Zyxel WAC6502D-S, WAC6103D-I, WAC6503D-S, NWA1123-AC PRO, NWA1123-AC HD CLI Reference Guide
...
Default Login Details
3'ŻMͺ Guide
NWA/WAC/WAX Series
802.11 a/b/g/n/ac/ax Access Point
LAN IP Address http://DHCP-assigned IP
OR
http://192.168.1.2
User Name admin
Password 1234
Version 4.20–6.25 Ed. 1, 11/2021
Copyright © 2021 Zyxel and/or its affiliates. All Rights Reserved.
IMPORTANT!
READ CAREFULLY BEFORE USE.
KEEP THIS GUIDE FOR FUTURE REFERENCE.
This is a Reference Guide for a series of products intended for people who want to configure the Zyxel
Device via Command Line Interface (CLI).
Note: Some commands or command options in this guide may not be available in your
product. See your product's User’s Guide for a list of supported features. Every effort has
been made to ensure that the information in this guide is accurate.
Note: The version number on the cover page refers to the latest firmware version supported
by the Zyxel Device. This guide applies to versions 4.20, 4.21, 4.22, 4.30, 5.00, 5.10, 5.20,
5.25, 5.30, 5.40, 6.00, 6.10, 6.20, and 6.25 at the time of writing.
How To Use This Guide
1 Read Chapter 2 on page 19 for how to access and use the CLI (Command Line Interface).
2 Read Chapter 3 on page 30 to learn about the CLI user and privilege modes.
Do not use commands not documented in this guide.
Related Documentation
•Quick Start Guide
The Quick Start Guide shows how to connect the Zyxel Device and access the Web Configurator.
• User’s Guide
The User’s Guide explains how to use the Web Configurator to configure the Zyxel Device.
Note: It is recommended you use the Web Configurator to configure the Zyxel Device.
Icons Used in Figures
Figures in this guide may use the following generic icons. The Zyxel Device icon is not an exact
representation of your device.
Zyxel Device AP Controller Router Switch Internet
Contents Overview
Contents Overview
Introduction .......................................................................................................................................11
Getting to Know your Zyxel Device .................................................................................................... 12
Command Line Interface ....................................... ....... ....... ....... ....... ....... ....... .............. ....... .............. 19
User and Privilege Modes .................................................................................................................... 30
Reference ..........................................................................................................................................33
Object Reference ................................................................................................................................ 34
Status ......................................................................... ............................................................................. 36
Interfaces ................................................................................ ............................................................... 39
Storm Control ........................................................................................................................................ 46
NCC Discovery ...................................................................................................................................... 48
Users ....................................................................................................................................................... 50
AP Management .................................................................................................................................. 55
Wireless LAN Profiles .............................................................................................................................. 63
Rogue AP ............................................................................................................................................... 81
Wireless Frame Capture ....................................................................................................................... 85
Dynamic Channel Selection ............................................................................................................... 87
Wireless Load Balancing ...................................................................................................................... 88
Bluetooth ............................................................................................................................................... 91
Certificates ............................................................................................................................................ 93
System ................................................................ .................................................................................... 96
System Remote Management .......................................................................................................... 101
AAA Server .......................................................................................................................................... 108
Authentication Objects ..................................................................................................................... 114
File Manager ....................................................................................................................................... 117
Logs ...................................................................................................................................................... 131
Reports and Reboot ........................................................................................................................... 138
Session Timeout ................................................................................................................................... 143
LEDs ...................................................................................................................................................... 144
Antenna Switch ............................................................................ ....... ....... ....... ....... ....... ................... 146
Diagnostics .......................................................................................................................................... 148
Maintenance Tools .. ....... ....... ....... ....... ....... ...... ....... ....... ....... .............. ....... ....... ....... ....... ................... 150
Watchdog Timer ................................................................................................................................. 155
NWA/WAC/WAX Series CLI Reference Guide
3
Table of Contents
Table of Contents
Contents Overview .............................................................................................................................3
Table of Contents.................................................................................................................................4
Part I: Introduction ..........................................................................................11
Chapter 1
Getting to Know your Zyxel Device .................................................................................................12
1.1 Overview ........................................................................................................................................ 12
1.1.1 Product Features ................................................................................................................... 12
Chapter 2
Command Line Interface..................................................................................................................19
2.1 Overview ......................................................................................................................................... 19
2.1.1 The Configuration File ........................................................................................................... 19
2.2 Accessing the CLI ........................................................................................................................... 19
2.2.1 Console Port .......................................................................................................................... 20
2.2.2 Telnet .................................................. .................................................................................... 20
2.2.3 SSH (Secure SHell) .................................................................................................................. 21
2.3 How to Find Commands in this Guide .........................................................................................21
2.4 How Commands Are Explained ................................................................................................... 21
2.4.1 Background Information ...................................................................................................... 22
2.4.2 Command Input Values ....................................................................................................... 22
2.4.3 Command Summary ............................................................................................................ 22
2.4.4 Command Examples ............................................................................................................ 22
2.4.5 Command Syntax ................................................................................................................. 22
2.4.6 Changing the Password ....................................................................................................... 22
2.5 CLI Modes ........................................................................................................................................ 23
2.6 Shortcuts and Help ......................................................................................................................... 23
2.6.1 List of Available Commands ................................................................................................ 23
2.6.2 List of Sub-commands or Required User Input ................................................................... 24
2.6.3 Entering Partial Commands ................................................................................................. 24
2.6.4 Entering a ? in a Command ................................................................................................25
2.6.5 Command History ................................................................................................................. 25
2.6.6 Navigation ............................................................................................................................. 25
2.6.7 Erase Current Command ..................................................................................................... 25
2.6.8 The no Commands ............................................................................................................... 25
2.7 Input Values .................................................................................................................................... 25
NWA/WAC/WAX Series CLI Reference Guide
4
Table of Contents
2.8 Saving Configuration Changes .................................................................................................... 29
2.9 Logging Out .......................................... .......................................................................................... 29
Chapter 3
User and Privilege Modes .................................................................................................................30
3.1 User And Privilege Modes .............................................................................................................. 30
3.1.1 Debug Commands ............................................................................................................... 31
Part II: Reference ............................................................................................33
Chapter 4
Object Reference .............................................. .... .... ........................................................................34
4.1 Object Reference Commands ..................................................................................................... 34
4.1.1 Object Reference Command Example ............................................................................. 35
Chapter 5
Status...................................................................................................................................................36
Chapter 6
Interfaces............................................................................................................................................39
6.1 Interface Overview ........................................................................................................................ 39
6.2 Interface General Commands Summary .................................................................................... 39
6.2.1 Basic Interface Properties and IP Address Commands .................................................... 40
6.3 Port Commands .............................................................................................................................. 43
6.3.1 Port Command Examples ............................................ ........................................................44
Chapter 7
Storm Control......................................................................................................................................46
7.1 Overview ......................................................................................................................................... 46
7.2 Storm Control Commands ............................................................................................................. 46
7.2.1 Storm Control Command Examples ......................................... .......................................... 47
Chapter 8
NCC Discovery...................................................................................................................................48
8.1 Overview ......................................................................................................................................... 48
8.2 NCC Discovery Commands .......................................................................................................... 48
8.2.1 NCC Discovery Command Example .................................................................................. 49
Chapter 9
Users....................................................................................................................................................50
9.1 User Account Overview ................................................................................................................. 50
9.1.1 User Types ............................................................................................................................... 50
NWA/WAC/WAX Series CLI Reference Guide
5
Table of Contents
9.2 User Commands Summary ............................................................................................................ 50
9.2.1 Username and User Commands ......................................................................................... 51
9.2.2 User Setting Commands ....................................................................................................... 52
9.2.3 Additional User Commands .................................................................................................53
Chapter 10
AP Management................................................................................................................................55
10.1 AP Management Overview ........................................................................................................ 55
10.2 AP Management Commands ....................................................................................................57
10.2.1 AP Management Commands Example ........................................................................... 59
10.3 AP Management Client Commands ......................................................................................... 61
10.3.1 AP Management Client Commands Example ....... ........................................................ 62
Chapter 11
Wireless LAN Profiles ..........................................................................................................................63
11.1 Wireless LAN Profiles Overview ...................................................................................... .............. 63
11.2 AP Radio & Monitor Profile Commands ..................................................................................... 63
11.2.1 AP radio & Monitor Profile Commands Example ............................................................ 69
11.3 SSID Profile Commands ................................................................................................................ 70
11.3.1 SSID Profile Example ............................................................................................................ 72
11.4 Security Profile Commands ......................................................................................................... 73
11.4.1 Security Profile Example ..................................................................................................... 77
11.5 MAC Filter Profile Commands ..................................................................................................... 77
11.5.1 MAC Filter Profile Example ................................................................................................. 78
11.6 Layer-2 Isolation Profile Commands ........................................................................................... 78
11.6.1 Layer-2 Isolation Profile Example .......................................................................................79
11.7 WDS Profile Commands ............................................................................................................... 79
11.7.1 WDS Profile Example ........................................................................................................... 80
Chapter 12
Rogue AP............................................................................................................................................81
12.1 Rogue AP Detection Overview ................................................................................................... 81
12.2 Rogue AP Detection Commands ...............................................................................................81
12.2.1 Rogue AP Detection Examples ......................................................................................... 82
12.3 Rogue AP Containment Overview .............................................................................................83
12.4 Rogue AP Containment Commands ......................................................................................... 84
12.4.1 Rogue AP Containment Example ..................................................................................... 84
Chapter 13
Wireless Frame Capture....................................................................................................................85
13.1 Wireless Frame Capture Overview ............................................................................................. 85
13.2 Wireless Frame Capture Commands ......................................................................................... 85
13.2.1 Wireless Frame Capture Examples .................................................................................... 86
NWA/WAC/WAX Series CLI Reference Guide
6
Table of Contents
Chapter 14
Dynamic Channel Selection.............................................................................................................87
14.1 DCS Overview ............................................................................................................................... 87
14.2 DCS Commands ........................................................................................................................... 87
Chapter 15
Wireless Load Balancing ...................................................................................................................88
15.1 Wireless Load Balancing Overview ............................................................................................ 88
15.2 Wireless Load Balancing Commands ........................................................................................ 88
15.2.1 Wireless Load Balancing Examples ................................................................................... 90
Chapter 16
Bluetooth.............................................................................................................................................91
16.1 Bluetooth Overview ...................................................................................................................... 91
16.2 Bluetooth Commands .................................................................................................................. 92
16.2.1 Bluetooth Commands Example ........................................................................................ 92
Chapter 17
Certificates .........................................................................................................................................93
17.1 Certificates Overview .................................................................................................................. 93
17.2 Certificate Commands ................................................................................................................ 93
17.3 Certificates Commands Input Values ........................................................................................93
17.4 Certificates Commands Summary .............................................................................................94
17.5 Certificates Commands Examples ............................................................................................. 95
Chapter 18
System.................................................................................................................................................96
18.1 System Overview .......................................................................................................................... 96
18.2 Host Name Commands ............................................................................................................... 96
18.3 Roaming Group Commands ...................................................................................................... 97
18.4 Time and Date ............................................................................................................................. 97
18.4.1 Date/Time Commands ....................................................................................................... 97
18.5 Console Port Speed .................................................................................................................... 98
18.6 DNS Overview .............................................................................................................................. 99
18.6.1 DNS Commands .................................................................................................................. 99
18.6.2 DNS Command Example ................................................................................................. 100
18.7 Power Mode ................................................................................................................................ 100
Chapter 19
System Remote Management........................................................................................................101
19.1 System Timeout ........................................................................................................................... 101
19.2 HTTP/HTTPS Commands .............................................................................................................. 101
19.2.1 HTTP/HTTPS Command Examples .................................................................................... 102
NWA/WAC/WAX Series CLI Reference Guide
7
Table of Contents
19.3 SSH ..................... ........................................................................................................................... 103
19.3.1 SSH Implementation on the Zyxel Device ...................................................................... 103
19.3.2 Requirements for Using SSH ..............................................................................................103
19.3.3 SSH Commands ................................................................................................................. 103
19.3.4 SSH Command Examples ................................................................................................. 103
19.4 Telnet ........................................................................................................................................... 104
19.5 Telnet Commands ...................................................................................................................... 104
19.5.1 Telnet Commands Examples ........................................................................................... 104
19.6 Configuring FTP .......................................................................................................................... 104
19.6.1 FTP Commands ................................................................................................................. 105
19.6.2 FTP Commands Examples ................................................................................................ 105
19.7 SNMP ........................................................................................................................................... 105
19.7.1 Supported MIBs ................................................................................................................. 105
19.7.2 SNMP Traps ......................................................................................................................... 106
19.7.3 SNMP Commands ............................................................................................................. 106
Chapter 20
AAA Server ................................... .... ................................................ ... .... .... .....................................108
20.1 AAA Server Overview ................................................................................................................. 108
20.2 Authentication Server Command Summary ........................................................................... 108
20.2.1 radius-server Commands ................................................................................................. 108
20.2.2 radius-server Command Example .................................................................................. 109
20.2.3 aaa group server ad Commands ................................................................................... 109
20.2.4 aaa group server ldap Commands ................................................................................ 110
20.2.5 aaa group server radius Commands ............................................................................. 112
20.2.6 aaa group server Command Example .......................................................................... 113
Chapter 21
Authentication Objects...................................................................................................................114
21.1 Authentication Objects Overview ............................................................................................ 114
21.2 aaa authentication Commands .............................................................................................. 114
21.2.1 aaa authentication Command Example ...................................................................... 115
21.3 test aaa Command ................................................................................................................... 115
21.3.1 Test a User Account Command Example ...................................................................... 116
Chapter 22
File Manager ....................................................................................................................................117
22.1 File Directories ............................................................................................................................. 117
22.2 Configuration Files and Shell Scripts Overview ..................................... ................................. 117
22.2.1 Comments in Configuration Files or Shell Scripts ........................................................... 118
22.2.2 Errors in Configuration Files or Shell Scripts ..................................................................... 119
22.2.3 Zyxel Device Configuration File Details .......................................................................... 120
22.2.4 Configuration File Flow at Restart ................................................................................... 120
NWA/WAC/WAX Series CLI Reference Guide
8
Table of Contents
22.3 File Manager Commands Input Values ................................................................................... 120
22.4 File Manager Commands Summary ........................................................................................ 121
22.5 File Manager Command Example ........................................................................................... 122
22.6 FTP File Transfer ............................................................................................................................ 122
22.6.1 Command Line FTP File Upload ....................................................................................... 122
22.6.2 Command Line FTP Configuration File Upload Example ............................................. 123
22.6.3 Command Line FTP Firmware File Upload Example ...................................................... 123
22.6.4 Command Line FTP File Download ................................................................................. 124
22.6.5 Command Line FTP Configuration File Download Example ........................................ 125
22.7 Zyxel Device File Usage at Startup ........................................................................................... 125
22.8 Notification of a Damaged Recovery Image or Firmware ................................................... 126
22.9 Restoring the Recovery Image ................................................................................................. 127
22.10 Restoring the Firmware ............................................................................................................ 128
Chapter 23
Logs...................................................................................................................................................131
23.1 Log Commands Summary ......................................................................................................... 131
23.1.1 Log Entries Commands ....................................................................................................132
23.1.2 System Log Commands ........................................................... ........................................ 132
23.1.3 Debug Log Commands ................................................................................................... 133
23.1.4 Remote Syslog Server Log Commands .......................................................................... 134
23.1.5 E-mail Profile Log Commands ......................................................................................... 134
23.1.6 Console Port Log Commands ......................................................................................... 136
23.1.7 Access Point Logging Commands ................................................................................. 136
Chapter 24
Reports and Reboot... ... .... ...............................................................................................................138
24.1 Report Commands Summary ...................................................................................................138
24.1.1 Report Commands ........................................................................................................... 138
24.1.2 Report Command Examples ........................................................................................... 139
24.2 Email Daily Report Commands ................................................................................................. 139
24.2.1 Email Daily Report Example ................................................................... .......................... 141
24.3 Reboot ......................................................................................................................................... 142
Chapter 25
Session Timeout............. .... ...............................................................................................................143
25.1 Session Timeout Commands ..................................................................................................... 143
25.1.1 Session Timeout Commands Example ............................................................................ 143
Chapter 26
LEDs ...................................................................................................................................................144
26.1 LED Suppression Mode ............................................................................................................... 144
26.2 LED Suppression Commands ..................................................................................................... 144
NWA/WAC/WAX Series CLI Reference Guide
9
Table of Contents
26.2.1 LED Suppression Commands Example ........................................................................... 144
26.3 LED Locator ................................................................................................................................. 144
26.4 LED Locator Commands ............................................................................................................ 145
26.4.1 LED Locator Commands Example .................................................................................. 145
Chapter 27
Antenna Switch................................................................................................................................146
27.1 Antenna Switch Overview ......................................................................................................... 146
27.2 Antenna Switch Commands ..................................................................................................... 146
27.2.1 Antenna Switch Commands Examples .......................................................................... 147
Chapter 28
Diagnostics.......................................................................................................................................148
28.1 Diagnostics Overview ................................................................................................................ 148
28.2 Diagnosis Commands ................................................................................................................ 148
28.2.1 Diagnosis Commands Examples ..................................................................................... 148
Chapter 29
Maintenance Tools ..................................... .... ... .... ..........................................................................150
29.0.1 Command Examples ........................................................................................................152
Chapter 30
Watchdog Timer................................... ... .... .... ............................................... .... .... .... ......................155
30.1 Hardware Watchdog Timer ........................................................ ....... ....... ....... ....... ....... ............ 155
30.2 Software Watchdog Timer ........................................................................ ....... ....... ....... ............ 155
30.3 Application Watchdog .............................................................................................................. 156
30.3.1 Application Watchdog Commands Example ............................................................... 157
List of Commands (Alphabetical) ..................................................................................................158
NWA/WAC/WAX Series CLI Reference Guide
10
PART I
Introduction
11
Getting to Know your Zyxel
1.1 Overview
Your Zyxel Device is a wireless AP (Access Point). It extends the range of your existing wired network
without additional wiring, providing easy network access to mobile users.
You can set the Zyxel Device to operate in either standalone AP or managed AP mode. When the Zyxel
Device is in standalone AP mode, it can serve as a normal AP, as an RF monitor to search for rouge APs
to help eliminate network threats (if it supports monitor mode and rogue APs detection/containment), or
even as a root AP or a wireless repeater to esta blish wireless links with other APs in a WDS (Wireless
Distribution System). A WDS is a wireless connection between two or more APs.
CHAPTER 1
Device
Your Zyxel Device’s business-class reliability, SMB features, and centralized wireless management make it
ideally suited for advanced service delivery in mission-critical networks. It uses Multiple BSSID and VLAN
to provide simultaneous independent virtual APs. Additionally, innovations in roaming technology and
QoS features eliminate voice call disruptions.
The Zyxel Device controls network access with Media Access Control (MAC) address filtering, and rogue
Access Point (AP) detection. It also provides a high level of network traffic security, supporting IEEE
802.1x, Wi-Fi Protected Access 2 and Wired Equivalent Privacy (WEP) data encryption.
1.1.1 Product Features
The following tables list model specific features.
Table 1 Zyxel Device 1000/5000 Series Comparison Table
FEATURES
Supported
Wireless
Standards
Supported
Frequency
Bands
NWA1123-
AC
IEEE
802.11a
IEEE
802.11b
IEEE
802.11g
IEEE
802.11n
IEEE
802.11ac
2.4 GHz
5 GHz
V2
NWA1123
-AC PRO
IEEE
802.11a
IEEE
802.11b
IEEE
802.11g
IEEE
802.11n
IEEE
802.11ac
2.4 GHz
5 GHz
NWA1123
-AC HD
IEEE
802.11a
IEEE
802.11b
IEEE
802.11g
IEEE
802.11n
IEEE
802.11ac
2.4 GHz
5 GHz
NWA110AX
NWA210AX
IEEE
802.11a
IEEE
802.11b
IEEE
802.11g
IEEE
802.11n
IEEE
802.11ac
IEEE
802.11ax
2.4 GHz
5 GHz
NWA1302
-AC
IEEE
802.11a
IEEE
802.11b
IEEE
802.11g
IEEE
802.11n
IEEE
802.11ac
2.4 GHz
5 GHz
NWA5123
-AC
IEEE
802.11a
IEEE
802.11b
IEEE
802.11g
IEEE
802.11n
IEEE
802.11ac
2.4 GHz
5 GHz
NWA5123
-AC HD
IEEE
802.11a
IEEE
802.11b
IEEE
802.11g
IEEE
802.11n
IEEE
802.11ac
2.4 GHz
5 GHz
WAC5302
D-S
IEEE
802.11a
IEEE
802.11b
IEEE
802.11g
IEEE
802.11n
IEEE
802.11ac
2.4 GHz
5 GHz
NWA/WAC/WAX Series CLI Reference Guide
12
Chapter 1 Getting to Know your Zyxel Device
Table 1 Zyxel Device 1000/5000 Series Comparison Table
FEATURES
Available
Security Modes
Number of SSID
Profiles
Number of
Wireless Radios
Monitor Mode
& Rogue APs
Containment
Rogue AP
Detection
WDS (Wireless
Distribution
System) - Root
AP & Repeater
Modes
Tunnel
Forwarding
Mode
Layer-2
Isolation
Supported PoE
Standards
Power
Detection
External
Antennas
Internal
Antennas
Antenna
Switch
Console Port
LED Locator Yes Yes Yes Yes Yes Yes Yes Yes
LED
Suppression
AC (AP
Controller)
Discovery
NWA1123-
AC
None
WEP
WPA2
WPA2-MIX
WPA2-PSK
WPA2-
PSK-MIX
64 64 64 64 64 64 64 64
222 2 2222
A
No No No No No Yes No No
Yes Yes Yes Yes Yes Yes Yes Yes
Yes Yes Yes Yes Yes Yes Yes Yes
No No No No No No Yes No
Yes Yes Yes Yes Yes Yes Yes Yes
IEEE
802.3af
IEEE
802.3at
No No Yes Yes Yes No Yes Yes
No No No No No No No No
Yes Yes Yes Yes Yes Yes Yes Yes
No
4-Pin Serial
Yes Yes Yes Yes Yes Yes Yes Yes
No No No No No Yes Yes Yes
V2
NWA1123
-AC PRO
None
WEP
WPA2
WPA2-
MIX
WPA2-PSK
WPA2-
PSK-MIX
IEEE
802.3af
IEEE
802.3at
Yes
(per radio
+ physical
switch)
4-Pin
Serial
NWA1123
-AC HD
None
WEP
WPA2
WPA2-
MIX
WPA2-PSK
WPA2-
PSK-MIX
IEEE
802.3af
IEEE
802.3at
No No No No No No
4-Pin
Serial
NWA110AX
NWA210AX
None
WEP
WPA2
WPA2-MIX
WPA2-PSK
WPA2-PSK-
MIX
Enhanced-
open
WPA3-
enterprise
WPA3-
personal
IEEE 802.3af
IEEE 802.3at
4-Pin Serial
NWA1302
-AC
None
WEP
WPA2
WPA2-
MIX
WPA2-
PSK
WPA2-
PSK-MIX
IEEE
802.3af
IEEE
802.3at
4-Pin
Serial
NWA5123
-AC
None
WEP
WPA2
WPA2-
MIX
WPA2-
PSK
WPA2-
PSK-MIX
IEEE
802.3af
IEEE
802.3at
4-Pin
Serial
NWA5123
-AC HD
None
WEP
WPA2
WPA2-
MIX
WPA2-
PSK
WPA2-
PSK-MIX
IEEE
802.3af
IEEE
802.3at
4-Pin
Serial
WAC5302
None
WPA2
WPA2WPA2WPA2-
PSK-MIX
802.3af
802.3at
Serial
D-S
WEP
MIX
PSK
IEEE
IEEE
4-Pin
NWA/WAC/WAX Series CLI Reference Guide
13
Chapter 1 Getting to Know your Zyxel Device
Table 1 Zyxel Device 1000/5000 Series Comparison Table
FEATURES
NebulaFlex
PRO
NCC Discovery Yes Yes Yes Yes Yes No Yes No
802.11r Fast
Roaming
Support
802.11k/v
Assisted
Roaming
Bluetooth Low
Energy (BLE)
USB Port for BLE No No No No No No No Yes
Ethernet Storm
Control
Grounding No No Yes Yes No No Yes No
Maximum
number of log
messages
Firmware
Version
A. For NXC managed devices only. See the NXC User’s Guide for details.
NWA1123-
AC
No No No No No No Yes No
Yes Yes Yes Yes Yes Yes Yes Yes
Yes Yes Yes Yes Yes Yes Yes Yes
No No No No No No No Yes
No No Yes Yes No No Yes No
6.10 6.25 6.25 6.25 6.25 6.10 6.25 6.10
V2
NWA1123
-AC PRO
NWA1123
-AC HD
NWA110AX
NWA210AX
512 event logs
NWA1302
-AC
NWA5123
-AC
NWA5123
-AC HD
WAC5302
256 event
logs and
1 debug
D-S
logs
The following tables show the differences between each Zyxel Device model.
