Page 1: Command Reference
Wireless LAN Mobility System Wireless LAN Switch and Controller Command Reference WX4400 3CRWX440095A WX1200 3CRWX120695A WXR100 3CRWXR10095A WX2200 3CRWX220095A http://www.3Com.com/ Part No. 10015409 Rev. AA Published August 2006...
Page 2 3Com Corporation reserves the right to revise this documentation and to make changes in content from time 01752-3064 to time without obligation on the part of 3Com Corporation to provide notification of such revision or change. 3Com Corporation provides this documentation without warranty, term, or condition of any kind, either implied or expressed, including, but not limited to, the implied warranties, terms or conditions of merchantability, satisfactory quality, and fitness for a particular purpose.
Page 3: Table Of Contents
ONTENTS BOUT UIDE Conventions Documentation Documentation Comments SING THE OMMAND NTERFACE Overview CLI Conventions Command Prompts Syntax Notation Text Entry Conventions and Allowed Characters MAC Address Notation IP Address and Mask Notation User Globs, MAC Address Globs, and VLAN Globs Port Lists Virtual LAN Identification Command-Line Editing...
Page 4 YSTEM ERVICE OMMANDS Commands by Usage clear banner motd clear history clear prompt clear system display banner motd display base-information display license display load display system help history quickstart set auto-config set banner motd set confirm set length set license set prompt set system contact set system countrycode...
Page 5 display port counters display port-group display port mirror display port poe display port status display port media-type monitor port counters reset port set dap set port set port-group set port media-type set port mirror set port name set port negotiation set port poe set port speed set port trap...
Page 6 set security l2-restrict set vlan name set vlan port set vlan tunnel-affinity UALITY OF ERVICE OMMANDS Commands by Usage clear qos set qos cos-to-dscp-map set qos dscp-to-cos-map display qos display qos dscp-table IP S ERVICES OMMANDS Commands by Usage clear interface clear ip alias clear ip dns domain clear ip dns server...
Page 7 display ip route display ip telnet display ntp display snmp community display snmp counters display snmp notify profile display snmp notify target display snmp status display snmp usm display summertime display timedate display timezone ping set arp set arp agingtime set interface set interface dhcp-client set interface dhcp-server...
Page 8 SNMPv2c with Informs SNMPv2c with Traps SNMPv1 with Traps set snmp protocol set snmp security set snmp usm set summertime set system ip-address set timedate set timezone telnet traceroute AAA C OMMANDS Commands by Usage clear accounting clear authentication admin clear authentication console clear authentication dot1x clear authentication last-resort...
Page 9 display location policy display mobility-profile set accounting {admin | console} set accounting {dot1x | mac | web | last-resort} set authentication admin set authentication console set authentication dot1x set authentication last-resort set authentication mac set authentication proxy set authentication web set location policy set mac-user set mac-user attr...
Page 10 clear network-domain peer clear network-domain seed-ip display network-domain set network-domain mode member seed-ip set network-domain peer set network-domain mode seed domain-name ANAGED CCESS OINT OMMANDS MAP Access Point Commands by Usage clear {ap | dap} radio clear dap boot-configuration clear radio-profile clear service-profile display {ap | dap} config display {ap | dap} counters...
Page 11 set dap fingerprint set {ap | dap} group set {ap | dap} name set {ap | dap} radio antennatype set {ap | dap} radio auto-tune max-power set {ap | dap} radio auto-tune max-retransmissions set {ap | dap} radio channel set {ap | dap} radio auto-tune min-client-rate set {ap | dap} radio mode set {ap | dap} radio radio-profile set {ap | dap} radio tx-power...
Page 12 set service-profile auth-psk set service-profile beacon set service-profile cac-mode set service-profile cac-session set service-profile cipher-ccmp set service-profile cipher-tkip set service-profile cipher-wep40 set service-profile cipher-wep104 set service-profile cos set service-profile dhcp-restrict set service-profile idle-client-probing set service-profile long-retry-count set service-profile no-broadcast set service-profile proxy-arp set service-profile psk-phrase set service-profile psk-raw set service-profile rsn-ie...
Page 13 STP C OMMANDS STP Commands by Usage clear spantree portcost clear spantree portpri clear spantree portvlancost clear spantree portvlanpri clear spantree statistics display spantree display spantree backbonefast display spantree blockedports display spantree portfast display spantree portvlancost display spantree statistics display spantree uplinkfast set spantree set spantree backbonefast set spantree fwddelay...
Page 14 set igmp mrouter set igmp mrsol set igmp mrsol mrsi set igmp oqi set igmp proxy-report set igmp qi set igmp qri set igmp querier set igmp receiver set igmp rv ACL C ECURITY OMMANDS Security ACL Commands by Usage clear security acl clear security acl map commit security acl...
Page 15 display crypto certificate display crypto key ssh RADIUS ERVER ROUP OMMANDS Commands by Usage clear radius clear radius client system-ip clear radius proxy client clear radius proxy port clear radius server clear server group set radius set radius client system-ip set radius proxy client set radius proxy port set radius server...
Page 16 set dot1x reauth set dot1x reauth-max set dot1x reauth-period set dot1x timeout auth-server set dot1x timeout supplicant set dot1x tx-period set dot1x wep-rekey set dot1x wep-rekey-period ESSION ANAGEMENT OMMANDS Commands by Usage clear sessions clear sessions network display sessions display sessions network RF D ETECTION OMMANDS...
Page 17 set rf detect countermeasures set rfdetect countermeasures mac set rfdetect ignore set rfdetect log set rfdetect signature set rfdetect ssid-list set rfdetect vendor-list test rflink ANAGEMENT OMMANDS Commands by Usage backup clear boot backup-configuration clear boot config copy delete install soda agent display boot display config display version...
Page 18 display trace save trace set trace authentication set trace authorization set trace dot1x set trace sm NOOP OMMANDS Commands by Usage clear snoop clear snoop map set snoop set snoop map set snoop mode display snoop display snoop info display snoop map display snoop stats YSTEM OMMANDS...
Page 19 diag display fver help next reset test version BTAINING UPPORT FOR RODUCTS Register Your Product to Gain Service Benefits Solve Problems Online Purchase Extended Warranty and Professional Services Access Software Downloads Contact Us Telephone Technical Support and Repair NDEX...
Page 21: About
UIDE This command reference explains Mobility System Software (MSS™) command line interface (CLI) that you enter on a 3Com WXR100 or WX1200 Wireless Switch or WX4400 or WX2200 Wireless LAN Controller to configure and manage the Mobility System™ wireless LAN (WLAN).
Page 22: Documentation
BOUT UIDE This manual uses the following text and syntax conventions: Table 2 Text Conventions Convention Description Monospace text Sets off command syntax or sample commands and system responses. Bold text Highlights commands that you enter or items you select. Italic text Designates command variables that you replace with appropriate values, or highlights publication titles or words...
Page 23: Documentation Comments
This manual shows you how to plan, configure, deploy, and manage the entire WLAN with the 3WXM tool suite. Read this guide to learn how to plan wireless services, how to configure and deploy 3Com equipment to provide those services, and how to optimize and manage your WLAN.
Page 24 BOUT UIDE Please note that we can only respond to comments and questions about 3Com product documentation at this e-mail address. Questions related to Technical Support or sales should be directed in the first instance to your network supplier.
Page 25: Using The Command -Line Interface
Mobility System Software (MSS) operates a 3Com Mobility System wireless LAN (WLAN) consisting of 3Com Wireless Switch Manager (3WXM) software and 3Com Wireless LAN Switch or 3Com Wireless LAN Controller (WX switch) and 3Com Wireless LAN Managed Access Point (MAP) hardware. There is a command-line interface (CLI) on the WX switch that you can use to configure and manage the WX and its attached access points.
Page 26: Cli Conventions
1: U HAPTER SING THE OMMAND NTERFACE CLI Conventions Be aware of the following MSS CLI conventions for command entry: “Command Prompts” on page 26 “Syntax Notation” on page 26 “Text Entry Conventions and Allowed Characters” on page 27 “User Globs, MAC Address Globs, and VLAN Globs” on page 28 “Port Lists”...
Page 27: Text Entry Conventions And Allowed Characters
MAC addresses, virtual LAN (VLAN) names, and ports in a single command. 3Com recommends that you do not use the same name with different capitalizations for VLANs or access control lists (ACLs). For example, do not configure two separate VLANs with the names red and RED.
Page 28: Ip Address And Mask Notation
1: U HAPTER SING THE OMMAND NTERFACE IP Address and Mask MSS displays IP addresses in dotted decimal notation — for example, Notation 192.168.1.111. MSS makes use of both subnet masks and wildcard masks. Subnet Masks Unless otherwise noted, use classless interdomain routing (CIDR) format to express subnet masks —...
Page 29 CLI Conventions Table 3 gives examples of user globs. Table 3 User Globs User Glob User(s) Designated jose@example.com User jose at example.com *@example.com All users at example.com whose usernames do not contain periods — for example, jose@example.com and tamara@example.com, but not nin.wong@example.com, because nin.wong contains a period *@marketing.example.com...
Page 30: Port Lists
You can include a single port or multiple ports in one MSS CLI command by using the appropriate list format. The ports on a WX switch are numbered 1 through 4 (for the 3Com Wireless LAN Controller WX4400) and 1 through 8 (for the 3Com Wireless Lan Switch WX1200).
Page 31: Virtual Lan Identification
Command-Line Editing A hyphen-separated range of port numbers, with no spaces. For example: WX1200# reset port 1-3 Any combination of single numbers, lists, and ranges. Hyphens take precedence over commas. For example: WX1200# display port status 1-3,6 Virtual LAN The names of virtual LANs (VLANs), which are used in Mobility Domain ™...
Page 32: History Buffer
1: U HAPTER SING THE OMMAND NTERFACE Table 4 Keyboard Shortcuts (continued) Keyboard Shortcut(s) Function Ctrl+U or Ctrl+X Deletes characters from the cursor to the beginning of the command line. Ctrl+W Deletes the last word typed. Esc B Moves the cursor back one word. Esc D Deletes characters from the cursor forward to the end of the word.
Page 33: Using Cli Help
Using CLI Help Using CLI Help The CLI provides online help. To see the full range of commands available at your access level, type the help command. For example: WX1200# help Commands: ------------------------------------------------------------------------- clear Clear, use 'clear help' for more information commit Commit the content of the ACL table copy...
Page 34: Understanding Command Descriptions
Server Status Port ---------------------------------- Enabled Understanding Each command description in the 3Com Mobility System Software Command Command Reference contains the following elements: Descriptions A command name, which shows the keywords but not the variables. For example, the following command name appears at the top of a...
Page 35: Access Commands
CCESS OMMANDS This chapter describes access commands used to control access to the Mobility Software System (MSS) command-line interface (CLI). Commands by This chapter presents access services commands alphabetically. Use Usage Table 5 to located commands in this chapter based on their use. Table 5 Access Commands by Usage Type Command...
Page 36: Enable
2: A HAPTER CCESS OMMANDS enable Places the CLI session in enabled mode, which provides access to all commands required for configuring and monitoring the system. Syntax — enable Access — All. History — Introduced in MSS Version 3.0. Usage — MSS displays a password prompt to challenge you with the enable password.
Page 37: Set Enablepass
set enablepass set enablepass Sets the password that provides enabled access (for configuration and monitoring) to the WX switch. Syntax — set enablepass Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0. Usage — After typing the set enablepass command, press Enter. If you are entering the first enable password on this WX switch, press Enter at the Enter old password prompt.
Page 38 2: A HAPTER CCESS OMMANDS...
Page 39: System
YSTEM ERVICE OMMANDS Use system services commands to configure and monitor system information for a WX switch. Commands by This chapter presents system service commands alphabetically. Use Usage Table 6 to locate commands in this chapter based on their use. Table 6 System Services Commands by Usage Type Command...
Page 40: Clear Banner Motd
Access — Enabled. History — Introduced in MSS Version 3.0. Examples — To clear a banner, type the following command: WX4400# clear banner motd success: change accepted As an alternative to clearing the banner, you can overwrite the existing banner with an empty banner by typing the following command:...
Page 41: Clear History
Defaults — None. Access — All. History — Introduced in MSS Version 3.0. Examples — To clear the history buffer, type the following command: WX4400# clear history success: command buffer was flushed. See Also history on page 49 clear prompt Resets the system prompt to its previously configured value.
Page 42: Clear System
History — —Introduced in MSS Version 3.0. Option idle-timeout added in MSS Version 4.1. Examples — To clear the location of the WX switch, type the following command: WX4400# clear system location success: change accepted. See Also display config on page 623...
Page 43: Display Banner Motd
Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0. Usage — Enter this command before calling for Technical Support. See “Obtaining Support for Your 3Com Products” on page 687 for more information.
Page 44: Display License
Syntax — display license Defaults — None. Access — All. Examples — To view the WX switch license, type the following command: WX4400# display license Serial Number : M8XE4IBB8DB10 License Number : 245 License Key : WXL-076E-93E9-62DA-54D8 Activation key...
Page 45: Display Load
WX4400# display load System Load: overall: 2% delta: 5% The overall field shows the CPU load as a percentage from the time the WX switch was booted.
Page 46 3: S HAPTER YSTEM ERVICE OMMANDS Examples — To show system information, type the following command: WX4400# display system =============================================================================== Product Name: WX4400 System Name: WX-bldg3 System Countrycode: US System Location: first-floor-bldg3 System Contact: tamara@example.com System IP: 192.168.12.7 System idle timeout: 3600...
Page 47 display system Table 7 display system output (continued) Field Description System idle timeout Number of seconds MSS allows a CLI management session (console, Telnet, or SSH) to remain idle before terminating the session. (The system idle timeout can be configured using the set system idle-timeout command.) System MAC WX switch’s media access control (MAC) machine address...
Page 48: Help
To show a list of CLI commands available at the enabled access level, type the following command at the enabled access level: WX4400# help Commands: -------------------------------------------------------------------------...
Page 49: History
Defaults — None. Access — All. History — Introduced in MSS Version 3.0. Examples — To show the history of your session, type the following command: WX4400> history Show History (most recent first) -------------------------------- [00] display config [01] display version...
Page 50: Quickstart
3: S HAPTER YSTEM ERVICE OMMANDS See Also clear history on page 41 quickstart Runs a script that interactively helps you configure a new switch. (For more information, see the “CLI quickstart Command” section of the “WX Setup Methods” chapter in the Wireless LAN Switch and Controller Configuration Guide.)
Page 51 set auto-config When the 3WXM server in the corporate network receives the configuration request, the server looks in the currently open network plan for a switch configuration with the same model and serial number as the one in the configuration request. If the network plan contains a configuration with a matching model and serial number, 3WXM sends the configuration to the switch and restarts the switch.
Page 52: Set Banner Motd
3: S HAPTER YSTEM ERVICE OMMANDS Examples — The following commands stage a WX switch to use the auto-config option. The network where the switch is installed has a DHCP server, so the switch is configured to use the MSS DHCP client to obtain an IP address, default gateway address, DNS domain name, and DNS server IP addresses: 1 Configure a VLAN:...
Page 53: Set Confirm
Single quotation mark (') Examples — To create a banner that says Update meeting at 3 p.m., type the following command: WX4400# set banner motd ^Update meeting at 3 p.m.^ success: change accepted. See Also clear banner motd on page 40...
Page 54: Set Length
MSS displays a message requiring confirmation when you enter certain commands that can have a potentially large impact on the network. For example: WX4400# clear vlan red This may disrupt user connectivity. Do you wish to continue? (y/n) [n] Examples — To turn off these confirmation messages, type the...
Page 55: Set License
— Activation key, starting with WXA. You can enter activation-key the key with or without the hyphens. Defaults — The WX4400 can boot and manage 24 MAPs by default. Access — Enabled. History — Introduced in MSS Version 3.0. Usage — The license key is shipped with the switch. To obtain the activation key, access the 3Com web site.
Page 56: Set Prompt
History — Introduced in MSS Version 3.0. Usage — When you first log in for the initial configuration of the WX switch, the CLI provides a WX1200> or WX4400> prompt, depending on your model. After you become enabled by typing enable and giving a suitable password, the WX1200# or WX4400# prompt is displayed.
Page 57: Set System Contact
set system contact set system contact Stores a contact name for the WX switch. Syntax — set system contact string — Alphanumeric string up to 256 characters long, with no string blank spaces. Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0. To view the system contact string, type the display system command.
Page 58: Set System Countrycode
3: S HAPTER YSTEM ERVICE OMMANDS set system Defines the country-specific IEEE 802.11 regulations to enforce on the countrycode WX switch. Syntax — set system countrycode code — Two-letter code for the country of operation for the WX code switch. You can specify one of the codes listed in Table 8. Table 8 Country Codes Country Code...
Page 59 set system countrycode Table 8 Country Codes (continued) Country Code France Germany Greece Guatemala Honduras Hong Kong Hungary Iceland India Indonesia Ireland Israel Italy Jamaica Japan Jordan Kazakhstan Kenya Kuwait Latvia Lebanon Liechtenstein Lithuania Luxembourg Malaysia Malta Mauritius Mexico Morocco Namibia Netherlands New Zealand...
Page 60 3: S HAPTER YSTEM ERVICE OMMANDS Table 8 Country Codes (continued) Country Code Nigeria Norway Oman Pakistan Panama Paraguay Peru Philippines Poland Portugal Puerto Rico Romania Russia Saudi Arabia Serbia Singapore Slovakia Slovenia South Africa South Korea Spain Sri Lanka Sweden Switzerland Taiwan...
Page 61 set system countrycode Table 8 Country Codes (continued) Country Code United States Uruguay Venezuela Vietnam Defaults — The factory default country code is None. Access — Enabled. History — Introduced in MSS Version 3.0. Usage — You must set the system county code to a valid value before using any set ap commands to configure a MAP.
Page 62: Set System Idle-Timeout
3: S HAPTER YSTEM ERVICE OMMANDS set system Specifies the maximum number of seconds a CLI management session idle-timeout with the switch can remain idle before MSS terminates the session. Syntax — set system idle-timeout seconds — Number of seconds a CLI management session can remain seconds idle before MSS terminates the session.
Page 63: Set System Ip-Address
Access — Enabled. History — Introduced in MSS Version 3.0. Examples — The following command sets the IP address of the WX switch to 192.168.253.1: WX4400# set system ip-address 192.168.253.1 success: change accepted. See Also clear system on page 42...
Page 64: Set System Location
To view the system location string, type the display system command. Examples — To store the location of the WX switch in the WX’s configuration, type the following command: WX4400# set system location first-floor-bldg3 success: change accepted. See Also clear system on page 42...
Page 65: Set System Name
Defaults — By default, the system name and command prompt have the same value. The factory default for both is the model number (WX1200 for the 3Com Wireless LAN Switch WX1200, WX4400 for the 3Com Wireless LAN Controller WX4400). Access — Enabled.
Page 66 3: S HAPTER YSTEM ERVICE OMMANDS...
Page 67: Port Commands
OMMANDS Use port commands to configure and manage individual ports and load-sharing port groups. Commands by This chapter presents port commands alphabetically. Use Table 9 to Usage locate commands in this chapter based on their use. Table 9 Port Commands by Usage Type Command Port Type...
Page 68: Clear Dap
Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0. Examples — The following command clears Distributed MAP 1: WX4400# clear dap 1 This will clear specified DAP devices. Would you like to continue? (y/n) [n]y See Also...
Page 69: Clear Port Counters
Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0. Examples — The following command clears port group server1: WX4400# clear port-group name server1 success: change accepted. See Also set port-group on page 88 display port-group on page 74...
Page 70: Clear Port Media-Type
Access — Enabled. History — Introduced in MSS Version 4.0. Usage — This command applies only to the WX4400. This command does not affect a link that is already active on the port. Examples — The following command disables the copper interface and...
Page 71: Clear Port Mirror
See Also display port mirror on page 75 set port mirror on page 90 clear port Resets a gigabit Ethernet port on a WX4400 to use the GBIC (fiber) preference interface for the active link. Syntax — clear port preference port-list —...
Page 72: Clear Port Type
OMMANDS History — Introduced in MSS Version 3.0. Usage — This command applies only to the WX4400. This command does not affect a link that is already active on the port. Examples — The following command clears the preference set on port 2...
Page 73: Display Port Counters
display port counters Table 10 Network port defaults Port Parameter Setting VLAN membership None. Note: Although the command changes a port to a network port, the command does not place the port in any VLAN. To use the port in a VLAN, you must add the port to the VLAN.
Page 74: Display Port-Group
4: P HAPTER OMMANDS receive-etherstats — Shows Ethernet statistics for received packets. transmit-etherstats — Shows Ethernet statistics for transmitted packets. port port-list — List of physical ports. If you do not specify a port list, MSS shows statistics for all ports. Defaults —...
Page 75: Display Port Mirror
History — Introduced in MSS Version 4.2. Examples — The following command displays the port mirroring configuration on the switch: WX4400# display port mirror Port 1 is mirrored to port 2 If port mirroring is not configured, the message in the following example...
Page 76: Display Port Poe
4: P HAPTER OMMANDS See Also display port mirror on page 75 set port mirror on page 90 display port poe Displays status information for ports on which Power over Ethernet (PoE) is enabled. Syntax — display port poe [port-list] —...
Page 77: Display Port Status
display port status Table 12 Output for display port poe (continued) Field Description Link status Link status of the port: up—The port is connected. down—The port is not connected. Port type Port type: MAP —The port is a MAP access port. - (The port is not a MAP access port.) PoE config PoE state:...
Page 78 4: P HAPTER OMMANDS Examples — The following command displays information for all ports on a WX1200 switch: WX1200# display port status Port Name Admin Oper Config Actual Type Media =============================================================================== auto 100/full network 10/100BaseTx auto 100/full 10/100BaseTx auto 100/full network 10/100BaseTx down...
Page 79: Display Port Media-Type
93 set port type ap on page 95 set port type wired-auth on page 98 display port Displays the enabled interface types on a WX4400 switch’s gigabit media-type Ethernet ports. See Also — display port media-type [port-list] port-list —...
Page 80: Monitor Port Counters
4: P HAPTER OMMANDS Examples — The following command displays the enabled interface types on all four ports of a WX4400 switch: WX4400# display port media-type Port Media Type =========================================================== GBIC RJ45 GBIC GBIC Table 14 describes the fields in this display.
Page 81 monitor port counters transmit-etherstats — Displays Ethernet statistics for transmitted packets first. Defaults — All types of statistics are displayed for all ports. MSS refreshes the statistics every 5 seconds. This interval cannot be configured. Statistics types are displayed in the following order by default: Octets Packets...
Page 82 Examples — The following command starts the port statistics monitor beginning with octet statistics (the default): WX4400# monitor port counters As soon as you press Enter, MSS clears the window and displays statistics at the top of the window.
Page 83 monitor port counters Table 16 Output for monitor port counters (continued) Statistics Option Field Description packets Rx Unicast Number of unicast packets received. This number does not include packets that contain errors. Number of broadcast and multicast packets NonUnicast received. This number does not include packets that contain errors.
Page 84 4: P HAPTER OMMANDS Table 16 Output for monitor port counters (continued) Statistics Option Field Description collisions Single Coll Total number of frames transmitted that experienced one collision before 64 bytes of the frame were transmitted on the network. Multiple Coll Total number of frames transmitted that experienced more than one collision before 64 bytes of the frame were transmitted on the network.
Page 85: Reset Port
reset port reset port Resets a port by toggling its link state and Power over Ethernet (PoE) state. Syntax — reset port port-list — List of physical ports. MSS resets all the specified ports. port-list Defaults — None. Access — Enabled. History —...
Page 86 WX switch model: For a WX4400, you can specify a number from 1 to 256. For a WX1200, you can specify a number from 1 to 30. — MAP access point serial ID. The serial ID is serial-id serial-ID listed on the MAP case.
Page 87: Set Port
set port clear port type on page 72 set port type ap on page 95 set system countrycode on page 58 set port Administratively disables or reenables a port. Syntax — set port {enable | disable} port-list — Enables the specified ports. enable —...
Page 88: Set Port-Group
4: P HAPTER OMMANDS set port-group Configures a load-sharing port group. All ports in the group function as a single logical link. Syntax — set port-group name group-name port-list mode {on | off} — Alphanumeric string of up to 255 characters, name group-name with no spaces.
Page 89: Set Port Media-Type
Access — Enabled. History — Introduced in MSS Version 4.0. Usage — This command applies only to the WX4400. If you set the port interface to RJ-45 on a port that already has an active fiber link, MSS immediately changes the link to the copper interface.
