Page 1: Command Reference
Wireless LAN Mobility System Wireless LAN Switch and Controller Command Reference 3CRWX120695A, 3CRWX440095A http://www.3com.com/ Part No. 730-9502-0072, Revision A Published October 2004...
Page 2 3Com Corporation reserves the right to revise this documentation and to make changes in content from time 01752-3064 to time without obligation on the part of 3Com Corporation to provide notification of such revision or change. 3Com Corporation provides this documentation without warranty, term, or condition of any kind, either implied or expressed, including, but not limited to, the implied warranties, terms or conditions of merchantability, satisfactory quality, and fitness for a particular purpose.
Page 3: Table Of Contents
ONTENTS BOUT UIDE Conventions Documentation Documentation Comments SING THE OMMAND Overview CLI Conventions Command Prompts Syntax Notation Text Entry Conventions and Allowed Characters MAC Address Notation IP Address and Mask Notation User Globs, MAC Address Globs, and VLAN Globs Port Lists Virtual LAN Identification Command-Line Editing Keyboard Shortcuts...
Page 4 YSTEM ERVICE Commands by Usage clear banner motd clear history clear prompt clear system display banner motd display base-information display license display system help history set banner motd set confirm set length set license set prompt set system contact set system countrycode set system ip-address set system location set system name...
Page 5 reset port set dap set port set port-group set port name set port negotiation set port poe set port preference set port speed set port trap set port type ap set port type wired-auth VLAN C OMMANDS Commands by usage clear fdb clear vlan display fdb...
Page 6 clear ip telnet clear ntp server clear ntp update-interval clear snmp trap receiver clear summertime clear system ip-address clear timezone display arp display interface display ip alias display ip dns display ip https display ip route display ip telnet display ntp display snmp configuration display summertime display timedate...
Page 7 set ntp server set ntp update-interval set snmp community set snmp trap set snmp trap receiver set summertime set system ip-address set timedate set timezone telnet traceroute AAA C OMMANDS Commands by Usage clear accounting clear authentication admin clear authentication console clear authentication dot1x clear authentication last-resort clear authentication mac...
Page 8 set accounting {admin | console} set accounting {dot1x | mac | web} set authentication admin set authentication console set authentication dot1x set authentication last-resort set authentication mac set authentication web set location policy set mac-user set mac-user attr set mac-usergroup attr set mobility-profile set mobility-profile mode set user...
Page 9 display {ap | dap} group display {ap | dap} status display auto-tune attributes display auto-tune neighbors display dap connection display dap global display dap unconfigured display radio-profile display service-profile reset {ap | dap} set {ap | dap} bias set {ap | dap} blink set {ap | dap} group set {ap | dap} name set {ap | dap} radio antennatype...
Page 10 set radio-profile preamble-length set radio-profile rts-threshold set radio-profile service-profile set radio-profile short-retry set service-profile auth-dot1x set service-profile auth-fallthru set service-profile auth-psk set service-profile beacon set service-profile cipher-ccmp set service-profile cipher-tkip set service-profile cipher-wep104 set service-profile cipher-wep40 set service-profile psk-phrase set service-profile psk-raw set service-profile rsn-ie set service-profile shared-key-auth set service-profile ssid-name...
Page 11 display spantree portvlancost display spantree statistics display spantree uplinkfast set spantree set spantree backbonefast set spantree fwddelay set spantree hello set spantree maxage set spantree portcost set spantree portfast set spantree portpri set spantree portvlancost set spantree portvlanpri set spantree priority set spantree uplinkfast IGMP S NOOPING...
Page 12 ACL C ECURITY OMMANDS Security ACL Commands by Usage clear security acl clear security acl map commit security acl display security acl display security acl hits display security acl info display security acl map display security acl resource-usage hit-sample-rate rollback security acl set security acl set security acl map RYPTOGRAPHY...
Page 13 set server group set server group load-balance 802.1X M ANAGEMENT Commands by Usage clear dot1x bonded-period clear dot1x max-req clear dot1x port-control clear dot1x quiet-period clear dot1x reauth-max clear dot1x reauth-period clear dot1x timeout auth-server clear dot1x timeout supplicant clear dot1x tx-period display dot1x set dot1x authcontrol set dot1x bonded-period...
Page 14 RF D ETECTION OMMANDS Commands by Usage clear rfdetect countermeasures mac clear rfdetect ignore display rfdetect countermeasures display rfdetect data display rfdetect ignore display rfdetect mobility-domain display rfdetect visible set rfdetect active-scan set rf detect countermeasures set rfdetect countermeasures mac set rfdetect ignore set rfdetect log ANAGEMENT...
Page 15 display trace save trace set trace authentication set trace authorization set trace dot1x set trace sm YSTEM OMMANDS Commands by Usage clear log display log buffer display log config display log trace set log set log trace mbytes ROMPT OMMANDS Boot Prompt Commands by Usage autoboot boot...
Page 16 BTAINING UPPORT FOR YOUR RODUCT Register Your Product Purchase Value-Added Services Troubleshoot Online Access Software Downloads Telephone Technical Support and Repair Contact Us NDEX...
Page 17: Bout His Uide
This command reference explains Mobility System Software (MSS™) command line interface (CLI) that you enter on a 3Com WX1200 Wireless Switch or WX4400 Wireless LAN Controller to configure and manage the Mobility System™ wireless LAN (WLAN). Read this reference if you are a network administrator responsible for managing WX1200 or WX4400 wireless switches and their Managed Access Points (MAPs) in a network.
Page 18: Documentation
These notes provide information about the system software release, including new features and bug fixes. Wireless LAN Switch and Controller Quick Start Guide This guide provides instructions for performing basic setup of secure (802.1X) and guest (Web AAA) access, for configuring a Mobility Domain for roaming, and for accessing a sample network plan in 3WXM for advanced configuration and management.
Page 19: Documentation Comments
Please include the following information when contacting us: Example: Please note that we can only respond to comments and questions about 3Com product documentation at this e-mail address. Questions related to Technical Support or sales should be directed in the first instance to your network supplier.
Page 20 BOUT UIDE...
Page 21: Using The Command -Line Interface
Mobility System Software (MSS) operates a 3Com Mobility System wireless LAN (WLAN) consisting of 3Com Wireless Switch Manager (3WXM) software and 3Com Wireless LAN Switch or 3Com Wireless LAN Controller (WX switch) and 3Com Wireless LAN Managed Access Point (MAP) hardware. There is a command-line interface (CLI) on the WX switch that you can use to configure and manage the WX and its attached access points.
Page 22: Cli Conventions
After you become enabled as an administrative user by typing enable and supplying a suitable password, MSS displays the following prompt: WXmmmm# For information about changing the CLI prompt on a wireless LAN switch, see “set prompt” on page 50. Syntax Notation...
Page 23: Text Entry Conventions And Allowed Characters
MAC addresses, virtual LAN (VLAN) names, and ports in a single command. 3Com recommends that you do not use the same name with different capitalizations for VLANs or access control lists (ACLs). For example, do not configure two separate VLANs with the names red and RED.
Page 24: Ip Address And Mask Notation
Wildcard Masks Security access control lists (ACLs) use source and destination IP addresses and wildcard masks to determine whether the wireless LAN switch filters or forwards IP packets. Matching packets are either permitted or denied network access. The ACL checks the bits in IP addresses that correspond to any 0s (zeros) in the mask, but does not check the bits that correspond to 1s (ones) in the mask.
Page 25 Table 3 gives examples of user globs. Table 3 User Globs User Glob jose@example.com *@example.com *@marketing.example.com *.*@marketing.example.com All marketing users at example.com whose EXAMPLE\* EXAMPLE\*.* MAC Address Globs A media access control (MAC) address glob is a similar method for matching some authentication, authorization, and accounting (AAA) and forwarding database (FDB) commands to one or more 6-byte MAC addresses.