Table 2 Zyxel Device 1000/5000 Series Comparison Table
FEATURES
Supported
Wireless
Standards
Supported
Frequency
Bands
Available
Security Modes
Number of SSID
Profiles
Number of
Wireless Radios
Monitor Mode
& Rogue APs
Containment
Rogue AP
Detection
A
WAC500/
WAC500H
IEEE 802.11a
IEEE 802.11b
IEEE 802.11g
IEEE 802.11n
IEEE 802.11ac
2.4 GHz
5 GHz
None
WEP
WPA2
WPA2-MIX
WPA2-PSK
WPA2-PSK-MIX
WPA3
64 64 64
222
No No No
Yes Yes Yes
NWA1123ACV3 WAC5302D-SV2
IEEE 802.11a
IEEE 802.11b
IEEE 802.11g
IEEE 802.11n
IEEE 802.11ac
2.4 GHz
5 GHz
None
WEP
WPA2
WPA2-MIX
WPA2-PSK
WPA2-PSK-MIX
WPA3
IEEE 802.11a
IEEE 802.11b
IEEE 802.11g
IEEE 802.11n
IEEE 802.11ac
2.4 GHz
5 GHz
None
WEP
WPA2
WPA2-MIX
WPA2-PSK
WPA2-PSK-MIX
NWA/WAC/WAX Series CLI Reference Guide
14
Chapter 1 Getting to Know your Zyxel Device
Table 2 Zyxel Device 1000/5000 Series Comparison Table (continued)
FEATURES
WDS (Wireless
Distribution
System) - Root
AP & Repeater
Modes
Tunnel
Forwarding
Mode
Layer-2 Isolation Yes Yes Yes
Supported PoE
Standards
Power
Detection
External
Antennas
Internal
Antennas
Antenna Switch No No No
Console Port 4-Pin Serial 4-Pin Serial 4-Pin Serial
LED Locator Yes Yes Yes
LED Suppression Yes Yes Yes
AC (AP
Controller)
Discovery
NebulaFlex PRO Yes No Yes
NCC Discovery Yes Yes Yes
802.11r Fast
Roaming
Support
802.11k/v
Assisted
Roaming
Bluetooth Low
Energy (BLE)
USB Port for BLE No No No
Ethernet Storm
Control
Grounding No No No
Power Adapter N o Yes No
Maximum
number of log
messages
Firmware
Version
A. For NXC managed devices only. See the NXC User’s Guide for details.
WAC500/
WAC500H
Yes Yes Yes
Yes No Yes
IEEE 802.3af
IEEE 802.3at
No No Yes
No No No
Yes Yes Yes
Yes No Yes
Yes Yes Yes
Yes Yes Yes
No No No
Yes Yes No
6.25 6.25 6.25
NWA1123ACV3 WAC5302D-SV2
IEEE 802.3af
IEEE 802.3at
512 event logs
IEEE 802.3af
IEEE 802.3at
NWA/WAC/WAX Series CLI Reference Guide
15
Chapter 1 Getting to Know your Zyxel Device
The following tables list model specific features.
Table 3 WAC 6000 Series Comparison Table
FEATURES WAC6103D-I WAC6303D-S
WAC6502D-E
WAC6553D-E
Supported Wireless
Standards
Supported
Frequency Bands
Available Security
Modes
Number of SSID
Profiles
Number of Wireless
Radios
Monitor Mode &
Rogue APs
Containment
Rogue AP Detection Yes Yes Yes Yes Yes
WDS (Wireless
Distribution System) Root AP & Repeater
Modes
Tunnel Forwarding
Mode
Layer-2 Isolation Yes Yes Yes Yes Yes
Supported PoE
Standards
Power Detection No Yes Yes Yes Yes
External Antennas No No Yes No No
Internal Antennas Yes Yes No Yes Yes
Antenna Switch Yes
Console Port 4-Pin Serial 4-Pin Serial RJ-45 serial RJ-45 serial RJ-45 serial
LED Locator Yes Yes Yes Yes Yes
LED Suppression Yes Yes Yes Yes Yes
AC (AP Controller)
Discovery
NebulaFlex PRO Yes Yes Yes Yes Yes
NCC Discovery Yes Yes Yes Yes Yes
802.11r Fast Roaming
Support
802.11k/v Assisted
Roaming
A
IEEE 802.11a
IEEE 802.11b
IEEE 802.11g
IEEE 802.11n
IEEE 802.11ac
2.4 GHz
5 GHz
None
WEP
WPA2
WPA2-MIX
WPA2-PSK
WPA2-PSK-MIX
64 64 64 64 64
22222
Yes No Yes Yes Yes
YesYesYesYesYes
YesYesYesYesYes
IEEE 802.3af
IEEE 802.3at
(per radio +
physical switch)
YesYesYesYesYes
YesYesYesYesYes
YesYesYesYesYes
IEEE 802.11a
IEEE 802.11b
IEEE 802.11g
IEEE 802.11n
IEEE 802.11ac
2.4 GHz
5 GHz
None
WEP
WPA2
WPA2-MIX
WPA2-PSK
WPA2-PSK-MIX
IEEE 802.3af
IEEE 802.3at
No No No No
IEEE 802.11a
IEEE 802.11b
IEEE 802.11g
IEEE 802.11n
IEEE 802.11ac
2.4 GHz
5 GHz
None
WEP
WPA2
WPA2-MIX
WPA2-PSK
WPA2-PSK-MIX
IEEE 802.3af
IEEE 802.3at
WAC6502D-S
WAC6503D-S
IEEE 802.11a
IEEE 802.11b
IEEE 802.11g
IEEE 802.11n
IEEE 802.11ac
2.4 GHz
5 GHz
None
WEP
WPA2
WPA2-MIX
WPA2-PSK
WPA2-PSK-MIX
IEEE 802.3af
IEEE 802.3at
WAC6552D-S
IEEE 802.11a
IEEE 802.11b
IEEE 802.11g
IEEE 802.11n
IEEE 802.11ac
2.4 GHz
5 GHz
None
WEP
WPA2
WPA2-MIX
WPA2-PSK
WPA2-PSK-MIX
IEEE 802.3af
IEEE 802.3at
NWA/WAC/WAX Series CLI Reference Guide
16
Chapter 1 Getting to Know your Zyxel Device
Table 3 WAC 6000 Series Comparison Table
FEATURES WAC6103D-I WAC6303D-S
WAC6502D-E
WAC6553D-E
Bluetooth Low Energy
(BLE)
USB Port for BLENoNoNoNoNo
Ethernet Storm
Control
Grounding No Yes Yes Yes Yes
Maximum number of
log messages
Firmware Version 6.25 6.25 6.25 6.25 6.25
A. For NXC managed devices only. See the NXC User’s Guide for details.
NoYesNoNoNo
NoYesNoNoNo
512 event logs
WAC6502D-S
WAC6552D-S
WAC6503D-S
The following tables list model specific features.
Table 4 WAX 500/600 Series Comparison Table
FEATURES WAX510D WAX610D WAX650S
Supported Wireless
Standards
Supported Frequency
Bands
Available Security Modes None
Number of SSID Profiles 64 64 64
Number of Wireless Radios 2 2 2
Monitor Mode & Rogue APs
Containment
Rogue AP Detection Yes Yes Yes
WDS (Wireless Distribution
System) - Root AP &
Repeater Modes
Tunnel Forwarding Mode Yes Yes Yes
Layer-2 Isolation Yes Yes Yes
Supported PoE Standards
Power Detection Yes Yes Yes
External Antennas No No No
Internal Antennas Yes Yes Yes
Antenna Switch Yes
A
IEEE 802.11a
IEEE 802.11b
IEEE 802.11g
IEEE 802.11n
IEEE 802.11ac
IEEE 802.11ax
2.4 GHz
5 GHz
WEP
WPA2
WPA2-MIX
WPA2-PSK
WPA2-PSK-MIX
Enhanced-open
WPA3-enterprise
WPA3-personal
No No No
No Yes No
IEEE 802.3af
IEEE 802.3at
(per AP)
IEEE 802.11a
IEEE 802.11b
IEEE 802.11g
IEEE 802.11n
IEEE 802.11ac
IEEE 802.11ax
2.4 GHz
5 GHz
None
WEP
WPA2
WPA2-MIX
WPA2-PSK
WPA2-PSK-MIX
Enhanced-open
WPA3-enterprise
WPA3-personal
IEEE 802.3af
IEEE 802.3at
Yes
(per AP)
IEEE 802.11a
IEEE 802.11b
IEEE 802.11g
IEEE 802.11n
IEEE 802.11ac
IEEE 802.11ax
2.4 GHz
5 GHz
None
WEP
WPA2
WPA2-MIX
WPA2-PSK
WPA2-PSK-MIX
Enhanced-open
WPA3-enterprise
WPA3-personal
IEEE 802.3at
IEEE 802.3bt
No
NWA/WAC/WAX Series CLI Reference Guide
17
Chapter 1 Getting to Know your Zyxel Device
Table 4 WAX 500/600 Series Comparison Table
FEATURES WAX510D WAX610D WAX650S
Console Port 4-Pin Serial 4-Pin Serial 4-Pin Serial
LED Locator Yes Yes Yes
LED Suppression Yes Yes Yes
AC (AP Controller)
Discovery
NebulaFlex PRO Yes Yes Yes
NCC Discovery Yes Yes Yes
802.11r Fast Roaming
Support
802.11k/v Assisted Roaming Yes Yes Yes
Bluetooth Low Energy (BLE) No No Yes
USB Port for BLE No No No
Ethernet Storm Control Yes Yes Yes
Grounding Yes Yes Yes
Maximum number of log
messages
Firmware Version 6.25 6.25 6.25
A. For NXC managed devices only. See the NXC User’s Guide for details.
Yes Yes Yes
Yes Yes Yes
512 event logs
NWA/WAC/WAX Series CLI Reference Guide
18
Command Line Interface
This chapter describes how to access and use the CLI (Command Line Interface).
2.1 Overview
If you have problems with your Zyxel Device, customer support may request that you issue some of these
commands to assist them in troubleshooting.
Use of undocumented commands or misconfiguration can damage the
Zyxel Device and possibly render it unusable.
2.1.1 The Configuration File
CHAPTER 2
When you configure the Zyxel Device using either the CLI (Command Line Interface) or the web
configurator, the settings are saved as a series of commands in a configuration file on the Zyxel Device.
You can store more than one configuration file on the Zyxel Device. However, only one configuration file
is used at a time.
You can perform the following with a configuration file:
• Back up Zyxel Device configuration once the Zyxel Device is set up to work in your network.
• Restore Zyxel Device configuration.
• Save and edit a configuration file and upload it to multiple Zyxel Devices in your network to have the
same settings.
Note: You may also edit a configuration file using a text editor.
2.2 Accessing the CLI
You can access the CLI using a terminal emulation program on a computer connected to the console
port, or access the Zyxel Device using Telnet or SSH (Secure SHell).
Note: The console port is not available in every model. Please check the User’s Guide or
datasheet, or refer to the product page at www.zyxel.com to see if your Zyxel Device
has a console port.
Note: The Zyxel Device might force you to log out of your session if reauthentication time,
lease time, or idle timeout is reached. See Chapter 9 on page 50 for more information
about these settings.
NWA/WAC/WAX Series CLI Reference Guide
19
2.2.1 Console Port
The default settings for the console port are as follows.
Table 5 Managing the Zyxel Device: Console Port
SETTING VALUE
Speed 115200 bps
Data Bits 8
Parity None
Stop Bit 1
Flow Control Off
When you turn on your Zyxel Device, it performs several internal tests as well as line initialization. You can
view the initialization information using the console port.
• Garbled text displays if your terminal emulation program’s speed is set lower than the Zyxel Device’s.
• No text displays if the speed is set higher than the Zyxel Device’s.
• If changing your terminal emulation program’s speed does not get anything to display, restart the
Zyxel Device.
• If restarting the Zyxel Device does not get anything to display, contact your local customer support.
Figure 1 Console Port Power-on Display
FLASH: AMD 16M
Chapter 2 Command Line Interface
BootModule Version: V1.13 | 06/25/2010 15:05:00
DRAM: Size = 256 Mbytes
DRAM POST: Testing: 262144K
After the initialization, the login screen displays.
Figure 2 Login Screen
Welcome to NWA5123-AC-HD
Username:
Enter the user name and password at the prompts.
Note: The default login username is admin and password is 1234. The username and password
2.2.2 Telnet
Use the following steps to Telnet into your Zyxel Device.
are case-sensitive.
1 If your computer is connected to the Zyxel Device over the Internet, skip to the next step. Make sure your
computer IP address and the Zyxel Device IP address are on the same subnet.
NWA/WAC/WAX Series CLI Reference Guide
20
2 In Windows, click Start (usually in the bottom left corner) and Run. Then type telnet and the Zyxel
Device’s IP address. For example, enter
address).
3 Click OK. A login screen displays. Enter the user name and password at the prompts.
Note: The default login username is admin and password is 1234. The username and password
are case-sensitive.
2.2.3 SSH (Secure SHell)
You can use an SSH client program to access the CLI. The following figure shows an example using a
text-based SSH client program. Refer to the documentation that comes with your SSH program for
information on using it.
Note: The default login username is admin and password is 1234. The username and password
are case-sensitive.
Figure 3 SSH Login Example
C:\>ssh2 admin@192.168.1.2
Host key not found from database.
Key fingerprint:
xolor-takel-fipef-zevit-visom-gydog-vetan-bisol-lysob-cuvun-muxex
You can get a public key's fingerprint by running
% ssh-keygen -F publickey.pub
on the keyfile.
Are you sure you want to continue connecting (yes/no)? yes
Chapter 2 Command Line Interface
telnet 192.168.1.2 (the default static management IP
Host key saved to C:/Documents and Settings/user/Application Data/SSH/
hostkeys/
ey_22_192.168.1.2.pub
host key for 192.168.1.2, accepted by user Tue Aug 09 2005 07:38:28
admin's password:
Authentication successful.
2.3 How to Find Commands in this Guide
You can simply look for the feature chapter to find commands. In addition, you can use the List of
Commands (Alphabetical) at the end of the guide. This section lists the commands in alphabetical
order that they appear in this guide.
If you are looking at the CLI Reference Guide electronically, you might have additional options (for
example, bookmarks or Find...) as well.
2.4 How Commands Are Explained
Each chapter explains the commands for one keyword. The chapters are divided into the following
sections.
NWA/WAC/WAX Series CLI Reference Guide
21
Chapter 2 Command Line Interface
2.4.1 Background Information
Note: See the User’s Guide for background information about most features.
This section provides background information about features that you cannot configure in the web
configurator. In addition, this section identifies related commands in other chapters.
2.4.2 Command Input Values
This section lists common input values for the commands for the feature in one or more tables
2.4.3 Command Summary
This section lists the commands for the feature in one or more tables.
2.4.4 Command Examples
This section contains any examples for the commands in this feature.
2.4.5 Command Syntax
The following conventions are used in this User’s Guide.
• A command or keyword in courier new must be entered literally as shown. Do not abbreviate.
• Values that you need to provide are in italics.
• Required fields that have multiple choices are enclosed in curly brackets
• A range of numbers is enclosed in angle brackets <>.
• Optional fields are enclosed in square brackets
• The | symbol means OR.
2.4.6 Changing the Password
It is highly recommended that you change the password for accessing the Zyxel Device. See Section 9.2
on page 50 for the appropriate commands.
{}.
[].
NWA/WAC/WAX Series CLI Reference Guide
22
2.5 CLI Modes
You run CLI commands in one of several modes.
Table 6 CLI Modes
What User users
can do
What Limited-
Admin users can
do
What Admin users
can do
How you enter it Log in to the Zyxel
What the prompt
looks like
How you exit it Type exit Type disable Type exit Type exit
Chapter 2 Command Line Interface
USER PRIVILEGE CONFIGURATION SUB-COMMAND
• Look at (but not
run) available
commands
• Look at system
information (like
Status screen)
•Run basic
diagnostics
• Look at system
information (like
Status screen)
•Run basic
diagnostics
Device
Router> Router# Router(config)#
Unable to access Unable to access Unable to access
•Look at system
information (like
Status screen)
•Run basic
diagnostics
•Look at system
information (like
Status screen)
•Run basic
diagnostics
Type enable in User
mode
Unable to access Unable to access
• Configure simple
features (such as
an address
object)
• Create or remove
complex parts
(such as an
interface)
Type configure
terminal in User or
Privilege mode
• Configure
complex parts
(such as an
interface) in the
Zyxel Device
Type the command
used to create the
specific part in
Configuration mode
(varies by part)
Router(configif-brg)#
...
See Chapter 9 on page 50 for more information about the user types. User users can only log in, look at
(but not run) the available commands in User mode, and log out. Limited-Admin users can look at the
configuration in the web configurator and CLI, and they can run basic diagnostics in the CLI. Admin
users can configure the Zyxel Device in the web configurator or CLI.
At the time of writing, there is not much difference between User and Privilege mode for admin users.
This is reserved for future use.
2.6 Shortcuts and Help
2.6.1 List of Available Commands
A list of valid commands can be found by typing ? or [TAB] at the command prompt. To view a list of
available commands within a command group, enter
<command> ? or <command> [TAB].
NWA/WAC/WAX Series CLI Reference Guide
23
Chapter 2 Command Line Interface
Figure 4 Help: Available Commands Example 1
Router> ?
<cr>
apply
atse
clear
configure
------------------[Snip]-------------------shutdown
telnet
test
traceroute
wlan-report
write
Router>
Figure 5 Help: Available Command Example 2
Router> show ?
<wlan ap interface>
aaa
account
app-watch-dog
apply
arp-table
------------------[Snip]-------------------wlan-security-profile
wlan-ssid-profile
wtp-logging
Router> show
2.6.2 List of Sub-commands or Required User Input
To view detailed help information for a command, enter <command> <sub command> ?.
Figure 6 Help: Sub-command Information Example
Router(config)# ip telnet server ?
;
<cr>
port
rule
|
Router(config)# ip telnet server
Figure 7 Help: Required User Input Example
Router(config)# ip telnet server port ?
<1..65535>
Router(config)# ip telnet server port
2.6.3 Entering Partial Commands
The CLI does not accept partial or incomplete commands. You may enter a unique part of a command
and press
[TAB] to have the Zyxel Device automatically display the full command.
NWA/WAC/WAX Series CLI Reference Guide
24
Chapter 2 Command Line Interface
For example, if you enter config and press [TAB] , the full command of configure automatically
displays.
If you enter a partial command that is not unique and press
commands that start with the partial command.
Figure 8 Non-Unique Partial Command Example
Router# c [TAB]
clear configure copy
Router# co [TAB]
configure copy
2.6.4 Entering a ? in a Command
Typing a ? (question mark) usually displays help information. However, some commands allow you to
input a ?, for example as part of a string. Press [CTRL+V] on your keyboard to enter a ? without the Zyxel
Device treating it as a help query.
2.6.5 Command History
The Zyxel Device keeps a list of commands you have entered for the current CLI session. You can use
any commands in the history again by pre s s i ng th e up ( ) or down () arrow key to scroll through the
previously used commands and press
2.6.6 Navigation
[TAB], the Zyxel Device displays a list of
[ENTER].
Press [CTRL]+A to move the cursor to the beginning of the line. Press [CTRL]+E to move the cursor to the
end of the line.
2.6.7 Erase Current Command
Press [CTRL]+U to erase whatever you have currently typed at the prompt (before pressing [ENTER]).
2.6.8 The no Commands
When entering the no commands described in this document, you may not need to type the whole
command. For example, with the “[no] mss <536..1452>” command, you use “mss 536” to specify
the MSS value. But to disable the MSS setting, you only need to type “no mss” instead of “no mss 536”.
