HP MSM7XX User Manual

ProCurve 5400zl Switches
Installation and Getting Started Guide
Reference Guide for HP ProCurve MSM7xx Controllers CLI
ProCurve MSM7xx Controllers CLI
Reference Guide
CLI Reference Guide

Copyright and Disclaimer Notices

© Copyright 2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
This document contains proprietary information, which is protected by copyright. No part of this document may be photocopied, reproduced, or translated into another language without the prior written consent of Hewlett-Packard.
Publication Number
5992-5933 May 2009
Applicable Products
MSM710 Access Controller J9328A MSM710 Mobility Controller J9325A MSM730 Access Controller J9329A MSM730 Mobility Controller J9326A MSM750 Access Controller J9330A MSM750 Mobility Controller J9327A MSM760 Access Controller J9421A MSM760 Mobility Controller J9420A MSM765zl Mobility Controller J9370A
Trademark Credits
Windows NT®, Windows®, and MS Windows® are US registered trademarks of Microsoft Corporation.
Disclaimer
HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.
The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
Hewlett-Packard assumes no responsibility for the use or reliability of its software on equipment that is not furnished by Hewlett-Packard.
Hewlett-Packard Company
8000 Foothills Boulevard Roseville, California 95747-5552
www.procurve.com

Contents

In this Contents section, new to 5.3.x contexts and commands are preceded with an asterisk “*” and formatted in green like this:
* new context
* new command
1 Introduction
About this guide ...........................................................................................................1-2
Products covered................................................................................................... 1-2
HP ProCurve Product Naming............................................................................. 1-2
Important terms..................................................................................................... 1-3
Typographical conventions ..................................................................................1-3
Command syntax ............................................................................................1-3
Management tool ............................................................................................1-4
HP ProCurve Networking support............................................................................. 1-4
Before contacting support .............................................................................1-4
Online documentation .................................................................................................1-5
Configuring CLI support.............................................................................................. 1-5
SSH client support.................................................................................................1-6
Entering strings ............................................................................................................1-6
Context hierarchy ........................................................................................................1-7
Sample CLI session ......................................................................................................1-8
File transfer...................................................................................................................1-8
A. The service controller gets the file using a URL ....................................1-8
B. Send a file to the service controller .........................................................1-8
2 CLI commands
View context .................................................................................................................2-2
arping ......................................................................................................................2-2
enable...................................................................................................................... 2-2
iperf .........................................................................................................................2-2
nslookup .................................................................................................................2-2
iii
ping.......................................................................................................................... 2-2
ps .............................................................................................................................2-3
quit...........................................................................................................................2-3
show license........................................................................................................... 2-3
show logging filtered.............................................................................................2-3
top............................................................................................................................ 2-3
traceroute ...............................................................................................................2-3
Enable context..............................................................................................................2-4
reboot device..........................................................................................................2-4
show certificate .....................................................................................................2-4
show certificate binding .......................................................................................2-4
iperf .........................................................................................................................2-4
ping.......................................................................................................................... 2-4
arping ......................................................................................................................2-5
arp............................................................................................................................ 2-5
end ...........................................................................................................................2-5
quit...........................................................................................................................2-5
rcapture...................................................................................................................2-5
show arp .................................................................................................................2-5
show bridge ............................................................................................................2-5
show bridge forwarding........................................................................................ 2-6
show dns cache...................................................................................................... 2-6
show interfaces......................................................................................................2-6
* show ip.................................................................................................................2-6
show ip route .........................................................................................................2-6
show system info ...................................................................................................2-6
show ip dhcp database..........................................................................................2-6
show satellites........................................................................................................2-6
* show web content ..............................................................................................2-7
show client log .......................................................................................................2-7
show radius statistics............................................................................................ 2-7
show radius users.................................................................................................. 2-7
show users..............................................................................................................2-7
show discrete pin...................................................................................................2-7
config.......................................................................................................................2-7
show all config .......................................................................................................2-7
controlled network................................................................................................2-8
show controlled network config..........................................................................2-8
iv
Config context ..............................................................................................................2-9
* dhcp public ip default lease period.................................................................. 2-9
* dhcp public ip subnet.........................................................................................2-9
certificate................................................................................................................ 2-9
certificate binding..................................................................................................2-9
certificate revocation ............................................................................................2-9
end ...........................................................................................................................2-9
factory settings ....................................................................................................2-10
interface ethernet ................................................................................................2-10
reboot device........................................................................................................2-10
show certificate ...................................................................................................2-10
show certificate binding .....................................................................................2-10
show config factory.............................................................................................2-10
username ..............................................................................................................2-10
interface ip............................................................................................................2-11
interface pptp client-default...............................................................................2-11
interface gre .........................................................................................................2-11
virtual ap............................................................................................................... 2-11
show subscription plan.......................................................................................2-11
subscription plan .................................................................................................2-11
* mac list...............................................................................................................2-12
* show mac list ....................................................................................................2-12
ipsec policy........................................................................................................... 2-12
* admin local authentication..............................................................................2-12
* admin radius authentication ...........................................................................2-12
* admin radius authentication server ...............................................................2-12
ip http port............................................................................................................ 2-13
ip https port.......................................................................................................... 2-13
snmp-server trap certificate-expired.................................................................2-13
snmp-server trap certificate-expires-soon .......................................................2-13
snmp-server trap web-fail...................................................................................2-13
snmp-server trap web-login................................................................................ 2-14
snmp-server trap web-logout .............................................................................2-14
web admin kickout.............................................................................................. 2-14
web allow..............................................................................................................2-14
world-mode dot11 country code........................................................................2-14
web access internet-port ....................................................................................2-15
web access lan-port.............................................................................................2-15
web access interface vlan................................................................................... 2-15
v
web access interface gre ....................................................................................2-15
web access lan .....................................................................................................2-15
web access vpn ....................................................................................................2-15
dhcp mode ............................................................................................................2-16
dhcp server........................................................................................................... 2-16
dhcp server default domain name .....................................................................2-16
dhcp server default lease period .......................................................................2-16
dhcp server default permanent lease period....................................................2-16
dhcp server controller.........................................................................................2-16
dhcp server controller discovery....................................................................... 2-16
dhcp server logout html user .............................................................................2-17
dhcp server access centralized clients .............................................................2-17
dhcp server access lan ........................................................................................2-17
dhcp relay .............................................................................................................2-17
* dhcp relay circuit id ......................................................................................... 2-17
* dhcp relay remote id ........................................................................................2-18
dhcp relay access centralized clients................................................................ 2-18
dhcp relay access lan ..........................................................................................2-18
dhcp relay extend internet port .........................................................................2-18
clock...................................................................................................................... 2-18
* clock auto adjust dst........................................................................................ 2-19
clock timezone..................................................................................................... 2-19
* clock use custom dst rules..............................................................................2-19
ntp protocol..........................................................................................................2-19
ntp server..............................................................................................................2-19
* clock custom dst begins ..................................................................................2-19
* clock custom dst begins format .....................................................................2-20
* clock custom dst ends .....................................................................................2-20
* clock custom dst ends format ........................................................................2-20
ntp server..............................................................................................................2-21
ntp server failure trap .........................................................................................2-21
config-update automatic..................................................................................... 2-21
config-update operation......................................................................................2-21
config-update time............................................................................................... 2-21
config-update uri..................................................................................................2-22
config-update weekday....................................................................................... 2-22
snmp-server trap config-change ........................................................................2-22
snmp-server trap config-update.........................................................................2-22
logging destination ..............................................................................................2-22
vi
snmp-server trap syslog-severity .......................................................................2-23
snmp-server.......................................................................................................... 2-23
snmp-server access port-1.................................................................................. 2-23
snmp-server allow ...............................................................................................2-23
snmp-server chassis-id........................................................................................2-23
snmp-server contact............................................................................................2-24
snmp-server heartbeat period............................................................................ 2-24
snmp-server location........................................................................................... 2-24
snmp-server port..................................................................................................2-24
snmp-server readonly..........................................................................................2-24
snmp-server readwrite ........................................................................................2-25
snmp-server trap..................................................................................................2-25
snmp-server trap community .............................................................................2-25
snmp-server trap destination .............................................................................2-25
snmp-server trap heartbeat ................................................................................2-25
snmp-server trap link-state.................................................................................2-26
snmp-server trap snmp-authentication.............................................................2-26
* snmp-server version 1......................................................................................2-26
* snmp-server version 2c....................................................................................2-26
* snmp-server version 3......................................................................................2-26
snmp-server access interface vlan ....................................................................2-26
snmp-server access interface gre ......................................................................2-27
snmp-server access port-2.................................................................................. 2-27
snmp-server access lan .......................................................................................2-27
snmp-server access vpn...................................................................................... 2-27
snmp-server trap new-satellite-detected ..........................................................2-27
snmp-server trap satellite-unreachable ............................................................2-28
* snmp-server user ..............................................................................................2-28
* snmp-server notification receiver ..................................................................2-28
soap-server ...........................................................................................................2-28
soap-server access interface vlan......................................................................2-28
soap-server access port-1 ...................................................................................2-29
soap-server access port-2 ...................................................................................2-29
soap-server allow................................................................................................. 2-29
soap-server http authentication.........................................................................2-29
soap-server http authentication password....................................................... 2-29
soap-server http authentication username....................................................... 2-30
soap-server port................................................................................................... 2-30
soap-server ssl......................................................................................................2-30
vii
soap-server ssl with client certificate ...............................................................2-30
soap-server access interface gre........................................................................2-30
soap-server access lan ........................................................................................2-30
soap-server access vpn .......................................................................................2-31
snmp-server trap vpn-connection...................................................................... 2-31
snmp-server trap syslog-matches ...................................................................... 2-31
snmp-server trap syslog-matches regex ...........................................................2-31
snmp-server trap syslog-severity level..............................................................2-31
snmp-server trap network-trace ........................................................................ 2-31
firmware-update automatic................................................................................2-32
firmware-update start .........................................................................................2-32
firmware-update time..........................................................................................2-32
firmware-update uri ............................................................................................2-32
firmware-update weekday..................................................................................2-33
snmp-server trap firmware-update.................................................................... 2-33
ip name-server......................................................................................................2-33
ip name-server cache ..........................................................................................2-33
ip name-server dynamic...................................................................................... 2-33
ip name-server interception ............................................................................... 2-34
ip name-server switch-on-servfail .....................................................................2-34
ip name-server switch-over ................................................................................2-34
ip name-server logout-info .................................................................................2-34
access controller shared secret .........................................................................2-34
radius-server profile ............................................................................................2-35
access controller..................................................................................................2-35
certificate ipsec ca...............................................................................................2-35
certificate ipsec local ..........................................................................................2-35
certificate ipsec revocation................................................................................ 2-35
certificate ssl ........................................................................................................2-36
session profile default.........................................................................................2-36
session profile ......................................................................................................2-36
show session profile............................................................................................ 2-36
remote configuration ..........................................................................................2-36
discovery protocol............................................................................................... 2-36
discovery protocol device-id.............................................................................. 2-37
service controller ap authentication credentials.............................................2-37
service controller ap authentication enable.....................................................2-37
service controller ap authentication file...........................................................2-37
service controller ap authentication radius-server ......................................... 2-37
viii
service controller ap authentication refresh-rate............................................ 2-37
service controller ap authentication source file..............................................2-38
service controller ap authentication source local........................................... 2-38
service controller ap authentication source radius ........................................2-38
service controller discovery...............................................................................2-38
service controller discovery interface internet-port .......................................2-38
service controller discovery interface lan-port ...............................................2-38
service controller primary.................................................................................. 2-39
service controller primary ip addr.....................................................................2-39
service controller priority...................................................................................2-39
service controller provisioning.......................................................................... 2-39
bandwidth control internet-port........................................................................ 2-39
bandwidth control internet-port high ...............................................................2-39
bandwidth control internet-port low ................................................................2-40
bandwidth control internet-port max-rate .......................................................2-40
bandwidth control internet-port normal ..........................................................2-41
bandwidth control internet-port very-high....................................................... 2-41
ip route gateway ..................................................................................................2-41
firewall mode .......................................................................................................2-41
show user profiles ...............................................................................................2-42
show user profiles details................................................................................... 2-42
user profile ...........................................................................................................2-42
renew user profile subscription......................................................................... 2-42
dot1x reauth .........................................................................................................2-42
dot1x reauth period.............................................................................................2-42
dot1x reauth terminate .......................................................................................2-42
dot1x supplicant timeout.................................................................................... 2-43
dynamic key .........................................................................................................2-43
dynamic key interval ...........................................................................................2-43
key chain............................................................................................................... 2-43
config-version.......................................................................................................2-43
radius-server accounting session ......................................................................2-43
radius-server client..............................................................................................2-44
radius-server local eap-peap ..............................................................................2-44
radius-server local eap-tls...................................................................................2-44
radius-server local eap-ttls .................................................................................2-44
radius-server local pap........................................................................................ 2-44
radius-server ssid detection nas-id....................................................................2-44
show radius-server ..............................................................................................2-45
ix
active-directory check attribute ........................................................................2-45
active-directory check user access ...................................................................2-45
active-directory device name .............................................................................2-45
active-directory domain......................................................................................2-45
active-directory group......................................................................................... 2-46
active-directory group order ..............................................................................2-46
active-directory join ............................................................................................2-46
show active-directory..........................................................................................2-46
show active-directory group ..............................................................................2-46
radius-server client..............................................................................................2-46
user tracking ........................................................................................................2-46
user tracking destination.................................................................................... 2-47
user tracking filter ...............................................................................................2-47
user tracking port ................................................................................................2-47
persistent user information................................................................................ 2-47
persistent user information period....................................................................2-47
* client data tunnel security...............................................................................2-47
managed map max...............................................................................................2-47
igmp proxy............................................................................................................2-48
igmp proxy downstream interface ....................................................................2-48
igmp proxy upstream interface..........................................................................2-48
* rf-id aeroscout...................................................................................................2-48
Access Controller context.........................................................................................2-49
end .........................................................................................................................2-49
* ads presentation ...............................................................................................2-49
* ads presentation interval................................................................................. 2-49
station allocate source ip address .....................................................................2-49
station allow any ip address...............................................................................2-49
station free access ...............................................................................................2-50
station http proxy support..................................................................................2-50
station idle detection...........................................................................................2-50
system accounting............................................................................................... 2-51
* remember delay................................................................................................ 2-51
* remember html users....................................................................................... 2-51
* worldpay installation id................................................................................... 2-51
* worldpay payment response password .........................................................2-51
* worldpay payment url......................................................................................2-51
* authorize_net installation id ...........................................................................2-51
x
* authorize_net payment url ..............................................................................2-52
* authorize_net transaction key ........................................................................2-52
* ads presentation with frameset ......................................................................2-52
authentication http ..............................................................................................2-52
authentication https ............................................................................................2-52
noc access internet.............................................................................................. 2-52
noc access vpn .....................................................................................................2-53
noc allow ..............................................................................................................2-53
noc authentication............................................................................................... 2-53
secure login .......................................................................................................... 2-53
* sslv2 authentication ......................................................................................... 2-53
noc access interface vlan....................................................................................2-54
noc access interface gre .....................................................................................2-54
ipass id .................................................................................................................. 2-54
ipass name ............................................................................................................2-54
wispr abort login url............................................................................................2-54
wispr login url ......................................................................................................2-55
wispr logoff url.....................................................................................................2-55
access-list .............................................................................................................2-55
use access-list ......................................................................................................2-56
use access-list unauth .........................................................................................2-56
config file ..............................................................................................................2-56
* http proxy upstream ........................................................................................2-57
https ssl certificate .............................................................................................. 2-57
mac-address .........................................................................................................2-57
fail page................................................................................................................. 2-57
goodbye url........................................................................................................... 2-57
ipass login url .......................................................................................................2-58
login error url .......................................................................................................2-58
login page..............................................................................................................2-58
login url................................................................................................................. 2-58
logo........................................................................................................................ 2-58
messages...............................................................................................................2-59
noc ssl ca-certificate ...........................................................................................2-59
noc ssl certificate.................................................................................................2-59
session page .........................................................................................................2-59
transport page ......................................................................................................2-59
welcome url..........................................................................................................2-60
notify user location changes ..............................................................................2-60
xi
Default Session profile context ................................................................................2-61
accounting interim update .................................................................................2-61
idle timeout ..........................................................................................................2-61
maximum input octets ........................................................................................2-61
maximum input packets .....................................................................................2-61
maximum output octets...................................................................................... 2-62
maximum output packets...................................................................................2-62
maximum total octets .........................................................................................2-62
maximum total packets ......................................................................................2-62
nat one-to-one ......................................................................................................2-62
session timeout ....................................................................................................2-63
smtp redirection setup........................................................................................ 2-63
* public ip subnet ................................................................................................2-63
end .........................................................................................................................2-63
smtp redirection ..................................................................................................2-64
Session profile context.............................................................................................. 2-65
end .........................................................................................................................2-65
access controlled................................................................................................. 2-65
access list..............................................................................................................2-65
accounting interim update .................................................................................2-65
arp polling interval ..............................................................................................2-65
arp polling max count .........................................................................................2-66
bandwidth level....................................................................................................2-66
* egress vlan.........................................................................................................2-66
idle timeout ..........................................................................................................2-66
intercept traffic ....................................................................................................2-67
max input rate...................................................................................................... 2-67
max output rate ...................................................................................................2-67
nat one-to-one ......................................................................................................2-67
session profile ......................................................................................................2-68
smtp redirection setup........................................................................................ 2-68
termination action ...............................................................................................2-68
user defined attribute.......................................................................................... 2-69
* public ip subnet ................................................................................................2-69
User Profile context...................................................................................................2-70
end .........................................................................................................................2-70
xii
access controlled................................................................................................. 2-71
access-controlled profile ....................................................................................2-71
access-controlled virtual ap ...............................................................................2-71
active .....................................................................................................................2-71
chargeable user identity .....................................................................................2-72
control method ....................................................................................................2-72
egress vlan ............................................................................................................2-72
end time ................................................................................................................ 2-72
idle timeout ..........................................................................................................2-72
max user sessions................................................................................................ 2-72
password...............................................................................................................2-73
regular profile ......................................................................................................2-73
regular virtual ap .................................................................................................2-73
session timeout ....................................................................................................2-73
subscription plan .................................................................................................2-73
username ..............................................................................................................2-74
Internet interface context .........................................................................................2-75
end .........................................................................................................................2-75
duplex ...................................................................................................................2-75
speed .....................................................................................................................2-75
interface vlan........................................................................................................2-75
ipsec vlan interface .............................................................................................2-76
LAN interface context ...............................................................................................2-77
end .........................................................................................................................2-77
duplex ...................................................................................................................2-77
speed .....................................................................................................................2-77
interface vlan........................................................................................................2-77
ipsec vlan interface .............................................................................................2-78
WAN IP interface context..........................................................................................2-79
