HP Wireless Switch Manager Command Reference Guide

Wireless LAN Mobility System

Wireless LAN Switch and Controller Command Reference

3CRWXR10095A, 3CRWX120695A, 3CRWX440095A

http://www.3com.com/

Part No. DUA1009-5CAA01 Published June 2005

3Com Corporation 350 Campus Drive Marlborough, MA USA 01752-3064

Copyright © 2004, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3Com Corporation.

3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of 3Com Corporation to provide notification of such revision or change.

3Com Corporation provides this documentation without warranty, term, or condition of any kind, either implied or expressed, including, but not limited to, the implied warranties, terms or conditions of merchantability, satisfactory quality, and fitness for a particular purpose. 3Com may make improvements or changes in the product(s) and/or the program(s) described in this documentation at any time.

If there is any software on removable media described in this documentation, it is furnished under a license agreement included with the product as a separate document, in the hard copy documentation, or on the removable media in a directory file named LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy, please contact 3Com and a copy will be provided to you.

UNITED STATES GOVERNMENT LEGEND

If you are a United States government agency, then this documentation and the software described herein are provided to you subject to the following:

All technical data and computer software are commercial in nature and developed solely at private expense. Software is delivered as “Commercial Computer Software” as defined in DFARS 252.227-7014 (June 1995) or as a “commercial item” as defined in FAR 2.101(a) and as such is provided with only such rights as are provided in 3Com’s standard commercial license for the Software. Technical data is provided with limited rights only as provided in DFAR 252.227-7015 (Nov 1995) or FAR 52.227-14 (June 1987), whichever is applicable. You agree not to remove or deface any portion of any legend provided on any licensed program or documentation contained in, or delivered to you in conjunction with, this User Guide.

Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may not be registered in other countries.

3Com is a registered trademark of 3Com Corporation. The 3Com logo is a trademark of 3Com Corporation. Mobility Domain, Mobility Point, Mobility Profile, Mobility System, Mobility System Software, MP, MSS, and

SentrySweep are trademarks of Trapeze Networks, Inc. Intel and Pentium are registered trademarks of Intel Corporation. Microsoft, MS-DOS, Windows, Windows XP,

and Windows NT are registered trademarks of Microsoft Corporation. All other company and product names may be trademarks of the respective companies with which they are

associated.

ENVIRONMENTAL STATEMENT

It is the policy of 3Com Corporation to be environmentally-friendly in all operations. To uphold our policy, we are committed to:

Establishing environmental performance standards that comply with national legislation and regulations. Conserving energy, materials and natural resources in all operations. Reducing the waste generated by all operations. Ensuring that all waste conforms to recognized environmental

standards. Maximizing the recyclable and reusable content of all products. Ensuring that all products can be recycled, reused and disposed of safely. Ensuring that all products are labelled according to recognized environmental standards. Improving our environmental record on a continual basis.

End of Life Statement

3Com processes allow for the recovery, reclamation and safe disposal of all end-of-life electronic components.

Regulated Materials Statement

3Com products do not contain any hazardous or ozone-depleting material.

Environmental Statement about the Documentation

The documentation for this product is printed on paper that comes from sustainable, managed forests; it is fully biodegradable and recyclable, and is completely chlorine-free. The varnish is environmentally-friendly, and the inks are vegetable-based with a low heavy-metal content.

CONTENTS

ABOUT THIS GUIDE

Conventions 19 Documentation 20 Documentation Comments 21

1 USING THE COMMAND-LINE INTERFACE

Overview 23 CLI Conventions 24

Command Prompts 24 Syntax Notation 24 Text Entry Conventions and Allowed Characters 25 MAC Address Notation 25 IP Address and Mask Notation 26 User Globs, MAC Address Globs, and VLAN Globs 26 Port Lists 28 Virtual LAN Identification 29

Command-Line Editing 29

Keyboard Shortcuts 29 History Buffer 30 Tabs 30 Single-Asterisk (*) Wildcard Character 30

Double-Asterisk (**) Wildcard Characters 30 Using CLI Help 31 Understanding Command Descriptions 32

