ProCurve 5400zl Switches
Installation and Getting Started Guide
Reference Guide for HP ProCurve MSM7xx Controllers CLI
ProCurve MSM7xx Controllers CLI
Reference Guide
HP ProCurve MSM7xx Controllers
CLI Reference Guide
Copyright and Disclaimer Notices
© Copyright 2009 Hewlett-Packard Development Company, L.P. The
information contained herein is subject to change without notice.
This document contains proprietary information, which is
protected by copyright. No part of this document may be
photocopied, reproduced, or translated into another language
without the prior written consent of Hewlett-Packard.
Publication Number
5992-5933
May 2009
Applicable Products
MSM710 Access Controller J9328A
MSM710 Mobility Controller J9325A
MSM730 Access Controller J9329A
MSM730 Mobility Controller J9326A
MSM750 Access Controller J9330A
MSM750 Mobility Controller J9327A
MSM760 Access Controller J9421A
MSM760 Mobility Controller J9420A
MSM765zl Mobility Controller J9370A
Trademark Credits
Windows NT®, Windows®, and MS Windows® are US
registered trademarks of Microsoft Corporation.
Disclaimer
HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF
ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING,
BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. Hewlett-Packard shall not be liable for errors
contained herein or for incidental or consequential damages in
connection with the furnishing, performance, or use of this
material.
The only warranties for HP products and services are set forth
in the express warranty statements accompanying such
products and services. Nothing herein should be construed as
constituting an additional warranty. HP shall not be liable for
technical or editorial errors or omissions contained herein.
Hewlett-Packard assumes no responsibility for the use or
reliability of its software on equipment that is not furnished by
Hewlett-Packard.
Hewlett-Packard Company
8000 Foothills Boulevard
Roseville, California 95747-5552
www.procurve.com
Contents
In this Contents section, new to 5.3.x contexts and commands are preceded with an asterisk
“*” and formatted in green like this:
* new context
* new command
1 Introduction
About this guide ...........................................................................................................1-2
Products covered................................................................................................... 1-2
HP ProCurve Product Naming............................................................................. 1-2
Important terms..................................................................................................... 1-3
Typographical conventions ..................................................................................1-3
Command syntax ............................................................................................1-3
Management tool ............................................................................................1-4
HP ProCurve Networking support............................................................................. 1-4
Before contacting support .............................................................................1-4
Online documentation .................................................................................................1-5
Configuring CLI support.............................................................................................. 1-5
SSH client support.................................................................................................1-6
Entering strings ............................................................................................................1-6
Context hierarchy ........................................................................................................1-7
Sample CLI session ......................................................................................................1-8
File transfer...................................................................................................................1-8
A. The service controller gets the file using a URL ....................................1-8
B. Send a file to the service controller .........................................................1-8
2 CLI commands
View context .................................................................................................................2-2
arping ......................................................................................................................2-2
enable...................................................................................................................... 2-2
iperf .........................................................................................................................2-2
nslookup .................................................................................................................2-2
iii
ping.......................................................................................................................... 2-2
ps .............................................................................................................................2-3
quit...........................................................................................................................2-3
show license........................................................................................................... 2-3
show logging filtered.............................................................................................2-3
top............................................................................................................................ 2-3
traceroute ...............................................................................................................2-3
Enable context..............................................................................................................2-4
reboot device..........................................................................................................2-4
show certificate .....................................................................................................2-4
show certificate binding .......................................................................................2-4
iperf .........................................................................................................................2-4
ping.......................................................................................................................... 2-4
arping ......................................................................................................................2-5
arp............................................................................................................................ 2-5
end ...........................................................................................................................2-5
quit...........................................................................................................................2-5
rcapture...................................................................................................................2-5
show arp .................................................................................................................2-5
show bridge ............................................................................................................2-5
show bridge forwarding........................................................................................ 2-6
show dns cache...................................................................................................... 2-6
show interfaces......................................................................................................2-6
* show ip.................................................................................................................2-6
show ip route .........................................................................................................2-6
show system info ...................................................................................................2-6
show ip dhcp database..........................................................................................2-6
show satellites........................................................................................................2-6
* show web content ..............................................................................................2-7
show client log .......................................................................................................2-7
show radius statistics............................................................................................ 2-7
show radius users.................................................................................................. 2-7
show users..............................................................................................................2-7
show discrete pin...................................................................................................2-7
config.......................................................................................................................2-7
show all config .......................................................................................................2-7
controlled network................................................................................................2-8
show controlled network config..........................................................................2-8
iv
Config context ..............................................................................................................2-9
* dhcp public ip default lease period.................................................................. 2-9
* dhcp public ip subnet.........................................................................................2-9
certificate................................................................................................................ 2-9
certificate binding..................................................................................................2-9
certificate revocation ............................................................................................2-9
end ...........................................................................................................................2-9
factory settings ....................................................................................................2-10
interface ethernet ................................................................................................2-10
reboot device........................................................................................................2-10
show certificate ...................................................................................................2-10
show certificate binding .....................................................................................2-10
show config factory.............................................................................................2-10
username ..............................................................................................................2-10
interface ip............................................................................................................2-11
interface pptp client-default...............................................................................2-11
interface gre .........................................................................................................2-11
virtual ap............................................................................................................... 2-11
show subscription plan.......................................................................................2-11
subscription plan .................................................................................................2-11
* mac list...............................................................................................................2-12
* show mac list ....................................................................................................2-12
ipsec policy........................................................................................................... 2-12
* admin local authentication..............................................................................2-12
* admin radius authentication ...........................................................................2-12
* admin radius authentication server ...............................................................2-12
ip http port............................................................................................................ 2-13
ip https port.......................................................................................................... 2-13
snmp-server trap certificate-expired.................................................................2-13
snmp-server trap certificate-expires-soon .......................................................2-13
snmp-server trap web-fail...................................................................................2-13
snmp-server trap web-login................................................................................ 2-14
snmp-server trap web-logout .............................................................................2-14
web admin kickout.............................................................................................. 2-14
web allow..............................................................................................................2-14
world-mode dot11 country code........................................................................2-14
web access internet-port ....................................................................................2-15
web access lan-port.............................................................................................2-15
web access interface vlan................................................................................... 2-15
v
web access interface gre ....................................................................................2-15
web access lan .....................................................................................................2-15
web access vpn ....................................................................................................2-15
dhcp mode ............................................................................................................2-16
dhcp server........................................................................................................... 2-16
dhcp server default domain name .....................................................................2-16
dhcp server default lease period .......................................................................2-16
dhcp server default permanent lease period....................................................2-16
dhcp server controller.........................................................................................2-16
dhcp server controller discovery....................................................................... 2-16
dhcp server logout html user .............................................................................2-17
dhcp server access centralized clients .............................................................2-17
dhcp server access lan ........................................................................................2-17
dhcp relay .............................................................................................................2-17
* dhcp relay circuit id ......................................................................................... 2-17
* dhcp relay remote id ........................................................................................2-18
dhcp relay access centralized clients................................................................ 2-18
dhcp relay access lan ..........................................................................................2-18
dhcp relay extend internet port .........................................................................2-18
clock...................................................................................................................... 2-18
* clock auto adjust dst........................................................................................ 2-19
clock timezone..................................................................................................... 2-19
* clock use custom dst rules..............................................................................2-19
ntp protocol..........................................................................................................2-19
ntp server..............................................................................................................2-19
* clock custom dst begins ..................................................................................2-19
* clock custom dst begins format .....................................................................2-20
* clock custom dst ends .....................................................................................2-20
* clock custom dst ends format ........................................................................2-20
ntp server..............................................................................................................2-21
ntp server failure trap .........................................................................................2-21
config-update automatic..................................................................................... 2-21
config-update operation......................................................................................2-21
config-update time............................................................................................... 2-21
config-update uri..................................................................................................2-22
config-update weekday....................................................................................... 2-22
snmp-server trap config-change ........................................................................2-22
snmp-server trap config-update.........................................................................2-22
logging destination ..............................................................................................2-22
vi
snmp-server trap syslog-severity .......................................................................2-23
snmp-server.......................................................................................................... 2-23
snmp-server access port-1.................................................................................. 2-23
snmp-server allow ...............................................................................................2-23
snmp-server chassis-id........................................................................................2-23
snmp-server contact............................................................................................2-24
snmp-server heartbeat period............................................................................ 2-24
snmp-server location........................................................................................... 2-24
snmp-server port..................................................................................................2-24
snmp-server readonly..........................................................................................2-24
snmp-server readwrite ........................................................................................2-25
snmp-server trap..................................................................................................2-25
snmp-server trap community .............................................................................2-25
snmp-server trap destination .............................................................................2-25
snmp-server trap heartbeat ................................................................................2-25
snmp-server trap link-state.................................................................................2-26
snmp-server trap snmp-authentication.............................................................2-26
* snmp-server version 1......................................................................................2-26
* snmp-server version 2c....................................................................................2-26
* snmp-server version 3......................................................................................2-26
snmp-server access interface vlan ....................................................................2-26
snmp-server access interface gre ......................................................................2-27
snmp-server access port-2.................................................................................. 2-27
snmp-server access lan .......................................................................................2-27
snmp-server access vpn...................................................................................... 2-27
snmp-server trap new-satellite-detected ..........................................................2-27
snmp-server trap satellite-unreachable ............................................................2-28
* snmp-server user ..............................................................................................2-28
* snmp-server notification receiver ..................................................................2-28
soap-server ...........................................................................................................2-28
soap-server access interface vlan......................................................................2-28
soap-server access port-1 ...................................................................................2-29
soap-server access port-2 ...................................................................................2-29
soap-server allow................................................................................................. 2-29
soap-server http authentication.........................................................................2-29
soap-server http authentication password....................................................... 2-29
soap-server http authentication username....................................................... 2-30
soap-server port................................................................................................... 2-30
soap-server ssl......................................................................................................2-30
vii
soap-server ssl with client certificate ...............................................................2-30
soap-server access interface gre........................................................................2-30
soap-server access lan ........................................................................................2-30
soap-server access vpn .......................................................................................2-31
snmp-server trap vpn-connection...................................................................... 2-31
snmp-server trap syslog-matches ...................................................................... 2-31
snmp-server trap syslog-matches regex ...........................................................2-31
snmp-server trap syslog-severity level..............................................................2-31
snmp-server trap network-trace ........................................................................ 2-31
firmware-update automatic................................................................................2-32
firmware-update start .........................................................................................2-32
firmware-update time..........................................................................................2-32
firmware-update uri ............................................................................................2-32
firmware-update weekday..................................................................................2-33
snmp-server trap firmware-update.................................................................... 2-33
ip name-server......................................................................................................2-33
ip name-server cache ..........................................................................................2-33
ip name-server dynamic...................................................................................... 2-33
ip name-server interception ............................................................................... 2-34
ip name-server switch-on-servfail .....................................................................2-34
ip name-server switch-over ................................................................................2-34
ip name-server logout-info .................................................................................2-34
access controller shared secret .........................................................................2-34
radius-server profile ............................................................................................2-35
access controller..................................................................................................2-35
certificate ipsec ca...............................................................................................2-35
certificate ipsec local ..........................................................................................2-35
certificate ipsec revocation................................................................................ 2-35
certificate ssl ........................................................................................................2-36
session profile default.........................................................................................2-36
session profile ......................................................................................................2-36
show session profile............................................................................................ 2-36
remote configuration ..........................................................................................2-36
discovery protocol............................................................................................... 2-36
discovery protocol device-id.............................................................................. 2-37
service controller ap authentication credentials.............................................2-37
service controller ap authentication enable.....................................................2-37
service controller ap authentication file...........................................................2-37
service controller ap authentication radius-server ......................................... 2-37
viii
service controller ap authentication refresh-rate............................................ 2-37
service controller ap authentication source file..............................................2-38
service controller ap authentication source local........................................... 2-38
service controller ap authentication source radius ........................................2-38
service controller discovery...............................................................................2-38
service controller discovery interface internet-port .......................................2-38
service controller discovery interface lan-port ...............................................2-38
service controller primary.................................................................................. 2-39
service controller primary ip addr.....................................................................2-39
service controller priority...................................................................................2-39
service controller provisioning.......................................................................... 2-39
bandwidth control internet-port........................................................................ 2-39
bandwidth control internet-port high ...............................................................2-39
bandwidth control internet-port low ................................................................2-40
bandwidth control internet-port max-rate .......................................................2-40
bandwidth control internet-port normal ..........................................................2-41
bandwidth control internet-port very-high....................................................... 2-41
ip route gateway ..................................................................................................2-41
firewall mode .......................................................................................................2-41
show user profiles ...............................................................................................2-42
show user profiles details................................................................................... 2-42
user profile ...........................................................................................................2-42
renew user profile subscription......................................................................... 2-42
dot1x reauth .........................................................................................................2-42
dot1x reauth period.............................................................................................2-42
dot1x reauth terminate .......................................................................................2-42
dot1x supplicant timeout.................................................................................... 2-43
dynamic key .........................................................................................................2-43