Page 26: Port Lists
You can include a single port or multiple ports in one MSS CLI command by using the appropriate list format. The ports on a WX switch are numbered 1 through 4 (for the 3Com Wireless LAN Controller WX4400) and 1 through 8 (for the 3Com Wireless Lan Switch WX1200).
Page 27: Virtual Lan Identification
Virtual LAN The names of virtual LANs (VLANs), which are used in Mobility Domain Identification communications, are set by you and can be changed. In contrast, VLAN ID numbers, which the wireless LAN uses locally, are determined when the VLAN is first configured and cannot be changed. Unless otherwise indicated, you can refer to a VLAN by either its VLAN name or its VLAN number.
Page 28: History Buffer
1: U HAPTER SING THE OMMAND Table 4 Keyboard Shortcuts (continued) Keyboard Shortcut(s) Ctrl+U or Ctrl+X Ctrl+W Esc B Esc D Delete key or Backspace key Erases mistake made during command entry. Reenter History Buffer The history buffer stores the last 63 commands you entered during a terminal session.
Page 29: Using Cli Help
Using CLI Help The CLI provides online help. To see the full range of commands available at your access level, type the help command. For example: WX1200# help Commands: ------------------------------------------------------------------------- clear commit copy crypto delete disable display exit help history hit-sample-rate load logout...
Page 30: Understanding Command Descriptions
To determine the port on which Telnet is running, type the following command: WX1200# display ip telnet Server Status ---------------------------------- Enabled Understanding Each command description in the 3Com Mobility System Software Command Command Reference contains the following elements: Descriptions NTERFACE display ip aliases display DNS status...
Page 31 Understanding Command Descriptions One or more examples of the command in context, with the appropriate system prompt and response. One or more related commands.
Page 32 1: U HAPTER SING THE OMMAND NTERFACE...
Page 33: Access Commands
Access Commands This chapter describes access commands used to control access to the Mobility Software System (MSS) command-line interface (CLI). Commands by This chapter presents access services commands alphabetically. Use Usage Table 5 to located commands in this chapter based on their use. Table 5 Access Commands by Usage disable Changes the CLI session from enabled mode to restricted access.
Page 34: Enable
Usage — MSS displays a password prompt to challenge you with the enable password. To enable a session, your or another administrator must have configured the enable password to this WX switch with the set enablepass command. Examples — The following command plus the enable password provides enabled access to the CLI for the current sessions: WX1200>...
Page 35: Set Enablepass
History — Introduced in MSS Version 3.0. Usage — After typing the set enablepass command, press Enter. If you are entering the first enable password on this WX switch, press Enter at the Enter old password prompt. Otherwise, type the old password.
Page 36 2: A HAPTER CCESS OMMANDS...
Page 37: Commands By Usage
Use system services commands to configure and monitor system information for a WX switch. Commands by This chapter presents system services commands alphabetically. Use Usage Table 6 to located commands in this chapter based on their use. Table 6 System Services Commands by Usage...
Page 38: Clear Banner Motd
Table 6 System Services Commands by Usage (continued) clear banner motd Deletes the message-of-the-day (MOTD) banner that is displayed before the login prompt for each CLI session on the wireless LAN switch. Syntax — Default — None. Access — Enabled.
Page 39: Clear Prompt
“set prompt” on page 50. (For information about default prompts, see “Command Prompts” on page 22.) clear system [contact | countrycode | ip-address | — Resets the name of contact person for the WX switch to contact null. — Resets the country code for the WX switch to null.
Page 40: Display Banner Motd
YSTEM ERVICE Default — None. Access — Enabled. History — Introduced in MSS Version 3.0. Examples — To clear the location of the WX switch, type the following command: WX4400# clear system location success: change accepted. See Also display banner...
Page 41: Display Base-Information
See Also display Provides an in-depth snapshot of the status of the wireless LAN switch, base-information which includes details about the boot image, the version, ports, and other configuration values. This command also displays the last 100 log messages. Syntax —...
Page 42: Display System
WX4400# display license Serial Number License Number License Key Activation key Feature Expires The additional ports refers to the number of additional MAPs the switch can boot and actively manage. See Also display system Shows system information. Syntax — Default — None.
Page 43 WX switch’s media access control (MAC) machine address set at the factory, in 6-byte hexadecimal format. License level installed on the WX switch (if applicable). Date and time of the last system reboot. Number of days, hours, minutes, and seconds that the WX has been operating since its last restart.
Page 44 OMMANDS Description Status of temperature sensors at three locations in the WX switch: ok — Temperature is within the acceptable range of 0° C to 50° C (32° F to 122° F). Alarm — Temperature is above or below the acceptable range.
Page 45: Help
Displays a list of commands that can be used to configure and monitor the WX switch. Syntax — Default — None. Access — All. History — Introduced in MSS Version 3.0. Examples — Use this command to see a list of available commands. If you have restricted access, you see fewer commands than if you have enabled access.
Page 46: History
[02] enable See Also set banner motd Configures the banner string that is displayed before the beginning of each login prompt for each CLI session on the WX switch. Syntax — Default — None. Access — Enabled. History — Introduced in MSS Version 3.0.
Page 47: Set Confirm
Usage — Type a caret (^), then the message, then another caret. Do not use the following characters with commands in which you set text to be displayed on the WX switch, such as message-of-the-day (MOTD) banners: Examples — To create a banner that says Update meeting at 3 p.m., type the following command: WX4400# set banner motd ^Update meeting at 3 p.m.^...
Page 48: Set Length
3: S HAPTER YSTEM ERVICE MSS displays a message requiring confirmation when you enter certain commands that can have a potentially large impact on the network. For example: WX4400# clear vlan red This may disrupt user connectivity. Do you wish to continue? (y/n) [n] Examples —...
Page 49: Set License
History — Introduced in MSS Version 3.0. Usage — The license key is shipped with the switch. To obtain the activation key, access the 3Com web site. Each license and activation key pair allows the switch to actively manage an additional 24 MAPs. You can install up to three upgrade license and activation key pairs, to actively manage up to 96 MAPs.
Page 50: Set Prompt
Changes the CLI prompt for the WX switch to a string you specify. Syntax — Default — The factory default for the WX switch name is the model number (WX1200 for the 3Com Wireless LAN Switch WX1200, WX4400 for the 3Com Wireless LAN Controller WX4400). Access — Enabled.
Page 51: Set System Contact
“set system location” on page 54 “set system name” on page 55 set system countrycode code — Two-letter code for the country of operation for the WX code switch. You can specify one of the codes listed in Table 8. Country Code Australia Austria...
Page 52 3: S HAPTER YSTEM ERVICE Table 8 Country Codes (continued) Country Belgium Brazil Canada China Czech Republic Denmark Finland France Germany Greece Hong Kong Hungary Iceland India Ireland Israel Italy Japan Liechtenstein Luxembourg Malaysia Mexico Netherlands New Zealand Norway Poland Portugal Saudi Arabia Singapore...
Page 53: Set System Ip-Address
Sets the system IP address so that it can be used by various services in the ip-address WX switch. CAUTION: Any currently configured Mobility Domain operations cease if you change the IP address. If you change the address, you must reset the Mobility Domain.
Page 54: Set System Location
Usage — You cannot include spaces in the system location string. To view the system location string, type the display system command. Examples — To store the location of the WX switch in the WX’s configuration, type the following command: WX4400# set system location first-floor-bldg3 success: change accepted.