2.7 Input Values
You can use the ? or [TAB] to get more information about the next input value that is required for a
command. In some cases, the next input value is a string whose length and allowable characters may
NWA/WAC/WAX Series CLI Reference Guide
25
Chapter 2 Command Line Interface
not be displayed in the screen. For example, in the following example, the next input value is a string
called
<description>.
Router# configure terminal
Router(config)# interface lan
Router(config-if-brg)# description ?
<description>
The following table provides more information about input values like <description>.
Table 7 Input-Value Formats for Strings in CLI Commands
TAG # VALUES LEGAL VALUES
* 1*
all -- ALL
authentication key 32-40
16-20
Used in MD5 authentication keys and text authentication key
0-16 alphanumeric or _-
Used in text authentication keys
0-8 alphanumeric or _-
certificate name 1-31 alphanumeric or ;`~!@#$%^&()_+[\]{}',.=-
community string 0-63 alphanumeric or .-
connection_id 1+ alphanumeric or -_:
contact 1-61 alphanumeric, spaces, or '()+,/:=?;!*#@$_%-.
country code 0 or 2 alphanumeric
custom signature file
name
description Used in keyword criteria for log entries
distinguished name 1-511 alphanumeric, spaces, or .@=,_-
domain name 0+ lower-case letters, numbers, or .-
email 1-63 alphanumeric or .@_-
e-mail 1-64 alphanumeric or .@_-
encryption key 16-64
0-30 alphanumeric or _-.
1-64 alphanumeric, spaces, or '()+,/:=?;!*#@$_%-.
Used in other commands
1-61 alphanumeric, spaces, or '()+,/:=?;!*#@$_%-
Used in ip dns server
1-248 alphanumeric or .-
Used in domainname, ip dhcp pool, and ip domain
1-255 alphanumeric or ._-
8-32
“0x” or “0X” + 32-40 hexadecimal values
alphanumeric or ;|`~!@#$%^&*()_+\\{}':,./<>=-
first character: alphanumeric or -
first character: letter
first character: alphanumeric or -
first character: alphanumeric or -
“0x” or “0X” + 16-64 hexadecimal values
alphanumeric or ;\|`~!@#$%^&*()_+\\{}':,./
<>=-
NWA/WAC/WAX Series CLI Reference Guide
26
Chapter 2 Command Line Interface
Table 7 Input-Value Formats for Strings in CLI Commands (continued)
TAG # VALUES LEGAL VALUES
file name 0-31 alphanumeric or _-
filter extension 1-256 alphanumeric, spaces, or '()+,/:=?;!*#@$_%.-
fqdn Used in ip dns server
1-253 alphanumeric or .-
first character: alphanumeric or -
Used in ip, time server, device HA, certificates, and
interface ping check
1-255 alphanumeric or .-
first character: alphanumeric or -
full file name 0-256 alphanumeric or _/.-
hostname Used in hostname command
1-64 alphanumeric or .-_
first character: alphanumeric or -
Used in other commands
1-253 alphanumeric or .-
first character: alphanumeric or -
import configuration
file
import shell script 1-
initial string 1-64 alphanumeric, spaces, or '()+,/:=!*#@$_%-.&
key length -- 512, 768, 1024, 1536, 2048
license key 25 “S-” + 6 upper-case letters or numbers + “-” +
mac address -- aa:bb:cc:dd:ee:ff (hexadecimal)
mail server fqdn lower-case letters, numbers, or -.
name 1-31 alphanumeric or _-
notification message 1-81 alphanumeric, spaces, or '()+,/:=?;!*#@$_%-
password: less than 15
chars
password: less than 8
chars
password Used in user and ip
phone number 1-20 numbers or ,+
126+”.conf”
26+”.zysh”
1-15 alphanumeric or `~!@#$%^&*()_\-+={}|\;:'<,>./
1-8 alphanumeric or ;/?:@&=+$\.-_!~*'()%,#$
1-63 alphanumeric or `~!@#$%^&*()_-+={}|\;:'<,>./
Used in e-mail log profile SMTP authentication
1-63 alphanumeric or `~!@#$%^&*()_-+={}|\;:'<>./
Used in device HA synchronization
1-63 alphanumeric or ~#%^*_-={}:,.
Used in registration
6-20 alphanumeric or .@_-
alphanumeric or ;`~!@#$%^&()_+[]{}',.=add “.conf” at the end
alphanumeric or ;`~!@#$%^&()_+[]{}',.=add “.zysh” at the end
16 upper-case letters or numbers
NWA/WAC/WAX Series CLI Reference Guide
27
Chapter 2 Command Line Interface
Table 7 Input-Value Formats for Strings in CLI Commands (continued)
TAG # VALUES LEGAL VALUES
preshared key 16-64 “0x” or “0X” + 16-64 hexadecimal values
alphanumeric or ;|`~!@#$%^&*()_+\{}':,./<>=-
profile name 1-31 alphanumeric or _-
first character: letters or _-
proto name 1-16 lower-case letters, numbers, or -
protocol name 1-31 alphanumeric or _-
first character: letters or _-
quoted string less
than 255 chars
quoted string less
than 63 chars
quoted string 0+ alphanumeric, spaces, or punctuation marks
realm 1-253 alphanumeric or -_
service name 0-63 alphanumeric or -_@$./
spi 2-8 hexadecimal
string less than 15
chars
string: less than 63
chars
string 1+ alphanumeric or -_@
subject 1-61 alphanumeric, spaces, or '()+,./:=?;!*#@$_%-
system type 0-2 hexadecimal
timezone [-+]hh -- -12 through +12 (with or without “+”)
url 1-511 alphanumeric or '()+,/:.=?;!*#@$_%-
url “http://”+
user name 1-31 alphanumeric or _-
username 1-31 alphanumeric or _-
username 6-20 alphanumeric or .@_-
user name 1+ alphanumeric or -_.
user@domainname 1-80 alphanumeric or .@_-
vrrp group name: less
than 15 chars
1-255 alphanumeric, spaces, or ;/?:@&=+$\.-
_!~*'()%,
1-63 alphanumeric, spaces, or ;/?:@&=+$\.-_!~*'()%
enclosed in double quotation marks (“)
must put a backslash (\) before double
quotation marks that are part of input value
itself
first character: alphanumeric or -_
used in domain authentication
1-15 alphanumeric or -_
1-63 alphanumeric or `~!@#$%^&*()_-+={}|\;:'<,>./
alphanumeric or ;/?:@&=+$\.-_!~*'()%,
“https://”+
1-15 alphanumeric or _-
starts with “http://” or “https://”
may contain one pound sign (#)
first character: letters or _-
first character: alphanumeric or _domain authorization
registration
logging commands
NWA/WAC/WAX Series CLI Reference Guide
28
Chapter 2 Command Line Interface
Table 7 Input-Value Formats for Strings in CLI Commands (continued)
TAG # VALUES LEGAL VALUES
week-day sequence,
i.e. 1=first,2=second
xauth method 1-31 alphanumeric or _-
xauth password 1-31 alphanumeric or ;|`~!@#$%^&*()_+\{}':,./<>=-
mac address 0-12 (even
11-4
hexadecimal
number)
for example: xx-xx-xx-xx-xx-xx
2.8 Saving Configuration Changes
Use the write command to save the current configuration to the Zyxel Device.
Note: Always save the changes before you log out after each management session. All
unsaved changes will be lost after the system restarts.
2.9 Logging Out
Enter the exit or end command in configure mode to go to privilege mode.
Enter the
exit command in user mode or privilege mode to log out of the CLI.
NWA/WAC/WAX Series CLI Reference Guide
29
User and Privilege Modes
This chapter describes how to use these two modes.
3.1 User And Privilege Modes
This is the mode you are in when you first log into the CLI. (Do not confuse ‘user mode’ with types of user
accounts the Zyxel Device uses. See Chapter 9 on page 50 for more information about the user types.
‘User’ type accounts can only run ‘exit’ in this mode. However, they may need to log into the device in
order to be authenticated for ‘user-aware’ policies, for example a firewall rule that a particular user is
exempt from.)
Type ‘enable’ to go to ‘privilege mode’. No password is required. All commands can be run from here
except those marked with an asterisk. Many of these commands are for trouble-shooting purposes, for
example the htm (hardware test module) and debug commands. Customer support may ask you to run
some of these commands and send the results if you need assistance troubleshooting your device.
CHAPTER 3
For admin logins, all commands are visible in ‘user mode’ but not all can be run there. The following
table displays which commands can be run in ‘user mode’. All commands can be run in ‘privilege
mode’.
The htm and psm commands are for Zyxel’s internal manufacturing
process.
Table 8 User (U) and Privilege (P) Mode Commands
COMMAND MODE DESCRIPTION
apply
atse
clear
configure
copy
daily-report
debug (*)
delete
details
diag
diag-info
dir
disable
P Applies a configuration file.
U/P Displays the seed code
U/P Clears system or debug logs or DHCP binding.
U/P Use ‘configure terminal’ to enter configuration mode.
P Copies configuration files.
U/P Sets how and where to send daily reports and what reports to send.
U/P For support personnel only! The device needs to have the debug flag enabled.
P Deletes configuration files.
P Performs diagnostic commands.
P Provided for support personnel to collect internal system information. It is not
recommended that you use these.
P Has the Zyxel Device create a new diagnostic file.
P Lists files in a directory.
U/P Goes from privilege mode to user mode
NWA/WAC/WAX Series CLI Reference Guide
30
Chapter 3 User and Privilege Modes
Table 8 User (U) and Privilege (P) Mode Commands (continued)
COMMAND MODE DESCRIPTION
enable
exit
htm
U/P Goes from user mode to privilege mode
U/P Goes to a previous mode or logs out.
U/P Goes to htm (hardware test module) mode for testing hardware components.
You may need to use the htm commands if your customer support Engineer asks
you to during troubleshooting.
Note: These commands are for Zyxel’s internal manufacturing process.
interface
no packet-trace
nslookup
packet-trace
ping
psm
U/P Dials or disconnects an interface.
U/P Turns off packet tracing.
U/P Resolves an IP address to a host name and vice-versa.
U/P Performs a packet trace.
U/P Pings an IP address or host name.
U/P Goes to psm (product support module) mode for setting product parameters.
You may need to use the htm commands if your customer support Engineer asks
you to during troubleshooting.
Note: These commands are for Zyxel’s internal manufacturing process.
reboot
release
rename
renew
run
setenv
show
shutdown
telnet
test aaa
traceroute
write
P Restarts the device.
P Releases DHCP information from an interface.
P Renames a configuration file.
P Renews DHCP information for an interface.
P Runs a script.
U/P Turns stop-on-error on (terminates booting if an error is found in a configuration
file) or off (ignores configuration file errors and continues booting).
U/P Displays command statistics. See the associated command chapter in this
guide.
P Writes all d data to disk and stops the system processes. It does not turn off the
power.
U/P Establishes a connection to the TCP port number 23 of the specified host name
or IP address.
U/P Tests whether the specified user name can be success fully authe nticated by an
external authentication server.
P Traces the route to the specified host name or IP address.
P Saves the current configuration to the Zyxel Device. All unsaved changes are
lost after the Zyxel Device restarts.
Subsequent chapters in this guide describe the configuration commands. User/privilege mode
commands that are also configuration commands (for example, ‘show’) are described in more detail in
the related configuration command chapter.
3.1.1 Debug Commands
Debug commands marked with an asterisk (*) are not available when the debug flag is on and are for
Zyxel service personnel use only. The debug commands follow a syntax that is Linux-based, so if there is a
NWA/WAC/WAX Series CLI Reference Guide
31
Chapter 3 User and Privilege Modes
Linux equivalent, it is displayed in this chapter for your reference. You must know a command listed here
well before you use it. Otherwise, it may cause undesired results.
Table 9 Debug Commands
COMMAND SYNTAX DESCRIPTION
debug app show l7protocol
Shows app patrol protocol list
(*)
LINUX COMMAND
EQUIVALENT
> cat /etc/
l7_protocols/
protocol.list
debug ca (*)
debug device-ha (*)
debug gui (*)
debug hardware (*)
debug interface
debug interface ifconfig
Certificate debug commands
Device HA debug commands
Web Configurator related debug commands
Hardware debug commands
Interface debug commands
Shows system interfaces detail
> ifconfig
[interface]
debug ip dns
debug logging
debug manufacture
debug network arpignore (*)
DNS debug commands
System logging debug commands
Manufacturing related debug commands
Enable/Display the ignoring of ARP responses
for interfaces which don't own the IP address
cat /proc/sys/net/
ipv4/conf/*/
arp_ignore
debug policy-route (*)
debug [cmdexec|corefile|ip
Policy route debug command
ZLD internal debug commands
|kernel|mac-idrewrite|observer|switch
|system|zyinetpkt] (*)
NWA/WAC/WAX Series CLI Reference Guide
32
PART II
Reference
33
Object Reference
This chapter describes how to use object reference commands.
4.1 Object Reference Commands
The object reference commands are used to see which configuration settings reference a specific
object. You can use this table when you want to delete an object because you have to remove
references to the object first.
Table 10 show reference Commands
COMMAND DESCRIPTION
show reference object username
[username]
show reference object aaa
authentication [default | profile]
show reference object ca category
{local|remote} [cert_name]
show reference object [wlan-radio-
profile]
show reference object [wlan-monitor-
profile]
show reference object [wlan-ssid-
profile]
show reference object [wlan-
security-profile]
show reference object [wlan-
macfilter-profile]
Displays which configuration settings reference the specified
user object.
Displays which configuration settings reference the specified
AAA authentication object.
Displays which configuration settings reference the specified
authentication method object.
Displays the specified radio profile object.
Displays the specified monitor profile object.
Displays the specified SSID profile object.
Displays the specified security profile object.
Displays the specified macfilter profile object.
CHAPTER 4
NWA/WAC/WAX Series CLI Reference Guide
34
Chapter 4 Object Reference
4.1.1 Object Reference Command Example
This example shows the names of the WLAN profiles and which security profile each is set to use.
Router(config)# show reference object aaa authentication
default References:
Category
Rule Priority Rule Name
Description
===========================================================================
WLAN Profile SECURITY
1 default
N/A
WWW
N/A N/A
N/A
NWA/WAC/WAX Series CLI Reference Guide
35
CHAPTER 5
Status
This chapter explains some commands you can use to display information about the Zyxel Device’s
current operational state.
Table 11 Status Show Commands
COMMAND DESCRIPTION
show boot status
show cpu status
show cpu all
show disk
show extension-slot
show led status
show mac
show mem status
show ram-size
show serial-number
show socket listen
show socket open
show system uptime
show version
Displays details about the Zyxel Device’s startup state.
Displays the CPU utilization.
Displays the CPU utilization of each CPU.
Displays the disk utilization.
Displays the status of the extension card slot and the USB ports and the names of any
connected devices.
Displays the status of each LED on the Zyxel Device.
Displays the Zyxel Device’s MAC address.
Displays what percentage of the Zyxel Device’s memory is currently being used.
Displays the size of the Zyxel Device’s on-board RAM.
Displays the serial number of this Zyxel Device.
Displays the Zyxel Device’s listening ports
Displays the ports that are open on the Zyxel Device.
Displays how long the Zyxel Device has been running since it last restarted or was
turned on.
Displays the Zyxel Device’s model, firmware and build information.
Here are examples of the commands that display the CPU and disk utilization.
Use show cpu all to check all the Zyxel Device CPU utilization. Use show cpu status to check the
Zyxel Device average CPU utilization. You can use these commands to check your cpu status if you feel
the Zyxel Device’s performance is becoming slower
Use show disk to check the percentage of Zyxel Device onboard flash memory that is currently being
used. You can use this command to check your disk status if you’r e having tr ouble saving files on the
NWA/WAC/WAX Series CLI Reference Guide
36
Chapter 5 Status
Zyxel Device, such as the firmware or the packet capture files.
Router> show cpu status
CPU utilization: 7 %
CPU utilization for 1 min: 7 %
CPU utilization for 5 min: 7 %
Router> show cpu all
CPU core 0 utilization: 4 %
CPU core 0 utilization for 1 min: 6 %
CPU core 0 utilization for 5 min: 6 %
CPU core 1 utilization: 12 %
CPU core 1 utilization for 1 min: 14 %
CPU core 1 utilization for 5 min: 13 %
Router> show disk
No. Disk Size(MB) Usage
===========================================================================
1 onboard flash 3 15%
Here are examples of the commands that display the MAC address, memory usage, RAM size, and serial
number. You need the MAC address and serial number if you want to pass the Zyxel Device
management to Nebula.
Router(config)# show mac
MAC address: 12:34:56:78:90:16-40:4A:03:42:70:17
Router(config)# show mem status
memory usage: 19%
Router(config)# show ram-size
ram size: 256MB
Router(config)# show serial-number
serial number: XXXXXXXXXXXXX
Here is an example of the command that displays the listening ports.
Router(config)# show socket listen
No. Proto Local_Address Foreign_Address State
===========================================================================
1 tcp 0.0.0.0:80 0.0.0.0:0 LISTEN
2 tcp 192.168.1.245:53 0.0.0.0:0 LISTEN
3 tcp 127.0.0.1:53 0.0.0.0:0 LISTEN
4 tcp 0.0.0.0:21 0.0.0.0:0 LISTEN
5 tcp 0.0.0.0:22 0.0.0.0:0 LISTEN
6 tcp 127.0.0.1:953 0.0.0.0:0 LISTEN
Here is an example of the command that displays the open ports.
Router(config)# show socket open
No. Proto Local_Address Foreign_Address State
===========================================================================
1 udp 0.0.0.0:1812 0.0.0.0:0
2 udp 0.0.0.0:1814 0.0.0.0:0
3 udp 0.0.0.0:161 0.0.0.0:0
4 udp 172.23.26.245:53 0.0.0.0:0
5 0.0.1:53 0.0.0.0:0
6 udp 0.0.0.0:43386 0.0.0.0:0
7 udp 0.0.0.0:5246 0.0.0.0:0
NWA/WAC/WAX Series CLI Reference Guide
37
Chapter 5 Status
Here are examples of the commands that display the system uptime and model, firmware, and build
information.
Router> show system uptime
system uptime: 04:18:00
Router> show version
Zyxel Communications Corp.
model : NWA3160-N
firmware version: 2.23(UJA.0)b2
BM version : 1.13
build date : 2010-12-21 09:10:11
This example shows the current LED states on the Zyxel Device. The SYS LED lights on and green.
Router> show led status
sys: green
Router>
NWA/WAC/WAX Series CLI Reference Guide
38
This chapter shows you how to use interface-related commands.
6.1 Interface Overview
In general, an interface has the following characteristics.
• An interface is a logical entity through which (layer-3) packets pass.
• An interface is bound to a physical port or another interface.
• Many interfaces can share the same physical port.
Some characteristics do not apply to some types of interfaces.
CHAPTER 6
Interfaces
6.2 Interface General Commands Summary
The following table identifies the values required for many of these commands. Other input values are
discussed with the corresponding commands.
Table 12 Input Values for General Interface Commands
LABEL DESCRIPTION
interface_name
domain_name
The following sections introduce commands that are supported by several types of interfaces.
The name of the interface.
Ethernet interface: gex, x = 1 - N, where N equals the highest numbered Ethernet interface for
your Zyxel Device model.
VLAN interface: vlanx, x = 0 - 511
Fully-qualified domain name. You may up to 254 alphanumeric characters, dashes (-), or
periods (.), but the first character cannot be a period.
NWA/WAC/WAX Series CLI Reference Guide
39
Chapter 6 Interfaces
6.2.1 Basic Interface Properties and IP Address Commands
This table lists basic properties and IP address commands.
Table 13 interface General Commands: Basic Properties and IP Address Assignment
COMMAND DESCRIPTION
capwap ap vlan vlan-id <1..4094> <tag|untag>
interface-name {bridge_interface}
user_defined_name
interface-rename old_user_defined_name
new_user_defined_name
interface send statistics interval <15..3600>
[no] interface interface_name
[no] description description
[no] downstream <0..1048576>
exit
[no] ip address dhcp
[no] ip address ip subnet_mask
When the Zyxel Device is in managed AP mode,
this sets the AP’s VLAN identification number
and sets it to send tagged or untagged
packets.
Specifies a name for a bridge interface. It can
use alphanumeric characters, hyphens, and
underscores, and it can be up to 11 characters
long.
ethernet_interface: This must be the system
name of a bridge interface. Use the show
interface-name command to see the system
name of interfaces.
user_defined_name:
• This name cannot be one of the follows:
"ethernet", "ppp", "vlan", "bridge", "virtual",
"wlan", "cellular", "aux", "tunnel", "status",
"summary", "all"
• This name cannot begin with one of the
follows either: "ge", "ppp", "vlan", "wlan-",
"br", "cellular", "aux", "tunnel".
Modifies the user-defined name of an Ethernet
interface.
Sets how often the Zyxel Device sends interface
statistics to external servers. For example, a
syslog server.
Creates the specified interface if necessary and
enters sub-command mode. The
deletes the specified interface.
Specifies the description for the specified
interface. The
description.
description: You can use alphanumeric and
no command clears the
()+/:=?!*#@$_%- characters, and it can
be up to 60 characters long.
This is reserved for future use.
Specifies the downstream bandwidth for the
specified interface. The
downstream bandwidth to 1048576.
Leaves the sub-command mode.
Makes the specified interface a DHCP client;
the DHCP server gives the specified interface its
IP address, subnet mask, and gateway. The
command makes the IP address static IP
address for the specified interface. (See the
next command to set this IP address.)
Assigns the specified IP address and subnet
mask to the specified interface. The
command clears the IP address and the subnet
mask.
no command
no command sets the
no
no
NWA/WAC/WAX Series CLI Reference Guide
40
Chapter 6 Interfaces
Table 13 interface General Commands: Basic Properties and IP Address Assignment (continued)
COMMAND DESCRIPTION
[no] ip gateway ip
ip gateway ip metric <0..15>
[no] metric <0..15>
[no] mss <536..1460>
[no] mtu <576..1500>
[no] shutdown
traffic-prioritize {tcp-ack|dns} bandwidth
<0..1048576> priority <1..7> [maximizebandwidth-usage];
traffic-prioritize {tcp-ack|dns}
deactivate
[no] upstream <0..1048576>
manager ap vlan vlan-id <1..4094> <tag|untag>
manager ap vlan ip address [ip subnet_mask |
dhcp]
manager ap vlan [no] ipv6 address ipv6_addr/
prefix
manager ap vlan [no] ipv6 dhcp6 {addressrequest | client}
Adds the specified gateway using the specified
interface. The
gateway.