dynamic key interval ...........................................................................................2-43
key chain............................................................................................................... 2-43
config-version.......................................................................................................2-43
radius-server accounting session ......................................................................2-43
radius-server client..............................................................................................2-44
radius-server local eap-peap ..............................................................................2-44
radius-server local eap-tls...................................................................................2-44
radius-server local eap-ttls .................................................................................2-44
radius-server local pap........................................................................................ 2-44
radius-server ssid detection nas-id....................................................................2-44
show radius-server ..............................................................................................2-45
ix
active-directory check attribute ........................................................................2-45
active-directory check user access ...................................................................2-45
active-directory device name .............................................................................2-45
active-directory domain......................................................................................2-45
active-directory group......................................................................................... 2-46
active-directory group order ..............................................................................2-46
active-directory join ............................................................................................2-46
show active-directory..........................................................................................2-46
show active-directory group ..............................................................................2-46
radius-server client..............................................................................................2-46
user tracking ........................................................................................................2-46
user tracking destination.................................................................................... 2-47
user tracking filter ...............................................................................................2-47
user tracking port ................................................................................................2-47
persistent user information................................................................................ 2-47
persistent user information period....................................................................2-47
* client data tunnel security...............................................................................2-47
managed map max...............................................................................................2-47
igmp proxy............................................................................................................2-48
igmp proxy downstream interface ....................................................................2-48
igmp proxy upstream interface..........................................................................2-48
* rf-id aeroscout...................................................................................................2-48
Access Controller context.........................................................................................2-49
end .........................................................................................................................2-49
* ads presentation ...............................................................................................2-49
* ads presentation interval................................................................................. 2-49
station allocate source ip address .....................................................................2-49
station allow any ip address...............................................................................2-49
station free access ...............................................................................................2-50
station http proxy support..................................................................................2-50
station idle detection...........................................................................................2-50
system accounting............................................................................................... 2-51
* remember delay................................................................................................ 2-51
* remember html users....................................................................................... 2-51
* worldpay installation id................................................................................... 2-51
* worldpay payment response password .........................................................2-51
* worldpay payment url......................................................................................2-51
* authorize_net installation id ...........................................................................2-51
x
* authorize_net payment url ..............................................................................2-52
* authorize_net transaction key ........................................................................2-52
* ads presentation with frameset ......................................................................2-52
authentication http ..............................................................................................2-52
authentication https ............................................................................................2-52
noc access internet.............................................................................................. 2-52
noc access vpn .....................................................................................................2-53
noc allow ..............................................................................................................2-53
noc authentication............................................................................................... 2-53
secure login .......................................................................................................... 2-53
* sslv2 authentication ......................................................................................... 2-53
noc access interface vlan....................................................................................2-54
noc access interface gre .....................................................................................2-54
ipass id .................................................................................................................. 2-54
ipass name ............................................................................................................2-54
wispr abort login url............................................................................................2-54
wispr login url ......................................................................................................2-55
wispr logoff url.....................................................................................................2-55
access-list .............................................................................................................2-55
use access-list ......................................................................................................2-56
use access-list unauth .........................................................................................2-56
config file ..............................................................................................................2-56
* http proxy upstream ........................................................................................2-57
https ssl certificate .............................................................................................. 2-57
mac-address .........................................................................................................2-57
fail page................................................................................................................. 2-57
goodbye url........................................................................................................... 2-57
ipass login url .......................................................................................................2-58
login error url .......................................................................................................2-58
login page..............................................................................................................2-58
login url................................................................................................................. 2-58
logo........................................................................................................................ 2-58
messages...............................................................................................................2-59
noc ssl ca-certificate ...........................................................................................2-59
noc ssl certificate.................................................................................................2-59
session page .........................................................................................................2-59
transport page ......................................................................................................2-59
welcome url..........................................................................................................2-60
notify user location changes ..............................................................................2-60
xi
Default Session profile context ................................................................................2-61
accounting interim update .................................................................................2-61
idle timeout ..........................................................................................................2-61
maximum input octets ........................................................................................2-61
maximum input packets .....................................................................................2-61
maximum output octets...................................................................................... 2-62
maximum output packets...................................................................................2-62
maximum total octets .........................................................................................2-62
maximum total packets ......................................................................................2-62
nat one-to-one ......................................................................................................2-62
session timeout ....................................................................................................2-63
smtp redirection setup........................................................................................ 2-63
* public ip subnet ................................................................................................2-63
end .........................................................................................................................2-63
smtp redirection ..................................................................................................2-64
Session profile context.............................................................................................. 2-65
end .........................................................................................................................2-65
access controlled................................................................................................. 2-65
access list..............................................................................................................2-65
accounting interim update .................................................................................2-65
arp polling interval ..............................................................................................2-65
arp polling max count .........................................................................................2-66
bandwidth level....................................................................................................2-66
* egress vlan.........................................................................................................2-66
idle timeout ..........................................................................................................2-66
intercept traffic ....................................................................................................2-67
max input rate...................................................................................................... 2-67
max output rate ...................................................................................................2-67
nat one-to-one ......................................................................................................2-67
session profile ......................................................................................................2-68
smtp redirection setup........................................................................................ 2-68
termination action ...............................................................................................2-68
user defined attribute.......................................................................................... 2-69
* public ip subnet ................................................................................................2-69
User Profile context...................................................................................................2-70
end .........................................................................................................................2-70
xii
access controlled................................................................................................. 2-71
access-controlled profile ....................................................................................2-71
access-controlled virtual ap ...............................................................................2-71
active .....................................................................................................................2-71
chargeable user identity .....................................................................................2-72
control method ....................................................................................................2-72
egress vlan ............................................................................................................2-72
end time ................................................................................................................ 2-72
idle timeout ..........................................................................................................2-72
max user sessions................................................................................................ 2-72
password...............................................................................................................2-73
regular profile ......................................................................................................2-73
regular virtual ap .................................................................................................2-73
session timeout ....................................................................................................2-73
subscription plan .................................................................................................2-73
username ..............................................................................................................2-74
Internet interface context .........................................................................................2-75
end .........................................................................................................................2-75
duplex ...................................................................................................................2-75
speed .....................................................................................................................2-75
interface vlan........................................................................................................2-75
ipsec vlan interface .............................................................................................2-76
LAN interface context ...............................................................................................2-77
end .........................................................................................................................2-77
duplex ...................................................................................................................2-77
speed .....................................................................................................................2-77
interface vlan........................................................................................................2-77
ipsec vlan interface .............................................................................................2-78
WAN IP interface context..........................................................................................2-79
pppoe client user .................................................................................................2-79
ip address mode...................................................................................................2-79
ip address..............................................................................................................2-79
ip nat......................................................................................................................2-80
nat limit port range..............................................................................................2-80
nat limit port range size ......................................................................................2-80
ip address dhcp client-id..................................................................................... 2-80
end .........................................................................................................................2-80
pppoe auto-reconnect .........................................................................................2-80
pppoe mru ............................................................................................................2-81
pppoe mtu............................................................................................................. 2-81
xiii
pppoe unnumbered .............................................................................................2-81
ip nat outside source static ................................................................................2-81
ip rip authentication key-chain ..........................................................................2-82
ip rip authentication mode .................................................................................2-82
ip rip authentication string................................................................................. 2-82
passive-interface.................................................................................................. 2-82
router rip............................................................................................................... 2-82
ip address alternate .............................................................................................2-83
LAN IP interface context........................................................................................... 2-84
end .........................................................................................................................2-84
ip address..............................................................................................................2-84
ip address management ......................................................................................2-84
passive-interface.................................................................................................. 2-84
router rip............................................................................................................... 2-84
RADIUS remote configuration context ...................................................................2-86
end .........................................................................................................................2-86
active .....................................................................................................................2-86
credentials ............................................................................................................2-86
interval ..................................................................................................................2-86
radius server profile ............................................................................................2-86
Virtual AP context...................................................................................................... 2-87
virtual ap name ....................................................................................................2-87
access control ......................................................................................................2-87
force centralize data............................................................................................ 2-88
ingress interface ..................................................................................................2-88
egress unauthenticated....................................................................................... 2-88
guest-mode ...........................................................................................................2-88
max-association ...................................................................................................2-89
ssid name ..............................................................................................................2-89
vlan ........................................................................................................................2-89
encryption key 1 ..................................................................................................2-89
encryption key format.........................................................................................2-89
transmit key..........................................................................................................2-90
authentication server access controller ...........................................................2-90
authentication server accounting...................................................................... 2-90
authentication server accounting radius profile .............................................2-90
authentication server radius ..............................................................................2-90
xiv
dot1x authentication ...........................................................................................2-90
wpa-psk.................................................................................................................2-91
authentication server request radius cui ..........................................................2-91
dot1x session page ..............................................................................................2-91
wireless filters......................................................................................................2-91
wireless filters mac .............................................................................................2-92
wireless filters rule input....................................................................................2-92
wireless filters rule output .................................................................................2-92
wireless filters type .............................................................................................2-93
mac authentication accounting .........................................................................2-94
mac authentication accounting radius profile .................................................2-94
mandatory authentication .................................................................................. 2-94
mac authentication radius profile .....................................................................2-94
mac authentication remote ................................................................................2-94
mac authentication request radius cui.............................................................. 2-94
mac authentication local ....................................................................................2-95
mac authentication..............................................................................................2-95
html authentication .............................................................................................2-95
html authentication accounting.........................................................................2-95
html authentication accounting radius profile ................................................2-95
html authentication active-directory.................................................................2-96
html authentication local.................................................................................... 2-96
html authentication radius ................................................................................. 2-96
html authentication radius profile..................................................................... 2-96
html authentication request radius cui .............................................................2-96
html authentication timeout...............................................................................2-96
active .....................................................................................................................2-97
beacon dtim count...............................................................................................2-97
beacon transmit power .......................................................................................2-97
data rate ................................................................................................................2-97
public forwarding ................................................................................................ 2-97
access lan stations...............................................................................................2-97
fast authentication............................................................................................... 2-98
layer3 mobility .....................................................................................................2-98
add ip-qos profile .................................................................................................2-98
delete ip-qos profile all........................................................................................2-98
delete ip-qos profile.............................................................................................2-98
qos .........................................................................................................................2-98
upstream diffserv tagging ...................................................................................2-99
wmm advertising ...............................................................................................2-100
xv
html redirection .................................................................................................2-100
local nas id.......................................................................................................... 2-100
bandwidth...........................................................................................................2-100
bandwidth default rates.................................................................................... 2-100
bandwidth default rates maximum .................................................................2-100
radius accounting realms .................................................................................2-101
radius authentication realms ...........................................................................2-101
identify stations by ip only ...............................................................................2-101
location-aware group ........................................................................................2-101
location-aware called-station-id content ........................................................2-101
dhcp relay ...........................................................................................................2-101
dhcp relay active................................................................................................ 2-102
dhcp relay circuit id ..........................................................................................2-102
dhcp relay remote id .........................................................................................2-102
dhcp relay subnet ..............................................................................................2-102
dhcp server......................................................................................................... 2-102
dhcp server dns.................................................................................................. 2-102