Page 55: Set System Name
Default — By default, the system name and command prompt have the same value. The factory default for both is the model number (WX1200 for the 3Com Wireless LAN Switch WX1200, WX4400 for the 3Com Wireless LAN Controller WX4400). Access — Enabled.
Page 56 3: S HAPTER YSTEM ERVICE OMMANDS...
Page 57: Commands By Usage
Use port commands to configure and manage individual ports and load-sharing port groups. Commands by This chapter presents port commands alphabetically. Use Table 9 to locate Usage commands in this chapter based on their use. Table 9 Port Commands by Usage OMMANDS Type Command...
Page 58: Clear Dap
4: P HAPTER OMMANDS Table 9 Port Commands by Usage (continued) clear dap Removes a Distributed MAP. CAUTION: When you clear a Distributed MAP, MSS ends user sessions that are using the MAP. Syntax — Defaults — None. Access — Enabled. History —...
Page 59: Clear Port-Group
Access — Enabled. History — Introduced in MSS Version 3.0. Examples — The following command clears all port statistics counters and resets them to 0: WX4400# clear port counters success: cleared port counters See Also clear port-group Removes a port group. Syntax —...
Page 60: Clear Port Preference
Usage — This command applies only to the WX4400. This command does not affect a link that is already active on the port. Examples — The following command clears the preference set on port 2 on a WX4400 switch: WX4400# clear port preference 2 See Also “display port status”...
Page 61: Clear Port Type
clear port type Removes all configuration settings from a port and resets the port as a network port. CAUTION: When you clear a port, MSS ends user sessions that are using the port. Syntax — Defaults — The cleared port becomes a network port but is not placed in any VLANs.
Page 62: Display Port Counters
4: P HAPTER OMMANDS Examples — The following command clears port 5: WX1200# clear port type 5 This may disrupt currently authenticated users. Are you sure? (y/n) [n]y success: change accepted. See Also display port Displays port statistics. counters Syntax — [octets | packets | receive-errors | transmit-errors | collisions | receive-etherstats transmit-etherstats] [port port-list]...
Page 63: Display Port-Group
Examples — The following command shows octet statistics for port 3: WX1200> display port counters octets port 3 Port Status ============================================================================= This command’s output has the same fields as the monitor port counters command. For descriptions of the fields, see Table 16 on page 70.
Page 64: Display Port Poe
Defaults — None. Access — All. History — Introduced in MSS Version 3.0. Examples — The following command displays PoE information for all ports on a WX1200 switch: WX1200# display port poe Port ============================================================ Table 12 describes the fields in this display.
Page 65: Display Port Preference
Table 12 Output for display port poe (continued) See Also display port Displays the interface preferences set on WX4400 gigabit Ethernet ports. preference Syntax — Defaults — None. Access — All. History — Introduced in MSS Version 3.0. Usage — This command applies only to the WX4400. Field Description Link status...
Page 66: Display Port Status
4: P HAPTER OMMANDS Examples — The following command displays the preference settings on all four ports of a WX4400 switch: WX4400# display port preference Port =========================================================== Table 13 describes the fields in this display. Table 13 Output for display port preference...
Page 67 Examples — The following command displays information for all ports on a WX1200 switch: WX1200# display port status Port Name Admin =============================================================================== Table 14 describes the fields in this display. Table 14 Output for display port status Field Port Name...
Page 68: Monitor Port Counters
4: P HAPTER OMMANDS Table 14 Output for display port status (continued) See Also monitor port Displays and continually updates port statistics. counters Syntax — [octets | packets | receive-errors | transmit-errors | collisions | receive-etherstats | transmit-etherstats] Defaults — All types of statistics are displayed for all ports. MSS refreshes the statistics every 5 seconds.
Page 69 configured. Statistics types are displayed in the following order by default: Octets Packets Receive errors Transmit errors Collisions Receive Ethernet statistics Transmit Ethernet statistics Access — All. History — Introduced in MSS Version 3.0. Usage — Each type of statistic is displayed separately. Press the Spacebar to cycle through the displays for each type.
Page 70 4: P HAPTER OMMANDS As soon as you press Enter, MSS clears the window and displays statistics at the top of the window. Port Status =============================================================================== To cycle the display to the next set of statistics, press the Spacebar. In this example, packet statistics are displayed next: Port Status...
Page 71 Table 16 Output for monitor port counters (continued) Statistics Option Field packets Rx Unicast NonUnicast Tx Unicast NonUnicast receive-errors Rx Crc Rx Error Rx Short Rx Overrun transmit-errors Tx Crc Tx Short Tx Fragment Tx Abort monitor port counters Description Number of unicast packets received.
Page 72 4: P HAPTER OMMANDS Table 16 Output for monitor port counters (continued) Statistics Option Field collisions receive-etherstats transmit-etherstats Tx 64 See Also Single Coll Multiple Coll Total number of frames transmitted that Excessive Coll Total number of frames that experienced more Total Coll Rx 64 Rx 127...
Page 73: Reset Port
IEEE 802.11 country-specific regulations on the WX switch. See “set system countrycode” on page 51. For an MAP that is directly connected to the WX switch, use the set port type ap command to configure an MAP access port.
Page 74 4: P HAPTER OMMANDS The serial ID of the AP2750 might be preceded by 4 digits and a slash (example: 0100/). Do not enter these digits or the slash. Defaults — The default radio type for model MP-101 is 802.11b. The default radio type for model AP2750, MP-241, and MP-341, and for the For a WX4400, you can specify a number from 1 to 256.
Page 75 802.11b/g radios in models MP-52, MP-252, and MP-262, and MP-352, is 802.11g in regulatory domains that support 802.11g, or 802.11b in regulatory domains that do not support 802.11g. MAP radios configured for 802.11g also allow associations from 802.11b clients by default. To disable support for 802.11b associations, use the set radio-profile 11g-only command on the radio profile that contains the radio.
Page 76: Set Port
4: P HAPTER OMMANDS set port Administratively disables or reenables a port. Syntax — Defaults — All ports are enabled. Access — Enabled. History — Introduced in MSS Version 3.0. Usage — A port that is administratively disabled cannot send or receive packets.
Page 77 State of the group. Use on to enable the group — mode {on | off} or off to disable the group. The group is enabled by default. Defaults — Once configured, a group is enabled by default. Access — Enabled. History —...
Page 78: Set Port Name
History — Introduced in MSS Version 3.0. Usage — To simplify configuration and avoid confusion between a port’s number and its name, 3Com recommends that you do not use numbers as port names. Examples — The following command sets the name of port 7 to...
Page 79: Set Port Poe
CAUTION: When you set the port type for MAP use, you can enable PoE on the port. Use the WX switch’s PoE to power 3Com MAP access points only. If you enable PoE on ports connected to other devices, damage can result.
Page 80: Set Port Preference
4: P HAPTER OMMANDS Examples — The following command disables PoE on ports 4 and 5, which are connected to an MAP access point: WX1200# set port poe 4,5 disable If you are enabling power on these ports, they must be connected only to approved PoE devices with the correct wiring.
Page 81: Set Port Speed
Examples — The following command sets the preference of port 2 on a WX4400 to RJ-45 (copper): WX4400# set port preference 2 rj45 See Also set port speed Changes the speed of a port. Syntax — Defaults — All ports are set to auto. Access —...
Page 82: Set Port Type Ap
CAUTION: When you set the port type for MAP use, you must specify the PoE state (enable or disable) of the port. Use the WX switch’s PoE to power 3Com MAP access points only. If you enable PoE on a port connected to another device, physical damage to the device can result.
Page 83 WX switch. See “set system countrycode” on page 51. For an MAP that is indirectly connected to the WX switch through an intermediate Layer 2 or Layer 3 network, use the set dap command to configure a Distributed MAP.
