Download Print this page

3Com Wireless LAN Switch WX1200 Command Reference Manual

Wireless lan mobility system; wireless lan switch and controller

Hide thumbs Also See for Wireless LAN Switch WX1200:

Reference manual (520 pages)

,

Release note (28 pages)

,

Quick start manual (10 pages)

Table Of Contents

page of 646

/ 646
Contents
Table of Contents
Bookmarks

Table of Contents

Advertisement

Quick Links

Download this manual See also: Reference Manual, Configuration Manual

Wireless LAN Mobility System

Wireless LAN Switch and Controller

Command Reference

WX4400

3CRWX440095A

WX1200

3CRWX120695A

WXR100

3CRWXR10095A

http://www.3com.com/

Part No. 10015086

Published April 2006

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the Wireless LAN Switch WX1200 and is the answer not in the manual?

Questions and answers

Summary of Contents for 3Com Wireless LAN Switch WX1200

Page 1: Command Reference
Wireless LAN Mobility System Wireless LAN Switch and Controller Command Reference WX4400 3CRWX440095A WX1200 3CRWX120695A WXR100 3CRWXR10095A http://www.3com.com/ Part No. 10015086 Published April 2006...
Page 2 3Com Corporation reserves the right to revise this documentation and to make changes in content from time 01752-3064 to time without obligation on the part of 3Com Corporation to provide notification of such revision or change. 3Com Corporation provides this documentation without warranty, term, or condition of any kind, either implied or expressed, including, but not limited to, the implied warranties, terms or conditions of merchantability, satisfactory quality, and fitness for a particular purpose.
Page 3: Table Of Contents
ONTENTS BOUT UIDE Conventions Documentation Documentation Comments SING THE OMMAND Overview CLI Conventions Command Prompts Syntax Notation Text Entry Conventions and Allowed Characters MAC Address Notation IP Address and Mask Notation User Globs, MAC Address Globs, and VLAN Globs Port Lists Virtual LAN Identification Command-Line Editing Keyboard Shortcuts...
Page 4 YSTEM ERVICE Commands by Usage clear banner motd clear history clear prompt clear system display banner motd display base-information display license display load display system help history quickstart set auto-config set banner motd set confirm set length set license set prompt set system contact set system countrycode set system idle-timeout...
Page 5 display port-group display port poe display port preference display port status display port media-type monitor port counters reset port set dap set port set port-group set port media-type set port name set port negotiation set port poe set port preference set port speed set port trap set port type ap...
Page 6 set vlan name set vlan port set vlan tunnel-affinity UALITY OF ERVICE Commands by Usage clear qos set qos cos-to-dscp-map set qos dscp-to-cos-map display qos display qos dscp-table IP S ERVICES OMMANDS Commands by Usage clear interface clear ip alias clear ip dns domain clear ip dns server clear ip route...
Page 7 display ip telnet display ntp display snmp community display snmp counters display snmp notify profile display snmp notify target display snmp status display snmp usm display summertime display timedate display timezone ping set arp set arp agingtime set interface set interface dhcp-client set interface dhcp-server set interface status set ip alias...
Page 8 SNMPv2c with Traps SNMPv1 with Traps set snmp protocol set snmp security set snmp usm set summertime set system ip-address set timedate set timezone telnet traceroute AAA C OMMANDS Commands by Usage clear accounting clear authentication admin clear authentication console clear authentication dot1x clear authentication last-resort clear authentication mac...
Page 9 display mobility-profile set accounting {admin | console} set accounting {dot1x | mac | web | last-resort} set authentication admin set authentication console set authentication dot1x set authentication last-resort set authentication mac set authentication proxy set authentication web set location policy set mac-user set mac-user attr set mac-usergroup attr...
Page 10 clear network-domain seed-ip display network-domain set network-domain mode member seed-ip set network-domain peer set network-domain mode seed domain-name ANAGED CCESS MAP Access Point Commands by Usage clear {ap | dap} radio clear radio-profile clear service-profile display {ap | dap} config display {ap | dap} counters display {ap | dap} qos-stats display {ap | dap} etherstats...
Page 11 set {ap | dap} radio auto-tune min-client-rate set {ap | dap} radio mode set {ap | dap} radio radio-profile set {ap | dap} radio tx-power set dap security set {ap | dap} upgrade-firmware set radio-profile 11g-only set radio-profile active-scan set radio-profile auto-tune channel-config set radio-profile auto-tune channel-holddown set radio-profile auto-tune channel-interval set radio-profile auto-tune power-backoff- timer...
Page 12 set service-profile rsn-ie set service-profile shared-key-auth set service-profile ssid-name set service-profile ssid-type set service-profile tkip-mc-time set service-profile web-portal-form set service-profile wep active-multicast-index set service-profile wep active-unicast-index set service-profile wep key-index set service-profile wpa-ie STP C OMMANDS STP Commands by Usage clear spantree portcost clear spantree portpri clear spantree portvlancost...
Page 13 IGMP S NOOPING Commands by usage clear igmp statistics display igmp display igmp mrouter display igmp querier display igmp receiver-table display igmp statistics set igmp set igmp lmqi set igmp mrouter set igmp mrsol set igmp mrsol mrsi set igmp oqi set igmp proxy-report set igmp qi set igmp qri...
Page 14 RYPTOGRAPHY Commands by Usage crypto ca-certificate crypto certificate crypto generate key crypto generate request crypto generate self-signed crypto otp crypto pkcs12 display crypto ca-certificate display crypto certificate display crypto key ssh RADIUS ERVER Commands by Usage clear radius clear radius client system-ip clear radius proxy client clear radius proxy port clear radius server...
Page 15 clear dot1x reauth-period clear dot1x timeout auth-server clear dot1x timeout supplicant clear dot1x tx-period display dot1x set dot1x authcontrol set dot1x bonded-period set dot1x key-tx set dot1x max-req set dot1x port-control set dot1x quiet-period set dot1x reauth set dot1x reauth-max set dot1x reauth-period set dot1x timeout auth-server set dot1x timeout supplicant...
Page 16 display rfdetect countermeasures display rfdetect counters display rfdetect data display rfdetect ignore display rfdetect mobility-domain display rfdetect ssid-list display rfdetect vendor-list display rfdetect visible set rfdetect active-scan set rfdetect attack-list set rfdetect black-list set rf detect countermeasures set rfdetect countermeasures mac set rfdetect ignore set rfdetect log set rfdetect signature...
Page 17 set boot backup-configuration set boot configuration-file set boot partition RACE OMMANDS Commands by Usage clear log trace clear trace display trace save trace set trace authentication set trace authorization set trace dot1x set trace sm NOOP OMMANDS Commands by Usage clear snoop clear snoop map set snoop...
Page 18 ROMPT OMMANDS Boot Prompt Commands by Usage autoboot boot change create delete dhcp diag display fver help next reset test version BTAINING UPPORT FOR YOUR Register Your Product Purchase Value-Added Services Troubleshoot Online Access Software Downloads Telephone Technical Support and Repair Contact Us NDEX RODUCT...
Page 19: Bout This Guide
This command reference explains Mobility System Software (MSS™) command line interface (CLI) that you enter on a 3Com WXR100 or WX1200 Wireless Switch or WX4400 Wireless LAN Controller to configure and manage the Mobility System™ wireless LAN (WLAN). Read this reference if you are a network administrator responsible for managing WXR100, WX1200 or WX4400 wireless switches and their Managed Access Points (MAPs) in a network.
Page 20: Documentation
These notes provide information about the system software release, including new features and bug fixes. Wireless LAN Switch and Controller Quick Start Guide This guide provides instructions for performing basic setup of secure (802.1X) and guest (WebAAA ™ ) access, for configuring a Mobility Domain for roaming, and for accessing a sample network plan in 3WXM for advanced configuration and management.
Page 21: Documentation Comments
This manual shows you how to plan, configure, deploy, and manage the entire WLAN with the 3WXM tool suite. Read this guide to learn how to plan wireless services, how to configure and deploy 3Com equipment to provide those services, and how to optimize and manage your WLAN.
Page 22 BOUT UIDE Please note that we can only respond to comments and questions about 3Com product documentation at this e-mail address. Questions related to Technical Support or sales should be directed in the first instance to your network supplier.
Page 23: Using The Command -Line Interface
Mobility System Software (MSS) operates a 3Com Mobility System wireless LAN (WLAN) consisting of 3Com Wireless Switch Manager (3WXM) software and 3Com Wireless LAN Switch or 3Com Wireless LAN Controller (WX switch) and 3Com Wireless LAN Managed Access Point (MAP) hardware. There is a command-line interface (CLI) on the WX switch that you can use to configure and manage the WX and its attached access points.
Page 24: Cli Conventions
After you become enabled as an administrative user by typing enable and supplying a suitable password, MSS displays the following prompt: WXmmmm# For information about changing the CLI prompt on a wireless LAN switch, see “set prompt” on page 54. Syntax Notation...
Page 25: Text Entry Conventions And Allowed Characters
MAC addresses, virtual LAN (VLAN) names, and ports in a single command. 3Com recommends that you do not use the same name with different capitalizations for VLANs or access control lists (ACLs). For example, do not configure two separate VLANs with the names red and RED.
Page 26: Ip Address And Mask Notation
Wildcard Masks Security access control lists (ACLs) use source and destination IP addresses and wildcard masks to determine whether the wireless LAN switch filters or forwards IP packets. Matching packets are either permitted or denied network access. The ACL checks the bits in IP addresses that correspond to any 0s (zeros) in the mask, but does not check the bits that correspond to 1s (ones) in the mask.
Page 27 Table 3 gives examples of user globs. Table 3 User Globs User Glob jose@example.com *@example.com *@marketing.example.com *.*@marketing.example.com All marketing users at example.com whose EXAMPLE\* EXAMPLE\*.* MAC Address Globs A media access control (MAC) address glob is a similar method for matching some authentication, authorization, and accounting (AAA) and forwarding database (FDB) commands to one or more 6-byte MAC addresses.
Page 28: Port Lists
You can include a single port or multiple ports in one MSS CLI command by using the appropriate list format. The ports on a WX switch are numbered 1 through 4 (for the 3Com Wireless LAN Controller WX4400) and 1 through 8 (for the 3Com Wireless Lan Switch WX1200).
Page 29: Virtual Lan Identification
Virtual LAN The names of virtual LANs (VLANs), which are used in Mobility Domain Identification communications, are set by you and can be changed. In contrast, VLAN ID numbers, which the wireless LAN uses locally, are determined when the VLAN is first configured and cannot be changed. Unless otherwise indicated, you can refer to a VLAN by either its VLAN name or its VLAN number.
Page 30: History Buffer
1: U HAPTER SING THE OMMAND Table 4 Keyboard Shortcuts (continued) Keyboard Shortcut(s) Ctrl+U or Ctrl+X Ctrl+W Esc B Esc D Delete key or Backspace key Erases mistake made during command entry. Reenter History Buffer The history buffer stores the last 63 commands you entered during a terminal session.
Page 31: Using Cli Help
Using CLI Help The CLI provides online help. To see the full range of commands available at your access level, type the help command. For example: WX1200# help Commands: ------------------------------------------------------------------------- clear commit copy crypto delete disable display exit help history load logout monitor...
Page 32: Understanding Command Descriptions
To determine the port on which Telnet is running, type the following command: WX1200# display ip telnet Server Status ---------------------------------- Enabled Understanding Each command description in the 3Com Mobility System Software Command Command Reference contains the following elements: Descriptions NTERFACE display ip aliases display DNS status...
Page 33: Access Commands
This chapter describes access commands used to control access to the Mobility Software System (MSS) command-line interface (CLI). Commands by This chapter presents access services commands alphabetically. Use Usage Table 5 to located commands in this chapter based on their use. Table 5 Access Commands by Usage disable Changes the CLI session from enabled mode to restricted access.
Page 34: Enable
Usage — MSS displays a password prompt to challenge you with the enable password. To enable a session, your or another administrator must have configured the enable password to this WX switch with the set enablepass command. Examples — The following command plus the enable password provides enabled access to the CLI for the current sessions: WX1200>...
Page 35: Set Enablepass
History — Introduced in MSS Version 3.0. Usage — After typing the set enablepass command, press Enter. If you are entering the first enable password on this WX switch, press Enter at the Enter old password prompt. Otherwise, type the old password.
Page 36 2: A HAPTER CCESS OMMANDS...
Page 37: System
Use system services commands to configure and monitor system information for a WX switch. Commands by This chapter presents system service commands alphabetically. Use Usage Table 6 to locate commands in this chapter based on their use. Table 6 System Services Commands by Usage...
Page 38: Clear Banner Motd
Table 6 System Services Commands by Usage (continued) clear banner motd Deletes the message-of-the-day (MOTD) banner that is displayed before the login prompt for each CLI session on the wireless LAN switch. Syntax — Defaults — None. Access — Enabled.
Page 39: Clear History
clear history Deletes the command history buffer for the current CLI session. Syntax — Defaults — None. Access — All. History — Introduced in MSS Version 3.0. Examples — To clear the history buffer, type the following command: WX4400# clear history success: command buffer was flushed.
Page 40: Clear System
Defaults — None. Access — Enabled. History — —Introduced in MSS Version 3.0. Option idle-timeout added in MSS Version 4.1. Examples — To clear the location of the WX switch, type the following command: WX4400# clear system location success: change accepted.
Page 41: Display Banner Motd
See Also display Provides an in-depth snapshot of the status of the wireless LAN switch, base-information which includes details about the boot image, the version, ports, and other configuration values. This command also displays the last 100 log messages.
Page 42: Display License
Serial Number License Number License Key Activation key Feature Expires The additional ports refers to the number of additional MAPs the switch can boot and actively manage. See Also OMMANDS display boot on page 573 display config on page 574...
Page 43: Display Load
History — Introduced in MSS Version 4.1. Examples — To display the CPU load recorded from the time the WX switch was booted, as well as from the previous time the display load command was run, type the following command:...
Page 44 Country-specific 802.11 code required for MAP operation (configured with set system countrycode). Record of the WX switch’s physical location (optionally configured with set system location). Contact information about the system administrator or another person to contact about the system (optionally configured with set system contact).
Page 45 System MAC WX switch’s media access control (MAC) machine address set at the factory, in 6-byte hexadecimal format. License License level installed on the WX switch (if applicable). Boot Time Date and time of the last system reboot. Uptime Number of days, hours, minutes, and seconds that the WX has been operating since its last restart.
Page 46: Help
Table 7 display system output (continued) See Also help Displays a list of commands that can be used to configure and monitor the WX switch. Syntax — Defaults — None. Access — All. History — Introduced in MSS Version 3.0.
Page 47: History
crypto delete disable display exit help history hit-sample-rate load logout monitor ping quit reset rollback save telnet traceroute See Also history Displays the command history buffer for the current CLI session. Syntax — Defaults — None. Access — All. History — Introduced in MSS Version 3.0. Examples —...
Page 48: Quickstart
In addition, error messages such as “Critical AP Notice” for directly connected MAPs can appear. set auto-config Enables a WX switch to contact a 3WXM server for its configuration. Syntax — Defaults — The auto-config option is automatically enabled on an unconfigured WXR100 when the factory reset switch is pressed during power on.
Page 49 LED remains solidly lit for 3 seconds after power on. However, when the factory reset switch is pressed, the LED flashes for 3 seconds instead. If you want another WX switch model to be able to access a 3WXM server for a configuration, you also must preconfigure the WX with the...
Page 50 Examples — The following commands stage a WX switch to use the auto-config option. The network where the switch is installed has a DHCP server, so the switch is configured to use the MSS DHCP client to obtain an IP address, default gateway address, DNS domain name, and DNS...
Page 51: Set Banner Motd
See Also set banner motd Configures the banner string that is displayed before the beginning of each login prompt for each CLI session on the WX switch. Syntax — Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0.
Page 52: Set Confirm
3: S HAPTER YSTEM ERVICE Examples — To create a banner that says Update meeting at 3 p.m., type the following command: WX4400# set banner motd ^Update meeting at 3 p.m.^ success: change accepted. See Also set confirm Enables or disables the display of confirmation messages for commands that might have a large impact on the network.
Page 53: Set Length
set length Defines the number of lines of CLI output to display between paging prompts. MSS displays the set number of lines and waits for you to press any key to display another set, or type q to quit the display. Syntax —...
Page 54: Set Prompt
ERVICE Usage — The license key is shipped with the switch. To obtain the activation key, access the 3Com web site. Each license and activation key pair allows the switch to actively manage an additional 24 MAPs. You can install up to three upgrade license and activation key pairs, to actively manage up to 96 MAPs.
Page 55: Set System Contact
Usage — When you first log in for the initial configuration of the WX switch, the CLI provides a WX1200> or WX4400> prompt, depending on your model. After you become enabled by typing enable and giving a suitable password, the WX1200# or WX4400# prompt is displayed.
Page 56: Set System Countrycode
59 set system name on page 60 set system countrycode code — Two-letter code for the country of operation for the WX code switch. You can specify one of the codes listed in Table 8. Country Code Australia Austria...
Page 57 Table 8 Country Codes (continued) Country Code Japan Liechtenstein Luxembourg Malaysia Mexico Netherlands New Zealand Norway Poland Portugal Saudi Arabia Singapore Slovakia Slovenia South Africa South Korea Spain Sweden Switzerland Taiwan Thailand United Arab Emirates United Kingdom United States Defaults — The factory default country code is None. Access —...
Page 58: Set System Idle-Timeout
See Also set system Specifies the maximum number of seconds a CLI management session idle-timeout with the switch can remain idle before MSS terminates the session. Syntax — Defaults — 3600 seconds (one hour). Access — Enabled. History — Introduced in MSS Version 4.1.
Page 59: Set System Ip-Address
192.168.253.1: WX4400# set system ip-address 192.168.253.1 success: change accepted. See Also set system location Stores location information for the WX switch. Syntax — Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0. Usage — You cannot include spaces in the system location string.
Page 60: Set System Name
Defaults — By default, the system name and command prompt have the same value. The factory default for both is the model number (WX1200 for the 3Com Wireless LAN Switch WX1200, WX4400 for the 3Com Wireless LAN Controller WX4400). Access — Enabled.
Page 61 set system name See Also clear system on page 40 display system on page 43 set prompt on page 54 set system contact on page 55 set system location on page 59...
Page 62 3: S HAPTER YSTEM ERVICE OMMANDS...
Page 63: Port Commands
Use port commands to configure and manage individual ports and load-sharing port groups. Commands by This chapter presents port commands alphabetically. Use Table 9 to Usage locate commands in this chapter based on their use. Table 9 Port Commands by Usage OMMANDS Type Command...
Page 64: Clear Dap
4: P HAPTER OMMANDS Table 9 Port Commands by Usage (continued) clear dap Removes a Distributed MAP. CAUTION: When you clear a Distributed MAP, MSS ends user sessions that are using the MAP. Syntax — Defaults — None. Access — Enabled. History —...
Page 65: Clear Port Counters
clear port counters Clears port statistics counters and resets them to 0. Syntax — Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0. Examples — The following command clears all port statistics counters and resets them to 0: WX4400# clear port counters success: cleared port counters See Also...
Page 66: Clear Port Media-Type
4: P HAPTER OMMANDS clear port Disables the copper interface and reenables the fiber interface on an media-type WX4400 gigabit Ethernet port. Syntax — Defaults — The GBIC (fiber) interface is enabled, and the copper interface is disabled, by default. Access —...
Page 67: Clear Port Preference
Usage — This command applies only to the WX4400. This command does not affect a link that is already active on the port. Examples — The following command clears the preference set on port 2 on a WX4400 switch: WX4400# clear port preference 2 See Also...
Page 68: Clear Port Type
4: P HAPTER OMMANDS clear port type Removes all configuration settings from a port and resets the port as a network port. CAUTION: When you clear a port, MSS ends user sessions that are using the port. Syntax — Defaults — The cleared port becomes a network port but is not placed in any VLANs.
Page 69: Display Port Counters
Examples — The following command clears port 5: WX1200# clear port type 5 This may disrupt currently authenticated users. Are you sure? (y/n) [n]y success: change accepted. See Also display port Displays port statistics. counters Syntax — [octets | packets | receive-errors | transmit-errors | collisions | receive-etherstats transmit-etherstats] [port port-list] Defaults —...
Page 70: Display Port-Group
4: P HAPTER OMMANDS Examples — The following command shows octet statistics for port 3: WX1200> display port counters octets port 3 Port Status ============================================================================= This command’s output has the same fields as the monitor port counters command. For descriptions of the fields, see Table 17 on page 78. See Also display port-group Shows port group information.
Page 71: Display Port Poe
Defaults — None. Access — All. History — Introduced in MSS Version 3.0. Examples — The following command displays PoE information for all ports on a WX1200 switch: WX1200# display port poe Port ============================================================ Table 12 describes the fields in this display.
Page 72: Display Port Preference
Access — All. History — Introduced in MSS Version 3.0. Usage — This command applies only to the WX4400. Examples — The following command displays the preference settings on all four ports of a WX4400 switch: WX4400# display port preference Field Description...
Page 73: Display Port Status
Port =========================================================== Table 13 describes the fields in this display. Table 13 Output for display port preference See Also display port status Displays configuration and status information for ports. Syntax — Defaults — None. Access — All. History — Introduced in MSS Version 3.0. Preference GBIC RJ45...
Page 74 4: P HAPTER OMMANDS Examples — The following command displays information for all ports on a WX1200 switch: WX1200# display port status Port Name =============================================================================== Table 14 describes the fields in this display. Table 14 Output for display port status...
Page 75: Display Port Media-Type
Table 14 Output for display port status (continued) See Also display port Displays the enabled interface types on a WX4400 switch’s gigabit media-type Ethernet ports. See Also — Defaults — None. Access — All. History — Introduced in MSS Version 4.0.
Page 76: Monitor Port Counters
4: P HAPTER OMMANDS =========================================================== Table describes the fields in this display. Table 15 Output for display port media-type See Also monitor port Displays and continually updates port statistics. counters Syntax — [octets | packets | receive-errors | transmit-errors | collisions | receive-etherstats | transmit-etherstats] GBIC RJ45...