dhcp server gateway .........................................................................................2-103
dhcp server range ..............................................................................................2-103
dhcp server subnet ............................................................................................2-103
radius-framed-protocol-attribute.....................................................................2-103
end .......................................................................................................................2-103
security ...............................................................................................................2-103
VLAN interface context ...........................................................................................2-105
end .......................................................................................................................2-105
ip address............................................................................................................2-105
ip address mode.................................................................................................2-105
vlan name............................................................................................................2-106
ip default-gateway .............................................................................................2-106
ip nat....................................................................................................................2-106
RADIUS context .......................................................................................................2-107
end .......................................................................................................................2-107
radius-server accounting port.......................................................................... 2-107
radius-server alternate hosts............................................................................ 2-107
radius-server authentication method.............................................................. 2-107
radius-server authentication port.................................................................... 2-107
radius-server deadtime .....................................................................................2-108
radius-server host ..............................................................................................2-108
xvi
radius-server key 2 ............................................................................................2-108
radius-server message-authenticator ..............................................................2-108
radius-server name ............................................................................................2-108
radius-server nasid ............................................................................................2-109
radius-server timeout ........................................................................................2-109
radius-server timeout ........................................................................................2-109
radius-server force-nas-port-to-vlanid ............................................................2-109
radius-server realm............................................................................................2-109
radius-server realm name .................................................................................2-109
DHCP server context ...............................................................................................2-110
end .......................................................................................................................2-110
active ...................................................................................................................2-110
gateway ...............................................................................................................2-110
range.................................................................................................................... 2-110
permanent leases............................................................................................... 2-110
GRE interface context .............................................................................................2-111
end force............................................................................................................. 2-111
gre name .............................................................................................................2-111
ip address............................................................................................................2-111
peer ip address...................................................................................................2-111
remote ip address ..............................................................................................2-111
IPsec policy context.................................................................................................2-112
end .......................................................................................................................2-112
active ...................................................................................................................2-112
authentication ....................................................................................................2-112
cipher ..................................................................................................................2-112
dns domain .........................................................................................................2-112
dns server ...........................................................................................................2-112
incoming nat....................................................................................................... 2-113
incoming traffic network.................................................................................. 2-113
interface.............................................................................................................. 2-113
local id................................................................................................................. 2-113
mode.................................................................................................................... 2-113
outgoing traffic network...................................................................................2-113
peer id .................................................................................................................2-113
peer ip address...................................................................................................2-114
perfect forward secrecy.................................................................................... 2-114
preshared key..................................................................................................... 2-114
xvii
Syslog destination context...................................................................................... 2-115
active ...................................................................................................................2-115
logging facility....................................................................................................2-115
logging host ........................................................................................................2-115
logging prefix .....................................................................................................2-115
name.................................................................................................................... 2-115
end .......................................................................................................................2-116
level .....................................................................................................................2-116
level .....................................................................................................................2-116
matches...............................................................................................................2-116
message...............................................................................................................2-116
message...............................................................................................................2-117
process................................................................................................................ 2-117
process................................................................................................................ 2-117
PPTP client interface context................................................................................. 2-118
active ...................................................................................................................2-118
pptp client credentials ......................................................................................2-118
pptp client domain name ..................................................................................2-118
pptp client server address ................................................................................2-118
end .......................................................................................................................2-118
ip nat....................................................................................................................2-118
pptp client auto route discovery...................................................................... 2-119
pptp client lcp echo........................................................................................... 2-119
passive-interface................................................................................................ 2-119
router rip............................................................................................................. 2-119
Keychain context......................................................................................................2-120
end .......................................................................................................................2-120
key .......................................................................................................................2-120
key chain name ..................................................................................................2-120
Keys context .............................................................................................................2-121
end .......................................................................................................................2-121
key-string ............................................................................................................2-121
Subscription plan context .......................................................................................2-122
end .......................................................................................................................2-122
daily restriction..................................................................................................2-122
xviii
end time .............................................................................................................. 2-122
initial login time allocation............................................................................... 2-122
online time limit.................................................................................................2-123
online time limit.................................................................................................2-123
start time............................................................................................................. 2-123
subscription plan name.....................................................................................2-123
* public ip reservation ...................................................................................... 2-123
* public ip subnet ..............................................................................................2-123
* SNMP user context................................................................................................2-125
* access level .....................................................................................................2-125
* end....................................................................................................................2-125
* password .........................................................................................................2-125
* security ............................................................................................................2-125
* user name ........................................................................................................2-125
* SNMP notification receiver context.................................................................... 2-126
* community ......................................................................................................2-126
* end....................................................................................................................2-126
* port................................................................................................................... 2-126
* receiver ............................................................................................................2-126
* user................................................................................................................... 2-126
* version .............................................................................................................2-126
Active Directory Group context............................................................................. 2-127
end .......................................................................................................................2-127
access controlled............................................................................................... 2-127
access-controlled profile ..................................................................................2-127
access-controlled virtual ap .............................................................................2-127
active ...................................................................................................................2-128
active-directory group name ............................................................................2-128
egress vlan ..........................................................................................................2-128
regular profile ....................................................................................................2-128
regular virtual ap ...............................................................................................2-128
Controlled Network AP context............................................................................. 2-130
end .......................................................................................................................2-130
execute action....................................................................................................2-130
execute system action.......................................................................................2-130
show config factory...........................................................................................2-130
ap group ..............................................................................................................2-130
ap name............................................................................................................... 2-130
config...................................................................................................................2-130
xix
contact ................................................................................................................2-131
location ...............................................................................................................2-131
product type .......................................................................................................2-131
Controlled Network AP Group context.................................................................2-132
execute action....................................................................................................2-132
show config factory...........................................................................................2-132
end .......................................................................................................................2-132
config...................................................................................................................2-132
group name......................................................................................................... 2-132
virtual ap binding...............................................................................................2-132
Controlled Network Base Group context ............................................................. 2-133
execute action....................................................................................................2-133
show config factory...........................................................................................2-133
config...................................................................................................................2-133
end .......................................................................................................................2-133
Controlled Network context...................................................................................2-134
end .......................................................................................................................2-134
* interface wireless ...........................................................................................2-134
local mesh group ...............................................................................................2-134
local mesh provisioning group......................................................................... 2-134
provisioning connectivity .................................................................................2-134
provisioning discovery......................................................................................2-134
radius profile ......................................................................................................2-134
* switch port ......................................................................................................2-135
syslog...................................................................................................................2-135
sensor server name ...........................................................................................2-135
sensor server id.................................................................................................. 2-135
sensor discovery mode .....................................................................................2-135
sensor network detector...................................................................................2-136
inherit sensor .....................................................................................................2-136
dynamic key .......................................................................................................2-136
dynamic key interval .........................................................................................2-136
dot1x reauth .......................................................................................................2-136
dot1x reauth period...........................................................................................2-137
dot1x reauth terminate .....................................................................................2-137
dot1x supplicant timeout.................................................................................. 2-137
inherit 8021x....................................................................................................... 2-137
xx
bridge protocol ieee ..........................................................................................2-137
inherit untagged stp...........................................................................................2-138
bridge protocol ieee vlan ..................................................................................2-138
inherit vlan stp ...................................................................................................2-138
inherit local mesh qos .......................................................................................2-138
local mesh ip qos profile...................................................................................2-138
local mesh qos mechanism............................................................................... 2-139
enable vsc services............................................................................................ 2-139
inherit service availability ................................................................................2-139
inherit l3subnets ................................................................................................2-139
l3subnet...............................................................................................................2-139
* inherit switch ports ........................................................................................2-139
Virtual AP Binding context .....................................................................................2-141
dual radio binding.............................................................................................. 2-141
egress vlan ..........................................................................................................2-141
egress vlan ..........................................................................................................2-141
end .......................................................................................................................2-141
location aware....................................................................................................2-141
Syslog context ..........................................................................................................2-142
message...............................................................................................................2-142
message...............................................................................................................2-142
process................................................................................................................ 2-142
process................................................................................................................ 2-142
level .....................................................................................................................2-142
level .....................................................................................................................2-143
matches...............................................................................................................2-143
end .......................................................................................................................2-143
inherit.................................................................................................................. 2-143
Provisioning connectivity context .........................................................................2-144
end .......................................................................................................................2-144
inherit.................................................................................................................. 2-144
interface.............................................................................................................. 2-144
interface provisioninig ......................................................................................2-144
ip assignation .....................................................................................................2-144
vlan ......................................................................................................................2-144
vlan ......................................................................................................................2-145
static ip................................................................................................................2-145
provisioning local mesh group......................................................................... 2-145
provisioning local mesh key............................................................................. 2-145
xxi
provisioning local mesh port............................................................................2-145
provisioning local mesh security..................................................................... 2-145
provisioning local mesh security..................................................................... 2-145
provisioning local mesh type ...........................................................................2-146
country code ......................................................................................................2-146
Provisioning discovery context.............................................................................. 2-147
end .......................................................................................................................2-147
dns name............................................................................................................. 2-147
dns provisioning ................................................................................................2-147
inherit.................................................................................................................. 2-147
dns domain name...............................................................................................2-147
dns server ...........................................................................................................2-148
discovery provisioning......................................................................................2-148
ip address............................................................................................................2-148
ip provisioning ...................................................................................................2-148
CN Wireless interface context................................................................................2-149
dot11.................................................................................................................... 2-149
distance...............................................................................................................2-149
transmit power................................................................................................... 2-150
multicast rate .....................................................................................................2-150
dot11 automatic frequency...............................................................................2-150
dot11 automatic frequency period ..................................................................2-150
dot11 automatic frequency time ......................................................................2-150
dot11 automatic transmit-power .....................................................................2-151
dot11 automatic transmit-power period......................................................... 2-151
antenna bidirectionnal ......................................................................................2-151
antenna gain .......................................................................................................2-151
autochannel skip................................................................................................2-151
station distance..................................................................................................2-151
beacon interval ..................................................................................................2-152
rts threshold .......................................................................................................2-152
dot11 mode......................................................................................................... 2-152
radio active......................................................................................................... 2-152
spectralink view................................................................................................. 2-153
dot11n guard interval ........................................................................................2-153
dot11n channel width........................................................................................ 2-153
dot11n channel extension.................................................................................2-153
dot11n multicast rate ........................................................................................2-153
xxii
end .......................................................................................................................2-153
inherit.................................................................................................................. 2-153
RADIUS Profile context ..........................................................................................2-155
end .......................................................................................................................2-155
inherit.................................................................................................................. 2-155
radius nas id ....................................................................................................... 2-155
Local mesh profile context .....................................................................................2-156
