ZyXEL NXC Series Reference Guide

Download

Quick Start Guide

NXC Series

Wireless LAN Controller

Versions: 4.20 Edition 1, 01/2015

CLI Reference Guide

Default Login Details

IP Address https://192.168.1.1 User Name admin Password 1234

www.zyxel.com

ZyXEL Communications Corporation

 IMPORTANT!

READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE.

This is a Reference Guide for a series of products intended for people who want to configure the NXC via Command Line Interface (CLI).

 Some commands or command options in this guide may not be available in your

product. See your product's User’s Guide for a list of supported features. Every effort has been made to ensure that the information in this guide is accurate.

How To Use This Guide

1 Read Chapter 1 on page 15 for how to access and use the CLI (Command Line Interface). 2 Read Chapter 2 on page 31 to learn about the CLI user and privilege modes.

 Do not use commands not documented in this guide.

Contents Overview

Command Line Interface ........................................................................................................... 15

User and Privilege Modes ......................................................................................................... 31

Object Reference ................ ... ... ... .... ... ... ... ... ....................................... ... .... ... ... ... .... ... ... ... .......... 35

Status ............................................................... ...................... ....................... ............................. 37

Registration ............................................................................................................................... 41

Interfaces ..................................... ....................................................... ....................................... 47

Route ......................................................................................................................................... 65

AP Management ........................................................................................................................ 73

AP Group ................................................................................................................................... 79

Wireless LAN Profiles ...................... ... ... ... ... .... ...................................... .... ... ... ... .... ... ... ... .......... 87

Rogue AP ................................................................................................................................ 105

Wireless Frame Capture ..................... ... ... ... .... ... ... ... .... ... ... ... .... ... ... ... ... .... ... ........................... 109

Dynamic Channel Selection .....................................................................................................111

Auto-Healing ....................................... ....................................................... ...............................113

Dynamic Guest .........................................................................................................................115

LEDs ............................... .................................................... ......................................................119

Zones .................................. ................... ................... .................... ................... ........................121

ALG ......................................................................................................................................... 125

Captive Portal .......................................................................................................................... 127

RTLS ........................................................................................................................................ 133

Firewall .................................................................................................................................... 135

User/Group .............................................................................................................................. 143

Addresses .............................. ................... .................... ................... ................... ..................... 151

Services ................................. ....................................................... ........................................... 155

Schedules ................................. ................................................. .............................................. 159

AAA Server .............................................................................................................................. 161

Authentication Objects ................. .... ... ... ... ... ....................................... ... .... ... ... ... .... ... ... ... ........ 167

Authentication Server ............................................... .... ... ... ... .... ... ........................................... 171

ENC ......................................................................................................................................... 173

Certificates ................................... ....................... ....................... ...................... ........................ 177

System ................................... ...................... ....................... ....................... .............................. 181

System Remote Management ................................................................................................. 187

DHCPv6 Objects ..................................................................................................................... 199

File Manager ............................................................................................................................ 201

Logs ....................................... .................................................... .............................................. 219

Reports and Reboot ................................................................................................................ 227

Session Timeout ....................... ... .... ... ... ... ... ....................................... ... .... ... ... ... .... ................. 233

Diagnostics .............................................................................................................................. 235

NXC CLI Reference Guide

Contents Overview

Packet Flow Explore ................................................................................................................ 237

Maintenance Tools ...................................................................................................................239

Watchdog Timer ....................................................................................................................... 245

Managed AP Commands ................ ... ... ... ... .... ... ... ... .... ... ... ... ....................................... ... ... .... . 249

List of Commands .................................................................................................................... 255

NXC CLI Reference Guide

Table of Contents

Contents Overview...............................................................................................................................3

Table of Contents .................................................................................................................................5

Chapter 1

Command Line Interface....................................................................................................................15

1.1 Overview ................... ... ... .... ... ... ... .... ... ....................................... ... ... ... ..............................................15

1.1.1 The Configuration File .............................................................................................................15

1.2 Accessing the CLI .............................................................................................................................15

1.2.1 Console Port .................... ... .... ... ... ... ....................................... ... ... .... ... ... ... ..............................16

1.2.2 Web Configurator Console ......................................................................................................17

1.2.3 Telnet ..... ... .... ... ... ... .... ... ....................................... ...................................... .... ..........................20

1.2.4 SSH (Secure SHell) .................................................................................................................20

1.3 How to Find Commands in this Guide ...............................................................................................21

1.4 How Commands Are Explained ........................................................................................................21

1.4.1 Background Information ..... .... ... ... ... ... .... ... ... ... .... ... ....................................... ... ... ... ... .... ..........21

1.4.2 Command Input Values ...........................................................................................................21

1.4.3 Command Summary ............... ... ... ... ... .... ...................................... .... ... ... ... .... ... ... ... ... .... ..........22

1.4.4 Command Examples .................................... ... ....................................... ... .... ... ... ... .................22

1.4.5 Command Syntax ............................... .... ... ....................................... ... ... ... .... ... ... ....................22

1.4.6 Changing the Password ..........................................................................................................22

1.5 CLI Modes ....... ....................................... ... ... ....................................... ... .... ... ....................................22

1.6 Shortcuts and Help ............................................................................................................................23

1.6.1 List of Available Commands ....................................................................................................23

1.6.2 List of Sub-commands or Required User Input .......................................................................24

1.6.3 Entering Partial Commands ....... ... ... ... .... ... ... ... .... ...................................... .... ... ... ... ... .... ... .......25

1.6.4 Entering a ? in a Command .....................................................................................................25

1.6.5 Command History ............... .... ... ... ....................................... ... ... ... .... ... ... .................................25

1.6.6 Navigation .............. .... ... ... ....................................... ... ... .... ... ... .................................................25

1.6.7 Erase Current Command ................. ... .... ... ..............................................................................25

1.6.8 The no Commands ..................................................................................................................25

1.7 Input Values .................... .... ... ... ... .... ... ....................................... ... ... ... ..............................................26

1.8 Saving Configuration Changes .........................................................................................................29

1.9 Logging Out .................................. .... ...................................... .... ... ... .................................................29

Chapter 2

User and Privilege Modes..................................................................................................................31

2.1 User And Privilege Modes .................................................................................................................31

2.1.1 Debug Commands ........... ... .... ...................................... .... ... ... ... ... .... .......................................33

NXC CLI Reference Guide

Table of Contents

Chapter 3

Object Reference................................................................................................................................35

3.1 Object Reference Commands ...........................................................................................................35

3.1.1 Object Reference Command Example ....................................................................................36

Chapter 4

Status...................................................................................................................................................37

4.1 Status Show Commands ...................................................................................................................37

Chapter 5

Registration.........................................................................................................................................41

5.1 myZyXEL.com overview ............................... .... ... ... ... .... ... ... ....................................... ... ... .................41

5.1.1 Subscription Services Available on the NXC ...........................................................................41

5.2 Registration Commands ............................ ........................................................................................42

5.2.1 Command Examples .................................... ... ....................................... ... .... ... ... ... .................42

5.3 Country Code ............ ... ... .... ...................................... .... ... ... ... .... ... ....................................................43

Chapter 6

Interfaces.............................................................................................................................................47

6.1 Interface Overview ....................... .... ... ... ... ....................................... ... ... .... ... ... ... .... ... .......................47

6.1.1 Types of Interfaces ................................. ... ... ... .... ... ....................................... ... ... ... ... ..............47

6.2 Interface General Commands Summary ...........................................................................................47

6.2.1 Basic Interface Properties and IP Address Commands ..........................................................48

6.2.2 DHCP Setting Commands ............... ....................................... ... ... .... ... ... ... ..............................52

6.2.3 Connectivity Check (Ping-check) Commands .........................................................................56

6.3 Ethernet Interface Specific Commands ............................ ... ... .... ... ... ... ... .... ... ... ... ..............................57

6.3.1 MAC Address Setting Commands ...........................................................................................57

6.4 Port Commands ........................ ... .... ...................................... .... ... ... ... ... ...........................................58

6.5 Port Role Commands ........................................................................................................................59

6.5.1 Port Role Examples .................................................................................................................59

6.6 USB Storage Specific Commands ....................................................................................................59

6.6.1 USB Storage General Commands Example ............................................................................61

6.7 VLAN Interface Specific Commands ...................... ... .... ... ....................................... ... ... ....................61

6.7.1 VLAN Interface Examples .. .... ... ... ... ... .... ...................................... .... ... ... ... .... ... .......................63

Chapter 7

Route....................................................................................................................................................65

7.1 Policy Route ....... .... ...................................... .... ... ... ....................................... ... ... .... ..........................65

7.2 Policy Route Commands ...................................................................................................................65

7.2.1 Assured Forwarding (AF) PHB for DiffServ .............................................................................68

7.2.2 Policy Route Command Example ............................................................................................69

7.3 IP Static Route ..................................................................................................................................69

7.4 Static Route Commands ...................................................................................................................70

NXC CLI Reference Guide

Table of Contents

7.4.1 Static Route Commands Example ...........................................................................................70

7.5 Learned Routing Information Commands ..................... ... ... ... .... ... ... ... ... .... ... ... ... .... ... ... ... ... .... ... ... . ...71

7.5.1 show ip route Command Example .......................... .......................... ......................... .............. 71

Chapter 8

AP Management..................................................................................................................................73

8.1 AP Management Overview ...............................................................................................................73

8.2 AP Management Commands .............. ... ... ... .....................................................................................74

8.2.1 AP Management Commands Example ...................................................................................78

Chapter 9

AP Group.............................................................................................................................................79

9.1 Wireless Load Balancing Overview ...................................................................................................79

9.2 AP Group Commands .......................................................................................................................79

9.2.1 AP Group Examples ................................................................................................................83

Chapter 10

Wireless LAN Profiles ........................................................................................................................87

10.1 Wireless LAN Profiles Overview .....................................................................................................87

10.2 AP Radio & Monitor Profile Commands ......................... .................................................................87

10.2.1 AP Radio & Monitor Profile Commands Example ... ... .... ... ... ... ... .... ... ... ... .... ... ... ... ... .... ... .......92

10.3 SSID Profile Commands .................................................................................................................93

10.3.1 SSID Profile Example ............................................................................................................95

10.4 Security Profile Commands ............................ ...... ....... ... ...... ....... ...... ....... ...... ....... ...... ...... ..............95

10.4.1 Security Profile Example .......................................................................................................98

10.5 MAC Filter Profile Commands .............. ...... ....... ...... ....... ...... ....... ... ...... ....... ...... ....... ...... .................99

10.5.1 MAC Filter Profile Example ...................................................................................................99

10.6 Layer-2 Isolation Profile Commands .............................................................................................100

10.6.1 Layer-2 Isolation Profile Example ........................................................................................101

10.7 ZyMesh Profile Commands ...........................................................................................................101

Chapter 11

Rogue AP...........................................................................................................................................105

11.1 Rogue AP Detection Overview ......................................................................................................105

11.2 Rogue AP Detection Commands ..................................................................................................105

11.2.1 Rogue AP Detection Examples ............................................................................................106

11.3 Rogue AP Containment Overview .................................................................................................107

11.4 Rogue AP Containment Commands .............................................................................................108

11.4.1 Rogue AP Containment Example ........................................................................................108

Chapter 12

Wireless Frame Capture...................................................................................................................109

12.1 Wireless Frame Capture Overview ...................................... .... ... ... ... ... .... ... ..................................109

NXC CLI Reference Guide

Table of Contents

12.2 Wireless Frame Capture Commands ...................... .... ... ... ... .... ... ... ... ....................................... .....109

12.2.1 Wireless Frame Capture Examples .....................................................................................110

Chapter 13

Dynamic Channel Selection.............................................................................................................111

13.1 DCS Overview ............................................................................................................................... 111

13.2 DCS Commands ........................................................................................................................... 111

Chapter 14

Auto-Healing .....................................................................................................................................113

14.1 Auto-Healing Overview .................................................................................................................113

14.2 Auto-Healing Commands ..............................................................................................................113

14.2.1 Auto-Healing Examples .......................................................................................................114

Chapter 15

Dynamic Guest..................................................................................................................................115

15.1 Dynamic Guest Overview ..............................................................................................................115

15.2 Dynamic Guest Commands ..........................................................................................................115

15.2.1 Dynamic Guest Examples ...................................................................................................117

Chapter 16

LEDs...................................................................................................................................................119

16.1 LED Suppression Mode ............................. .... ... ... ... .... ... ... ... .........................................................119

16.2 LED Suppression Commands ........ ... ... ... ......................................................................................119

16.2.1 LED Suppression Commands Example ..............................................................................120

16.3 LED Locator ..................................................................................................................................120

16.4 LED Locator Commands ...............................................................................................................120

16.4.1 LED Locator Commands Example ......................................................................................120

Chapter 17

Zones.................................................................................................................................................121

17.1 Zones Overview ............................................................................................................................121

17.2 Zone Commands Summary ..........................................................................................................122

17.2.1 Zone Command Examples ..................................................................................................123

Chapter 18

ALG ....................................................................................................................................................125

18.1 ALG Introduction ...........................................................................................................................125

18.2 ALG Commands ............................................................................................................................126

18.3 ALG Commands Example .............................................................................................................126

Chapter 19

Captive Portal....................................................................................................................................127

NXC CLI Reference Guide

Table of Contents

19.1 Captive Portal Overview ................................................................................................................127

19.1.1 Web Authentication Policy Commands ........................................... ... ... ... .... ... ... ... ... .... ... ... ..127

19.1.2 qrcode-auth-profile Commands ........................................................................................... 130

19.1.3 page-customization Commands ..........................................................................................131

19.1.4 Customizing the User Logout Page .....................................................................................132

Chapter 20

RTLS ..................................................................................................................................................133

20.1 RTLS Introduction .........................................................................................................................133

20.2 RTLS Commands ..........................................................................................................................133

Chapter 21

Firewall ..............................................................................................................................................135

21.1 Firewall Overview ..........................................................................................................................135

21.2 Firewall Commands .............................................................................................................. ........136

21.2.1 Firewall Sub-Commands .....................................................................................................138

21.2.2 Firewall Command Examples ..............................................................................................139

21.3 Session Limit Commands .............................................................................................................140

Chapter 22

User/Group........................................................................................................................................143

22.1 User Account Overview .................................................................................................................143

22.1.1 User Types ..........................................................................................................................143

22.2 User/Group Commands Summary .......................... ....................................... ...............................144

22.2.1 User Commands ..................................................................................................................144

22.2.2 User Group Commands .......................................................................................................145

22.2.3 User Setting Commands .....................................................................................................145

22.2.4 MAC Auth Commands .........................................................................................................147

22.2.5 Additional User Commands .................................................................................................148

Chapter 23

Addresses .........................................................................................................................................151

23.1 Address Overview .........................................................................................................................151

23.2 Address Commands Summary .....................................................................................................152

23.2.1 Address Object Commands .................................................................................................152

23.2.2 Address Group Commands ................................................................................................. 153

Chapter 24

Services.............................................................................................................................................155

24.1 Services Overview ........................................................................................................................155

24.2 Services Commands Summary .....................................................................................................155

24.2.1 Service Object Commands ................................ ...................................................... ............155

24.2.2 Service Group Commands ..................................................................................................156

NXC CLI Reference Guide

Table of Contents

Chapter 25

Schedules..........................................................................................................................................159

25.1 Schedule Overview .......................................................................................................................159

25.2 Schedule Commands Summary ...................................................................................................159

25.2.1 Schedule Command Examples ...........................................................................................160

Chapter 26

AAA Server........................................................................................................................................161

26.1 AAA Server Overview ...................................................................................................................161

26.2 Authentication Server Command Summary ................................ ... ... ... .... ... ..................................161

26.2.1 aaa group server ad Commands .........................................................................................162

26.2.2 aaa group server ldap Commands ......................................................................................163

26.2.3 aaa group server radius Commands ...................................................................................164

26.2.4 aaa group server Command Example .................................................................................166

Chapter 27

Authentication Objects.....................................................................................................................167

27.1 Authentication Objects Overview ..................................................................................................167

27.2 aaa authentication Commands .....................................................................................................167

27.2.1 aaa authentication Command Example ...............................................................................168

27.3 test aaa Command ........................................................................................................................169

27.3.1 Test a User Account Command Example ............................................................................169

Chapter 28

Authentication Server ......................................................................................................................171

28.1 Authentication Server Overview ........................... .................................... .....................................171

28.2 Authentication Server Commands ................................................................................................171

28.2.1 Authentication Server Command Examples ........................................................................172

Chapter 29

ENC ....................................................................................................................................................173

29.1 ENC Overview ...............................................................................................................................173

29.2 ENC-Agent Commands .................................................................................................................173

29.2.1 ENC-Agent Command Examples ........................................................................................175

Chapter 30

Certificates........................................................................................................................................177

30.1 Certificates Overview ....................................................................................................................177

30.2 Certificate Commands ...................................................................................................................177

30.3 Certificates Commands Input Values ............................................. ... ... .... ... ... ... .... ... .....................177

30.4 Certificates Commands Summary .......................... .... ... ... ... .... ... ... ... ... .... ... ... ... .... ... ... ..................178

30.5 Certificates Commands Examples .... ... ... ... .... ... ... ... .... ... ... ... .... ......................................... .... ... ... ..180

NXC CLI Reference Guide

Table of Contents

Chapter 31

System...............................................................................................................................................181

31.1 System Overview ..........................................................................................................................181

31.2 Customizing the WWW Login Page ..............................................................................................181

31.3 Host Name Commands .................................................................................................................183

31.4 Time and Date ..............................................................................................................................183

31.4.1 Date/Time Commands .................................................... ............................................. ........184

31.5 Console Port Speed .....................................................................................................................185

31.6 DNS Overview ..............................................................................................................................185

31.6.1 DNS Commands ..................................................................................................................185

31.6.2 DNS Command Example ....................................................................................................186

Chapter 32

System Remote Management..........................................................................................................187

32.1 Remote Management Overview .................................................................................................... 187

32.1.1 Remote Management Limitations ........................................................................................187

32.1.2 System Timeout ...................................................................................................................187

32.2 Common System Command Input Values ....................................................................................188

32.3 HTTP/HTTPS Commands .............................................................................................................188

32.3.1 HTTP/HTTPS Command Examples ....................................................................................189

32.4 SSH ...............................................................................................................................................190

32.4.1 SSH Implementation on the NXC ........................................................................................190

32.4.2 Requirements for Using SSH ................................... ... .... ... ... ... ... .........................................190

32.4.3 SSH Commands ..................................................................................................................190

32.4.4 SSH Command Examples ...................................................................................................191

32.5 Telnet ............................................................................................................................................191

32.6 Telnet Commands .........................................................................................................................192

32.6.1 Telnet Commands Examples ................................................... ............................................ 192

32.7 Configuring FTP ...........................................................................................................................193

32.7.1 FTP Commands ..................................................................................................................193

32.7.2 FTP Commands Examples ..................................................................................................193

32.8 SNMP ...........................................................................................................................................194

32.8.1 Supported MIBs ...................................................................................................................194

32.8.2 SNMP Traps ........................................................................................................................194

32.8.3 SNMP Commands ...............................................................................................................195

32.8.4 SNMP Commands Examples ..............................................................................................196

32.9 TR-069 ..........................................................................................................................................196

32.9.1 TR-069 Commands .............................................................................................................197

32.9.2 TR-069 Commands Examples ............................................................................................198

32.10 Language Commands .................................................................................................................198

Chapter 33

DHCPv6 Objects................................................................................................................................199

NXC CLI Reference Guide

Table of Contents

33.1 DHCPv6 Object Commands Summary .........................................................................................199

33.1.1 DHCPv6 Object Commands ................................................................................................199

33.1.2 DHCPv6 Object Command Examples .................................................................................200

Chapter 34

File Manager......................................................................................................................................201

34.1 File Directories ..............................................................................................................................201

34.2 Configuration Files and Shell Scripts Overview ............... ....................................... ... ..................201

34.2.1 Comments in Configuration Files or Shell Scripts ...............................................................202

34.2.2 Errors in Configuration Files or Shell Scripts .......................................................................203

34.2.3 NXC Configuration File Details ................................ ............................................................203

34.2.4 Configuration File Flow at Restart .......................................................................................204

34.3 File Manager Commands Input Values .........................................................................................204

34.4 File Manager Commands Summary .............................................................................................205

34.5 File Manager Command Example ........................ ....... ...... ... ....... ...... ....... ...... ....... ...... ...... .... ........206

34.6 FTP File Transfer ..........................................................................................................................206

34.6.1 Command Line FTP File Upload .........................................................................................206

34.6.2 Command Line FTP Configuration File Upload Example ....................................................207

34.6.3 Command Line FTP File Download .....................................................................................207