Page 77 Defaults — All types of statistics are displayed for all ports. MSS refreshes the statistics every 5 seconds. This interval cannot be configured. Statistics types are displayed in the following order by default: Octets Packets Receive errors Transmit errors Collisions Receive Ethernet statistics Transmit Ethernet statistics Access —...
Page 78 4: P HAPTER OMMANDS Examples — The following command starts the port statistics monitor beginning with octet statistics (the default): WX4400# monitor port counters As soon as you press Enter, MSS clears the window and displays statistics at the top of the window. Port Status ===============================================================================...
Page 79 Table 17 Output for monitor port counters (continued) Statistics Option Field packets Rx Unicast NonUnicast Tx Unicast NonUnicast receive-errors Rx Crc Rx Error Rx Short Rx Overrun transmit-errors Tx Crc Tx Short Tx Fragment Tx Abort monitor port counters Description Number of unicast packets received.
Page 80 4: P HAPTER OMMANDS Table 17 Output for monitor port counters (continued) Statistics Option Field collisions receive-etherstats transmit-etherstats Tx 64 See Also Single Coll Multiple Coll Total number of frames transmitted that Excessive Coll Total number of frames that experienced more Total Coll Rx 64 Rx 127...
Page 81: Reset Port
IEEE 802.11 country-specific regulations on the WX switch. See “set system countrycode” on page 56. For a MAP that is directly connected to the WX switch, use the set port type ap command to configure a MAP access port.
Page 82 — Number for the Distributed MAP. The range of valid dap-num connection numbers depends on the WX switch model: For a WX4400, you can specify a number from 1 to 256. For a WX1200, you can specify a number from 1 to 30.
Page 83: Set Port
set port Administratively disables or reenables a port. Syntax — Defaults — All ports are enabled. Access — Enabled. History — Introduced in MSS Version 3.0. Usage — A port that is administratively disabled cannot send or receive packets. This command does not affect the link state of the port. Examples —...
Page 84: Set Port-Group
4: P HAPTER OMMANDS set port-group Configures a load-sharing port group. All ports in the group function as a single logical link. Syntax — mode {on | off} Defaults — Once configured, a group is enabled by default. Access — Enabled. History —...
Page 85: Set Port Media-Type
See Also set port media-type Disables the fiber interface and enables the copper interface on an WX4400 gigabit Ethernet port. Syntax — Defaults — The GBIC (fiber) interface is enabled, and the copper interface is disabled, by default. Access — Enabled. History —...
Page 86: Set Port Name
History — Introduced in MSS Version 3.0. Usage — To simplify configuration and avoid confusion between a port’s number and its name, 3Com recommends that you do not use numbers as port names. Examples — The following command sets the name of port 7 to...
Page 87: Set Port Poe
CAUTION: When you set the port type for MAP use, you can enable PoE on the port. Use the WX switch’s PoE to power 3Com MAP access points only. If you enable PoE on ports connected to other devices, damage can result.
Page 88: Set Port Preference
4: P HAPTER OMMANDS Examples — The following command disables PoE on ports 4 and 5, which are connected to a MAP access point: WX1200# set port poe 4,5 disable If you are enabling power on these ports, they must be connected only to approved PoE devices with the correct wiring.
Page 89: Set Port Speed
Examples — The following command sets the preference of port 2 on a WX4400 to RJ-45 (copper): WX4400# set port preference 2 rj45 See Also set port speed Changes the speed of a port. Syntax — Defaults — All ports are set to auto. Access —...
Page 90: Set Port Trap
4: P HAPTER OMMANDS set port trap Enables or disables Simple Network Management Protocol (SNMP) linkup and linkdown traps on an individual port. Syntax — Defaults — SNMP linkup and linkdown traps are disabled by default. Access — Enabled. History — Introduced in MSS Version 3.0. Usage —...
Page 91: Set Port Type Ap
CAUTION: When you set the port type for MAP use, you must specify the PoE state (enable or disable) of the port. Use the WX switch’s PoE to power 3Com MAP access points only. If you enable PoE on a port connected to another device, physical damage to the device can result.
Page 92 4: P HAPTER OMMANDS MAP access point models AP2750, MP-241, and MP-341 have a single radio that can be configured for 802.11a or 802.11b/g. Other MAP models have two radios. On two-radio models, one radio is always 802.11a. The other radio is 802.11b/g, but can be configured for 802.11b or 802.11g exclusively.
Page 93 This command does not apply to any gigabit Ethernet ports or to ports 7 and 8 on the WX1200 switch. To manage a MAP access point on a switch model that does not have 10/100 Ethernet ports, use the set dap command to configure a Distributed MAP connection on the switch.
Page 94: Set Port Type Wired-Auth
— Denies authentication and prohibits the user from accessing the network over this port. web-portal — Serves the user a web page from the MX switch’s nonvolatile storage for secure login to the network.
Page 95 Defaults — The default tag-list is null (no tag values). The default number of sessions is 1. The default fallthru authentication type is none. Access — Enabled. History—Introduced in MSS Version 3.0. Option for WebAAA fallthru authentication type changed from web-auth to web-portal in MSS Version 4.0.
Page 96 4: P HAPTER OMMANDS The 802.1X specification prohibits networking devices from forwarding PAE group address packets, because this would make it possible for multiple authenticators to acquire the same client. For non-802.1X clients, who use MAC authentication, WebAAA, or last-resort authentication, wired authentication works if the clients are directly attached or indirectly attached.
Page 97: Vlan Commands
VLAN C Use virtual LAN (VLAN) commands to configure and manage parameters for individual port VLANs on network ports, and to display information about clients roaming within a mobility domain. Commands by This chapter presents VLAN commands alphabetically. Use Table 20 to usage locate commands in this chapter based on their use.
Page 98: Clear Fdb
5: VLAN C HAPTER OMMANDS clear fdb Deletes an entry from the forwarding database (FDB). Syntax — port port-list} [vlan vlan-id] [tag tag-value] Defaults — None. Access — Enabled. History —Introduced in MSS Version 3.0. Usage — You can delete forwarding database entries based on entry type, port, or VLAN.
Page 99: Clear Security 12-Restrict
The following command clears all dynamic forwarding database entries that match all VLANs: WX4400# clear fdb dynamic success: change accepted. The following command clears all dynamic forwarding database entries that match ports 3 and 5: WX4400# clear fdb port 3,5 success: change accepted.
Page 100: Clear Security 12-Restrict Counters
5: VLAN C HAPTER OMMANDS Examples — The following command removes MAC address aa:bb:cc:dd:ee:ff from the list of addresses to which clients in VLAN abc_air are allowed to send traffic at Layer 2: WX4400# clear security 12-restrict vlan abc_air permit-mac aa:bb:cc:dd:ee:ff success: change accepted.
Page 101: Clear Vlan
clear vlan Removes physical or virtual ports from a VLAN or removes a VLAN entirely. CAUTION: from the configuration and also removes all configuration information that uses the VLAN. If you want to remove only a specific port from the VLAN, make sure you specify the port number in the command.
Page 102: Display Fdb
5: VLAN C HAPTER OMMANDS The following command completely removes VLAN marigold: WX4400# clear vlan marigold This may disrupt user connectivity. Do you wish to continue? (y/n) [n]y success: change accepted. See Also display fdb Displays entries in the forwarding database. Syntax —...
Page 103 Access — All. History —Introduced in MSS Version 3.0. Usage — To display the entire forwarding database, enter the display fdb command without options. To display only a portion of the database, use optional parameters to specify the types of entries you want to display. Examples —...
Page 104: Display Fdb Agingtime
Note: This Class of Service (CoS) value is not associated with MSS quality of service (QoS) features. Destination Ports Wireless LAN switch port associated with the entry. A WX switch sends traffic to the destination MAC address through this port.
Page 105: Display Fdb Count
See Also display fdb count Lists the number of entries in the forwarding database. Syntax — [vlan vlan-id] Defaults — None. Access — All. History —Introduced in MSS Version 3.0. The following command lists the number of dynamic entries that the forwarding database contains: WX1200# display fdb count dynamic Total Matching Entries = 2...
Page 106: Display Roaming Station
5: VLAN C HAPTER OMMANDS display roaming Shows a list of the stations roaming to the wireless LAN switch through a station VLAN tunnel. Syntax — [vlan vlan-id] [peer Defaults — None. Access — Enabled. History —Introduced in MSS Version 3.0. Old AP MAC field removed in MSS Version 4.1.
Page 107 WX over the tunnel. Chck — This WX switch is in the process of accepting a reassociation request from the roaming peer WX switch for a station currently roaming to the peer switch.
Page 108: Display Roaming Vlan
HAPTER OMMANDS display roaming Shows all VLANs in the mobility domain, the WX switches servicing the vlan VLANs, and their tunnel affinity values configured on each switch for the VLANs. Syntax — Defaults — None. Access — Enabled. History —Introduced in MSS Version 3.0.
Page 109: Display Security 12-Restrict
display security Displays configuration information and statistics for Layer 2 forwarding 12-restrict restriction. Syntax — vlan-id Defaults — If you do not specify a VLAN name or all, information is displayed for all VLANs. Access — Enabled. History —Introduced in MSS Version 4.1. Examples —...
Page 110: Display Tunnel
Syntax — Defaults — None. Access — Enabled History —Introduced in MSS Version 3.0. Examples — To display all tunnels from a WX switch to other WX switches in the Mobility Domain, type the following command. WX4400# display tunnel VLAN...
Page 111: Display Vlan Config
---- ---------------- ------ ----- ----- ---------------- ----- ----- 2 burgundy 4094 web-aaa Field Description Remote Address IP address of the remote end of the tunnel. This is the system IP address of another WX switch in the mobility domain. State Tunnel state: Dormant Port Tunnel port ID.
Page 112 Virtual ports are tunnels to other WX switches in a mobility domain, and are listed as follows: t:ip-addr, where ip-addr is the system IP address of the WX switch at the other end of the tunnel. Note: This field can include MAP access ports and wired authentication ports, because MSS dynamically adds these ports to a VLAN when handling user traffic for the VLAN.
Page 113: Set Fdb
set fdb Adds a permanent or static entry to the forwarding database. Syntax — mac-addr port port-list vlan vlan-id [tag tag-value] Defaults — None. Access — Enabled. History —Introduced in MSS Version 3.0. Usage — You cannot add a multicast or broadcast address as a permanent or static FDB entry.
Page 114: Set Fdb Agingtime
5: VLAN C HAPTER OMMANDS See Also set fdb agingtime Changes the aging timeout period for dynamic entries in the forwarding database. Syntax — Defaults — The aging timeout period is 300 seconds (5 minutes). Access — Enabled. History —Introduced in MSS Version 3.0. Examples —...
Page 115 — Enables or disables restriction of Layer 2 forwarding. mode {enable | disable} permit-mac mac-addr mac-addr Defaults — Layer 2 restriction is disabled by default. Access — Enabled. History —Introduced in MSS Version 4.1. Usage — You can specify multiple addresses by listing them on the same command line or by entering multiple commands.
Page 116: Set Vlan Name
VLAN 1. 3Com also recommends that you do not rename the default VLAN. You cannot use a number as the first character in a VLAN name. 3Com recommends that you do not use the same name with different capitalizations for VLANs.
Page 117: Set Vlan Port
VLAN. If you do specify a tag value, the WX sends tagged frames only for the VLAN. If you do specify a tag value, 3Com recommends that you use the same value as the VLAN number. MSS does not require the VLAN number and tag value to be the same but some other switches do.
Page 118: Set Vlan Tunnel-Affinity
Changes a wireless LAN switch’s preferability within a mobility domain tunnel-affinity for tunneling user traffic for a VLAN. When a user roams to a WX switch that is not a member of the user’s VLAN, the WX can forward the user traffic by tunneling to another WX switch that is a member of the VLAN.
Page 119: Quality Of
Use Quality of Service (QoS) commands to configure packet prioritization in MSS. Packet prioritization ensures that WX switches and MAP access points give preferential treatment to high-priority traffic such as voice and video. (To override the prioritization for specific traffic, use access controls lists [ACLs] to set the Class of Service [CoS] for the packets.
Page 120: Clear Qos
Resets the switch’s mapping of Differentiated Services Code Point (DSCP) values to internal QoS values. The switch’s internal QoS map ensures that prioritized traffic remains prioritized while transiting through the WX switch. A WX switch uses the QoS map to do the following: Syntax —...
Page 121: Set Qos Cos-To-Dscp-Map
set qos Changes the value to which MSS maps an internal QoS value when cos-to-dscp-map marking outbound packets. Syntax — Defaults — The defaults are listed by the display qos command. Access — Enabled. History —Introduced in MSS Version 4.1. Examples —...
Page 122: Set Qos Dscp-To-Cos-Map
6: Q HAPTER UALITY OF ERVICE set qos Changes the internal QoS value to which MSS maps a packet’s DSCP dscp-to-cos-map value when classifying inbound packets. Syntax — Defaults — The defaults are listed by the display qos command. Access — Enabled. History —Introduced in MSS Version 4.1.
Page 123: Display Qos
Displays the switch’s QoS settings. Syntax — Defaults — None. Access — Enabled. History —Introduced in MSS Version 4.1. Examples — The following command displays the default QoS settings: WX1200# display qos default Ingress QoS Classification Map (dscp-to-cos)
Page 124: Display Qos Dscp-Table
6: Q HAPTER UALITY OF ERVICE display qos Displays a table that maps Differentiated Services Code Point (DSCP) dscp-table values to their equivalent combinations of IP precedence values and IP ToS values. Syntax — Defaults — None. Access — Enabled. History —Introduced in MSS Version 4.0 as the display security acl dscp command and renamed in MSS Version 4.1.
Page 125: Ip Services
IP S Use IP services commands to configure and manage IP interfaces, management services, the Domain Name Service (DNS), Network Time Protocol (NTP), and aliases, and to ping a host or trace a route. Commands by This chapter presents IP services commands alphabetically. Use Table 28 Usage to locate the commands in this chapter based on their use.
Page 126 7: IP S HAPTER ERVICES OMMANDS Table 28 IP Services Commands by Usage (continued) Type HTTPS Management set ip https server on page 167 IP Alias Time and Date SNMP Command display ip https on page 145 set ip dns on page 164 set ip dns domain on page 165 set ip dns server on page 166 display ip dns on page 144...
Page 127: Clear Interface
Table 28 IP Services Commands by Usage (continued) clear interface Removes an IP interface. Syntax — Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0. Usage — If the interface you want to remove is configured as the system IP address, removing the address can interfere with system tasks that use the system IP address, including the following: Type...
Page 128: Clear Ip Alias
7: IP S HAPTER ERVICES OMMANDS Examples — The following command removes the IP interface configured on VLAN mauve: WX1200# clear interface mauve ip success: cleared ip on vlan mauve See Also clear ip alias Removes an alias, which is a string that represents an IP address. Syntax —...
Page 129: Clear Ip Dns Domain
WX1200# clear ip dns domain Default DNS domain name cleared. See Also clear ip dns server Removes a DNS server from a WX switch configuration. Syntax — Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0.
Page 130: Clear Ip Route
7: IP S HAPTER ERVICES OMMANDS See Also clear ip route Removes a route from the IP route table. Syntax — ip-addr/mask-length} gateway default is an alias for IP address 0.0.0.0/0. Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0. Examples —...
Page 131: Clear Ip Telnet
Resets the Telnet server’s TCP port number to its default value. A WX switch listens for Telnet management traffic on the Telnet server port. Syntax — Defaults — The default Telnet port number is 23. Access — Enabled.
Page 132: Clear Ntp Update-Interval
7: IP S HAPTER ERVICES OMMANDS Examples — The following command removes NTP server 192.168.40.240 from a WX switch configuration: WX4400# clear ntp server 192.168.40.240 success: change accepted. See Also clear ntp Resets the NTP update interval to the default value.
Page 133: Clear Snmp Community
clear snmp Clears an SNMP community string. community Syntax — Defaults — None. Access — Enabled. History —Introduced in MSS Version 4.0. Examples — The following command clears community string setswitch2: WX1200# clear snmp community name setswitch2 success: change accepted. See Also clear snmp notify Clears an SNMP notification profile.
Page 134: Clear Snmp Notify Target
7: IP S HAPTER ERVICES OMMANDS See Also clear snmp notify Clears an SNMP notification target. target Syntax — Defaults — None. Access — Enabled. History —Introduced in MSS Version 4.0. Examples — The following command clears notification target 3: WX1200# clear snmp notify target 3 success: change accepted.
Page 135: Clear Summertime
Clears the summertime setting from a wireless LAN switch. Syntax — Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0. Examples — To clear the summertime setting from a WX switch, type the following command: WX1200# clear summertime success: change accepted. See Also...
Page 136: Clear System Ip-Address
WX1200# clear system ip-address success: change accepted. See Also clear timezone Clears the time offset for the wireless LAN switch’s real-time clock from Coordinated Universal Time (UTC). UTC is also know as Greenwich Mean Time (GMT). Syntax — Defaults — None.
Page 137: Display Arp
History — Introduced in MSS Version 3.0. Examples — To return the WX switch’s real-time clock to UTC, type the following command: WX4400# clear timezone success: change accepted. See Also display arp Shows the ARP table. Syntax — Defaults — If you do not specify an IP address, the whole ARP table is displayed.
Page 138: Display Dhcp-Client
DYNAMIC — Entry was learned from network traffic and ages out if unused for longer than the ARP aging timeout. LOCAL — Entry for the WX switch’s MAC address. Each VLAN has one local entry for the WX switch’s MAC address.
Page 139 Examples — The following command displays DHCP client information: WX1200# display dhcp-client Interface: Configuration Status: Enabled DHCP State: Lease Allocation: Lease Remaining: IP Address: Subnet Mask: Default Gateway: DHCP Server: DNS Servers: DNS Domain Name: Table 30 describes the fields in this display. Table 30 Output for display dhcp-client Field Description...
Page 140: Display Dhcp-Server
7: IP S HAPTER ERVICES OMMANDS display dhcp-server Displays MSS DHCP server information. Syntax — Defaults — None. Access — All. History — Introduced in MSS Version 4.0. Examples — The following command displays the addresses leased by the MSS DHCP server: WX1200# display dhcp-server VLAN Name ----------...
Page 141 Default Gateway: DNS Servers: DNS Domain Name: Table 31 and Table 32 describe the fields in these displays. Table 31 Output for display dhcp-server Field Description VLAN VLAN number Name VLAN name Address IP address leased by the server. MAC Address MAC address of the device that holds the least for the address.
Page 142: Display Interface
OMMANDS Table 32 Output for display dhcp-server verbose See Also display interface Shows the IP interfaces configured on the wireless LAN switch. Syntax — Defaults — If you do not specify a VLAN ID, interfaces for all VLANs are displayed.
Page 143: Display Ip Alias
Table 33 Output for display interface See Also display ip alias Shows the IP aliases configured on the wireless LAN switch. Syntax — Defaults — If you do not specify an alias name, all aliases are displayed. Access — Enabled.
Page 144: Display Ip Dns
Table 34 describes the fields in this display. Table 34 Output for display ip alias See Also display ip dns Shows the DNS servers the wireless LAN switch is configured to use. Syntax — Defaults — None. Access — All.
Page 145: Display Ip Https
Access — All. History —Introduced in MSS Version 3.0. Examples — The following command shows the status and port number for the HTTPS management interface to the WX switch: WX4400# display ip https HTTPS is enabled HTTPS is set to use port 443...
Page 146: Display Ip Route
State of the HTTPS server: enabled/disabled Enabled Disabled HTTPS is set to use port TCP port number on which the WX switch listens for HTTPS connections. Last 10 connections List of the last 10 devices to establish connections to the WX switch’s HTTPS server.
Page 147 WX switch’s VLANs has an interface in the gateway router’s subnet. If the WX switch has such an interface but the static route is still down, use the display vlan config command to check the state of the VLAN’s ports.
Page 148: Display Ip Telnet
The destination for the IP multicast route is MULTICAST. For static routes, the value Down means the WX switch does not have an interface to the destination’s next-hop router. To provide an interface, configure an IP interface that is in the same IP subnet as the next-hop router.
Page 149: Display Ntp
Server Status State of the HTTPS server: Enabled Disabled Port TCP port number on which the WX switch listens for Telnet management traffic. clear ip telnet on page 131 display ip https on page 145 set ip https server on page 167...
Page 150 7: IP S HAPTER ERVICES OMMANDS Examples — To display NTP information for a WX switch, type the following command: WX4400> display ntp NTP client: enabled Current update-interval: 20(secs) Current time: Fri Feb 06 2004, 12:02:57 Timezone is set to 'PST', offset from UTC is -8:0 hours.
Page 151: Display Snmp Community
REJECT SELCAND SYNCCAND SYSPEER Local state State of the NTP session from the point of view of the WX switch’s NTP client: INITED START SYNCED clear ntp server on page 131 clear summertime on page 135 clear timezone on page 136...
Page 152: Display Snmp Counters
7: IP S HAPTER ERVICES OMMANDS See Also display snmp Displays SNMP statistics counters. counters Syntax — Defaults — None. Access — Enabled. History —Introduced in MSS Version 4.0. display snmp notify Displays SNMP notification profiles. profile Syntax — Defaults — None. Access —...
Page 153: Display Snmp Status
See Also display snmp status Displays SNMP version and status information. Syntax — Defaults — None. Access — Enabled. History —Introduced in MSS Version 4.0. See Also clear snmp notify target on page 134 set snmp notify target on page 181 display snmp status set snmp community on page 175 set snmp notify target on page 181...
Page 154: Display Snmp Usm
Defaults — There is no summertime offset by default. Access — All. History —Introduced in MSS Version 3.0. Examples — To display the summertime setting on a WX switch, type the following command: WX1200# display summertime Summertime is enabled, and set to 'PDT'.
Page 155: Display Timedate
Shows the date and time of day currently set on a wireless LAN switch’s real-time clock. Syntax — Defaults — None. Access — All. History —Introduced in MSS Version 3.0. Examples — To display the time and date set on a WX switch’s real-time...
Page 156: Ping
Timezone set to 'pst', offset from UTC is -8 hours See Also ping Tests IP connectivity between a wireless LAN switch and another device. MSS sends an Internet Control Message Protocol (ICMP) echo packet to the specified WX switch and listens for a reply packet.
Page 157 Because the WX switch adds header information, the ICMP packet size is 8 bytes larger than the size you specify. source-ip ip-addr as the source IP address in the ping packets. source-ip vlan-name uses the IP address configured on the VLAN as the source IP address in the ping packets.
Page 158: Set Arp
7: IP S HAPTER ERVICES OMMANDS set arp Adds an ARP entry to the ARP table. Syntax — ip-addr mac-addr Defaults — The default aging timeout is 1200 seconds. Access — Enabled. History— Introduced in MSS Version 3.0. Examples — The following command adds a static ARP entry that maps IP address 10.10.10.1 to MAC address 00:bb:cc:dd:ee:ff: WX1200# set arp static 10.10.10.1 00:bb:cc:dd:ee:ff success: added arp 10.10.10.1 at 00:bb:cc:dd:ee:ff on VLAN 1...
Page 159: Set Arp Agingtime
set arp agingtime Changes the aging timeout for dynamic ARP entries. Syntax — Defaults — None. Access — Enabled. History— Introduced in MSS Version 3.0. Usage — Aging applies only to dynamic entries. To reset the ARP aging timeout to its default value, use the set arp agingtime 1200 command.
Page 160: Set Interface