security ...............................................................................................................2-156
security mode..................................................................................................... 2-156
security psk ........................................................................................................2-156
security wep .......................................................................................................2-156
dynamic mode....................................................................................................2-156
mesh id................................................................................................................2-157
allowed downtime .............................................................................................2-157
minimum snr ......................................................................................................2-157
snr cost per hop .................................................................................................2-157
initial discovery time.........................................................................................2-157
active ...................................................................................................................2-157
end .......................................................................................................................2-157
inherit.................................................................................................................. 2-158
name.................................................................................................................... 2-158
radio active......................................................................................................... 2-158
Local mesh provisioning profile context...............................................................2-159
accept connection .............................................................................................2-159
end .......................................................................................................................2-159
inherit.................................................................................................................. 2-159
multiple radio..................................................................................................... 2-159
* Switch port context............................................................................................... 2-160
* end....................................................................................................................2-160
* active................................................................................................................2-160
* authentication profile vsc..............................................................................2-160
* authentication server radius .........................................................................2-160
* dot1x authentication...................................................................................... 2-160
* dynamic vlan ...................................................................................................2-161
* egress rate .......................................................................................................2-161
* force flow control........................................................................................... 2-161
* ingress rate...................................................................................................... 2-161
xxiii
* ingress traffic type..........................................................................................2-161
* mac authentication.........................................................................................2-162
* mac filter list ...................................................................................................2-162
* port name ........................................................................................................2-162
* port type ..........................................................................................................2-162
* power over ethernet....................................................................................... 2-162
* priority .............................................................................................................2-162
* priority lookup................................................................................................ 2-163
* quarantine vlan ............................................................................................... 2-163
* vlan................................................................................................................... 2-163
* List of MAC addresses context ............................................................................2-164
* end....................................................................................................................2-164
* entry .................................................................................................................2-164
* list name ..........................................................................................................2-164
xxiv
Alphabetical list of commands
In this alphabetical list, new to 5.3.x commands are preceded
by an asterisk “*” and formatted in green like this:
* command 2-xxx
accept connection 2-159
access control 2-87
access controlled 2-127
access controlled 2-65
access controlled 2-71
access controller 2-35
access controller shared secret 2-34
access lan stations 2-97
* access level 2-125
access list 2-65
access-controlled profile 2-127
access-controlled profile 2-71
access-controlled virtual ap 2-127
access-controlled virtual ap 2-71
access-list 2-55
accounting interim update 2-61
accounting interim update 2-65
active 2-110
active 2-112
active 2-115
active 2-118
active 2-128
active 2-157
* active 2-160
active 2-71
active 2-86
active 2-97
active-directory check attribute 2-45
active-directory check user access 2-45
active-directory device name 2-45
active-directory domain 2-45
active-directory group 2-46
active-directory group name 2-128
active-directory group order 2-46
active-directory join 2-46
add ip-qos profile 2-98
* admin local authentication 2-12
* admin radius authentication 2-12
* admin radius authentication server 2-12
* ads presentation 2-49
* ads presentation interval 2-49
* ads presentation with frameset 2-52
allowed downtime 2-157
antenna bidirectionnal 2-151
antenna gain 2-151
ap group 2-130
ap name 2-130
arp 2-5
arp polling interval 2-65
arp polling max count 2-66
arping 2-2
arping 2-5
authentication 2-112
authentication http 2-52
authentication https 2-52
* authentication profile vsc 2-160
authentication server access controller 2-90
authentication server accounting 2-90
authentication server accounting radius profile 2-90
* authentication server radius 2-160
authentication server radius 2-90
authentication server request radius cui 2-91
* authorize_net installation id 2-51
* authorize_net payment url 2-52
* authorize_net transaction key 2-52
autochannel skip 2-151
bandwidth 2-100
bandwidth control internet-port 2-39
bandwidth control internet-port high 2-39
bandwidth control internet-port low 2-40
bandwidth control internet-port max-rate 2-40
bandwidth control internet-port normal 2-41
bandwidth control internet-port very-high 2-41
bandwidth default rates 2-100
bandwidth default rates maximum 2-100
bandwidth level 2-66
beacon dtim count 2-97
beacon interval 2-152
beacon transmit power 2-97
bridge protocol ieee 2-137
bridge protocol ieee vlan 2-138
certificate 2-9
certificate binding 2-9
certificate ipsec ca 2-35
certificate ipsec local 2-35
certificate ipsec revocation 2-35
certificate revocation 2-9
certificate ssl 2-36
chargeable user identity 2-72
cipher 2-112
* client data tunnel security 2-47
clock 2-18
* clock auto adjust dst 2-19
* clock custom dst begins 2-19
* clock custom dst begins format 2-20
* clock custom dst ends 2-20
* clock custom dst ends format 2-20
clock timezone 2-19
* clock use custom dst rules 2-19
*
community 2-126
config 2-130
config 2-132
config 2-133
config 2-7
config file 2-56
config-update automatic 2-21
config-update operation 2-21
config-update time 2-21
config-update uri 2-22
config-update weekday 2-22
config-version 2-43
contact 2-131
control method 2-72
controlled network 2-8
country code 2-146
credentials 2-86
daily restriction 2-122
data rate 2-97
delete ip-qos profile 2-98
delete ip-qos profile all 2-98
dhcp mode 2-16
* dhcp public ip default lease period 2-9
xxv
* dhcp public ip subnet 2-9
dhcp relay 2-101
dhcp relay 2-17
dhcp relay access centralized clients 2-18
dhcp relay access lan 2-18
dhcp relay active 2-102
dhcp relay circuit id 2-102
* dhcp relay circuit id 2-17
dhcp relay extend internet port 2-18
dhcp relay remote id 2-102
* dhcp relay remote id 2-18
dhcp relay subnet 2-102
dhcp server 2-102
dhcp server 2-16
dhcp server access centralized clients 2-17
dhcp server access lan 2-17
dhcp server controller 2-16
dhcp server controller discovery 2-16
dhcp server default domain name 2-16
dhcp server default lease period 2-16
dhcp server default permanent lease period 2-16
dhcp server dns 2-102
dhcp server gateway 2-103
dhcp server logout html user 2-17
dhcp server range 2-103
dhcp server subnet 2-103
discovery protocol 2-36
discovery protocol device-id 2-37
discovery provisioning 2-148
distance 2-149
dns domain 2-112
dns domain name 2-147
dns name 2-147
dns provisioning 2-147
dns server 2-112
dns server 2-148
dot11 2-149
dot11 automatic frequency 2-150
dot11 automatic frequency period 2-150
dot11 automatic frequency time 2-150
dot11 automatic transmit-power 2-151
dot11 automatic transmit-power period 2-151
dot11 mode 2-152
dot11n channel extension 2-153
dot11n channel width 2-153
dot11n guard interval 2-153
dot11n multicast rate 2-153
* dot1x authentication 2-160
dot1x authentication 2-90
dot1x reauth 2-136
dot1x reauth 2-42
dot1x reauth period 2-137
dot1x reauth period 2-42
dot1x reauth terminate 2-137
dot1x reauth terminate 2-42
dot1x session page 2-91
dot1x supplicant timeout 2-137
dot1x supplicant timeout 2-43
dual radio binding 2-141
duplex 2-75
duplex 2-77
dynamic key 2-136
dynamic key 2-43
dynamic key interval 2-136
dynamic key interval 2-43
dynamic mode 2-156
* dynamic vlan 2-161
* egress rate 2-161
egress unauthenticated 2-88
egress vlan 2-128
egress vlan 2-141
egress vlan 2-141
* egress vlan 2-66
egress vlan 2-72
enable 2-2
enable vsc services 2-139
encryption key 1 2-89
encryption key format 2-89
end force 2-111
end time 2-122
end time 2-72
* entry 2-164
execute action 2-130
execute action 2-132
execute action 2-133
execute system action 2-130
factory settings 2-10
fail page 2-57
fast authentication 2-98
firewall mode 2-41
firmware-update automatic 2-32
firmware-update start 2-32
firmware-update time 2-32
firmware-update uri 2-32
firmware-update weekday 2-33
force centralize data 2-88
* force flow control 2-161
gateway 2-110
goodbye url 2-57
gre name 2-111
group name 2-132
guest-mode 2-88
html authentication 2-95
html authentication accounting 2-95
html authentication accounting radius profile 2-95
html authentication active-directory 2-96
html authentication local 2-96
html authentication radius 2-96
html authentication radius profile 2-96
html authentication request radius cui 2-96
html authentication timeout 2-96
html redirection 2-100
* http proxy upstream 2-57
https ssl certificate 2-57
identify stations by ip only 2-101
idle timeout 2-61
idle timeout 2-66
idle timeout 2-72
igmp proxy 2-48
igmp proxy downstream interface 2-48
igmp proxy upstream interface 2-48
incoming nat 2-113
incoming traffic network 2-113
ingress interface 2-88
* ingress rate 2-161
* ingress traffic type 2-161
inherit 2-143
inherit 2-144
inherit 2-147
inherit 2-153
inherit 2-155
inherit 2-158
xxvi
inherit 2-159
inherit 8021x 2-137
inherit l3subnets 2-139
inherit local mesh qos 2-138
inherit sensor 2-136
inherit service availability 2-139
* inherit switch ports 2-139
inherit untagged stp 2-138
inherit vlan stp 2-138
initial discovery time 2-157
initial login time allocation 2-122
intercept traffic 2-67
interface 2-113
interface 2-144
interface ethernet 2-10
interface gre 2-11
interface ip 2-11
interface pptp client-default 2-11
interface provisioninig 2-144
interface vlan 2-75
interface vlan 2-77
* interface wireless 2-134
interval 2-86
ip address 2-105
ip address 2-111
ip address 2-148
ip address 2-79
ip address 2-84
ip address alternate 2-83
ip address dhcp client-id 2-80
ip address management 2-84
ip address mode 2-105
ip address mode 2-79
ip assignation 2-144
ip default-gateway 2-106
ip http port 2-13
ip https port 2-13
ip name-server 2-33
ip name-server cache 2-33
ip name-server dynamic 2-33
ip name-server interception 2-34
ip name-server logout-info 2-34
ip name-server switch-on-servfail 2-34
ip name-server switch-over 2-34
ip nat 2-106
ip nat 2-118
ip nat 2-80
ip nat outside source static 2-81
ip provisioning 2-148
ip rip authentication key-chain 2-82
ip rip authentication mode 2-82
ip rip authentication string 2-82
ip route gateway 2-41
ipass id 2-54
ipass login url 2-58
ipass name 2-54
iperf 2-2
iperf 2-4
ipsec policy 2-12
ipsec vlan interface 2-76
ipsec vlan interface 2-78
key 2-120
key chain 2-43
key chain name 2-120
key-string 2-121
l3subnet 2-139
layer3 mobility 2-98
level 2-116
level 2-116
level 2-142
level 2-143
* list name 2-164
local id 2-113
local mesh group 2-134
local mesh ip qos profile 2-138
local mesh provisioning group 2-134
local mesh qos mechanism 2-139
local nas id 2-100
location 2-131
location aware 2-141
location-aware called-station-id content 2-101
location-aware group 2-101
logging destination 2-22
logging facility 2-115
logging host 2-115
logging prefix 2-115
login error url 2-58
login page 2-58
login url 2-58
logo 2-58
* mac authentication 2-162
mac authentication 2-95
mac authentication accounting 2-94
mac authentication accounting radius profile 2-94
mac authentication local 2-95
mac authentication radius profile 2-94
mac authentication remote 2-94
mac authentication request radius cui 2-94
* mac filter list 2-162
* mac list 2-12
mac-address 2-57
managed map max 2-47
mandatory authentication 2-94
matches 2-116
matches 2-143
max input rate 2-67
max output rate 2-67
max user sessions 2-72
max-association 2-89
maximum input octets 2-61
maximum input packets 2-61
maximum output octets 2-62
maximum output packets 2-62
maximum total octets 2-62
maximum total packets 2-62
mesh id 2-157
message 2-116
message 2-117
message 2-142
message 2-142
messages 2-59
minimum snr 2-157
mode 2-113
multicast rate 2-150
multiple radio 2-159
name 2-115
name 2-158
nat limit port range 2-80
nat limit port range size 2-80
nat one-to-one 2-62
nat one-to-one 2-67
noc access interface gre 2-54
xxvii
noc access interface vlan 2-54
noc access internet 2-52
noc access vpn 2-53
noc allow 2-53
noc authentication 2-53
noc ssl ca-certificate 2-59
noc ssl certificate 2-59
notify user location changes 2-60
nslookup 2-2
ntp protocol 2-19
ntp server 2-19
ntp server 2-21
ntp server failure trap 2-21
online time limit 2-123
online time limit 2-123
outgoing traffic network 2-113
passive-interface 2-119
passive-interface 2-82
passive-interface 2-84
* password 2-125
password 2-73
peer id 2-113
peer ip address 2-111
peer ip address 2-114
perfect forward secrecy 2-114
permanent leases 2-110
persistent user information 2-47
persistent user information period 2-47
ping 2-2
ping 2-4
* port 2-126
* port name 2-162
* port type 2-162
* power over ethernet 2-162
pppoe auto-reconnect 2-80
pppoe client user 2-79
pppoe mru 2-81
pppoe mtu 2-81
pppoe unnumbered 2-81
pptp client auto route discovery 2-119
pptp client credentials 2-118
pptp client domain name 2-118
pptp client lcp echo 2-119
pptp client server address 2-118
preshared key 2-114
* priority 2-162
* priority lookup 2-163
process 2-117
process 2-117
process 2-142
process 2-142
product type 2-131
provisioning connectivity 2-134
provisioning discovery 2-134
provisioning local mesh group 2-145
provisioning local mesh key 2-145
provisioning local mesh port 2-145
provisioning local mesh security 2-145
provisioning local mesh security 2-145
provisioning local mesh type 2-146
ps 2-3
public forwarding 2-97
* public ip reservation 2-123
* public ip subnet 2-123
* public ip subnet 2-63
* public ip subnet 2-69
qos 2-98
* quarantine vlan 2-163
quit 2-3
quit 2-5
radio active 2-152
radio active 2-158
radius accounting realms 2-101
radius authentication realms 2-101
radius nas id 2-155
radius profile 2-134
radius server profile 2-86
radius-framed-protocol-attribute 2-103
radius-server accounting port 2-107
radius-server accounting session 2-43
radius-server alternate hosts 2-107
radius-server authentication method 2-107
radius-server authentication port 2-107
radius-server client 2-44
radius-server client 2-46
radius-server deadtime 2-108
radius-server force-nas-port-to-vlanid 2-109
radius-server host 2-108
radius-server key 2 2-108
radius-server local eap-peap 2-44
radius-server local eap-tls 2-44
radius-server local eap-ttls 2-44
radius-server local pap 2-44
radius-server message-authenticator 2-108
radius-server name 2-108
radius-server nasid 2-109
radius-server profile 2-35
radius-server realm 2-109
radius-server realm name 2-109
radius-server ssid detection nas-id 2-44
radius-server timeout 2-109
radius-server timeout 2-109
range 2-110
rcapture 2-5
reboot device 2-10
reboot device 2-4
* receiver 2-126
regular profile 2-128
regular profile 2-73
regular virtual ap 2-128
regular virtual ap 2-73
* remember delay 2-51
* remember html users 2-51
remote configuration 2-36
remote ip address 2-111
renew user profile subscription 2-42
* rf-id aeroscout 2-48
router rip 2-119
router rip 2-82
router rip 2-84
rts threshold 2-152
secure login 2-53
security 2-103
* security 2-125
security 2-156
security mode 2-156
security psk 2-156
security wep 2-156
sensor discovery mode 2-135
sensor network detector 2-136
sensor server id 2-135
sensor server name 2-135
xxviii
service controller ap authentication credentials 2-37
service controller ap authentication enable 2-37
service controller ap authentication file 2-37
service controller ap authentication radius-server 2-37
service controller ap authentication refresh-rate 2-37
service controller ap authentication source file 2-38
service controller ap authentication source local 2-38
service controller ap authentication source radius 2-38
service controller discovery 2-38
service controller discovery interface internet-port 2-38
service controller discovery interface lan-port 2-38
service controller primary 2-39
service controller primary ip addr 2-39
service controller priority 2-39
service controller provisioning 2-39
session page 2-59
session profile 2-36
session profile 2-68
session profile default 2-36
session timeout 2-63
session timeout 2-73
show active-directory 2-46
show active-directory group 2-46
show all config 2-7
show arp 2-5
show bridge 2-5
show bridge forwarding 2-6
show certificate 2-10
show certificate 2-4
show certificate binding 2-10
show certificate binding 2-4
show client log 2-7
show config factory 2-10
show config factory 2-130
show config factory 2-132
show config factory 2-133
show controlled network config 2-8
show discrete pin 2-7
show dns cache 2-6
show interfaces 2-6
* show ip 2-6
show ip dhcp database 2-6
show ip route 2-6
show license 2-3
show logging filtered 2-3
* show mac list 2-12
show radius statistics 2-7
show radius users 2-7
show radius-server 2-45
show satellites 2-6
show session profile 2-36
show subscription plan 2-11
show system info 2-6
show user profiles 2-42
show user profiles details 2-42
show users 2-7
* show web content 2-7
smtp redirection 2-64
smtp redirection setup 2-63
smtp redirection setup 2-68
snmp-server 2-23
snmp-server access interface gre 2-27
snmp-server access interface vlan 2-26
snmp-server access lan 2-27
snmp-server access port-1 2-23
snmp-server access port-2 2-27
snmp-server access vpn 2-27
snmp-server allow 2-23
snmp-server chassis-id 2-23
snmp-server contact 2-24
snmp-server heartbeat period 2-24
snmp-server location 2-24
* snmp-server notification receiver 2-28
snmp-server port 2-24
snmp-server readonly 2-24
snmp-server readwrite 2-25
snmp-server trap 2-25
snmp-server trap certificate-expired 2-13
snmp-server trap certificate-expires-soon 2-13
snmp-server trap community 2-25
snmp-server trap config-change 2-22
snmp-server trap config-update 2-22
snmp-server trap destination 2-25
snmp-server trap firmware-update 2-33
snmp-server trap heartbeat 2-25
snmp-server trap link-state 2-26
snmp-server trap network-trace 2-31
snmp-server trap new-satellite-detected 2-27
snmp-server trap satellite-unreachable 2-28
snmp-server trap snmp-authentication 2-26
snmp-server trap syslog-matches 2-31
snmp-server trap syslog-matches regex 2-31
snmp-server trap syslog-severity 2-23
snmp-server trap syslog-severity level 2-31
snmp-server trap vpn-connection 2-31
snmp-server trap web-fail 2-13
snmp-server trap web-login 2-14
snmp-server trap web-logout 2-14
* snmp-server user 2-28
* snmp-server version 1 2-26
* snmp-server version 2c 2-26
* snmp-server version 3 2-26
snr cost per hop 2-157
soap-server 2-28
soap-server access interface gre 2-30
soap-server access interface vlan 2-28
soap-server access lan 2-30
soap-server access port-1 2-29
soap-server access port-2 2-29
soap-server access vpn 2-31
soap-server allow 2-29
soap-server http authentication 2-29
soap-server http authentication password 2-29
soap-server http authentication username 2-30
soap-server port 2-30
soap-server ssl 2-30
soap-server ssl with client certificate 2-30
spectralink view 2-153
speed 2-75
speed 2-77
ssid name 2-89
* sslv2 authentication 2-53
start time 2-123
static ip 2-145
station allocate source ip address 2-49
station allow any ip address 2-49
station distance 2-151
station free access 2-50
station http proxy support 2-50
station idle detection 2-50
subscription plan 2-11
subscription plan 2-73
xxix
subscription plan name 2-123
* switch port 2-135
syslog 2-135
system accounting 2-51
termination action 2-68
top 2-3
traceroute 2-3
transmit key 2-90
transmit power 2-150
transport page 2-59
upstream diffserv tagging 2-99
use access-list 2-56
use access-list unauth 2-56
* user 2-126
user defined attribute 2-69
* user name 2-125
user profile 2-42
user tracking 2-46
user tracking destination 2-47
user tracking filter 2-47
user tracking port 2-47
username 2-10
username 2-74
* version 2-126
virtual ap 2-11
virtual ap binding 2-132
virtual ap name 2-87
vlan 2-144
vlan 2-145
* vlan 2-163
vlan 2-89
vlan name 2-106
web access interface gre 2-15
web access interface vlan 2-15
web access internet-port 2-15
web access lan 2-15
web access lan-port 2-15
web access vpn 2-15
web admin kickout 2-14
web allow 2-14
welcome url 2-60
wireless filters 2-91
wireless filters mac 2-92
wireless filters rule input 2-92
wireless filters rule output 2-92
wireless filters type 2-93
wispr abort login url 2-54
wispr login url 2-55
wispr logoff url 2-55
wmm advertising 2-100
world-mode dot11 country code 2-14
* worldpay installation id 2-51
* worldpay payment response password 2-51
* worldpay payment url 2-51
wpa-psk 2-91
xxx
Chapter 1: Introduction
Introduction
Contents
About this guide ...........................................................................................................1-2
Products covered................................................................................................... 1-2
HP ProCurve Product Naming............................................................................. 1-2
Important terms..................................................................................................... 1-3
Typographical conventions ..................................................................................1-3
HP ProCurve Networking support............................................................................. 1-4
1
Online documentation .................................................................................................1-5
Configuring CLI support.............................................................................................. 1-5
SSH client support.................................................................................................1-6
Entering strings ............................................................................................................1-6
Context hierarchy ........................................................................................................1-7
Sample CLI session ......................................................................................................1-8
File transfer...................................................................................................................1-8
Introduction
About this guide
About this guide
This guide explains how to work with the Command Line Interface (CLI) on HP ProCurve
Networking MSM7xx Controllers.
Products covered
This guide covers the following products:
Model Part
MSM710 Access Controller J9328A
MSM710 Mobility Controller J9325A
MSM730 Access Controller J9329A
MSM730 Mobility Controller J9326A
MSM750 Access Controller J9330A
MSM750 Mobility Controller J9327A
MSM760 Access Controller J9420A
MSM760 Mobility Controller J9421A
MSM765 Mobility Controller J9370A
HP ProCurve Product Naming
As of October 1st, 2008, Colubris Networks was acquired by HP ProCurve. HP ProCurve has
begun integrating the Colubris product line into the HP ProCurve Networking product
portfolio (www.procurve.com/news/colubris-10-01-08.htm).
In the online help and this manual, Colubris product names have been changed to their
equivalent HP ProCurve product names.
Note SOAP and SNMP MIBs retain the Colubris naming so you do not need to change your existing
SOAP and MIB usage.
The Colubris Networks product names and their corresponding new HP ProCurve product
names are as follows:
Colubris name HP ProCurve name
MSC-5100 MultiService Controller MSM710 Controller
MSC-5200 MultiService Controller MSM730 Controller
MSC-5500 MultiService Controller MSM750 Controller
MAP-320 MultiService Access Point MSM310 Access Point
1-2
Colubris name HP ProCurve name
MAP-320R MultiService Access Point MSM310-R Access Point
Introduction
About this guide
MAP-330 MultiService Access Point MSM320 Access Point
MAP-330R MultiService Access Point MSM320-R Access Point
MAP-330 AP+Sensor MultiService Access Point MSM325 Access Point with Sensor
MAP-625 MultiService Access Point MSM422 Access Point
MAP-630 AP+Sensor MultiService Access Point MSM335 Access Point with Sensor
WCB-200 Wireless Client Bridge M111 Client Bridge
Visitor Management Tool Guest Management Software
RF Manager 1500 Enterprise RF Manager 100 IDS/IPS system
RF Manager 1300 Basic RF Manager 50 IDS/IPS system
RF Planner RF Planner
Important terms
The following terms are used in this guide.
Ter m Description
AP Refers to any HP ProCurve Networking MSM3xx or MSM4xx
Access Point.
service controller Refers to any HP ProCurve Networking MSM7xx Controller,
including both Access Controller and Mobility Controller
variants.
VSC, Virtual ap, VAP These terms are used interchangeably to refer to VSC (Virtual
Service Community).
Typographical conventions
Command syntax
Command syntax is formatted in a monospaced font as follows:
Example Description
web admin kickout
ip http port <number>
Items in plain text must be entered as shown.
Items in italics and enclosed in < > are parameters for
which you must supply a value. In this example, you
must supply a value for <number>.
1-3
Introduction
HP ProCurve Networking support
Example Description
end [force]
firewall mode (high|low|none)
Items enclosed in square brackets are optional. You
can either include them or not. Do not include the
brackets. In this example you can either include
“force” or omit it.
Items enclosed in parenthesis and separated by a
vertical line indicate a choice. Specify only one of the
items. In this example, you must specify ’high’, ’low’, or
’none’.
Management tool
When referring to the management tool interface, the Main menu name is presented first
followed by a right angle-bracket and then the sub-menu name, as in Network > Ports.
Double angle brackets >> separate elements that appear in the Network Tree from main
menu and sub-menu references, as in Service Controller >> Status.
HP ProCurve Networking support
HP ProCurve Networking offers support 24 hours a day, seven days a week through a number
of automated electronic services. See the Customer Support/Warranty booklet included with
your product.
The HP ProCurve Networking Web site, www.procurve.com/customercare provides up-to-
date support information.
Additionally, your HP-authorized network reseller can provide you with assistance, both with
services that they offer and with services offered by HP.
Before contacting support
To make the support process most efficient, before calling your networking dealer or HP
Support, you first should collect the following information:
Collect this information Where to find it
Product identification. On the rear of the product.
Software version. The service controller management tool
Network topology map, including the
addresses assigned to all relevant devices.
Login page.
Your network administrator.
1-4
Introduction
Online documentation
Online documentation
For the latest documentation, visit the HP ProCurve Networking manuals Web page at:
www.procurve.com/manuals.
Configuring CLI support
Using the service controller management tool, open the CLI configuration page. Select
Service controller >> Management > CLI.
Use this page to enable/disable CLI support via an SSH or serial connection. A maximum of
three concurrent CLI sessions are supported regardless of the connection type.
The CLI supports SSH on the standard TCP port (22).
Connectivity and login credentials for SSH connections use the same settings as defined for
the management tool manager on the Service Controller >> Management > Management
tool page.
1-5
Introduction
Entering strings
SSH connections to the CLI can be made on any active interface. Support for each
interface must be explicitly enabled under Security.
The login credentials for SSH connections are the same as those defined under Manager
account. By default, both username and password are set to admin.
