LIMITED WARRANTY AND LIMITATION OF LIABILITY

. Extreme warrants to You that (a) the initially­shipped version of the Licensed Materials will materially conform to the Documentation; and (b) the
media on which the Licensed Software is recorded will be free from material defects for a period of
ninety (90) days from the date of delivery to You or such other minimum period required under
applicable law. Extreme does not warrant that Your use of the Licensed Materials will be error-free or
uninterrupted.

NEITHER EXTREME NOR ITS AFFILIATES MAKE ANY OTHER WARRANTY OR REPRESENTATION,
EXPRESS OR IMPLIED, WITH RESPECT TO THE LICENSED MATERIALS, WHICH ARE LICENSED "AS IS".
THE LIMITED WARRANTY AND REMEDY PROVIDED ABOVE ARE EXCLUSIVE AND IN LIEU OF ALL
OTHER WARRANTIES, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
PARTICULAR PURPOSE, WHICH ARE EXPRESSLY DISCLAIMED, AND STATEMENTS OR
REPRESENTATIONS MADE BY ANY OTHER PERSON OR FIRM ARE VOID. IN NO EVENT WILL
EXTREME OR ANY OTHER PARTY WHO HAS BEEN INVOLVED IN THE CREATION, PRODUCTION OR
DELIVERY OF THE LICENSED MATERIALS BE LIABLE FOR SPECIAL, DIRECT, INDIRECT, RELIANCE,
INCIDENTAL OR CONSEQUENTIAL DAMAGES, INCLUDING LOSS OF DATA OR PROFITS OR FOR
INABILITY TO USE THE LICENSED MATERIALS, TO ANY PARTY EVEN IF EXTREME OR SUCH OTHER
PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT SHALL

Access Point, Wireless Controller and Service Platform CLI Reference Guide

viii

ABOUT THIS GUIDE

EXTREME OR SUCH OTHER PARTY'S LIABILITY FOR ANY DAMAGES OR LOSS TO YOU OR ANY
OTHER PARTY EXCEED THE LICENSE FEE YOU PAID FOR THE LICENSED MATERIALS.

Some states do not allow limitations on how long an implied warranty lasts and some states do not
allow the exclusion or limitation of incidental or consequential damages, so the above limitation and
exclusion may not apply to You. This limited warranty gives You specific legal rights, and You may also
have other rights which vary from state to state.

14 JURISDICTION

. The rights and obligations of the parties to this Agreement shall be governed and
construed in accordance with the laws and in the State and Federal courts of the State of California,
without regard to its rules with respect to choice of law. You waive any objections to the personal
jurisdiction and venue of such courts. None of the 1980 United Nations Convention on the Limitation
Period in the International Sale of Goods, and the Uniform Computer Information Transactions Act shall
apply to this Agreement.

15 FREE AND OPEN SOURCE SOFTWARE

. Portions of the Software (Open Source Software) provided to
you may be subject to a license that permits you to modify these portions and redistribute the
modifications (an Open Source License). Your use, modification and redistribution of the Open Source
Software are governed by the terms and conditions of the applicable Open Source License. More details
regarding the Open Source Software and the applicable Open Source Licenses are available at

www.extremenetworks.com/services/SoftwareLicensing.aspx. Some of the Open Source software may

be subject to the GNU General Public License v.x (GPL) or the Lesser General Public Library (LGPL),
copies of which are provided with the Licensed Materials and are further available for review at

www.extremenetworks.com/services/SoftwareLicensing.aspx, or upon request as directed herein. In

accordance with the terms of the GPL and LGPL, you may request a copy of the relevant source code.
See the Software Licensing web site for additional details. This offer is valid for up to three years from
the date of original download of the software.

16 GENERAL.

a This Agreement is the entire agreement between Extreme and You regarding the Licensed Materials,

and all prior agreements, representations, statements, and undertakings, oral or written, are hereby

expressly superseded and canceled.
b This Agreement may not be changed or amended except in writing signed by both parties hereto.
c You represent that You have full right and/or authorization to enter into this Agreement.
d This Agreement shall not be assignable by You without the express written consent of Extreme. The

rights of Extreme and Your obligations under this Agreement shall inure to the benefit of Extreme’

assignees, licensors, and licensees.
e Section headings are for convenience only and shall not be considered in the interpretation of this

Agreement
f The provisions of the Agreement are severable and if any one or more of the provisions hereof are

judicially determined to be illegal or otherwise unenforceable, in whole or in part, the remaining

provisions of this Agreement shall nevertheless be binding on and enforceable by and between the

parties hereto
g Extreme’s waiver of any right shall not constitute waiver of that right in future. This Agreement

constitutes the entire understanding between the parties with respect to the subject matter hereof,

and all prior agreements, representations, statements and undertakings, oral or written, are hereby

expressly superseded and canceled. No purchase order shall supersede this Agreement.

Access Point, Wireless Controller and Service Platform CLI Reference Guide

ix

ABOUT THIS GUIDE

h Should You have any questions regarding this Agreement, You may contact Extreme at the address

set forth below. Any notice or other communication to be sent to Extreme must be mailed by

certified mail to the following address:

Extreme Networks, Inc.

16480 Via Del

San Jose, CA 95119 United States

Tel: +1 408-579-2800

Toll-free: +1 888-257-3000

Access Point, Wireless Controller and Service Platform CLI Reference Guide

x

INTRODUCTION

1

This chapter describes the commands available within a device’s Command Line Interface (CLI) structure.
CLI is available for wireless controllers, access points (APs), and service platforms.

Access the CLI by using:

• A terminal emulation program running on a computer connected to the serial port on the device

(access point, wireless controller, and service platform).

• A Telnet session through Secure Shell (SSH) over a network.

Configuration for connecting to a Controller using a terminal emulator

If connecting through the serial port, use the following settings to configure your terminal emulator:

Bits Per Second 19200

For AP8533, AP8432, AP7662, AP7632, AP7622, AP7612,
AP7602, AP7502, AP7522, AP7532, AP7562, AP6521,
AP6522, AP6532, AP6562 model access points set this
value to 115200.

Data Bits 8
Parity None
Stop Bit 1
Flow Control None

When a CLI session is established, complete the following (user input is in bold):

login as: <username>
administrator’s login password: <password>

User Credentials

Use the following credentials when logging into a device for the first time:

User Name admin
Password admin123

When logging into the CLI for the first time, you are prompted to change the password.

Examples in this reference guide

Examples used in this reference guide are generic to each supported wireless controller, service platform,
and AP model. Commands that are not common, are identified using the notation “Supported in the
following platforms:” For an example, see below:

Supported in the following platforms:

• Wireless Controller – RFS6000

The above example indicates the command is only available for an RFS6000 model wireless controller.

Access Point, Wireless Controller and Service Platform CLI Reference Guide

1 - 1

INTRODUCTION

This chapter is organized into the following sections:

• CLI Overview

• Getting Context Sensitive Help

• Using the No Command

• Using CLI Editing Features and Shortcuts

• Using CLI to Create Profiles and Enable Remote Administration

1.1 CLI Overview



INTRODUCTION

The CLI is used for configuring, monitoring, and maintaining the network. The user interface allows you to
execute commands on supported wireless controllers, service platforms, and APs, using either a serial
console or a remote access method.

This chapter describes basic CLI features. Topics covered include an introduction to command modes,
navigation and editing features, help features and command history.

The CLI is segregated into different command modes. Each mode has its own set of commands for
configuration, maintenance, and monitoring. The commands available at any given time depend on the
mode you are in, and to a lesser extent, the particular model used. Enter a question mark (?) at the system
prompt to view a list of commands available for each command mode/instance.

Use specific commands to navigate from one command mode to another. The standard order is: USER
EXEC mode, PRIV EXEC mode and GLOBAL CONFIG mode.

Figure 1-1 Hierarchy of User Modes

Command Modes

A session generally begins in the USER EXEC mode (one of the two access levels of the EXEC mode). For
security, only a limited subset of EXEC commands are available in the USER EXEC mode. This level is

Access Point, Wireless Controller and Service Platform CLI Reference Guide

1 - 2

INTRODUCTION

reserved for tasks that do not change the device’s (wireless controller, service platform, or AP)
configuration.

rfs6000-6DB5D4>

The system prompt signifies the device name and the last three bytes of the device MAC address.

To access commands, enter the PRIV EXEC mode (the second access level for the EXEC mode). Once in
the PRIV EXEC mode, enter any EXEC command. The PRIV EXEC mode is a superset of the USER EXEC
mode.

rfs6000-6DB5D4>enable
rfs6000-6DB5D4#

Most of the USER EXEC mode commands are one-time commands and are not saved across device
reboots. Save the command by executing ‘commit’ command. For example, the show command displays
the current configuration and the clear command clears the interface.

Access the GLOBAL CONFIG mode from the PRIV EXEC mode. In the GLOBAL CONFIG mode, enter
commands that set general system characteristics. Configuration modes, allow you to change the running
configuration. If you save the configuration later, these commands are stored across device reboots.

Access a variety of protocol specific (or feature-specific) modes from the global configuration mode. The
CLI hierarchy requires you to access specific configuration modes only through the global configuration
mode.

rfs6000-6DB5D4#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
rfs6000-6DB5D4(config)#

You can also access sub-modes from the global configuration mode. Configuration sub-modes define
specific features within the context of a configuration mode.

rfs6000-6DB5D4(config)#aaa-policy test
rfs6000-6DB5D4(config-aaa-policy-test)#

The following table summarizes available CLI commands:

Table 1.1 Controller CLI Modes and Commands

User Exec Mode Priv Exec Mode Global Configuration Mode

captive-portal-page-upload archive aaa-policy
change-passwd boot aaa-tacacs-policy
clear captive-portal-page-upload alias
clock cd ap6521
cluster change-passwd ap6522
commit clear ap6532
connect clock ap6562
create-cluster cluster ap7161
crypto commit ap7502
crypto-cmp-cert-update configure ap7522
database connect ap7532
database-backup copy ap7562

Access Point, Wireless Controller and Service Platform CLI Reference Guide

1 - 3

INTRODUCTION

Table 1.1

Controller CLI Modes and Commands

User Exec Mode Priv Exec Mode Global Configuration Mode

database-restore cpe (RFS4000, RFS6000, NX9500,

ap7602

NX9600, VX9000)
debug create-cluster ap7612
device-upgrade crypto ap7622
disable crypto-cmp-cert-update ap7632
enable database ap7662
file-sync database-backup ap81xx (ap8122, ap8132, ap8163)
help database-restore ap8232
join-cluster debug ap8432
l2tpv3 delete ap8533
logging device-upgrade application
mint diff application-group
no dir application-policy
on disable association-acl-policy

opendns edit auto-provisioning-policy

page enable bgp
ping erase bonjour-gw-discovery-policy
ping6 ex3500 bonjour-gw-forwarding-policy
revert factory-reset bonjour-gw-query-forwarding-

policy
service file-sync captive-portal
show halt clear
ssh help client-identity
telnet join-cluster client-identity-group
terminal l2tpv3 clone
time-it logging crypto-cmp-policy
traceroute mint customize
traceroute6 mkdir database-client-policy (supported

only on VX9000
virtual-machine (supported only

on NX9500, NX9600, and
VX9000)

more database-policy (supported only

on NX9500, NX9600, and

VX9000)
watch no device
write on device-categorization
clrscr opendns dhcp-server-policy
exit page dhcp6-server-policy

ping dns-whitelist
ping6 event-system-policy

Access Point, Wireless Controller and Service Platform CLI Reference Guide

1 - 4

INTRODUCTION

Table 1.1

Controller CLI Modes and Commands

User Exec Mode Priv Exec Mode Global Configuration Mode

pwd ex3500
raid (supported only on NX9500 and

ex3500-management-policy

NX7530)
re-elect ex3500-qos-class-map-policy
reload ex3500-qos-policy-map
remote-debug ex3524
rename ex3548
revert firewall-policy
rmdir global-association-list
self guest-management
service help
show host
ssh igmp-snoop-policy (This

command has been deprecated.

IGMP snooping is now

configurable under the profile/

device configuration mode. For

t5 (supported only on RFS4000,

more information, see

inline-password-encryption

ip.

RFS6000, NX9500, NX9600, and
VX9000)

telnet ip
terminal ipv6
time-it ipv6-router-advertisement-policy
traceroute l2tpv3
traceroute6 mac
upgrade management-policy
upgrade-abort meshpoint
virtual-machine (supported only on

meshpoint-qos-policy

NX9500, NX9600, and VX9000)
watch mint-policy
write nac-list
clrscr no
exit nsight-policy

nx5500 (supported only on

NX9500, NX9600, VX9000)

nx75xx (supported only on

NX9500, NX9600, VX9000)

nx9000 (supported only on

NX9500, NX9600, VX9000)

Access Point, Wireless Controller and Service Platform CLI Reference Guide

1 - 5

INTRODUCTION

Table 1.1

Controller CLI Modes and Commands

User Exec Mode Priv Exec Mode Global Configuration Mode

nx9600 (supported only on

NX9600)

passpoint-policy

password-encryption

profile

radio-qos-policy

radius-group

radius-server-policy

radius-user-pool-policy

rename

replace

rf-domain

rfs4000

rfs6000

roaming-assist-policy

role-policy

route-map

routing-policy

rtl-server-policy

schedule-policy

self

sensor-policy

smart-rf-policy

t5 (supported only on RFS4000,

RFS6000, NX9500, NX9600,

VX9000)

url-filter (supported only on

NX9500, NX9600, VX9000)

url-list (supported only on

NX9500, NX9600, VX9000)

vx9000 (supported only on

NX9500, and NX9600, VX9000)

web-filter-policy

wips-policy

wlan

wlan-qos-policy

write

clrscr

Access Point, Wireless Controller and Service Platform CLI Reference Guide

1 - 6

INTRODUCTION

Table 1.1

Controller CLI Modes and Commands

User Exec Mode Priv Exec Mode Global Configuration Mode

commit

do

end

exit

revert

service

show

1.2 Getting Context Sensitive Help



INTRODUCTION

Enter a question mark (?) at the system prompt to display a list of commands available for each mode.
Obtain a list of arguments and keywords for any command using the CLI context-sensitive help.

Use the following commands to obtain help specific to a command mode, command name, keyword or
argument:

Command Description

(prompt)#help Displays a brief description of the help system
(prompt)#abbreviated-command-entry? Lists commands in the current mode that begin with a

particular character string
(prompt)#abbreviated-command-entry[TAB] Completes a partial command name
(prompt)#? Lists all commands available in the command mode
(prompt)#command ? Lists the available syntax options (arguments and

keywords) for the command
(prompt)#command keyword ? Lists the next available syntax option for the command

NOTE: The system prompt varies depending on the configuration mode.

NOTE: Enter Ctrl + V to use ? as a regular character and not as a character

used for displaying context sensitive help. This is required when the user has
to enter a URL that ends with a ?

NOTE: The escape character used through out the CLI is “\”. To enter a "\"

use "\\" instead.

Access Point, Wireless Controller and Service Platform CLI Reference Guide

1 - 7

INTRODUCTION

When using context-sensitive help, the space (or lack of a space) before the question mark (?) is
significant. To obtain a list of commands that begin with a particular sequence, enter the characters
followed by a question mark (?). Do not include a space. This form of help is called word help, because it
completes a word.

rfs6000-6DB5D4#service?
service Service Commands
rfs6000-6DB5D4#service

Enter a question mark (?) (in place of a keyword or argument) to list keywords or arguments. Include a
space before the “?”. This form of help is called command syntax help. It shows the keywords or arguments
available based on the command/keyword and argument already entered.

rfs6000-6DB5D4#service ?
block-adopter-config-update Block configuration updates from the
bluetooth Bluetooth service commands
clear Clear adoption history
cli-tables-skin Choose a formatting layout/skin for CLI
tabular outputs (EXPERIMENTAL-Applies only
to certain commands)
cluster Cluster Protocol
copy Copy files or directories
delete Delete sessions
delete-offline-aps Delete Access Points that are configured
but offline
force-send-config Resend configuration to the device
force-update-vm-stats Force VM statistics to be pushed up to the
NOC
load-balancing Wireless load-balancing service commands
load-ssh-authorized-keys Load Ssh authorized keys
locator Enable leds flashing on the device
mint MiNT protocol
pktcap Start packet capture
pm Process Monitor
radio Radio parameters
radius Radius test
request-full-config-from-adopter Request full configuration from the
adopter
set Set global options
show Show running system information
signal Send a signal to a process
smart-rf Smart-RF Management Commands
snmp Snmp
ssm Command related to ssm
start-shell Provide shell access
syslog Syslog service
trace Trace a process for system calls and
signals
troubleshoot Troubleshooting
wireless Wireless commands

rfs6000-6DB5D4#

It is possible to abbreviate commands and keywords to allow a unique abbreviation. For example,
“configure terminal” can be abbreviated as config t. Since the abbreviated command is unique, the
controller accepts the abbreviation and executes the command.

Enter the help command (available in any command mode) to provide the following description:

rfs6000-6DB5D4>help

When using the CLI, help is provided at the command line when typing '?'. If no
help is available, the help content will be empty. Backup until entering a '?'
shows the help content.
There are two styles of help provided:

1. Full help. Available when entering a command argument (e.g. 'show ?'). This will

Access Point, Wireless Controller and Service Platform CLI Reference Guide

1 - 8

INTRODUCTION

describe each possible argument.

2. Partial help. Available when an abbreviated argument is entered. This will
display which arguments match the input (e.g. 'show ve?').

rfs6000-6DB5D4>

1.3 Using the No Command



INTRODUCTION

Almost every command has a no form. Use no to disable a feature or function or return it to its default.
Use the command without the no keyword to re-enable a disabled feature.

1.3.1 Basic Conventions

Keep the following conventions in mind while working within the CLI structure:

• Use “?” at the end of a command to display the sub-modes (keywords) associated with the
command. Type the first few characters of the required sub-mode and press the tab key to auto-fill.
Continue using “?” until you reach the last sub-mode.

• Pre-defined CLI commands and keywords are case-insensitive: cfg = Cfg = CFG. However (for
clarity), CLI commands and keywords are displayed (in this guide) using mixed case. For example,
apPolicy, trapHosts, channelInfo.

• Enter commands in uppercase, lowercase, or mixed case. Only passwords are case sensitive.

1.4 Using CLI Editing Features and Shortcuts



INTRODUCTION

A variety of shortcuts and edit features are available. The following sections describe these features:

• Moving the Cursor on the Command Line

• Completing a Partial Command Name

• Command Output Pagination

Access Point, Wireless Controller and Service Platform CLI Reference Guide

1 - 9

INTRODUCTION

1.4.1 Moving the Cursor on the Command Line



Using CLI Editing Features and Shortcuts

The following table shows the key combinations or sequences to move the command line cursor. Ctrl
defines the control key, which must be pressed simultaneously with its associated letter key. Esc means the
escape key (which must be pressed first), followed by its associated letter key. Keys are not case sensitive.
Specific letters are used to provide an easy way of remembering their functions.