Page 90: Set Port Mirror
VLAN or port group. Examples — The following command sets port 2 to monitor port 1’s traffic: WX4400# set port 1 observer 2 See Also clear port name on page 70 display port status on page 77...
Page 91: Set Port Name
History — Introduced in MSS Version 3.0. Usage — To simplify configuration and avoid confusion between a port’s number and its name, 3Com recommends that you do not use numbers as port names. Examples — The following command sets the name of port 7 to...
Page 92: Set Port Poe
CAUTION: When you set the port type for MAP use, you can enable PoE on the port. Use the WX switch’s PoE to power 3Com MAP access points only. If you enable PoE on ports connected to other devices, damage can result.
Page 93: Set Port Speed
set port speed Access — Enabled. History — Introduced in MSS Version 3.0. Usage — This command does not apply to any gigabit Ethernet ports or to ports 7 and 8 on the WX1200 switch. Examples — The following command disables PoE on ports 4 and 5, which are connected to a MAP access point: WX1200# set port poe 4,5 disable If you are enabling power on these ports, they must be connected only to approved...
Page 94: Set Port Trap
OMMANDS History — Introduced in MSS Version 3.0. Usage — 3Com recommends that you do not configure the mode of a WX port so that one side of the link is set to autonegotiation while the other side is set to full-duplex. Although MSS allows this configuration, it can result in slow throughput on the link.
Page 95: Set Port Type Ap
CAUTION: When you set the port type for MAP use, you must specify the PoE state (enable or disable) of the port. Use the WX switch’s PoE to power 3Com MAP access points only. If you enable PoE on a port connected to another device, physical damage to the device can result.
Page 96 4: P HAPTER OMMANDS This option does not apply to single-radio models. Defaults — All WX ports are network ports by default. MAP access point models AP2750, MAP-241, and MAP-341 have a single radio that can be configured for 802.11a or 802.11b/g. Other MAP models have two radios.
Page 97 set port type ap Table 17 MAP Access Port Defaults Port Parameter Setting VLAN membership Removed from all VLANs. You cannot assign a MAP access port to a VLAN. MSS automatically assigns MAP access ports to VLANs based on user traffic. Spanning Tree Protocol Not applicable (STP)
Page 98: Set Port Type Wired-Auth
4: P HAPTER OMMANDS The following command resets port 5 by clearing it: WX1200# clear port type 5 This may disrupt currently authenticated users. Are you sure? (y/n) [n]y success: change accepted. See Also clear dap on page 68 clear port type on page 72 set {ap | dap} radio antennatype on page 353 set dap on page 85 set port type wired-auth on page 98...
Page 99 set port type wired-auth Access — Enabled. History—Introduced in MSS Version 3.0. Option for WebAAA fallthru authentication type changed from web-auth to web-portal in MSS Version 4.0. Usage — You cannot set a port’s type if the port is a member of a port VLAN.
Page 100 4: P HAPTER OMMANDS For non-802.1X clients, who use MAC authentication, WebAAA, or last-resort authentication, wired authentication works if the clients are directly attached or indirectly attached. Examples — The following command sets port 2 for a wired authentication user: WX1200# set port type wired-auth 2 success: change accepted The following command sets port 7 for a wired authentication user and...
Page 101: Vlan C
VLAN C OMMANDS Use virtual LAN (VLAN) commands to configure and manage parameters for individual port VLANs on network ports, and to display information about clients roaming within a mobility domain. Commands by This chapter presents VLAN commands alphabetically. Use Table 19 to usage locate commands in this chapter based on their use.
Page 102: Clear Fdb
VLAN. A VLAN name or number is required for deleting permanent or static entries. Examples — The following command clears all static forwarding database entries that match VLAN blue: WX4400# clear fdb static vlan blue success: change accepted.
Page 103: Clear Security 12-Restrict
WX4400# clear fdb dynamic success: change accepted. The following command clears all dynamic forwarding database entries that match ports 3 and 5: WX4400# clear fdb port 3,5 success: change accepted. See Also display fdb on page 106 set fdb on page 117...
Page 104: Clear Security 12-Restrict Counters
Examples — The following command removes MAC address aa:bb:cc:dd:ee:ff from the list of addresses to which clients in VLAN abc_air are allowed to send traffic at Layer 2: WX4400# clear security 12-restrict vlan abc_air permit-mac aa:bb:cc:dd:ee:ff success: change accepted. See Also...
Page 105: Clear Vlan
VLAN, use the port port-list option. Examples — The following command removes port 1 from VLAN green: WX4400# clear vlan green port 1 This may disrupt user connectivity. Do you wish to continue? (y/n) [n]y success: change accepted.
Page 106: Display Fdb
5: VLAN C HAPTER OMMANDS The following command completely removes VLAN marigold: WX4400# clear vlan marigold This may disrupt user connectivity. Do you wish to continue? (y/n) [n]y success: change accepted. See Also set vlan port on page 121 display vlan config on page 115 display fdb Displays entries in the forwarding database.
Page 107 Examples — The following command displays all entries in the forwarding database: WX4400# display fdb all * = Static Entry. + = Permanent Entry. # = System Entry. VLAN TAG...
Page 108: Display Fdb Agingtime
5: VLAN C HAPTER OMMANDS Table 20 Output for display fdb (continued) Field Description Type of entry. The entry types are explained in the first row of the command output. Note: This Class of Service (CoS) value is not associated with MSS quality of service (QoS) features.
Page 109: Display Fdb Count
display fdb count See Also set fdb agingtime on page 118 display fdb count Lists the number of entries in the forwarding database. Syntax — display fdb count {perm | static | dynamic} [vlan vlan-id] — Lists the number of permanent entries. A permanent entry perm does not age out and remains in the database even after a reboot, reset, or power cycle.
Page 110: Display Roaming Station
MSS Version 4.1. Usage — The output displays roaming stations within the previous 1 second. Examples — To display all stations roaming to the WX switch, type the following command: WX4400# display roaming station User Name Station Address VLAN State...
Page 111 display roaming station Table 21 Output for display roaming station (continued) Field Description State State of the session: Setup — Station is attempting to roam to this WX switch. This switch has asked the WX from which the station is roaming for the station’s session information and is waiting for a reply.
Page 112: Display Roaming Vlan
Syntax — display roaming vlan Defaults — None. Access — Enabled. History —Introduced in MSS Version 3.0. Examples — The following command shows the current roaming VLANs: WX4400# display roaming vlan VLAN Affinity ---------------- --------------- -------- vlan-cs 192.168.14.2 vlan-eng 192.168.14.4 vlan-fin 192.168.14.2...
Page 113: Display Security 12-Restrict
display security 12-restrict display security Displays configuration information and statistics for Layer 2 forwarding 12-restrict restriction. Syntax — display security 12-restrict [vlan vlan-id | all] — VLAN name or number. vlan-id — Displays information for all VLANs. Defaults — If you do not specify a VLAN name or all, information is displayed for all VLANs.
Page 114: Display Tunnel
Access — Enabled History —Introduced in MSS Version 3.0. Examples — To display all tunnels from a WX switch to other WX switches in the Mobility Domain, type the following command. WX4400# display tunnel VLAN Local Address Remote Address State...
Page 115: Display Vlan Config
display vlan config Table 24 Output for display tunnel (continued) Field Description Remote Address IP address of the remote end of the tunnel. This is the system IP address of another WX switch in the mobility domain. State Tunnel state: Dormant Port Tunnel port ID.
Page 116: Set Vlan Tunnel-Affinity
5: VLAN C HAPTER OMMANDS Table 25 describes the fields in this display. Table 25 Output for display vlan config Field Description VLAN VLAN number. Name VLAN name. Admin Status Administrative status of the VLAN: Down — The VLAN is disabled. Up —...
Page 117: Set Fdb
WX1200# set fdb perm 00:11:22:aa:bb:cc port 3,5 vlan blue success: change accepted. The following command adds a static entry for MAC address 00:2b:3c:4d:5e:6f on port 1 in the default VLAN: WX4400# set fdb static 00:2b:3c:4d:5e:6f port 1 vlan default success: change accepted.
Page 118: Set Fdb Agingtime
History —Introduced in MSS Version 3.0. Examples — The following command changes the aging timeout period to 600 seconds for entries that match VLAN orange: WX4400# set fdb agingtime orange age 600 success: change accepted. See Also display fdb agingtime on page 108 set security Restricts Layer 2 forwarding between clients in the same VLAN.
Page 119 Examples — The following command restricts Layer 2 forwarding of client data in VLAN abc_air to the gateway routers with MAC address aa:bb:cc:dd:ee:ff and 11:22:33:44:55:66: WX4400# set security 12-restrict vlan abc_air mode enable permit-mac aa:bb:cc:dd:ee:ff 11:22:33:44:55:66 success: change accepted. See Also...
Page 120: Set Vlan Name
VLAN 1. 3Com also recommends that you do not rename the default VLAN. You cannot use a number as the first character in a VLAN name. 3Com recommends that you do not use the same name with different capitalizations for VLANs.
Page 121: Set Vlan Port
VLAN. If you do specify a tag value, the WX sends tagged frames only for the VLAN. If you do specify a tag value, 3Com recommends that you use the same value as the VLAN number. MSS does not require the VLAN number and tag value to be the same but some other switches do.
Page 122: Set Vlan Tunnel-Affinity
WX switches for the tunnel. Examples — The following command changes the VLAN affinity for VLAN beige to 10: WX4400# set vlan beige tunnel-affinity 10 success: change accepted. See Also display roaming vlan on page 112...
Page 123: Quality Of
UALITY OF ERVICE OMMANDS Use Quality of Service (QoS) commands to configure packet prioritization in MSS. Packet prioritization ensures that WX switches and MAP access points give preferential treatment to high-priority traffic such as voice and video. (To override the prioritization for specific traffic, use access controls lists [ACLs] to set the Class of Service [CoS] for the packets.
Page 124: Clear Qos
6: Q HAPTER UALITY OF ERVICE OMMANDS clear qos Resets the switch’s mapping of Differentiated Services Code Point (DSCP) values to internal QoS values. The switch’s internal QoS map ensures that prioritized traffic remains prioritized while transiting through the WX switch. A WX switch uses the QoS map to do the following: Classify inbound packets by mapping their DSCP values to one of eight internal QoS values...
Page 125: Set Qos Cos-To-Dscp-Map
set qos cos-to-dscp-map set qos Changes the value to which MSS maps an internal QoS value when cos-to-dscp-map marking outbound packets. Syntax — set qos cos-to-dscp-map level dscp dscp-value — Internal CoS value. You can specify a number from 0 to 7. level —...
Page 126: Set Qos Dscp-To-Cos-Map
6: Q HAPTER UALITY OF ERVICE OMMANDS set qos Changes the internal QoS value to which MSS maps a packet’s DSCP dscp-to-cos-map value when classifying inbound packets. Syntax — set qos dscp-to-cos-map dscp-range cos level — You can specify the values as decimal numbers. Valid dscp-range decimal values are 0 to 63.
Page 127: Display Qos
display qos display qos Displays the switch’s QoS settings. Syntax — display qos [default] — Displays the default mappings. default Defaults — None. Access — Enabled. History —Introduced in MSS Version 4.1. Examples — The following command displays the default QoS settings: WX1200# display qos default Ingress QoS Classification Map (dscp-to-cos) Ingress DSCP...
Page 128: Display Qos Dscp-Table
6: Q HAPTER UALITY OF ERVICE OMMANDS display qos Displays a table that maps Differentiated Services Code Point (DSCP) dscp-table values to their equivalent combinations of IP precedence values and IP ToS values. Syntax — display qos dscp-table Defaults — None. Access —...
Page 129: Ip Services
IP S ERVICES OMMANDS Use IP services commands to configure and manage IP interfaces, management services, the Domain Name Service (DNS), Network Time Protocol (NTP), and aliases, and to ping a host or trace a route. Commands by This chapter presents IP services commands alphabetically. Use Table 27 Usage to locate the commands in this chapter based on their use.
Page 130 7: IP S HAPTER ERVICES OMMANDS Table 27 IP Services Commands by Usage (continued) Type Command HTTPS Management set ip https server on page 171 display ip https on page 149 set ip dns on page 168 set ip dns domain on page 169 set ip dns server on page 170 display ip dns on page 148 clear ip dns domain on page 133...
Page 131: Clear Interface
clear interface Table 27 IP Services Commands by Usage (continued) Type Command set snmp notify profile on page 181 set snmp notify target on page 185 set ip snmp server on page 173 display snmp status on page 157 display snmp community on page 155 display snmp usm on page 158 display snmp notify profile on page 156 display snmp notify target on page 156...
Page 132: Clear Ip Alias
7: IP S HAPTER ERVICES OMMANDS Topology reporting for dual-homed MAP access points Default source IP address used in unsolicited communications such as AAA accounting reports and SNMP traps Examples — The following command removes the IP interface configured on VLAN mauve: WX1200# clear interface mauve ip success: cleared ip on vlan mauve See Also...
Page 133: Clear Ip Dns Domain
— IP address of a DNS server. ip-addr Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0. Examples — The following command removes DNS server 10.10.10.69 from a WX switch’s configuration: WX4400# clear ip dns server 10.10.10.69 success: change accepted.
Page 134: Clear Ip Route
7: IP S HAPTER ERVICES OMMANDS See Also clear ip dns domain on page 133 display ip dns on page 148 set ip dns on page 168 set ip dns domain on page 169 set ip dns server on page 170 clear ip route Removes a route from the IP route table.
Page 135: Clear Ip Telnet
Access — Enabled. History — Introduced in MSS Version 3.0. Examples — The following command resets the TCP port number for Telnet management traffic to its default: WX4400# clear ip telnet success: change accepted. See Also display ip https on page 149...
Page 136: Clear Ntp Update-Interval
HAPTER ERVICES OMMANDS Examples — The following command removes NTP server 192.168.40.240 from a WX switch configuration: WX4400# clear ntp server 192.168.40.240 success: change accepted. See Also clear ntp update-interval on page 136 display ntp on page 153 set ntp on page 177...
Page 137: Clear Snmp Community
clear snmp community clear snmp Clears an SNMP community string. community Syntax — clear snmp community name comm-string — Name of the SNMP community you want to clear. comm-string Defaults — None. Access — Enabled. History —Introduced in MSS Version 4.0. Examples —...
Page 138: Clear Snmp Notify Target
7: IP S HAPTER ERVICES OMMANDS See Also set snmp notify profile on page 181 display snmp notify profile on page 156 clear snmp notify Clears an SNMP notification target. target Syntax — clear snmp notify target target-num — ID of the target. target-num Defaults —...
Page 139: Clear Summertime
clear summertime Examples — The following command clears SNMPv3 user snmpmgr1: WX1200# clear snmp usm snmpmgr1 success: change accepted. See Also set snmp usm on page 192 display snmp usm on page 158 clear summertime Clears the summertime setting from a wireless LAN switch. Syntax —...
Page 140: Clear System Ip-Address
7: IP S HAPTER ERVICES OMMANDS clear system Clears the system IP address. ip-address CAUTION: Clearing the system IP address disrupts the system tasks that use the address. Syntax — clear system ip-address Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0. Usage —...
Page 141: Display Arp
History — Introduced in MSS Version 3.0. Examples — To return the WX switch’s real-time clock to UTC, type the following command: WX4400# clear timezone success: change accepted. See Also clear summertime on page 139 set summertime on page 195...
Page 142: Display Dhcp-Client
7: IP S HAPTER ERVICES OMMANDS Table 28 describes the fields in this display. Table 28 Output for display arp Field Description ARP aging time Number of seconds a dynamic entry can remain unused before MSS removes the entry from the ARP table. Host IP address, hostname, or alias.
Page 143 display dhcp-client Examples — The following command displays DHCP client information: WX1200# display dhcp-client Interface: corpvlan(4) Configuration Status: Enabled DHCP State: IF_UP Lease Allocation: 65535 seconds Lease Remaining: 65532 seconds IP Address: 10.3.1.110 Subnet Mask: 255.255.255.0 Default Gateway: 10.3.1.1 DHCP Server: 10.3.1.4 DNS Servers: 10.3.1.29...
Page 144: Display Dhcp-Server
7: IP S HAPTER ERVICES OMMANDS display dhcp-server Displays MSS DHCP server information. Syntax — display dhcp-server [interface vlan-id] [verbose] — Displays the IP addresses leased by the interface vlan-id specified VLAN. — Displays configuration and status information for the MSS verbose DHCP server.
Page 145 display dhcp-server Default Gateway: 10.10.20.1 DNS Servers: 10.10.20.4 10.10.20.5 DNS Domain Name: mycorp.com Table 30 and Table 31 describe the fields in these displays. Table 30 Output for display dhcp-server Field Description VLAN VLAN number Name VLAN name Address IP address leased by the server. MAC Address MAC address of the device that holds the least for the address.
Page 146: Display Interface
Usage — All. History —Introduced in MSS Version 3.0. Examples — The following command displays all the IP interfaces configured on a WX switch: WX4400# display interface VLAN Name Address Mask Enabled State ---- --------------- --------------- --------------- ------- ----- ------- 1 default 10.10.10.10...
Page 147: Display Ip Alias
Defaults — If you do not specify an alias name, all aliases are displayed. Access — Enabled. History —Introduced in MSS Version 3.0. Examples — The following command displays all the aliases configured on a WX switch: WX4400# display ip alias Name IP Address -------------------- -------------------- 192.168.1.2...
Page 148: Display Ip Dns
Syntax — display ip dns Defaults — None. Access — All. History —Introduced in MSS Version 3.0. Examples — The following command displays the DNS information: WX4400# display ip dns Domain Name: example.com DNS Status: enabled IP Address Type ----------------------------------- 10.1.1.1...
Page 149: Display Ip Https
History —Introduced in MSS Version 3.0. Examples — The following command shows the status and port number for the HTTPS management interface to the WX switch: WX4400# display ip https HTTPS is enabled HTTPS is set to use port 443...
Page 150: Display Ip Route
7: IP S HAPTER ERVICES OMMANDS Table 35 Output for display ip https Field Description HTTPS is State of the HTTPS server: enabled/disabled Enabled Disabled HTTPS is set to use port TCP port number on which the WX switch listens for HTTPS connections.
Page 151 VLAN’s ports. Examples — The following command shows all routes in a WX switch’s IP route table: WX4400# display ip route Router table for IPv4 Destination/Mask Proto...
Page 152: Display Ip Telnet
7: IP S HAPTER ERVICES OMMANDS Table 36 Output of display ip route (continued) Field Description NH-Type Next-hop type: Local — Route is for a local interface. MSS adds the route when you configure an IP address on the WX switch. Direct —...
Page 153: Display Ntp
Examples — The following command shows the status and port number for the Telnet management interface to the WX switch: WX4400> display ip telnet Server Status Port ---------------------------------- Enabled Table 37 describes the fields in this display. Table 37 Output for display ip telnet...
Page 154 ERVICES OMMANDS Examples — To display NTP information for a WX switch, type the following command: WX4400> display ntp NTP client: enabled Current update-interval: 20(secs) Current time: Fri Feb 06 2004, 12:02:57 Timezone is set to 'PST', offset from UTC is -8:0 hours.
Page 155: Display Snmp Community
display snmp community Table 38 Output for display ntp (continued) Field Description Peer state State of the NTP session from the point of view of the NTP server: CORRECT REJECT SELCAND SYNCCAND SYSPEER Local state State of the NTP session from the point of view of the WX switch’s NTP client: INITED START...
Page 156: Display Snmp Counters
7: IP S HAPTER ERVICES OMMANDS See Also clear snmp community on page 137 set snmp community on page 179 display snmp Displays SNMP statistics counters. counters Syntax — display snmp counters Defaults — None. Access — Enabled. History —Introduced in MSS Version 4.0. display snmp notify Displays SNMP notification profiles.
Page 157: Display Snmp Status
display snmp status See Also clear snmp notify target on page 138 set snmp notify target on page 185 display snmp status Displays SNMP version and status information. Syntax — display snmp status Defaults — None. Access — Enabled. History —Introduced in MSS Version 4.0. See Also set snmp community on page 179 set snmp notify target on page 185...
Page 158: Display Snmp Usm
7: IP S HAPTER ERVICES OMMANDS display snmp usm Displays information about SNMPv3 users. Defaults — None. Access — Enabled. History —Introduced in MSS Version 4.0. See Also clear snmp usm on page 138 display snmp usm on page 158 display Shows a wireless LAN switch’s offset from its real-time clock.
Page 159: Display Timedate
display timedate set timedate on page 197 set timezone on page 198 display timedate Shows the date and time of day currently set on a wireless LAN switch’s real-time clock. Syntax — display timedate Defaults — None. Access — All. History —Introduced in MSS Version 3.0.
Page 160: Ping
HAPTER ERVICES OMMANDS Examples — To display the offset from UTC, type the following command: WX4400# display timezone Timezone set to 'pst', offset from UTC is -8 hours See Also clear summertime on page 139 clear timezone on page 140...
Page 161 ping Because the WX switch adds header information, the ICMP packet size is 8 bytes larger than the size you specify. source-ip ip-addr — IP address, in dotted decimal notation, to use as the source IP address in the ping packets. —...
Page 162: Set Arp
7: IP S HAPTER ERVICES OMMANDS set arp Adds an ARP entry to the ARP table. Syntax — set arp {permanent | static | dynamic } ip-addr mac-addr — Adds a permanent entry. A permanent entry does not permanent age out and remains in the database even after a reboot, reset, or power cycle.
Page 163: Set Arp Agingtime
set arp agingtime set arp agingtime Changes the aging timeout for dynamic ARP entries. Syntax — set arp agingtime seconds — Number of seconds an entry can remain unused before seconds MSS removes the entry. You can specify from 0 through 1,000,000. To disable aging, specify 0.
Page 164: Set Interface
7: IP S HAPTER ERVICES OMMANDS set interface Configures an IP interface on a VLAN. Syntax — set interface vlan-id {ip-addr mask | ip-addr/mask-length} — VLAN name or number. vlan-id — IP address and subnet mask in dotted decimal ip-addr mask notation (for example, 10.10.10.10 255.255.255.0).
Page 165: Set Interface Dhcp-Client
set interface dhcp-client See Also clear interface on page 131 display interface on page 146 set interface dhcp-client on page 165 set interface Configures the DHCP client on a VLAN, to allow the VLAN to obtain its IP dhcp-client interface from a DHCP server. Syntax —...
Page 166: Set Interface Dhcp-Server
Use of the MSS DHCP server to allocate client addresses is intended for temporary, demonstration deployments and not for production networks. 3Com recommends that you do not use the MSS DHCP server to allocate client addresses in a production network.
Page 167: Set Interface Status
Access — Enabled. History— Introduced in MSS Version 3.0. Examples — The following command disables the IP interface on VLAN mauve: WX4400# set interface mauve status down success: set interface mauve to down See Also clear interface on page 131...
Page 168: Set Ip Alias
Access — Enabled. History— Introduced in MSS Version 3.0. Examples — The following command configures the alias HR1 for IP address 192.168.1.2: WX4400# set ip alias HR1 192.168.1.2 success: change accepted. See Also clear ip alias on page 132 display ip alias on page 147 set ip dns Enables or disables DNS on a wireless LAN switch.
Page 169: Set Ip Dns Domain
set ip dns domain See Also clear ip dns domain on page 133 clear ip dns server on page 133 display ip dns on page 148 set ip dns domain on page 169 set ip dns server on page 170 set ip dns domain Configures a default domain name for DNS queries.
Page 170: Set Ip Dns Server
7: IP S HAPTER ERVICES OMMANDS set ip dns server Specifies a DNS server to use for resolving hostnames you enter in CLI commands. Syntax — set ip dns server ip-addr {primary | secondary} — IP address of a DNS server, in dotted decimal or CIDR ip-addr notation.
Page 171: Set Ip Https Server
set ip https server set ip https server Enables the HTTPS server on a wireless LAN switch. The HTTPS server is required for Web Manager access to the switch. CAUTION: If you disable the HTTPS server, Web Manager access to the WX switch is also disabled.
Page 172 7: IP S HAPTER ERVICES OMMANDS — IP address and subnet mask for the route ip-addr mask destination, in dotted decimal notation (for example, 10.10.10.10 255.255.255.0). — IP address and subnet mask length in CIDR ip-addr/mask-length format (for example, 10.10.10.10/24). gateway —...
Page 173: Set Ip Snmp Server
The following command adds an explicit route from a WX switch to any host on the 192.168.4.x subnet through the local router 10.5.4.2, and gives the route a cost of 1: WX4400# set ip route 192.168.4.0 255.255.255.0 10.5.4.2 1 success: change accepted. The following command adds another explicit route, using CIDR notation to specify the subnet mask: WX4400# set ip route 192.168.5.0/24 10.5.5.2 1...
Page 174: Set Ip Ssh
ERVICES OMMANDS History — Introduced in MSS Version 3.0. Examples — The following command enables the SNMP server on a WX switch: WX4400# set ip snmp server enable success: change accepted. See Also set port trap on page 94 set snmp community on page 179...
Page 175: Set Ip Ssh Server
set ip ssh server set ip ssh server Disables or reenables the SSH server on a wireless LAN switch. CAUTION: If you disable the SSH server, SSH access to the WX switch is also disabled. Syntax — set ip ssh server {enable | disable} —...
Page 176: Set Ip Telnet Server
Telnet or SSH sessions, in any combination, and one console session. Examples — The following command enables the Telnet server on a WX switch: WX4400# set ip telnet server enable success: change accepted. See Also clear ip telnet on page 135...
Page 177: Set Ntp
Usage — If NTP is configured on a system whose current time differs from the NTP server time by more than 10 minutes, convergence of the WX time can take many NTP update intervals. 3Com recommends that you set the time manually to the NTP server time before enabling NTP to avoid a significant delay in convergence.
Page 178: Set Ntp Server
To use NTP, you also must enable the NTP client with the set ntp command. Examples — The following command configures a WX switch to use NTP server 192.168.1.5: WX4400# set ntp server 192.168.1.5 See Also clear ntp server on page 135 clear ntp update-interval on page 136...
Page 179: Set Ntp Update-Interval
Access — Enabled. History —Introduced in MSS Version 3.0. Examples — The following command changes the NTP update interval to 128 seconds: WX4400# set ntp update-interval 128 success: change accepted. See Also clear ntp server on page 135 clear ntp update-interval on page 136...
Page 180 4.0. Usage — SNMP community strings are passed as clear text in SNMPv1 and SNMPv2c. 3Com recommends that you use strings that cannot easily be guessed by unauthorized users. For example, do not use the well-known strings public and private.