2 ACCESS COMMANDS

Commands by Usage 33 disable 33 enable 34 quit 34 set enablepass 35

3 SYSTEM SERVICE COMMANDS

Commands by Usage 37 clear banner motd 38 clear history 38 clear prompt 39 clear system 39 display banner motd 40 display base-information 41 display license 42 display system 42 help 45 history 46 set auto-config 46 set banner motd 49 set confirm 50 set length 51 set license 52 set prompt 53 set system contact 54 set system countrycode 54 set system ip-address 57 set system location 58 set system name 58

4 PORT COMMANDS

Commands by Usage 61 clear dap 62 clear port counters 63 clear port-group 63 clear port name 64 clear port preference 64 clear port type 65 display port counters 66 display port-group 67 display port poe 68 display port preference 69 display port status 70

monitor port counters 72 reset port 77 set dap 77 set port 80 set port-group 81 set port name 82 set port negotiation 83 set port poe 84 set port preference 85 set port speed 85 set port trap 86 set port type ap 87 set port type wired-auth 91

5 VLAN COMMANDS

Commands by usage 95 clear fdb 96 clear vlan 97 display fdb 98 display fdb agingtime 101 display fdb count 101 display roaming station 102 display roaming vlan 104 display tunnel 105 display vlan config 106 set fdb 107 set fdb agingtime 108 set vlan name 109 set vlan port 110 set vlan tunnel-affinity 111

6 IP SERVICES COMMANDS

Commands by Usage 113 clear interface 115 clear ip alias 116 clear ip dns domain 117 clear ip dns server 117

clear ip route 118 clear ip telnet 119 clear ntp server 119 clear ntp update-interval 120 clear snmp community 121 clear snmp notify target 121 clear snmp profile 122 clear snmp trap receiver 122 clear snmp usm 122 clear summertime 123 clear system ip-address 124 clear timezone 124 display arp 125 display interface 126 display ip alias 127 display ip dns 128 display ip https 129 display ip route 131 display ip telnet 133 display ntp 134 display snmp configuration 136 display summertime 138 display timedate 138 display timezone 139 ping 140 set arp 141 set arp agingtime 142 set interface 143 set interface dhcp-client 144 set interface dhcp-server 145 set interface status 146 set ip alias 147 set ip dns 147 set ip dns domain 148 set ip dns server 149 set ip https server 150 set ip route 150 set ip snmp server 152

set ip ssh 153 set ip ssh absolute-timeout 154 set ip ssh idle-timeout 155 set ip ssh server 155 set ip telnet 156 set ip telnet server 157 set ntp 158 set ntp server 158 set ntp update-interval 159 set snmp community 160 set snmp notify target 162 set snmp profile 167 set snmp protocol 172 set snmp security 173 set snmp trap 174 set snmp trap receiver 174 set snmp usm 174 set summertime 177 set system ip-address 179 set timedate 180 set timezone 181 display dhcp-client 182 display dhcp-server 183 display snmp community 186 display snmp counters 187 display snmp notify profile 188 display snmp notify target 189 display snmp status 191 display snmp usm 193 telnet 195 traceroute 196

7 AAA COMMANDS

Commands by Usage 199 clear accounting 201 clear authentication admin 202 clear authentication console 203

clear authentication dot1x 204 clear authentication last-resort 205 clear authentication mac 205 clear authentication proxy 206 clear authentication web 207 clear location policy 208 clear mac-user 209 clear mac-user attr 209 clear mac-user group 210 clear mac-usergroup 211 clear mac-usergroup attr 212 clear mobility-profile 213 clear user 213 clear user attr 214 clear user group 215 clear usergroup 215 clear usergroup attr 216 display aaa 217 display accounting statistics 220 display location policy 222 display mobility-profile 222 set accounting {admin | console} 223 set accounting {dot1x | mac | web} 224 set authentication admin 226 set authentication console 228 set authentication dot1x 230 set authentication last-resort 234 set authentication mac 236 set authentication proxy 238 set authentication web 239 set location policy 241 set mac-user 245 set mac-user attr 246 set mac-usergroup attr 252 set mobility-profile 253 set mobility-profile mode 255 set user 256 set user attr 257

set user group 258 set usergroup 259 set web-aaa 260

8 MOBILITY DOMAIN COMMANDS

Commands by Usage 261 clear mobility-domain 262 clear mobility-domain member 262 display mobility-domain config 263 display mobility-domain status 263 set mobility-domain member 265 set mobility-domain mode member seed-ip 266 set mobility-domain mode seed domain-name 267

