802.11a/g/n wireless lan managed access point and 802.11a/b/g/n dual-radio managed access point and 802.11a/b/g/n dual-radio outdoor managed access point (27 pages)
Page 2
IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE. This is a Reference Guide for a series of products intended for people who want to configure the NWA/ WAC via Command Line Interface (CLI). Some commands or command options in this guide may not be available in your product.
Table of Contents Table of Contents Contents Overview ..........................3 Table of Contents ..........................4 Part I: Introduction ..................11 Chapter 1 Command Line Interface........................13 1.1 Overview ............................13 1.1.1 The Configuration File ......................13 1.2 Accessing the CLI ..........................13 1.2.1 Console Port ..........................14 1.2.2 Telnet ............................14 1.2.3 SSH (Secure SHell) .........................15 1.3 How to Find Commands in this Guide ....................15...
Page 5
Table of Contents 2.1 User And Privilege Modes .........................24 2.1.1 Debug Commands ........................25 Part II: Reference ..................... 27 Chapter 3 Object Reference ..........................29 3.1 Object Reference Commands ......................29 3.1.1 Object Reference Command Example ..................30 Chapter 4 Status ..............................31 Chapter 5 Interfaces.............................33 5.1 Interface Overview ..........................33 5.1.1 Types of Interfaces ........................33...
Page 6
Table of Contents 8.1 Wireless LAN Profiles Overview .......................50 8.2 AP Radio & Monitor Profile Commands ....................50 8.2.1 AP radio & Monitor Profile Commands Example ..............55 8.3 SSID Profile Commands ........................55 8.3.1 SSID Profile Example ......................57 8.4 Security Profile Commands .......................58 8.4.1 Security Profile Example ......................60 8.5 MAC Filter Profile Commands ......................61 8.5.1 MAC Filter Profile Example .....................61...
Page 7
Table of Contents 13.2 Certificate Commands ........................74 13.3 Certificates Commands Input Values ....................74 13.4 Certificates Commands Summary ....................75 13.5 Certificates Commands Examples ....................76 Chapter 14 System ..............................77 14.1 System Overview ..........................77 14.2 Host Name Commands ........................77 14.3 Time and Date ..........................77 14.3.1 Date/Time Commands ......................78 14.4 Console Port Speed ........................78 14.5 DNS Overview ..........................79...
Page 8
Table of Contents 16.2.3 aaa group server ad Commands ...................89 16.2.4 aaa group server ldap Commands ..................90 16.2.5 aaa group server radius Commands ..................92 16.2.6 aaa group server Command Example ...................93 Chapter 17 Authentication Objects........................94 17.1 Authentication Objects Overview ....................94 17.2 aaa authentication Commands .......................94 17.2.1 aaa authentication Command Example .................95 17.3 test aaa Command ..........................95...
Page 10
Table of Contents 26.3 Application Watchdog ........................132 26.3.1 Application Watchdog Commands Example ................132 List of Commands (Alphabetical)....................133 NWA/WAC Series CLI Reference Guide...
H A PT ER Command Line Interface This chapter describes how to access and use the CLI (Command Line Interface). 1.1 Overview If you have problems with your NWA/WAC, customer support may request that you issue some of these commands to assist them in troubleshooting. Use of undocumented commands or misconfiguration can damage the NWA/WAC and possibly render it unusable.
Chapter 1 Command Line Interface 1.2.1 Console Port The default settings for the console port are as follows. Table 1 Managing the NWA/WAC: Console Port SETTING VALUE Speed 115200 bps Data Bits Parity None Stop Bit Flow Control When you turn on your NWA/WAC, it performs several internal tests as well as line initialization. You can view the initialization information using the console port.
Chapter 1 Command Line Interface In Windows, click Start (usually in the bottom left corner) and Run. Then type and the telnet NWA/WAC’s IP address. For example, enter (the default management IP telnet 192.168.1.2 address). Click OK. A login screen displays. Enter the user name and password at the prompts. Note: The default login username is admin and password is 1234.
Chapter 1 Command Line Interface 1.4.1 Background Information Note: See the User’s Guide for background information about most features. This section provides background information about features that you cannot configure in the web configurator. In addition, this section identifies related commands in other chapters. 1.4.2 Command Input Values This section lists common input values for the commands for the feature in one or more tables 1.4.3 Command Summary...
Chapter 1 Command Line Interface 1.5 CLI Modes You run CLI commands in one of several modes. Table 2 CLI Modes USER PRIVILEGE CONFIGURATION SUB-COMMAND What User users • Look at (but not Unable to access Unable to access Unable to access run) available can do commands...
Chapter 1 Command Line Interface 1.6 Shortcuts and Help 1.6.1 List of Available Commands A list of valid commands can be found by typing at the command prompt. To view a list of [TAB] available commands within a command group, enter <command>...
Chapter 1 Command Line Interface 1.6.2 List of Sub-commands or Required User Input To view detailed help information for a command, enter <command> <sub command> ? Figure 6 Help: Sub-command Information Example Router(config)# ip telnet server ? <cr> port rule Router(config)# ip telnet server Figure 7 Help: Required User Input Example Router(config)# ip telnet server port ?