Sets the priority (relative to every gateway on
every interface) for the specified gateway. The
lower the number, the higher the priority.
Sets the interface’s priority relative to other
interfaces. The lower the number, the higher the
priority.
Specifies the maximum segment size (MSS) the
interface is to use. MSS is the largest amount of
data, specified in bytes, that the interface can
handle in a single, unfragmented piece. The
command has the interface use its default MSS.
Specifies the Maximum Transmission Unit, which
is the maximum number of bytes in each
packet moving through this interface. The Zyxel
Device divides larger packets into smaller
fragments. The
1500.
Deactivates the specified interface. The no
command activates it.
Applies traffic priority when the interface sends
TCP-ACK traffic, or traffic for resolving domain
names. It also sets how much bandwidth the
traffic can use and can turn on maximize
bandwidth usage.
Turns off traffic priority settings for when the
interface sends the specified type of traffic.
Specifies the upstream bandwidth for the
specified interface. The
upstream bandwidth to 1048576.
When the Zyxel Device is in standalone or cloud
management mode, this sets the AP’s VLAN
identification number and sets it to send
tagged or untagged packets.
Sets the management IPv4 address for the Zyxel
Device.
Sets the IPv6 address and the prefix length for
the LAN interface of the Zyxel Device.
The no command removes the IPv6 address
settings.
Set the Zyxel Device to act as a DHCPv6 client
or get this interface’s IPv6 address from a
DHCPv6 server.
no command removes the
no command resets the MTU to
no command sets the
no
The no command sets the Zyxel Device to not
get this interface’s IPv6 address from the
DHCPv6 server.
NWA/WAC/WAX Series CLI Reference Guide
41
Chapter 6 Interfaces
Table 13 interface General Commands: Basic Properties and IP Address Assignment (continued)
COMMAND DESCRIPTION
manager ap vlan [no] ipv6 dhcp6-request-object
dhcp6_profile
manager ap vlan [no] ipv6 enable
manager ap vlan [no] ipv6 gateway ipv6_addr
manager ap vlan [no] ipv6 nd ra accept
manager ap vlan [no] ip gateway ip
show interface {ethernet | vlan} status
show interface {interface_name | ethernet |
vlan | bridge | all}
show interface send statistics interval
show interface summary all
show interface summary all status
show interface-name
show ipv6 interface {interface_name | ethernet
|vlan | bridge | all}
show ipv6 nd ra status interface_name
show ipv6 static address interface
interface_name
For a DHCPv6 client interface, sets the profile of
DHCPv6 request settings that determine what
additional information to get from the DHCPv6
server.
The no command removes the DHCPv6 request
settings profile.
Enables IPv6 stateless auto-configuration on the
Zyxel Device. The Zyxel Device will generate an
IPv6 address itself from a prefix obtained from
an IPv6 router in the network.
The no command disables IPv6 stateless autoconfiguration.
Sets the IPv6 address of the default outgoing
gateway.
The no command removes the IPv6 gateway
settings.
Sets the IPv6 interface to accept IPv6 neighbor
discovery router advertisement messages.
The no command sets the IPv6 interface to
discard IPv6 neighbor discovery router
advertisement messages.
Sets the manager gateway address. The no
command removes the gateway.
Displays the connection status of the specified
type of interfaces.
Displays information about the specified
interface, specified type of interfaces, or all
interfaces.
Displays the interval for how often the Zyxel
Device refreshes the sent packet statistics for
the interfaces.
Displays basic information about the interfaces.
Displays the connection status of the interfaces.
Displays all Ethernet interface system name and
user-defined name mappings.
Displays information about the specified IPv6
interface, specified type of IPv6 interfaces, or all
IPv6 interfaces.
Displays the specified IPv6 interface’s IPv6
router advertisement configuration.
Displays the static IPv6 addresses configured on
the specified IPv6 interface.
6.2.1.1 Basic Interface Properties Command Examples
Use these commands to set LAN settings. Use manager ap vlan ip address to set the LAN interface to use
a static IP address or DHCP (Dynamic Host Configuration Protocol). If you set an attribute twice, the
latter setting overrides the previous one.
NWA/WAC/WAX Series CLI Reference Guide
42
Chapter 6 Interfaces
The following example shows how to check the Internet interface status, including the current IP address
used.
Router(config)# show interface all
No. Name Status IP Address Mask IP Assignment
==========================================================================
2 lan Up 123.45.67.89 255.255.252.0 DHCP client
3 wlan-1 n/a n/a n/a n/a
4 wlan-1-1 Up 0.0.0.0 0.0.0.0 static
5 wlan-1-2 Up 0.0.0.0 0.0.0.0 static
The following commands configure the LAN Ethernet interface to use IP address 1.1.1.1, netmask
255.255.255.0, and gateway address 1.2.3.4.
Router(config)# manager ap vlan ip address 1.1.1.1 255.255.255.0
Router(config)# manager ap vlan ip gateway 1.2.3.4
The following command makes the LAN Ethernet interface a DHCP client. A DHCP client (your Zyxel
Device) uses the IP address dynamically assigned by a DHCP server. Use this command to have the LAN
Ethernet interface use dynamic IP address.
Router(config)# manager ap vlan ip address dhcp
A VLAN (Virtual Local Area Network) allows a physical network to be partitioned into multiple logical
networks. You can assign a VLAN Id for the Zyxel Device to be the management VLAN Id. The Zyxel
Device only handles packets from the Ethernet port tagged with the same VLAN ID (management VLAN
Id). Specify untag
the Ethernet port.
This example sets the LAN Ethernet interface’s management VLAN Id to 100, untagged.
if you want the Zyxel Device to send outgoing packets tagged with VLAN Id through
Note: Mis-configuring the management VLAN settings in your Zyxel Device can make it
inaccessible. If this happens, you’ll have to reset the Zyxel Device.
Router(config)# manager ap vlan vlan-id 100 untag
6.3 Port Commands
This section covers commands that are specific to ports.
NWA/WAC/WAX Series CLI Reference Guide
43
Chapter 6 Interfaces
Note: In CLI, representative interfaces are also called representative ports.
Table 14 Basic Interface Setting Commands
COMMAND DESCRIPTION
no port <1..x>
port status port_name
[no] duplex <full | half>
exit
[no] negotiation auto
[no] speed <1000, 100, 10>
show port setting
show port status
show port type
show manager vlan
Removes the specified physical port from its current
representative interface and adds it to its default
representative interface (for example, port x --> gex).
Enters a sub-command mode to configure the
specified port’s settings.
port_name: The name of the Ethernet port. Port1
(NWA5123-AC and NWA1123-ACv2 only),
lanx, x = 1-N, where N equals the highest numbered
Ethernet LAN interface for your Zyxel Device model.
Sets the port’s duplex mode. The no command returns
the default setting.
Leaves the sub-command mode.
Sets the port to use auto-negotiation to determine the
port speed and duplex. The no command turns off
auto-negotiation.
Sets the Ethernet port’s connection speed in Mbps.
The no command returns the default setting.
Displays the Ethernet port negotiation, duplex, and
speed settings.
Displays statistics for the Ethernet ports.
Displays the type of cable connection for each
physical interface on the device.
Displays the LAN interface’s management interface
settings.
UPLINK, or
6.3.1 Port Command Examples
The following example shows port status.
Router# show port status
Port Status TxPkts RxPkts TxBcast RxBcast Colli. TxB/s
RxB/s Up Time PVID
===========================================================================
====
1 1000M/Full 465 5452 411 2647 0 812
612 00:13:28 1
2 Down 0 0 0 0 0 0 0
00:00:00 1
3 Down 0 0 0 0 0 0 0
00:00:00 1
4 Down 0 0 0 0 0 0 0
00:00:00 1
Router#
NWA/WAC/WAX Series CLI Reference Guide
44
The following example shows port settings.
Router(config)# show port setting
Port Negotiation Duplex Speed EEE
===========================================================================
====
1 auto full 1000 no
The following example shows LAN settings.
Router(config)# show manager vlan
Management Interface:
VLAN ID: 100
VLAN Tag: untag
IP Status: static
IP Address: 192.168.1.2
Mask: 255.255.255.0
Gateway: 0.0.0.0
The following example shows each port’s type of cable connection.
Router(config)# show port type
Port Type
===========================================================================
1 Copper
NWA/WAC/WAX Series CLI Reference Guide
45
This chapter shows you how to configure the traffic storm control settings on the Zyxel Device.
7.1 Overview
Traffic storm control limits the number of broadcast and/or multicast packets the Zyxel Device receives
on the ports. When the maximum number of allowable broadcast and/or multicast packets is reached,
the subsequent packets are discarded. Enable this feature to reduce broadcast and/or multicast
packets in your network.
Chapter 7 Storm Control
CHAPTER 7
Storm Control
7.2 Storm Control Commands
The following table describes the commands available for storm control. You must use the configure
terminal
Table 15 Command Summary: Storm Control
COMMAND DESCRIPTION
storm-control ethernet
no storm-control ethernet
show storm-control ethernet
show storm-control port_name
command to enter the configuration mode before you can use these commands.
[no] broadcast
broadcast pps <1..10000>
[no] multicast
multicast pps <1..10000>
Enters a sub-command mode to configure the Zyxel
Device’s storm control settings.
Enables or disables broadcast storm control, which drops
broadcast packets from ingress traffic if the traffic rate
exceeds the configured maximum rate.
Sets the maximum rate for broadcast traffic before storm
control starts dropping broadcast packets.
Enables or disables multicast storm control, which drops
multicast packets from ingress traffic if the traffic rate
exceeds the configured maximum rate.
Sets the maximum rate for multicast traffic before storm
control starts dropping multicast packets.
Disables broadcast/multicast storm control on the Zyxel
Device.
Displays storm control settings on all Zyxel Device ports.
Displays storm control settings on the specified port.
port_name: The name of the Ethernet port. UPLINK or
lanx, x = 1-N, where N equals the highest numbered
Ethernet LAN interface for your Zyxel Device model.
NWA/WAC/WAX Series CLI Reference Guide
46
7.2.1 Storm Control Command Examples
The following example shows you how to enable broadcast storm control on the Zyxel Device.
Router# configure terminal
Router(config)# storm-control ethernet
Router(storm-control)# broadcast
Router(storm-control)# exit
Router(config)#
The following example shows you how to display the uplink port’s storm control settings. The way data is
displayed may vary slightly for different models.
Router# configure terminal
Router(config)# show storm-control UPLINK
Port: UPLINK
Storm Type 1: Multicast
Storm Suppression: Disable
Storm Type 2: Broadcast
Storm Suppression: Enable
Rate Type: pps
Rate: 100
Storming: No
Last Suppression Time: N/A
Last Recovery Time: N/A
Router(config)#
Router# configure terminal
Router(config)# show storm-control UPLINK
Port: UPLINK
Storm Type 1: Multicast
Storm Suppression: Disable
Rate Type: pps
Rate: 100
Storming: N/A
Last Suppression Time: N/A
Last Recovery Time: N/A
Storm Type 2: Broadcast
Storm Suppression: Enable
Rate Type: pps
Rate: 100
Storming: No
Last Suppression Time: N/A
Last Recovery Time: N/A
Router(config)#
NWA/WAC/WAX Series CLI Reference Guide
47
This chapter shows you how to configure the NCC discovery and proxy server settings on the Zyxel
Device.
8.1 Overview
If your Zyxel Device can be managed through the Zyxel Nebula Control Center (NCC) and is behind a
proxy server, you will need to enable NCC discovery and configure the proxy server settings so that the
Zyxel Device can access the NCC through the proxy server.
Chapter 8 NCC Discovery
CHAPTER 8
NCC Discovery
8.2 NCC Discovery Commands
The following table describes the commands available for NCC discovery and proxy server. You must
use the
commands.
Table 16 Command Summary: NCC Discovery
COMMAND DESCRIPTION
[no] netconf inactivate
[no] netconf proxy
netconf proxy server {ip|host_name}
netconf proxy port <1..65535>
[no] netconf proxy-auth
configure terminal command to enter the configuration mode before you can use these
Turns off NCC discovery on the Zyxel Device. If NCC
discovery is disabled, the Zyxel Device will not discover the
NCC and remain in standalone AP mode.
The
no command turns on NCC discovery. The Zyxel
Device will try to discover the NCC and go into cloud
management mode when it is connected to the Internet
and has been registered in the NCC.
Sets the Zyxel Device to access the NCC through the
specified proxy server.
The
no command sets the Zyxel Device to not access the
NCC through the specified proxy server.
Sets the IP address or URL of the proxy server.
Sets the service port number used by the proxy server.
Turns on proxy authentication. The no command turns it
off.
netconf proxy-auth username username
{password|encrypted-password}
{password|ciphertext}
NWA/WAC/WAX Series CLI Reference Guide
48
Enable this if the proxy server requires authentication
before it grants access to the Internet.
Sets your proxy user name and password.
Chapter 8 NCC Discovery
Table 16 Command Summary: NCC Discovery (continued)
COMMAND DESCRIPTION
show netconf proxy status
show netconf status
8.2.1 NCC Discovery Command Example
The following example shows you how to turn on NCC discover on the Zyxel Device.
Router# configure terminal
Router(config)# no netconf inactivate
Router(config)#
The following example shows proxy server settings.
Router> show netconf proxy status
active: yes
proxy server: 172.16.15.253
proxy port: 8080
proxy-auth active: yes
proxy-auth username: Joseph
proxy-auth encrypted-password: $4$hT65kQTR$Uh8lp5zfcP7vEfm
O97C5MJ6U1B47M3DIiPvb6GcrPK2kEo3R7PTChiVWl7rRi+xr0xhg8DsdTPU$
Router>
Displays the proxy server settings.
Displays whether NCC discovery is enabled or not on the
Zyxel Device.
NWA/WAC/WAX Series CLI Reference Guide
49
This chapter describes how to set up user accounts and user settings for the Zyxel Device. You can also
set up rules that control when users have to log in to the Zyxel Device before the Zyxel Device routes
traffic for them.
9.1 User Account Overview
A user account defines the privileges of a user logged into the Zyxel Device. User accounts are used in
firewall rules and application patrol, in addition to controlling access to configuration and services in the
Zyxel Device.
9.1.1 User Types
CHAPTER 9
Users
These are the types of user accounts the Zyxel Device uses.
Table 17 Types of User Accounts
TYPE ABILITIES LOGIN METHOD(S)
Admin Users
admin Modify Zyxel Device configuration (web, CLI) WWW, TELNET, SSH, FTP, Console,
limited-admin Verify Zyxel Device configuration (web, CLI)
Perform basic diagnostics (CLI)
Access Users
user Used for the embedded RADIUS server and
SNMPv3 user access
Browse user-mode commands (CLI)
9.2 User Commands Summary
The following table identify the values required for many username commands. Other input values are
discussed with the corresponding commands.
Table 18 user Command Input Values
LABEL DESCRIPTION
username
The name of the user (account). You may use 1-31 alphanumeric characters, underscores(_),
or dashes (-), but the first character cannot be a number. This value is case-sensitive and must
be unique.
WWW, TELNET, SSH, Console
The following sections list the
NWA/WAC/WAX Series CLI Reference Guide
username commands.
50
Chapter 9 Users
9.2.1 Username and User Commands
The first table lists the commands for users.
Table 19 username Commands Summary: Users
COMMAND DESCRIPTION
show username [username]
username username nopassword user-type {admin
| guest | limited-admin | user}
username username password password user-type
{admin | guest | limited-admin | user}
username username logon-due-time time
username username encrypted-password
<ciphertext> user-type {admin | guest |
limited-admin | user}
username username nopassword user-type {admin
| guest | guest-manager| limited-admin | user}
username username password password user-type
{admin | guest | limited-admin | user}
username username user-type ext-user
no username username
username rename username username
username username [no] description description
Displays information about the specified user or
about all users set up in the Zyxel Device.
Creates a user with the specified type and
username, and no password.
If the user already exists, this command
removes the user’s password and changes the
user’s type.
Creates a user with the specified user type,
username, and password.
If the user already exists, this command
changes the user’s type and password.
password: You can use 1-63 printable ASCII
characters, except double quotation marks (“)
and question marks (?).
time: HH:MM in 24-hour time format.
Sets a user account password by ciphertext.
Creates a user with the specified type and
username, and no password.
If the user already exists, this command
removes the user’s password and changes the
user’s type.
Creates a user with the specified user type,
username, and password.
If the user already exists, this command
changes the user’s type and password.
password: You can use 1-63 printable ASCII
characters, except double quotation marks (“)
and question marks (?).
Creates the specified user (if it does not already
exist) and sets the user type to Ext-User.
Deletes the specified user.
Renames the specified user (first username) to
the specified username (second username).
Sets the description for the specified user. The
no command clears the description.
description: You can use alphanumeric and
()+/:=?!*#@$_%- characters, and it can
be up to 60 characters long.
NWA/WAC/WAX Series CLI Reference Guide
51
Chapter 9 Users
Table 19 username Commands Summary: Users (continued)
COMMAND DESCRIPTION
username username encrypted-password
<password>
username username logon-time-setting <default
| manual>
username username [no] logon-lease-time
<0..1440>
username username [no] logon-re-auth-time
<0..1440>
Sets a user account password by ciphertext.
Normally you would use username password
<clear text> to set the password.
In special case cases (for GUI apply), you can
use username encrypted-password
<ciphertext> to set password.
Sets the account to use the factory default
lease and reauthentication times or custom
ones.
Enter the number of minutes the user has to
renew the current session before the user is
logged out.
• You can specify 1 to 1440 minutes.
• Specify 0 to make the number of minutes
unlimited.
•The
Enter the maximum number of minutes the user
can be logged in to the Zyxel Device before
the user is logged out.
no command sets the lease time to
five minutes, regardless of the current
default setting for new users.
9.2.2 User Setting Commands
This table lists the commands for user settings.
Table 20 users Commands Summary: Settings
COMMAND DESCRIPTION
show users default-setting user-type {admin |
limited-admin| guest| ext-user| user}}
show users default-setting all
users default-setting [no] logon-lease-time
<0..1440>
users default-setting [no] logon-re-auth-time
<0..1440>
users default-setting [no] user-type <admin
|limited-admin>
show users retry-settings
• You can specify 1 to 1440 minutes.
• Specify 0 to make the number of minutes
unlimited.
•The
Displays the default lease and reauthentication
times for the specified type of user accounts.
Displays the default lease and reauthentication
times for all types of user account.
Sets the default lease time (in minutes) for each
new user. Set it to zero to set unlimited lease
time. The
time to five.
Sets the default reauthorization time (in minutes)
for each new user. Set it to zero to set unlimited
reauthorization time. The
default reauthorization time to thirty.
Sets the default user type for each new user.
The
user.
Displays the current retry limit settings for users.
no command sets the reauthorization
time to five minutes, regardless of the
current default setting for new users.
no command sets the default lease
no command sets the
no command sets the default user type to
NWA/WAC/WAX Series CLI Reference Guide
52
Chapter 9 Users
Table 20 users Commands Summary: Settings (continued)
COMMAND DESCRIPTION
[no] users retry-limit
[no] users retry-count <1..99>
[no] users lockout-period <1..65535>
show users simultaneous-logon-settings
[no] users simultaneous-logon {administration
| access} enforce
[no] users simultaneous-logon {administration
| access} limit <1..1024>
Enables the retry limit for users. The no
command disables the retry limit.
Sets the number of failed login attempts a user
can have before the account or IP address is
locked out for lockout-period minutes. The
command sets the retry-count to five.
Sets the amount of time, in minutes, a user or IP
address is locked out after retry-count number
of failed login attempts. The
the lockout period to thirty minutes.
Displays the current settings for sim ultaneous
logins by users.
Enables the limit on the number of simultaneous
logins by users of the specified account-type.
The
no command disables the limit, or allows
an unlimited number of simultaneous logins.
Sets the limit for the number of simultaneous
logins by users of the specified account-type.
The
no command sets the limit to one.
no
no command sets
9.2.2.1 User Setting Command Examples
The following commands show the current settings for the number of simultaneous logins.
Router# configure terminal
Router(config)# show users simultaneous-logon-settings
enable simultaneous logon limitation for administration account: no
maximum simultaneous logon per administration account : 1
9.2.3 Additional User Commands
This table lists additional commands for users.
Table 21 users Commands Summary: Additional
COMMAND DESCRIPTION
show users {username | all | current}
show lockout-users
unlock lockout-users ip | console
users force-logout ip | username
Displays information about the users logged
onto the system.
Displays users who are currently locked out.
Unlocks the specified IP address.
Logs out the specified logins.
NWA/WAC/WAX Series CLI Reference Guide
53
Chapter 9 Users
9.2.3.1 Additional User Command Examples
The following commands display the users that are currently logged in to the Zyxel Device and forces
the logout of all logins from a specific IP address.
Router# configure terminal
outer(config)# show users all
No. Name Type From
Service Session Time Idle Time Lease Timeout Re-Auth. Timeout
===============================================================================
1 admin admin 172.17.16.101
http/https 04:31:01 unlimited unlimited unlimited
2 admin admin console
console 04:23:51 unlimited unlimited unlimited
Router(config)# users force-logout 172.17.16.101
Logout user 'admin'(from 172.17.16.101): OK
Total 1 user has been forced logout
Router(config)# show users all
No. Name Type From
Service Session Time Idle Time Lease Timeout Re-Auth. Timeout
===============================================================================
1 admin admin console
console 04:24:55 unlimited unlimited unlimited
The following commands display the users that are currently locked out and then unlocks the user who is
displayed.
Router# configure terminal
Router(config)# show lockout-users
No. Username Tried From Lockout Time Remaining
===========================================================================
No. From Failed Login Attempt Record Expired Timer
===========================================================================
1 172.17.13.60 2 46
Router(config)# unlock lockout-users 172.17.13.60
User from 172.17.13.60 is unlocked
Router(config)# show lockout-users
No. Username Tried From Lockout Time Remaining
===========================================================================
No. From Failed Login Attempt Record Expired Timer
===========================================================================
NWA/WAC/WAX Series CLI Reference Guide
54
CHAPTER 10
AP Management
This chapter shows you how to configure wireless AP management options on your Zyxel Device.
10.1 AP Management Overview
The Zyxel Device supports CAPWAP. This is Zyxel’s implementation of the CAPWAP protocol (RFC 5415). The CAPWAP
data flow is protected by Datagram Transport Layer Security (DTLS).
The Zyxel Device can be a standalone AP (default), or a CAPWAP managed AP.