9 MANAGED ACCESS POINT COMMANDS

MAP Access Point Commands by Usage 269 clear {ap | dap} radio 272 clear radio-profile 274 clear service-profile 275 clear service-profile 276 display {ap | dap} config 277 display {ap | dap} counters 280 display {ap | dap} qos-stats 282 display {ap | dap} etherstats 284 display {ap | dap} group 285 display {ap | dap} status 287 display auto-tune attributes 290 display auto-tune neighbors 292 display dap connection 294 display dap global 295 display dap unconfigured 297 display radio-profile 298 display service-profile 302 reset {ap | dap} 305 set dap auto 306 set dap auto mode 308 set dap auto radiotype 309

set {ap | dap} bias 310 set {ap | dap} blink 311 set dap fingerprint 312 set {ap | dap} group 313 set {ap | dap} name 315 set {ap | dap} radio antennatype 315 set {ap | dap} radio auto-tune max-power 317 set {ap | dap} radio auto-tune max-retransmissions 318 set {ap | dap} radio channel 320 set {ap | dap} radio auto-tune min-client-rate 321 set {ap | dap} radio mode 323 set {ap | dap} radio radio-profile 324 set {ap | dap} radio tx-power 325 set dap security 326 set {ap | dap} upgrade-firmware 328 set radio-profile 11g-only 329 set radio-profile active-scan 330 set radio-profile auto-tune channel-config 330 set radio-profile auto-tune channel-holddown 331 set radio-profile auto-tune channel-interval 332 set radio-profile auto-tune power-backoff- timer 333 set radio-profile auto-tune power-config 334 set radio-profile auto-tune power-interval 335 set radio-profile beacon-interval 336 set radio-profile countermeasures 337 set radio-profile dtim-interval 338 set radio-profile frag-threshold 339 set radio-profile long-retry 339 set radio-profile max-rx-lifetime 340 set radio-profile max-tx-lifetime 341 set radio-profile mode 342 set radio-profile preamble-length 345 set radio-profile rts-threshold 346 set radio-profile service-profile 346 set radio-profile short-retry 350 set radio-profile wmm 350 set service-profile auth-dot1x 351 set service-profile auth-fallthru 352

set service-profile auth-psk 354 set service-profile beacon 355 set service-profile cipher-ccmp 356 set service-profile cipher-tkip 357 set service-profile cipher-wep104 358 set service-profile cipher-wep40 359 set service-profile psk-phrase 360 set service-profile psk-raw 361 set service-profile rsn-ie 362 set service-profile shared-key-auth 363 set service-profile ssid-name 363 set service-profile ssid-type 364 set service-profile tkip-mc-time 365 set service-profile web-aaa-form 366 set service-profile wep active-multicast-index 367 set service-profile wep active-unicast-index 368 set service-profile wep key-index 369 set service-profile wpa-ie 370

10 STP COMMANDS

STP Commands by Usage 371 clear spantree portcost 372 clear spantree portpri 373 clear spantree portvlancost 373 clear spantree portvlanpri 374 clear spantree statistics 375 display spantree 376 display spantree backbonefast 378 display spantree blockedports 379 display spantree portfast 380 display spantree portvlancost 381 display spantree statistics 381 display spantree uplinkfast 387 set spantree 388 set spantree backbonefast 389 set spantree fwddelay 390 set spantree hello 390

set spantree maxage 391 set spantree portcost 392 set spantree portfast 393 set spantree portpri 394 set spantree portvlancost 395 set spantree portvlanpri 396 set spantree priority 397 set spantree uplinkfast 397

11 IGMP SNOOPING COMMANDS

Commands by usage 399 clear igmp statistics 400 display igmp 400 display igmp mrouter 404 display igmp querier 405 display igmp receiver-table 407 display igmp statistics 409 set igmp 411 set igmp lmqi 412 set igmp mrouter 413 set igmp mrsol 414 set igmp mrsol mrsi 414 set igmp oqi 415 set igmp proxy-report 416 set igmp qi 417 set igmp qri 418 set igmp querier 419 set igmp receiver 419 set igmp rv 420