34.6.4 Command Line FTP Configuration File Download Example ...............................................208

34.7 Firmware Update Scheduling Commands ....................................................................................208

34.8 NXC File Usage at Startup ............................................................................................................208

34.9 Notification of a Damaged Recovery Image or Firmware .............................................................209

34.10 Restoring the Recovery Image (NXC5200 Only) ........................................................................210

34.11 Restoring the Firmware ...............................................................................................................212

34.12 Restoring the Default System Database .....................................................................................215

34.12.1 Using the atkz -u Debug Command (NXC5200 Only) .......................................................216

Chapter 35

Logs...................................................................................................................................................219

35.1 Log Commands Summary ............................................................................................................219

35.1.1 Log Entries Commands .......................................................................................................220

35.1.2 System Log Commands ......................................................................................................220

35.1.3 Debug Log Commands ........................................................................................................221

35.1.4 E-mail Profile Log Commands .............................................................................................222

35.1.5 Console Port Log Commands .............................................................................................224

35.1.6 Access Point Logging Commands .............................. ....................... ...................... ............224

Chapter 36

Reports and Reboot..........................................................................................................................227

36.1 Report Commands Summary ........................................................................................................227

36.1.1 Report Commands ..............................................................................................................227

36.1.2 Report Command Examples ...............................................................................................228

NXC CLI Reference Guide

Table of Contents

36.1.3 Session Commands ............................................................................................................228

36.2 Email Daily Report Commands ............................ .........................................................................229

36.2.1 Email Daily Report Example .......................... .......................................................... ............231

36.3 Reboot ...........................................................................................................................................232

Chapter 37

Session Timeout...............................................................................................................................233

Chapter 38

Diagnostics .......................................................................................................................................235

38.1 Diagnostics ....................................................................................................................................235

38.2 Diagnosis Commands ...................................................................................................................235

38.3 Diagnosis Commands Example ....................................................................................................235

Chapter 39

Packet Flow Explore.........................................................................................................................237

39.1 Packet Flow Explore .....................................................................................................................237

39.2 Packet Flow Explore Commands ...................... ............................................................................237

39.3 Packet Flow Explore Commands Example ...................................................................................238

Chapter 40

Maintenance Tools............................................................................................................................239

40.1 Maintenance Tools Commands ................................................................................................ .....239

40.1.1 Command Examples ...........................................................................................................241

Chapter 41

Watchdog Timer................................................................................................................................245

41.1 Hardware Watchdog Timer .................. ... ... .... ...................................... .... ... ... ... .... ... ... ... ... ............245

41.2 Software Watchdog Timer .............................................................. ... ... .... ... ... ... .... ... ... ... ...............245

41.3 Application Watchdog ...................................................................................................................246

41.3.1 Application Watchdog Commands Example ........................................................................247

Chapter 42

Managed AP Commands..................................................................................................................249

42.1 Managed Series AP Commands Overview ...................................................................................249

42.2 Accessing the AP CLI ...................................................................................................................249

42.3 CAPWAP Client Commands .........................................................................................................250

42.3.1 CAPWAP Client Commands Example .................................................................................251

42.4 DNS Server Commands ................................................................................................................252

42.4.1 DNS Server Commands Example ....................................................................................... 252

42.4.2 DNS Server Commands and DHCP ........................ ....................................................... .....253

List of Commands ............................................................................................................................255

NXC CLI Reference Guide

Table of Contents

NXC CLI Reference Guide

CHAPTER 1

Command Line Interface

This chapter describes how to access and use the CLI (Command Line Interface).

1.1 Overview

If you have problems with your NXC, customer support may request that you issue some of these commands to assist them in troubleshooting.

 Use of undocumented commands or misconfiguration can damage the NXC

and possibly render it unusable.

1.1.1 The Configuration File

When you configure the NXC using either the CLI (Command Line Interface) or the web configurator, the settings are saved as a series of commands in a configuration file on the NXC. You can store more than one configuration file on the NXC. However, only one configuration file is used at a time.

You can perform the following with a configuration file:

• Back up NXC configuration once the NXC is set up to work in your network.

• Restore NXC configuration.

• Save and edit a configuration file and upload it to multiple NXCs in your network to have the same settings.

 You may also edit a configuration file using a text editor.

1.2 Accessing the CLI

You can access the CLI using a terminal emulation program on a computer connected to the console port, from the web configurator or access the NXC using Telnet or SSH (Secure SHell).

NXC CLI Reference Guide

Chapter 1 Command Line Interface

 The NXC might force you to log out of your session if reauthentication time,

lease time, or idle timeout is reached. See Chapter 22 on page 143 for more information about these settings.

1.2.1 Console Port

The default settings for the console port are as follows.

Table 1 Managing the NXC: Console Port

SETTING VALUE

Speed 115200 bps Data Bits 8 Parity None Stop Bit 1 Flow Control Off

When you turn on your NXC, it performs several internal tests as well as line initialization. You can view the initialization information using the console port.

• Garbled text displays if your terminal emulation program’s speed is set lower than the NXC’s.

• No text displays if the speed is set higher than the NXC’s.

• If changing your terminal emulation program’s speed does not get anything to display, restart the NXC.

• If restarting the NXC does not get anything to display, contact your local customer support.

Figure 1 Console Port Power-on Display

Flash: 8 MiB

BootModule Version: V0.9.1 | 2012-12-28 13:01:22 DRAM: Size = 1024 Mbytes

DRAM POST: Testing: 262144K

After the initialization, the login screen displays.

Figure 2 Login Screen

Welcome to NXC

Username:

NXC CLI Reference Guide

Chapter 1 Command Line Interface

Enter the user name and password at the prompts.

 The default login username is admin and password is 1234. The username

and password are case-sensitive.

1.2.2 Web Configurator Console

The Console allows you to use CLI commands from directly within the Web Configurator rather than having to use a separate terminal program. In addition to logging in directly to the NXC’s CLI, you can also log into other devices on the network through this Console. It uses SSH to establish a connection.

 To view the functions in the Web Configurator user interface that correspond

directly to specific NXC CLI commands, use the CLI Messages window (described in the User’s Guide) in tandem with this one.

Figure 3 Console

NXC CLI Reference Guide

Chapter 1 Command Line Interface

The following table describes the elements in this screen.

Table 2 Console

LABEL DESCRIPTION

Command Line

Enter commands for the device that you are currently logged into here. If you are logged into the NXC, see the CLI Reference Guide for details on using the command line to configure it.

Device IP Address

This is the IP address of the device that you are currently logged into.

Logged-In User

This displays the username of the account currently logged into the NXC through the Console Window.

Y ou can log into the Web Configurator with a different account than used to log into the NXC through the Console.

Connection Status

This displays the connection status of the account currently logged in. If you are logged in and connected, then this displays ‘Connected’. If you lose the connection, get disconnected, or logout, then this displays ‘Not

Connected’.

Tx/RX Activity Monitor

This displays the current upload / download activity. The faster and more frequently an LED flashes, the faster the data connection.

Before you use the Console, ensure that:

• Your web browser of choice allows pop-up windows from the IP address assigned to your NXC.

• Your web browser allows Java programs.

• You are using the latest version of the Java program (http://www.java.com).

To login in through the Console:

1 Click the Console button on the Web Configurator title bar.

NXC CLI Reference Guide

Chapter 1 Command Line Interface

2 Enter the IP address of the NXC and click OK.

3 Next, enter the user name of the account being used to log into your target device and

then click OK.

4 You may be prompted to authenticate your account password, depending on the type of

device that you are logging into. Enter the password and click OK.

NXC CLI Reference Guide

Chapter 1 Command Line Interface

5 If your login is successful, the command line appears and the status bar at the bottom of

the Console updates to reflect your connection state.

1.2.3 Telnet

Use the following steps to Telnet into your NXC.

1 If your computer is connected to the NXC over the Internet, skip to the next step. Make

sure your computer IP address and the NXC IP address are on the same subnet.

2 In Windows, click Start (usually in the bottom left corner) and Run. Then type

and the NXC’s IP address. For example, enter telnet 192.168.1.1 (the default management IP address).

3 Click OK. A login screen displays. Enter the user name and password at the prompts.

telnet

 The default login username is admin and password is 1234. The username

and password are case-sensitive.

1.2.4 SSH (Secure SHell)

You can use an SSH client program to access the CLI. The following figure shows an example using a text-based SSH client program. Refer to the documentation that comes with your SSH program for information on using it.

 The default login username is admin and password is 1234. The username

and password are case-sensitive.

NXC CLI Reference Guide

Figure 4 SSH Login Example

C:\>ssh2 admin@192.168.1.1 Host key not found from database. Key fingerprint: xolor-takel-fipef-zevit-visom-gydog-vetan-bisol-lysob-cuvun-muxex You can get a public key's fingerprint by running % ssh-keygen -F publickey.pub on the keyfile. Are you sure you want to continue connecting (yes/no)? yes

Host key saved to C:/Documents and Settings/user/Application Data/SSH/ hostkeys/ ey_22_192.168.1.1.pub host key for 192.168.1.1, accepted by user Tue Aug 09 2005 07:38:28 admin's password: Authentication successful.

1.3 How to Find Commands in this Guide

Chapter 1 Command Line Interface

You can simply look for the feature chapter to find commands. In addition, you can use the

List of Commands at the end of the guide. This section lists the commands in alphabetical

order that they appear in this guide. If you are looking at the CLI Reference Guide electronically, you might have additional

options (for example, bookmarks or Find...) as well.

1.4 How Commands Are Explained

Each chapter explains the commands for one keyword. The chapters ar e divided into the following sections.

1.4.1 Background Information

 See the User’s Guide for background information about most features.

This section provides background information about features that you cannot configure in the web configurator. In addition, this section identifies related commands in other chapters.

1.4.2 Command Input Values

This section lists common input values for the commands for the feature in one or more tables

NXC CLI Reference Guide

Chapter 1 Command Line Interface

1.4.3 Command Summary

This section lists the commands for the feature in one or more tables.

1.4.4 Command Examples

This section contains any examples for the commands in this feature.

1.4.5 Command Syntax

The following conventions are used in this guide.

• A command or keyword in courier new must be entered literally as shown. Do not abbreviate.

• Values that you need to provide are in italics.

• Required fields that have multiple choices are enclosed in curly brackets

• A range of numbers is enclosed in angle brackets

• Optional fields are enclosed in square brackets

•The

| symbol means OR.

{}.

<>.

[].

For example, look at the following command to create a TCP/UDP service object.

service-object object-name {tcp | udp} {eq <1..65535> | range <1..65535> <1..65535>}

1 Enter service-object exactly as it appears. 2 Enter the name of the object where you see object-name. 3 Enter

tcp or udp, depending on the service object you want to create.

4 Finally , do one of the following.

•Enter

eq exactly as it appears, followed by a number between 1 and 65535. range exactly as it appears, followed by two numbers between 1 and 65535.

1.4.6 Changing the Password

It is highly recommended that you change the password for accessing the NXC. See Section

22.2 on page 144 for the appropriate commands.

1.5 CLI Modes

You run CLI commands in one of several modes.

Table 3 CLI Modes

USER PRIVILEGE CONFIGURATION SUB-COMMAND

What Guest users can do

What User users can do

Unable to access Unable to access Unable to access Unable to access

• Look at (but not run) available commands

Unable to access Unable to access Unable to access

NXC CLI Reference Guide

Chapter 1 Command Line Interface

Table 3 CLI Modes (continued)

USER PRIVILEGE CONFIGURATION SUB-COMMAND

What LimitedAdmin users can

What Admin users can do

How you enter it Log in to the NXC Type enable in User

What the prompt looks like

How you exit it Type exit Type disable Type exit Type exit

• Look at system information (like Status screen)

• Run basic diagnostics

• Look at system information (like Status screen)

• Run basic diagnostics

Router> Router# Router(config)# (varies by part)

• Look at system information (like Status screen)

• Run basic diagnostics

• Look at system information (like Status screen)

• Run basic diagnostics

mode

Unable to access Unable to access

• Configure simple features (such as an address object)

• Create or remove complex parts (such as an interface)

Type configure

terminal in User or Privilege mode

• Configure complex parts (such as an interface) in the NXC

Type the command used to create the specific part in Configuration mode

Router(zone)# Router(configif-ge)# ...

See Chapter 22 on page 143 for more information about the user types. User users can only log in, look at (but not run) the available commands in User mode, and log out. Limited- Admin users can look at the configuration in the web configurator and CLI, and they can run basic diagnostics in the CLI. Admin users can configure the NXC in the web configurator or CLI.

At the time of writing, there is not much difference between User and Privilege mode for admin users. This is reserved for future use.

1.6 Shortcuts and Help

1.6.1 List of Available Commands

A list of valid commands can be found by typing ? or [TAB] at the command prompt. To view a list of available commands within a command group, enter

[TAB].

NXC CLI Reference Guide

Chapter 1 Command Line Interface

Figure 5 Help: Available Commands Example 1

Router> ? <cr> apply atse clear configure

------------------[Snip]-------------------shutdown telnet test traceroute write Router>

Figure 6 Help: Available Command Example 2

Router> show ? <wlan ap interface> aaa access-page account ad-server address-object

------------------[Snip]-------------------wlan workspace zone Router> show

1.6.2 List of Sub-commands or Required User Input

To view detailed help information for a command, enter <command> <sub command> ?.

Figure 7 Help: Sub-command Information Example

Router(config)# ip telnet server ? ; <cr> port rule | Router(config)# ip telnet server

Figure 8 Help: Required User Input Example

Router(config)# ip telnet server port ? <1..65535> Router(config)# ip telnet server port

NXC CLI Reference Guide

1.6.3 Entering Partial Commands

The CLI does not accept partial or incomplete commands. You may enter a unique part of a command and press

[TAB] to have the NXC automatically display the full command.

Chapter 1 Command Line Interface

For example, if you enter

config and press [TAB] , the full command of configure

automatically displays. If you enter a partial command that is not unique and press

commands that start with the partial command.

Figure 9 Non-Unique Partial Command Example

Router# c [TAB] clear configure copy Router# co [TAB] configure copy

1.6.4 Entering a ? in a Command

Typing a ? (questio n mark) usually displays help information. However, some commands allow you to input a ?, for example as part of a string. Press [CTRL+V] on your keyboard to enter a ? without the NXC treating it as a help query.

1.6.5 Command History

The NXC keeps a list of commands you have entered for the current CLI session. You can use any commands in the history again by pressing the up () or down () arrow key to scroll through the previously used commands and press

[TAB], the NXC displays a list of

[ENTER].

1.6.6 Navigation

Press [CTRL]+A to move the cursor to the beginning of the line. Press [CTRL]+E to move the cursor to the end of the line.

1.6.7 Erase Current Command

Press [CTRL]+U to erase whatever you have currently typed at the prompt (before pressing

[ENTER]).

1.6.8 The no Commands

When entering the no commands described in this document, you may not need to type the whole command. For example, with the “[no] mss <536..1452>” command, you use “mss 536” to specify the MSS value. But to disable the MSS setting, you only need to type “no mss” instead of “no mss 536”.

NXC CLI Reference Guide

Chapter 1 Command Line Interface

1.7 Input Values

You can use the ? or [TAB] to get more information about the next input value that is required for a command. In some cases, the next input value is a string whose length and allowable characters may not be displayed in the screen. For example, in the following example, the next input value is a string called

Router# configure terminal Router(config)# interface ge1 Router(config-if-ge)# description <description>

<description>.

The following table provides more information about input values like

<description>.

Table 4 Input-Value Formats for Strings in CLI Commands

TAG # VALUES LEGAL VALUES

* 1*

all -- ALL

authentication key 32-40

16-20

Used in MD5 authentication keys and text authentication key

0-16 alphanumeric or _-

Used in text authentication keys

0-8 alphanumeric or _-

certificate name 1-31 alphanumeric or ;`~!@#$%^&()_+[\]{}',.=-

community string 0-63 alphanumeric or .-

connection_id 1+ alphanumeric or -_:

contact 1-61 alphanumeric, spaces, or '()+,/:=?;!*#@$_%-.

country code 0 or 2 alphanumeric

custom signature file name

description Used in keyword criteria for log entries

distinguished name 1-511 alphanumeric, spaces, or .@=,_-

domain name 0+ lower-case letters, numbers, or .-

email 1-63 alphanumeric or .@_-

0-30 alphanumeric or _-.

1-64 alphanumeric, spaces, or '()+,/:=?;!*#@$_%-.

Used in other commands

1-61 alphanumeric, spaces, or '()+,/:=?;!*#@$_%-

Used in ip dns server

1-248 alphanumeric or .-

Used in domainname, ip dhcp pool, and ip domain

1-255 alphanumeric or ._-

“0x” or “0X” + 32-40 hexadecimal values alphanumeric or ;|`~!@#$%^&*()_+\\{}':,./<>=-

first character: alphanumeric or -

first character: letter

first character: alphanumeric or -

NXC CLI Reference Guide

Chapter 1 Command Line Interface

Table 4 Input-Value Formats for Strings in CLI Commands (continued)

TAG # VALUES LEGAL VALUES

e-mail 1-64 alphanumeric or .@_-

encryption key 16-64

8-32

file name 0-31 alphanumeric or _-

filter extension 1-256 alphanumeric, spaces, or '()+,/:=?;!*#@$_%.-

fqdn Used in ip dns server

1-253 alphanumeric or .-

Used in ip, time server, device HA, certificates, and interface ping check

1-255 alphanumeric or .-

full file name 0-256 alphanumeric or _/.-

hostname Used in hostname command

1-64 alphanumeric or .-_

Used in other commands

1-253 alphanumeric or .-

import configuration file

import shell script 1-

initial string 1-64 alphanumeric, spaces, or '()+,/:=!*#@$_%-.&

key length -- 512, 768, 1024, 1536, 2048

license key 25 “S-” + 6 upper-case letters or numbers + “-” + 16

mac address -- aa:bb:cc:dd:ee:ff (hexadecimal)

mail server fqdn lower-case letters, numbers, or -.

name 1-31 alphanumeric or _-

notification message 1-81 alphanumeric, spaces, or '()+,/:=?;!*#@$_%-

password: less than 15 chars

password: less than 8 chars

126+”.conf”

26+”.zysh”

1-15 alphanumeric or `~!@#$%^&*()_\-+={}|\;:'<,>./

1-8 alphanumeric or ;/?:@&=+$\.-_!~*'()%,#$

“0x” or “0X” + 16-64 hexadecimal values alphanumeric or ;\|`~!@#$%^&*()_+\\{}':,./<>=-

first character: alphanumeric or -

alphanumeric or ;`~!@#$%^&()_+[]{}',.=add “.conf” at the end

alphanumeric or ;`~!@#$%^&()_+[]{}',.=add “.zysh” at the end

upper-case letters or numbers

NXC CLI Reference Guide

Chapter 1 Command Line Interface

Table 4 Input-Value Formats for Strings in CLI Commands (continued)

TAG # VALUES LEGAL VALUES

password Used in user and ip

1-63 alphanumeric or `~!@#$%^&*()_-+={}|\;:'<,>./

Used in e-mail log profile SMTP authentication

1-63 alphanumeric or `~!@#$%^&*()_-+={}|\;:'<>./

Used in device HA synchronization

1-63 alphanumeric or ~#%^*_-={}:,.

Used in registration

6-20 alphanumeric or .@_-

phone number 1-20 numbers or ,+

preshared key 16-64 “0x” or “0X” + 16-64 hexadecimal values

alphanumeric or ;|`~!@#$%^&*()_+\{}':,./<>=-

profile name 1-31 alphanumeric or _-

first character: letters or _-

proto name 1-16 lower-case letters, numbers, or -

protocol name 1-31 alphanumeric or _-

first character: letters or _-

quoted string less than 255 chars

quoted string less than 63 chars

quoted string 0+ alphanumeric, spaces, or punctuation marks

realm 1-253 alphanumeric or -_

service name 0-63 alphanumeric or -_@$./

spi 2-8 hexadecimal

string less than 15 chars

string: less than 63 chars

string 1+ alphanumeric or -_@

subject 1-61 alphanumeric, spaces, or '()+,./:=?;!*#@$_%-

system type 0-2 hexadecimal

timezone [-+]hh -- -12 through +12 (with or without “+”)

url 1-511 alphanumeric or '()+,/:.=?;!*#@$_%-

url “http://”+

user name 1-31 alphanumeric or _-

1-255 alphanumeric, spaces, or ;/?:@&=+$\.-_!~*'()%,

1-63 alphanumeric, spaces, or ;/?:@&=+$\.-_!~*'()%

enclosed in double quotation marks (“) must put a backslash (\) before double quotation marks that are part of input value itself

first character: alphanumeric or -_ used in domain authentication

1-15 alphanumeric or -_

1-63 alphanumeric or `~!@#$%^&*()_-+={}|\;:'<,>./

alphanumeric or ;/?:@&=+$\.-_!~*'()%,

“https://”+

starts with “http://” or “https://” may contain one pound sign (#)

first character: letters or _-

NXC CLI Reference Guide

Chapter 1 Command Line Interface

Table 4 Input-Value Formats for Strings in CLI Commands (continued)

TAG # VALUES LEGAL VALUES

username 1-31 alphanumeric or _-

first character: alphanumeric or _domain authorization

username 6-20 alphanumeric or .@_-

registration

user name 1+ alphanumeric or -_.

logging commands

user@domainname 1-80 alphanumeric or .@_-

vrrp group name: less than 15 chars

week-day sequence, i.e. 1=first,2=second

xauth method 1-31 alphanumeric or _-

xauth password 1-31 alphanumeric or ;|`~!@#$%^&*()_+\{}':,./<>=-

mac address 0-12 (even

1-15 alphanumeric or _-

11-4

hexadecimal

number)

for example: xx-xx-xx-xx-xx-xx

1.8 Saving Configuration Changes

Use the write command to save the current configuration to the NXC.