Page 181: Set Snmp Notify Profile
set snmp notify profile set ip snmp server on page 173 set snmp notify target on page 185 set snmp notify profile on page 181 set snmp protocol on page 190 set snmp security on page 191 set snmp usm on page 192 display snmp community on page 155 set snmp notify Configures an SNMP notification profile.
Page 182 7: IP S HAPTER ERVICES OMMANDS AutoTuneRadioPowerChangeTraps—Generated when the RF Auto-Tuning feature changes the power setting on a radio. ClientAssociationFailureTraps—Generated when a client’s attempt to associate with a radio fails. ClientAuthorizationSuccessTraps—Generated when a client is successfully authorized. ClientAuthenticationFailureTraps—Generated when authentication fails for a client. ClientAuthorizationFailureTraps—Generated when authorization fails for a client.
Page 183 set snmp notify profile MobilityDomainTimeoutTraps—Generated when a timeout occurs after a WX switch has unsuccessfully tried to communicate with a seed member. PoEFailTraps—Generated when a serious PoE problem, such as a short circuit, occurs. RFDetectAdhocUserTraps—Generated when MSS detects an ad-hoc user. RFDetectRogueAPTraps—Generated when MSS detects a rogue access point.
Page 184 7: IP S HAPTER ERVICES OMMANDS Defaults — A default notification profile (named default) is already configured in MSS. All notifications in the default profile are dropped by default. Access — Enabled. History — Introduced in MSS Version 4.0. Examples — The following command changes the action in the default notification profile from drop to send for all notification types: WX1200# set snmp notify profile default send all success: change accepted.
Page 185: Set Snmp Notify Target
set snmp notify target WX1200# set snmp notify profile snmpprof_rfdetect send RFDetectSpoofedSsidAPTraps success: change accepted. WX1200# set snmp notify profile snmpprof_rfdetect send RFDetectUnAuthorizedAPTraps success: change accepted. WX1200# set snmp notify profile snmpprof_rfdetect send RFDetectUnAuthorizedOuiTraps success: change accepted. WX1200# set snmp notify profile snmpprof_rfdetect send RFDetectUnAuthorizedSsidTraps success: change accepted.
Page 186 7: IP S HAPTER ERVICES OMMANDS [profile profile-name] [security {unsecured | authenticated | encrypted}] [retries num] [timeout num] — ID for the target. This ID is local to the WX switch and target-num does not need to correspond to a value on the target itself. You can specify a number from 1 to 10.
Page 187: Snmpv3 With Traps
set snmp notify target SNMPv3 with Traps To configure a notification target for traps from SNMPv3, use the following command: Syntax — set snmp notify target target-num ip-addr[:udp-port-number] usm trap user username [profile profile-name] [security {unsecured | authenticated | encrypted}] —...
Page 188: Snmpv2C With Traps
7: IP S HAPTER ERVICES OMMANDS — IP address of the server. You also ip-addr[:udp-port-number] can specify the UDP port number to send notifications to. community-string — Community string. — Notification profile this SNMP user will use profile profile-name to specify the notification types to send or drop. —...
Page 189 set snmp notify target — Community string. community-string — Notification profile this SNMP user will use profile profile-name to specify the notification types to send or drop. Defaults — The default UDP port number on the target is 162. The default minimum required security level is unsecured.
Page 190: Set Snmp Protocol
7: IP S HAPTER ERVICES OMMANDS set snmp protocol on page 190 set snmp security on page 191 set snmp usm on page 192 display snmp notify target on page 156 set snmp protocol Enables an SNMP protocol. MSS supports SNMPv1, SNMPv2c, and SNMPv3.
Page 191: Set Snmp Security
set snmp security set snmp security on page 191 set snmp usm on page 192 display snmp status on page 157 set snmp security Sets the minimum level of security MSS requires for SNMP message exchanges. Syntax — set snmp security {unsecured | authenticated | encrypted | auth-req-unsec-notify} —...
Page 192: Set Snmp Usm
7: IP S HAPTER ERVICES OMMANDS See Also set ip snmp server on page 173 set snmp community on page 179 set snmp notify target on page 185 set snmp notify profile on page 181 set snmp protocol on page 190 set snmp usm on page 192 display snmp status on page 157 set snmp usm...
Page 193 set snmp usm access {read-only | read-notify | notify-only | read-write — Specifies the access level of the user: | notify-read-write} read-only —An SNMP management application using the string can get (read) object values on the switch but cannot set (write) them.
Page 194 The following command creates USM user securesnmpmgr1, which uses SHA authentication and 3DES encryption with passphrases. This user can send informs to the notification receiver that has engine ID 192.168.40.2. WX4400# set snmp usm securesnmpmgr1 snmp-engine-id ip 192.168.40.2 auth-type sha auth-pass-phrase myauthpword encrypt-type 3des encrypt-pass-phrase mycryptpword success: change accepted.
Page 195: Set Summertime
set summertime set summertime Offsets the real-time clock of a wireless LAN switch by +1 hour and returns it to standard time for daylight savings time or a similar summertime period that you set. Syntax — set summertime summer-name [start week weekday month hour min end week weekday month hour min] —...
Page 196: Set System Ip-Address
7: IP S HAPTER ERVICES OMMANDS Examples — To enable summertime and set the summertime time zone to PDT (Pacific Daylight Time), type the following command: WX1200# set summertime PDT success: change accepted See Also clear summertime on page 139 clear timezone on page 140 display summertime on page 158 display timedate on page 159...
Page 197: Set Timedate
Examples — The following commands configure an IP interface on VLAN taupe and configure the interface to be the system IP address: WX4400# set interface taupe ip 10.10.20.20/24 success: set ip address 10.10.20.20 netmask 255.255.255.0 on vlan taupe WX4400# set system ip-address 10.10.20.20 success: change accepted.
Page 198: Set Timezone
ERVICES OMMANDS Examples — The following command sets the date to March 13, 2003 and time to 11:11:12: WX4400# set timedate date feb 29 2004 time 23:58:00 Time now is: Sun Feb 29 2004, 23:58:02 PST See Also clear summertime on page 139...
Page 199: Telnet
telnet Examples — To set the time zone for Pacific Standard Time (PST), type the following command: WX1200# set timezone PST -8 Timezone is set to 'PST', offset from UTC is -8:0 hours. See Also clear summertime on page 139 clear timezone on page 140 display summertime on page 158 display timedate on page 159...
Page 200 Telnet session with another device and enters a command on the remote device: WX4400# telnet 10.10.10.90 Session 0 pty tty2.d Trying 10.10.10.90... Connected to 10.10.10.90 Disconnect character is '^t' Copyright (c) 2004 3Com Corporation. All rights reserved. Username: username Password: password WX1200-remote> display vlan Admin VLAN...
Page 201: Traceroute
traceroute traceroute Traces the route to an IP host. Syntax — traceroute host [dnf] [no-dns] [port port-num] [queries num] [size size] [ttl hops] [wait ms] — IP address, hostname, or alias of the destination host. Specify host the IP address in dotted decimal notation. —...
Page 202 ERVICES OMMANDS Examples — The following example traces the route to host server1: WX4400# traceroute server1 traceroute to server1.example.com (192.168.22.7), 30 hops max, 38 byte packets 1 engineering-1.example.com (192.168.192.206) 2 ms 1 ms 1 ms 2 engineering-2.example.com (192.168.196.204) 2 ms 3 ms 2 ms 3 gateway_a.example.com (192.168.1.201) 6 ms 3 ms 3 ms...
Page 203 traceroute Table 39 Error messages for traceroute (continued) Field Description Fragmentation needed but Do Not Fragment (DNF) bit was set. Source route failed. Communication administratively prohibited. Unknown error occurred. See Also ping on page 160...
Page 204 7: IP S HAPTER ERVICES OMMANDS...
Page 205: Aaa C
AAA C OMMANDS Use authentication, authorization, and accounting (AAA) commands to provide a secure network connection and a record of user activity. Location policy commands override any virtual LAN (VLAN) or security ACL assignment by AAA or the local WX database to help you control access locally.
Page 206 8: AAA C HAPTER OMMANDS Table 40 AAA Commands by Usage (continued) Type Command Local Authorization set user on page 262 for Password Users clear user on page 219 set user attr on page 263 clear user attr on page 220 set usergroup on page 265 clear usergroup on page 221 set user group on page 264...
Page 207: Clear Accounting
Access — Enabled. History —Introduced in MSS Version 3.0. Examples — The following command removes accounting services for authorized network user Nin: WX4400# clear accounting dot1x Nin success: change accepted. See Also set accounting {admin | console} on page 229...
Page 208: Clear Authentication Admin
Access — Enabled. History —Introduced in MSS Version 3.0. Examples — The following command clears authentication for administrator Jose: WX4400# clear authentication admin Jose success: change accepted. See Also clear authentication console on page 209 clear authentication dot1x on page 210...
Page 209: Clear Authentication Console
Examples — The following command clears authentication for administrator Regina: WX4400# clear authentication console Regina success: change accepted. See Also clear authentication admin on page 208 display aaa on page 223...
Page 210: Clear Authentication Dot1X
History —Introduced in MSS Version 3.0. Examples — The following command removes 802.1X authentication for network users with usernames ending in @thiscorp.com who try to access SSID finance: WX4400# clear authentication dot1x ssid finance *@thiscorp.com See Also clear authentication admin on page 208...
Page 211: Clear Authentication Last-Resort
Access — Enabled. History —Introduced in MSS Version 3.0. Examples — The following command removes a last-resort authentication rule for wired-authentication access: WX4400# clear authentication last-resort wired See Also clear authentication admin on page 208 clear authentication console on page 209...
Page 212: Clear Authentication Mac
Examples — The following command removes a MAC authentication rule for access to SSID thatcorp by MAC addresses beginning with aa:bb:cc: WX4400# clear authentication mac ssid thatcorp aa:bb:cc:* See Also clear authentication admin on page 208 clear authentication console on page 209...
Page 213: Clear Authentication Proxy
History —Introduced in MSS Version 4.0. Examples — The following command removes the proxy rule for SSID mycorp and userglob **: WX4400# clear authentication proxy ssid mycorp See Also set authentication proxy on page 245 display aaa on page 223 clear authentication Removes a WebAAA rule.
Page 214: Clear Location Policy
8: AAA C HAPTER OMMANDS Examples — The following command removes WebAAA for SSID research and userglob temp*@thiscorp.com: WX4400# clear authentication web ssid research temp*@thiscorp.com See Also clear authentication admin on page 208 clear authentication console on page 209 clear authentication dot1x on page 210...
Page 215: Clear Mac-User
Examples — The following command removes the user profile for a user at MAC address 01:02:03:04:05:06: WX4400# clear mac-user 01:02:03:04:05:06 success: change accepted. See Also display aaa on page 223...
Page 216: Clear Mac-User Attr
History —Introduced in MSS Version 3.0. Examples — The following command removes an access control list (ACL) from the profile of a user at MAC address 01:02:03:04:05:06: WX4400# clear mac-user 01:02:03:04:05:06 attr filter-id success: change accepted. See Also display aaa on page 223...
Page 217: Clear Mac-Usergroup
WX database. To remove the group, use clear mac-usergroup. Examples — The following command deletes the user profile for a user at MAC address 01:02:03:04:05:06 from its user group: WX4400# clear mac-user 01:02:03:04:05:06 group success: change accepted. See Also clear mac-usergroup on page 217...
Page 218: Clear Mac-Usergroup Attr
Examples — The following command removes the members of the MAC user group eastcoasters from a VLAN assignment by deleting the VLAN-Name attribute from the group: WX4400# clear mac-usergroup eastcoasters attr vlan-name success: change accepted. See Also clear mac-usergroup on page 217...
Page 219: Clear Mobility-Profile
clear mobility-profile clear Removes a Mobility Profile entirely. mobility-profile Syntax — clear mobility-profile name — Name of an existing Mobility Profile. name Defaults — None. Access — Enabled. History —Introduced in MSS Version 3.0. Examples — The following command removes the Mobility Profile for user Nin: WX1200# clear mobility-profile Nin success: change accepted.
Page 220: Clear User Attr
Access — Enabled. History —Introduced in MSS Version 3.0. Examples — The following command removes the Session-Timeout attribute from Hosni’s user profile: WX4400# clear user Hosni attr session-timeout success: change accepted. See Also display aaa on page 223 set user attr on page 263...
Page 221: Clear User Group
WX database. To remove the group, use clear usergroup. Examples — The following command removes the user Nin from a user group: WX4400# clear user Nin group success: change accepted. See Also clear usergroup on page 221...
Page 222: Clear Usergroup Attr
Examples — The following command deletes the cardiology user group from the local database: WX4400# clear usergroup cardiology success: change accepted. See Also clear usergroup attr on page 222...
Page 223: Display Aaa
Examples — The following command removes the members of the user group cardiology from a network access time restriction by deleting the Time-Of-Day attribute from the group: WX4400# clear usergroup cardiology attr time-of-day success: change accepted. See Also clear usergroup on page 221...
Page 224 8: AAA C HAPTER OMMANDS set authentication admin Jose sg3 set authentication console * none set authentication mac ssid mycorp * local set authentication dot1x ssid mycorp Geetha eap-tls set authentication dot1x ssid mycorp * peap-mschapv2 sg1 sg2 sg3 set authentication dot1x ssid any ** peap-mschapv2 sg1 sg2 sg3 set accounting dot1x Nin ssid mycorp stop-only sg2 set accounting admin Natasha start-stop local set authentication last-resort ssid guestssid local...
Page 225 display aaa Table 41 display aaa Output (continued) deadtime Number of minutes the WX switch waits after determining a RADIUS server is unresponsive before trying to reconnect with this server. During the dead time, the RADIUS server is ignored by the WX switch. The default is 0 minutes. Shared secret key, or password, used to authenticate to a RADIUS server.
Page 226: Display Accounting Statistics
Access — Enabled. History —Introduced in MSS Version 3.0. Formatting of output enhanced for readability in Version 4.2 Examples — To display the locally stored accounting records, type the following command: WX4400# display accounting statistics Dec 14 00:39:48 Acct-Status-Type=STOP Acct-Authentic=0 Acct-Multi-Session-Id=SESS-3-01f82f-520236-24bb1223...
Page 227 display accounting statistics Acct-Status-Type=START Acct-Authentic=0 User-Name=vineet Acct-Multi-Session-Id=SESS-4-01f82f-520793-bd779517 Acct-Session-Id=SESS-4-01f82f-520793-bd779517 Event-Timestamp=1134520793 AAA_ACCT_SVC_ATTR=2 AAA_VLAN_NAME_ATTR=default Calling-Station-Id=00-06-25-12-06-38 Nas-Port-Id=3/1 Called-Station-Id=00-0B-0E-00-CC-01 AAA_SSID_ATTR=vineet-dot1x Table 42 describes the fields that can appear in display accounting statistics output. Table 42 display accounting statistics Output Field Description Date and time Date and time of the accounting record. Acct-Status-Type Type of accounting record: START...
Page 228: Display Location Policy
Access — Enabled. History —Introduced in MSS Version 3.0. Examples — The following command displays the list of location policy rules in the location policy on an WX switch: WX4400 display location policy Id Clauses ---------------------------------------------------------------- 1) deny if user eq *.theirfirm.com 2) permit vlan guest_1 if vlan neq *.wodefirm.com...
Page 229: Display Mobility-Profile
display mobility-profile display Displays the named Mobility Profile. If you do not specify a Mobility mobility-profile Profile name, this command shows all Mobility Profile names and port lists on the WX. Syntax — display mobility-profile [name] — Name of an existing Mobility Profile. name Defaults —...
Page 230 Examples — The following command issues start-and-stop accounting records at the local WX database for administrator Natasha, when she accesses the switch using Telnet or Web Manager: WX4400# set accounting admin Natasha start-stop local success: change accepted.
Page 231: Set Accounting {Dot1X | Mac | Web | Last-Resort
set accounting {dot1x | mac | web | last-resort} See Also clear accounting on page 207 display accounting statistics on page 226 set accounting Sets up accounting services for specified wireless users with network {dot1x | mac | web | access, and defines the accounting records and where they are sent.
Page 232 Examples — The following command issues stop-only records to the RADIUS server group sg2 for network user Nin, who is authenticated by 802.1X: WX4400# set accounting dot1x Nin stop-only sg2 success: change accepted. See Also clear accounting on page 207...
Page 233: Set Authentication Admin
set authentication admin set authentication Configures authentication and defines where it is performed for specified admin users with administrative access through Telnet or Web Manager. Syntax — set authentication admin user-glob method1 [method2] [method3] [method4] — Single user or set of users with administrative access user-glob over the network through Telnet or Web Manager.
Page 234 Examples — The following command configures administrator Jose, who connects via Telnet, for authentication on RADIUS server group sg3: WX4400# set authentication admin Jose sg3 success: change accepted. See Also clear authentication admin on page 208...
Page 235: Set Authentication Console
set authentication console set authentication mac on page 243 set authentication web on page 246 set authentication Configures authentication and defines where it is performed for specified console users with administrative access through a console connection. Syntax — set authentication console user-glob method1 [method2] [method3] [method4] —...
Page 236 MSS requires no username or password, by default. These users can press Enter at the prompts for administrative access. 3Com recommends that you change the default setting unless the WX switch is in a secure physical location.
Page 237: Set Authentication Dot1X
set authentication dot1x set authentication mac on page 243 set authentication web on page 246 set authentication Configures authentication and defines how and where it is performed for dot1x specified wireless or wired authentication clients who use an IEEE 802.1X authentication protocol to access the network through the WX switch.
Page 238 8: AAA C HAPTER OMMANDS Provides encryption and integrity checking for the connection Cannot be used with RADIUS server authentication (requires user information to be in the switch’s local database) — Protected EAP (PEAP) with Microsoft Challenge peap-mschapv2 Handshake Authentication Protocol version 2 (MS-CHAP-V2). For wireless clients: Uses TLS for encryption and data integrity checking and server-side authentication...
Page 239 set authentication dot1x Access — Enabled. History —Introduced in MSS Version 3.0. Usage — You can configure different authentication methods for different groups of users by “globbing.” (For details, see “User Globs” on page 28.) You can configure a rule either for wireless access to an SSID, or for wired access through a WX switch’s wired authentication port.
Page 240: Set Authentication Last-Resort
OMMANDS Examples — The following command configures EAP-TLS authentication in the local WX database for SSID mycorp and 802.1X client Geetha: WX4400# set authentication dot1x ssid mycorp Geetha eap-tls local success: change accepted. The following command configures PEAP-MS-CHAP-V2 authentication at RADIUS server groups sg1 through sg3 for all 802.1X clients at...
Page 241 MAP ports or wired authentication ports on the WX switch. Connection, authorization, and accounting are also disabled for these users. When using RADIUS for authentication, a last-resort user’s default authorization password is 3Com. Access — Enabled. History —Introduced in MSS Version 3.0.
Page 242 The username must be last-resort-any, exactly as spelled here. Examples — The following command configures a last-resort authentication rule in the local WX database for SSID mycorp: WX4400# set authentication last-resort ssid mycorp local success: change accepted. See Also...
Page 243: Set Authentication Mac
set authentication mac set authentication Configures authentication and defines where it is performed for specified non-802.1X users with network access through a media access control (MAC) address. Syntax — set authentication mac {ssid ssid-name | wired} mac-addr-glob method1 [method2] [method3] [method4] —...
Page 244 Examples — To use the local WX database to authenticate all users who access the mycorp2 SSID by their MAC address, type the following command: WX4400# set authentication ssid mycorp2 mac ** local success: change accepted. See Also clear authentication mac on page 212...
Page 245: Set Authentication Proxy
SSID mycorp. MSS uses RADIUS server group srvrgrp1 to proxy RADIUS requests and hence to authenticate and authorize the users. WX4400# set authentication proxy ssid mycorp ** srvrgrp1 See Also clear authentication proxy on page 213...
Page 246: Set Authentication Web
8: AAA C HAPTER OMMANDS set authentication Configures an authentication rule to allow a user to log in to the network using a web page served by the WX switch. The rule can be activated if the user is not otherwise granted or denied access by 802.1X, or granted access by MAC authentication.
Page 247 Examples — The following command configures a WebAAA rule in the local WX database for SSID ourcorp and userglob rnd*: WX4400# set authentication web ssid ourcorp rnd* local success: change accepted. See Also clear authentication proxy on page 213...
Page 248: Set Location Policy
8: AAA C HAPTER OMMANDS display aaa on page 223 set authentication admin on page 233 set authentication console on page 235 set authentication dot1x on page 237 set authentication last-resort on page 240 set location policy Creates and enables a location policy on an WX switch. The location policy enables you to locally set or change authorization attributes for a user after the user is authorized by AAA, without making changes to the AAA server.
Page 249 set location policy Optionally, you can add the suffix .out to the name. — MSS takes the action specified by the rule if Condition options all conditions in the rule are met. You can specify one or more of the following conditions: —...
Page 250 8: AAA C HAPTER OMMANDS — Replaces the rule in the location policy with modify rule-number the new rule. Specify the number of the existing location policy rule. (To determine the number, use the display location policy command.) — List of physical port(s) by which to determine if the port port-list location policy rule applies.
Page 251 WX4400# set location policy deny if user eq *.theirfirm.com The following command authorizes access to the guest_1 VLAN for all users who are not at *.wodefirm.com: WX4400# set location policy permit vlan guest_1 if user neq *.wodefirm.com The following command authorizes users at *.ny.ourfirm.com to access the bld4.tac VLAN instead, and applies the security ACL tac_24 to the...
Page 252: Set Mac-User
Examples — The following command creates a user profile for a user at MAC address 01:02:03:04:05:06 and assigns the user to the eastcoasters user group: WX4400# set mac-user 01:02:03:04:05:06 group eastcoasters success: change accepted. See Also clear mac-user on page 215...
Page 253: Set Mac-User Attr
set mac-user attr set mac-user attr Assigns an authorization attribute in the local database on the WX switch to a user who is authenticated by a MAC address. (To assign authorization attributes through RADIUS, see the documentation for your RADIUS server.) Syntax —...
Page 254 8: AAA C HAPTER OMMANDS Table 43 Authentication Attributes for Local Users (continued) end-date Date and time after Date and time, in the following which the user is no format: longer allowed to be on YY/MM/DD-HH:MM the network. You can use end-date alone or with start-date.
Page 255 set mac-user attr Table 43 Authentication Attributes for Local Users (continued) service-type Type of access the user One of the following numbers: is requesting. 2—Framed; for network user access 6—Administrative; for administrative access to the WX switch, with authorization to access the enabled (configuration) mode.
Page 256 8: AAA C HAPTER OMMANDS Table 43 Authentication Attributes for Local Users (continued) time-of-day Day(s) and time(s) One of the following: during which the user is (network access never—Access is always denied. permitted to log into the mode only) any—Access is always allowed. network.
Page 257 set mac-user attr Table 43 Authentication Attributes for Local Users (continued) URL to which the user is Web URL, in standard format. For redirected after example: (network access successful WebAAA. mode only) http://www.example.com You must include the http:// portion. You can dynamically include any of the variables in the URL string: $u—Username $v—VLAN...
Page 258: Set Mac-Usergroup Attr
Examples — The following command assigns input access control list (ACL) acl-03 to filter the packets from a user at MAC address 01:02:03:04:05:06: WX4400# set mac-user 01:02:03:04:05:06 attr filter-id acl-03.in success: change accepted. The following command restricts a user at MAC address 06:05:04:03:02:01 to network access between 7 p.m.
Page 259: Set Mobility-Profile
MAC user group’s start date. Examples — The following command creates the MAC user group eastcoasters and assigns the group members to VLAN orange: WX4400# set mac-usergroup eastcoasters attr vlan-name orange success: change accepted. See Also clear mac-usergroup attr on page 218...
Page 260 8: AAA C HAPTER OMMANDS — List of Distributed MAP connections through which any dap-num user assigned this profile is allowed access. The same Distributed MAP can be used in multiple Mobility Profile port lists. Defaults — No default Mobility Profile exists on the WX switch. If you do not assign Mobility Profile attributes, all users have access through all ports, unless denied access by other AAA servers or by access control lists (ACLs).
Page 261: Set Mobility-Profile Mode
set mobility-profile mode The following command adds port 3 to the magnolia Mobility Profile (which is already assigned to port 2): WX1200# set mobility-profile name magnolia port 3 success: change accepted. See Also clear mobility-profile on page 219 display mobility-profile on page 229 set mac-user attr on page 253 set mac-usergroup attr on page 258 set mobility-profile mode on page 261...
Page 262: Set User
WX in administrative mode and never require a password. Examples — The following command creates a user profile for user Nin in the local database, and assigns the password goody: WX4400# set user Nin password goody success: User Nin created...
Page 263: Set User Attr
The following command assigns the password chey3nne to the admin user: WX4400# set user admin password chey3nne success: User admin created The following command changes Nin’s password from goody to 29Jan04: WX4400# set user Nin password 29Jan04...
Page 264: Set User Group
Examples — The following command assigns user Tamara to VLAN orange: WX4400# set user Tamara attr vlan-name orange success: change accepted. The following command assigns Tamara to the Mobility Profile tulip.
Page 265: Set Usergroup
To create a user group, user the command set usergroup. Examples — The following command adds user Hosni to the cardiology user group: WX4400# set user Hosni group cardiology success: change accepted. See Also clear user group on page 221...