Chapter 1 Command Line Interface 1.6.6 Navigation Press to move the cursor to the beginning of the line. Press to move the cursor to [CTRL]+A [CTRL]+E the end of the line. 1.6.7 Erase Current Command Press to erase whatever you have currently typed at the prompt (before pressing [CTRL]+U [ENTER] 1.6.8 The no Commands...
Page 21
Chapter 1 Command Line Interface Table 3 Input-Value Formats for Strings in CLI Commands (continued) # VALUES LEGAL VALUES custom signature file 0-30 alphanumeric or _-. name first character: letter description Used in keyword criteria for log entries 1-64 alphanumeric, spaces, or '()+,/:=?;!*#@$_%-. Used in other commands 1-61 alphanumeric, spaces, or '()+,/:=?;!*#@$_%-...
Page 22
Chapter 1 Command Line Interface Table 3 Input-Value Formats for Strings in CLI Commands (continued) # VALUES LEGAL VALUES notification message 1-81 alphanumeric, spaces, or '()+,/:=?;!*#@$_%- password: less than 15 1-15 alphanumeric or `~!@#$%^&*()_\-+={}|\;:'<,>./ chars password: less than 8 alphanumeric or ;/?:@&=+$\.-_!~*'()%,#$ chars password Used in user and ip...
Chapter 1 Command Line Interface Table 3 Input-Value Formats for Strings in CLI Commands (continued) # VALUES LEGAL VALUES user name 1-31 alphanumeric or _- first character: letters or _- username 1-31 alphanumeric or _- first character: alphanumeric or _- domain authorization username 6-20...
H A PT ER User and Privilege Modes This chapter describes how to use these two modes. 2.1 User And Privilege Modes This is the mode you are in when you first log into the CLI. (Do not confuse ‘user mode’ with types of user accounts the NWA/WAC uses.
Chapter 2 User and Privilege Modes Table 4 User (U) and Privilege (P) Mode Commands (continued) COMMAND MODE DESCRIPTION Goes from privilege mode to user mode disable Goes from user mode to privilege mode enable Goes to a previous mode or logs out. exit Goes to htm (hardware test module) mode for testing hardware components.
Page 26
Chapter 2 User and Privilege Modes if there is a Linux equivalent, it is displayed in this chapter for your reference. You must know a command listed here well before you use it. Otherwise, it may cause undesired results. Table 5 Debug Commands COMMAND SYNTAX DESCRIPTION LINUX COMMAND EQUIVALENT...
H A PT ER Object Reference This chapter describes how to use object reference commands. 3.1 Object Reference Commands The object reference commands are used to see which configuration settings reference a specific object. You can use this table when you want to delete an object because you have to remove references to the object first.
Chapter 3 Object Reference 3.1.1 Object Reference Command Example This example shows the names of the WLAN profiles and which security profile each is set to use. Router(config)# show reference object aaa authentication default References: Category Rule Priority Rule Name Description =========================================================================== WLAN Profile SECURITY...
H A PT ER Status This chapter explains some commands you can use to display information about the NWA/WAC’s current operational state. Table 7 Status Show Commands COMMAND DESCRIPTION Displays details about the NWA/WAC’s startup state. show boot status Displays the CPU utilization. show cpu status Displays the disk utilization.
Page 32
Here are examples of the commands that display the system uptime and model, firmware, and build information. Router> show system uptime system uptime: 04:18:00 Router> show version ZyXEL Communications Corp. model : NWA3160-N firmware version: 2.23(UJA.0)b2 BM version : 1.13...
H A PT ER Interfaces This chapter shows you how to use interface-related commands. 5.1 Interface Overview In general, an interface has the following characteristics. • An interface is a logical entity through which (layer-3) packets pass. • An interface is bound to a physical port or another interface. •...
Chapter 5 Interfaces 5.2.1 Basic Interface Properties and IP Address Commands This table lists basic properties and IP address commands. Table 9 interface General Commands: Basic Properties and IP Address Assignment COMMAND DESCRIPTION When the NWA/WAC is in managed mode, this sets the AP’s capwap ap vlan vlan-id <1..4094>...
Page 35
Chapter 5 Interfaces Table 9 interface General Commands: Basic Properties and IP Address Assignment (continued) COMMAND DESCRIPTION Sets the interface’s priority relative to other interfaces. The [no] metric <0..15> lower the number, the higher the priority. Specifies the maximum segment size (MSS) the interface is [no] mss <536..1460>...
Chapter 5 Interfaces Table 9 interface General Commands: Basic Properties and IP Address Assignment (continued) COMMAND DESCRIPTION Sets the manager gateway address. The command manager ap vlan [no] ip gateway ip removes the gateway. Displays the connection status of the specified type of show interface {ethernet | vlan} status interfaces.
Chapter 5 Interfaces Note: In CLI, representative interfaces are also called representative ports. Table 10 Basic Interface Setting Commands COMMAND DESCRIPTION Removes the specified physical port from its current no port <1..x> representative interface and adds it to its default representative interface (for example, port x -->...
Chapter 5 Interfaces The following example shows LAN settings. Router(config)# show manager vlan Management Interface: VLAN ID: 100 VLAN Tag: untag IP Status: static IP Address: 192.168.1.2 Mask: 255.255.255.0 Gateway: 0.0.0.0 The following example shows each port’s type of cable connection. Router(config)# show port type Port Type ===========================================================================...