7: IP S HAPTER ERVICES OMMANDS set interface Configures an IP interface on a VLAN. Syntax — {ip-addr mask | ip-addr/mask-length} Defaults — None. Access — Enabled. History— Introduced in MSS Version 3.0. Usage — You can assign one IP interface to each VLAN. If an interface is already configured on the VLAN you specify, this command replaces the interface.
Page 161: Set Interface Dhcp-Client
WXR100 when the factory reset switch is pressed and held during power on. The DHCP client is disabled by default on all other switch models, and is disabled on a WXR100 if the switch is already configured or the factory reset switch is not pressed and held during power on.
Page 162: Set Interface Dhcp-Server
Use of the MSS DHCP server to allocate client addresses is intended for temporary, demonstration deployments and not for production networks. 3Com recommends that you do not use the MSS DHCP server to allocate client addresses in a production network.
Page 163: Set Interface Status
Examples — The following command enables the DHCP server on VLAN red-vlan to serve addresses from the 192.168.1.5 to 192.168.1.25 range: WX1200# set interface red-vlan ip dhcp-server enable start 192.168.1.5 stop 192.168.1.25 success: change accepted. See Also set interface status Administratively disables or reenables an IP interface.
Page 164: Set Ip Alias
Defaults — DNS is disabled by default. Access — Enabled. History— Introduced in MSS Version 3.0. Examples — The following command enables DNS on a WX switch: WX1200# set ip dns enable Start DNS Client set ip alias name ip-addr —...
Page 165: Set Ip Dns Domain
See Also set ip dns domain Configures a default domain name for DNS queries. The wireless LAN switch appends the default domain name to domain names or hostnames you enter in commands. Syntax — Defaults — None. Access — Enabled.
Page 166: Set Ip Dns Server
Syntax — Defaults — None. Access — Enabled. Usage — You can configure a WX switch to use one primary DNS server and up to five secondary DNS servers. Examples — The following commands configure a WX switch to use a primary DNS server and two secondary DNS servers: WX1200# set ip dns server 10.10.10.50/24 primary...
Page 167: Set Ip Https Server
Enables the HTTPS server on a wireless LAN switch. The HTTPS server is required for Web Manager access to the switch. CAUTION: If you disable the HTTPS server, Web Manager access to the WX switch is also disabled.
Page 168 Before you add a static route, use the display interface command to verify that the WX switch has an IP interface in the same subnet as the route’s next-hop router. If not, the VLAN:Interface field of the display ip route command output shows that the route is down.
Page 169: Set Ip Snmp Server
WX4400# set ip route default 10.2.4.17 2 success: change accepted. The following command adds an explicit route from a WX switch to any host on the 192.168.4.x subnet through the local router 10.5.4.2, and gives the route a cost of 1: WX4400# set ip route 192.168.4.0 255.255.255.0 10.5.4.2 1...
Page 170: Set Ip Ssh
7: IP S HAPTER ERVICES OMMANDS History — Introduced in MSS Version 3.0. Examples — The following command enables the SNMP server on a WX switch: WX4400# set ip snmp server enable success: change accepted. See Also set ip ssh Changes the TCP port number on which a wireless LAN switch listens for Secure Shell (SSH) management traffic.
Page 171: Set Ip Ssh Server
Usage — You must generate an SSH authentication key to use SSH. The maximum number of SSH sessions supported on a WX switch is eight. If Telnet is also enabled, the WX switch can have up to eight Telnet or SSH sessions, in any combination, and one Console session.
Page 172: Set Ip Telnet Server
Access — Enabled. Usage — The maximum number of Telnet sessions supported on a WX switch is eight. If SSH is also enabled, the WX switch can have up to eight Telnet or SSH sessions, in any combination, and one console session.
Page 173: Set Ntp
Usage — If NTP is configured on a system whose current time differs from the NTP server time by more than 10 minutes, convergence of the WX time can take many NTP update intervals. 3Com recommends that you set the time manually to the NTP server time before enabling NTP to avoid a significant delay in convergence.
Page 174: Set Ntp Server
RFC 1305, Network Time Protocol (Version 3) Specification, Implementation and Analysis. To use NTP, you also must enable the NTP client with the set ntp command. Examples — The following command configures a WX switch to use NTP server 192.168.1.5: WX4400# set ntp server 192.168.1.5 See Also set ntp server ip-addr —...
Page 175: Set Ntp Update-Interval
— Name of the SNMP community. Specify between 1 comm-string and 32 alphanumeric characters, with no spaces. — Allows an SNMP management application using the read-only string to get (read) object values on the switch but not to set (write) them. set ntp update-interval comm-string...
Page 176 4.0. Usage — SNMP community strings are passed as clear text in SNMPv1 and SNMPv2c. 3Com recommends that you use strings that cannot easily be guessed by unauthorized users. For example, do not use the well-known strings public and private.
Page 177: Set Snmp Notify Profile
Configures an SNMP notification profile. A notification profile is a named profile list of all the notification types that can be generated by a switch, and for each notification type, the action to take (drop or send) when an event occurs.
Page 178 DAPConnectWarningTraps—Generated when a Distributed MAP whose fingerprint has not been configured in MSS establishes a management session with the switch. DeviceFailTraps—Generated when an event with an Alert severity occurs. DeviceOkayTraps—Generated when a device returns to its normal state.
Page 179 MobilityDomainTimeoutTraps—Generated when a timeout occurs after a WX switch has unsuccessfully tried to communicate with a seed member. PoEFailTraps—Generated when a serious PoE problem, such as a short circuit, occurs.
Page 180 7: IP S HAPTER ERVICES OMMANDS Defaults — A default notification profile (named default) is already configured in MSS. All notifications in the default profile are dropped by default. Access — Enabled. History — Introduced in MSS Version 4.0. Examples — The following command changes the action in the default notification profile from drop to send for all notification types: WX1200# set snmp notify profile default send all success: change accepted.
Page 181: Set Snmp Notify Target
WX1200# set snmp notify profile snmpprof_rfdetect send RFDetectSpoofedMacAPTraps success: change accepted. WX1200# set snmp notify profile snmpprof_rfdetect send RFDetectSpoofedSsidAPTraps success: change accepted. WX1200# set snmp notify profile snmpprof_rfdetect send RFDetectUnAuthorizedAPTraps success: change accepted. WX1200# set snmp notify profile snmpprof_rfdetect send RFDetectUnAuthorizedOuiTraps success: change accepted.
Page 182 [retries num] [timeout num] set snmp notify target target-num — ID for the target. This ID is local to the WX switch and target-num does not need to correspond to a value on the target itself. You can specify a number from 1 to 10.
Page 183: Snmpv3 With Traps
[retries num] [timeout num] set snmp notify target target-num ip-addr[:udp-port-number] — ID for the target. This ID is local to the WX switch and target-num does not need to correspond to a value on the target itself. You can specify a number from 1 to 10.
Page 184: Snmpv2C With Traps
— ID for the target. This ID is local to the WX switch and does not need to correspond to a value on the target itself. You can specify a number from 1 to 10.
Page 185 Usage — The inform or trap option specifies whether the MSS SNMP engine expects the target to acknowledge notifications sent to the target by the WX switch. Use inform if you want acknowledgements. Use trap if you do not want acknowledgements. The inform option is applicable to SNMP version v2c or usm only.
Page 186: Set Snmp Protocol
Access — Enabled. History —Introduced in MSS Version 4.0. Usage — SNMP requires the switch’s system IP address to be set. SNMP will not work without the system IP address. You also must enable the SNMP service using the set ip snmp server command.
Page 187: Set Snmp Security
set snmp security Sets the minimum level of security MSS requires for SNMP message exchanges. Syntax — {unsecured | authenticated | encrypted | auth-req-unsec-notify} Defaults — By default, MSS allows nonsecure (unsecured) SNMP message exchanges. Access — Enabled. History — Introduced in MSS Version 4.0. Usage —...
Page 188: Set Snmp Usm
—ID is based on the IP address of the station running ip ip-addr the management application. Enter the IP address of the station. MSS calculates the engine ID based on the address. local — Uses the value computed from the switch’s system IP address.
Page 189 — An SNMP management application using the string can get and set object values on the switch. The switch can use the string to send notifications. auth-type {none | md5 | sha} {auth-pass-phrase string | —...
Page 190 7: IP S HAPTER ERVICES OMMANDS Defaults — No SNMPv3 users are configured by default. When you configure an SNMPv3 user, the default access is read-only, and the default authentication and encryption types are both none. Access — Enabled. History — Introduced in MSS Version 4.0. Examples —...
Page 191: Set Summertime
Offsets the real-time clock of a wireless LAN switch by +1 hour and returns it to standard time for daylight savings time or a similar summertime period that you set. Syntax — month hour min end week weekday month hour min] Defaults —...
Page 192: Set System Ip-Address
Default source IP address used in unsolicited communications such as AAA accounting reports and SNMP traps set system ip-address ip-addr ip-addr — IP address, in dotted decimal notation. The address must be configured on one of the WX switch’s VLANs.
Page 193: Set Timedate
10.10.20.20 netmask 255.255.255.0 on vlan taupe WX4400# set system ip-address 10.10.20.20 success: change accepted. See Also set timedate Sets the time of day and date on the wireless LAN switch. Syntax — Defaults — None. Access — Enabled. History —Introduced in MSS Version 3.0.
Page 194: Set Timezone
Sets the number of hours, and optionally the number of minutes, that the wireless LAN switch’s real-time clock is offset from Coordinated Universal Time (UTC). These values are also used by Network Time Protocol (NTP), if it is enabled.
Page 195: Telnet
Usage — To end a Telnet session from the remote device, press Ctrl+t or type quit or logout in the management session on the remote device. To end a client session from the local WX switch, use the clear sessions telnet client command.
Page 196 WX4400# telnet 10.10.10.90 Session 0 pty tty2.d Trying 10.10.10.90... Connected to 10.10.10.90 Disconnect character is '^t' Copyright (c) 2004 3Com Corporation. All rights reserved. Username: username Password: password WX1200-remote> display vlan VLAN Name ---- ---------------- ------ ----- ----- ---------------- ----- -----...
Page 197: Traceroute
traceroute Traces the route to an IP host. Syntax — [queries num] [size size] [ttl hops] [wait ms] Defaults Access — All. History —Introduced in MSS Version 3.0. Usage — To stop a traceroute command that is in progress, press Ctrl traceroute host [dnf] [no-dns] [port port-num] —...
Page 198 The rows are displayed in the order in which the hops occur, beginning with the hop closest to the WX switch. The row for a hop lists the total time in milliseconds for each ICMP packet to reach the router or host, plus the time for the ICMP Time Exceeded message to return to the host.
Page 199 Table 40 Error messages for traceroute (continued) Field Description Fragmentation needed but Do Not Fragment (DNF) bit was set. Source route failed. Communication administratively prohibited. Unknown error occurred. See Also ping on page 156 traceroute...
Page 200 7: IP S HAPTER ERVICES OMMANDS...
Page 201: Aaa Commands
AAA C Use authentication, authorization, and accounting (AAA) commands to provide a secure network connection and a record of user activity. Location policy commands override any virtual LAN (VLAN) or security ACL assignment by AAA or the local WX database to help you control access locally.
Page 202 8: AAA C HAPTER OMMANDS Table 41 AAA Commands by Usage (continued) Type Local Authorization for Password Users Local Authorization for MAC Users Web authorization Accounting AAA information Mobility Profiles Location Policy Command set user on page 258 clear user on page 215 set user attr on page 259 clear user attr on page 216 set usergroup on page 261...
Page 203: Clear Accounting
See Also clear accounting {admin | dot1x} {user-glob} — Users with administrative access to the WX switch through a admin console connection or through a Telnet or Web Manager connection. — Users with network access through the WX switch. Users...
Page 204: Clear Authentication Admin
8: AAA C HAPTER OMMANDS clear authentication Removes an authentication rule for administrative access through Telnet admin or Web Manager. Syntax — Defaults — None. Access — Enabled. History —Introduced in MSS Version 3.0. Examples — The following command clears authentication for administrator Jose: WX4400# clear authentication admin Jose success: change accepted.
Page 205: Clear Authentication Console
clear authentication Removes an authentication rule for administrative access through the console Console. Syntax — Defaults — None. Access — Enabled. History —Introduced in MSS Version 3.0. The syntax descriptions for the clear authentication commands have been separated for clarity. However, the options and behavior for the clear authentication console command are the same as in previous releases.
Page 206: Clear Authentication Dot1X
{ssid ssid-name | wired} — SSID name to which this authentication rule ssid ssid-name applies. — Clears a rule used for access over a WX switch’s wired wired-authentication port. — A single user or a set of users with 802.1X network user-glob access.
Page 207: Clear Authentication Last-Resort
{ssid ssid-name | —SSID name to which this authentication rule ssid ssid-name applies. — Clears a rule used for access over a WX switch’s wired wired-authentication port. clear authentication admin on page 204 clear authentication console on page 205...
Page 208: Clear Authentication Mac
{ssid ssid-name | wired} — SSID name to which this authentication rule ssid ssid-name applies. — Clears a rule used for access over a WX switch’s wired wired-authentication port. — A single user or set of users with access via a MAC mac-addr-glob address.
Page 209: Clear Authentication Proxy
{ssid ssid-name | wired} — SSID name to which this authentication rule ssid ssid-name applies. — Clears a rule used for access over a WX switch’s wired wired-authentication port. — User-glob associated with the rule you are removing.
Page 210: Clear Location Policy
WX4400# clear authentication web ssid research temp*@thiscorp.com See Also clear location policy Removes a rule from the location policy on a WX switch. Syntax — Defaults — None. Access — Enabled. History —Introduced in MSS Version 3.0.
Page 211: Clear Mac-User
See Also clear mac-user Removes a user profile from the local database on the WX switch, for a user who is authenticated by a MAC address. (To remove a user profile in RADIUS, see the documentation for your RADIUS server.) Syntax —...
Page 212: Clear Mac-User Attr
Removes an authorization attribute from the user profile in the local database on the WX switch, for a user who is authenticated by a MAC address. (To remove an authorization attribute in RADIUS, see the documentation for your RADIUS server.) Syntax —...
Page 213: Clear Mac-Usergroup
See Also clear Removes a user group from the local database on the WX switch, for a mac-usergroup group of users who are authenticated by a MAC address. (To delete a MAC user group in RADIUS, see the documentation for your RADIUS server.)
Page 214: Clear Mac-Usergroup Attr
Removes an authorization attribute from a MAC user group in the local mac-usergroup attr database on the WX switch, for a group of users who are authenticated by a MAC address. (To unconfigure an authorization attribute in RADIUS, see the documentation for your RADIUS server.)
Page 215: Clear Mobility-Profile
WX1200# clear mobility-profile Nin success: change accepted. See Also clear user Removes a user profile from the local database on the WX switch, for a user with a password. (To remove a user profile in RADIUS, see the documentation for your RADIUS server.) Syntax —...
Page 216: Clear User Attr
Removes an authorization attribute from the user profile in the local database on the WX switch, for a user with a password. (To remove an authorization attribute from a RADIUS user profile, see the documentation for your RADIUS server.) Syntax —...
Page 217: Clear User Group
Removes a user with a password from membership in a user group in the local database on the WX switch. (To remove a user from a user group in RADIUS, see the documentation for your RADIUS server.) Syntax —...
Page 218: Clear Usergroup Attr
See Also clear usergroup attr Removes an authorization attribute from a user group in the local database on the WX switch. (To remove an authorization attribute in RADIUS, see the documentation for your RADIUS server.) Syntax —...
Page 219: Display Aaa
Examples — The following command removes the members of the user group cardiology from a network access time restriction by deleting the Time-Of-Day attribute from the group: WX4400# clear usergroup cardiology attr time-of-day success: change accepted. See Also display aaa Displays all current AAA settings.
Page 220 Description RADIUS default values for all parameters. UDP port on the WX switch for transmission of RADIUS authorization and authentication messages. The default port is 1812. UDP port on the WX switch for transmission of RADIUS accounting records. The default is port 1813.
Page 221 RADIUS server is unresponsive before trying to reconnect with this server. During the dead time, the RADIUS server is ignored by the WX switch. The default is 0 minutes. Shared secret key, or password, used to authenticate to a RADIUS server.
Page 222: Display Accounting Statistics
OMMANDS display accounting Displays the AAA accounting records for wireless users. The records are statistics stored in the local database on the WX switch. (To display RADIUS accounting records, see the documentation for your RADIUS server.) Syntax — Defaults — None.
Page 223 Number of octets the WX switch has sent during the session. Acct-Input-Octets Number of octets the WX switch has received during the session. Acct-Output-Packets Number of packets the WX switch has sent during the session. Acct-Input-Packets Number of packets the WX switch has received during the session.
Page 224: Display Location Policy
Defaults — None. Access — Enabled. History —Introduced in MSS Version 3.0. Examples — The following command displays the list of location policy rules in the location policy on an WX switch: WX4400 display location policy Id Clauses ---------------------------------------------------------------- 1) deny if user eq *.theirfirm.com 2) permit vlan guest_1 if vlan neq *.wodefirm.com...
Page 225: Set Accounting {Admin | Console
215 set mobility-profile on page 255 set accounting {admin | console} {user-glob} admin — Users with administrative access to the WX switch through Telnet or Web Manager. console — Users with administrative access to the WX switch through a console connection.
Page 226 A method can be one of the following: local — Stores accounting records in the local database on the WX switch. When the local accounting storage space is full, MSS overwrites older records with new ones. server-group-name — Stores accounting records on one or more Remote Authentication Dial-In User Service (RADIUS) servers.
Page 227: Set Accounting {Dot1X | Mac | Web | Last-Resort
(See “MAC Address Globs” on page 27.) set accounting {dot1x | mac | web | last-resort} set accounting {dot1x | mac | web | last-resort} — Users with network access through the WX switch who are dot1x authenticated by 802.1X.
Page 228 A method can be one of the following: local — Stores accounting records in the local database on the WX switch. When the local accounting storage space is full, MSS overwrites older records with new ones. server-group-name — Stores accounting records on one or more Remote Authentication Dial-In User Service (RADIUS) servers.
Page 229: Set Authentication Admin
The authentication method none allows access to the WX switch by an administrator. The fallthru authentication type none denies access to a network user. (See “set service-profile auth-fallthru”...
Page 230 8: AAA C HAPTER OMMANDS History —Introduced in MSS Version 3.0. The syntax descriptions for the set authentication commands have been separated for clarity. However, the options and behavior for the set authentication admin command are the same as in previous releases. Usage —...
Page 231: Set Authentication Console
The authentication method none allows access to the WX switch by an administrator. The fallthru authentication type none denies access to a network user. (See “set service-profile auth-fallthru”...
Page 232 MSS requires no username or password, by default. These users can press Enter at the prompts for administrative access. 3Com recommends that you change the default setting unless the WX switch is in a secure physical location.
Page 233: Set Authentication Dot1X
Configures authentication and defines how and where it is performed for dot1x specified wireless or wired authentication clients who use an IEEE 802.1X authentication protocol to access the network through the WX switch. Syntax — user-glob [bonded] protocol method1 [method2] [method3]...
Page 234 Defaults — By default, authentication is unconfigured for all clients with network access through MAP ports or wired authentication ports on the WX switch. Connection, authorization, and accounting are also disabled for these users. Bonded authentication is disabled by default.
Page 235 You can configure a rule either for wireless access to an SSID, or for wired access through a WX switch’s wired authentication port. If the rule is for wireless access to an SSID, specify the SSID name or specify any to match on all SSID names.
Page 236: Set Authentication Last-Resort
8: AAA C HAPTER OMMANDS Examples — The following command configures EAP-TLS authentication in the local WX database for SSID mycorp and 802.1X client Geetha: WX4400# set authentication dot1x ssid mycorp Geetha eap-tls local success: change accepted. The following command configures PEAP-MS-CHAP-V2 authentication at RADIUS server groups sg1 through sg3 for all 802.1X clients at example.com who want to access SSID examplecorp: WX4400# set authentication dot1x ssid examplecorp...
Page 237 You can configure a rule either for wireless access to an SSID, or for wired access through a WX switch’s wired authentication port. If the rule is for wireless access to an SSID, specify the SSID name or specify any to match on all SSID names.
Page 238 8: AAA C HAPTER OMMANDS However, if local appears first, followed by a RADIUS server group, MSS overrides any failed searches in the local WX database and sends an authentication request to the server group. MSS uses a last-resort authentication rule under the following conditions: For wireless access, MSS appends the requested SSID name to the user name last-resort.
Page 239: Set Authentication Mac
A method can be one of the following: local — Uses the local database of usernames and user groups on the WX switch for authentication. server-group-name — Uses the defined group of RADIUS servers for authentication. You can enter up to four names of existing RADIUS server groups as methods.
Page 240 WX database and sends an authentication request to the RADIUS server group. If the switch’s configuration contains a set authentication mac command that matches the SSID the user is attempting to access and the user’s MAC address, MSS uses the method specified by the command.
Page 241: Set Authentication Proxy
See the “Configuring AAA for Users of Third-Party APs” section in the “Configuring AAA for Network Users” chapter of the Wireless LAN Switch and Controller Configuration Examples — The following command configures a proxy authentication rule that matches on all usernames associated with SSID mycorp. MSS uses RADIUS server group srvrgrp1 to proxy RADIUS requests and hence to authenticate and authorize the users.
Page 242: Set Authentication Web
Configures an authentication rule to allow a user to log in to the network using a web page served by the WX switch. The rule can be activated if the user is not otherwise granted or denied access by 802.1X, or granted access by MAC authentication.
Page 243 You can configure a rule either for wireless access to an SSID, or for wired access through a WX switch’s wired authentication port. If the rule is for wireless access to an SSID, specify the SSID name or specify any to match on all SSID names.
Page 244: Set Location Policy
OMMANDS set location policy Creates and enables a location policy on an WX switch. The location policy enables you to locally set or change authorization attributes for a user after the user is authorized by AAA, without making changes to the AAA server.
Page 245 Optionally, you can add the suffix .out to the name. — MSS takes the action specified by the rule if Condition options all conditions in the rule are met. You can specify one or more of the following conditions: ssid operator ssid-name The operator must be eq, which applies the location policy rule to all users associated with the SSID.
