3com WXR100 3CRWXR10095A Manuel d'utilisateur

http://www.3Com.com/Part No. 10015910 Rev ACPublished July 2008Wireless LAN Mobility SystemWireless LAN Switch and ControllerCommand ReferenceWX4400 3

set snmp notify profile 235set snmp notify target 240SNMPv3 with Informs 240SNMPv3 with Traps 241SNMPv2c with Informs 242SNMPv2c with Traps 243SNMPv1

100 CHAPTER 3: SYSTEM SERVICE COMMANDSSee Also clear history on page 91quickstart Runs a script that interactively helps you configure a new switch.(

set auto-config 101When the 3WXM server in the corporate network receives the configuration request, the server looks in the currently open network pl

102 CHAPTER 3: SYSTEM SERVICE COMMANDSExamples — The following commands stage a WX switch to use the auto-config option. The network where the switch

set banner acknowledge 103 message — Up to 32 alphanumeric characters, but not the delimiting character.Defaults — None.Access — Enabled.History —

104 CHAPTER 3: SYSTEM SERVICE COMMANDSset banner motd Configures the banner string that is displayed before the beginning of each login prompt for eac

set confirm 105set confirm Enables or disables the display of confirmation messages for commands that might have a large impact on the network. Syntax

106 CHAPTER 3: SYSTEM SERVICE COMMANDSHistory — Introduced in MSS Version 3.0.Usage — Use this command if the output of a CLI command is greater than

set prompt 10748 ports are enabledsuccess: license was installedThe additional ports refers to the number of additional MAPs the switch can boot and a

108 CHAPTER 3: SYSTEM SERVICE COMMANDS display config on page 723 set system name on page 116set system contact Stores a contact name for the WX swi

set system countrycode 109set system countrycodeDefines the country-specific IEEE 802.11 regulations to enforce on the WX switch. Syntax — set system

clear usergroup 275clear usergroup attr 276display aaa 277display accounting statistics 280display location policy 282display mobility-profile 283set

110 CHAPTER 3: SYSTEM SERVICE COMMANDSEgypt EG Estonia EE Finland FI France FR Germany DE Greece GR Guatemala GT Honduras HN Hong Kong HK Hungary HU I

set system countrycode 111Mexico MX Morocco MA Namibia NA Netherlands NL New Zealand NZ Nigeria NG Norway NO Oman OM Pakistan PK Panama PA Paraguay PY

112 CHAPTER 3: SYSTEM SERVICE COMMANDSDefaults — The factory default country code is None.Access — Enabled.History — Introduced in MSS Version 3.0.Usa

set system idle-timeout 113set system idle-timeoutSpecifies the maximum number of seconds a CLI management session with the switch can remain idle bef

114 CHAPTER 3: SYSTEM SERVICE COMMANDSset system ip-addressSets the system IP address so that it can be used by various services in the WX switch. CAU

set system location 115set system location Stores location information for the WX switch.Syntax — set system location string string — Alphanumeric st

116 CHAPTER 3: SYSTEM SERVICE COMMANDSset system name Changes the name of the WX switch from the default system name and also provides content for the

4PORT COMMANDSUse port commands to configure and manage individual ports and load-sharing port groups. Commands by UsageThis chapter presents port com

118 CHAPTER 4: PORT COMMANDSclear ap Removes a Distributed MAP. CAUTION: When you clear a Distributed MAP, MSS ends user sessions that are using the M

clear port counters 119clear port counters Clears port statistics counters and resets them to 0. Syntax — clear port countersDefaults — None.Access —

display mobility-domain config 330display mobility-domain status 331set mobility-domain member 332set mobility-domain mode member secondary seed-ip 33

120 CHAPTER 4: PORT COMMANDSclear port media-typeDisables the copper interface and reenables the fiber interface on an WX4400 gigabit Ethernet port.Sy

clear port mirror 121Examples — The following command clears the names of ports 1 through 3:WX4400# clear port 1-3 nameSee Also display port status o

122 CHAPTER 4: PORT COMMANDSHistory — Introduced in MSS Version 3.0.Usage — This command applies only to the WX4400. This command does not affect a li

display port counters 123Examples — The following command clears port 5:WX1200# clear port type 5This may disrupt currently authenticated users. Are y

124 CHAPTER 4: PORT COMMANDS receive-etherstats — Shows Ethernet statistics for received packets. transmit-etherstats — Shows Ethernet statistics fo

display port mirror 125Examples — The following command displays the configuration of port group server2:WX1200# display port-group name server2Port g

126 CHAPTER 4: PORT COMMANDSSee Also display port mirror on page 125 set port mirror on page 140display port poe Displays status information for por

display port status 127See Also set port poe on page 142display port status Displays configuration and status information for ports.Syntax — display

128 CHAPTER 4: PORT COMMANDSExamples — The following command displays information for all ports on a WX1200 switch:WX1200# display port statusPort Na

display port media-type 129See Also clear port type on page 122 set port on page 137 set port name on page 141 set port negotiation on page 141 s

display ap vlan 385display auto-tune attributes 386display auto-tune neighbors 388display ap boot-configuration 390display ap connection 391display ap

130 CHAPTER 4: PORT COMMANDSExamples — The following command displays the enabled interface types on all four ports of a WX4400 switch:WX4400# display

monitor port counters 131 transmit-etherstats — Displays Ethernet statistics for transmitted packets first.Defaults — All types of statistics are dis

132 CHAPTER 4: PORT COMMANDSFor error reporting, the cyclic redundancy check (CRC) errors include misalignment errors. Jumbo packets with valid CRCs a

monitor port counters 133packets Rx Unicast Number of unicast packets received. This number does not include packets that contain errors.Rx NonUnicast

134 CHAPTER 4: PORT COMMANDSSee Also display port counters on page 123collisions Single Coll Total number of frames transmitted that experienced one

reset port 135reset port Resets a port by toggling its link state and Power over Ethernet (PoE) state. Syntax — reset port port-list port-list — List

136 CHAPTER 4: PORT COMMANDS ap-number — Number for the Distributed MAP. The range of valid connection numbers depends on the WX switch model: For a

set port 137 clear port type on page 122 set port type ap on page 145 set system countrycode on page 109set port Administratively disables or reena

138 CHAPTER 4: PORT COMMANDSset port-group Configures a load-sharing port group. All ports in the group function as a single logical link.Syntax — set

set port media-type 139See Also clear port-group on page 119 display port-group on page 124set port media-type Disables the fiber interface and enab

set ap radio channel 435set ap radio link-calibration 436set ap radio load balancing 437set ap radio load balancing group 438set ap radio mode 439set

140 CHAPTER 4: PORT COMMANDSset port mirror Configures port mirroring. Port mirroring is a troubleshooting feature that copies (mirrors) traffic sent

set port name 141set port name Assigns a name to a port. After naming a port, you can use the port name or number in other CLI commands.Syntax — set p

142 CHAPTER 4: PORT COMMANDSAccess — Enabled.History — Introduced in MSS Version 3.0.Usage — WX1200 10/100 Ethernet ports support half-duplex and full

set port speed 143History — Introduced in MSS Version 3.0.Usage — This command does not apply to any gigabit Ethernet ports or to ports 7 and 8 on the

144 CHAPTER 4: PORT COMMANDSUsage — 3Com recommends that you do not configure the mode of a WX port so that one side of the link is set to autonegotia

set port type ap 145See Also set ip snmp server on page 228 set snmp community on page 233set port type ap Configures an WX switch port for a MAP ac

146 CHAPTER 4: PORT COMMANDSMAP access point models AP2750, MAP-241, and MAP-341 have a single radio that can be configured for 802.11a or 802.11b/g.

set port type ap 147This command does not apply to any gigabit Ethernet ports or to ports 7 and 8 on the WX1200 switch or port 3 on the WX2200 switch.

148 CHAPTER 4: PORT COMMANDSSee Also clear ap on page 118 clear port type on page 122 set ap radio antennatype on page 431 set ap on page 135 set

set port type wired-auth 149Usage — You cannot set a port’s type if the port is a member of a port VLAN. To remove a port from a VLAN, use the clear v

set radio-profile wmm 478set radio-profile wmm-powersave 478set service-profile attr 479set service-profile auth-dot1x 481set service-profile auth-fal

150 CHAPTER 4: PORT COMMANDSExamples — The following command sets port 2 for a wired authentication user:WX1200# set port type wired-auth 2success: ch

5VLAN COMMANDSUse virtual LAN (VLAN) commands to configure and manage parameters for individual port VLANs on network ports, and to display informatio

152 CHAPTER 5: VLAN COMMANDSclear fdb Deletes an entry from the forwarding database (FDB). Syntax — clear fdb {perm | static | dynamic | port port-lis

clear security L2-restrict 153History —Introduced in MSS Version 3.0.Usage — You can delete forwarding database entries based on entry type, port, or

154 CHAPTER 5: VLAN COMMANDSAccess — Enabled.History —Introduced in MSS Version 4.1.Usage — If you clear all MAC addresses, Layer 2 forwarding is no l

clear vlan 155Examples — The following command clears Layer 2 forwarding restriction statistics for VLAN abc_air:WX4400# clear security L2-restrict co

156 CHAPTER 5: VLAN COMMANDSExamples — The following command removes port 1 from VLAN green:WX4400# clear vlan green port 1This may disrupt user conne

display fdb 157If a VLAN profile is changed so that traffic that had been tunneled to an VX switch is now locally switched by MAPs, or vice-versa, the

158 CHAPTER 5: VLAN COMMANDS dynamic — Displays dynamic entries. A dynamic entry is automatically removed through aging or after a reboot, reset, or

display fdb agingtime 159Table 21 describes the fields in the display fdb output.See Also clear fdb on page 152 set fdb on page 169display fdb aging

set service-profile tkip-mc-time 514set service-profile static-cos 515set service-profile transmit-rates 516set service-profile use-client-dscp 518set

160 CHAPTER 5: VLAN COMMANDSVLAN 2 aging time = 600 secVLAN 1 aging time = 300 secBecause the forwarding database aging timeout period can be configur

display roaming station 161display roaming stationShows a list of the stations roaming to the wireless LAN switch through a VLAN tunnel.Syntax — displ

162 CHAPTER 5: VLAN COMMANDSSee Also display roaming vlan on page 163State State of the session: Setup — Station is attempting to roam to this WX sw

display roaming vlan 163display roaming vlanShows all VLANs in the mobility domain, the WX switches servicing the VLANs, and their tunnel affinity val

164 CHAPTER 5: VLAN COMMANDSdisplay security L2-restrictDisplays configuration information and statistics for Layer 2 forwarding restriction.Syntax —

display tunnel 165See Also clear security L2-restrict on page 153 clear security L2-restrict counters on page 154 set security L2-restrict on page

166 CHAPTER 5: VLAN COMMANDSSee Also display vlan config on page 166display vlan config Shows VLAN information. Syntax — display vlan config [vlan-id

display vlan config 167Table 26 describes the fields in this display.See Also clear security L2-restrict on page 153 set security L2-restrict on pag

168 CHAPTER 5: VLAN COMMANDSdisplay vlan-profile Displays the contents of the VLAN profiles configured on the WX switch. A VLAN profile lists the VLAN

set fdb 169set fdb Adds a permanent or static entry to the forwarding database.Syntax — set fdb {perm | static}mac-addr port port-list vlan vlan-id [t

set spantree portpri 555set spantree portvlancost 556set spantree portvlanpri 557set spantree priority 558set spantree uplinkfast 55813 IGMP SNOOPING

170 CHAPTER 5: VLAN COMMANDSSee Also clear fdb on page 152 display fdb on page 157set fdb agingtime Changes the aging timeout period for dynamic ent

set security L2-restrict 171set security L2-restrictRestricts Layer 2 forwarding between clients in the same VLAN. When you restrict Layer 2 forwardin

172 CHAPTER 5: VLAN COMMANDSset vlan name Creates a VLAN and assigns a number and name to it. Syntax — set vlan vlan-num name name vlan-num — VLAN nu

set vlan port 173set vlan port Assigns one or more network ports to a VLAN. You also can add a virtual port to each network port by adding a tag value

174 CHAPTER 5: VLAN COMMANDSset vlan tunnel-affinityChanges a wireless LAN switch’s preferability within a mobility domain for tunneling user traffic

set vlan profile 175set vlan profile Configures entries in a VLAN profile that can be applied to an MAP for local switching.Syntax — set vlan-profile

176 CHAPTER 5: VLAN COMMANDS

6QUALITY OF SERVICE COMMANDSUse Quality of Service (QoS) commands to configure packet prioritization in MSS. Packet prioritization ensures that WX swi

178 CHAPTER 6: QUALITY OF SERVICE COMMANDS Classify inbound packets by mapping their DSCP values to one of eight internal QoS values Classify outbou

set qos cos-to-dscp-map 179set qos cos-to-dscp-mapChanges the value to which MSS maps an internal QoS value when marking outbound packets. Syntax — se

display security acl resource-usage 595rollback security acl 599set security acl 600set security acl map 605set security acl hit-sample-rate 60715 CRY

180 CHAPTER 6: QUALITY OF SERVICE COMMANDSset qos dscp-to-cos-mapChanges the internal QoS value to which MSS maps a packet’s DSCP value when classifyi

display qos 181display qos Displays the switch’s QoS settings.Syntax — display qos [default] default — Displays the default mappings.Defaults — None.