The following figure illustrates a CAPWAP wireless network. The user (U) configures the AP controller (C), which then
automatically updates the configurations of the managed APs (M1 ~ M4).
Figure 9 CAPWAP Network Example
CAPWAP Discovery and Management
The link between CAPWAP-enabled access points proceeds as follows:
1 An AP in managed AP mode joins a wired network (receives a dynamic IP address).
2 The AP sends out a discovery request, looking for a CAPWAP AP controller.
NWA/WAC/WAX Series CLI Reference Guide
55
Chapter 10 AP Management
3 If there is an AP controller on the network, it receives the discovery request. If the AP controller is in
Manual mode it adds the details of the AP to its Unmanaged Access Points list, and you decide which
available APs to manage. If the AP controller is in Always Accept mode, it automatically adds the AP to
its Managed Access Points list and provides the managed AP with default configuration information, as
well as securely transmitting the DTLS pre-shared key. The managed AP is ready for association with
wireless clients.
Managed AP Finds the Controller
A managed Zyxel Device can find the controller in one of the following ways:
• Manually specify the controller’s IP address in the Web Configurator’s AC (AP Controller) Discovery screen or using
the capwap ap ac-ip command.
• Get the controller’s IP address from a DHCP server with the controller’s IP address configured as option 138.
• Get the controller’s IP address from a DNS server SRV (Service) record.
• Broadcasting to discover the controller within the broadcast domain.
Note: The AP controller needs to have a static IP address. If it is a DHCP client, set the DHCP server to
reserve an IP address for the AP controller.
CAPWAP and IP Subnets
By default, CAPWAP works only between devices with IP addresses in the same subnet.
However, you can configure CAPWAP to operate between devices with IP addresses in different subnets by doing
the following.
• Activate DHCP. Your network’s DHCP server must support option 138 defined in RFC 5415.
• Configure DHCP option 138 with the IP address of the CAPWAP AP controller on your network.
DHCP Option 138 allows the CAPWAP management request (from the AP in managed AP mode) to reach the AP
controller in a different subnet, as shown in the following figure.
Figure 10 CAPWAP and DHCP Option 138
NWA/WAC/WAX Series CLI Reference Guide
56
Chapter 10 AP Management
Notes on CAPWAP
This section lists some additional features of Zyxel’s implementation of the CAPWAP protocol.
• When the AP controller uses its internal Remote Authentication Dial In User Service (RADIUS) server, managed APs
also use the AP controller’s authentication server to authenticate wireless clients.
• If a managed AP’s link to the AP controller is broken, the managed AP continues to use the wireless settings with
which it was last provided.
10.2 AP Management Commands
The following table identifies the values required for many of these commands. Other input values are discussed with
the corresponding commands.
Table 22 Input Values for General AP Management Commands
LABEL DESCRIPTION
ap_mac
slot_name
profile_name
ap_description
sta_mac
The Ethernet MAC address of the managed AP. Enter 6 hexadecimal pairs separated by
colons. You can use 0-9, a-z and A-Z.
The slot name for the AP’s on-board wireless LAN card. Use either slot1 or slot2. (Not all
Zyxel Devices support 2 radio slots.)
The wireless LAN radio profile name. You may use 1-31 alphanumeric characters,
underscores(
sensitive.
The AP description. This is strictly used for reference purposes and has no effect on any other
settings. You may use 1-31 alphanumeric characters, underscores(
first character cannot be a number. This value is case-sensitive.
The Ethernet MAC address of the managed station (or wireless client). Enter 6 hexadecimal
pairs separated by colons. You can use 0-9, a-z and A-Z.
_), or dashes (-), but the first character cannot be a number. This value is case-
_), or dashes (-), but the
The following table describes the commands available for AP management. You must use the configure
terminal
command to enter the configuration mode before you can use these commands.
Table 23 Command Summary: AP Management
COMMAND DESCRIPTION
wlan slot_name
[no] activate
ap profile radio_profile_name
output-power power
repeater profile radio_profile_name
rootap profile radio_profile_name
ssid profile index ssid_profile_name
wds_profile wds_profile_name
Enters the sub-command mode for the specified radio
on the Zyxel Device.
Enables the specified radio. The no command
disables the radio.
Sets the radio (slot_name) to AP mode and assigns a
created radio profile to the radio.
Sets the output power (between 0 to 30 dBm) for the
specified radio.
Sets the specified radio (slot_name) to repeater
mode and assigns a created r a di o profile to the radio.
Sets the specified radio (slot_name) to root AP mode
and assigns a created radio profile to the radio.
Assigns an SSID profile to this radio. Requires an existing
SSID profile.
Selects the WDS profile the radio (in repeater or root
AP mode) uses to connect to a root AP or repeater.
NWA/WAC/WAX Series CLI Reference Guide
57
Chapter 10 AP Management
Table 23 Command Summary: AP Management (continued)
COMMAND DESCRIPTION
wds_uplink {auto | manual bssid
mac_address}
wireless-bridge {enable | disable}
Sets how the radio (in repeater mode) connect to a
root AP or repeater.
auto: to have the Zyxel Device automatically use the
settings in the applied WDS profile to connect to a
root AP or repeater.
manual: to have the Zyxel Device connect to the root
AP or repeater with the specified MAC address. You
need to configure the MAC address of the root AP or
repeater with which you want the Zyxel Device to
associate.
Enables or disables wireless bridging on the specified
radio (slot_name). The Zyxel Device must support LAN
provision and the radio must be in repeater mode.
VLAN and bridge interfaces are created
automatically according to the LAN port’s VLAN
settings.
When wireless bridging is enabled, the Zyxel Device in
repeater mode can still transmit data through its
Ethernet port(s) after the WDS link is up. This allows you
to extend your wired ne twork to a new area wirele ssly,
when it is difficult to run cables to that area.
show wlan slot_name
show wlan slot_name detail
show wlan slot_name list all sta
show wlan country-code
show wlan channels {11A|11G}
show wlan channels {11A|11G} [cw {20|20/
40|20/40/80|20/40/80/160}] [country
country_code] [indoor|outdoor]
show wlan radio macaddr
show wireless-hal current channel
show wireless-hal station info
show wireless-hal station number
The Zyxel Devices in the same WDS must use the same
static VLAN ID.
Note: Be careful to avoid bridge loops. A bridge
loop occurs when there are two layer-2
paths between the same endpoints,
causing broadcast packets to be send
back and forth indefinitely.
Displays the operating mode and profile settings for
the specified radio.
Displays the SSID, MAC address, VLAN ID and security
mode for the specified radio.
Displays statistics for the specified radio’s wireless
traffic.
Displays the country code of the Zyxel Device.
Displays the channels available for the specified
frequency band.
Displays the channels available for the specified
frequency band, channel width, and/or country. You
can also specify whether the channels are for indoor
or outdoor use.
Displays the MAC address(es) assigned to the Zyxel
Device’s radio(s).
Displays the channel number the Zyxel Devi ce’s radio
is using.
Displays the connected station information of the
Zyxel Device’s radio.
Displays the number of wireless clients that are
currently connected to the Zyxel Device.
NWA/WAC/WAX Series CLI Reference Guide
58
Chapter 10 AP Management
Table 23 Command Summary: AP Management (continued)
COMMAND DESCRIPTION
show wireless-hal statistic
show wireless-hal wds info {all | downlink
| uplink}
show wireless-hal wds interface {all |
downlink | uplink}
show wireless-hal wds number
Displays the overall traffic information of the Zyxel
Device’s radio.
Displays the WDS traffic statistics between the Zyxel
Device and a root AP or repeaters
Uplink refers to the WDS link from the repeaters to the
root AP.
Downlink refers to the WDS link from the root AP to the
repeaters.
Displays status information for the WDS links.
Uplink refers to the WDS link from the repeaters to the
root AP.
Downlink refers to the WDS link from the root AP to the
repeaters.
Displays the number of the root AP or repeater to
which the Zyxel Device is connected using WDS.
10.2.1 AP Management Commands Example
The following commands display:
• number of currently connected wireless clients
• connection information
• overall traffic information of the Zyxel Device’s radio.
Use these commands to monitor the current wireless LAN status and connection of the Zyxel Device.
The following command displays the number of currently connected wireless clients of each radio slot (Slot1 - 2.4
GHz, Slot2 - 5 GHz).
Router# configure terminal
Router(config)# show wireless-hal station number
Slot1: 0
Slot2: 1
NWA/WAC/WAX Series CLI Reference Guide
59
Chapter 10 AP Management
The following command displays the identity information of currently connected clients and connection details. This
can help you identify the wireless clients connected to the Zyxel Device and check on respective connection
statuses.
Router# configure terminal
!Shows the connected clients’ info & connection info
Router(config)# show wireless-hal station info
index: 0
MAC: a1:bc:2d:3e:f4:56
IPv4: 123.45.67.89
Slot: 2
SSID: Zyxel
Security: WPA2-PSK
TxRate: 866M
RxRate: 650M
RSSI: 100
RSSI dBm: -44
Time: 13:11:21 2021/11/01
VapIdx: 1
Capability: 802.11ac
DOT11 features: N/A
Display SSID: Zyxel
The following command displays the overall throughput, traffic and signal information. You can use this command to
check if there is any abnormal traffic or connection error.
Router# configure terminal
!Shows the overall traffic info
Router(config)# show wireless-hal statistic
Slot: 1
ReceivedPktCount: 0
TransmittedPktCount: 0
wlanReceivedByte: 0
wlanTransmittedByte: 0
RetryCount: 0
FCSErrorCount: 0
TxPower: 24
Channel Utilization: 61
Slot: 2
ReceivedPktCount: 8053
TransmittedPktCount: 24746
wlanReceivedByte: 3302967
wlanTransmittedByte: 3203254
RetryCount: 0
FCSErrorCount: 193
TxPower: 23
Channel Utilization: 14
NWA/WAC/WAX Series CLI Reference Guide
60
10.3 AP Management Client Commands
The following table describes the commands available for configuring CAPWAP AP settings. You must use the
configure terminal command to enter the configuration mode before you can use these commands.
Table 24 Command Summary: CAPWAP AP Commands
COMMAND DESCRIPTION
capwap ap ac-ip {primary ip secondary ip
| auto}
capwap ap vlan ip address {ip subnet_mask
| dhcp}
capwap ap vlan [no] ip gateway ip
capwap ap vlan [no] ipv6 address
ipv6_addr/prefix
capwap ap vlan [no] ipv6 dhcp6 {addressrequest | client}
capwap ap vlan [no] ipv6 dhcp6-requestobject dhcp6_profile
capwap ap vlan [no] ipv6 enable
capwap ap vlan [no] ipv6 gateway ipv6_addr
capwap ap vlan [no] ipv6 nd ra accept
capwap ap vlan vlan-id <1..4094> [tag |
untag]
hybrid-mode [managed | standalone]
Sets the AP controller’s address or sets the Zyxel Device
(in managed mode) to use DHCP option 138 to get
the AP controller’s IP address.
Sets the IP address of the Zyxel Device or sets it to use
DHCP.
Adds the gateway address of the Zyxel Device. The no
command removes the gateway setting.
Sets the IPv6 address and the prefix length of the Zyxel
Device.
The no command removes the IPv6 address settings.
Set the Zyxel Device to act as a DHCPv6 client or get
an IPv6 address from a DHCPv6 server.
The no command sets the Zyxel Device to not get the
IPv6 address from the DHCPv6 server.
Sets the profile of DHCPv6 request settings that
determine what additional information to get from the
DHCPv6 server.
The no command removes the DHCPv6 request
settings profile.
Enables IPv6 stateless auto-configuration on the Zyxel
Device. The Zyxel Device will generate an IPv6 address
itself from a prefix obtained from an IPv6 router in the
network.
The no command disables IPv6 stateless autoconfiguration.
Sets the IPv6 address of the default outgoing gateway.
The no command removes the IPv6 gateway settings.
Sets the Zyxel Device to accept IPv6 neighbor
discovery router advertisement messages.
The no command sets the Zyxel Device to discard IPv6
neighbor discovery router advertisement messages.
Sets the VLAN ID and tagging setting of the Zyxel
Device.
Sets the Zyxel Device to act as a CAPWAP managed
AP, or uses it in its default standalone mode.
When the Zyxel Device is in standalone mode, you can
manage the Zyxel Device using its own web
configurator or commands.
show capwap ap info
show capwap ap discovery-type
When the Zyxel Device is in managed mode, it can be
configured ONLY by the AP controller.
Displays information about the Zyxel Device’s wireless
usage.
Displays how the Zyxel Device gets its IP address.
NWA/WAC/WAX Series CLI Reference Guide
61
Chapter 10 AP Management
Table 24 Command Summary: CAPWAP AP Commands (continued)
COMMAND DESCRIPTION
show capwap ap ac-ip
show hybrid-mode
Displays the controller’s IP address.
Displays the Zyxel Device management mode.
10.3.1 AP Management Client Commands Example
The following example shows you how to configure the Zyxel Device management mode to allow it to be managed
by an AP controller and check the Zyxel Device management mode.
Router# configure terminal
Router(config)# hybrid-mode managed
Router(config)# show hybrid-mode
mode: managed
Router(config)#
The following example shows you how to configure the interface of the Zyxel Device, set the AP controller IP address
and display the related settings.
Router# configure terminal
Router(config)# show capwap_wtp ap discovery-type
Discovery type : Broadcast
Router(config)# capwap ap vlan ip address 192.168.1.37 255.255.255.0
Router(config)# capwap ap vlan ip gateway 192.168.1.32
Router(config)# capwap ap ac-ip 192.168.1.1 192.168.1.2
Router(config)# show capwap ap discovery-type
Discovery type : Static AC IP
Router(config)# show capwap ap ac-ip
AC IP: 192.168.1.1 192.168.1.2
Router(config)# exit
Router# show capwap ap info
SM-State RUN(8)
msg-buf-usage 0/10 (Usage/Max)
capwap-version 10118
Radio Number 1/4 (Usage/Max)
BSS Number 8/8 (Usage/Max)
IANA ID 037a
Description AP-0013499999FF
NWA/WAC/WAX Series CLI Reference Guide
62
Chapter 11 Wireless LAN Profiles
CHAPTER 11
Wireless LAN Profiles
This chapter shows you how to configure wireless LAN profiles on your Zyxel Device.
11.1 Wireless LAN Profiles Overview
The Zyxel Devices are designed to work explicitly with your Zyxel Devices. If you do not have on-board configuration
files, you must create “profiles” to manage them. Profiles are preset configurations that are uploaded to the APs and
which manage them. They include: Radio and Monitor profiles, SSID profiles, Security profiles, and MAC Filter profiles.
Altogether, these profiles give you absolute control over your wireless network.
11.2 AP Radio & Monitor Profile Commands
The radio profile commands allow you to set up configurations for the radios onboard your various APs. The monitor
profile commands allow you to set up monitor mode configurations that allow your APS to scan for other APs in the
vicinity.
The following table identifies the values required for many of these commands. Other input values are discussed with
the corresponding commands.
Table 25 Input Values for General Radio and Monitor Profile Commands
LABEL DESCRIPTION
radio_profile_name
monitor_profile_name
wireless_channel_2g
wireless_channel_5g
wlan_cw
wlan_htgi
chain_mask
scan_method
The radio profile name. You may use 1-31 alphanumeric characters, underscores
(
_), or dashes (-), but the first character cannot be a number. This value is case-
sensitive.
The monitor profile name. You may use 1-31 alphanumeric characters, underscores
(
_), or dashes (-), but the first character cannot be a number. This value is case-
sensitive.
Sets the 2 Ghz channel used by this radio profile. The channel range is 1 ~ 14.
Note: Your choice of channel may be restricted by regional regulations.
Sets the 5 Ghz channel used by this radio profile. The channel range is 36 ~ 165.
Note: Your choice of channel may be restricted by regional regulations.
Sets the channel width. Select either 20, 20/40, 20/40/80, or 20/40/80/160.
Sets the HT guard interval. Select either long or short.
Sets the network traffic chain mask. The range is 1 ~ 7.
Sets the radio’s scan method while in Monitor mode. Select manual or auto.
NWA/WAC/WAX Series CLI Reference Guide
63
Chapter 11 Wireless LAN Profiles
Table 25 Input Values for General Radio and Monitor Profile Commands (continued)
LABEL DESCRIPTION
wlan_interface_index
wds_lan_interface_ind
Sets the radio interface index number. The range is 1 ~ 8.
Sets the AP-WDS mode interface’s index number. The range is 1 ~ 8.
ex
The following table describes the commands available for radio and monitor profile management. You must use the
configure terminal command to enter the configuration mode before you can use these commands.
Table 26 Command Summary: Radio Profile
COMMAND DESCRIPTION
show wlan-radio-profile {all | rule_count
| [radio_profile_name]}
wlan-radio-profile rename
radio_profile_name1 radio_profile_name2
[no] wlan-radio-profile
radio_profile_name
2g-channel wireless_channel_2g
2g-multicast-speed
wlan_2g_support_speed
2g-wlan-rate-control rate_2g
5g-channel wireless_channel_5g
5g-multicast-speed
wlan_5g_basic_speed
5g-wlan-rate-control rate_5g
Displays the radio profile(s).
all: Displays all radio profiles created on the Zyxel
Device.
rule_count: Displays how many radio profiles are
created on the Zyxel Device.
radio_profile_name: Displays the specified radio
profile.
Gives an existing radio profile
(radio_profile_name1) a new name
(radio_profile_name2).
Enters configuration mode for the specified radio
profile. Use the no parameter to remove the specified
profile.
Sets the broadcast band for this profile in the 2.4 Ghz
frequency range. The default is 6.
When you disable multicast to unicast, use this
command to set the data rate {1.0 | 2.0 | …} in
Mbps for 2.4 GHz multicast traffic.
Sets the minimum data rate that 2.4Ghz WiFi clients
can connect at, in Mbps. At the time of write, allowed
values are: 1, 2,5. 5, 6, 9, 11, 12, 18, 24, 36, 48, 54.
Increasing the minimum data rate can reduce
network overhead and improve WiFi network
performance in high density environments. However,
WiFi clients that do not support the minimum data rate
will not be able to connect to the AP.
Sets the broadcast band for this profile in the 5 GHz
frequency range.
When you disable multicast to unicast, use this
command to set the data rate {6.0 | 9.0 | …} in
Mbps for 5 GHz multicast traffic.
Sets the minimum data rate that 5Ghz WiFi clients can
connect at, in Mbps. At the time of write, allowed
values are: 6,9, 12, 18, 24, 36, 48, 54.
[no] activate
Increasing the minimum data rate can reduce
network overhead and improve WiFi network
performance in high density environments. However,
WiFi clients that do not support the minimum data rate
will not be able to connect to the AP.
Makes this profile active or inactive.
NWA/WAC/WAX Series CLI Reference Guide
64
Chapter 11 Wireless LAN Profiles
Table 26 Command Summary: Radio Profile (continued)
COMMAND DESCRIPTION
[no] ampdu
[no] amsdu
band wlan_band band_mode
wlan_band_mode
beacon-interval <40..1000>
[no] block-ack
bss-color <0..63>
[no] disable-bss-color
ch-width wlan_cw
Activates MPDU frame aggregation for this profile. Use
the no parameter to disable it.
Message Protocol Data Unit (MPDU) aggregation
collects Ethernet frames along with their 802.11n
headers and wraps them in a 802.11n MAC header.
This method is useful for increasing bandwidth
throughput in environments that are prone to high
error rates.
By default this is enabled.
Activates MPDU frame aggregation for this profile. Use
the no parameter to disable it.
Mac Service Data Unit (MSDU) aggregation collects
Ethernet frames without any of their 802.11n headers
and wraps the header-less payload in a single 802.11n
MAC header. This method is useful for increasing
bandwidth throughput. It is also more efficient than AMPDU except in environments that are prone to high
error rates.
By default this is enabled.
Sets the radio band (2.4 GHz or 5 GHz) and 80.211
wireless mode for this profile.
wlan_band: 2.4G or 5G
wlan_band_mode: 11n, bg, bgn, a, ac, an, anacax,
bgnax
Sets the beacon interval for this profile.
When a wirelessly networked device sends a beacon,
it includes with it a beacon interval. This specifies the
time period before the device sends the beacon
again. The interval tells receiving devices on the
network how long they can wait in low-power mode
before waking up to handle the beacon. This value
can be set from 40ms to 1000ms. A high value helps
save current consumption of the access point.
The default is 100.
Makes block-ack active or inactive. Use the no
parameter to disable it.
Sets the BSS color of the Zyxel Device, which
distinguishes it from other nearby APs when they
transmit over the same channel. Set it to 0 to
automatically assign a BSS color.
Disables BSS coloring.
Use the no command to enable BSS coloring.
Sets the channel width for this profile.
NWA/WAC/WAX Series CLI Reference Guide
65
Chapter 11 Wireless LAN Profiles
Table 26 Command Summary: Radio Profile (continued)
COMMAND DESCRIPTION
[no] ctsrts <0..2347>
dcs time-interval interval
dcs sensitivity-level {high|medium
|low}
dcs client-aware {enable|disable}
dcs channel-deployment {3-channel|4channel}
dcs 2g-selected-channel 2.4g_channels
dcs 5g-selected-channel 5g_channels
dcs dcs-2g-method {auto|manual}
dcs dcs-5g-method {auto|manual}
dcs dfs-aware {enable|disable}
dcs mode {interval|schedule}
Sets or removes the RTS/CTS value for this profile.
Use RTS/CTS to reduce data collisions on the wireless
network if you have wireless clients that are associated
with the same AP but out of range of one another.
When enabled, a wireless client sends an RTS (Request
To Send) and then waits for a CTS (Clear To Send)
before it transmits. This stops wireless clients from
transmitting packets at the same time (and causing
data collisions).
A wireless client sends an RTS for all packets larger than
the number (of bytes) that you enter here. Set the RTS/
CTS equal to or higher than the fragmentation
threshold to turn RTS/CTS off.
The default is 2347.
Sets the interval that specifies how often DCS should
run.
Sets how sensitive DCS is to radio channel changes in
the vicinity of the AP running the scan.
When enabled, this ensures that the Zyxel Device will
not change channels as long as a client is connected
to it. If disabled, the Zyxel Device may change
channels regardless of wheth er it has clients
connected to it or not.
Sets either a 3-channel deployment or a 4-channel
deployment.
In a 3-channel deployment, the AP running the scan
alternates between the following channels: 1, 6, and
11.