 Always save the changes before you log out after each management session.

All unsaved changes will be lost after the system restarts.

1.9 Logging Out

Enter the exit or end command in configure mode to go to privilege mode. Enter the

exit command in user mode or privilege mode to log out of the CLI.

NXC CLI Reference Guide

Chapter 1 Command Line Interface

NXC CLI Reference Guide

CHAPTER 2

User and Privilege Modes

This chapter describes how to use these two modes.

2.1 User And Privilege Modes

This is the mode you are in when you first log into the CLI. (Do not confuse ‘user mode’ with types of user accounts the NXC uses. See Chapter 22 on page 143 for more information about the user types. ‘User’ type accounts can only run ‘exit’ in this mode. However, they may need to log into the device in order to be authenticated for ‘user-aware’ policies, for example a firewall rule that a particular user is exempt from.)

Type ‘enable’ to go to ‘privilege mode’. No password is required. All commands can be run from here except those marked with an asterisk. Many of these commands are for troubleshooting purposes, for example the htm (hardware test module) and debug commands. Customer support may ask you to run some of these commands and send the results if you need assistance troubleshooting your device.

For admin logins, all commands are visible in ‘user mode’ but not all can be run there. The following table displays which commands can be run in ‘user mode’. All commands can be run in ‘privilege mode’.

 The htm and psm commands are for ZyXEL’s internal manufacturing process.

Table 5 User (U) and Privilege (P) Mode Commands

COMMAND MODE DESCRIPTION

apply P Applies a configuration file. atse U/P Displays the seed code clear U/P Clears system or debug logs or DHCP binding. configure U/P Use ‘configure terminal’ to enter configuration mode. copy P Copies configuration files. debug (*) U/P For support personnel only! The device needs to have the debug flag enabled. delete P Deletes configuration files. details P Performs diagnostic commands. diag P Provided for support personnel to collect internal system information. It is not

recommended that you use these.

NXC CLI Reference Guide

Chapter 2 User and Privilege Modes

Table 5 User (U) and Privilege (P) Mode Commands (continued)

COMMAND MODE DESCRIPTION

diag-info P Has the NXC create a new diagnostic file. dir P Lists files in a directory. disable U/P Goes from privilege mode to user mode enable U/P Goes from user mode to privilege mode exit U/P Goes to a previous mode or logs out. htm U/P Goes to htm (hardware test module) mode for testing hardware components. You

may need to use the htm commands if your customer support Engineer asks you to during troubleshooting.

Note: These commands are for ZyXEL’s internal manufacturing

process.

interface U/P Dials or disconnects an interface. no packet-trace U/P Turns of packet tracing. nslookup U/P Resolves an IP add ress to a host name and vice -versa. packet-trace U/P Performs a packet trace. ping U/P Pings an IP address or host name. psm U/P Goes to psm (product support module) mode for setting product parameters. You

may need to use the htm commands if your customer support Engineer asks you to during troubleshooting.

Note: These commands are for ZyXEL’s internal manufacturing

process.

reboot P Restarts the device. release P Releases DHCP information from an interface. rename P Renames a configuration file. renew P Renews DHCP information for an interface. run P Runs a script. setenv U/P Turns stop-on-error on (terminates booting if an error is found in a configuration

file) or off (ignores configuration file errors and continues booting).

show U/P Displays command statistics. See the associated command chapter in this guide. shutdown P Writes all d data to disk and stops the system processes. It does not turn off the

power.

telnet U/P Establishes a connection to the TCP port number 23 of the specified host name or

IP address.

test aaa U/P Tests whether the specified user name can be successfully authenticated by an

traceroute P Traces the route to the specified host name or IP address. write P Saves the current configuration to the NXC. All unsaved changes are lost after the

external authentication server.

NXC restarts.

Subsequent chapters in this guide describe the configuration commands. User/privilege mode commands that are also configuration commands (for example, ‘show’) are described in more detail in the related configuration command chapter.

NXC CLI Reference Guide

Chapter 2 User and Privilege Modes

2.1.1 Debug Commands

Debug commands marked with an asterisk (*) are not available when the debug flag is on and are for ZyXEL service personnel use only. The debug commands follow a syntax that is Linux-based, so if there is a Linux equivalent, it is displayed in this chapter for your reference. You must know a command listed here well before you use it. Otherwise, it may cause undesired results.

Table 6 Debug Commands

COMMAND SYNTAX DESCRIPTION LINUX COMMAND EQUIVALENT

debug alg FTP/SIP ALG debug commands debug app Application patrol debug command

debug app show l7protocol (*)

debug ca (*) Certificate debug commands debug force-auth (*) Authentication policy debug commands debug gui (*) Web Configurator related debug

debug hardware (*) Hardware debug commands debug interface Interface debug commands

debug interface ifconfig [interface]

debug ip dns DNS debug commands debug ip virtual-server Virtual Server (NAT) debug commands. debug logging System logging debug commands debug manufacture Manufacturing related debug

debug network arpignore (*) Enable/Display the ignoring of ARP

debug no registration server (*)

debug policy-route (*) Policy route debug command debug service-register Service registration debug command debug show ipset Lists the NXC‘s received cards

debug show registrationserver status

debug update server (*) Update server debug command

Shows app patrol protocol list > cat /etc/l7_protocols/

protocol.list

commands

Shows system interfaces detail > ifconfig [interface]

commands

responses for interfaces which don't own the IP address

Set the myZyXEL.com registration/ update server to the official site

myZyXEL.com debug commands

ZLD internal debug commands

cat /proc/sys/net/ipv4/ conf/*/arp_ignore

NXC CLI Reference Guide

Chapter 2 User and Privilege Modes

NXC CLI Reference Guide

CHAPTER 3

Object Reference

This chapter describes how to use object reference commands.

3.1 Object Reference Commands

The object reference commands are used to see which configuration settings reference a specific object. You can use this table when you want to delete an object because you have to remove references to the object first.

Table 7 show reference Commands

COMMAND DESCRIPTION

show reference object username [username]

show reference object address [profile]

show reference object service [profile]

show reference object schedule [profile]

show reference object aaa authentication [default | auth_method]

show reference object ca category {local|remote} [cert_name]

show reference object zone [profile]

show reference object-group username [username]

show reference object-group address [profile]

show reference object-group service [profile]

show reference object-group interface [profile]

show reference object-group aaa ad [group_name]

show reference object-group aaa ldap [group_name]

Displays which configuration settings reference the specified user object.

Displays which configuration settings reference the specified address object.

Displays which configuration settings reference the specified service object.

Displays which configuration settings reference the specified schedule object.

Displays which configuration settings reference the specified AAA authentication object.

Displays which configuration settings reference the specified authentication method object.

Displays which configuration settings reference the specified zone object.

Displays which configuration settings reference the specified user group object.

Displays which configuration settings reference the specified address group object.

Displays which configuration settings reference the specified service group object.

Displays which configuration settings reference the specified trunk object.

Displays which configuration settings reference the specified AAA AD group object.

Displays which configuration settings reference the specified AAA LDAP group object.

NXC CLI Reference Guide

Chapter 3 Object Reference

Table 7 show reference Commands (continued)

COMMAND DESCRIPTION

show reference object-group aaa radius [group_name]

show reference object [wlan- radio-profile]

show reference object [wlan- monitor-profile]

show reference object [wlan- ssid-profile]

show reference object [wlan- security-profile]

show reference object [wlan- macfilter-profile]

Displays which configuration settings reference the specified AAA RADIUS group object.

Displays the specified radio profile object.

Displays the specified monitor profile object.

Displays the specified SSID profile object.

Displays the specified security profile object.

Displays the specified macfilter profile object.

3.1.1 Object Reference Command Example

This example shows how to check which configuration is using an address object named LAN1_SUBNET. For the command output, firewall rule 3 named LAN1-to-NXC is using the address object.

Router(config)# show reference object address LAN1_SUBNET

LAN1_SUBNET References: Category Rule Priority Rule Name Description =========================================================================== Firewall 3 N/A LAN1-to-NXC Router(config)#

NXC CLI Reference Guide

CHAPTER 4

Status

This chapter explains some commands you can use to display information about the NXC’s current operational state.

4.1 Status Show Commands

The following table describes the commands available for NXC system status.

Table 8 Status Show Commands

COMMAND DESCRIPTION

show boot status Displays details about the NXC’s startup state. show comport status Displays whether the console and auxiliary ports are on or off. show cpu status Displays the CPU utilization. show disk Displays the disk utilization. show extension-slot Displays the status of the extension card slot and the USB ports and the names of

show fan-speed Displays the current fan speed. show led status Displays the status of each LED on the NXC. show mac Displays the NXC’s MAC address. show mem status Displays what percentage of the NXC’s memory is currently being used. show ram-size Displays the size of the NXC’s on-board RAM. show serial-number Displays the serial number of this NXC. show socket listen Displays the NXC’s listening ports. show socket open Displays the ports that are open on the NXC. show system uptime Displays how long the NXC has been running since it last restarted or was turned

show version Displays the NXC’s model, firmware and build information.

any connected devices.

on.

NXC CLI Reference Guide

Chapter 4 Status

Here are examples of the commands that display the CPU and disk utilization.

Router(config)# show cpu status CPU utilization: 0 % CPU utilization for 1 min: 0 % CPU utilization for 5 min: 0 % Router(config)# show disk ; <cr> | Router(config)# show disk No. Disk Size(MB) Usage =========================================================================== 1 image 67 83% 2 onboard flash 163 15%

Here are examples of the commands that display the fan speed, MAC address, memory usage, RAM size, and serial number.

Router(config)# show fan-speed FAN1(F00)(rpm): limit(hi)=6500, limit(lo)=1400, max=6650, min=6642, avg=6644 FAN2(F01)(rpm): limit(hi)=6500, limit(lo)=1400, max=6809, min=6783, avg=6795 FAN3(F02)(rpm): limit(hi)=6500, limit(lo)=1400, max=6683, min=6666, avg=6674 FAN4(F03)(rpm): limit(hi)=6500, limit(lo)=1400, max=6633, min=6617, avg=6627 Router(config)# show mac MAC address: 28:61:32:89:37:61-28:61:32:89:37:67 Router(config)# show mem status memory usage: 39% Router(config)# show ram-size ram size: 1024MB Router(config)# show serial-number serial number: S132L06160030

Here is an example of the command that displays the listening ports.

Router(config)# show socket listen No. Proto Local_Address Foreign_Address State =========================================================================== 1 tcp 0.0.0.0:2601 0.0.0.0:0 LISTEN 2 tcp 0.0.0.0:2602 0.0.0.0:0 LISTEN 3 tcp 127.0.0.1:10443 0.0.0.0:0 LISTEN 4 tcp 0.0.0.0:2604 0.0.0.0:0 LISTEN 5 tcp 0.0.0.0:80 0.0.0.0:0 LISTEN 6 tcp 127.0.0.1:8085 0.0.0.0:0 LISTEN 7 tcp 1.1.1.1:53 0.0.0.0:0 LISTEN 8 tcp 172.16.13.205:53 0.0.0.0:0 LISTEN 9 tcp 10.0.0.8:53 0.0.0.0:0 LISTEN 10 tcp 172.16.13.240:53 0.0.0.0:0 LISTEN 11 tcp 192.168.1.1:53 0.0.0.0:0 LISTEN 12 tcp 127.0.0.1:53 0.0.0.0:0 LISTEN 13 tcp 0.0.0.0:21 0.0.0.0:0 LISTEN 14 tcp 0.0.0.0:22 0.0.0.0:0 LISTEN 15 tcp 127.0.0.1:953 0.0.0.0:0 LISTEN 16 tcp 0.0.0.0:443 0.0.0.0:0 LISTEN 17 tcp 127.0.0.1:1723 0.0.0.0:0 LISTEN

NXC CLI Reference Guide

Chapter 4 Status

Here is an example of the command that displays the open ports.

Router(config)# show socket open No. Proto Local_Address Foreign_Address State =========================================================================== 1 tcp 172.16.13.240:22 172.16.13.10:1179 ESTABLISHED 2 udp 127.0.0.1:64002 0.0.0.0:0 3 udp 0.0.0.0:520 0.0.0.0:0 4 udp 0.0.0.0:138 0.0.0.0:0 5 udp 0.0.0.0:138 0.0.0.0:0 6 udp 0.0.0.0:138 0.0.0.0:0 7 udp 0.0.0.0:138 0.0.0.0:0 8 udp 0.0.0.0:138 0.0.0.0:0 9 udp 0.0.0.0:138 0.0.0.0:0 10 udp 0.0.0.0:138 0.0.0.0:0 11 udp 0.0.0.0:32779 0.0.0.0:0 12 udp 192.168.1.1:4500 0.0.0.0:0 13 udp 1.1.1.1:4500 0.0.0.0:0 14 udp 10.0.0.8:4500 0.0.0.0:0 15 udp 172.16.13.205:4500 0.0.0.0:0 16 udp 172.16.13.240:4500 0.0.0.0:0 17 udp 127.0.0.1:4500 0.0.0.0:0 18 udp 127.0.0.1:63000 0.0.0.0:0 19 udp 127.0.0.1:63001 0.0.0.0:0 20 udp 127.0.0.1:63002 0.0.0.0:0 21 udp 0.0.0.0:161 0.0.0.0:0 22 udp 127.0.0.1:63009 0.0.0.0:0 23 udp 192.168.1.1:1701 0.0.0.0:0 24 udp 1.1.1.1:1701 0.0.0.0:0 25 udp 10.0.0.8:1701 0.0.0.0:0 26 udp 172.16.13.205:1701 0.0.0.0:0 27 udp 172.16.13.240:1701 0.0.0.0:0 28 udp 127.0.0.1:1701 0.0.0.0:0 29 udp 127.0.0.1:63024 0.0.0.0:0 30 udp 127.0.0.1:30000 0.0.0.0:0 31 udp 1.1.1.1:53 0.0.0.0:0 32 udp 172.16.13.205:53 0.0.0.0:0 33 udp 10.0.0.8:53 0.0.0.0:0 34 udp 172.16.13.240:53 0.0.0.0:0 35 udp 192.168.1.1:53 0.0.0.0:0 36 udp 127.0.0.1:53 0.0.0.0:0 37 udp 0.0.0.0:67 0.0.0.0:0 38 udp 127.0.0.1:63046 0.0.0.0:0 39 udp 127.0.0.1:65097 0.0.0.0:0 40 udp 0.0.0.0:65098 0.0.0.0:0 41 udp 192.168.1.1:500 0.0.0.0:0 42 udp 1.1.1.1:500 0.0.0.0:0 43 udp 10.0.0.8:500 0.0.0.0:0 44 udp 172.16.13.205:500 0.0.0.0:0 45 udp 172.16.13.240:500 0.0.0.0:0 46 udp 127.0.0.1:500 0.0.0.0:0

NXC CLI Reference Guide

Chapter 4 Status

Here are examples of the commands that display the system uptime and model, firmware, and build information.

Router> show system uptime system uptime: 04:18:00 Router> show version ZyXEL Communications Corp. model : NXC5200 firmware version: 2.20(AQQ.0)b3 BM version : 1.08 build date : 2009-11-21 01:18:06

This example shows the current LED states on the NXC. The SYS LED lights on and green.

Router> show led status sys: green Router>

NXC CLI Reference Guide

CHAPTER 5

Registration

This chapter introduces myzyxel.com and shows you how to register the NXC for IDP/ AppPatrol and anti-virus using commands.

5.1 myZyXEL.com overview

myZyXEL.com is ZyXEL’s online services center where you can register your NXC and manage subscription services available for the NXC.

 You need to create an account before you can register your device and

activate the services at myZyXEL.com.

You can directly create a myZyXEL.com account, register your NXC and activate a service using the Licensing > Registration screens. Alternatively, go to http://www.myZyXEL.com with the NXC’s serial number and LAN MAC address to register it. Refer to the web site’s online help for details.

 To activate a service on a NXC, you need to access myZyXEL.com via that

NXC.

5.1.1 Subscription Services Available on the NXC

Maximum Number of Managed APs

The NXC2500 is initially configured to support up to 8 managed APs (such as the NWA5123NI). You can increase this by subscribing to additional licenses. As of this writing, each license upgrade allows an additional 8 managed APs while the maximum number of APs a single NXC2500 can support is 24.

The NXC5200 is initially configured to support up to 48 managed APs (such as the NWA5160N). You can increase this by subscribing to additional licenses. As of this writing, each license upgrade allows an additional 48 managed APs while the maximum number of APs a single NXC5200 can support is 240.

NXC CLI Reference Guide

Chapter 5 Registration

 To use a subscription service, you have to register the NXC and activate the

corresponding service at myZyXEL.com (through the NXC).

5.2 Registration Commands

The following table identifies the values required for many of these commands. Other input values are discussed with the corresponding commands.

Table 9 Input Values for General Registration Commands

LABEL DESCRIPTION

user_name The user name of your myZyXEL.com account. You may use six to 20

password The password for the myZyXEL.com account. You may use six to 20

The following table describes the commands available for registration. You must use the

configure terminal command to enter the configuration mode before you can use these

commands.

alphanumeric characters (and the underscore). Spaces are not allowed.

Table 10 Command Summary: Registration

COMMAND DESCRIPTION

device-register checkuser user_name Checks if the user name exists in the

myZyXEL.com database.

device-register username user_name password password [e-mail user@domainname country-code country_code] [reseller-name reseller_name][reseller-mail user@domainname] [reseller-phone reseller_phonenumber][vat vat_number]

service-register checkexpire Gets information of all service subscriptions from

service-register service-type standard licensekey key_value

show device-register status Displays whether the device is registered and

show service-register status {all|maps} Displays service license information.

Registers the device with an existing account or creates a new account and registers the device at one time.

country_code: see Table 11 on pag e 43 vat_number: your seller’s Value-Added Tax

number, if you bought your NXC from Europe.

myZyXEL.com and updates the status table. Activates a standard service subscription with the

license key.

account information.

5.2.1 Command Examples

The following commands allow you to register your device with an existing account or create a new account and register the device at one time, and activate a trial service subscription.

Router# configure terminal Router(config)# device-register username alexctsui password 123456 Router(config)# service-register service-type trial service idp

NXC CLI Reference Guide

Chapter 5 Registration

The following command displays the account information and whether the device is registered.

Router# configure terminal Router(config)# show device-register status username : alexctsui password : 123456 device register status : yes expiration self check : no

The following command displays the service registration status and type and how many days remain before the service expires.

Router# configure terminal Router(config)# show service-register status all Service Status Type Count Expiration =========================================================================== IDP Signature Licensed Standard N/A 698 Anti-Virus Licensed Standard N/A 698 MAPS Licensed Standard 240 N/A

5.3 Country Code

The following table displays the number for each country.