182 CHAPTER 6: QUALITY OF SERVICE COMMANDSdisplay qos dscp-tableDisplays a table that maps Differentiated Services Code Point (DSCP) values to their e

7IP SERVICES COMMANDSUse IP services commands to configure and manage IP interfaces, management services, the Domain Name Service (DNS), Network Time

184 CHAPTER 7: IP SERVICES COMMANDSHTTPS Management set ip https server on page 225display ip https on page 203DNS set ip dns on page 223set ip dns do

clear interface 185clear interface Removes an IP interface.Syntax — clear interface vlan-id ip vlan-id — VLAN name or numberDefaults — None.Access —

186 CHAPTER 7: IP SERVICES COMMANDS Topology reporting for dual-homed MAP access points Default source IP address used in unsolicited communications

clear ip dns domain 187clear ip dns domain Removes the default DNS domain name.Syntax — clear ip dns domainDefaults — None.Access — Enabled. History —

188 CHAPTER 7: IP SERVICES COMMANDSSee Also clear ip dns domain on page 187 display ip dns on page 202 set ip dns on page 223 set ip dns domain on

clear ip telnet 189clear ip telnet Resets the Telnet server TCP port number to its default value. A WX listens for Telnet management traffic on the Te

17 802.1X MANAGEMENT COMMANDSCommands by Usage 641clear dot1x bonded-period 642clear dot1x max-req 643clear dot1x port-control 643clear dot1x quiet-pe

190 CHAPTER 7: IP SERVICES COMMANDSExamples — The following command removes NTP server 192.168.40.240 from a WX switch configuration:WX4400# clear ntp

clear snmp community 191clear snmp communityClears an SNMP community string.Syntax — clear snmp community name comm-string comm-string — Name of the

192 CHAPTER 7: IP SERVICES COMMANDSSee Also set snmp notify profile on page 235 display snmp notify profile on page 210clear snmp notify targetClear

clear summertime 193Examples — The following command clears SNMPv3 user snmpmgr1:WX1200# clear snmp usm snmpmgr1success: change accepted.See Also set

194 CHAPTER 7: IP SERVICES COMMANDSclear system ip-addressClears the system IP address.CAUTION: Clearing the system IP address disrupts the system tas

display arp 195Examples — To return the WX real-time clock to UTC, type the following command:WX4400# clear timezonesuccess: change accepted.See Also

196 CHAPTER 7: IP SERVICES COMMANDSTable 30 describes the fields in this display.See Also set arp on page 216 set arp agingtime on page 217display d

display dhcp-client 197Examples — The following command displays DHCP client information:WX1200# display dhcp-clientInterface: corpvlan(4)

198 CHAPTER 7: IP SERVICES COMMANDSdisplay dhcp-server Displays MSS DHCP server information.Syntax — display dhcp-server [interface vlan-id] [verbose]

display dhcp-server 199 Default Gateway: 10.10.20.1 DNS Servers: 10.10.20.4 10.10.20.5 DNS Domain Name: mycorp.comTable 32 and Table 33 d

3Com Corporation350 Campus DriveMarlborough, MA USA 01752-3064Copyright © 2007, 3Com Corporation. All rights reserved. No part of this documentation m

19 RF DETECTION COMMANDSCommands by Usage 677clear rfdetect attack-list 678clear rfdetect black-list 679clear rfdetect ignore 679clear rfdetect ssid-l

200 CHAPTER 7: IP SERVICES COMMANDSSee Also set interface dhcp-server on page 220display interface Displays the IP interfaces configured on the WX.Sy

display ip alias 201See Also clear interface on page 185 set interface on page 218 set interface dhcp-client on page 219display ip alias Displays t

202 CHAPTER 7: IP SERVICES COMMANDSTable 35 describes the fields in this display.See Also clear ip alias on page 186 set ip alias on page 222display

display ip https 203See Also clear ip dns domain on page 187 clear ip dns server on page 187 set ip dns on page 223 set ip dns domain on page 223

204 CHAPTER 7: IP SERVICES COMMANDSSee Also clear ip telnet on page 189 display ip telnet on page 206 set ip https server on page 225 set ip telne

display ip route 205Usage — When you add an IP interface to a VLAN that is up, MSS adds direct and local routes for the interface to the route table.

206 CHAPTER 7: IP SERVICES COMMANDSSee Also clear ip route on page 188 display interface on page 200 display vlan config on page 166 set interface

display ntp 207Examples — The following command shows the status and port number for the Telnet management interface to the WX switch:WX4400> displ

208 CHAPTER 7: IP SERVICES COMMANDSExamples — To display NTP information for a WX switch, type the following command:WX4400> display ntpNTP client:

display snmp community 209See Also clear ntp server on page 189 clear summertime on page 193 clear timezone on page 194 display timezone on page 2

copy 715delete 717dir 718install soda agent 721display boot 722display config 723display version 725load config 727md5 729mkdir 729reset system 731res

210 CHAPTER 7: IP SERVICES COMMANDSSee Also clear snmp community on page 191 set snmp community on page 233display snmp countersDisplays SNMP statis

display snmp status 211See Also clear snmp notify target on page 192 set snmp notify target on page 240display snmp status Displays SNMP version and

212 CHAPTER 7: IP SERVICES COMMANDSdisplay snmp usm Displays information about SNMPv3 users.Defaults — None. Access — Enabled.History —Introduced in M

display timedate 213 set timedate on page 252 set timezone on page 253display timedate Shows the date and time of day currently set on a WX real-tim

214 CHAPTER 7: IP SERVICES COMMANDSExamples — To display the offset from UTC, type the following command:WX4400# display timezoneTimezone set to &apos

ping 215Because the WX switch adds header information, the ICMP packet size is 8 bytes larger than the size you specify. source-ip ip-addr — IP addre

216 CHAPTER 7: IP SERVICES COMMANDSset arp Adds an ARP entry to the ARP table.Syntax — set arp {permanent | static | dynamic }ip-addr mac-addr perman

set arp agingtime 217set arp agingtime Changes the aging timeout for dynamic ARP entries.Syntax — set arp agingtime seconds seconds — Number of secon

218 CHAPTER 7: IP SERVICES COMMANDSset interface Configures an IP interface on a VLAN.Syntax — set interface vlan-id ip {ip-addr mask | ip-addr/mask

set interface dhcp-client 219See Also clear interface on page 185 display interface on page 200 set interface dhcp-client on page 219set interface

display snoop 754display snoop info 754display snoop map 755display snoop stats 75623 SYSTEM LOG COMMANDSCommands by Usage 759clear log 759display log

220 CHAPTER 7: IP SERVICES COMMANDSSee Also clear interface on page 185 display dhcp-client on page 196 display interface on page 200set interface

set interface status 221Access — Enabled.History —Introduced in MSS Version 4.0.Usage — By default, all addresses except the host address of the VLAN,

222 CHAPTER 7: IP SERVICES COMMANDSExamples — The following command disables the IP interface on VLAN mauve:WX4400# set interface mauve status downsuc

set ip dns 223set ip dns Enables or disables DNS on a wireless LAN switch.Syntax — set ip dns {enable | disable} enable — Enables DNS. disable — Dis

224 CHAPTER 7: IP SERVICES COMMANDSAliases take precedence over DNS. When you enter a hostname, MSS checks for an alias with that name first, before u

set ip https server 225success: change accepted.WX1200# set ip dns server 10.10.30.69/24 secondarysuccess: change accepted.See Also clear ip dns doma

226 CHAPTER 7: IP SERVICES COMMANDSset ip route Adds a static route to the IP route table.Syntax — set ip route {default | ip-addr mask | ip-addr/mask

set ip route 227When you add multiple routes to the same destination, MSS groups the routes and orders them from lowest cost at the top of the group t

228 CHAPTER 7: IP SERVICES COMMANDSset ip snmp server Enables or disables the SNMP service on the WX.Syntax — set ip snmp server {enable | disable}ena

set ip ssh server 229See Also set ip ssh server on page 229set ip ssh server Disables or reenables the SSH server on a WX.CAUTION: If you disable the

Purchase Extended Warranty and Professional Services 788Access Software Downloads 788Contact Us 788Telephone Technical Support and Repair 789INDEX

230 CHAPTER 7: IP SERVICES COMMANDSDefaults — The default Telnet port number is 23.Access — Enabled.History —Introduced in MSS Version 3.0.Examples —

set ntp 231See Also clear ip telnet on page 189 display ip https on page 203 display ip telnet on page 206 set ip https server on page 225 set ip

232 CHAPTER 7: IP SERVICES COMMANDSset ntp server Configures a WX to use an NTP server.Syntax — set ntp server ip-addr ip-addr — IP address of the NT

set ntp update-interval 233set ntp update-intervalChanges how often a WX sends queries to the NTP servers for updates.Syntax — set ntp update-interval

234 CHAPTER 7: IP SERVICES COMMANDS read-notify — Allows an SNMP management application using the string to get object values on the switch but not t

set snmp notify profile 235See Also clear snmp community on page 191 set ip snmp server on page 228 set snmp notify target on page 240 set snmp no

236 CHAPTER 7: IP SERVICES COMMANDS APTimeoutTraps—Generated when a MAP access point fails to respond to the WX switch. AuthenTraps—Generated when t

set snmp notify profile 237 DAPConnectWarningTraps—Generated when a Distributed MAP whose fingerprint has not been configured in MSS establishes a ma

238 CHAPTER 7: IP SERVICES COMMANDS RFDetectDoSPortTraps—Generated when MSS detects an associate request flood, reassociate request flood, or disasso

set snmp notify profile 239WX1200# set snmp notify profile snmpprof_rfdetect send RFDetectAdhocUserTrapssuccess: change accepted.WX1200# set snmp noti

240 CHAPTER 7: IP SERVICES COMMANDSSee Also clear snmp notify profile on page 191 set ip snmp server on page 228 set snmp community on page 233 se

set snmp notify target 241 username — USM username. This option is applicable only when the SNMP version is usm. If the user will send informs rather

242 CHAPTER 7: IP SERVICES COMMANDS username — USM username. This option is applicable only when the SNMP version is usm. profile profile-name — Not

set snmp notify target 243SNMPv2c with Traps To configure a notification target for traps from SNMPv2c, use the following command:Syntax — set snmp no

244 CHAPTER 7: IP SERVICES COMMANDSUsage — The inform or trap option specifies whether the MSS SNMP engine expects the target to acknowledge notificat

set snmp protocol 245set snmp protocol Enables an SNMP protocol. MSS supports SNMPv1, SNMPv2c, and SNMPv3. Syntax — set snmp protocol {v1 | v2c | usm

246 CHAPTER 7: IP SERVICES COMMANDSset snmp security Sets the minimum level of security MSS requires for SNMP message exchanges.Syntax — set snmp secu

set snmp usm 247 set snmp usm on page 247 display snmp status on page 211set snmp usm Creates a USM user for SNMPv3.This command does not apply to S

248 CHAPTER 7: IP SERVICES COMMANDS notify-only—The switch can use the string to send notifications. read-write—An SNMP management application using

set snmp usm 249Defaults — No SNMPv3 users are configured by default. When you configure an SNMPv3 user, the default access is read-only, and the defa

Conventions 25ABOUT THIS GUIDEThis command reference explains Mobility System Software (MSS™) command line interface (CLI) that you enter on a 3Com WX

250 CHAPTER 7: IP SERVICES COMMANDSset summertime Offsets the real-time clock of a WX by +1 hour and returns it to standard time for daylight savings

set system ip-address 251Examples — To enable summertime and set the summertime time zone to PDT (Pacific Daylight Time), type the following command:W

252 CHAPTER 7: IP SERVICES COMMANDSExamples — The following commands configure an IP interface on VLAN taupe and configure the interface to be the sys

set timezone 253Examples — The following command sets the date to March 13, 2003 and time to 11:11:12:WX4400# set timedate date feb 29 2004 time 23:58

254 CHAPTER 7: IP SERVICES COMMANDSExamples — To set the time zone for Pacific Standard Time (PST), type the following command:WX1200# set timezone PS

traceroute 255Examples — In the following example, an administrator establishes a Telnet session with another device and enters a command on the remot

256 CHAPTER 7: IP SERVICES COMMANDS dnf — Sets the Do Not Fragment bit in the ping packet to prevent the packet from being fragmented. no-dns — Prev

traceroute 257The first row of the display indicates the target host, the maximum number of hops, and the packet size. Each numbered row displays info

258 CHAPTER 7: IP SERVICES COMMANDS

8AAA COMMANDSUse authentication, authorization, and accounting (AAA) commands to provide a secure network connection and a record of user activity. Lo

26 ABOUT THIS GUIDEThis manual uses the following text and syntax conventions: Documentation The MSS documentation set includes the following document

260 CHAPTER 8: AAA COMMANDSLocal Authorization for Password Usersset user on page 319clear user on page 272set user attr on page 321clear user attr on

clear accounting 261clear accounting Removes accounting services for specified wireless users with administrative access or network access.Syntax — cl

262 CHAPTER 8: AAA COMMANDSExamples — The following command removes accounting services for authorized network user Nin:WX4400# clear accounting dot1x

clear authentication console 263 clear authentication mac on page 265 clear authentication mac on page 265 clear authentication proxy on page 266

264 CHAPTER 8: AAA COMMANDS clear authentication mac on page 265 clear authentication proxy on page 266 set authentication console on page 289clear

clear authentication mac 265 clear authentication proxy on page 266 display aaa on page 277 set authentication dot1x on page 291clear authenticatio

266 CHAPTER 8: AAA COMMANDSclear authentication proxyRemoves a proxy rule for third-party AP users.Syntax — clear authentication proxy ssid ssid-name

clear location policy 267Examples — The following command removes WebAAA for SSID research and userglob temp*@thiscorp.com: WX4400# clear authenticati

268 CHAPTER 8: AAA COMMANDSSee Also display location policy on page 282 set location policy on page 304clear mac-user Removes a user profile from th

clear mac-user attr 269clear mac-user attr Removes an authorization attribute from the user profile in the local database on the WX switch, for a user

Documentation Comments 27 Wireless Switch Manager Reference ManualThis manual shows you how to plan, configure, deploy, and manage a Mobility System

270 CHAPTER 8: AAA COMMANDSAccess — Enabled.History —Introduced in MSS Version 3.0.Usage — Removing a MAC user from a MAC user group removes the group

clear mac-usergroup attr 271See Also clear mac-usergroup attr on page 271 display aaa on page 277 set mac-usergroup attr on page 315clear mac-userg

272 CHAPTER 8: AAA COMMANDSclear mobility-profileRemoves a Mobility Profile entirely. Syntax — clear mobility-profile name name — Name of an existing

clear user attr 273Examples — The following command deletes the user profile for user Nin:WX4400# clear user Ninsuccess: change accepted.See Also dis

274 CHAPTER 8: AAA COMMANDSclear user group Removes a user with a password from membership in a user group in the local database on the WX.(To remove

clear usergroup 275History — Introduced in MSS 6.0.Usage — If a user’s password has expired, or the user is unable to log in within the configured li

276 CHAPTER 8: AAA COMMANDSSee Also clear usergroup attr on page 276 display aaa on page 277 set usergroup on page 323clear usergroup attr Removes

display aaa 277display aaa Displays all current AAA settings.Syntax — display aaaDefaults — None.Access — Enabled.History —Introduced in MSS Version 3

278 CHAPTER 8: AAA COMMANDSuser last-resort-guestssidVlan-Name = k2user last-resort-anyVlan-Name = foomac-user 01:02:03:04:05:06usergroup eastcoasters

display aaa 279See Also set accounting {admin | console} on page 283 set authentication admin on page 287 set authentication console on page 289 s