Page 266: Set Web-Portal
Examples — The following command adds the user group cardiology to the local database and assigns all the group members to VLAN crimson: WX4400# set usergroup cardiology attr vlan-name crimson success: change accepted. See Also...
Page 267 set web-portal See Also clear authentication proxy on page 213 set service-profile auth-fallthru on page 394 set user on page 262...
Page 268 8: AAA C HAPTER OMMANDS...
Page 269: Mobility
(client). One WX switch acts as a seed switch, which maintains and distributes a list of IP addresses of the domain members. 3Com recommends that you run the same MSS version on all the WX switches in a Mobility Domain. Commands by This chapter presents Mobility Domain commands alphabetically.
Page 270: Clear Mobility-Domain
9: M HAPTER OBILITY OMAIN OMMANDS clear Clears all Mobility Domain configuration and information from a WX mobility-domain switch, regardless of whether the WX switch is a seed or a member of a Mobility Domain. Syntax — clear mobility-domain Defaults — None. Access —...
Page 271: Display Mobility-Domain Config
Access — Enabled. History —Introduced in MSS Version 3.0. Examples — The following command displays the Mobility Domain configuration: WX4400# display mobility-domain config This WX is a member, with seed 192.168.14.6 See Also clear mobility-domain on page 270 set mobility-domain member on page 273...
Page 272: Display Mobility-Domain Status
Defaults — None. Access — Enabled. History —Introduced in MSS Version 3.0. Examples — To display Mobility Domain status, type the following command: WX4400# display mobility-domain status Mobility Domain name: Pleasanton Member State Status --------------- ------------- -------------- 192.168.253.11...
Page 273: Set Mobility-Domain Member
Examples — The following commands add three WX switches with the IP addresses 192.168.1.8, 192.168.1.9, and 192.168.1.10 as members of a Mobility Domain whose seed is the current WX switch: WX4400# set mobility-domain member 192.168.1.8 success: change accepted. WX4400# set mobility-domain member 192.168.1.9 success: change accepted.
Page 274: Set Mobility-Domain Mode Member Seed-Ip
Examples — The following command sets the current WX switch as a nonseed member of the Mobility Domain whose seed has the IP address 192.168.1.8: WX4400# set mobility-domain mode member seed-ip 192.168.1.8 mode is: member seed IP is: 192.168.1.8 See Also...
Page 275: Set Mobility-Domain Mode Seed Domain-Name
All other WX switches in the domain receive their Mobility Domain information from the seed. Examples — The following command creates a Mobility Domain named Pleasanton with the current WX switch as the seed: WX4400# set mobility-domain mode seed domain-name Pleasanton mode is: seed domain name is: Pleasanton See Also...
Page 276 9: M HAPTER OBILITY OMAIN OMMANDS...
Page 277: Network
ETWORK OMAIN OMMANDS Use Network Domain commands to configure and manage Network Domain groups. A Network Domain is a group of geographically dispersed Mobility Domains that share information among themselves over a WAN link. This shared information allows a user configured on a WX switch in one Mobility Domain to establish connectivity on a WX switch in another Mobility Domain elsewhere in the same Network Domain.
Page 278: Clear Network-Domain
10: N HAPTER ETWORK OMAIN OMMANDS Table 46 Network Domain Commands by Usage (continued) Type Command clear network-domain peer on page 280 clear network-domain seed-ip on page 281 display network-domain on page 282 clear Clears all Network Domain configuration and information from a WX network-domain switch, regardless of whether the WX switch is a seed or a member of a Network Domain.
Page 279: Clear Network-Domain Mode
clear network-domain mode clear Removes the Network Domain seed or member configuration from the network-domain WX switch. mode Syntax — clear network-domain mode {seed | member} — Clears the Network Domain seed configuration from the WX seed switch. — Clears the Network Domain member configuration from member the WX switch.
Page 280: Clear Network-Domain Peer
10: N HAPTER ETWORK OMAIN OMMANDS clear Removes the configuration of a Network Domain peer from a WX switch network-domain configured as a Network Domain seed. peer Syntax — clear network-domain peer {ip-addr | all} — IP address of the Network Domain peer in dotted decimal ip-addr notation.
Page 281: Clear Network-Domain Seed-Ip
clear network-domain seed-ip clear Removes the specified Network Domain seed from the WX switch’s network-domain configuration. When you enter this command, the Network Domain TCP seed-ip connections between the WX switch and the specified Network Domain seed are closed. Syntax — clear network-domain seed-ip ip-addr —...
Page 282: Display Network-Domain
10: N HAPTER ETWORK OMAIN OMMANDS display Displays the status of Network Domain seeds and members. network-domain Syntax — display network-domain Defaults — None. Access — Enabled. History —Introduced in MSS 4.1. Examples — To display Network Domain status, type the following command.
Page 283 display network-domain Table 47 describes the fields in the display. Table 47 Radio-Specific Parameters Parameter Description Output if WX is the Network Domain Seed Network Domain name Name of the Network Domain for which the WX switch is a seed. Peer IP addresses of the other seeds in the Network Domain.
Page 284: Set Network-Domain Mode Member Seed-Ip
10: N HAPTER ETWORK OMAIN OMMANDS Sets the IP address of a Network Domain seed. This command is used for network-domain configuring a WX switch as a member of a Network Domain. You can mode member specify multiple Network Domain seeds and configure one as the primary seed-ip seed.
Page 285: Set Network-Domain Peer
set network-domain peer WX1200# set network-domain mode member seed-ip 192.168.9.254 affinity 7 success: change accepted. See Also clear network-domain on page 278 display network-domain on page 282 On a Network Domain seed, configures one or more WX switches as network-domain redundant Network Domain seeds.
Page 286: Set Network-Domain Mode Seed Domain-Name
10: N HAPTER ETWORK OMAIN OMMANDS Creates a Network Domain by setting the current WX switch as a seed network-domain device and naming the Network Domain. mode seed Syntax — domain-name set network-domain mode seed domain-name net-domain-name — Name of the Network Domain. Specify between net-domain-name 1 and 16 characters with no spaces.
Page 287: Map Access Point Commands By Usage
ANAGED CCESS OINT OMMANDS Use MAP access point commands to configure and manage MAP access points. Be sure to do the following before using the commands: Define the country-specific IEEE 802.11 regulations on the WX switch. (See set system countrycode on page 58.) Install the MAP access point and connect it to a port on the WX switch.
Page 288 11: M HAPTER ANAGED CCESS OINT OMMANDS Table 48 Map Access Point Commands by Usage (continued) Type Command set {ap | dap} radio auto-tune max- retransmissions on page 356 set {ap | dap} radio auto-tune min-client-rate on page 359 set {ap | dap} radio mode on page 360 set {ap | dap} radio radio-profile on page 362 set dap auto radiotype on page 342 set dap security on page 364...
Page 289 MAP Access Point Commands by Usage Table 48 Map Access Point Commands by Usage (continued) Type Command Authentication and set service-profile attr on page 391 Encryption set service-profile auth-dot1x on page 393 set service-profile auth-fallthru on page 394 set service-profile auth-psk on page 395 set service-profile web-portal-form on page 427 set service-profile wpa-ie on page 433 set service-profile rsn-ie on page 411...
Page 290 11: M HAPTER ANAGED CCESS OINT OMMANDS Table 48 Map Access Point Commands by Usage (continued) Type Command set {ap | dap} radio auto-tune max- retransmissions on page 356 set {ap | dap} radio auto-tune min-client-rate on page 359 display auto-tune neighbors on page 319 display auto-tune attributes on page 317 MAP-WX Security set dap fingerprint on page 350...
Page 291: Clear {Ap | Dap} Radio
clear {ap | dap} radio clear {ap | dap} Disables a MAP radio and resets it to its factory default settings. radio Syntax — clear {ap port-list | dap dap-num } radio {1 | 2 | all} — List of ports connected to the MAP access point(s) on ap port-list which to reset a radio.
Page 292 11: M HAPTER ANAGED CCESS OINT OMMANDS Table 49 Radio-Specific Parameters (continued) channel 802.11b — 6 Number of the channel in which a radio transmits and 802.11a — Lowest receives traffic valid channel number for the country of operation mode disable Operational state of the radio.
Page 293: Clear Dap Boot-Configuration
MAP, the next time the Distributed MAP is rebooted, it uses the standard boot process. Examples — The following command clears the static IP address configuration for Distributed MAP 1. WX4400# clear dap 1 boot-configuration This will clear specified DAP devices. Would you like to continue? (y/n) [n]y success: change accepted.
Page 294 Examples — The following commands disable the radios that are using radio profile rp1 and reset the beaconed-interval parameter to its default value: WX4400# set radio-profile rp1 mode disable WX4400# clear radio-profile rp1 beacon-interval success: change accepted. The following commands disable the radios that are using radio profile...
Page 295: Clear Service-Profile
clear service-profile set radio-profile mode on page 380 display radio-profile on page 327 clear service-profile Removes a service profile or resets one of the profile’s parameters to its default value. Syntax — clear service-profile name [soda {agent-directory | failure-page | remediation-acl | success-page | logout-page}] Resets the directory for Sygate soda agent-directory —...
Page 296: Display {Ap | Dap} Config
Examples — The following commands disable the radios that are using radio profile rp6, remove service-profile svcprof6 from rp6, then clear svcprof6 from the configuration. WX4400# set radio-profile rp6 mode disable WX4400# clear radio-profile rp6 service-profile svcprof6 success: change accepted.
Page 297 5.5, max-retransmissions: 10 The following example shows configuration information for a Distributed MAP access point configured on connection 1: WX4400# display dap config 1 1: Serial-Id: M9DE48B012F00, MAP model: AP2750, bias: high, name: DAP1 boot-download-enable: YES Radio 1: type: 802.11a, mode: disabled, channel: dynamic...
Page 298 11: M HAPTER ANAGED CCESS OINT OMMANDS Table 50 Output for display ap config (continued) Field Description name MAP access point name. boot-download- State of the firmware upgrade option: enable YES (automatic upgrades are enabled) NO (automatic upgrades are disabled) load balancing group Names of the MAP load-balancing groups to which the MAP access point belongs.
Page 299 display {ap | dap} config Table 50 Output for display ap config (continued) Field Description auto-tune Maximum percentage of packets that can be retransmitted max-retransmissions by a client before RF Auto-Tuning increases power. Note: Only packets that are received twice by the MAP are counted as retransmissions.
Page 300: Display {Ap | Dap} Counters
11: M HAPTER ANAGED CCESS OINT OMMANDS display {ap | dap} Displays MAP access point and radio statistics counters. counters Syntax — display ap counters [port-list [radio {1 | 2}]] Syntax — display dap counters [dap-num [radio {1 | 2}]] —...
Page 301 display {ap | dap} counters Examples — The following command shows statistics counters for Distributed MAP 7: WX1200# display dap counters 7 Port: 6 radio: 1 ================================= LastPktXferRate PktTxCount 91594255 NumCntInPwrSave 4294966683MultiPktDrop LastPktRxSigStrength MultiBytDrop LastPktSigNoiseRatio User Sessions TKIP Pkt Transfer Ct MIC Error Ct TKIP Pkt Replays TKIP Decrypt Err...
Page 302: Port
However, if this counter is increasing steadily or has a very high value (in the hundreds or more), a Denial of Service (DoS) attack might be occurring. Contact 3Com TAC. CCMP Pkt Decrypt Number of times a decryption error occurred with a packet encrypted with CCMP.
Page 303: Radio Adjusted Tx Pwr
display {ap | dap} counters Table 51 Output for display ap counters (continued) Field Description CCMP Pkt Transfer Total number of CCMP packets sent and received by the radio. Radio Recv Phy Err Ct Number of times radar caused packet errors. If this counter increments rapidly, there is a problem in the RF environment.
Page 304 Normally, the value of this counter should always be 0. If the value is not 0, check the system log for MIC error messages and contact 3Com TAC. TKIP Decrypt Err Number of times a decryption error occurred with a packet encrypted with TKIP.
Page 305: 802.3 Packet Rx Ct
display {ap | dap} counters Table 51 Output for display ap counters (continued) Field Description Noise Floor Received signal strength at which the MAP can no longer distinguish 802.11 packets from ambient RF noise. A value around -90 or higher is good for an 802.11b/g radio. A value around -80 or higher is good for an 802.11a radio.
Page 306: Display {Ap | Dap} Qos-Stats
Access — Enabled. History —Introduced in MSS Version 4.0. Version 4.2 added the TxDrop field. Examples — The following command shows statistics for the MAP forwarding queues on a Distributed MAP. WX4400# display dap qos-stats 4 Queue TxDrop ====================================== DAP:...
Page 307: Display {Ap | Dap} Etherstats
display {ap | dap} etherstats Table 52 Output for display {ap | dap} qos-stats Field Description CoS value associated with the forwarding queues. Queue Forwarding queue. Distributed MAP number or MAP port number. Port radio Radio number. Number of packets transmitted to the air from the queue.
Page 308 11: M HAPTER ANAGED CCESS OINT OMMANDS Examples — The following command displays Ethernet statistics for the Ethernet ports on Distributed MAP 1: WX4400# display dap etherstats 1 DAP: 1 ether: 1 ================================= RxUnicast: 75432 TxGoodFrames: 55210 RxMulticast: 18789 TxSingleColl:...
Page 309: Display {Ap | Dap} Group
display {ap | dap} group Table 53 Output of display ap etherstats (continued) Field Description TxMaxColl Number of frames that were not transmitted because they encountered the maximum allowed number of collisions. Typically, this occurs only during periods of heavy traffic on the network.
Page 310: Display {Ap | Dap} Status
11: M HAPTER ANAGED CCESS OINT OMMANDS Table 54 Output for display ap group Field Description Load Balance Grp Name of the MAP access point group. Port WX port number. Clients Number of active client sessions on the MAP access point. Status Association status of the MAP access point: Accepting —...
Page 311 802.11a radios only, and only for country codes where DFS is used Examples — The following command displays the status of a Distributed MAP: WX4400# display dap status 1 Dap: 1, IP-addr: 10.2.34.56 (vlan 'vlan-corp'), MAP model: AP2750, manufacturer: 3Com, name: DAP01...
Page 312 ANAGED CCESS OINT OMMANDS The following command displays the status of a directly connected MAP: WX1200# display ap status 1 Port: 1, AP model: AP2750, manufacturer 3Com, name: MAP01 ==================================================== State: operational CPU info: IBM:PPC speed=266666664 Hz version=405GPr id=0x28b08a1e047f1d0f ram=33554432...
Page 313 display {ap | dap} status Table 55 Output for display ap status (continued) Field Description Port WX port number. Note: This field is applicable only if the MAP is directly connected to the WX switch and the WX switch’s port is configured as a MAP access port.
Page 314 11: M HAPTER ANAGED CCESS OINT OMMANDS Table 55 Output for display ap status (continued) Field Description State State of the MAP: init — The MAP has been recognized by the WX but has not yet begun booting. booting — The MAP has asked the WX for a boot image.
Page 315 display {ap | dap} status Table 55 Output for display ap status (continued) Field Description Radio 1 type 802.11 type and configuration state of the radio. Radio 2 type The configure succeed state indicates that the MAP has received configuration parameters for the radio and the radio is ready to accept client connections.
Page 316 11: M HAPTER ANAGED CCESS OINT OMMANDS Table 55 Output for display ap status (continued) Field Description Radio 1 type The following information appears for external antennas: Radio 2 type External antenna detected, configured as antenna-model—Indicates that an external antenna has (cont.) been detected, and lists the antenna model configured on the radio.
Page 317: Display Auto-Tune Attributes
display auto-tune attributes Table 56 Output for display ap status terse and display dap status terse Field Description Radio2 State, channel, and power information for radio 2. Uptime Amount of time since the MAP booted using this link. display auto-tune Displays the current values of the RF attributes RF Auto-Tuning uses to attributes decide whether to change channel or power settings.
Page 318 11: M HAPTER ANAGED CCESS OINT OMMANDS Table 57 Output for display auto-tune attributes Field Description Noise Noise threshold on the active channel. RF Auto-Tuning prefers channels with low noise levels over channels with higher noise levels. Utilization Number of multicast packets per second that a radio can send on a channel while continuously sending fixed size frames over a period of time.
Page 319: Display Auto-Tune Neighbors
Displays the other 3Com radios and third-party 802.11 radios that a neighbors 3Com radio can hear. Syntax — display auto-tune neighbors [ap map-num [radio {1 | 2| all}]] Syntax — display auto-tune neighbors [dap dap-num [radio {1 | 2| all}]] —...
Page 320 11: M HAPTER ANAGED CCESS OINT OMMANDS Examples — The following command displays neighbor information for radio 1 on the directly connected MAP access point on port 2: WX1200# display auto-tune neighbors ap 2 radio 1 Total number of entries for port 2 radio 1: 5 Channel Neighbor BSS/MAC RSSI ------- ----------------- ----...
Page 321: Display Dap Boot-Configuration
display dap boot-configuration display dap Displays information about the static IP address configuration (if any) on a boot-configuration Distributed MAP. Syntax — display dap boot-configuration dap-num — Number of a Distributed MAP for which to display static IP dap-num configuration information. Defaults —...
Page 322: Display Dap Connection
11: M HAPTER ANAGED CCESS OINT OMMANDS Table 59 Output for show dap boot-configuration (continued) Field Description IP address The static IP address assigned to this Distributed MAP. IP netmask The subnet mask assigned to this Distributed MAP. gateway The IP address of the default gateway assigned to this Distributed MAP.
Page 323 display dap connection If a Distributed MAP is configured on this WX switch (or another WX switch in the same Mobility Domain) but does not have an active connection, the command does not display information for the MAP. To show connection information for Distributed MAPs, use the display dap global command on one of the switches where the MAPs are configured.
Page 324: Display Dap Global
Examples — The following command displays configuration information for all the Distributed MAPs configured on a WX switch: WX4400# display dap global Total number of entries: 8 DAP Serial Id WX IP Address...
Page 325: Display Dap Unconfigured
display dap unconfigured Table 61 Output for display dap global Field Description Connection ID you assigned to the Distributed MAP. Note: DAP numbers are listed only for Distributed MAPs configured on this WX switch. If the field contains a hyphen ( - ), the Distributed MAP configuration displayed in the row of output is on another WX switch.
Page 326 11: M HAPTER ANAGED CCESS OINT OMMANDS If a Distributed MAP is configured on a WX switch in another Mobility Domain, the MAP can appear in the output until the MAP is able to establish a connection with a WX switch in its Mobility Domain. After the MAP establishes a connection, the entry for the MAP ages out and no longer appears in the command’s output.
Page 327: Display Radio-Profile
Allow 802.11g clients only field removed. (This option is now configured using the set service-profile transmit-rates command.) Usage — MSS contains a default radio profile. 3Com recommends that you do not change this profile but instead keep the profile for reference.
Page 328 11: M HAPTER ANAGED CCESS OINT OMMANDS Table 63 describes the fields in this display. Table 63 Output for display radio-profile Field Description Beacon Interval Rate (in milliseconds) at which each MAP radio in the profile advertises the beaconed SSID. DTIM Interval Number of times after every beacon that each MAP radio in the radio profile sends a delivery traffic indication map...
Page 329 display radio-profile Table 63 Output for display radio-profile (continued) Field Description Power Backoff Timer Interval, in minutes, at which radios in a radio profile reduce power after temporarily increasing the power to maintain the minimum data rate for an associated client. At the end of each power-backoff interval, radios that temporarily increased their power reduce it by 1 dBm.
Page 330: Display Service-Profile
11: M HAPTER ANAGED CCESS OINT OMMANDS set radio-profile auto-tune channel-interval on page 369 set radio-profile auto-tune power-backoff- timer on page 370 set radio-profile auto-tune power-config on page 371 set radio-profile auto-tune power-interval on page 372 set radio-profile beacon-interval on page 373 set radio-profile countermeasures on page 374 set radio-profile dtim-interval on page 375 set radio-profile frag-threshold on page 376...
Page 331 display service-profile Long retry limit (moved from display radio-profile output) Sygate On-Demand (SODA) Enforce SODA checks: SODA remediation ACL Custom success web-page Custom failure web-page Custom logout web-page Custom agent-directory Static COS CAC mode CAC sessions User idle timeout Idle client probing Web Portal Session Timeout Transmit rates for 11a / 11b / 11g: beacon rate...
Page 332 11: M HAPTER ANAGED CCESS OINT OMMANDS CAC mode: none CAC sessions: User idle timeout: Idle client probing: Web Portal Session Timeout: WEP Key 1 value: <none> WEP Key 2 value: <none> WEP Key 3 value: <none> WEP Key 4 value: <none>...
Page 333 display service-profile Table 64 Output for display service-profile (continued) Field Description No broadcast Indicates whether broadcast restriction is enabled. When this feature is enabled, MSS sends ARP requests and DHCP Offers and Acks as unicasts to their target clients instead of forwarding them as broadcasts.
Page 334 11: M HAPTER ANAGED CCESS OINT OMMANDS Table 64 Output for display service-profile (continued) Field Description Custom failure The name of the user-specified page that the client loads if it web-page fails SODA agent checks. If no page is specified, then the failure page is generated dynamically.
Page 335 display service-profile Table 64 Output for display service-profile (continued) Field Description WEP Key 1 value State of static WEP key number 1. Radios can use this key to encrypt traffic with static Wired-Equivalent Privacy (WEP): none —T he key is not configured. preset —...
Page 336 11: M HAPTER ANAGED CCESS OINT OMMANDS Table 64 Output for display service-profile (continued) Field Description vlan-name, These are examples of authorization attributes that are session-timeout, applied by default to a user accessing the SSID managed by service-type this service profile (in addition to any attributes assigned to the user by a RADIUS server or the local database).
Page 337 display service-profile set service-profile cipher-wep40 on page 401 set service-profile cos on page 403 set service-profile dhcp-restrict on page 404 set service-profile idle-client-probing on page 405 set service-profile long-retry-count on page 406 set service-profile no-broadcast on page 407 set service-profile proxy-arp on page 408 set service-profile psk-phrase on page 409 set service-profile psk-raw on page 410 set service-profile rsn-ie on page 411...
Page 338: Reset {Ap | Dap
11: M HAPTER ANAGED CCESS OINT OMMANDS reset {ap | dap} Restarts a MAP access point. Syntax — reset {ap port-list | dap dap-num} — List of ports connected to the MAP access points to ap port-list restart. — Number of a Distributed MAP to reset. dap dap-num Defaults —...
Page 339: Set Dap Auto
set dap auto set dap auto Creates a profile for automatic configuration of Distributed MAPs. Syntax — set dap auto Defaults — None. Access — Enabled. History — Introduced in MSS 4.0. Usage — Table 65 lists the configurable profile parameters and their defaults.
Page 340 11: M HAPTER ANAGED CCESS OINT OMMANDS Table 65 Configurable Profile Parameters for Distributed MAPs (continued) Parameter Default Value tx-pwr Highest setting allowed for the country of operation radio-profile default max-power default min-client-rate 5.5 for 802.11b/g 24 for 802.11a max-retransmissions Examples —...
Page 341: Set Dap Auto Persistent
Auto-MAPs, use the display dap status auto command. Examples — The following command converts the configuration of Auto-AP 10 into a permanent configuration: WX4400# set dap auto persistent 10 success: change accepted. See Also set dap auto on page 339...
Page 342: Set Dap Auto Radiotype
802.11g, or 802.11b in regulatory domains that do not support 802.11g. Examples — The following command sets the radio type to 802.11b: WX4400# set dap auto radiotype 11b success: change accepted. See Also set dap auto on page 339...
Page 343: Set {Ap | Dap} Bias
Usage — You must use the set dap auto command to create the profile before you can enable it. Examples — The following command enables the profile for automatic Distributed MAP configuration: WX4400# set dap auto mode enable success: change accepted. See Also set dap auto on page 339...
Page 344 MAPs. For example, if a MAP is dual homed to two WX4400 wireless LAN switches, and one of the switches has 50 active MAPs while the other switch has 60 active MAPs, the new MAP selects the switch that has only 50 active MAPs.
Page 345: Set {Ap | Dap} Blink
set {ap | dap} blink set {ap | dap} blink Enables or disables LED blink mode on a MAP access point to make it easy to identify. When blink mode is enabled on an AP2750, the 11a LED blinks on and off.
Page 346: Set Dap Boot-Ip
11: M HAPTER ANAGED CCESS OINT OMMANDS Usage — Changing the LED blink mode does not alter operation of the MAP access point. Only the behavior of the LEDs is affected. Examples — The following command enables LED blink mode on the MAP access points connected to ports 3 and 4: WX1200# set ap 3-4 blink enable success: change accepted.
Page 347: Set Dap Boot-Switch
Examples — The following command configures Distributed MAP 1 to use IP address 172.16.0.42 with a 24-bit netmask, and use 172.16.0.20 as its default gateway: WX4400# set dap 1 boot-ip ip 172.16.0.42 netmask 255.255.255.0 gateway 172.16.0.20 mode en success: change accepted.
Page 348 The following command configures Distributed MAP 1 to use the WX switch with the name mxr2 as its boot device. The DNS server at 172.16.0.1 is used to resolve the name of the WX switch. WX4400# set dap 1 boot-switch name mxr2 dns 172.16.0.1 mode enable success: change accepted.
Page 349: Set Dap Boot-Vlan
Examples — The following command configures Distributed MAP 1 to use VLAN tag 100: WX4400# set dap 1 boot-vlan vlan-tag 100 mode enable success: change accepted. See Also clear dap boot-configuration on page 293...
Page 350: Set Dap Fingerprint
MAP’s fingerprint only if the fingerprint has been verified in MSS. If the fingerprint has not been verified, the fingerprint information in the command output is blank. Examples — The following example verifies the fingerprint for Distributed MAP 8: WX4400# set dap 8 fingerprint b4:f9:2a:52:37:58:f4:d0:10:75:43:2f:45:c9:52:c3 success: change accepted.
Page 351: Set {Ap | Dap} Group
set {ap | dap} group See Also set dap security on page 364 set service-profile cipher-wep40 on page 401 on page 433 display {ap | dap} status on page 310 set {ap | dap} group Configures a named group of MAP access points. MSS automatically load balances sessions among the access points in a group.