Page 246 MAP access port or wired authentication port, or from the network via a network port. Use outacl outacl-name to filter traffic sent from the switch to users via a MAP access port or wired authentication port, or from the network via a network port.
Page 247 You can optionally add the suffixes .in and .out to inacl-name and outacl-name so that they match the names of security ACLs stored in the local WX database. Examples — The following command denies network access to all users at *.theirfirm.com, causing them to fail authorization: WX4400# set location policy deny if user eq *.theirfirm.com The following command authorizes access to the guest_1 VLAN for all users who are not at *.wodefirm.com:...
Page 248: Set Mac-User
HAPTER OMMANDS set mac-user Configures a user profile in the local database on the WX switch for a user who can be authenticated by a MAC address, and optionally adds the user to a MAC user group. (To configure a MAC user profile in RADIUS, see the documentation for your RADIUS server.)
Page 249: Set Mac-User Attr
Assigns an authorization attribute in the local database on the WX switch to a user who is authenticated by a MAC address. (To assign authorization attributes through RADIUS, see the documentation for your RADIUS server.) Syntax —...
Page 250 If the Mobility Profile feature is page 255.) enabled, and a user is assigned the name of a Mobility Profile that does not exist on the WX switch, the user is denied access.
Page 251 One of the following numbers: 2—Framed; for network user access 6—Administrative; for administrative access to the WX switch, with authorization to access the enabled (configuration) mode. The user must enter the enable command to access the enabled mode.
Page 252 8: AAA C HAPTER OMMANDS Table 44 Authentication Attributes for Local Users (continued) time-of-day (network access mode only) Day(s) and time(s) One of the following: during which the user is never—Access is always denied. permitted to log into the any—Access is always allowed. network.
Page 253 To use the literal character $ or ?, use the following: Name of a VLAN that you want the user to use. The VLAN must be configured on an WX switch within the Mobility Domain to which this WX switch belongs.
Page 254: Set Mac-Usergroup Attr
See Also set mac-usergroup Creates a user group in the local database on the WX switch for users attr who are authenticated by a MAC address, and assigns authorization attributes for the group. (To configure a user group and assign authorization attributes through RADIUS, see the documentation for your RADIUS server.)
Page 255: Set Mobility-Profile
See Also set mobility-profile Creates a Mobility Profile and specifies the MAP access point and/or wired authentication ports on the WX switch through which any user assigned to the profile is allowed access. Syntax — port-list}} | {dap {none | all | dap-num}}...
Page 256 HAPTER OMMANDS Defaults — No default Mobility Profile exists on the WX switch. If you do not assign Mobility Profile attributes, all users have access through all ports, unless denied access by other AAA servers or by access control lists (ACLs).
Page 257: Set Mobility-Profile Mode
See Also set mobility-profile Enables or disables the Mobility Profile feature on the WX switch. mode CAUTION: When the Mobility Profile feature is enabled, a user is denied access if assigned a Mobility-Profile attribute in the local WX switch database or RADIUS server when no Mobility Profile of that name exists on the WX switch.
Page 258: Set User
HAPTER OMMANDS See Also set user Configures a user profile in the local database on the WX switch for a user with a password. (To configure a user profile in RADIUS, see the documentation for your RADIUS server.) Syntax —...
Page 259: Set User Attr
WX4400# set user Nin password 29Jan04 See Also set user attr Configures an authorization attribute in the local database on the WX switch for a user with a password. (To assign authorization attributes in RADIUS, see the documentation for your RADIUS server.) Syntax —...
Page 260: Set User Group
Adds a user to a user group. The user must have a password and a profile that exists in the local database on the WX switch. (To configure a user in RADIUS, see the documentation for your RADIUS server.)
Page 261: Set Usergroup
See Also set usergroup Creates a user group in the local database on the WX switch for users and assigns authorization attributes for the group. (To create user groups and assign authorization attributes in RADIUS, see the documentation for your RADIUS server.) Syntax —...
Page 262: Set Web-Portal
WX4400# set usergroup cardiology attr vlan-name crimson success: change accepted. See Also set web-portal Globally enables or disables WebAAA on a WX switch. Syntax — Defaults — Enabled. Access — Enabled. History —Introduced in MSS Version 3.0. Command name changed from set web-aaa to set web-portal, to match change to portal-based implementation in MSS Version 4.0.
Page 263 set web-portal See Also clear authentication proxy on page 209 set service-profile auth-fallthru on page 374 set user on page 258...
Page 264 8: AAA C HAPTER OMMANDS...
Page 265: Mobility
(client). One WX switch acts as a seed switch, which maintains and distributes a list of IP addresses of the domain members. 3Com recommends that you run the same MSS version on all the WX switches in a Mobility Domain. Commands by This chapter presents Mobility Domain commands alphabetically.
Page 266: Clear Mobility-Domain
OBILITY OMAIN clear Clears all Mobility Domain configuration and information from a WX mobility-domain switch, regardless of whether the WX switch is a seed or a member of a Mobility Domain. Syntax — Defaults — None. Access — Enabled. History —Introduced in MSS Version 3.0.
Page 267: Display Mobility-Domain Config
Usage — This command has no effect if the WX switch member is not configured as part of a Mobility Domain or the current WX switch is not the seed. Examples — The following command clears a Mobility Domain member with the IP address 192.168.0.1:...
Page 268 STATE_UP STATE_DOWN STATE_UP Description Name of the Mobility Domain IP addresses of the seed WX switch and members in the Mobility Domain State of the WX switch in the Mobility Domain: STATE_UP STATE_DOWN Role of the WX switch in the Mobility Domain:...
Page 269: Set Mobility-Domain Member
On the seed WX switch, adds a member to the list of Mobility Domain mobility-domain members. If the current WX switch is not configured as a seed, this member command is rejected. Syntax — Defaults — None. Access — Enabled.
Page 270: Set Mobility-Domain Mode Member Seed-Ip
9: M HAPTER OBILITY OMAIN On a nonseed WX switch, sets the IP address of the seed WX switch. This mobility-domain command is used on a member WX to configure it as a member. If the mode member WX switch is currently part of another Mobility Domain or using another seed-ip seed, this command overwrites that configuration.
Page 271: Set Mobility-Domain Mode Seed Domain-Name
Creates a Mobility Domain by setting the current WX switch as the seed mobility-domain device and naming the Mobility Domain. mode seed Syntax — domain-name mob-domain-name Defaults — None. Access — Enabled. History —Introduced in MSS Version 3.0. Usage — Before you use this command, the current WX switch must have its IP address set with the set system ip-address command.
Page 272 9: M HAPTER OBILITY OMAIN OMMANDS...
Page 273: Network Domain Commands
Network Domain. The WX switch forwards the user traffic by creating a VLAN tunnel to a WX switch in the remote Mobility Domain. In a Network Domain, one or more WX switches serve as a seed switch. At least one of the Network Domain seeds maintains a connection with each of the member WX switches in the Network Domain.
Page 274: Clear Network-Domain
Table 47 Network Domain Commands by Usage (continued) clear Clears all Network Domain configuration and information from a WX network-domain switch, regardless of whether the WX switch is a seed or a member of a Network Domain. Syntax — Defaults — None.
Page 275: Clear Network-Domain Mode
Defaults — None. Access — Enabled. History —Introduced in MSS 4.1. Usage — This command has no effect if the WX switch is not configured as part of a Network Domain. Examples — The following command clears the Network Domain...
Page 276: Clear Network-Domain Peer
Defaults — None. Access — Enabled. History —Introduced in MSS 4.1. Usage — This command has no effect if the WX switch is not configured as a Network Domain seed. Examples — The following command clears the Network Domain peer configuration for peer 192.168.9.254 from the WX switch:...
Page 277: Clear Network-Domain Seed-Ip
Access — Enabled. History —Introduced in MSS 4.1. Usage — This command has no effect if the WX switch is not configured as part of a Network Domain, or if the WX switch is not configured as a member of a Network Domain that uses the specified Network Domain seed.
Page 278: Display Network-Domain
10.8.107.1 On a WX switch that is a Network Domain seed, information is displayed about the Network Domains of which the WX switch is a member, as well as Network Domain seeds with which the WX switch has a peer relationship.
Page 279 Table 48 Radio-Specific Parameters Parameter Description Output if WX is the Network Domain Seed Network Domain name Name of the Network Domain for which the WX switch is a seed. Peer IP addresses of the other seeds in the Network Domain. State...
Page 280: Set Network-Domain Mode Member Seed-Ip
Sets the IP address of a Network Domain seed. This command is used for network-domain configuring a WX switch as a member of a Network Domain. You can mode member specify multiple Network Domain seeds and configure one as the primary seed-ip seed.
Page 281: Set Network-Domain Peer
Defaults — None. Access — Enabled. History —Introduced in MSS 4.1. Usage — This command must be entered on a WX switch configured as a Network Domain seed. Examples — The following command sets the WX switch with IP address 192.168.9.254 as a peer of this Network Domain seed:...
Page 282: Set Network-Domain Mode Seed Domain-Name
10: N HAPTER ETWORK OMAIN Creates a Network Domain by setting the current WX switch as a seed network-domain device and naming the Network Domain. mode seed Syntax — domain-name net-domain-name Defaults — None. Access — Enabled. History —Introduced in MSS 4.1.
Page 283: Map Access Point Commands By Usage
Be sure to do the following before using the commands: CAUTION: Changing the system country code after MAP configuration disables MAP access points and deletes their configuration. If you change the country code on a WX switch, you must reconfigure all MAP access points. MAP Access Point This chapter presents MAP access point commands alphabetically.
Page 284 11: M HAPTER ANAGED Table 49 Map Access Point Commands by Usage (continued) Type External Antenna Radio Profile Assignment SSID Assignment Radio Properties Authentication and Encryption CCESS OINT OMMANDS Command set {ap | dap} radio auto-tune min-client-rate on page 340 set {ap | dap} radio mode on page 341 set {ap | dap} radio radio-profile on page 343 set dap auto radiotype on page 326...
Page 285 Table 49 Map Access Point Commands by Usage (continued) Type Command set service-profile wpa-ie on page 391 set service-profile rsn-ie on page 383 set service-profile cipher-ccmp on page 377 set service-profile cipher-tkip on page 378 set service-profile cipher-wep104 on page 379 set service-profile cipher-wep40 on page 380 set service-profile psk-phrase on page 381 set service-profile psk-raw on page 382...
Page 286: Clear {Ap | Dap} Radio
11: M HAPTER ANAGED Table 49 Map Access Point Commands by Usage (continued) clear {ap | dap} Disables a MAP radio and resets it to its factory default settings. radio Syntax — CCESS OINT OMMANDS Type Command MAP-WX Security set dap fingerprint on page 331 set dap security on page 345 Radio State set {ap | dap} radio mode on page 341...
Page 287 Defaults — The clear ap radio command resets the radio to the default settings listed in Table 50 and in Table 66 on page 362. Table 50 Radio-Specific Parameters Parameter Default Value channel 802.11b — 6 802.11a — Lowest valid channel number for the country of operation tx-power...
Page 288: Clear Radio-Profile
11: M HAPTER ANAGED See Also clear radio-profile Removes a radio profile or resets one of the profile’s parameters to its default value. Syntax — Defaults — If you reset an individual parameter, the parameter is returned to the default value listed in Table 66 on page 362. Access —...
Page 289: Clear Service-Profile
Examples — The following commands disable the radios that are using radio profile rp1 and reset the beaconed-interval parameter to its default value: WX4400# set radio-profile rp1 mode disable WX4400# clear radio-profile rp1 beacon-interval success: change accepted. The following commands disable the radios that are using radio profile rptest and remove the profile: WX4400# set radio-profile rptest mode disable WX4400# clear radio-profile rptest...
Page 290: Display {Ap | Dap} Config
11: M HAPTER ANAGED Examples — The following commands disable the radios that are using radio profile rp6, remove service-profile svcprof6 from rp6, then clear svcprof6 from the configuration. WX4400# set radio-profile rp6 mode disable WX4400# clear radio-profile rp6 service-profile svcprof6 success: change accepted.
Page 291 Description WX port number. Note: This field is applicable only if the MAP is directly connected to the WX switch and the WX switch’s port is configured as a MAP access port. Connection ID for the Distributed MAP. Note: This field is applicable only if the MAP is configured on the WX switch as a Distributed MAP.
Page 292 11: M HAPTER ANAGED Table 51 Output for display ap config (continued) Field name boot-download- enable load balancing group Names of the MAP load-balancing groups to which the MAP Radio type mode channel antennatype tx pwr profile auto-tune max-power auto-tune min-client-rate CCESS OINT...
Page 293 Table 51 Output for display ap config (continued) Field Description auto-tune Maximum percentage of packets that can be retransmitted max-retransmissions by a client before RF Auto-Tuning increases power. Note: Only packets that are received twice by the MAP are counted as retransmissions. If a client retransmits a packet but the MAP receives only a single copy of the packet, the packet is not counted as a retransmission.
Page 294: Display {Ap | Dap} Counters
11: M HAPTER ANAGED display {ap | dap} Displays MAP access point and radio statistics counters. counters Syntax — Syntax — Defaults — None. Access — All. History —Introduced in MSS Version 3.0. New fields added in MSS Version 4.0: Usage —...
Page 295 Examples — The following command shows statistics counters for Distributed MAP 7: WX1200# display dap counters 7 Port: 6 ================================= LastPktXferRate NumCntInPwrSave LastPktRxSigStrength LastPktSigNoiseRatio TKIP Pkt Transfer Ct TKIP Pkt Replays CCMP Pkt Decrypt Err CCMP Pkt Transfer Ct Radio Recv Phy Err Ct Radio Adjusted Tx Pwr 802.3 Packet Tx Ct No Receive Descriptor...
Page 296 However, if this counter is increasing steadily or has a very high value (in the hundreds or more), a Denial of Service (DoS) attack might be occurring. Contact 3Com TAC. Number of times a decryption error occurred with a packet encrypted with CCMP.
Page 297 Table 52 Output for display ap counters (continued) Field Description CCMP Pkt Transfer Total number of CCMP packets sent and received by the radio. Radio Recv Phy Err Ct Number of times radar caused packet errors. If this counter increments rapidly, there is a problem in the RF environment. This counter increments only when radar is detected.
Page 298 Normally, the value of this counter should always be 0. If the value is not 0, check the system log for MIC error messages and contact 3Com TAC. Number of times a decryption error occurred with a packet encrypted with TKIP.
Page 299 Table 52 Output for display ap counters (continued) Field Description Noise Floor Received signal strength at which the MAP can no longer distinguish 802.11 packets from ambient RF noise. A value around -90 or higher is good for an 802.11b/g radio. A value around -80 or higher is good for an 802.11a radio.
Page 300: Display {Ap | Dap} Qos-Stats
11: M HAPTER ANAGED See Also display {ap | dap} Displays statistics for MAP forwarding queues. qos-stats Syntax — Syntax — Defaults — None. Access — Enabled. History —Introduced in MSS Version 4.0. Examples — The following command shows statistics for the MAP forwarding queues on a Distributed MAP: WX4400# display dap qos-stats 4 ===========================...
Page 301: Display {Ap | Dap} Etherstats
Number of packets transmitted to the air from the queue. display {ap | dap} etherstats [port-list | dap-num] port-list — List of WX switch ports directly connected to the MAPs for which to display counters. dap-num — Number of a Distributed MAP for which to display counters.
Page 302 11: M HAPTER ANAGED Table 54 describes the fields in this display. Table 54 Output of display ap etherstats Field RxUnicast RxMulticast RxBroadcast RxGoodFrames RxAlignErrs RxShortFrames RxCrcErrors RxOverruns RxDiscards TxGoodFrames TxSingleColl TxLateColl TxMaxColl TxMultiColl TxUnderruns TxCarrierLoss TxDeferred CCESS OINT OMMANDS Description Number of unicast frames received.
Page 303: Display {Ap | Dap} Group
Number of association requests refused by the MAP access point due to load balancing. MSS resets this counter to 0 when the WX switch is restarted, MSS is reloaded, or the access point is removed from the group. set {ap | dap} group on page 332...
Page 304: Display {Ap | Dap} Status
— Number of a Distributed MAP for which to display status. — Shows status information for all directly attached MAP access points and all Distributed MAP access points configured on the switch. radio 1 — Shows status information for radio 1.
Page 305 64 operational power: 14 base mac: 00:0b:0e:00:d2:c1 bssid1: 00:0b:0e:00:d2:94, ssid: private The following command displays the status of a directly connected MAP: WX1200# display ap status 1 Port: 1, AP model: AP2750, manufacturer 3Com, name: MAP01 ==================================================== State: operational CPU info:...
Page 306 WX port number. Note: This field is applicable only if the MAP is directly connected to the WX switch and the WX switch’s port is configured as a MAP access port. IP address of the MAP. The address is assigned to the MAP by a DHCP server.
Page 307 Table 56 Output for display ap status (continued) Field Description MAP port MAP port number connected to this WX port. State State of the MAP: init — The MAP has been recognized by the WX but has not yet begun booting. booting —...
Page 308 11: M HAPTER ANAGED Table 56 Output for display ap status (continued) Field Radio 1 type Radio 2 type operational channel operational power base mac bssid, ssid CCESS OINT OMMANDS Description 802.11 type and configuration state of the radio. The configure succeed state indicates that the MAP has received configuration parameters for the radio and the radio is ready to accept client connections.
Page 309: Display Auto-Tune Attributes
IP address of the MAP. The address is assigned to the MAP by a DHCP server. This field is applicable only if the MAP is configured on the WX switch as a Distributed MAP. MAP model number. MAC address of the MAP.
Page 310: Set Radio-Profile Auto-Tune Channel-Config On Page
11: M HAPTER ANAGED Access — Enabled. History —Introduced in MSS Version 3.0. Examples — The following command displays RF attribute information for radio 1 on the directly connected MAP access point on port 2: WX1200# display auto-tune attributes ap 2 radio 1 Auto-tune attributes for port 2 radio 1: Noise: Utilization:...
Page 311: Display Auto-Tune Neighbors
Displays the other 3Com radios and third-party 802.11 radios that a neighbors 3Com radio can hear. Syntax — [ap map-num [radio {1 | 2| all}]] Syntax — [dap dap-num [radio {1 | 2| all}]] Defaults — None. Access — Enabled.
Page 312 11: M HAPTER ANAGED Examples — The following command displays neighbor information for radio 1 on the directly connected MAP access point on port 2: WX1200# display auto-tune neighbors ap 2 radio 1 Total number of entries for port 2 radio 1: 5 Channel Neighbor BSS/MAC ------- ----------------- ---- Table 59 describes the fields in this display.
Page 313: Display Dap Connection
Displays the system IP address of the WX switch that booted a Distributed MAP. connection Syntax — [dap-num | serial-id serial-ID] Defaults — None. Access — Enabled. History —Introduced in MSS Version 3.0. Usage — The serial-id parameter displays the active connection for the specified Distributed MAP even if that MAP is not configured on this WX switch.
Page 314: Display Dap Global
IP address assigned by DHCP to the Distributed MAP. WX IP Address System IP address of the WX switch on which the MAP has an active connection. This is the switch that the MAP used for booting and configuration and is using for data transfer.
Page 315 Usage — Connections are shown only for the Distributed MAPs that are configured on the WX switch from which you enter the command, and only for the Mobility Domain the switch is in. To show information only for Distributed MAPs that have active connections, use the display dap connection command.
Page 316: Display Dap Unconfigured
Usage — This command also displays a MAP that is directly connected to a WX switch, if the WX port to which the MAP is connected is configured as a network port instead of a MAP access port, and if the network port is a member of a VLAN.
Page 317: Display Radio-Profile
MAP first receives a configuration from a WX switch. Port Port number on which this WX switch received the MAP’s Find WX message. VLAN VLAN on which this WX switch received the MAP’s Find WX message.
Page 318 11: M HAPTER ANAGED Usage — MSS contains a default radio profile. 3Com recommends that you do not change this profile but instead keep the profile for reference. Examples — The following command shows radio profile information for the default radio profile:...
Page 319 Table 63 Output for display radio-profile (continued) Field Description Long Retry Limit Number of times a radio in the radio profile can send a long unicast frame without receiving an acknowledgment. A long unicast frame is a frame that is equal to or longer than the RTS threshold.
Page 320 11: M HAPTER ANAGED Table 63 Output for display radio-profile (continued) Field Service profiles See Also CCESS OINT OMMANDS Description Service profiles mapped to this radio profile. Each service profile contains an SSID and encryption information for that SSID. Note: When you upgrade from 2.x, MSS creates a default-dot1x service profile for encrypted SSIDs and a default-clear service profile for unencrypted SSIDs.
Page 321: Display Service-Profile
display Displays service profile information. service-profile Syntax — Defaults — None. Access — Enabled. History —Introduced in MSS Version 3.0. New fields added to indicate the configured SSID default attributes in the service profile. Examples — The following command displays information for service profile wpa_clients: WX4400# display service-profile wpa_clients ssid-name:...
Page 322 Indicates whether the radio sends beacons, to advertise the SSID: Secondary (fallthru) encryption type when a user tries to authenticate but the WX switch managing the radio does not have an authentication rule with a userglob that matches the username.
Page 323 Table 64 Output for display service-profile (continued) Field Description WPA enabled Indicates that the Wi-Fi Protected Access (WPA) information element (IE) is enabled. Additional fields display the settings of other WPA parameters: ciphers — Lists the WPA cipher suites advertised by radios in the radio profile mapped to this service profile.
Page 324: Reset {Ap | Dap
11: M HAPTER ANAGED reset {ap | dap} Restarts a MAP access point. Syntax — Defaults — None. Access — Enabled. History —Introduced in MSS Version 3.0. Usage — When you enter this command, the MAP access point drops all sessions and reboots.
Page 325: Set Dap Auto
set dap auto Creates a profile for automatic configuration of Distributed MAPs. Syntax — Defaults — None. Access — Enabled. History — Introduced in MSS 4.0. Usage — Table 65 lists the configurable profile parameters and their defaults. The only parameter that requires configuration is the profile mode.
Page 326: Set Dap Auto Radiotype
11: M HAPTER ANAGED Table 65 Configurable Profile Parameters for Distributed MAPs (continued) Examples — The following command creates a profile for automatic Distributed MAP configuration: WX1200# set dap auto success: change accepted. See Also set dap auto Sets the radio type for single-MAP radios that use the MAP configuration radiotype profile.
Page 327: Set Dap Auto Mode
WX4400# set dap auto radiotype 11b success: change accepted. See Also set dap auto mode Enables a WX switch’s profile for automatic Distributed MAP configuration. Syntax — Defaults — The MAP configuration profile is disabled by default. Access — Enabled.
Page 328: Set {Ap | Dap} Bias
WX4400# set dap auto mode enable success: change accepted. See Also set {ap | dap} bias Changes the bias for a MAP. Bias is the priority of one WX switch over other WX switches for booting and configuring the MAP. Syntax — | low} Defaults —...
Page 329 MAP through an intermediate Layer 2 or Layer 3 network. A MAP always attempts to boot on MAP port 1 first, and if an WX switch is directly attached on MAP port 1, the MAP always boots from it.