28 ABOUT THIS GUIDEPlease note that we can only respond to comments and questions about 3Com product documentation at this e-mail address. Questions r

280 CHAPTER 8: AAA COMMANDSdisplay accounting statisticsDisplays the AAA accounting records for wireless users. The records are stored in the local da

display accounting statistics 281AAA_ACCT_SVC_ATTR=2AAA_VLAN_NAME_ATTR=defaultCalling-Station-Id=00-06-25-12-06-38Nas-Port-Id=3/1Called-Station-Id=00-

282 CHAPTER 8: AAA COMMANDSSee Also clear accounting on page 261 display aaa on page 277 set accounting {admin | console} on page 283display locati

display mobility-profile 283display mobility-profileDisplays the named Mobility Profile. If you do not specify a Mobility Profile name, this command s

284 CHAPTER 8: AAA COMMANDS Specify a username, use the double-asterisk wildcard character (**) to specify all usernames, or use the single-asterisk

set accounting {dot1x | mac | web | last-resort} 285See Also clear accounting on page 261 display accounting statistics on page 280set accounting {d

286 CHAPTER 8: AAA COMMANDS start-stop — Sends accounting records at the start and end of a network session. stop-only — Sends accounting records on

set authentication admin 287set authentication adminConfigures authentication and defines where it is performed for specified users with administrativ

288 CHAPTER 8: AAA COMMANDSHistory —Introduced in MSS Version 3.0.The syntax descriptions for the set authentication commands are separated for clarit

set authentication console 289 set authentication mac on page 295 set authentication web on page 302set authentication consoleConfigures authenticat

NEW FEATURES SUMMARYThis summary describes new features and commands available in Version 7.0 of the Wireless LAN Mobility System that affect this gui

290 CHAPTER 8: AAA COMMANDSDefaults — By default, authentication is deactivated for all console users, and the default authentication method in a cons

set authentication dot1x 291 set authentication admin on page 287 set authentication dot1x on page 291 set authentication mac on page 295 set auth

292 CHAPTER 8: AAA COMMANDSProvides mutual authentication, integrity-protected negotiation, and key exchangeRequires X.509 public key certificates on

set authentication dot1x 293Defaults — By default, authentication is unconfigured for all clients with network access through MAP ports or wired authe

294 CHAPTER 8: AAA COMMANDSIf the username does not match an authentication rule for the SSID the user is attempting to access, MSS uses the fallthru

set authentication mac 295set authentication macConfigures authentication and defines where it is performed for specified non-802.1X users with networ

296 CHAPTER 8: AAA COMMANDSIf you specify multiple authentication methods in the set authentication mac command, MSS applies them in the order in whic

set authentication max-attempts 297set authentication max-attemptsSpecifies the maximum number of login attempts users can make before being locked ou

298 CHAPTER 8: AAA COMMANDSset authentication max-attemptsSpecifies the maximum number of login attempts users can make before being locked out of the

set authentication minimum-password-length 299set authentication minimum-password-lengthSpecifies the minimum allowable length for user passwords.Synt

CONTENTSABOUT THIS GUIDEConventions 25Documentation 26Documentation Comments 27NEW FEATURES SUMMARYVirtual Controller Clustering Configuration 30set c

30 NEW FEATURES SUMMARY display ap config Enhancements on page 54 display load Enhancements on page 55 display radio-profile Enhancements on page 5

300 CHAPTER 8: AAA COMMANDSset authentication password-restrictActivates password restrictions for network and administrative users.Syntax — set auth

set authentication proxy 301See Also clear user lockout on page 274 set authentication minimum-password-length on page 299 set authentication max-a

302 CHAPTER 8: AAA COMMANDSSee Also clear authentication proxy on page 266 set radius proxy client on page 633 set radius proxy port on page 634set

set authentication web 303Defaults — By default, authentication is unconfigured for all clients with network access through MAP ports or wired authent

304 CHAPTER 8: AAA COMMANDSExamples — The following command configures a WebAAA rule in the local WX database for SSID ourcorp and userglob rnd*:WX440

set location policy 305 inacl inacl-name — Name of an existing security ACL to apply to packets sent to the WX with attributes matching the location

306 CHAPTER 8: AAA COMMANDSFor user-glob, specify a username, use the double-asterisk wildcard character (**) to specify all usernames, or use the sin

set location policy 307When applying security ACLs:Use inacl inacl-name to filter traffic that enters the WX from users via a MAP access port or wired

308 CHAPTER 8: AAA COMMANDSThe following command places all users who are authorized for SSID tempvendor_a into VLAN kiosk_1:WX1200# set location poli

set mac-user attr 309See Also clear mac-user on page 268 display aaa on page 277set mac-user attr Assigns an authorization attribute in the local da

AP 3950 PoE Configuration 31Syntax — set cluster preempt {enable | disable}Defaults — None.Access — Enabled.History —Introduced in MSS Version 7.0.Usa

310 CHAPTER 8: AAA COMMANDSTable 45 Authentication Attributes for Local UsersAttribute Description Valid Value(s)encryption-type Type of encryption

set mac-user attr 311filter-id Inbound or outbound ACL to apply to the user.If configured in the WX local database, this attribute can be an access co

312 CHAPTER 8: AAA COMMANDSservice-type Type of access requested by the user.One of the following numbers:2—Framed; for network user access6—Administr

set mac-user attr 313time-of-day(network access mode only)Day(s) and time(s) during which the user is permitted to log into the network. After authori

314 CHAPTER 8: AAA COMMANDSDefaults — None.Access — Enabled.History —Introduced in MSS Version 3.0.Usage — To change the value of an attribute, enter

set mac-usergroup attr 315You can assign attributes to individual MAC users and to MAC user groups. If attributes are configured for a MAC user and al

316 CHAPTER 8: AAA COMMANDS attribute-name value — Name and value of an attribute used to authorize all MAC users in the group for a particular servi

set mobility-profile 317set mobility-profile Creates a Mobility Profile and specifies the MAP access point and/or wired authentication ports on the WX

318 CHAPTER 8: AAA COMMANDSCAUTION: When the Mobility Profile feature is enabled, a user is denied access if assigned a Mobility-Profile attribute in

set mobility-profile mode 319set mobility-profile modeEnables or disables the Mobility Profile feature on the WX switch.CAUTION: When the Mobility Pro

32 NEW FEATURES SUMMARYset service-profile 11n A new command to configure maximum MPDU and MSDU packet length, frame aggregation, and the short guard

320 CHAPTER 8: AAA COMMANDS encrypted — Indicates that the password string you entered is already in its encrypted form. If you use this option, MSS

set user attr 321set user attr Configures an authorization attribute in the local database on the WX switch for a user with a password. (To assign aut

322 CHAPTER 8: AAA COMMANDSThe following command limits the days and times when user Student1 can access the network, to 5 p.m. to 2 a.m. every weekda

set user group 323set user group Adds a user to a user group. The user must have a password and a profile that exists in the local database on the WX.

324 CHAPTER 8: AAA COMMANDS attribute-name value — Name and value of an attribute you are using to authorize all users in the group for a particular

set usergroup expire-password-in 325set usergroup expire-password-inSpecifies how long the passwords for the users in user group are valid before they

326 CHAPTER 8: AAA COMMANDSset web-portal Globally enables or disables WebAAA on a WX switch.Syntax — set web-portal {enable | disable} enable — Enab

9MOBILITY DOMAIN COMMANDSUse Mobility Domain commands to configure and manage Mobility Domain groups.A Mobility Domain is a system of WX switches and

328 CHAPTER 9: MOBILITY DOMAIN COMMANDSclear mobility-domainClears all Mobility Domain configuration and information from a WX , regardless of whether

display mobility-domain 329Usage — This command has no effect if the WX member is not configured as part of a Mobility Domain or the current WX is not

External Captive Portal Support 33Syntax — set service-profile profile-name transmit-rates 11ng mandatory {1.0 |2.0 |5.5 |6.0 |9.0 |11.0 |12.0 |18.0 |

330 CHAPTER 9: MOBILITY DOMAIN COMMANDSSee Also clear mobility-domain on page 328 set mobility-domain member on page 332 set mobility-domain mode m

display mobility-domain status 331display mobility-domain statusOn the seed WX, displays the Mobility Domain status and members. Syntax — display mobi

332 CHAPTER 9: MOBILITY DOMAIN COMMANDSset mobility-domain memberOn the seed WX, adds a member to the list of Mobility Domain members. If the current

set mobility-domain mode member secondary seed-ip 333set mobility-domain mode member secondary seed-ipSets the IP address of the secondary seed WX on

334 CHAPTER 9: MOBILITY DOMAIN COMMANDSset mobility-domain mode member seed-ipOn a nonseed WX, sets the IP address of the seed WX. This command is use

set mobility-domain mode secondary-seed domain-name 335set mobility-domain mode secondary-seed domain-nameSets the current WX as a secondary-seed devi

336 CHAPTER 9: MOBILITY DOMAIN COMMANDSExamples — The following command configures this WX as the secondary seed in a Mobility Domain named Pleasanto

set domain security 337See Also clear mobility-domain member on page 328 display mobility-domain status on page 331set domain security Sets mobility

338 CHAPTER 9: MOBILITY DOMAIN COMMANDS

10NETWORK DOMAIN COMMANDSUse Network Domain commands to configure and manage Network Domain groups.A Network Domain is a group of geographically dispe

34 NEW FEATURES SUMMARYSimultaneous Login SupportYou can now limit the number of concurrent sessions that a user can have on the network. You can use

340 CHAPTER 10: NETWORK DOMAIN COMMANDSclear network-domainClears all Network Domain configuration and information from a WX , regardless of whether t

clear network-domain mode 341clear network-domain modeRemoves the Network Domain seed or member configuration from the WX.Syntax — clear network-domai

342 CHAPTER 10: NETWORK DOMAIN COMMANDSclear network-domain peerRemoves the configuration of a Network Domain peer from a WX configured as a Network D

clear network-domain seed-ip 343clear network-domain seed-ipRemoves the specified Network Domain seed from the WX configuration. When you enter this c

344 CHAPTER 10: NETWORK DOMAIN COMMANDSdisplay network-domainDisplays the status of Network Domain seeds and members. Syntax — display network-domainD

display network-domain 345Table 50 describes the fields in the display.See Also clear network-domain on page 340 set network-domain mode member seed

346 CHAPTER 10: NETWORK DOMAIN COMMANDSset network-domain mode member seed-ipSets the IP address of a Network Domain seed. This command is used for co

set network-domain peer 347See Also clear network-domain on page 340 display network-domain on page 344set network-domain peerOn a Network Domain se

348 CHAPTER 10: NETWORK DOMAIN COMMANDSset network-domain mode seed domain-nameCreates a Network Domain by setting the current WX as a seed device and

11MANAGED ACCESS POINT COMMANDSUse MAP access point commands to configure and manage MAP access points. Be sure to do the following before using the c

Dynamic RADIUS Extensions 35Access — Enabled.History —Introduced in MSS Version 6.2.Examples — WX# set radius das-port 65539success:change acceptedcle

350 CHAPTER 11: MANAGED ACCESS POINT COMMANDSset ap radio auto-tune max- retransmissions on page 433set ap radio link-calibration on page 436set ap ra

MAP Access Point Commands by Usage 351set radio-profile max-tx-lifetime on page 463set radio-profile preamble-length on page 467set radio-profile rts-

352 CHAPTER 11: MANAGED ACCESS POINT COMMANDSQoS and VoIP set radio-profile qos-mode on page 468set radio-profile wmm-powersave on page 478set service

MAP Access Point Commands by Usage 353set radio-profile auto-tune channel-lockdown on page 453set radio-profile auto-tune power-config on page 454set

354 CHAPTER 11: MANAGED ACCESS POINT COMMANDSdisplay ap unconfigured on page 395display ap qos-stats on page 374display ap etherstats on page 375MAP L

clear ap local-switching vlan-profile 355clear ap local-switching vlan-profileClears the VLAN profile that had been applied to an MAP to use with loca

356 CHAPTER 11: MANAGED ACCESS POINT COMMANDSclear ap radio Disables a MAP radio and resets it to its factory default settings.Syntax — clear ap ap-nu

clear ap radio 357Access — EnabledHistory —Introduced in MSS Version 3.0. Version 6.0 removed the dap option for distributed MAPs.Usage — When you cle

358 CHAPTER 11: MANAGED ACCESS POINT COMMANDSclear ap boot-configurationRemoves the static IP address configuration for a Distributed MAP.Syntax — cle

clear ap radio load-balancing group 359clear ap radio load-balancing groupRemoves a MAP radio from its load-balancing group.Syntax clear ap ap-number

36 NEW FEATURES SUMMARYset usergroup group-name attr termination-action valuewhere value is 0 or 1. This attribute supports reauthentication of all ac

360 CHAPTER 11: MANAGED ACCESS POINT COMMANDSclear radio-profile Removes a radio profile or resets one of the profile’s parameters to its default valu

clear service-profile 361The following commands disable the radios using radio profile rptest and remove the profile:WX4400# set radio-profile rptest

362 CHAPTER 11: MANAGED ACCESS POINT COMMANDSAccess — Enabled.History — Introduced in MSS Version 3.0. Options added to clear SODA parameters in Versi

display ap arp 363Examples — The following command displays ARP entries for AP 7:WX# display ap arp 7AP 7:Host HW Address VLAN State Type-------------

364 CHAPTER 11: MANAGED ACCESS POINT COMMANDSdisplay ap config Displays global and radio-specific settings for a MAP access point.Syntax — display ap

display ap config 365Table 54 Output for display ap configField DescriptionPort WX port number to which the MAP is connected, if specified for the M

366 CHAPTER 11: MANAGED ACCESS POINT COMMANDSSee Also display ap connection on page 391 display ap global on page 393 display ap unconfigured on pa

display ap counters 367 set ap radio mode on page 439 set ap radio antennatype on page 431  set ap radio channel on page 435 set ap radio radio-pr

368 CHAPTER 11: MANAGED ACCESS POINT COMMANDSExamples — The following command shows statistics counters for Distributed MAP 7:WX1200# display ap count

display ap counters 369Table 55 describes the fields in this display.Table 55 Output for display ap countersField DescriptionAP Distributed MAP numb

MAC Authentication Request Format 37Usage — You can configure different authentication methods for different groups of MAC addresses by “globbing.”Exa