12 SECURITY ACL COMMANDS

Security ACL Commands by Usage 423 clear security acl 424 clear security acl map 425 commit security acl 427 display security acl dscp 428 display security acl 429

display security acl hits 430 display security acl info 431 display security acl map 432 display security acl resource-usage 433 hit-sample-rate 437 rollback security acl 438 set security acl 439 set security acl map 444

13 CRYPTOGRAPHY COMMANDS

Commands by Usage 447 crypto ca-certificate 448 crypto certificate 449 crypto generate key 451 crypto generate request 452 crypto generate self-signed 454 crypto otp 456 crypto pkcs12 457 display crypto ca-certificate 459 display crypto certificate 460 display crypto key ssh 461

14 RADIUS AND SERVER GROUP COMMANDS

Commands by Usage 463 clear radius 464 clear radius client system-ip 465 clear radius proxy client 466 clear radius proxy port 466 clear radius server 467 clear server group 467 set radius 468 set radius client system-ip 469 set radius proxy client 470 set radius proxy port 471 set radius server 472 set server group 474 set server group load-balance 475

15 802.1X MANAGEMENT COMMANDS

Commands by Usage 477 clear dot1x bonded-period 478 clear dot1x max-req 479 clear dot1x port-control 479 clear dot1x quiet-period 480 clear dot1x reauth-max 481 clear dot1x reauth-period 481 clear dot1x timeout auth-server 482 clear dot1x timeout supplicant 482 clear dot1x tx-period 483 display dot1x 483 set dot1x authcontrol 486 set dot1x bonded-period 487 set dot1x key-tx 488 set dot1x max-req 489 set dot1x port-control 490 set dot1x quiet-period 491 set dot1x reauth 491 set dot1x reauth-max 492 set dot1x reauth-period 493 set dot1x timeout auth-server 493 set dot1x timeout supplicant 494 set dot1x tx-period 494 set dot1x wep-rekey 495 set dot1x wep-rekey-period 496

16 SESSION MANAGEMENT COMMANDS

Commands by Usage 497 clear sessions 497 clear sessions network 498 display sessions 500 display sessions network 503

17 RF DETECTION COMMANDS

Commands by Usage 511 clear rfdetect 512 clear rfdetect attack-list 512 clear rfdetect black-list 513 clear rfdetect countermeasures mac 513 clear rfdetect ignore 513 clear rfdetect ssid-list 514 clear rfdetect vendor-list 515 display rfdetect counters 515 display rfdetect countermeasures 517 display rfdetect data 518 display rfdetect ignore 520 display rfdetect mobility-domain 521 display rfdetect ssid-list 525 display rfdetect vendor-list 525 display rfdetect visible 526 set rfdetect active-scan 528 set rfdetect attack-list 528 set rfdetect black-list 529 set rf detect countermeasures 530 set rfdetect countermeasures mac 530 set rfdetect ignore 530 set rfdetect log 531 set rfdetect signature 532 set rfdetect ssid-list 532 set rfdetect vendor-list 533 display rfdetect attack-list 534 display rfdetect black-list 535 display rfdetect clients 535

18 FILE MANAGEMENT COMMANDS

Commands by Usage 539 backup 540 clear boot config 541 copy 542 delete 544

dir 545 display boot 547 display config 548 display version 549 load config 551 mkdir 553 reset system 554 restore 555 rmdir 556 save config 557 set boot configuration-file 558 set boot partition 559

19 TRACE COMMANDS

Commands by Usage 561 clear log trace 562 clear trace 562 display trace 563 save trace 564 set trace authentication 564 set trace authorization 565 set trace dot1x 566 set trace sm 567

SNOOP COMMANDS

clear snoop 570 clear snoop map 570 set snoop 571 set snoop map 574 set snoop mode 575 display snoop 576 display snoop info 577 display snoop map 577 display snoop stats 578

21 SYSTEM LOG COMMANDS

Commands by Usage 581 clear log 581 display log buffer 582 display log config 584 display log trace 585 set log 586 set log trace mbytes 589