In a 4-channel deployment, the AP running the scan
alternates between the following channels: 1, 4, 7, and
11 (FCC) or 1, 5, 9, and 13 (ETSI).
Set the option that is applicable to your region.
(Channel deployment may be regulated differently
between countries and locales.)
Specifies the channels that are available in the 2.4
GHz band when you manually configure the channels
the Zyxel Device can use.
Specifies the channels that are available in the 5 GHz
band when you manually configure the channels the
Zyxel Device can use.
Sets the Zyxel Device to automatically search for
available channels or manually configure the
channels the Zyxel Device uses in the 2.4 GHz band.
Sets the Zyxel Device to automatically search for
available channels or manually configure the
channels the Zyxel Device uses in the 5 GHz band.
Enable this to allow an Zyxel Device to avoid phase
DFS channels below the 5 GHz spectrum.
Sets the Zyxel Device to use DCS at the end of the
specified time interval or at a specific time on selected
days of the week.
NWA/WAC/WAX Series CLI Reference Guide
66
Chapter 11 Wireless LAN Profiles
Table 26 Command Summary: Radio Profile (continued)
COMMAND DESCRIPTION
dcs schedule <hh:mm>
{mon|tue|wed|thu|fri|sat|sun}
description description
[no] disable-dfs-switch
[no] dot11n-disable-coexistence
dtim-period <1..255>
Sets what time of day (in 24-hour format) the Zyxel
Device starts to use DCS on the specified day(s) of the
week.
Sets the description for the profile. You may use up to
60 alphanumeric characters, underscores (_), or
dashes (-). This value is case-sensitive
Makes the DFS switch active or inactive. By default this
is inactive.
Fixes the channel bandwidth as 40 MHz. The no
command has the Zyxel Device automatically choose
40 MHz if all the clients support it or 20 MHz if some
clients only support 20 MHz.
Sets the DTIM period for this profile.
Delivery Traffic Indication Message (DTIM) is the time
period after which broadcast and multicast packets
are transmitted to mobile clients in the Active Power
Management mode. A high DTIM value can cause
clients to lose connectivity with the network. This value
can be set from 1 to 255.
[no] frag <256..2346>
guard-interval wlan_htgi
[no] htprotect
[no] ignore-country-ie
limit-ampdu < 100..65535>
limit-amsdu <2290..4096>
[no] nol-channel-block
The default is 1.
Sets or removes the fragmentation value for this profile.
The threshold (number of bytes) for the fragmentation
boundary for directed messages. It is the maximum
data fragment size that can be sent.
The default is 2346.
Sets the guard interval for this profile.
The default for this is short.
Activates HT protection for this profile. Use the no
parameter to disable it.
By default, this is disabled.
Prevents the AP from broadcasting a country code,
also called a country Information Element (IE), in
beacon frames. This makes the AP incompatible with
802.11d networks and devices. The
allows the AP to broadcast the country code.
802.11d is a WiFi network specification that allows an
AP to broadcast a country code to WiFi clients. The
country code tells clients where the AP is located.
no command
Note: Run this command if WiFi clients are
unable to connect to the AP because of
an incompatible country code.
Sets the maximum frame size to be aggregated.
By default this is 50000.
Sets the maximum frame size to be aggregated.
The default is 4096.
Enables or disables DFS channel blocking when the
Zyxel Device detects radar signals within the range of
that DFS channel.
NWA/WAC/WAX Series CLI Reference Guide
67
Chapter 11 Wireless LAN Profiles
Table 26 Command Summary: Radio Profile (continued)
COMMAND DESCRIPTION
[no] multicast-to-unicast
[no] reject-legacy-station
role {ap}
rssi-dbm <-20~-105>
“Multicast to unicast” broadcasts wireless multicast
traffic to all wireless clients as unicast traffic to provide
more reliable transmission. The data rate changes
dynamically based on the application’s bandwidth
requirements. Although unicast provides more reliable
transmission of the multicast traffic, it also produces
duplicate packets.
The no command turns multicast to unicast off to send
wireless multicast traffic at the rate you specify with
the 2g-multicast-speed or 5g-multicast-speed
command.
Allows only 802.11 n/ac/ax clients to connect, and
reject 802.11a/b/g clients.
Use the no command to also allow 802.11a/b/g
clients.
Sets the profile’s wireless LAN radio operating mode.
Use ap to have the radio function as an access point
with one or more BSSIDs.
When using the RSSI threshold, set a minimum client
signal strength for connecting to the AP.
rssi-kickout <-20~-105>
[no] rssi-retry
rssi-retrycount <1~100>
[no] rssi-thres
tx-mask chain_mask
rx-mask chain_mask
subframe-ampdu <2..64>
exit
show wlan-monitor-profile {all|rule_count
|[monitor_profile_name]}
-20 dBm is the strongest signal you can require and 105 is the weakest.
Sets a minimum kick-off signal strength. When a
wireless client’s signal strength is lower than the
specified threshold, the Zyxel Device disconnects the
wireless client.
-20 dBm is the strongest signal you can require and 105 is the weakest.
Allows a wireless client to try to associate with the Zyxel
Device again after it is disconnected due to weak
signal strength.
Use the no parameter to disallow it.
Sets the maximum number of times a wireless client
can attempt to re-connect to the Zyxel Device.
Sets whether or not to use the Received Signal
Strength Indication (RSSI) threshold to ensure wireless
clients receive good throughput. This allows only
wireless clients with a strong signal to connect to the
Zyxel Device.
Sets the outgoing chain mask.
Sets the incoming chain mask.
Sets the maximum number of frames to be
aggregated each time.
By default this is 32.
Exits configuration mode for this profile.
Displays all monitor profiles or just the specified one.
rule_count: Displays how many monitor profiles are
created on the Zyxel Device.
NWA/WAC/WAX Series CLI Reference Guide
68
Chapter 11 Wireless LAN Profiles
Table 26 Command Summary: Radio Profile (continued)
COMMAND DESCRIPTION
wlan-monitor-profile rename
monitor_profile_name1
monitor_profile_name2
[no] wlan-monitor-profile
monitor_profile_name
[no] activate
description description
scan-method scan_method
[no] 2g-scan-channel
wireless_channel_2g
[no] 5g-scan-channel
wireless_channel_5g
scan-dwell <100..1000>
exit
Gives an existing monitor profile
(monitor_profile_name1) a new name
(monitor_profile_name2).
Enters configuration mode for the specified monitor
profile. Use the no parameter to remove the specified
profile.
Makes this profile active or inactive.
By default, this is enabled.
Sets the description for the profile. You may use up to
60 alphanumeric characters, underscores (_), or
dashes (-). This value is case-sensitive
Sets the channel scanning method for this profile.
Sets the broadcast band for this profile in the 2.4 Ghz
frequency range. Use the no parameter to disable it.
Sets the broadcast band for this profile in the 5 GHz
frequency range. Use the no parameter to disable it.
Sets the duration in milliseconds that the device using
this profile scans each channel.
Exits configuration mode for this profile.
11.2.1 AP radio & Monitor Profile Commands Example
The following example shows you how to set up the radio profile named ‘RADIO01’, activate it, and configure it to
use the following settings:
• 2.4G band and 802.11ac wireless mode with channel 6
• channel width of 20MHz
• a DTIM period of 2
• a beacon interval of 100ms
• AMPDU frame aggregation enabled
• an AMPDU buffer limit of 65535 bytes
• an AMPDU subframe limit of 64 frames
• AMSDU frame aggregation enabled
• an AMSDU buffer limit of 4096
• block acknowledgement enabled
NWA/WAC/WAX Series CLI Reference Guide
69
Chapter 11 Wireless LAN Profiles
• a short guard interval
Router(config)# wlan-radio-profile RADIO01
Router(config-profile-radio)# activate
Router(config-profile-radio)# band 2.4G band_mode ac
Router(config-profile-radio)# 2g-channel 6
Router(config-profile-radio)# ch-width 20m
Router(config-profile-radio)# dtim-period 2
Router(config-profile-radio)# beacon-interval 100
Router(config-profile-radio)# ampdu
Router(config-profile-radio)# limit-ampdu 65535
Router(config-profile-radio)# subframe-ampdu 64
Router(config-profile-radio)# amsdu
Router(config-profile-radio)# limit-amsdu 4096
Router(config-profile-radio)# block-ack
Router(config-profile-radio)# guard-interval short
Router(config-profile-radio)# tx-mask 5
Router(config-profile-radio)# rx-mask 7
11.3 SSID Profile Commands
The following table identifies the values required for many of these commands. Other input values are discussed with
the corresponding commands.
Table 27 Input Values for General SSID Profile Commands
LABEL DESCRIPTION
ssid_profile_name
ssid
wlan_qos
securityprofile
The SSID profile name. You may use 1-31 alphanumeric characters, underscores
(
_), or dashes (-), but the first character cannot be a number. This value is case-
sensitive.
The SSID broadcast name. You may use 1-32 alphanumeric characters,
underscores (
Sets the type of QoS the SSID should use.
disable: Turns off QoS for this SSID.
wmm: Turns on QoS for this SSID. It automatically assigns Access Categories to
packets as the device inspects them in transit.
wmm_be: Assigns the “best effort” Access Category to all traffic moving through the
SSID regardless of origin.
wmm_bk: Assigns the “background” Access Category to all traffic moving through
the SSID regardless of origin.
wmm_vi: Assigns the “video” Access Category to all traffic moving through the SSID
regardless of origin.
wmm_vo: Assigns the “voice” Access Category to all traffic moving through the SSID
regardless of origin.
Assigns an existing security profile to the SSID profile. You may use 1-31
alphanumeric characters, underscores (
cannot be a number. This value is case-sensitive.
_), or dashes (-). This value is case-sensitive.
_), or dashes (-), but the first character
NWA/WAC/WAX Series CLI Reference Guide
70
Chapter 11 Wireless LAN Profiles
Table 27 Input Values for General SSID Profile Commands (continued)
LABEL DESCRIPTION
macfilterprofile
description2
Assigns an existing MAC filter profile to the SSID profile. You may use 1-31
alphanumeric characters, underscores (
cannot be a number. This value is case-sensitive.
Sets the description of the profile. You may use up to 60 alphanumeric characters,
underscores (
_), or dashes (-). This value is case-sensitive.
_), or dashes (-), but the first character
The following table describes the commands available for SSID profile management. You must use the configure
terminal
command to enter the configuration mode before you can use these commands.
Table 28 Command Summary: SSID Profile
COMMAND DESCRIPTION
show wlan-ssid-profile {all | rule_count |
ssid_profile_name}
wlan-ssid-profile rename
ssid_profile_name1 ssid_profile_name2
[no] wlan-ssid-profile ssid_profile_name
[no] block-intra
description description
[no] dot11k-v activate
downlink-rate-limit data_rate
exit
[no] hide
[no] l2isolation l2profile
[no] macfilter macfilterprofile
Displays the SSID profile(s).
all: Displays all profiles.
rule_count: Displays how many SSID profiles are
created on the Zyxel Device.
ssid_profile_name: Displays the specified profile.
Gives an existing SSID profile (ssid_profile_name1) a
new name (ssid_profile_name2).
Enters configuration mode for the specified SSID
profile. Use the no parameter to remove the specified
profile.
Enables intra-BSSID traffic blocking. Use the no
parameter to disable it in this profile.
By default this is disabled.
Sets a descriptive name for this profile.
Enable IEEE 802.11k/v assisted roaming on the Zyxel
Device. When the connected clients request 802.11k
neighbor lists, the Zyxel Device will response with a list
of neighbor APs that can be candidates for roaming.
Use the no parameter to disable it in this profile.
Sets the maximum incoming transmission data rate
(either in mbps or kbps) on a per-station basis.
Exits configuration mode for this profile.
Prevents the SSID from being publicly broadcast. Use
the no parameter to re-enable public broadcast of
the SSID in this profile.
By default this is disabled.
Assigns the specified layer-2 isolation profile to this SSID
profile. Use the no parameter to remove it.
By default, no layer-2 isolation profile is assigned.
Assigns the specified MAC filtering profile to this SSID
profile. Use the no parameter to remove it.
By default, no MAC filter is assigned.
NWA/WAC/WAX Series CLI Reference Guide
71
Chapter 11 Wireless LAN Profiles
Table 28 Command Summary: SSID Profile (continued)
COMMAND DESCRIPTION
[no] proxy-arp
qos wlan_qos
security securityprofile
ssid
[no] ssid-schedule
{mon|tue|wed|thu|fri|sat|sun}
{disable | enable} <hh:mm> <hh:mm>
Sets the Zyxel Device to answer ARP requests for an IP
address on behalf of a client associated with this SSID.
This can reduce broadcast traffic and improve
network performance.
Use the no parameter to disable Proxy ARP.
Sets the type of QoS used by this SSID.
Assigns the specified security profile to this SSID profile.
Sets the SSID. This is the name visible on the network to
wireless clients. Enter up to 32 characters, spaces and
underscores are allowed.
Enables the SSID schedule. Use the no parameter to
disable the SSID schedule.
Sets whether the SSID is enabled or disabled on each
day of the week. This also specifies the hour and
minute (in 24-hour format) to set the time period of
each day during which the SSID is enabled/enabled.
<hh:mm> <hh:mm>: If you set both start time and end
time to 00:00, it indicates a whole day event.
Note: The end time must be larger than the start
time.
[no] uapsd
uplink-rate-limit data_rate
[no] vlan-id <1..4094>
Enables Unscheduled Automatic Power Save Delivery
(U-APSD), which is also known a s WMM-Power Save.
This helps increase battery life for battery-powered
wireless clients connected to the Zyxel Device using
this SSID profile.
Use the no parameter to disable the U-APSD feature.
Sets the maximum outgoing transmission data rate
(either in mbps or kbps) on a per-station basis.
Applies to each SSID profile. If the VLAN ID is equal to
the AP’s native VLAN ID then traffic originating from
the SSID is not tagged.
The default VLAN ID is 1.
11.3.1 SSID Profile Example
The following example creates an SSID profile with the name ‘Zyxel’. It makes the assumption that both the security
profile (SECURITY01) and the MAC filter profile (MACFILTER01) already exist.
Router(config)# wlan-ssid-profile SSID01
Router(config-ssid-radio)# ssid Zyxel
Router(config-ssid-radio)# qos wmm
Router(config-ssid-radio)# security SECURITY01
Router(config-ssid-radio)# macfilter MACFILTER01
Router(config-ssid-radio)# exit
Router(config)#
NWA/WAC/WAX Series CLI Reference Guide
72
Chapter 11 Wireless LAN Profiles
11.4 Security Profile Commands
The following table identifies the values required for many of these commands. Other input values are discussed with
the corresponding commands.
Table 29 Input Values for General Security Profile Commands
LABEL DESCRIPTION
security_profile_name
wep_key
wpa_key
wpa_key_64
secret
auth-method
The following table describes the commands available for security profile management. You must use the
configure terminal command to enter the configuration mode before you can use these commands.
The security profile name. You may use 1-31 alphanumeric characters, underscores
(
_), or dashes (-), but the first character cannot be a number. This value is case-
sensitive.
Sets the WEP key encryption strength. Select either 64bit or 128bit.
Sets the WPA/WPA2 pre-shared key in ASCII. You may use 8~63 alphanumeric
characters. This value is case-sensitive.
Sets the WPA/WPA2 pre-shared key in HEX. You muse use 64 alphanumeric
characters.
Sets the shared secret used by your network’s RADIUS server.
The authentication method used by the security profile.
Table 30 Command Summary: Security Profile
COMMAND DESCRIPTION
show wlan-security-profile {all |
rule_count | [security_profile_name]}
wlan-security-profile rename
security_profile_name1
security_profile_name2
[no] wlan-security-profile
security_profile_name
[no] accounting interim-interval
<1..1440>
[no] accounting interim-update
description description
[no] dot11r activate
Displays the security profile(s).
all: Displays all profiles.
rule_count: Displays how many security profiles are
created on the Zyxel Device.
security_profile_name: Displays the specified
profile.
Gives existing security profile
(security_profile_name1) a new name,
(security_profile_name2).
Enters configuration mode for the specified security
profile. Use the no parameter to remove the specified
profile.
Sets the time interval for how often the Zyxel Device is
to send an interim update message with current client
statistics to the accounting server. Use the no
parameter to clear the interval setting.
Sets the Zyxel Device to send accounting update
messages to the accounting server at the specified
interval. Use the no parameter to disable it.
Sets the description for the profile. You may use up to
60 alphanumeric characters, underscores (_), or
dashes (-). This value is case-sensitive
Turns on IEEE 802.11r fast roaming on the Zyxel Device.
Use the no parameter to turn it off.
NWA/WAC/WAX Series CLI Reference Guide
73
Chapter 11 Wireless LAN Profiles
Table 30 Command Summary: Security Profile (continued)
COMMAND DESCRIPTION
[no] dot11r ft-over-ds activate
Sets the clients to communicate with the target AP
through the current AP (the Zyxel Device). The
communication between the client and the target AP
is carried in frames between the client and the current
AP, and is then sent to the target AP through the wired
Ethernet connection.
Use the no parameter to have the clients
communicate directly with the target AP.
Note: This command is applicable to the Zyxel
Devices running with firmware version 5.30
or later.
[no] dot11r over-the-ds activate
Sets the clients to communicate with the target AP
through the current AP (the Zyxel Device). The
communication between the client and the target AP
is carried in frames between the client and the current
AP, and is then sent to the target AP through the wired
Ethernet connection.
Use the no parameter to have the clients
communicate directly with the target AP.
[no] dot11w
dot11w-op <1..2>
[no] dot1x-eap
eap {external | internal auth_method}
group-key <30..30000>
Note: This command is applicable to the Zyxel
Devices running with firmware version
older than v5.30.
Data frames in 802.11 WLANs can be encrypted and
authenticated with WEP, WPA or WPA2. But 802.11
management frames, such as beacon/probe
response, association request, association response,
de-authentication and disassociation are always
unauthenticated and unencrypted. IEEE 802.11w
Protected Management Frames allows APs to use the
existing security mechanisms (encryption and
authentication methods defined in IEEE 802.11i WPA/
WPA2) to protect management frames. This helps
prevent wireless DoS attacks.
Enables management frame protection (MFP) to add
security to 802.11 management frames. Use the no
parameter to disable it.
Sets whether wireless clients have to support
management frame protection in order to access the
wireless network.
1: if you do not require the wireless clients to support
MFP. Management frames will be encrypted if the
clients support MFP.
2: wireless clients must support MFP in order to join the
Zyxel Device’s wireless network.
Enables 802.1x secure authentication. Use the no
parameter to disable it.
Sets the 802.1x authentication method.
Sets the interval (in seconds) at which the AP updates
the group WPA/WPA2 encryption key.
The default is 1800.
NWA/WAC/WAX Series CLI Reference Guide
74
Chapter 11 Wireless LAN Profiles
Table 30 Command Summary: Security Profile (continued)
COMMAND DESCRIPTION
idle <30..30000>
[no] mac-auth activate
mac-auth auth-method auth_method
mac-auth case account {upper | lower}
mac-auth case calling-station-id
{upper | lower}
mac-auth delimiter account {colon |
dash | none}
Sets the idle interval (in seconds) that a client can be
idle before authentication is discontinued.
The default is 3000.
MAC authentication has the AP use an external server
to authenticate wireless clients by their MAC
addresses. Users cannot get an IP address if the MAC
authentication fails. The no parameter turns it off.
RADIUS servers can require the MAC address in the
wireless client’s account (username/password) or
Calling Station ID RADIUS attribute.
Sets the authentication method for MAC
authentication.
Sets the case (upper or lower) the external server
requires for using MAC addresses as the account
username and password.
For example, use mac-auth case account upper
and mac-auth delimiter account dash if you need
to use a MAC address formatted like 00-11-AC-01-A011 as the username and password.
Sets the case (upper or lower) the external server
requires for letters in MAC addresses in the Calling
Station ID RADIUS attribute.
Specify the separator the external server uses for the
two-character pairs within MAC addresses used as the
account username and password.
mac-auth delimiter calling-station-id
{colon | dash | none}
mode {none | enhanced-open | wep |
wpa2 | wpa2-mix | wpa3}
[no] server-auth <1..2> activate
radius-attr nas-id string
radius-attr nas-ip ip
[no] reauth <30..30000>
server-auth <1..2> IPv4 port port
secret secret
[no] server-auth <1..2>
For example, use mac-auth case account upper
and mac-auth delimiter account dash if you need
to use a MAC address formatted like 00-11-AC-01-A011 as the username and password.
Select the separator the external server uses for the
pairs in MAC addresses in the Calling Station ID RADIUS
attribute.
Sets the security mode for this profile.
Activates server authentication. Use the no parameter
to deactivate.
Sets the NAS (Network Access Server) identifier
attribute if the RADIUS server requires the Zyxel Dev ice
to provide it. The NAS identifier is to identify the source
of access request. It could be the NAS’s fully qualified
domain name.
Sets the NAS (Network Access Server) IP address
attribute if the RADIUS server requires the Zyxel Dev ice
to provide it.
Sets the interval (in seconds) between authentication
requests.
The default is 0.
Sets the server authentication IPv4 port and shared
secret.
Clears the server authentication setting.
NWA/WAC/WAX Series CLI Reference Guide
75
Chapter 11 Wireless LAN Profiles
Table 30 Command Summary: Security Profile (continued)
COMMAND DESCRIPTION
[no] transition-mode
wep-auth-type {open | share}
wep <64 | 128> default-key <1..4>
wep-key <1..4> wep_key
Enables backward compatibility when used with
WPA3 or Enhanced Open security mode. WPA3 falls
back to WPA2, while Enhanced Open falls back to
open (none).
Use the no command to disable this feature.
Sets the authentication key type to either open or
share.
Sets the WEP encryption strength (64 or 128) and the
default key index (1 ~ 4).
If you select WEP-64 enter 10 hexadecimal digits in the
range of “A-F”, “a-f” and “0-9” (for example,
0x11AA22BB33) for each Key used; or enter 5 ASCII
characters (case sensitive) ranging from “a-z”, “A-Z”
and “0-9” (for example, MyKey) for each Key used.
If you select WEP-128 enter 26 hexadecimal digits in
the range of “A-F”, “a-f” and “0-9” (for example,
0x00112233445566778899AABBCC) for each Key used;
or enter 13 ASCII characters (case sensitive) ranging
from “a-z”, “A-Z” and “0-9” (for example,
MyKey12345678) for each Key used.
wpa-encrypt {aes | auto}
wpa-psk {wpa_key | wpa_key_64}
[no] wpa2-preauth
exit
You can save up to four different keys. Enter the
default-key (1 ~ 4) to save your WEP to one of
those four available slots.