Table 11 Country Codes

COUNTRY CODE COUNTRY NAME COUNTRY CODE COUNTRY NAME

001 Afghanistan 002 Albania 003 Algeria 004 American Samoa 005 Andorra 006 Angola 007 Anguilla 008 Antarctica 009 Antigua & Barbuda 010 Argentina 011 Armenia 012 Aruba 013 Ascension Island 014 Australia 015 Austria 016 Azerbaijan 017 Bahamas 018 Bahrain 019 Bangladesh 020 Barbados 021 Belarus 022 Belgium 023 Belize 024 Benin 025 Bermuda 026 Bhutan 027 Bolivia 028 Bosnia and Herzegovina 029 Botswana 030 Bouvet Island 031 Brazil 032 British Indian Ocean Territory 033 Brunei Darussalam 034 Bulgaria

NXC CLI Reference Guide

Chapter 5 Registration

Table 11 Country Codes (continued)

COUNTRY CODE COUNTRY NAME COUNTRY CODE COUNTRY NAME

035 Burkina Faso 036 Burundi 037 Cambodia 038 Cameroon 039 Canada 040 Cape Verde 041 Cayman Islands 042 Central African Republic 043 Chad 044 Chile 045 China 046 Christmas Island 047 Cocos (Keeling) Islands 048 Colombia 049 Comoros 050 Congo, Democratic Republic of the 051 Congo, Republic of 052 Cook Islands 053 Costa Rica 054 Cote d'Ivoire 055 Croatia/Hrvatska 056 Cyprus 057 Czech Republic 058 Denmark 059 Djibouti 060 Dominica 061 Dominican Republic 062 East Timor 063 Ecuador 064 Egypt 065 El Salvador 066 Equatorial Guinea 067 Eritrea 068 Estonia 069 Ethiopia 070 Falkland Islands (Malvina) 071 Faroe Islands 072 Fiji 073 Finland 074 France 075 France (Metropolitan) 076 French Guiana 077 French Polynesia 078 French Southern Territories 079 Gabon 080 Gambia 081 Georgia 082 Germany 083 Ghana 084 Gibraltar 085 Great Britain 086 Greece 087 Greenland 088 Grenada 089 Guadeloupe 090 Guam 091 Guatemala 092 Guernsey 093 Guinea 094 Guinea-Bissau 095 Guyana 096 Haiti 097 Heard and McDonald Islands 098 Holy See (City Vatican State) 099 Honduras 100 Hong Kong 101 Hungary 102 Iceland 103 India 104 Indonesia 105 Ireland 106 I sle of Man 107 Italy 108 Jamaica 109 Japan 110 Jersey

NXC CLI Reference Guide

Chapter 5 Registration

Table 11 Country Codes (continued)

COUNTRY CODE COUNTRY NAME COUNTRY CODE COUNTRY NAME

111 Jordan 112 Kazakhstan 113 Kenya 114 Kiribati 115 Korea, Republic of 116 Kuwait 117 Kyrgyzstan 118 Lao People’s Democratic Republic 119 Latvia 120 Lebanon 121 Lesotho 122 Liberia 123 Liechtenstein 124 Lithuania 125 Luxembourg 126 Macau 127 Macedonia, Former Yugoslav

Republic 129 Malawi 130 Malaysia 131 Maldives 132 Mali 133 Malta 13 4 Marshall Islands 135 Martinique 136 Mauritania 137 Mauritius 138 Mayotte 139 Mexico 140 Micronesia, Federal State of 141 Moldova, Republic of 142 Monaco 143 Mongolia 144 Montserrat 145 Morocco 146 Mozambique 147 Namibia 148 Nauru 149 Nepal 150 Netherlands 151 Netherlands Antilles 152 New Caledonia 153 New Zealand 154 Nicaragua 155 Niger 156 Nigeria 157 Niue 158 Norfolk Island 159 Northern Mariana Islands 160 Norway 161 Not Determined 162 Oman 163 Pakistan 164 Palau 165 Panama 166 Papua New Guinea 167 Paraguay 168 Peru 169 Philippines 170 Pitcairn Island 171 Poland 172 Portugal 173 Puerto Rico 174 Qatar 175 Reunion Island 176 Romania 177 Russian Federation 178 Rwanda 179 Saint Kitts and Nevis 180 Saint Lucia 181 Saint Vincent and the Grenadines 182 San Marino 183 Sao Tome an d Principe 184 Saudi Arabia 185 Senegal 186 Seychelles

128 Madagascar

NXC CLI Reference Guide

Chapter 5 Registration

Table 11 Country Codes (continued)

COUNTRY CODE COUNTRY NAME COUNTRY CODE COUNTRY NAME

187 Sierra Leone 188 Singapore 189 Slovak Republic 190 Slovenia 191 Solomon Islands 192 Somalia 193 South Africa 194 South Georgia and the South

Sandwich Islands 185 Spain 196 Sri Lanka 197 St Pierre and Miquelon 198 St. Helena 199 Suriname 200 Svalbard and Jan Mayen Islands 201 Swaziland 202 Sweden 203 Switzerland 204 Taiwan 205 Tajikistan 206 Tanzania 207 Thailand 208 Togo 209 Tokelau 210 Tonga 211 Trinidad and Tobago 212 Tunisia 213 Turkey 214 Turkmenistan 215 Turks and Caicos Islands 216 Tuvalu 217 US Minor Outlying Islands 218 Uganda 219 Ukraine 220 United Arab Emirates 221 United Kingdom 222 United States 223 Uruguay 224 Uzbekistan 225 Vanuatu 226 Venezuela 227 Vietnam 228 Virgin Islands (British) 229 Virgin Islands (USA) 230 Wallis And Futuna Islands 231 Western Sahara 232 Western Samoa 233 Yemen 234 Yugoslavia 235 Zambia 236 Zimbabwe

NXC CLI Reference Guide

CHAPTER 6

Interfaces

This chapter shows you how to use interface-related commands.

6.1 Interface Overview

In general, an interface has the following characteristics.

• An interface is a logical entity through which (layer-3) packets pass.

• An interface is bound to a physical port or another interface.

• Many interfaces can share the same physical port.

• An interface is bound to one zone at most.

• Many interface can belong to the same zone.

• Layer-3 virtualization (IP alias, for example) is a kind of interface.

Some characteristics do not apply to some types of interfaces.

6.1.1 Types of Interfaces

You can create several types of interfaces in the NXC:

• Ethernet interfaces are the foundation for defining other interfaces and network policies.

RIP and OSPF are also configured in these interfaces.

• VLAN interfaces receive and send tagged frames. The NXC automatically adds or

removes the tags as needed.

6.2 Interface General Commands Summary

The following table identifies the values required for many of these commands. Other input values are discussed with the corresponding commands.

Table 12 Input Values for General Interface Commands

LABEL DESCRIPTION

interface_name The name of the interface.

Ethernet interface: gex, x = 1 - N, where N equals the highest numbered Ethernet interface for your NXC model.

VLAN interface: vlanx, x = 0 - 4094

NXC CLI Reference Guide

Chapter 6 Interfaces

Table 12 Input Values for General Interface Commands (continued)

LABEL DESCRIPTION

profile_name The name of the DHCP pool. You may use 1-31 alphanumeric characters,

underscores( value is case-sensitive.

domain_name Fully-qualified domain name. You may up to 254 alphanumeric characters,

dashes (-), or periods (.), but the first character cannot be a period.

_), or dashes (-), but the first character cannot be a number. This

The following sections introduce commands that are supported by several types of interfaces.

6.2.1 Basic Interface Properties and IP Address Commands

This table lists basic properties and IP address commands.

Table 13 interface General Commands: Basic Properties and IP Address Assignment

COMMAND DESCRIPTION

show interface {ethernet | vlan} status Displays the connection status of the specified type

of interfaces.

show interface {interface_name | ethernet | vlan | all}

show interface send statistics interval Displays the interval for how often the NXC

show interface summary all Displays basic information about the interfaces. show interface summary all status Displays the connection status of the interfaces. [no] interface interface_name Creates the specified interface if necessary and

[no] description description Specifies the description for the specified interface.

[no] downstream <0..1048576> This is reserved for future use.

exit Leaves the sub-command mode. [no] ip address dhcp Makes the specified interface a DHCP client; the

[no] ip address ip subnet_mask Assigns the specified IP address and subnet mask

[no] ip gateway ip Adds the specified gateway using the specified

ip gateway ip metric <0..15> Sets the priority (relative to every gateway on every

Displays information about the specified interface, specified type of interfaces, or all interfaces.

refreshes the sent packet statistics for the interfaces.

enters sub-command mode. The deletes the specified interface.

The no command clears the description. description: You can use alphanumeric and

no command

()+/:=?!*#@$_%- characters, and it can be up

to 60 characters long.

Specifies the downstream bandwidth for the specified interface. The downstream bandwidth to 1048576.

DHCP server gives the specified interface its IP address, subnet mask, and gateway. The command makes the IP address static IP address for the specified interface. (See the next command to set this IP address.)

to the specified interface. The the IP address and the subnet mask.

interface. The

interface) for the specified gateway. The lower the number, the higher the priority.

no command removes the gateway.

no command sets the

no command clears

NXC CLI Reference Guide

Chapter 6 Interfaces

Table 13 interface General Commands: Basic Properties and IP Address Assignment (continued)

COMMAND DESCRIPTION

ipv6 dhcp6 [client] Sets the IPv6 interface to be a DHCPv6 client. [no] ipv6 dhcp6 rapid-commit Shortens the DHCPv6 message exchange process

[no] ipv6 dhcp6 address-request Get this interface’s IPv6 address from the DHCPv6

[no] ipv6 dhcp6-request-object

dhcp6_profile

[no] ipv6 nd ra accept Sets the IPv6 interface to accept IPv6 neighbor

[no] mss <536..1460> Specifies the maximum segment size (MSS) the

[no] mtu <576..1500> Specifies the Maximum Transmission Unit, which is

[no] shutdown Deactivates the specified interface. The

traffic-prioritize {tcp-ack|dns} bandwidth <0..1048576> priority <1..7> [maximizebandwidth-usage]

traffic-prioritize {tcp-ack|dns} deactivate

[no] upstream <0..1048576> Specifies the upstream bandwidth for the specified

interface send statistics interval <15..3600> Sets how often the NXC sends interface statistics

from four to two steps to help reduce network traffic. The no command sets the full four-step DHCPv6 message exchange process.

server. The no command has the NXC not get this interface’s IPv6 address from the DHCPv6 server.

For a DHCPv6 client interface, specify the profile of DHCPv6 request settings that determine what additional information to get from the DHCPv6 server. The no command removes the DHCPv6 request settings profile.

discovery router advertisement messages. The no command sets the IPv6 interface to discard IPv6 neighbor discovery router advertisement messages.

interface is to use. MSS is the largest amount of data, specified in bytes, that the interface can handle in a single, unfragmented piece. The command has the interface use its default MSS.

the maximum number of bytes in each packet moving through this interface. The NXC divides larger packets into smaller fragments. The command resets the MTU to 1500.

command activates it. Applies traffic priority when the interface sends

TCP-ACK traffic, or traffic for resolving domain names. It also sets how much bandwidth the traffic can use and can turn on maximize bandwidth usage.

Turns off traffic priority settings for when the interface sends the specified type of traffic.

interface. The bandwidth to 1048576.

to external servers. For example, a syslog server.

no command sets the upstream

NXC CLI Reference Guide

Chapter 6 Interfaces

Table 13 interface General Commands: Basic Properties and IP Address Assignment (continued)

COMMAND DESCRIPTION

interface-name ethernet_interface user_defined_name

[no] ipv6 activate Sets the NXC to support IPv6. The

show interface-name Displays all Ethernet interface system name and

show ipv6 interface {interface_name | all} Displays information about the specified IPv6

show ipv6 nd ra status config_interface Displays the specified IPv6 interface’s IPv6 router

show ipv6 static address interface Displays the static IPv6 addresses configured on

show ipv6 status Displays whether IPv6 support is enabled or

Specifies a name for an Ethernet interface. It can use alphanumeric characters, hyphens, and underscores, and it can be up to 11 characters long.

ethernet_interface: This must be the system name of an Ethernet interface. Use the show interface-name command to see the system name of interfaces.

user_defined_name:

• This name cannot be one of the follows: "ethernet", "ppp", "vlan", "bridge", "virtual",

"wlan", "cellular", "aux", "tunnel", "status", "summary", "all"

• This name cannot begin with one of the follows either: "ge", "ppp", "vlan", "wlan-", "br", "cellular", "aux", "tunnel".

no command

disables IPv6 support and The NXC discards all IPv6 packets.

user-defined name mappings.

interface or all IPv6 interfaces.

advertisement configuration.

the specified IPv6 interface.

disabled.

6.2.1.1 Basic Interface Properties Command Examples

The following commands make Ethernet interface ge1 a DHCP client.

Router# configure terminal Router(config)# interface ge1 Router(config-if)# ip address dhcp Router(config-if)# exit

NXC CLI Reference Guide

Chapter 6 Interfaces

This example shows how to modify the name of interface ge4 to “VIP”. First you have to check the interface system name (ge4 in this example) on the NXC. Then change the name and display the result.

Router> show interface-name No. System Name User Defined Name =========================================================================== 1 ge1 ge1 2 ge2 ge2 3 ge3 ge3 4 ge4 ge4 5 ge5 ge5 Router> configure terminal Router(config)# interface-name ge4 VIP Router(config)# show interface-name No. System Name User Defined Name =========================================================================== 1 ge1 ge1 2 ge2 ge2 3 ge3 ge3 4 ge4 VIP 5 ge5 ge5 Router(config)#

This example shows how to restart an interface. You can check all interface names on the NXC. Then use either the system name or user-defined name of an interface (ge4 or Customer in this example) to restart it.

NXC CLI Reference Guide

Chapter 6 Interfaces

6.2.2 DHCP Setting Commands

This table lists DHCP setting commands. DHCP is based on DHCP pools. Create a DHCP pool if you want to assign a static IP address to a MAC address or if you want to specify the starting IP address and pool size of a range of IP addresses that can be assigned to DHCP clients. There are different commands for each configuration. Afterwards, in either case, you have to bind the DHCP pool to the interface.

Table 14 interface Commands: DHCP Settings

COMMAND DESCRIPTION

show ip dhcp dhcp-options Shows the DHCP extended option settings. show ip dhcp pool [profile_name] Shows information about the specified DHCP poo l

ip dhcp pool rename profile_name profile_name Renames the specified DHCP pool from the first

[no] ip dhcp pool profile_name Creates a DHCP pool if necessary and enters sub-

show Shows information about the specified DHCP pool.

[no] host ip Specifies the static IP address the NXC should

or about all DHCP pools.

profile_name to the second profile_name.

command mode. You can use the DHCP pool to create a static entry or to set up a range of IP addresses to assign dynamically.

About the sub-command settings:

• If you use the this DHCP pool as a static DHCP entry.

• If you do not use the the network command, the NXC treats this DHCP pool as a pool of IP addresses.

• If you do not use the

host command, the NXC treats

host command and use

host command or the

network command, the DHCP pool is not

properly configured and cannot be bound to any interface.

The no command removes the specified DHCP pool.

Use the following commands if you want to create a static DHCP entry. If you do not use the command, the commands that are not in this section have no effect, but you can still set them.

assign. Use this command, along with

host

hardware-address, to create a static DHCP

entry.

Note: The IP address must be in the

same subnet as the interface to which you plan to bind the DHCP pool.

When this command is used, the NXC treats this DHCP pool like a static entry, regardless of the

network setting. The no command clears this

field.

[no] hardware-address mac_address Reserves the DHCP pool for the specified MAC

address. Use this command, along with host, to create a static DHCP entry. The clears this field.

NXC CLI Reference Guide

no command

Chapter 6 Interfaces

Table 14 interface Commands: DHCP Settings (continued)

COMMAND DESCRIPTION

[no] client-identifier mac_address Specifies the MAC address that appears in the

DHCP client list. The

[no] client-name host_name Specifies the host name that appears in the DHCP

client list. The host_name: You may use 1-31 alphanumeric

characters, underscores( first character cannot be a number. This value is case-sensitive.

Use the following commands if you want to create a pool of IP addresses. These commands have no effect if you use the host command. You can still set them, however.

dhcp-option <1..254> option_name {boolean <0..1>| uint8 <0..255> | uint16 <0..65535> | uint32 <0..4294967295> | ip ipv4 [ ipv4 [

no dhcp-option <1..254> Removes the DHCP extended option for the

network IP/<1..32> network ip mask no network

Adds or edits a DHCP extended option for the specified DHCP pool.

text: String of up to 250 characters hex: String of up to 250 hexadecimal pairs. vivc: Vendor-Identifying Vendor Class option. A

DHCP client may use this option to unambiguously identify the vendor that manufactured the hardware on which the client is running, the software in use, or an industry consortium to which the vendor belongs.

enterprise_id: Number <0..4294967295>. hex_s: String of up to 120 hexadecimal pairs. vivs: Vendor-Identifying Vendor-Specific option.

DHCP clients and servers may use this option to exchange vendor-specific information.

specified DHCP pool. Specifies the IP address and subnet mask of the

specified DHCP pool. The subnet mask can be written in w.x.y.z format or in /<1..32> format.

no command clears this field.

_), or dashes (-), but the

Note: The DHCP pool must have the

same subnet as the interface to which you plan to bind it.

The no command clears these fields.

[no] default-router ip Specifies the default gateway DHCP clients should

use. The

[no] description description Specifies a description for the DHCP pool for

identification. The description.

[no] domain-name domain_name Specifies the domain name assigned to DHCP

clients. The

NXC CLI Reference Guide

no command clears this field.

no command removes the

no command clears this field.

Chapter 6 Interfaces

Table 14 interface Commands: DHCP Settings (continued)

COMMAND DESCRIPTION

[no] starting-address ip pool-size <1..65535>

Sets the IP start address and maximum pool size of the specified DHCP pool. The final pool size is limited by the subnet mask.

Note: You must specify the network

number

first, and the start address

must be in the same subnet.

The no command clears the IP start address and maximum pool size.

[no] first-dns-server {ip | interface_name {1st-dns | 2nd-dns | 3rd-dns} | EnterpriseWLAN}

[no] second-dns-server {ip | interface_name {1st-dns | 2nd-dns | 3rddns} | EnterpriseWLAN}

[no] third-dns-server {ip | interface_name {1st-dns | 2nd-dns | 3rd-dns} | EnterpriseWLAN}

[no] first-wins-server ip Specifies the first WINS server IP address to

[no] second-wins-server ip Specifies the second WINS server IP address to

[no] lease {<0..365> [<0..23> [<0..59>]] | infinite}

interface interface_name Enters sub-command mode.

[no] ip dhcp-pool profile_name Binds the specified interface to the specified DHCP

[no] ip helper-address ip Creates the specified DHCP relay. You have to

release dhcp interface-name Releases the TCP/IP configuration of the specified

renew dhcp interface-name Renews the TCP/IP configuration of the specified

show ip dhcp binding [ip] Displays information about DHCP bindings for the

clear ip dhcp binding {ip | *} Removes the DHCP bindings for the specified IP

Sets the first DNS server to the specified IP address, the specified interface’s first, second, or third DNS server, or the NXC itself. The command resets the setting to its default value.

Sets the second DNS server to the specified IP address, the specified interface’s first, second, or third DNS server, or the NXC itself. The command resets the setting to its default value.

Sets the third DNS server to the specified IP address, the specified interface’s first, second, or third DNS server, or the NXC itself. The command resets the setting to its default value.

assign to the remote users. The no command removes the setting.

Sets the lease time to the specified number of days, hours, and minutes or makes the lease time infinite. The server setting to its default value.

pool. You have to remove any DHCP relays first. The

no command removes the binding.

remove the DHCP pool first, if the DHCP pool is bound to the specified interface. The removes the specified DHCP relay.

interface. The interface must be a DHCP client. This command is available in privilege mode, not configuration mode.

specified IP address or for all IP addresses.

address or for all IP addresses.

no command resets the first DNS

no command

NXC CLI Reference Guide

6.2.2.1 DHCP Setting Command Examples

The following example uses these commands to configure DHCP pool DHCP_TEST.

Router# configure terminal Router(config)# ip dhcp pool DHCP_TEST Router(config-ip-dhcp-pool)# network 192.168.1.0 /24 Router(config-ip-dhcp-pool)# domain-name zyxel.com Router(config-ip-dhcp-pool)# first-dns-server 10.1.5.1 Router(config-ip-dhcp-pool)# second-dns-server ge1 1st-dns Router(config-ip-dhcp-pool)# third-dns-server 10.1.5.2 Router(config-ip-dhcp-pool)# default-router 192.168.1.1 Router(config-ip-dhcp-pool)# lease 0 1 30 Router(config-ip-dhcp-pool)# starting-address 192.168.1.10 pool-size 30 Router(config-ip-dhcp-pool)# hardware-address 00:0F:20:74:B8:18 Router(config-ip-dhcp-pool)# client-identifier 00:0F:20:74:B8:18 Router(config-ip-dhcp-pool)# client-name TWtester1 Router(config-ip-dhcp-pool)# exit Router(config)# interface ge1 Router(config-if)# ip dhcp-pool DHCP_TEST Router(config-if)# exit Router(config)# show ip dhcp server status binding interface : ge1 binding pool : DHCP_TEST

Chapter 6 Interfaces

NXC CLI Reference Guide

Chapter 6 Interfaces

6.2.3 Connectivity Check (Ping-check) Commands

Use these commands to have an interface regularly check the connection to the gateway you specified to make sure it is still available. You specify how often the interface checks the connection, how long to wait for a response before the attempt is a failure, and how many consecutive failures are required before the NXC stops routing to the gateway. The NXC resumes routing to the gateway the first time the gateway passes the connectivity check.