Page 39
Chapter 5 Interfaces The following table describes the commands available for VLAN interface managment. You must use command to enter the configuration mode before you can use these configure terminal commands. Table 12 Command Summary: VLAN Interface Profile COMMAND DESCRIPTION Enters configuration mode for the specified interface.
Chapter 5 Interfaces 5.4.1 VLAN Interface Examples This example sets an NWA/WAC in standalone mode to use VLAN ID 1 and send untagged packets. Router(config)# manager ap vlan vlan-id 1 untag Router(config)# This example sets an NWA/WAC in managed mode to use VLAN ID 1 and send untagged packets.. Router(config)# capwap ap vlan vlan-id 1 untag Router(config)# NWA/WAC Series CLI Reference Guide...
H A PT ER Users This chapter describes how to set up user accounts and user settings for the NWA/WAC. You can also set up rules that control when users have to log in to the NWA/WAC before the NWA/WAC routes traffic for them.
Chapter 6 Users 6.2.1 Username and User Commands The first table lists the commands for users. Table 15 username Commands Summary: Users COMMAND DESCRIPTION Displays information about the specified user or about all show username [username] users set up in the NWA/WAC. Creates the specified user (if necessary), disables the username username nopassword user-type {admin | password, and sets the user type for the specified user.
Chapter 6 Users 6.2.2 User Setting Commands This table lists the commands for user settings. Table 16 users Commands Summary: Settings COMMAND DESCRIPTION Displays the default lease and reauthentication times for show users default-setting {all | user-type {admin | the specified type of user accounts. limited-admin}} Sets the default lease time (in minutes) for each new user.
Chapter 6 Users 6.2.3 Additional User Commands This table lists additional commands for users. Table 17 users Commands Summary: Additional COMMAND DESCRIPTION Displays information about the users logged onto the show users {username | all | current} system. Displays users who are currently locked out. show lockout-users Unlocks the specified IP address.
H A PT ER AP Management This chapter shows you how to configure wireless AP management options on your NWA/WAC. 7.1 AP Management Overview The NWA/WAC allows you to remotely manage all of the Access Points (APs) on your network. You can manage a number of APs without having to configure them individually as the NWA/WAC automatically handles basic configuration for you.
Chapter 7 AP Management 7.2 AP Management Commands The following table identifies the values required for many of these commands. Other input values are discussed with the corresponding commands. Table 18 Input Values for General AP Management Commands LABEL DESCRIPTION The Ethernet MAC address of the managed AP.
Chapter 7 AP Management Table 19 Command Summary: AP Management (continued) COMMAND DESCRIPTION Displays the SSID, MAC address, VLAN ID and security mode for show wlan slot_name detail the specified radio. Displays statistics for the specified radio’s wireless traffic. show wlan slot_name list all sta Displays the channel number the NWA/WAC’s radio is using.
Chapter 7 AP Management Table 20 Command Summary: AP Client Commands (continued) COMMAND DESCRIPTION Sets the profile of DHCPv6 request settings that determine what capwap ap vlan [no] ipv6 dhcp6-request-object additional information to get from the DHCPv6 server. dhcp6_profile The no command removes the DHCPv6 request settings profile. Enables IPv6 stateless auto-configuration on the managed AP.
Page 49
Chapter 7 AP Management The following example shows you how to configure the interface of a managed AP, set the AP conntroller IP address and displays the related settings. Router# configure terminal Router(config)# show capwap_wtp ap discovery-type Discovery type : Broadcast Router(config)# capwap ap vlan ip address 192.168.1.37 255.255.255.0 Router(config)# capwap ap vlan ip gateway 192.168.1.32 Router(config)# capwap ap ac-ip 192.168.1.1 192.168.1.2...
H A PT ER Wireless LAN Profiles This chapter shows you how to configure wireless LAN profiles on your NWA/WAC. 8.1 Wireless LAN Profiles Overview The NWA/WACs are designed to work explicitly with your NWA/WACs. If you do not have on-board configuration files, you must create “profiles”...
Page 51
Chapter 8 Wireless LAN Profiles Table 21 Input Values for General Radio and Monitor Profile Commands (continued) LABEL DESCRIPTION Sets the radio interface index number. The range is 1 ~ 8. wlan_interface_index Sets the AP-WDS mode interface’s index number. The range is 1 ~ 8. wds_lan_interface_index The following table describes the commands available for radio and monitor profile managment.
Page 52
Chapter 8 Wireless LAN Profiles Table 22 Command Summary: Radio Profile (continued) COMMAND DESCRIPTION Activates MPDU frame aggregation for this profile. Use the no [no] amsdu parameter to disable it. Mac Service Data Unit (MSDU) aggregation collects Ethernet frames without any of their 802.11n headers and wraps the header-less payload in a single 802.11n MAC header.
Page 53
Chapter 8 Wireless LAN Profiles Table 22 Command Summary: Radio Profile (continued) COMMAND DESCRIPTION When enabled, this ensures that the NWA/WAC will not change dcs client-aware {enable|disable} channels as long as a client is connected to it. If disabled, the NWA/WAC may change channels regardless of whether it has clients connected to it or not.