370 CHAPTER 11: MANAGED ACCESS POINT COMMANDSCCMP Pkt Transfer CtTotal number of CCMP packets sent and received by the radio.Radio Recv Phy Err Ct Num

display ap counters 371User Sessions Number of clients currently associated with the radio. Generally, this counter is equal to the number of sessions

372 CHAPTER 11: MANAGED ACCESS POINT COMMANDSNoise Floor Received signal strength at which the MAP can no longer distinguish 802.11 packets from ambie

display ap fdb 373See Also display sessions network on page 668display ap fdb Displays the entries in a specified AP’s forwarding database. Syntax —

374 CHAPTER 11: MANAGED ACCESS POINT COMMANDSSee Also set ap local-switching mode on page 427 set vlan profile on page 175display ap qos-stats Displ

display ap etherstats 375Table 57 describes the fields in this display.display ap etherstatsDisplays Ethernet statistics for an Ethernet port on a MAP

376 CHAPTER 11: MANAGED ACCESS POINT COMMANDSExamples — The following command displays Ethernet statistics for the Ethernet ports on Distributed MAP 1

display ap group 377display ap group Deprecated in MSS Version 6.0. To display information about RF load balancing, see “display load-balancing group”

378 CHAPTER 11: MANAGED ACCESS POINT COMMANDSExamples — The following command mesh link information for AP 7:WX# display ap mesh-links 7AP: 7 IP-addr:

display ap status 379See Also set ap boot-configuration mesh ssid on page 421 set service-profile mesh on page 498display ap status Displays MAP acc

38 NEW FEATURES SUMMARYset mac-user mac-addr attr user-name valueset usergroup group-name attr user-name valueset mac-usergroup group-name attr user-n

380 CHAPTER 11: MANAGED ACCESS POINT COMMANDSExamples — The following command displays the status of a MAP access point:WX4400# display ap status 7Dap

display ap status 381The following command uses the terse option to display brief information for MAPs:WX# display ap status terseTotal number of entr

382 CHAPTER 11: MANAGED ACCESS POINT COMMANDSState State of the MAP: init — The MAP has been recognized by the WX but has not yet begun booting. boo

display ap status 383Radio 1 typeRadio 2 type802.11 type and configuration state of the radio.  The configure succeed state indicates that the MAP ha

384 CHAPTER 11: MANAGED ACCESS POINT COMMANDSRadio 1 typeRadio 2 type(cont.) The following information appears for external antennas:External antenna

display ap vlan 385display ap vlan Displays information about the VLANs that are either locally switched by the specified MAP or tunneled from the MAP

386 CHAPTER 11: MANAGED ACCESS POINT COMMANDSTable 62 describes the fields in the display ap vlan output.See Also set ap local-switching mode on page

display auto-tune attributes 387Examples — The following command displays RF attribute information for radio 1 on the directly connected MAP access po

388 CHAPTER 11: MANAGED ACCESS POINT COMMANDSdisplay auto-tune neighborsDisplays the other 3Com radios and third-party 802.11 radios that a 3Com radio

display auto-tune neighbors 389Examples — The following command displays neighbor information for radio 1 on the directly connected MAP access point o

RADIUS Ping Utility 39RADIUS Ping Utility A command provides a diagnostic tool to enhance troubleshooting capabilities for RADIUS servers on the netwo

390 CHAPTER 11: MANAGED ACCESS POINT COMMANDSdisplay ap boot-configurationDisplays information about the static IP address configuration (if any) on a

display ap connection 391display ap connectionDisplays the system IP address of the WX switch that booted a Distributed MAP. Syntax — display ap conne

392 CHAPTER 11: MANAGED ACCESS POINT COMMANDSHistory —Introduced in MSS Version 3.0. Version 6.0 removed the dap option.Usage — The serial-id paramete

display ap global 393See Also display ap config on page 364 display ap global on page 393 display ap unconfigured on page 395display ap global Disp

394 CHAPTER 11: MANAGED ACCESS POINT COMMANDSExamples — The following command displays configuration information for all the Distributed MAPs configur

display ap unconfigured 395display ap unconfiguredDisplays Distributed MAPs that are physically connected to the network but that are not configured o

396 CHAPTER 11: MANAGED ACCESS POINT COMMANDSSee Also display ap connection on page 391 display ap global on page 393display load-balancing groupDis

display load-balancing group 397Examples — The following command displays information about the MAP radios that are in the same group as radio 1 on MA

398 CHAPTER 11: MANAGED ACCESS POINT COMMANDSdisplay radio-profileDisplays radio profile information.Syntax — display radio-profile {name | ?} name —

display radio-profile 399Table 70 describes the fields in this display.Table 70 Output for display radio-profileField DescriptionBeacon Interval Rat

Bandwidth Management 40set qos profile 40set radio-profile weighted-fair-queuing 41set service-profile max-bw 42clear qos-profile 42RF Scanning Enhanc

40 NEW FEATURES SUMMARYTo send an accounting request to the RADIUS server, use the following command:WX# radping alpha request acct-startTo stop the a

400 CHAPTER 11: MANAGED ACCESS POINT COMMANDSSee Also set radio-profile active-scan on page 448 set radio-profile auto-tune channel-config on page 4

display service-profile 401 set radio-profile max-tx-lifetime on page 463 set radio-profile mode on page 464 set radio-profile preamble-length on p

402 CHAPTER 11: MANAGED ACCESS POINT COMMANDS CAC mode CAC sessions User idle timeout Idle client probing Web Portal Session Timeout Transmit ra

display service-profile 403Examples — The following command displays information for service profile spl:WX1200# display service-profile sp1ssid-name:

404 CHAPTER 11: MANAGED ACCESS POINT COMMANDSTable 71 Output for display service-profileField Descriptionssid-name Service set identifier (SSID) man

display service-profile 405Sygate On-Demand (SODA)Whether SODA functionality is enabled for the service profile. When SODA functionality is enabled, c

406 CHAPTER 11: MANAGED ACCESS POINT COMMANDSCAC mode Call Admission Control mode: none—CAC is disabled. session—CAC is based on the number of activ

display service-profile 407WEP Key 3 value State of static WEP key number 3: none — The key is not configured. preset — The key is configured.WEP Ke

408 CHAPTER 11: MANAGED ACCESS POINT COMMANDSSee Also set service-profile auth-dot1x on page 481 set service-profile auth-fallthru on page 482 set

display service-profile 409 set service-profile no-broadcast on page 499 set service-profile proxy-arp on page 500 set service-profile psk-phrase o

Bandwidth Management 41[cos static-cos-value][max-bandwidth max-bw-kb][use-client-dscp enable | disable] profile-name — Name of the QoS profile. acc

410 CHAPTER 11: MANAGED ACCESS POINT COMMANDSreset ap Restarts a MAP access point. Syntax — reset ap ap-number ap ap-number — Index value that identi

set ap auto 411The profile uses the default radio profile by default. You can change the profile using the set ap auto radio radio-profile command. Yo

412 CHAPTER 11: MANAGED ACCESS POINT COMMANDS set ap blink on page 416 set ap group on page 427 set ap radio auto-tune max-power on page 432 set a

set ap auto radiotype 413set ap auto radiotypeSets the radio type for single-MAP radios that use the MAP configuration profile. Syntax — set ap auto [

414 CHAPTER 11: MANAGED ACCESS POINT COMMANDSset ap auto mode Enables a WX profile for automatic Distributed MAP configuration.Syntax — set ap auto mo

set ap bias 415set ap bias Changes the bias for a MAP. Bias is the priority of one WX over other WX switches for booting and configuring the MAP. Synt

416 CHAPTER 11: MANAGED ACCESS POINT COMMANDSExamples — The following command changes the bias for a Distributed MAP to low:WX4400# set dap 1 bias low

set ap boot- configuration ip 417set ap boot- configuration ipSpecifies static IP address information for a Distributed MAP.Syntax — set ap ap-number

418 CHAPTER 11: MANAGED ACCESS POINT COMMANDSSee Also clear ap boot-configuration on page 358 display ap boot-configuration on page 390 set ap boot

set ap boot-configuration mesh psk-phrase 419set ap boot-configuration mesh psk-phraseSpecifies a preshared key (PSK) phrase that a Mesh AP uses for a

42 NEW FEATURES SUMMARYExamples — To configure weighted queuing for a radio and service profile, use the following command:WX# set radio-profile wirel

420 CHAPTER 11: MANAGED ACCESS POINT COMMANDSset ap boot-configuration mesh psk-rawConfigures a raw hexadecimal preshared key (PSK) to use for authent

set ap boot-configuration mesh ssid 421set ap boot-configuration mesh ssidSpecifies the name of the SSID a Mesh AP attempts to associate with when it

422 CHAPTER 11: MANAGED ACCESS POINT COMMANDSset ap boot- configuration switchSpecifies the WX a Distributed MAP contacts and attempts to use as its b

set ap boot-configuration vlan 423WX1200# set ap 1 boot- configuration switch switch-ip 172.16.0.21 mode enable success: change accepted.The following

424 CHAPTER 11: MANAGED ACCESS POINT COMMANDSUsage — When this command is configured, all Ethernet frames emitted from the Distributed MAP are formatt

set ap fingerprint 425 fingerprint — The 16-digit hexadecimal number of the fingerprint. Use a colon between each digit. Make sure the fingerprint yo

426 CHAPTER 11: MANAGED ACCESS POINT COMMANDSset ap force-image-downloadConfigures a MAP to download a software image from the WX instead of loading t

set ap group 427set ap group Deprecated in MSS Version 6.0. To configure RF load balancing, see “set load-balancing mode” on page 446.set ap location

428 CHAPTER 11: MANAGED ACCESS POINT COMMANDSIf local switching is enabled on an MAP, but no VLAN profile is configured, then a default VLAN profile i

set ap name 429Examples — The following command specifies that MAP 7 use VLAN profile locals:WX# set ap 7 local-switching vlan-profile localssuccess:

RF Scanning Enhancements 43success: change acceptedRF Scanning EnhancementsA new attribute, sentry, is now available to independently configure and co

430 CHAPTER 11: MANAGED ACCESS POINT COMMANDSset ap radio antenna-locationSpecifies the location (indoors or outdoors) of an external antenna. Use thi

set ap radio antennatype 431set ap radio antennatypeSets the model number for an external antenna. Syntax — set ap ap-number radio {1|2} antennatype {

432 CHAPTER 11: MANAGED ACCESS POINT COMMANDSDefaults — All radios use the internal antenna by default, if the MAP model has an internal antenna. The

set ap radio auto-tune max- retransmissions 433Defaults — The default maximum power setting that RF Auto-Tuning can set on a radio is the highest sett

434 CHAPTER 11: MANAGED ACCESS POINT COMMANDSDefaults — The default is 10 percent. Access — Enabled.History —Introduced in MSS Version 3.0. Option aut

set ap radio channel 435A radio also can increase power, in 1 dBm increments, if a client falls below the minimum allowed data rate. After a radio inc

436 CHAPTER 11: MANAGED ACCESS POINT COMMANDSUsage — You can configure the transmit power of a radio on the same command line. Use the tx-power option

set ap radio load balancing 437Usage — A Mesh Portal MAP can be configured to emit link calibration packets to assist with positioning the Mesh AP. A

438 CHAPTER 11: MANAGED ACCESS POINT COMMANDSUsage — By default, RF load balancing is enabled on all MAP radios. Use this command to disable or re-en

set ap radio mode 439Access — Enabled.History — Introduced in MSS Version 6.0.Usage — Assigning radios to specific load balancing groups is optional.

44 NEW FEATURES SUMMARYset radio-profilerf-scanningchannel-scopeConfigures the channel scope for RF scanning.Syntax — set radio-profile profile-name r

440 CHAPTER 11: MANAGED ACCESS POINT COMMANDSHistory —Introduced in MSS Version 3.0. Option auto added for configuration of the MAP configuration prof

set ap radio tx-power 441Defaults — None.Access — Enabled.History —Introduced in MSS Version 3.0. Option auto added for configuration of the MAP confi

442 CHAPTER 11: MANAGED ACCESS POINT COMMANDScountry maximum: on an 802.11a radio, 11 dBm for channel numbers less than or equal to 64, or 10 dBm for

set ap security 443set ap security Sets security requirements for management sessions between a WX and its Distributed MAPs. This feature applies to D

444 CHAPTER 11: MANAGED ACCESS POINT COMMANDSExamples — The following command configures a WX to require Distributed MAPs to have encryption keys:WX44

set band-preference 445set band-preference Configures MSS to steer clients that support both the 802.11a and 802.11b/g radio bands to a specific radio

446 CHAPTER 11: MANAGED ACCESS POINT COMMANDSset load-balancing modeDisables or reenables RF load balancing globally on the WXMAP.Syntax — set load-ba

set load-balancing strictness 447set load-balancing strictnessControls the degree to which MSS balances the client load among MAPs when performing RF

448 CHAPTER 11: MANAGED ACCESS POINT COMMANDSAt the other end of the spectrum, when max strictness is specified, if an MAP radio has reached its maxim

set radio-profile auto-tune 11a-channel-range 449 disable — Configures radios to scan only passively for rogues by listening for beacons and probe re

RF Detection Configuration 45Replaced Commands The following table lists pre-MSS 7.0 commands that are now obsolete and their MSS 7.0 replacements:Par

450 CHAPTER 11: MANAGED ACCESS POINT COMMANDSExamples — The following command enables the 802.11a radio to select any available channel in the 802.11a

set radio-profile auto-tune channel-holddown 451Examples — The following command disables dynamic channel tuning for radios in the rp2 radio profile:W

452 CHAPTER 11: MANAGED ACCESS POINT COMMANDSExamples — The following command changes the channel holddown for radios in radio profile rp2 to 600 seco

set radio-profile auto-tune channel-lockdown 453Examples — The following command sets the channel interval for radios in radio profile rp2 to 2700 sec

454 CHAPTER 11: MANAGED ACCESS POINT COMMANDSExamples — The following command locks down the channel settings for radios in radio profile rp2:WX# set

set radio-profile auto-tune power-interval 455Examples — The following command enables dynamic power tuning for radios in the rp2 radio profile:WX4400

456 CHAPTER 11: MANAGED ACCESS POINT COMMANDSSee Also display service-profile on page 401 set ap radio auto-tune max- retransmissions on page 433 s

set radio-profile auto-tune power-ramp-interval 457set radio-profile auto-tune power-ramp-intervalChanges the interval at which power is increased or

458 CHAPTER 11: MANAGED ACCESS POINT COMMANDSAccess — Enabled.History —Introduced in MSS Version 3.0.Usage — You must disable all radios that are usin

set radio-profile countermeasures 459 configured — Configures radios to attack only devices in the attack list on the WX switch (on-demand countermea

46 NEW FEATURES SUMMARYExamples — To configure MSS to detect ad-hoc networks and classify them as rogue devices, use the following command:WX# set rfd

460 CHAPTER 11: MANAGED ACCESS POINT COMMANDSset radio-profile dtim-intervalChanges the number of times after every beacon that each MAP radio in a ra

set radio-profile frag-threshold 461set radio-profile frag-thresholdChanges the fragmentation threshold for the MAP radios in a radio profile. The fra

462 CHAPTER 11: MANAGED ACCESS POINT COMMANDSSee Also display radio-profile on page 398 set radio-profile mode on page 464 set radio-profile rts-th

set radio-profile max-tx-lifetime 463See Also display radio-profile on page 398 set radio-profile mode on page 464 set radio-profile max-tx-lifetim

464 CHAPTER 11: MANAGED ACCESS POINT COMMANDSset radio-profile modeCreates a new radio profile, and disables or reenables all MAP radios that are usin

set radio-profile mode 465Access — Enabled.History —Introduced in MSS Version 3.0.Version 4.2 made the following changes: Removed the following param

466 CHAPTER 11: MANAGED ACCESS POINT COMMANDSTo change a parameter in a radio profile, you must first disable all the radios in the profile. After you

set radio-profile preamble-length 467set radio-profile preamble-lengthChanges the preamble length for which an 802.11b/g MAP radio advertises support.