Sets the WPA/WPA2 encryption cipher type.
auto: This automatically chooses the best available
cipher based on the cipher in use by the wireless client
that is attempting to make a connection.
aes: This is the Advanced Encryption Standard
encryption method, a newer more robust algorithm
than TKIP Not all wireless clients may support this.
Sets the WPA/WPA2 pre-shared key.
Enables pre-authentication to allow wireless clients to
switch APs without having to re-authenticate their
network connection. The RADIUS server puts a
temporary PMK Security Authorization cache on the
wireless clients. It contains their session ID and a preauthorized list of viable APs.
Use the no parameter to disable this.
Exits configuration mode for this profile.
NWA/WAC/WAX Series CLI Reference Guide
76
11.4.1 Security Profile Example
The following example creates a security profile with the name ‘SECURITY01’.
Router(config)# wlan-security-profile SECURITY01
Router(config-security-profile)# mode wpa2
Router(config-security-profile)# wpa-encrypt aes
Router(config-security-profile)# wpa-psk 12345678
Router(config-security-profile)# idle 3600
Router(config-security-profile)# reauth 1800
Router(config-security-profile)# group-key 1800
Router(config-security-profile)# exit
Router(config)#
11.5 MAC Filter Profile Commands
The following table identifies the values required for many of these commands. Other input values are discussed with
the corresponding commands.
Table 31 Input Values for General MAC Filter Profile Commands
LABEL DESCRIPTION
macfilter_profile_name
description
The MAC filter profile name. You may use 1-31 alphanumeric characters,
underscores (
value is case-sensitive.
Sets the description of the MAC address. You may use up to 60 alphanumeric
characters, underscores (
_), or dashes (-), but the first character cannot be a number. This
_), or dashes (-). This value is case-sensitive.
The following table describes the commands available for MAC filter profile management. You must use the
configure terminal command to enter the configuration mode before you can use these commands.
Table 32 Command Summary: MAC Filter Profile
COMMAND DESCRIPTION
show wlan-macfilter-profile {all |
rule_count | [macfilter_profile_name]}
wlan-macfilter-profile rename
macfilter_profile_name1
macfilter_profile_name2
[no] wlan-macfilter-profile
macfilter_profile_name
filter-action {allow | deny}
Displays the MAC filter profil e(s).
all: Displays all profiles.
rule_count: Displays how many MAC filter profiles are
created on the Zyxel Device.
macfilter_profile_name: Displays the specified
profile.
Gives an existing MAC filter profile
(macfilter_profile_name1) a new name
(macfilter_profile_name2).
Enters configuration mode fo r the specified MAC filter
profile. Use the no parameter to remove the specified
profile.
Permits the wireless client with the MAC addresses in
this profile to connect to the network through the
associated SSID; select deny to bl ock the wireless
clients with the specified MAC addresses.
The default is set to deny.
NWA/WAC/WAX Series CLI Reference Guide
77
Chapter 11 Wireless LAN Profiles
Table 32 Command Summary: MAC Filter Profile (continued)
COMMAND DESCRIPTION
[no] mac_addr [description
description]
exit
Specifies a MAC address associated with this profile.
You can also set a description for the MAC address.
Enter up to 60 characters. Spaces and underscores
allowed.
Exits configuration mode for this profile.
11.5.1 MAC Filter Profile Example
The following example creates a MAC filter profile with the name ‘MACFILTER01’ .
Router(config)# wlan-macfilter-profile MACFILTER01
Router(config-macfilter-profile)# filter-action deny
Router(config-macfilter-profile)# 01:02:03:04:05:06 description MAC01
Router(config-macfilter-profile)# 01:02:03:04:05:07 description MAC02
Router(config-macfilter-profile)# 01:02:03:04:05:08 description MAC03
Router(config-macfilter-profile)# exit
Router(config)#
11.6 Layer-2 Isolation Profile Commands
The following table identifies the values required for many of these commands. Other input values are discussed with
the corresponding commands.
Table 33 Input Values for General Layer-2 Isolation Profile Commands
LABEL DESCRIPTION
l2isolation_profile_n
ame
mac_address
description
The layer-2 isolation profile name. You may use 1-31 alphanumeric characters,
underscores (
value is case-sensitive.
The MAC address of the device that is allowed to communicate with the Zyxel
Device’s wireless clients. Enter 6 hexadecimal pairs separated by colons. You can
use 0-9, a-z and A-Z.
Sets the description name of MAC address in the profile. You may us e 1-60
alphanumeric characters, underscores (
_), or dashes (-), but the first character cannot be a number. This
_), or dashes (-).
NWA/WAC/WAX Series CLI Reference Guide
78
Chapter 11 Wireless LAN Profiles
The following table describes the commands available for Layer-2 Isolation profile management. You must use the
configure terminal command to enter the configuration mode before you can use these commands.
Table 34 Command Summary: Layer-2 Isolation Profile
COMMAND DESCRIPTION
show wlan-l2isolation-profile {all |
rule_count | [l2isolation_profile_name]}
wlan-l2isolation-profile rename
l2isolation_profile_name1
l2isolation_profile_name2
[no] wlan-l2isolation-profile
l2isolation_profile_name
[no] mac_address
description description
exit
Displays the layer-2 isolation profile(s) settings.
all: Displays settings of all layer-2 isolation profiles
configured on the Zyxel Device.
rule_count: Displays how many layer-2 isolation
profiles are created on the Zyxel Device.
l2isolation_profile_name: Displays settings of the
specified profile.
Gives the existing layer-2 isolation profile
(l2isolation_profile_name1) a new name,
(l2isolation_profile_name2).
Enters configuration mode for the specified layer-2
isolation profile. Use the no parameter to remove the
specified profile.
Sets the MAC address of the device that is allowed to
communicate with the Zyxel Device’s wireless clients in
this profile.
Sets the description name for the MAC address
associated with this profile.
Exits configuration mode for this profile.
11.6.1 Layer-2 Isolation Profile Example
The following example creates a layer-2 isolation profile with the name ‘test1’.
Router(config)# wlan-l2isolation-profile test1
Router(config-wlan-l2isolation test1)# 00:a0:c5:01:23:45
Router(config-wlan-l2isolation test1)# description user1
Router(config-wlan-l2isolation test1)# exit
Router(config)#
11.7 WDS Profile Commands
The following table identifies the values required for many of these commands. Other input values are discussed with
the corresponding commands.
Table 35 Input Values for General WDS Profile Commands
LABEL DESCRIPTION
wds_profile_name
The WDS profile name. You may use 1-31 alphanumeric characters, underscores
(
_), or dashes (-), but the first character cannot be a number. This value is case-
sensitive.
NWA/WAC/WAX Series CLI Reference Guide
79
Chapter 11 Wireless LAN Profiles
The following table describes the commands available for WDS profile management. You must use the configure
terminal
command to enter the configuration mode before you can use these commands.
Table 36 Command Summary: WDS Profile
COMMAND DESCRIPTION
show wlan-wds-profile {all | rule_count |
[wds_profile_name]}
wlan-wds-profile rename
wds_profile_name1 wds_profile_name2
[no] wlan-wds-profile wds_profile_name
psk psk
ssid ssid
exit
Displays the WDS profile(s) settings.
all: Displays settings of all WDS profiles configured on
the Zyxel Device.
rule_count: Displays how many WDS profiles are
created on the Zyxel Device.
wds_profile_name: Displays settings of the specified
profile.
Gives the existing WDS profile (wds_profile_name1) a
new name, (wds_profile_name2).
Enters configuration mode for the specified WDS profile.
Sets a pre-shared key of between 8 and 63 casesensitive ASCII characters (including spaces and
symbols) or 64 hexadecimal characters.The key is used
to encrypt the traffic between the APs.
Sets the SSID with which you want the Zyxel Device to
connect to a root AP or repeater to form a WDS.
Exits configuration mode for this profile.
11.7.1 WDS Profile Example
The following example creates a WDS profile with the name ‘WDS1’, and show s the profile settings.
Router(config)# wlan-wds-profile WDS1
Router(config-wlan-wds WDS1)# ssid Zyxel-WDS
Router(config-wlan-wds WDS1)# psk qwer1234
Router(config-wlan-wds WDS1)# exit
Router(config)# show wlan-wds-profile WDS1
wds profile: WDS1
reference: 0
Id: 2
Description:
WDS_SSID: Zyxel-WDS
WDS_PSK: qwer1234
Router(config)#
NWA/WAC/WAX Series CLI Reference Guide
80
CHAPTER 12
Rogue AP
This chapter shows you how to set up Rogue Access Point (AP) detection and containment.
12.1 Rogue AP Detection Overview
Rogue APs are wireless access points operating in a network’s coverage area that are not under the control of the
network’s administrators, and can potentially open holes in the network security. Attackers can take advantage of a
rogue AP’s weaker (or non-existent) security to gain illicit access to the network, or set up their own rogue APs in
order to capture information from wireless clients.
Conversely, a friendly AP is one that the Zyxel Device network administrator regards as non-threatening. This does not
necessarily mean the friendly AP must belong to the network managed by the Zyxel Device; rather, it is any
unmanaged AP within range of the Zyxel Device’s own wireless network that is allowed to operate without being
contained. This can include APs from neighboring companies, for example, or even APs maintained by your
company’s employees that operate outside of the established network.
12.2 Rogue AP Detection Commands
The following table identifies the values required for many of these commands. Other input values are discussed with
the corresponding commands.
Table 37 Input Values for Rogue AP Detection Commands
LABEL DESCRIPTION
ap_mac
description2
The following table describes the commands available for rogue AP detection. You must use the configure
terminal
Table 38 Command Summary: Rogue AP Detection
COMMAND DESCRIPTION
rogue-ap detection
command to enter the configuration mode before you can use these commands.
[no] activate
[no] ap-mode detection activate
Specifies the MAC address (in XX:XX:XX:XX:XX:XX or XX-XX-XX-XX-XX-XX format) of
the AP to be added to either the rogue AP or friendly AP list. The no command
removes the entry.
Sets the description of the AP. You may use 1-60 alphanumeric characters,
underscores (
_), or dashes (-). This value is case-sensitive.
Enters sub-command mode for rogue AP detection.
Activates rogue AP detection. Use the no parameter
to deactivate rogue AP detection.
Sets the Zyxel Device to detect Rogue APs in the
network.
Use the no parameter to disable rogue AP detection.
NWA/WAC/WAX Series CLI Reference Guide
81
Chapter 12 Rogue AP
Table 38 Command Summary: Rogue AP Detection (continued)
COMMAND DESCRIPTION
detect interval <10..1440>
friendly-ap ap_mac description2
no friendly-ap ap_mac
rogue-ap ap_mac description2
no rogue-ap ap_mac
[no] rogue-rule {hidden-ssid|ssidkeyword|weak-security}
[no] rogue-rule keyword <ssid>
exit
show rogue-ap detection keyword list
show rogue-ap detection monitoring
show rogue-ap detection list
Sets the time interval (in seconds) at which the Zyxel
Device scans for rogues APs.
Sets the device that owns the specified MAC address
as a friendly AP. You can also assign a description to
this entry on the friendly AP list.
Removes the device that owns the specified MAC
address from the friendly AP list.
Sets the device that owns the specified MAC address
as a rogue AP. You can also assign a description to this
entry on the rogue AP list.
Removes the device that owns the specified MAC
address from the rogue AP list.
Specifies the characteristic(s) an AP should have for
the Zyxel Device to classify it as a Rogue AP.
Use the no parameter to remove the classification rule.
Adds an SSID Keyword.
Use the no parameter to remove the SSID keyword.
Exits configuration mode for rogue AP detection.
Displays the SSID keyword(s) an AP should have for the
Zyxel Device to rule it as a Rogue AP.
Displays a table of detected APs and information
about them, such as their MAC addresses, when they
were last seen, and their SSIDs, to name a few.
Displays the specified rogue/friendly/all AP list.
{rogue|friendly|all}
show rogue-ap detection status
show rogue-ap detection info
Displays whether rogue AP detection is on or off.
Displays a summary of the number of detected
devices from the following categories: rogue, friendly,
ad-hoc, unclassified, and total.
12.2.1 Rogue AP Detection Examples
This example sets the device associated with MAC address 00:13:49:11:11:11 as a rogue AP, and the device
associated with MAC address 00:13:49:11:11:22 as a friendly AP. It then removes MAC address from the rogue AP list
with the assumption that it was misidentified.
Router(config)# rogue-ap detection
Router(config-detection)# rogue-ap 00:13:49:11:11:11 rogue
Router(config-detection)# friendly-ap 00:13:49:11:11:22 friendly
Router(config-detection)# no rogue-ap 00:13:49:11:11:11
Router(config-detection)# exit
NWA/WAC/WAX Series CLI Reference Guide
82
This example displays the rogue AP detection list.
Router(config)# show rogue-ap detection list rogue
no. mac description
contain
===========================================================================
1 00:13:49:18:15:5A
0
This example shows the friendly AP detection list.
Router(config)# show rogue-ap detection list friendly
no. mac description
===========================================================================
1 11:11:11:11:11:11 third floor
2 00:13:49:11:22:33
3 00:13:49:00:00:05
4 00:13:49:00:00:01
5 00:0D:0B:CB:39:33 dept1
This example shows the combined rogue and friendly AP detection list.
Router(config)# show rogue-ap detection list all
no. role mac description
===========================================================================
1 friendly-ap 11:11:11:11:11:11 third floor
2 friendly-ap 00:13:49:11:22:33
3 friendly-ap 00:13:49:00:00:05
4 friendly-ap 00:13:49:00:00:01
5 friendly-ap 00:0D:0B:CB:39:33 dept1
6 rogue-ap 00:13:49:18:15:5A
This example shows both the status of rogue AP detection and the summary of detected APs.
Router(config)# show rogue-ap detection status
rogue-ap detection status: on
Router(config)# show rogue-ap detection info
rogue ap: 1
friendly ap: 4
adhoc: 4
unclassified ap: 0
total devices: 0
12.3 Rogue AP Containment Overview
These commands enable rogue AP containment. You can use them to isolate a device that is flagged as a rogue
AP. They are global in that they apply to all managed APs on the network (all APs utilize the same containment list,
but only APs set to monitor mode can actively engage in containment of rogue APs). This means if we add a MAC
address of a device to the containment list, then every AP on the network will respect it.
NWA/WAC/WAX Series CLI Reference Guide
83
Note: Containing a rogue AP means broadcasting unviable login data at it, preventing legitimate
wireless clients from connecting to it. This is a kind of Denial of Service attack.
12.4 Rogue AP Containment Commands
The following table identifies the values required for many of these commands. Other input values are discussed with
the corresponding commands.
Table 39 Input Values for Rogue AP Containment Commands
LABEL DESCRIPTION
ap_mac
Specifies the MAC address (in XX:XX:XX:XX:XX:XX format) of the AP to be
contained. The no command removes the entry.
The following table describes the commands available for rogue AP containment. You must use the
terminal
Table 40 Command Summary: Rogue AP Containment
COMMAND DESCRIPTION
rogue-ap containment
show rogue-ap containment list
command to enter the configuration mode before you can use these commands.
Enters sub-command mode for rogue AP
containment.
[no] activate
[no] contain ap_mac
exit
Activates rogue AP containment. Use the no
parameter to deactivate rogue AP containment.
Isolates the device associated with the specified MAC
address. Use the no parameter to remove this device
from the containment list.
Exits configuration mode for rogue AP containment.
Displays the rogue AP containment list.
configure
12.4.1 Rogue AP Containment Example
This example contains the device associated with MAC address 00:13:49:11:11:12 then displays the containment list
for confirmation.
Router(config)# rogue-ap containment
Router(config-containment)# activate
Router(config-containment)# contain 00:13:49:11:11:12
Router(config-containment)# exit
Router(config)# show rogue-ap containment list
no. mac
=====================================================================
1 00:13:49:11:11:12
NWA/WAC/WAX Series CLI Reference Guide
84
Chapter 13 Wireless Frame Capture
CHAPTER 13
Wireless Frame Capture
This chapter shows you how to configure and use wireless frame capture on the Zyxel Device.
13.1 Wireless Frame Capture Overview
Troubleshooting wireless LAN issues has always been a challenge. Wireless sniffer tools like Ethereal can help capture
and decode packets of information, which can then be analyzed for debugging. It works well for local data traffic,
but if your devices are spaced increasingly farther away then it often becomes correspondingly difficult to attempt
remote debugging. Complicated wireless packet collection is arguably an arduous and perplexing process. The
wireless frame capture feature in the Zyxel Device can help.
This chapter describes the wireless frame capture commands, which allows a network administrator to capture
wireless traffic information and download it to an Ethereal/Tcpdump compatible format packet file for analysis.
13.2 Wireless Frame Capture Commands
The following table identifies the values required for many of these commands. Other input values are discussed with
the corresponding commands.
Table 41 Input Values for Wireless Frame Capture Commands
LABEL DESCRIPTION
ip_address
mon_file_size
file_name
The IP address of the Access Point (AP) that you want to monitor. Enter a standard
IPv4 IP address (for example, 192.168.1.2).
The size (in kbytes) of file to be captured.
It stops the capture and generates the capture file when either it reaches this size
or the total combined size of all files in the directory reaches the maximum size
which is 50 megabytes (51200 kbytes).
The file name prefix for each captured file. The default prefix is monitor while the
default file name is monitor.dump.
You can use 1-31 alphanumeric characters, underscores or dashes but the first
character cannot be a number. This string is case sensitive.
NWA/WAC/WAX Series CLI Reference Guide
85
Chapter 13 Wireless Frame Capture
The following table describes the commands available for wireless frame capture. You must use the configure
terminal
command to enter the configuration mode before you can use these commands.
Table 42 Command Summary: Wireless Frame Capture
COMMAND DESCRIPTION
frame-capture configure
src-ip add ip_address
file-prefix file_name
files-size mon_file_size
exit
[no] frame-capture activate
show frame-capture status
show frame-capture config
Enters sub-command mode for wireless frame
capture.
Sets the IP address of an AP controlled by the Zyxel
Device that you want to monitor. You can use this
command multiple times to add additional IPs to the
monitor list.
Sets the file name prefix for each captured file. Enter
up to 31 alphanumeric characters. Spaces and
underscores are not allowed.
Sets the size (in kbytes) of files to be captured.
Exits configuration mode for wireless frame capture.
Starts wireless frame capture. Use the no parameter to
turn it off.
Displays whether frame capture is running or not.
Displays the frame capture configuration.
13.2.1 Wireless Frame Capture Examples
This example configures the wireless frame capture parameters for an AP located at IP address 192.168.1.2.
Router(config)# frame-capture configure
Router(frame-capture)# src-ip add 192.168.1.2
Router(frame-capture)# file-prefix monitor
Router(frame-capture)# files-size 1000
Router(frame-capture)# exit
Router(config)#
This example shows frame capture status and configuration.
Router(config)# show frame-capture status
capture status: off
Router(config)# show frame-capture config
capture source: 192.168.1.2
file prefix: monitor
file size: 1000
NWA/WAC/WAX Series CLI Reference Guide
86
Chapter 14 Dynamic Channel Selection
CHAPTER 14
Dynamic Channel Selection
This chapter shows you how to configure and use dynamic channel selection on the Zyxel Device.
14.1 DCS Overview
Dynamic Channel Selection (DCS) is a feature that allows an AP to automatically select the radio channel upon
which it broadcasts by passively listening to the area around it and determining what channels are currently being
broadcast on by other devices.
When numerous APs broadcast within a given area, they introduce the possibility of heightened radio interference,
especially if some or all of them are broadcasting on the same radio channel. This can make accessing the network
potentially rather difficult for the stations connected to them. If the interference becomes too great, then the
network administrator must open his AP configuration options and manually change the channel to one that no
other AP is using (or at least a channel that has a lower level of interference) in order to give the connected stations
a minimum degree of channel interference.
14.2 DCS Commands
See Section 11.2 on page 63 for detailed information about how to configure DCS settings in a radio profile.
The following table describes the commands available for dynamic channel selection. You must use the
configure terminal command to enter the configuration mode before you can use these commands.
Table 43 Command Summary: DCS
COMMAND DESCRIPTION
dcs now
Sets the Zyxel Device to scan for and select an available channel
immediately.
NWA/WAC/WAX Series CLI Reference Guide
87
Chapter 15 Wireless Load Balancing
CHAPTER 15
Wireless Load Balancing
This chapter shows you how to configure wireless load balancing.
15.1 Wireless Load Balancing Overview
Wireless load balancing is the process whereby you limit the number of connections allowed on an wireless access
point (AP) or you limit the amount of wireless traffic transmitted and received on it. Because there is a hard upper
limit on the AP’s wireless bandwidth, this can be a crucial function in areas crowded with wireless users. Rather than
let every user connect and subsequently dilute the available bandwidth to the point where each connecting
device receives a meager trickle, the load balanced AP instead limits the incoming connections as a means to
maintain bandwidth integrity.
15.2 Wireless Load Balancing Commands
The following table describes the commands available for wireless load balancing. You must use the configure
terminal
Table 44 Command Summary: Load Balancing
COMMAND DESCRIPTION
[no] load-balancing kickout
load-balancing mode {station | traffic |
smart-classroom}
load-balancing max sta <1..127>
load-balancing traffic level {high | low |
medium}
command to enter the configuration mode before you can use these commands.
Enables an overloaded AP to disconnect (“kick”) idle
clients or clients with noticeably weak connections.
Enables load balancing based on either number of
stations (also known as wireless clients) or wireless
traffic on an AP.
station or traffic: once the threshold is crossed
(either the maximum station numbers or with network
traffic), the Zyxel Device delays association request
and authentication request packets from any new
station that attempts to make a connection.
smart-classroom: the Zyxel Device ignores
association request and authentication request
packets from any new station when the maximum
number of stations is reached.
If load balancing by the number of stations/wireless
clients, this sets the maximum number of devices
allowed to connect to a load-balanced AP.
If load balancing by traffic threshold, this sets the
traffic threshold level.
NWA/WAC/WAX Series CLI Reference Guide
88
Chapter 15 Wireless Load Balancing
Table 44 Command Summary: Load Balancing (continued)
COMMAND DESCRIPTION
load-balancing alpha <1..255>
Sets the load balancing alpha value.
When the AP is balanced, then this setting delays a
client’s association with it by this number of seconds.