Table 1.2 Keystrokes Details

Keystrokes Function Summary Function Details

Left Arrow
or
Ctrl-B

Right Arrow or Ctrl-F Forward character Moves the cursor one character to the right
Esc- B Back word Moves the cursor back one word
Esc- F Forward word Moves the cursor forward one word
Ctrl-A Beginning of line Moves the cursor to the beginning of the command

Ctrl-E End of line Moves the cursor to the end of the command line
Ctrl-D Deletes the current character
Ctrl-U Deletes text up to cursor
Ctrl-K Deletes from the cursor to end of the line
Ctrl-P Obtains the prior command from memory
Ctrl-N Obtains the next command from memory
Esc-C Converts the letter at the cursor to uppercase
Esc-L Converts the letter at the cursor to lowercase
Esc-D Deletes the remainder of a word
Ctrl-W Deletes the word up to the cursor
Ctrl-Z Returns to the root prompt
Ctrl-T Transposes the character to the left of the cursor

Ctrl-L Clears the screen

Back character Moves the cursor one character to the left

When entering a command that extends beyond a
single line, press the Left Arrow or Ctrl-B keys
repeatedly to move back to the system prompt.

line

with the character located at the cursor

1.4.2 Completing a Partial Command Name



Using CLI Editing Features and Shortcuts

If you cannot remember a command name (or if you want to reduce the amount of typing you have to
perform), enter the first few letters of a command, then press the Tab key. The command line parser
completes the command if the string entered is unique to the command mode. If your keyboard does not
have a Tab key, press Ctrl-L.

Access Point, Wireless Controller and Service Platform CLI Reference Guide

1 - 10

INTRODUCTION

The CLI recognizes a command once you have entered enough characters to make the command unique. If
you enter “conf” within the privileged EXEC mode, the CLI associates the entry with the configure
command, since only the configure command begins with conf.

In the following example, the CLI recognizes a unique string in the privileged EXEC mode when the Tab key
is pressed:

rfs6000-6DB5D4#conf[TAB]
rfs6000-6DB5D4#configure

When using the command completion feature, the CLI displays the full command name. The command is
not executed until the [Return] or [Enter] key is pressed. Modify the command if the full command was not
what you intended in the abbreviation. If entering a set of characters (indicating more than one command),
the system lists all commands beginning with that set of characters.

Enter a question mark (?) to obtain a list of commands beginning with a particular set of characters. Do
not leave a space between the last letter and the question mark (?).

In the following example, all commands, available in the current context, starting with the characters ‘co’
are listed:

rfs6000-6DB5D4#co?
commit Commit all changes made in this session
configure Enter configuration mode
connect Open a console connection to a remote device
copy Copy from one file to another

rfs6000-6DB5D4#

NOTE: The characters entered before the question mark are reprinted to the

screen to complete the command entry.

1.4.3 Command Output Pagination



Using CLI Editing Features and Shortcuts

Output often extends beyond the visible screen length. For cases where output continues beyond the
screen, the output is paused and a

--More--

prompt displays at the bottom of the screen. To resume the output, press the [Enter] key to scroll down
one line or press the Spacebar to display the next full screen of output.

1.5 Using CLI to Create Profiles and Enable Remote
Administration



INTRODUCTION

The following sections describe the following essential procedures:

• Creating Profiles

• Changing the default profile by creating vlan 150 and mapping to ge3 Physical interface

• Enabling Remote Administration

Access Point, Wireless Controller and Service Platform CLI Reference Guide

1 - 11

INTRODUCTION

1.5.1 Creating Profiles



Using CLI to Create Profiles and Enable Remote Administration

Profiles are sort of a ‘template’ representation of configuration. The system has:

• a default profile for each of the following devices:

- RFS4000, RFS6000

• a default profile for each of the following service platforms:

- NX5500, NX7500, NX7510, NX7520, NX7530, NX9500, NX9510, NX9600, VX9000

• a default profile for each of the following access points:

- AP6521, AP6522, AP6532, AP6562, AP7161, AP7502, AP7522, AP7532, AP7562, AP7602, AP7612,
AP7622, AP7632, AP7662, AP81XX, AP8232, AP8432, AP8533

You can modify a default profile. In the following example, an IP address is assigned to the management
port on the default RFS6000 profile.

rfs6000-6DB5D4(config)#profile rfs6000 default-rfs6000
rfs6000-6DB5D4(config-profile-default-rfs6000)#interface me1
rfs6000-6DB5D4(config-profile-default-rfs6000-if-me1)#ip address 172.16.10.2/24
rfs6000-6DB5D4(config-profile-default-rfs6000-if-me1)#commit
rfs6000-6DB5D4(config-profile-default-rfs6000)#exit
rfs6000-6DB5D4(config)#

The following command displays a default AP7562 profile configuration:

rfs6000-6DB5D4(config-profile-default-ap7562)#
rfs6000-6DB5D4(config-profile-default-ap7562)#show context
profile ap7562 default-ap7562
autoinstall configuration
autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
placement outdoor
interface radio2
placement outdoor
interface ge1
interface ge2
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all

--More-­rfs6000-6DB5D4(config-profile-default-ap7562)#

Access Point, Wireless Controller and Service Platform CLI Reference Guide

1 - 12

INTRODUCTION

1.5.2 Changing the default profile by creating vlan 150 and mapping to ge3 Physical
interface



Using CLI to Create Profiles and Enable Remote Administration

Logon to the controller in config mode and follow the procedure below:

rfs6000-6DB5D4(config-profile-default-rfs6000)#interface vlan 150

rfs6000-6DB5D4(config-profile-default-rfs6000-if-vlan150)#ip address

192.168.150.20/24

rfs6000-6DB5D4(config-profile-default-rfs6000-if-vlan150)#exit

rfs6000-6DB5D4(config-profile-default-rfs6000)#interface ge 3

rfs6000-6DB5D4(config-profile-default-rfs6000-if-ge3)#switchport access vlan 150

rfs6000-6DB5D4(config-profile-default-rfs6000-if-ge3)#commit write
Please Wait .
[OK]
rfs6000-6DB5D4(config-profile-default-rfs6000-if-ge3)#

rfs6000-6DB5D4(config-profile-default-rfs6000-if-ge3)#show interface vlan 150
Interface vlan150 is UP
Hardware-type: vlan, Mode: Layer 3, Address: 00-15-70-81-74-2D
Index: 6, Metric: 1, MTU: 1500
IP-Address: 192.168.150.20/24
input packets 0, bytes 0, dropped 0, multicast packets 0
input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0
output packets 2, bytes 140, dropped 0
output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0
collisions 0
IPv6 mode is disabled

rfs6000-6DB5D4(config-profile-default-rfs6000-if-ge3)#

1.5.2.1 Viewing Configured APs

To view previously configured APs, enter the following command:

rfs6000-6DB5D4>show wireless ap configured

-------------------------------------------------------------------------------­ IDX NAME MAC PROFILE RF-DOMAIN ADOPTED-BY

-------------------------------------------------------------------------------­ 1 ap7532-80C2AC 84-24-8D-80-C2-AC default-ap7532 TechPubs 00-15-70-81-74-2D
2 ap8132-74B45C B4-C7-99-74-B4-5C default-ap81xx TechPubs 00-15-70-81-74-2D
3 ap7522-8330A4 84-24-8D-83-30-A4 default-ap7522 default 00-15-70-81-74-2D
4 ap8132-711728 B4-C7-99-71-17-28 default-ap81xx TechPubs 00-15-70-81-74-2D
5 ap8533-9A12DB 74-67-F7-9A-12-DB default-ap8533 default un-adopted
6 ap7562-84A224 84-24-8D-84-A2-24 default-ap7562 TechPubs 00-15-70-81-74-2D

-------------------------------------------------------------------------------­rfs6000-6DB5D4>

Access Point, Wireless Controller and Service Platform CLI Reference Guide

1 - 13

INTRODUCTION

1.5.3 Enabling Remote Administration



Using CLI to Create Profiles and Enable Remote Administration

A terminal server may function in remote administration mode if either the terminal services role is not
installed on the machine or the client used to invoke the session has enabled the admin controller.

• A terminal emulation program running on a computer connected to the serial port on the
controller. The serial port is located on the front of the controller.

• A Telnet session through a Secure Shell (SSH) over a network. The Telnet session may or may not
use SSH depending on how the controller is configured. It is recommended you use SSH for remote
administration tasks.

This section is organized into the following sub sections:

• Configuring Telnet for Management Access

• Configuring SSH for Management Access

1.5.3.1 Configuring Telnet for Management Access



Enabling Remote Administration

To enable Telnet for management access, use the serial console to login to the device and perform the
following:

1 The session, by default, opens in the USER EXEC mode (one of the two access levels of the EXEC

mode). Access the PRIV EXEC mode from the USER EXEC mode.

rfs6000-6DB5D4>en
rfs6000-6DB5D4#

2 Access the GLOBAL CONFIG mode from the PRIV EXEC mode.

rfs6000-6DB5D4>en
rfs6000-6DB5D4#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
rfs6000-6DB5D4(config)#

3 Go to ‘default-management-policy’ mode.

rfs6000-6DB5D4(config)#management-policy ?
MANAGEMENT Name of the management policy to be configured (will be created
if it does not exist)

rfs6000-6DB5D4(config)#management-policy default
rfs6000-6DB5D4(config-management-policy-default)#

4 Enter Telnet and the port number at the command prompt. Note, the port number is optional. If you do

not specify the port, the system, by default, assigns port 23 for Telnet. Commit your changes. Telnet is
enabled.

rfs6000-6DB5D4(config-management-policy-default)#telnet
rfs6000-6DB5D4(config-management-policy-default)#commit write
rfs6000-6DB5D4(config-management-policy-default)#end
rfs6000-6DB5D4#exit

5 Connect to the controller through Telnet using its configured IP address. If logging in for the first time,

use the following credentials:

User Name admin
Password admin123

At the first-time login instance, you will be prompted to change the password. Set a new password.

Access Point, Wireless Controller and Service Platform CLI Reference Guide

1 - 14

INTRODUCTION

6 On subsequent logins, to change the password, access the default management-policy configuration

mode and enter the username, new password, role, and access details.

rfs6000-6DB5D4(config-management-policy-default)#user testuser password test@123
role helpdesk access all
rfs6000-6DB5D4(config-management-policy-default)#commit
rfs6000-6DB5D4(config-management-policy-default)#show context
management-policy default
telnet
http server
https server
no ftp
ssh
user admin password 1
fd07f19c6caf46e5b7963a802d422a708ad39a24906e04667c8642299c8462f1 role superuser
access all
user testuser password 1

32472f01757293a181738674bdf068ffe0b777ce145524fc669278820ab582c0 role helpdesk
access all

snmp-server community 2 uktRccdr9eLoByF5PCSuFAAAAAeB78WhgTbSKDi96msyUiW+ rw
snmp-server community 2 Ne+R15zlwEdhybKxfbd6JwAAAAZzvrLGzU/xWXgwFtwF5JdD ro
snmp-server user snmptrap v3 encrypted des auth md5 2 WUTBNiUi7tL4ZbU2I7Eh/
QAAAAiDhBZTln0UIu+y/W6E/0tR
snmp-server user snmpmanager v3 encrypted des auth md5 2 9Fva4fYV1WL4ZbU2I7Eh/
QAAAAjdvbWANBNw+We/xHkH9kLi
no https use-secure-ciphers-only
rfs6000-6DB5D4(config-management-policy-default)#

7 Logon to the Telnet console and provide the user details configured in the previous step to access the

controller.

rfs6000 release 5.9.1.0-015D
rfs6000-6DB5D4 login: testuser
Password:
Welcome to CLI
Starting CLI...
rfs6000-6DB5D4>

1.5.3.2 Configuring SSH for Management Access



Enabling Remote Administration

By default, SSH is enabled from the factory settings on the controller. The controller requires an IP address
and login credentials.

To enable SSH access on a device, login through the serial console and perform the following:

1 The session, by default, opens in the USER EXEC mode (one of the two access levels of the EXEC

mode). Access the PRIV EXEC mode from the USER EXEC mode.

rfs6000-6DB5D4>en
rfs6000-6DB5D4#

2 Access the GLOBAL CONFIG mode from the PRIV EXEC mode.

rfs6000-6DB5D4>en
rfs6000-6DB5D4#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
rfs6000-6DB5D4(config)#

3 Go to ‘default-management-policy’ mode.

rfs6000-6DB5D4(config)#management-policy ?
MANAGEMENT Name of the management policy to be configured (will be created
if it does not exist)

rfs6000-6DB5D4(config)#management-policy default
rfs6000-6DB5D4(config-management-policy-default)#

Access Point, Wireless Controller and Service Platform CLI Reference Guide

1 - 15

INTRODUCTION

4 Enter SSH at the command prompt.

rfs6000-6DB5D4(config-management-policy-default)#ssh
rfs6000-6DB5D4(config-management-policy-default)#commit write
rfs6000-6DB5D4(config-management-policy-default)#end
rfs6000-6DB5D4#exit

5 Connect to the controller through SSH using its configured IP address. If logging in for the first time, use

the following credentials:

User Name admin
Password admin123

At the first-time login instance, you will be prompted to change the password. Set a new password.

6 On subsequent logins, to change the password, access the default management-policy configuration

mode and enter the username, new password, role, and access details.

rfs6000-6DB5D4(config-management-policy-default)#user testuser password test@123
role helpdesk access all
rfs6000-6DB5D4(config-management-policy-default)#commit
rfs6000-6DB5D4(config-management-policy-default)#show context
management-policy default
telnet
http server
https server
no ftp
ssh
user admin password 1
fd07f19c6caf46e5b7963a802d422a708ad39a24906e04667c8642299c8462f1 role superuser
access all
user testuser password 1

32472f01757293a181738674bdf068ffe0b777ce145524fc669278820ab582c0 role helpdesk
access all

snmp-server community 2 uktRccdr9eLoByF5PCSuFAAAAAeB78WhgTbSKDi96msyUiW+ rw
snmp-server community 2 Ne+R15zlwEdhybKxfbd6JwAAAAZzvrLGzU/xWXgwFtwF5JdD ro
snmp-server user snmptrap v3 encrypted des auth md5 2 WUTBNiUi7tL4ZbU2I7Eh/
QAAAAiDhBZTln0UIu+y/W6E/0tR
snmp-server user snmpmanager v3 encrypted des auth md5 2 9Fva4fYV1WL4ZbU2I7Eh/
QAAAAjdvbWANBNw+We/xHkH9kLi
no https use-secure-ciphers-only
rfs6000-6DB5D4(config-management-policy-default)#

7 Logon to the SSH console and provide the user details configured in the previous step to access the

controller.

rfs6000 release 5.9.1.0-015D
rfs6000-6DB5D4 login: testuser
Password:
Welcome to CLI
Starting CLI...
rfs6000-6DB5D4>

Access Point, Wireless Controller and Service Platform CLI Reference Guide

1 - 16

USER EXEC MODE COMMANDS

2

Logging in to the wireless controller places you within the USER EXEC command mode. Typically, a login
requires a user name and password. You have three login attempts before the connection attempt is
refused. USER EXEC commands (available at the user level) are a subset of the commands available at the
privileged level. In general, USER EXEC commands allow you to connect to remote devices, perform basic
tests, and list system information.

To list available USER EXEC commands, use ? at the command prompt. The USER EXEC prompt consists of
the device host name followed by an angle bracket (>).

<DEVICE>>?
Command commands:
captive-portal-page-upload Captive portal internal and advanced page upload
change-passwd Change password
clear Clear
clock Configure software system clock
cluster Cluster commands
commit Commit all changes made in this session
connect Open a console connection to a remote device
create-cluster Create a cluster
crypto Encryption related commands
crypto-cmp-cert-update Update the cmp certs
database Database
database-backup Backup database
database-restore Restore database
debug Debugging functions
device-upgrade Device firmware upgrade
disable Turn off privileged mode command
enable Turn on privileged mode command
file-sync File sync between controller and adoptees
help Description of the interactive help system
join-cluster Join the cluster
l2tpv3 L2tpv3 protocol
logging Modify message logging facilities
mint MiNT protocol
no Negate a command or set its defaults
on On RF-Domain
opendns OpenDNS configuration
page Toggle paging
ping Send ICMP echo messages
ping6 Send ICMPv6 echo messages
revert Revert changes
service Service Commands
show Show running system information
ssh Open an ssh connection
telnet Open a telnet connection
terminal Set terminal line parameters
time-it Check how long a particular command took between
request and completion of response
traceroute Trace route to destination
traceroute6 Trace route to destination(IPv6)
virtual-machine Virtual Machine
watch Repeat the specific CLI command at a periodic
interval
write Write running configuration to memory or
terminal

clrscr Clears the display screen
exit Exit from the CLI

<DEVICE>>

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 1

USER EXEC MODE COMMANDS

2.1 User Exec Commands



USER EXEC MODE COMMANDS

The following table summarizes the User Exec Mode commands:

Table 2.1 User Exec Mode Commands

Command Description Reference

captive-portal­page-upload

change-passwd
clear
clock
cluster
connect
create-cluster
crypto
crypto-cmp-

cert-update
database

database­backup

database­restore

device-upgrade
disable
enable
file-sync

join-cluster

l2tpv3

logging
mint
no
on

Uploads captive portal advanced pages to adopted access points page 2-4

Changes the password of a logged user page 2-8
Resets the last saved command page 2-9
Configures the system clock page 2-20
Accesses the cluster context page 2-21
Establishes a console connection to a remote device page 2-22
Creates a new cluster on a specified device page 2-23
Enables encryption and configures encryption related parameters page 2-24
Triggers a CMP certificate update on a specified device or devices page 2-33

Enables automatic repairing (vacuuming) and dropping of databases
(Captive-portal and NSight)

Backs up captive-portal and/or NSight database to a specified location
and file on an FTP or SFTP server

Restores a previously exported database [captive-portal and/or
NSight]. Previously exported databases (backed up to a specified FTP
or SFTP server) are restored to the original database.

Configures device firmware upgrade settings page 2-41
Turns off (disables) the privileged mode command set page 2-49
Turns on (enables) the privileged mode command set page 2-50

Configures parameters enabling syncing of PKCS#12 and wireless­bridge certificate between the staging-controller and adopted access
points

Adds a device (access point, wireless controller, or service platform) to
an existing cluster of devices

Establishes or brings down Layer 2 Tunneling Protocol Version 3
(L2TPV3) tunnels

Modifies message logging facilities page 2-58
Configures MiNT protocol page 2-60
Negates a command or sets its default page 2-62

Executes the following commands in the RF Domain context: clrscr, do,
end, exit, help, service, and show

page 2-34

page 2-38

page 2-40

page 2-51

page 2-54

page 2-56

page 2-64

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 2

USER EXEC MODE COMMANDS

Table 2.1 User Exec Mode Commands

Command Description Reference

opendns

page

ping
ping6
ssh
telnet
terminal
time-it

traceroute
traceroute6

Connects to the OpenDNS site using OpenDNS registered credentials
(username, password) OR OpenDNS API token to fetch the OpenDNS
device_id. This command is a part of the process that integrates access
points, controllers, and service platforms with OpenDNS.