Note SSH logins always use the local manager username and password, even if Administrative
user authentication is set to use a RADIUS server. (The Administrative user
authentication option is not available on all models.)
SSH client support
The following SSH clients have been tested with the CLI. Others may work as well:
OpenSSH
Tect ia
SecureCRT
Putty
Entering strings
When entering a value that contains spaces, you must enclose it in quotation marks. For
example, if the command syntax is:
ssid <name>
You must specify one of the following:
ssid ANameWithNoSpaces
ssid "A name with spaces"
1-6
Introduction
Context hierarchy
Context hierarchy
CLI commands are grouped into functional contexts. The following table show the context
hierarchy and the command used to switch from the parent context:
Context hierarchy Command to switch from parent context
View context (This is the first context. No command is needed.)
Enable context enable
Config context config
WAN IP interface context interface ip wan
LAN IP interface context interface ip lan
Internet interface context interface ethernet port-2
VLAN interface context interface vlan <id>[-<id2>]
LAN interface context interface ethernet port-1
VLAN interface context interface vlan <id>[-<id2>]
PPTP client interface interface pptp client-default
GRE interface context interface gre <name>
Virtual AP context virtual ap <name>
Subscription plan subscription plan <name>
List of MAC addresses context mac list <name>
IPsec policy context ipsec policy <name>
DHCP server context dhcp server lan
Syslog destination context logging destination <name>
SNMP user context snmp-server user <name>
SNMP notification receiver context snmp-server notification receiver <host>
RADIUS context radius-server profile <name>
Access Controller context access controller
Default Session profile context session profile default
Session profile context session profile <name>
RADIUS remote configuration context remote configuration radius
User Profile context user profile <name>
Keychain context key chain <name>
Keys context key <number>
Active Directory Group context active-directory group <name>
Controlled Network AP context controlled network (ap <name> [<mac>]
Controlled Network context config
CN Wireless interface context interface wireless (single|dual|triple) <number>
RADIUS Profile context radius profile <profile>
Local mesh profile context local mesh group <group>
Provisioning connectivity context provisioning connectivity
Provisioning discovery context provisioning discovery
Syslog context syslog
Switch port context switch port <name>
Controlled Network AP Group context controlled network (group <name> [<mac>]
Virtual AP Binding context virtual ap binding <profile>
Controlled Network context config
CN Wireless interface context interface wireless (single|dual|triple) <number>
RADIUS Profile context radius profile <profile>
Local mesh profile context local mesh group <group>
Provisioning connectivity context provisioning connectivity
Provisioning discovery context provisioning discovery
Syslog context syslog
Switch port context switch port <name>
Controlled Network Base Group context controlled network base
Controlled Network context config
CN Wireless interface context interface wireless (single|dual|triple) <number>
RADIUS Profile context radius profile <profile>
Local mesh profile context local mesh group <group>
Provisioning connectivity context provisioning connectivity
Provisioning discovery context provisioning discovery
Syslog context syslog
Switch port context switch port <name>
Local mesh provisioning profile context local mesh provisioning group
Local mesh provisioning profile context local mesh provisioning group
Local mesh provisioning profile context local mesh provisioning group
1-7
Introduction
Sample CLI session
Sample CLI session
This sample CLI session shows you how to set the WAN port to use a static IP address,
disable NAT, and add an alternate IP address. (The CLI prompt is shown in bold.)
CLI> enable
CLI# config
CLI(config)# interface ip wan
CLI(config-if-ip)# ip address 192.168.66.1/24
CLI(config-if-ip)# ip address mode static
CLI(config-if-ip)# no ip nat
CLI(config-if-ip)# ip address alternate 192.168.23.56
CLI(config-if-ip)# end
CLI(config)# end
CLI# quit
File transfer
In some cases you may need to transfer files (certificates or configuration) to the service
controller. Commands that have this capability typically include <uri> or <url> in their
parameter list.
Note When you enter the commands discussed here, the files are transferred immediately.
File transfer can be performed in two ways.
A. The service controller gets the file using a URL
Transfer a certificate file using ftp. For example:
certificate ipsec ca ftp://ftp.example.com/certificate/my-root-certificate.pem
B. Send a file to the service controller
Using SFTP (available with OpenSSH or SSH), authenticate with the CLI credentials. Then
send the file to the service controller. For example:
sftp msm710.mycompany.com
>login: admin
>password: ****
>put my-root-certificate.pem
file transferred (1k)
>quit
In the CLI, use the local://<filename> parameter in the URL. Replace <filename> with the
filename you used to transfer using SFTP. For example:
CLI(config)# certificate ipsec ca local://my-root-certificate.pem
1-8
Chapter 2: CLI commands
CLI commands
2
CLI commands
View context
Path: View
This is the root of the command tree.
arping
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
arping [ -AbDfhqUV] [ -c <count>] [ -w <deadline>] [ -s <source>] -I <interface>
<destination>
Pings a destination on a device interface using ARP packets.
enable
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
enable
Switches to the enable context.
iperf
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
iperf -c host [-t time]
Runs a performance throughput test.
Parameters
<-c host> The IP address or DNS name of the iperf server to connect to.
<-t length> Length of the throughput test in seconds.
nslookup
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
nslookup [ -option authentication ] [ <host-to-find> | - [< server> ]]
Queries DNS servers for information on hosts or domains.
ping
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ping <host> [-c <count>] [-s <length>] [-q]
Determines if the specified remote IP address is active.
Parameters
<-c host> The IP address or DNS name of the host to ping.
<-c count> Number of pings.
<-s length> Length of the ping datagram.
<-q> Quiet mode. No output.
2-2
ps
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ps
Displays all running processes.
quit
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
quit
Quits the CLI.
show license
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show license (eula | gpl | other)
CLI commands
Displays license information.
show logging filtered
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show logging [filtered]
Displays the system log.
top
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
top
Displays all running processes.
traceroute
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
traceroute [-n] [-r] [-v] [-m <max_ttl>] [-p <port#>] [-q <nqueries>] [-s
<src_addr>] [-t <tos>] [-w <wait>] <host> [<data size>]
Show the hosts that are traversed to reach the specified IP address.
2-3
CLI commands
Enable context
Path: View > Enable
This context provides access to various utilities.
reboot device
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
reboot device
Restarts the system.
show certificate
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show certificate
Display current certificates.
show certificate binding
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show certificate binding
Display how the certificates are used.
iperf
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
iperf -c host [-t time]
Runs a performance throughput test.
Parameters
<-c host> The IP address or DNS name of the iperf server to connect to.
<-t length> Length of the throughput test in seconds.
ping
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ping <host> [-c <count>] [-s <length>] [-q]
Determines if the specified remote IP address is active.
Parameters
<-c host> The IP address or DNS name of the host to ping.
<-c count> Number of pings.
<-s length> Length of the ping datagram.
<-q> Quiet mode. No output.
2-4
CLI commands
arping
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
arping [ -AbDfhqUV] [ -c <count>] [ -w <deadline>] [ -s <source>] -I <interface>
<destination>
Pings a destination on a device interface using ARP packets.
arp
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
arp [-evn] [-H <type>] [-i if] ?- [<hostname>] arp [-v] [-i if] -d <hostname>
[pub] arp [-v] [-H <type>] [-i if] -s <hostname> <hw_addr> [temp] arp [-v] [-H
<type>] [-i if] -s <hostname> <hw_addr> [<netmask> <nm>] <pub> arp [-v] [-H
<type>] [-i if] -Ds <hostname> ifa [<netmask> <nm>] <pub>
Displays and modifies the Internet-to-Ethernet address translation tables used by the address
resolution protocol.
end
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
end
Switches to parent context.
quit
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
quit
Exit the enable context.
rcapture
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
rcapture [<a>] [<b>] [<c>] [<d>] [<e>] [<f>] [<g>] [<h>]
Sends port capture to an FTP server.
Refer to Linux documentation for a complete description of this command and its options.
show arp
Supported on: MSM710 MSM730
show arp
Show the ARP table.
MSM750 MSM760 MSM765zl
show bridge
Supported on: MSM710 MSM730
show bridge
MSM750 MSM760 MSM765zl
Show bridge information.
2-5
CLI commands
show bridge forwarding
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show bridge forwarding
Show bridge forwarding information.
show dns cache
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show dns cache [<serial>]
Show DNS cache entries. Specify a serial number to display detailed information.
show interfaces
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show interfaces
Show networking interfaces.
show ip
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show ip
Show all IP addresses, mask, MTU, and MAC addresses.
show ip route
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show ip route
Show all IP routes.
show system info
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show system info
2-6
Show basic system information.
show ip dhcp database
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show ip dhcp database
Show the DHCP server lease database.
show satellites
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show satellites [<deviceid>]
Show current satellites of this access point.
show web content
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show web content
CLI commands
Show all files inside the access points detected nearby.
show client log
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show client log [<macaddr>]
Display client station log. Enter the MAC address to display more details for a specific client
station.
show radius statistics
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show radius statistics
Show RADIUS server statistics.
show radius users
Supported on: MSM710 MSM730 MSM750 MSM760
show radius users [<filter>]
Show users that are using RADIUS accounting.
MSM765zl
show users
Supported on: MSM710 MSM730 MSM750 MSM760
show users [<filter>]
Show all users of this service controller.
show discrete pin
Supported on: MSM710 MSM730 MSM750
show discrete pin
Display the state of the discrete pin.
config
Supported on: MSM710 MSM730 MSM750
config
Switches to the config context.
MSM760 MSM765zl
MSM760 MSM765zl
show all config
Supported on: MSM710 MSM730 MSM750 MSM760
show all config
MSM765zl
MSM765zl
Print all configuration that applies to this device.
2-7
CLI commands
controlled network
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
controlled network (ap | group | base) [<name>] [<mac>]
Create/use the controlled network entity.
show controlled network config
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show controlled network config
Print configuration for all Controlled Network entities.
2-8
Config context
Path: View > Enable > Config
This is the root context for all configuration commands.
dhcp public ip default lease period
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
CLI commands
dhcp public ip default lease period <number>
Sets the default lease time for the DHCP public IP subnet pool.
dhcp public ip subnet
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dhcp public ip subnet
Enable DHCP server IP Address pool for Access Controller public IP subnet functionality.
no dhcp public ip subnet
Disable DHCP server IP Address pool for Access Controller public IP subnet functionality.
certificate
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
certificate (authority | local) <uri> <certname> [<password>]
Add a new certificate to the store, using the friendly name.
certificate binding
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
certificate binding (web-management | html-auth | soap | eap) <certname>
Assign a certificate to a service.
no certificate binding (web-management | html-auth | soap | eap) <certname>
Unassign a certificate from a service.
certificate revocation
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
certificate revocation <uri> <certname>
Add a Certificate Revocation List to an existing authority certificate.
end
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
end
Switches to parent context.
2-9
CLI commands
factory settings
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
factory settings
Resets the system configuration to factory default settings.
interface ethernet
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
interface ethernet (port-1|port-2)
Switches to the specified Ethernet interface context.
reboot device
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
reboot device
Restarts the system.
show certificate
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show certificate
Display current certificates.
show certificate binding
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show certificate binding
Display how the certificates are used.
show config factory
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show config [factory]
Generates a list of CLI commands that can be used to define the currently loaded configuration.
username
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
username <user> <password>
Changes the current administrator username and password.
Parameters
<user> New administrator username.
<password> New administrator password.
2-10
interface ip
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
interface ip (lan | wan)
CLI commands
Switches to the specified IP interface context.
interface pptp client-default
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
interface pptp client-default
Switches to the PPTP client interface context.
interface gre
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
interface gre <name>
Switches to the specified GRE interface or creates a new GRE interface with the specified name.
no interface gre <name>
Deletes the specified GRE interface.
virtual ap
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
virtual ap <name>
Creates a new VAP (VSC) profile or switches to the existing VAP (VSC) context with the specified
name.
no virtual ap <name>
Deletes the specified Virtual AP profile.
Parameters
name Name of an existing or new VAP (VSC) profile.
show subscription plan
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show subscription plan [<name>]
Display one or many subscription plans.
subscription plan
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
subscription plan <name>
Add a new subscription plan.
no subscription plan <name>
Delete a subscription plan.
2-11
CLI commands
mac list
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
mac list <name>
Edit a MAC list.
no mac list <name>
Delete a MAC list by name.
show mac list
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show mac list [<name>]
Display current MAC list, or one list in detail.
ipsec policy
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ipsec policy <name>
Switches to the specified IPSec policy or creates a new IPSec policy with the specified name.
admin local authentication
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
admin local authentication
Enable the authentication of administrator logins to occur using local account.
no admin local authentication
Disable administrator authentication via local account.
admin radius authentication
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
admin radius authentication
Sets the authentication of administrator logins to occur using RADIUS.
no admin radius authentication
Disable administrator authentication via RADIUS.
admin radius authentication server
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
admin radius authentication server <name>
Sets the authentication of administrator logins to occur using RADIUS.
2-12
CLI commands
ip http port
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ip http port <number>
Sets the port number to use for HTTP access to the service controller.
Parameters
<number> Port number. Range: 1 - 65535.
Description
HTTP connections made to this port are met with a warning and the browser is redirected to the
secure web server port. By default. this parameter is set to port 80.
ip https port
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ip https port <number>
Sets the port number used for HTTPS access to the service controller.
Parameters
<number> Port number. Range: 1 - 65535.
snmp-server trap certificate-expired
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap certificate-expired
Send a trap when the SSL certificate has expired. A trap is sent every 12 hours.
no snmp-server trap certificate-expired
Do not send a trap when the SSL certificate has expired.
snmp-server trap certificate-expires-soon
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap certificate-expires-soon
Send a trap when the SSL certificate is about to expire. A trap is sent every 12 hours starting 15
days before the certificate expires.
no snmp-server trap certificate-expires-soon
Do not send a trap when the SSL certificate is about to expire.
snmp-server trap web-fail
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap web-fail
Send a trap each time an administrator login is refused.
no snmp-server trap web-fail
Do not send a trap each time an administrator login is refused.
2-13
CLI commands
snmp-server trap web-login
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap web-login
Send a trap each time an administrator login is accepted.
no snmp-server trap web-login
Do not send a trap each time an administrator login is accepted.
snmp-server trap web-logout
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap web-logout
Send a trap each time an administrator logs out.
no snmp-server trap web-logout
Do not send a trap each time an administrator logs out.
web admin kickout
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
web admin kickout
Enables a new administrator login to terminate an existing administrator session.
no web admin kickout
Stops a new administrator from logging in until an existing administrator logs out.
web allow
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
web allow <ip address>/<mask>
Adds an address to the list of hosts that can access the management tool.
no web allow <ip address>/<mask>
Removes the specified address from the list of hosts that can access the management tool.
Parameters
<address> IP address.
</mask> Subnet mask in CIDR format. Specifies the number of bits in the mask.
2-14
world-mode dot11 country code
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
world-mode dot11 country code <code>
Specifies the country the service controller is operating in.