Page 352: Set {Ap | Dap} Name
11: M HAPTER ANAGED CCESS OINT OMMANDS Examples — The following command configures a MAP access point group named loadbalance1 that contains the MAP access points on ports 1, 3, and 5: WX1200# set ap 1,3,5 group loadbalance1 success: change accepted. The following command removes the MAP access point on port 4 from all MAP access point groups: WX1200# set ap 4 group none...
Page 353: Set {Ap | Dap} Radio Antennatype
set {ap | dap} radio antennatype See Also display {ap | dap} config on page 296 set {ap | dap} radio Sets the model number for an external antenna. antennatype Syntax — set {ap port-list | dap dap-num} radio {1|2} antennatype {ANT1060 | ANT1120 | ANT1180 | ANT5060 | ANT5120 | ANT5180 | ANT-1360-OUT | ANT-5360-OUT |ANT-5120-OUT | internal}...
Page 354: Set {Ap | Dap} Radio Auto-Tune Max-Power
Examples — The following command configures the 802.11b/g radio on Distributed MAP 1 to use antenna model ANT1060: WX4400# set dap 1 radio 1 antennatype ANT1060 success: change accepted. See Also display {ap | dap} config on page 296 set {ap | dap} radio Sets the maximum power that RF Auto-Tuning can set on a radio.
Page 355 set {ap | dap} radio auto-tune max-power — Maximum power setting RF Auto-Tuning can assign power-level to the radio, expressed as the number of decibels in relation to 1 milliwatt (dBm). You can specify a value from 1 up to the maximum value allowed for the country of operation.
Page 356: Set {Ap | Dap} Radio Auto-Tune Max-Retransmissions
11: M HAPTER ANAGED CCESS OINT OMMANDS set {ap | dap} radio Sets the maximum percentage of client retransmissions a radio can auto-tune max- experience before RF Auto-Tuning considers changing the channel on the retransmissions radio. A high percentage of retransmissions is a symptom of interference on the channel.
Page 357 set {ap | dap} radio auto-tune max- retransmissions The interval is 1000 packets. If more than the specified percentage of packets within a group of 1000 packets received by the radio are retransmissions, the radio increases power. When the percentage of retransmissions exceeds the max-retransmissions threshold, the radio does not immediately increase power.
Page 358: Set {Ap | Dap} Radio Channel
11: M HAPTER ANAGED CCESS OINT OMMANDS set {ap | dap} radio Sets a MAP radio’s channel. channel Syntax — set {ap port-list | dap dap-num} radio {1 | 2} channel channel-number — List of ports connected to the MAP access points on ap port-list which to set the channel.
Page 359: Set {Ap | Dap} Radio Auto-Tune Min-Client-Rate
set {ap | dap} radio auto-tune min-client-rate See Also display {ap | dap} config on page 296 set {ap | dap} radio tx-power on page 363 set {ap | dap} radio Sets the minimum rate at which a radio is allowed to transmit traffic to auto-tune clients.
Page 360: Set {Ap | Dap} Radio Mode
11: M HAPTER ANAGED CCESS OINT OMMANDS Usage — If the data rate for traffic sent by a radio to an associated client falls below the default minimum rate, the radio increases power, in 1 dBm increments, until all clients are at or above the minimum rate. After all clients are at or above the minimum data transmit rate, the radio reduces power by 1 dBm.
Page 361 set {ap | dap} radio mode — Radio 2 of the MAP. (This option does not apply to radio 2 single-radio models.) mode enable — Enables a radio. — Disables a radio. mode disable Defaults — MAP access point radios are disabled by default. Access —...
Page 362: Set {Ap | Dap} Radio Radio-Profile
11: M HAPTER ANAGED CCESS OINT OMMANDS set {ap | dap} radio Assigns a radio profile to a MAP radio and enables or disables the radio. radio-profile Syntax — set {ap port-list | dap dap-num | auto} radio {1 | 2} radio-profile name mode {enable | disable} —...
Page 363: Set {Ap | Dap} Radio Tx-Power
1 milliwatt (dBm). The valid values depend on the country of operation. The maximum transmit power you can configure on any 3Com radio is the maximum allowed for the country in which you plan to operate the radio or one of the following values if that value is less than the country maximum: on an 802.11a radio, 11 dBm for channel numbers...
Page 364: Set Dap Security
11: M HAPTER ANAGED CCESS OINT OMMANDS Examples — The following command configures the transmit power on the 802.11a radio on the MAP access point connected to port 5: WX1200# set ap 5 radio 1 tx-power 10 success: change accepted. The following command configures the channel and transmit power on the 802.11b/g radio on the MAP access point connected to port 1: WX1200# set ap 1 radio 1 channel 1 tx-power 10...
Page 365: Set {Ap | Dap} Upgrade-Firmware
MAP. Examples — The following command configures a WX to require Distributed MAPs to have encryption keys: WX4400# set dap security require See Also set dap fingerprint on page 350 set service-profile cipher-wep40 on page 401 on page 433...
Page 366: Set Radio-Profile 11G-Only
11: M HAPTER ANAGED CCESS OINT OMMANDS Defaults — Automatic firmware upgrades of MAP access points are enabled by default. Access — Enabled. History —Introduced in MSS Version 3.0. Option auto added for configuration of the MAP configuration profile. Usage — When the feature is enabled on an WX port, a MAP access point connected to that port upgrades its boot firmware to the latest version stored on the WX switch while booting.
Page 367: Set Radio-Profile Auto-Tune Channel-Config
Usage — You can enter this command on any WX switch in the Mobility Domain. The command takes effect only on that switch. Examples — The following command disables active scan in radio profile radprof3: wx4400# set radio-profile radprof3 active-scan disable success: change accepted. See Also display radio-profile on page 327 set radio-profile...
Page 368: Set Radio-Profile Auto-Tune Channel-Holddown
{ap | dap} radio channel command to statically configure the channel. Examples — The following command disables dynamic channel tuning for radios in the rp2 radio profile: WX4400# set radio-profile rp2 auto-tune channel-config disable success: change accepted. See Also...
Page 369: Set Radio-Profile Auto-Tune Channel-Interval
Defaults — The default channel interval is 3600 seconds (one hour). Access — Enabled. History —Introduced in MSS Version 3.0. Usage — 3Com recommends that you use an interval of at least 300 seconds (5 minutes). RF Auto-Tuning can change a radio’s channel before the channel interval expires in response to RF anomalies.
Page 370: Set Radio-Profile Auto-Tune Power-Backoff- Timer
RF anomalies. Examples — The following command sets the channel interval for radios in radio profile rp2 to 2700 seconds (45 minutes): WX4400# set radio-profile rp2 auto-tune channel-interval 2700 success: change accepted. See Also display radio-profile on page 327...
Page 371: Set Radio-Profile Auto-Tune Power-Config
Examples — The following command changes the power-backoff interval for radios in radio profile rp2 to 15 seconds: WX4400# set radio-profile rp2 auto-tune power-backoff-timer 15 success: change accepted. See Also display radio-profile on page 327 set {ap | dap} radio auto-tune max-power on page 354...
Page 372: Set Radio-Profile Auto-Tune Power-Interval
OINT OMMANDS Examples — The following command enables dynamic power tuning for radios in the rp2 radio profile: WX4400# set radio-profile rp2 auto-tune power-config enable success: change accepted. See Also display radio-profile on page 327 set {ap | dap} radio auto-tune max-power on page 354...
Page 373: Set Radio-Profile Beacon-Interval
Examples — The following command sets the power interval for radios in radio profile rp2 to 240 seconds: WX4400# set radio-profile rp2 auto-tune power-interval 240 success: change accepted. See Also display service-profile on page 330 set {ap | dap} radio auto-tune max-power on page 354...
Page 374: Set Radio-Profile Countermeasures
MAP radios can also issue countermeasures against interfering devices. An interfering device is not part of the 3Com network but also is not a rogue. No client connected to the device has been detected communicating with any network entity listed in the forwarding database (FDD) of any WX switch in the Mobility Domain.
Page 375: Set Radio-Profile Dtim-Interval
set radio-profile dtim-interval The following command disables countermeasures in radio profile radprof3: WX1200# clear radio-profile radprof3 countermeasures success: change accepted. The following command causes radios managed by radio profile radprof3 to issue countermeasures against devices in the WX switch’s attack list: WX1200# set radio-profile radprof3 countermeasures configured success: change accepted.
Page 376: Set Radio-Profile Frag-Threshold
The DTIM interval does not apply to unicast frames. Examples — The following command changes the DTIM interval for radio profile rp1 to 2: WX4400# set radio-profile rp1 dtim-interval 2 success: change accepted. See Also display radio-profile on page 327...
Page 377: Set Radio-Profile Long-Retry
The frag-threshold does not specify the maximum length a frame is allowed to be without being broken into multiple frames before transmission. 3Com MAPs do not support fragmentation upon transmission, only upon reception. The frag-threshold does not change the RTS threshold, which specifies the maximum length a frame can be before the radio uses the RTS/CTS method to send the frame.
Page 378: Set Radio-Profile Max-Rx-Lifetime
Use the set radio-profile mode command. Examples — The following command changes the maximum receive threshold for radio profile rp1 to 4000 ms: WX4400# set radio-profile rp1 max-rx-lifetime 4000 success: change accepted. See Also set radio-profile mode on page 380...
Page 379: Set Radio-Profile Max-Tx-Lifetime
Use the set radio-profile mode command. Examples — The following command changes the maximum transmit threshold for radio profile rp1 to 4000 ms: WX4400# set radio-profile rp1 max-tx-lifetime 4000 success: change accepted. See Also display radio-profile on page 327...
Page 380: Set Radio-Profile Mode
11: M HAPTER ANAGED CCESS OINT OMMANDS set radio-profile Creates a new radio profile, or disables or reenables all MAP radios that mode are using a specific profile. Syntax — set radio-profile name [mode {enable | disable}] — Radio profile name of up to 16 alphanumeric radio-profile name characters, with no spaces.
Page 381 set radio-profile mode Table 66 Defaults for Radio Profile Parameters (continued) Radio Behavior When Parameter Set to Parameter Default Value Default Value preamble-length short Advertises support for short 802.11b preambles, accepts either short or long 802.11b preambles, and generates unicast frames with the preamble length specified by the client.
Page 382: Set Radio-Profile Preamble-Length
WX4400# set radio-profile rp1 success: change accepted. The following command enables the radios that use radio profile rp1: WX4400# set radio-profile rp1 mode enable The following commands disable the radios that use radio profile rp1, change the beacon interval, then reenable the radios:...
Page 383: Set Radio-Profile Qos-Mode
Examples — The following command configures 802.11b/g radios that use the radio profile rp_long to advertise support for long preambles instead of short preambles: WX4400# set radio-profile rp_long preamble-length long success: change accepted. See Also display radio-profile on page 327...
Page 384: Set Radio-Profile Rts-Threshold
Wireless LAN Switch and Controller Configuration Guide.) Examples — The following command changes the QoS mode for radio profile rp1 to SVP: WX4400# set radio-profile rp1 qos-mode svp success: change accepted. See Also set radio-profile mode on page 380 display radio-profile on page 327 set radio-profile Changes the RTS threshold for the MAP radios in a radio profile.
Page 385: Set Radio-Profile Service-Profile
Use the set radio-profile mode command. Examples — The following command changes the RTS threshold for radio profile rp1 to 1500 bytes: WX4400# set radio-profile rp1 rts-threshold 1500 success: change accepted. See Also set radio-profile mode on page 380...
Page 386 11: M HAPTER ANAGED CCESS OINT OMMANDS Table 67 Defaults for Service Profile Parameters Radio Behavior When Parameter Set Parameter Default Value to Default Value attr No attributes Does not assign the SSID’s authorization configured attribute values to SSID users, even if attributes are not otherwise assigned.
Page 387 set radio-profile service-profile Table 67 Defaults for Service Profile Parameters (continued) Radio Behavior When Parameter Set Parameter Default Value to Default Value long-retry-count Sends a long unicast frame up to five times without acknowledgment. no-broadcast disable Does not reduce wireless broadcast traffic by sending unicasts to clients for ARP requests, DHCP Offers, and Acks instead of forwarding them as multicasts.
Page 388 11: M HAPTER ANAGED CCESS OINT OMMANDS Table 67 Defaults for Service Profile Parameters (continued) Radio Behavior When Parameter Set Parameter Default Value to Default Value transmit-rates 802.11a: Accepts associations only from clients that support one of the mandatory rates. mandatory: 6.0,12.0,24.0 Sends beacons at the specified rate...
Page 389 You must disable all radios that use a radio profile before you can change parameters in the profile. Use the set radio-profile mode command. Examples — The following command maps service-profile wpa_clients to radio profile rp2: WX4400# set radio-profile rp2 service-profile wpa_clients success: change accepted. See Also display radio-profile on page 327...
Page 390 11: M HAPTER ANAGED CCESS OINT OMMANDS set service-profile cac-mode on page 397 set service-profile cac-session on page 398 set service-profile cipher-ccmp on page 399 set service-profile cipher-tkip on page 400 set service-profile cipher-wep104 on page 402 set service-profile cipher-wep40 on page 401 set service-profile cos on page 403 set service-profile dhcp-restrict on page 404 set service-profile idle-client-probing on page 405...
Page 391: Set Radio-Profile Short-Retry
set radio-profile short-retry set radio-profile Deprecated in MSS Version 4.2. In 4.2, this parameter is associated with short-retry service profiles instead of radio profiles. See set service-profile short-retry-count on page 412. set radio-profile Deprecated in MSS Version 4.2. To enable or disable WMM, see set radio-profile qos-mode on page 383.
Page 392 SSID defaults by entering the display service-profile command. Examples — The following command assigns users accessing the SSID managed by service profile sp2 to VLAN blue: WX4400# set service-prof sp2 attr vlan-name blue success: change accepted. The following command assigns users accessing the SSID managed by service profile sp2 to the Mobility Profile tulip.
Page 393: Set Service-Profile Auth-Dot1X
(PSK) authentication. To use this, you must enable PSK support and configure a passphrase or key. Examples — The following command disables 802.1X authentication for WPA clients that use service profile wpa_clients: WX4400# set service-profile wpa_clients auth-dot1x disable success: change accepted.
Page 394: Set Service-Profile Auth-Fallthru
11: M HAPTER ANAGED CCESS OINT OMMANDS See Also display service-profile on page 330 set service-profile auth-psk on page 395 set service-profile psk-phrase on page 409 set service-profile wpa-ie on page 433 set service-profile Specifies the authentication type for users who do not match an 802.1X or auth-fallthru MAC authentication rule for an SSID managed by the service profile.
Page 395: Set Service-Profile Auth-Psk
Wireless LAN Switch and Controller Configuration Guide.) Examples — The following command sets the fallthru authentication for SSIDS managed by the service profile rnd_lab to none: WX4400# set service-profile rnd_lab auth-fallthru none success: change accepted. See Also display service-profile on page 330...
Page 396: Set Service-Profile Beacon
Examples — The following command enables PSK authentication for service profile wpa_clients: WX4400# set service-profile wpa_clients auth-psk enable success: change accepted. See Also display service-profile on page 330...
Page 397: Set Service-Profile Cac-Mode
Access — Enabled. History —Introduced in MSS Version 3.0. Examples — The following command disables beaconing of the SSID managed by service profile sp2: WX4400# set service-profile sp2 beacon disable success: change accepted. See Also display service-profile on page 330...
Page 398: Set Service-Profile Cac-Session
To change the CAC mode, use the set service-profile cac-mode command. Examples — The following command changes the maximum number of sessions for radios used by service profile sp1 to 10: WX4400# set service-profile sp1 cac-session 10 success: change accepted. See Also set service-profile cac-mode on page 397...
Page 399: Set Service-Profile Cipher-Ccmp
Usage — To use CCMP, you must also enable the WPA IE. Examples — The following command configures service profile sp2 to use CCMP encryption: WX4400# set service-profile sp2 cipher-ccmp enable success: change accepted. See Also display service-profile on page 330...
Page 400: Set Service-Profile Cipher-Tkip
Usage — To use TKIP, you must also enable the WPA IE. Examples — The following command disables TKIP encryption in service profile sp2: WX4400# set service-profile sp2 cipher-tkip disable success: change accepted. See Also display service-profile on page 330...
Page 401: Set Service-Profile Cipher-Wep40
WEP keys. Use the set service-profile wep key-index command. Examples — The following command configures service profile sp2 to use 40-bit WEP encryption: WX4400# set service-profile sp2 cipher-wep40 enable success: change accepted. See Also set service-profile cipher-ccmp on page 399...
Page 402: Set Service-Profile Cipher-Wep104
11: M HAPTER ANAGED CCESS OINT OMMANDS set service-profile cipher-tkip on page 400 set service-profile cipher-wep104 on page 402 set service-profile wep key-index on page 432 set service-profile wpa-ie on page 433 set service-profile Enables dynamic Wired Equivalent Privacy (WEP) with 104-bit keys, in a cipher-wep104 service profile.
Page 403: Set Service-Profile Cos
Examples — The following command configures service profile sp2 to use 104-bit WEP encryption: WX4400# set service-profile sp2 cipher-wep104 enable success: change accepted. See Also display service-profile on page 330 set service-profile cipher-ccmp on page 399 set service-profile cipher-tkip on page 400...
Page 404: Set Service-Profile Dhcp-Restrict
MAP radios to clients on the service profile’s SSID. Examples — The following command enables DHCP Restrict on service profile sp1: WX4400# set service-profile sp1 dhcp-restrict enable success: change accepted. See Also set service-profile no-broadcast on page 407...
Page 405: Set Service-Profile Idle-Client-Probing
Usage — The length of time a client can remain idle (unresponsive to idle-client probes) is specified by the user-idle-timeout command. Examples — The following command disables idle-client keepalives on service profile sp1: WX4400# set service-profile sp1 idle-client-probing disable success: change accepted. See Also set service-profile user-idle-timeout on page 426...
Page 406: Set Service-Profile Long-Retry-Count
Access — Enabled. History —Introduced in MSS Version 4.2. Examples — The following command changes the long retry threshold for service profile sp1 to 8: WX4400# set service-profile sp1 long-retry-count 8 success: change accepted. See Also set radio-profile frag-threshold on page 376...
Page 407: Set Service-Profile No-Broadcast
set service-profile no-broadcast set service-profile Disables or reenables the no-broadcast mode. The no-broadcast mode no-broadcast helps reduce traffic overhead on an SSID by leaving more of an SSID’s bandwidth available for unicast traffic. The no-broadcast mode also helps VoIP handsets conserve power by reducing the amount of broadcast traffic sent to the phones.
Page 408: Set Service-Profile Proxy-Arp
CCESS OINT OMMANDS Examples — The following command enables the no-broadcast mode on service profile sp1: WX4400# set service-profile sp1 no-broadcast enable success: change accepted. See Also set service-profile dhcp-restrict on page 404 set service-profile proxy-arp on page 408 display service-profile on page 330 set service-profile Enables proxy ARP.
Page 409: Set Service-Profile Psk-Phrase
Examples — The following command enables proxy ARP on service profile sp1: WX4400# set service-profile sp1 proxy-arp enable success: change accepted. See Also set service-profile dhcp-restrict on page 404 set service-profile no-broadcast on page 407 display service-profile on page 330...
Page 410: Set Service-Profile Psk-Raw
Examples — The following command configures service profile sp3 to use passphrase “1234567890123<>?=+&% The quick brown fox jumps over the lazy sl”: WX4400# set service-profile sp3 psk-phrase "1234567890123<> ?=+&% The quick brown fox jumps over the lazy sl" success: change accepted.
Page 411: Set Service-Profile Rsn-Ie
Examples — The following command configures service profile sp3 to use a raw PSK with PSK clients: WX4400# set service-profile sp3 psk-raw c25d3fe4483e867 d1df96eaacdf8b02451fa0836162e758100f5f6b87965e59d success: change accepted. See Also display service-profile on page 330 set mac-user attr on page 253...
Page 412: Set Service-Profile Shared-Key-Auth
Enables shared-key authentication, in a service profile. shared-key-auth Use this command only if advised to do so by 3Com. This command does not enable preshared key (PSK) authentication for Wi-Fi Protected Access (WPA). To enable PSK encryption for WPA, use the set service-profile auth-psk command.
Page 413: Set Service-Profile Soda Agent-Directory
Examples — Enabled. History —Introduced in MSS Version 4.2. Examples — The following command changes the short retry threshold for service profile sp1 to 3: WX4400# set service-profile sp1 short-retry-count 3 success: change accepted. See Also display service-profile on page 330...
Page 414: Set Service-Profile Soda Enforce-Checks
CCESS OINT OMMANDS Examples — The following command specifies soda-agent as the location for SODA agent files for service profile sp1: WX4400# set service-profile sp1 soda agent-directory soda-agent success: change accepted. See Also display service-profile on page 330 install soda agent on page 621...
Page 415: Set Service-Profile Soda Failure-Page
Examples — The following command allows network access to clients after they have downloaded the SODA agent, but without requiring that the SODA agent checks be completed: WX4400# set service-profile sp1 enforce-checks disable success: change accepted. See Also display service-profile on page 330...
Page 416: Set Service-Profile Soda Logout-Page
You can optionally specify a different directory where the page resides. Examples — The following command specifies failure.html as the page to load when a client fails the SODA agent checks: WX4400# set service-profile sp1 soda failure-page failure.html success: change accepted.
Page 417 Examples — The following command specifies logout.html as the page to load when a client closes the SODA virtual desktop: WX4400# set service-profile sp1 soda logout-page logout.html success: change accepted. The following command specifies logout.html, in the soda-files directory,...
Page 418: Set Service-Profile Soda Mode
In release 4.2, SODA functionality requires that Web Portal WebAAA also be enabled for the service profile. Examples — The following command enables SODA functionality for service profile sp1: WX4400# set service-profile sp1 soda mode enable success: change accepted. See Also display service-profile on page 330...
Page 419: Set Service-Profile Soda Remediation-Acl
The enforce checks option is enabled by default. Examples — The following command configures the WX switch to apply acl-1 to a client when it loads the failure page: WX4400# set service-profile sp1 soda remediation-acl acl-1 success: change accepted. See Also...
Page 420: Set Service-Profile Soda Success-Page
Examples — The following command specifies success.html, which resides in the root directory on the WX switch, as the page to load when a client passes the SODA agent checks: WX4400# set service-profile sp1 soda success-page success.html success: change accepted.
Page 421: Set Service-Profile Ssid-Name
SSID name in MSS Version 4.0. Examples — The following command applies the name guest to the SSID managed by service profile clear_wlan: WX4400# set service-profile clear_wlan ssid-name guest success: change accepted. See Also display service-profile on page 330...
Page 422: Set Service-Profile Ssid-Type
Access — Enabled. History —Introduced in MSS Version 3.0. Examples — The following command changes the SSID type for service profile clear_wlan to clear: WX4400# set service-profile clear_wlan ssid-type clear success: change accepted. See Also display service-profile on page 330...
Page 423: Set Service-Profile Static-Cos
The TKIP cipher suite must be enabled. The WPA IE also must be enabled. Examples — The following command changes the countermeasures wait time for service profile sp3 to 30,000 ms (30 seconds): WX4400# set service-profile sp3 tkip-mc-time 30000 success: change accepted. See Also...
Page 424: Set Service-Profile Transmit-Rates
Usage — The CoS level is specified by the set service-profile cos command. Examples — The following command enables static CoS on service profile sp1: WX4400# set service-profile sp1 static-cos enable success: change accepted. See Also display service-profile on page 330...
Page 425 set service-profile transmit-rates The valid rates depend on the radio type: 11a—6.0, 9.0, 12.0, 18.0, 24.0, 36.0, 48.0, 54.0 11b—1.0, 2.0, 5.5, 11.0 11g—1.0, 2.0, 5.5, 6.0, 9.0, 11.0, 12.0, 18.0, 24.0, 36.0, 48.0, 54.0 Use a comma to separate multiple rates; for example: 6.0,9.0,12.0 —...
Page 426: Set Service-Profile User-Idle-Timeout
Examples — The following command sets 802.11a mandatory rates for service profile sp1 to 6 Mbps and 9 Mbps, disables rates 48 Mbps and 54 Mbps, and changes the beacon rate to 9 Mbps: WX4400# set service-profile sp1 transmit-rates 11a mandatory 6.0,9.0 disabled 48.0,54.0 beacon-rate 9.0 success: change accepted.
Page 427: Set Service-Profile Web-Portal-Form
— WX subdirectory name and HTML page name of the login page. Specify the full path. For example, corpa-ssid/corpa.html. Defaults — The 3Com Web login page is served by default. Access — Enabled. History —Introduced in MSS Version 3.0. Option name changed from web-aaa-form to web-portal-form, to reflect change to portal-based implementation in MSS Version 4.0.
Page 428 Aug 12 2004, 15:42:26 file:corpa-logo.jpg 1202 bytes Aug 12 2004, 15:57:11 Total: 1839 bytes used, 206577 Kbytes free WX4400# set service-profile corpa-service web-aaa-form corpa-ssid/ corpa-login.html success: change accepted. See Also copy on page 615 dir on page 618 display service-profile on page 330...
Page 429: Set Service-Profile Web-Portal-Session-Timeout
Portal WebAAA session timeout period of 5 seconds is used. Examples — The following command allows Web Portal WebAAA sessions to remain in the Deassociated state 180 seconds before being terminated automatically. WX4400# set service-profile sp1 web-portal-session-timeout success: change accepted.
Page 430: Set Service-Profile Wep Active-Multicast-Index
WEP keys you plan to use. Use the set service-profile wep key-index command. Examples — The following command configures service profile sp2 to use WEP key 2 for encrypting multicast traffic: WX4400# set service-profile sp2 wep active-multicast-index 2 success: change accepted. See Also display service-profile on page 330...
Page 431: Set Service-Profile Wep Active-Unicast-Index
WEP keys you plan to use. Use the set service-profile wep key-index command. Examples — The following command configures service profile sp2 to use WEP key 4 for encrypting unicast traffic: WX4400# set service-profile sp2 wep active-unicast-index 4 success: change accepted. See Also display service-profile on page 330...
Page 432: Set Service-Profile Wep Key-Index
WEP keys to the same radio profile. Examples — The following command configures WEP key index 1 for service profile sp2 to aabbccddee: WX4400# set service-profile sp2 wep key-index 1 key aabbccddee success: change accepted. See Also...