Page 54
Chapter 8 Wireless LAN Profiles Table 22 Command Summary: Radio Profile (continued) COMMAND DESCRIPTION Sets the profile’s wireless LAN radio operating mode. role {ap} Use ap to have the radio function as an access point with one or more BSSIDs. When using the RSSI threshold, set a minimum client signal rssi-dbm <-20~-76>...
Chapter 8 Wireless LAN Profiles 8.2.1 AP radio & Monitor Profile Commands Example The following example shows you how to set up the radio profile named ‘RADIO01’, activate it, and configure it to use the following settings: • 2.4G band and 802.11ac wireless mode with channel 6 •...
Page 56
Chapter 8 Wireless LAN Profiles Table 23 Input Values for General SSID Profile Commands (continued) LABEL DESCRIPTION Sets the type of QoS the SSID should use. wlan_qos disable: Turns off QoS for this SSID. wmm: Turns on QoS for this SSID. It automatically assigns Access Categories to packets as the device inspects them in transit.
Chapter 8 Wireless LAN Profiles Table 24 Command Summary: SSID Profile (continued) COMMAND DESCRIPTION Prevents the SSID from being publicly broadcast. Use the no [no] hide parameter to re-enable public broadcast of the SSID in this profile. By default this is disabled. Assigns the specified layer-2 isolation profile to this SSID profile.
Chapter 8 Wireless LAN Profiles 8.4 Security Profile Commands The following table identifies the values required for many of these commands. Other input values are discussed with the corresponding commands. Table 25 Input Values for General Security Profile Commands LABEL DESCRIPTION The security profile name.
Page 59
Chapter 8 Wireless LAN Profiles Table 26 Command Summary: Security Profile (continued) COMMAND DESCRIPTION Data frames in 802.11 WLANs can be encrypted and [no] dot11w authenticated with WEP, WPA or WPA2. But 802.11 management frames, such as beacon/probe response, association request, association response, de-authentication and disassociation are always unauthenticated and unencrypted.
Chapter 8 Wireless LAN Profiles Table 26 Command Summary: Security Profile (continued) COMMAND DESCRIPTION Sets the server authentication IPv4 port and shared secret. server-auth <1..2> IPv4 port port secret secret Clears the server authentication setting. [no] server-auth <1..2> Sets the WEP encryption strength (64 or 128) and the default wep <64 | 128>...
Chapter 8 Wireless LAN Profiles 8.5 MAC Filter Profile Commands The following table identifies the values required for many of these commands. Other input values are discussed with the corresponding commands. Table 27 Input Values for General MAC Filter Profile Commands LABEL DESCRIPTION The MAC filter profile name.
Chapter 8 Wireless LAN Profiles 8.6 Layer-2 Isolation Profile Commands The following table identifies the values required for many of these commands. Other input values are discussed with the corresponding commands. Table 29 Input Values for General Layer-2 Isolation Profile Commands LABEL DESCRIPTION The layer-2 isolation profile name.
Chapter 8 Wireless LAN Profiles 8.7 WDS Profile Commands The following table identifies the values required for many of these commands. Other input values are discussed with the corresponding commands. Table 31 Input Values for General WDS Profile Commands LABEL DESCRIPTION The WDS profile name.
H A PT ER Rogue AP This chapter shows you how to set up Rogue Access Point (AP) detection and containment. 9.1 Rogue AP Detection Overview Rogue APs are wireless access points operating in a network’s coverage area that are not under the control of the network’s administrators, and can potentially open holes in the network security.
Chapter 9 Rogue AP Table 34 Command Summary: Rogue AP Detection (continued) COMMAND DESCRIPTION Sets the device that owns the specified MAC address as a rogue rogue-ap ap_mac description2 AP. You can also assign a description to this entry on the rogue AP list.
Chapter 9 Rogue AP This example shows the friendly AP detection list. Router(config)# show rogue-ap detection list friendly description =========================================================================== 11:11:11:11:11:11 third floor 00:13:49:11:22:33 00:13:49:00:00:05 00:13:49:00:00:01 00:0D:0B:CB:39:33 dept1 This example shows the combined rogue and friendly AP detection list. Router(config)# show rogue-ap detection list all role description ===========================================================================...
Chapter 9 Rogue AP 9.4 Rogue AP Containment Commands The following table identifies the values required for many of these commands. Other input values are discussed with the corresponding commands. Table 35 Input Values for Rogue AP Containment Commands LABEL DESCRIPTION Specifies the MAC address (in XX:XX:XX:XX:XX:XX format) of the AP to be ap_mac...
HAPTER Wireless Frame Capture This chapter shows you how to configure and use wireless frame capture on the NWA/WAC. 10.1 Wireless Frame Capture Overview Troubleshooting wireless LAN issues has always been a challenge. Wireless sniffer tools like Ethereal can help capture and decode packets of information, which can then be analyzed for debugging.
Chapter 10 Wireless Frame Capture The following table describes the commands available for wireless frame capture. You must use the command to enter the configuration mode before you can use these configure terminal commands. Table 38 Command Summary: Wireless Frame Capture COMMAND DESCRIPTION Enters sub-command mode for wireless frame capture.
HAPTER Dynamic Channel Selection This chapter shows you how to configure and use dynamic channel selection on the NWA/WAC. 11.1 DCS Overview Dynamic Channel Selection (DCS) is a feature that allows an AP to automatically select the radio channel upon which it broadcasts by passively listening to the area around it and determining what channels are currently being broadcast on by other devices.