Parameters
<code> An ISO3166 three-letter country code.
web access internet-port
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
web access internet-port
Enables access to the management tool via the Internet port.
no web access internet-port
Blocks access to the management tool via the Internet port.
web access lan-port
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
web access lan-port
Enables access to the management tool via the LAN port.
no web access lan-port
Blocks access to the management tool via the LAN port.
web access interface vlan
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
web access interface vlan <name>
CLI commands
Enables access to the management tool via the specified VLAN.
no web access interface vlan <name>
Removes access to the management tool for the specified VLAN.
web access interface gre
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
web access interface gre <name>
Enables access to the management tool via the specified GRE tunnel.
no web access interface gre <name>
Disables access to the management tool via the specified GRE tunnel.
web access lan
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
web access lan
Enables access to the management tool via the LAN port.
no web access lan
Blocks access to the management tool via the LAN port.
web access vpn
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
web access vpn
Enables access to the management tool via a VPN connection.
2-15
CLI commands
no web access vpn
Blocks access to the management tool via a VPN connection.
dhcp mode
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dhcp mode (server | relay | none)
Sets whether the service controller operates as a DHCP server or DHCP relay agent.
dhcp server
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dhcp server lan
Switches to the DHCP server context.
dhcp server default domain name
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dhcp server default domain name <domain>
Sets the DHCP server domain name.
dhcp server default lease period
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dhcp server default lease period <number>
Sets the default lease time for the DHCP server.
dhcp server default permanent lease period
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dhcp server default permanent lease period <number>
Sets the permanent lease time for the DHCP server.
dhcp server controller
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dhcp server controller <ip address>
Add the IP address to the list of controllers.
no dhcp server controller <ip address>
Remove the IP address from the list of controllers.
dhcp server controller discovery
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dhcp server controller discovery
2-16
Send the list of controller IP addresses with DHCP answers.
no dhcp server controller discovery
Do not send the list of controller IP addresses with DHCP answers.
dhcp server logout html user
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dhcp server logout html user
Logout HTML user upon discover request.
no dhcp server logout html user
CLI commands
Do not logout HTML user upon discover request.
dhcp server access centralized clients
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dhcp server access centralized clients
Listen for DHCP requests from centralized access-controlled client stations.
no dhcp server access centralized clients
Do not listen for DHCP requests from centralized access-controlled client stations.
dhcp server access lan
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dhcp server access lan
Listen for DHCP requests on the LAN interface.
no dhcp server access lan
Do not listen for DHCP requests on the LAN interface.
dhcp relay
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dhcp relay <primary-ip-address> <[secondary-ip-address]>
Sets the primary and secondary DHCP server for the relay.
dhcp relay circuit id
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dhcp relay circuit id <string>
Sets the Option 82 circuit ID.
no dhcp relay circuit id
Clears the Option 82 circuit ID.
2-17
CLI commands
dhcp relay remote id
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dhcp relay remote id <string>
Sets the Option 82 remote ID.
no dhcp relay remote id
Clears the Option 82 remote ID.
dhcp relay access centralized clients
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dhcp relay access centralized clients
Listen for DHCP requests from centralized access-controlled client stations.
no dhcp relay access centralized clients
Do not listen for DHCP requests from centralized access-controlled client stations.
dhcp relay access lan
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dhcp relay access lan
Listen for DHCP requests on the LAN interface.
no dhcp relay access lan
Do not listen for DHCP requests on the LAN interface.
dhcp relay extend internet port
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dhcp relay extend internet port
Alter DHCP requests so they appear from the Internet port.
no dhcp relay extend internet port
Do not alter DHCP requests.
clock
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
clock <time> <date>
Sets the system time and date.
Parameters
<time> Time as hh:mm:ss. For example: 15:44:00.
<date> Date as dd Month yyyy. For example: 17 Oct 2004.
2-18
CLI commands
clock auto adjust dst
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
clock auto adjust dst
Automatically adjust clock for daylight savings changes.
no clock auto adjust dst
Do not automatically adjust clock for daylight savings changes.
clock timezone
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
clock timezone <gmtdiff>
Sets the time zone the service controller is operating in.
Parameters
<gmtdiff> Offset from GMT as follows: +-HOUR:MIN. For example, Eastern Standard
time is -5:00.
clock use custom dst rules
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
clock use custom dst rules
Use custom DST rules instead of default ones.
no clock use custom dst rules
Do not use custom DST rules, use default ones.
ntp protocol
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ntp protocol (ntp | sntp)
Sets the network time protocol to use.
ntp server
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ntp server
Enable this option to have the service controller periodically contact a network time server to
update its internal clock.
no ntp server
Disables the use of a network time server.
clock custom dst begins
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
clock custom dst begins <day> <weekday> <month> <time>
Set parameters of the rule defining the beginning of daylight savings time.
2-19
CLI commands
Parameters
<day> Day of the month. Range 1 - 31.
<weekday> Weekday. Valid values are: "sun", "mon", "tue", "wed", "thu", "fri", "sat".
<month> Month. Valid values are: "jan", "feb", "mar", "apr", "may", "jun", "jul", "aug",
"sep", "oct", "nov", "dec".
<time> Time as hh:mm[:ss]. For example: 15:44:00.
If a parameter does not apply to the configured DST rule format, simply set this parameter to any
valid value.
clock custom dst begins format
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
clock custom dst begins format (fixed | last-weekday | following-date |
preceding-date)
Set the format of the custom DST rule.
Parameters
<fixed> Rule of the form: The [Day]th of [Month] at [Time].
<last-weekday> Rule of the form: The last [Weekday] of [Month] at [Time].
<following-date> Rule of the form: The first [Weekday] on or after the [Day]th of [Month] at
<preceding-date> Rule of the form: The first [Weekday] on or before the [Day]th of [Month]
[Time].
at [Time].
clock custom dst ends
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
clock custom dst end <day> <weekday> <month> <time>
Set parameters of the rule defining the end of daylight savings time.
Parameters
<day> Day of the month. Range 1 - 31.
<weekday> Weekday. Valid values are: "sun", "mon", "tue", "wed", "thu", "fri", "sat".
<month> Month. Valid values are: "jan", "feb", "mar", "apr", "may", "jun", "jul", "aug",
"sep", "oct", "nov", "dec".
<time> Time as hh:mm[:ss]. For example: 15:44:00.
If a parameter does not apply to the configured DST rule format, simply set this parameter to any
valid value.
2-20
clock custom dst ends format
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
clock custom dst ends format (fixed | last-weekday | following-date | precedingdate)
Set the format of the custom DST rule.
Parameters
<fixed> Rule of the form: The [Day]th of [Month] at [Time].
<last-weekday> Rule of the form: The last [Weekday] of [Month] at [Time].
CLI commands
<following-date>
Rule of the form: The first [Weekday] on or after the [Day]th of [Month] at
[Time].
<preceding-date> Rule of the form: The first [Weekday] on or before the [Day]th of [Month]
at [Time].
ntp server
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ntp server <index><host>
Adds a network time server.
Parameters
<index> Index of the time server in the list. Up to 20 time servers are supported.
Time servers are checked in the order that they appear in the list.
<host> DNS name or IP address of the time server.
ntp server failure trap
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ntp server failure trap
Send a trap each time a time server synchronization failed.
no ntp server failure trap
Do not send a trap each time a time server synchronization failed.
config-update automatic
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
config-update automatic
Enables scheduled configuration restore or backup.
no config-update automatic
Disables scheduled configuration restore or backup.
The service controller can automatically download the configuration file from a local or remote
URL (restore). It is also possible to upload the current configuration to a given URL (backup).
Theses operations can be done at preset times.
config-update operation
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
config-update operation (restore | backup)
Sets the type of operation that will take place at the preset time.
config-update time
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
config-update time <time>
Sets the time of day when the scheduled configuration operation (backup or restore) will take
place.
2-21
CLI commands
Parameters
<time> Time as hh:mm:ss. For example: 15:44:00.
config-update uri
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
config-update uri <uri>
Sets the URI where the service controller will download or upload the configuration file.
no config-update uri
Clears the configuration file URI.
config-update weekday
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
config-update weekday (everyday | monday | tuesday | wednesday | thursday |
friday | saturday | sunday)
Sets the day when the scheduled configuration operation (backup or restore) will take place.
snmp-server trap config-change
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap config-change
Send a trap whenever the configuration is changed.
no snmp-server trap config-change
Do not send this trap.
snmp-server trap config-update
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap config-update
2-22
Send a trap whenever the firmware is updated.
no snmp-server trap config-update
Do not send this trap.
logging destination
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
logging destination <name>
Creates a new remote destination for syslog.
no logging destination <name>
Deletes the specified syslog destination.
Parameters
<name> Name of syslog destination. Use the name "local" to edit your local log file
settings. Any other name will edit/create a remote log destination.
snmp-server trap syslog-severity
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap syslog-severity
Set the severity level of syslog messages that will trigger a trap.
no snmp-server trap syslog-severity
Do not send this trap.
snmp-server
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server
CLI commands
Enables the SNMP agent.
no snmp-server
Disables the SNMP agent.
snmp-server access port-1
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server access port-1
Enables SNMP access on the downstream port.
no snmp-server access port-1
Blocks SNMP access on the downstream port.
snmp-server allow
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server allow <ip address>/<mask>
Adds a host to the list of IP address from which access to the SNMP interface is permitted.
no snmp-server allow <ip address>/<mask>
Removes a host from the list of IP address from which access to the SNMP interface is permitted.
Parameters
<address> IP address.
</mask> Subnet mask in CIDR format. Specifies the number of bits in the mask.
snmp-server chassis-id
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server chassis-id <name>
Specifies a name to identify the service controller. By default, this is set to the serial number of the
service controller.
no snmp-server chassis-id
Deletes the system name.
2-23
CLI commands
snmp-server contact
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server contact <email>
Specifies contact information.
no snmp-server contact
Deletes contact information.
Parameters
<email> Email address.
snmp-server heartbeat period
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server heartbeat period <seconds>
Sets the interval between sending heartbeat traps.
Parameters
<seconds> Heartbeat interval in seconds.
snmp-server location
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server location <name>
Specifies the location where the service controller is installed.
no snmp-server location
Deletes location information.
Parameters
<name> Location where the service controller is installed.
snmp-server port
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server port <port number>
Sets the port the service controller will use to respond to SNMP requests.
Parameters
<port number> SNMP port number. Range 1 - 65535.
snmp-server readonly
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server readonly <community>
Sets the read-only community string.
no snmp-server readonly
Deletes the read-only community string.
2-24
snmp-server readwrite
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server readwrite <community>
CLI commands
Sets the read-write community string.
no snmp-server readwrite
Deletes the read-write community string.
snmp-server trap
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap
Enables support for SNMP traps.
no snmp-server trap
Disables support for SNMP traps.
snmp-server trap community
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap community <str>
Sets the password required by the remote host that will receive the trap.
no snmp-server trap community
Deletes the password required by the remote host that will receive the trap.
snmp-server trap destination
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap destination <host> <[port number]>
Add a new trap destination.
no snmp-server trap destination <host> [<port>]
Deletes the specified trap destination.
Parameters
<host> Sets the IP address or domain name of the host that the service controller
will send traps to.
<[port number]> SNMP port number. Range 1 - 65535. By default port 162 is used
snmp-server trap heartbeat
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap heartbeat
Enables sending of heartbeat traps at regular intervals.
no snmp-server trap heartbeat
Disables sending of heartbeat traps at regular intervals.
2-25
CLI commands
snmp-server trap link-state
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap link-state
Send a trap when the link state changes on any interface.
no snmp-server trap link-state
Do not send this trap.
snmp-server trap snmp-authentication
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap snmp-authentication
Send a trap each time an SNMP request fails to supply the correct community name.
snmp-server version 1
Supported on: MSM710 MSM730 MSM750
snmp-server version 1
Enable version 1
no snmp-server version 1
Disable version 1
MSM760 MSM765zl
snmp-server version 2c
Supported on: MSM710 MSM730 MSM750
snmp-server version 2c
Enable version 2c
no snmp-server version 2c
Disable version 2c
MSM760 MSM765zl
snmp-server version 3
Supported on: MSM710 MSM730 MSM750
MSM760 MSM765zl
2-26
snmp-server version 3
Enable version 3
no snmp-server version 3
Disable version 3
snmp-server access interface vlan
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server access interface vlan <name>
Enables access to SNMP via the specified VLAN.
no snmp-server access interface vlan <name>
Disables access to SNMP via the specified VLAN.
Parameters
<name> Specifies the name of the VLAN.
snmp-server access interface gre
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server access interface gre <name>
Enables access to SNMP via the specified GRE tunnel.
CLI commands
no snmp-server access interface gre <name>
Removes access to SNMP via the specified GRE tunnel.
snmp-server access port-2
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server access port-2
Enables SNMP access on the upstream port.
no snmp-server access port-2
Blocks SNMP access on the upstream port.
snmp-server access lan
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server access lan
Enables access to the management tool via the LAN port.
no snmp-server access lan
Blocks access to the management tool via the LAN port.
snmp-server access vpn
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server access vpn
Enables access to the management tool via a VPN connection.
no snmp-server access vpn
Blocks access to the management tool via a VPN connection.
snmp-server trap new-satellite-detected
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap new-satellite-detected
Send a trap when a new satellite is detected.
no snmp-server trap new-satellite-detected
Do not send a trap when a new satellite is detected.
2-27
CLI commands
snmp-server trap satellite-unreachable
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap satellite-unreachable
Send a trap when a satellite cannot be reached.
no snmp-server trap satellite-unreachable
Ignore unreachable satellites.
snmp-server user
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server user <name>
Creates a new SNMP user or switches to the SNMP user context with the specified user name.
no snmp-server user <name>
Deletes the specified SNMP user.
snmp-server notification receiver
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server notification receiver <host>
Creates a new SNMP notification receiver or switches to the SNMP notification receiver context
with the specified IP address.
no snmp-server notification receiver <host>
Deletes the specified SNMP notification receiver.
soap-server
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
soap-server
Enables the SOAP server.
no soap-server
Disables the SOAP server.
soap-server access interface vlan
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
soap-server access interface vlan <name>
Enables access to SOAP via this VLAN.
no soap-server access interface vlan <name>
Disables access to SOAP via this VLAN.
2-28
soap-server access port-1
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
soap-server access port-1
CLI commands
Enables SOAP access on the downstream port.
no soap-server access port-1
Blocks SOAP access on the downstream port.
soap-server access port-2
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
soap-server access port-2
Enables SOAP access on the upstream port.
no soap-server access port-2
Blocks SOAP access on the upstream port.
soap-server allow
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
soap-server allow <ip address>/<mask>
Adds a host to the list of IP address from which access to the SOAP interface is permitted.
no soap-server allow <ip address>/<mask>
Removes a host from the list of IP address from which access to the SOAP interface is permitted.
Parameters
<address> IP address.
</mask> Subnet mask in CIDR format. Specifies the number of bits in the mask.
soap-server http authentication
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
soap-server http authentication
Enable the SOAP server HTTP authentication.
no soap-server http authentication
Disable the SOAP server HTTP authentication.
soap-server http authentication password
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
soap-server http authentication password
Set the SOAP server HTTP authentication password.
2-29
CLI commands
soap-server http authentication username
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
soap-server http authentication username
Set the SOAP server HTTP authentication username.
soap-server port
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
soap-server port <port number>
Sets the port the service controller will use to respond to SOAP requests.