Toggles a device’s (access point, wireless controller, or service
platform) paging function

Sends ICMP echo messages to a user-specified location page 2-68
Sends ICMPv6 echo messages to a user-specified IPv6 address page 2-70
Opens an SSH connection between two network devices page 2-71
Opens a Telnet session page 2-72
Sets the length and width of the terminal window page 2-73

Verifies the time taken by a particular command between request and
response

Traces the route to its defined destination page 2-75
Traces the route to a specified IPv6 destination page 2-76

virtual-machine Installs, configures, and monitors the status of virtual machines

page 2-65

page 2-67

page 2-74

page 2-77

(VMs) installed on a WiNG controller

watch

Repeats a specific CLI command at a periodic interval page 2-83

NOTE: For more information on common commands (clrscr, commit, help,

revert, service, show, write, and exit), see COMMON COMMANDS.

NOTE: The input parameter <HOSTNAME>, if used in syntaxes across this

chapter, cannot include an underscore (_) character.

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 3

USER EXEC MODE COMMANDS

2.1.1 captive-portal-page-upload



User Exec Commands

Uploads captive portal advanced pages to adopted access points. Use this command to provide access
points with specific captive portal configurations, so that they can successfully provision login, welcome,
and condition pages to clients attempting to access the wireless network using the captive portal.

NOTE: Ensure that the captive portal pages uploaded are *.tar files.

Supported in the following platforms:

• Access Points — AP6521, AP6522, AP6532, AP6562, AP7161, AP7502, AP7522, AP7532, AP7562,
AP7602, AP7612, AP7622, AP7632, AP7662, AP81XX, AP8232, AP8432, AP8533

• Wireless Controllers — RFS4000, RFS6000

• Service Platforms — NX5500, NX7500, NX7510, NX7520, NX7530, NX9500, NX9510, NX9600,
VX9000

Syntax

captive-portal-page-upload [<CAPTIVE-PORTAL-NAME>|cancel-upload|delete-file|
load-file]

captive-portal-page-upload <CAPTIVE-PORTAL-NAME> [<MAC/HOSTNAME>|all|rf-domain]
captive-portal-page-upload <CAPTIVE-PORTAL-NAME> [<MAC/HOSTNAME>|all]

{upload-time <TIME>}

captive-portal-page-upload <CAPTIVE-PORTAL-NAME> rf-domain [<DOMAIN-NAME>|all]

{from-controller} {(upload-time <TIME>)}

captive-portal-page-upload cancel-upload [<MAC/HOSTNAME>|all|on rf-domain
[<DOMAIN-NAME>|all]]

captive-portal-page-upload delete-file <CAPTIVE-PORTAL-NAME> <FILE-NAME>

captive-portal-page-upload load-file <CAPTIVE-PORTAL-NAME> <URL>

Parameters

• captive-portal-page-upload <CAPTIVE-PORTAL-NAME> [<MAC/HOSTNAME>|all]

{upload-time <TIME>}

captive-portal-page­upload <CAPTIVE­PORTAL-NAME>

Uploads advanced pages of the captive-portal identified by the <CAPTIVE-PORTAL­NAME> parameter

• <CAPTIVE-PORTAL-NAME> – Specify the captive portal’s name (should be existing
and configured).

<MAC/HOSTNAME> Uploads to a specified AP

• <MAC/HOSTNAME> – Specify AP’s MAC address or hostname.

all Uploads to all APs

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 4

upload-time <TIME> Optional. Schedules an AP upload time

• <TIME> – Specify upload time in the MM/DD/YYYY-HH:MM or HH:MM format.

The scheduled upload time is your local system’s time. It is not the access point,
controller, service platform, or virtual controller time and it is not synched with the
device.

To view a list of uploaded captive portal files, execute the show > captive-portal-
page-upload > list-files <CAPTIVE-PORTAL-NAME> command.

• captive-portal-page-upload <CAPTIVE-PORTAL-NAME> rf-domain [<DOMAIN-NAME>|
all] {from-controller} {(upload-time <TIME>)}

USER EXEC MODE COMMANDS

captive-portal-page­upload <CAPTIVE­PORTAL-NAME>

Uploads advanced pages of the captive portal identified by the <CAPTIVE-PORTAL­NAME> parameter

• <CAPTIVE-PORTAL-NAME> – Specify captive portal name (should be existing and
configured).

rf-domain
[<DOMAIN­NAME>|all]

Uploads to all APs within a specified RF Domain or all RF Domains

• <DOMAIN-NAME> – Uploads to APs within a specified RF Domain. Specify the RF
Domain name.

• all – Uploads to APs across all RF Domains

from-controller Optional. Uploads captive-portal pages to APs via the controller to which the APs are

adopted

upload-time <TIME> Optional. Schedules an AP upload time

• <TIME> – Specify upload time in the MM/DD/YYYY-HH:MM or HH:MM format.

The scheduled upload time is your local system’s time. It is not the access point,
controller, service platform, or virtual controller time and it is not synched with the
device.

• captive-portal-page-upload cancel-upload [<MAC/HOSTNAME>|all|on rf-domain
[<DOMAIN-NAME>|all]]

captive-portal-page-

Cancels a scheduled AP upload

upload cancel-upload
cancel-upload

[<MAC/HOSTNAME>|
all|on rf-domain
[<DOMAIN­NAME>|all]]

Select one of the following options:

• <MAC/HOSTNAME> – Cancels scheduled upload to a specified AP. Specify the AP’s
MAC address or hostname.

• all – Cancels all scheduled AP uploads

• on rf- domain – Cancels all scheduled uploads to APs within a specified RF Domain or
all RF Domains

• <DOMAIN-NAME> – Cancels scheduled uploads to APs within a specified RF Do­main. Specify RF Domain name.

• all – Cancels scheduled uploads across all RF Domains

• captive-portal-page-upload delete-file <CAPTIVE-PORTAL-NAME> <FILE-NAME>

captive-portal-page-

Deletes a specified captive portal’s uploaded captive-portal Web page files

upload delete-file
<CAPTIVE-PORTAL-

NAME> <FILE­NAME>

Identifies the captive-portal and Web pages to delete

• <CAPTIVE-PORTAL-NAME> – Specify the captive portal name.

• <FILE-NAME> – Specify the file name. The specified internal captive portal page is
deleted.

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 5

USER EXEC MODE COMMANDS

• captive-portal-page-upload load-file <CAPTIVE-PORTAL-NAME> <URL>

captive-portal-page­upload load-file

<CAPTIVE-PORTAL­NAME> <URL>

Loads captive-portal advanced pages

Specify the captive portal name and location. The captive portal should be existing
and configured.

• <URL> – Specifies location of the captive-portal Web pages. Use one of the following
formats to specify the location:

IPv4 URLs:

tftp://<hostname|IP>[:port]/path/file
ftp://<user>:<passwd>@<hostname|IP>[:port]/path/file
sftp://<user>:<passwd>@<hostname|IP>[:port]>/path/file
http://<hostname|IP>[:port]/path/file
cf:/path/file
usb<n>:/path/file

IPv6 URLs:

tftp://<hostname|[IPv6]>[:port]/path/file
ftp://<user>:<passwd>@<hostname|[IPv6]>[:port]/path/file
sftp://<user>:<passwd>@<hostname|[IPv6]>[:port]>/path/file
http://<hostname|[IPv6]>[:port]/path/file

Note: The captive portal pages are downloaded to the controller from the location
specified here. After downloading use the captive-portal-page-upload > <CAPTIVE-
PORTAL-NAME> > <DEVICE-OR-DOMAIN-NAME> command to upload these pages to
APs.

Example

ap6562-B1A214>captive-portal-page-upload load-file captive_portal_test tftp://

89.89.89.17/pages_new_only.tar
ap6562-B1A214>

ap6562-B1A214>show captive-portal-page-upload load-image-status
Download of captive_portal_test advanced page file is complete
ap6562-B1A214>

ap6562-B1A214>captive-portal-page-upload captive_portal_test all

-------------------------------------------------------------------------------­ CONTROLLER STATUS MESSAGE

-------------------------------------------------------------------------------­ FC-0A-81-B1-A2-14 Success Added 6 APs to upload queue

-------------------------------------------------------------------------------­ap6562-B1A214>

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 6

USER EXEC MODE COMMANDS

ap6562-B1A214>show captive-portal-page-upload status
Number of APs currently being uploaded : 1
Number of APs waiting in queue to be uploaded : 0

--------------------------------------------------------------------------------

------­ AP STATE UPLOAD TIME PROGRESS RETRIES LAST UPLOAD ERROR
UPLOADED BY

--------------------------------------------------------------------------------

------­ ap6562-B1A738 downloading immediate 100 0 - None

--------------------------------------------------------------------------------

------­ap6562-B1A214>

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 7

USER EXEC MODE COMMANDS

2.1.2 change-passwd



User Exec Commands

Changes the password of the logged user. When this command is executed without any parameters, the
password can be changed interactively.

Supported in the following platforms:

• Access Points — AP6521, AP6522, AP6532, AP6562, AP7161, AP7502, AP7522, AP7532, AP7562,
AP7602, AP7612, AP7622, AP7632, AP7662, AP81XX, AP8232, AP8432, AP8533

• Wireless Controllers — RFS4000, RFS6000

• Service Platforms — NX5500, NX7500, NX7510, NX7520, NX7530, NX9500, NX9510, NX9600,
VX9000

Syntax

change-passwd {<OLD-PASSWORD>} <NEW-PASSWORD>

Parameters

• change-passwd {<OLD-PASSWORD>} <NEW-PASSWORD>

<OLD-PASSWORD> Optional. Specify the existing password.
<NEW-PASSWORD> Specify the new password.

Note: The password can also be changed interactively. To do so, press [Enter] after
the command.

Usage Guidelines

A password must be from 1 - 64 characters in length.

Example

rfs6000-81742D>change-passwd
Enter old password:
Enter new password:
Password for user 'admin' changed successfully
Please write this password change to memory(write memory) to be persistent.
rfs6000-81742D#write memory
OK
rfs6000-81742D>

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 8

USER EXEC MODE COMMANDS

2.1.3 clear



User Exec Commands

Clears parameters, cache entries, table entries, and other similar entries. The clear command is available for
specific commands only. The information cleared, using this command, depends on the mode where the
clear command is executed.

Supported in the following platforms:

• Access Points — AP6521, AP6522, AP6532, AP6562, AP7161, AP7502, AP7522, AP7532, AP7562,
AP7602, AP7612, AP7622, AP7632, AP7662, AP81XX, AP8232, AP8432, AP8533

• Wireless Controllers — RFS4000, RFS6000

• Service Platforms — NX5500, NX7500, NX7510, NX7520, NX7530, NX9500, NX9510, NX9600,
VX9000

NOTE: When using the clear command, refer to the interface details

provided in interface.

Syntax

clear [arp-cache|bonjour|cdp|counters|crypto|eguest|event-history|gre|ip|
ipv6|lacp|lldp|mac-address-table|mint|role|rtls|spanning-tree|traffic-shape|
vrrp]

clear arp-cache {on <DEVICE-NAME>}

clear bonjour cache {on <DEVICE-NAME>}

clear [cdp|lldp] neighbors {on <DEVICE-NAME>}

clear counters [ap|radio|wireless-client]

clear counters [ap {<MAC>}|radio {<MAC/DEVICE-NAME>} {<1-X>}|wireless-client
{<MAC>}] {(on <DEVICE-OR-DOMAIN-NAME>)}

clear crypto [ike|ipsec] sa
clear crypto ike sa [<IP>|all] {on <DEVICE-NAME>}
clear crypto ipsec sa {on <DEVICE-NAME>}

clear eguest registration statistics

clear event-history

clear gre stats {on <DEVICE-NAME>}

clear ip [bgp|dhcp|ospf]

clear ip bgp [<IP>|all|external|process]
clear ip bgp [<IP>|all|external] {in|on|out|soft}
clear ip bgp [<IP>|all|external] {in prefix-filter} {on <DEVICE-NAME>}
clear ip bgp [<IP>|all|external] {out} {(on <DEVICE-NAME>)}
clear ip bgp [<IP>|all|external] {soft {in|out}} {on <DEVICE-NAME>}
clear ip bgp process {on <DEVICE-NAME>}

clear ip dhcp bindings [<IP>|all] {on <DEVICE-NAME>}
clear ip ospf process {on <DEVICE-NAME>}

clear ipv6 neighbor-cache {on <DEVICE-NAME>}

clear lacp [<1-4> counters|counters]

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 9

USER EXEC MODE COMMANDS

clear mac-address-table {address|interface|mac-auth-state|vlan} {on <DEVICE­NAME>}

clear mac-address-table {address <MAC>|vlan <1-4094>} {on <DEVICE-NAME>}

clear mac-address-table {interface [<IN-NAME>|ge <1-2>|port-channel <1-2>|
vmif <1-8>]} {on <DEVICE-NAME>}

clear mac-address-table mac-auth-state address <MAC> vlan <1-4094> {on <DEVICE-

NAME>}

clear mint mlcp history {on <DEVICE-NAME>}

clear role ldap-stats {on <DEVICE-NAME>}

clear rtls [aeroscout|ekahau]

clear rtls [aeroscout|ekahau] {<MAC/DEVICE-NAME> {on <DEVICE-OR-DOMAIN-NAME>}|

on <DEVICE-OR-DOMAIN-NAME>}

clear spanning-tree detected-protocols {interface|on}

clear spanning-tree detected-protocols {on <DEVICE-NAME>}

clear spanning-tree detected-protocols {interface [<INTERFACE-NAME>|ge <1-X>|me1|

port-channel <1-X>|pppoe1|up1|vlan <1-4094>|wwan1]} {on <DEVICE-NAME>}

clear traffic-shape statistics class <1-4> {(on <DEVICE-NAME>)}

clear vrrp [error-stats|stats] {on <DEVICE-NAME>}

Parameters

• clear arp-cache {on <DEVICE-NAME>}

arp-cache Clears Address Resolution Protocol (ARP) cache entries on a device. This protocol

matches layer 3 IP addresses to layer 2 MAC addresses.

on <DEVICE-NAME> Optional. Clears ARP cache entries on a specified device

• <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service
platform.

• clear bonjour cache {on <DEVICE-NAME>}

bonjour cache Clears all Bonjour cached statistics. Once cleared the system has to re-discover

available Bonjour services.

on <DEVICE-NAME> Optional. Clears all Bonjour cached statistics on a specified device

• <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service
platform.

• clear [cdp|lldp] neighbors {on <DEVICE-NAME>}

cdp Clears Cisco Discovery Protocol (CDP) table entries
lldp Clears Link Layer Discovery Protocol (LLDP) table entries
neighbors Clears CDP or LLDP neighbor table entries based on the option selected in the

preceding step

on <DEVICE-NAME> Optional. Clears CDP or LLDP neighbor table entries on a specified device

• <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service
platform.

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 10

USER EXEC MODE COMMANDS

• clear counters [ap {<MAC>}|radio {<MAC/DEVICE-NAME>} {<1-X>}|wireless-client
{<MAC>}] {(on <DEVICE-OR-DOMAIN-NAME>)}

counters Clears counters based on the parameters passed. The options are: AP, radio, and

wireless clients.

ap <MAC> Clears counters for all APs or a specified AP

• <MAC> – Optional. Specify the AP’s MAC address.

Note: If no MAC address is specified, all AP counters are cleared.

radio <MAC/DEVICE­NAME> <1-X>

Clears radio interface counters on a specified device or on all devices

• <MAC/DEVICE-NAME> – Optional. Specify the device’s hostname or MAC address.
Optionally, append the radio interface number (to the radio ID) using one of the
following formats: AA-BB-CC-DD-EE-FF:RX or HOSTNAME:RX (where RX is the
interface number).

• <1-X> – Optional. Identifies the radio interface by its index. Specify the radio inter­face index, if not specified as part of the radio ID. Note, the number of radio interfaces
available varies with the access point type.

If no device name or MAC address is specified, all radio interface counters are
cleared.

wireless-client <MAC> Clears counters for all wireless clients or a specified wireless client

• <MAC> – Optional. Specify the wireless client’s MAC address.

If no MAC address is specified, all wireless client counters are cleared.

on <DEVICE-OR­DOMAIN-NAME>

The following option is common to all of the above keywords:

• on <DEVICE-OR-DOMAIN-NAME> – Optional. Clears AP, radio, or wireless client
counters on a specified device or RF Domain

• <DEVICE-OR-DOMAIN-NAME> – Specify the name of the AP, wireless controller,
service platform, or RF Domain.

• clear crypto ike sa [<IP>|all] {on <DEVICE-NAME>}

crypto Clears encryption module’s cached statistics
ike sa [<IP>|all] Clears Internet Key Exchange (IKE) security associations (SAs)

• <IP> – Clears IKE SA entries for the peer identified by the <IP> keyword

• all – Clears IKE SA entries for all peers

on <DEVICE-NAME> Optional. Clears IKE SA entries, for a specified peer or all peers, on a specified device

• <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service
platform.

• clear crypto ipsec sa {on <DEVICE-NAME>}

crypto

ipsec sa
on <DEVICE-NAME>

Clears encryption module’s cached statistics

Clears Internet Protocol Security (IPSec) database SAs

• on <DEVICE-NAME> – Optional. Clears IPSec SA entries on a specified device

• <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service plat­form.

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 11

• clear eguest registration statistics

USER EXEC MODE COMMANDS

eguest registration
statistics

Clears EGuest registration server counters. When cleared EGuest registration details
are deleted, and the show > eguest > registration > statistics command output is null.

This command is applicable only on the NX9500, NX9600, and VX9000 model
service platforms.

• clear gre stats {on <DEVICE-NAME>}

gre stats Clears GRE tunnel statistics
on <DEVICE-NAME> Optional. Clears GRE tunnel statistics on a specified device

• <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service
platform.

• clear event-history

event-history Clears event history cache entries

• clear ip bgp [<IP>|all|external] {in prefix-filter} {on <DEVICE-NAME>}

ip bgp
[<IP>|all|external]

Clears on-going BGP sessions based on the option selected

• <IP> – Clears BGP session with the peer identified by the <IP> keyword. Specify the
BGP peer’s IP address.

• all – Clears all BGP peer sessions

• external – Clears external BGP (eBGP) peer sessions

This command is applicable only to the RFS4000, RFS6000, NX9500, NX9600, and
VX9000 platforms.

Modifications made to BGP settings (BGP access lists, weight, distance, route-maps,
versions, routing policy, etc.) take effect only after on-going BGP sessions are
cleared. The clear > ip > bgp command clears BGP sessions. To reduce lose of route
updates during the process, use the ‘soft’ option. Soft reconfiguration stores
inbound/outbound route updates to be processed later and updated to the routing
table. This requires high memory usage.

in prefix-filter Optional. Clears inbound route updates

• prefix-filter – Optional. Clears the existing Outbound Route Filtering (ORF) prefix-list

on <DEVICE-NAME> Optional. Clears route updates on a specified device

• <DEVICE-NAME> – Specify the name of the AP or service platform.

• clear ip bgp [<IP>|all|external] {out} {(on <DEVICE-NAME>)}

ip bgp
[<IP>|all|external]

Clears on-going BGP sessions based on the option selected

• <IP> – Clears BGP session with the peer identified by the <IP> keyword. Specify the
BGP peer’s IP address.

• all – Clears all BGP peer sessions

• external – Clears eBGP peer sessions

This command is applicable only to the RFS4000, RFS6000, NX9500, NX9600, and
VX9000 platforms.