HAPTER Wireless Load Balancing This chapter shows you how to configure wireless load balancing. 12.1 Wireless Load Balancing Overview Wireless load balancing is the process whereby you limit the number of connections allowed on an wireless access point (AP) or you limit the amount of wireless traffic transmitted and received on it. Because there is a hard upper limit on the AP’s wireless bandwidth, this can be a crucial function in areas crowded with wireless users.
Page 72
Chapter 12 Wireless Load Balancing Table 40 Command Summary: Load Balancing (continued) COMMAND DESCRIPTION Sets the load balancing alpha value. load-balancing alpha <1..255> When the AP is balanced, then this setting delays a client’s association with it by this number of seconds. Note: This parameter has been optimized for the NWA/WAC and should not be changed unless you have been specifically directed to do so by ZyXEL support.
Chapter 12 Wireless Load Balancing 12.2.1 Wireless Load Balancing Examples The following example shows you how to configure AP load balancing in "by station" mode. The maximum number of stations is set to 1. Router(config)# load-balancing mode station Router(config)# load-balancing max sta 1 Router(config)# show load-balancing config load balancing config: Activate: yes...
HAPTER Certificates This chapter explains how to use the certificates. 13.1 Certificates Overview The NWA/WAC can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner’s identity and public key.
Chapter 13 Certificates Table 41 Certificates Commands Input Values (continued) LABEL DESCRIPTION Identify the organizational unit or department to which the certificate owner organizational_unit belongs. You can use up to 31 characters. You can use alphanumeric characters, the hyphen and the underscore. Identify the company or group to which the certificate owner belongs.
HAPTER System This chapter provides information on the commands that correspond to what you can configure in the system screens. 14.1 System Overview Use these commands to configure general NWA/WAC information, the system time and the console port connection speed for a terminal emulation program. They also allow you to configure DNS settings and determine which services/protocols can access which NWA/WAC zones (if any) from which computers.
Chapter 14 System 14.3.1 Date/Time Commands The following table describes the commands available for date and time setup. You must use the command to enter the configuration mode before you can use these configure terminal commands. Table 44 Command Summary: Date/Time COMMAND DESCRIPTION Sets the new date in year, month and day format...
Chapter 14 System 14.5 DNS Overview DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a machine before you can access it. 14.5.1 DNS Commands The following table identifies the values required for many of these commands.
Chapter 14 System 14.5.2 DNS Command Example This command sets an A record that specifies the mapping of a fully qualified domain name (www.abc.com) to an IP address (210.17.2.13). Router# configure terminal Router(config)# ip dns server a-record www.abc.com 210.17.2.13 NWA/WAC Series CLI Reference Guide...
HAPTER System Remote Management This chapter shows you how to determine which services/protocols can access which NWA/WAC zones (if any) from which computers. Note: To allow the NWA/WAC to be accessed from a specified computer using a service, make sure you do not have a service control rule or to-NWA/WAC rule to block that traffic.
Chapter 15 System Remote Management Table 48 Command Summary: HTTP/HTTPS (continued) COMMAND DESCRIPTION Enables HTTPS access to the NWA/WAC web configurator. [no] ip http secure-server command disables HTTPS access to the NWA/ WAC web configurator. Sets the client to authenticate itself to the HTTPS server. [no] ip http secure-server auth-client command sets the client not to authenticate itself to the HTTPS server.
Chapter 15 System Remote Management 15.3 SSH Unlike Telnet or FTP, which transmit data in clear text, SSH (Secure Shell) is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication between two hosts over an unsecured network. 15.3.1 SSH Implementation on the NWA/WAC Your NWA/WAC supports SSH versions 1 and 2 using RSA authentication and four encryption methods (AES, 3DES, Archfour, and Blowfish).
Chapter 15 System Remote Management 15.4 Telnet You can configure your NWA/WAC for remote Telnet access. 15.5 Telnet Commands The following table describes the commands available for Telnet. You must use the configure command to enter the configuration mode before you can use these commands. terminal Table 50 Command Summary: Telnet COMMAND...
Chapter 15 System Remote Management 15.6.1 FTP Commands The following table describes the commands available for FTP. You must use the configure command to enter the configuration mode before you can use these commands. terminal Table 51 Command Summary: FTP COMMAND DESCRIPTION Allows FTP access to the NWA/WAC.
Chapter 15 System Remote Management 15.7.2 SNMP Traps The NWA/WAC will send traps to the SNMP manager when any one of the following events occurs: Table 52 SNMP Traps OBJECT LABEL OBJECT ID DESCRIPTION Cold Start 1.3.6.1.6.3.1.1.5.1 This trap is sent when the NWA/WAC is turned on or an agent restarts.
Page 87
Chapter 15 System Remote Management Table 53 Command Summary: SNMP (continued) COMMAND DESCRIPTION Sets the geographic location (of up to 60 characters) for [no] snmp-server location description the NWA/WAC. The command removes the geographic location for the NWA/WAC. Sets the SNMP service port number. The command [no] snmp-server port <1..65535>...
HAPTER AAA Server This chapter introduces and shows you how to configure the NWA/WAC to use external authentication servers. 16.1 AAA Server Overview You can use an AAA (Authentication, Authorization, Accounting) server to provide access control to your network. The following lists the types of authentication server the NWA/WAC supports. •...