Page 330: Set {Ap | Dap} Blink
11: M HAPTER ANAGED set {ap | dap} blink Enables or disables LED blink mode on a MAP access point to make it easy to identify. When blink mode is enabled on an AP2750, the 11a LED blinks on and off.
Page 331: Set Dap Fingerprint
Verifies a MAP’s fingerprint on a WX switch. If MAP-WX security is required by a WX switch, a MAP can establish a management session with the switch only if you have verified the MAP’s identity by verifying its fingerprint on the switch.
Page 332: Set {Ap | Dap} Group
MAP configuration profile. Usage — You can assign any subset or all of the MAP access points connected to an WX switch to a group on that switch. All access points in a group must be connected to the same WX switch.
Page 333: Set {Ap | Dap} Name
If you use the name none, spelled in any combination of capital or lowercase letters, the specified MAP access point is cleared from all MAP access point groups. Examples — The following command configures a MAP access point group named loadbalance1 that contains the MAP access points on ports 1, 3, and 5: WX1200# set ap 1,3,5 group loadbalance1 success: change accepted.
Page 334: Set {Ap | Dap} Radio Antennatype
11: M HAPTER ANAGED Examples — The following command changes the name of the MAP access point on port 1 to techpubs: WX1200# set ap 1 name techpubs success: change accepted. See Also set {ap | dap} radio Sets the model number for an external antenna. antennatype Syntax —...
Page 335: Set {Ap | Dap} Radio Auto-Tune Max-Power
Defaults — All radios use the internal antenna by default, if the MAP model has an internal antenna. The MP-620 802.11b/g radio uses model ANT-1360-OUT by default. The MP-620 802.11a radio uses model ANT-5360-OUT by default. The MP-262 802.11b/g radio uses model ANT1060 by default.) Access —...
Page 336 11: M HAPTER ANAGED Defaults — The default maximum power setting that RF Auto-Tuning can set on a radio is the highest setting allowed for the country of operation or highest setting supported on the hardware, whichever is lower. Access — Enabled. History —Introduced in MSS Version 3.0.
Page 337: Set {Ap | Dap} Radio Auto-Tune Max-Retransmissions
set {ap | dap} radio Sets the maximum percentage of client retransmissions a radio can auto-tune max- experience before RF Auto-Tuning considers changing the channel on the retransmissions radio. A high percentage of retransmissions is a symptom of interference on the channel. Syntax —...
Page 338 11: M HAPTER ANAGED The interval is 1000 packets. If more than the specified percentage of packets within a group of 1000 packets received by the radio are retransmissions, the radio increases power. When the percentage of retransmissions exceeds the max-retransmissions threshold, the radio does not immediately increase power.
Page 339: Set {Ap | Dap} Radio Channel
set {ap | dap} radio Sets a MAP radio’s channel. channel Syntax — channel channel-number Defaults — The default channel depends on the radio type: Access — Enabled. History —Introduced in MSS Version 3.0. Usage — You can configure a radio’s transmit power on the same command line.
Page 340: Set {Ap | Dap} Radio Auto-Tune Min-Client-Rate
11: M HAPTER ANAGED See Also set {ap | dap} radio Sets the minimum rate at which a radio is allowed to transmit traffic to auto-tune clients. The radio automatically increases its transmit power when min-client-rate necessary to maintain at least the minimum rate with an associated client. Syntax —...
Page 341: Set {Ap | Dap} Radio Mode
Usage — If the data rate for traffic sent by a radio to an associated client falls below the default minimum rate, the radio increases power, in 1 dBm increments, until all clients are at or above the minimum rate. After all clients are at or above the minimum data transmit rate, the radio reduces power by 1 dBm.
Page 342 11: M HAPTER ANAGED Defaults — MAP access point radios are disabled by default. Access — Enabled. History —Introduced in MSS Version 3.0. Option auto added for configuration of the MAP configuration profile. Usage — To enable or disable one or more radios to which a profile is assigned, use the set ap radio radio-profile command.
Page 343: Set {Ap | Dap} Radio Radio-Profile
set {ap | dap} radio Assigns a radio profile to a MAP radio and enables or disables the radio. radio-profile Syntax — 2} radio-profile name mode {enable | disable} Defaults — None. Access — Enabled. History —Introduced in MSS Version 3.0. Option auto added for configuration of the MAP configuration profile.
Page 344: Set {Ap | Dap} Radio Tx-Power
1 milliwatt (dBm). The valid values depend on the country of operation. The maximum transmit power you can configure on any 3Com radio is the maximum allowed for the country in which you plan to operate the radio or one of the following values if that value is less than the country maximum: on an 802.11a radio, 11 dBm for channel numbers...
Page 345: Set Dap Security
MAP. optional — Allows MAPs to be managed by the switch even if they do not have encryption keys or their keys have not been verified by an administrator. Encryption is used for MAPs that support it.
Page 346: Set {Ap | Dap} Upgrade-Firmware
History —Introduced in MSS 4.0. Usage — This parameter applies to all Distributed MAPs managed by the switch. If you change the setting to required, the switch requires Distributed MAPs to have encryption keys. The switch also requires their fingerprints to be verified in MSS. When MAP security is required, a MAP can establish a management session with the WX only if its fingerprint has been verified by you in MSS.
Page 347: Set Radio-Profile 11G-Only
Configures each 802.11b/g radio in a radio profile to allow associations 11g-only with 802.11g clients only. Syntax — Defaults — The default setting is disable. 3Com 802.11b/g radios allow associations with 802.11g and 802.11b clients by default. Access — Enabled. History —Introduced in MSS Version 3.0.
Page 348: Set Radio-Profile Active-Scan
11: M HAPTER ANAGED Even when association of 802.11b clients is disabled, if an 802.11b/g radio detects a beacon from an 802.11b network, the radio enters protection mode to guard against interference. The set radio-profile 11g-only command does not affect the radio support configured with the set port type ap command.
Page 349: Set Radio-Profile Auto-Tune Channel-Config
Access — Enabled. History —Introduced in MSS Version 4.0. Usage — You can enter this command on any WX switch in the Mobility Domain. The command takes effect only on that switch. Examples — The following command disables active scan in radio profile...
Page 350: Set Radio-Profile Auto-Tune Channel-Holddown
11: M HAPTER ANAGED RF Auto-Tuning of channels on 802.11a radios uses only the bottom eight channels in the band (36, 40, 44, 48, 52, 56, 60, and 64). To use a higher channel number, you must disable RF Auto-Tuning of channels on the radio profile the radio is in, and use the set {ap | dap} radio channel command to statically configure the channel.
Page 351: Set Radio-Profile Auto-Tune Channel-Interval
Defaults — The default channel interval is 3600 seconds (one hour). Access — Enabled. History —Introduced in MSS Version 3.0. Usage — 3Com recommends that you use an interval of at least 300 seconds (5 minutes). RF Auto-Tuning can change a radio’s channel before the channel interval expires in response to RF anomalies.
Page 352: Set Radio-Profile Auto-Tune Power-Backoff- Timer
11: M HAPTER ANAGED Examples — The following command sets the channel interval for radios in radio profile rp2 to 2700 seconds (45 minutes): WX4400# set radio-profile rp2 auto-tune channel-interval 2700 success: change accepted. See Also set radio-profile Sets the interval at which radios in a radio profile reduce power after auto-tune temporarily increasing the power to maintain the minimum data rate for power-backoff-...
Page 353: Set Radio-Profile Auto-Tune Power-Config
set radio-profile Enables or disables dynamic power tuning (RF Auto-Tuning) for the MAP auto-tune radios in a radio profile. power-config Syntax — {enable | disable} Defaults — Dynamic power assignment is disabled by default. Access — Enabled. History —Introduced in MSS Version 3.0. Usage —...
Page 354: Set Radio-Profile Auto-Tune Power-Interval
11: M HAPTER ANAGED set radio-profile Sets the interval at which RF Auto-Tuning decides whether to change the auto-tune power level on radios in a radio profile. At the end of each interval, MSS power-interval processes the results of the RF scans performed during the previous interval, and changes radio power levels if needed.
Page 355: Set Radio-Profile Beacon-Interval
set radio-profile Changes the rate at which each MAP radio in a radio profile advertises its beacon-interval service set identifier (SSID). Syntax — Defaults — The beacon interval for MAP radios is 100 ms by default. Access — Enabled. History —Introduced in MSS Version 3.0. Usage —...
Page 356 ANAGED MAP radios can also issue countermeasures against interfering devices. An interfering device is not part of the 3Com network but also is not a rogue. No client connected to the device has been detected communicating with any network entity listed in the forwarding database (FDD) of any WX switch in the Mobility Domain.
Page 357: Set Radio-Profile Dtim-Interval
WX1200# set radio-profile radprof3 countermeasures configured success: change accepted. Note that when you issue this command, countermeasures are then issued only against devices in the WX switch’s attack list, not against other devices that were classified as rogues by other means. set radio-profile...
Page 358: Set Radio-Profile Frag-Threshold
11: M HAPTER ANAGED See Also set radio-profile Changes the fragmentation threshold for the MAP radios in a radio profile. The frag-threshold fragmentation threshold specifies the maximum length a frame is allowed to be without being broken into multiple frames before transmission. Syntax —...
Page 359: Set Radio-Profile Long-Retry
set radio-profile Changes the long retry threshold for the MAP radios in a radio profile. long-retry The long retry threshold specifies the number of times a radio can send a long unicast frame without receiving an acknowledgment. A long unicast frame is a frame that is equal to or longer than the Request-to-Send (RTS) threshold.
Page 360: Set Radio-Profile Max-Rx-Lifetime
11: M HAPTER ANAGED set radio-profile Changes the maximum receive threshold for the MAP radios in a radio max-rx-lifetime profile. The maximum receive threshold specifies the number of milliseconds that a frame received by a radio can remain in buffer memory.
Page 361: Set Radio-Profile Max-Tx-Lifetime
set radio-profile Changes the maximum transmit threshold for the MAP radios in a radio max-tx-lifetime profile. The maximum transmit threshold specifies the number of milliseconds that a frame scheduled to be transmitted by a radio can remain in buffer memory. Syntax —...
Page 362: Set Radio-Profile Mode
11: M HAPTER ANAGED set radio-profile Creates a new radio profile, or disables or reenables all MAP radios that mode are using a specific profile. Syntax — Defaults — Each radio profile that you create has a set of properties with factory default values that you can change with the other set radio-profile commands in this chapter.
Page 363 Table 66 Defaults for Radio Profile Parameters (continued) Parameter Default Value max-rx-lifetime 2000 max-tx-lifetime 2000 preamble-length short rts-threshold 2346 service-profile No service profiles defined short-retry enable Access — Enabled. History —Introduced in MSS Version 3.0. Usage — Use the command without any optional parameters to create new profile.
Page 364: Set Radio-Profile Preamble-Length
11: M HAPTER ANAGED Examples — The following command configures a new radio profile named rp1: WX4400# set radio-profile rp1 success: change accepted. The following command enables the radios that use radio profile rp1: WX4400# set radio-profile rp1 mode enable The following commands disable the radios that use radio profile rp1, change the beacon interval, then reenable the radios: WX4400# set radio-profile rp1 mode disable...
Page 365: Set Radio-Profile Rts-Threshold
Usage — Changing the preamble length value affects only the support advertised by the radio. Regardless of the preamble length setting (short or long), an 802.11b/g radio accepts and can generate 802.11b/g frames with either short or long preambles. If a client associated with an 802.11b/g radio uses long preambles for unicast traffic, the MAP access point still accepts frames with short preambles but does not transmit frames with short preambles.
Page 366: Set Radio-Profile Service-Profile
11: M HAPTER ANAGED History —Introduced in MSS Version 3.0. Usage — You must disable all radios that are using a radio profile before you can change parameters in the profile. Use the set radio-profile mode command. Examples — The following command changes the RTS threshold for radio profile rp1 to 1500 bytes: WX4400# set radio-profile rp1 rts-threshold 1500 success: change accepted.
Page 367 Table 67 Defaults for Service Profile Parameters (continued) Parameter Default Value auth-fallthru web-auth auth-psk disable beacon enable cipher-ccmp disable cipher-tkip enable cipher-wep104 disable cipher-wep40 disable psk-phrase No passphrase defined psk-raw No preshared key defined rsn-ie disable shared-key-auth disable ssid-name private ssid-type crypto tkip-mc-time...
Page 368 11: M HAPTER ANAGED Table 67 Defaults for Service Profile Parameters (continued) Parameter web-aaa-form wep key-index wep active- multicast-index wep active-unicast- index wpa-ie Access — Enabled. History —Introduced in MSS Version 3.0. Usage — You must configure the service profile before you can map it to a radio profile.
Page 369: Set Radio-Profile Short-Retry
set radio-profile Changes the short retry threshold for the MAP radios in a radio profile. short-retry The short retry threshold specifies the number of times a radio can send a short unicast frame without receiving an acknowledgment. Syntax — Defaults — The default short unicast retry threshold for MAP radios is 5 attempts.
Page 370: Set Radio-Profile Wmm
317 set radio-profile mode on page 362 set radio-profile long-retry on page 359 set radio-profile name wmm {enable | disable} name — Radio profile name. enable — Enables WMM. disable — Disables WMM. Guide.) Wireless LAN Switch and Controller...
Page 371: Set Service-Profile Attr
History —Introduced in MSS 4.1. Usage — To change the value of a default attribute for a service profile, use the set service-profile attr command and specify a new value. Wireless LAN Switch and Controller Guide.) set radio-profile mode on page 362...
Page 372 11: M HAPTER ANAGED CCESS OINT OMMANDS The SSID default attributes are applied in addition to any attributes supplied for the user by the RADIUS server or the local database. When the same attribute is specified both as an SSID default attribute and through AAA, then the attribute supplied by the RADIUS server or the local database takes precedence over the SSID default attribute.
Page 373: Set Service-Profile Auth-Dot1X
See Also set service-profile Disables or reenables 802.1X authentication of Wi-Fi Protected Access auth-dot1x (WPA) clients by MAP radios, when the WPA information element (IE) is enabled in the service profile that is mapped to the radio profile that the radios are using.
Page 374: Set Service-Profile Auth-Fallthru
If a username does not match a userglob in an authentication rule for the SSID requested by the user, the WX switch that is managing the radio the user is connected to redirects the user to a web page located on the WX switch.
Page 375: Set Service-Profile Auth-Psk
The web-auth authentication type requires additional configuration items. (See the “Configuring AAA for Network Users” chapter of the Wireless LAN Switch and Controller Configuration Examples — The following command sets the fallthru authentication for SSIDS managed by the service profile rnd_lab to none: WX4400# set service-profile rnd_lab auth-fallthru none success: change accepted.
Page 376: Set Service-Profile Beacon
11: M HAPTER ANAGED Access — Enabled. History —Introduced in MSS Version 3.0. Usage — This command affects authentication of WPA clients only. To use PSK authentication, you also must configure a passphrase or key. In addition, you must enable the WPA IE. The WebAAA fallthru authentication type is not supported in conjunction with WPA encryption using preshared keys (PSK) for the same SSID.
Page 377: Set Service-Profile Cipher-Ccmp
Defaults — Beaconing is enabled by default. Access — Enabled. History —Introduced in MSS Version 3.0. Examples — The following command disables beaconing of the SSID managed by service profile sp2: WX4400# set service-profile sp2 beacon disable success: change accepted. See Also set service-profile Enables Counter with Cipher Block Chaining Message Authentication...
Page 378: Set Service-Profile Cipher-Tkip
11: M HAPTER ANAGED Examples — The following command configures service profile sp2 to use CCMP encryption: WX4400# set service-profile sp2 cipher-ccmp enable success: change accepted. See Also set service-profile Disables or reenables Temporal Key Integrity Protocol (TKIP) encryption in cipher-tkip a service profile.
Page 379: Set Service-Profile Cipher-Wep104
set service-profile Enables dynamic Wired Equivalent Privacy (WEP) with 104-bit keys, in a cipher-wep104 service profile. Syntax — disable} Defaults — 104-bit WEP encryption is disabled by default. Access — Enabled. History —Introduced in MSS Version 3.0. Usage — To use 104-bit WEP with WPA clients, you must also enable the WPA IE.
Page 380: Set Service-Profile Cipher-Wep40
11: M HAPTER ANAGED See Also set service-profile Enables dynamic Wired Equivalent Privacy (WEP) with 40-bit keys, in a cipher-wep40 service profile. Syntax — disable} Defaults — 40-bit WEP encryption is disabled by default. Access — Enabled. History —Introduced in MSS Version 3.0. Usage —...
Page 381: Set Service-Profile Psk-Phrase
History —Introduced in MSS Version 3.0. Usage — MSS converts the passphrase into a 256-bit binary number for system use and a raw hexadecimal key to store in the WX switch's configuration. Neither the binary number nor the passphrase itself is ever displayed in the configuration.
Page 382: Set Service-Profile Psk-Raw
Usage — MSS converts the hexadecimal number into a 256-bit binary number for system use. MSS also stores the hexadecimal key in the WX switch's configuration. The binary number is never displayed in the configuration. To use PSK authentication, you must enable it and you also must enable the WPA IE.
Page 383: Set Service-Profile Rsn-Ie
Examples — The following command configures service profile sp3 to use a raw PSK with PSK clients: WX4400# set service-profile sp3 psk-raw c25d3fe4483e867 d1df96eaacdf8b02451fa0836162e758100f5f6b87965e59d success: change accepted. See Also set service-profile Enables the Robust Security Network (RSN) Information Element (IE). rsn-ie The RSN IE advertises the RSN authentication methods and cipher suites supported by radios in the radio profile mapped to the service profile.
Page 384: Set Service-Profile Shared-Key-Auth
Enables shared-key authentication, in a service profile. shared-key-auth Use this command only if advised to do so by 3Com. This command does not enable preshared key (PSK) authentication for Wi-Fi Protected Access (WPA). To enable PSK encryption for WPA, use the set service-profile auth-psk command.
Page 385: Set Service-Profile Ssid-Type
Access — Enabled. History —Introduced in MSS Version 3.0. Support added for blank spaces in the SSID name in MSS Version 4.0. Examples — The following command applies the name guest to the SSID managed by service profile clear_wlan: WX4400# set service-profile clear_wlan ssid-name guest success: change accepted.
Page 386: Set Service-Profile Tkip-Mc-Time
11: M HAPTER ANAGED set service-profile Changes the length of time that MAP radios use countermeasures if two tkip-mc-time message integrity code (MIC) failures occur within 60 seconds. When countermeasures are in effect, MAP radios dissociate all TKIP and WPA WEP clients and refuse all association and reassociation requests until the countermeasures end.
Page 387: Set Service-Profile Web-Portal-Form
SSID managed by the service profile. Syntax — Defaults — The 3Com Web login page is served by default. Access — Enabled. History —Introduced in MSS Version 3.0. Option name changed from web-aaa-form to web-portal-form, to reflect change to portal-based implementation in MSS Version 4.0.
Page 388: Set Service-Profile Wep Active-Multicast-Index
11: M HAPTER ANAGED file:corpa-login.html file:corpa-logo.jpg Total: 1839 bytes used, 206577 Kbytes free WX4400# set service-profile corpa-service web-aaa-form corpa-ssid/ corpa-login.html success: change accepted. See Also set service-profile Specifies the static Wired-Equivalent Privacy (WEP) key (one of four) to use for encrypting multicast frames. active-multicast- Syntax —...
Page 389: Set Service-Profile Wep Active-Unicast-Index
See Also set service-profile Specifies the static Wired-Equivalent Privacy (WEP) key (one of four) to wep active-unicast- use for encrypting unicast frames. index Syntax — name wep active-unicast-index num Defaults — If WEP encryption is enabled and WEP keys are defined, MAP radios use WEP key 1 to encrypt unicast frames, by default.
Page 390: Set Service-Profile Wep Key-Index
11: M HAPTER ANAGED set service-profile Sets the value of one of four static Wired-Equivalent Privacy (WEP) keys wep key-index for static WEP encryption. Syntax — Defaults — By default, no static WEP keys are defined. Access — Enabled. History —Introduced in MSS Version 3.0. Usage —...
Page 391: Set Service-Profile Wpa-Ie
set service-profile Enables the WPA information element (IE) in wireless frames. The WPA IE wpa-ie advertises the WPA authentication methods and cipher suites supported by radios in the radio profile mapped to the service profile. Syntax — Defaults — The WPA IE is disabled by default. Access —...
Page 392 11: M HAPTER ANAGED CCESS OINT OMMANDS...
Page 393: Stp Commands
Use Spanning Tree Protocol (STP) commands to configure and manage spanning trees on the virtual LANs (VLANs) configured on a wireless LAN switch or controller, to maintain a loop-free network. STP Commands by This chapter presents STP commands alphabetically. Use the following Usage table to locate commands in this chapter based on their use.
Page 394: Clear Spantree Portcost
Table 68 STP Commands by Usage (continued) clear spantree Resets to the default value the cost of a network port or ports on paths to portcost the STP root bridge in all VLANs on a WX switch. Syntax — Defaults — None. Access — Enabled.
Page 395: Clear Spantree Portpri
See Also clear spantree Resets to the default value the cost of a network port or ports on paths to portvlancost the STP root bridge for a specific VLAN on a wireless LAN switch, or for all VLANs. Syntax — vlan-id} clear spantree portpri port-list —...
Page 396: Clear Spantree Portvlanpri
12: STP C HAPTER OMMANDS Defaults — None. Access — Enabled. History —Introduced in MSS Version 3.0. Usage — MSS does not change a port’s cost for VLANs other than the one(s) you specify. Examples — The following command resets the STP cost for port 2 in VLAN sunflower: WX4400# clear spantree portvlancost 2 vlan sunflower success: change accepted.
Page 397: Clear Spantree Statistics
History —Introduced in MSS Version 3.0. Usage — MSS does not change a port’s priority for VLANs other than the one(s) you specify. Examples — The following command resets the STP priority for port 2 in VLAN avocado: WX4400# clear spantree portvlanpri 2 vlan avocado success: change accepted.
Page 398: Display Spantree
12: STP C HAPTER OMMANDS display spantree Displays STP configuration and port-state information. Syntax — [port-list | vlan vlan-id] [active] Defaults — None. Access — All. History —Introduced in MSS Version 3.0. Examples — The following command displays STP information for VLAN default: WX1200# display spantree vlan default VLAN...
Page 399 This WX switch’s hello interval. Bridge Forward Delay This WX switch’s forwarding delay value. Port Port number. Only network ports are listed. STP does not apply to 3Com Wireless LAN Managed Access Point AP2750 ports or wired authentication ports. Vlan VLAN ID.
Page 400: Display Spantree Backbonefast
12: STP C HAPTER OMMANDS Table 69 Output for display spantree (continued) See Also display spantree Indicates whether the STP backbone fast convergence feature is enabled backbonefast or disabled. Syntax — Defaults — None. Access — All. History —Introduced in MSS Version 3.0. Field Description Port-State...
Page 401: Display Spantree Blockedports
Examples — The following example shows the command output on a WX switch with backbone fast convergence enabled: WX4400# display spantree backbonefast See Also display spantree Lists information about wireless LAN switch ports that STP has blocked on blockedports one or all of its VLANs. Syntax — Defaults — None.
Page 402: Display Spantree Portfast
12: STP C HAPTER OMMANDS display spantree Displays STP uplink fast convergence information for all network ports or portfast for one or more network ports. Syntax — Defaults — None. Access — All. History —Introduced in MSS Version 3.0. Examples — The following command shows uplink fast convergence information for all ports: WX1200# display spantree portfast Port...
Page 403: Display Spantree Portvlancost