Contd..

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 12

USER EXEC MODE COMMANDS

Modifications made to BGP settings (BGP access lists, weight, distance, route-maps,
versions, routing policy, etc.) take effect only after on-going BGP sessions are
cleared. The clear > ip > bgp command clears BGP sessions. To reduce lose of route
updates during the process, use the ‘soft’ option. Soft reconfiguration stores
inbound/outbound route updates to be processed later and updated to the routing
table. This requires high memory usage.

out Optional. Clears outbound route updates. Optionally specify the device on which to

execute this command.

on <DEVICE-NAME> The following keyword is recursive and optional.

• on <DEVICE-NAME> – Optional. Clears BGP sessions on a specified device

• <DEVICE-NAME> – Specify the name of the AP or service platform.

• clear ip bgp [<IP>|all|external] {soft {in|out}} {on <DEVICE-NAME>}

ip bgp
[<IP>|all|external]

Clears on-going BGP sessions based on the option selected

• <IP> – Clears the BGP peer session with the peer identified by the <IP> keyword.
Specify the BGP peer’s IP address.

• all – Clears all BGP peer sessions

• external – Clears eBGP peer sessions

This command is applicable only to the RFS4000, RFS6000, NX9500, NX9600, and
VX9000 platforms.

soft {in|out}

Optional. Initiates soft-reconfiguration of route updates for the specified IP address

• in – Optional. Enables soft reconfiguration of inbound route updates

• out – Optional. Enables soft reconfiguration of outbound route updates

Modifications made to BGP settings (BGP access lists, weight, distance, route-maps,
versions, routing policy, etc.) take effect only after on-going BGP sessions are
cleared. The clear > ip > bgp command clears BGP sessions. To reduce loss of route
updates during the process, use the ‘soft’ option. Soft reconfiguration stores
inbound/outbound route updates to be processed later and updated to the routing
table. This requires high memory usage.

on <DEVICE-NAME> Optional. Initiates soft reconfiguration inbound/outbound route updates on a

specified device

• <DEVICE-NAME> – Specify the name of the AP or service platform.

• clear ip bgp process {on <DEVICE-NAME>}

ip bgp process Clears all BGP processes running

This command is applicable only to the RFS4000, RFS6000, NX9500, NX9600, and
VX9000 platforms.

on <DEVICE-NAME> Optional. Clears all BGP processes on a specified device

• <DEVICE-NAME> – Specify the name of the AP or service platform.

• clear ip dhcp bindings [<IP>|all] {on <DEVICE-NAME>}

ip Clears a Dynamic Host Configuration Protocol (DHCP) server’s IP address binding

entries
dhcp bindings Clears DHCP connections and server bindings
<IP> Clears specific address binding entries. Specify the IP address to clear binding

entries.

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 13

USER EXEC MODE COMMANDS

all Clears all address binding entries
on <DEVICE-NAME> Optional. Clears a specified address binding or all address bindings on a specified

device

• <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service
platform.

• clear ip ospf process {on <DEVICE-NAME>}

ip ospf process Clears already enabled Open Shortest Path First (OSPF) process and restarts the

process

on <DEVICE-NAME> Optional. Clears OSPF process on a specified device

OSPF is a link-state interior gateway protocol (IGP). OSPF routes IP packets within a
single routing domain (autonomous system), like an enterprise LAN. OSPF gathers
link state information from neighboring routers and constructs a network topology.
The topology determines the routing table presented to the Internet Layer, which
makes routing decisions based solely on the destination IP address found in IP
packets.

• <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service
platform.

• clear ipv6 neighbor-cache {on <DEVICE-NAME>}

clear ipv6

Clears IPv6 neighbor cache entries

neighbor-cache
on <DEVICE-NAME> Optional. Clears IPv6 neighbor cache entries on a specified device

• <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service
platform.

• clear lacp [<1-4> counters|counters]

clear lacp
[<1-4> counters|
counters]

Clears Link Aggregation Control Protocol (LACP) counters for a specified port-
channel group or all port-channel groups configured

• <1-4> counters – Clears LACP counters for a specified port-channel. Specify the
port-channel index number from 1 - 4. Note, LACP is supported only on the NX5500,
NX7500, and NX9500 model service platforms. However, the NX9500 series service
platforms support only two (2) port-channels, and the other model service
platforms support four (4) port-channels.

• counters – Clears LACP counters for all configured port-channels on the device

• clear mac-address-table {address <MAC>|vlan <1-4094>} {on <DEVICE-NAME>}

mac-address-table Clears MAC address forwarding table data based on the parameters passed

Use this command to clear the following: all or specified MAC addresses from the
system, all MAC addresses on a specified interface, all MAC addresses on a specified
VLAN, or the authentication state of a MAC address.

address <MAC> Optional. Clears a specified MAC address from the MAC address table.

• <MAC> – Specify the MAC address in one of the following formats: AA-BB-CC-DD­EE-FF or AA:BB:CC;DD:EE:FF or AABB.CCDD.EEFF

If executed without specifying any MAC address(es), all MAC addresses from the
MAC address table will be removed.

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 14

USER EXEC MODE COMMANDS

vlan <1-4094> Optional. Clears all MAC addresses for a specified VLAN

• <1-4094> – Specify the VLAN ID from 1 - 4094.

on <DEVICE-NAME> Optional. Clears a single MAC entry or all MAC entries, for the specified VLAN on a

specified device

• <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service
platform.

• clear mac-address-table {interface [<IF-NAME>|ge <1-X>|port-channel <1-X>]} {on
<DEVICE-NAME>}

mac-address-table Clears MAC address forwarding table data based on the parameters passed

Use this command to clear the following: all or specified MAC addresses from the
system, all MAC addresses on a specified interface, all MAC addresses on a specified
VLAN, or the authentication state of a MAC address.

interface Clears all MAC addresses for the selected interface. Use the options available to

specify the interface.

<IF-NAME> Clears MAC address forwarding table for the specified layer 2 interface (Ethernet

port)

• <IF-NAME> – Specify the layer 2 interface name.

ge <1-X> Clears MAC address forwarding table for the specified GigabitEthernet interface

• <1-X> – Specify the GigabitEthernet interface index from 1 - X.

The number of GE interfaces supported varies for different device types.

port-channel <1-X> Clears MAC address forwarding table for the specified port-channel interface

• <1-X> – Specify the port-channel interface index from 1 - X.

The number of port-channel interfaces supported varies for different device types.

on <DEVICE-NAME> Optional. Clears the MAC address forwarding table, for the selected interface, on a

specified device

• <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service
platform.

• clear mac-address-table mac-auth-state address <MAC> vlan <1-4904> {on <DEVICE­NAME>}

mac-address-table
mac-auth-state address
<MAC> vlan <1-4904>

Clears MAC addresses learned from a particular VLAN when WLAN MAC
authentication and captive-portal fall back is enabled

Access points/controllers provide WLAN access to clients whose MAC address has
been learned and stored in their MAC address tables. Use this command to clear a
specified MAC address on the MAC address table. Once cleared the client has to re­authenticate, and is provided access only on successful authentication.

• <MAC> – Specify the MAC address to clear.

• vlan <1-4904> – Specify the VLAN interface from 1 - 4094. In the AP/controller’s
MAC address table, the specified MAC address is cleared on the specified VLAN in­terface.

on <DEVICE-NAME> Optional. Clears the specified MAC address on a specified device

• <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service
platform.

If a device is not specified, the system clears the MAC address on all devices.

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 15

USER EXEC MODE COMMANDS

• clear mint mlcp history {on <DEVICE-NAME>}

mint Clears MiNT related information
mlcp history Clears MiNT Link Creation Protocol (MLCP) client history
on <DEVICE-NAME> Optional. Clears MLCP client history on a specified device

• <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service
platform.

• clear role ldap-stats {on <DEVICE-NAME>}

role ldap-stats Clears Lightweight Directory Access Protocol (LDAP) server statistics
on <DEVICE-NAME> Optional. Clears LDAP server statistics on a specified device

• <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service
platform.

• clear rtls [aeroscout|ekahau] {<MAC/DEVICE-NAME> {on <DEVICE-OR-DOMAIN-NAME>}|
on <DEVICE-OR-DOMAIN-NAME>}

rtls Clears Real Time Location Service (RTLS) statistics
aeroscout Clears RTLS Aeroscout statistics
ekahau Clears RTLS Ekahau statistics
<MAC/DEVICE-NAME> This keyword is common to the ‘aeroscout’ and ‘ekahau’ parameters.

• <MAC/DEVICE-NAME> – Optional. Clears Aeroscout or Ekahau RTLS statistics on a
specified AP, wireless controller, or service platform. Specify the AP’s MAC
address or hostname.

on <DEVICE-OR­DOMAIN-NAME>

This keyword is common to the ‘aeroscout’, ‘ekahau’, and <MAC/DEVICE-NAME>
parameters.

• on <DEVICE-OR-DOMAIN-NAME> – Optional. Clears Aeroscout or Ekahau RTLS
statistics on a specified device

• <DEVICE-OR-DOMAIN-NAME> – Specify the name of the AP, wireless controller,
service platform, or RF Domain.

• clear spanning-tree detected-protocols {on <DEVICE-NAME>}

spanning-tree Clears spanning tree entries on an interface, and restarts protocol migration
detected-protocols Restarts protocol migration
on <DEVICE-NAME> Optional. Clears spanning tree entries on a specified device

• <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service
platform.

• clear spanning-tree detected-protocols {interface [<INTERFACE-NAME>|ge <1-X>|
me1|port-channel <1-X>|pppoe1|up1|vlan <1-4094>|wwan1]} {on <DEVICE-NAME>}

spanning-tree Clears spanning tree entries on an interface and restarts protocol migration
detected-protocols Restarts protocol migration

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 16

USER EXEC MODE COMMANDS

interface
[<INTERFACE-NAME>|
ge <1-X>|me1|
port-channel <1-X>|
pppoe1|up1|
vlan <1-4094>|
wwan1]

Optional. Clears spanning tree entries on different interfaces

• <INTERFACE-NAME> – Clears detected spanning tree entries on a specified
interface. Specify the interface name.

• ge <1-X> – Clears detected spanning tree entries for the selected GigabitEthernet
interface. Select the GigabitEthernet interface index from 1 - X.

• me1 – Clears FastEthernet interface spanning tree entries

• port-channel <1-X> – Clears detected spanning tree entries for the selected port
channel interface. Select the port channel index from 1 - X.

The number of port-channel interfaces supported varies for different device types.

• pppoe1 – Clears detected spanning tree entries for Point-to-Point Protocol over
Ethernet (PPPoE) interface

• up1 – Clears detected spanning tree entries for the WAN Ethernet interface

• vlan <1-4094> – Clears detected spanning tree entries for the selected VLAN
interface. Select a Switch Virtual Interface (SVI) VLAN ID from 1- 4094.

• wwan1 – Clears detected spanning tree entries for wireless WAN interface.

on <DEVICE-NAME> Optional. Clears spanning tree entries on a specified device

• <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service
platform.

• clear traffic-shape statistics class <1-4> {(on <DEVICE-NAME>)}

traffic-shape statistics Clears traffic shaping statistics
class <1-4> Clears traffic shaping statistics for a specific traffic class

• <1-4> – Specify the traffic class from 1 - 4.

Note: If the traffic class is not specified, the system clears all traffic shaping statistics.

on <DEVICE-NAME> Optional. Clears traffic shaping statistics for the specified traffic class on a specified

device

• <DEVICE-NAME> – Specify the name of the access point, wireless controller, or
service platform.

Note: For more information on configuring traffic-shape, see

traffic-shape.

• clear vrrp [error-stats|stats] {on <DEVICE-NAME>}

vrrp Clears a device’s Virtual Router Redundancy Protocol (VRRP) statistics

VRRP allows a pool of routers to be advertized as a single virtual router. This virtual
router is configured by hosts as their default gateway. VRRP elects a master router,
from this pool, and assigns it a virtual IP address. The master router routes and
forwards packets to hosts on the same subnet. When the master router fails, one of
the backup routers is elected as the master and its IP address is mapped to the
virtual IP address.

error-stats

Clears global error statistics
stats Clears VRRP related statistics
on <DEVICE-NAME> The following keywords are common to the ‘error-stats’ and ‘stats’ parameters:

• on <DEVICE-NAME> – Optional. Clears VRRP statistics on a specified device

• <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service
platform.

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 17

Example

USER EXEC MODE COMMANDS

rfs4000-229D58>clear event-history

rfs4000-229D58>clear spanning-tree detected-protocols interface port-channel 1

rfs4000-229D58>clear spanning-tree detected-protocols interface ge 1

rfs4000-229D58>show lldp neighbors

------------------------­Chassis ID: 00-23-68-88-0D-A7
System Name: rfs4000-880DA7
Platform: RFS-4011-11110-US, Version 5.8.6.0-008B

Capabilities: Bridge WLAN Access Point Router
Enabled Capabilities: Bridge WLAN Access Point Router
Local Interface: ge5, Port ID (outgoing port): ge5
TTL: 176 sec
Management Addresses: 192.168.13.8,192.168.0.1,1.2.3.4
rfs4000-229D58>

rfs4000-229D58>clear lldp neighbors

rfs4000-229D58>show lldp neighbors

rfs4000-229D58>show cdp neighbors

-------------------------------------------------------------------------------­ Device ID Platform Local Intrfce Port ID Duplex

-------------------------------------------------------------------------------­ rfs4000-880DA7 RFS-4011-11110-US ge1 ge1 full
rfs6000-434CAA RFS6000 ge1 ge1 full
ap7131-139B34 AP7131N ge1 ge1 full

-------------------------------------------------------------------------------­rfs4000-229D58>

rfs4000-229D58>clear cdp neighbors

rfs4000-229D58>show cdp neighbors

-------------------------------------------------------------------------------­ Device ID Platform Local Intrfce Port ID Duplex

--------------------------------------------------------------------------------

--------------------------------------------------------------------------------

rfs4000-229D58>

rfs4000-229D58>clear role ldap-stats

rfs4000-229D58>show role ldap-stats

No ROLE LDAP statistics found.

rfs4000-229D58>

rfs4000-229D58>show mac-address-table

-------------------------------------------------------­ BRIDGE VLAN PORT MAC STATE

-------------------------------------------------------­ 1 1 ge5 00-02-B3-28-D1-55 forward
1 1 ge5 00-0F-8F-19-BA-4C forward
1 1 ge5 B4-C7-99-5C-FA-8E forward
1 1 ge5 00-23-68-0F-43-D8 forward
1 1 ge5 00-15-70-38-06-49 forward
1 1 ge5 00-23-68-13-9B-34 forward
1 1 ge5 B4-C7-99-58-72-58 forward
1 1 ge5 00-15-70-81-74-2D forward

-------------------------------------------------------­Total number of MACs displayed: 8
rfs4000-229D58>

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 18

USER EXEC MODE COMMANDS

rfs4000-229D58>clear mac-address-table address 00-02-B3-28-D1-55

rfs4000-229D58>show mac-address-table

-------------------------------------------------------­ BRIDGE VLAN PORT MAC STATE

-------------------------------------------------------­1 1 ge5 00-0F-8F-19-BA-4C forward
1 1 ge5 B4-C7-99-5C-FA-8E forward
1 1 ge5 00-23-68-0F-43-D8 forward
1 1 ge5 00-15-70-38-06-49 forward
1 1 ge5 00-23-68-13-9B-34 forward
1 1 ge5 B4-C7-99-58-72-58 forward
1 1 ge5 00-15-70-81-74-2D forward

-------------------------------------------------------­Total number of MACs displayed: 7
rfs4000-229D58>

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 19

USER EXEC MODE COMMANDS

2.1.4 clock



User Exec Commands

Sets a device’s system clock. By default all WiNG devices are shipped with the time zone and time format
set to UTC and 24-hour clock respectively. If a device’s clock is set without resetting the time zone, the
time is displayed relative to the Universal Time Coordinated (UTC) – Greenwich Time. To display time in the
local time zone format, in the device’s configuration mode, use the timezone command. You can also reset
the time zone at the RF Domain level. When configured as RF Domain setting, it applies to all devices
within the domain. Configuring the local time zone prior to setting the clock is recommended. For more
information on configuring RF Domain time zone, see timezone.

Supported in the following platforms:

• Access Points — AP6521, AP6522, AP6532, AP6562, AP7161, AP7502, AP7522, AP7532, AP7562,
AP7602, AP7612, AP7622, AP7632, AP7662, AP81XX, AP8232, AP8432, AP8533

• Wireless Controllers — RFS4000, RFS6000

• Service Platforms — NX5500, NX7500, NX7510, NX7520, NX7530, NX9500, NX9510, NX9600,
VX9000

Syntax

clock set <HH:MM:SS> <1-31> <MONTH> <1993-2035> {on <DEVICE-NAME>}

Parameters

• clock set <HH:MM:SS> <1-31> <MONTH> <1993-2035> {on <DEVICE-NAME>}

clock set Sets a device’s software system clock
<HH:MM:SS> Sets the current time (in military format hours, minutes, and seconds)

Note: By default, the WiNG software displays time in the 24-hour clock format. This setting

cannot be changed.
<1-31> Sets the numerical day of the month
<MONTH> Sets the month of the year (Jan to Dec)
<1993-2035> Sets a valid four digit year from 1993 - 2035
on

<DEVICE-NAME>

Example

Optional. Sets the clock on a specified device

• <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service platform.

The following commands set the time zone and clock for the logged device:

nx9500-6C8809(config-device-B4-C7-99-6C-88-09)#timezone America/Los_Angeles

nx9500-6C8809>clock set 11:24:30 21 Jan 2017

nx9500-6C8809>show clock
2017-01-21 12:14:14 PDT
nx9500-6C8809>

Note, if the clock is set without resetting the time zone, the time displays as UTC time, as shown in the
following example:

nx9500-6C8809(config-device-B4-C7-99-6C-88-09)#no timezone
nx9500-6C8809(config-device-B4-C7-99-6C-88-09)#commit

nx9500-6C8809(config-device-B4-C7-99-6C-88-09)#show clock

2017-01-21 19:15:55 UTC

nx9500-6C8809(config-device-B4-C7-99-6C-88-09)#

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 20

USER EXEC MODE COMMANDS

2.1.5 cluster



User Exec Commands

Initiates cluster context. The cluster context provides centralized management to configure all cluster
members from any one member.

Commands executed under this context are executed on all members of the cluster.