468 CHAPTER 11: MANAGED ACCESS POINT COMMANDSset radio-profile qos-modeSets the prioritization mode for forwarding queues on MAP radios managed by the

set radio-profile rfid-mode 469set radio-profile rfid-modeEnables MAP radios managed by a radio profile to function as location receivers in an AeroSc

RF Detection Configuration 47Examples — To configure MSS to detect devices seen on the network and classify them as rogue devices, use the following c

470 CHAPTER 11: MANAGED ACCESS POINT COMMANDSDefaults — Data rate enforcement is disabled by default.Access — Enabled.History — Introduced in MSS Vers

set radio-profile rts-threshold 471See Also display ap counters on page 367 set service-profile transmit-rates on page 516set radio-profile rts-thre

472 CHAPTER 11: MANAGED ACCESS POINT COMMANDSset radio-profile service-profileMaps a service profile to a radio profile. All radios that use the radio

set radio-profile service-profile 473cipher-ccmp disable Does not use Counter with Cipher Block Chaining Message Authentication Code Protocol (CCMP) t

474 CHAPTER 11: MANAGED ACCESS POINT COMMANDSshared-key-auth disable Does not use shared-key authentication.This parameter does not enable PSK authent

set radio-profile service-profile 475transmit-rates 802.11a:mandatory: 6.0,12.0,24.0beacon-rate: 6.0multicast-rate: autodisabled: none802.11b:mandator

476 CHAPTER 11: MANAGED ACCESS POINT COMMANDSAccess — Enabled.History —Introduced in MSS Version 3.0.Usage — You must configure the service profile be

set radio-profile service-profile 477 set service-profile cac-mode on page 486 set service-profile cac-session on page 487 set service-profile ciph

478 CHAPTER 11: MANAGED ACCESS POINT COMMANDSset radio-profile short-retryDeprecated in MSS Version 4.2. In 4.2, this parameter is associated with ser

set service-profile attr 479Usage — U-APSD is supported only for QoS mode WMM. If WMM is not enabled on the radio profile, use the set radio-profile q

48 NEW FEATURES SUMMARYdisplay aaa Command ReplacementsIn previous releases, the display aaa command displayed RADIUS, users, and mac-users configurat

480 CHAPTER 11: MANAGED ACCESS POINT COMMANDSThe SSID default attributes are applied in addition to any attributes supplied for the user by the RADIUS

set service-profile auth-dot1x 481See Also display service-profile on page 401 display sessions network on page 668set service-profile auth-dot1xDis

482 CHAPTER 11: MANAGED ACCESS POINT COMMANDSSee Also display service-profile on page 401 set service-profile auth-psk on page 483 set service-prof

set service-profile auth-psk 483Access — Enabled.History —Introduced in MSS Version 3.0. Option for WebAAA fallthru authentication type changed from w

484 CHAPTER 11: MANAGED ACCESS POINT COMMANDSAccess — Enabled.History —Introduced in MSS Version 3.0.Usage — This command affects authentication of WP

set service-profile bridging 485 enable — Enables beaconing of the SSID managed by the service profile. disable — Disables beaconing of the SSID man

486 CHAPTER 11: MANAGED ACCESS POINT COMMANDSUsage — WLAN mesh services can be used in a wireless bridge configuration, implementing MAPs as bridge en

set service-profile cac-session 487Examples — The following command enables session-based CAC on service profile sp1:WX4400# set service-profile sp1 c

488 CHAPTER 11: MANAGED ACCESS POINT COMMANDSset service-profile cipher-ccmpEnables Counter with Cipher Block Chaining Message Authentication Code Pro

set service-profile cipher-tkip 489set service-profile cipher-tkipDisables or reenables Temporal Key Integrity Protocol (TKIP) encryption in a service

display aaa Command Replacements 49Dynamic Authordisplay user Displays summary or verbose status relating to users or users matching a glob. For user

490 CHAPTER 11: MANAGED ACCESS POINT COMMANDSset service-profile cipher-wep104Enables dynamic Wired Equivalent Privacy (WEP) with 104-bit keys, in a s

set service-profile cipher-wep40 491See Also display service-profile on page 401 set service-profile cipher-ccmp on page 488 set service-profile ci

492 CHAPTER 11: MANAGED ACCESS POINT COMMANDSTo support non-WPA clients that use static WEP, you must configure static WEP keys. Use the set service-p

set service-profile dhcp-restrict 493WX4400# set service-profile sp1 cos 7success: change accepted.See Also display service-profile on page 401 set

494 CHAPTER 11: MANAGED ACCESS POINT COMMANDSset service-profile idle-client-probingDisables or reenables periodic keepalives from MAP radios to clien

set service-profile keep-initial-vlan 495set service-profile keep-initial-vlanConfigures MAP radios managed by the radio profile to leave a roamed use

496 CHAPTER 11: MANAGED ACCESS POINT COMMANDSset service-profile load-balancing-exemptExempts a service profile from performing RF load balancing.Synt

set service-profile long-retry-count 497set service-profile long-retry-countChanges the long retry threshold for a service profile. The long retry thr

498 CHAPTER 11: MANAGED ACCESS POINT COMMANDSset service-profile meshCreates a service profile for use with WLAN mesh services.Syntax — set service-pr

set service-profile no-broadcast 499set service-profile no-broadcastDisables or reenables the no-broadcast mode. The no-broadcast mode helps reduce tr

display service-profile Enhancements 61display rfdetect Changes 66Deprecated Commands 66display rfdetect data 66display rfdetect data ap 69display rfd

50 NEW FEATURES SUMMARYWX# display user *john* verboseacct-interim-interval: 180User name: johnsmithStatus: enabledPassword: iforgot2(encypted)Group:

500 CHAPTER 11: MANAGED ACCESS POINT COMMANDSExamples — The following command enables the no-broadcast mode on service profile sp1:WX4400# set service

set service-profile psk-phrase 501Examples — The following command enables proxy ARP on service profile sp1:WX4400# set service-profile sp1 proxy-arp

502 CHAPTER 11: MANAGED ACCESS POINT COMMANDSExamples — The following command configures service profile sp3 to use passphrase “1234567890123<>?

set service-profile rsn-ie 503Examples — The following command configures service profile sp3 to use a raw PSK with PSK clients:WX4400# set service-pr

504 CHAPTER 11: MANAGED ACCESS POINT COMMANDSset service-profile shared-key-authEnables shared-key authentication, in a service profile.Use this comma

set service-profile soda agent-directory 505 threshold — Number of times a radio can send the same short unicast frame. You can enter a value from 1

506 CHAPTER 11: MANAGED ACCESS POINT COMMANDSExamples — The following command specifies soda-agent as the location for SODA agent files for service pr

set service-profile soda failure-page 507When the enforce checks option is enabled, upon successful completion of the SODA agent checks, the client pe

508 CHAPTER 11: MANAGED ACCESS POINT COMMANDSUsage — Use this command to specify a custom page to be loaded by the client when the SODA agent checks f

set service-profile soda logout-page 509History —Introduced in MSS Version 4.2.Usage — When a client closes the SODA virtual desktop, the client is au

display aaa Command Replacements 51display mac-user Displays summary or verbose status relating to a specific mac-user or all mac-users. WX# display m

510 CHAPTER 11: MANAGED ACCESS POINT COMMANDSset service-profile soda modeEnables or disables Sygate On-Demand (SODA) functionality for a service prof

set service-profile soda remediation-acl 511set service-profile soda remediation-aclSpecifies an ACL to be applied to a client if it fails the checks

512 CHAPTER 11: MANAGED ACCESS POINT COMMANDSset service-profile soda success-pageSpecifies a page on the WX that loads when a client passes the secur

set service-profile ssid-name 513See Also display service-profile on page 401 set service-profile soda enforce-checks on page 506 set service-profi

514 CHAPTER 11: MANAGED ACCESS POINT COMMANDSset service-profile ssid-typeSpecifies whether the SSID managed by a service profile is encrypted or unen

set service-profile static-cos 515History —Introduced in MSS Version 3.0.Usage — Countermeasures apply only to TKIP and WEP clients. This includes WPA

516 CHAPTER 11: MANAGED ACCESS POINT COMMANDSDefaults — Static CoS is disabled by default.Access — Enabled.History —Introduced in MSS Version 4.2.Usag

set service-profile transmit-rates 517The valid rates depend on the radio type: 11a—6.0, 9.0, 12.0, 18.0, 24.0, 36.0, 48.0, 54.0 11b—1.0, 2.0, 5.5,

518 CHAPTER 11: MANAGED ACCESS POINT COMMANDS beacon-rate: 11a—6.0 11b—2.0 11g—2.0 multicast-rate—auto for all radio types.Access — Enabled.Histo

set service-profile user-idle-timeout 519History —If this command is enabled in the service profile, the 802.11 QoS level is ignored, and MSS classifi

52 NEW FEATURES SUMMARYWX# display mac-user 00:11:11:21:11* verbosedisplay usergroup Displays summary status for all user groups or verbose status for

520 CHAPTER 11: MANAGED ACCESS POINT COMMANDSWX4400# set service-profile sp1 user-idle-timeout 360success: change accepted.See Also display service-p

set service-profile web-portal-form 521The Web-Portal ACL applies only to users who log on using Web Portal, and applies only during authentication. A

522 CHAPTER 11: MANAGED ACCESS POINT COMMANDSTo use WebAAA, the fallthru authentication type in the service profile that manages the SSID must be set

set service-profile web-portal-logout logout-url 523set service-profile web-portal-logout logout-urlSpecifies the URL that is requested when the user

524 CHAPTER 11: MANAGED ACCESS POINT COMMANDSExamples — The following command configures the Web Portal logout URL as: wifizone.3Com.com/logout.html f

set service-profile web-portal-session-timeout 525Examples — The following command enables the Web Portal logout functionality for service profile sp

526 CHAPTER 11: MANAGED ACCESS POINT COMMANDSNote that the Web Portal WebAAA session timeout period applies only to Web Portal WebAAA sessions already

set service-profile wep active-unicast- index 527See Also display service-profile on page 401 set service-profile wep active-unicast- index on page

528 CHAPTER 11: MANAGED ACCESS POINT COMMANDSset service-profile wep key-indexSets the value of one of four static Wired-Equivalent Privacy (WEP) keys

set service-profile wpa-ie 529set service-profile wpa-ieEnables the WPA information element (IE) in wireless frames. The WPA IE advertises the WPA aut

display aaa Command Replacements 53Users in this group:WX# display usergroup Guests2No users in this group.display mac-usergroup Displays summary stat

530 CHAPTER 11: MANAGED ACCESS POINT COMMANDS

12STP COMMANDSUse Spanning Tree Protocol (STP) commands to configure and manage spanning trees on the virtual LANs (VLANs) configured on a wireless LA

532 CHAPTER 12: STP COMMANDSclear spantree portcostResets to the default value the cost of a network port or ports on paths to the STP root bridge in

clear spantree portpri 533clear spantree portpriResets to the default value the priority of a network port or ports for selection as part of the path

534 CHAPTER 12: STP COMMANDS vlan vlan-id — VLAN name or number. MSS resets the cost for only the specified VLAN. Defaults — None.Access — Enabled.Hi

clear spantree statistics 535History —Introduced in MSS Version 3.0.Usage — MSS does not change a port’s priority for VLANs other than the one(s) you

536 CHAPTER 12: STP COMMANDSdisplay spantree Displays STP configuration and port-state information.Syntax — display spantree [port-list | vlan vlan-id

display spantree 5377 1 Forwarding 19 128 Disabled8 1 Disabled 19 128 Disabled9 1 Disabled 19 12

538 CHAPTER 12: STP COMMANDSPort Port number. Only network ports are listed. STP does not apply to 3Com Wireless LAN Managed Access Point AP2750 ports

display spantree backbonefast 539See Also display spantree blockedports on page 540display spantree backbonefastIndicates whether the STP backbone fa

54 NEW FEATURES SUMMARYMAC users in this group:WX# display mac-usergroup AdminNo MAC users in this group. display ap config EnhancementsNew commands a

540 CHAPTER 12: STP COMMANDSExamples — The following example shows the command output on a WX switch with backbone fast convergence enabled:WX4400# di

display spantree portfast 541display spantree portfastDisplays STP uplink fast convergence information for all network ports or for one or more networ

542 CHAPTER 12: STP COMMANDSdisplay spantree portvlancostShows the cost of a port on a path to the STP root bridge, for each of the port’s VLANs.Synta

display spantree statistics 543Usage — The command displays statistics separately for each port.Examples — The following command shows STP statistics

544 CHAPTER 12: STP COMMANDStopology change timer value 0hold timer INACTIVEhold timer value

display spantree statistics 545Table 78 Output for display spantree statisticsField DescriptionPort Port number.VLAN VLAN ID.Spanning Tree enabled f