Page 84 4: P HAPTER OMMANDS This option does not apply to single-radio models. The value 11g does not apply to model MP-101. Defaults — All WX ports are network ports by default. The default radio type for model MP-101 is 802.11b. The default radio type for model AP2750, MP-241, and MP-341, and for the 802.11b/g radios in models MP-52, MP-252, and MP-262, and MP-352, is 802.11g in regulatory domains that support 802.11g, or 802.11b in regulatory...
Page 85 This command does not apply to any gigabit Ethernet ports or to ports 7 and 8 on the WX1200 switch. To manage a MAP access point on a WX4400switch, use the set dap command to configure a Distributed MAP connection on the switch.
Page 86: Set Port Type Wired-Auth
OMMANDS See Also set port type Configures a WX switch port for a wired authentication user. wired-auth Before changing the port type from ap to wired-auth or from wired-auth to ap, you must reset the port with the clear port type command.
Page 87 Table 18 Wired Authentication Port Details Port Parameter Setting VLAN membership Removed from all VLANs. You cannot assign an MAP access port to a VLAN. MSS automatically assigns MAP access ports to VLANs based on user traffic. Spanning Tree Not applicable Protocol (STP) 802.1X Uses authentication parameters configured for users.
Page 88 4: P HAPTER OMMANDS...
Page 89: Commands By Usage
VLAN C Use virtual LAN (VLAN) commands to configure and manage parameters for individual port VLANs on network ports, and to display information about clients roaming within a mobility domain. Commands by This chapter presents VLAN commands alphabetically. Use Table 19 to usage locate commands in this chapter based on their use.
Page 90: Clear Fdb
5: VLAN C HAPTER OMMANDS clear fdb Deletes an entry from the forwarding database (FDB). Syntax — port port-list} [vlan vlan-id] [tag tag-value] Default — None. Access — Enabled. History — Introduced in MSS Version 3.0. Usage — You can delete forwarding database entries based on entry type, port, or VLAN.
Page 91: Clear Vlan
The following command clears all dynamic forwarding database entries that match all VLANs: WX4400# clear fdb dynamic success: change accepted. The following command clears all dynamic forwarding database entries that match ports 3 and 5: WX4400# clear fdb port 3,5 success: change accepted.
Page 92: Display Fdb
5: VLAN C HAPTER OMMANDS Usage — If you do not specify a port-list, the entire VLAN is removed from the configuration. You cannot delete the default VLAN but you can remove ports from it. To remove ports from the default VLAN, use the port port-list option. Examples —...
Page 93 perm out and remains in the database even after a reboot, reset, or power cycle. static is removed from the database after a reboot, reset, or power cycle. dynamic removed through aging or after a reboot, reset, or power cycle. system For example, the authentication protocols can add entries for wired and wireless authentication users.
Page 94: Display Fdb Agingtime
Note: This Class of Service (CoS) value is not associated with MSS quality of service (QoS) features. Destination Ports Wireless LAN switch port associated with the entry. A WX switch sends traffic to the destination MAC address through this port.
Page 95: Display Fdb Count
Default — None. Access — All. History — Introduced in MSS Version 3.0. Examples — The following command displays the aging timeout period for all VLANs: WX1200# display fdb agingtime VLAN 2 aging time = 600 sec VLAN 1 aging time = 300 sec Because the forwarding database aging timeout period can be configured only on an individual VLAN basis, the command lists the aging timeout period for each VLAN separately.
Page 96: Display Roaming Station
WX1200# display fdb count dynamic Total Matching Entries = 2 See Also display roaming Shows a list of the stations roaming to the wireless LAN switch through a station VLAN tunnel. Syntax — [vlan vlan-id] [peer Default — None.
Page 97: Display Roaming Vlan
Table 21 Output for display roaming station See Also display roaming Shows all VLANs in the mobility domain, the WX switches servicing the vlan VLANs, and their tunnel affinity values configured on each switch for the VLANs. Field Description User Name Name of the user.
Page 98: Display Tunnel
Table 22 describes the fields in the display. Table 22 Output for display roaming vlan See Also display tunnel Shows the tunnels from the wireless LAN switch where you type the command. Syntax — display roaming vlan 192.168.14.2 192.168.14.4 192.168.14.2...
Page 99: Display Vlan Config
Default — None. Access — Enabled History — Introduced in MSS Version 3.0. Examples — To display all tunnels from a WX switch to other WX switches in the Mobility Domain, type the following command. WX4400# display tunnel VLAN Local Address...
Page 100 5: VLAN C HAPTER OMMANDS Default — None. Access — All. History — Introduced in MSS Version 3.0. Examples — The following command displays information for VLAN burgundy: WX1200# display vlan config burgundy VLAN Name ---- ---------------- ------ ----- ----- ---------------- ----- ----- 2 burgundy Table 24 describes the fields in this display.
Page 101: Set Fdb
Virtual ports are tunnels to other WX switches in a mobility domain, and are listed as follows: t:ip-addr, where ip-addr is the system IP address of the WX switch at the other end of the tunnel. Note: This field can include MAP access ports and wired authentication ports, because MSS dynamically adds these ports to a VLAN when handling user traffic for the VLAN.
Page 102: Set Fdb Agingtime
5: VLAN C HAPTER OMMANDS Default — None. Access — Enabled. History — Introduced in MSS Version 3.0. Usage — You cannot add a multicast or broadcast address as a permanent or static FDB entry. Examples — The following command adds a permanent entry for MAC address 00:11:22:aa:bb:cc on ports 3 and 5 in VLAN blue: WX1200# set fdb perm 00:11:22:aa:bb:cc port 3,5 vlan blue success: change accepted.
Page 103: Set Vlan Name
VLAN 1. 3Com also recommends that you do not rename the default VLAN. You cannot use a number as the first character in a VLAN name. 3Com recommends that you do not use the same name with different capitalizations for VLANs.
Page 104: Set Vlan Port
VLAN the client is on, but is configured with a VLAN that has the same spelling but different capitalization, authorization for the client fails. For example, if the client is on VLAN red but the WX switch to which the client roams has VLAN RED instead, RADIUS authorization fails.
Page 105: Set Vlan Tunnel-Affinity
If you do specify a tag value, 3Com recommends that you use the same value as the VLAN number. MSS does not require the VLAN number and tag value to be the same but some other switches do. Examples — The following command assigns the name beige to VLAN...
Page 106 5: VLAN C HAPTER OMMANDS If more than one WX switch has the highest affinity value, MSS randomly selects one of the WX switches for the tunnel. Examples — The following command changes the VLAN affinity for VLAN beige to 10: WX4400# set vlan beige tunnel-affinity 10 success: change accepted.
Page 107: Commands
IP S Use IP services commands to configure and manage IP interfaces, management services, the Domain Name Service (DNS), Network Time Protocol (NTP), and aliases, and to ping a host or trace a route. Commands by This chapter presents IP services commands alphabetically. Use Table 25 Usage to locate commands in this chapter based on their use.
Page 108 6: IP S HAPTER ERVICES OMMANDS Table 25 IP Services Commands by Usage (continued) Type HTTPS Management “set ip https server” on page 139 IP Alias Time and Date SNMP Command “display ip https” on page 121 “set ip dns” on page 137 “set ip dns domain”...
Page 109: Clear Interface
Table 25 IP Services Commands by Usage (continued) clear interface Removes an IP interface. Syntax — Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0. Usage — If the interface you want to remove is configured as the system IP address, removing the address can interfere with system tasks that use the system IP address, including the following: Examples —...
Page 110: Clear Ip Alias
Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0. Examples — The following command removes the default DNS domain name from a WX switch: WX1200# clear ip dns domain Default DNS domain name cleared. See Also clear ip alias name —...