Parameters
<port number> SOAP port number. Range 1 - 65535.
soap-server ssl
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
soap-server ssl
SSL enabled for SOAP server.
no soap-server ssl
SSL disabled for SOAP server.
soap-server ssl with client certificate
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
soap-server ssl with client certificate
Enable the use of client certificate with SSL for SOAP server.
no soap-server ssl with client certificate
Disable the use of client certificate with SSL for SOAP server.
soap-server access interface gre
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
soap-server access interface gre <name>
Enables access to SOAP via the specified GRE tunnel.
no soap-server access interface gre <name>
Removes access to SOAP via the specified GRE tunnel.
2-30
soap-server access lan
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
soap-server access lan
Enables access to the management tool via the LAN port.
no soap-server access lan
Blocks access to the management tool via the LAN port.
soap-server access vpn
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
soap-server access vpn
Enables access to the management tool via a VPN connection.
CLI commands
no soap-server access vpn
Blocks access to the management tool via a VPN connection.
snmp-server trap vpn-connection
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap vpn-connection
Send a trap when a user establishes a VPN connection with the service controller.
no snmp-server trap vpn-connection
Do not send this trap.
snmp-server trap syslog-matches
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap syslog-matches
Send a trap when syslog messages matches a specified regular expression.
no snmp-server trap syslog-matches
Do not send this trap.
snmp-server trap syslog-matches regex
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap syslog-matches regex <regex>
Sets the regular expression used to match the syslog messages.
snmp-server trap syslog-severity level
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap syslog-severity level (debug | info | notice | warning | error
| critical | alert | emergency)
Set the severity level of syslog messages that will trigger a trap.
snmp-server trap network-trace
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap network-trace
Send a trap when a network trace is started or stopped.
no snmp-server trap network-trace
Do not send this trap.
2-31
CLI commands
firmware-update automatic
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
firmware-update automatic
Enables scheduled firmware upgrades.
no firmware-update automatic
Disables scheduled firmware upgrade.
The service controller can automatically retrieve and install firmware from a local or remote URL
at preset times. By placing service controller firmware on a web or ftp server, you can automate
the update process for multiple units.
When the update process is triggered the service controller retrieves the first 2K of the firmware
file to determine if it is different from the active version. If different, the entire firmware file is
then downloaded and installed.
(Different means older or newer. This enables you to return to a previous firmware version if
required).
Configuration settings are preserved during the update unless stated otherwise in the release
notes for the firmware. However, all active connections will be terminated. Users will have to log
in again after the service controller restarts
firmware-update start
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
firmware-update start
Upload the firmware based on a specified URI. This URI can be set with the command: firmwareupdate uri.
firmware-update time
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
firmware-update time <time>
Sets the time of day the scheduled firmware upgrade will take place.
Parameters
<time> Time as hh:mm:ss. For example: 15:44:00.
firmware-update uri
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
firmware-update uri <uri>
Sets the URI where the service controller will retrieve new firmware.
no firmware-update uri
2-32
Clears the firmware URI.
CLI commands
firmware-update weekday
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
firmware-update weekday (everyday | monday | tuesday | wednesday | thursday |
friday | saturday | sunday)
Sets the day when the scheduled firmware upgrade will take place.
snmp-server trap firmware-update
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap firmware-update
Send a trap on firmware update.
no snmp-server trap firmware-update
Do not send a trap on firmware update.
ip name-server
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ip name-server <primary> [<secondary>] [<third>]
Sets the primary and secondary DNS servers overriding dynamically assigned ones.
Parameters
<primary> IP address of the primary DNS server.
<secondary> IP address of the secondary DNS server.
<third> IP address of the third DNS server.
ip name-server cache
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ip name-server cache
Enables the DNS cache.
no ip name-server cache
Disables the DNS cache.
Once a host name has been successfully resolved to an IP address by a remote DNS server, it is
stored in the cache. This speeds up network performance, as the remote DNS server now does not
have to be queried for subsequent requests for this host.
The entry stays in the cache until:
an error occurs when connecting to the remote host
the time to live (TTL) of the DNS request expires
the service controller is restarted.
ip name-server dynamic
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ip name-server dynamic
Enables dynamic assignment of DNS servers.
2-33
CLI commands
no ip name-server dynamic
Disables dynamic DNS assignment.
ip name-server interception
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ip name-server interception
Intercepts all DNS requests from users and relays them to configured servers.
no ip name-server interception
Process DNS requests addressed to this device only.
ip name-server switch-on-servfail
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ip name-server switch-on-servfail
Switch to next server when server failure is received.
no ip name-server switch-on-servfail
Do not switch to next server when server failure is received.
ip name-server switch-over
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ip name-server switch-over
Switch over to primary when active.
no ip name-server switch-over
Do not switch over to primary when active.
ip name-server logout-info
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ip name-server logout-info <host> <ip address>
Sets the logout host name and the logout IP address.
access controller shared secret
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
access controller shared secret <secret>
Sets the shared secret used to communicate with the service controller.
no access controller shared secret
Sets the shared secret used to communicate with the access controller.
The service controller will only accept authentication/location-aware information from satellites
that have a matching shared secret to its own.
2-34
radius-server profile
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
radius-server profile <name>
CLI commands
Creates a new RADIUS profile or switches to the RADIUS context with the specified profile name.
no radius-server profile <name>
Deletes the specified RADIUS profile.
access controller
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
access controller
Switches to the access controller context.
certificate ipsec ca
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
certificate ipsec ca <uri>
Loads a new CA certificate from the specified URI.
The URI can be local:
local://FILENAME
or remote
ftp://host/path
certificate ipsec local
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
certificate ipsec local <uri> <password>
Loads a new local certificate from the specified URI.
no certificate ipsec local
Removes the local certificate.
The URI can be local:
local://FILENAME
or remote
ftp://host/path
certificate ipsec revocation
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
certificate ipsec revocation <uri>
Loads a new CRL file from the specified URI.
The URI can be local:
local://FILENAME
or remote
2-35
CLI commands
ftp://host/path
certificate ssl
Supported on: MSM710 MSM730 MSM750 MSM760
certificate ssl <uri> <password>
Loads a new SSL certificate using the URI.
session profile default
Supported on: MSM710 MSM730 MSM750
session profile default
MSM760 MSM765zl
MSM765zl
Switches to the session profile context.
session profile
Supported on: MSM710 MSM730 MSM750
session profile <name>
Switches to the session profile context.
no session profile <name>
Remove a session profile.
MSM760 MSM765zl
show session profile
Supported on: MSM710 MSM730 MSM750
show session profile
Display all session profiles.
MSM760 MSM765zl
remote configuration
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
remote configuration (radius)
Switches to the RADIUS remote configuration context.
2-36
discovery protocol
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
discovery protocol
Enables broadcast of device information for interoperability with CDP-enabled networking
hardware.
no discovery protocol
Disable broadcast of device information.
discovery protocol device-id
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
discovery protocol device-id <name>
CLI commands
Overwrite the device-id field of information packets (the service controller serial number is not
used).
no discovery protocol device-id
Do not overwrite the device-id field of information packets (use the service controller serial
number).
service controller ap authentication credentials
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
service controller ap authentication credentials <username> <password>
When the RADIUS authentication source is selected, this option specifies the RADIUS username
and password assigned to the service controller.
no service controller ap authentication credentials
Clears the RADIUS username/password.
service controller ap authentication enable
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
service controller ap authentication enable
Enables authentication of discovered controlled APs.
no service controller ap authentication enable
Disables AP authentication.
service controller ap authentication file
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
service controller ap authentication file <name>
Sets the file to use for authentication of controlled access points. This must be an ASCII file with
one or more MAC addresses in it. Each address must appear on a separate line.
service controller ap authentication radius-server
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
service controller ap authentication radius-server <name>
Sets the RADIUS profile to use for authentication of controlled access points.
service controller ap authentication refresh-rate
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
service controller ap authentication refresh-rate <number>
Specifies the interval at which the service controller retrieves authentication list entries from the
selected authentication source(s).
2-37
CLI commands
service controller ap authentication source file
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
service controller ap authentication source file
Enables the use of a file authentication source.
no service controller ap authentication source file
Disables the use of a file authentication source.
service controller ap authentication source local
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
service controller ap authentication source local
Enables the use of local authentication source.
no service controller ap authentication source local
Disables the use of local authentication source.
service controller ap authentication source radius
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
service controller ap authentication source radius
Enables the use of RADIUS authentication source.
no service controller ap authentication source radius
Disables the use of RADIUS authentication source.
service controller discovery
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
service controller discovery
Enable service controller discovery.
no service controller discovery
Disable service controller discovery.
service controller discovery interface internet-port
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
service controller discovery interface internet-port
Allow discovery on the LAN interface.
no service controller discovery interface internet-port
Allow discovery on the LAN interface.
service controller discovery interface lan-port
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
service controller discovery interface lan-port
Allow discovery on the LAN interface.
2-38
CLI commands
no service controller discovery interface lan-port
Allow discovery on the LAN interface.
service controller primary
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
service controller primary
Become the Primary service controller.
no service controller primary
Become a secondary service controller.
service controller primary ip addr
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
service controller primary ip addr <ip address>
Configure a static ip address for the primary service controller.
service controller priority
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
service controller priority <number>
Sets the discovery priority of this device.
service controller provisioning
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
service controller provisioning
Enable the AP provisioning system.
no service controller provisioning
Disable the AP provisioning system.
bandwidth control internet-port
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
bandwidth control internet-port
Enables bandwidth control on the Internet port.
no bandwidth control internet-port
Disables bandwidth control on the Internet port.
bandwidth control internet-port high
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
bandwidth control internet-port high <min-tx-%> <min-rx-%> <max-tx-%> <max-rx%>
Sets the bandwidth rates (Tx minimum, Tx maximum, Rx minimum, and Rx maximum) for traffic
classed as High.
2-39
CLI commands
bandwidth control internet-port low
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
bandwidth control internet-port low <min-tx-%> <min-rx-%> <max-tx-%> <max-rx-%>
Sets the bandwidth rates (Tx minimum, Tx maximum, Rx minimum, and Rx maximum) for traffic
classed as Low.
bandwidth control internet-port max-rate
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
bandwidth control internet-port max-rate<transmit>)<receive>)
Sets the maximum transmit and receive rates on the Internet port in kbps.
These settings enable you to limit the total incoming or outgoing data rate on the Internet port. If
traffic exceeds the rate you set for short bursts, it is buffered. Long overages will result in data
being dropped. To utilize the full available bandwidth, the transmit and receive limits should be
set to match the incoming and outgoing data rates on the Internet port.
Parameters
<transmit> Sets the maximum transmit rate in kbps.
<receive> Sets the maximum receive rate in kbps.
About bandwidth control
Bandwidth rates for each level are defined by taking a percentage of the maximum transmit and
receive rates defined for the Internet port. Each bandwidth level has four rate settings:
Transmit rate - guaranteed minimum: This is the minimum amount of bandwidth that will be
assigned to a level as soon as outgoing traffic is present on the level.
Transmit rate - maximum: This is the maximum amount of outgoing bandwidth that can be
consumed by the level. Traffic in excess will be buffered for short bursts, and dropped for
sustained overages.
Receive rate - guaranteed minimum: This is the minimum amount of bandwidth that will be
assigned to a level as soon as incoming traffic is present on the level.
Receive rate - maximum: This is the maximum amount of incoming bandwidth that can be
consumed by the level. Traffic in excess will be buffered for short bursts, and dropped for
sustained overages.
Bandwidth levels are arranged in order of priority from Very High to Low. Priority determines
how bytesToWrite bandwidth is allocated once the minimum rate has been met for each level.
Free bandwidth is always assigned to the higher priority levels first.
Assigning traffic to bandwidth levels
User traffic is assigned to a bandwidth level on a per-VAP (VSC) basis.
Management traffic (RADIUS, SNMP, management tool admin sessions) is assigned to
bandwidth level Very High and cannot be changed.
All traffic assigned to a particular bandwidth level shares the allocated bandwidth for that
level.
2-40
CLI commands
bandwidth control internet-port normal
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
bandwidth control internet-port normal <min-tx-%> <min-rx-%> <max-tx-%> <maxrx-%>
Sets the bandwidth rates (Tx minimum, Tx maximum, Rx minimum, and Rx maximum) for traffic
classed as Normal.
bandwidth control internet-port very-high
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
bandwidth control internet-port very-high <min-tx-%> <min-rx-%> <max-tx-%>
<max-rx-%>
Sets the bandwidth rates (Tx minimum, Tx maximum, Rx minimum, and Rx maximum) for traffic
classed as Very High.
ip route gateway
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ip route gateway<destination>/<mask> <gateway> <[metric]>
Adds a static route.
no ip route gateway <destination>/<mask> <gateway> <[metric]>
Removes the specified static route.
Parameters
<destination> Traffic addressed to this IP address will be routed.
<mask> Indicates the number of bits in the destination address that is checked for a
match.
<gateway> Indicates the IP address of the gateway the service controller will forward
routed traffic to. The gateway address must be on the same subnet as one
of the available interfaces (Internet port or LAN port).
<metrix> Indicates the priority of a route. If two routes exist for a destination
address then the service controller chooses the one with the lower metric.
firewall mode
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
firewall mode (high|low|none)
Sets the firewall mode.
Parameters
high Permits all outgoing traffic. Blocks all externally initiated connections.
low Permits all incoming and outgoing traffic, except for NetBIOS traffic. Use
this option if you require active FTP sessions.
none Disables the firewall.
2-41
CLI commands
show user profiles
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show user profiles [<pattern>]
Display current local users.
show user profiles details
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show user profiles details <name>
Display detailed information about one user.
user profile
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
user profile <name>
Adds or edits the specified username in the local user list.
no user profile <name>
Removes the specified username from the local user list.
renew user profile subscription
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
renew user profile subscription [<username>]
Renew a user with its subscription plan.
dot1x reauth
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dot1x reauth
Enable this option to force 802.1X client stations to reauthenticate.
no dot1x reauth
Disables 802.1X reauthentication.
dot1x reauth period
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dot1x reauth period (15m | 30m | 1h | 2h | 4h | 8h | 12h)
2-42
Sets the 802.1X reauthentication interval. Client stations must reauthenticate when this interval
expires.
dot1x reauth terminate
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dot1x reauth terminate
Enable this option to allow client stations to remain connected during re-authentication. Client
traffic is blocked only when re-authentication fails.
CLI commands
no dot1x reauth terminate
Disabled this option to block client traffic during re-authentication and only activate traffic again
if authentication succeeds.
dot1x supplicant timeout
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
802.1x supplicant time-out <seconds>
Sets the 802.1X supplicant time-out.
Parameters
<seconds> time-out in seconds.
dynamic key
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dynamic key
Enables dynamic key support for 802.1X and WPA.
no dynamic key
Disables dynamic key support for 802.1X and WPA.
dynamic key interval
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dynamic key interval (5m | 10m | 15m | 30m | 1h | 2h | 4h | 8h | 12h)
Specifies how often (in minutes or hours) that the group (broadcast) key is changed for 802.1X
and WPA.
key chain
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
key chain <name>
Switch to the specified key chain or create a new key chain.
no key chain <name>
Remove the specified key chain.
config-version
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
config-version <string>
Sets a string to identify the user configuration version.
radius-server accounting session
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
radius-server accounting session <number>
Set the maximum number of accounting sessions.
2-43
CLI commands
radius-server client
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
radius-server client
Enable radius clients list.
no radius-server client
Disable radius clients list.
radius-server local eap-peap
Supported on: MSM710 MSM730 MSM750 MSM760
radius-server local eap-peap
Allow EAP-PEAP.
no radius-server local eap-peap
Disallow EAP-PEAP.