Chapter 16 AAA Server Table 54 radius-server Commands (continued) COMMAND DESCRIPTION Sets a password (up to 15 alphanumeric characters) as the key [no] radius-server key secret to be shared between the RADIUS server and the NWA/WAC. command clears this setting. Sets the search timeout period (in seconds).
Chapter 16 AAA Server Table 55 aaa group server ad Commands (continued) COMMAND DESCRIPTION Sets the descriptive information for the AD server group. You [no] server description can use up to 60 printable ASCII characters. The command description clears the setting. Sets the name of the attribute that the NWA/WAC is to check [no] server group-attribute to determine to which group a user belongs.
Page 91
Chapter 16 AAA Server Table 56 aaa group server ldap Commands (continued) COMMAND DESCRIPTION Changes the descriptive name for an LDAP server group. aaa group server ldap rename group- name group-name Enter the sub-command mode. aaa group server ldap group-name Sets the second type of identifier that the users can use to log [no] server alternative-cn- in if any.
Chapter 16 AAA Server 16.2.5 aaa group server radius Commands The following table lists the commands you use to configure a group aaa group server radius of RADIUS servers. Table 57 aaa group server radius Commands COMMAND DESCRIPTION Deletes all RADIUS server groups or the specified RADIUS clear aaa group server radius group- server group.
Chapter 16 AAA Server 16.2.6 aaa group server Command Example The following example creates a RADIUS server group with two members and sets the secret key to “12345678” and the timeout to 100 seconds. Then this example also shows how to view the RADIUS group settings.
HAPTER Authentication Objects This chapter shows you how to select different authentication methods for user authentication using the AAA servers or the internal user database. 17.1 Authentication Objects Overview After you have created the AAA server objects, you can specify the authentication objects (containing the AAA server information) that the NWA/WAC uses to authenticate users (such as managing through HTTP/HTTPS or Captive Portal).
Chapter 17 Authentication Objects Table 58 aaa authentication Commands (continued) COMMAND DESCRIPTION Sets the default profile to use the authentication method(s) in the [no] aaa authentication default order specified. member1 [member2] [member3] [member4] = group radius, or local. member Note: You must specify at least one member for each profile. Each type of member can only be used once in a profile.
Chapter 17 Authentication Objects 17.3.1 Test a User Account Command Example The following example shows how to test whether a user account named userABC exists on the AD authentication server which uses the following settings: • IP address: 172.16.50.1 • Port: 389 •...
HAPTER File Manager This chapter covers how to work with the NWA/WAC’s firmware, certificates, configuration files, packet trace results, shell scripts and temporary files. 18.1 File Directories The NWA/WAC stores files in the following directories. Table 60 FTP File Transfer Notes FILE NAME DIRECTORY FILE TYPE...
Chapter 18 File Manager These files have the same syntax, which is also identical to the way you run CLI commands manually. An example is shown below. Figure 10 Configuration File / Shell Script: Example ## enter configuration mode configure terminal # change administrator password username admin password 4321 user-type admin #configure default radio profile, change 2GHz channel to 11 &...
Chapter 18 File Manager continues with the next line. If the NWA/WAC finds an error, it stops applying the configuration file or shell script and generates a log. You can change the way a configuration file or shell script is applied. Include setenv stop-on- in the configuration file or shell script.
Chapter 18 File Manager 18.3 File Manager Commands Input Values The following table explains the values you can input with the file manager commands. Table 62 File Manager Command Input Values LABEL DESCRIPTION The name of a file. Use up to 25 characters (including a-zA-Z0- file_name 9;‘~!@#$%^&()_+[]{}’,.=-).
Chapter 18 File Manager Table 63 File Manager Commands Summary (continued) COMMAND DESCRIPTION Removes a file. Specify the directory and file name of the file delete {/cert | /conf | /idp | /packet_trace | / that you want to delete. script | /tmp}/file_name Displays the list of files saved in the specified directory.
Chapter 18 File Manager Use “put” to transfer files from the computer to the NWA/WAC. For example: In the conf directory, use "put config.conf today.conf” to upload the configuration file (config.conf) to the NWA/WAC and rename it “today.conf”. "put 1.00(XL.0).bin” transfers the firmware (1.00(XL.0).bin) to the NWA/WAC. The firmware update can take up to five minutes.
Chapter 18 File Manager 18.6.4 Command Line FTP Configuration File Download Example The following example gets a configuration file named today.conf from the NWA/WAC and saves it on the computer as current.conf. Figure 12 FTP Configuration File Download Example C:\>ftp 192.168.1.1 Connected to 192.168.1.1.
Chapter 18 File Manager 18.8 Notification of a Damaged Recovery Image or Firmware The NWA/WAC’s recovery image and/or firmware could be damaged, for example by the power going off during a firmware upgrade. This section describes how the NWA/WAC notifies you of a damaged recovery image or firmware file.
Chapter 18 File Manager If “Connect a computer to port 1 and FTP to 192.168.1.1 to upload the new file” displays on the screen, the firmware file is damaged. Use the procedure in Section 18.10 on page 107 to restore it. If the message does not display, the firmware is OK and you do not need to use the firmware recovery procedure.