Page 111: Clear Ip Dns Server
Removes a DNS server from a WX switch configuration. Syntax — Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0. Examples — The following command removes DNS server 10.10.10.69 from a WX switch’s configuration: WX4400# clear ip dns server 10.10.10.69...
Page 112: Clear Ip Telnet
See Also clear ip telnet Resets the Telnet server’s TCP port number to its default value. A WX switch listens for Telnet management traffic on the Telnet server port. Syntax — Defaults — The default Telnet port number is 23.
Page 113: Clear Ntp Server
Removes an NTP server from a WX switch configuration. Syntax — Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0. Examples — The following command removes NTP server 192.168.40.240 from a WX switch configuration: WX4400# clear ntp server 192.168.40.240...
Page 114: Clear Snmp Trap Receiver
6: IP S HAPTER ERVICES OMMANDS Examples — To reset the NTP interval to the default value, type the following command: WX4400# clear ntp update-interval success: change accepted. See Also clear snmp trap Clears a single entry from the Simple Network Management Protocol receiver (SNMP) trap receiver table.
Page 115: Clear Summertime
Clears the summertime setting from a wireless LAN switch. Syntax — Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0. Examples — To clear the summertime setting from a WX switch, type the following command: WX1200# clear summertime success: change accepted. See Also clear system Clears the system IP address.
Page 116: Clear Timezone
Time (GMT). Syntax — Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0. Examples — To return the WX switch’s real-time clock to UTC, type the following command: WX4400# clear timezone success: change accepted. See Also...
Page 117: Display Arp
display arp Shows the ARP table. Syntax — Default — If you do not specify an IP address, the whole ARP table is displayed. Usage — All. History — Introduced in MSS Version 3.0. Examples — The following command displays ARP entries: WX4400# display arp ARP aging time: 1200 seconds Host...
Page 118: Display Interface
OMMANDS Table 26 Output for display arp (continued) See Also display interface Shows the IP interfaces configured on the wireless LAN switch. Syntax — Default — If you do not specify a VLAN ID, interfaces for all VLANs are displayed.
Page 119: Display Ip Alias
Table 27 Output for display interface See Also display ip alias Shows the IP aliases configured on the wireless LAN switch. Syntax — Default — If you do not specify an alias name, all aliases are displayed. Access — Enabled.
Page 120: Display Ip Dns
Table 28 describes the fields in this display. Table 28 Output for display ip alias See Also display ip dns Shows the DNS servers the wireless LAN switch is configured to use. Syntax — Default — None. Access — All.
Page 121: Display Ip Https
Default — None. Access — All. History — Introduced in MSS Version 3.0. Field Description Domain Name Default domain name configured on the WX switch DNS Status Status of the WX switch’s DNS client: Enabled Disabled IP Address IP address of the DNS server...
Page 122 Table 30 describes the fields in this display. Table 30 Output for display ip https Field HTTPS is enabled/disabled HTTPS is set to use port TCP port number on which the WX switch listens for Last 10 connections IP Address Last Connected Time Ago (s)
Page 123: Display Ip Route
WX switch’s VLANs has an interface in the gateway router’s subnet. If the WX switch has such an interface but the static route is still down, use the display vlan config command to check the state of the VLAN’s ports.
Page 124 The destination for the IP multicast route is MULTICAST. For static routes, the value Down means the WX switch does not have an interface to the destination’s next-hop router. To provide an interface, configure an IP interface that is in the same IP subnet as the next-hop router.
Page 125: Display Ip Telnet
Server Status State of the HTTPS server: Enabled Disabled Port TCP port number on which the WX switch listens for Telnet management traffic. “clear ip telnet” on page 112 “display ip https” on page 121 “set ip https server” on page 139 “set ip telnet”...
Page 126 ERVICES OMMANDS Default — None. Access — All. History — Introduced in MSS Version 3.0. Examples — To display NTP information for a WX switch, type the following command: WX4400> display ntp NTP client: enabled Current update-interval: 20(secs) Current time: Fri Feb 06 2004, 12:02:57 Timezone is set to 'PST', offset from UTC is -8:0 hours.
Page 127: Display Snmp Configuration
Table 33 Output for display ntp (continued) See Also display snmp Shows SNMP settings on a wireless LAN switch. configuration Syntax — Default — None. Access — All. History — Introduced in MSS Version 3.0. Field Description NTP Server IP address of the NTP server.
Page 128 6: IP S HAPTER ERVICES OMMANDS Examples — To display SNMP settings on a WX switch, type the following command: WX1200# display snmp configuration Snmp agent is enabled System Name: WX1200 System location: System contact: Table 34 describes the fields in this display.
Page 129: Display Summertime
Table 34 Output of display snmp configuration See Also display Shows a wireless LAN switch’s offset from its real-time clock. summertime Syntax — Default — There is no summertime offset by default. Access — All. History — Introduced in MSS Version 3.0.
Page 130: Display Timedate
Recurring : yes, starting at 2:00 am of first Sunday of April and ending at 2:00 am on last Sunday of October. See Also display timedate Shows the date and time of day currently set on a wireless LAN switch’s real-time clock. Syntax — Default — None.
Page 131: Display Timezone
Timezone set to 'pst', offset from UTC is -8 hours See Also ping Tests IP connectivity between a wireless LAN switch and another device. MSS sends an Internet Control Message Protocol (ICMP) echo packet to the specified WX switch and listens for a reply packet.
Page 132 Use the flood option sparingly. This option creates a lot of traffic and can affect other traffic on the network. Because the WX switch adds header information, the ICMP packet size is 8 bytes larger than the size you specify.
Page 133: Set Arp
Examples — The following command pings a WX switch that has IP address 10.1.1.1: WX1200# ping 10.1.1.1 PING 10.1.1.1 (10.1.1.1) from 10.9.4.34 : 56(84) bytes of data. 64 bytes from 10.1.1.1: icmp_seq=1 ttl=255 time=0.769 ms 64 bytes from 10.1.1.1: icmp_seq=2 ttl=255 time=0.628 ms 64 bytes from 10.1.1.1: icmp_seq=3 ttl=255 time=0.676 ms...
Page 134: Set Arp Agingtime
6: IP S HAPTER ERVICES OMMANDS Examples — The following command adds a static ARP entry that maps IP address 10.10.10.1 to MAC address 00:bb:cc:dd:ee:ff: WX1200# set arp static 10.10.10.1 00:bb:cc:dd:ee:ff success: added arp 10.10.10.1 at 00:bb:cc:dd:ee:ff on VLAN 1 See Also set arp agingtime Changes the aging timeout for dynamic ARP entries.
Page 135: Set Interface
set interface Configures an IP interface on a VLAN. Syntax — {ip-addr mask | ip-addr/mask-length} Defaults — None. Access — Enabled. History— Introduced in MSS Version 3.0. Usage — You can assign one IP interface to each VLAN. If an interface is already configured on the VLAN you specify, this command replaces the interface.
Page 136: Set Interface Status
6: IP S HAPTER ERVICES OMMANDS See Also set interface status Administratively disables or reenables an IP interface. Syntax — Defaults — IP interfaces are enabled by default. Access — Enabled. History— Introduced in MSS Version 3.0. Examples — The following command disables the IP interface on VLAN mauve: WX4400# set interface mauve status down success: set interface mauve to down...
Page 137: Set Ip Dns
Syntax — Defaults — DNS is disabled by default. Access — Enabled. History— Introduced in MSS Version 3.0. Examples — The following command enables DNS on a WX switch: WX1200# set ip dns enable Start DNS Client See Also “clear ip alias” on page 110 “display ip alias”...