546 CHAPTER 12: STP COMMANDSconfig_pending Indicates whether a configured BPDU is to be transmitted on expiration of the hold timer for the port.port_

display spantree statistics 547hold timer Status of the hold timer. This timer ensures that configured BPDUs are not transmitted too frequently throug

548 CHAPTER 12: STP COMMANDSSee Also clear spantree statistics on page 535display spantree uplinkfastShows uplink fast convergence information for on

set spantree 549See Also set spantree uplinkfast on page 558set spantree Enables or disables STP on one VLAN or all VLANs configured on a WX switch.S

display load Enhancements 55display ap config Displays all attributes of the specified AP. WX# display ap config apnumdisplay ap config radio Displays

550 CHAPTER 12: STP COMMANDSSee Also display spantree on page 536set spantree backbonefastEnables or disables STP backbone fast convergence on a wire

set spantree fwddelay 551set spantree fwddelayChanges the period of time after a topology change that a WX switch which is not the root bridge waits t

552 CHAPTER 12: STP COMMANDSAccess — Enabled.History —Introduced in MSS Version 3.0.Examples — The following command changes the hello interval for al

set spantree portcost 553set spantree portcostChanges the cost that transmission through a network port or ports in the default VLAN on a wireless LAN

554 CHAPTER 12: STP COMMANDSSee Also clear spantree portcost on page 532 clear spantree portvlancost on page 533 display spantree on page 536 disp

set spantree portpri 555set spantree portpri Changes the STP priority of a network port or ports for selection as part of the path to the STP root bri

556 CHAPTER 12: STP COMMANDSset spantree portvlancostChanges the cost of a network port or ports on paths to the STP root bridge for a specific VLAN o

set spantree portvlanpri 557set spantree portvlanpriChanges the priority of a network port or ports for selection as part of the path to the STP root

558 CHAPTER 12: STP COMMANDSset spantree priorityChanges the STP root bridge priority of a wireless LAN switch on one or all of its VLANs.Syntax — set

set spantree uplinkfast 559History —Introduced in MSS Version 3.0.Usage — The uplink fast convergence feature is applicable to bridges that are acting

56 NEW FEATURES SUMMARYThe following information is displayed: System CPU loadSummary data displayed: Last second (also called instant load) Last m

560 CHAPTER 12: STP COMMANDS

13IGMP SNOOPING COMMANDSUse Internet Group Management Protocol (IGMP) snooping commands to configure and manage multicast traffic reduction on a WX. C

562 CHAPTER 13: IGMP SNOOPING COMMANDSclear igmp statistics Clears IGMP statistics counters on one VLAN or all VLANs on a wireless LAN switch and rese

display igmp 563Examples — The following command displays IGMP information for VLAN orange:WX1200# display igmp vlan orangeVLAN: orangeIGMP is enabled

564 CHAPTER 13: IGMP SNOOPING COMMANDSTable 82 describes the fields in this display.Table 82 Output for display igmpField DescriptionVLAN VLAN name.

display igmp 565TTL Number of seconds before this entry ages out if not refreshed. For static multicast router entries, the time-to-live (TTL) value i

566 CHAPTER 13: IGMP SNOOPING COMMANDSSee Also display igmp mrouter on page 566 display igmp querier on page 567 display igmp receiver-table on pag

display igmp querier 567See Also display igmp mrouter on page 566 set igmp mrouter on page 575display igmp querierShows information about the active

568 CHAPTER 13: IGMP SNOOPING COMMANDSHistory — Introduced in MSS Version 3.0.Examples — The following command displays querier information for VLAN o

display igmp receiver-table 569See Also set igmp querier on page 581display igmp receiver-tableDisplays the receivers to which a WX forwards multicas

display load Enhancements 57Last hour: 38486 KBLast day: 40708 KBLast 3 days: 40931 KBTotal system memory: 131072 KBdisplay load c

570 CHAPTER 13: IGMP SNOOPING COMMANDSThe following command lists all receivers for multicast groups 237.255.255.1 through 237.255.255.255, in all VLA

display igmp statistics 571display igmp statisticsShows IGMP statistics.Syntax — display igmp statistics [vlan vlan-id] vlan vlan-id — VLAN name or n

572 CHAPTER 13: IGMP SNOOPING COMMANDSTable 86 Output of display igmp statisticsField DescriptionIGMP statistics for vlanVLAN name. Statistics are l

set igmp 573See Also clear igmp statistics on page 562set igmp Disables or reenables IGMP snooping on one VLAN or all VLANs on a wireless LAN switch.

574 CHAPTER 13: IGMP SNOOPING COMMANDSset igmp lmqi Changes the IGMP last member query interval timer on one VLAN or all VLANs on a wireless LAN switc

set igmp mrouter 575set igmp mrouter Adds or removes a port in a WX’s list of ports on which it forwards traffic to multicast routers. Static multicas

576 CHAPTER 13: IGMP SNOOPING COMMANDSset igmp mrsol Enables or disables multicast router solicitation by a WX.Syntax — set igmp mrsol {enable | disab

set igmp oqi 577Usage — You cannot add MAP access ports or wired authentication ports as static multicast ports. However, MSS can dynamically add thes

578 CHAPTER 13: IGMP SNOOPING COMMANDSSee Also set igmp lmqi on page 574 set igmp qi on page 579 set igmp qri on page 580 set igmp querier on page

set igmp qi 579set igmp qi Changes the IGMP query interval timer on one VLAN or all VLANs on a WX.Syntax — set igmp qi seconds [vlan vlan-id] qi seco

58 NEW FEATURES SUMMARYdisplay load cpu history Output example:display radio-profile EnhancementsThe display radio-profile command is used to display

580 CHAPTER 13: IGMP SNOOPING COMMANDSset igmp qri Changes the IGMP query response interval timer on one VLAN or all VLANs on a WX.Syntax — set igmp q

set igmp querier 581set igmp querier Enables or disables the IGMP pseudo-querier on a WX, on one VLAN or all VLANs.Syntax — set igmp querier {enable |

582 CHAPTER 13: IGMP SNOOPING COMMANDSDefaults — By default, no ports are static multicast receiver ports. Access — Enabled.History — Introduced in MS

set igmp rv 583See Also set igmp oqi on page 577 set igmp qi on page 579 set igmp qri on page 580

584 CHAPTER 13: IGMP SNOOPING COMMANDS

14SECURITY ACL COMMANDSUse security ACL commands to configure and monitor security access control lists (ACLs). Security ACLs filter packets to restri

586 CHAPTER 14: SECURITY ACL COMMANDSclear security acl Clears a specified security ACL, an access control entry (ACE), or all security ACLs, from the

clear security acl map 587WX4400# display security acl info allACL information for allset security acl ip acl_133 (hits #1 0)-------------------------

588 CHAPTER 14: SECURITY ACL COMMANDSSyntax — clear security acl map {acl-name | all} {vlan vlan-id | port port-list [tag tag-value] | ap ap-num} {in

commit security acl 589To clear all physical ports, virtual ports, and VLANs on a WX switch of the ACLs mapped for incoming and outgoing traffic, type

display radio-profile Enhancements 59display radio-profile Displays all configured attributes of the specified radio profile. WX# display radio-profil

590 CHAPTER 14: SECURITY ACL COMMANDSExamples — The following commands commit all the security ACLs in the edit buffer to the configuration, display a

display security acl editbuffer 591WX4400# display security aclACL tableACL Type Class Mapping---------------------------- ---- ------ -------acl_123

592 CHAPTER 14: SECURITY ACL COMMANDSTo view details about these uncommitted ACLs, type the following command. WX4400# display security acl info all e

display security acl info 593Examples — To display the security ACL hits on a WX switch, type the following command:WX4400# display security acl hitsA

594 CHAPTER 14: SECURITY ACL COMMANDSExamples — To display the contents of all security ACLs committed on a WX switch, type the following command:WX44

display security acl resource-usage 595Access — Enabled.History — Introduced in MSS Version 3.0.Examples — The following command displays the port to

596 CHAPTER 14: SECURITY ACL COMMANDSExamples — To display security ACL resource usage, type the following command:WX4400# display security acl resour

display security acl resource-usage 597Table 88 Output of display security acl resource-usageField DescriptionNumber of rules Number of security ACE

598 CHAPTER 14: SECURITY ACL COMMANDSLUdef in use Number of the lookup definition (LUdef) table currently in use for packet handling. Default action p

rollback security acl 599rollback security acl Clears changes made to the security ACL edit buffer since it was last saved. The ACL is rolled back to

3 SYSTEM SERVICE COMMANDSCommands by Usage 89clear banner motd 90clear history 91clear prompt 91clear system 92display banner motd 93display base-info

60 NEW FEATURES SUMMARYdisplay sessions network ap Enhancements New commands and output now allow you to see AP statistics of a network session. The n

600 CHAPTER 14: SECURITY ACL COMMANDSExamples — The following commands show the edit buffer before a rollback, clear any changes in the edit buffer to

set security acl 601By ICMP packetsSyntax — set security acl ip acl-name {permit [cos cos] | deny} icmp {source-ip-addr mask destination-ip-addr ma

602 CHAPTER 14: SECURITY ACL COMMANDS 0 or 3—Best effort. Packets are queued in MAP forwarding queue 3. 4 or 5—Video. Packets are queued in MAP forw

set security acl 603(For a complete list of TCP and UDP port numbers, see www.iana.org/assignments/port-numbers.)  destination-ip-addr mask — IP addr

604 CHAPTER 14: SECURITY ACL COMMANDS before editbuffer-index — Inserts the new ACE in front of another ACE in the security ACL. Specify the number o

set security acl map 605The following command adds an ACE to acl_123 that denies packets from IP address 192.168.2.11:WX4400# set security acl ip acl_

606 CHAPTER 14: SECURITY ACL COMMANDSSyntax — set security acl map acl-name {vlan vlan-id | port port-list [tag tag-list] | ap ap-num} {in | out} acl

set security acl hit-sample-rate 607See Also clear security acl map on page 587 commit security acl on page 589 set mac-user attr on page 309 set

608 CHAPTER 14: SECURITY ACL COMMANDSExamples — The first command sets MSS to sample ACL hits every 15 seconds. The second and third commands display

15CRYPTOGRAPHY COMMANDSA digital certificate is a form of electronic identification for computers. The WX requires digital certificates to authenticat

clear sessions network Enhancements 61WX# display sessions network ap 1, 7, 8 radio 16 of 16 sessions matchedAP 1, Conference RoomAP 1, Conference Roo

610 CHAPTER 15: CRYPTOGRAPHY COMMANDSCommands by UsageThis chapter presents cryptography commands alphabetically. Use Table 89 to locate commands in t

crypto ca-certificate 611 PEM-formatted certificate — ASCII text representation of the certificate authority PKCS #7 certificate, consisting of up to

612 CHAPTER 15: CRYPTOGRAPHY COMMANDScrypto certificate Installs one of the WX switch’s PKCS #7 certificates into the certificate and key storage area

crypto generate key 613Examples — The following command installs a certificate:WX4400# crypto certificate adminEnter PEM-encoded certificate-----BEGIN

614 CHAPTER 15: CRYPTOGRAPHY COMMANDSHistory —Introduced in MSS Version 3.0. Webaaa option renamed to web in MSS Version 4.1.Usage — You can overwrite

crypto generate request 615 State Name string — (Optional) Specify the name of the state, in up to 64 alphanumeric characters. Spaces are allowed. L

616 CHAPTER 15: CRYPTOGRAPHY COMMANDSExamples — To request an administrative certificate from a certificate authority, type the following command:WX44

crypto generate self-signed 617After you type the command, you are prompted for the following variables: Country Name string — (Optional) Specify the

618 CHAPTER 15: CRYPTOGRAPHY COMMANDSTo generate a self-signed administrative certificate, type the following command:WX4400# crypto generate self-sig

crypto otp 619Note: On an WX switch that handles communications to and from Microsoft Windows clients, use a one-time password of 31 characters or few

62 NEW FEATURES SUMMARYThere are two possible forms for the display service-profile command: display service-profile name  display service-profile n

620 CHAPTER 15: CRYPTOGRAPHY COMMANDScrypto pkcs12 Unpacks a PKCS #12 object file into the certificate and key storage area on the WX switch. This obj

display crypto ca-certificate 621Examples — The following commands copy a PKCS #12 object file for an EAP certificate and key pair—and optionally the

622 CHAPTER 15: CRYPTOGRAPHY COMMANDSAccess — Enabled.History —Introduced in MSS Version 3.0. Webaaa option renamed to web in MSS Version 4.1.Examples

display crypto certificate 623Defaults — None.Access — Enabled.History —Introduced in MSS Version 3.0. Webaaa option renamed to web in MSS Version 4.1

624 CHAPTER 15: CRYPTOGRAPHY COMMANDSdisplay crypto key domainDisplays domain key information.Syntax — display crypto key domainDefaults — None.Access

16RADIUS AND SERVER GROUP COMMANDSUse RADIUS commands to set up communication between a WX switch and groups of up to four RADIUS servers for remote a

626 CHAPTER 16: RADIUS AND SERVER GROUP COMMANDSclear radius Resets parameters that were globally configured for RADIUS servers to their default value

clear radius client system-ip 627WX4400# clear radius timeoutsuccess: change accepted.See Also display aaa on page 277 set radius on page 630 set r

628 CHAPTER 16: RADIUS AND SERVER GROUP COMMANDSclear radius proxy clientRemoves RADIUS proxy client entries for third-party APs.Syntax — clear radius

clear radius server 629clear radius server Removes the named RADIUS server from the WX configuration.Syntax — clear radius server server-name server-

display service-profile Enhancements 63Encryption type string*End date string*Filter ID string [, string]*Idle timeout string*Mobility profile string*

630 CHAPTER 16: RADIUS AND SERVER GROUP COMMANDSExamples — To remove the server group sg-77 type the following command:WX4400# clear server group sg-7

set radius 631MSS encrypts the display form of the string in display config and display aaa output. retransmit number — Number of transmission attemp

632 CHAPTER 16: RADIUS AND SERVER GROUP COMMANDSSee Also clear radius server on page 629 display aaa on page 277 set radius server on page 635set r

set radius proxy client 633set radius proxy clientAdds a RADIUS proxy entry for a third-party AP. The proxy entry specifies the IP address of the AP a

634 CHAPTER 16: RADIUS AND SERVER GROUP COMMANDSset radius proxy portConfigures the WX port connected to a third-party AP as a RADIUS proxy for the SS

set radius server 635set radius server Configures RADIUS servers and their parameters. By default, the WX switch automatically sets all these values e