Page 433: Set Service-Profile Wpa-Ie
802.1X. There is no default cipher suite. You must enable the cipher suites you want the radios to support. Examples — The following command enables the WPA IE in service profile sp2: WX4400# set service-profile sp2 wpa-ie enable success: change accepted. See Also display service-profile on page 330...
Page 434 11: M HAPTER ANAGED CCESS OINT OMMANDS...
Page 435: Stp Commands By Usage
STP C OMMANDS Use Spanning Tree Protocol (STP) commands to configure and manage spanning trees on the virtual LANs (VLANs) configured on a wireless LAN switch or controller, to maintain a loop-free network. STP Commands by This chapter presents STP commands alphabetically. Use the following Usage table to locate commands in this chapter based on their use.
Page 436: Clear Spantree Portcost
12: STP C HAPTER OMMANDS Table 68 STP Commands by Usage (continued) Type Command Fast set spantree backbonefast on page 454 Convergence, display spantree backbonefast on cont. page 443 set spantree uplinkfast on page 462 display spantree uplinkfast on page 452 Statistics display spantree statistics on page 446 clear spantree statistics on page 439...
Page 437: Clear Spantree Portpri
clear spantree portpri clear spantree Resets to the default value the priority of a network port or ports for portpri selection as part of the path to the STP root bridge in all VLANs on a wireless LAN switch or controller. Syntax —...
Page 438: Clear Spantree Portvlanpri
Usage — MSS does not change a port’s cost for VLANs other than the one(s) you specify. Examples — The following command resets the STP cost for port 2 in VLAN sunflower: WX4400# clear spantree portvlancost 2 vlan sunflower success: change accepted. See Also clear spantree portcost on page 436...
Page 439: Clear Spantree Statistics
Usage — MSS does not change a port’s priority for VLANs other than the one(s) you specify. Examples — The following command resets the STP priority for port 2 in VLAN avocado: WX4400# clear spantree portvlanpri 2 vlan avocado success: change accepted. See Also clear spantree portpri on page 437...
Page 440: Display Spantree
12: STP C HAPTER OMMANDS display spantree Displays STP configuration and port-state information. Syntax — display spantree [port-list | vlan vlan-id][active] — List of ports. If you do not specify any ports, MSS port-list displays STP information for all ports. —...
Page 441 display spantree Forwarding Disabled Disabled Disabled Disabled Disabled STP Off Disabled STP Off Disabled Table 69 describes the fields in this display. Table 69 Output for display spantree Field Description VLAN VLAN number. Spanning tree mode In the current software version, the mode is always PVST+, which means Per VLAN Spanning Tree+.
Page 442 Table 69 Output for display spantree (continued) Field Description Port Port number. Only network ports are listed. STP does not apply to 3Com Wireless LAN Managed Access Point AP2750 ports or wired authentication ports. Vlan VLAN ID. STP-State STP state of the port: Blocking—The port is not forwarding Layer 2 traffic...
Page 443: Display Spantree Backbonefast
display spantree backbonefast Table 69 Output for display spantree (continued) Field Description Port-state STP state of the port: Blocking — The port is not forwarding Layer 2 traffic but is listening to and forwarding STP control traffic. Disabled — The port is not forwarding any traffic, including STP control traffic.
Page 444: Display Spantree Blockedports
History —Introduced in MSS Version 3.0. Usage — The command lists information separately for each VLAN. Examples — The following command shows information about blocked ports on a WX switch for the default VLAN (VLAN 1): WX4400# display spantree blockedports vlan default Port Vlan Port-State...
Page 445: Display Spantree Portfast
display spantree portfast display spantree Displays STP uplink fast convergence information for all network ports or portfast for one or more network ports. Syntax — display spantree portfast [port-list] — List of ports. If you do not specify any ports, MSS port-list displays uplink fast convergence information for all ports.
Page 446: Display Spantree Portvlancost
Access — All. History —Introduced in MSS Version 3.0. Examples — The following command shows the STP port cost of port 1: WX4400# display spantree portvlancost 1 port 1 VLAN 1 have path cost 19 See Also clear spantree portcost on page 436...
Page 447 Usage — The command displays statistics separately for each port. Examples — The following command shows STP statistics for port 1: WX4400# display spantree statistics 1 BPDU related parameters Port 1 VLAN 1 spanning tree enabled for VLAN = 1...
Page 448 12: STP C HAPTER OMMANDS topology change timer value hold timer INACTIVE hold timer value delay root port timer INACTIVE delay root port timer value delay root port timer restarted is FALSE VLAN based information & statistics spanning tree type ieee spanning tree multicast address 01-00-0c-cc-cc-cd...
Page 449 display spantree statistics Table 71 Output for display spantree statistics Field Description Port Port number. VLAN VLAN ID. Spanning Tree enabled State of the STP feature on the VLAN. for vlan port spanning tree State of the STP feature on the port. state STP state of the port: Blocking —...
Page 450 12: STP C HAPTER OMMANDS Table 71 Output for display spantree statistics (continued) Field Description config_pending Indicates whether a configured BPDU is to be transmitted on expiration of the hold timer for the port. port_inconsistency Indicates whether the port is in an inconsistent state. config BPDU’s xmitted Number of BPDUs transmitted from the port.
Page 451 display spantree statistics Table 71 Output for display spantree statistics (continued) Field Description hold timer Status of the hold timer. This timer ensures that configured BPDUs are not transmitted too frequently through any bridge port. hold timer value Current value of the hold timer, in seconds. delay root port timer Status of the delay root port timer, which enables fast convergence when uplink fast convergence is enabled.
Page 452: Display Spantree Uplinkfast
MSS displays STP statistics for all VLANs. Defaults — None. Access — All. History —Introduced in MSS Version 3.0. Examples — The following command shows uplink fast convergence information for all VLANs: WX4400# display spantree uplinkfast VLAN port list ------------------------------------------------------------------------ 1(fwd),2,3...
Page 453: Set Spantree
History —Introduced in MSS Version 3.0. Examples — The following command enables STP on all VLANs configured on a WX switch: WX4400# set spantree enable success: change accepted. The following command disables STP on VLAN burgundy: WX4400# set spantree disable vlan burgundy success: change accepted.
Page 454: Set Spantree Backbonefast
Usage — If you plan to use the backbone fast convergence feature, you must enable it on all the bridges in the spanning tree. Examples — The following command enables backbone fast convergence: WX4400# set spantree backbonefast enable success: change accepted. See Also display spantree backbonefast on page 443...
Page 455: Set Spantree Fwddelay
Access — Enabled. History —Introduced in MSS Version 3.0. Examples — The following command changes the forwarding delay on VLAN pink to 20 seconds: WX4400# set spantree fwddelay 20 vlan pink success: change accepted. See Also display spantree on page 440...
Page 456: Set Spantree Maxage
Access — Enabled. History —Introduced in MSS Version 3.0. Examples — The following command changes the hello interval for all VLANs to 4 seconds: WX4400# set spantree hello 4 all success: change accepted. See Also display spantree on page 440...
Page 457: Set Spantree Portcost
set spantree portcost set spantree Changes the cost that transmission through a network port or ports in portcost the default VLAN on a wireless LAN switch adds to the total cost of a path to the STP root bridge. Syntax — set spantree portcost port-list cost cost —...
Page 458: Set Spantree Portfast
12: STP C HAPTER OMMANDS See Also clear spantree portcost on page 436 clear spantree portvlancost on page 437 display spantree on page 440 display spantree portvlancost on page 446 set spantree portvlancost on page 460 set spantree Enables or disables STP port fast convergence on one or more ports on a portfast wireless LAN switch.
Page 459: Set Spantree Portpri
set spantree portpri set spantree portpri Changes the STP priority of a network port or ports for selection as part of the path to the STP root bridge in the default VLAN on a wireless LAN switch. Syntax — set spantree portpri port-list priority value —...
Page 460: Set Spantree Portvlancost
12: STP C HAPTER OMMANDS set spantree Changes the cost of a network port or ports on paths to the STP root portvlancost bridge for a specific VLAN on a wireless LAN switch. Syntax — set spantree portvlancost port-list cost cost {all | vlan vlan-id} —...
Page 461: Set Spantree Portvlanpri
set spantree portvlanpri set spantree Changes the priority of a network port or ports for selection as part of portvlanpri the path to the STP root bridge, on one VLAN or all VLANs. Syntax — set spantree portvlanpri port-list priority value {all | vlan vlan-id} —...
Page 462: Set Spantree Priority
Access — Enabled. History —Introduced in MSS Version 3.0. Examples — The following command sets the bridge priority of VLAN pink to 69: WX4400# set spantree priority 69 vlan pink success: change accepted. See Also display spantree on page 440 set spantree Enables or disables STP uplink fast convergence on a wireless LAN switch.
Page 463 Do not enable the feature on WX switches that are in the network core. Examples — The following command enables uplink fast convergence: WX4400# set spantree uplinkfast enable success: change accepted. See Also...
Page 464 12: STP C HAPTER OMMANDS...
Page 465: Igmp Snooping
IGMP S NOOPING OMMANDS Use Internet Group Management Protocol (IGMP) snooping commands to configure and manage multicast traffic reduction on a WX. Commands by This chapter presents IGMP snooping commands alphabetically. Use the usage following table to locate commands in this chapter based on their use. Table 74 IGMP Commands by Usage Type Command...
Page 466: Clear Igmp Statistics
13: IGMP S HAPTER NOOPING OMMANDS clear igmp statistics Clears IGMP statistics counters on one VLAN or all VLANs on a wireless LAN switch and resets them to 0. Syntax — clear igmp statistics [vlan vlan-id] — VLAN name or number. If you do not specify a vlan vlan-id VLAN, IGMP statistics are cleared for all VLANs.
Page 467 display igmp Examples — The following command displays IGMP information for VLAN orange: WX1200# display igmp vlan orange VLAN: orange IGMP is enabled Proxy reporting is on Mrouter solicitation is on Querier functionality is off Configuration values: qi: 125 oqi: 300 qri: 100 lmqi: 10 rvalue: 2 Multicast router information: Port Mrouter-IPaddr Mrouter-MAC Type...
Page 468 13: IGMP S HAPTER NOOPING OMMANDS Table 75 describes the fields in this display. Table 75 Output for display igmp Field Description VLAN VLAN name. MSS displays information separately for each VLAN. IGMP is enabled IGMP state. (disabled) Proxy reporting Proxy reporting state.
Page 469 VLAN becomes a receiver. For example, the list can include a MAP access port that is not configured to be in the VLAN when a user associated with the 3Com Wireless LAN Managed Access Point AP2750 on that port becomes a receiver for a group.
Page 470: Display Igmp Mrouter
13: IGMP S HAPTER NOOPING OMMANDS Table 75 Output for display igmp (continued) Field Description VLAN VLAN name. MSS displays information separately for each VLAN. IGMP is enabled IGMP state. (disabled) See Also display igmp mrouter on page 470 display igmp querier on page 471 display igmp receiver-table on page 473 display igmp statistics on page 475 display igmp...
Page 471: Display Igmp Querier
display igmp querier Table 76 Output for display igmp mrouter Field Description Multicast routers for vlan VLAN containing the multicast routers. Ports are listed separately for each VLAN. Port Number of the physical port through which the WX can reach the router. Mrouter-IPaddr IP address of the multicast router.
Page 472 13: IGMP S HAPTER NOOPING OMMANDS History — Introduced in MSS Version 3.0. Examples — The following command displays querier information for VLAN orange: WX1200# display igmp querier vlan orange Querier for vlan orange Port Querier-IP Querier-MAC ---- --------------- ----------------- ----- 1 193.122.135.178 00:0b:cc:d2:e9:b4 The following command shows the information MSS displays when the querier is the WX itself:...
Page 473: Display Igmp Receiver-Table
display igmp receiver-table See Also set igmp querier on page 485 display igmp Displays the receivers to which a WX forwards multicast traffic. You can receiver-table display receivers for all VLANs, a single VLAN, or a group or groups identified by group address and network mask. Syntax —...
Page 474 13: IGMP S HAPTER NOOPING OMMANDS The following command lists all receivers for multicast groups 237.255.255.1 through 237.255.255.255, in all VLANs: WX1200# display igmp receiver-table group 237.255.255.0/24 VLAN: red Session Port Receiver-IP Receiver-MAC --------------- ---- --------------- ----------------- ----- 237.255.255.2 10.10.20.19 00:02:04:06:09:0d 237.255.255.119 10.10.30.31 00:02:04:06:01:0b VLAN: green...
Page 475: Display Igmp Statistics
display igmp statistics display igmp Shows IGMP statistics. statistics Syntax — display igmp statistics [vlan vlan-id] — VLAN name or number. If you do not specify a vlan vlan-id VLAN, MSS displays IGMP statistics for all VLANs. Defaults — None. Access —...
Page 476 13: IGMP S HAPTER NOOPING OMMANDS Table 79 Output of display igmp statistics Field Description IGMP statistics VLAN name. Statistics are listed separately for each VLAN. for vlan IGMP message Type of IGMP message: type General-Queries — General group membership queries sent by the multicast querier (multicast router or pseudo-querier).
Page 477: Set Igmp
set igmp Table 79 Output of display igmp statistics (continued) Field Description Topology Number of Layer 2 topology change notifications received by the notifications In the current software version, the value in this field is always 0. Packets with Number of multicast packets received with an unrecognized unknown multicast type.
Page 478: Set Igmp Lmqi
13: IGMP S HAPTER NOOPING OMMANDS set igmp lmqi Changes the IGMP last member query interval timer on one VLAN or all VLANs on a wireless LAN switch. Syntax — set igmp lmqi tenth-seconds [vlan vlan-id] — Amount of time (in tenths of a second) that lmqi tenth-seconds the WX waits for a response to a group-specific query after receiving a leave message for that group, before removing the receiver that sent...
Page 479: Set Igmp Mrouter
set igmp mrouter set igmp mrouter Adds or removes a port in a WX’s list of ports on which it forwards traffic to multicast routers. Static multicast ports are immediately added to or removed from the list of router ports and do not age out. Syntax —...
Page 480: Set Igmp Mrsol
13: IGMP S HAPTER NOOPING OMMANDS set igmp mrsol Enables or disables multicast router solicitation by a WX. Syntax — set igmp mrsol {enable | disable} [vlan vlan-id] — Enables multicast router solicitation. enable — Disables multicast router solicitation. disable —...
Page 481: Set Igmp Oqi
set igmp oqi Usage — You cannot add MAP access ports or wired authentication ports as static multicast ports. However, MSS can dynamically add these port types to the list of multicast ports based on multicast traffic. Examples — The following example changes the multicast router solicitation interval to 60 seconds: WX1200# set igmp mrsol mrsi 60 success: change accepted.
Page 482: Set Igmp Proxy-Report
13: IGMP S HAPTER NOOPING OMMANDS See Also set igmp lmqi on page 478 set igmp qi on page 483 set igmp qri on page 484 set igmp querier on page 485 set igmp mrouter on page 479 set igmp rv on page 486 set igmp Disables or reenables proxy reporting by a WX on one VLAN or all VLANs.
Page 483: Set Igmp Qi
set igmp qi set igmp qi Changes the IGMP query interval timer on one VLAN or all VLANs on a Syntax — set igmp qi seconds [vlan vlan-id] — Number of seconds that elapse between general qi seconds queries sent by the WX when the WX switch is the querier for the subnet.
Page 484: Set Igmp Qri
13: IGMP S HAPTER NOOPING OMMANDS set igmp qri Changes the IGMP query response interval timer on one VLAN or all VLANs on a WX. Syntax — set igmp qri tenth-seconds [vlan vlan-id] — Amount of time (in tenths of a second) that qri tenth-seconds the WX waits for a receiver to respond to a group-specific query message before removing the receiver from the receiver list for the...
Page 485: Set Igmp Querier
Defaults — The pseudo-querier is disabled on all VLANs by default. Access — Enabled. History — Introduced in MSS Version 3.0. Usage — 3Com recommends that you use the pseudo-querier only when the VLAN contains local multicast traffic sources and no multicast router is servicing the subnet.
Page 486: Set Igmp Rv
13: IGMP S HAPTER NOOPING OMMANDS Defaults — By default, no ports are static multicast receiver ports. Access — Enabled. History — Introduced in MSS Version 3.0. Usage — You cannot add MAP access ports or wired authentication ports as static multicast ports. However, MSS can dynamically add these port types to the list of multicast ports based on multicast traffic.
Page 487 set igmp rv See Also set igmp oqi on page 481 set igmp qi on page 483 set igmp qri on page 484...
Page 488 13: IGMP S HAPTER NOOPING OMMANDS...
Page 489: Ecurity Acl Commands
ACL C ECURITY OMMANDS Use security ACL commands to configure and monitor security access control lists (ACLs). Security ACLs filter packets to restrict or permit network usage by certain users or traffic types, and can assign to packets a class of service (CoS) to define the priority of treatment for packet filtering.
Page 490: Clear Security Acl
14: S ACL C HAPTER ECURITY OMMANDS clear security acl Clears a specified security ACL, an access control entry (ACE), or all security ACLs, from the edit buffer. When used with the command commit security acl, clears the ACE from the running configuration. Syntax —...
Page 491: Clear Security Acl Map
WX4400# display security acl info all ACL information for all set security acl ip acl_133 (hits #1 0) --------------------------------------------------------- 1. deny IP source IP 192.168.1.6 0.0.0.0 destination IP any set security acl ip acl_134 (hits #3 0) --------------------------------------------------------- 1.
Page 492 This command deletes the ACL mapping, but not the ACL. Examples — To clear the mapping of security ACL acljoe from port 4 for incoming packets, type the following command: WX4400# clear security acl map acljoe port 4 in clear mapping accepted...
Page 493: Commit Security Acl
To clear all physical ports, virtual ports, and VLANs on a WX switch of the ACLs mapped for incoming and outgoing traffic, type the following command: WX4400# clear security acl map all success: change accepted. See Also clear security acl on page 490...
Page 494: Display Security Acl
------ ------- acl_123 Static acl_124 Static WX4400# display security acl info all editbuffer acl editbuffer information for all See Also clear security acl on page 490 display security acl on page 494 display security acl info on page 497 rollback security acl on page 503...
Page 495: Display Security Acl Editbuffer
Access — Enabled. History — Introduced in MSS Version 1.0. Examples — To view a summary of the security ACLs in the edit buffer, type the following command: WX4400# display security acl editbuffer ACL edit-buffer table Type Status ---------------------------- ---- --------------...
Page 496: Display Security Acl Hits
HAPTER ECURITY OMMANDS To view details about these uncommitted ACLs, type the following command. WX4400# display security acl info all editbuffer ACL edit-buffer information for all set security acl ip acl-111 (ACEs 3, add 3, del 0, modified 2) ---------------------------------------------------- 1.
Page 497: Display Security Acl Info
Examples — To display the security ACL hits on a WX switch, type the following command: WX4400# display security acl hits ACL hit-counters Index Counter ACL-name ----- -------------------- -------- 0 acl_2 0 acl_175 916 acl_123 See Also...
Page 498: Display Security Acl Map
The following command displays the contents of acl_123 in the edit buffer, including the committed ACE rules 1 and 2 and the uncommitted rule 3: WX4400# display security acl info acl_123 editbuffer ACL edit-buffer information for acl_123 set security acl ip acl_123 (ACEs 3, add 3, del 0, modified 0) --------------------------------------------------------- 1.
Page 499: Display Security Acl Resource-Usage
Access — Enabled. History — Introduced in MSS Version 3.0. Usage — Use this command with the help of 3Com to diagnose an ACL resource problem. (To obtain 3Com Technical Support, see “Obtaining Support for Your 3Com Products” on page 687.)
Page 500 14: S ACL C HAPTER ECURITY OMMANDS Examples — To display security ACL resource usage, type the following command: WX4400# display security acl resource-usage ACL resources Classifier tree counters ------------------------ Number of rules Number of leaf nodes Stored rule count...
Page 501 display security acl resource-usage Table 81 Output of display security acl resource-usage Field Description Number of rules Number of security ACEs currently mapped to ports or VLANs. Number of leaf nodes Number of security ACL data entries stored in the rule tree. Stored rule count Number of security ACEs stored in the rule tree.
Page 502 14: S ACL C HAPTER ECURITY OMMANDS Table 81 Output of display security acl resource-usage (continued) Field Description LUdef in use Number of the lookup definition (LUdef) table currently in use for packet handling. Default action Memory address used for packet handling, from which pointer default action data is obtained when necessary.
Page 503: Rollback Security Acl
rollback security acl Table 81 Output of display security acl resource-usage (continued) Field Description In mapping Application of security ACLs to incoming traffic on the WX switch: True — Security ACLs are mapped to incoming traffic. False — No security ACLs are mapped to incoming traffic.
Page 504: Set Security Acl
WX4400# display security acl info all editbuffer ACL edit-buffer information for all set security acl ip acl_122 (ACEs 3, add 3, del 0, modified 0) --------------------------------------------------------- 1.
Page 505 Numbers 0 through 9 Hyphen (-), underscore (_), and period (.) 3Com recommends that you do not use the same name with different capitalizations for ACLs. For example, do not configure two separate ACLs with the names acl_123 and ACL_123.
Page 506 14: S ACL C HAPTER ECURITY OMMANDS 0 or 3—Best effort. Packets are queued in MAP forwarding queue 3. 4 or 5—Video. Packets are queued in MAP forwarding queue 2. Use CoS level 4 or 5 for voice over IP (VoIP) packets other than SpectraLink Voice Priority (SVP).
Page 507 set security acl (For a complete list of TCP and UDP port numbers, see www.iana.org/assignments/port-numbers.) destination-ip-addr mask — IP address and wildcard mask of the network or host to which the packet is being sent. Specify both address and mask in dotted decimal notation. For more information, see “Wildcard Masks”...
Page 508 To position security ACEs within a security ACL, use before editbuffer-index and modify editbuffer-index. Examples — The following command adds an ACE to security acl_123 that permits packets from IP address 192.168.1.11/24 and counts the hits: WX4400# set security acl ip acl_123 permit 192.168.1.11 0.0.0.255 hits...
Page 509: Set Security Acl Map
The following command adds an ACE to acl_123 that denies packets from IP address 192.168.2.11: WX4400# set security acl ip acl_123 deny 192.168.2.11 0.0.0.0 The following command creates acl_125 by defining an ACE that denies TCP packets from source IP address 192.168.0.1 to destination IP address 192.168.0.2 for established sessions only, and counts the hits:...
Page 510 If more than one security ACL filters the same traffic, MSS applies only the first ACL match and ignores any other matches. Examples — The following command maps security ACL acl_133 to port 4 for incoming packets: WX4400 set security acl map acl_133 port 4 in success: change accepted.
Page 511: Set Security Acl Hit-Sample-Rate
set security acl hit-sample-rate See Also clear security acl map on page 491 commit security acl on page 493 set mac-user attr on page 253 set mac-usergroup attr on page 258 set security acl on page 504 set user attr on page 263 set usergroup on page 265 display security acl map on page 498 set security acl...
Page 512 15 seconds. The second and third commands display the results. The results show that 916 packets matching security acl_153 were sent since the ACL was mapped. WX4400# set security acl hit-sample-rate 15 WX4400# display security acl info acl_153 ACL information for acl_153...
Page 513: Cryptography
RYPTOGRAPHY OMMANDS A digital certificate is a form of electronic identification for computers. The WX switch requires digital certificates to authenticate its communications to 3WXM and Web Manager, to WebAAA clients, and to Extensible Authentication Protocol (EAP) clients for which the WX performs all EAP processing.
Page 514: Commands By Usage
— Stores the certificate authority’s certificate that signed the admin administrative certificate for the WX switch. The administrative certificate authenticates the WX to 3Com wireless switch manager (3XWM) or Web Manager. — Stores the certificate authority’s certificate that signed the Extensible Authentication Protocol (EAP) certificate for the WX switch.
Page 515 3 When MSS prompts you for the PEM-formatted certificate, paste the PKCS #7 object file onto the command line. Examples — The following command adds the certificate authority’s certificate to WX certificate and key storage: WX4400# crypto ca-certificate admin Enter PEM-encoded certificate -----BEGIN CERTIFICATE----- MIIDwDCCA2qgAwIBAgIQL2jvuu4PO5FAQCyewU3ojANBgkqhkiG9wOBAQUFADCB mzerMClaweVQQTTooewi\wpoer0QWNFNkj90044mbdrl1277SWQ8G7DiwYUtrqoQplKJvxz ..
Page 516: Crypto Certificate
15: C HAPTER RYPTOGRAPHY OMMANDS crypto certificate Installs one of the WX switch’s PKCS #7 certificates into the certificate and key storage area on the WX switch. The certificate, which is issued and signed by a certificate authority, authenticates the WX switch either to 3WXM or Web Manager, or to 802.1X supplicants (clients).
Page 517: Crypto Generate Key
Examples — The following command installs a certificate: WX4400# crypto certificate admin Enter PEM-encoded certificate -----BEGIN CERTIFICATE----- MIIBdTCP3wIBADA2MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQOExGjAYBgNVBAMU EXR1Y2hwdWJzQHRycHouY29tMIGfMAOGCSqGSIb3DQEBAQAA4GNADCBiQKBgQC4 ..2L8Q9tk+G2As84QYLm8wmVY>xP56M;CUAm908C2foYgOY40= -----END CERTIFICATE----- See Also crypto generate request on page 518 crypto generate self-signed on page 520...
Page 518: Crypto Generate Request
2048 command to generate one. Examples — To generate an administrative key for use with 3WXM, type the following command: WX4400# crypto generate key admin 1024 key pair generated See Also display crypto key ssh on page 528 crypto generate Generates a Certificate Signing Request (CSR).
Page 519 crypto generate request — (Optional) Specify the name of the locality, Locality Name string in up to 80 alphanumeric characters with no spaces. Organizational Name string — (Optional) Specify the name of the organization, in up to 80 alphanumeric characters with no spaces. —...
Page 520: Crypto Generate Self-Signed
15: C HAPTER RYPTOGRAPHY OMMANDS Examples — To request an administrative certificate from a certificate authority, type the following command: WX4400# crypto generate request admin Country Name: US State Name: CA Locality Name: Pleasanton Organizational Name: MyCorp Organizational Unit: ENG Common Name: ENG Email Address: admin@example.com...