This table lists the ping-check commands

Table 15 interface Commands: Ping Check

COMMAND DESCRIPTION

show ping-check [interface_name | status] Displays information about ping check settings for

the specified interface or for all interfaces. status: displays the current connectivity check

status for any interfaces upon which it is activated.

show ping-check [interface_name] Displays information about ping check settings for

the specified interface or for all interfaces.

[no] connectivity-check continuous-log activate

show connectivity-check continuous-log status Displays the continuous log setting about

interface interface_name Enters sub-command mode.

[no] ping-check activate Enables ping check for the specified interface. The

ping-check {domain_name | ip | defaultgateway}

ping-check {domain_name | ip | defaultgateway} period <5..30>

ping-check {domain_name | ip | defaultgateway} timeout <1..10>

ping-check {domain_name | ip | defaultgateway} fail-tolerance <1..10>

ping-check {domain_name | ip | defaultgateway} method {icmp | tcp}

ping-check {domain_name | ip | defaultgateway} port <1..65535>

Use this command to have the NXC logs connectivity check result continuously. The no command disables the setting.

connectivity check.

no command disables ping check for the specified

interface. Specifies what the NXC pings for the ping check;

you can specify a fully-qualified domain name, IP address, or the default gateway for the interface.

Specifies what the NXC pings for the ping check and sets the number of seconds between each ping check.

Specifies what the NXC pings for the ping check and sets the number of seconds the NXC waits for a response.

Specifies what the NXC pings for the ping check and sets the number of times the NXC times out before it stops routing through the specified interface.

Sets how the NXC checks the connection to the gateway.

icmp: ping the gateway you specify to make sure it is still available.

tcp: perform a TCP handshake with the gateway you specify to make sure it is still available.

Specifies the port number to use for a TCP connectivity check.

NXC CLI Reference Guide

6.2.3.1 Connectivity Check Command Example

The following commands show you how to set the WAN1 interface to use a TCP handshake on port 8080 to check the connection to IP address 1.1.1.2

Router# configure terminal Router(config)# interface wan1 Router(config-if-wan1)# ping-check 1.1.1.2 method tcp port 8080 Router(config-if-wan1)# exit Router(config)# show ping-check Interface: wan1 Check Method: tcp IP Address: 1.1.1.2 Period: 30 Timeout: 5 Fail Tolerance: 5 Activate: yes Port: 8080 Router(config)#

6.3 Ethernet Interface Specific Commands

Chapter 6 Interfaces

This section covers commands that are specific to Ethernet interfaces. The following table identifies the values required for many of these commands. Other input

values are discussed with the corresponding commands.

Table 16 Input Values for Ethernet Interface Commands

LABEL DESCRIPTION

interface_name The name of the interface.

Ethernet interface: gex, x = 1 - N, where N equals the highest numbered Ethernet interface for your NXC model.

VLAN interface: vlanx, x = 0 - 4094.

6.3.1 MAC Address Setting Commands

This table lists the commands you can use to set the MAC address of an interface..

Table 17 interface Commands: MAC Setting

COMMAND DESCRIPTION

interface interface_name Enters sub-command mode.

no mac Has the interface use its default MAC address. mac mac Specifies the MAC address the interface is to use.

NXC CLI Reference Guide

Chapter 6 Interfaces

Table 17 interface Commands: MAC Setting (continued)

COMMAND DESCRIPTION

type {internal|external|general} Sets which type of network you will connect this

interface. The NXC automatically adds default route and SNAT settings for traffic it routes from internal interfaces to external interfaces; for example LAN to WAN traffic.

internal: Set this to connect to a local network. Other corresponding configuration options: DHCP server and DHCP relay. The NXC automatically adds default SNAT settings for traffic flowing from this interface to an external interface.

external: Set this to connect to an external network (like the Internet). The NXC automatically adds this interface to the default WAN trunk.

general: Set this if you want to manually configure a policy route to add routing and SNAT settings for the interface.

no use-defined-mac Has the interface use its default MAC address. use-defined-mac Has the interface use a MAC address that you

specify.

6.4 Port Commands

This section covers commands that are specific to ports.

 In CLI, representative interfaces are also called representative ports.

Table 18 Basic Interface Setting Commands

COMMAND DESCRIPTION

no port <1..x> Removes the specified physical port from its

current representative interface and adds it to its default representative interface (for example, port x

--> gex).

port status Port<1..x> Enters a sub-command mode to configure the

specified port’s settings.

[no] duplex <full | half> Sets the port’s duplex mode. The no command

returns the default setting.

exit Leaves the sub-command mode. [no] negotiation auto Sets the port to use auto-negotiation to determine

the port speed and duplex. The no command turns off auto-negotiation.

[no] speed <100,10> Sets the Ethernet port’s connection speed in Mbps.

The no command returns the default setting.

show port setting Displays the Ethernet port negotiation, duplex, and

show port status Displays statistics for the Ethernet ports.

speed settings.

NXC CLI Reference Guide

Chapter 6 Interfaces

6.5 Port Role Commands

The following table describes the commands available for port role identification. You must use the these commands.

Table 19 Command Summary: Port Role

COMMAND DESCRIPTION

show port type Displays the type of cable connection for each physical

show module type Display the type of module for each physical interface on

6.5.1 Port Role Examples

The following are two port role examples..

configure terminal command to enter the configuration mode before you can use

interface on the device.

the device.

Router(config)# show port type Port Type =========================================================================== 1 Copper 2 Down 3 Down 4 Down 5 Down 6 Down 7 Down 8 Down Router(config)# show module type Port Type =========================================================================== 1 Copper 2 Copper 3 Copper 4 Copper 5 Fiber 6 Fiber 7 Fiber 8 Fiber

6.6 USB Storage Specific Commands

Use these commands to configure settings that apply to the USB storage device connected to the NXC.

NXC CLI Reference Guide

Chapter 6 Interfaces

 For the NXC which supports more than one USB ports, these commands only

apply to the USB storage device that is first attached to the NXC.

Table 20 USB Storage General Commands

COMMAND DESCRIPTION

show usb-storage Displays the status of the connected USB storage device. [no] usb-storage activate Enables or disables the connected USB storage service.

usb-storage warn number <percentage|megabyte>

usb-storage mount Mounts the connected USB storage device. usb-storage umount Unmounts the connected USB storage device. [no] logging usb-storage Sets to have the NXC log or not log any information about the connected

logging usb-storage category category level <all|normal>

logging usb-storage category category disable

logging usb-storage flushThreshold <1..100>

[no] diag-info copy usbstorage

[no] corefile copy usbstorage

show corefile copy usbstorage

show diag-info copy usbstorage

show logging status usbstorage

Sets a number and the unit (percentage or megabyte) to have the NXC send a warning message when the remaining USB storage space is less than the set value.

percentage: 10 to 99 megabyte: 100 to 9999

USB storage device(s) for the system log. Configures the logging settings for the specified category for the connected

USB storage device. Stops logging for the specified category to the connected USB storage

device. Configures the maximum storage space (in percentage) for storing system

logs on the connected USB storage device. Sets to have the NXC save or stop saving the current system diagnostics

information to the connected USB storage device. You may need to send this file to customer support for troubleshooting.

Sets to have the NXC save or not save a process’s core dump to the connected USB storage device if the process terminates abnormally (crashes). You may need to send this file to customer support for troubleshooting.

Displays whether (enable or disable) the NXC saves core dump files to the connected USB storage device.

Displays whether (enable or disable) the NXC saves the current system diagnostics information to the connected USB storage device.

Displays the logging settings for the connected USB storage device.

NXC CLI Reference Guide

6.6.1 USB Storage General Commands Example

This example shows how to display the status of the connected USB storage device.

Router> show usb-storage USBStorage Configuration: Activation: enable Criterion Number: 100 Criterion Unit: megabyte USB Storage Status: Device description: N/A Usage: N/A Filesystem: N/A Speed: N/A Status: none Detail: none

6.7 VLAN Interface Specific Commands

A Virtual Local Area Network (VLAN) divides a physical network into multiple logical networks. The standard is defined in IEEE 802.1q.

Chapter 6 Interfaces

In the NXC, each VLAN is called a VLAN interface. As a router, the NXC routes traffic between VLAN interfaces, but it does not route traffic within a VLAN interface.

 vlan0 is the default VLAN interface. It cannot be deleted and its VID cannot

changed.

Otherwise, VLAN interfaces are similar to other interfaces in many ways. They have an IP address, subnet mask, and gateway used to make routing decisions. They restrict bandwidth and packet size. They can provide DHCP services, and they can verify the gateway is available.

The following table identifies the values required for many of these commands. Other input values are discussed with the corresponding commands.

Table 21 Input Values for VLAN Interface Commands

LABEL DESCRIPTION

virtual_interface The VLAN interface name. You may use 0 - 511 alphanumeric

characters, underscores ( be a number. This value is case-sensitive.

gateway The gateway IP address of the interface. Enter a standard IPv4 IP

address (for example, 127.0.0.1).

ip_address The netwo rk mask IP address. Enter a standard IPv4 IP address. netmask The network subnet mask. For example, 255.255.255.0.

_), or dashes (-), but the first character cannot

NXC CLI Reference Guide

Chapter 6 Interfaces

Table 21 Input Values for VLAN Interface Commands (continued)

LABEL DESCRIPTION

description Sets the description of the interface. Y ou may use 0 - 511 alphanumeric

characters, underscores ( be a number. This value is case-sensitive.

profile_name The DHCP pool name.

_), or dashes (-), but the first character cannot

The following table describes the commands available for VLAN interface management. You must use the

configure terminal command to enter the configuration mode before you

can use these commands.

Table 22 Command Summary: VLAN Interface Profile

COMMAND DESCRIPTION

[no] interface virtual_interface Enters configuration mode for the specified interface. Use

vlanid <1..4094> Sets the interface’s VLAN identification number. [no] ip address ip_address netmask Sets the interface’s IP address and netmask address.

[no] ip address dhcp [metric <0..15>] Sets the interface to use the DHCP to acquire an IP

mtu <576..1500> Sets the maximum size of each data packet, in bytes, that

no mtu Disables the mtu feature for this interface.

[no] ip gateway gateway [metric <0..15>]

join <interface_name> <tag|untag> Links the VLAN to the specified physical interface and

no join <interface_name> Disassociates the specified physical interface from the

upstream <0..1048576> Sets the maximum amount of traffic, in kilobits per

no upstream Disables the upstream bandwidth limit. downstream <0..1048576> Sets the maximum amount of traffic, in kilobits per

no downstream Disables the downstream bandwidth limit.

the no command to remove the specified VLAN interface.

Use the no command to remove these values from this interface.

address. Enter the metric (priority) of the gateway (if any) on this interface. The NXC decides which gateway to use based on this priority. The lower the number, the higher the priority. If two or more gateways have the same priority, the NXC uses the one that was configured first.

can move through this interface. If a larger packet arrives, the NXC divides it into smaller fragments.

Enter the IP address of the gateway. The NXC sends packets to the gateway when it does not know how to route the packet to its destination. The gateway should be on the same network as the interface.

Also enter the metric (priority) of the gateway (if any) on this interface. The NXC decides which gateway to use based on this priority. The lower the number, the higher the priority. If two or more gateways have the same priority, the NXC uses the one that was configured first.

also sets this interface to send packets with or without a VLAN tag.

VLAN.

second, the NXC can send through the interface to the network.

second, the NXC can receive from the network through the interface.

NXC CLI Reference Guide

Chapter 6 Interfaces

Table 22 Command Summary: VLAN Interface Profile (continued)

COMMAND DESCRIPTION

description description Sets the description of this interface. It is not used

elsewhere. You can use alphanumeric and ()+/ :=?!*#@$_%- characters, and it can be up to 60 characters long.

no description Removes the VLAN description. [no] shutdown Exits this sub-command mode, saving all changes but

[no] ip dhcp-pool profile_name Sets the DHCP server pool. The no command removes

[no] ip helper-address ip_address Sets the IP helper address. The no command removes

exit Exits configuration mode for this interface.

without enabling the VLAN.

the specified DHCP pool.

the IP address.

6.7.1 VLAN Interface Examples

This example creates a VLAN interface called ‘vlan0’..

Router(config)# interface vlan0 Router(config-if-vlan)# vlanid 100 Router(config-if-vlan)# join ge2 untag Router(config-if-vlan)# ip address 1.2.3.4 255.255.255.0 Router(config-if-vlan)# ip gateway 2.2.2.2 metric 11 Router(config-if-vlan)# mtu 598 Router(config-if-vlan)# upstream 345 Router(config-if-vlan)# downstream 123 Router(config-if-vlan)# description I am vlan0 Router(config-if-vlan)# exit Router(config)#

This example changes VLAN interface ‘vlan0’ to use DHCP..

Router(config)# interface vlan0 Router(config-if-vlan)# vlanid 100 Router(config-if-vlan)# join ge1 untag Router(config-if-vlan)# ip address dhcp metric 4 Router(config-if-vlan)# exit Router(config)#

NXC CLI Reference Guide

Chapter 6 Interfaces

NXC CLI Reference Guide

CHAPTER 7

Route

This chapter shows you how to configure policies for IP routing and static routes on your NXC.

7.1 Policy Route

Traditionally, routing is based on the destination address only and the NXC takes the shortest path to forward a packet. IP Policy Routing (IPPR) provides a mechanism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator. Policy-based routing is applied to incoming packets on a per interface basis, prior to the normal routing.

7.2 Policy Route Commands

The following table identifies the values required for many of these commands. Other input values are discussed with the corresponding commands.

Table 23 Input Values for General Policy Route Commands

LABEL DESCRIPTION

address_object The name of the IP address (group) object. You may use 1-31 alphanumeric

interface_name The name of the interface.

policy_number The number of a policy route. 1 - x where x is the highest number of policy

schedule_object The name of the schedule. You may use 1-31 alphanumeric characters,

service_name The name of the service (group). You may use 1-31 alphanumeric characters,

user_name The name of a user (group). You may use 1-31 alphanumeric characters,

characters, underscores( number. This value is case-sensitive.

Ethernet interface: gex, x = 1 - N, where N equals the highest numbered Ethernet interface for your NXC model.

routes the NXC model supports. See the NXC’s User’s Guide for details.

underscores( value is case-sensitive.

_), or dashes (-), but the first character cannot be a number. This

_), or dashes (-), but the first character cannot be a

NXC CLI Reference Guide

Chapter 7 Route

The following table describes the commands available for policy route. You must use the

configure terminal command to enter the configuration mode before you can use these

commands.

Table 24 Command Summary: Policy Route

COMMAND DESCRIPTION

[no] bwm activate Globally enables bandwidth management. You

policy {policy_number | append | insert policy_number}

[no] auto-disable When you set interface as the next-hop type

[no] bandwidth <1..1048576> priority <1..1024> [maximize-bandwidth-usage]

[no] deactivate Disables the specified policy. The

[no] description description Sets a descriptive name for the policy. The

[no] destination {address_object|any} Sets the destination IP address the matched

[no] dscp {any | <0..63>} Sets a custom DSCP code point (0~63). This is

[no] dscp class {default | dscp_class} Sets a DSCP class. Use default to apply this

dscp-marking <0..63> Sets a DSCP value to have the NXC apply that

dscp-marking class {default | dscp_class} Sets how the NXC handles the DSCP value of

must globally activate bandwidth management to have individual policy routes or application patrol policies apply bandwidth management. The command globally disables bandwidth management.

Enters the policy-route sub-command mode to configure, add or insert a policy.

(using the next-hop interface) for this route, you can use this command to have the NXC automatically disable this policy route when the next-hop’s connection is down. The no command disables the setting.

Sets the maximum bandwidth and priority for the policy. The no command removes bandwidth settings from the rule. You can also turn maximize bandwidth usage on or off.

no command

enables the specified policy.

command removes the name for the policy.

packets must have. The no command resets the destination IP address to the default (any). any means all IP addresses.

the DSCP value of incoming packets to which this policy route applies. any means all DSCP value or no DSCP marker.

policy route to incoming packets that are marked with DSCP value 0. Use one of the pre-defined AF classes (including af11~af13, af21~af23, af31~af33, and af41~af43) to apply this policy route to incoming packets that are marked with the DSCP AF class.

The “af” entries stand for Assured Forwarding. The number following the “af” identifies one of four classes and one of three drop preferences.

DSCP value to the route’s outgoing packets.

the outgoing packets that match this route. Set this to default to have the NXC set the DSCP value of the packets to 0. Set this to an “af” class (including af11~af13, af21~af23, af31~af33, and af41~af43) which stands for Assured Forwarding. The number following the “af” identifies one of four classes and one of three drop preferences.

NXC CLI Reference Guide

Chapter 7 Route

Table 24 Command Summary: Policy Route (continued)

COMMAND DESCRIPTION

no dscp-marking Use this command to have the NXC not modify

the DSCP value of the route’s outgoing packets.

[no] interface {interface_name | EnterpriseWLAN}

[no] next-hop {auto|gateway address object | interface interface_name}

[no] schedule schedule_object Sets the schedule. The no command removes

[no] service {service_name|any} Sets the IP protocol. The

[no] snat {outgoing-interface|pool {address_object}}

[no] source {address_object|any} Sets the source IP address that the matched

[no] trigger <1..8> incoming service_name trigger service_name

trigger append incoming service_name trigger

service_name

trigger delete <1..8> Removes a port triggering rule.

trigger insert <1..8> incoming service_name trigger service_name

trigger move <1..8> to <1..8> Moves a port triggering rule to the number that

[no] user user_name Sets the user name. The

policy default-route Enters the policy-route sub-command mode to

policy delete policy_number Removes a routing policy. policy flush Clears the policy routing table. policy list table Displays all policy route settings. policy move policy_number to policy_number Moves a routing policy to the number that you

[no] policy override-direct-route activate Use this command to have the NXC forward

show policy-route [policy_number] Displays all or specified policy route settings.

Sets the interface on which the incoming packets are received. The incoming interface to the default ( means all interfaces.

EnterpriseWLAN: the packets are coming from the NXC itself.

Sets the next-hop to which the matched packets are routed. The settings to the default (

the schedule setting to the default ( means any time.

no command resets the

any). any

no command resets next-hop

auto).

none). none

no command resets

service settings to the default ( all services.

Sets the source IP address of the matched packets that use SNAT. The no command removes source NAT settings from the rule.

packets must have. The no command resets the source IP address to the default ( means all IP addresses.

Sets a port triggering rule. The removes port trigger settings from the rule.

Adds a new port triggering rule to the end of the list.

Adds a new port triggering rule before the specified number.

you specified.

any). any means

any). any

no command

no command resets the

user name to the default ( users.

set a route with the name “default-route”.

specified.

packets that match a policy route according to the policy route instead of sending the packets to a directly connected network. Use the no command to disable it.

any). any means all

NXC CLI Reference Guide

Chapter 7 Route

Table 24 Command Summary: Policy Route (continued)

COMMAND DESCRIPTION

show policy-route begin policy_number end policy_number

show policy-route override-direct-route Displays whether or not the NXC forwards

show policy-route rule_count Displays the number of policy routes that have

show policy-route underlayer-rules Displays all policy route rule details for advanced

show bwm activation Displays whether or not the global setting for

show bwm-usage < [policy-route policy_number] | [interface interface_name]

Displays the specified range of policy route settings.

packets that match a policy route according to the policy route instead of sending the packets to a directly connected network.

been configured on the NXC.

debugging.

bandwidth management on the NXC is enabled. Displays the specified policy route or interface’s

bandwidth allotment, current bandwidth usage, and bandwidth usage statistics.

7.2.1 Assured Forwarding (AF) PHB for DiffServ

Assured Forwarding (AF) behavior is defined in RFC 2597. The AF behavior group defines four AF classes. Inside each class, packets are given a high, medium or low drop precedence. The drop precedence determines the probability that routers in the network will drop packets when congestion occurs. If congestion occurs between classes, the traffic in the higher class (smaller numbered class) is generally given priority. Combining the classes and drop precedence produces the following twelve DSCP encodings from AF11 through AF43. The decimal equivalent is listed in brackets.