636 CHAPTER 16: RADIUS AND SERVER GROUP COMMANDS author-password password — Password used for authorization to a RADIUS server for MAC users. Specify

set server group 637Examples — To set a RADIUS server named RS42 with IP address 198.162.1.1 to use the default accounting and authorization ports wit

638 CHAPTER 16: RADIUS AND SERVER GROUP COMMANDSDo not use the same name for a RADIUS server and a RADIUS server group.Examples — To set server group

set server group load-balance 639Examples — To enable load balancing between the members of server group shorebirds, type the following command:WX1200

64 NEW FEATURES SUMMARY* - option present only if a value is setThe Options list displays only enabled attributes.Output example:WX# display service-p

640 CHAPTER 16: RADIUS AND SERVER GROUP COMMANDS

17802.1X MANAGEMENT COMMANDSUse 802. IEEE X management commands to modify the default settings for IEEE 802.1X sessions on an WX. For best results, ch

642 CHAPTER 17: 802.1X MANAGEMENT COMMANDSclear dot1x bonded-periodResets the Bonded Auth™ (bonded authentication) period to its default value. The bo

clear dot1x max-req 643See Also display dot1x on page 647  set dot1x bonded-period on page 651clear dot1x max-req Resets to the default setting the

644 CHAPTER 17: 802.1X MANAGEMENT COMMANDSUsage — This command is overridden by the set dot1x authcontrol command. The clear dot1x port-control comman

clear dot1x reauth-max 645clear dot1x reauth-maxResets the maximum number of reauthorization attempts to the default setting. Syntax — clear dot1x rea

646 CHAPTER 17: 802.1X MANAGEMENT COMMANDSclear dot1x timeout auth-serverResets to the default setting the number of seconds that must elapse before t

clear dot1x tx-period 647clear dot1x tx-periodResets to the default setting the number of seconds that must elapse before the WX switch retransmits an

648 CHAPTER 17: 802.1X MANAGEMENT COMMANDSHistory —Introduced in MSS Version 3.0. Format of 802.1X authentication rule information in display dot1x co

display dot1x 649 802.1X parameter setting ---------------- ------- supplicant timeout

display service-profile Enhancements 65Pre-shared-key: e647c43e9a166bb15724384b5b57f98c664dbe2069aaa1352ec1d28dacb1975SSID attributesFilter id: traffi

650 CHAPTER 17: 802.1X MANAGEMENT COMMANDSset dot1x authcontrolProvides a global override mechanism for 802.1X authentication configuration on wired a

set dot1x bonded-period 651Defaults — By default, authentication control for individual wired authentication is enabled.Access — Enabled.History —Intr

652 CHAPTER 17: 802.1X MANAGEMENT COMMANDSUsage — Normally, the Bonded Auth period needs to be set only if the network has Bonded Auth clients that us

set dot1x max-req 653Examples — Type the following command to enable key transmission:WX4400# set dot1x key-tx enablesuccess: dot1x key transmission e

654 CHAPTER 17: 802.1X MANAGEMENT COMMANDSset dot1x port-controlDetermines the 802.1X authentication behavior on individual wired authentication ports

set dot1x quiet-period 655set dot1x quiet-periodSets the number of seconds a WX remains quiet and does not respond to a supplicant after a failed auth

656 CHAPTER 17: 802.1X MANAGEMENT COMMANDSSee Also display dot1x on page 647 set dot1x reauth-max on page 656 set dot1x reauth-period on page 657se

set dot1x reauth-period 657set dot1x reauth-periodSets the number of seconds that must elapse before the WX switch attempts reauthentication.Syntax —

658 CHAPTER 17: 802.1X MANAGEMENT COMMANDSSee Also display dot1x on page 647 clear dot1x timeout auth-server on page 646set dot1x timeout supplicant

set dot1x wep-rekey 659Examples — Type the following command to set the number of seconds before the WX switch retransmits an EAPoL packet to 300:WX44

66 NEW FEATURES SUMMARY11bBeacon rate: 2Multicast rate: autoMandatory rates: 1, 2Standard rates: 5.5, 1111gBeacon rate: 2Multicast rate: autoMandatory

660 CHAPTER 17: 802.1X MANAGEMENT COMMANDSset dot1x wep-rekey-periodSets the interval for rotating the WEP broadcast and multicast keys.Syntax — set d

18SESSION MANAGEMENT COMMANDSUse session management commands to display and clear administrative and network user sessions. Commands by UsageThis chap

662 CHAPTER 18: SESSION MANAGEMENT COMMANDS telnet client [session-id] — Clears all Telnet client sessions from the CLI to remote devices, or clears

clear sessions network 663clear sessions networkClears all network sessions for a specified username or set of usernames, MAC address or set of MAC ad

664 CHAPTER 18: SESSION MANAGEMENT COMMANDSExamples — To clear all sessions for MAC address 00:01:02:03:04:05, type the following command:WX4400# clea

display sessions 665 telnet — Displays sessions for all users with administrative access to the WX switch through a Telnet connection. telnet client

666 CHAPTER 18: SESSION MANAGEMENT COMMANDSTo view information about Telnet client sessions, type the following command:WX4400# display sessions telne

display sessions mesh-ap 667display sessions mesh-apDisplays summary or verbose information about Mesh AP sessions on the WX.Syntax — display sessions

668 CHAPTER 18: SESSION MANAGEMENT COMMANDSSee also “clear sessions” on page 661display sessions networkDisplays summary or verbose information about

display sessions network 669Defaults — None.Access — All.History —Introduced in MSS Version 3.0. Output added to the display network sessions verbose

display rfdetect Changes 67You can further refine the output using the options listed below:bssidThe entire BSSID in the format XX:XX:XX:XX:XX:XX or i

670 CHAPTER 18: SESSION MANAGEMENT COMMANDSThe following command displays summary information about all the sessions of users whose names begin with E

display sessions network 671Start-Date=05/04/11-10:00 (AAA)1 sessions total(Table 100 on page 672 describes the additional fields of the verbose outpu

672 CHAPTER 18: SESSION MANAGEMENT COMMANDSSess ID Locally unique number that identifies this session. An asterisk (*) next to the session ID indicate

display sessions network 673State Status of the session: AUTH, ASSOC REQ — Client is being associated by the 802.1X protocol. AUTH AND ASSOC — Clien

674 CHAPTER 18: SESSION MANAGEMENT COMMANDSTable 101 display sessions network session-id OutputField DescriptionGlobal Id A unique session identifie

display sessions network 675See Also clear sessions network on page 663Authentication MethodExtensible Authentication Protocol (EAP) type used to aut

676 CHAPTER 18: SESSION MANAGEMENT COMMANDS

19RF DETECTION COMMANDSMSS automatically performs RF detection scans on enabled and disabled radios to detect rogue access points. A rogue access poin

678 CHAPTER 19: RF DETECTION COMMANDSclear rfdetect attack-listRemoves a MAC address from the attack list.Syntax — clear rfdetect attack-list mac-addr

clear rfdetect black-list 679See Also clear rfdetect attack-list on page 678 display rfdetect attack-list on page 683clear rfdetect black-listRemove

68 NEW FEATURES SUMMARYclassSort output by classification as a rogue, neighbor, member, suspect, or none.WX# display rfdetect data classTotal number o

680 CHAPTER 19: RF DETECTION COMMANDSExamples — The following command removes BSSID aa:bb:cc:11:22:33 from the ignore list for RF scans:WX1200# clear

clear rfdetect vendor-list 681clear rfdetect vendor-listRemoves an entry from the permitted vendor list.Syntax — clear rfdetect vendor-list {client |

682 CHAPTER 19: RF DETECTION COMMANDSrfping Provides information about the RF link between the WX and the client based on sending test packets to the

display rfdetect attack-list 683See Also display rfdetect data on page 690 display rfdetect visible on page 698display rfdetect attack-listDisplays

684 CHAPTER 19: RF DETECTION COMMANDSdisplay rfdetect black-listDisplays information abut the clients in the client black list.Syntax — display rfdete

display rfdetect clients 685display rfdetect clientsDisplays the wireless clients detected by a WX switch. Syntax — display rfdetect clients [mac mac-

686 CHAPTER 19: RF DETECTION COMMANDSTable 104 display rfdetect clients OutputField DescriptionClient MAC MAC address of the client.Client Vendor Co

display rfdetect countermeasures 687display rfdetect countermeasuresDisplays the current status of countermeasures against rogues in the Mobility Doma

688 CHAPTER 19: RF DETECTION COMMANDSTable 106 describes the fields in this display.See Also  set radio-profile countermeasures on page 458display rf

display rfdetect counters 689Examples — The following command shows counters for rogue activity detected by a WX switch:WX4400# display rfdetect count

display rfdetect Changes 69 If the class is set to Member, there are two possible Reason codes: AP is part of the Mobility Domain AP is not part of

690 CHAPTER 19: RF DETECTION COMMANDSdisplay rfdetect dataDisplays all the BSSIDs detected by an individual WX switch during an RF detection scan. The

display rfdetect data 691See Also display rfdetect mobility-domain on page 692 display rfdetect visible on page 698Table 107 display rfdetect data

692 CHAPTER 19: RF DETECTION COMMANDSdisplay rfdetect ignoreDisplays the BSSIDs of third-party devices that MSS ignores during RF scans. MSS does not

display rfdetect mobility-domain 693Usage — This command is valid only on the seed switch of the Mobility Domain. To display rogue information for an

694 CHAPTER 19: RF DETECTION COMMANDS WX-IPaddress: 10.8.121.102 Port/Radio/Ch: 3/1/1 Mac: 00:0b:0e:00:0a:6a Device-type: interfering Adhoc: no Cryp

display rfdetect mobility-domain 695Table 108 and Table 109 describe the fields in these displays.Table 108 display rfdetect mobility-domain OutputF

696 CHAPTER 19: RF DETECTION COMMANDSSee Also display rfdetect data on page 690 display rfdetect visible on page 698Crypto-Types Encryption type:cle

display rfdetect ssid-list 697display rfdetect ssid-listDisplays the entries in the permitted SSID list.Syntax — display rfdetect ssid-listDefaults —

698 CHAPTER 19: RF DETECTION COMMANDSExamples — The following example shows the permitted vendor list on WX switch:WX1200# display rfdetect vendor-lis

display rfdetect visible 699Usage — If a 3Com radio is supporting more than one SSID, each of the corresponding BSSIDs is listed separately. To displa

clear port type 122display port counters 123display port-group 124display port mirror 125display port poe 126display port status 127display port media

70 NEW FEATURES SUMMARYdisplay rfdetect dataclientsThis command can be used to display client data in two ways: generic, and based on the MAC address

700 CHAPTER 19: RF DETECTION COMMANDSSee Also display rfdetect data on page 690 display rfdetect mobility-domain on page 692set rfdetect active-scan

set rfdetect attack-list 701set rfdetect attack-listAdds an entry to the attack list. The attack list specifies the MAC addresses of devices that MSS

702 CHAPTER 19: RF DETECTION COMMANDSset rfdetect black-listAdds an entry to the client black list. The client black list specifies clients that are n

set rfdetect countermeasures mac 703Syntax — set rfdetect countermeasures {enable | disable} enable — Enables countermeasures. disable — Disables co

704 CHAPTER 19: RF DETECTION COMMANDSYou can start countermeasures against more than one BSSID by typing additional set rfdetect countermeasures mac c

set rfdetect log 705Usage — Use this command to identify third-party APs and other devices you are already aware of and do not want MSS to report foll

706 CHAPTER 19: RF DETECTION COMMANDSHistory —Introduced in MSS Version 3.0.Usage — This command is valid only on the seed switch of the Mobility Doma

set rfdetect signature key 707Examples — The following command enables MAP signatures on a WX switch:WX1200# set rfdetect signature enablesuccess: si

708 CHAPTER 19: RF DETECTION COMMANDSIf you add a device that MSS has classified as a rogue to the permitted SSID list, but not to the ignore list, MS

test rflink 709If you add a device that MSS has classified as a rogue to the permitted vendor list, but not to the ignore list, MSS can still classify

display rfdetect Changes 71WX# display rfdetect data ssid Trapeze* verbose3 of 12 entries matchedConnected BSSID: 00:0b:0e:14:d4:81BSSID vendor: Trape

710 CHAPTER 19: RF DETECTION COMMANDSExamples — The following command tests the RF link between the WX switch and the client with MAC address 00:0e:9b

20FILE MANAGEMENT COMMANDSUse file management commands to manage system files and to display software and boot information. Commands by UsageThis chap

712 CHAPTER 20: FILE MANAGEMENT COMMANDSbackup Creates an archive of WX system files and optionally, user file, in Unix tape archive (tar) format.Synt

backup 713Archive files created by the all option are larger than files created by the critical option. The file size depends on the files in the user

714 CHAPTER 20: FILE MANAGEMENT COMMANDSclear boot backup-configurationClears the filename specified as the backup configuration file. In the event th

copy 715WX4400# reset system force... rebooting ...See Also display config on page 723 reset system on page 731copy Performs the following cop

716 CHAPTER 20: FILE MANAGEMENT COMMANDSDefaults — None.Access — Enabled.History —Introduced in MSS Version 3.0.Usage — The filename and file:filename

delete 717The following commands rename test-config to new-config by copying it from one name to the other in the same location, then deleting test-co

718 CHAPTER 20: FILE MANAGEMENT COMMANDSExamples — The following commands copy file testconfig to a TFTP server and delete the file from nonvolatile s

dir 719Examples — The following command displays the files in the root directory:WX4400# dir==========================================================

72 NEW FEATURES SUMMARYdisplay rfdetect datasummaryThis command has two forms: client and general. The client form displays a summary of all detected

720 CHAPTER 20: FILE MANAGEMENT COMMANDSThe following command limits the output to the contents of the user files area:WX4400# dir file:==============

install soda agent 721See Also copy on page 715 delete on page 717install soda agent Installs Sygate On-Demand (SODA) agent files in a directory on

722 CHAPTER 20: FILE MANAGEMENT COMMANDSUsage — The install soda agent command installs a .zip file containing SODA agent files into a directory on th

display config 723Table 115 describes the fields in the display boot output.See Also display version on page 725 reset system on page 731 set boot