Page 106
Chapter 18 File Manager Note: You only need to use the atuk or atur command if the recovery image is damaged. Figure 18 atuk Command for Restoring the Recovery Image Enter Y and wait for the “Starting XMODEM upload” message before activating XMODEM upload on your terminal.
Chapter 18 File Manager Enter atgo. The NWA/WAC starts up. If “Connect a computer to port 1 and FTP to 192.168.1.1 to upload the new file” displays on the screen, the firmware file is damaged and you need to use the procedure in Section 18.10 on page 107 to recover the firmware.
Page 108
Chapter 18 File Manager Wait for the file transfer to complete. Figure 24 FTP Firmware Transfer Complete After the transfer is complete, “Firmware received” or “ZLD-current received” displays. Wait (up to four minutes) while the NWA/WAC recovers the firmware. Figure 25 Firmware Received and Recovery Started The console session displays “done”...
Page 109
Chapter 18 File Manager 10 The username prompt displays after the NWA/WAC starts up successfully. The firmware recovery process is now complete and the NWA/WAC is ready to use. Figure 27 Restart Complete NWA/WAC Series CLI Reference Guide...
HAPTER Logs This chapter provides information about the NWA/WAC’s logs. Note: When the system log reaches the maximum number of log messages, new log messages automatically overwrite existing log messages, starting with the oldest existing log message first. See the User’s Guide for the maximum number of system log messages in the NWA/WAC. 19.1 Log Commands Summary The following table describes the values required for many log commands.
Chapter 19 Logs 19.1.2.1 System Log Command Examples The following command displays the current status of the system log. Router# configure terminal Router(config)# show logging status system-log 18 events logged suppression active : yes suppression interval: 10 category settings user : normal , zysh : normal , built-in-service...
Chapter 19 Logs Table 68 logging Commands: Remote Syslog Server Settings (continued) COMMAND DESCRIPTION Sets the URL or IP address of the specified remote server. [no] logging syslog <1..4> address {ip | hostname} command clears this field. hostname: You may up to 63 alphanumeric characters, dashes (-), or periods (.), but the first character cannot be a period.
Chapter 19 Logs Table 69 logging Commands: E-mail Profile Settings (continued) COMMAND DESCRIPTION Sets the subject line when the NWA/WAC mails to the [no] logging mail <1..2> subject subject specified e-mail profile. The command clears this field. subject: You can use up to 60 alphanumeric characters, underscores (_), dashes (-), or !@#$%*()+=;:’,./ characters.
Page 115
Chapter 19 Logs Note: For the purposes of this device’s CLI, Access Points are referred to as WTPs. Table 71 logging Commands: Access Point Settings COMMAND DESCRIPTION Displays the system log for the specified AP. show wtp-logging status system-log [ap_mac] Displays only the specified log entries for the specified AP.
HAPTER Reports and Reboot This chapter provides information about the report associated commands and how to restart the NWA/WAC using commands. It also covers the daily report e-mail feature. 20.1 Report Commands Summary The following sections list the report and session commands. 20.1.1 Report Commands This table lists the commands for reports.
Chapter 20 Reports and Reboot 20.1.2 Report Command Examples The following commands start collecting data, display the traffic reports, and stop collecting data. Router# configure terminal Router(config)# show report lan ip No. IP Address User Amount Direction =================================================================== 192.168.1.4 admin 1273(bytes) Outgoing 192.168.1.4...
Page 118
Chapter 20 Reports and Reboot Table 74 Email Daily Report Commands (continued) COMMAND DESCRIPTION Configures the subject of the report e-mails. mail-subject set subject Clears the configured subject for the report e- no mail-subject set mails. Determines whether the system name will be [no] mail-subject append system-name appended to the subject of report mail.
Chapter 20 Reports and Reboot Table 74 Email Daily Report Commands (continued) COMMAND DESCRIPTION Encrypts the communications between the SMTP [no] smtp-tls activate mail server and the NWA/WAC. The no command disables communication encryption. Sets the time for sending out the report e-mails. schedule hour <0..23>...
Chapter 20 Reports and Reboot This displays the email daily report settings and has the NWA/WAC send the report now. Router(config)# show daily-report status email daily report status ========================= activate: no scheduled time: 00:00 reset counter: no smtp address: smtp port: 25 smtp auth: no smtp username: smtp password:...
HAPTER Session Timeout 21.1 Session Timeout Commands Use these commands to modify and display the session timeout values. You must use the configure terminal command before you can use these commands. Table 75 Session Timeout Commands COMMAND DESCRIPTION Sets the timeout for UDP sessions to connect or deliver and session timeout {udp-connect <1..300>...
HAPTER LEDs This chapter describes two features that controls the LEDs of your NWA/WAC - Locator and Suppression. 22.1 LED Suppression Mode The LED Suppression feature allows you to control how the LEDs of your NWA/WAC behave after it’s ready. The deafult LED suppression setting of your AP is different depending on your NWA/WAC model.
Chapter 22 LEDs 22.3 LED Locator The LED locator feature identifies the location of your WAC among several devices in the network. You can run this feature and set a timer. 22.4 LED Locator Commands Use these commands to run the LED locator feature. You must use the configure terminal command before you can use these commands.