Table 25 Assured Forwarding (AF) Behavior Group

CLASS 1 CLASS 2 CLASS 3 CLASS 4

Low Drop Precedence AF11 (10) AF21 (18) AF31 (26) AF41 (34) Medium Drop Precedence AF12 (12) AF22 (20) AF32 (28) AF42 (36) High Drop Precedence AF13 (14) AF23 (22) AF33 (30) AF43 (38)

NXC CLI Reference Guide

7.2.2 Policy Route Command Example

The following commands create two address objects (TW_SUBNET and GW_1) and insert a policy that routes the packets (with the source IP address TW_SUBNET and any destination IP address) through the interface ge1 to the next-hop router GW_1. This route uses the IP address of the outgoing interface as the matched packets’ source IP address.

Router(config)# address-object TW_SUBNET 192.168.2.0 255.255.255.0 Router(config)# address-object GW_1 192.168.2.250 Router(config)# policy insert 1 Router(policy-route)# description example Router(policy-route)# destination any Router(policy-route)# interface ge1 Router(policy-route)# next-hop gateway GW_1 Router(policy-route)# snat outgoing-interface Router(policy-route)# source TW_SUBNET Router(policy-route)# exit Router(config)# show policy-route 1 index: 1 active: yes description: example user: any schedule: none interface: ge1 tunnel: none sslvpn: none source: TW_SUBNET destination: any DSCP code: any service: any nexthop type: Gateway nexthop: GW_1 nexthop state: Not support auto destination: no bandwidth: 0 bandwidth priority: 0 maximize bandwidth usage: no SNAT: outgoing-interface DSCP marking: preserve amount of port trigger: 0 Router(config)#

Chapter 7 Route

7.3 IP Static Route

The NXC has no knowledge of the networks beyond the n e twork that is directly connected to the NXC. For instance, the NXC knows about network N2 in the following figure through gateway R1. However, the NXC is unable to route a packet to network N3 because it doesn't know that there is a route through the same gateway R1 (via gateway R2). The static routes are for you to tell the NXC about the networks beyond the network connected to the NXC directly.

NXC CLI Reference Guide

Chapter 7 Route

Figure 10 Example of Static Routing Topology

7.4 Static Route Commands

The following table describes the commands available for static route. You must use the

configure terminal command to enter the configuration mode before you can use these

commands.

Table 26 Command Summary: Static Route

COMMAND DESCRIPTION

[no] ip route {w.x.y.z} {w.x.y.z} {interface|w.x.y.z} [<0..127>]

ip route replace {w.x.y.z} {w.x.y.z} {interface|w.x.y.z} [<0..127>] with {w.x.y.z} {w.x.y.z} {interface|w.x.y.z} [<0..127>]

show ip route-settings Displays static route information. Use show ip

show ip route control-virtual-server-rules Displays whether or not static routes have priority

Sets a static route. The no command disables a static route.

Changes an existing route’s settings.

route to see learned route information.

over NAT virtual server rules (1-1 SNAT).

7.4.1 Static Route Commands Example

The following command sets a static route with IP address 10.10.10.0 and subnet mask

255.255.255.0 and with the next-hop interface ge1. Then use the show command to display the setting.

Router(config)# ip route 10.10.10.0 255.255.255.0 ge1 Router(config)# Router(config)# show ip route-settings Route Netmask Nexthop Metric ===========================================================================

10.10.10.0 255.255.255.0 ge1 0

NXC CLI Reference Guide

Chapter 7 Route

7.5 Learned Routing Information Commands

This table lists the commands to look at learned routing information.

Table 27 ip route Commands: Learned Routing Information

COMMAND DESCRIPTION

show ip route [kernel | connected | static] Displays learned routing and other routing information.

7.5.1 show ip route Command Example

The following example shows learned routing information on the NXC.

Router> show ip route Flags: A - Activated route, S - Static route, C - directly Connected O - OSPF derived, R - RIP derived, G - selected Gateway ! - reject, B - Black hole, L - Loop

IP Address/Netmask Gateway IFace Metric Flags Persist ===========================================================================

127.0.0.0/8 0.0.0.0 lo 0 ACG -

192.168.1.0/24 0.0.0.0 vlan0 0 ACG -

Router>

NXC CLI Reference Guide

Chapter 7 Route

NXC CLI Reference Guide

CHAPTER 8

AP Management

This chapter shows you how to configure wireless AP management options on yo ur NXC.

8.1 AP Management Overview

The NXC allows you to remotely manage all of the Access Points (APs) on your network. You can manage a number of APs without having to configure them individually as the NXC automatically handles basic configuration for you.

The commands in this chapter allow you to add, delete, and edit the APs managed by the NXC by means of the CAPWAP protocol. An AP must be moved from the wait list to the management list before you can manage it. If you do not want to use this registration mechanism, you can disable it and then any newly connected AP is registered automatically.

Figure 11 Example AP Management

In this example, the NXC (A) connects up to a number of Power over Ethernet switches, such as the ES-2025 PWR (B). They connect to the NWA5160N Access Points (C), which in turn provide access to the network for the wireless clients within their broadcast radius.

Let’s say one AP (D) starts giving you trouble. You can log into the NXC via console or Telnet and troubleshoot, such as viewing its traffic statistics or reboot it or even remove it altogether from the list of viable APs that stations can use.

NXC CLI Reference Guide

Chapter 8 AP Management

8.2 AP Management Commands

The following table identifies the values required for many of these commands. Other input values are discussed with the corresponding commands.

Table 28 Input Values for General AP Management Commands

LABEL DESCRIPTION

ap_mac The Ethernet MAC address of the managed AP. Enter 6 hexidecimal pairs

ap_model The model name of the managed AP , such as NWA5160N, NWA5560-N,

slot_name The slot name for the AP’s on-board wireless LAN card. Use either slot1 or

profile_name The wireless LAN radio profile name. You may use 1-31 alphanumeric

ap_description The AP description. This is strictly used for reference purposes and has no

sta_mac The MAC address of the wireless client. Enter 6 hexidecimal pairs separated by

separated by colons. You can use 0-9, a-z and A-Z.

NWA5550-N, NWA5121-NI or NWA5123-NI.

slot2. (The NWA5560-N supports up to 2 radio slots.)

characters, underscores( number. This value is case-sensitive.

effect on any other settings. You may use 1-31 alphanumeric characters, underscores( value is case-sensitive.

colons. You can use 0-9, a-z and A-Z.

_), or dashes (-), but the first character cannot be a number. This

_), or dashes (-), but the first character cannot be a

The following table describes the commands available for AP management. You must use the

configure terminal command to enter the configuration mode before you can use these

commands.

Table 29 Command Summary: AP Management

COMMAND DESCRIPTION

capwap ap ap_mac Enters the sub-command mode for the specified AP.

slot_name ap-profile profile_name Sets the radio (slot_name) to AP mode and assigns a

created profile to the radio.

no slot_name ap-profile Removes the AP mode profile assignment for the

slot_name monitor-profile profile_name

no slot_name monitor-profile Removes the monitor mode profile assignment for the

slot_name { root-ap | repeater-ap } zymesh-profile_name

ap-group-profile ap-groupprofile_name

description ap_description Sets the description for the specified AP.

specified radio (slot_name). Sets the specified radio (slot_name) to monitor mode

and assigns a created profile to the radio. Monitor mode APs act as wireless monitors, which can detect rogue APs and help you in building a list of friendly ones. See also Section 10.2 on page 87.

specified radio (slot_name). Sets the specified radio (slot_name) to root AP or

repeater mode and assigns a created ZyMesh profile to the radio. See also Section 10.7 on page 101 for more information about ZyMesh.

Sets the AP group to which the AP belongs.

NXC CLI Reference Guide

Chapter 8 AP Management

Table 29 Command Summary: AP Management (continued)

COMMAND DESCRIPTION

[no] force vlan Sets whether or not the NXC changes the AP’s

management VLAN to match the one you configure using the vlan sub-command. The management VLAN on the NXC and AP must match for the NXC to manage the AP.

This takes priority over the AP’s CAPWAP client commands described in Chapter 42 on page 249.

lan-provision lan_port {activate | inactivate} pvid <1..4094>

lan-provision vlan_interface {activate | inactivate} vid <1..4094> join lan_port {tag | untag} [lan_port {tag | untag}] [lan_port {tag | untag}]

[no] override slot_name {output-power | radio-setting | ssid-setting}

[no] override lan-provision Sets the NXC to overwrite the AP’s LAN port settings.

[no] override vlan-setting Sets the NXC to overwrite the AP’s LAN port settings.

vlan <1..4094> {tag | untag} Sets the VLAN ID for the specified AP as well as whether

exit Exits the sub-command mode for the specified AP.

capwap ap ac-ip {primary_ac_ip}

{secondary_ac_ip}

capwap ap ac-ip auto Sets the AP to use DHCP to get the address of the AP

capwap ap add ap_mac [ap_model] Adds the specified AP to the NXC for management. If

capwap ap fallback disable Sets the managed AP(s) to not change back to associate

capwap ap fallback enable Sets the managed AP(s) to change back to associate

capwap ap fallback interval <30..86400> Sets how often (in seconds) the managed AP(s) check

Sets the NXC to enable or disable the specified LAN port on the AP and configures a PVID (Port VLAN ID) for this port.

lan_port: the name of the AP’s LAN port (lan1 for example).

Sets the NXC to create a new VLAN or configure an existing VLAN. Y ou can disable or enable the VLAN, set the VLAN ID, assign up to three ports to this VLAN as members and set whether the port is to tag outgoing traffic with the VLAN ID.

vlan_interface: the name of the VLAN (vlan1 for example).

Sets the NXC to overwrite the AP’s output power, radio or SSID profile settings for the specified radio.

Use the no command to not overwrite the specified settings.

packets sent to and from that ID are tagged or untagged.

Specifies the primary and secondary IP address or domain name of the AP controller (the NXC) to which the AP connects.

controller (the NXC).

manual add is disabled, this command can still be used; if you add an AP before it connects to the network, then this command simply preconfigures the management list with that AP’s information.

with the primary AP controller when the primary AP controller is available.

with the primary AP controller as soon as the primary AP controller is available.

whether the primary AP controller is avail a bl e .

NXC CLI Reference Guide

Chapter 8 AP Management

Table 29 Command Summary: AP Management (continued)

COMMAND DESCRIPTION

capwap ap kick {all | ap_mac} Removes the specified AP (ap_mac) or all connected

APs (all) from the management list. Doing this removes the AP(s) from the management list.

If the NXC is set to automatically add new APs to the AP management list, then any kicked APs are added back to the management list as soon as they reconnect.

capwap ap led-off ap_mac Sets the LEDs of the specified AP to turn off after it’s

capwap ap led-on ap_mac Sets the LEDs of the specified AP to stay lit after the NXC

capwap ap reboot ap_mac Forces the specified AP (ap_mac) to restart. Doing this

capwap manual-add {enable | disable} Allows the NXC to either automatically add new APs to

capwap station kick sta_mac Forcibly disconnects the specified station from the

country-code country_code Sets the country where the NXC is located/installed.

lan-provision ap ap_mac Enters the sub-command mode for the specified AP

lan_port {activate | inactivate} pvid <1..4094>

vlan_interface {activate | inactivate} vid <1..4094> join lan_port {tag | untag} [lan_port {tag | untag}] [lan_port {tag | untag}]

[no] vlan_interface Removes the specified VLAN.

show capwap ap {all | ap_mac} Displays the management list (all) or whether the

show capwap ap ap_mac slot_name detail Displays details for the specified radio (slot_name) on

show capwap ap {all | ap_mac} config status

show capwap ap ac-ip Displays the address of the NXC or auto if the AP finds

show capwap ap all statistics Displays radio statistics for all APs on the management

ready.

is ready.

severs the connections of all associated stations.

the network (disable) or wait until you manually confirm them (enable).

network.

This is the default country code the NXC uses in a new radio profile or monitor profile if you do not change it. The available channels vary depending on the country you selected.

country_code: 2-letter country-codes, such as TW, DE, or FR.

Enables or disables the specified LAN port on the AP and configures a PVID (Port VLAN ID) for this port.

lan_port: the name of the AP’s LAN port (lan1 for example).

Creates a new VLAN or configures an existing VLAN. You can disable or enable the VLAN, set the VLAN ID, assign up to three ports to this VLAN as members and set whether the port is to tag outgoing tra ffic with the VLAN ID.

vlan_interface: the name of the VLAN (vlan1 for example).

specified AP is on the management list (ap_mac).

the specified AP (ap_mac Displays whether or not any AP’s configuration or the

specified AP’s configuration is in conflict with the NXC’s settings for the AP and displays the settings in conflict if there are any.

the NXC through broadcast packets.

list.

NXC CLI Reference Guide

Chapter 8 AP Management

Table 29 Command Summary: AP Management (continued)

COMMAND DESCRIPTION

show capwap ap fallback Displays whether the managed AP(s) will change back to

associate with the primary AP controller when the primary AP controller is available.

show capwap ap fallback interval Displays the interval for how often the managed AP(s)

check whether the primary AP controller is available.

show capwap ap wait-list Displays a list of connected but as-of-yet unmanaged

show capwap manual-add Displays the current manual add option. show capwap station all Displays information for all stations connected to the APs

show country-code list Displays a refe rence list of two-letter country codes. show default country-code Displays the default country code configured on the NXC.

show lan-provision ap ap_mac interface {lan_port | vlan_interface | all| ethernet | uplink | vlan}

APs. This is known as the ‘wait list’.

on the management list.

Displays the port and/or VLAN settings for the specified AP.

You can also set to display settings for a specified port, a sepcified VLAN, all physical Ethernet ports, the uplink port or all VLANs on the AP.

NXC CLI Reference Guide

Chapter 8 AP Management

8.2.1 AP Management Commands Example

The following example shows you how to add an AP to the management list, and then edit it.

Router# show capwap ap wait-list index: 1 IP: 192.168.1.35, MAC: 00:11:11:11:11:FE Model: NWA5160N, Description: AP-00:11:11:11:11:FE index: 2 IP: 192.168.1.36, MAC: 00:19:CB:00:BB:03 Model: NWA5160N, Description: AP-00:19:CB:00:BB:03 Router# configure terminal Router(config)# capwap ap add 00:19:CB:00:BB:03 Router(config)# capwap ap 00:19:CB:00:BB:03 Router(AP 00:19:CB:00:BB:03)# slot1 ap-profile approf01 Router(AP 00:19:CB:00:BB:03)# exit Router(config)# show capwap ap all index: 1 Status: RUN IP: 192.168.1.37, MAC: 40:4A:03:05:82:1E Description: AP-404A0305821E Model: NWA5160N R1 mode: AP, R1Prof: default R2 mode: AP, R2Prof: n/a Station: 0, RadioNum: 2 Mgnt. VLAN ID: 1, Tag: no WTP VLAN ID: 1, WTP Tag: no Force VLAN: disable Firmware Version: 2.25(AAS.0)b2 Recent On-line Time: 08:43:04 2012/07/24 Last Off-line Time: N/A

Router(config)# show capwap ap 40:4A:03:05:82:1E slot1 detail index: 1 SSID: ZyXEL, BSSID: 40:4A:03:05:82:1F SecMode: NONE, Forward Mode: Local Bridge, Vlan: 1

Router(config)# show capwap ap all statistics index: 1 Status: RUN, Loading: AP MAC: 40:4A:03:05:82:1E Radio: 1, OP Mode: AP Profile: default, MAC: 40:4A:03:05:82:1F Description: AP-404A0305821E Model: NWA5160N Band: 2.4GHz, Channel: 6 Station: 0 RxPkt: 4463, TxPkt: 38848 RxFCS: 1083323, TxRetry: 198478

NXC CLI Reference Guide

CHAPTER 9

AP Group

This chapter shows you how to configure AP groups, which define the radio, po rt, VLAN and load balancing settings and apply the settings to all APs in the group. An AP can belong to one AP group at a time.

9.1 Wireless Load Balancing Overview

Wireless load balancing is the process whereby you limit the number of connections allowed on an wireless access point (AP) or you limit the amount of wireless traffic transmitted and received on it. Because there is a hard upper limit on the AP’s wireless bandwidth, this can be a crucial function in areas crowded with wireless users. Rather than let every user connect and subsequently dilute the available bandwidth to the point where each connecting device receives a meager trickle, the load balanced AP instead limits the incoming connections as a means to maintain bandwidth integrity.

9.2 AP Group Commands

The following table identifies the values required for many of these commands. Other input values are discussed with the corresponding commands.

Table 30 Input Values for General AP Management Commands

LABEL DESCRIPTION

ap_group_profil e_name

slot_name The slot name for the AP’s on-board wireless LAN card. Use either slot1 or

The following table describes the commands available for AP groups. You must use the

configure terminal command to enter the configuration mode before you can use these

commands.

Table 31 Command Summary: AP Group

COMMAND DESCRIPTION

ap-group first-priority

ap_group_profile_name

ap-group flush wtp-setting

ap_group_profile_name

The wireless LAN radio profile name. You may use 1-31 alphanumeric characters, underscores( number. This value is case-sensitive.

slot2. (The NWA5560-N supports up to 2 radio slots.)

_), or dashes (-), but the first character cannot be a

Sets an AP group file that is used as the default group file. Any AP that is not configured to associate with a specific AP group belongs to the default group automatically.

Sets the NXC to overwrite the settings of all managed APs in the specified group with the group profile settings.

NXC CLI Reference Guide

Chapter 9 AP Group

Table 31 Command Summary: AP Group (continued)

COMMAND DESCRIPTION

ap-group-member ap_group_profile_name [no] member mac_address

[no] ap-group-profile ap_group_profile_name

[no] slot_name ap-profile radio_profile_name

[no] slot_name monitor-profile monitor_profile_name

[no] slot_name output-power

wlan_power

[no] slot_name repeater-ap radio_profile_name

[no] slot_name root-ap radio_profile_name

[no] slot_name ssid-profile <1..8> ssid_profile_name

[no] slot_name zymesh-profile zymesh_profile_name

description description Sets a description for this group. You can use up to 31

exit Exits configuration mode for this profile. [no] force vlan Sets the NXC to change the AP’s management VLAN to

[no] lan-provision model {nwa5301-nj | wac6502d-e | wac6502d-s | wac6503d-s | wac6553d-e} ap_lan_port activate pvid <1..4094>

Specifies the MAC address of the AP that you want to apply the specified AP group profile and add to the group.

Use the no command to remove the specified AP from this group.

Enters configuration mode for the specified AP group profile. Use the no command to remove the specified profile.

Sets the specified radio to work as an AP and specifies the radio profile the radio is to use.

Use the no command to remove the specified profile. Sets the specified radio to work in monitor mode and

specifies the monitor profile the radio is to use. Use the no command to remove the specified profile.

Sets the output power (between 0 to 30 dBm) for the radio on the AP that belongs to this group.

Use the no command to remove the output power setting. Sets the specified AP radio to work as a repeater and

specifies the radio profile the radi o is to use. Use the no command to remove the specified profile.

Sets the specified radio to work as a root AP and specifies the radio profile the radi o is to use.

A root AP supports the wireless connections with other APs (in repeater mode) to form a ZyMesh/WDS to extend its wireless network.

Use the no command to remove the specified profile. Sets the SSID profile that is associated with this profile.

You can associate up to eight SSID profiles with an AP radio.

Use the no command to remove the specified profile. Sets the ZyMesh profile the radio (in root AP or repeater

mode) uses to connect to a root AP or repeater. Use the no command to remove the specified profile.

characters, spaces and underscores allowed. Use the

description.

match the configuration in this profile. Use the no command to not change the AP’s

management VLAN setting. Sets the model of the managed AP and enable the

model-specific LAN port and configure the port VLAN ID. Use the no command to remove the specified port and

VLAN settings. ap_lan_port: the Ethenet LAN port on the managed

AP, such as lan1 or lan2.

no command to remove the specified

NXC CLI Reference Guide

Chapter 9 AP Group

Table 31 Command Summary: AP Group (continued)

COMMAND DESCRIPTION

[no] lan-provision model {nwa5301-nj | wac6502d-e | wac6502d-s | wac6503d-s | wac6553d-e} ap_lan_port inactivate pvid <1..4094>

[no] lan-provision model {nwa5301-nj | wac6502d-e | wac6502d-s | wac6503d-s | wac6553d-e} vlan_interface activate vid <1..4094> join ap_lan_port {tag | untag} [ap_lan_port {tag | untag}] [ap_lan_port {tag | untag}]

[no] lan-provision model {nwa5301-nj | wac6502d-e | wac6502d-s | wac6503d-s | wac6553d-e} vlan_interface inactivate vid <1..4094> join ap_lan_port {tag | untag} [ap_lan_port {tag | untag}] [ap_lan_port {tag | untag}]

[no] load-balancing activate Enables load balancing. Use the no parameter to disable

load-balancing alpha <1..255> Sets the load balancing alpha value.

Sets the model of the managed AP and disable the model-specific LAN port and configure the port VLAN ID.