Supported in the following platforms:

• Wireless Controllers — RFS4000, RFS6000

• Service Platforms — NX5500, NX7500, NX7510, NX7520, NX7530, NX9500, NX9510, NX9600,
VX9000

Syntax

cluster start-election

Parameters

• cluster start-election

start-election Starts a new cluster master election

Example

nx9500-6C8809>cluster start-election
nx9500-6C8809>

Related Commands

create-cluster Creates a new cluster on the specified device
join-cluster Adds a wireless controller or service platform, as a member, to an existing cluster of

controllers

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 21

USER EXEC MODE COMMANDS

2.1.6 connect



User Exec Commands

Begins a console connection to a remote device using the remote device’s MiNT ID or name

Supported in the following platforms:

• Access Points — AP6521, AP6522, AP6532, AP6562, AP7161, AP7502, AP7522, AP7532, AP7562,
AP7602, AP7612, AP7622, AP7632, AP7662, AP81XX, AP8232, AP8432, AP8533

• Wireless Controllers — RFS4000, RFS6000

• Service Platforms — NX5500, NX7500, NX7510, NX7520, NX7530, NX9500, NX9510, NX9600,
VX9000

Syntax

connect [mint-id <MINT-ID>|<REMOTE-DEVICE-NAME>]

Parameters

• connect [mint-id <MINT-ID>|<REMOTE-DEVICE-NAME>]

mint-id <MINT-ID> Connects to the remote system using its MiNT ID

• <MINT-ID> – Specify the remote device’s MiNT ID.

<REMOTE-DEVICE­NAME>

Connects to the remote system using its name

• <REMOTE-DEVICE-NAME> – Specify the remote device’s name.

Example

rfs6000-81742D>show mint lsp-db
9 LSPs in LSP-db of 19.6D.B5.D4:
LSP 19.6C.88.09 at level 1, hostname nx9500-6C8809", 8 adjacencies, seqnum 1294555
LSP 19.6D.B5.D4 at level 1, hostname "rfs6000-81742D", 8 adjacencies, seqnum
1915724
LSP 19.74.B4.5C at level 1, hostname "ap8132-74B45C", 8 adjacencies, seqnum 1468229
LSP 4D.80.C2.AC at level 1, hostname "ap7532-80C2AC", 8 adjacencies, seqnum 649244
LSP 4D.83.30.A4 at level 1, hostname "ap7522-8330A4", 8 adjacencies, seqnum 202821
LSP 4D.84.A2.24 at level 1, hostname "ap7562-84A224", 8 adjacencies, seqnum 380340
LSP 68.88.0D.A7 at level 1, hostname "rfs4000-880DA7", 8 adjacencies, seqnum
1494523
LSP 68.99.BB.7C at level 1, hostname "ap7131-99BB7C", 8 adjacencies, seqnum 831532
rfs6000-81742D>

rfs6000-81742D>connect mint-id 19.6C.88.09

Entering character mode
Escape character is '^]'.

NX9500 release 5.9.1.0-012D
nx9500-6C8809 login:

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 22

USER EXEC MODE COMMANDS

2.1.7 create-cluster



User Exec Commands

Creates a new device cluster with the specified name and assigns it an IP address and routing level

A cluster (or redundancy group) is a set of controllers or service platforms (nodes) uniquely defined by a
profile configuration. Within the cluster, members discover and establish connections to other members
and provide wireless network self-healing support in the event of member's failure.

A cluster's load is typically distributed evenly amongst its members. An administrator needs to define how
often the profile is load balanced for radio distribution, as radios can come and go and members join and
exit the cluster.

Supported in the following platforms:

• Wireless Controllers — RFS4000, RFS6000

• Service Platforms — NX5500, NX7500, NX7510, NX7520, NX7530, NX9500, NX9510, NX9600,
VX9000

Syntax

create-cluster name <CLUSTER-NAME> ip <IP> {level [1|2]}

Parameters

• create-cluster name <CLUSTER-NAME> ip <IP> {level [1|2]}

create-cluster Creates a cluster
name

<CLUSTER-NAME>

Configures the cluster name

• <CLUSTER-NAME> – Specify a cluster name. Define a name for the cluster name unique
to its configuration or profile support requirements. The name cannot exceed 64
characters.

ip <IP> Specifies the device’s IP address used for cluster creation

• <IP> – Specify the device’s IP address in the A.B.C.D format.

level [1|2] Optional. Configures the cluster’s routing level

• 1 – Configures level 1 (local) routing

• 2 – Configures level 2 (inter-site) routing

Example

rfs6000-81742D>create-cluster name TechPubs ip 192.168.13.23 level 1
... creating cluster
... committing the changes
... saving the changes
Please Wait .
[OK]
rfs6000-81742D>

rfs6000-81742D>show context session-config include-factory | include cluster name
TechPubs
cluster name TechPubs
rfs6000-81742D>

Related Commands

cluster Initiates cluster context. The cluster context provides centralized management to

configure all cluster members from any one member.

join-cluster Adds a device, as a member, to an existing cluster of devices

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 23

USER EXEC MODE COMMANDS

2.1.8 crypto



User Exec Commands

Enables digital certificate configuration and RSA Keypair management. Digital certificates are issued by
CAs and contain user or device specific information, such as name, public key, IP address, serial number,
company name, etc. Use this command to generate, delete, export, or import encrypted RSA Keypairs and
generate Certificate Signing Request (CSR).

This command also enables trustpoint configuration. Trustpoints contain the CA’s identity and configuration
parameters.

Supported in the following platforms:

• Access Points — AP6521, AP6522, AP6532, AP6562, AP7161, AP7502, AP7522, AP7532, AP7562,
AP7602, AP7612, AP7622, AP7632, AP7662, AP81XX, AP8232, AP8432, AP8533

• Wireless Controllers — RFS4000, RFS6000

• Service Platforms — NX5500, NX7500, NX7510, NX7520, NX7530, NX9500, NX9510, NX9600,
VX9000

Syntax

crypto [key|pki]

crypto key [export|generate|import|zeroize]

crypto key export rsa <RSA-KEYPAIR-NAME> <EXPORT-TO-URL>

{background|on|passphrase}

crypto key export rsa <RSA-KEYPAIR-NAME> <EXPORT-TO-URL> {background|passphrase
<KEY-PASSPHRASE> background} {(on <DEVICE-NAME>)}

crypto key generate rsa <RSA-KEYPAIR-NAME> [2048|4096] {on <DEVICE-NAME>}

crypto key import rsa <RSA-KEYPAIR-NAME> <IMPORT-FROM-URL>

{background|on|passphrase}

crypto key import rsa <RSA-KEYPAIR-NAME> <IMPORT-FROM-URL> {background|passphrase
<KEY-PASSPHRASE> background} {(on <DEVICE-NAME>)}

crypto key zeroize rsa <RSA-KEYPAIR-NAME> {force} {(on <DEVICE-NAME>)}

crypto pki [authenticate|export|generate|import|zeroize]

crypto pki authenticate <TRUSTPOINT-NAME> <LOCATION-URL> {background}

{(on <DEVICE-NAME>)}

crypto pki export [request|trustpoint]

crypto pki export request [generate-rsa-key|short|use-rsa-key] <RSA-KEYPAIR-NAME>
[autogen-subject-name|subject-name]

crypto pki export request [generate-rsa-key|use-rsa-key] <RSA-KEYPAIR-NAME>
autogen-subject-name (<EXPORT-TO-URL>,email <SEND-TO-EMAIL>,fqdn <FQDN>,
ip-address <IP>)

crypto pki export request [generate-rsa-key|short [generate-rsa-key|use-rsa-key]|
use-rsa-key] <RSA-KEYPAIR-NAME> subject-name <COMMON-NAME> <COUNTRY> <STATE>
<CITY> <ORGANIZATION> <ORGANIZATION-UNIT> (<EXPORT-TO-URL>,email <SEND-TO-EMAIL>,
fqdn <FQDN>,ip-address <IP>)

crypto pki export trustpoint <TRUSTPOINT-NAME> <EXPORT-TO-URL>

{background|passphrase <KEY-PASSPHRASE> background} {(on <DEVICE-NAME)}

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 24

crypto pki generate self-signed <TRUSTPOINT-NAME> [generate-rsa-key|use-rsa-key]
<RSA-KEYPAIR-NAME> [autogen-subject-name|subject-name]

crypto pki generate self-signed <TRUSTPOINT-NAME> [generate-rsa-key|use-rsa-key]
<RSA-KEYPAIR-NAME> autogen-subject-name {(email <SEND-TO-EMAIL>, fqdn <FQDN>,ip-

address <IP>,on <DEVICE-NAME>)}

crypto pki generate self-signed <TRUSTPOINT-NAME> [generate-rsa-key|use-rsa-key]
<RSA-KEYPAIR-NAME> subject-name <COMMON-NAME> <COUNTRY> <STATE> <CITY>
<ORGANIZATION> <ORGANIZATION-UNIT> {(email <SEND-TO-EMAIL>,fqdn <FQDN>,ip-address

<IP>,on <DEVICE-NAME>)}

crypto pki import [certificate|crl|trustpoint]

crypto pki import [certificate|crl] <TRUSTPOINT-NAME> <IMPORT-FROM-URL>

{background} {(on <DEVICE-NAME>})

crypto pki import trustpoint <TRUSTPOINT-NAME> <IMPORT-FROM-URL>

{background|passphrase <KEY-PASSPHRASE> background} {(on <DEVICE-NAME>)}

crypto pki zeroize trustpoint <TRUSTPOINT-NAME> {del-key} {(on <DEVICE-NAME>)}

Parameters

• crypto key export rsa <RSA-KEYPAIR-NAME> <EXPORT-TO-URL> {background|passphrase
<KEY-PASSPHRASE> background} {(on <DEVICE-NAME>)}

USER EXEC MODE COMMANDS

key Enables RSA Keypair management. Use this command to export, import, generate,

or delete a RSA key.

export rsa
<RSA-KEYPAIR­NAME>

Exports an existing RSA Keypair to a specified destination

• <RSA-KEYPAIR-NAME> – Specify the RSA Keypair name.

<EXPORT-TO-URL> Specify the RSA Keypair destination address. Both IPv4 and IPv6 address formats

are supported.
After specifying the destination address (where the RSA Keypair is exported),

configure one of the following parameters: background or passphrase.

background Optional. Performs export operation in the background. If selecting this option, you

can optionally specify the device (access point or controller) to perform the export
on.

passphrase
<KEY-PASSPHRASE>
background

Optional. Encrypts RSA Keypair before exporting

• <KEY-PASSPHRASE> – Specify a passphrase to encrypt the RSA Keypair.

• background – Optional. Performs export operation in the background. After spec­ifying the passphrase, optionally specify the device (access point or controller) to
perform the export on.

on <DEVICE-NAME> The following parameter is recursive and common to all of the above parameters:

• on <DEVICE-NAME> – Optional. Performs export operation on a specified device

• <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service
platform.

• crypto key generate rsa <RSA-KEYPAIR-NAME> [2048|4096] {on <DEVICE-NAME>}

key Enables RSA Keypair management. Use this command to export, import, generate,

or delete a RSA key.

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 25

USER EXEC MODE COMMANDS

generate rsa
<RSA-KEYPAIR­NAME> [2048|4096]

Generates a new RSA Keypair

• <RSA-KEYPAIR-NAME> – Specify the RSA Keypair name.

• [2048|4096] – Sets the size of the RSA key in bits. The options are 2048 bits and
4096 bits. The default size is 2048 bits.

After specifying the key size, optionally specify the device (access point or
controller) to generate the key on.

on <DEVICE-NAME> Optional. Generates the new RSA Keypair on a specified device

• <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service
platform.

• crypto key import rsa <RSA-KEYPAIR-NAME> <IMPORT-FROM-URL>
{background|passphrase <KEY-PASSPHRASE> background} {(on <DEVICE-NAME>)}

key Enables RSA Keypair management. Use this command to export, import, generate,

or delete a RSA key.

import rsa
<RSA-KEYPAIR­NAME>

Imports a RSA Keypair from a specified source

• <RSA-KEYPAIR-NAME> – Specify the RSA Keypair name.

<IMPORT-FROM-URL> Specify the RSA Keypair source address. Both IPv4 and IPv6 address formats are

supported.
After specifying the source address (where the RSA Keypair is imported from),

configure one of the following parameters: background or passphrase.

background Optional. Performs import operation in the background. If selecting this option, you

can optionally specify the device (access point or controller) to perform the import
on.

passphrase
<KEY-PASSPHRASE>
background

Optional. Decrypts the RSA Keypair after importing

• <KEY-PASSPHRASE> – Specify the passphrase to decrypt the RSA Keypair.

• background – Optional. Performs import operation in the background. After spec­ifying the passphrase, optionally specify the device (access point, controller, or ser­vice platform) to perform the import on.

on <DEVICE-NAME> The following parameter is recursive and common to the ‘background’ and

‘passphrase’ keywords:

• on <DEVICE-NAME> – Optional. Performs import operation on a specific device

• <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service plat­form.

• crypto key zeroize rsa <RSA-KEYPAIR-NAME> {force} {(on <DEVICE-NAME>)}

key Enables RSA Keypair management. Use this command to export, import, generate,

or delete a RSA key.

zeroize rsa
<RSA-KEYPAIR­NAME>

Deletes a specified RSA Keypair

• <RSA-KEYPAIR-NAME> – Specify the RSA Keypair name.

Note: All device certificates associated with this key will also be deleted.

force Optional. Forces deletion of all certificates associated with the specified RSA

Keypair. Optionally specify a device on which to force certificate deletion.

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 26

USER EXEC MODE COMMANDS

on <DEVICE-NAME> The following parameter is recursive and optional:

• on <DEVICE-NAME> – Optional. Deletes all certificates associated with the RSA
Keypair on a specified device

• <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service plat­form.

• crypto pki authenticate <TRUSTPOINT-NAME> <URL> {background} {(on <DEVICE­NAME>)}

pki Enables Private Key Infrastructure (PKI) management. Use this command to

authenticate, export, generate, or delete a trustpoint and its associated Certificate
Authority (CA) certificates.

authenticate
<TRUSTPOINT-NAME>

Authenticates a trustpoint and imports the corresponding CA certificate

• <TRUSTPOINT-NAME> – Specify the trustpoint name.

<URL> Specify CA’s location. Both IPv4 and IPv6 address formats are supported.

Note: The CA certificate is imported from the specified location.

background Optional. Performs authentication in the background. If selecting this option, you

can optionally specify the device (access point, controller, or service platform) to
perform the export on.

on <DEVICE-NAME> The following parameter is recursive and optional:

•on <DEVICE-NAME> – Optional. Performs authentication on a specified device

• <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service
platform.

• crypto pki export request [generate-rsa-key|use-rsa-key] <RSA-KEYPAIR-NAME>
autogen-subject-name (<EXPORT-TO-URL>,email <SEND-TO-EMAIL>,fqdn <FQDN>,ip­address <IP>)

pki Enables PKI management. Use this command to authenticate, export, generate, or

delete a trustpoint and its associated CA certificates.

export request Exports CSR to the CA for digital identity certificate. The CSR contains applicant’s

details and RSA Keypair’s public key.

[generate-rsa-key|
use-rsa-key]
<RSA-KEYPAIR­NAME>

Generates a new RSA Keypair or uses an existing RSA Keypair

• generate-rsa-key – Generates a new RSA Keypair for digital authentication

• use-rsa-key – Uses an existing RSA Keypair for digital authentication

• <RSA-KEYPAIR-NAME> – If generating a new RSA Keypair, specify a name for it.
If using an existing RSA Keypair, specify its name.

autogen-subject-name Auto generates subject name from configuration parameters. The subject name

identifies the certificate.

<EXPORT-TO-URL> Specify the CA’s location. Both IPv4 and IPv6 address formats are supported.

Note: The CSR is exported to the specified location.

email
<SEND-TO-EMAIL>

Exports CSR to a specified e-mail address

• <SEND-TO-EMAIL> – Specify the CA’s e-mail address.

fqdn <FQDN> Exports CSR to a specified Fully Qualified Domain Name (FQDN)

• <FQDN> – Specify the CA’s FQDN.

ip-address <IP> Exports CSR to a specified device or system

• <IP> – Specify the CA’s IP address.

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 27

USER EXEC MODE COMMANDS

• crypto pki export request [generate-rsa-key|short [generate-rsa-key|use-rsa­key]|use-rsa-key] <RSA-KEYPAIR-NAME> subject-name <COMMON-NAME> <COUNTRY> <STATE>
<CITY> <ORGANIZATION> <ORGANIZATION-UNIT> (<EXPORT-TO-URL>,email <SEND-TO-EMAIL>,
fqdn <FQDN>,ip-address <IP>)

pki Enables PKI management. Use this command to authenticate, export, generate, or

delete a trustpoint and its associated CA certificates.

export request Exports CSR to the CA for a digital identity certificate. The CSR contains applicant’s

details and RSA Keypair’s public key.

[generate-rsa-key|
short [generate-rsa­key|use-rsa-key]|
use-rsa-key]
<RSA-KEYPAIR­NAME>

Generates a new RSA Keypair or uses an existing RSA Keypair

• generate-rsa-key – Generates a new RSA Keypair for digital authentication

• short [generate-rsa-key|use-rsa-key] – Generates and exports a shorter version of
the CSR

• generate-rsa-key – Generates a new RSA Keypair for digital authentication. If gen­erating a new RSA Keypair, specify a name for it.

• use-rsa-key – Uses an existing RSA Keypair for digital authentication. If using an
existing RSA Keypair, specify its name.

• use-rsa-key – Uses an existing RSA Keypair for digital authentication

• <RSA-KEYPAIR-NAME> – If generating a new RSA Keypair, specify a name for it.
If using an existing RSA Keypair, specify its name.

subject-name
<COMMON-NAME>

Configures a subject name, defined by the <COMMON-NAME> keyword, to identify
the certificate

• <COMMON-NAME> – Specify the common name used with the CA certificate. The
name should enable you to identify the certificate easily (2 to 64 characters in
length).

<COUNTRY> Sets the deployment country code (2 character ISO code)
<STATE> Sets the state name (2 to 64 characters in length)
<CITY> Sets the city name (2 to 64 characters in length)
<ORGANIZATION> Sets the organization name (2 to 64 characters in length)
<ORGANIZATION-

Sets the organization unit (2 to 64 characters in length)

UNIT>
<EXPORT-TO-URL> Specify the CA’s location. Both IPv4 and IPv6 address formats are supported.

The CSR is exported to the specified location.

email
<SEND-TO-EMAIL>

Exports CSR to a specified e-mail address

• <SEND-TO-EMAIL> – Specify the CA’s e-mail address.

fqdn <FQDN> Exports CSR to a specified FQDN

• <FQDN> – Specify the CA’s FQDN.

ip-address <IP> Exports CSR to a specified device or system

• <IP> – Specify the CA’s IP address.

• crypto pki export trustpoint <TRUSTPOINT-NAME> <EXPORT-TO-URL>

{background|passphrase <KEY-PASSPHRASE> background} {(on <DEVICE-NAME>)}

pki Enables PKI management. Use this command to authenticate, export, generate, or

delete a trustpoint and its associated CA certificates.

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 28

USER EXEC MODE COMMANDS

export trustpoint
<TRUSTPOINT-NAME>

Exports a trustpoint along with CA certificate, Certificate Revocation List (CRL),
server certificate, and private key

• <TRUSTPOINT-NAME> – Specify the trustpoint name (should be authenticated).

<EXPORT-TO-URL> Specify the destination address. Both IPv4 and IPv6 address formats are supported.

The trustpoint is exported to the address specified here.

background Optional. Performs export operation in the background. If selecting this option, you

can optionally specify the device (access point or controller) to perform the export
on

passphrase
<KEY-PASSPHRASE>
background

Optional. Encrypts the key with a passphrase before exporting

• <KEY-PASSPHRASE> – Specify the passphrase to encrypt the trustpoint.