Page 138: Set Ip Dns Domain
ERVICES OMMANDS set ip dns domain Configures a default domain name for DNS queries. The wireless LAN switch appends the default domain name to domain names or hostnames you enter in commands. Syntax — Defaults — None. Access — Enabled.
Page 139: Set Ip Https Server
Syntax — Defaults — None. Access — Enabled. Usage — You can configure a WX switch to use one primary DNS server and up to five secondary DNS servers. Examples — The following commands configure a WX switch to use a primary DNS server and two secondary DNS servers: WX1200# set ip dns server 10.10.10.50/24 primary...
Page 140: Set Ip Route
“set ip telnet” on page 146 “set ip telnet server” on page 146 set ip route {default | ip-addr mask | — Default route. A WX switch uses the default route if an default explicit route is not available for the destination.
Page 141 Before you add a static route, use the display interface command to verify that the WX switch has an IP interface in the same subnet as the route’s next-hop router. If not, the VLAN:Interface field of the display ip route command output shows that the route is down.
Page 142: Set Ip Snmp Server
HAPTER ERVICES OMMANDS The following command adds an explicit route from a WX switch to any host on the 192.168.4.x subnet through the local router 10.5.4.2, and gives the route a cost of 1: WX4400# set ip route 192.168.4.0 255.255.255.0 10.5.4.2 1 success: change accepted.
Page 143: Set Ip Ssh Absolute-Timeout
Changes the TCP port number on which a wireless LAN switch listens for Secure Shell (SSH) management traffic. CAUTION: If you change the SSH port number from an SSH session, MSS immediately ends the session. To open a new management session, you must configure the SSH client to use the new TCP port number.
Page 144: Set Ip Ssh Idle-Timeout
6: IP S HAPTER ERVICES OMMANDS Default — The absolute timeout is disabled by default. 3Com recommends using the idle timeout instead to close unused sessions. Access — Enabled. History — Introduced in MSS Version 3.0. Usage — If the idle timeout is disabled, MSS changes the default absolute timeout from 0 (disabled) to 60 minutes to prevent an abandoned session from remaining open indefinitely.
Page 145: Set Ip Ssh Server
Usage — You must generate an SSH encryption key to use SSH. The maximum number of SSH sessions supported on a WX switch is eight. If Telnet is also enabled, the WX switch can have up to eight Telnet or SSH sessions, in any combination, and one Console session.
Page 146: Set Ip Telnet
ERVICES OMMANDS set ip telnet Changes the TCP port number on which a wireless LAN switch listens for Telnet management traffic. CAUTION: f you change the Telnet port number from a Telnet session, MSS immediately ends the session. To open a new management session, you must Telnet to the WX switch with the new Telnet port number.
Page 147: Set Ntp
Access — Enabled. Usage — The maximum number of Telnet sessions supported on a WX switch is eight. If SSH is also enabled, the WX switch can have up to eight Telnet or SSH sessions, in any combination, and one console session.
Page 148: Set Ntp Server
RFC 1305, Network Time Protocol (Version 3) Specification, Implementation and Analysis. To use NTP, you also must enable the NTP client with the set ntp command. Examples — The following command configures a WX switch to use NTP server 192.168.1.5: WX4400# set ntp server 192.168.1.5 See Also “clear ntp server”...
Page 149: Set Ntp Update-Interval
See Also set snmp Names the SNMP read and read-write communities, which allow remote community wireless LAN switches to access management information base (MIB) objects on a WX switch. Syntax — comm-string Default — None. set ntp update-interval seconds — Number of seconds between queries. You can specify seconds from 16 through 1,024 seconds.
Page 150: Set Snmp Trap
OMMANDS Access — Enabled. History — Introduced in MSS Version 3.0. Usage — SNMP community strings are passed as clear text. 3Com recommends that you use strings that cannot easily be guessed by unauthorized users. Examples — The following command configures the read-write...
Page 151 Generated when an event with an Alert severity occurs. Generated when a WX switch returns to its normal state. Generated when the link is lost on a port. Generated when the link is detected on a port.
Page 152 See Also “clear snmp trap receiver” on page 114 “display snmp configuration” on page 127 Description Generated when the WX switch is initially able to contact a mobility domain seed member, or can contact the seed member after a timeout.
Page 153: Set Snmp Trap Receiver
WX4400# set snmp trap receiver 192.168.0.1 success: change accepted. See Also set summertime Offsets the real-time clock of a wireless LAN switch by +1 hour and returns it to standard time for daylight savings time or a similar summertime period that you set. Syntax —...
Page 154 6: IP S HAPTER ERVICES OMMANDS Default — If you do not specify a start and end time, the system implements the time change starting at 2:00 a.m. on the first Sunday in April and ending at 2:00 a.m. on the last Sunday in October, according to the North American standard.
Page 155: Set System Ip-Address
Default source IP address used in unsolicited communications such as AAA accounting reports and SNMP traps set system ip-address ip-addr — IP address, in dotted decimal notation. The address must ip-addr be configured on one of the WX switch’s VLANs. set system ip-address...
Page 156: Set Timedate
HAPTER ERVICES OMMANDS See Also set timedate Sets the time of day and date on the wireless LAN switch. Syntax — Default — None. Access — Enabled. History — Introduced in MSS Version 3.0. Usage — The day of week is automatically calculated from the day you set.
Page 157: Set Timezone
Sets the number of hours, and optionally the number of minutes, that the wireless LAN switch’s real-time clock is offset from Coordinated Universal Time (UTC). These values are also used by Network Time Protocol (NTP), if it is enabled.
Page 158: Telnet
Usage — To end a Telnet session from the remote device, press Ctrl+t or type quit or logout in the management session on the remote device. To end a client session from the local WX switch, use the clear sessions telnet client command.
Page 159: Traceroute
WX1200-remote> display vlan VLAN Name ---- ---------------- ------ ----- ----- ---------------- ----- ----- 1 default 3 red 10 backbone When the administrator presses Ctrl+t to end the Telnet connection, the management session returns to the local prompt: WX1200-remote> Session 0 pty tty2.d terminated tt name tty2.d WX1200# See Also traceroute...
Page 160 The rows are displayed in the order in which the hops occur, beginning with the hop closest to the WX switch. The row for a hop lists the total time in milliseconds for each ICMP packet to reach the router or host, plus the time for the ICMP Time Exceeded message to return to the host.
Page 161 hop count of 0 or 1. This can occur if the destination uses the maximum hop count value from the arriving packet as the maximum hop count in its ICMP reply. The reply does not arrive at the source until the destination receives a traceroute packet with a maximum hop count equal to the number of hops between the source and destination.
Page 162 6: IP S HAPTER ERVICES OMMANDS...
Page 163: Commands By Usage
AAA C Use authentication, authorization, and accounting (AAA) commands to provide a secure network connection and a record of user activity. Location policy commands override any virtual LAN (VLAN) or security ACL assignment by AAA or the local WX database to help you control access locally.
Page 164 7: AAA C HAPTER OMMANDS Table 37 AAA Commands by Usage (continued) Type Local Authorization for Password Users Local Authorization for MAC Users Web authorization Accounting AAA information Mobility Profiles Location Policy Command “set user” on page 217 “clear user” on page 176 “set user attr”...
Page 165: Clear Accounting
Web Manager. Syntax — clear accounting {admin | dot1x} {user-glob} — Users with administrative access to the WX switch through a admin console connection or through a Telnet or Web Manager connection. — Users with network access through the WX switch. Users...
Page 166: Clear Authentication Console
7: AAA C HAPTER OMMANDS Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0. Examples — The following command clears authentication for administrator Jose: WX4400# clear authentication admin Jose success: change accepted. See Also clear authentication Removes an authentication rule for administrative access through the console Console.