pppoe client user .................................................................................................2-79
ip address mode...................................................................................................2-79
ip address..............................................................................................................2-79
ip nat......................................................................................................................2-80
nat limit port range..............................................................................................2-80
nat limit port range size ......................................................................................2-80
ip address dhcp client-id..................................................................................... 2-80
end .........................................................................................................................2-80
pppoe auto-reconnect .........................................................................................2-80
pppoe mru ............................................................................................................2-81
pppoe mtu............................................................................................................. 2-81
xiii
pppoe unnumbered .............................................................................................2-81
ip nat outside source static ................................................................................2-81
ip rip authentication key-chain ..........................................................................2-82
ip rip authentication mode .................................................................................2-82
ip rip authentication string................................................................................. 2-82
passive-interface.................................................................................................. 2-82
router rip............................................................................................................... 2-82
ip address alternate .............................................................................................2-83
LAN IP interface context........................................................................................... 2-84
end .........................................................................................................................2-84
ip address..............................................................................................................2-84
ip address management ......................................................................................2-84
passive-interface.................................................................................................. 2-84
router rip............................................................................................................... 2-84
RADIUS remote configuration context ...................................................................2-86
end .........................................................................................................................2-86
active .....................................................................................................................2-86
credentials ............................................................................................................2-86
interval ..................................................................................................................2-86
radius server profile ............................................................................................2-86
Virtual AP context...................................................................................................... 2-87
virtual ap name ....................................................................................................2-87
access control ......................................................................................................2-87
force centralize data............................................................................................ 2-88
ingress interface ..................................................................................................2-88
egress unauthenticated....................................................................................... 2-88
guest-mode ...........................................................................................................2-88
max-association ...................................................................................................2-89
ssid name ..............................................................................................................2-89
vlan ........................................................................................................................2-89
encryption key 1 ..................................................................................................2-89
encryption key format.........................................................................................2-89
transmit key..........................................................................................................2-90
authentication server access controller ...........................................................2-90
authentication server accounting...................................................................... 2-90
authentication server accounting radius profile .............................................2-90
authentication server radius ..............................................................................2-90
xiv
dot1x authentication ...........................................................................................2-90
wpa-psk.................................................................................................................2-91
authentication server request radius cui ..........................................................2-91
dot1x session page ..............................................................................................2-91
wireless filters......................................................................................................2-91
wireless filters mac .............................................................................................2-92
wireless filters rule input....................................................................................2-92
wireless filters rule output .................................................................................2-92
wireless filters type .............................................................................................2-93
mac authentication accounting .........................................................................2-94
mac authentication accounting radius profile .................................................2-94
mandatory authentication .................................................................................. 2-94
mac authentication radius profile .....................................................................2-94
mac authentication remote ................................................................................2-94
mac authentication request radius cui.............................................................. 2-94
mac authentication local ....................................................................................2-95
mac authentication..............................................................................................2-95
html authentication .............................................................................................2-95
html authentication accounting.........................................................................2-95
html authentication accounting radius profile ................................................2-95
html authentication active-directory.................................................................2-96
html authentication local.................................................................................... 2-96
html authentication radius ................................................................................. 2-96
html authentication radius profile..................................................................... 2-96
html authentication request radius cui .............................................................2-96
html authentication timeout...............................................................................2-96
active .....................................................................................................................2-97
beacon dtim count...............................................................................................2-97
beacon transmit power .......................................................................................2-97
data rate ................................................................................................................2-97
public forwarding ................................................................................................ 2-97
access lan stations...............................................................................................2-97
fast authentication............................................................................................... 2-98
layer3 mobility .....................................................................................................2-98
add ip-qos profile .................................................................................................2-98
delete ip-qos profile all........................................................................................2-98
delete ip-qos profile.............................................................................................2-98
qos .........................................................................................................................2-98
upstream diffserv tagging ...................................................................................2-99
wmm advertising ...............................................................................................2-100
xv
html redirection .................................................................................................2-100
local nas id.......................................................................................................... 2-100
bandwidth...........................................................................................................2-100
bandwidth default rates.................................................................................... 2-100
bandwidth default rates maximum .................................................................2-100
radius accounting realms .................................................................................2-101
radius authentication realms ...........................................................................2-101
identify stations by ip only ...............................................................................2-101
location-aware group ........................................................................................2-101
location-aware called-station-id content ........................................................2-101
dhcp relay ...........................................................................................................2-101
dhcp relay active................................................................................................ 2-102
dhcp relay circuit id ..........................................................................................2-102
dhcp relay remote id .........................................................................................2-102
dhcp relay subnet ..............................................................................................2-102
dhcp server......................................................................................................... 2-102
dhcp server dns.................................................................................................. 2-102
dhcp server gateway .........................................................................................2-103
dhcp server range ..............................................................................................2-103
dhcp server subnet ............................................................................................2-103
radius-framed-protocol-attribute.....................................................................2-103
end .......................................................................................................................2-103
security ...............................................................................................................2-103
VLAN interface context ...........................................................................................2-105
end .......................................................................................................................2-105
ip address............................................................................................................2-105
ip address mode.................................................................................................2-105
vlan name............................................................................................................2-106
ip default-gateway .............................................................................................2-106
ip nat....................................................................................................................2-106
RADIUS context .......................................................................................................2-107
end .......................................................................................................................2-107
radius-server accounting port.......................................................................... 2-107
radius-server alternate hosts............................................................................ 2-107
radius-server authentication method.............................................................. 2-107
radius-server authentication port.................................................................... 2-107
radius-server deadtime .....................................................................................2-108
radius-server host ..............................................................................................2-108
xvi
radius-server key 2 ............................................................................................2-108
radius-server message-authenticator ..............................................................2-108
radius-server name ............................................................................................2-108
radius-server nasid ............................................................................................2-109
radius-server timeout ........................................................................................2-109
radius-server timeout ........................................................................................2-109
radius-server force-nas-port-to-vlanid ............................................................2-109
radius-server realm............................................................................................2-109
radius-server realm name .................................................................................2-109
DHCP server context ...............................................................................................2-110
end .......................................................................................................................2-110
active ...................................................................................................................2-110
gateway ...............................................................................................................2-110
range.................................................................................................................... 2-110
permanent leases............................................................................................... 2-110
GRE interface context .............................................................................................2-111
end force............................................................................................................. 2-111
gre name .............................................................................................................2-111
ip address............................................................................................................2-111
peer ip address...................................................................................................2-111
remote ip address ..............................................................................................2-111
IPsec policy context.................................................................................................2-112
end .......................................................................................................................2-112
active ...................................................................................................................2-112
authentication ....................................................................................................2-112
cipher ..................................................................................................................2-112
dns domain .........................................................................................................2-112
dns server ...........................................................................................................2-112
incoming nat....................................................................................................... 2-113
incoming traffic network.................................................................................. 2-113
interface.............................................................................................................. 2-113
local id................................................................................................................. 2-113
mode.................................................................................................................... 2-113
outgoing traffic network...................................................................................2-113
peer id .................................................................................................................2-113
peer ip address...................................................................................................2-114
perfect forward secrecy.................................................................................... 2-114
preshared key..................................................................................................... 2-114
xvii
Syslog destination context...................................................................................... 2-115
active ...................................................................................................................2-115
logging facility....................................................................................................2-115
logging host ........................................................................................................2-115
logging prefix .....................................................................................................2-115
name.................................................................................................................... 2-115
end .......................................................................................................................2-116
level .....................................................................................................................2-116
level .....................................................................................................................2-116
matches...............................................................................................................2-116
message...............................................................................................................2-116
message...............................................................................................................2-117
process................................................................................................................ 2-117
process................................................................................................................ 2-117
PPTP client interface context................................................................................. 2-118
active ...................................................................................................................2-118
pptp client credentials ......................................................................................2-118
pptp client domain name ..................................................................................2-118
pptp client server address ................................................................................2-118
end .......................................................................................................................2-118
ip nat....................................................................................................................2-118
pptp client auto route discovery...................................................................... 2-119
pptp client lcp echo........................................................................................... 2-119
passive-interface................................................................................................ 2-119
router rip............................................................................................................. 2-119
Keychain context......................................................................................................2-120
end .......................................................................................................................2-120
key .......................................................................................................................2-120
key chain name ..................................................................................................2-120
Keys context .............................................................................................................2-121
end .......................................................................................................................2-121
key-string ............................................................................................................2-121
Subscription plan context .......................................................................................2-122
end .......................................................................................................................2-122
daily restriction..................................................................................................2-122
xviii
end time .............................................................................................................. 2-122
initial login time allocation............................................................................... 2-122
online time limit.................................................................................................2-123
online time limit.................................................................................................2-123
start time............................................................................................................. 2-123
subscription plan name.....................................................................................2-123
* public ip reservation ...................................................................................... 2-123
* public ip subnet ..............................................................................................2-123
* SNMP user context................................................................................................2-125
* access level .....................................................................................................2-125
* end....................................................................................................................2-125
* password .........................................................................................................2-125
* security ............................................................................................................2-125
* user name ........................................................................................................2-125
* SNMP notification receiver context.................................................................... 2-126
* community ......................................................................................................2-126
* end....................................................................................................................2-126
* port................................................................................................................... 2-126
* receiver ............................................................................................................2-126
* user................................................................................................................... 2-126
* version .............................................................................................................2-126
Active Directory Group context............................................................................. 2-127
end .......................................................................................................................2-127
access controlled............................................................................................... 2-127
access-controlled profile ..................................................................................2-127
access-controlled virtual ap .............................................................................2-127
active ...................................................................................................................2-128
active-directory group name ............................................................................2-128
egress vlan ..........................................................................................................2-128
regular profile ....................................................................................................2-128
regular virtual ap ...............................................................................................2-128
Controlled Network AP context............................................................................. 2-130
end .......................................................................................................................2-130
execute action....................................................................................................2-130
execute system action.......................................................................................2-130
show config factory...........................................................................................2-130
ap group ..............................................................................................................2-130
ap name............................................................................................................... 2-130
config...................................................................................................................2-130
xix
contact ................................................................................................................2-131
location ...............................................................................................................2-131
product type .......................................................................................................2-131
Controlled Network AP Group context.................................................................2-132
execute action....................................................................................................2-132
show config factory...........................................................................................2-132
end .......................................................................................................................2-132
config...................................................................................................................2-132
group name......................................................................................................... 2-132
virtual ap binding...............................................................................................2-132
Controlled Network Base Group context ............................................................. 2-133
execute action....................................................................................................2-133
show config factory...........................................................................................2-133
config...................................................................................................................2-133
end .......................................................................................................................2-133
Controlled Network context...................................................................................2-134
end .......................................................................................................................2-134
* interface wireless ...........................................................................................2-134
local mesh group ...............................................................................................2-134
local mesh provisioning group......................................................................... 2-134
provisioning connectivity .................................................................................2-134
provisioning discovery......................................................................................2-134
radius profile ......................................................................................................2-134
* switch port ......................................................................................................2-135
syslog...................................................................................................................2-135
sensor server name ...........................................................................................2-135
sensor server id.................................................................................................. 2-135
sensor discovery mode .....................................................................................2-135
sensor network detector...................................................................................2-136
inherit sensor .....................................................................................................2-136
dynamic key .......................................................................................................2-136
dynamic key interval .........................................................................................2-136
dot1x reauth .......................................................................................................2-136
dot1x reauth period...........................................................................................2-137
dot1x reauth terminate .....................................................................................2-137
dot1x supplicant timeout.................................................................................. 2-137
inherit 8021x....................................................................................................... 2-137
xx
bridge protocol ieee ..........................................................................................2-137
inherit untagged stp...........................................................................................2-138
bridge protocol ieee vlan ..................................................................................2-138
inherit vlan stp ...................................................................................................2-138
inherit local mesh qos .......................................................................................2-138
local mesh ip qos profile...................................................................................2-138
local mesh qos mechanism............................................................................... 2-139
enable vsc services............................................................................................ 2-139
inherit service availability ................................................................................2-139
inherit l3subnets ................................................................................................2-139
l3subnet...............................................................................................................2-139
* inherit switch ports ........................................................................................2-139
Virtual AP Binding context .....................................................................................2-141
dual radio binding.............................................................................................. 2-141
egress vlan ..........................................................................................................2-141
egress vlan ..........................................................................................................2-141
end .......................................................................................................................2-141
location aware....................................................................................................2-141
Syslog context ..........................................................................................................2-142
message...............................................................................................................2-142
message...............................................................................................................2-142
process................................................................................................................ 2-142
process................................................................................................................ 2-142
level .....................................................................................................................2-142
level .....................................................................................................................2-143
matches...............................................................................................................2-143
end .......................................................................................................................2-143
inherit.................................................................................................................. 2-143
Provisioning connectivity context .........................................................................2-144
end .......................................................................................................................2-144
inherit.................................................................................................................. 2-144
interface.............................................................................................................. 2-144
interface provisioninig ......................................................................................2-144
ip assignation .....................................................................................................2-144
vlan ......................................................................................................................2-144
vlan ......................................................................................................................2-145
static ip................................................................................................................2-145
provisioning local mesh group......................................................................... 2-145
provisioning local mesh key............................................................................. 2-145
xxi
provisioning local mesh port............................................................................2-145
provisioning local mesh security..................................................................... 2-145
provisioning local mesh security..................................................................... 2-145
provisioning local mesh type ...........................................................................2-146
country code ......................................................................................................2-146
Provisioning discovery context.............................................................................. 2-147
end .......................................................................................................................2-147
dns name............................................................................................................. 2-147
dns provisioning ................................................................................................2-147
inherit.................................................................................................................. 2-147
dns domain name...............................................................................................2-147
dns server ...........................................................................................................2-148
discovery provisioning......................................................................................2-148
ip address............................................................................................................2-148
ip provisioning ...................................................................................................2-148
CN Wireless interface context................................................................................2-149
dot11.................................................................................................................... 2-149
distance...............................................................................................................2-149
transmit power................................................................................................... 2-150
multicast rate .....................................................................................................2-150
dot11 automatic frequency...............................................................................2-150
dot11 automatic frequency period ..................................................................2-150
dot11 automatic frequency time ......................................................................2-150
dot11 automatic transmit-power .....................................................................2-151
dot11 automatic transmit-power period......................................................... 2-151
antenna bidirectionnal ......................................................................................2-151
antenna gain .......................................................................................................2-151
autochannel skip................................................................................................2-151
station distance..................................................................................................2-151
beacon interval ..................................................................................................2-152
rts threshold .......................................................................................................2-152
dot11 mode......................................................................................................... 2-152
radio active......................................................................................................... 2-152
spectralink view................................................................................................. 2-153
dot11n guard interval ........................................................................................2-153
dot11n channel width........................................................................................ 2-153
dot11n channel extension.................................................................................2-153
dot11n multicast rate ........................................................................................2-153
xxii
end .......................................................................................................................2-153
inherit.................................................................................................................. 2-153
RADIUS Profile context ..........................................................................................2-155
end .......................................................................................................................2-155
inherit.................................................................................................................. 2-155
radius nas id ....................................................................................................... 2-155
Local mesh profile context .....................................................................................2-156
security ...............................................................................................................2-156
security mode..................................................................................................... 2-156
security psk ........................................................................................................2-156
security wep .......................................................................................................2-156
dynamic mode....................................................................................................2-156
mesh id................................................................................................................2-157
allowed downtime .............................................................................................2-157
minimum snr ......................................................................................................2-157
snr cost per hop .................................................................................................2-157
initial discovery time.........................................................................................2-157
active ...................................................................................................................2-157
end .......................................................................................................................2-157
inherit.................................................................................................................. 2-158
name.................................................................................................................... 2-158
radio active......................................................................................................... 2-158
Local mesh provisioning profile context...............................................................2-159
accept connection .............................................................................................2-159
end .......................................................................................................................2-159
inherit.................................................................................................................. 2-159
multiple radio..................................................................................................... 2-159
* Switch port context............................................................................................... 2-160
* end....................................................................................................................2-160
* active................................................................................................................2-160
* authentication profile vsc..............................................................................2-160
* authentication server radius .........................................................................2-160
* dot1x authentication...................................................................................... 2-160
* dynamic vlan ...................................................................................................2-161
* egress rate .......................................................................................................2-161
* force flow control........................................................................................... 2-161
* ingress rate...................................................................................................... 2-161
xxiii
* ingress traffic type..........................................................................................2-161
* mac authentication.........................................................................................2-162
* mac filter list ...................................................................................................2-162
* port name ........................................................................................................2-162
* port type ..........................................................................................................2-162
* power over ethernet....................................................................................... 2-162
* priority .............................................................................................................2-162
* priority lookup................................................................................................ 2-163
* quarantine vlan ............................................................................................... 2-163
* vlan................................................................................................................... 2-163
* List of MAC addresses context ............................................................................2-164
* end....................................................................................................................2-164
* entry .................................................................................................................2-164
* list name ..........................................................................................................2-164
xxiv