• background – Optional. Performs export operation in the background. After spec­ifying the passphrase, optionally specify the device (access point or controller) to
perform the export on.

on <DEVICE-NAME> The following parameter is recursive and common to the ‘background’ and

‘passphrase’ keywords:

• on <DEVICE-NAME> – Optional. Performs export operation on a specified device

• <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service plat­form.

• crypto pki generate self-signed <TRUSTPOINT-NAME> [generate-rsa-key|use-rsa-key]
<RSA-KEYPAIR-NAME> autogen-subject-name {(email <SEND-TO-EMAIL>,fqdn <FQDN>,

ip-address <IP>,on <DEVICE-NAME>)}

pki Enables PKI management. Use this command to authenticate, export, generate, or

delete a trustpoint and its associated certificates.
generate Generates a certificate and a trustpoint
self-signed

<TRUSTPOINT-NAME>

[generate-rsa-key|
use-rsa-key]
<RSA-KEYPAIR­NAME>

Generates a self-signed certificate and a trustpoint

• <TRUSTPOINT-NAME> – Specify a name for the certificate and its trustpoint.

Generates a new RSA Keypair, or uses an existing RSA Keypair

• generate-rsa-key – Generates a new RSA Keypair for digital authentication

• use-rsa-key – Uses an existing RSA Keypair for digital authentication

• <RSA-KEYPAIR-NAME> – If generating a new RSA Keypair, specify a name for it.
If using an existing RSA Keypair, specify its name.

autogen-subject-name Auto generates the subject name from the configuration parameters. The subject

name helps to identify the certificate.
email

<SEND-TO-EMAIL>

Optional. Exports the self-signed certificate to a specified e-mail address

• <SEND-TO-EMAIL> – Specify the e-mail address.

fqdn <FQDN> Optional. Exports the self-signed certificate to a specified FQDN

• <FQDN> – Specify the FQDN.

ip-address <IP> Optional. Exports the self-signed certificate to a specified device or system

• <IP> – Specify the device’s IP address.

on <DEVICE-NAME> Optional. Exports the self-signed certificate on a specified device

• <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service
platform.

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 29

USER EXEC MODE COMMANDS

• crypto pki generate self-signed <TRUSTPOINT-NAME> [generate-rsa-key|use-rsa-key]
<RSA-KEYPAIR-NAME> subject-name <COMMON-NAME> <COUNTRY> <STATE> <CITY>
<ORGANIZATION> <ORGANIZATION-UNIT> {(email <SEND-TO-EMAIL>,fqdn <FQDN>,ip-address

<IP>,on <DEVICE-NAME>)}

pki Enables PKI management. Use this command to authenticate, export, generate, or

delete a trustpoint and its associated certificates.

generate self-signed
<TRUSTPOINT-NAME>

[generate-rsa-key|
use-rsa-key]
<RSA-KEYPAIR­NAME>

Generates a self-signed certificate and a trustpoint

• <TRUSTPOINT-NAME> – Specify a name for the certificate and its trustpoint.
Generates a new RSA Keypair, or uses an existing RSA Keypair

• generate-rsa-key – Generates a new RSA Keypair for digital authentication

• use-rsa-key – Uses an existing RSA Keypair for digital authentication

• <RSA-KEYPAIR-NAME> – If generating a new RSA Keypair, specify a name for it.
If using an existing RSA Keypair, specify its name.

subject-name
<COMMON-NAME>

Configures a subject name, defined by the <COMMON-NAME> keyword, to identify
the certificate

• <COMMON-NAME> – Specify the common name used with this certificate. The name
should enable you to identify the certificate easily and should not exceed 2 to 64
characters in length.

<COUNTRY> Sets the deployment country code (2 character ISO code)
<STATE> Sets the state name (2 to 64 characters in length)
<CITY> Sets the city name (2 to 64 characters in length)
<ORGANIZATION> Sets the organization name (2 to 64 characters in length)
<ORGANIZATION-

Sets the organization unit (2 to 64 characters in length)

UNIT>
email

<SEND-TO-EMAIL>

Optional. Exports the self-signed certificate to a specified e-mail address

• <SEND-TO-EMAIL> – Specify the e-mail address.

fqdn <FQDN> Optional. Exports the self-signed certificate to a specified FQDN

• <FQDN> – Specify the FQDN.

ip-address <IP> Optional. Exports the self-signed certificate to a specified device or system

• <IP> – Specify the device’s IP address.

• crypto pki import [certificate|crl] <TRUSTPOINT-NAME> <IMPORT-FROM-URL>

{background} {(on <DEVICE-NAME>)}

pki Enables PKI management. Use this command to authenticate, export, generate, or

delete a trustpoint and its associated CA certificates.

import Imports certificates, Certificate Revocation List (CRL), or a trustpoint to the selected

device

[certificate|crl]
<TRUSTPOINT-NAME>

Imports a signed server certificate or CRL

• certificate – Imports signed server certificate

•crl – Imports CRL

• <TRUSTPOINT-NAME> – Specify the trustpoint name (should be authenticated).

<IMPORT-FROM-URL> Specify the signed server certificate or CRL source address. Both IPv4 and IPv6

address formats are supported.
The server certificate or the CRL (based on the parameter passed in the preceding

step) is imported from the location specified here.

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 30

USER EXEC MODE COMMANDS

background Optional. Performs import operation in the background. If selecting this option, you

can optionally specify the device (access point or controller) to perform the import
on.

on <DEVICE-NAME> The following parameter is recursive and optional:

• on <DEVICE-NAME> – Optional. Performs import operation on a specified device

• <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service plat­form.

• crypto pki import trustpoint <TRUSTPOINT-NAME> <IMPORT-FROM-URL>

{background|passphrase <KEY-PASSPHRASE> background} {(on <DEVICE-NAME>)}

pki Enables PKI management. Use this command to authenticate, export, generate, or

delete a trustpoint and its associated CA certificates.
import Imports certificates, CRL, or a trustpoint to the selected device
trustpoint

<TRUSTPOINT-NAME>

Imports a trustpoint and its associated CA certificate, server certificate, and private

key

• <TRUSTPOINT-NAME> – Specify the trustpoint name (should be authenticated).

<IMPORT-FROM-URL> Specify the trustpoint source address. Both IPv4 and IPv6 address formats are

supported.
background Optional. Performs import operation in the background. If selecting this option, you

can optionally specify the device (access point or controller) to perform the import

on.
passphrase

<KEY-PASSPHRASE>
background

Optional. Decrypts trustpoint with a passphrase after importing

• <KEY-PASSPHRASE> – Specify the passphrase. After specifying the passphrase,
optionally specify the device to perform import on.

• background – Optional. Performs import operation in the background. After spec­ifying the passphrase, optionally specify the device (access point or controller) to
perform the import on.

on <DEVICE-NAME> The following parameter is recursive and optional:

• on <DEVICE-NAME> – Optional. Performs import operation on a specified device

• <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service plat­form.

• crypto pki zeroize trustpoint <TRUSTPOINT-NAME> {del-key} {(on <DEVICE-NAME>)}

pki Enables PKI management. Use this command to authenticate, export, generate, or

delete a trustpoint and its associated CA certificates.

zeroize trustpoint
<TRUSTPOINT-NAME>

Deletes a trustpoint and its associated CA certificate, server certificate, and private
key

• <TRUSTPOINT-NAME> – Specify the trustpoint name (should be authenticated).

del-key Optional. Deletes the private key associated with the server certificate. Optionally

specify the device to perform deletion on.

on <DEVICE-NAME> The following parameter is recursive and optional:

•on <DEVICE-NAME> – Optional. Deletes the trustpoint on a specified device

• <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service plat­form.

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 31

USER EXEC MODE COMMANDS

Usage Guidelines

The system supports both IPv4 and IPv6 address formats. Provide source and destination locations using
any one of the following options:

•IPv4 URLs:
tftp://<hostname|IP>[:port]/path/file

ftp://<user>:<passwd>@<hostname|IP>[:port]/path/file
sftp://<user>@<hostname|IP>[:port]>/path/file
http://<hostname|IP>[:port]/path/file
cf:/path/file
usb<n>:/path/file

•IPv6 URLs:
tftp://<hostname|[IPv6]>[:port]/path/file

ftp://<user>:<passwd>@<hostname|[IPv6]>[:port]/path/file
sftp://<user>:<passwd>@<hostname|[IPv6]>[:port]>/path/file
http://<hostname|[IPv6]>[:port]/path/file

Example

rfs6000-81742D>crypto key generate rsa key 1025
RSA Keypair successfully generated
rfs6000-81742D>

rfs6000-81742D>crypto key import rsa test123 url passphrase word background
RSA key import operation is started in background
rfs6000-81742D>

rfs6000-81742DE>crypto pki generate self-signed word generate-rsa-key word
autogen-subject-name fqdn word
Successfully generated self-signed certificate
rfs6000-81742D>

rfs6000-81742D>crypto pki zeroize trustpoint word del-key
Successfully removed the trustpoint and associated certificates
%Warning: Applications associated with the trustpoint will start using default­trustpoint
rfs6000-81742D>

rfs6000-81742D>crypto pki authenticate word url background
Import of CA certificate started in background
rfs6000-81742D>

rfs6000-81742D>crypto pki import trustpoint word url passphrase word
Import operation started in background
rfs6000-81742D>

Related Commands

no Removes server certificates, trustpoints and their associated certificates

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 32

USER EXEC MODE COMMANDS

2.1.9 crypto-cmp-cert-update



User Exec Commands

Triggers a Certificate Management Protocol (CMP) certificate update on a specified device or devices

Supported in the following platforms:

• Access Points — AP6521, AP6522, AP6532, AP6562, AP7161, AP7502, AP7522, AP7532, AP7562,

AP7602, AP7612, AP7622, AP7632, AP7662, AP81XX, AP8232, AP8432, AP8533

• Wireless Controllers — RFS4000, RFS6000

• Service Platforms — NX5500, NX7500, NX7510, NX7520, NX7530, NX9500, NX9510, NX9600,

VX9000

Syntax

crypto-cmp-cert-update <TRUSTPOINT-NAME> {on <DEVICE-NAME>}

Parameters

• crypto-cmp-cert-update <TRUSTPOINT-NAME> {on <DEVICE-NAME>}

crypto-cmp-cert­update
<TRUSTPOINT­NAME> on
<DEVICE-NAME>

Example

rfs4000-229D58>crypto-cmp-cert-update test on B4-C7-99-71-17-28
CMP Cert update success
rfs4000-229D58>

Triggers a CMP certificate update on a specified device or devices

• <TRUSTPOINT-NAME> – Specify the target trustpoint name. A trustpoint represents a
CA/identity pair containing the identity of the CA, CA specific configuration
parameters, and an association with an enrolled identity certificate. Use the crypto­cmp-policy context mode to configure the trustpoint.

• on <DEVICE-NAME> – Optional. Initiates a CMP certificate update and response on a
specified device or devices. Specify the name of the AP, wireless controller, or service
platform. Multiple devices can be provided as a comma separated list.

• <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service plat­form.

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 33

USER EXEC MODE COMMANDS

2.1.10 database



User Exec Commands

Enables automatic repairing (vacuuming) and dropping of captive-portal and NSight databases

If enforcing authenticated access to the database, use this command to generate the keyfile. Every keyfile
has a set of associated users having a username and password. Access to the database is allowed only if
the user credentials entered during database login are valid. For more information on enabling database
authentication, see Enabling Database Authentication.

Supported in the following platforms:

• Service Platforms — NX9500, NX9510, NX9600, VX9000

Syntax

database [drop|keyfile|repair]

database drop [all|captive-portal|nsight]

database repair {on <DEVICE-NAME>}

database keyfile [export|generate|import|zerzoise]
database keyfile generate
database keyfile [export|import] <URL>
database keyfile zerzoise

Parameters

• database drop [all|captive-portal|nsight]

database drop
[all|captive-portal|
nsight]

• database repair {on <DEVICE-NAME>}

database repair
on <DEVICE-NAME>

Drops (deletes) all or a specified database. Execute the command on the database.

• all – Drops all databases, captive portal and NSight

• captive-portal – Drops the captive-portal database

• nsight – Drops the NSight database

Enables automatic repairing of all databases. Repairing (vacuuming a database refers
to the process of finding and reclaiming space left over from previous DELETE
statements. Execute the command on the database host.

• on <DEVICE-NAME> – Optional. Specifies the name of the database host. When
specified, databases on the specified host are periodically checked to identify and
remove obsolete data documents.

• <DEVICE-NAME> – Specify the name of the

access point, wireless controller, or ser-

vice platform.

Note: If no device is specified, the system repairs all databases.

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 34

• database keyfile generate

USER EXEC MODE COMMANDS

database keyfile
[generate|zerzoise]

• database keyfile [export|import] <URL>

database keyfile
[export|import]
<URL>

Enables database keyfile management. This command is part of a set of
configurations required to enforce database authentication. Use this command to
generate database keyfiles. After generating the keyfile, create the username and
password combination required to access the database. For information on creating
database users see,

service. For information on enabling database authentication, see

Enabling Database Authentication.

• generate – Generates the keyfile. In case of a replica-set deployment, execute the
command on the primary database host. Once generated, export the keyfile to a
specified location from where it is imported on to the replica-set hosts.

Enables database keyfile management. This command is part of a set of
configurations required to enforce database authentication. Use this command to
exchange keyfiles between replica set members.

• export – Exports the keyfile to a specified location on an FTP/SFTP/TFTP server.
Execute the command on the database host on which the keyfile has been generated.

• import – Imports the keyfile from a specified location. Execute the command on the
replica set members.

The following parameter is common to both of the above keywords:

• <URL> – Specify the location to/from where the keyfile is to be exported/imported.
Use one of the following options to specify the keyfile location:

ftp://<user>:<passwd>@<hostname|IP>[:port]/path/file
sftp://<user>:<passwd>@<hostname|IP>[:port]/path/file
tftp://<hostname|IP>[:port]/path/file

• database keyfile zerzoise

database keyfile
zerzoise

Example

nx9500-6C8809>database repair on nx9500-6C8809
nx9500-6C8809>

nx9500-6C8809>database keyfile generate

Database keyfile successfully generated

nx9500-6C8809>

nx9500-6C8809>database keyfile zeroize

Database keyfile successfully removed

nx9500-6C8809>

vx9000-1A1809>database keyfile generate

Database keyfile successfully generated

vx9000-1A1809>

vx9000-1A1809>

Database keyfile successfully exported

vx9000-1A1809>

Enables database keyfile management. Use this command to delete keyfiles

• zerzoise – Deletes an existing keyfile.

database keyfile export ftp://1.1.1.111/db-key

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 35

USER EXEC MODE COMMANDS

vx9000-D031F2>database keyfile import ftp://1.1.1.111/db-key

Database keyfile successfully imported

vx9000-D031F2>

Example Enabling Database Authentication

Follow the steps below to enable database authentication.

1 On the primary database host,

a Generate the database keyfile.

Primary-DB-HOST>database keyfile generate

Database keyfile successfully generated

Primary-DB-HOST

>

bUse the show > database > keyfile command to view the generated keyfile.
c Export the keyfile to an external location. This is required only in case of database replica-set

deployment.

Primary-DB-HOST>database keyfile export ftp://1.1.1.111/db-key

Database keyfile successfully exported

Primary-DB-HOST

>

d Create the users that are allowed access to the database.

Primary-DB-HOST#service database authentication create-user username techpubs
password techPubs@123

Database user [techpubs] created.

Primary-DB-HOST

#

e View the database user account created.

Primary-DB-HOST#show database users

--------------------------------

DATABASE USER

--------------------------------

techpubs

--------------------------------

Primary-DB-HOST

#

2 On the replica set host, import the keyfile from the location specified in Step 1 c.

Secondary-DB-HOST#database keyfile import ftp://1.1.1.111/db-key

3 In the database-policy context, --- (used on the NSight/EGuest database hosts)

a Enable authentication.

Primary-DB-HOST(config-database-policy-techpubs)#authentication

b Configure the user accounts created in Step 1 d.

Primary-DB-HOST(config-database-policy-techpubs)#authentication username
techpubs

Primary-DB-HOST(config-database-policy-techpubs)#show context

database-policy techpubs

authentication

authentication username techpubs password 2

S540QFZz9LzSOdX1ZJEqDgAAAAy3b7GtyO4Z/Ih2ruxnOYnr

replica-set member nx7500-A02B91 arbiter

replica-set member vx9000-1A1809 priority 1

Access Point, Wireless Controller and Service Platform CLI Reference Guide

password S540QFZz9LzSOdX1ZJEqDgAAAAy3b7GtyO4Z/Ih2ruxnOYnr

2 - 36

USER EXEC MODE COMMANDS

replica-set member vx9000-D031F2 priority 20

Primary-DB-HOST(config-database-policy-techpubs)#

4 In the database-client policy context --- (used on the NSight/EGuest server host),

Note, this configuration is required only if the NSight/EGuest server and database are hosted on separate
hosts.

a Configure the user credentials created in Step 1 d.

NOC-Controller(config-database-client-policy-techpubs)#authentication username
techpubs password

S540QFZz9LzSOdX1ZJEqDgAAAAy3b7GtyO4Z/Ih2ruxnOYnr

b View the configuration.

NOC-Controller(config-database-client-policy-techpubs)#show context

database-client-policy techpubs

authentication username techpubs password 2

S540QFZz9LzSOdX1ZJEqDgAAAAy3b7GtyO4Z/Ih2ruxnOYnr

NOC-Controller(config-database-client-policy-techpubs)#

Related Commands

database-backup Backs up captive-portal and/or NSight database to a specified location and file on an

FTP or SFTP server

database-restore Restores a previously exported database [captive-portal and/or NSight]
database-policy Documents database-policy configuration commands. Use this option to enable the

database.

database-client­policy

Documents database-client-policy configuration commands. Use this option to
configure the database host details (IP address or hostname). If enforcing database
authentication, use it to configure the users having database access. Once configured,
use the policy in the NSight/EGuest server’s device config context.

service Documents the database user account configuration details

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 37

USER EXEC MODE COMMANDS

2.1.11 database-backup



User Exec Commands

Backs up captive-portal and/or NSight database to a specified location and file on an FTP, SFTP, or TFTP
server. Execute this command on the database host.

Supported in the following platforms:

• Service Platforms — NX9500, NX9510, NX9600, VX9000

Syntax

database-backup database [captive-portal|nsight|nsight-placement-info] <URL>

database-backup database [captive-portal|nsight] <URL>
database-backup database nsight-placement-info <URL>

Parameters

• database-backup database [captive-portal|nsight] <URL>

database-backup
database
[captive-portal|
nsight]

Backs up captive portal and/or NSight database to a specified location. Select the
database to backup:

• captive-portal – Backs up captive portal database

• nsight – Backs up NSight database

After specifying the database type, configure the destination location.