Page 167: Clear Authentication Dot1X
{ssid ssid-name | wired} — SSID name to which this authentication rule ssid ssid-name applies. — Clears a rule used for access over an WX switch’s wired wired-authentication port. — A single user or a set of users with 802.1X network user-glob access.
Page 168: Clear Authentication Last-Resort
“display aaa” on page 180 “set authentication dot1x” on page 193 clear authentication last-resort {ssid ssid-name | —SSID name to which this authentication rule ssid ssid-name applies. — Clears a rule used for access over an WX switch’s wired wired-authentication port.
Page 169: Clear Authentication Mac
{ssid ssid-name | wired} — SSID name to which this authentication rule ssid ssid-name applies. — Clears a rule used for access over an WX switch’s wired wired-authentication port. — A single user or set of users with access via a MAC mac-addr-glob address.
Page 170: Clear Authentication Web
{ssid ssid-name | wired} — SSID name to which this authentication rule ssid ssid-name applies. — Clears a rule used for access over an WX switch’s wired wired-authentication port. — A single user or a set of users with 802.1X network user-glob access.
Page 171: Clear Location Policy
WX4400# clear authentication web ssid research temp*@thiscorp.com See Also clear location policy Removes a rule from the location policy on a WX switch. Syntax — Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0.
Page 172: Clear Mac-User
OMMANDS See Also clear mac-user Removes a user profile from the local database on the WX switch, for a user who is authenticated by a MAC address. (To remove a user profile in RADIUS, see the documentation for your RADIUS server.) Syntax —...
Page 173: Clear Mac-User Group
Removes a user profile from a MAC user group in the local database on group the WX switch, for a user who is authenticated by a MAC address. (To remove a MAC user group profile in RADIUS, see the documentation for your RADIUS server.)
Page 174: Clear Mac-Usergroup
See Also clear Removes a user group from the local database on the WX switch, for a mac-usergroup group of users who are authenticated by a MAC address. (To delete a MAC user group in RADIUS, see the documentation for your RADIUS server.)
Page 175: Clear Mac-Usergroup Attr
Removes an authorization attribute from a MAC user group in the local mac-usergroup attr database on the WX switch, for a group of users who are authenticated by a MAC address. (To unconfigure an authorization attribute in RADIUS, see the documentation for your RADIUS server.)
Page 176: Clear Mobility-Profile
WX1200# clear mobility-profile Nin success: change accepted. See Also clear user Removes a user profile from the local database on the WX switch, for a user with a password. (To remove a user profile in RADIUS, see the documentation for your RADIUS server.) Syntax —...
Page 177: Clear User Attr
Removes an authorization attribute from the user profile in the local database on the WX switch, for a user with a password. (To remove an authorization attribute from a RADIUS user profile, see the documentation for your RADIUS server.) Syntax —...
Page 178: Clear Usergroup
See Also clear usergroup Removes a user group and its attributes from the local database on the WX switch, for users with passwords. (To delete a user group in RADIUS, see the documentation for your RADIUS server.) Syntax —...
Page 179: Clear Usergroup Attr
See Also clear usergroup attr Removes an authorization attribute from a user group in the local database on the WX switch. (To remove an authorization attribute in RADIUS, see the documentation for your RADIUS server.) Syntax —...
Page 180: Display Aaa
7: AAA C HAPTER OMMANDS See Also display aaa Displays all current AAA settings. Syntax — Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0. Examples — To display all current AAA settings, type the following command: WX4400# display aaa Default Values...
Page 181 RADIUS server is unresponsive before trying to reconnect with this server. During the dead time, the RADIUS server is ignored by the WX switch. The default is 0 minutes. Shared secret key, or password, used to authenticate to a RADIUS server.
Page 182: Display Accounting Statistics
See Also display accounting Displays the AAA accounting records for wireless users. The records are statistics stored in the local database on the WX switch. (To display RADIUS accounting records, see the documentation for your RADIUS server.) Syntax — Server Name of each RADIUS server currently active.
Page 183 Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0. Examples — To display the locally stored accounting records, type the following command: WX4400# display accounting statistics Sep 26 11:01:48 Acct-Status-Type=START Acct-Authentic=2 User-Name=geetha AAA_TTY_ATTR=2 Event-Timestamp=1064599308 Sept 26 12:50:21 Acct-Status-Type=STOP Acct-Authentic=2 User-Name=geetha AAA_TTY_ATTR=2 Acct-Session-Time=6513 Event-Timestamp=1064605821 Acct-Output-Octets=332 Acct-Input-Octets=61...
Page 184: Display Location Policy
Number of octets the WX switch has sent during the session. Acct-Input-Octets Number of octets the WX switch has received during the session. Acct-Output-Packets Number of packets the WX switch has sent during the session. Acct-Input-Packets Number of packets the WX switch has received during the session.
Page 185: Display Mobility-Profile
Examples — The following command displays the list of location policy rules in the location policy on an WX switch: WX4400 display location policy Id Clauses ---------------------------------------------------------------- 1) deny if user eq *.theirfirm.com 2) permit vlan guest_1 if vlan neq *.wodefirm.com 3) permit vlan bld4.tac inacl tac_24.in if user eq *.ny.wodefirm.com...
Page 186: Set Accounting {Admin | Console
A method can be one of the following: — Stores accounting records in the local database on the local WX switch. When the local accounting storage space is full, MSS overwrites older records with new ones. — Stores accounting records on one or more server-group-name Remote Authentication Dial-In User Service (RADIUS) servers.
Page 187: Set Accounting {Dot1X | Mac | Web
“clear accounting” on page 165 “display accounting statistics” on page 182 set accounting {dot1x | mac | web} {ssid ssid-name | — Users with network access through the WX switch who are dot1x authenticated by 802.1X. — Users with network access through the WX switch who are authenticated by MAC authentication —...
Page 188 A method can be one of the following: — Stores accounting records in the local database on the local WX switch. When the local accounting storage space is full, MSS overwrites older records with new ones. — Stores accounting records on one or more server-group-name Remote Authentication Dial-In User Service (RADIUS) servers.
Page 189: Set Authentication Admin
A method can be one of the following: — Uses the local database of usernames and user groups local on the WX switch for authentication. — Uses the defined group of RADIUS servers server-group-name for authentication. You can enter up to four names of existing RADIUS server groups as methods.
Page 190 The authentication method none allows access to the WX switch by an administrator. The fallthru authentication type none denies access to a network user. (See “set service-profile auth-fallthru”...
Page 191: Set Authentication Console
A method can be one of the following: — Uses the local database of usernames and user groups local on the WX switch for authentication. — Uses the defined group of RADIUS servers server-group-name for authentication. You can enter up to four names of existing RADIUS server groups as methods.
Page 192 MSS requires no username or password, by default. These users can press Enter at the prompts for administrative access. 3Com recommends that you change the default setting unless the WX switch is in a secure physical location.
Page 193: Set Authentication Dot1X
Configures authentication and defines how and where it is performed for dot1x specified wireless or wired authentication clients who use an IEEE 802.1X authentication protocol to access the network through the WX switch. Syntax — user-glob [bonded] protocol method1 [method2] [method3] [method4] “clear authentication console”...
Page 194 7: AAA C HAPTER OMMANDS EAP-MD5 does not work with Microsoft wired authentication clients. — Protocol used for authentication. Specify one of the protocol following: — Extensible Authentication Protocol (EAP) with eap-md5 message-digest algorithm 5. For wired authentication clients: Uses challenge-response to compare hashes Provides no encryption or integrity checking for the connection —...
Page 195 You can configure a rule either for wireless access to an SSID, or for wired access through a WX switch’s wired authentication port. If the rule is for wireless access to an SSID, specify the SSID name or specify any to match on all SSID names.