Alphabetical list of commands

In this alphabetical list, new to 5.3.x commands are preceded by an asterisk “*” and formatted in green like this:
* command 2-xxx
accept connection 2-159 access control 2-87 access controlled 2-127 access controlled 2-65 access controlled 2-71 access controller 2-35 access controller shared secret 2-34 access lan stations 2-97
* access level 2-125
access list 2-65 access-controlled profile 2-127 access-controlled profile 2-71 access-controlled virtual ap 2-127 access-controlled virtual ap 2-71 access-list 2-55 accounting interim update 2-61 accounting interim update 2-65 active 2-110 active 2-112 active 2-115 active 2-118 active 2-128 active 2-157
* active 2-160
active 2-71 active 2-86 active 2-97 active-directory check attribute 2-45 active-directory check user access 2-45 active-directory device name 2-45 active-directory domain 2-45 active-directory group 2-46 active-directory group name 2-128 active-directory group order 2-46 active-directory join 2-46 add ip-qos profile 2-98
* admin local authentication 2-12 * admin radius authentication 2-12 * admin radius authentication server 2-12 * ads presentation 2-49 * ads presentation interval 2-49 * ads presentation with frameset 2-52
allowed downtime 2-157 antenna bidirectionnal 2-151 antenna gain 2-151 ap group 2-130 ap name 2-130 arp 2-5 arp polling interval 2-65 arp polling max count 2-66 arping 2-2 arping 2-5 authentication 2-112 authentication http 2-52 authentication https 2-52
* authentication profile vsc 2-160
authentication server access controller 2-90 authentication server accounting 2-90 authentication server accounting radius profile 2-90
* authentication server radius 2-160
authentication server radius 2-90 authentication server request radius cui 2-91
* authorize_net installation id 2-51 * authorize_net payment url 2-52 * authorize_net transaction key 2-52
autochannel skip 2-151 bandwidth 2-100 bandwidth control internet-port 2-39 bandwidth control internet-port high 2-39 bandwidth control internet-port low 2-40 bandwidth control internet-port max-rate 2-40 bandwidth control internet-port normal 2-41 bandwidth control internet-port very-high 2-41 bandwidth default rates 2-100 bandwidth default rates maximum 2-100 bandwidth level 2-66 beacon dtim count 2-97 beacon interval 2-152 beacon transmit power 2-97 bridge protocol ieee 2-137 bridge protocol ieee vlan 2-138 certificate 2-9 certificate binding 2-9 certificate ipsec ca 2-35 certificate ipsec local 2-35 certificate ipsec revocation 2-35 certificate revocation 2-9 certificate ssl 2-36 chargeable user identity 2-72 cipher 2-112
* client data tunnel security 2-47
clock 2-18
* clock auto adjust dst 2-19 * clock custom dst begins 2-19 * clock custom dst begins format 2-20 * clock custom dst ends 2-20 * clock custom dst ends format 2-20
clock timezone 2-19
* clock use custom dst rules 2-19 *
community 2-126
config 2-130 config 2-132 config 2-133 config 2-7 config file 2-56 config-update automatic 2-21 config-update operation 2-21 config-update time 2-21 config-update uri 2-22 config-update weekday 2-22 config-version 2-43 contact 2-131 control method 2-72 controlled network 2-8 country code 2-146 credentials 2-86 daily restriction 2-122 data rate 2-97 delete ip-qos profile 2-98 delete ip-qos profile all 2-98 dhcp mode 2-16
* dhcp public ip default lease period 2-9
xxv
* dhcp public ip subnet 2-9
dhcp relay 2-101 dhcp relay 2-17 dhcp relay access centralized clients 2-18 dhcp relay access lan 2-18 dhcp relay active 2-102 dhcp relay circuit id 2-102
* dhcp relay circuit id 2-17
dhcp relay extend internet port 2-18 dhcp relay remote id 2-102
* dhcp relay remote id 2-18
dhcp relay subnet 2-102 dhcp server 2-102 dhcp server 2-16 dhcp server access centralized clients 2-17 dhcp server access lan 2-17 dhcp server controller 2-16 dhcp server controller discovery 2-16 dhcp server default domain name 2-16 dhcp server default lease period 2-16 dhcp server default permanent lease period 2-16 dhcp server dns 2-102 dhcp server gateway 2-103 dhcp server logout html user 2-17 dhcp server range 2-103 dhcp server subnet 2-103 discovery protocol 2-36 discovery protocol device-id 2-37 discovery provisioning 2-148 distance 2-149 dns domain 2-112 dns domain name 2-147 dns name 2-147 dns provisioning 2-147 dns server 2-112 dns server 2-148 dot11 2-149 dot11 automatic frequency 2-150 dot11 automatic frequency period 2-150 dot11 automatic frequency time 2-150 dot11 automatic transmit-power 2-151 dot11 automatic transmit-power period 2-151 dot11 mode 2-152 dot11n channel extension 2-153 dot11n channel width 2-153 dot11n guard interval 2-153 dot11n multicast rate 2-153
* dot1x authentication 2-160
dot1x authentication 2-90 dot1x reauth 2-136 dot1x reauth 2-42 dot1x reauth period 2-137 dot1x reauth period 2-42 dot1x reauth terminate 2-137 dot1x reauth terminate 2-42 dot1x session page 2-91 dot1x supplicant timeout 2-137 dot1x supplicant timeout 2-43 dual radio binding 2-141 duplex 2-75 duplex 2-77 dynamic key 2-136 dynamic key 2-43 dynamic key interval 2-136 dynamic key interval 2-43 dynamic mode 2-156
* dynamic vlan 2-161 * egress rate 2-161
egress unauthenticated 2-88 egress vlan 2-128 egress vlan 2-141 egress vlan 2-141
* egress vlan 2-66
egress vlan 2-72 enable 2-2 enable vsc services 2-139 encryption key 1 2-89 encryption key format 2-89 end force 2-111 end time 2-122 end time 2-72
* entry 2-164
execute action 2-130 execute action 2-132 execute action 2-133 execute system action 2-130 factory settings 2-10 fail page 2-57 fast authentication 2-98 firewall mode 2-41 firmware-update automatic 2-32 firmware-update start 2-32 firmware-update time 2-32 firmware-update uri 2-32 firmware-update weekday 2-33 force centralize data 2-88
* force flow control 2-161
gateway 2-110 goodbye url 2-57 gre name 2-111 group name 2-132 guest-mode 2-88 html authentication 2-95 html authentication accounting 2-95 html authentication accounting radius profile 2-95 html authentication active-directory 2-96 html authentication local 2-96 html authentication radius 2-96 html authentication radius profile 2-96 html authentication request radius cui 2-96 html authentication timeout 2-96 html redirection 2-100
* http proxy upstream 2-57
https ssl certificate 2-57 identify stations by ip only 2-101 idle timeout 2-61 idle timeout 2-66 idle timeout 2-72 igmp proxy 2-48 igmp proxy downstream interface 2-48 igmp proxy upstream interface 2-48 incoming nat 2-113 incoming traffic network 2-113 ingress interface 2-88
* ingress rate 2-161 * ingress traffic type 2-161
inherit 2-143 inherit 2-144 inherit 2-147 inherit 2-153 inherit 2-155 inherit 2-158
xxvi
inherit 2-159 inherit 8021x 2-137 inherit l3subnets 2-139 inherit local mesh qos 2-138 inherit sensor 2-136 inherit service availability 2-139
* inherit switch ports 2-139
inherit untagged stp 2-138 inherit vlan stp 2-138 initial discovery time 2-157 initial login time allocation 2-122 intercept traffic 2-67 interface 2-113 interface 2-144 interface ethernet 2-10 interface gre 2-11 interface ip 2-11 interface pptp client-default 2-11 interface provisioninig 2-144 interface vlan 2-75 interface vlan 2-77
* interface wireless 2-134
interval 2-86 ip address 2-105 ip address 2-111 ip address 2-148 ip address 2-79 ip address 2-84 ip address alternate 2-83 ip address dhcp client-id 2-80 ip address management 2-84 ip address mode 2-105 ip address mode 2-79 ip assignation 2-144 ip default-gateway 2-106 ip http port 2-13 ip https port 2-13 ip name-server 2-33 ip name-server cache 2-33 ip name-server dynamic 2-33 ip name-server interception 2-34 ip name-server logout-info 2-34 ip name-server switch-on-servfail 2-34 ip name-server switch-over 2-34 ip nat 2-106 ip nat 2-118 ip nat 2-80 ip nat outside source static 2-81 ip provisioning 2-148 ip rip authentication key-chain 2-82 ip rip authentication mode 2-82 ip rip authentication string 2-82 ip route gateway 2-41 ipass id 2-54 ipass login url 2-58 ipass name 2-54 iperf 2-2 iperf 2-4 ipsec policy 2-12 ipsec vlan interface 2-76 ipsec vlan interface 2-78 key 2-120 key chain 2-43 key chain name 2-120 key-string 2-121 l3subnet 2-139
layer3 mobility 2-98 level 2-116 level 2-116 level 2-142 level 2-143
* list name 2-164
local id 2-113 local mesh group 2-134 local mesh ip qos profile 2-138 local mesh provisioning group 2-134 local mesh qos mechanism 2-139 local nas id 2-100 location 2-131 location aware 2-141 location-aware called-station-id content 2-101 location-aware group 2-101 logging destination 2-22 logging facility 2-115 logging host 2-115 logging prefix 2-115 login error url 2-58 login page 2-58 login url 2-58 logo 2-58
* mac authentication 2-162
mac authentication 2-95 mac authentication accounting 2-94 mac authentication accounting radius profile 2-94 mac authentication local 2-95 mac authentication radius profile 2-94 mac authentication remote 2-94 mac authentication request radius cui 2-94
* mac filter list 2-162 * mac list 2-12
mac-address 2-57 managed map max 2-47 mandatory authentication 2-94 matches 2-116 matches 2-143 max input rate 2-67 max output rate 2-67 max user sessions 2-72 max-association 2-89 maximum input octets 2-61 maximum input packets 2-61 maximum output octets 2-62 maximum output packets 2-62 maximum total octets 2-62 maximum total packets 2-62 mesh id 2-157 message 2-116 message 2-117 message 2-142 message 2-142 messages 2-59 minimum snr 2-157 mode 2-113 multicast rate 2-150 multiple radio 2-159 name 2-115 name 2-158 nat limit port range 2-80 nat limit port range size 2-80 nat one-to-one 2-62 nat one-to-one 2-67 noc access interface gre 2-54
xxvii
noc access interface vlan 2-54 noc access internet 2-52 noc access vpn 2-53 noc allow 2-53 noc authentication 2-53 noc ssl ca-certificate 2-59 noc ssl certificate 2-59 notify user location changes 2-60 nslookup 2-2 ntp protocol 2-19 ntp server 2-19 ntp server 2-21 ntp server failure trap 2-21 online time limit 2-123 online time limit 2-123 outgoing traffic network 2-113 passive-interface 2-119 passive-interface 2-82 passive-interface 2-84
* password 2-125
password 2-73 peer id 2-113 peer ip address 2-111 peer ip address 2-114 perfect forward secrecy 2-114 permanent leases 2-110 persistent user information 2-47 persistent user information period 2-47 ping 2-2 ping 2-4
* port 2-126 * port name 2-162 * port type 2-162 * power over ethernet 2-162
pppoe auto-reconnect 2-80 pppoe client user 2-79 pppoe mru 2-81 pppoe mtu 2-81 pppoe unnumbered 2-81 pptp client auto route discovery 2-119 pptp client credentials 2-118 pptp client domain name 2-118 pptp client lcp echo 2-119 pptp client server address 2-118 preshared key 2-114
* priority 2-162 * priority lookup 2-163
process 2-117 process 2-117 process 2-142 process 2-142 product type 2-131 provisioning connectivity 2-134 provisioning discovery 2-134 provisioning local mesh group 2-145 provisioning local mesh key 2-145 provisioning local mesh port 2-145 provisioning local mesh security 2-145 provisioning local mesh security 2-145 provisioning local mesh type 2-146 ps 2-3 public forwarding 2-97
* public ip reservation 2-123 * public ip subnet 2-123 * public ip subnet 2-63 * public ip subnet 2-69
qos 2-98
* quarantine vlan 2-163
quit 2-3 quit 2-5 radio active 2-152 radio active 2-158 radius accounting realms 2-101 radius authentication realms 2-101 radius nas id 2-155 radius profile 2-134 radius server profile 2-86 radius-framed-protocol-attribute 2-103 radius-server accounting port 2-107 radius-server accounting session 2-43 radius-server alternate hosts 2-107 radius-server authentication method 2-107 radius-server authentication port 2-107 radius-server client 2-44 radius-server client 2-46 radius-server deadtime 2-108 radius-server force-nas-port-to-vlanid 2-109 radius-server host 2-108 radius-server key 2 2-108 radius-server local eap-peap 2-44 radius-server local eap-tls 2-44 radius-server local eap-ttls 2-44 radius-server local pap 2-44 radius-server message-authenticator 2-108 radius-server name 2-108 radius-server nasid 2-109 radius-server profile 2-35 radius-server realm 2-109 radius-server realm name 2-109 radius-server ssid detection nas-id 2-44 radius-server timeout 2-109 radius-server timeout 2-109 range 2-110 rcapture 2-5 reboot device 2-10 reboot device 2-4
* receiver 2-126
regular profile 2-128 regular profile 2-73 regular virtual ap 2-128 regular virtual ap 2-73
* remember delay 2-51 * remember html users 2-51
remote configuration 2-36 remote ip address 2-111 renew user profile subscription 2-42
* rf-id aeroscout 2-48
router rip 2-119 router rip 2-82 router rip 2-84 rts threshold 2-152 secure login 2-53 security 2-103
* security 2-125
security 2-156 security mode 2-156 security psk 2-156 security wep 2-156 sensor discovery mode 2-135 sensor network detector 2-136 sensor server id 2-135 sensor server name 2-135
xxviii
service controller ap authentication credentials 2-37 service controller ap authentication enable 2-37 service controller ap authentication file 2-37 service controller ap authentication radius-server 2-37 service controller ap authentication refresh-rate 2-37 service controller ap authentication source file 2-38 service controller ap authentication source local 2-38 service controller ap authentication source radius 2-38 service controller discovery 2-38 service controller discovery interface internet-port 2-38 service controller discovery interface lan-port 2-38 service controller primary 2-39 service controller primary ip addr 2-39 service controller priority 2-39 service controller provisioning 2-39 session page 2-59 session profile 2-36 session profile 2-68 session profile default 2-36 session timeout 2-63 session timeout 2-73 show active-directory 2-46 show active-directory group 2-46 show all config 2-7 show arp 2-5 show bridge 2-5 show bridge forwarding 2-6 show certificate 2-10 show certificate 2-4 show certificate binding 2-10 show certificate binding 2-4 show client log 2-7 show config factory 2-10 show config factory 2-130 show config factory 2-132 show config factory 2-133 show controlled network config 2-8 show discrete pin 2-7 show dns cache 2-6 show interfaces 2-6
* show ip 2-6
show ip dhcp database 2-6 show ip route 2-6 show license 2-3 show logging filtered 2-3
* show mac list 2-12
show radius statistics 2-7 show radius users 2-7 show radius-server 2-45 show satellites 2-6 show session profile 2-36 show subscription plan 2-11 show system info 2-6 show user profiles 2-42 show user profiles details 2-42 show users 2-7
* show web content 2-7
smtp redirection 2-64 smtp redirection setup 2-63 smtp redirection setup 2-68 snmp-server 2-23 snmp-server access interface gre 2-27 snmp-server access interface vlan 2-26 snmp-server access lan 2-27 snmp-server access port-1 2-23 snmp-server access port-2 2-27
snmp-server access vpn 2-27 snmp-server allow 2-23 snmp-server chassis-id 2-23 snmp-server contact 2-24 snmp-server heartbeat period 2-24 snmp-server location 2-24
* snmp-server notification receiver 2-28
snmp-server port 2-24 snmp-server readonly 2-24 snmp-server readwrite 2-25 snmp-server trap 2-25 snmp-server trap certificate-expired 2-13 snmp-server trap certificate-expires-soon 2-13 snmp-server trap community 2-25 snmp-server trap config-change 2-22 snmp-server trap config-update 2-22 snmp-server trap destination 2-25 snmp-server trap firmware-update 2-33 snmp-server trap heartbeat 2-25 snmp-server trap link-state 2-26 snmp-server trap network-trace 2-31 snmp-server trap new-satellite-detected 2-27 snmp-server trap satellite-unreachable 2-28 snmp-server trap snmp-authentication 2-26 snmp-server trap syslog-matches 2-31 snmp-server trap syslog-matches regex 2-31 snmp-server trap syslog-severity 2-23 snmp-server trap syslog-severity level 2-31 snmp-server trap vpn-connection 2-31 snmp-server trap web-fail 2-13 snmp-server trap web-login 2-14 snmp-server trap web-logout 2-14
* snmp-server user 2-28 * snmp-server version 1 2-26 * snmp-server version 2c 2-26 * snmp-server version 3 2-26
snr cost per hop 2-157 soap-server 2-28 soap-server access interface gre 2-30 soap-server access interface vlan 2-28 soap-server access lan 2-30 soap-server access port-1 2-29 soap-server access port-2 2-29 soap-server access vpn 2-31 soap-server allow 2-29 soap-server http authentication 2-29 soap-server http authentication password 2-29 soap-server http authentication username 2-30 soap-server port 2-30 soap-server ssl 2-30 soap-server ssl with client certificate 2-30 spectralink view 2-153 speed 2-75 speed 2-77 ssid name 2-89
* sslv2 authentication 2-53
start time 2-123 static ip 2-145 station allocate source ip address 2-49 station allow any ip address 2-49 station distance 2-151 station free access 2-50 station http proxy support 2-50 station idle detection 2-50 subscription plan 2-11 subscription plan 2-73
xxix
subscription plan name 2-123
* switch port 2-135
syslog 2-135 system accounting 2-51 termination action 2-68 top 2-3 traceroute 2-3 transmit key 2-90 transmit power 2-150 transport page 2-59 upstream diffserv tagging 2-99 use access-list 2-56 use access-list unauth 2-56
* user 2-126
user defined attribute 2-69
* user name 2-125
user profile 2-42 user tracking 2-46 user tracking destination 2-47 user tracking filter 2-47 user tracking port 2-47 username 2-10 username 2-74
* version 2-126
virtual ap 2-11 virtual ap binding 2-132 virtual ap name 2-87 vlan 2-144 vlan 2-145
* vlan 2-163
vlan 2-89 vlan name 2-106 web access interface gre 2-15 web access interface vlan 2-15 web access internet-port 2-15 web access lan 2-15 web access lan-port 2-15 web access vpn 2-15 web admin kickout 2-14 web allow 2-14 welcome url 2-60 wireless filters 2-91 wireless filters mac 2-92 wireless filters rule input 2-92 wireless filters rule output 2-92 wireless filters type 2-93 wispr abort login url 2-54 wispr login url 2-55 wispr logoff url 2-55 wmm advertising 2-100 world-mode dot11 country code 2-14
* worldpay installation id 2-51 * worldpay payment response password 2-51 * worldpay payment url 2-51
wpa-psk 2-91
xxx