MSM765zl
radius-server local eap-tls
Supported on: MSM710 MSM730 MSM750 MSM760
radius-server local eap-tls
Allow EAP-TLS.
MSM765zl
no radius-server local eap-tls
Disallow EAP-TLS.
radius-server local eap-ttls
Supported on: MSM710 MSM730 MSM750 MSM760
radius-server local eap-ttls
Allow EAP-TTLS.
no radius-server local eap-ttls
Disallow EAP-TTLS.
MSM765zl
radius-server local pap
Supported on: MSM710 MSM730 MSM750
radius-server local pap
Allow PAP.
no radius-server local pap
Disallow PAP.
MSM760 MSM765zl
radius-server ssid detection nas-id
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
radius-server ssid detection nas-id
2-44
Use NAS-ID for SSID detection.
no radius-server ssid detection nas-id
CLI commands
Do not use NAS-ID for SSID detection.
show radius-server
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show radius-server
Display current RADIUS server configuration.
active-directory check attribute
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
active-directory check attribute <ldapattr>
Set the name of the AD attribute to check for.
no active-directory check attribute
Clear the name of the AD attribute to check for.
active-directory check user access
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
active-directory check user access
Check AD for user access.
no active-directory check user access
Do not check AD for user access.
active-directory device name
Supported on: MSM710 MSM730 MSM750 MSM760
active-directory device name <name>
Set the device NetBIOS name.
no active-directory device name
Clear the device NetBIOS name.
active-directory domain
Supported on: MSM710 MSM730 MSM750
active-directory domain <domain>
Set the AD Windows domain.
no active-directory domain
Reset the AD Windows domain.
MSM760 MSM765zl
MSM765zl
2-45
CLI commands
active-directory group
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
active-directory group <name>
Create or go to an Active Directory group.
no active-directory group <name>
Remove an Active Directory group.
active-directory group order
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
active-directory group order <number> <name>
Reorder an Active Directory group.
active-directory join
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
active-directory join <username> <password>
Join with Active Directory.
show active-directory
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show active-directory
Display Active Directory settings.
show active-directory group
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show active-directory group <name>
Display details about an Active Directory group.
radius-server client
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
radius-server client <ip address>/<mask> <secret>
Add a new radius client.
no radius-server client <ip address>/<mask>
Delete an existing radius client.
user tracking
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
user tracking
2-46
Enable capture of usage data.
no user tracking
Disable capture of usage data.
user tracking destination
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
user tracking destination <host>
Specify to where the detailed syslog packets should be sent.
user tracking filter
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
user tracking filter <filter>
CLI commands
A comma-separated list of filters (username or subnet).
user tracking port
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
user tracking port <number>
Specify to which UDP port capture data should be sent.
persistent user information
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
persistent user information
Save user account information locally .
no persistent user information
Do not save user account information locally.
persistent user information period
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
persistent user information period <number>
Period, in minutes, at which to update user information.
client data tunnel security
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
client data tunnel security (hmac | key)
Specify the security strength of the client data tunnel.
managed map max
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
managed map max <num>
Set the maximum number of APs to manage.
2-47
CLI commands
igmp proxy
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
igmp proxy
Enable IGMP proxy.
no igmp proxy
Disable IGMP proxy.
igmp proxy downstream interface
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
igmp proxy downstream interface <interface>
Set the downstream IGMP port.
igmp proxy upstream interface
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
igmp proxy upstream interface <interface>
Set the upstream IGMP port.
rf-id aeroscout
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
rf-id aeroscout
Enable AeroScout tag processing.
no rf-id aeroscout
Disable AeroScout tag processing.
2-48
Access Controller context
Path: View > Enable > Config > Access Controller
All global access controller configuration takes place here.
end
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
end
CLI commands
Switches to parent context.
ads presentation
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ads presentation
Enable advertisement display at regular intervals for authenticated users.
no ads presentation
Disable advertisement display for authenticated users.
ads presentation interval
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ads presentation interval <number>
Control the advertisement display interval.
station allocate source ip address
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
station allocate source ip address
Allow dynamic IP addresses.
no station allocate source ip address
Disallow dynamic IP addresses.
Enable this option to provide network address translation for client stations with static IP
addresses. This permits the service controller to assign an alias address to the client that puts it on
the same subnet as the VSC the client is associated with. This option cannot be used if NAT is
enabled on the Internet port.
station allow any ip address
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
station allow any ip address
Enable this option to permit wireless client stations that are using a static IP address to connect to
the service controller, even if they are on a different subnet.
no station allow any ip address
Do not allow client stations with any IP addresses to connect.
2-49
CLI commands
This option enables users to access the wireless network without reconfiguring their networking
settings. For example, by default the service controller creates the wireless network on the subnet
192.168.1.0. If a client station is pre-configured with the address 10.10.4.99, it will still be able to
connect to the service controller without changing its address, or its settings for DNS server and
default gateway.
station free access
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
station free access
When enabled, all users are automatically granted access when the RADIUS server is down or
unreachable.
no station free access
Users cannot connect when the RADIUS server is unreachable.
Once the RADIUS server is available again, free user sessions remain active until the user logs out.
This does not apply to users using 802.1x or WPA.
station http proxy support
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
station http proxy support
Enables support for client stations that are configured to use a proxy server for HTTP and HTTPS,
without requiring users to reconfigure their systems.
no station http proxy support
Disables support for client stations that are configured to use a proxy server for HTTP and
HTTPS.
station idle detection
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
station Idle detection <interval> <count>
The service controller continuously polls authenticated client stations to ensure they are active. If
no response is received and the number of retries is reached, the client station is disconnected.
Parameters
<interval> Specify how long to wait between polls.
<retries> Specify how many polls a client station can fail to reply to before it is
disconnected.
Description
This feature enables the service controller to detect if two client stations are using the same IP
address but have different MAC addresses. If this occurs, access is terminated for this IP address
removing both stations from the network.
Changing these values may have security implications. A large interval provides a greater
opportunity for a session to be hijacked.
The initial query is always done after the client station has been idle for 60 seconds. If there is no
answer to this query, the settings for Interval and Retries are used to control additional retries.
2-50
system accounting
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
system accounting
Enables RADIUS accounting support.
no system accounting
Disables RADIUS accounting support.
CLI commands
remember delay
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
remember delay <number>
Length of time to remember users. Users who return later than this delay interval, are presented
with the login page instead of being re-authenticated.
remember html users
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
remember html users
Enables support for remembering (automatically re-authenticating) html-authenticated users who
leave the network but return within the remember delay interval.
no remember html users
Disables support for remembering html-authenticated users.
worldpay installation id
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
worldpay installation id <string>
Set the installation ID for the WorldPay payment service.
worldpay payment response password
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
worldpay payment response password <string>
Set the payment response password for the WorldPay payment service.
worldpay payment url
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
worldpay payment url <string>
Set the payment URL for the WorldPay payment service.
authorize_net installation id
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
authorize_net installation id <string>
Set the login ID for the Authorize.Net payment service.
2-51
CLI commands
authorize_net payment url
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
authorize_net payment url <string>
Set the payment URL for the Authorize.Net payment service.
authorize_net transaction key
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
authorize_net transaction key <string>
Set the transaction key for the Authorize.Net payment service.
ads presentation with frameset
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ads presentation with frameset
Enables the ads presentation to redirect to frameset-ads-page instead of ads-page.
no ads presentation with frameset
Disables the frameset for ads presentation, causing ads presentation to only use ads-page.
authentication http
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
authentication http <number>
Specifies the port number the service controller will use to provide standard HTTP access to the
management tool.
HTTP connections made to this port are met with a warning and the browser is redirected to the
secure web server port. By default this parameter is set to port 80.
authentication https
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
authentication https <number>
2-52
Specifies the port number the service controller will use to provide secure access to the
management tool (HTTPS). By default this parameter is set to port 443.
noc access internet
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
noc access internet
Accept authentication requests on the Internet port.
no noc access internet
Do not accept authentication requests on the Internet port..
noc access vpn
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
noc access vpn
Accept authentication requests on VPN connections.
CLI commands
no noc access vpn
Do not accept authentication requests on VPN connections.
noc allow
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
noc allow <ip address>/<mask>
Adds an IP address or subnet to the list of destinations that the service controller will accept user
login authentication requests from when NOC authentication is active.
no noc allow <ip address>/<mask>
Removes the specified IP address or subnet from the list of destinations that the service controller
will accept user login authentication requests from when NOC authentication is active.
When the list is empty, authentication requests are accepted from any address.
noc authentication
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
noc authentication
Enables support for NOC authentication.
no noc authentication
Disables support for NOC authentication.
secure login
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
secure login
Enables secure login.
no secure login
Disables secure login.
sslv2 authentication
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
sslv2 authentication
Enables SSLv2 authentication.
no sslv2 authentication
Disables SSLv2 authentication.
2-53
CLI commands
noc access interface vlan
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
noc access interface vlan <name>
Adds the specified VLAN to the list of interfaces that authentication requests are accepted on.
no noc access interface vlan <name>
Removes the specified VLAN from the list of interfaces that authentication requests are accepted
on.
noc access interface gre
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
noc access interface gre <name>
Adds the specified GRE tunnel to the list of interfaces that authentication requests are accepted
on.
no noc access interface gre <name>
Removes the specified GRE tunnel from the list of interfaces that authentication requests are
accepted on.
ipass id
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ipass id <name>
Specifies the WISPr location ID assigned to the service controller.
no ipass id
Deletes the WISPr location ID assigned to the service controller.
ipass name
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ipass name <name>
Specifies the WISPr location name assigned to the service controller.
no ipass name
Deletes the WISPr location name assigned to the service controller.
wispr abort login url
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
wispr abort login url <url>
Specifies the WISPr abort login url assigned to the service controller.
no wispr abort login url
Deletes the WISPr abort login url assigned to the service controller.
2-54
wispr login url
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
wispr login url <url>
CLI commands
Specifies the WISPr login url assigned to the service controller.
no wispr login url
Deletes the WISPr login url assigned to the service controller.
wispr logoff url
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
wispr logoff url <url>
Specifies the WISPr logoff url assigned to the service controller.
no wispr logoff url
Deletes the WISPr logoff url assigned to the service controller.
access-list
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
access-list <index> <rule>
Adds a new rule to an access list at the specified index position.
no use access-list
Do not use an access list.
Parameters
index Index position of the rule within the access list.
rule Access list rule definition in the format:
<listname>[,OPTIONAL],<action>,<protocol>,<address>,<port>[,<accou
nt>[,<interval>]]
<listname> Specifies a name (up to 32 characters long) to identify the access list this
rule applies to. If a list with this name does not exist, a new list is created.
If a list with this name exists, the rule is added to it.
OPTIONAL Allows the access list to be activated even if this rule fails to initialize. For
example, if you specify a rule that contains an address which cannot be
resolved for some reason, the other rules that make up the access list will
still be initialized. If you do not specify optional, a failed rule will cause the
entire list to fail. Critical access list definitions (such as for a remote login
page, certificates) should not use the OPTIONAL setting because if these
definitions fail to initialize there will be no indication in the log.
<action> Specifies what action the rule takes when it matches incoming traffic. Two
options are available:
ACCEPT - Allow traffic matching this rule.
DENY - Reject traffic matching this rule.
WARN - Redirect traffic matching this rule to an error page.
<protocol> Specify the protocol to check: tcp, udp, icmp, all
<address> Specify one of the following:
2-55
CLI commands
IP address or domain name (up to 107 characters in length)
Subnet address. Include the network mask as follows: address/subnet mask For example:
192.168.30.0/24
Use the keyword all to match any address.
Use the keyword none if the protocol does not take an address range (ICMP for example).
<port> Specify a specific port to check or a port range as follows:
none: Used with ICMP (since it has no ports).
all: Check all ports.
1-65535[:1-65535] - Specify a specific port or port range.
<account> Specify the name of the user account the service controller will send billing
information to for this rule. Account names must be unique and can be up
to 32 characters in length.
<interval> Specify time between interim accounting updates. If you do not enable this
option, accounting information is only sent when a user connection is
terminated. Range: 5-99999 seconds in 15 second increments.
use access-list
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
use access-list <listname>
Specifies the name of the access list to use.
no use access-list
Do not use an access list.
use access-list unauth
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
use access-list unauth <listname>
Specifies the name of the access list to use for unauthenticated stations (list disappears once
authenticated).
no use access-list unauth
Do not use an access list for unauthenticated stations (list disappears once authenticated).
config file
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
config file <url>
Specifies the URL that points to a new configuration file to load.
no config file
Do not load a new configuration file.
2-56
http proxy upstream
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
http proxy upstream <string>
CLI commands
Specifies the host:port of the HTTP Proxy Upstream server.
no http proxy upstream
Do not use an HTTP Proxy Upstream server.
https ssl certificate
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
https ssl certificate <url>
Specifies the URL that points to an SSL certificate that will replace the default certificate on the
service controller.
no https ssl certificate
Do not load a custom SSL certificate.
mac-address
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
mac-address <macaddr> [<username>] [<password>]
Adds a MAC address to the local configuration list.
When the MAC authentication option is enabled (in a VAP (VSC) profile), you can define local
configuration settings to validate MAC addresses.
Parameters
macaddr MAC address of the device as 12 hexadecimal numbers, with the values ’a’
to ’f’ in lowercase. For example: 0003520a0f01.
username Username assigned to the device.
password Password assigned to the device.
fail page
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
fail page <url>
Specifies the URL of a new fail page.
no fail page
No new fail page. Use default.
goodbye url
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
goodbye url <url>
Specifies the URL of a goodbye page.
no goodbye url
No goodbye page.
2-57
CLI commands
ipass login url
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ipass login url <url>
Specifies the URL of the IPass login page. The service controller will automatically redirect users
with IPass client software to this page.
no ipass login url
No IPass login URL.
login error url
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
login error url <url>
Specifies the URL of a login error page.
no login error url
No login error page.
login page
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
login page <url>
Specifies the URL of the new login page.
no login page
No new login page. Use default.
login url
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
login url <url>
Specifies the URL of a remote login page.
no login url
No remote login page.
logo
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
logo <url>
Specifies the URL of a new logo.
no logo
No new logo. Use default.
2-58
messages
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
messages <url>
CLI commands
Specifies the URL of a new message file.
no messages
No new messages file. Use default.
noc ssl ca-certificate
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
noc ssl ca-certificate <url>
Specifies the URL of the certificate from the certificate authority (CA) that issued the NOC
certificate.
no noc ssl ca-certificate
No CA certificate.
noc ssl certificate
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
noc ssl certificate <url>
Specifies the URL of the certificate issued to the application on the remote web server that will
send user info to the service controller for authentication.
no noc ssl certificate
No certificate.
session page
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
session page <url>
Specifies the URL of a new session page.
no session page
No new session page. Use default.
transport page
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
transport page <url>
Specifies the URL of a new transport page.
no transport page
No new transport page. Use default.
2-59
CLI commands
welcome url
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
welcome url <url>
Specifies the URL of a welcome page.
no welcome url
No welcome page.
notify user location changes
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
notify user location changes
Notify RADIUS on location changes.
no notify user location changes
Do not notify RADIUS on location changes.
2-60
Loading...