<URL> Configures the destination location. The database is backed up at the specified

location. Specify the location URL in one of the following formats:
ftp://<user>:<passwd>@<hostname|IP>[:port]/path/file.tar.gz
sftp://<user>:<passwd>@<hostname|IP>[:port]/path/file.tar.gz

• database-backup database nsight-placement-info <URL>

database-backup
database
nsight-placement­info <URL>

Backs up the NSight access point placement related details to a specified location

• <URL> – Specify the URL in one of the following formats:
ftp://<user>:<passwd>@<hostname|IP>[:port]/path/file.tar.gz
sftp://<user>:<passwd>@<hostname|IP>[:port]/path/file.tar.gz
tftp://<hostname|IP>[:port]/path/file.tar.gz

Example

NS-DB-nx9510-6C87EF>database-backup database nsight tftp://192.168.9.50/testbckup
NS-DB-nx9510-6C87EF>show database backup-status
Last Database Backup Status : In_Progress(Starting tftp transfer.)
Last Database Backup Time : 2017-04-17 12:48:05
NS-DB-nx9510-6C87EF>show database backup-status
Last Database Backup Status : Successful
Last Database Backup Time : Mon Apr 17 12:48:08 IST 2017
NS-DB-nx9510-6C87EF>Apr 17 12:48:17 2017: NS-DB-nx9510-6C87EF : %DATABASE-6­OPERATION_COMPLETE: backup for database nsight successful
NS-DB-nx9510-6C87EF#

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 38

USER EXEC MODE COMMANDS

NS-DB-nx9510-6C87EF>database-backup database nsight-placement-info tftp://192.16

8.9.50/plmentinfo
NS-DB-nx9510-6C87EF>show database backup-status
Last Database Backup Status : Successful
Last Database Backup Time : Mon Apr 17 12:48:48 IST 2017
NS-DB-nx9510-6C87EF>Apr 17 12:49:03 2017: NS-DB-nx9510-6C87EF : %DATABASE-6-

OPERATION_COMPLETE: backup for database nsight-placement-info successful

NS-DB-nx9510-6C87EF>

Related Commands

database Enables automatic repairing (vacuuming) and dropping of databases (captive-portal

and/or NSight)

database-restore Restores a previously exported (backed up) database (captive-portal and/or NSight)]

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 39

USER EXEC MODE COMMANDS

2.1.12 database-restore



User Exec Commands

Restores a previously exported database [captive-portal and/or NSight]. Previously exported databases
(backed up to a specified FTP or SFTP server) are restored from the backed-up location to the original
database.

Supported in the following platforms:

• Service Platforms — NX9500, NX9510, NX9600, VX9000

Syntax

database-restore database [captive-portal|nsight] <URL>

Parameters

• database-restore database [captive-portal|nsight] <URL>

database-restore
database
[captive-portal|
nsight]

<URL> Configures the destination location. The database is restored from the specified

Example

nx9500-6C8809>database-restore database nsight ftp://
anonymous:anonymous@192.168.13.10/backups/nsight/nsight.tar.gz

Related Commands

Restores previously exported (backed up) captive-portal and/or NSight database.
Specify the database type:

• captive-portal – Restores captive portal database

• nsight – Restores NSight database

After specifying the database type, configure the destination location and file name
from where the files are restored.

location. Specify the location URL in one of the following formats:
ftp://<user>:<passwd>@<hostname|IP>[:port]/path/file.tar.gz
sftp://<user>:<passwd>@<hostname|IP>[:port]/path/file.tar.gz
tftp://<hostname|IP>[:port]/path/file.tar.gz

database Enables automatic repairing (vacuuming) and dropping of databases (captive-portal

and NSight)

database-backup Backs up captive-portal and/or NSight database to a specified location and file on an

FTP or SFTP server

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 40

USER EXEC MODE COMMANDS

2.1.13 device-upgrade



User Exec Commands

Enables firmware upgrade on an adopted device or a set of adopted devices (access points, wireless
controllers, and service platforms).

In an hierarchically managed (HM) network, this command enables centralized device upgradation across
the network. The WiNG HM network defines a three-tier structure, consisting of multiple wireless sites
managed by a single Network Operations Center (NOC) controller. The NOC controller constitutes the first
and the site controllers constitute the second tier of the hierarchy. The site controllers in turn adopt and
manage access points that form the third tier of the hierarchy.

NOTE: Hierarchical management allows the NOC controller to upgrade

controllers and access points that are directly or indirectly adopted to it.
However, ensure that the NOC controller is loaded with the correct firmware
version.

Use the device-upgrade command to schedule firmware upgrades across adopted devices within the
network. Devices are upgraded based on their device names, MAC addresses, or RF Domain.

NOTE: If the persist-images option is selected, the RF Domain manager

retains the old firmware image, or else deletes it. For more information on
enabling device upgrade on profiles and devices (including the ‘persist­images’ option), see device-upgrade.

NOTE: A NOC controller’s capacity is equal to, or higher than that of a site

controller. The following devices can be deployed at NOC and sites:

• NOC controller – NX95XX (NX9500 and NX9510), NX9600, VX9000

• Site controller – RFS4000, RFS6000, NX5500, or NX95XX

NOTE:

Supported in the following platforms:

Standalone devices have to be manually upgraded.

• Access Points — AP6521, AP6522, AP6532, AP6562, AP7161, AP7502, AP7522, AP7532, AP7562,
AP7602, AP7612, AP7622, AP7632, AP7662, AP81XX, AP8232, AP8432, AP8533

• Wireless Controllers — RFS4000, RFS6000

• Service Platforms — NX5500, NX7500, NX7510, NX7520, NX7530, NX9500, NX9510, NX9600,
VX9000

Syntax

device-upgrade [<MAC/HOSTNAME>|all|ap6521|ap6522|ap6532|ap6562|ap71xx|ap7502|
ap7522|ap7532|ap7562|ap7602|ap7612|ap7622|ap76232|ap7662|ap81xx|ap82xx|ap8432|
ap8533|rfs4000|rfs6000|nx5500|nx75xx|nx9000|nx9600|vx9000|cancel-upgrade|load­image|rf-domain]

device-upgrade <MAC/HOSTNAME> {no-reboot|reboot-time <TIME>|upgrade-time <TIME>

{no-reboot|reboot-time <TIME>}}

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 41

device-upgrade all {force|no-reboot|reboot-time <TIME>|upgrade-time <TIME>
{no-reboot|reboot-time <TIME>}} {(staggered-reboot)}

device-upgrade [ap6521|ap6522|ap6532|ap6562|ap71xx|ap7502|ap7522|ap7532|ap7562|
ap7602|ap7612|ap7622|ap76232|ap7662|ap81xx|ap82xx|ap8432|ap8533|rfs4000|rfs6000|
nx5500|nx75xx|nx9000|nx9600|vx9000] all {force|no-reboot|reboot-time

<TIME>|upgrade-time <TIME> {no-reboot|reboot-time <TIME>}} {(staggered-reboot)}

device-upgrade cancel-upgrade [<MAC/HOSTNAME>|all|ap6521|ap6522|ap6532|ap6562|
ap71xx|ap7502|ap7522|ap7532|ap7562|ap7602|ap7612|ap7622|ap76232|ap7662|ap81xx|
ap82xx|ap8432|ap8533|rfs4000|rfs6000|nx5500|nx75xx|nx9000|nx9600|vx9000|
on rf-domain [<RF-DOMAIN-NAME>|all]]

device-upgrade load-image [ap6521|ap6522|ap6532|ap6562|ap71xx|ap7502|ap7522|
ap7532|ap7562|ap7602|ap7612|ap7622|ap76232|ap7662|ap81xx|ap82xx|ap8432|ap8533|
rfs4000|rfs6000|nx5500|nx9000|nx9600|vx9000] {<IMAGE-URL>|on <DEVICE-OR-DOMAIN-

NAME>}

device-upgrade rf-domain [<RF-DOMAIN-NAME>|all|containing <WORD>|filter location
<WORD>] [all|ap6521|ap6522|ap6532|ap6562|ap71xx|ap7502|ap7522|ap7532|ap7562|
ap7602|ap7612|ap7622|ap76232|ap7662|ap81xx|ap82xx|ap8432|ap8533|rfs4000|rfs6000|
nx5500|nx75xx|nx9000|nx9600|vx9000] {(<MAC/HOSTNAME>|force|from-controller|

no-reboot|reboot-time <TIME>|staggered-reboot|upgrade-time <TIME>)}

Parameters

• device-upgrade <MAC/HOSTNAME> {no-reboot|reboot-time <TIME>|upgrade-time <TIME>
{no-reboot|reboot-time <TIME>}}

USER EXEC MODE COMMANDS

<MAC/HOSTNAME> Upgrades firmware on the device identified by the <MAC/HOSTNAME> keyword

• <MAC/HOSTNAME> – Specify the device’s MAC address or hostname.

no-reboot Optional. Disables automatic reboot after a successful upgrade (the device must be

manually restarted)

reboot-time <TIME> Optional. Schedules an automatic reboot after a successful upgrade

• <TIME> – Specify the reboot time in the MM/DD/YYYY-HH:MM or HH:MM format.

upgrade-time <TIME>
{no-reboot|
reboot-time <TIME>}

Optional. Schedules an automatic device firmware upgrade on a specified day and
time

• <TIME> – Specify the upgrade time in the MM/DD/YYYY-HH:MM or HH:MM format.
The following actions can be performed after a scheduled upgrade:

• no-reboot – Optional. Disables automatic reboot after a successful upgrade (the
device must be manually restarted)

• reboot-time <TIME> – Optional. Schedules an automatic reboot after a successful
upgrade. Specify the reboot time in the MM/DD/YYYY-HH:MM or HH:MM format.

• device-upgrade all {force|no-reboot|reboot-time <TIME>|upgrade-time <TIME>
{no-reboot|reboot-time <TIME>}} {(staggered-reboot)}

all Upgrades firmware on all devices
force Optional. Select this option to force upgrade on the selected device(s). When

selected, the devices are upgraded even if they have the same firmware as the
upgrading access point, wireless controller, or service platform. If forcing a device
upgrade, optionally specify any one of the following options: no-reboot, reboot-time,
upgrade-time, or staggered-reboot.

no-reboot Optional. Disables automatic reboot after a successful upgrade (the device must be

manually restarted)

reboot-time <TIME> Optional. Schedules an automatic reboot after a successful upgrade

• <TIME> – Specify the reboot time in the MM/DD/YYYY-HH:MM or HH:MM format.

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 42

USER EXEC MODE COMMANDS

upgrade-time <TIME>
{no-reboot|
reboot-time <TIME>}

Optional. Schedules an automatic device firmware upgrade on all devices on a
specified day and time

• <TIME> – Specify the upgrade time in the MM/DD/YYYY-HH:MM or HH:MM format.
The following actions can be performed after a scheduled upgrade:

• no-reboot – Optional. Disables automatic reboot after a successful upgrade (the
device must be manually restarted).

• reboot-time <TIME> – Optional. Schedules an automatic reboot after a successful
upgrade. Specify the reboot time in the MM/DD/YYYY-HH:MM or HH:MM format.

staggered-reboot This keyword is recursive and common to all of the above.

• Optional. Enables staggered device reboot (one at a time) without network impact

• device-upgrade [ap6521|ap6522|ap6532|ap6562|ap71xx|ap7502|ap7522|ap7532|
ap7562|ap7602|ap7612|ap7622|ap7632|ap7662|ap81xx|ap82xx|ap8432|ap8533|rfs4000|
rfs6000|nx5500|nx75xx|nx9000|nx9600|vx9000] all {force|no-reboot|reboot-time

<TIME>|upgrade-time <TIME> {no-reboot|reboot-time <TIME>}} {(staggered-reboot)}

device-upgrade
<DEVICE-TYPE> all

Upgrades firmware on all devices of a specific type. Select the device type. The
options are: AP6521, AP6522, AP6532, AP6562, AP7161, AP7502, AP7522, AP7532,
AP7562, AP7602, AP7612, AP7622, AP7632, AP7662, AP81XX, AP8232, AP8432,
AP8533, RFS4000, RFS6000, NX5500, NX75XX, NX9500, NX9600, and VX9000.

After selecting the device type, schedule an automatic upgrade and/or an automatic
reboot.

force Optional. Select this option to force upgrade on the selected device(s). When

selected, the devices are upgraded even if they have the same firmware as the
upgrading access point, wireless controller, or service platform. If forcing a device
upgrade, optionally specify any one of the following options: no-reboot, reboot-time,
upgrade-time, or staggered-reboot.

no-reboot Optional. Disables automatic reboot after a successful upgrade (the device must be

manually restarted)

reboot-time <TIME> Optional. Schedules an automatic reboot after a successful upgrade

• <TIME> – Optional. Specify the reboot time in the MM/DD/YYYY-HH:MM or HH:MM
format.

upgrade-time <TIME>
{no-reboot|
reboot-time <TIME>}

Optional. Schedules an automatic firmware upgrade on all devices, of the specified
type, on a specified day and time

• <TIME> – Specify the upgrade time in the MM/DD/YYYY-HH:MM or HH:MM format.
The following actions can be performed after a scheduled upgrade:

• no-reboot – Optional. Disables automatic reboot after a successful upgrade (the
device must be manually restarted)

• reboot-time <TIME> – Optional. Schedules an automatic reboot after a successful
upgrade. Specify the reboot time in the MM/DD/YYYY-HH:MM or HH:MM format.

staggered-reboot This keyword is recursive and common to all of the above.

• Optional. Enables staggered device reboot (one at a time) without network impact

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 43

USER EXEC MODE COMMANDS

• device-upgrade cancel-upgrade [<MAC/HOSTNAME>|all|ap6521|ap6522|ap6532|
ap6562|ap71xx|ap7502|ap7522|ap7532|ap7562|ap7602|ap7612|ap7622|ap7632|ap7662|
ap81xx|ap82xx|ap8432|ap8533|rfs4000|rfs6000|nx5500|nx75xx|nx9000|nx9600|vx9000|
on rf-domain [<RF-DOMAIN-NAME>|all]]

cancel-upgrade Cancels a scheduled firmware upgrade based on the parameters passed. This

command provides the following options to cancel scheduled firmware upgrades:

• Cancels upgrade on specific device(s). The devices are identified by their MAC
addresses or hostnames.

• Cancels upgrade on all devices within the network

• Cancels upgrade on all devices of a specific type. Specify the device type.

• Cancels upgrade on specific device(s) or all device(s) within a specific RF Domain or
all RF Domains. Specify the RF Domain name.

cancel-upgrade
[<MAC/HOSTNAME>|
all]

Cancels a scheduled firmware upgrade on a specified device or on all devices

• <MAC/HOSTNAME> – Cancels a scheduled upgrade on the device identified by the
<MAC/HOSTNAME> keyword. Specify the device’s MAC address or hostname.

• all – Cancels scheduled upgrade on all devices

cancel-upgrade
<DEVICE-TYPE> all

Cancels scheduled firmware upgrade on all devices of a specific type. Select the
device type. The options are: AP6521, AP6522, AP6532, AP6562, AP7161, AP7502,
AP7522, AP7532, AP7562, AP7602, AP7612, AP7622, AP7632, AP7662, AP81XX,
AP8232, AP8432, AP8533, RFS4000, RFS6000, NX5500, NX75XX, NX9500,
NX9600, and VX9000.

cancel-upgrade on
rf-domain
[<RF-DOMAIN­NAME>|all]

Cancels scheduled firmware upgrade on all devices in a specified RF Domain or all
RF Domains

• <RF-DOMAIN-NAME> – Cancels scheduled device upgrade on all devices in a
specified RF Domain. Specify the RF Domain name.

• all – Cancels scheduled device upgrade on all devices across all RF Domains

• device-upgrade load-image [ap6521|ap6522|ap6532|ap6562|ap71xx|ap7502|ap7522|
ap7532|ap7562|ap7602|ap7612|ap7622|ap7632|ap7662|ap81xx|ap82xx|ap8432|ap8533|
rfs4000|rfs6000|nx500|nx9000|nx9600|vx9000] {<IMAGE-URL>|on <DEVICE-OR-DOMAIN­NAME>}

load-image
<DEVICE-TYPE>

Loads device firmware image from a specified location. Use this command to specify
the device type and the location of the corresponding image file.

• <DEVICE-TYPE> – Specify the device type. The options are: AP6521, AP6522,
AP6532, AP6562, AP7161, AP7502, AP7522, AP7532, AP7562, AP7602, AP7612,
AP7622, AP7632, AP7662, AP81XX, AP8232, AP8432, AP8533, RFS4000, RFS6000,
NX5500, NX75XX, NX9500, NX9600, and VX9000.

After specifying the device type, provide the location of the required device firmware
image.

<IMAGE-URL> Specify the device’s firmware image location in one of the following formats:

IPv4 URLs:

tftp://<hostname|IP>[:port]/path/file
ftp://<user>:<passwd>@<hostname|IP>[:port]/path/file
sftp://<user>:<passwd>@<hostname|IP>[:port]>/path/file
http://<hostname|IP>[:port]/path/file
cf:/path/file
usb<n>:/path/file

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 44

on <DEVICE-OR­DOMAIN-NAME>

• device-upgrade rf-domain [<RF-DOMAIN-NAME>|all|containing <WORD>|filter
location <WORD>] [all|ap6521|ap6522|ap6532|ap6562|ap71xx|ap7502|ap7522|ap7532|
ap7562|ap7602|ap7612|ap7622|ap7632|ap7662|ap81xx|ap82xx|ap8432|ap8533|rfs4000|
rfs6000|nx5500|nx75xx|nx9000|nx9600|vx9000] {(<MAC/HOSTNAME>|force|from-

controller|no-reboot|reboot-time <TIME>|staggered-reboot|upgrade-time <TIME>)}

USER EXEC MODE COMMANDS

IPv6 URLs:

tftp://<hostname|[IPv6]>[:port]/path/file
ftp://<user>:<passwd>@<hostname|[IPv6]>[:port]/path/file
sftp://<user>:<passwd>@<hostname|[IPv6]>[:port]>/path/file

http://<hostname|[IPv6]>[:port]/path/file

Specify the name of the device or RF Domain. The image, of the specified device
type is loaded from the device specified here. In case of an RF Domain, the image
available on the RF Domain manager is loaded.

• <DEVICE-OR-DOMAIN-NAME> – Specify the name of the AP, wireless controller,
service platform, or RF Domain.

rf-domain
[<RF-DOMAIN­NAME>|all|
containing <WORD>|
filter location
<WORD>]

Upgrades firmware on devices in a specified RF Domain or all RF Domains. Devices
within a RF Domain are upgraded through the RF Domain manager.

• <RF-DOMAIN-NAME> – Upgrades devices in the RF Domain identified by the <RF­DOMAIN-NAME> keyword.

• <RF-DOMAIN-NAME> – Specify the RF Domain name.

• all – Upgrades devices across all RF Domains

• containing <WORD> – Filters RF Domains by their names. RF Domains with names
containing the sub-string identified by the <WORD> keyword are filtered. Devices on
the filtered RF Domains are upgraded.

• filter location <WORD> – Filters devices by their location. All devices with location
matching the <WORD> keyword are upgraded.

<DEVICE-TYPE> After specifying the RF Domain, select the device type. The options are: AP6521,

AP6522, AP6532, AP6562, AP7161, AP7502, AP7522, AP7532, AP7562, AP7602,
AP7612, AP7622, AP7632, AP7662, AP81XX, AP8232, AP8432, AP8533, RFS4000,
RFS6000, NX5500, NX75XX, NX9500, NX9600, and VX9000.