Chapter 1: Introduction

Introduction
Contents
About this guide ...........................................................................................................1-2
Products covered................................................................................................... 1-2
HP ProCurve Product Naming............................................................................. 1-2
Important terms..................................................................................................... 1-3
Typographical conventions ..................................................................................1-3
HP ProCurve Networking support............................................................................. 1-4
1
Online documentation .................................................................................................1-5
Configuring CLI support.............................................................................................. 1-5
SSH client support.................................................................................................1-6
Entering strings ............................................................................................................1-6
Context hierarchy ........................................................................................................1-7
Sample CLI session ......................................................................................................1-8
File transfer...................................................................................................................1-8
Introduction

About this guide

About this guide
This guide explains how to work with the Command Line Interface (CLI) on HP ProCurve Networking MSM7xx Controllers.

Products covered

This guide covers the following products:
Model Part
MSM710 Access Controller J9328A
MSM710 Mobility Controller J9325A
MSM730 Access Controller J9329A
MSM730 Mobility Controller J9326A
MSM750 Access Controller J9330A
MSM750 Mobility Controller J9327A
MSM760 Access Controller J9420A
MSM760 Mobility Controller J9421A
MSM765 Mobility Controller J9370A

HP ProCurve Product Naming

As of October 1st, 2008, Colubris Networks was acquired by HP ProCurve. HP ProCurve has begun integrating the Colubris product line into the HP ProCurve Networking product portfolio (www.procurve.com/news/colubris-10-01-08.htm).
In the online help and this manual, Colubris product names have been changed to their equivalent HP ProCurve product names.
Note SOAP and SNMP MIBs retain the Colubris naming so you do not need to change your existing
SOAP and MIB usage.
The Colubris Networks product names and their corresponding new HP ProCurve product names are as follows:
Colubris name HP ProCurve name
MSC-5100 MultiService Controller MSM710 Controller
MSC-5200 MultiService Controller MSM730 Controller
MSC-5500 MultiService Controller MSM750 Controller
MAP-320 MultiService Access Point MSM310 Access Point
1-2
Colubris name HP ProCurve name
MAP-320R MultiService Access Point MSM310-R Access Point
Introduction
About this guide
MAP-330 MultiService Access Point MSM320 Access Point
MAP-330R MultiService Access Point MSM320-R Access Point
MAP-330 AP+Sensor MultiService Access Point MSM325 Access Point with Sensor
MAP-625 MultiService Access Point MSM422 Access Point
MAP-630 AP+Sensor MultiService Access Point MSM335 Access Point with Sensor
WCB-200 Wireless Client Bridge M111 Client Bridge
Visitor Management Tool Guest Management Software
RF Manager 1500 Enterprise RF Manager 100 IDS/IPS system
RF Manager 1300 Basic RF Manager 50 IDS/IPS system
RF Planner RF Planner

Important terms

The following terms are used in this guide.
Ter m Description
AP Refers to any HP ProCurve Networking MSM3xx or MSM4xx
Access Point.
service controller Refers to any HP ProCurve Networking MSM7xx Controller,
including both Access Controller and Mobility Controller variants.
VSC, Virtual ap, VAP These terms are used interchangeably to refer to VSC (Virtual
Service Community).

Typographical conventions

Command syntax
Command syntax is formatted in a monospaced font as follows:
Example Description
web admin kickout
ip http port <number>
Items in plain text must be entered as shown.
Items in italics and enclosed in < > are parameters for which you must supply a value. In this example, you must supply a value for <number>.
1-3
Introduction

HP ProCurve Networking support

Example Description
end [force]
firewall mode (high|low|none)
Items enclosed in square brackets are optional. You can either include them or not. Do not include the brackets. In this example you can either include “force” or omit it.
Items enclosed in parenthesis and separated by a vertical line indicate a choice. Specify only one of the items. In this example, you must specify ’high’, ’low’, or ’none’.
Management tool
When referring to the management tool interface, the Main menu name is presented first followed by a right angle-bracket and then the sub-menu name, as in Network > Ports.
Double angle brackets >> separate elements that appear in the Network Tree from main menu and sub-menu references, as in Service Controller >> Status.
HP ProCurve Networking support
HP ProCurve Networking offers support 24 hours a day, seven days a week through a number of automated electronic services. See the Customer Support/Warranty booklet included with your product.
The HP ProCurve Networking Web site, www.procurve.com/customercare provides up-to- date support information.
Additionally, your HP-authorized network reseller can provide you with assistance, both with services that they offer and with services offered by HP.

Before contacting support

To make the support process most efficient, before calling your networking dealer or HP Support, you first should collect the following information:
Collect this information Where to find it
Product identification. On the rear of the product.
Software version. The service controller management tool
Network topology map, including the addresses assigned to all relevant devices.
Login page.
Your network administrator.
1-4
Introduction

Online documentation

Online documentation
For the latest documentation, visit the HP ProCurve Networking manuals Web page at:
www.procurve.com/manuals.

Configuring CLI support

Using the service controller management tool, open the CLI configuration page. Select
Service controller >> Management > CLI.
Use this page to enable/disable CLI support via an SSH or serial connection. A maximum of three concurrent CLI sessions are supported regardless of the connection type.
The CLI supports SSH on the standard TCP port (22).
Connectivity and login credentials for SSH connections use the same settings as defined for the management tool manager on the Service Controller >> Management > Management tool page.
1-5
Introduction

Entering strings

SSH connections to the CLI can be made on any active interface. Support for each
interface must be explicitly enabled under Security.
The login credentials for SSH connections are the same as those defined under Manager
account. By default, both username and password are set to admin.
Note SSH logins always use the local manager username and password, even if Administrative
user authentication is set to use a RADIUS server. (The Administrative user authentication option is not available on all models.)