Note: This parameter has been optimized for
the Zyxel Device and should not be
changed unless you have been
specifically directed to do so by Zyxel
support.
load-balancing beta <1..255>
Sets the load balancing beta value.
When the AP is overloaded, then this setting delays a
client’s association with it by this number of seconds.
Note: This parameter has been optimized for
the Zyxel Device and should not be
changed unless you have been
specifically directed to do so by Zyxel
support.
load-balancing sigma <51..100>
Sets the load balancing sigma value.
This value is algorithm parameter used to calculate
whether an AP is considered overloaded, balanced,
or underloaded. It only applies to ‘by traffic mode’.
load-balancing timeout <1..255>
load-balancing liInterval <1..255>
load-balancing kickInterval <1..255>
show load-balancing config
show load-balancing loading
[no] load-balancing activate
Note: This parameter has been optimized for
the Zyxel Device and should not be
changed unless you have been
specifically directed to do so by Zyxel
support.
Sets the length of time that an AP retains load
balancing information it receives from other APs within
its range.
Sets the interval in seconds that each AP
communicates with the other APs in its range for
calculating the load balancing algorithm.
Note: This parameter has been optimized for
the Zyxel Device and should not be
changed unless you have been
specifically directed to do so by Zyxel
support.
Enables the kickout feature for load balancing and
also sets the kickout interval in seconds. While load
balancing is enabled, the AP periodically disconnects
stations at intervals equal to this setting.
This occurs until the load balan cing threshold is no
longer exceeded.
Displays the load balancing configuration.
Displays the loading status per radio (underload /
balance / overload) when you enable the load
balancing function.
Enables load balancing. Use the no parameter to
disable it.
NWA/WAC/WAX Series CLI Reference Guide
89
Chapter 15 Wireless Load Balancing
15.2.1 Wireless Load Balancing Examples
The following example shows you how to configure AP load balancing in "by station" mode. The maximum number of
stations is set to 1.
Router(config)# load-balancing mode station
Router(config)# load-balancing max sta 1
Router(config)# show load-balancing config
load balancing config:
Activate: yes
Kickout: no
Mode: station
Max-sta: 1
Traffic-level: high
Alpha: 5
Beta: 10
Sigma: 60
Timeout: 20
LIInterval: 10
KickoutInterval: 20
The following example shows you how to configure AP load balancing in "by traffic" mode. The traffic level is set to
low, and "disassociate station" is enabled.
Router(config)# load-balancing mode traffic
Router(config)# load-balancing traffic level low
Router(config)# load-balancing kickout
Router(config)# show load-balancing config
load balancing config:
Activate: yes
Kickout: yes
Mode: traffic
Max-sta: 1
Traffic-level: low
Alpha: 5
Beta: 10
Sigma: 60
Timeout: 20
LIInterval: 10
KickoutInterval: 20
NWA/WAC/WAX Series CLI Reference Guide
90
This chapter shows you how to configure the iBeacon advertising settings for the Zyxel Device that
supports Bluetooth Low Energy (BLE). Bluetooth Low Energy, which is also known as Bluetooth Smart,
transmits less data over a shorter distance but consumes less power than classic Bluetooth.
On the WAC5302D-S, you need to attach a supported BLE USB dongle to its USB port to have the AP act
as a beacon to broadcast packets. Contact Zyxel customer support if you are not sure whether your BLE
USB dongle is compatible with the Zyxel Device.
16.1 Bluetooth Overview
iBeacon is Apple’s communication protocol on top of Bluetooth Low Energy wireless technology.
Beacons (Bluetooth radio transmitters) or BLE enabled devices broadcast packets to every device
around it to announce their presence. Advertising packets contain their iBeacon ID, which consists of
the Universally Unique Identifier (UUID), major number, and minor number. These packets also contain a
TX (transmit) power measured at a reference point, which is used to approximate a device’s distance
from the beacon. The UUID can be used to identify a service, a device, a manufacturer or an owner.
The 2-byte major number is to identify and distinguish a group, and the 2-byte minor number is to identify
and distinguish an individual.
CHAPTER 16
Bluetooth
For example, a company can set all its beacons to share the same UUID. The beacons in a particular
branch uses the same major number, and each beacon in a branch can have its own minor number.
COMPANY A
BRANCH X BRANCH Y
BEACON 1 BEACON 2 BEACON 3
UUID EBAECFAF-DFE0-4039-BE5A-F030EED4303C
Major 10 10 20
Minor 12 1
Developers can create apps that respond to the iBeacon ID that your Zyxel Device broadcasts. An app
that is associated with the Zyxel Device’s iBeacon ID can measure the proximity of a customer to a
beacon. This app can then push messages or trigger prompts and actions based on this information. This
allows you to send highly contextual and highly localized advertisements to customers.
NWA/WAC/WAX Series CLI Reference Guide
91
Chapter 16 Bluetooth
16.2 Bluetooth Commands
The following table describes the commands available for Bluetooth advertising settings. You must use
the configure terminal command before you can use these commands.
Table 45 Bluetooth Commands
COMMAND DESCRIPTION
ble slot_name
ibeacon index <1..5> no
activate
ibeacon index <1..5> activate
ibeacon index <1..5> uuid uuid
major <0..65535> minor
<0..65535>
show ble advertising
show ble uuid-gen
show ble status
Enters the Bluetooth sub-command mode for the specified radio
on the Zyxel Device.
Disables the specified iBeacon ID.
Enables the specified iBeacon ID.
Adds a new iBeacon ID to be included in the Bluetooth
advertising packets by specifying the UUID, major number and
minor number.
UUID: Enter 32 hexadecimal digits in the range of “A-F”, “a-f”
and “0-9”, split into five groups separated by hyphens (-). The
UUID format is as follows: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx (8-44-4-12).
Major/minor number: Enter an integer from 0 to 65535.
Displays the Bluetooth advertising settings (beacon IDs) of the
Zyxel Device.
Displays the UUID that is automatically generated by the Zyxel
Device.
Displays the Zyxel Device’s Bluetooth status and detailed
information.
16.2.1 Bluetooth Commands Example
The following example adds a beacon ID and displays the Bluetooth advertising settings.
Router(config)# show ble uuid-gen
UUID: 72F3CCD4-2D00-4158-8BA0-AF1A586E92AD
Router(config)# ble slot1
Router(config-ble-slot)# ibeacon index 1 uuid 72F3CCD4-2D00-4158-8BA0AF1A586E92AD major 1 minor 1
Router(config-ble-slot)# ibeacon index 1 activate
Router(config-ble-slot)# exit
Router(config)# show ble advertising
Slot Index Activate UUID Major Minor
=====================================================================
1 1 1 72F3CCD4-2D00-4158-8BA0-AF1A586E92AD 1 1
1 2 0 0 0
1 3 0 0 0
1 4 0 0 0
1 5 0 0 0
Router(config)#
NWA/WAC/WAX Series CLI Reference Guide
92
This chapter explains how to use the certificates.
17.1 Certificates Overview
The Zyxel Device can use certificates (also called digital IDs) to authenticate users. Certificates are
based on public-private key pairs. A certificate contains the certificate owner’s identity and public key.
Certificates provide a way to exchange public keys for use in authentication.
A Certification Authority (CA) issues certificates and guarantees the identity of each certificate owner.
There are commercial certification authorities like CyberTrust or VeriSign and government certification
authorities. You can use the Zyxel Device to generate certification requests that contain identifying
information and public keys and then send the certification requests to a certification authority.
CHAPTER 17
Certificates
17.2 Certificate Commands
This section describes the commands for configuring certificates.
17.3 Certificates Commands Input Values
The following table explains the values you can input with the certificate commands.
Table 46 Certificates Commands Input Values
LABEL DESCRIPTION
certificate_name
cn_address
cn_domain_name
cn_email
organizational_unit
The name of a certificate. You can use up to 31 alphanumeric and
;‘~!@#$%^&()_+[]{}’,.=-
A common name IP address identifies the certificate’s owner. Type the IP address
in dotted decimal notation.
A common name domain name identifies the certificate’s owner. The domain
name is for identification purposes only and can be any string. The domain name
can be up to 255 characters. You can use alphanumeric characters, the hyphen
and periods.
A common name e-mail address identifies the certificate’s owner. The e-mail
address is for identification purposes only and can be any string. The e-mail
address can be up to 63 characters. You can use alphanumeric characters, the
hyphen, the @ symbol, periods and the underscore.
Identify the organizational unit or department to which the certificate owner
belongs. You can use up to 31 characters. You can use alphanumeric characters,
the hyphen and the underscore.
characters.
NWA/WAC/WAX Series CLI Reference Guide
93
Chapter 17 Certificates
Table 46 Certificates Commands Input Values (continued)
LABEL DESCRIPTION
organization
country
key_length
password
ca_name
url
Identify the company or group to which the certificate owner belongs. You can
use up to 31 characters. You can use alphanumeric characters, the hyphen and
the underscore.
Identify the nation where the certificate owner is located. You can use up to 31
characters. You can use alphanumeric characters, the hyphen and the
underscore.
Type a number to determine how many bits the key should use (512 to 2048). The
longer the key, the more secure it is. A longer key also uses more PKI storage
space.
When you have the Zyxel Device enroll for a certificate immediately online, the
certification authority may want you to include a key (password) to identify your
certification request. Use up to 31 of the following characters. a-zA-Z09;|`~!@#$%^&*()_+\{}':,./<>=-
When you have the Zyxel Device enroll for a certificate immediately online, you
must have the certification authority’s certificate already imported as a trusted
certificate. Specify the name of the certification authority’s certificate. It can be
up to 31 alphanumeric and ;‘~!@#$%^&()_+[]{}’,.=-
When you have the Zyxel Device enroll for a certificate immediately online, enter
the IP address (or URL) of the certification authority server. You can use up to 511
of the following characters. a-zA-Z0-9'()+,/:.=?;!*#@$_%-
characters.
17.4 Certificates Commands Summary
The following table lists the commands that you can use to display and manage the Zyxel Device’s
summary list of certificates and certification requests. You can also create certificates or certification
requests. Use the
these commands.
Table 47 ca Commands Summary
COMMAND DESCRIPTION
ca enroll cmp name certificate_name cn-type
{ip cn cn_address|fqdn cn cn_domain_name|mail
cn cn_email} [ou organizational_unit] [o
organization] [c country] key-type {rsa|dsa}
key-len key_length num <0..99999999> password
password ca ca_name url url;
ca enroll scep name certificate_name cn-type
{ip cn cn_address|fqdn cn cn_domain_name|mail
cn cn_email} [ou organizational_unit] [o
organization] [c country] key-type {rsa|dsa}
key-len key_length password password ca
ca_name url url
ca generate pkcs10 name certificate_name cntype {ip cn cn_address|fqdn cn
cn_domain_name|mail cn cn_email} [ou
organizational_unit] [o organization] [c
country] key-type {rsa|rsa-sha256|rsa-
sha512|dsa|dsa-sha256} key-len key_length
[extend-key {svr-client-ike |svr-client|svrike|svr|client-ike|client |ike}]
configure terminal command to enter the configuration mode to be able to use
Enrolls a certificate with a CA using Certificate
Management Protocol (CMP). The certification
authority may want you to include a reference
number and key (password) to identify your
certification request.
Enrolls a certificate with a CA using Simple
Certificate Enrollment Protocol (SCEP). The
certification authority may want you to include
a key (password) to identify your certification
request.
Generates a PKCS#10 certification request.
NWA/WAC/WAX Series CLI Reference Guide
94
Chapter 17 Certificates
Table 47 ca Commands Summary (continued)
COMMAND DESCRIPTION
ca generate pkcs12 name name password password
ca generate x509 name certificate_name cn-type
Generates a PKCS#12 certificate.
Generates a self-signed x509 certificate.
{ip cn cn_address|fqdn cn cn_domain_name|mail
cn cn_email} [ou organizational_unit] [o
organization] [c country] key-type {rsa|rsasha256|rsa-sha512|dsa|dsa-sha256} key-len
key_length [extend-key {svr-client-ike |svrclient|svr-ike|svr|client-ike|client |ike}]
ca rename category {local|remote} old_name
new_name
ca validation remote_certificate
no ca category {local|remote} certificate_name
no ca validation name
show ca category {local|remote} name
certificate_name certpath
show ca category {local|remote} [name
certificate_name format {text|pem}]
show ca validation name name
show ca spaceusage
Renames a local (my certificates) or remote
(trusted certificates) certificate.
Enters the sub command mode for validation of
certificates signed by the specified remote
(trusted) certificates.
Deletes the specified local (my certificates) or
remote (trusted certificates) certificate.
Removes the validation configuration for the
specified remote (trusted) certificate.
Displays the certification path of the specified
local (my certificates) or remote (trusted
certificates) certificate.
Displays a summary of the certificates in the
specified category (local for my certificates or
remote for trusted certificates) or the details of a
specified certificate.
Displays the validation configuration for the
specified remote (trusted) certificate.
Displays the storage space in use by certificates.
17.5 Certificates Commands Examples
The following example creates a self-signed X.509 certificate with IP address 10.0.0.58 as the common
name. It uses the RSA key type with a 512 bit key. Then it displays the list of local certificates. Finally it
deletes the pkcs12request certification request.
Router# configure terminal
Router(config)# ca generate x509 name test_x509 cn-type ip cn 10.0.0.58 keytype rsa key-len 512
Router(config)# show ca category local
certificate: default
type: SELF
subject: CN=nwa3160-n_00134905820A
issuer: CN=nwa3160-n_00134905820A
status: EXPIRED
ID: nwa3160-n_00134905820A
type: EMAIL
valid from: 1970-01-01 02:09:16 GMT
valid to: 1989-12-27 02:09:16 GMT
Router(config)# no ca category local pkcs12request
NWA/WAC/WAX Series CLI Reference Guide
95
This chapter provides information on the commands that correspond to what you can configure in the
system screens.
18.1 System Overview
Use these commands to configure general Zyxel Device information, the system time and the console
port connection speed for a terminal emulation program. They also allow you to configure DNS settings
and determine which services/protocols can access which Zyxel Device zones (if any) from which
computers.
18.2 Host Name Commands
CHAPTER 18
System
The following table describes the commands available for the hostname and domain name. You must
use the
commands.
Table 48 Command Summary: Host Name
COMMAND DESCRIPTION
[no] domainname <domain_name>
[no] hostname <hostname>
show fqdn
configure terminal command to enter the configuration mode before you can use these
Sets the domain name. The no command removes the domain
name.
domain_name: This name can be up to 254 alphanumeric
characters long. Spaces are not allowed, but dashes “-” and
underscores “_” are accepted.
Sets a descriptive name to identify your Zyxel Device. The no
command removes the host name.
Displays the fully qualified domain name.
NWA/WAC/WAX Series CLI Reference Guide
96
Chapter 18 System
18.3 Roaming Group Commands
The following table describes the commands available for the roaming group. You must use the
configure terminal command to enter the configuration mode before you can use these
commands.
Table 49 Command Summary: Host Name
COMMAND DESCRIPTION
[no] roaming group group_name
Sets the name of the roaming group to which the Zyxel Device
belongs. The 802.11k neighbor list a client requests from the Zyxel
Device is generated according to the roaming group and RCPI
(Received Channel Power Indicator) value of its neighbor APs.
When a client wants to roam from the current AP to another, other
APs in the same roaming group or not in a roaming group will be
candidates for roaming. Neighbor APs in a different roaming group
will be excluded from the 802.11k neighbor lists even when the
neighbor AP has the best signal strength.
If the Zyxel Device’s roaming group is not configured, any neighbor
APs can be candidates for roaming.
The
no command removes the roaming group name.
show roaming group
18.4 Time and Date
For effective scheduling and logging, the Zyxel Device system time must be accurate. There is also a
software mechanism to set the time manually or get the current time and date from an external server.
18.4.1 Date/Time Commands
The following table describes the commands available for date and time setup. You must use the
configure terminal command to enter the configuration mode before you can use these
commands.
Table 50 Command Summary: Date/Time
COMMAND DESCRIPTION
clock date <yyyy-mm-dd> time <hh:mm:ss>
[no] clock daylight-saving
group_name: This name can be up to 31 alphanumeric and @#
characters. Dashes and underscores are also allowed. The name
should start with a letter or digit.
Displays the name of the roaming group to which the Zyxel Device
belongs.
Sets the new date in year, month and day
format manually and the new time in hour,
minute and second format.
Enables daylight saving. The no command
disables daylight saving.
NWA/WAC/WAX Series CLI Reference Guide
97
Chapter 18 System
Table 50 Command Summary: Date/Time (continued)
COMMAND DESCRIPTION
[no] clock saving-interval begin
{apr|aug|dec|feb|jan|jul|jun|mar|may|nov|oct|se
p} {1|2|3|4|last} {fri|mon|sat|sun|thu|tue|wed}
hh:mm end
{apr|aug|dec|feb|jan|jul|jun|mar|may|nov|oct|se
p} {1|2|3|4|last} {fri|mon|sat|sun|thu|tue|wed}
Configures the day and time when Daylight
Saving Time starts and ends. The
command removes the day and time when
Daylight Saving Time starts and ends.
offset: a number from 1 to 5.5 (by 0.5
increments)
hh:mm offset
clock time hh:mm:ss
[no] clock time-zone {-|+hh:mm}
[no] ntp
[no] ntp server {fqdn|w.x.y.z}
ntp sync
show clock date
show clock status
show clock time
show ntp server
Sets the new time in hour, minute and second
format.
Sets your time zone. The no command
removes time zone settings.
Saves your date and time and time zone
settings and updates the data and time every
24 hours. The
the data and time every 24 hours.
Sets the IP address or URL of your NTP time
server. The
information.
Gets the time and date from a NTP time
server.
Displays the current date of your Zyxel Device.
Displays your time zone and daylight saving
settings.
Displays the current time of your Zyxel Device.
Displays time server settings.
no
no command stops updating
no command removes time server
18.5 Console Port Speed
This section shows you how to set the console port speed when you connect to the Zyxel Device via the
console port using a terminal emulation program. The following table describes the console port
commands.
before you can use these commands.
Table 51 Command Summary: Console Port Speed
COMMAND DESCRIPTION
[no] console baud baud_rate
show console
You must use the configure terminal command to enter the configuration mode
NWA/WAC/WAX Series CLI Reference Guide
Sets the speed of the console port. The no
command resets the console port speed to the
default (115200).
baud_rate: 9600, 19200, 38400, 57600 or 115200.
Displays console port speed.
98
18.6 DNS Overview
DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice
versa. The DNS server is extremely important because without it, you must know the IP address of a
machine before you can access it.
18.6.1 DNS Commands
The following table identifies the values required for many of these commands. Other input values are
discussed with the corresponding commands.
Table 52 Input Values for General DNS Commands
LABEL DESCRIPTION
address_object
interface_name
The name of the IP address (group) object. You may use 1-31 alphanumeric characters,
underscores(
sensitive.
The name of the interface.
Ethernet interface: gex, x = 1 - N, where N equals the highest numbered Ethernet interface
for your Zyxel Device model.
Chapter 18 System
_), or dashes (-), but the first character cannot be a number. This value is case-
VLAN interface: vlanx, x = 0 - 511.
The following table describes the commands available for DNS. You must use the
terminal
command to enter the configuration mode before you can use these commands.
Table 53 Command Summary: DNS
COMMAND DESCRIPTION
[no] ip dns server a-record fqdn w.x.y.z
ip dns server cache-flush
[no] ip dns server mx-record domain_name
{w.x.y.z|fqdn}
ip dns server rule {<1..32>|append|insert
Sets an A record that specifies the mapping of a
fully qualified domain name (FQDN) to an IP
address. The
Clears the DNS server cache.
Sets a MX record that specifie s a mail server that
is responsible for handling the mail for a particular
domain. The
Sets a service control rule for DNS requests.
no command deletes an A record.
no command deletes a MX record.
<1..32>} access-group {ALL|profile_name} zone
{ALL|profile_name} action {accept|deny}
ip dns server rule move <1..32> to <1..32>
ip dns server zone-forwarder
{<1..32>|append|insert <1..32>}
{domain_zone_name|*} user-defined w.x.y.z
[private | interface {interface_name | auto}]
ip dns server zone-forwarder move <1..32> to
<1..32>
no ip dns server rule <1..32>
Changes the number of a service control rule.
Sets a domain zone forwarder record that
specifies a DNS server’s IP address.
private | interface: Use private if the Zyxel
Device connects to the DNS server through a
VPN tunnel. Otherwise, use the interface
command to set the interface through which the
Zyxel Device sends DNS queries to a DNS server.
The auto means any interface that the Zyxel
Device uses to send DNS queries to a DNS server
according to the routing rule.
Changes the index number of a zone forwarder
record.
Deletes a service control rule.
configure
NWA/WAC/WAX Series CLI Reference Guide
99
Table 53 Command Summary: DNS (continued)
COMMAND DESCRIPTION
show ip dns server database
show ip dns server status
18.6.2 DNS Command Example
This command sets an A record that specifies the mapping of a fully qualified domain name
(www.abc.com) to an IP address (210.17.2.13).
Router# configure terminal
Router(config)# ip dns server a-record www.abc.com 210.17.2.13
18.7 Power Mode
This section shows you how to configure and view the Zyxel Device‘s power settings. The following table
describes the power mode commands.
the configuration mode before you can use these commands.
Chapter 18 System
Displays all configured records.
Displays whether this service is enabled or not.
You must use the configure terminal command to enter
Table 54 Command Summary: Power Mode
COMMAND DESCRIPTION
[no] override-full-power activate
Forces the Zyxel Device to draw full power from the
power sourcing equipment. This improves
performance in cases when a PoE injector that
does not support PoE negotiation is used.
Use the no command to disable this feature.
Note: Only enable this if you are using a
passive PoE injector that is not IEEE
802.3at/bt compliant but can still
provide full power.
show override-full-power status
show power mode
Displays whether the Zyxel Device is forced to draw
full power from the power sourcing equipment.
Displays the Zyxel Device’s power status.
Full - the Zyxel Device receives power using a
power adaptor and/or through a PoE switch/
injector using IEEE 802.3at PoE plus.
Limited - the Zyxel Device receives power through
a PoE switch/injector using IEEE 802.3af PoE even
when it is also connected to a power source using
a power adaptor.
When the Zyxel Device is in limited power mode,
the Zyxel Device throughput decreases and has
just one transmitting radio chain.
It always shows Full if the Zyxel Device does not
support power detection.
NWA/WAC/WAX Series CLI Reference Guide
100
Loading...