22 BOOT PROMPT COMMANDS

Boot Prompt Commands by Usage 591 autoboot 592 boot 593 change 595 create 596 delete 597 diag 598 dir 598 display 599 fver 601 help 602 ls 602 next 603 reset 604 test 605 version 606

A OBTAINING SUPPORT FOR YOUR PRODUCT

Register Your Product 607 Purchase Value-Added Services 607 Troubleshoot Online 608 Access Software Downloads 608 Telephone Technical Support and Repair 608 Contact Us 609

INDEX

ABOUT THIS GUIDE

This command reference explains Mobility System Software (MSS™) command line interface (CLI) that you enter on a 3Com WXR100 Remote Office Wireless LAN Switch, WX1200 Wireless Switch, or WX4400 Wireless LAN Controller to configure and manage the Mobility System™ wireless LAN (WLAN).

Read this reference if you are a network administrator responsible for managing WXR100, WX1200, or WX4400 wireless switches and their Managed Access Points (MAPs) in a network.

If release notes are shipped with your product and the information there differs from the information in this guide, follow the instructions in the release notes.

Most user guides and release notes are available in Adobe Acrobat Reader Portable Document Format (PDF) or HTML on the 3Com World Wide Web site:

http://www.3com.com/

Conventions Table 1 and Table 2 list conventions that are used throughout this guide.

Tab le 1 Notice Icons

Icon Notice Type Description

Information note Information that describes important features or

instructions

Caution Information that alerts you to potential loss of data or

potential damage to an application, system, or device

20 ABOUT THIS GUIDE

This manual uses the following text and syntax conventions:

Tab le 2 Text Conventions

Convention Description

Monospace text Sets off command syntax or sample commands and system

responses.

Bold text Highlights commands that you enter or items you select. Italic text Designates command variables that you replace with

appropriate values, or highlights publication titles or words

requiring special emphasis. [ ] (square brackets) Enclose optional parameters in command syntax. { } (curly brackets) Enclose mandatory parameters in command syntax. | (vertical bar) Separates mutually exclusive options in command syntax. Keyboard key names If you must press two or more keys simultaneously, the key

names are linked with a plus sign (+). Example:

Press Ctrl+Alt+Del

Words in italics Italics are used to:

 Emphasize a point.

 Denote a new term at the place where it is defined in the

text.

 Highlight an example string, such as a username or SSID.

Documentation The MSS documentation set includes the following documents.

 Wireless LAN Switch Manager (3WXM) Release Notes

These notes provide information about the system software release, including new features and bug fixes.

 Wireless LAN Switch and Controller Release Notes

These notes provide information about the system software release, including new features and bug fixes.

 Wireless LAN Switch and Controller Quick Start Guide

This guide provides instructions for performing basic setup of secure (802.1X) and guest (WebAAA Domain for roaming, and for accessing a sample network plan in 3WXM for advanced configuration and management.

™) access, for configuring a Mobility

Documentation Comments 21

 Wireless LAN Switch Manager Reference Manual

This manual shows you how to plan, configure, deploy, and manage a Mobility System wireless LAN (WLAN) using the 3Com Wireless LAN Switch Manager (3WXM).

 Wireless LAN Switch Manager User’s Guide

This guide shows you how to plan, configure, deploy, and manage a Mobility System wireless LAN (WLAN) using the 3Com Wireless LAN Switch Manager (3WXM). It contains information about recommended system requirements you should meet for optimum 3WXM performance, installing 3WXM client and 3WXM Services software, and an introduction to using the 3WXM interface.

 Wireless LAN Switch and Controller Installation and Basic

Configuration Guide

This guide provides instructions and specifications for installing a WX wireless switch in a Mobility System WLAN, and basic instructions for deploying a secure IEEE 802.11 wireless service.

 Wireless LAN Switch and Controller Configuration Guide

Documentation Comments

This guide provides instructions for configuring and managing the system through the Mobility System Software (MSS) CLI.

 Wireless LAN Switch and Controller Command Reference

This reference provides syntax information for all MSS commands supported on WX switches.