SSH client support

The following SSH clients have been tested with the CLI. Others may work as well:
OpenSSH
Tect ia
SecureCRT
Putty
Entering strings
When entering a value that contains spaces, you must enclose it in quotation marks. For example, if the command syntax is:
ssid <name>
You must specify one of the following:
ssid ANameWithNoSpaces ssid "A name with spaces"
1-6
Introduction

Context hierarchy

Context hierarchy
CLI commands are grouped into functional contexts. The following table show the context hierarchy and the command used to switch from the parent context:
Context hierarchy Command to switch from parent context
View context (This is the first context. No command is needed.) Enable context enable Config context config WAN IP interface context interface ip wan LAN IP interface context interface ip lan Internet interface context interface ethernet port-2 VLAN interface context interface vlan <id>[-<id2>] LAN interface context interface ethernet port-1 VLAN interface context interface vlan <id>[-<id2>] PPTP client interface interface pptp client-default GRE interface context interface gre <name> Virtual AP context virtual ap <name> Subscription plan subscription plan <name> List of MAC addresses context mac list <name> IPsec policy context ipsec policy <name> DHCP server context dhcp server lan Syslog destination context logging destination <name> SNMP user context snmp-server user <name> SNMP notification receiver context snmp-server notification receiver <host> RADIUS context radius-server profile <name> Access Controller context access controller Default Session profile context session profile default Session profile context session profile <name> RADIUS remote configuration context remote configuration radius User Profile context user profile <name> Keychain context key chain <name> Keys context key <number> Active Directory Group context active-directory group <name> Controlled Network AP context controlled network (ap <name> [<mac>] Controlled Network context config CN Wireless interface context interface wireless (single|dual|triple) <number> RADIUS Profile context radius profile <profile> Local mesh profile context local mesh group <group>
Provisioning connectivity context provisioning connectivity Provisioning discovery context provisioning discovery Syslog context syslog Switch port context switch port <name> Controlled Network AP Group context controlled network (group <name> [<mac>] Virtual AP Binding context virtual ap binding <profile> Controlled Network context config CN Wireless interface context interface wireless (single|dual|triple) <number> RADIUS Profile context radius profile <profile> Local mesh profile context local mesh group <group>
Provisioning connectivity context provisioning connectivity Provisioning discovery context provisioning discovery Syslog context syslog Switch port context switch port <name> Controlled Network Base Group context controlled network base Controlled Network context config CN Wireless interface context interface wireless (single|dual|triple) <number> RADIUS Profile context radius profile <profile> Local mesh profile context local mesh group <group>
Provisioning connectivity context provisioning connectivity Provisioning discovery context provisioning discovery Syslog context syslog Switch port context switch port <name>
Local mesh provisioning profile context local mesh provisioning group
Local mesh provisioning profile context local mesh provisioning group
Local mesh provisioning profile context local mesh provisioning group
1-7
Introduction

Sample CLI session

Sample CLI session
This sample CLI session shows you how to set the WAN port to use a static IP address, disable NAT, and add an alternate IP address. (The CLI prompt is shown in bold.)
CLI> enable CLI# config CLI(config)# interface ip wan CLI(config-if-ip)# ip address 192.168.66.1/24 CLI(config-if-ip)# ip address mode static CLI(config-if-ip)# no ip nat CLI(config-if-ip)# ip address alternate 192.168.23.56 CLI(config-if-ip)# end CLI(config)# end CLI# quit

File transfer

In some cases you may need to transfer files (certificates or configuration) to the service controller. Commands that have this capability typically include <uri> or <url> in their parameter list.
Note When you enter the commands discussed here, the files are transferred immediately.
File transfer can be performed in two ways.

A. The service controller gets the file using a URL

Transfer a certificate file using ftp. For example:
certificate ipsec ca ftp://ftp.example.com/certificate/my-root-certificate.pem

B. Send a file to the service controller

Using SFTP (available with OpenSSH or SSH), authenticate with the CLI credentials. Then send the file to the service controller. For example:
sftp msm710.mycompany.com >login: admin >password: **** >put my-root-certificate.pem file transferred (1k) >quit
In the CLI, use the local://<filename> parameter in the URL. Replace <filename> with the filename you used to transfer using SFTP. For example:
CLI(config)# certificate ipsec ca local://my-root-certificate.pem
1-8

Chapter 2: CLI commands

CLI commands
2
CLI commands

View context

Path: View
This is the root of the command tree.

arping

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
arping [ -AbDfhqUV] [ -c <count>] [ -w <deadline>] [ -s <source>] -I <interface> <destination>
Pings a destination on a device interface using ARP packets.

enable

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
enable
Switches to the enable context.

iperf

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
iperf -c host [-t time]
Runs a performance throughput test.
Parameters
<-c host> The IP address or DNS name of the iperf server to connect to.
<-t length> Length of the throughput test in seconds.

nslookup

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
nslookup [ -option authentication ] [ <host-to-find> | - [< server> ]]
Queries DNS servers for information on hosts or domains.

ping

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ping <host> [-c <count>] [-s <length>] [-q]
Determines if the specified remote IP address is active.
Parameters
<-c host> The IP address or DNS name of the host to ping.
<-c count> Number of pings.
<-s length> Length of the ping datagram.
<-q> Quiet mode. No output.
2-2
ps
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ps
Displays all running processes.

quit

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
quit
Quits the CLI.

show license

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show license (eula | gpl | other)
CLI commands
Displays license information.

show logging filtered

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show logging [filtered]
Displays the system log.
top
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
top
Displays all running processes.

traceroute

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
traceroute [-n] [-r] [-v] [-m <max_ttl>] [-p <port#>] [-q <nqueries>] [-s <src_addr>] [-t <tos>] [-w <wait>] <host> [<data size>]
Show the hosts that are traversed to reach the specified IP address.
2-3
CLI commands

Enable context

Path: View > Enable
This context provides access to various utilities.

reboot device

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
reboot device
Restarts the system.

show certificate

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show certificate
Display current certificates.

show certificate binding

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show certificate binding
Display how the certificates are used.

iperf

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
iperf -c host [-t time]
Runs a performance throughput test.
Parameters
<-c host> The IP address or DNS name of the iperf server to connect to.
<-t length> Length of the throughput test in seconds.

ping

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ping <host> [-c <count>] [-s <length>] [-q]
Determines if the specified remote IP address is active.
Parameters
<-c host> The IP address or DNS name of the host to ping.
<-c count> Number of pings.
<-s length> Length of the ping datagram.
<-q> Quiet mode. No output.
2-4
CLI commands

arping

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
arping [ -AbDfhqUV] [ -c <count>] [ -w <deadline>] [ -s <source>] -I <interface> <destination>
Pings a destination on a device interface using ARP packets.
arp
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
arp [-evn] [-H <type>] [-i if] ?- [<hostname>] arp [-v] [-i if] -d <hostname> [pub] arp [-v] [-H <type>] [-i if] -s <hostname> <hw_addr> [temp] arp [-v] [-H
<type>] [-i if] -s <hostname> <hw_addr> [<netmask> <nm>] <pub> arp [-v] [-H <type>] [-i if] -Ds <hostname> ifa [<netmask> <nm>] <pub>
Displays and modifies the Internet-to-Ethernet address translation tables used by the address resolution protocol.
end
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
end
Switches to parent context.

quit

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
quit
Exit the enable context.

rcapture

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
rcapture [<a>] [<b>] [<c>] [<d>] [<e>] [<f>] [<g>] [<h>]
Sends port capture to an FTP server.
Refer to Linux documentation for a complete description of this command and its options.

show arp

Supported on: MSM710 MSM730
show arp
Show the ARP table.
MSM750 MSM760 MSM765zl

show bridge

Supported on: MSM710 MSM730
show bridge
MSM750 MSM760 MSM765zl
Show bridge information.
2-5
CLI commands

show bridge forwarding

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show bridge forwarding
Show bridge forwarding information.

show dns cache

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show dns cache [<serial>]
Show DNS cache entries. Specify a serial number to display detailed information.

show interfaces

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show interfaces
Show networking interfaces.

show ip

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show ip
Show all IP addresses, mask, MTU, and MAC addresses.

show ip route

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show ip route
Show all IP routes.

show system info

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show system info
2-6
Show basic system information.

show ip dhcp database

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show ip dhcp database
Show the DHCP server lease database.

show satellites

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show satellites [<deviceid>]
Show current satellites of this access point.

show web content

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show web content
CLI commands
Show all files inside the access points detected nearby.

show client log

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show client log [<macaddr>]
Display client station log. Enter the MAC address to display more details for a specific client station.

show radius statistics

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show radius statistics
Show RADIUS server statistics.

show radius users

Supported on: MSM710 MSM730 MSM750 MSM760
show radius users [<filter>]
Show users that are using RADIUS accounting.
MSM765zl

show users

Supported on: MSM710 MSM730 MSM750 MSM760
show users [<filter>]
Show all users of this service controller.

show discrete pin

Supported on: MSM710 MSM730 MSM750
show discrete pin
Display the state of the discrete pin.

config

Supported on: MSM710 MSM730 MSM750
config
Switches to the config context.
MSM760 MSM765zl
MSM760 MSM765zl

show all config

Supported on: MSM710 MSM730 MSM750 MSM760
show all config
MSM765zl
MSM765zl
Print all configuration that applies to this device.
2-7
CLI commands

controlled network

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
controlled network (ap | group | base) [<name>] [<mac>]
Create/use the controlled network entity.

show controlled network config

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show controlled network config
Print configuration for all Controlled Network entities.
2-8

Config context

Path: View > Enable > Config
This is the root context for all configuration commands.

dhcp public ip default lease period

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
CLI commands
dhcp public ip default lease period <number>
Sets the default lease time for the DHCP public IP subnet pool.

dhcp public ip subnet

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dhcp public ip subnet
Enable DHCP server IP Address pool for Access Controller public IP subnet functionality.
no dhcp public ip subnet
Disable DHCP server IP Address pool for Access Controller public IP subnet functionality.

certificate

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
certificate (authority | local) <uri> <certname> [<password>]
Add a new certificate to the store, using the friendly name.

certificate binding

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
certificate binding (web-management | html-auth | soap | eap) <certname>
Assign a certificate to a service.
no certificate binding (web-management | html-auth | soap | eap) <certname>
Unassign a certificate from a service.

certificate revocation

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
certificate revocation <uri> <certname>
Add a Certificate Revocation List to an existing authority certificate.
end
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
end
Switches to parent context.
2-9
CLI commands

factory settings

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
factory settings
Resets the system configuration to factory default settings.

interface ethernet

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
interface ethernet (port-1|port-2)
Switches to the specified Ethernet interface context.

reboot device

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
reboot device
Restarts the system.

show certificate

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show certificate
Display current certificates.

show certificate binding

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show certificate binding
Display how the certificates are used.

show config factory

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show config [factory]
Generates a list of CLI commands that can be used to define the currently loaded configuration.

username

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
username <user> <password>
Changes the current administrator username and password.
Parameters
<user> New administrator username.
<password> New administrator password.
2-10

interface ip

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
interface ip (lan | wan)
CLI commands
Switches to the specified IP interface context.

interface pptp client-default

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
interface pptp client-default
Switches to the PPTP client interface context.

interface gre

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
interface gre <name>
Switches to the specified GRE interface or creates a new GRE interface with the specified name.
no interface gre <name>
Deletes the specified GRE interface.

virtual ap

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
virtual ap <name>
Creates a new VAP (VSC) profile or switches to the existing VAP (VSC) context with the specified name.
no virtual ap <name>
Deletes the specified Virtual AP profile.
Parameters
name Name of an existing or new VAP (VSC) profile.

show subscription plan

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show subscription plan [<name>]
Display one or many subscription plans.

subscription plan

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
subscription plan <name>
Add a new subscription plan.
no subscription plan <name>
Delete a subscription plan.
2-11
CLI commands

mac list

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
mac list <name>
Edit a MAC list.
no mac list <name>
Delete a MAC list by name.

show mac list

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show mac list [<name>]
Display current MAC list, or one list in detail.

ipsec policy

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ipsec policy <name>
Switches to the specified IPSec policy or creates a new IPSec policy with the specified name.

admin local authentication

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
admin local authentication
Enable the authentication of administrator logins to occur using local account.
no admin local authentication
Disable administrator authentication via local account.

admin radius authentication

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
admin radius authentication
Sets the authentication of administrator logins to occur using RADIUS.
no admin radius authentication
Disable administrator authentication via RADIUS.

admin radius authentication server

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
admin radius authentication server <name>
Sets the authentication of administrator logins to occur using RADIUS.
2-12
CLI commands

ip http port

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ip http port <number>
Sets the port number to use for HTTP access to the service controller.
Parameters
<number> Port number. Range: 1 - 65535.
Description
HTTP connections made to this port are met with a warning and the browser is redirected to the secure web server port. By default. this parameter is set to port 80.

ip https port

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ip https port <number>
Sets the port number used for HTTPS access to the service controller.
Parameters
<number> Port number. Range: 1 - 65535.

snmp-server trap certificate-expired

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap certificate-expired
Send a trap when the SSL certificate has expired. A trap is sent every 12 hours.
no snmp-server trap certificate-expired
Do not send a trap when the SSL certificate has expired.

snmp-server trap certificate-expires-soon

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap certificate-expires-soon
Send a trap when the SSL certificate is about to expire. A trap is sent every 12 hours starting 15 days before the certificate expires.
no snmp-server trap certificate-expires-soon
Do not send a trap when the SSL certificate is about to expire.

snmp-server trap web-fail

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap web-fail
Send a trap each time an administrator login is refused.
no snmp-server trap web-fail
Do not send a trap each time an administrator login is refused.
2-13
CLI commands

snmp-server trap web-login

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap web-login
Send a trap each time an administrator login is accepted.
no snmp-server trap web-login
Do not send a trap each time an administrator login is accepted.

snmp-server trap web-logout

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap web-logout
Send a trap each time an administrator logs out.
no snmp-server trap web-logout
Do not send a trap each time an administrator logs out.

web admin kickout

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
web admin kickout
Enables a new administrator login to terminate an existing administrator session.
no web admin kickout
Stops a new administrator from logging in until an existing administrator logs out.

web allow

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
web allow <ip address>/<mask>
Adds an address to the list of hosts that can access the management tool.
no web allow <ip address>/<mask>
Removes the specified address from the list of hosts that can access the management tool.
Parameters
<address> IP address.
</mask> Subnet mask in CIDR format. Specifies the number of bits in the mask.
2-14

world-mode dot11 country code

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
world-mode dot11 country code <code>
Specifies the country the service controller is operating in.
Parameters
<code> An ISO3166 three-letter country code.

web access internet-port

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
web access internet-port
Enables access to the management tool via the Internet port.
no web access internet-port
Blocks access to the management tool via the Internet port.

web access lan-port

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
web access lan-port
Enables access to the management tool via the LAN port.
no web access lan-port
Blocks access to the management tool via the LAN port.

web access interface vlan

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
web access interface vlan <name>
CLI commands
Enables access to the management tool via the specified VLAN.
no web access interface vlan <name>
Removes access to the management tool for the specified VLAN.