724 CHAPTER 20: FILE MANAGEMENT COMMANDS ip-config l2acl log mobility-domain network-domain ntp portconfig port-group qos radio-profile rfd

display version 725Usage — If you do not use one of the optional parameters, configuration commands that set nondefault values are displayed for all c

726 CHAPTER 20: FILE MANAGEMENT COMMANDSExamples — The following command displays version information for a WX switch:WX1200# display version M

load config 727Table 116 describes the fields in the display version output.See Also display boot on page 722load config Loads configuration commands

728 CHAPTER 20: FILE MANAGEMENT COMMANDSDefaults — The default file location is nonvolatile storage. The current version supports loading a configurat

md5 729md5 Calculates the MD5 checksum for a file in the switch’s nonvolatile storage.Syntax — md5 [boot0: | boot1:]filename boot0: | boot1: — Boot p

display rfdetect Changes 73

730 CHAPTER 20: FILE MANAGEMENT COMMANDSExamples — The following commands create a subdirectory called corp2 and display the root directory to verify

reset system 731reset system Restarts an WX switch and reboots the software.Syntax — reset system [force] force — Immediately restarts the system and

732 CHAPTER 20: FILE MANAGEMENT COMMANDSrestore Unzips a system archive created by the backup command and copies the files from the archive onto the s

rmdir 733See Also backup on page 712rmdir Removes a subdirectory from nonvolatile storage. Syntax — rmdir [subdirname] subdirname — Subdirectory nam

734 CHAPTER 20: FILE MANAGEMENT COMMANDSAccess — Enabled.History —Introduced in MSS Version 3.0.Usage — If you do not specify a filename, MSS replaces

set boot configuration-file 735History —Introduced in MSS Version 4.1.Examples — The following command specifies a file called backup.cfg as the backu

736 CHAPTER 20: FILE MANAGEMENT COMMANDSset boot partition Specifies the boot partition in which to look for the system image file following the next

uninstall soda agent 737Usage — The uninstall soda command removes the SODA agent directory and all of its contents. All files in the specified direct

738 CHAPTER 20: FILE MANAGEMENT COMMANDS

21TRACE COMMANDSUse trace commands to perform diagnostic routines. While MSS allows you to run many types of traces, this chapter describes commands f

74 NEW FEATURES SUMMARY

740 CHAPTER 21: TRACE COMMANDSclear log trace Deletes the log messages stored in the trace buffer.Syntax — clear log traceDefaults — None.Access — Ena

display trace 741To clear the session manager trace, type the following command:WX4400# clear trace smsuccess: clear trace smSee Also display trace o

742 CHAPTER 21: TRACE COMMANDSsave trace Saves the accumulated trace data for enabled traces to a file in the WX switch’s nonvolatile storage. Syntax

set trace authorization 743Examples — The following command starts a trace for information about user jose’s authentication:WX4400# set trace authenti

744 CHAPTER 21: TRACE COMMANDSSee Also clear trace on page 740 display trace on page 741set trace dot1x Traces 802.1X sessions.Syntax — set trace do

set trace sm 745set trace sm Traces session manager activity. Syntax — set trace sm [mac-addr mac-address] [port port-num] [user username] [level leve

746 CHAPTER 21: TRACE COMMANDS

22SNOOP COMMANDSUse snoop commands to monitor wireless traffic, by using a MAP as a sniffing device. The MAP copies the sniffed 802.11 packets and sen

748 CHAPTER 22: SNOOP COMMANDSclear snoop Deletes a snoop filter.Syntax — clear snoop filter-name filter-name — Name of the snoop filter.Defaults — N

set snoop 749Examples — The following command removes snoop filter snoop2 from radio 2 on Distributed MAP 3:WX1200# clear snoop map snoop2 ap 3 radio

1USING THE COMMAND-LINE INTERFACEThis chapter discusses the 3Com Wireless Switch Manager (3WXM) command-line interface (CLI). Described are: CLI conv

750 CHAPTER 22: SNOOP COMMANDSTo match on packets to or from a specific MAC address, use the dest-mac or src-mac option. To match on both send and rec

set snoop 751 The MAP that is running a snoop filter forwards snooped packets directly to the observer. This is a one-way communication, from the MAP

752 CHAPTER 22: SNOOP COMMANDSset snoop map Maps a snoop filter to a radio on a MAP. A snoop filter does take effect until you map it to a radio and e

set snoop mode 753set snoop mode Enables a snoop filter. A snoop filter does not take effect until you map it to a MAP radio and enable the filter. Sy

754 CHAPTER 22: SNOOP COMMANDSdisplay snoop Displays the MAP radio mapping for all snoop filters.Syntax — display snoopDefaults — None.Access — Enable

display snoop map 755Examples — The following command shows the snoop filters configured in the examples above:WX1200# display snoop infosnoop1:

756 CHAPTER 22: SNOOP COMMANDSdisplay snoop stats Displays statistics for enabled snoop filters.Syntax — display snoop stats [filter-name [ap-num [rad

display snoop stats 757Table 119 describes the fields in this display.Table 119 display snoop stats OutputField DescriptionFilter Name of the snoop

758 CHAPTER 22: SNOOP COMMANDS

23SYSTEM LOG COMMANDSUse the system log commands to record information for monitoring and troubleshooting. MSS system logs are based on RFC 3164, whic

76 CHAPTER 1: USING THE COMMAND-LINE INTERFACECLI Conventions Be aware of the following MSS CLI conventions for command entry: “Command Prompts” on p

760 CHAPTER 23: SYSTEM LOG COMMANDSAccess — Enabled.History — Introduced in MSS Version 3.0.Examples — To stop sending system logging messages to a se

display log buffer 761 severity severity-level — Displays messages at a severity level greater than or equal to the level specified. Specify one of t

762 CHAPTER 23: SYSTEM LOG COMMANDSSee Also clear log on page 759 display log config on page 762display log config Displays log configuration inform

display log trace 763display log trace Displays system information stored in the nonvolatile log buffer or the trace buffer. Syntax — display log trac

764 CHAPTER 23: SYSTEM LOG COMMANDSDefaults — None. Access — Enabled.History — Introduced in MSS Version 3.0.Examples — Type the following command to

set log 765 Logging state (enabled or disabled)To override the session defaults for an individual session, type the set log command from within the s

766 CHAPTER 23: SYSTEM LOG COMMANDSIf you do not specify a local facility, MSS sends the messages with their default MSS facilities. For example, AAA

set log mark 767set log mark Configures MSS to generate mark messages at regular intervals. The mark messages indicate the current system time and dat

768 CHAPTER 23: SYSTEM LOG COMMANDS

24BOOT PROMPT COMMANDSBoot prompt commands enable you to perform basic tasks, including booting a system image file, from the boot prompt (boot>).

CLI Conventions 77 A vertical bar (|) separates mutually exclusive options within a list of possibilities. For example, you enter either enable or di

770 CHAPTER 24: BOOT PROMPT COMMANDSautoboot Displays or changes the state of the autoboot option. The autoboot option controls whether a WX switch au

boot 771boot Loads and executes a system image file. Syntax — boot [BT=type] [DEV=device] [FN=filename] [HA=ip-addr] [FL=num] [OPT=option] [OPT+=optio

772 CHAPTER 24: BOOT PROMPT COMMANDSUsage — If you use an optional parameter, the parameter setting overrides the setting of the same parameter in the

change 773change Changes parameters in the currently active boot profile. (For information about boot profiles, see display on page 778.)Syntax — chan

774 CHAPTER 24: BOOT PROMPT COMMANDSThe following command enters the configuration mode for the currently active boot profile and configures the WX sw

delete 775Usage — A WX switch can have up to four boot profiles. The boot profiles are stored in slots, numbered 0 through 3. When you create a new pr

776 CHAPTER 24: BOOT PROMPT COMMANDSUsage — When you type the delete command, the next-lower numbered boot profile becomes the active profile. For exa

diag 777Examples — The following command displays the current setting of the DHCP option:boot> dhcpDHCP is currently enabled.The following command

778 CHAPTER 24: BOOT PROMPT COMMANDSAccess — Boot prompt.History —Introduced in MSS Version 3.0.Usage — To display the system image software versions,

display 779A WX switch can have up to four boot profiles, numbered 0 through 3. Only one boot profile can be active at a time. You can create, change,

78 CHAPTER 1: USING THE COMMAND-LINE INTERFACEIP Address and MaskNotationMSS displays IP addresses in dotted decimal notation — for example, 192.168.1

780 CHAPTER 24: BOOT PROMPT COMMANDSSee Also change on page 773 create on page 774 delete on page 775 next on page 783fver Displays the version of

help 781Access — Boot prompt.History —Introduced in MSS Version 3.0.Usage — To display the image filenames, use the dir command. This command does not

782 CHAPTER 24: BOOT PROMPT COMMANDSExamples — The following command displays detailed information for the fver command:boot> help fver fver

next 783Examples — To display a list of the commands available at the boot prompt, type the following command:boot> lsls Display a list of all com

784 CHAPTER 24: BOOT PROMPT COMMANDSExamples — To activate the boot profile in the next slot and display the profile, type the following command:boot&

test 785 3Com WX-4400 Bootstrap/Bootloader Version 3.0.2 Release Compiled on Wed Sep 22 09:18:47 PDT 2004 by Bootstrap 0

786 CHAPTER 24: BOOT PROMPT COMMANDSExamples — The following command displays the current setting of the poweron test flag:boot> testThe diagnostic

AOBTAINING SUPPORT FOR YOUR 3COM PRODUCTS3Com offers product registration, case management, and repair services through eSupport.3com.com. You must ha

788 APPENDIX A: OBTAINING SUPPORT FOR YOUR 3COM PRODUCTSPurchase Extended Warranty and Professional ServicesTo enhance response times or extend your w

Contact Us 789Telephone TechnicalSupport and RepairTo obtain telephone support as part of your warranty and other service benefits, you must first reg

CLI Conventions 79Table 4 gives examples of user globs.MAC Address GlobsA media access control (MAC) address glob is a similar method for matching som

790 APPENDIX A: OBTAINING SUPPORT FOR YOUR 3COM PRODUCTSPakistan Call the U.S. direct by dialing 00 800 01001, then dialing 800 763 6780Sri Lanka Call

Contact Us 791US and Canada — Telephone Technical Support and RepairAll locations: Network Jacks; Wired or Wireless Network Interface Cards:All other

792 APPENDIX A: OBTAINING SUPPORT FOR YOUR 3COM PRODUCTS

INDEXAautoboot 770Bbackup 712boot 771Cchange 773clear accounting 261clear ap 118clear ap boot-configuration 358clear ap local-switching vlan-profile 3

794 INDEXclear sessions network 61, 663clear snmp community 191clear snmp notify profile 191clear snmp notify target 192clear snoop 748clear snoop map

INDEX 795display location policy 282display log buffer 760display log config 762display log trace 763display mac-user 51display mac-usergroup 53displa

796 INDEXNnext 783Pping 214Qquickstart 100quit 86Rradping 39reset 784reset ap 410reset port 135reset system 731restore 732rfdetect 47rfping 682rmdir 7

INDEX 797set igmp mrsol 576set igmp mrsol mrsi 576set igmp oqi 577set igmp proxy-report 578set igmp qi 579set igmp qri 580set igmp querier 581set igmp

798 INDEXset rfdetect attack-list 701set rfdetect black-list 702set rfdetect classification ad-hoc 45set rfdetect classification default 46set rfdetec

INDEX 799set trace authorization user 743set trace dot1x 744set trace dot1x mac-addr 744set trace dot1x port 744set trace dot1x user 744set trace sm 7

display vlan-profile 168set fdb 169set fdb agingtime 170set security L2-restrict 171set vlan name 172set vlan port 173set vlan tunnel-affinity 174set

80 CHAPTER 1: USING THE COMMAND-LINE INTERFACEVLAN GlobsA VLAN glob is a method for matching one of a set of local rules on an wireless LAN switch, kn

800 INDEX

Command-Line Editing 81 A hyphen-separated range of port numbers, with no spaces. For example:WX1200# reset port 1-3 Any combination of single numbe

82 CHAPTER 1: USING THE COMMAND-LINE INTERFACEHistory Buffer The history buffer stores the last 63 commands you entered during a terminal session. You

Using CLI Help 83Using CLI Help The CLI provides online help. To see the full range of commands available at your access level, type the help command.

84 CHAPTER 1: USING THE COMMAND-LINE INTERFACETo see all the variations, type one of the commands followed by a question mark (?). For example:WX1200#

2ACCESS COMMANDSThis chapter describes access commands used to control access to the Mobility Software System (MSS) command-line interface (CLI). Comm

86 CHAPTER 2: ACCESS COMMANDSenable Places the CLI session in enabled mode, which provides access to all commands required for configuring and monitor

set enablepass 87set enablepass Sets the password that provides enabled access (for configuration and monitoring) to the WX switch. Syntax — set enabl

88 CHAPTER 2: ACCESS COMMANDS

3SYSTEM SERVICE COMMANDSUse system services commands to configure and monitor system information for a WX switch.Commands by UsageThis chapter present

display interface 200display ip alias 201display ip dns 202display ip https 203display ip route 204display ip telnet 206display ntp 207display snmp co

90 CHAPTER 3: SYSTEM SERVICE COMMANDSclear banner motd Deletes the message-of-the-day (MOTD) banner that is displayed before the login prompt for each

clear history 91clear history Deletes the command history buffer for the current CLI session. Syntax — clear historyDefaults — None.Access — All.Histo

92 CHAPTER 3: SYSTEM SERVICE COMMANDSclear system Clears the system configuration of the specified information.CAUTION: If you change the IP address,

display banner motd 93display banner motdShows the banner that was configured with the set banner motd command.Syntax — display banner motdDefaults —

94 CHAPTER 3: SYSTEM SERVICE COMMANDSSee Also display boot on page 722 display config on page 723 display license on page 94 display system on pag

display load 95display load Displays CPU usage on a WX switch.Syntax — display loadDefaults — None.Access — Enabled.History — Introduced in MSS Versio

96 CHAPTER 3: SYSTEM SERVICE COMMANDSExamples — To show system information, type the following command:WX4400# display system=========================

display system 97System idle timeout Number of seconds MSS allows a CLI management session (console, Telnet, or SSH) to remain idle before terminating

98 CHAPTER 3: SYSTEM SERVICE COMMANDSSee Also clear system on page 92 set system contact on page 108 set system countrycode on page 109 set system

history 99crypto Crypto, use 'crypto help' for more informationdelete Delete urldir Show list of files on flash devicedisable Disable pri