Your suggestions are very important to us. They will help make our documentation more useful to you. Please e-mail comments about this document to 3Com at:

pddtechpubs_comments@3com.com

Please include the following information when contacting us:

 Document title  Document part number and revision (on the title page)  Page number (if appropriate)

22 ABOUT THIS GUIDE

Example:

 Wireless LAN Switch and Controller Configuration Guide  Part number 730-9502-0071, Revision B  Page 25

Please note that we can only respond to comments and questions about 3Com product documentation at this e-mail address. Questions related to Technical Support or sales should be directed in the first instance to your network supplier.

USING THE COMMAND-LINE

INTERFACE

This chapter discusses the 3Com Wireless Switch Manager (3WXM) command-line interface (CLI). Described are the CLI conventions (see “CLI Conventions” on page 24), editing on the command line (see “Command-Line Editing” on page 29), using the CLI help feature (see “Using CLI Help” on page 31), and information about the command descriptions in this reference (see “Understanding Command Descriptions” on page 32).

Overview Mobility System Software (MSS) operates a 3Com Mobility System

wireless LAN (WLAN) consisting of 3Com Wireless Switch Manager (3WXM) software and 3Com Wireless LAN Switch or 3Com Wireless LAN Controller (WX switch) and 3Com Wireless LAN Managed Access Point (MAP) hardware. There is a command-line interface (CLI) on the WX switch that you can use to configure and manage the WX and its attached access points.

You configure the wireless LAN switches and access points primarily with set, clear, and display commands. Use set commands to change parameters. Use clear commands to reset parameters to their defaults. In many cases, you can overwrite a parameter with another set command. Use display commands to show the current configuration and monitor the status of network operations.

The wireless LAN switches support two connection modes:

 Administrative access mode, which enables the network administrator

to connect to the WX switch and configure the network

 Network access mode, which enables network users to connect

through the WX switch to access the network

24 CHAPTER 1: USING THE COMMAND-LINE INTERFACE

CLI Conventions Be aware of the following MSS CLI conventions for command entry:

 “Command Prompts” on page 24  “Syntax Notation” on page 24  “Text Entry Conventions and Allowed Characters” on page 25  “User Globs, MAC Address Globs, and VLAN Globs” on page 26  “Port Lists” on page 28  “Virtual LAN Identification” on page 29

Command Prompts By default, the MSS CLI provides the following prompt for restricted

users. The mmmm portion shows the wireless LAN switch model number (for example, 1200) and the aabbcc portion shows the last three octets of the MAC address of the switch.

WXmmmm-aabbcc>

After you become enabled as an administrative user by typing enable and supplying a suitable password, MSS displays the following prompt:

WXmmmm-aabbcc#

For information about changing the CLI prompt on a wireless LAN switch, see “set prompt” on page 53.

Syntax Notation The MSS CLI uses standard syntax notation:

 Bold monospace font identifies the command and keywords you must

type. For example:

set enablepass

 Italics indicate a placeholder for a value. For example, you replace

vlan-id in the following command with a virtual LAN (VLAN) ID:

clear interface vlan-id ip

 Curly brackets ({}) indicate a mandatory parameter, and square

brackets ([]) indicate an optional parameter. For example, you must enter dynamic or port and a port list in the following command, but a VLAN ID is optional:

clear fdb {dynamic | port port-list} [vlan vlan-id]

CLI Conventions 25

 A vertical bar (|) separates mutually exclusive options within a list of

possibilities. For example, you enter either enable or disable, not both, in the following command:

set port {enable | disable} port-list

Text Entry

Conventions and

Allowed Characters

MAC Address

Notation

Unless otherwise indicated, the MSS CLI accepts standard ASCII alphanumeric characters, except for tabs and spaces, and is case-insensitive.

The CLI has specific notation requirements for MAC addresses, IP addresses, and masks, and allows you to group usernames, MAC addresses, virtual LAN (VLAN) names, and ports in a single command.

3Com recommends that you do not use the same name with different capitalizations for VLANs or access control lists (ACLs). For example, do not configure two separate VLANs with the names red and RED.

The CLI does not support the use of special characters including the following in any named elements such as SSIDs and VLANs: ampersand (&), angle brackets (< >), number sign (#), question mark (?), or quotation marks (“”).

In addition, the CLI does not support the use of international characters such as the accented É in DÉCOR.