Use the no command to remove the specified port and VLAN settings.

ap_lan_port: the Ethenet LAN port on the managed AP, such as lan1 or lan2.

Sets the model of the managed AP, enable a VLAN and configure the VLAN ID. It also sets the Ethernet port(s) on the managed AP to be a member of the VLAN, and sets the port(s) to send packets with or without a VLAN tag.

Use the no command to remove the specified port and VLAN settings.

vlan_interface: the name of the VLAN, such as vlan0.

ap_lan_port: the Ethenet LAN port on the managed AP, such as lan1 or lan2.

Sets the model of the managed AP, disable a VLAN and configure the VLAN ID. It also sets the Ethernet port(s) on the managed AP to be a member of the VLAN, and sets the port(s) to send packets with or without a VLAN tag.

Use the no command to remove the specified port and VLAN settings.

vlan_interface: the name of the VLAN, such as vlan0.

ap_lan_port: the Ethenet LAN port on the managed AP, such as lan1 or lan2.

it.

When the AP is balanced, then this setting delays a client’s association with it by this number of seconds.

Note: This parameter has been optimized for

the NXC and should not be changed unless you have been specifically directed to do so by ZyXEL support.

load-balancing beta <1..255> Sets the load balancing beta value.

When the AP is overloaded, then this setting delays a client’s association with it by this number of seconds.

Note: This parameter has been optimized for

the NXC and should not be changed unless you have been specifically directed to do so by ZyXEL support.

load-balancing kickInterval <1..255> Enables the kickout feature for load balancing and also

sets the kickout interval in seconds. While load balancing is enabled, the AP periodically disconnects stations at intervals equal to this setting.

This occurs until the load balancing threshold is no longer exceeded.

[no] load-balancing kickout Enables an overloaded AP to disconnect (“kick”) idle

clients or clients with noticeably weak connections.

NXC CLI Reference Guide

Chapter 9 AP Group

Table 31 Command Summary: AP Group (continued)

COMMAND DESCRIPTION

load-balancing liInterval <1..255> Sets the interval in seconds that each AP communicates

with the other APs in its range for calculating the load balancing algorithm.

Note: This parameter has been optimized for

the NXC and should not be changed unless you have been specifically directed to do so by ZyXEL support.

load-balancing max sta <1..127> If load balancing by the number of stations/wireless

clients, this sets the maximum number of devices allowed to connect to a load-balanced AP.

load-balancing mode {station | traffic | smart-classroom}

load-balancing sigma <51..100> Sets the load balancing sigma value.

Enables load balancing based on either number of stations (also known as wireless clients) or wireless traffic on an AP.

station or traffic: once the threshold is crossed (either the maximum station numbers or with network traffic), the AP delays association request and authentication request packets from any new station that attempts to make a connection.

smart-classroom: the AP ignores association request and authentication request packets from any new station when the maximum number of stations is reached.

This value is algorithm parameter used to calculate whether an AP is considered overloaded, balanced, or underloaded. It only applies to ‘by traffic mode’.

Note: This parameter has been optimized for

the NXC and should not be changed unless you have been specifically directed to do so by ZyXEL support.

load-balancing timeout <1..255> Sets the length of time that an AP retains load balancing

load-balancing traffic level {high | low | medium}

vlan <1..4094> {tag | untag} Sets the management VLAN ID for the AP(s) in this group

show ap-group first-priority Displays the name of the default AP group profile.

show ap-group-profile {all | ap_group_profile_name}

show ap-group-profile ap_group_profile_name load-balancing config

information it receives from other APs within its range. If load balancing by traffic threshold, this sets the traffic

threshold level.

as well as whether packets sent to and from that VLAN ID are tagged or untagged.

Displays the settings of the AP group profile(s).

all: Displays all profiles. ap_group_profile_name: Displays the specified

profile. Displays the load balancing configuration of the specified

AP group profile.

NXC CLI Reference Guide

Chapter 9 AP Group

Table 31 Command Summary: AP Group (continued)

COMMAND DESCRIPTION

show ap-group-profile ap_group_profile_name model {nwa5301-nj | wac6502d-e | wac6502d-s | wac6503d-s | wac6553d-e} interface {all | vlan | ethernet | ap_lan_port | vlan_interface}

show ap-group-profile ap_group_profile_name model

show ap-group-profile rule_count Displays how many AP group profiles have been

ap-group-profile rename

ap_group_profile_name1 ap_group_profile_name2

Displays the LAN port and/or VLAN settings on th e managed AP which is in the specified AP group and of the specified model.

vlan_interface: the name of the VLAN, such as vlan0.

ap_lan_port: the Ethenet LAN port on the managed AP, such as lan1 or lan2.

Shows the model name of the managed AP which belongs to the specified AP group.

configured on the NXC. Gives an existing AP group profile

(ap_group_profile_name1) a new name (ap_group_profile_name2).

9.2.1 AP Group Examples

The following example shows you how to create an AP group profile (named “TEST”) and configure the AP’s first radio to work in repeater mode using the “default” radio profile and the “ZyMesh_TEST” ZyMesh profile. It also adds the AP with the MAC address 00:a0:c5:01:23:45 to this AP group.

Router(config)# ap-group-profile TEST Router(config-ap-group TEST)# slot1 repeater-ap default Router(config-ap-group TEST)# slot1 zymesh-profile ZyMesh_TEST Router(config-ap-group TEST)# exit Router(config)# ap-group-member TEST member 00:a0:c5:01:23:45 Router(config)#

NXC CLI Reference Guide

Chapter 9 AP Group

The following example shows you how to create an AP group profile (named GP1) and configure AP load balancing in "by station" mode. The maximum number of stations is set to

Router(config)# ap-group-profile GP1 Router(config-ap-group GP1)# load-balancing mode station Router(config-ap-group GP1)# load-balancing max sta 1 Router(config-ap-group GP1)# exit Router(config)# show ap-group-profile GP1 load-balancing config AP Group Profile:GP1 load balancing config: Activate: yes Kickout: no Mode: station Max-sta: 1 Traffic-level: high Alpha: 5 Beta: 10 Sigma: 60 Timeout: 20 LIInterval: 10 KickoutInterval: 20 Router(config)#

The following example shows you how to create an AP group profile (named GP2) and configure AP load balancing in "by traffic" mode. The traffic level is set to low, and "disassociate station" is enabled.

Router(config)# ap-group-profile GP2 Router(config-ap-group GP2)# load-balancing mode traffic Router(config-ap-group GP2)# load-balancing traffic level low Router(config-ap-group GP2)# load-balancing kickout Router(config-ap-group GP2)# exit Router(config)# show ap-group-profile GP2 load-balancing config AP Group Profile:GP2 load balancing config: Activate: yes Kickout: yes Mode: traffic Max-sta: 1 Traffic-level: low Alpha: 5 Beta: 10 Sigma: 60 Timeout: 20 LIInterval: 10 KickoutInterval: 20 Router(config)#

NXC CLI Reference Guide

Chapter 9 AP Group

The following example shows the settings and status of the VLAN(s) configured for the managed APs (NWA5301-NJ) in the default AP group.

Router(config)# show ap-group-profile default lan-provision model nwa5301-nj interface vlan No. Name Active VID Member =========================================================================== 1 vlan0 yes 1 lan1,lan2,lan3 Router(config)# show ap-group-profile default lan-provision model nwa5301-nj interface vlan0 active: yes interface name: vlan0 VID: 1 member: lan1&lan2&lan3 lan1_tag: untag lan2_tag: untag lan3_tag: untag Router(config)#

The following example shows the status of Ethernet ports for the managed APs (NWA5301NJ) in the default AP group. It also shows whether the lan1 port is enabled and what the port’s VLAN ID is.

Router(config)# show ap-group-profile default lan-provision model nwa5301-nj interface ethernet No. Name Active PVID =========================================================================== 1 uplink yes n/a 2 lan1 yes 1 3 lan2 yes 1 4 lan3 yes 1 Router(config)# show ap-group-profile default lan-provision model nwa5301-nj interface lan1 Name Active PVID =========================================================================== lan1 yes 1 Router(config)#

NXC CLI Reference Guide

Chapter 9 AP Group

NXC CLI Reference Guide

CHAPTER 10

Wireless LAN Profiles

This chapter shows you how to configure wireless LAN profiles on your NXC.

10.1 Wireless LAN Profiles Overview

The managed Access Points designed to work explicitly with your NXC do not have on-board configuration files, you must create “profiles” to manage them. Profiles are preset configurations that are uploaded to the APs and which manage them. They include: Radio and Monitor profiles, SSID profiles, Security profiles, MAC Filter profiles, and Layer-2 isolation profiles. Altogether, these profiles give you absolute control over your wireless network.

10.2 AP Radio & Monitor Profile Commands

The radio profile commands allow you to set up configurations for the radios onboard your various APs. The monitor profile commands allow you to set up monitor mode configurations that allow your APs to scan for other APs in the vicinity.

The following table identifies the values required for many of these commands. Other input values are discussed with the corresponding commands.

Table 32 Input Values for General Radio and Monitor Profile Commands

LABEL DESCRIPTION

radio_profile_name The radio profile name. You may use 1-31 alphanumeric characters,

underscores ( number. This value is case-sensitive.

monitor_profile_name The monitor profile name. You may use 1-31 alphanumeric characters,

underscores ( number. This value is case-sensitive.

interval Enters the dynamic channel selection interval time. The range is 10 ~

1440 minutes.

wlan_role Sets the wireless LAN radio operating mode. At the time of writing, you

can use ap for Access Point.

wireless_channel_2g Sets the 2 GHz channel used by this radio profile. The channel range is

1 ~ 14.

Note: Your choice of channel may be restricted by

_), or dashes (-), but the first character cannot be a

regional regulations.

NXC CLI Reference Guide

Chapter 10 Wireless LAN Profiles

Table 32 Input Values for General Radio and Monitor Profile Commands (continued)

LABEL DESCRIPTION

wireless_channel_5g Sets the 5 GHz channel used by this radio profile. The channel range is

wlan_htcw Sets the HT channel width. Select either 20, 20/40 or 20/40/80. wlan_htgi Sets the HT guard interval. Select either long or short. chain_mask Sets the network traffic chain mask. The range is 1 ~ 7. wlan_power Sets the radio output power. scan_method Sets the radio’s scan method while in Monitor mode. Select manual or

wlan_interface_index Sets the radio interface index number. The range is 1 ~ 8. ssid_profile Sets the associated SSID profile name. This name must be an existing

36 ~ 165.

Note: Your choice of channel may be restricted by

regional regulations.

auto.

SSID profile. You may use 1-31 alphanumeric characters, underscores (_), or dashes (-), but the first character cannot be a number. This value is case-sensitive.

The following table describes the commands available for radio and monitor profile management. You must use the

configure terminal command to enter the configuration

mode before you can use these commands.

Table 33 Command Summary: Radio Profile

COMMAND DESCRIPTION

show wlan-radio-profile {all | radio_profile_name}

wlan-radio-profile rename

radio_profile_name1 radio_profile_name2

[no] wlan-radio-profile radio_profile_name

2g-channel wireless_channel_2g Sets the broadcast band for this profile in the 2.4 GHz

5g-channel wireless_channel_5g Sets the broadcast band for this profile in the 5 GHz

2g-multicast-speed

wlan_2g_support_speed

5g-multicast-speed

wlan_5g_basic_speed

[no] activate Makes this profile active or inactive.

Displays the radio profile(s).

all: Displays all profiles. radio_profile_name: Displays the specified profile.

Gives an existing radio profile (radio_profile_name1) a new name (radio_profile_name2).

Enters configuration mode for the specified radio profile. Use the no parameter to remove the specified profile.

frequency range. The default is 6.

frequency range. The default is 36. When you disable

command to set the data rate Mbps for 2.4 GHz multicast traffic.

When you disable command to set the data rate Mbps for 5 GHz multicast traffic.

multicast to unicast, use this

{ 1.0 | 2.0 | … } in

multicast to unicast, use this

{ 6.0 | 9.0 | … } in

NXC CLI Reference Guide

Chapter 10 Wireless LAN Profiles

Table 33 Command Summary: Radio Profile (continued)

COMMAND DESCRIPTION

band {2.4G |5G} band-mode {bg | bgn | a | ac | an}

beacon-interval <40..1000> Sets the beacon interval for this profile.

country-code country_code Sets the country where the NXC is located/installed.

[no] dcs activate Starts dynamic channel selection. Use the no parameter

dcs 2g-selected-channel 2.4g_channels Sets the channels that are available in the 2.4 GHz band

dcs dcs-2g-method {auto|manual} Sets the AP to automatically search for available

dcs dcs-5g-method {auto} Sets the AP to automati cally search for available

dcs client-aware {enable|disable} When enabled, this ensu res that an AP will not change

dcs channel-deployment {3-channel|4channel}

Sets the radio band (2.4 GHz or 5 GHz) and band mode for this profile. Band mode details:

For 2.4 GHz, bg lets IEEE 802.11b an d IEEE 802.11g clients associate with the AP.

For 2.4 GHz, bgn lets IEEE 802.11b, IEEE 802.11g, and IEEE 802.11n clients associate with the AP.

For 5 GHz, a lets only IEEE 802.11a clients associate with the AP.

For 5 GHz, ac lets IEEE 802.11a, IEEE 802.11n, and IEEE 802.11ac clients associate with the AP.

For 5 GHz, an lets IEEE 802.11a and IEEE 802.11n clients associate with the AP.

When a wirelessly networked device sends a beacon, it includes with it a beacon interval. This specifies the time period before the device sends the beacon again. The interval tells receiving devices on the network how long they can wait in low-power mode before waking up to handle the beacon. This value can be set from 40ms to 1000ms. A high value helps save current consumption of the access point.

The default is 100.

The available channels vary depending on the country you selected. Be sure to select the correct/same country for both radios on an AP and all connected APs, in order to prevent roaming failure and interference to other systems.

country_code: 2-letter country-codes, such as TW, DE, or FR.

to turn it off.

when you manually configure the channels an AP can use.

channels or manually configures the channels the AP uses in the 2.4 GHz band.

channels.

channels as long as a client is connected to it. If disabled, the AP may change channels regardless of whether it has clients connected to it or not.

Sets either a 3-channel deployment or a 4-channel deployment.

In a 3-channel deployment, the AP running the scan alternates between the following channels: 1, 6, and 11.

In a 4-channel deployment, the AP running the scan alternates between the following channels: 1, 4, 7, and 11 (FCC) or 1, 5, 9, and 13 (ETSI).

Sets the option that is applicable to your region. (Channel deployment may be regulated differently between countries and locales.)

NXC CLI Reference Guide

Chapter 10 Wireless LAN Profiles

Table 33 Command Summary: Radio Profile (continued)

COMMAND DESCRIPTION

dcs dfs-aware {enable|disable} Enables this to allow an AP to avoid phase DFS channels

below the 5 GHz spectrum.

dcs sensitivity-level {high| medium |low}

dcs time-interval interval Sets the interval that specifies how often DCS should run. [no] disable-dfs-switch Makes the DFS switch active or inactive. By default this is

[no] dot11n-disable-coexistence Fixes the channel bandwidth as 40 MHz. The no

[no] ctsrts <0..2347> Sets or removes the RTS/CTS value for this profile.

[no] frag <256..2346> Sets or removes the fragmentation value for this profile.

dtim-period <1..255> Sets the DTIM period for this profile.

[no] ampdu Activates MPDU frame aggregation for this profile. Use

limit-ampdu < 100..65535> Sets the maximum frame size to be aggregated.

subframe-ampdu <2..64> Sets the maximum number of frames to be aggregated

Sets how sensitive DCS is to radio channel changes in the vicinity of the AP running the scan.

inactive.

command has the AP automatically choose 40 MHz if all the clients support it or 20 MHz if some clients only support 20 MHz.

Use RTS/CTS to reduce data collisions on the wireless network if you have wireless clients that are associated with the same AP but out of range of one another. When enabled, a wireless client sends an RTS (Request To Send) and then waits for a CTS (Clear To Send) before it transmits. This stops wireless clients from transmitting packets at the same time (and causing data collisions).

A wireless client sends an RTS for all packets larger than the number (of bytes) that you enter here. Set the RTS/ CTS equal to or higher than the fragmentation threshold to turn RTS/CTS off.

The default is 2347.

The threshold (number of bytes) for the fragmentation boundary for directed messages. It is the maximum data fragment size that can be sent.

The default is 2346.

Delivery Traffic Indication Message (DTIM) is the time period after which broadcast and multicast packets are transmitted to mobile clients in the Active Power Management mode. A high DTIM value can cause clients to lose connectivity with the network. This value can be set from 1 to 255.

The default is 1.

the no parameter to disable it. Message Protocol Data Unit (MPDU) aggregation collects

Ethernet frames along with their 802.11n headers and wraps them in a 802.11n MAC header. This method is useful for increasing bandwidth throughput in environments that are prone to high error rates.

By default this is enabled.

By default this is 50000.

each time. By default this is 32.

NXC CLI Reference Guide

Chapter 10 Wireless LAN Profiles

Table 33 Command Summary: Radio Profile (continued)

COMMAND DESCRIPTION

[no] amsdu Activates MPDU frame aggregation for this profile. Use

the no parameter to disable it. Mac Service Data Unit (MSDU) aggregation collects

Ethernet frames without any of their 802.11n headers and wraps the header-less payload in a single 802.11n MAC header. This method is useful for increasing bandwidth throughput. It is also more efficient than A-MPDU except in environments that are prone to high error rates.

By default this is enabled.

limit-amsdu <2290..4096> Sets the maximum frame size to be aggregated.

The default is 4096.

[no] multicast-to-unicast “Multicast to unicast” broadcasts wireless multicast traffic

[no] block-ack Makes block-ack active or inactive. Use the no

ch-width wlan_htcw Sets the channel width for this profile. guard-interval wlan_htgi Sets the guard interval for this profile.

[no] htprotect Activates HT protection for this profile. Use the no

output-power wlan_power Sets the output power (between 0 to 30 dBm) for the

role wlan_role Sets the profile’s wireless LAN radio operating mode. rssi-dbm <-20~-76> When using the RSSI threshold, set a minimum client

rssi-kickout <-20~-105> Sets a minimum kick-off signal strength. When a wireless

[no] rssi-retry Allows a wireless client to try to associate with the AP

rssi-retrycount <1~100> Sets the maximum number of times a wireless client can

[no] rssi-thres Sets whether or not to use the Received Signal Strength

to all wireless clients as unicast traffic to provide more reliable transmission. The data rate changes dynamically based on the application’s bandwidth requirements. Although unicast provides more reliable transmission of the multicast traffic, it also produces duplicate packets.

The no command turns multicast to unicast off to send wireless multicast traffic at the rate you specify with the 2g-multicast-speed or 5g-multicast-speed command.

parameter to disable it.

The default for this is short.

parameter to disable it. By default, this is disabled.

radio in this profile.

signal strength for connecting to the AP. -20 dBm is the strongest signal you can require and -76 is the weakest.

client’s signal strength is lower than the specified threshold, the NXC disconnects the wireless client from the AP.

-20 dBm is the strongest signal you can require and -105 is the weakest.

again after it is disconnected due to weak signal strength. Use the no parameter to disallow it.

attempt to re-connect to the AP.

Indication (RSSI) threshold to ensure wireless clients receive good throughput. This allows only wireless clients with a strong signal to connect to the AP.

NXC CLI Reference Guide

Chapter 10 Wireless LAN Profiles

Table 33 Command Summary: Radio Profile (continued)

COMMAND DESCRIPTION

[no] ssid-profile

wlan_interface_index ssid_profile

tx-mask chain_mask Sets the outgoing chain mask rate. rx-mask chain_mask Sets the incoming chain mask rate. exit Exits configuration mode for this profile.

show wlan-monitor-profile {all | monitor_profile_name}

wlan-monitor-profile rename

monitor_profile_name1 monitor_profile_name2

[no] wlan-monitor-profile

monitor_profile_name

[no] activate Makes this profile active or inactive.

country-code country_code Sets the country where the NXC is located/installed.

scan-method scan_method Sets the channel scanning method for this profile.

[no] 2g-scan-channel

wireless_channel_2g

[no] 5g-scan-channel

wireless_channel_5g

scan-dwell <100..1000> Sets the duration in milliseconds that the device using

exit Exits configuration mode for this profile.

Assigns an SSID profile to this radio profile. Requires an existing SSID profile. Use the no parameter to disable it.

Displays all monitor profiles or just the specified one.

Gives an existing monitor profile (monitor_profile_name1) a new name (monitor_profile_name2).

Enters configuration mode for the specified monitor profile. Use the no parameter to remove the specified profile.

By default, this is enabled.

country_code: 2-letter country-codes, such as TW, DE, or FR.