web access interface gre

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
web access interface gre <name>
Enables access to the management tool via the specified GRE tunnel.
no web access interface gre <name>
Disables access to the management tool via the specified GRE tunnel.

web access lan

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
web access lan
Enables access to the management tool via the LAN port.
no web access lan
Blocks access to the management tool via the LAN port.

web access vpn

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
web access vpn
Enables access to the management tool via a VPN connection.
2-15
CLI commands
no web access vpn
Blocks access to the management tool via a VPN connection.

dhcp mode

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dhcp mode (server | relay | none)
Sets whether the service controller operates as a DHCP server or DHCP relay agent.

dhcp server

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dhcp server lan
Switches to the DHCP server context.

dhcp server default domain name

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dhcp server default domain name <domain>
Sets the DHCP server domain name.

dhcp server default lease period

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dhcp server default lease period <number>
Sets the default lease time for the DHCP server.

dhcp server default permanent lease period

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dhcp server default permanent lease period <number>
Sets the permanent lease time for the DHCP server.

dhcp server controller

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dhcp server controller <ip address>
Add the IP address to the list of controllers.
no dhcp server controller <ip address>
Remove the IP address from the list of controllers.

dhcp server controller discovery

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dhcp server controller discovery
2-16
Send the list of controller IP addresses with DHCP answers.
no dhcp server controller discovery
Do not send the list of controller IP addresses with DHCP answers.

dhcp server logout html user

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dhcp server logout html user
Logout HTML user upon discover request.
no dhcp server logout html user
CLI commands
Do not logout HTML user upon discover request.

dhcp server access centralized clients

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dhcp server access centralized clients
Listen for DHCP requests from centralized access-controlled client stations.
no dhcp server access centralized clients
Do not listen for DHCP requests from centralized access-controlled client stations.

dhcp server access lan

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dhcp server access lan
Listen for DHCP requests on the LAN interface.
no dhcp server access lan
Do not listen for DHCP requests on the LAN interface.

dhcp relay

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dhcp relay <primary-ip-address> <[secondary-ip-address]>
Sets the primary and secondary DHCP server for the relay.

dhcp relay circuit id

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dhcp relay circuit id <string>
Sets the Option 82 circuit ID.
no dhcp relay circuit id
Clears the Option 82 circuit ID.
2-17
CLI commands

dhcp relay remote id

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dhcp relay remote id <string>
Sets the Option 82 remote ID.
no dhcp relay remote id
Clears the Option 82 remote ID.

dhcp relay access centralized clients

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dhcp relay access centralized clients
Listen for DHCP requests from centralized access-controlled client stations.
no dhcp relay access centralized clients
Do not listen for DHCP requests from centralized access-controlled client stations.

dhcp relay access lan

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dhcp relay access lan
Listen for DHCP requests on the LAN interface.
no dhcp relay access lan
Do not listen for DHCP requests on the LAN interface.

dhcp relay extend internet port

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dhcp relay extend internet port
Alter DHCP requests so they appear from the Internet port.
no dhcp relay extend internet port
Do not alter DHCP requests.

clock

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
clock <time> <date>
Sets the system time and date.
Parameters
<time> Time as hh:mm:ss. For example: 15:44:00.
<date> Date as dd Month yyyy. For example: 17 Oct 2004.
2-18
CLI commands

clock auto adjust dst

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
clock auto adjust dst
Automatically adjust clock for daylight savings changes.
no clock auto adjust dst
Do not automatically adjust clock for daylight savings changes.

clock timezone

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
clock timezone <gmtdiff>
Sets the time zone the service controller is operating in.
Parameters
<gmtdiff> Offset from GMT as follows: +-HOUR:MIN. For example, Eastern Standard
time is -5:00.

clock use custom dst rules

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
clock use custom dst rules
Use custom DST rules instead of default ones.
no clock use custom dst rules
Do not use custom DST rules, use default ones.

ntp protocol

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ntp protocol (ntp | sntp)
Sets the network time protocol to use.

ntp server

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ntp server
Enable this option to have the service controller periodically contact a network time server to update its internal clock.
no ntp server
Disables the use of a network time server.

clock custom dst begins

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
clock custom dst begins <day> <weekday> <month> <time>
Set parameters of the rule defining the beginning of daylight savings time.
2-19
CLI commands
Parameters
<day> Day of the month. Range 1 - 31.
<weekday> Weekday. Valid values are: "sun", "mon", "tue", "wed", "thu", "fri", "sat".
<month> Month. Valid values are: "jan", "feb", "mar", "apr", "may", "jun", "jul", "aug",
"sep", "oct", "nov", "dec".
<time> Time as hh:mm[:ss]. For example: 15:44:00.
If a parameter does not apply to the configured DST rule format, simply set this parameter to any valid value.

clock custom dst begins format

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
clock custom dst begins format (fixed | last-weekday | following-date | preceding-date)
Set the format of the custom DST rule.
Parameters
<fixed> Rule of the form: The [Day]th of [Month] at [Time].
<last-weekday> Rule of the form: The last [Weekday] of [Month] at [Time].
<following-date> Rule of the form: The first [Weekday] on or after the [Day]th of [Month] at
<preceding-date> Rule of the form: The first [Weekday] on or before the [Day]th of [Month]
[Time].
at [Time].

clock custom dst ends

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
clock custom dst end <day> <weekday> <month> <time>
Set parameters of the rule defining the end of daylight savings time.
Parameters
<day> Day of the month. Range 1 - 31.
<weekday> Weekday. Valid values are: "sun", "mon", "tue", "wed", "thu", "fri", "sat".
<month> Month. Valid values are: "jan", "feb", "mar", "apr", "may", "jun", "jul", "aug",
"sep", "oct", "nov", "dec".
<time> Time as hh:mm[:ss]. For example: 15:44:00.
If a parameter does not apply to the configured DST rule format, simply set this parameter to any valid value.
2-20

clock custom dst ends format

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
clock custom dst ends format (fixed | last-weekday | following-date | preceding­date)
Set the format of the custom DST rule.
Parameters
<fixed> Rule of the form: The [Day]th of [Month] at [Time].
<last-weekday> Rule of the form: The last [Weekday] of [Month] at [Time].
CLI commands
<following-date>
Rule of the form: The first [Weekday] on or after the [Day]th of [Month] at [Time].
<preceding-date> Rule of the form: The first [Weekday] on or before the [Day]th of [Month]
at [Time].

ntp server

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ntp server <index><host>
Adds a network time server.
Parameters
<index> Index of the time server in the list. Up to 20 time servers are supported.
Time servers are checked in the order that they appear in the list.
<host> DNS name or IP address of the time server.

ntp server failure trap

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ntp server failure trap
Send a trap each time a time server synchronization failed.
no ntp server failure trap
Do not send a trap each time a time server synchronization failed.

config-update automatic

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
config-update automatic
Enables scheduled configuration restore or backup.
no config-update automatic
Disables scheduled configuration restore or backup.
The service controller can automatically download the configuration file from a local or remote URL (restore). It is also possible to upload the current configuration to a given URL (backup). Theses operations can be done at preset times.

config-update operation

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
config-update operation (restore | backup)
Sets the type of operation that will take place at the preset time.

config-update time

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
config-update time <time>
Sets the time of day when the scheduled configuration operation (backup or restore) will take place.
2-21
CLI commands
Parameters
<time> Time as hh:mm:ss. For example: 15:44:00.

config-update uri

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
config-update uri <uri>
Sets the URI where the service controller will download or upload the configuration file.
no config-update uri
Clears the configuration file URI.

config-update weekday

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
config-update weekday (everyday | monday | tuesday | wednesday | thursday | friday | saturday | sunday)
Sets the day when the scheduled configuration operation (backup or restore) will take place.

snmp-server trap config-change

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap config-change
Send a trap whenever the configuration is changed.
no snmp-server trap config-change
Do not send this trap.

snmp-server trap config-update

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap config-update
2-22
Send a trap whenever the firmware is updated.
no snmp-server trap config-update
Do not send this trap.

logging destination

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
logging destination <name>
Creates a new remote destination for syslog.
no logging destination <name>
Deletes the specified syslog destination.
Parameters
<name> Name of syslog destination. Use the name "local" to edit your local log file
settings. Any other name will edit/create a remote log destination.

snmp-server trap syslog-severity

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap syslog-severity
Set the severity level of syslog messages that will trigger a trap.
no snmp-server trap syslog-severity
Do not send this trap.

snmp-server

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server
CLI commands
Enables the SNMP agent.
no snmp-server
Disables the SNMP agent.

snmp-server access port-1

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server access port-1
Enables SNMP access on the downstream port.
no snmp-server access port-1
Blocks SNMP access on the downstream port.

snmp-server allow

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server allow <ip address>/<mask>
Adds a host to the list of IP address from which access to the SNMP interface is permitted.
no snmp-server allow <ip address>/<mask>
Removes a host from the list of IP address from which access to the SNMP interface is permitted.
Parameters
<address> IP address.
</mask> Subnet mask in CIDR format. Specifies the number of bits in the mask.

snmp-server chassis-id

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server chassis-id <name>
Specifies a name to identify the service controller. By default, this is set to the serial number of the service controller.
no snmp-server chassis-id
Deletes the system name.
2-23
CLI commands

snmp-server contact

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server contact <email>
Specifies contact information.
no snmp-server contact
Deletes contact information.
Parameters
<email> Email address.

snmp-server heartbeat period

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server heartbeat period <seconds>
Sets the interval between sending heartbeat traps.
Parameters
<seconds> Heartbeat interval in seconds.

snmp-server location

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server location <name>
Specifies the location where the service controller is installed.
no snmp-server location
Deletes location information.
Parameters
<name> Location where the service controller is installed.

snmp-server port

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server port <port number>
Sets the port the service controller will use to respond to SNMP requests.
Parameters
<port number> SNMP port number. Range 1 - 65535.

snmp-server readonly

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server readonly <community>
Sets the read-only community string.
no snmp-server readonly
Deletes the read-only community string.
2-24

snmp-server readwrite

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server readwrite <community>
CLI commands
Sets the read-write community string.
no snmp-server readwrite
Deletes the read-write community string.

snmp-server trap

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap
Enables support for SNMP traps.
no snmp-server trap
Disables support for SNMP traps.

snmp-server trap community

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap community <str>
Sets the password required by the remote host that will receive the trap.
no snmp-server trap community
Deletes the password required by the remote host that will receive the trap.

snmp-server trap destination

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap destination <host> <[port number]>
Add a new trap destination.
no snmp-server trap destination <host> [<port>]
Deletes the specified trap destination.
Parameters
<host> Sets the IP address or domain name of the host that the service controller
will send traps to.
<[port number]> SNMP port number. Range 1 - 65535. By default port 162 is used

snmp-server trap heartbeat

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap heartbeat
Enables sending of heartbeat traps at regular intervals.
no snmp-server trap heartbeat
Disables sending of heartbeat traps at regular intervals.
2-25
CLI commands

snmp-server trap link-state

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap link-state
Send a trap when the link state changes on any interface.
no snmp-server trap link-state
Do not send this trap.

snmp-server trap snmp-authentication

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap snmp-authentication
Send a trap each time an SNMP request fails to supply the correct community name.

snmp-server version 1

Supported on: MSM710 MSM730 MSM750
snmp-server version 1
Enable version 1
no snmp-server version 1
Disable version 1
MSM760 MSM765zl

snmp-server version 2c

Supported on: MSM710 MSM730 MSM750
snmp-server version 2c
Enable version 2c
no snmp-server version 2c
Disable version 2c
MSM760 MSM765zl

snmp-server version 3

Supported on: MSM710 MSM730 MSM750
MSM760 MSM765zl
2-26
snmp-server version 3
Enable version 3
no snmp-server version 3
Disable version 3

snmp-server access interface vlan

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server access interface vlan <name>
Enables access to SNMP via the specified VLAN.
no snmp-server access interface vlan <name>
Disables access to SNMP via the specified VLAN.
Parameters
<name> Specifies the name of the VLAN.

snmp-server access interface gre

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server access interface gre <name>
Enables access to SNMP via the specified GRE tunnel.
CLI commands
no snmp-server access interface gre <name>
Removes access to SNMP via the specified GRE tunnel.

snmp-server access port-2

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server access port-2
Enables SNMP access on the upstream port.
no snmp-server access port-2
Blocks SNMP access on the upstream port.

snmp-server access lan

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server access lan
Enables access to the management tool via the LAN port.
no snmp-server access lan
Blocks access to the management tool via the LAN port.

snmp-server access vpn

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server access vpn
Enables access to the management tool via a VPN connection.
no snmp-server access vpn
Blocks access to the management tool via a VPN connection.

snmp-server trap new-satellite-detected

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap new-satellite-detected
Send a trap when a new satellite is detected.
no snmp-server trap new-satellite-detected
Do not send a trap when a new satellite is detected.
2-27
CLI commands

snmp-server trap satellite-unreachable

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap satellite-unreachable
Send a trap when a satellite cannot be reached.
no snmp-server trap satellite-unreachable
Ignore unreachable satellites.

snmp-server user

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server user <name>
Creates a new SNMP user or switches to the SNMP user context with the specified user name.
no snmp-server user <name>
Deletes the specified SNMP user.

snmp-server notification receiver

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server notification receiver <host>
Creates a new SNMP notification receiver or switches to the SNMP notification receiver context with the specified IP address.
no snmp-server notification receiver <host>
Deletes the specified SNMP notification receiver.

soap-server

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
soap-server
Enables the SOAP server.
no soap-server
Disables the SOAP server.

soap-server access interface vlan

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
soap-server access interface vlan <name>
Enables access to SOAP via this VLAN.
no soap-server access interface vlan <name>
Disables access to SOAP via this VLAN.
2-28

soap-server access port-1

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
soap-server access port-1
CLI commands
Enables SOAP access on the downstream port.
no soap-server access port-1
Blocks SOAP access on the downstream port.

soap-server access port-2

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
soap-server access port-2
Enables SOAP access on the upstream port.
no soap-server access port-2
Blocks SOAP access on the upstream port.

soap-server allow

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
soap-server allow <ip address>/<mask>
Adds a host to the list of IP address from which access to the SOAP interface is permitted.
no soap-server allow <ip address>/<mask>
Removes a host from the list of IP address from which access to the SOAP interface is permitted.
Parameters
<address> IP address.
</mask> Subnet mask in CIDR format. Specifies the number of bits in the mask.

soap-server http authentication

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
soap-server http authentication
Enable the SOAP server HTTP authentication.
no soap-server http authentication
Disable the SOAP server HTTP authentication.

soap-server http authentication password

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
soap-server http authentication password
Set the SOAP server HTTP authentication password.
2-29
CLI commands

soap-server http authentication username

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
soap-server http authentication username
Set the SOAP server HTTP authentication username.

soap-server port

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
soap-server port <port number>
Sets the port the service controller will use to respond to SOAP requests.
Parameters
<port number> SOAP port number. Range 1 - 65535.

soap-server ssl

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
soap-server ssl
SSL enabled for SOAP server.
no soap-server ssl
SSL disabled for SOAP server.

soap-server ssl with client certificate

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
soap-server ssl with client certificate
Enable the use of client certificate with SSL for SOAP server.
no soap-server ssl with client certificate
Disable the use of client certificate with SSL for SOAP server.