HAPTER Antenna Switch This chapter shows you how to adjust coverage depending on the orientation of the antenna. 23.1 Antenna Switch Overview On the NWA/WAC that comes with internal antennas and also has an antenna switch, you can adjust coverage depending on the orientation of the antenna for the NWA/WAC radios using the web configurator, the command line interface (CLI) or a physical switch.
Chapter 23 Antenna Switch 23.2.1 Antenna Switch Commands Example The following example enables software control of the antenna switch and displays the settings. Router(config)# antenna sw-control enable Router(config)# show antenna status SW-Control: Enable Radio 1: Ceiling Radio 2: Ceiling Router(config)# NWA/WAC Series CLI Reference Guide...
HAPTER Diagnostics This chapter covers how to use the diagnostics feature. 24.1 Diagnostics Overview The diagnostics feature provides an easy way for you to generate a file containing the NWA/WAC’s configuration and diagnostic information. You may need to generate this file and send it to customer support during troubleshooting.
HAPTER Maintenance Tools Use the maintenance tool commands to check the conditions of other devices through the NWA/ WAC. The maintenance tools can help you to troubleshoot network problems. Here are maintenance tool commands that you can use in privilege mode. Table 80 Maintenance Tools Commands in Privilege Mode COMMAND DESCRIPTION...
Chapter 25 Maintenance Tools Table 80 Maintenance Tools Commands in Privilege Mode (continued) COMMAND DESCRIPTION Specifies text to add to the end of the file name (before the file-suffix <profile_name> dot and filename extension) to help you identify the packet capture files.
Page 130
Chapter 25 Maintenance Tools 25.0.1.1 Packet Capture Command Example The following examples show how to configure packet capture settings and perform a packet capture. First you have to check whether a packet capture is running. This example shows no other packet capture is running.
HAPTER Watchdog Timer This chapter provides information about the NWA/WAC’s watchdog timers. 26.1 Hardware Watchdog Timer The hardware watchdog has the system restart if the hardware fails. The hardware-watchdog-timer commands are for support engineers. It is recommended that you not modify the hardware watchdog timer settings.
Chapter 26 Watchdog Timer 26.3 Application Watchdog The application watchdog has the system restart a process that fails. These are the app-watchdog commands.Use the command to enter the configuration mode to be able to configure terminal use these commands. Table 84 app-watchdog Commands COMMAND DESCRIPTION Turns the application watchdog timer on or off.
List of Commands (Alphabetical) List of Commands (Alphabetical) This section lists the commands and sub-commands in alphabetical order. Commands and subcommands appear at the same level. [no] 2g-scan-channel wireless_channel_2g ..........54 [no] 5g-scan-channel wireless_channel_5g ..........54 [no] aaa authentication {profile-name} local ..........94 [no] aaa authentication default member1 [member2] [member3] [member4] ....95 [no] aaa authentication profile-name...
Page 134
List of Commands (Alphabetical) [no] htprotect ................53 [no] interface config_interface ............39 [no] interface interface_name ............34 [no] ip address addr netmask ............39 [no] ip address dhcp ..............34 [no] ip address dhcp [metric <0..15>] ...........39 [no] ip address ip subnet_mask ............34 [no] ip dns server a-record fqdn w.x.y.z ..........79 [no] ip dns server mx-record domain_name {w.x.y.z|fqdn} .........79...
Page 139
List of Commands (Alphabetical) ip dns server rule {<1..32>|append|insert <1..32>} access-group {ALL|profile_name} zone {ALL|profile_name} action {accept|deny} ...........79 ip dns server rule move <1..32> to <1..32> ..........79 ip dns server zone-forwarder {<1..32>|append|insert <1..32>} {domain_zone_name|*} user-defined w.x.y.z [private | interface {interface_name | auto}] ......79 ip dns server zone-forwarder move <1..32>...
Page 140
List of Commands (Alphabetical) no downstream ................39 no friendly-ap ap_mac ..............65 no ip dns server rule <1..32> ............79 no ip http secure-server cipher-suite {cipher_algorithm} ........82 no mail-subject set ..............118 no mtu ..................39 no packet-trace .................25 no port <1..x> ................37 no rogue-ap ap_mac ..............65 no smtp-address ................117...
Page 141
List of Commands (Alphabetical) | tcp-timewait <1..300> | udp-connect <1..300> | ucp-deliver <1..300> | icmp <1..300> } session timeout {udp-connect <1..300> | udp-deliver <1..300> | icmp <1..300>} ..121 setenv ..................25 setenv-startup stop-on-error off ............101 show ..................25 show aaa authentication {group-name|default} ..........94 show aaa group server ad group-name .............89...
Page 142
List of Commands (Alphabetical) show logging debug entries [priority pri] [category module_name] [srcip ip] [dstip ip] [service service_name] [begin <1..1024> end <1..1024>] [keyword keyword] ....112 show logging debug entries field field [begin <1..1024> end <1..1024>] ....112 show logging debug status ..............112 show logging entries [priority pri] [category module_name] [srcip ip] [dstip ip] [service service_name] [begin <1..1024>...
Page 143
List of Commands (Alphabetical) show wireless-hal wds info {all | downlink | uplink} ........47 show wireless-hal wds interface {all | downlink | uplink} .......47 show wireless-hal wds number ............47 show wlan all ................124 show wlan slot_name ..............46 show wlan slot_name detail ..............47 show wlan slot_name list all sta ............47...