MSS displays MAC addresses in hexadecimal numbers with a colon (:) delimiter between bytes — for example, 00:01:02:1a:00:01. You can enter MAC addresses with either hyphen (-) or colon (:) delimiters, but colons are preferred.

For shortcuts:

 You can exclude leading zeros when typing a MAC address. MSS

displays of MAC addresses include all leading zeros.

 In some specified commands, you can use the single-asterisk (*)

wildcard character to represent from 1 byte to 5 bytes of a MAC address. (For more information, see “MAC Address Globs” on page 27.)

26 CHAPTER 1: USING THE COMMAND-LINE INTERFACE

IP Address and Mask

Notation

User Globs, MAC

Address Globs, and

VLAN Globs

MSS displays IP addresses in dotted decimal notation — for example,

192.168.1.111. MSS makes use of both subnet masks and wildcard masks.

Subnet Masks

Unless otherwise noted, use classless interdomain routing (CIDR) format to express subnet masks — for example, 192.168.1.112/24. You indicate the subnet mask with a forward slash (/) and specify the number of bits in the mask.

Wildcard Masks

Security access control lists (ACLs) use source and destination IP addresses and wildcard masks to determine whether the wireless LAN switch filters or forwards IP packets. Matching packets are either permitted or denied network access. The ACL checks the bits in IP addresses that correspond to any 0s (zeros) in the mask, but does not check the bits that correspond to 1s (ones) in the mask. You specify the wildcard mask in dotted decimal notation.

For example, the address 10.0.0.0 and mask 0.255.255.255 match all IP addresses that begin with 10 in the first octet.

Name “globbing” is a way of using a wildcard pattern to expand a single element into a list of elements that match the pattern. MSS accepts user globs, MAC address globs, and VLAN globs. The order in which globs appear in the configuration is important, because once a glob is matched, processing stops on the list of globs.

User Globs

A user glob is shorthand method for matching an authentication, authorization, and accounting (AAA) command to either a single user or a set of users.

A user glob can be up to 80 characters long and cannot contain spaces or tabs. The double-asterisk (**) wildcard characters with no delimiter characters match all usernames. The single-asterisk (*) wildcard character matches any number of characters up to, but not including, a delimiter character in the glob. Valid user glob delimiter characters are the at (@) sign and the period (.).

CLI Conventions 27

Table 3 gives examples of user globs.

Tab le 3 User Globs

User Glob User(s) Designated

jose@example.com User jose at example.com *@example.com All users at example.com whose usernames do not

*@marketing.example.com All marketing users at example.com whose

*.*@marketing.example.com All marketing users at example.com whose

* All users with usernames that have no delimiters EXAMPLE\* All users in the Windows Domain EXAMPLE with

EXAMPLE\*.* All users in the Windows Domain EXAMPLE whose

** All users

contain periods — for example, jose@example.com and tamara@example.com, but not nin.wong@example.com, because nin.wong contains a period

usernames do not contain periods

usernames contain periods

usernames that have no delimiters

usernames contain periods

MAC Address Globs

A media access control (MAC) address glob is a similar method for matching some authentication, authorization, and accounting (AAA) and forwarding database (FDB) commands to one or more 6-byte MAC addresses. In a MAC address glob, you can use a single asterisk (*) as a wildcard to match all MAC addresses, or as follows to match from 1 byte to 5 bytes of the MAC address:

00:* 00:01:* 00:01:02:* 00:01:02:03:* 00:01:02:03:04:*

For example, the MAC address glob 02:06:8c* represents all MAC addresses starting with 02:06:8c. Specifying only the first 3 bytes of a MAC address allows you to apply commands to MAC addresses based on an organizationally unique identity (OUI).

28 CHAPTER 1: USING THE COMMAND-LINE INTERFACE

VLAN Globs

A VLAN glob is a method for matching one of a set of local rules on an wireless LAN switch, known as the location policy, to one or more users. MSS compares the VLAN glob, which can optionally contain wildcard characters, against the VLAN-Name attribute returned by AAA, to determine whether to apply the rule.

To match all VLANs, use the double-asterisk (**) wildcard characters with no delimiters. To match any number of characters up to, but not including, a delimiter character in the glob, use the single-asterisk (*) wildcard. Valid VLAN glob delimiter characters are the at (@) sign and the period (.).