Sets the broadcast band for this profile in the 2.4 Ghz frequency range. Use the no parameter to disable it.

Sets the broadcast band for this profile in the 5 GHz frequency range. Use the no parameter to disable it.

this profile scans each channel.

10.2.1 AP Radio & Monitor Profile Commands Example

The following example shows you how to set up the radio profile named ‘RADIO01’, activate it, and configure it to use the following settings:

• 2.4G band with channel 6

• channel width of 20MHz

• a DTIM period of 2

• a beacon interval of 100ms

• AMPDU frame aggregation enabled

• an AMPDU buffer limit of 65535 bytes

• an AMPDU subframe limit of 64 frames

• AMSDU frame aggregation enabled

• an AMSDU buffer limit of 4096

NXC CLI Reference Guide

Chapter 10 Wireless LAN Profiles

• block acknowledgement enabled

• a short guard interval

• an output power of 100%

It will also assign the SSID profile labeled ‘default’ in order to create WLAN VAP (wlan-1-1) functionality within the radio profile.

Router(config)# wlan-radio-profile RADIO01 Router(config-profile-radio)# activate Router(config-profile-radio)# band 2.4G band-mode bgn Router(config-profile-radio)# 2g-channel 6 Router(config-profile-radio)# ch-width 20/40 Router(config-profile-radio)# dtim-period 2 Router(config-profile-radio)# beacon-interval 100 Router(config-profile-radio)# ampdu Router(config-profile-radio)# limit-ampdu 65535 Router(config-profile-radio)# subframe-ampdu 64 Router(config-profile-radio)# amsdu Router(config-profile-radio)# limit-amsdu 4096 Router(config-profile-radio)# block-ack Router(config-profile-radio)# guard-interval short Router(config-profile-radio)# tx-mask 5 Router(config-profile-radio)# rx-mask 7 Router(config-profile-radio)# output-power 21dBm Router(config-profile-radio)# ssid-profile 1 default

10.3 SSID Profile Commands

The following table identifies the values required for many of these commands. Other input values are discussed with the corresponding commands.

Table 34 Input Values for General SSID Profile Commands

LABEL DESCRIPTION

ssid_profile_name The SSID profile name. You may use 1-31 alphanumeric characters,

underscores ( number. This value is case-sensitive.

ssid The SSID broadcast name. You may use 1-32 alphanumeric

characters, underscores (_), or dashes (-). This value is case-sensitive.

wlan_qos Sets the type of QoS the SSID should use.

disable: Turns off QoS for this SSID. wmm: Turns on QoS for this SSID. It automatically assigns Access

Categories to packets as the device inspects them in transit. wmm_be: Assigns the “best effort” Access Category to all traffic moving

through the SSID regardless of origin. wmm_bk: Assigns the “background” Access Category to all traffic

moving through the SSID regardless of origin. wmm_vi: Assigns the “video” Access Category to all traffic moving

through the SSID regardless of origin. wmm_vo: Assigns the “voice” Access Category to all traffic moving

through the SSID regardless of origin.

vlan_iface The VLAN interface name of the controller (in this case, it is NXC5200).

The maximum VLAN interface number is product-specific; for the NXC, the number is 512.

_), or dashes (-), but the first character cannot be a

NXC CLI Reference Guide

Chapter 10 Wireless LAN Profiles

Table 34 Input Values for General SSID Profile Commands (continued)

LABEL DESCRIPTION

securityprofile Assigns an existing security profile to the SSID profile. You may use 1-

31 alphanumeric characters, underscores ( character cannot be a number. This value is case-sensitive.

macfilterprofile Assigns an existing MAC filter profile to the SSID profile. You may use

1-31 alphanumeric characters, underscores (_), or dashes (-), but the first character cannot be a number. This value is case-sensitive.

description2 Sets the description of the profile. You may use up to 60 alphanumeric

characters, underscores (

_), or dashes (-). This value is case-sensitive.

_), or dashes (-), but the first

The following table describes the commands available for SSID profile management. You must use the

configure terminal command to enter the configuration mode before you

can use these commands.

Table 35 Command Summary: SSID Profile

COMMAND DESCRIPTION

show wlan-ssid-profile {all | ssid_profile_name}

wlan-ssid-profile rename

ssid_profile_name1 ssid_profile_name2

[no] wlan-ssid-profile ssid_profile_name Enters configuration mode for the specified SSID profile.

[no] block-intra Enables intra-BSSID traffic blocking. Use the no

data-forward {localbridge | tunnel vlan_iface}

downlink-rate-limit data_rate Sets the maximum incoming transmission data rate

[no] hide Prevents the SSID from being publicly broadcast. Use the

[no] l2isolation l2isolationprofile Assigns the specified layer-2 isolation profile to this SSID

[no] macfilter macfilterprofile Assigns the specified MAC filtering profile to this SSID

qos wlan_qos Sets the type of QoS used by this SSID. security securityprofile Assigns the specified security profile to this SSID profile. ssid Sets the SSID. This is the name visible on the network to

uplink-rate-limit data_rate Sets the maximum outgoing transmission data rate

Displays the SSID profile(s).

all: Displays all profiles for the selected operating mode. ssid_profile_name: Displays the specified profile for

the selected operating mode. Gives an existing SSID profile (ssid_profile_name1)

a new name (ssid_profile_name2).

Use the no parameter to remove the specified profile.

parameter to disable it in this profile. By default this is disabled.

Sets the data forwarding mode used by this SSID. The default is localbridge.

(either in mbps or kbps) on a per-station basis.

no parameter to re-enable public broadcast of the SSID in this profile.

By default this is disabled.

profile. Use the no parameter to remove it.

profile. Use the no parameter to remove it. By default, no MAC filter is assigned.

wireless clients. Enter up to 32 characters, spaces and underscores are allowed.

The default SSID is ‘ZyXEL’.

(either in mbps or kbps) on a per-station basis.

NXC CLI Reference Guide

Chapter 10 Wireless LAN Profiles

Table 35 Command Summary: SSID Profile (continued)

COMMAND DESCRIPTION

vlan-id <1..4094> Applies to each SSID profile that uses localbridge. If

the VLAN ID is equal to the AP’s native VLAN ID then traffic originating from the SSID is not tagged.

The default VLAN ID is 1.

exit Exits configuration mode for this profile.

10.3.1 SSID Profile Example

The following example creates an SSID profile with the name ‘ZyXEL’. It makes the assumption that both the security profile (SECURITY01) and the MAC filter profile (MACFILTER01) already exist.

Router(config)# wlan-ssid-profile SSID01 Router(config-ssid-radio)# ssid ZyXEL Router(config-ssid-radio)# qos wmm Router(config-ssid-radio)# data-forward localbridge Router(config-ssid-radio)# security SECURITY01 Router(config-ssid-radio)# macfilter MACFILTER01 Router(config-ssid-radio)# exit Router(config)#

10.4 Security Profile Commands

The following table identifies the values required for many of these commands. Other input values are discussed with the corresponding commands.

Table 36 Input Values for General Security Profile Commands

LABEL DESCRIPTION

security_profile_name The security profile name. You may use 1-31 alphanumeric characters,

underscores ( number. This value is case-sensitive.

wep_key Sets the WEP key encryption strength. Select either 64bit or 128bit. wpa_key Sets the WPA/WPA2 pre-shared key in ASCII. You may use 8~63

alphanumeric characters. This value is case-sensitive.

wpa_key_64 Sets the WPA/WPA2 pre-shared key in HEX. You muse use 64

alphanumeric characters.

secret Sets the shared secret used by your network’s RADIUS server. auth_method The authentication method used by the security profile.

_), or dashes (-), but the first character cannot be a

NXC CLI Reference Guide

Chapter 10 Wireless LAN Profiles

The following table describes the commands available for security profile management. You must use the

configure terminal command to enter the configuration mode before you

can use these commands.

Table 37 Command Summary: Security Profile

COMMAND DESCRIPTION

show wlan-security-profile {all | security_profile_name}

wlan-security-profile rename

security_profile_name1 security_profile_name2

[no] wlan-security-profile

security_profile_name

description description Sets the description for the profile. You may use up to 60

[no] dot1x-eap Enables 802.1x secure authentication. Use the no

[no] dot11w Data frames in 802.11 WLANs can be encrypted and

dot11w-op <1..2> Sets whether wireless clients have to support

eap {external | internal auth_method} Sets the 802.1x authentication method. group-key <30..30000> Sets the interval (in seconds) at which the AP updates the

idle <30..30000> Sets the idle interval (in seconds) that a client can be idle

Displays the security profile(s).

all: Displays all profiles for the selected operating mode. security_profile_name: Displays the specified

profile for the selected operating mode. Gives existing security profile

(security_profile_name1) a new name, (security_profile_name2).

Enters configuration mode for the specified security profile. Use the no parameter to remove the specified profile.

alphanumeric characters, underscores (_), or dashes (-). This value is case-sensitive

parameter to disable it.

authenticated with WEP, WPA or WPA2. But 802.11 management frames, such as beacon/probe response, association request, association response, deauthentication and disassociation are always unauthenticated and unencrypted. IEEE 802.11w Protected Management Frames allows APs to use the existing security mechanisms (encryption and authentication methods defined in IEEE 802.11i WPA/ WPA2) to protect management frames. This helps prevent wireless DoS attacks.

Enables management frame protection (MFP) to add security to 802.11 management frames. Use the no parameter to disable it.

management frame protection in order to access the wireless network.

1: if you do not require the wireless clients to support MFP. Management frames will be encrypted if the clients support MFP.

2: wireless clients must support MFP in order to join the AP’s wireless network.

group WPA/WPA2 encryption key. The default is 3000.

before authentication is discontinued. The default is 300.

NXC CLI Reference Guide

Chapter 10 Wireless LAN Profiles

Table 37 Command Summary: Security Profile (continued)

COMMAND DESCRIPTION

[no] mac-auth activate MAC authentication has the AP use an external server to

authenticate wireless clients by their MAC addresses. Users cannot get an IP address if the MAC authentication fails. The no parameter turns it off.

RADIUS servers can require the MAC address in the wireless client’s account (username/password) or Calling Station ID RADIUS attribute. See Section 22.2.4.1 on

page 147 for a MAC authentication example.

mac-auth auth-method auth_method Sets the authentication method for MAC authentication. mac-auth case account {upper | lower} Sets the case (upper or lower) the external server

mac-auth case calling-station-id {upper | lower}

mac-auth delimiter account {colon | dash | none}

mac-auth delimiter calling-station-id {colon | dash | none}

mode {none | wep | wpa2 | wpa2-mix} Sets the security mode for this profile. wep <64 | 128> default-key <1..4> Sets the WEP encryption strength (64 or 128) and the

wep-auth-type {open | share} Sets the authentication key type to either open or share.

requires for using MAC addresses as the account username and password.

For example, use mac-auth case account upper and mac-auth delimiter account dash if you need to use a MAC address formatted like 00-11-AC-01A0-11 as the username and password.

Sets the case (upper or lower) the external server requires for letters in MAC addresses in the Calling Station ID RADIUS attribute.

Specify the separator the external server uses for the two-character pairs within MAC addresses used as the account username and password.

For example, use mac-auth case account upper and mac-auth delimiter account dash if you need to use a MAC address formatted like 00-11-AC-01A0-11 as the username and password.

Select the separator the external server uses for the pairs in MAC addresses in the Calling Station ID RADIUS attribute.

default key value (1 ~ 4). If you select WEP-64 enter 10 hexadecimal digits in the

range of “A-F”, “a-f” and “0-9” (for example, 0x11AA22BB33) for each Key used; or enter 5 ASCII characters (case sensitive) ranging from “a-z”, “A-Z” and “0-9” (for example, MyKey) for each Key used.

If you select WEP-128 enter 26 hexadecimal digits in the range of “A-F”, “a-f” and “0-9” (for example, 0x00112233445566778899AABBCC) for each Key used; or enter 13 ASCII characters (case sensitive) ranging from “a-z”, “A-Z” and “0-9” (for example, MyKey12345678) for each Key used.

You can save up to four different keys. Enter the default-key (1 ~ 4) to save your WEP to one of those four available slots.

NXC CLI Reference Guide

Chapter 10 Wireless LAN Profiles

Table 37 Command Summary: Security Profile (continued)

COMMAND DESCRIPTION

wpa-encrypt {tkip | aes | auto} Sets the WPA/WPA2 encryption cipher type.

auto: This automatically chooses the best available

cipher based on the cipher in use by the wireless client that is attempting to make a connection.

tkip: This is the Temporal Key Integrity Protocol encryption method added later to the WEP encryption protocol to further secure. Not all wireless clients may support this.

aes: This is the Advanced Encryption Standard encryption method, a newer more robust algorithm than TKIP Not all wireless clients may support this.

wpa-psk {wpa_key | wpa_key_64} Sets the WPA/WPA2 pre-shared key. [no] wpa2-preauth Enables pre-authentication to allow wireless clients to

switch APs without having to re-authenticate their network connection. The RADIUS server puts a temporary PMK Security Authorization cache on the wireless clients. It contains their session ID and a preauthorized list of viable APs.

Use the no parameter to disable this.

[no] reauth <30..30000> Sets the interval (in seconds) between authentication

requests. The default is 0.

[no] server-auth <1..2> activate Activates server authentication. Use the no parameter to

server-auth <1..2> ip address

ipv4_address port <1..65535> secret secret

[no] server-auth <1..2> Clears the server authentication setting. exit Exits configuration mode for this profile.

deactivate. Sets the IPv4 address, port number and shared secret of

the RADIUS server to be used for authentication.

10.4.1 Security Profile Example

The following example creates a security profile with the name ‘SECURITY01’..

Router(config)# wlan-security-profile SECURITY01 Router(config-security-profile)# mode wpa2 Router(config-security-profile)# wpa-encrypt aes Router(config-security-profile)# wpa-psk 12345678 Router(config-security-profile)# idle 3600 Router(config-security-profile)# reauth 1800 Router(config-security-profile)# group-key 1800 Router(config-security-profile)# exit Router(config)#

NXC CLI Reference Guide

Chapter 10 Wireless LAN Profiles

10.5 MAC Filter Profile Commands

The following table identifies the values required for many of these commands. Other input values are discussed with the corresponding commands.

Table 38 Input Values for General MAC Filter Profile Commands

LABEL DESCRIPTION

macfilter_profile_name The MAC filter profile name. You may use 1-31 alphanumeric

description2 Sets the description of the profile. You may use up to 60

characters, underscores ( cannot be a number. This value is case-sensitive.

alphanumeric characters, underscores (_), or dashes (-). This value is case-sensitive.

The following table describes the commands available for security profile management. You must use the

configure terminal command to enter the configuration mode before you

can use these commands.

Table 39 Command Summary: MAC Filter Profile

COMMAND DESCRIPTION

show wlan-macfilter-profile {all | macfilter_profile_name}

wlan-macfilter-profile rename

macfilter_profile_name1 macfilter_profile_name2

[no] wlan-macfilter-profile

macfilter_profile_name

filter-action {allow | deny} Permits the wireless client with the MAC addresses in this

[no] MAC description description2 Sets the description of this profile. Enter up to 60

exit Exits configuration mode for this profile.

Displays the security profile(s).

all: Displays all profiles for the selected operating mode. macfilter_profile_name: Displays the specified

profile for the selected operating mode. Gives an existing security profile

(macfilter_profile_name1) a new name (macfilter_profile_name2).

Enters configuration mode for the specified MAC filter profile. Use the no parameter to remove the specified profile.

profile to connect to the network through the associated SSID; select deny to block the wireless clients with the specified MAC addresses.

The default is set to deny.

characters. Spaces and underscores allowed.

_), or dashes (-), but the first character

10.5.1 MAC Filter Profile Example

The following example creates a MAC filter profile with the name ‘MACFILTER01’..

Router(config)# wlan-macfilter-profile MACFILTER01 Router(config-macfilter-profile)# filter-action deny Router(config-macfilter-profile)# MAC 01:02:03:04:05:06 description MAC01 Router(config-macfilter-profile)# MAC 01:02:03:04:05:07 description MAC02 Router(config-macfilter-profile)# MAC 01:02:03:04:05:08 description MAC03 Router(config-macfilter-profile)# exit Router(config)#

NXC CLI Reference Guide

Chapter 10 Wireless LAN Profiles

10.6 Layer-2 Isolation Profile Commands

The following table identifies the values required for many of these commands. Other input values are discussed with the corresponding commands.

Table 40 Input Values for General Layer-2 Isolation Profile Commands

LABEL DESCRIPTION

l2isolation_profile_n ame

mac The Ethernet MAC address of the device that you want to allow to be

description Sets the description of the profile. You may use up to 60 alphanumeric

The following table describes the commands available for layer-2 isolation profile management. You must use the mode before you can use these commands.

Table 41 Command Summary: Layer-2 Isolation Profile

COMMAND DESCRIPTION

show wlan-l2isolation-profile {all | l2isolation_profile_name}

wlan-l2isolation-profile rename

l2isolation_profile_name1 l2isolation_profile_name2

[no] wlan-l2isolation-profile

l2isolation_profile_name

[no] mac description description Sets a MAC address associated with this profile and the

The layer-2 isolation profile name. You may use 1-31 alphanumeric characters, underscores ( be a number. This value is case-sensitive.

accessed by other devices in the SSID to which the layer-2 isolation profile is applied. Enter 6 hexidecimal pairs separated by colons. You can use 0-9, a-z and A-Z.

characters, underscores (

_), or dashes (-), but the first character cannot

_), or dashes (-). This value is case-sensitive.

configure terminal command to enter the configuration

Displays the layer-2 isolation profile(s).

all: Displays all profiles. l2isolation_profile_name: Displays the specified

profile. Gives an existing layer-2 isolation profile

(l2isolation_profile_name1) a new name (l2isolation_profile_name2).

Enters configuration mode for the specified layer-2 isolation profile. Use the no parameter to remove the specified profile.

profile description. Use the no parameter to clear the settings.

100

Note: If a device’s MAC addresses is NOT

listed in a layer-2 isolation profile, it is blocked from communicating with other devices in an SSID on which layer-2 isolation is enabled.

description description Sets the description for the profile. exit Exits configuration mode for this profile.

NXC CLI Reference Guide

ZyXEL NXC Series Reference Guide

Specifications and Main Features

Frequently Asked Questions

User Manual

Contents Overview

Table of Contents

Command Line Interface

1.1 Overview

1.1.1 The Configuration File

1.2 Accessing the CLI

1.2.1 Console Port

1.2.2 Web Configurator Console

1.2.3 Telnet

1.2.4 SSH (Secure SHell)

1.3 How to Find Commands in this Guide

1.4 How Commands Are Explained

1.4.1 Background Information

1.4.2 Command Input Values

1.4.3 Command Summary

1.4.4 Command Examples

1.4.5 Command Syntax

1.4.6 Changing the Password

1.5 CLI Modes

1.6 Shortcuts and Help

1.6.1 List of Available Commands

1.6.2 List of Sub-commands or Required User Input

1.6.3 Entering Partial Commands

1.6.4 Entering a ? in a Command

1.6.5 Command History

1.6.6 Navigation

1.6.7 Erase Current Command

1.6.8 The no Commands

1.7 Input Values

1.8 Saving Configuration Changes

1.9 Logging Out

User and Privilege Modes

2.1 User And Privilege Modes

2.1.1 Debug Commands

Object Reference

3.1 Object Reference Commands

3.1.1 Object Reference Command Example

Status

4.1 Status Show Commands

Registration

5.1 myZyXEL.com overview

5.1.1 Subscription Services Available on the NXC

5.2 Registration Commands

5.2.1 Command Examples

5.3 Country Code

Interfaces

6.1 Interface Overview

6.1.1 Types of Interfaces

6.2 Interface General Commands Summary

6.2.1 Basic Interface Properties and IP Address Commands

6.2.2 DHCP Setting Commands

6.2.3 Connectivity Check (Ping-check) Commands

6.3 Ethernet Interface Specific Commands

6.3.1 MAC Address Setting Commands

6.4 Port Commands

6.5 Port Role Commands

6.5.1 Port Role Examples

6.6 USB Storage Specific Commands

6.6.1 USB Storage General Commands Example

6.7 VLAN Interface Specific Commands

6.7.1 VLAN Interface Examples

Route

7.1 Policy Route

7.2 Policy Route Commands

7.2.1 Assured Forwarding (AF) PHB for DiffServ

7.2.2 Policy Route Command Example

7.3 IP Static Route

7.4 Static Route Commands

7.4.1 Static Route Commands Example

7.5 Learned Routing Information Commands

7.5.1 show ip route Command Example

AP Management

8.1 AP Management Overview

8.2 AP Management Commands

8.2.1 AP Management Commands Example

AP Group