Page 521 crypto generate self-signed After you type the command, you are prompted for the following variables: Country Name string — (Optional) Specify the abbreviation for the country in which the WX switch is operating, in 2 alphanumeric characters with no spaces. State Name string —...
Page 522: Crypto Otp
15: C HAPTER RYPTOGRAPHY OMMANDS To generate a self-signed administrative certificate, type the following command: WX4400# crypto generate self-signed admin Country Name: State Name: Locality Name: Organizational Name: Organizational Unit: Common Name: wx1@example.com Email Address: Unstructured Name: success: self-signed cert for admin generated...
Page 523 WX switch. 3Com recommends that you create a password that is memorable to you but is not subject to easy guesses or a dictionary attack. For best results, create a password of alphanumeric uppercase and lowercase characters.
Page 524: Crypto Pkcs12
15: C HAPTER RYPTOGRAPHY OMMANDS crypto pkcs12 Unpacks a PKCS #12 object file into the certificate and key storage area on the WX switch. This object file contains a public-private key pair, an WX certificate signed by a certificate authority, and the certificate authority’s certificate.
Page 525: Display Crypto Ca-Certificate
PKCS #12 file: WX4400# copy tftp://192.168.253.1/2048full.p12 2048full.p12 success: received 637 bytes in 0.253 seconds [ 2517 bytes/sec] WX4400# crypto otp eap hap9iN#ss OTP set WX4400# crypto pkcs12 eap 2048full.p12 Unwrapped from PKCS12 file: keypair...
Page 526: Display Crypto Certificate
MSS Version 4.1. Examples — To display information about the certificate of a certificate authority, type the following command: WX4400# display crypto ca-certificate Table 83 describes the fields in the display. Table 83 display crypto ca-certificate Output Fields...
Page 527 Examples — To display information about a cryptographic certificate, type the following command: WX4400# display crypto certificate eap Table 84 describes the fields of the display. Table 84 crypto certificate Output Fields...
Page 528: Display Crypto Key Ssh
Defaults — None. Access — Enabled. History —Introduced in MSS Version 3.0. Examples — To display SSH key information, type the following command: WX4400# display crypto key ssh ec:6f:56:7f:d1:fd:c0:28:93:ae:a4:f9:7c:f5:13:04 See Also crypto generate key on page 517...
Page 529: Radius And Server Group Commands
RADIUS ERVER ROUP OMMANDS Use RADIUS commands to set up communication between a WX switch and groups of up to four RADIUS servers for remote authentication, authorization, and accounting (AAA) of administrators and network users. Commands by This chapter presents RADIUS commands alphabetically. Use Table 85 to Usage locate commands in this chapter based on their uses.
Page 530: Clear Radius
Usage — To override the globally set values on a particular RADIUS server, use the set radius server command. Examples — To reset all global RADIUS parameters to their factory defaults, type the following commands: WX4400# clear radius deadtime success: change accepted. WX4400# clear radius key success: change accepted.
Page 531: Clear Radius Client System-Ip
RADIUS packets leaving the switch. Examples — To clear the system IP address as the permanent source address for RADIUS client requests, type the following command: WX4400# clear radius client system-ip success: change accepted. See Also display aaa on page 223...
Page 532: Clear Radius Proxy Client
Access — Enabled. History —Introduced in MSS 4.0. Examples — The following command clears all RADIUS proxy client entries from the switch: WX4400# clear radius proxy client all success: change accepted. See Also set radius proxy client on page 537 clear radius proxy Removes RADIUS proxy ports configured for third-party APs.
Page 533: Clear Radius Server
Access — Enabled. History —Introduced in MSS Version 3.0. Examples — The following command removes the RADIUS server rs42 from a list of remote AAA servers: WX4400# clear radius server rs42 success: change accepted. See Also display aaa on page 223...
Page 534: Set Radius
WX4400# clear server group sg-77 success: change accepted. To disable load balancing in a server group shorebirds, type the following command: WX4400# set server group shorebirds load-balance disable success: change accepted. See Also set server group on page 541 set radius Configures global defaults for RADIUS servers that do not explicitly set these values themselves.
Page 535 set radius MSS encrypts the display form of the string in display config and display aaa output. — Number of transmission attempts the WX retransmit number switch makes before declaring an unresponsive RADIUS server unavailable. You can specify from 1 to 100 retries. —...
Page 536: Set Radius Client System-Ip
Usage — The WX system IP address must be set before you use this command. Examples — The following command sets the WX system IP address as the address of the RADIUS client: WX4400# set radius client system-ip success: change accepted. See Also clear radius client system-ip on page 531...
Page 537: Set Radius Proxy Client
Examples — The following command configures a RADIUS proxy entry for a third-party AP RADIUS client at 10.20.20.9, sending RADIUS traffic to the default UDP ports 1812 and 1813 on the WX: WX4400# set radius proxy client address 10.20.20.9 key radkey1 success: change accepted. See Also...
Page 538: Set Radius Proxy Port
WX to support. Examples — The following command maps SSID mycorp to packets received on port 3 or 4, using 802.1Q tag value 104: WX4400# set radius proxy port 3-4 tag 104 ssid mycorp success: change accepted. See Also clear radius proxy port on page 532...
Page 539: Set Radius Server
set radius server set radius server Configures RADIUS servers and their parameters. By default, the WX switch automatically sets all these values except the password (key). Syntax — set radius server server-name [address ip-address] [auth-port port-number] [acct-port port-number] [timeout seconds] [retransmit number] [deadtime minutes] [key string] encrypted-key string] [author-password password] —...
Page 540 MAC address is also used as the default authorization password for that user, and no global authorization password is set. A last-resort user’s default authorization password is 3Com Access — Enabled. History —Introduced in MSS Version 3.0. The encrypted-key option was added in Version 4.2.
Page 541: Set Server Group
set server group Examples — To set a RADIUS server named RS42 with IP address 198.162.1.1 to use the default accounting and authorization ports with a timeout interval of 30 seconds, two transmit attempts, 5 minutes of dead time, and a key string of keys4u, type the following command: WX1200# set radius server RS42 address 198.162.1.1 timeout 30 retransmit 2 deadtime 5 key keys4U See Also...
Page 542: Set Server Group Load-Balance
16: RADIUS HAPTER ERVER ROUP OMMANDS Do not use the same name for a RADIUS server and a RADIUS server group. Examples — To set server group shorebirds with members heron, egret, and sandpiper, type the following command: WX1200# set server group shorebirds members heron egret sandpiper success: change accepted.
Page 543 set server group load-balance Examples — To enable load balancing between the members of server group shorebirds, type the following command: WX1200# set server group shorebirds load-balance enable success: change accepted. To disable load balancing between shorebirds server group members, type the following command: WX1200# set server group shorebirds load-balance disable success: change accepted.
Page 544 16: RADIUS HAPTER ERVER ROUP OMMANDS...
Page 545: Commands By Usage
802.1X M ANAGEMENT OMMANDS Use 802. IEEE X management commands to modify the default settings for IEEE 802.1X sessions on an WX switch. For best results, change the settings only if you are aware of a problem with the WX switch’s 802.1X performance.
Page 546: Clear Dot1X Bonded-Period
Defaults — The default bonded authentication period is 0 seconds, which disables the feature. Access — Enabled. History —Introduced in MSS Version 3.0. Examples — To reset the Bonded period to its default, type the following command: WX4400# clear dot1x bonded-period success: change accepted.
Page 547: Clear Dot1X Max-Req
History —Introduced in MSS Version 3.0. Examples — To reset the number of 802.1X requests the WX can send to the default setting, type the following command: WX4400# clear dot1x max-req success: change accepted. See Also display dot1x on page 551...
Page 548: Clear Dot1X Quiet-Period
This command applies only to wired authentication ports. Examples — Type the following command to reset the wired authentication port control: WX4400# clear dot1x port-control success: change accepted. See Also display dot1x on page 551 set dot1x port-control on page 558 clear dot1x Resets the quiet period after a failed authentication to the default setting.
Page 549: Clear Dot1X Reauth-Max
Access — Enabled. History —Introduced in MSS Version 3.0. Examples — Type the following command to reset the maximum number of reauthorization attempts to the default: WX4400# clear dot1x reauth-max success: change accepted. See Also display dot1x on page 551...
Page 550: Clear Dot1X Timeout Auth-Server
Access — Enabled. History —Introduced in MSS Version 3.0. Examples — To reset the default timeout for requests to an authentication server, type the following command: WX4400# clear dot1x timeout auth-server success: change accepted. See Also display dot1x on page 551...
Page 551: Clear Dot1X Tx-Period
Access — Enabled. History —Introduced in MSS Version 3.0. Examples — Type the following command to reset the EAPoL retransmission time: WX4400# clear dot1x tx-period success: change accepted. See Also display dot1x on page 551 set dot1x tx-period on page 562 display dot1x Displays 802.1X client information for statistics and configuration...
Page 552 MSS Version 3.2. The rules are still listed at the top of the display, but more information is shown for each rule. Examples — Type the following command to display the 802.1X clients: WX4400# display dot1x clients MAC Address State...
Page 553 5, authcontrol: auto, max-sessions: 16 port 6, authcontrol: auto, max-sessions: 1 port 7, authcontrol: auto, max-sessions: 1 port 8, authcontrol: auto, max-sessions: 1 Type the following command to display 802.1X statistics: WX4400# display dot1x stats 802.1X statistic value ---------------- -----...
Page 554: Set Dot1X Authcontrol
17: 802.1X M HAPTER ANAGEMENT OMMANDS Table 87 display dot1x stats Output Field Description Enters Connecting Number of times that the WX switch state transitions to the CONNECTING state from any other state. Logoffs While Number of times that the WX switch state transitions from Connecting CONNECTING to DISCONNECTED as a result of receiving an EAPoL-Logoff message.
Page 555: Set Dot1X Bonded-Period
Usage — This command applies only to wired authentication ports. Examples — To enable per-port 802.1X authentication on wired authentication ports, type the following command: WX4400# set dot1x authcontrol enable success: dot1x authcontrol enabled. See Also display dot1x on page 551...
Page 556: Set Dot1X Key-Tx
802.1X reauthentication parameter or the RADIUS Session-Timeout parameter. 3Com recommends that you try 60 seconds, and change the period to a longer value only if clients are unable to authenticate within 60 seconds. The bonded authentication period applies only to 802.1X authentication rules that contain the bonded option.
Page 557: Set Dot1X Max-Req
Examples — Type the following command to enable key transmission: WX4400# set dot1x key-tx enable success: dot1x key transmission enabled. See Also display dot1x on page 551 set dot1x max-req Sets the maximum number of times the WX retransmits an EAP request to a supplicant (client) before ending the authentication session.
Page 558: Set Dot1X Port-Control
Usage — This command affects only wired authentication ports. Examples — The following command forces port 1 to unconditionally accept all 802.1X authentication attempts: WX4400# set dot1x port-control forceauth 1 success: authcontrol for 1 is set to FORCE-AUTH. See Also...
Page 559: Set Dot1X Quiet-Period
History —Introduced in MSS Version 3.0. Examples — Type the following command to set the quiet period to 90 seconds: WX4400# set dot1x quiet-period 90 success: dot1x quiet period set to 90. See Also clear dot1x quiet-period on page 548...
Page 560: Set Dot1X Reauth-Max
However, MSS does not remove a wireless client from the network under these circumstances. Examples — Type the following command to set the number of authentication attempts to 8: WX4400# set dot1x reauth-max 8 success: dot1x max reauth set to 8. See Also display dot1x on page 551...
Page 561: Set Dot1X Reauth-Period
Defaults — The default is 30 seconds. Access — Enabled. History —Introduced in MSS Version 3.0. Examples — Type the following command to set the authentication server timeout to 60 seconds: WX4400# set dot1x timeout auth-server 60 success: dot1x auth-server timeout set to 60.
Page 562: Set Dot1X Timeout Supplicant
History —Introduced in MSS Version 3.0. Examples — Type the following command to set the number of seconds for authentication session timeout to 300: WX4400# set dot1x timeout supplicant 300 success: dot1x supplicant timeout set to 300. See Also display dot1x on page 551...
Page 563: Set Dot1X Wep-Rekey
Examples — Type the following command to set the number of seconds before the WX switch retransmits an EAPoL packet to 300: WX4400# set dot1x tx-period 300 success: dot1x tx-period set to 300. See Also display dot1x on page 551...
Page 564: Set Dot1X Wep-Rekey-Period
Access — Enabled. History —Introduced in MSS Version 3.0. Examples — Type the following command to set the WEP-rekey period to 300 seconds: WX4400# set dot1x wep-rekey-period 300 success: dot1x wep-rekey-period set to 300 See Also display dot1x on page 551...
Page 565: Session Management Commands
ESSION ANAGEMENT OMMANDS Use session management commands to display and clear administrative and network user sessions. Commands by This chapter presents session management commands alphabetically. Use Usage Table 88 to locate commands in this chapter based on their use. Table 88 Session Management Commands by Usage Type Command Administrative Sessions display sessions on page 568...
Page 566 To clear all administrative Telnet sessions, type the following command: WX4400# clear sessions telnet This will terminate manager sessions, do you wish to continue? (y|n) [n]y To clear Telnet client session 0, type the following command: WX4400# clear sessions telnet client 0 See Also display sessions on page 568...
Page 567: Clear Sessions Network
clear sessions network clear sessions Clears all network sessions for a specified username or set of usernames, network MAC address or set of MAC addresses, virtual LAN (VLAN) or set of VLANs, or session ID. Syntax — clear sessions network {user user-glob | mac-addr mac-addr-glob | vlan vlan-glob | session-id local-session-id} —...
Page 568: Display Sessions
OMMANDS Examples — To clear all sessions for MAC address 00:01:02:03:04:05, type the following command: WX4400# clear sessions network mac-addr 00:01:02:03:04:05 To clear session 9, type the following command: WX1200# clear sessions network session-id 9 SM Apr 11 19:53:38 DEBUG SM-STATE: localid 9, mac 00:06:25:09:39:5d,...
Page 569 Access — All, except for display sessions telnet client, which has enabled access. History —Introduced in MSS Version 3.0. Examples — To view information about sessions of administrative users, type the following command: WX4400> display sessions admin Username Time (s) Type -------...
Page 570 18: S HAPTER ESSION ANAGEMENT OMMANDS To view information about Telnet client sessions, type the following command: WX4400# display sessions telnet client Session Server Address Server Port Client Port ------- -------------- ------------ ----------- 192.168.1.81 48000 10.10.1.22 48001 Table 89 describes the fields of the display sessions admin, display sessions console, and display sessions telnet displays.
Page 571: Display Sessions Network
display sessions network display sessions Displays summary or verbose information about all network sessions, or network network sessions for a specified username or set of usernames, MAC address or set of MAC addresses, VLAN or set of VLANs, or session ID. Syntax —...
Page 572 18: S HAPTER ESSION ANAGEMENT OMMANDS History —Introduced in MSS Version 3.0. Output added to the display network sessions verbose command to indicate the user’s authorization attributes and whether they were supplied through AAA or through configured SSID defaults in a service profile in MSS Version 4.1. Usage —...
Page 573 display sessions network EXAMPLE\Singh 12* 10.10.10.30 vlan-eng EXAMPLE\Havel 13* 10.10.10.40 vlan-eng 2 sessions match criteria (of 3 total) (Table 91 on page 574 describes the summary displays of display sessions network commands.) The following command displays detailed (verbose) session information about user nin@example.com: WX1200# display sessions network user nin@example.com verbose User...
Page 574 18: S HAPTER ESSION ANAGEMENT OMMANDS (Table 92 on page 575 describes the additional fields of the verbose output of display sessions network commands.) The following command displays information about network session 27: WX1200# display sessions network session-id 27 Global Id: SESS-27-000430-835586-58dfe5a State: ACTIVE Port/Radio: 3/1 MAC Address: 00:00:2d:6f:44:77...
Page 575 display sessions network Table 92 Additional display sessions network verbose Output Field Description Client MAC MAC address of the session user. Global session ID, a unique session number within a Mobility Domain. State Status of the session: AUTH, ASSOC REQ — Client is being associated by the 802.1X protocol.
Page 576 18: S HAPTER ESSION ANAGEMENT OMMANDS Table 93 display sessions network session-id Output Field Description Global Id A unique session identifier within the Mobility Domain. State Status of the session: AUTH, ASSOC REQ — Client is being associated by the 802.1X protocol.
Page 577 display sessions network Table 93 display sessions network session-id Output (continued) Field Description Session Assigned session timeout in seconds. Timeout Authentication Extensible Authentication Protocol (EAP) type used to authenticate Method the session user, and the IP address of the authentication server. Session Time the session statistics were last updated from the MAP access statistics as...
Page 578 18: S HAPTER ESSION ANAGEMENT OMMANDS...
Page 579: Rf Detection
A rogue access point is a BSSID (MAC address associated with an SSID) that does not belong to a 3Com switch and is not a member of the ignore list configured on the seed switch of the Mobility Domain.
Page 580: Clear Rfdetect Attack-List
— MAC address you want to remove from the attack list. Defaults — None. Access — Enabled. History —Introduced in MSS Version 4.0. Examples — The following command clears MAC address 11:22:33:44:55:66 from the attack list: wx4400# clear rfdetect attack-list 11:22:33:44:55:66 success: 11:22:33:44:55:66 is no longer in attacklist.
Page 581: Clear Rfdetect Black-List
clear rfdetect black-list See Also clear rfdetect attack-list on page 580 display rfdetect attack-list on page 583 clear rfdetect Removes a MAC address from the client black list. black-list Syntax — clear rfdetect black-list mac-addr — MAC address you want to remove from the black list. mac-addr Defaults —...
Page 582: Clear Rfdetect Ssid-List
19: RF D HAPTER ETECTION OMMANDS Examples — The following command removes BSSID aa:bb:cc:11:22:33 from the ignore list for RF scans: WX1200# clear rfdetect ignore aa:bb:cc:11:22:33 success: aa:bb:cc:11:22:33 is no longer ignored. See Also display rfdetect ignore on page 592 set rfdetect ignore on page 604 clear rfdetect Removes an SSID from the permitted SSID list.
Page 583: Clear Rfdetect Vendor-List
Access — Enabled. History —Introduced in MSS Version 4.0. Examples — The following command removes client OUI aa:bb:cc:00:00:00 from the permitted vendor list: WX4400# clear rfdetect vendor-list client aa:bb:cc:00:00:00 success: aa:bb:cc:00:00:00 is no longer in client vendor-list. See Also set rfdetect vendor-list on page 608...
Page 584: Display Rfdetect Black-List
19: RF D HAPTER ETECTION OMMANDS Examples — The following example shows the attack list on WX switch: WX1200# display rfdetect attack-list Total number of entries: 1 Attacklist MAC Port/Radio/Chan RSSI SSID ----------------- ----------------- ------ ------------ 11:22:33:44:55:66 dap 2/1/11 rogue-ssid See Also clear rfdetect attack-list on page 580 set rfdetect attack-list on page 601...
Page 585: Display Rfdetect Clients
Client Mac Address: 00:0c:41:63:fd:6d, Vendor: Linksys Port: dap 1, Radio: 1, Channel: 11, RSSI: -82, Rate: 2, Last Seen (secs ago): Bssid: 00:0b:0e:01:02:00, Vendor: 3Com, Type: intfr, Dst: ff:ff:ff:ff:ff:ff Last Rogue Status Check (secs ago): 3 The first line lists information for the client. The other lines list information about the most recent 802.11 packet detected from the...
Page 586 19: RF D HAPTER ETECTION OMMANDS Table 95 display rfdetect clients Output Field Description Client MAC MAC address of the client. Client Vendor Company that manufactures or sells the client. AP MAC MAC address of the radio with which the rogue client is associated.
Page 587: Display Rfdetect Countermeasures
Usage — This command is valid only on the seed switch of the Mobility Domain. Examples — The following example displays countermeasures status for the Mobility Domain: WX4400# display rfdetect countermeasures Total number of entries: 190 Rogue MAC Type Countermeasures...
Page 588: Display Rfdetect Counters
RF interference with MAP radios. known—Device that is a legitimate member of the network. Countermeasures MAC address of the 3Com radio sending countermeasures Radio MAC against the rogue. WX-IPaddr System IP address of the WX switch that is managing the MAP that is sending or will send countermeasures.
Page 589 Examples — The following command shows counters for rogue activity detected by a WX switch: WX4400# display rfdetect counters Type Current Total -------------------------------------------------- ------------ ------------ Rogue access points Interfering access points 1116 Rogue 802.11 clients Interfering 802.11 clients 802.11 adhoc clients...
Page 590: Display Rfdetect Data
To display rogue information for the entire Mobility Domain, use the display rfdetect mobility-domain command on the seed switch. Only one MAC address is listed for each 3Com radio, even if the radio is beaconing multiple SSIDs. Examples — The following command shows the devices detected by this...
Page 591 display rfdetect data Table 98 display rfdetect data Output Field Description BSSID BSSID detected by a MAP radio on this WX switch. Vendor Company that manufactures or sells the rogue device. Type Classification of the rogue device: rogue—Wireless device that is not supposed to be on the network.
Page 592: Display Rfdetect Ignore
Defaults — None. Access — Enabled. History —Introduced in MSS Version 3.0. Examples — The following example displays the list of ignored devices: WX4400# display rfdetect ignore Total number of entries: 2 Ignore MAC ----------------- aa:bb:cc:11:22:33 aa:bb:cc:44:55:66...
Page 593 Domain. To display rogue information for an individual switch, use the display rfdetect data command on that switch. Only rogues are listed. To display all devices detected, including 3Com radios, use the display rfdetect data command. Examples — The following example displays information about the...
Page 594 ETECTION OMMANDS WX-IPaddress: 10.8.121.102 Port/Radio/Ch: 3/1/1 Mac: 00:0b:0e:00:0a:6a Device-type: interfering Adhoc: no Crypto-types: clear RSSI: -75 SSID: 3Com-webaaa WX-IPaddress: 10.3.8.103 Port/Radio/Ch: dap 1/1/1 Mac: 00:0b:0e:76:56:82 Device-type: interfering Adhoc: no Crypto-types: clear RSSI: -76 SSID: 3Com-webaaa Two types of information are shown. The lines that are not indented show the BSSID, vendor, and information about the SSID.
Page 595 display rfdetect mobility-domain Table 99 and Table 100 describe the fields in these displays. Table 99 display rfdetect mobility-domain Output Field Description BSSID MAC address of the SSID used by the detected device. Vendor Company that manufactures or sells the rogue device. Type Classification of the rogue device: rogue—Wireless device that is not supposed to be on the...
Page 596 19: RF D HAPTER ETECTION OMMANDS Table 100 display rfdetect mobility-domain ssid or bssid Output (continued) Field Description Adhoc Indicates whether the rogue is an infrastructure rogue (is using an AP) or is operating in ad-hoc mode. Crypto-Types Encryption type: clear (no encryption) ccmp tkip...
Page 597: Display Rfdetect Ssid-List
Defaults — None. Access — Enabled. History —Introduced in MSS Version 4.0. Examples — The following example shows the permitted SSID list on WX switch: WX4400# display rfdetect ssid-list Total number of entries: 3 SSID ----------------- mycorp corporate...
Page 598: Display Rfdetect Visible
[radio {1 | 2}] mac-addr — Base MAC address of the 3Com radio. To display the base MAC address of a 3Com radio, use the display {ap | dap} status command. map-num — Port connected to the MAP access point for which to display neighboring BSSIDs.
Page 599 History —Introduced in MSS Version 3.0. Usage — If a 3Com radio is supporting more than one SSID, each of the corresponding BSSIDs is listed separately. To display rogue information for the entire Mobility Domain, use the display rfdetect mobility-domain command on the seed switch.
Page 600: Set Rfdetect Active-Scan
19: RF D HAPTER ETECTION OMMANDS Table 101 display rfdetect visible Output Field Description Channel number on which the radio detected the rogue. RSSI Received signal strength indication (RSSI)—the strength of the RF signal detected by the MAP radio, in decibels referred to 1 milliwatt (dBm).
Page 601: Set Rfdetect Attack-List
Examples — The following command adds MAC address aa:bb:cc:44:55:66 to the attack list: WX4400# set rfdetect attack-list 11:22:33:44:55:66 success: MAC 11:22:33:44:55:66 is now in attacklist. See Also...
Page 602: Set Rfdetect Black-List
19: RF D HAPTER ETECTION OMMANDS set rfdetect Adds an entry to the client black list. The client black list specifies clients black-list that are not allowed on the network. MSS drops all packets from the clients on the black list. Syntax —...
Page 603: Set Rfdetect Countermeasures Mac
set rfdetect countermeasures mac Syntax — set rfdetect countermeasures {enable | disable} — Enables countermeasures. enable — Disables countermeasures. disable Defaults — Countermeasures are disabled by default. Access — Enabled. History —Introduced in MSS Version 3.0. Usage — This command is valid only on the seed switch of the Mobility Domain.
Page 604: Set Rfdetect Ignore
19: RF D HAPTER ETECTION OMMANDS You can start countermeasures against more than one BSSID by typing additional set rfdetect countermeasures mac commands. After you type the first set rfdetect countermeasures mac command, MSS does not issue countermeasures against any devices except the ones you specify using this command.
Page 605: Set Rfdetect Log
set rfdetect log Usage — Use this command to identify third-party APs and other devices you are already aware of and do not want MSS to report following RF scans. If you try to initiate countermeasures against a device on the ignore list, the ignore list takes precedence and MSS does not issue the countermeasures.
Page 606: Set Rfdetect Signature
Enables MAP signatures. A MAP signature is a set of bits in a signature management frame sent by a MAP that identifies that MAP to MSS. If someone attempts to spoof management packets from a 3Com MAP, MSS can detect the spoof attempt. Syntax —...
Page 607: Set Rfdetect Ssid-List
set rfdetect ssid-list Examples — The following command enables MAP signatures on a WX switch: WX1200# set rfdetect signature enable success: signature is now enabled. set rfdetect ssid-list Adds an SSID to the permitted SSID list.The permitted SSID list specifies the SSIDs that are allowed on the network.