After specifying the RF Domain and the device type, configure any one of the
following actions: force devices to upgrade, or initiate an upgrade through the
adopting controller.

<MAC/HOSTNAME> Optional. Use this option to identify specific devices for upgradation. Specify the

device’s MAC address or hostname. The device should be within the specified RF
Domain and of the specified device type. After identifying the devices to upgrade,
configure any one of the following actions: force devices to upgrade, or initiate an
upgrade through the adopting controller.

Note: If no MAC address or hostname is specified, all devices of the type selected are
upgraded.

force Optional. Select this option to force upgrade for the selected device(s). When

selected, the devices are upgraded even if they have the same firmware as the
upgrading access point, wireless controller, or service platform. If forcing a device
upgrade, optionally specify any one of the following options: no-reboot, reboot-time,
upgrade-time, or reboot-time.

from-controller Optional. Upgrades a device through the adopted device. If initiating an upgrade

through the adopting controller, optionally specify any one of the following options:
no-reboot, reboot-time, upgrade-time, or reboot-time.

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 45

USER EXEC MODE COMMANDS

no-reboot
{staggered-reboot}

reboot-time <TIME>
{staggered-reboot}

Optional. Disables automatic reboot after a successful upgrade (the device must be
manually restarted)

Optional. Schedules an automatic reboot after a successful upgrade. Specify the
reboot time in the MM/DD/YYYY-HH:MM or HH:MM format.

staggered-reboot This keyword is common to all of the above.

Optional. Enables staggered reboot (one at a time) without network impact

upgrade-time <TIME>
{no-reboot|
reboot-time <TIME>}

Optional. Schedules an automatic firmware upgrade

• <TIME> – Specify the upgrade time in the MM/DD/YYYY-HH:MM or HH:MM format.

After a scheduled upgrade, the following actions can be performed.

• no-reboot – Optional. Disables automatic reboot after a successful upgrade the
device must be manually restarted)

• reboot-time <TIME> – Optional. Schedules an automatic reboot after a successful
upgrade. Specify the reboot time in the MM/DD/YYYY-HH:MM or HH:MM format.

Example

nx9500-6C8809>show adoption status

--------------------------------------------------------------------------------

-----------------------­DEVICE-NAME VERSION CFG-STAT MSGS ADOPTED-BY LAST-ADOPTION
UPTIME

--------------------------------------------------------------------------------

------------------------

rfs6000-81742D 5.9.1.0-012D configured No nx9500-6C8809 2 days 12:23:52
13 days 22:32:38

t5-ED7C6C 5.4.2.0-010R configured No nx9500-6C8809 13 days
22:47:46 16 days 22:33:25

--------------------------------------------------------------------------------

-----------------------­Total number of devices displayed: 2
nx9500-6C8809>

nx9500-6C8809>show device-upgrade versions

-------------------------------------------------------------------------------­ CONTROLLER DEVICE-TYPE VERSION

-------------------------------------------------------------------------------­ nx9500-6C8809 ap621 5.9.0.0-014D
nx9500-6C8809 ap622 5.9.1.0-012D
nx9500-6C8809 ap650 5.9.1.0-012D
nx9500-6C8809 ap6511 none
nx9500-6C8809 ap6521 5.9.0.0-014D
nx9500-6C8809 ap6522 5.9.1.0-012D
nx9500-6C8809 ap6532 5.9.1.0-012D
nx9500-6C8809 ap6562 5.9.1.0-012D
nx9500-6C8809 ap71xx 5.9.1.0-012D
nx9500-6C8809 ap7502 5.9.1.0-012D
nx9500-6C8809 ap7522 5.9.1.0-012D
nx9500-6C8809 ap7532 5.9.1.0-012D
nx9500-6C8809 ap7562 5.9.1.0-012D
nx9500-6C8809 ap7602 5.9.1.0-012D
nx9500-6C8809 ap7612 5.9.1.0-012D
nx9500-6C8809 ap7622 5.9.1.0-012D
nx9500-6C8809 ap7632 5.9.1.0-012D
nx9500-6C8809 ap7662 5.9.1.0-012D
nx9500-6C8809 ap81xx 5.9.1.0-012D
nx9500-6C8809 ap82xx 5.9.1.0-012D
nx9500-6C8809 ap8432 5.9.1.0-012D
nx9500-6C8809 ap8533 5.9.1.0-012D
nx9500-6C8809 nx45xx none
nx9500-6C8809 nx5500 none

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 46

USER EXEC MODE COMMANDS

nx9500-6C8809 nx65xx none
nx9500-6C8809 nx75xx none
nx9500-6C8809 nx9000 none
nx9500-6C8809 rfs4000 5.9.1.0-012D
nx9500-6C8809 rfs6000 5.9.1.0-012D
nx9500-6C8809 rfs7000 5.9.0.0-010D
nx9500-6C8809 vx9000 none

-------------------------------------------------------------------------------­nx9500-6C8809>

nx9500-6C8809#device-upgrade load-image rfs6000 ftp://

anonymous:anonymous@192.168.13.10/LatestBuilds/W591/RFS6000-LEAN-5.9.1.0­015D.img

-------------------------------------------------------------------------------­ CONTROLLER STATUS MESSAGE

-------------------------------------------------------------------------------­ nx9500-6C8809 Success Successfully initiated load image

-------------------------------------------------------------------------------­nx9500-6C8809#

nx9500-6C8809#show device-upgrade load-image-status
Download of rfs6000 firmware file is complete
nx9500-6C8809#

nx9500-6C8809>show device-upgrade versions

-------------------------------------------------------------------------------­ CONTROLLER DEVICE-TYPE VERSION

-------------------------------------------------------------------------------­ nx9500-6C8809 ap621 5.9.0.0-014D
nx9500-6C8809 ap622 5.9.1.0-012D
nx9500-6C8809 ap650 5.9.1.0-012D
nx9500-6C8809 ap6511 none
nx9500-6C8809 ap6521 5.9.0.0-014D
nx9500-6C8809 ap6522 5.9.1.0-012D
nx9500-6C8809 ap6532 5.9.1.0-012D
nx9500-6C8809 ap6562 5.9.1.0-012D
nx9500-6C8809 ap71xx 5.9.1.0-012D
nx9500-6C8809 ap7502 5.9.1.0-012D
nx9500-6C8809 ap7522 5.9.1.0-012D
nx9500-6C8809 ap7532 5.9.1.0-012D
nx9500-6C8809 ap7562 5.9.1.0-012D
nx9500-6C8809 ap7602 5.9.1.0-012D
nx9500-6C8809 ap7612 5.9.1.0-012D
nx9500-6C8809 ap7622 5.9.1.0-012D
nx9500-6C8809 ap7632 5.9.1.0-012D
nx9500-6C8809 ap7662 5.9.1.0-012D
nx9500-6C8809 ap81xx 5.9.1.0-012D
nx9500-6C8809 ap82xx 5.9.1.0-012D
nx9500-6C8809 ap8432 5.9.1.0-012D
nx9500-6C8809 ap8533 5.9.1.0-012D
nx9500-6C8809 nx45xx none
nx9500-6C8809 nx5500 none
nx9500-6C8809 nx65xx none
nx9500-6C8809 nx75xx none
nx9500-6C8809 nx9000 none
nx9500-6C8809 rfs4000 5.9.1.0-012D
nx9500-6C8809 rfs6000 5.9.1.0-015D
nx9500-6C8809 rfs7000 5.9.0.0-010D
nx9500-6C8809 vx9000 none

-------------------------------------------------------------------------------­nx9500-6C8809>

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 47

USER EXEC MODE COMMANDS

nx9500-6C8809>device-upgrade rfs6000-81742D

-------------------------------------------------------------------------------­ CONTROLLER STATUS MESSAGE

-------------------------------------------------------------------------------­ B4-C7-99-6C-88-09 Success Queued 1 devices to upgrade

-------------------------------------------------------------------------------­nx9500-6C8809>

nx9500-6C8809>show device-upgrade status
Number of devices currently being upgraded : 1
Number of devices waiting in queue to be upgraded : 0
Number of devices currently being rebooted : 0
Number of devices waiting in queue to be rebooted : 0
Number of devices failed upgrade : 0

--------------------------------------------------------------------------------

-----------------------------­ DEVICE STATE UPGRADE TIME REBOOT TIME PROGRESS RETRIES LAST
UPDATE ERROR UPGRADED BY

--------------------------------------------------------------------------------

-----------------------------­ rfs6000-81742D downloading immediate immediate 17 0 -
nx9500-6C8809

--------------------------------------------------------------------------------

-----------------------------­nx9500-6C8809>

nx9500-6C8809>show adoption status

--------------------------------------------------------------------------------

------------------------------­DEVICE-NAME VERSION CFG-STAT MSGS ADOPTED-BY LAST­ADOPTION UPTIME

--------------------------------------------------------------------------------

-------------------------------

rfs6000-81742D 5.9.1.0-015D version-mismatch No nx9500-6C8809 0 days 00:00:42
0 days 00:03:33

t5-ED7C6C 5.4.2.0-010R configured No nx9500-6C8809 13 days
23:09:38 16 days 22:55:17

--------------------------------------------------------------------------------

-------------------------------­Total number of devices displayed: 2
nx9500-6C8809>

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 48

USER EXEC MODE COMMANDS

2.1.14 disable



User Exec Commands

This command can be executed in the Priv Exec Mode only. When executed, the command turns off
(disables) the privileged mode command set and returns to the User Executable Mode. The prompt
changes from rfs6000-81742D#

Supported in the following platforms:

• Access Points — AP6521, AP6522, AP6532, AP6562, AP7161, AP7502, AP7522, AP7532, AP7562,
AP7602, AP7612, AP7622, AP7632, AP7662, AP81XX, AP8232, AP8432, AP8533

• Wireless Controllers — RFS4000, RFS6000

• Service Platforms — NX5500, NX7500, NX7510, NX7520, NX7530, NX9500, NX9510, NX9600,
VX9000

Syntax

disable

Parameters

None

to rfs6000-81742D>.

Example

rfs6000-81742D#disable
rfs6000-81742D>

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 49

USER EXEC MODE COMMANDS

2.1.15 enable



User Exec Commands

Turns on (enables) the privileged mode command set. The prompt changes from rfs6000-81742D> to
rfs6000-81742D#. This command does not do anything in the Privilege Executable mode.

Supported in the following platforms:

• Access Points — AP6521, AP6522, AP6532, AP6562, AP7161, AP7502, AP7522, AP7532, AP7562,
AP7602, AP7612, AP7622, AP7632, AP7662, AP81XX, AP8232, AP8432, AP8533

• Wireless Controllers — RFS4000, RFS6000

• Service Platforms — NX5500, NX7500, NX7510, NX7520, NX7530, NX9500, NX9510, NX9600,
VX9000

Syntax

enable

Parameters

None

Example

rfs6000-81742D>enable
rfs6000-81742D#

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 50

USER EXEC MODE COMMANDS

2.1.16 file-sync



User Exec Commands

Syncs trustpoint and/or EAP-TLS X.509 (PKCS#12) certificate between the staging-controller and adopted
access points.

When enabling file syncing, consider the following points:

• The X.509 certificate needs synchronization only if the access point is configured to use EAP-TLS
authentication.

• Execute the command on the controller adopting the access points.

• Ensure that the X.509 certificate file is installed on the controller.

Syncing of trustpoint/wireless-bridge certificate can be automated. To automate file syncing, in the
controller’s device/profile configuration mode, execute the following command: file-sync [auto|count <1-
20>]. For more information, see file-sync.

Supported in the following platforms:

• Access Points — AP6521, AP6522, AP6532, AP6562, AP7161, AP7502, AP7522, AP7532, AP7562,
AP7602, AP7612, AP7622, AP7632,AP7662, AP81XX, AP8232, AP8432, AP8533

• Wireless Controllers — RFS4000, RFS6000

• Service Platforms — NX5500, NX7500, NX7510, NX7520, NX7530, NX9500, NX9510, NX9600,
VX9000

Syntax

file-sync [cancel|load-file|trustpoint|wireless-bridge]

file-sync cancel [trustpoint|wireless-bridge]

file-sync cancel [trustpoint|wireless-bridge] [<DEVICE-NAME>|all|rf-domain
[<DOMAIN-NAME>|all]]

file-sync load-file [trustpoint|wireless-bridge]]

file-sync load-file [trustpoint <TRUSTPOINT-NAME>|wireless-bridge] <URL>

file-sync [trustpoint <TRUSTPOINT-NAME>|wireless-bridge] [<DEVICE-NAME>|all|
rf-domain [<DOMAIN-NAME>|all] {from-controller}] {reset-radio|upload-time <TIME>}

Parameters

• file-sync cancel [trustpoint|wireless-bridge] [<DEVICE-NAME>|all|rf-domain
[<DOMAIN-NAME>|all]]

file-sync cancel
[trustpoint|
wireless-bridge]
[<DEVICE-NAME>|
all|rf-domain
[<DOMAIN-NAME>|
all]]

Cancels scheduled file synchronization

• trustpoint – Cancels scheduled trustpoint synchronization on a specified AP, all APs, or
APs within a specified RF Domain

• wireless-bridge – Cancels scheduled wireless-bridge certificate synchronization on a
specified AP, all APs, or APs within a specified RF Domain

• <DEVICE-NAME> – Cancels scheduled trustpoint/certificate synchronization on a
specified AP. Specify the AP’s hostname or MAC address.

• all – Cancels scheduled trustpoint/certificate synchronization on all APs

Contd..

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 51

USER EXEC MODE COMMANDS

• rf-domain [<DOMAIN-NAME>|all] – Cancels scheduled trustpoint/certificate syn­chronization on all APs in a specified RF Domain or in all RF Domains

• <DOMAIN-NAME> – Cancels scheduled trustpoint/certificate synchronization on
all APs within a specified RF Domain. Specify the RF Domain’s name.

• all – Cancels scheduled trustpoint/certificate synchronization on all RF Domains

• file-sync load-file [trustpoint|wireless-bridge] <URL>

file-sync load-file
[trustpoint|
wireless-bridge]
<URL>

• file-sync [trustpoint <TRUSTPOINT-NAME>|wireless-bridge] [<DEVICE-NAME>|all|rf­domain [<DOMAIN-NAME>|all] {from-controller}] {reset-radio|upload-time <TIME>}

file-sync
trustpoint
<TRUSTPOINT­NAME>
[<DEVICE-NAME>|
all|rf-domain
[<DOMAIN-NAME>
|all] from-controller]

Loads the following files on to the staging controller:

• trustpoint – Loads the trustpoint, including CA certificate, server certificate and private
key

• wireless-bridge – Loads the wireless-bridge certificate to the staging controller

Use this command to load the certificate to the controller before scheduling or
initiating a certificate synchronization.

• <URL> – Provide the trustpoint/certificate location using one of the following for­mats:

tftp://<hostname|IP>[:port]/path/file
ftp://<user>:<passwd>@<hostname|IP>[:port]/path/file
sftp://<user>:<passwd>@<hostname|IP>[:port]>/path/file
http://<hostname|IP>[:port]/path/file
cf:/path/file
usb<n>:/path/file

Note: Both IPv4 and IPv6 address types are supported.

Configures file-syncing parameters

• trustpoint <TRUSTPOINT-NAME> – Syncs a specified trustpoint between controller and
its adopted APs

• <TRUSTPOINT-NAME> – Specify the trustpoint name.

• wireless-bridge – Syncs wireless-bridge certificate between controller and its adopted
APs

After specifying the file that is to be synced, configure following file-sync parameters:

• <DEVICE-NAME> – Syncs trustpoint/certificate with a specified AP. Specify the AP’s
hostname or MAC address.

• all – Syncs trustpoint/certificate with all APs

• rf-domain [<DOMAIN-NAME>|all] – Syncs trustpoint/certificate with all APs in a
specified RF Domain or in all RF Domains

• <DOMAIN-NAME> – Select to sync with APs within a specified RF Domain. Specify
the RF Domain’s name.

• all – Select to sync with APs across all RF Domains

• from-controller – Optional. Loads certificate to the APs from the adopting

controller and not the RF Domain manager

After specifying the access points, specify the following options: reset-radio and
upload-time.

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 52

USER EXEC MODE COMMANDS

reset-radio This keyword is recursive and applicable to all of the above parameters.

Optional. Resets the radio after file synchronization. Reset the radio in case the
certificate is renewed along with no changes made to the ‘bridge EAP username’ and
‘bridge EAP password’.

upload-time <TIME> This keyword is recursive and applicable to all of the above parameters.

• upload-time – Optional. Schedules certificate upload at a specified time

• <TIME> – Specify the time in the MM/DD/YYYY-HH:MM or HH:MM format. If no time
is configured, the process is initiated as soon as the command is executed.

Example

rfs6000-81742D>file-sync wireless-bridge ap7131-11E6C4 upload-time 06/01/2017­12:30

-------------------------------------------------------------------------------­ CONTROLLER STATUS MESSAGE

-------------------------------------------------------------------------------­ B4-C7-99-6D-CD-4B Success Queued 1 APs to upload

-------------------------------------------------------------------------------­rfs6000-81742D>

The following command uploads certificate to all access points:

rfs6000-81742D>file-sync wireless-bridge all upload-time 06/01/2017-23:42

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 53

USER EXEC MODE COMMANDS

2.1.17 join-cluster



User Exec Commands

Adds a device (access point, wireless controller, or service platform), as a member, to an existing cluster of
devices. Assign a static IP address to the device before adding to a cluster. Note, a cluster can be only
formed of devices of the same model type.

Supported in the following platforms:

• Wireless Controllers — RFS4000, RFS6000

• Service Platforms — NX5500, NX7500, NX7510, NX7520, NX7530, NX9500, NX9510, NX9600,
VX9000

Syntax

join-cluster <IP> user <USERNAME> password <WORD> {level|mode}
join-cluster <IP> user <USERNAME> password <WORD> {level [1|2]|mode

[active|standby]}

Parameters

• join-cluster <IP> user <USERNAME> password <WORD> {level [1|2]|mode
[active|standby]}

join-cluster Adds an access point, wireless controller, or service platform to an existing cluster
<IP> Specify the cluster member’s IP address.
user <USERNAME> Specify a user account with super user privileges on the new cluster member
password <WORD> Specify password for the account specified in the user parameter
level [1|2] Optional. Configures the routing level

• 1 – Configures level 1 routing

• 2 – Configures level 2 routing

mode
[active|standby]

Optional. Configures the cluster mode

• active – Configures this cluster as active

• standby – Configures this cluster to be on standby mode

Usage Guidelines

To add a device to an existing cluster:

• Configure a static IP address on the device (access point, wireless controller, or service platform).

• Provide username and password for superuser, network admin, system admin, or operator
accounts.

After adding the device to a cluster, execute the “write memory” command to ensure the configuration
persists across reboots.

Example

rfs4000-880DA7>join-cluster 192.168.13.15 user admin password superuser level 1
mode standby
... connecting to 192.168.13.15
... applying cluster configuration
... committing the changes
... saving the changes
[OK]
rfs4000-880DA7>

Access Point, Wireless Controller and Service Platform CLI Reference Guide

2 - 54