For example, the VLAN glob bldg4.* matches bldg4.security and bldg4.hr and all other VLAN names with bldg4. at the beginning.

Matching Order for Globs

In general, the order in which you enter AAA commands determines the order in which MSS matches the user, MAC address, or VLAN to a glob. To verify the order, view the output of the display aaa or display config command. MSS checks globs that appear higher in the list before items lower in the list and uses the first successful match.

Port Lists The physical Ethernet ports on a WX switch can be set for connection to

MAP access points, authenticated wired users, or the network backbone. You can include a single port or multiple ports in one MSS CLI command by using the appropriate list format.

The ports on a WX switch are numbered 1 and 2 (for the 3Com Remote Office Wireless LAN Switch WXR100), 1 through 4 (for the 3Com Wireless LAN Controller WX4400), and 1 through 8 (for the 3Com Wireless Lan Switch WX1200). No port 0 exists on the WX switch. You can include a single port or multiple ports in a command that includes port port-list. Use one of the following formats for port-list:

 A single port number. For example:

WX1200# set port enable 6

 A comma-separated list of port numbers, with no spaces. For

example:

WX1200# display port poe 1,2,4

Command-Line Editing 29

 A hyphen-separated range of port numbers, with no spaces. For

example:

WX1200# reset port 1-3

 Any combination of single numbers, lists, and ranges. Hyphens take

precedence over commas. For example:

WX1200# display port status 1-3,6

Virtual LAN

Identification

The names of virtual LANs (VLANs), which are used in Mobility Domain™ communications, are set by you and can be changed. In contrast, VLAN ID numbers, which the wireless LAN uses locally, are determined when the VLAN is first configured and cannot be changed. Unless otherwise indicated, you can refer to a VLAN by either its VLAN name or its VLAN number. CLI set and display commands use a VLAN’s name or number to uniquely identify the VLAN within the WX.

Command-Line Editing

MSS editing functions are similar to those of many other network operating systems.

Keyboard Shortcuts The following table lists the keyboard shortcuts for entering and editing

CLI commands.

Tab le 4 Keyboard Shortcuts

Keyboard Shortcut(s) Function

Ctrl+A Jumps to the first character of the command line. Ctrl+B or Left Arrow key Moves the cursor back one character. Ctrl+C Escapes and terminates prompts and tasks. Ctrl+D Deletes the character at the cursor. Ctrl+E Jumps to the end of the current command line. Ctrl+F or Right Arrow key Moves the cursor forward one character. Ctrl+K Deletes from the cursor to the end of the command

Ctrl+L or Ctrl+R Repeats the current command line on a new line. Ctrl+N or Down Arrow key Enters the next command line in the history buffer. Ctrl+P or Up Arrow key Enters the previous command line in the history

line.

buffer.

30 CHAPTER 1: USING THE COMMAND-LINE INTERFACE

Tab le 4 Keyboard Shortcuts (continued)

Keyboard Shortcut(s) Function

Ctrl+U or Ctrl+X Deletes characters from the cursor to the beginning

Ctrl+W Deletes the last word typed. Esc B Moves the cursor back one word. Esc D Deletes characters from the cursor forward to the

Delete key or Backspace key Erases mistake made during command entry. Reenter

History Buffer The history buffer stores the last 63 commands you entered during a

terminal session. You can use the Up Arrow and Down Arrow keys to select a command that you want to repeat from the history buffer.

Ta bs The MSS CLI uses the Tab key for command completion. You can type

the first few characters of a command and press the Tab key to show the command(s) that begin with those characters. For example:

WX1200# display i <Tab> ifm display interfaces maintained by the interface manager igmp display igmp information interface display interfaces ip display ip information

of the command line.

end of the word.

the command after using this key.

Single-Asterisk (*)

Wildcard Character

Double-Asterisk (**)

Wildcard Characters

You can use the single-asterisk (*) wildcard character in globbing. (For details, see “User Globs, MAC Address Globs, and VLAN Globs” on page 26.)

The double-asterisk (**) wildcard character matches all usernames. For details, see “User Globs” on page 26.

+ 586 hidden pages