soap-server access interface gre

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
soap-server access interface gre <name>
Enables access to SOAP via the specified GRE tunnel.
no soap-server access interface gre <name>
Removes access to SOAP via the specified GRE tunnel.
2-30

soap-server access lan

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
soap-server access lan
Enables access to the management tool via the LAN port.
no soap-server access lan
Blocks access to the management tool via the LAN port.

soap-server access vpn

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
soap-server access vpn
Enables access to the management tool via a VPN connection.
CLI commands
no soap-server access vpn
Blocks access to the management tool via a VPN connection.

snmp-server trap vpn-connection

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap vpn-connection
Send a trap when a user establishes a VPN connection with the service controller.
no snmp-server trap vpn-connection
Do not send this trap.

snmp-server trap syslog-matches

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap syslog-matches
Send a trap when syslog messages matches a specified regular expression.
no snmp-server trap syslog-matches
Do not send this trap.

snmp-server trap syslog-matches regex

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap syslog-matches regex <regex>
Sets the regular expression used to match the syslog messages.

snmp-server trap syslog-severity level

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap syslog-severity level (debug | info | notice | warning | error | critical | alert | emergency)
Set the severity level of syslog messages that will trigger a trap.

snmp-server trap network-trace

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap network-trace
Send a trap when a network trace is started or stopped.
no snmp-server trap network-trace
Do not send this trap.
2-31
CLI commands

firmware-update automatic

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
firmware-update automatic
Enables scheduled firmware upgrades.
no firmware-update automatic
Disables scheduled firmware upgrade.
The service controller can automatically retrieve and install firmware from a local or remote URL at preset times. By placing service controller firmware on a web or ftp server, you can automate the update process for multiple units.
When the update process is triggered the service controller retrieves the first 2K of the firmware file to determine if it is different from the active version. If different, the entire firmware file is then downloaded and installed.
(Different means older or newer. This enables you to return to a previous firmware version if required).
Configuration settings are preserved during the update unless stated otherwise in the release notes for the firmware. However, all active connections will be terminated. Users will have to log in again after the service controller restarts

firmware-update start

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
firmware-update start
Upload the firmware based on a specified URI. This URI can be set with the command: firmware­update uri.

firmware-update time

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
firmware-update time <time>
Sets the time of day the scheduled firmware upgrade will take place.
Parameters
<time> Time as hh:mm:ss. For example: 15:44:00.

firmware-update uri

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
firmware-update uri <uri>
Sets the URI where the service controller will retrieve new firmware.
no firmware-update uri
2-32
Clears the firmware URI.
CLI commands

firmware-update weekday

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
firmware-update weekday (everyday | monday | tuesday | wednesday | thursday | friday | saturday | sunday)
Sets the day when the scheduled firmware upgrade will take place.

snmp-server trap firmware-update

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
snmp-server trap firmware-update
Send a trap on firmware update.
no snmp-server trap firmware-update
Do not send a trap on firmware update.

ip name-server

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ip name-server <primary> [<secondary>] [<third>]
Sets the primary and secondary DNS servers overriding dynamically assigned ones.
Parameters
<primary> IP address of the primary DNS server.
<secondary> IP address of the secondary DNS server.
<third> IP address of the third DNS server.

ip name-server cache

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ip name-server cache
Enables the DNS cache.
no ip name-server cache
Disables the DNS cache.
Once a host name has been successfully resolved to an IP address by a remote DNS server, it is stored in the cache. This speeds up network performance, as the remote DNS server now does not have to be queried for subsequent requests for this host.
The entry stays in the cache until:
an error occurs when connecting to the remote host
the time to live (TTL) of the DNS request expires
the service controller is restarted.

ip name-server dynamic

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ip name-server dynamic
Enables dynamic assignment of DNS servers.
2-33
CLI commands
no ip name-server dynamic
Disables dynamic DNS assignment.

ip name-server interception

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ip name-server interception
Intercepts all DNS requests from users and relays them to configured servers.
no ip name-server interception
Process DNS requests addressed to this device only.

ip name-server switch-on-servfail

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ip name-server switch-on-servfail
Switch to next server when server failure is received.
no ip name-server switch-on-servfail
Do not switch to next server when server failure is received.

ip name-server switch-over

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ip name-server switch-over
Switch over to primary when active.
no ip name-server switch-over
Do not switch over to primary when active.

ip name-server logout-info

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ip name-server logout-info <host> <ip address>
Sets the logout host name and the logout IP address.

access controller shared secret

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
access controller shared secret <secret>
Sets the shared secret used to communicate with the service controller.
no access controller shared secret
Sets the shared secret used to communicate with the access controller.
The service controller will only accept authentication/location-aware information from satellites that have a matching shared secret to its own.
2-34

radius-server profile

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
radius-server profile <name>
CLI commands
Creates a new RADIUS profile or switches to the RADIUS context with the specified profile name.
no radius-server profile <name>
Deletes the specified RADIUS profile.

access controller

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
access controller
Switches to the access controller context.

certificate ipsec ca

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
certificate ipsec ca <uri>
Loads a new CA certificate from the specified URI.
The URI can be local:
local://FILENAME
or remote
ftp://host/path

certificate ipsec local

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
certificate ipsec local <uri> <password>
Loads a new local certificate from the specified URI.
no certificate ipsec local
Removes the local certificate.
The URI can be local:
local://FILENAME
or remote
ftp://host/path

certificate ipsec revocation

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
certificate ipsec revocation <uri>
Loads a new CRL file from the specified URI.
The URI can be local:
local://FILENAME
or remote
2-35
CLI commands
ftp://host/path

certificate ssl

Supported on: MSM710 MSM730 MSM750 MSM760
certificate ssl <uri> <password>
Loads a new SSL certificate using the URI.

session profile default

Supported on: MSM710 MSM730 MSM750
session profile default
MSM760 MSM765zl
MSM765zl
Switches to the session profile context.

session profile

Supported on: MSM710 MSM730 MSM750
session profile <name>
Switches to the session profile context.
no session profile <name>
Remove a session profile.
MSM760 MSM765zl

show session profile

Supported on: MSM710 MSM730 MSM750
show session profile
Display all session profiles.
MSM760 MSM765zl

remote configuration

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
remote configuration (radius)
Switches to the RADIUS remote configuration context.
2-36

discovery protocol

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
discovery protocol
Enables broadcast of device information for interoperability with CDP-enabled networking hardware.
no discovery protocol
Disable broadcast of device information.

discovery protocol device-id

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
discovery protocol device-id <name>
CLI commands
Overwrite the device-id field of information packets (the service controller serial number is not used).
no discovery protocol device-id
Do not overwrite the device-id field of information packets (use the service controller serial number).

service controller ap authentication credentials

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
service controller ap authentication credentials <username> <password>
When the RADIUS authentication source is selected, this option specifies the RADIUS username and password assigned to the service controller.
no service controller ap authentication credentials
Clears the RADIUS username/password.

service controller ap authentication enable

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
service controller ap authentication enable
Enables authentication of discovered controlled APs.
no service controller ap authentication enable
Disables AP authentication.

service controller ap authentication file

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
service controller ap authentication file <name>
Sets the file to use for authentication of controlled access points. This must be an ASCII file with one or more MAC addresses in it. Each address must appear on a separate line.

service controller ap authentication radius-server

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
service controller ap authentication radius-server <name>
Sets the RADIUS profile to use for authentication of controlled access points.

service controller ap authentication refresh-rate

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
service controller ap authentication refresh-rate <number>
Specifies the interval at which the service controller retrieves authentication list entries from the selected authentication source(s).
2-37
CLI commands

service controller ap authentication source file

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
service controller ap authentication source file
Enables the use of a file authentication source.
no service controller ap authentication source file
Disables the use of a file authentication source.

service controller ap authentication source local

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
service controller ap authentication source local
Enables the use of local authentication source.
no service controller ap authentication source local
Disables the use of local authentication source.

service controller ap authentication source radius

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
service controller ap authentication source radius
Enables the use of RADIUS authentication source.
no service controller ap authentication source radius
Disables the use of RADIUS authentication source.

service controller discovery

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
service controller discovery
Enable service controller discovery.
no service controller discovery
Disable service controller discovery.

service controller discovery interface internet-port

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
service controller discovery interface internet-port
Allow discovery on the LAN interface.
no service controller discovery interface internet-port
Allow discovery on the LAN interface.

service controller discovery interface lan-port

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
service controller discovery interface lan-port
Allow discovery on the LAN interface.
2-38
CLI commands
no service controller discovery interface lan-port
Allow discovery on the LAN interface.

service controller primary

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
service controller primary
Become the Primary service controller.
no service controller primary
Become a secondary service controller.

service controller primary ip addr

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
service controller primary ip addr <ip address>
Configure a static ip address for the primary service controller.

service controller priority

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
service controller priority <number>
Sets the discovery priority of this device.

service controller provisioning

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
service controller provisioning
Enable the AP provisioning system.
no service controller provisioning
Disable the AP provisioning system.

bandwidth control internet-port

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
bandwidth control internet-port
Enables bandwidth control on the Internet port.
no bandwidth control internet-port
Disables bandwidth control on the Internet port.

bandwidth control internet-port high

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
bandwidth control internet-port high <min-tx-%> <min-rx-%> <max-tx-%> <max-rx­%>
Sets the bandwidth rates (Tx minimum, Tx maximum, Rx minimum, and Rx maximum) for traffic classed as High.
2-39
CLI commands

bandwidth control internet-port low

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
bandwidth control internet-port low <min-tx-%> <min-rx-%> <max-tx-%> <max-rx-%>
Sets the bandwidth rates (Tx minimum, Tx maximum, Rx minimum, and Rx maximum) for traffic classed as Low.

bandwidth control internet-port max-rate

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
bandwidth control internet-port max-rate<transmit>)<receive>)
Sets the maximum transmit and receive rates on the Internet port in kbps.
These settings enable you to limit the total incoming or outgoing data rate on the Internet port. If traffic exceeds the rate you set for short bursts, it is buffered. Long overages will result in data being dropped. To utilize the full available bandwidth, the transmit and receive limits should be set to match the incoming and outgoing data rates on the Internet port.
Parameters
<transmit> Sets the maximum transmit rate in kbps.
<receive> Sets the maximum receive rate in kbps.
About bandwidth control
Bandwidth rates for each level are defined by taking a percentage of the maximum transmit and receive rates defined for the Internet port. Each bandwidth level has four rate settings:
Transmit rate - guaranteed minimum: This is the minimum amount of bandwidth that will be
assigned to a level as soon as outgoing traffic is present on the level.
Transmit rate - maximum: This is the maximum amount of outgoing bandwidth that can be
consumed by the level. Traffic in excess will be buffered for short bursts, and dropped for sustained overages.
Receive rate - guaranteed minimum: This is the minimum amount of bandwidth that will be
assigned to a level as soon as incoming traffic is present on the level.
Receive rate - maximum: This is the maximum amount of incoming bandwidth that can be
consumed by the level. Traffic in excess will be buffered for short bursts, and dropped for sustained overages.
Bandwidth levels are arranged in order of priority from Very High to Low. Priority determines how bytesToWrite bandwidth is allocated once the minimum rate has been met for each level. Free bandwidth is always assigned to the higher priority levels first.
Assigning traffic to bandwidth levels
User traffic is assigned to a bandwidth level on a per-VAP (VSC) basis.
Management traffic (RADIUS, SNMP, management tool admin sessions) is assigned to
bandwidth level Very High and cannot be changed.
All traffic assigned to a particular bandwidth level shares the allocated bandwidth for that
level.
2-40
CLI commands

bandwidth control internet-port normal

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
bandwidth control internet-port normal <min-tx-%> <min-rx-%> <max-tx-%> <max­rx-%>
Sets the bandwidth rates (Tx minimum, Tx maximum, Rx minimum, and Rx maximum) for traffic classed as Normal.

bandwidth control internet-port very-high

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
bandwidth control internet-port very-high <min-tx-%> <min-rx-%> <max-tx-%> <max-rx-%>
Sets the bandwidth rates (Tx minimum, Tx maximum, Rx minimum, and Rx maximum) for traffic classed as Very High.

ip route gateway

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ip route gateway<destination>/<mask> <gateway> <[metric]>
Adds a static route.
no ip route gateway <destination>/<mask> <gateway> <[metric]>
Removes the specified static route.
Parameters
<destination> Traffic addressed to this IP address will be routed.
<mask> Indicates the number of bits in the destination address that is checked for a
match.
<gateway> Indicates the IP address of the gateway the service controller will forward
routed traffic to. The gateway address must be on the same subnet as one of the available interfaces (Internet port or LAN port).
<metrix> Indicates the priority of a route. If two routes exist for a destination
address then the service controller chooses the one with the lower metric.

firewall mode

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
firewall mode (high|low|none)
Sets the firewall mode.
Parameters
high Permits all outgoing traffic. Blocks all externally initiated connections.
low Permits all incoming and outgoing traffic, except for NetBIOS traffic. Use
this option if you require active FTP sessions.
none Disables the firewall.
2-41
CLI commands

show user profiles

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show user profiles [<pattern>]
Display current local users.

show user profiles details

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show user profiles details <name>
Display detailed information about one user.

user profile

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
user profile <name>
Adds or edits the specified username in the local user list.
no user profile <name>
Removes the specified username from the local user list.

renew user profile subscription

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
renew user profile subscription [<username>]
Renew a user with its subscription plan.

dot1x reauth

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dot1x reauth
Enable this option to force 802.1X client stations to reauthenticate.
no dot1x reauth
Disables 802.1X reauthentication.

dot1x reauth period

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dot1x reauth period (15m | 30m | 1h | 2h | 4h | 8h | 12h)
2-42
Sets the 802.1X reauthentication interval. Client stations must reauthenticate when this interval expires.

dot1x reauth terminate

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dot1x reauth terminate
Enable this option to allow client stations to remain connected during re-authentication. Client traffic is blocked only when re-authentication fails.
CLI commands
no dot1x reauth terminate
Disabled this option to block client traffic during re-authentication and only activate traffic again if authentication succeeds.

dot1x supplicant timeout

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
802.1x supplicant time-out <seconds>
Sets the 802.1X supplicant time-out.
Parameters
<seconds> time-out in seconds.

dynamic key

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dynamic key
Enables dynamic key support for 802.1X and WPA.
no dynamic key
Disables dynamic key support for 802.1X and WPA.

dynamic key interval

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
dynamic key interval (5m | 10m | 15m | 30m | 1h | 2h | 4h | 8h | 12h)
Specifies how often (in minutes or hours) that the group (broadcast) key is changed for 802.1X and WPA.

key chain

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
key chain <name>
Switch to the specified key chain or create a new key chain.
no key chain <name>
Remove the specified key chain.

config-version

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
config-version <string>
Sets a string to identify the user configuration version.

radius-server accounting session

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
radius-server accounting session <number>
Set the maximum number of accounting sessions.
2-43
CLI commands

radius-server client

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
radius-server client
Enable radius clients list.
no radius-server client
Disable radius clients list.