Page 608: Set Rfdetect Vendor-List
19: RF D HAPTER ETECTION OMMANDS set rfdetect Adds an entry to the permitted vendor list. The permitted vendor list vendor-list specifies the third-party AP or client vendors that are allowed on the network. MSS does not list a device as a rogue or interfering device if the device’s OUI is in the permitted vendor list.
Page 609: Test Rflink
Examples — The following command tests the RF link between the WX switch and the client with MAC address 00:0e:9b:bf:ad:13: WX4400# test rflink mac 00:0e:9b:bf:ad:13 RF-Link Test to 00:0e:9b:bf:ad:13 : Session-Id: 2 Packets Sent...
Page 610 19: RF D HAPTER ETECTION OMMANDS Table 102 test rflink Output (continued) Field Description Signal-to-noise ratio (SNR), in decibels (dB), of the data received from the client. RTT (micro-secs) The round-trip time, in microseconds, for the client response to the test packets. See Also display rfdetect data on page 590 display rfdetect visible on page 598...
Page 611: File
ANAGEMENT OMMANDS Use file management commands to manage system files and to display software and boot information. Commands by This chapter presents file management commands alphabetically. Use Usage Table 103 to locate commands in this chapter based on their use. Table 103 File Management Commands by Usage Type Command...
Page 612: Backup
20: F HAPTER ANAGEMENT OMMANDS Table 103 File Management Commands by Usage (continued) Type Command System Backup backup on page 612 and Restore restore on page 632 Sygate install soda agent on page 621 On-Demand display boot on page 622 Agent (SODA) file installation and removal...
Page 613 backup Archive files created by the all option are larger than files created by the critical option. The file size depends on the files in the user area, and the file can be quite large if the user area contains image files. The backup command places the boot configuration file into the archive.
Page 614: Clear Boot Backup-Configuration
History —Introduced in MSS Version 4.1. Examples — The following command clears the name specified as the backup configuration file from the configuration of the WX switch: WX4400# clear boot backup-configuration success: Backup boot config filename was cleared. See Also...
Page 615: Copy
WX4400# reset system force ..rebooting ..See Also display config on page 623 reset system on page 631 copy Performs the following copy operations: Copies a file from a TFTP server to nonvolatile storage. Copies a file from nonvolatile storage or temporary storage to a TFTP server.
Page 616 Examples — The following command copies a file called floorwx from nonvolatile storage to a TFTP server: WX4400# copy floorwx tftp://10.1.1.1/floorwx success: sent 365 bytes in 0.401 seconds [ 910 bytes/sec] The following command copies a file called closetwx from a TFTP server to nonvolatile storage: WX4400# copy tftp://10.1.1.1/closetwx closetwx...
Page 617: Delete
The following commands rename test-config to new-config by copying it from one name to the other in the same location, then deleting test-config: WX4400# copy test-config new-config WX4400# delete test-config success: file deleted. The following command copies file corpa-login.html from a TFTP server into subdirectory corpa in a WX switch’s nonvolatile storage:...
Page 618: Dir
OMMANDS Examples — The following commands copy file testconfig to a TFTP server and delete the file from nonvolatile storage: WX4400# copy testconfig tftp://10.1.1.1/testconfig success: sent 365 bytes in 0.401 seconds [ 910 bytes/sec] WX4400# delete testconfig success: file deleted.
Page 619 Size Created core:command_audit.cur 37 bytes Aug 28 2005, 21:11:41 Total: 37 bytes used, 91707 Kbytes free The following command displays the files in the old subdirectory: WX4400# dir old =============================================================================== file: Filename Size Created file:configuration.txt 3541 bytes Sep 22 2003, 22:55:44 file:configuration.xml...
Page 620 20: F HAPTER ANAGEMENT OMMANDS The following command limits the output to the contents of the user files area: WX4400# dir file: =============================================================================== file: Filename Size Created file:configuration 48 KB Jul 12 2005, 15:02:32 file:corp2:corp2cnfig 17 KB Mar 14 2005, 22:20:04...
Page 621: Install Soda Agent
install soda agent Table 105 Output for dir Field Description Filename Filename or subdirectory name. For files, the directory name is shown in front of the filename (for example, file:configuration). The file: directory is the root directory. For subdirectories, a forward slash is shown at the end of the subdirectory name (for example, old/ ).
Page 622: Display Boot
Examples — The following command installs the contents of the file soda.ZIP into a directory called sp1. WX4400# install soda agent soda.ZIP agent-directory sp1 This command may take up to 20 seconds... See Also display boot on page 622...
Page 623: Display Config
display config Table 106 describes the fields in the display boot output. Table 106 Output for display boot Field Description Configured boot Software version the switch will run next time the software is version rebooted. Configured boot Boot partition and image filename MSS will use to boot next image time the software is rebooted.
Page 624 20: F HAPTER ANAGEMENT OMMANDS ip-config l2acl mobility-domain network-domain portconfig port-group radio-profile rfdetect service-profile snmp snoop spantree system trace vlan vlan-fdb If you do not specify a configuration area, nondefault information for all areas is displayed. — Includes configuration items that are set to their default values. Defaults —...
Page 625: Display Version
If you use the all option, the display also includes commands for configuration items that are set to their default values. Examples — The following command shows configuration information for VLANs: WX4400# display config area vlan # Configuration nvgen'd at 2004-5-21 19:36:48 # Image 3.0.0 # Model WX4400...
Page 626 Examples — The following command displays version information for a WX switch: WX1200# display version Mobility System Software, Version: 4.1.0 QA 67 Copyright (c) 2002, 2003, 2004, 2005 3Com Corporation. All rights reserved. Build Information: (build#67) TOP 2005-07-21 04:41:00 Model:...
Page 627: Load Config
CAUTION: This command completely removes the running configuration and replaces it with the configuration contained in the file. 3Com recommends that you save a copy of the current running configuration to a backup configuration file before loading a new configuration.
Page 628 Reloading configuration may result in lost of connectivity, do you wish to continue? (y/n) [n]y success: Configuration reloaded The following command loads configuration file testconfig1: WX4400# load config testconfig1 Reloading configuration may result in lost of connectivity, do you wish to continue? (y/n) [n]y success: Configuration reloaded...
Page 629: Md5
Calculates the MD5 checksum for a file in the switch’s nonvolatile storage. Syntax — md5 [boot0: | boot1:]filename — Boot partition into which you copied the file. boot0: | boot1: — Name of the file. filename Defaults — None. Access — Enabled. History —Introduced in MSS Version 4.0.
Page 630 20: F HAPTER ANAGEMENT OMMANDS Examples — The following commands create a subdirectory called corp2 and display the root directory to verify the result: WX4400# mkdir corp2 success: change accepted. WX4400# dir =============================================================================== file: Filename Size Created file:configuration 17 KB May 21 2004, 18:20:53 file:configuration.txt...
Page 631: Reset System
WX4400# reset system error: Cannot reset, due to unsaved configuration changes. Use "reset system force" to override. WX4400# reset system force ..rebooting ..See Also display boot on page 622 display version on page 625...
Page 632: Restore
Note: If the archive’s files cannot fit on the switch, the restore operation fails. 3Com recommends deleting unneeded image files before creating or restoring an archive. The backup command stores the MAC address of the switch in the archive.
Page 633: Rmdir
Usage — MSS does not allow the subdirectory to be removed unless it is empty. Delete all files from the subdirectory before attempting to remove Examples — The following example removes subdirectory corp2: WX4400# rmdir corp2 success: change accepted. See Also...
Page 634: Set Boot Backup-Configuration
WX4400# save config Configuration saved to configuration. The following command saves the running configuration to a file named testconfig1: WX4400# save config testconfig1 Configuration saved to testconfig1. See Also display boot on page 622 display config on page 623...
Page 635: Set Boot Configuration-File
Access — Enabled. History —Introduced in MSS Version 3.0. Usage — The file must be located in the switch’s nonvolatile storage. Examples — The following command sets the boot configuration file to testconfig1: WX4400# set boot configuration-file testconfig1 success: boot config set.
Page 636: Set Boot Partition
Examples — The following command sets the boot partition for the next software reload to partition 1: WX4400# set boot partition boot1 success: Boot partition set to boot1. See Also copy on page 615...
Page 637 SODA agent files. Examples — The following command removes the directory sp1 and all of its contents: WX4400# uninstall soda agent agent-directory sp1 This will delete all files in agent-directory, do you wish to continue? (y|n) [n]y...
Page 638 20: F HAPTER ANAGEMENT OMMANDS...
Page 639: Trace
MSS allows, type the set trace ? command. CAUTION: Using the set trace command can have adverse effects on system performance. 3Com recommends that you use the lowest levels possible for initial trace commands, and slowly increase the levels to get the data you need.
Page 640: Clear Log Trace
Defaults — None. Access — Enabled. History —Introduced in MSS Version 3.0. Examples — To delete the trace log, type the following command: WX4400# clear log trace See Also display log buffer on page 660 set log on page 664 clear trace Deletes running trace commands and ends trace processes.
Page 641: Display Trace
To clear the session manager trace, type the following command: WX4400# clear trace sm success: clear trace sm See Also display trace on page 641 set trace authentication on page 642 set trace authorization on page 643 set trace dot1x on page 644...
Page 642: Save Trace
Defaults — None. Access — Enabled. History —Introduced in MSS Version 3.0. Examples — To save trace data into the file trace1 in the subdirectory traces, type the following command: WX4400# save trace traces/trace1 set trace Traces authentication information. authentication Syntax —...
Page 643: Set Trace Authorization
Examples — The following command starts a trace for information about user jose’s authentication: WX4400# set trace authentication user jose success: change accepted. See Also clear trace on page 640 display trace on page 641 set trace Traces authorization information.
Page 644: Set Trace Dot1X
Access — Enabled. History —Introduced in MSS Version 3.0. Examples — The following command starts a trace for the 802.1X sessions for MAC address 00:01:02:03:04:05: WX4400# set trace dot1x mac-addr 00:01:02:03:04:05: success: change accepted. See Also clear trace on page 640...
Page 645: Set Trace Sm
Access — Enabled. History —Introduced in MSS Version 3.0. Examples — Type the following command to trace session manager activity for MAC address 00:01:02:03:04:05: WX4400# set trace sm mac-addr 00:01:02:03:04:05: success: change accepted. See Also clear trace on page 640...
Page 646 21: T HAPTER RACE OMMANDS...
Page 647: Snoop
NOOP OMMANDS Use snoop commands to monitor wireless traffic, by using a Distributed MAP as a sniffing device. The MAP copies the sniffed 802.11 packets and sends the copies to an observer, which is typically a protocol analyzer such as Ethereal or Tethereal. (For more information, including setup instructions for the monitoring station, see the “Remotely Monitoring Traffic”...
Page 648: Clear Snoop
22: S HAPTER NOOP OMMANDS clear snoop Deletes a snoop filter. Syntax — clear snoop filter-name — Name of the snoop filter. filter-name Defaults — None. Access — Enabled. History —Introduced in MSS Version 4.0. Examples — The following command deletes snoop filter snoop1: WX1200# clear snoop snoop1 See Also set snoop on page 649...
Page 649: Set Snoop
set snoop WX1200# clear snoop map snoop2 dap 3 radio 2 success: change accepted. The following command removes all snoop filter mappings from all radios: WX1200# clear snoop map all success: change accepted. See Also set snoop map on page 652 display snoop on page 654 display snoop map on page 655 set snoop...
Page 650 If you do not specify a length, the entire packet is copied and sent to the observer. 3Com recommends specifying a snap length of 100 bytes or less. Defaults — No snoop filters are configured by default.
Page 651 set snoop The MAP that is running a snoop filter forwards snooped packets directly to the observer. This is a one-way communication, from the MAP to the observer. If the observer is not present, the MAP still sends the snoop packets, which use bandwidth. If the observer is present but is not listening to TZSP traffic, the observer continuously sends ICMP error indications back to the MAP.
Page 652: Set Snoop Map
22: S HAPTER NOOP OMMANDS set snoop map Maps a snoop filter to a radio on a Distributed MAP. A snoop filter does take effect until you map it to a radio and enable the filter. Syntax — set snoop map filter-name dap dap-num radio {1 | 2} —...
Page 653: Set Snoop Mode
set snoop mode set snoop mode Enables a snoop filter. A snoop filter does not take effect until you map it to a MAP radio and enable the filter. Syntax — set snoop {filter-name | all} mode {enable [stop-after num-pkts] | disable} —...
Page 654: Display Snoop
22: S HAPTER NOOP OMMANDS display snoop Displays the MAP radio mapping for all snoop filters. Syntax — display snoop Defaults — None. Access — Enabled. History —Introduced in MSS Version 4.0. Usage — To display the mappings for a specific MAP radio, use the display snoop map command.
Page 655: Display Snoop Map
display snoop map Examples — The following command shows the snoop filters configured in the examples above: WX1200# display snoop info snoop1: observer 10.10.30.2 snap-length 100 all packets snoop2: observer 10.10.30.3 snap-length 100 frame-type eq data mac-pair (aa:bb:cc:dd:ee:ff, 11:22:33:44:55:66) See Also clear snoop on page 648 set snoop on page 649 display snoop map...
Page 656: Display Snoop Stats
22: S HAPTER NOOP OMMANDS display snoop stats Displays statistics for enabled snoop filters. Syntax — display snoop stats [filter-name [dap-num [radio {1 | 2}]]] — Name of the snoop filter. filter-name — Number of a Distributed MAP to which the snoop filter is dap-num mapped —...
Page 657 display snoop stats Table 110 describes the fields in this display. Table 110 display snoop stats Output Field Description Filter Name of the snoop filter. Distributed MAP containing the radio to which the filter is mapped. Radio Radio to which the filter is mapped. Rx Match Number of packets received by the radio that match the filter.
Page 658 22: S HAPTER NOOP OMMANDS...
Page 659: System
YSTEM OMMANDS Use the system log commands to record information for monitoring and troubleshooting. MSS system logs are based on RFC 3164, which defines the log protocol. Commands by This chapter present system log commands alphabetically. Use Table 111 Usage to locate commands in this chapter based on their use.
Page 660: Display Log Buffer
History — Introduced in MSS Version 3.0. Examples — To stop sending system logging messages to a server at 192.168.253.11, type the following command: WX4400# clear log server 192.168.253.11 success: change accepted. Type the following command to clear all messages from the log buffer: WX4400# clear log buffer success: change accepted.
Page 661 Usage — The debug level produces a lot of messages, many of which can appear to be somewhat cryptic. Debug messages are used primarily by 3Com for troubleshooting and are not intended for administrator use. Examples — Type the following command to see the facilities for which...
Page 662: Display Log Config
Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0. Examples — To display how logging is configured, type the following command: WX4400# display log config Logging console: disabled Logging console severity: DEBUG Logging sessions:...
Page 663: Display Log Trace
display log trace display log trace Displays system information stored in the nonvolatile log buffer or the trace buffer. Syntax — display log trace [{+|-|/}number-of-messages] [facility facility-name] [matching string] [severity severity-level] — Displays the log messages in the trace buffer. trace —...
Page 664: Set Log
History — Introduced in MSS Version 3.0. Examples — Type the following command to see the facilities for which you can view event messages archived in the buffer: WX4400# display log trace facility ? <facility name> Select one of: KERNEL, AAA, SYSLOGD, ACL, APM, ARP,...
Page 665 set log Logging state (enabled or disabled) To override the session defaults for an individual session, type the set log command from within the session and use the current option. — Sets log parameters for trace files. trace — Sets the TCP port for sending messages to the Port port-number syslog server.
Page 666 Examples — To log only emergency, alert, and critical system events to the console, type the following command: WX4400# set log console severity critical enable success: change accepted. See Also clear log on page 659...
Page 667: Set Log Mark
Configures MSS to generate mark messages at regular intervals. The mark messages indicate the current system time and date. 3Com can use the mark messages to determine the approximate time when a system restart or other event causing a system outage occurred.
Page 668 23: S HAPTER YSTEM OMMANDS...
Page 669: Boot Prompt Commands By Usage
CAUTION: Generally, boot prompt commands are used only for troubleshooting. 3Com recommends that you use these commands only when working with 3Com Technical Support to diagnose a system issue. In particular, commands that change boot parameters can interfere with a WX switch’s ability to boot successfully.
Page 670: Autoboot
24: B HAPTER ROMPT OMMANDS Table 112 Boot Prompt Commands by Usage (continued) Type Command Boot Profile Management display on page 678 create on page 674 Boot Profile next on page 683 Management, cont. change on page 673 delete on page 675 Diagnostics diag on page 677 test on page 685...
Page 671: Boot
The options are appended to the options already in the boot profile. Use this parameter only if advised to do so by 3Com. Defaults — The boot settings in the currently active boot profile are used by default.
Page 672 SYS Sep 29 21:45:36.849457 NOTICE Port 1 up 1000 Full Duplex SYSLOGD Sep 29 21:45:38.857125 ALERT SYSTEM_READY: The system has finished booting. (cause was "Warm Reboot") Copyright (c) 2004 3Com Corporation. All rights reserved. Username: See Also change on page 673...
Page 673: Change
change change Changes parameters in the currently active boot profile. (For information about boot profiles, see display on page 678.) Syntax — change Defaults — The default boot type is c (compact flash). The default filename is default. The default flags setting is 0x00000000 (all flags disabled) and the default options list is run=nos;boot=0.
Page 674: Create
24: B HAPTER ROMPT OMMANDS The following command enters the configuration mode for the currently active boot profile and configures the WX switch (in this example, an WXR100) to boot using a TFTP server: boot> change Changing the default configuration is not recommended. Are you sure that you want to proceed? (y/n)y BOOT TYPE: [c]>...
Page 675: Delete
delete Usage — A WX switch can have up to four boot profiles. The boot profiles are stored in slots, numbered 0 through 3. When you create a new profile, the system uses the next available slot for the profile. If all four slots already contain profiles and you try to create a fifth profile, the switch displays a message advising you to change one of the existing profiles instead.
Page 676: Dhcp
24: B HAPTER ROMPT OMMANDS Usage — When you type the delete command, the next-lower numbered boot profile becomes the active profile. For example, if the currently active profile is number 3, profile number 2 becomes active after you type delete to delete profile 3. You cannot delete boot profile 0. Examples —...
Page 677: Diag
History —Introduced in MSS Version 3.0. Usage — Access to the diagnostic mode requires a password, which is not user configurable. Use this mode only if advised to do so by 3Com. Displays the boot code and system image files on a WX switch.
Page 678: Display
24: B HAPTER ROMPT OMMANDS Access — Boot prompt. History —Introduced in MSS Version 3.0. Usage — To display the system image software versions, use the fver command. This command does not list the boot code versions. To display the boot code versions, use the version command. Examples —...
Page 679 display A WX switch can have up to four boot profiles, numbered 0 through 3. Only one boot profile can be active at a time. You can create, change, and delete boot profiles. You also can activate another boot profile in place of the currently active one.
Page 680: Fver
24: B HAPTER ROMPT OMMANDS Table 113 Output of display command (continued) Field Description DEVICE Location of the system image file: c: — Nonvolatile storage area containing boot partition 0 d: — Nonvolatile storage area containing boot partition 1 e: — Primary partition of the flash card in the flash card slot f: —...
Page 681: Help
help Access — Boot prompt. History —Introduced in MSS Version 3.0. Usage — To display the image filenames, use the dir command. This command does not list the boot code versions. To display the boot code versions, use the version command. Examples —...
Page 682 24: B HAPTER ROMPT OMMANDS Examples — The following command displays detailed information for the fver command: boot> help fver fver Display the version of the specified device:filename. USAGE: fver [c:file|d:file|e:file|f:file|boot0:file|boot1:file| boot2:file|boot3:file] Command to display the version of the compressed image file associated with the given device:filename.
Page 683: Next
next Examples — To display a list of the commands available at the boot prompt, type the following command: boot> ls Display a list of all commands and descriptions. help Display help information for each command. autoboot Display the state of, enable, or disable the autoboot option. boot Load and execute an image using the current boot configuration profile.
Page 684: Reset
24: B HAPTER ROMPT OMMANDS Examples — To activate the boot profile in the next slot and display the profile, type the following command: boot> next BOOT Index: BOOT TYPE: DEVICE: boot1: FILENAME: testcfg FLAGS: 00000000 OPTIONS: run=nos;boot=0 See Also change on page 673 create on page 674 delete on page 675...
Page 685: Test
3Com WX-4400 Bootstrap/Bootloader Version 3.0.2 Release Compiled on Wed Sep 22 09:18:47 PDT 2004 by Bootstrap 0 version: Active Bootloader 0 version: 3.0.2 Active Bootstrap 1 version: Bootloader 1 version: 3.0.1 WX-4400 Board Revision: WX-4400 Controller Revision: WXA30001.Rel 8863722 bytes...
Page 686: Version
Examples — To display hardware and boot code version information, type the following command at the boot prompt: boot> version 3Com WX-4400 Bootstrap/Bootloader Version 3.0.2 Release Compiled on Wed Sep 22 09:18:47 PDT 2004 by...
Page 687: Upport For
To take advantage of warranty and other service benefits, you must first Product to Gain register your product at: Service Benefits http://eSupport.3com.com/ 3Com eSupport services are based on accounts that are created or that you are authorized to access. Solve Problems 3Com offers the following support tool: Online 3Com Knowledgebase —...
Page 688: Purchase Extended Warranty And Professional Services
3Com as a separately ordered product. Separately orderable software releases and licenses are listed in the 3Com Price List and are available for purchase from your 3Com reseller.
Page 689: Telephone Technical Support And Repair
Diagnostic error messages Details about recent configuration changes, if applicable To send a product directly to 3Com for repair, you must first obtain a return materials authorization number (RMA). Products sent to 3Com without authorization numbers clearly marked on the outside of the package will be returned to the sender unopened, at the sender’s...
Page 690 Latin America — Telephone Technical Support and Repair Antigua 1 800 988 2112 Guatemala AT&T +800 998 2112 Argentina 0 810 444 3COM Haiti 57 1 657 0888 Aruba 1 800 998 2112 Honduras AT&T +800 998 2112 Bahamas...
Page 691 Contact Us Country Telephone Number Country Telephone Number US and Canada — Telephone Technical Support and Repair All locations: Network Jacks; Wired or Wireless Network Interface Cards: 1 847-262-0070 1 800 876 3266 All other 3Com products:...
Page 692 A: O PPENDIX BTAINING UPPORT FOR RODUCTS...
Page 693 NDEX clear log server 659 clear log trace 640 autoboot 670 clear mac-user 215 clear mac-user attr 216 clear mac-user group 216 clear mac-usergroup 217 boot 671 clear mac-usergroup attr 218 clear mobility-domain 270 clear mobility-domain member 270 clear mobility-profile 219 change 673 clear network-domain 278 clear {ap | dap} radio 291...
Page 694 NDEX clear snoop 648 display {ap | dap} status 310 clear snoop map 648 display aaa 223 clear spantree portcost 436 display accounting statistics 226 clear spantree portpri 437 display arp 141 clear spantree portvlancost 437 display auto-tune attributes 317 clear spantree portvlanpri 438 display auto-tune neighbors 319 clear spantree statistics 439...
Page 695 NDEX display rfdetect attack-list 583 display rfdetect black-list 584 fver 680 display rfdetect clients 585 display rfdetect countermeasures 587 display rfdetect counters 588 display rfdetect data 590 help 48, 681 display rfdetect ignore 592 history 49 display rfdetect mobility-domain 592 display rfdetect ssid-list 597 display rfdetect vendor-list 597 display rfdetect visible 598...
Page 696 NDEX set {ap | dap} radio antennatype 353 set igmp querier 485 set {ap | dap} radio auto-tune max-power 354 set igmp receiver 485 set igmp rv 486 set {ap | dap} radio auto-tune max-retransmissions 356 set interface 164 set {ap | dap} radio channel 358 set interface dhcp-server 166 set {ap | dap} radio min-client-rate 359 set interface status 167...
Page 697 NDEX set prompt 56 set service-profile cac-mode 397 set qos cos-to-dscp-map 125 set service-profile cac-session 398 set qos dscp-to-cos-map 126 set service-profile cipher-ccmp 399 set radio-profile auto-tune channel-config 367 set service-profile cipher-tkip 400 set radio-profile auto-tune channel-holddown 368 set service-profile cipher-wep104 402 set radio-profile auto-tune channel-interval 369 set service-profile cipher-wep40 401 set radio-profile auto-tune power-backoff-timer 370...
Page 698 NDEX set spantree portvlancost 460 set spantree portvlanpri 461 version 686 set spantree priority 462 set spantree uplinkfast 462 set summertime 195 set system contact 57 set system countrycode 58 set system idle-timeout 62 set system ip-address 63, 196 set system location 64 set system name 65 set timedate 197 set timezone 198...

This manual is also suitable for:

3crwx440095a 3crwxr10095a Wx2200 Wx1200 3crwx220095a Wxr100 ... Show all

3Com WX4400 Command Reference Manual

Table of Contents

About

1 Using the Command -Line Interface

2 Access Commands

3 S S C Ystem Ervice Ommands

3 System

4 Port Commands

5 VLAN C Ommands

5 Vlan C

6 Quality of

7 Ip Services

8 Aaa C

9 Mobility

10 Network

Table of Contents

13 Igmp Snooping

14 Ecurity Acl Commands

15 Cryptography

16 Radius and Server Group Commands

18 Session Management Commands

19 Rf Detection

20 File

21 Trace

22 Snoop

23 System

Quick Links

Command Reference

Chapters

Related Manuals for 3Com WX4400

Summary of Contents for 3Com WX4400