display spantree Shows the cost of a port on a path to the STP root bridge, for each of the portvlancost port’s VLANs. Syntax — Defaults — None. Access — All. History —Introduced in MSS Version 3.0. Examples — The following command shows the STP port cost of port 1: WX4400# display spantree portvlancost 1 port 1 VLAN 1 have path cost 19 See Also...
Page 404 12: STP C HAPTER OMMANDS Usage — The command displays statistics separately for each port. Examples — The following command shows STP statistics for port 1: WX4400# display spantree statistics 1 BPDU related parameters Port 1 spanning tree enabled for VLAN = 1 port spanning tree state port_id...
Page 405 topology change timer value hold timer hold timer value delay root port timer delay root port timer value delay root port timer restarted is VLAN based information & statistics spanning tree type spanning tree multicast address bridge priority bridge MAC address bridge hello time bridge forward delay topology change initiator:...
Page 406 MAC address of the root bridge. Total path cost to reach the root bridge. Bridge to which this switch forwards traffic away from the root bridge. STP port through which this switch forwards traffic away from the root bridge.
Page 407 Status of the topology change timer. This timer determines the time period during which configured BPDUs are transmitted with the topology change flag set by this WX switch when it is the root bridge, after detection of a topology change. topology change timer Current value of the topology change timer, in seconds.
Page 408 Value of the forwarding delay interval, in seconds, when this WX switch is the root or is attempting to become the root. Port number that initiated the most recent topology change.
Page 409: Display Spantree Uplinkfast
Table 71 Output for display spantree statistics (continued) See Also display spantree Shows uplink fast convergence information for one VLAN or all VLANs. uplinkfast Syntax — Defaults — None. Access — All. History —Introduced in MSS Version 3.0. Field Description dynamic max age Number of times the maximum age parameter was transition...
Page 410: Set Spantree
Table 72 Output for display spantree uplinkfast See Also set spantree Enables or disables STP on one VLAN or all VLANs configured on a WX switch. Syntax — [{all | vlan vlan-id | port port-list vlan-id}] Defaults — Disabled. Access — Enabled.
Page 411: Set Spantree Backbonefast
Enables or disables STP backbone fast convergence on a wireless LAN backbonefast switch. This feature accelerates a port’s recovery following the failure of an indirect link. CAUTION: The backbone fast convergence feature is not compatible with switches that are running standard IEEE 802.1D Spanning Tree implementations.
Page 412: Set Spantree Fwddelay
See Also set spantree hello Changes the interval between STP hello messages sent by a wireless LAN switch when operating as the root bridge, on one or all of its configured VLANs. Syntax — display spantree backbonefast on page 400 set spantree fwddelay delay {all | vlan vlan-id} —...
Page 413: Set Spantree Maxage
Changes the maximum age for an STP root bridge hello packet that is maxage acceptable to a wireless LAN switch acting as a designated bridge on one or all of its VLANs. After waiting this period of time for a new hello packet, the WX switch determines that the root bridge is unavailable and issues a topology change message.
Page 414: Set Spantree Portcost
Changes the cost that transmission through a network port or ports in portcost the default VLAN on a wireless LAN switch adds to the total cost of a path to the STP root bridge. Syntax — Defaults — The default port cost depends on the port speed and link type.
Page 415: Set Spantree Portfast
See Also set spantree Enables or disables STP port fast convergence on one or more ports on a portfast wireless LAN switch. Syntax — Defaults — STP port fast convergence is disabled by default. Access — Enabled. History —Introduced in MSS Version 3.0.
Page 416: Set Spantree Portpri
Changes the STP priority of a network port or ports for selection as part of the path to the STP root bridge in the default VLAN on a wireless LAN switch. Syntax — Defaults — The default STP priority for all network ports is 128.
Page 417: Set Spantree Portvlancost
Changes the cost of a network port or ports on paths to the STP root portvlancost bridge for a specific VLAN on a wireless LAN switch. Syntax — vlan vlan-id} Defaults — The default port cost depends on the port speed and link type.
Page 418: Set Spantree Portvlanpri
12: STP C HAPTER OMMANDS set spantree Changes the priority of a network port or ports for selection as part of portvlanpri the path to the STP root bridge, on one VLAN or all VLANs. Syntax — port-list priority value {all | vlan vlan-id} Defaults —...
Page 419: Set Spantree Priority
Changes the STP root bridge priority of a wireless LAN switch on one or priority all of its VLANs. Syntax — Defaults — The default root bridge priority for the switch on all VLANs is 32,768. Access — Enabled.
Page 420 12: STP C HAPTER OMMANDS History —Introduced in MSS Version 3.0. Usage — The uplink fast convergence feature is applicable to bridges that are acting as access switches to the network core (distribution layer) but are not in the core themselves. Do not enable the feature on WX switches that are in the network core.
Page 421: Nooping Commands
IGMP S Use Internet Group Management Protocol (IGMP) snooping commands to configure and manage multicast traffic reduction on a WX. Commands by This chapter presents IGMP snooping commands alphabetically. Use the usage Table 74 to locate commands in this chapter based on their use. Table 74 IGMP Commands by Usage NOOPING Type...
Page 422: Clear Igmp Statistics
HAPTER NOOPING clear igmp statistics Clears IGMP statistics counters on one VLAN or all VLANs on a wireless LAN switch and resets them to 0. Syntax — Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0.
Page 423 router information: Port Mrouter-IPaddr Mrouter-MAC ---- --------------- ----------------- ----- ----- 192.28.7.5 00:01:02:03:04:05 dvmrp Group Port Receiver-IP --------------- ---- --------------- ----------------- ----- 224.0.0.2 none 237.255.255.255 237.255.255.255 237.255.255.255 237.255.255.255 237.255.255.255 Querier information: Querier for vlan orange Port Querier-IP Querier-MAC ---- --------------- ----------------- ----- 1 193.122.135.178 00:0b:cc:d2:e9:b4 IGMP vlan member ports: 1, 2, 3 IGMP static ports: none...
Page 424 13: IGMP S HAPTER NOOPING Table 75 Output for display igmp Field VLAN IGMP is enabled (disabled) Proxy reporting Mrouter solicitation Querier functionality Configuration values (qi) Configuration values (oqi) Configuration values (qri) Configuration values (lmqi) Configuration values (rvalue) Multicast router information Port Mrouter-IPaddr...
Page 425 VLAN becomes a receiver. For example, the list can include a MAP access port that is not configured to be in the VLAN when a user associated with the 3Com Wireless LAN Managed Access Point AP2750 on that port becomes a receiver for a group.
Page 426: Display Igmp Mrouter
Displays the multicast routers in a WX’s subnet, on one VLAN or all mrouter VLANs. Routers are listed separately for each VLAN, according to the port number through which the wireless LAN switch can reach the router. Syntax — Defaults — None.
Page 427: Display Igmp Querier
Table 76 Output for display igmp mrouter See Also display igmp Shows information about the active multicast querier, on one VLAN or all querier VLANs. Queriers are listed separately for each VLAN. Each VLAN can have only one querier. Syntax — Defaults —...
Page 428 I am the querier for vlan default, time to next query is 20 The output indicates how many seconds remain before the pseudo-querier on the WX switch broadcasts the next general query report to IP address 224.0.0.1, the multicast all-systems group.
Page 429: Display Igmp Receiver-Table
See Also display igmp Displays the receivers to which a WX forwards multicast traffic. You can receiver-table display receivers for all VLANs, a single VLAN, or a group or groups identified by group address and network mask. Syntax — [group group-ip-addr/mask-length] Defaults —...
Page 430 13: IGMP S HAPTER NOOPING The following command lists all receivers for multicast groups 237.255.255.1 through 237.255.255.255, in all VLANs: WX1200# display igmp receiver-table group 237.255.255.0/24 VLAN: red Session Port Receiver-IP --------------- ---- --------------- ----------------- ----- 237.255.255.2 237.255.255.119 VLAN: green Session Port Receiver-IP --------------- ---- --------------- ----------------- -----...
Page 431: Display Igmp Statistics
display igmp Shows IGMP statistics. statistics Syntax — Defaults — None. Access — All. History — Introduced in MSS Version 3.0. Examples — The following command displays IGMP statistics for VLAN orange: WX1200# display igmp statistics vlan orange IGMP statistics for vlan orange: IGMP message type Received Transmitted Dropped ----------------- -------- ----------- ------- General-Queries...
Page 432 13: IGMP S HAPTER NOOPING Table 79 Output of display igmp statistics Field IGMP statistics for vlan IGMP message type Received Transmitted Dropped OMMANDS Description VLAN name. Statistics are listed separately for each VLAN. Type of IGMP message: General-Queries — General group membership queries sent by the multicast querier (multicast router or pseudo-querier).
Page 433: Set Igmp
Table 79 Output of display igmp statistics (continued) See Also set igmp Disables or reenables IGMP snooping on one VLAN or all VLANs on a wireless LAN switch. Syntax — History — Introduced in MSS Version 3.0. Examples — The following command disables IGMP snooping on VLAN...
Page 434: Set Igmp Lmqi
If there are no more receivers for the group, the WX switch also sends a leave message for the group to multicast routers. You can specify a value from 1 through 65,535.
Page 435: Set Igmp Mrouter
set igmp mrouter Adds or removes a port in a WX’s list of ports on which it forwards traffic to multicast routers. Static multicast ports are immediately added to or removed from the list of router ports and do not age out. Syntax —...
Page 436: Set Igmp Mrsol
13: IGMP S HAPTER NOOPING set igmp mrsol Enables or disables multicast router solicitation by a WX. Syntax — Defaults — Multicast router solicitation is disabled on all VLANs by default. Access — Enabled. History — Introduced in MSS Version 3.0. Examples —...
Page 437: Set Igmp Oqi
History — Introduced in MSS Version 3.0. Usage — A WX cannot become the querier unless the pseudo-querier feature is enabled on the WX switch. When the feature is enabled, the WX becomes the querier for a subnet so long as the WX does not receive a query message from a router with a lower IP address than the IP address of the WX in that subnet.
Page 438: Set Igmp Proxy-Report
13: IGMP S HAPTER NOOPING See Also set igmp Disables or reenables proxy reporting by a WX on one VLAN or all VLANs. proxy-report Syntax — Defaults — Proxy reporting is enabled on all VLANs by default. Access — Enabled. History —...
Page 439: Set Igmp Qi
— Number of seconds that elapse between general qi seconds queries sent by the WX when the WX switch is the querier for the subnet. You can specify a value from 1 through 65,535. — VLAN name or number. If you do not specify a vlan vlan-id VLAN, the timer change applies to all VLANs.
Page 440: Set Igmp Qri
13: IGMP S HAPTER NOOPING set igmp qri Changes the IGMP query response interval timer on one VLAN or all VLANs on a WX. Syntax — Defaults — The default query response interval is 100 tenths of a second (10 seconds). Access —...
Page 441: Set Igmp Querier
Defaults — The pseudo-querier is disabled on all VLANs by default. Access — Enabled. History — Introduced in MSS Version 3.0. Usage — 3Com recommends that you use the pseudo-querier only when the VLAN contains local multicast traffic sources and no multicast router is servicing the subnet.
Page 442: Set Igmp Rv
13: IGMP S HAPTER NOOPING Defaults — By default, no ports are static multicast receiver ports. Access — Enabled. History — Introduced in MSS Version 3.0. Usage — You cannot add MAP access ports or wired authentication ports as static multicast ports. However, MSS can dynamically add these port types to the list of multicast ports based on multicast traffic.
Page 443 set igmp rv See Also set igmp oqi on page 437 set igmp qi on page 439 set igmp qri on page 440...
Page 444 13: IGMP S HAPTER NOOPING OMMANDS...
Page 445: Security Acl Commands
(CoS) to define the priority of treatment for packet filtering. (Security ACLs are different from the location policy on a WX switch, which helps you locally control user access. For location policy commands, see “AAA Commands” on page 201.) Security ACL This chapter presents security ACL commands alphabetically.
Page 446: Clear Security Acl
14: S ACL C HAPTER ECURITY clear security acl Clears a specified security ACL, an access control entry (ACE), or all security ACLs, from the edit buffer. When used with the command commit security acl, clears the ACE from the running configuration. Syntax —...
Page 447: Clear Security Acl Map
Deletes the mapping between a security ACL and a virtual LAN (VLAN), one or more physical ports, or a virtual port. Or deletes all ACL maps to VLANs, ports, and virtual ports on a WX switch. Security ACLs are applied to users or groups dynamically via the Filter-Id attribute.
Page 448 — Name of an existing security ACL to clear. ACL names start with a letter and are case-insensitive. — Removes security ACL mapping from all physical ports, virtual ports, and VLANs on a WX switch. — VLAN name or number. MSS removes the security vlan vlan-id ACL from the specified VLAN.
Page 449: Commit Security Acl
To clear all physical ports, virtual ports, and VLANs on a WX switch of the ACLs mapped for incoming and outgoing traffic, type the following command: WX4400# clear security acl map all success: change accepted. See Also commit security acl Saves a security ACL, or all security ACLs, in the edit buffer to the running configuration and nonvolatile storage on the WX switch.
Page 450: Display Security Acl
14: S ACL C HAPTER ECURITY Examples — The following commands commit all the security ACLs in the edit buffer to the configuration, display a summary of the committed ACLs, and show that the edit buffer has been cleared: WX4400# commit security acl all configuration accepted WX4400# display security acl ACL table...
Page 451: Display Security Acl Hits
See Also display security acl Displays the number of packets filtered by security ACLs (“hits”) on the hits WX switch. Each time a packet is filtered by a security ACL, the hit counter increments. Syntax — Defaults — None. Access — Enabled.
Page 452: Display Security Acl Info
14: S ACL C HAPTER ECURITY Examples — To display the security ACL hits on a WX switch, type the following command: WX4400# display security acl hits ACL hit-counters Index Counter ----- -------------------- -------- See Also display security acl Displays the contents of a specified security ACL or all security ACLs that info are committed —...
Page 453: Display Security Acl Map
2. deny IP source IP 192.168.2.11 0.0.0.0 destination IP any 3. deny SRC source IP 192.168.1.234 255.255.255.255 enable-hits See Also display security acl Displays the VLANs, ports, and virtual ports on the WX switch to which a security ACL is assigned. Syntax — Defaults — None.
Page 454: Display Security Acl Resource-Usage
Access — Enabled. History — Introduced in MSS Version 3.0. Usage — Use this command with the help of 3Com to diagnose an ACL resource problem. (To obtain 3Com Technical Support, see “Obtaining Support for your Product” on page 637.)
Page 455 Examples — To display security ACL resource usage, type the following command: WX4400# display security acl resource-usage ACL resources Classifier tree counters ------------------------ Number of rules Number of leaf nodes Stored rule count Leaf chain count Longest leaf chain Number of non-leaf nodes Uncompressed Rule Count Maximum node depth Sub-chain count...
Page 456 14: S ACL C HAPTER ECURITY Table 81 Output of display security acl resource-usage Field Number of rules Number of leaf nodes Number of security ACL data entries stored in the rule tree. Stored rule count Leaf chain count Longest leaf chain Number of non-leaf nodes Uncompressed Rule...
Page 457 Security ACL mapping on the WX switch: True — Security ACLs are mapped. False — No security ACLs are mapped. No rules Security ACE rule mapping on the WX switch: True — No security ACEs are mapped. False — Security ACEs are mapped. Non-IP rules Non-IP security ACE mapping on the WX switch: True —...
Page 458: Rollback Security Acl
No VLAN or PORT Application of security ACLs to WX VLANs or ports on the mapping WX switch: True — No security ACLs are mapped to VLANs or ports. False — Security ACLs are mapped to VLANs or ports. No VPORT mapping...
Page 459: Set Security Acl
Examples — The following commands show the edit buffer before a rollback, clear any changes in the edit buffer to security acl_122, and show the edit buffer after the rollback: WX4400# display security acl info all editbuffer ACL edit-buffer information for all set security acl ip acl_122 (ACEs 3, add 3, del 0, modified 0) --------------------------------------------------------- 1.
Page 460 Numbers 0 through 9 Hyphen (-), underscore (_), and period (.) 3Com recommends that you do not use the same name with different capitalizations for ACLs. For example, do not configure two separate ACLs with the names acl_123 and ACL_123.
Page 461 0 or 3—Best effort. Packets are queued in MAP forwarding queue 3. 4 or 5—Video. Packets are queued in MAP forwarding queue 2. Use CoS level 4 or 5 for voice over IP (VoIP) packets other than SpectraLink Voice Priority (SVP). 6 or 7—Voice.
Page 462 14: S ACL C HAPTER ECURITY OMMANDS (For a complete list of TCP and UDP port numbers, see www.iana.org/assignments/port-numbers.) destination-ip-addr mask network or host to which the packet is being sent. Specify both address and mask in dotted decimal notation. For more information, see “Wildcard Masks”...
Page 463 Usage — The WX switch does not apply security ACLs until you activate them with the commit security acl command and map them to a VLAN, port, or virtual port, or to a user. If the WX switch is reset or restarted, any ACLs in the edit buffer are lost.
Page 464: Set Security Acl Map
Assigns a committed security ACL to a VLAN, physical port or ports, virtual port, or Distributed MAP on the WX switch. To assign a security ACL to a user or group in the local WX database, use the command set user attr, set mac-user attr, set usergroup attr, or set mac-usergroup attr with the Filter-Id attribute.
Page 465 MSS assigns the security ACL to the specified Distributed MAPs. — Assigns the security ACL to traffic coming into the WX switch. — Assigns the security ACL to traffic coming from the WX switch. Defaults — None.
Page 466: Set Security Acl Hit-Sample-Rate
14: S ACL C HAPTER ECURITY See Also set security acl Specifies the time interval, in seconds, at which the packet counter for hit-sample-rate each security ACL is sampled for display. The counter counts the number of packets filtered by the security ACL — or “hits.” Syntax —...
Page 467 Examples — The first command sets MSS to sample ACL hits every 15 seconds. The second and third commands display the results. The results show that 916 packets matching security acl_153 were sent since the ACL was mapped. WX4400# set security acl hit-sample-rate 15 WX4400# display security acl info acl_153 ACL information for acl_153 set security acl ip acl_153 (hits #3 916)
Page 468 14: S ACL C HAPTER ECURITY OMMANDS...
Page 469: Cryptography Commands
Depending on your network configuration, you must create keys and certificates to authenticate the WX switch to IEEE 802.1X wireless clients for which the WX switch performs authentication, and to 3Com wireless switch manager (3WXM) and Web Manager. Commands by This chapter presents cryptography commands alphabetically.
Page 470: Crypto Ca-Certificate
— Stores the certificate authority’s certificate that signed the admin administrative certificate for the WX switch. The administrative certificate authenticates the WX to 3Com wireless switch manager (3XWM) or Web Manager. — Stores the certificate authority’s certificate that signed the Extensible Authentication Protocol (EAP) certificate for the WX switch.
Page 471: Crypto Certificate
Installs one of the WX switch’s PKCS #7 certificates into the certificate and key storage area on the WX switch. The certificate, which is issued and signed by a certificate authority, authenticates the WX switch either to 3WXM or Web Manager, or to 802.1X supplicants (clients).
Page 472 WX switch certificate as a PKCS #7 object file. Then do the following: 1 Open the PKCS #7 object file with an ASCII text editor such as Notepad or vi.
Page 473: Crypto Generate Key
SSH requires an SSH authentication key, but you can allow MSS to generate it automatically. The first time an SSH client attempts to access the SSH server on a WX switch, the switch automatically generates a 1024-byte SSH key. If you want to use a 2048-byte key instead, use the crypto generate key ssh 2048 command to generate one.
Page 474: Crypto Generate Request
WX switch to WebAAA clients. Country Name string — (Optional) Specify the abbreviation for the country in which the WX switch is operating, in 2 alphanumeric characters with no spaces. State Name string — (Optional) Specify the abbreviation for the name of the state, in 2 alphanumeric characters with no spaces.
Page 475 Enter. When you are prompted, type the identifying values in the fields, or press Enter if the field is optional. You must enter a common name for the WX switch. This command outputs a PKCS #10 text string in Privacy-Enhanced Mail protocol (PEM) format that you paste to another location for submission to the certificate authority.
Page 476: Crypto Generate Self-Signed
— Generates an administrative certificate to authenticate the WX switch to 3WXM or Web Manager. — Generates an EAP certificate to authenticate the WX switch to 802.1X supplicants (clients). — Generates a WebAAA certificate to authenticate the WX switch to WebAAA clients.
Page 477 — (Optional) Specify the name of the — Specify a unique name for the WX switch, in — (Optional) Specify your email address, in up — (Optional) Specify any name, in up to...
Page 478: Crypto Otp
Microsoft Windows clients. The password must be the same as the password protecting the PKCS #12 object file. Note: On an WX switch that handles communications to and from Microsoft Windows clients, use a one-time password of 31 characters or fewer.
Page 479: Crypto Pkcs12
WX switch. 3Com recommends that you create a password that is memorable to you but is not subject to easy guesses or a dictionary attack. For best results, create a password of alphanumeric uppercase and lowercase characters.
Page 480 Examples — The following commands copy a PKCS #12 object file for an EAP certificate and key pair—and optionally the certificate authority’s own certificate—from a TFTP server to nonvolatile storage on the WX switch, create the one-time password hap9iN#ss, and unpack the PKCS #12 file: WX4400# copy tftp://192.168.253.1/2048full.p12 2048full.p12 success: received 637 bytes in 0.253 seconds [ 2517...
Page 481: Display Crypto Ca-Certificate
— Displays information about the certificate authority’s admin certificate that signed the administrative certificate for the WX switch. The administrative certificate authenticates the WX to 3WXM or Web Manager. — Displays information about the certificate authority’s certificate that signed the Extensible Authentication Protocol (EAP) certificate for the WX switch.
Page 482: Display Crypto Certificate
{admin | eap | web} admin — Displays information about the administrative certificate that authenticates the WX switch to 3WXM or Web Manager. — Displays information about the EAP certificate that authenticates the WX switch to 802.1X supplicants (clients).
Page 483: Display Crypto Key Ssh
Displays SSH authentication key information. This command displays the checksum (also called a fingerprint) of the public SSH authentication key. When you connect to the WX switch with an SSH client, you can compare the SSH key checksum displayed by the WX switch with the one displayed by the client to verify that you really are connected to the WX switch and not another device.
Page 484 15: C HAPTER RYPTOGRAPHY OMMANDS...
Page 485: Radius And
RADIUS Use RADIUS commands to set up communication between a WX switch and groups of up to four RADIUS servers for remote authentication, authorization, and accounting (AAA) of administrators and network users. Commands by This chapter presents RADIUS commands alphabetically. Use Table 85 to Usage locate commands in this chapter based on their uses.
Page 486: Clear Radius
— Number of seconds to wait for the RADIUS server to timeout respond before retransmitting. deadtime—0 (zero) minutes (The WX switch does not designate unresponsive RADIUS servers as unavailable.) key—No key retransmit—3 (the total number of attempts, including the first attempt) timeout—5 seconds...
Page 487: Clear Radius Client System-Ip
History —Introduced in MSS Version 3.0. Usage — The clear radius client system-ip command causes the WX switch to use the IP address of the interface through which it sends a RADIUS client request as the source IP address. The WX switch selects a source interface address based on information in its routing table as the source address for RADIUS packets leaving the switch.