radius-server local eap-peap

Supported on: MSM710 MSM730 MSM750 MSM760
radius-server local eap-peap
Allow EAP-PEAP.
no radius-server local eap-peap
Disallow EAP-PEAP.
MSM765zl

radius-server local eap-tls

Supported on: MSM710 MSM730 MSM750 MSM760
radius-server local eap-tls
Allow EAP-TLS.
MSM765zl
no radius-server local eap-tls
Disallow EAP-TLS.

radius-server local eap-ttls

Supported on: MSM710 MSM730 MSM750 MSM760
radius-server local eap-ttls
Allow EAP-TTLS.
no radius-server local eap-ttls
Disallow EAP-TTLS.
MSM765zl

radius-server local pap

Supported on: MSM710 MSM730 MSM750
radius-server local pap
Allow PAP.
no radius-server local pap
Disallow PAP.
MSM760 MSM765zl

radius-server ssid detection nas-id

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
radius-server ssid detection nas-id
2-44
Use NAS-ID for SSID detection.
no radius-server ssid detection nas-id
CLI commands
Do not use NAS-ID for SSID detection.

show radius-server

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show radius-server
Display current RADIUS server configuration.

active-directory check attribute

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
active-directory check attribute <ldapattr>
Set the name of the AD attribute to check for.
no active-directory check attribute
Clear the name of the AD attribute to check for.

active-directory check user access

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
active-directory check user access
Check AD for user access.
no active-directory check user access
Do not check AD for user access.

active-directory device name

Supported on: MSM710 MSM730 MSM750 MSM760
active-directory device name <name>
Set the device NetBIOS name.
no active-directory device name
Clear the device NetBIOS name.

active-directory domain

Supported on: MSM710 MSM730 MSM750
active-directory domain <domain>
Set the AD Windows domain.
no active-directory domain
Reset the AD Windows domain.
MSM760 MSM765zl
MSM765zl
2-45
CLI commands

active-directory group

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
active-directory group <name>
Create or go to an Active Directory group.
no active-directory group <name>
Remove an Active Directory group.

active-directory group order

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
active-directory group order <number> <name>
Reorder an Active Directory group.

active-directory join

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
active-directory join <username> <password>
Join with Active Directory.

show active-directory

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show active-directory
Display Active Directory settings.

show active-directory group

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
show active-directory group <name>
Display details about an Active Directory group.

radius-server client

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
radius-server client <ip address>/<mask> <secret>
Add a new radius client.
no radius-server client <ip address>/<mask>
Delete an existing radius client.

user tracking

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
user tracking
2-46
Enable capture of usage data.
no user tracking
Disable capture of usage data.

user tracking destination

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
user tracking destination <host>
Specify to where the detailed syslog packets should be sent.

user tracking filter

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
user tracking filter <filter>
CLI commands
A comma-separated list of filters (username or subnet).

user tracking port

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
user tracking port <number>
Specify to which UDP port capture data should be sent.

persistent user information

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
persistent user information
Save user account information locally .
no persistent user information
Do not save user account information locally.

persistent user information period

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
persistent user information period <number>
Period, in minutes, at which to update user information.

client data tunnel security

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
client data tunnel security (hmac | key)
Specify the security strength of the client data tunnel.

managed map max

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
managed map max <num>
Set the maximum number of APs to manage.
2-47
CLI commands

igmp proxy

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
igmp proxy
Enable IGMP proxy.
no igmp proxy
Disable IGMP proxy.

igmp proxy downstream interface

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
igmp proxy downstream interface <interface>
Set the downstream IGMP port.

igmp proxy upstream interface

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
igmp proxy upstream interface <interface>
Set the upstream IGMP port.

rf-id aeroscout

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
rf-id aeroscout
Enable AeroScout tag processing.
no rf-id aeroscout
Disable AeroScout tag processing.
2-48

Access Controller context

Path: View > Enable > Config > Access Controller
All global access controller configuration takes place here.
end
Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
end
CLI commands
Switches to parent context.

ads presentation

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ads presentation
Enable advertisement display at regular intervals for authenticated users.
no ads presentation
Disable advertisement display for authenticated users.

ads presentation interval

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ads presentation interval <number>
Control the advertisement display interval.

station allocate source ip address

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
station allocate source ip address
Allow dynamic IP addresses.
no station allocate source ip address
Disallow dynamic IP addresses.
Enable this option to provide network address translation for client stations with static IP addresses. This permits the service controller to assign an alias address to the client that puts it on the same subnet as the VSC the client is associated with. This option cannot be used if NAT is enabled on the Internet port.

station allow any ip address

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
station allow any ip address
Enable this option to permit wireless client stations that are using a static IP address to connect to the service controller, even if they are on a different subnet.
no station allow any ip address
Do not allow client stations with any IP addresses to connect.
2-49
CLI commands
This option enables users to access the wireless network without reconfiguring their networking settings. For example, by default the service controller creates the wireless network on the subnet
192.168.1.0. If a client station is pre-configured with the address 10.10.4.99, it will still be able to connect to the service controller without changing its address, or its settings for DNS server and default gateway.

station free access

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
station free access
When enabled, all users are automatically granted access when the RADIUS server is down or unreachable.
no station free access
Users cannot connect when the RADIUS server is unreachable.
Once the RADIUS server is available again, free user sessions remain active until the user logs out. This does not apply to users using 802.1x or WPA.

station http proxy support

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
station http proxy support
Enables support for client stations that are configured to use a proxy server for HTTP and HTTPS, without requiring users to reconfigure their systems.
no station http proxy support
Disables support for client stations that are configured to use a proxy server for HTTP and HTTPS.

station idle detection

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
station Idle detection <interval> <count>
The service controller continuously polls authenticated client stations to ensure they are active. If no response is received and the number of retries is reached, the client station is disconnected.
Parameters
<interval> Specify how long to wait between polls.
<retries> Specify how many polls a client station can fail to reply to before it is
disconnected.
Description
This feature enables the service controller to detect if two client stations are using the same IP address but have different MAC addresses. If this occurs, access is terminated for this IP address removing both stations from the network.
Changing these values may have security implications. A large interval provides a greater opportunity for a session to be hijacked.
The initial query is always done after the client station has been idle for 60 seconds. If there is no answer to this query, the settings for Interval and Retries are used to control additional retries.
2-50

system accounting

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
system accounting
Enables RADIUS accounting support.
no system accounting
Disables RADIUS accounting support.
CLI commands

remember delay

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
remember delay <number>
Length of time to remember users. Users who return later than this delay interval, are presented with the login page instead of being re-authenticated.

remember html users

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
remember html users
Enables support for remembering (automatically re-authenticating) html-authenticated users who leave the network but return within the remember delay interval.
no remember html users
Disables support for remembering html-authenticated users.

worldpay installation id

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
worldpay installation id <string>
Set the installation ID for the WorldPay payment service.

worldpay payment response password

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
worldpay payment response password <string>
Set the payment response password for the WorldPay payment service.

worldpay payment url

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
worldpay payment url <string>
Set the payment URL for the WorldPay payment service.

authorize_net installation id

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
authorize_net installation id <string>
Set the login ID for the Authorize.Net payment service.
2-51
CLI commands

authorize_net payment url

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
authorize_net payment url <string>
Set the payment URL for the Authorize.Net payment service.

authorize_net transaction key

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
authorize_net transaction key <string>
Set the transaction key for the Authorize.Net payment service.

ads presentation with frameset

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ads presentation with frameset
Enables the ads presentation to redirect to frameset-ads-page instead of ads-page.
no ads presentation with frameset
Disables the frameset for ads presentation, causing ads presentation to only use ads-page.

authentication http

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
authentication http <number>
Specifies the port number the service controller will use to provide standard HTTP access to the management tool.
HTTP connections made to this port are met with a warning and the browser is redirected to the secure web server port. By default this parameter is set to port 80.

authentication https

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
authentication https <number>
2-52
Specifies the port number the service controller will use to provide secure access to the management tool (HTTPS). By default this parameter is set to port 443.

noc access internet

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
noc access internet
Accept authentication requests on the Internet port.
no noc access internet
Do not accept authentication requests on the Internet port..

noc access vpn

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
noc access vpn
Accept authentication requests on VPN connections.
CLI commands
no noc access vpn
Do not accept authentication requests on VPN connections.

noc allow

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
noc allow <ip address>/<mask>
Adds an IP address or subnet to the list of destinations that the service controller will accept user login authentication requests from when NOC authentication is active.
no noc allow <ip address>/<mask>
Removes the specified IP address or subnet from the list of destinations that the service controller will accept user login authentication requests from when NOC authentication is active.
When the list is empty, authentication requests are accepted from any address.

noc authentication

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
noc authentication
Enables support for NOC authentication.
no noc authentication
Disables support for NOC authentication.

secure login

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
secure login
Enables secure login.
no secure login
Disables secure login.

sslv2 authentication

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
sslv2 authentication
Enables SSLv2 authentication.
no sslv2 authentication
Disables SSLv2 authentication.
2-53
CLI commands

noc access interface vlan

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
noc access interface vlan <name>
Adds the specified VLAN to the list of interfaces that authentication requests are accepted on.
no noc access interface vlan <name>
Removes the specified VLAN from the list of interfaces that authentication requests are accepted on.

noc access interface gre

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
noc access interface gre <name>
Adds the specified GRE tunnel to the list of interfaces that authentication requests are accepted on.
no noc access interface gre <name>
Removes the specified GRE tunnel from the list of interfaces that authentication requests are accepted on.

ipass id

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ipass id <name>
Specifies the WISPr location ID assigned to the service controller.
no ipass id
Deletes the WISPr location ID assigned to the service controller.

ipass name

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ipass name <name>
Specifies the WISPr location name assigned to the service controller.
no ipass name
Deletes the WISPr location name assigned to the service controller.

wispr abort login url

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
wispr abort login url <url>
Specifies the WISPr abort login url assigned to the service controller.
no wispr abort login url
Deletes the WISPr abort login url assigned to the service controller.
2-54

wispr login url

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
wispr login url <url>
CLI commands
Specifies the WISPr login url assigned to the service controller.
no wispr login url
Deletes the WISPr login url assigned to the service controller.

wispr logoff url

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
wispr logoff url <url>
Specifies the WISPr logoff url assigned to the service controller.
no wispr logoff url
Deletes the WISPr logoff url assigned to the service controller.

access-list

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
access-list <index> <rule>
Adds a new rule to an access list at the specified index position.
no use access-list
Do not use an access list.
Parameters
index Index position of the rule within the access list.
rule Access list rule definition in the format:
<listname>[,OPTIONAL],<action>,<protocol>,<address>,<port>[,<accou nt>[,<interval>]]
<listname> Specifies a name (up to 32 characters long) to identify the access list this
rule applies to. If a list with this name does not exist, a new list is created. If a list with this name exists, the rule is added to it.
OPTIONAL Allows the access list to be activated even if this rule fails to initialize. For
example, if you specify a rule that contains an address which cannot be resolved for some reason, the other rules that make up the access list will still be initialized. If you do not specify optional, a failed rule will cause the entire list to fail. Critical access list definitions (such as for a remote login page, certificates) should not use the OPTIONAL setting because if these definitions fail to initialize there will be no indication in the log.
<action> Specifies what action the rule takes when it matches incoming traffic. Two
options are available:
ACCEPT - Allow traffic matching this rule.
DENY - Reject traffic matching this rule.
WARN - Redirect traffic matching this rule to an error page.
<protocol> Specify the protocol to check: tcp, udp, icmp, all
<address> Specify one of the following:
2-55
CLI commands
IP address or domain name (up to 107 characters in length)
Subnet address. Include the network mask as follows: address/subnet mask For example:
192.168.30.0/24
Use the keyword all to match any address.
Use the keyword none if the protocol does not take an address range (ICMP for example).
<port> Specify a specific port to check or a port range as follows:
none: Used with ICMP (since it has no ports).
all: Check all ports.
1-65535[:1-65535] - Specify a specific port or port range.
<account> Specify the name of the user account the service controller will send billing
information to for this rule. Account names must be unique and can be up to 32 characters in length.
<interval> Specify time between interim accounting updates. If you do not enable this
option, accounting information is only sent when a user connection is terminated. Range: 5-99999 seconds in 15 second increments.

use access-list

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
use access-list <listname>
Specifies the name of the access list to use.
no use access-list
Do not use an access list.

use access-list unauth

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
use access-list unauth <listname>
Specifies the name of the access list to use for unauthenticated stations (list disappears once authenticated).
no use access-list unauth
Do not use an access list for unauthenticated stations (list disappears once authenticated).

config file

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
config file <url>
Specifies the URL that points to a new configuration file to load.
no config file
Do not load a new configuration file.
2-56

http proxy upstream

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
http proxy upstream <string>
CLI commands
Specifies the host:port of the HTTP Proxy Upstream server.
no http proxy upstream
Do not use an HTTP Proxy Upstream server.

https ssl certificate

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
https ssl certificate <url>
Specifies the URL that points to an SSL certificate that will replace the default certificate on the service controller.
no https ssl certificate
Do not load a custom SSL certificate.

mac-address

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
mac-address <macaddr> [<username>] [<password>]
Adds a MAC address to the local configuration list.
When the MAC authentication option is enabled (in a VAP (VSC) profile), you can define local configuration settings to validate MAC addresses.
Parameters
macaddr MAC address of the device as 12 hexadecimal numbers, with the values ’a’
to ’f’ in lowercase. For example: 0003520a0f01.
username Username assigned to the device.
password Password assigned to the device.

fail page

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
fail page <url>
Specifies the URL of a new fail page.
no fail page
No new fail page. Use default.

goodbye url

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
goodbye url <url>
Specifies the URL of a goodbye page.
no goodbye url
No goodbye page.
2-57
CLI commands

ipass login url

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
ipass login url <url>
Specifies the URL of the IPass login page. The service controller will automatically redirect users with IPass client software to this page.
no ipass login url
No IPass login URL.

login error url

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
login error url <url>
Specifies the URL of a login error page.
no login error url
No login error page.

login page

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
login page <url>
Specifies the URL of the new login page.
no login page
No new login page. Use default.

login url

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
login url <url>
Specifies the URL of a remote login page.
no login url
No remote login page.

logo

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
logo <url>
Specifies the URL of a new logo.
no logo
No new logo. Use default.
2-58

messages

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
messages <url>
CLI commands
Specifies the URL of a new message file.
no messages
No new messages file. Use default.

noc ssl ca-certificate

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
noc ssl ca-certificate <url>
Specifies the URL of the certificate from the certificate authority (CA) that issued the NOC certificate.
no noc ssl ca-certificate
No CA certificate.

noc ssl certificate

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
noc ssl certificate <url>
Specifies the URL of the certificate issued to the application on the remote web server that will send user info to the service controller for authentication.
no noc ssl certificate
No certificate.

session page

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
session page <url>
Specifies the URL of a new session page.
no session page
No new session page. Use default.

transport page

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
transport page <url>
Specifies the URL of a new transport page.
no transport page
No new transport page. Use default.
2-59
CLI commands

welcome url

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
welcome url <url>
Specifies the URL of a welcome page.
no welcome url
No welcome page.

notify user location changes

Supported on: MSM710 MSM730 MSM750 MSM760 MSM765zl
notify user location changes
Notify RADIUS on location changes.
no notify user location changes
Do not notify RADIUS on location changes.
2-60
Loading...