Page 488: Clear Radius Proxy Client
Syntax — Defaults — None. Access — Enabled. History —Introduced in MSS 4.0. Examples — The following command clears all RADIUS proxy client entries from the switch: WX4400# clear radius proxy client all success: change accepted. See Also clear radius proxy Removes RADIUS proxy ports configured for third-party APs.
Page 489: Clear Radius Server
However, the members of the server group remain. clear radius server server-name — Name of a RADIUS server configured to perform server-name remote AAA services for the WX switch. display aaa on page 219 set radius server on page 494 clear server group group-name [load-balance] —...
Page 490: Set Radius
See Also set radius Configures global defaults for RADIUS servers that do not explicitly set these values themselves. By default, the WX switch automatically sets all these values except the password (key). Syntax — retransmit number | timeout seconds} Defaults —...
Page 491: Set Radius Client System-Ip
Causes all RADIUS requests to be sourced from the IP address specified by system-ip the set system ip-address command, providing a permanent source IP address for RADIUS packets sent from the WX switch. Syntax — Defaults — None. If you do not use this command, RADIUS packets leaving the WX have the source IP address of the outbound interface, which can change as routing conditions change.
Page 492: Set Radius Proxy Client
Adds a RADIUS proxy entry for a third-party AP. The proxy entry specifies client the IP address of the AP and the UDP ports on which the WX switch listens for RADIUS traffic from the AP. Syntax —...
Page 493: Set Radius Proxy Port
See the “Configuring AAA for Users of Third-Party APs” section in the “Configuring AAA for Network Users” chapter of the Wireless LAN Switch and Controller Configuration Enter a separate command for each SSID, and its tag value, you want the WX to support.
Page 494: Set Radius Server
— Number of minutes the WX switch waits after declaring an unresponsive RADIUS server unavailable before retrying that RADIUS server. Specify between 0 (zero) and 1440 minutes (24 hours). A zero value causes the switch to identify unresponsive servers as available. server-name...
Page 495 RADIUS server. To configure the server as a remote authenticator for the WX switch, you must add it to a server group with the set server group command. Do not use the same name for a RADIUS server and a RADIUS server group.
Page 496: Set Server Group
16: RADIUS HAPTER Examples — To set a RADIUS server named RS42 with IP address 198.162.1.1 to use the default accounting and authorization ports with a timeout interval of 30 seconds, two transmit attempts, 5 minutes of dead time, and a key string of keys4u, type the following command: WX1200# set radius server RS42 address 198.162.1.1 timeout 30 retransmit 2 deadtime 5 key keys4U See Also...
Page 497: Set Server Group Load-Balance
Do not use the same name for a RADIUS server and a RADIUS server group. Examples — To set server group shorebirds with members heron, egret, and sandpiper, type the following command: WX1200# set server group shorebirds members heron egret sandpiper success: change accepted.
Page 498 16: RADIUS HAPTER Examples — To enable load balancing between the members of server group shorebirds, type the following command: WX1200# set server group shorebirds load-balance enable success: change accepted. To disable load balancing between shorebirds server group members, type the following command: WX1200# set server group shorebirds load-balance disable success: change accepted.
Page 499: Commands By Usage
Use 802. IEEE X management commands to modify the default settings for IEEE 802.1X sessions on an WX switch. For best results, change the settings only if you are aware of a problem with the WX switch’s 802.1X performance. CAUTION: 802.1X parameter settings are global for all SSIDs configured on the switch.
Page 500: Clear Dot1X Bonded-Period
802.1X client on the machine to start (re)authentication for the user. When bonded authentication is enabled, it applies only to an 802.1X user whose authentication rule on the WX switch contains the bonded option. Syntax —...
Page 501: Clear Dot1X Max-Req
WX4400# clear dot1x max-req success: change accepted. See Also clear dot1x Resets all wired authentication ports on the WX switch to default 802.1X port-control authentication. Syntax — By default, all wired authentication ports are set to auto and they process authentication requests as determined by the set authentication dot1X command.
Page 502: Clear Dot1X Quiet-Period
17: 802.1X M HAPTER ANAGEMENT Usage — This command is overridden by the set dot1x authcontrol command. The clear dot1x port-control command returns port control to the method configured. This command applies only to wired authentication ports. Examples — Type the following command to reset the wired authentication port control: WX4400# clear dot1x port-control success: change accepted.
Page 503: Clear Dot1X Reauth-Max
clear dot1x Resets the maximum number of reauthorization attempts to the default reauth-max setting. Syntax — Defaults — The default is 2 attempts. Access — Enabled. History —Introduced in MSS Version 3.0. Examples — Type the following command to reset the maximum number of reauthorization attempts to the default: WX4400# clear dot1x reauth-max success: change accepted.
Page 504: Clear Dot1X Timeout Auth-Server
Resets to the default setting the number of seconds that must elapse supplicant before the WX switch times out an authentication session with a supplicant (client). Syntax — Defaults — The default for the authentication timeout sessions is 30 seconds.
Page 505: Clear Dot1X Tx-Period
Resets to the default setting the number of seconds that must elapse tx-period before the WX switch retransmits an EAP over LAN (EAPoL) packet. Syntax — Defaults — The default is 5 seconds. Access — Enabled. History —Introduced in MSS Version 3.0.
Page 506 17: 802.1X M HAPTER ANAGEMENT History —Introduced in MSS Version 3.0. Format of 802.1X authentication rule information in changed in MSS Version 3.2. The rules are still listed at the top of the display, but more information is shown for each rule. Examples —...
Page 507 802.1X parameter ---------------- supplicant timeout auth-server timeout quiet period transmit period reauthentication period maximum requests key transmission reauthentication authentication control WEP rekey period WEP rekey Bonded period port 5, authcontrol: auto, max-sessions: 16 port 6, authcontrol: auto, max-sessions: 1 port 7, authcontrol: auto, max-sessions: 1 port 8, authcontrol: auto, max-sessions: 1 Type the following command to display 802.1X statistics: WX4400# display dot1x stats...
Page 508: Set Dot1X Authcontrol
Syntax — OMMANDS Field Description Enters Connecting Number of times that the WX switch state transitions to the CONNECTING state from any other state. Logoffs While Number of times that the WX switch state transitions from Connecting CONNECTING to DISCONNECTED as a result of receiving an EAPoL-Logoff message.
Page 509: Set Dot1X Bonded-Period
Defaults — By default, authentication control for individual wired authentication is enabled. Access — Enabled. History —Introduced in MSS Version 3.0. Usage — This command applies only to wired authentication ports. Examples — To enable per-port 802.1X authentication on wired authentication ports, type the following command: WX4400# set dot1x authcontrol enable success: dot1x authcontrol enabled.
Page 510: Set Dot1X Key-Tx
802.1X reauthentication parameter or the RADIUS Session-Timeout parameter. 3Com recommends that you try 60 seconds, and change the period to a longer value only if clients are unable to authenticate within 60 seconds. The bonded authentication period applies only to 802.1X authentication rules that contain the bonded option.
Page 511: Set Dot1X Max-Req
Examples — Type the following command to enable key transmission: WX4400# set dot1x key-tx enable success: dot1x key transmission enabled. See Also set dot1x max-req Sets the maximum number of times the WX retransmits an EAP request to a supplicant (client) before ending the authentication session. Syntax —...
Page 512: Set Dot1X Port-Control
17: 802.1X M HAPTER ANAGEMENT set dot1x Determines the 802.1X authentication behavior on individual wired port-control authentication ports or groups of ports. Syntax — {forceauth | forceunauth | auto} port-list Defaults — By default, wired authentication ports are set to auto. Access —...
Page 513: Set Dot1X Quiet-Period
WX4400# set dot1x quiet-period 90 success: dot1x quiet period set to 90. See Also set dot1x reauth Determines whether the WX switch allows the reauthentication of supplicants (clients). Syntax — Defaults — Reauthentication is enabled by default. Access — Enabled.
Page 514: Set Dot1X Reauth-Max
17: 802.1X M HAPTER ANAGEMENT See Also set dot1x Sets the number of reauthentication attempts that the WX switch makes reauth-max before the supplicant (client) becomes unauthorized. Syntax — Defaults — The default number of reauthentication attempts is 2. Access — Enabled.
Page 515: Set Dot1X Reauth-Period
WX4400# set dot1x reauth-period 100 success: dot1x auth-server timeout set to 100. See Also set dot1x timeout Sets the number of seconds that must elapse before the WX switch times auth-server out a request to a RADIUS authentication server. Syntax —...
Page 516: Set Dot1X Timeout Supplicant
17: 802.1X M HAPTER ANAGEMENT See Also set dot1x timeout Sets the number of seconds that must elapse before the WX switch times supplicant out an authentication session with a supplicant (client). Syntax — Defaults — The default is 30 seconds.
Page 517: Set Dot1X Wep-Rekey
Examples — Type the following command to set the number of seconds before the WX switch retransmits an EAPoL packet to 300: WX4400# set dot1x tx-period 300 success: dot1x tx-period set to 300. See Also set dot1x Enables or disables Wired Equivalency Privacy (WEP) rekeying for wep-rekey broadcast and multicast encryption keys.
Page 518: Set Dot1X Wep-Rekey-Period
17: 802.1X M HAPTER ANAGEMENT set dot1x Sets the interval for rotating the WEP broadcast and multicast keys. wep-rekey-period Syntax — Defaults — The default is 1800 seconds (30 minutes). Access — Enabled. History —Introduced in MSS Version 3.0. Examples — Type the following command to set the WEP-rekey period to 300 seconds: WX4400# set dot1x wep-rekey-period 300 success: dot1x wep-rekey-period set to 300...
Page 519: Session Management Commands
{admin | console | — Clears sessions for all users with administrative access to the admin WX switch through a Telnet or SSH connection or a console plugged into the switch. — Clears sessions for all users with administrative access to console the WX switch through a console plugged into the switch.
Page 520 18: S HAPTER ESSION ANAGEMENT OMMANDS Defaults — None. Access — Enabled. History —Introduced in MSS Version 3.0. Examples — To clear all administrator sessions type the following command: WX4400# clear sessions admin This will terminate manager sessions, do you wish to continue? (y|n) [n]y To clear all administrative sessions through the console, type the following command: WX4400# clear sessions console...
Page 521: Clear Sessions Network
clear sessions Clears all network sessions for a specified username or set of usernames, network MAC address or set of MAC addresses, virtual LAN (VLAN) or set of VLANs, or session ID. Syntax — mac-addr-glob | vlan vlan-glob | session-id local-session-id} Defaults —...
Page 522: Display Sessions
WX1200# clear sessions network vlan red See Also display sessions Displays session information and statistics for all users with administrative access to the WX switch, or for administrative users with either console or Telnet access. Syntax — [client]} OMMANDS...
Page 523 — Displays sessions for all users with administrative access to telnet the WX switch through a Telnet connection. telnet client — Displays Telnet sessions from the CLI to remote devices. Defaults — None. Access — All, except for display sessions telnet client, which has enabled access.
Page 524 18: S HAPTER ESSION ANAGEMENT To view information about Telnet client sessions, type the following command: WX4400# display sessions telnet client Session ------- Table 89 describes the fields of the display sessions admin, display sessions console, and display sessions telnet displays. Table 89 display sessions admin, display sessions console, and display sessions telnet Output Field...
Page 525: Display Sessions Network
display sessions Displays summary or verbose information about all network sessions, or network network sessions for a specified username or set of usernames, MAC address or set of MAC addresses, VLAN or set of VLANs, or session ID. Syntax — [user user-glob | mac-addr mac-addr-glob | ssid ssid-name vlan vlan-glob | session-id session-id | wired] [verbose] Defaults —...
Page 526 18: S HAPTER ESSION ANAGEMENT History —Introduced in MSS Version 3.0. Output added to the display network sessions verbose command to indicate the user’s authorization attributes and whether they were supplied through AAA or through configured SSID defaults in a service profile in MSS Version 4.1. Usage —...
Page 527 EXAMPLE\Singh EXAMPLE\Havel 2 sessions match criteria (of 3 total) (Table 91 on page 528 describes the summary displays of display sessions network commands.) The following command displays detailed (verbose) session information about user nin@example.com: WX1200# display sessions network user nin@example.com verbose User Name ----------------------------- ----...
Page 528 18: S HAPTER ESSION ANAGEMENT (Table 92 on page 529 describes the additional fields of the verbose output of display sessions network commands.) The following command displays information about network session 27: WX1200# display sessions network session-id 27 Global Id: SESS-27-000430-835586-58dfe5a State: ACTIVE Port/Radio: 3/1 MAC Address: 00:00:2d:6f:44:77...
Page 529 IP address and port and radio numbers of the session’s current WX switch, the MAC address of the MAP access point, and the last update time. from IP address and port and radio numbers of the session’s previous WX switch, the MAC address of the MAP access point, and the last update time.
Page 530 WX switch in the Mobility Domain. ROAMING AWAY — The WX switch has been sent a request to transfer the user, who is roaming, to another WX switch. STATUS UPDATED — WX switch is receiving a final update from an MAP access point about the user, who has roamed away.
Page 531 Table 93 display sessions network session-id Output (continued) Field Description Session Assigned session timeout in seconds. Timeout Authentication Extensible Authentication Protocol (EAP) type used to authenticate Method the session user, and the IP address of the authentication server. Session Time the session statistics were last updated from the MAP access statistics as point, in seconds since a fixed standard date and time.
Page 532 18: S HAPTER ESSION ANAGEMENT OMMANDS...
Page 533: Rf Detection
A rogue access point is a BSSID (MAC address associated with an SSID) that does not belong to a 3Com switch and is not a member of the ignore list configured on the seed switch of the Mobility Domain.
Page 534: Clear Rfdetect Attack-List
19: RF D HAPTER ETECTION Table 94 RF Detection Commands by Usage (continued) clear rfdetect Removes a MAC address from the attack list. attack-list Syntax — Defaults — None. Access — Enabled. History —Introduced in MSS Version 4.0. Examples — The following command clears MAC address 11:22:33:44:55:66 from the attack list: wx4400# clear rfdetect attack-list 11:22:33:44:55:66 success: 11:22:33:44:55:66 is no longer in attacklist.
Page 535: Clear Rfdetect Black-List
See Also clear rfdetect Removes a MAC address from the client black list. black-list Syntax — Defaults — None. Access — Enabled. History —Introduced in MSS Version 4.0. Examples — The following command removes MAC address 11:22:33:44:55:66 from the black list: WX1200# clear rfdetect black-list 11:22:33:44:55:66 success: 11:22:33:44:55:66 is no longer blacklisted.
Page 536: Clear Rfdetect Ssid-List
19: RF D HAPTER ETECTION Examples — The following command removes BSSID aa:bb:cc:11:22:33 from the ignore list for RF scans: WX1200# clear rfdetect ignore aa:bb:cc:11:22:33 success: aa:bb:cc:11:22:33 is no longer ignored. See Also clear rfdetect Removes an SSID from the permitted SSID list. ssid-list Syntax —...
Page 537: Clear Rfdetect Vendor-List
clear rfdetect Removes an entry from the permitted vendor list. vendor-list Syntax — Defaults — None. Access — Enabled. History —Introduced in MSS Version 4.0. Examples — The following command removes client OUI aa:bb:cc:00:00:00 from the permitted vendor list: WX4400# clear rfdetect vendor-list client aa:bb:cc:00:00:00 success: aa:bb:cc:00:00:00 is no longer in client vendor-list.
Page 538: Display Rfdetect Black-List
19: RF D HAPTER ETECTION Examples — The following example shows the attack list on WX switch: WX1200# display rfdetect attack-list Total number of entries: 1 ----------------- ----------------- ------ ------------ 11:22:33:44:55:66 See Also display rfdetect Displays information abut the clients in the client black list.
Page 539: Display Rfdetect Clients
Client Mac Address: 00:0c:41:63:fd:6d, Vendor: Linksys Port: dap 1, Radio: 1, Channel: 11, RSSI: -82, Rate: 2, Last Seen (secs ago): Bssid: 00:0b:0e:01:02:00, Vendor: 3Com, Type: intfr, Dst: ff:ff:ff:ff:ff:ff Last Rogue Status Check (secs ago): 3 The first line lists information for the client. The other lines list information about the most recent 802.11 packet detected from the...
Page 540 19: RF D HAPTER ETECTION Table 95 display rfdetect clients Output Field Client MAC Client Vendor AP MAC AP Vendor Port/Radio/Channel Type Last seen Table 96 display rfdetect clients mac Output OMMANDS Description MAC address of the client. Company that manufactures or sells the client. MAC address of the radio with which the rogue client is associated.
Page 541: Display Rfdetect Countermeasures
History —Output no longer lists rogues for which countermeasures have not been started in MSS Version 4.0. Usage — This command is valid only on the seed switch of the Mobility Domain. Examples — The following example displays countermeasures status for...
Page 542: Display Rfdetect Counters
RF interference with MAP radios. known—Device that is a legitimate member of the network. Countermeasures MAC address of the 3Com radio sending countermeasures Radio MAC against the rogue. WX-IPaddr System IP address of the WX switch that is managing the MAP that is sending or will send countermeasures.
Page 543 Examples — The following command shows counters for rogue activity detected by a WX switch: WX4400# display rfdetect counters Type -------------------------------------------------- ------------ ------------ Rogue access points Interfering access points Rogue 802.11 clients Interfering 802.11 clients 802.11 adhoc clients Unknown 802.11 clients Interfering 802.11 clients seen on wired network...
Page 544: Display Rfdetect Data
To display rogue information for the entire Mobility Domain, use the display rfdetect mobility-domain command on the seed switch. Only one MAC address is listed for each 3Com radio, even if the radio is beaconing multiple SSIDs. Examples — The following command shows the devices detected by this...
Page 545 Classification of the rogue device: rogue—Wireless device that is not supposed to be on the network. The device has an entry in a WX switch’s FDB and is therefore on the network. intfr—Wireless device that is not part of your network but is not a rogue.
Page 546: Display Rfdetect Ignore
19: RF D HAPTER ETECTION display rfdetect Displays the BSSIDs of third-party devices that MSS ignores during RF ignore scans. MSS does not generate log messages or traps for the devices in the ignore list. Syntax — Defaults — None. Access —...
Page 547 Domain. To display rogue information for an individual switch, use the display rfdetect data command on that switch. Only rogues are listed. To display all devices detected, including 3Com radios, use the display rfdetect data command. Examples — The following example displays information about the...
Page 548 19: RF D HAPTER ETECTION BSSID: 00:0b:0e:00:7a:8a Vendor: 3Com SSID: 3com-webaaa Type: intfr Adhoc: no Crypto-types: clear 00:0b:0e:00:0a:6a 00:0b:0e:76:56:82 Two types of information are shown. The lines that are not indented show the BSSID, vendor, and information about the SSID. The indented lines that follow this information indicate the listeners (MAP radios) that detected the SSID.
Page 549 Classification of the rogue device: rogue—Wireless device that is not supposed to be on the network. The device has an entry in a WX switch’s FDB and is therefore on the network. intfr—Wireless device that is not part of your network but is not a rogue.
Page 550: Display Rfdetect Ssid-List
(WPA 104-bit WEP) wep40 (WPA 40-bit WEP) wep (non-WPA WEP) WX-IPaddress System IP address of the WX switch that detected the rogue. Port/Radio/Channel Port number, radio number, and channel number of the radio that detected the rogue. For a Distributed MAP, the connection number is labeled dap.
Page 551: Display Rfdetect Vendor-List
Examples — The following example shows the permitted SSID list on WX switch: WX4400# display rfdetect ssid-list Total number of entries: 3 ----------------- See Also display rfdetect Displays the entries in the permitted vendor list. vendor-list Syntax — Defaults — None.
Page 552: Display Rfdetect Visible
Access — Enabled. History —Introduced in MSS Version 3.0. Usage — If a 3Com radio is supporting more than one SSID, each of the corresponding BSSIDs is listed separately. To display rogue information for the entire Mobility Domain, use the display rfdetect mobility-domain command on the seed switch.
Page 553 546 -60 i----w r27-cisco1200-2 -82 i----w r116-cisco1200-2 -54 i----- -57 i----- public -86 i-t1-- 3Comwlan -85 ic---- 3com-ccmp -85 i-t--- 3com-tkip -83 i----w 3com-voip -85 i----- 3com-webaaa Description MAC address the rogue device that sent the 802.11 packet detected by the MAP radio.
Page 554: Set Rfdetect Active-Scan
Defaults — The attack list is empty by default. Access — Enabled. History —Introduced in MSS Version 4.0. Usage — The attack list applies only to the WX switch on which the list is configured. WX switches do not share attack lists. OMMANDS set rfdetect active-scan {enable | disable} —...
Page 555: Set Rfdetect Black-List
MSS. MSS can place a client in the black list due to an association, reassociation or disassociation flood from the client. The client black list applies only to the WX switch on which the list is configured. WX switches do not share client black lists.
Page 556: Set Rf Detect Countermeasures
Defaults — Countermeasures are disabled by default. Access — Enabled. History —Introduced in MSS Version 3.0. Usage — This command is valid only on the seed switch of the Mobility Domain. Examples — The following command enables countermeasures for the...
Page 557: Set Rfdetect Countermeasures Mac
This command is valid only on the seed switch of the Mobility Domain. The countermeasures take effect only if countermeasures are enabled for the Mobility Domain, using the set rfdetect countermeasures enable command.
Page 558: Set Rfdetect Ignore
19: RF D HAPTER ETECTION See Also set rfdetect ignore Configures a list of known devices to ignore during an RF scan. MSS does not generate log messages or traps for the devices in the ignore list. Syntax — Defaults — MSS reports all unknown BSSIDs detected during an RF scan. Access —...
Page 559: Set Rfdetect Log
Defaults — RF detection logging is enabled by default. Access — Enabled. History —Introduced in MSS Version 3.0. Usage — This command is valid only on the seed switch of the Mobility Domain. The log messages for rogues are generated only on the seed and appear only in the seed’s log message buffer.
Page 560: Set Rfdetect Signature
Enables MAP signatures. A MAP signature is a set of bits in a signature management frame sent by a MAP that identifies that MAP to MSS. If someone attempts to spoof management packets from a 3Com MAP, MSS can detect the spoof attempt. Syntax —...
Page 561: Set Rfdetect Vendor-List
Access — Enabled. History —Introduced in MSS Version 4.0. Usage — The permitted SSID list applies only to the WX switch on which the list is configured. WX switches do not share permitted SSID lists. If you add a device that MSS has classified as a rogue to the permitted SSID list, but not to the ignore list, MSS can still classify the device as a rogue.
Page 562 OUIs are on the list. Access — Enabled. History —Introduced in MSS Version 4.0. Usage — The permitted vendor list applies only to the WX switch on which the list is configured. WX switches do not share permitted vendor lists.
Page 563: File Management
Use file management commands to manage system files and to display software and boot information. Commands by This chapter presents file management commands alphabetically. Use Usage Table 102 to locate commands in this chapter based on their use. Table 102 File Management Commands by Usage ANAGEMENT Type Command...
Page 564: File Management Commands
Use the critical option if you want to back up or restore only the system-critical files required to operate and communicate with the switch. Use the all option if you also want to back up or restore WebAAA pages, backup configuration files, image files, and any other files stored in the user files area of nonvolatile storage.
Page 565 To make sure the archive contains the configuration that is currently running on the switch, use the save config command to save the running configuration to the boot configuration file, before using the backup command.
Page 566: Clear Boot Backup-Configuration
Access — Enabled. History —Introduced in MSS Version 3.0. Examples — The following commands back up the configuration file on an WX switch, reset the switch to its factory default configuration, and reboot the switch: WX4400# copy configuration tftp://10.1.1.1/backupcfg success: sent 365 bytes in 0.401 seconds [ 910 bytes/sec] WX4400# clear boot config success: Reset boot config to factory defaults.
Page 567: Copy
WX4400# reset system force ... rebooting ... See Also copy Performs the following copy operations: Syntax — display config on page 574 reset system on page 582 Copies a file from a TFTP server to nonvolatile storage. Copies a file from nonvolatile storage or temporary storage to a TFTP server.
Page 568 History —Introduced in MSS Version 3.0. Usage — The filename and file:filename URLs are equivalent. You can use either URL to refer to a file in an WX switch’s nonvolatile memory. The tftp://ip-addr/filename URL refers to a file on a TFTP server. If DNS is configured on the WX switch, you can specify a TFTP server’s hostname...
Page 569: Delete
WX4400# delete test-config success: file deleted. The following command copies file corpa-login.html from a TFTP server into subdirectory corpa in a WX switch’s nonvolatile storage: WX4400# copy tftp://10.1.1.1/corpa-login.html corpa/corpa-login.html success: received 637 bytes in 0.253 seconds [ 2517 bytes/sec] See Also delete Deletes a file.
Page 570: Dir
20: F HAPTER ANAGEMENT Examples — The following commands copy file testconfig to a TFTP server and delete the file from nonvolatile storage: WX4400# copy testconfig tftp://10.1.1.1/testconfig success: sent 365 bytes in 0.401 seconds [ 910 bytes/sec] WX4400# delete testconfig success: file deleted.
Page 571 Examples — The following command displays the files in the root directory: WX4400# dir =============================================================================== file: Filename file:configuration file:corp2:corp2cnfig corp_a/ file:dangcfg old/ file:pubsconfig-april062005 file:sysa_bak file:testback Total: 159 Kbytes used, 207663 Kbytes free =============================================================================== Boot: Filename boot0:mx040100.020 *boot1:mx040100.020 Boot0: Total: 9780 Kbytes used, 2460 Kbytes free Boot1: Total: 9796 Kbytes used, 2464 Kbytes free ===============================================================================...
Page 572 20: F HAPTER ANAGEMENT The following command limits the output to the contents of the user files area: WX4400# dir file: =============================================================================== file: Filename file:configuration file:corp2:corp2cnfig corp_a/ file:dangcfg dangdir/ file:pubsconfig-april062005 file:sysa_bak file:testback Total: 159 Kbytes used, 207663 Kbytes free The following command limits the output to the contents of the /tmp/core subdirectory: WX4400# dir core: ===============================================================================...
Page 573: Display Boot
History —Introduced in MSS Version 3.0. New fields, Configured boot version and Backup boot configuration added in MSS Version 4.0. Examples — The following command shows the boot information for a WX switch: WX1200# display boot Configured boot version: Configured boot image:...
Page 574: Display Config
Displays the configuration running on the WX switch. Syntax — OMMANDS Field Description Configured boot Software version the switch will run next time the software is version rebooted. Configured boot Boot partition and image filename MSS will use to boot next image time the software is rebooted.
Page 575 httpd ip-config mobility-domain portconfig portgroup radio-profile rfdetect service-profile snmp snoop spantree system trace vlan vlan-fdb If you do not specify a configuration area, nondefault information for all areas is displayed. — Includes configuration items that are set to their default values. Defaults —...
Page 576: Display Version
Examples — The following command displays version information for a WX switch: WX1200# display version Mobility System Software, Version: 4.1.0 QA 67 Copyright (c) 2002, 2003, 2004, 2005 3Com Corporation. All rights reserved. Build Information: (build#67) TOP 2005-07-21 04:41:00 Model:...
Page 577 The following command displays additional software build information and MAP access point information: WX1200# display version details Mobility System Software, Version: 4.1.0 QA 67 Copyright (c) 2002, 2003, 2004, 2005 3Com Corporation. All rights reserved. Build Information: (build#67) TOP 2005-07-21 04:41:00 Label: 4.1.0.67_072105_MX20...
Page 578: Load Config
CAUTION: This command completely removes the running configuration and replaces it with the configuration contained in the file. 3Com recommends that you save a copy of the current running configuration to a backup configuration file before loading a new configuration.
Page 579 If you do not specify a filename, MSS uses the same configuration filename that was used for the previous configuration load. For example, if the WX switch used configuration for the most recent configuration load, MSS uses configuration again unless you specify a different filename.
Page 580: Md5
20: F HAPTER ANAGEMENT Calculates the MD5 checksum for a file in the switch’s nonvolatile storage. Syntax — Defaults — None. Access — Enabled. History —Introduced in MSS Version 4.0. Usage — You must include the boot partition name in front of the filename.
Page 581 Examples — The following commands create a subdirectory called corp2 and display the root directory to verify the result: WX4400# mkdir corp2 success: change accepted. WX4400# dir =============================================================================== file: Filename file:configuration file:configuration.txt corp2/ corp_a/ file:dangcfg dangdir/ old/ Total: 33 Kbytes used, 207822 Kbytes free =============================================================================== Boot: Filename...
Page 582: Reset System
If the running configuration and configuration file do not match, MSS does not restart the WX switch but instead displays a message advising you to either save the configuration changes or use the force option.
Page 583: Restore
Access — Enabled. History —Introduced in MSS Version 3.2. Usage — If a file in the archive has a counterpart on the switch, the archive version of the file replaces the file on the switch. The restore command does not delete files that do not have counterparts in the archive. For example, the command does not completely replace the user files area.
Page 584: Rmdir
20: F HAPTER ANAGEMENT See Also rmdir Removes a subdirectory from nonvolatile storage. Syntax — Defaults — None. Access — Enabled. History —Introduced in MSS Version 3.0. Usage — MSS does not allow the subdirectory to be removed unless it is empty.
Page 585: Set Boot Backup-Configuration
Specifies the name of a backup configuration file to be used in the event backup-configuration that MSS cannot read the WX switch’s configuration file at boot time. Syntax — Defaults — By default, there is no backup configuration file.
Page 586: Set Boot Configuration-File
Defaults — The default configuration filename is configuration. Access — Enabled. History —Introduced in MSS Version 3.0. Usage — The file must be located in the switch’s nonvolatile storage. Examples — The following command sets the boot configuration file to testconfig1: WX4400# set boot configuration-file testconfig1 success: boot config set.
Page 587: Set Boot Partition
Specifies the boot partition in which to look for the system image file following the next system reset, software reload, or power cycle. Syntax — Defaults — By default, an WX switch uses the same boot partition for the next software reload that was used to boot the currently running image.
Page 588 20: F HAPTER ANAGEMENT OMMANDS...
Page 589: Trace Commands
MSS allows, type the set trace ? command. CAUTION: Using the set trace command can have adverse effects on system performance. 3Com recommends that you use the lowest levels possible for initial trace commands, and slowly increase the levels to get the data you need.
Page 590: Clear Log Trace
21: T HAPTER RACE OMMANDS clear log trace Deletes the log messages stored in the trace buffer. Syntax — Defaults — None. Access — Enabled. History —Introduced in MSS Version 3.0. Examples — To delete the trace log, type the following command: WX4400# clear log trace See Also clear trace...
Page 591: Display Trace
WX4400# clear trace sm success: clear trace sm See Also display trace Displays information about traces that are currently configured on the WX switch, or all possible trace options. Syntax — Defaults — None. Access — Enabled. History —Introduced in MSS Version 3.0.
Page 592: Save Trace
HAPTER RACE OMMANDS save trace Saves the accumulated trace data for enabled traces to a file in the WX switch’s nonvolatile storage. Syntax — Defaults — None. Access — Enabled. History —Introduced in MSS Version 3.0. Examples — To save trace data into the file trace1 in the subdirectory...
Page 593: Set Trace Authorization
Examples — The following command starts a trace for information about user jose’s authentication: WX4400# set trace authentication user jose success: change accepted. See Also set trace Traces authorization information. authorization Syntax — [port port-num] [user username] [level level] Defaults — The default trace level is 5. Access —...
Page 594: Set Trace Dot1X
21: T HAPTER RACE OMMANDS See Also set trace dot1x Traces 802.1X sessions. Syntax — Defaults — The default trace level is 5. Access — Enabled. History —Introduced in MSS Version 3.0. Examples — The following command starts a trace for the 802.1X sessions for MAC address 00:01:02:03:04:05: WX4400# set trace dot1x mac-addr 00:01:02:03:04:05: success: change accepted.
Page 595: Set Trace Sm
set trace sm Traces session manager activity. Syntax — [user username] [level level] Defaults — The default trace level is 5.a Access — Enabled. History —Introduced in MSS Version 3.0. Examples — Type the following command to trace session manager activity for MAC address 00:01:02:03:04:05: WX4400# set trace sm mac-addr 00:01:02:03:04:05: success: change accepted.
Page 596 21: T HAPTER RACE OMMANDS...
Page 597: Commands By Usage
Ethereal or Tethereal. (For more information, including setup instructions for the monitoring station, see the “Remotely Monitoring Traffic” section in the “Troubleshooting a WX Switch” chapter of the Controller Configuration Commands by This chapter presents snoop commands alphabetically. Use the following Usage table to locate commands in this chapter based on their use.
Page 598: Snoop Commands
22: S HAPTER NOOP OMMANDS clear snoop Deletes a snoop filter. Syntax — Defaults — None. Access — Enabled. History —Introduced in MSS Version 4.0. Examples — The following command deletes snoop filter snoop1: WX1200# clear snoop snoop1 See Also clear snoop map Removes a snoop filter from a MAP radio.
Page 599: Set Snoop
set snoop WX1200# clear snoop map snoop2 dap 3 radio 2 success: change accepted. The following command removes all snoop filter mappings from all radios: WX1200# clear snoop map all success: change accepted. See Also set snoop map on page 602 display snoop on page 604 display snoop map on page 605 Configures a snoop filter.
Page 600 If you do not specify a length, the entire packet is copied and sent to the observer. 3Com recommends specifying a snap length of 100 bytes or less. Do not specify an observer that is associated with the MAP where the snoop filter is running.
Page 601 The MAP that is running a snoop filter forwards snooped packets directly to the observer. This is a one-way communication, from the MAP to the observer. If the observer is not present, the MAP still sends the snoop packets, which use bandwidth. If the observer is present but is not listening to TZSP traffic, the observer continuously sends ICMP error indications back to the MAP.
Page 602: Set Snoop Map
22: S HAPTER NOOP OMMANDS set snoop map Maps a snoop filter to a radio on a Distributed MAP. A snoop filter does take effect until you map it to a radio and enable the filter. Syntax — Defaults — Snoop filters are unmapped by default. Access —...
Page 603: Set Snoop Mode
Usage — The filter mode is not retained if you change the filter configuration or disable and reenable the radio, or when the MAP or the WX switch is restarted. You must reenable the filter to place it back into effect.
Page 604: Display Snoop
Usage — To display the mappings for a specific MAP radio, use the display snoop map command. Examples — The following command shows the MAP radio mappings for all snoop filters configured on a WX switch: WX1200# display snoop Dap: 3...
Page 605: Display Snoop Map
Examples — The following command shows the snoop filters configured in the examples above: WX1200# display snoop info snoop1: snoop2: See Also display snoop map Shows the MAP radios that are mapped to a specific snoop filter. Syntax — Defaults — None. Access —...
Page 606: Display Snoop Stats
22: S HAPTER NOOP OMMANDS display snoop stats Displays statistics for enabled snoop filters. Syntax — | 2}]]] Defaults — None. Access — Enabled. History —Introduced in MSS Version 4.0. Usage — The MAP retains statistics for a snoop filter until the filter is changed or disabled.
Page 607 Table 109 describes the fields in this display. Table 109 display snoop stats Output Field Description Filter Name of the snoop filter. Distributed MAP containing the radio to which the filter is mapped. Radio Radio to which the filter is mapped. Rx Match Number of packets received by the radio that match the filter.
Page 608 22: S HAPTER NOOP OMMANDS...
Page 609: System Log Commands
Use the system log commands to record information for monitoring and troubleshooting. MSS system logs are based on RFC 3164, which defines the log protocol. Commands by This chapter present system log commands alphabetically. Use Table 110 Usage to locate commands in this chapter based on their use. Table 110 System Log Commands by Usage clear log Clears the log messages stored in the log buffer, or removes the...
Page 610: Display Log Buffer
23: S HAPTER YSTEM Access — Enabled. History — Introduced in MSS Version 3.0. Examples — To stop sending system logging messages to a server at 192.168.253.11, type the following command: WX4400# clear log server 192.168.253.11 success: change accepted. Type the following command to clear all messages from the log buffer: WX4400# clear log buffer success: change accepted.
Page 611 Usage — The debug level produces a lot of messages, many of which can appear to be somewhat cryptic. Debug messages are used primarily by 3Com for troubleshooting and are not intended for administrator use. Examples — Type the following command to see the facilities for which...
Page 612: Display Log Config
23: S HAPTER YSTEM See Also display log config Displays log configuration information. Syntax — Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0. Examples — To display how logging is configured, type the following command: WX4400# display log config Logging console: Logging console severity:...
Page 613: Display Log Trace
— Displays messages at a severity level greater than or equal to the level specified. Specify one of the following: emergency — The WX switch is unusable. alert — Action must be taken immediately. critical — You must resolve the critical conditions. If the conditions are not resolved, the WX can reboot or shut down.
Page 614: Set Log
23: S HAPTER YSTEM Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0. Examples — Type the following command to see the facilities for which you can view event messages archived in the buffer: WX4400# display log trace facility ? <facility name>...
Page 615 — Sets log parameters for trace files. trace severity severity-level than or equal to the level specified. Specify one of the following: emergency — The WX switch is unusable. — Action must be taken immediately. alert — You must resolve the critical conditions. If the critical conditions are not resolved, the WX can reboot or shut down.
Page 616: Set Log Mark
Configures MSS to generate mark messages at regular intervals. The mark messages indicate the current system time and date. 3Com can use the mark messages to determine the approximate time when a system restart or other event causing a system outage occurred.
Page 617 alert critical error warning notice info debug — Interval at which MSS generates the mark interval interval messages. You can specify from 1 to 2147483647 seconds. Defaults — Mark messages are disabled by default. When they are enabled, MSS generates a message at the notice level once every 300 seconds by default.
Page 618 23: S HAPTER YSTEM OMMANDS...
Page 619: Boot
CAUTION: Generally, boot prompt commands are used only for troubleshooting. 3Com recommends that you use these commands only when working with 3Com Technical Support to diagnose a system issue. In particular, commands that change boot parameters can interfere with a WX switch’s ability to boot successfully.
Page 620: Autoboot
Table 111 Boot Prompt Commands by Usage (continued) autoboot Displays or changes the state of the autoboot option. The autoboot option controls whether a WX switch automatically boots a system image after initializing the hardware, following a system reset or power cycle. Syntax —...
Page 621: Boot
— String up to 128 bytes of boot options to pass to the booted system image in addition to the boot option(s) in the currently active boot profile. The options are appended to the options already in the boot profile. Use this parameter only if advised to do so by 3Com. boot...
Page 622 All rights reserved. SYS Sep 29 21:45:36.849457 NOTICE Port 1 up 1000 Full Duplex SYSLOGD Sep 29 21:45:38.857125 ALERT SYSTEM_READY: The system has finished booting. (cause was "Warm Reboot") Copyright (c) 2004 3Com Corporation. All rights reserved. Username: See Also OMMANDS All rights reserved.
Page 623: Change
change Changes parameters in the currently active boot profile. (For information about boot profiles, see display on page 628.) Syntax — Defaults — The default boot type is c (compact flash). The default filename is default. The default flags setting is 0x00000000 (all flags disabled) and the default options list is run=nos;boot=0.
Page 624: Create
HAPTER ROMPT The following command enters the configuration mode for the currently active boot profile and configures the WX switch (in this example, an WXR100) to boot using a TFTP server: boot> change Changing the default configuration is not recommended.
Page 625: Delete
Usage — A WX switch can have up to four boot profiles. The boot profiles are stored in slots, numbered 0 through 3. When you create a new profile, the system uses the next available slot for the profile. If all...
Page 626: Dhcp
See Also dhcp Displays or changes the state of the DHCP option. The DHCP option controls whether a WX switch uses DCHP to obtain its IP address when it is booted using a TFTP server. Syntax — Defaults — The DHCP option is disabled by default.
Page 627: Diag
History —Introduced in MSS Version 3.0. Usage — Access to the diagnostic mode requires a password, which is not user configurable. Use this mode only if advised to do so by 3Com. Displays the boot code and system image files on a WX switch.
Page 628: Display
Internal Compact Flash Directory (Primary): See Also display Displays the currently active boot profile. A boot profile is a set of parameters that a WX switch uses to control the boot process. Each boot profile contains the following parameters: OMMANDS WXA30001.Rel Internal Compact Flash Directory (Secondary): WXA30001.Rel...
Page 629 A WX switch can have up to four boot profiles, numbered 0 through 3. Only one boot profile can be active at a time. You can create, change, and delete boot profiles. You also can activate another boot profile in place of the currently active one.
Page 630: Fver
24: B HAPTER ROMPT Table 112 Output of display command (continued) See Also fver Displays the version of a system image file installed in a specific location on a WX switch. Syntax — [filename] OMMANDS Field Description DEVICE Location of the system image file: c: —...
Page 631: Help
Defaults — None. Access — Boot prompt. History —Introduced in MSS Version 3.0. Usage — To display the image filenames, use the dir command. This command does not list the boot code versions. To display the boot code versions, use the version command. Examples —...
Page 632 24: B HAPTER ROMPT Examples — The following command displays detailed information for the fver command: boot> help fver fver Display the version of the specified device:filename. USAGE: fver [c:file|d:file|e:file|f:file|boot0:file|boot1:file| boot2:file|boot3:file] Command to display the version of the compressed image file associated with the given device:filename.
Page 633: Next
Access — Boot prompt. History —Introduced in MSS Version 3.0. Usage — A WX switch contains 4 boot profile slots, numbered 0 through 3. This command activates the boot profile in the next slot, in ascending numerical order. If the currently active slot is 3, the command activates the boot profile in slot 0.
Page 634: Reset
Examples — To activate the boot profile in the next slot and display the profile, type the following command: boot> next See Also reset Resets a WX switch’s hardware. Syntax — Defaults — None. Access — Boot prompt. History —Introduced in MSS Version 3.0.
Page 635: Test
Syntax — Defaults — The poweron test flag is disabled by default. Access — Boot prompt. History —Introduced in MSS Version 3.0. 3Com WX-4400 Bootstrap/Bootloader Version Compiled on Wed Sep 22 09:18:47 PDT 2004 by Bootstrap 0 version: Bootloader 0 version:...
Page 636: Version
The diagnostic execution flag is not set. See Also version Displays version information for a WX switch’s hardware and boot code. Syntax — Defaults — None. Access — Boot prompt. History —Introduced in MSS Version 3.0.
Page 637: Obtaining S Product
More information on 3Com maintenance and Professional Services is available at http://www.3com.com/ Contact your authorized 3Com reseller or 3Com for a complete list of the value-added services available in your area. BTAINING UPPORT FOR YOUR...
Page 638: Troubleshoot Online
A: O PPENDIX BTAINING Troubleshoot You will find support tools posted on the 3Com web site at Online http://www.3com.com/ 3Com Knowledgebase helps you troubleshoot 3Com products. This query-based interactive tool is located at http://knowledgebase.3com.com solutions written by 3Com support engineers.
Page 639: Contact Us
To send a product directly to 3Com for repair, you must first obtain a return authorization number (RMA). Products sent to 3Com, without authorization numbers clearly marked on the outside of the package, will be returned to the sender unopened, at the sender’s expense. If your...
Page 640 You can also obtain support in this region using the following URL: http://emea.3com.com/support/email.html Latin America Telephone Technical Support and Repair Antigua 1 800 988 2112 Argentina 0 810 444 3COM Aruba 1 800 998 2112 Bahamas 1 800 998 2112 Barbados...
Page 641 NDEX autoboot 620 boot 621 change 623 clear {ap | dap} radio 286 clear accounting 203 clear authentication admin 204 clear authentication console 205 clear authentication dot1x 206 clear authentication last-resort 207 clear authentication mac 208 clear authentication proxy 209 clear banner motd 38 clear boot backup- configuration 566 clear boot config 566...
Page 642 NDEX clear spantree portcost 394 clear spantree portpri 395 clear spantree portvlancost 395 clear spantree portvlanpri 396 clear spantree statistics 397 clear summertime 135 clear system 40 clear system countrycode 40 clear system ip-address 40, 136 clear system location 40 clear system name 40 clear timezone 136 clear trace 590...
Page 643 display rfdetect countermeasures 541 display rfdetect counters 542 display rfdetect data 544 display rfdetect ignore 546 display rfdetect mobility-domain 546 display rfdetect ssid-list 550 display rfdetect vendor-list 551 display rfdetect visible 552 display roaming station 106 display roaming vlan 108 display security 12-restrict 109 display security acl 450 display security acl editbuffer 450...
Page 644 NDEX set {ap | dap} radio tx-power 344 set {ap | dap} upgrade-firmware 346 set accounting {admin | console} 225 set accounting {dot1x | mac | web | last-resort} 227 set arp 158 set arp agingtime 159 set authentication admin 229 set authentication console 231 set authentication dot1x 233 set authentication last-resort 236...
Page 645 set radio-profile frag-threshold 358 set radio-profile long-retry 359 set radio-profile max-rx-lifetime 360 set radio-profile max-tx-lifetime 361 set radio-profile mode 362 set radio-profile preamble-length 364 set radio-profile rts-threshold 365 set radio-profile service-profile 366 set radio-profile short-retry 369 set radio-profile wmm 370 set radius 490 set radius client system-ip 491 set radius deadtime 490...
Page 646 NDEX set usergroup 261 set usergroup attr 261 set vlan name 116 set vlan port 117 set vlan tunnel-affinity 118 set web-portal 262 telnet 195 test 635 traceroute 197 version 636...

This manual is also suitable for:

Wx4400 Wxr100 3crwx440095a 3crwx120695a 3crwxr10095a