Page 196 If the user does not support 802.1X, MSS attempts to perform MAC authentication for the user. In this case, if the switch’s configuration contains a set authentication mac command that matches the SSID the user is attempting to access and the user’s MAC address, MSS uses the...
Page 197: Set Authentication Last-Resort
24.) You can configure a rule either for wireless access to an SSID, or for wired access through a WX switch’s wired authentication port. If the rule is for set authentication last-resort — SSID name to which this authentication rule ssid ssid-name applies.
Page 198 7: AAA C HAPTER OMMANDS wireless access to an SSID, specify the SSID name or specify any to match on all SSID names. If the rule is for wired access, specify wired instead of an SSID name. If you specify multiple authentication methods in the set authentication last-resort command, MSS applies them in the order in which they appear in the command, with these results: However, if local appears first, followed by a RADIUS server group, MSS...
Page 199: Set Authentication Mac
A method can be one of the following: — Uses the local database of usernames and user groups on local the WX switch for authentication. — Uses the defined group of RADIUS servers server-group-name for authentication. You can enter up to four names of existing RADIUS server groups as methods.
Page 200 WX database and sends an authentication request to the RADIUS server group. If the switch’s configuration contains a set authentication mac command that matches the SSID the user is attempting to access and the user’s MAC address, MSS uses the method specified by the command.
Page 201: Set Authentication Web
Configures an authentication rule to allow a user to log in to the network using a web page served by the WX switch. The rule can be activated if the user is not otherwise granted or denied access by 802.1X, or granted access by MAC authentication.
Page 202 You can configure a rule either for wireless access to an SSID, or for wired access through a WX switch’s wired authentication port. If the rule is for wireless access to an SSID, specify the SSID name or specify any to match on all SSID names.
Page 203: Set Location Policy
See Also set location policy Creates and enables the location policy on a WX switch. The location policy overrides normal AAA attributes, if any, and controls network access, VLAN access, and/or application of security ACL filters to wireless and wired users.
Page 204 — Name of an existing security ACL to apply to inacl inacl-name packets sent to the WX switch with characteristics that match the location policy rule. Optionally, you can add the suffix .in to the name.
Page 205 Access — Enabled. History — Introduced in MSS Version 3.0. Usage — Only a single location policy is allowed per WX switch. Once configured, the location policy becomes effective immediately. To disable location policy operation, use the clear location policy command.
Page 206: Set Mac-User
WX4400# set location policy permit vlan floor2 if port 1-2 See Also set mac-user Configures a user profile in the local database on the WX switch for a user who can be authenticated by a MAC address, and optionally adds the user to a MAC user group.
Page 207: Set Mac-User Attr
See Also set mac-user attr Assigns an authorization attribute in the local database on the WX switch to a user who is authenticated by a MAC address. (To assign authorization attributes through RADIUS, see the documentation for your RADIUS server.) Syntax —...
Page 208 7: AAA C HAPTER OMMANDS — Name and value of an attribute you are attribute-name value using to authorize the MAC user for a particular service or session characteristic. For a list of authorization attributes and values that you can assign to local users, see Table 40.
Page 209 Table 40 Authentication Attributes for Local Users Attribute Description encryption-type Type of encryption required for access by the client. Clients who attempt to use an unauthorized encryption method are rejected. end-date Date and time after which the user is no longer allowed to be on the network.
Page 210 If the Mobility Profile feature is page 214.) enabled, and a user is assigned the name of a Mobility Profile that does not exist on the WX switch, the user is denied access.
Page 211 One of the following numbers: 2—Framed; for network user access 6—Administrative; for administrative access to the WX switch, with authorization to access the enabled (configuration) mode. The user must enter the enable command to access the enabled mode.
Page 212 Virtual LAN (VLAN) Name of a VLAN that you want the assignment. user to use. The VLAN must be configured on an WX switch within On some RADIUS the Mobility Domain to which this WX servers, you might need switch belongs.
Page 213: Set Mac-Usergroup Attr
See Also set mac-usergroup Creates a user group in the local database on the WX switch for users attr who are authenticated by a MAC address, and assigns authorization attributes for the group. (To configure a user group and assign authorization attributes through RADIUS, see the documentation for your RADIUS server.)
Page 214: Set Mobility-Profile
See Also set mobility-profile Creates a Mobility Profile and specifies the MAP access point and/or wired authentication ports on the WX switch through which any user assigned to the profile is allowed access. Syntax — port-list}} | {dap {none | all | dap-num}} or session characteristic.
Page 215 The same Distributed MAP can be used in multiple Mobility Profile port lists. Defaults — No default Mobility Profile exists on the WX switch. If you do not assign Mobility Profile attributes, all users have access through all ports, unless denied access by other AAA servers or by access control lists (ACLs).
Page 216: Set Mobility-Profile Mode
See Also set mobility-profile Enables or disables the Mobility Profile feature on the WX switch. mode CAUTION: When the Mobility Profile feature is enabled, a user is denied access if assigned a Mobility-Profile attribute in the local WX switch database or RADIUS server when no Mobility Profile of that name exists on the WX switch.
Page 217: Set User
See Also set user Configures a user profile in the local database on the WX switch for a user with a password. (To configure a user profile in RADIUS, see the documentation for your RADIUS server.) Syntax — Defaults — None.
Page 218: Set User Attr
OMMANDS See Also set user attr Configures an authorization attribute in the local database on the WX switch for a user with a password. (To assign authorization attributes in RADIUS, see the documentation for your RADIUS server.) Syntax — Defaults — None.
Page 219: Set User Group
See Also set usergroup Creates a user group in the local database on the WX switch for users and assigns authorization attributes for the group. (To create user groups and assign authorization attributes in RADIUS, see the documentation for your RADIUS server.) Syntax —...
Page 220: Set Web-Aaa
VLAN crimson: WX4400# set usergroup cardiology vlan-name crimson success: change accepted. See Also set web-aaa Globally enables or disables Web AAA on an WX switch. Syntax — Defaults — Enabled. Access — Enabled. History — Introduced in MSS Version 3.0.
Page 221 If you want to use a customized login page instead of the default login page, the page must be installed in the user files area of the switch’s nonvolatile storage and the service profile must specify the path and filename.
Page 222 7: AAA C HAPTER OMMANDS...
Page 223: Commands By Usage
(client). One WX switch acts as a seed switch, which maintains and distributes a list of IP addresses of the domain members. 3Com recommends that you run the same MSS version on all the WX switches in a Mobility Domain. Commands by This chapter presents Mobility Domain commands alphabetically.
Page 224: Clear Mobility-Domain Member
Access — Enabled. History — Introduced in MSS Version 3.0. Usage — This command has no effect if the WX switch is not configured as part of a Mobility Domain. Examples — To clear a Mobility Domain from a WX switch within the...
Page 225: Display Mobility-Domain Config
Examples — The following command clears a Mobility Domain member with the IP address 192.168.0.1: WX1200# clear mobility-domain member 192.168.0.1 See Also display Displays the configuration of the Mobility Domain. mobility-domain Syntax — config Defaults — None. Access — Enabled. History —...
Page 226: Set Mobility-Domain Member
Table 42 describes the fields in the display. Table 42 display mobility-domain Output See Also On the seed WX switch, adds a member to the list of Mobility Domain mobility-domain members. If the current WX switch is not configured as a seed, this member command is rejected.
Page 227: Set Mobility-Domain Mode Member Seed-Ip
WX4400# set mobility-domain member 192.168.1.10 success: change accepted. See Also On a nonseed WX switch, sets the IP address of the seed WX switch. This mobility-domain command is used on a member WX to configure it as a member. If the...
Page 228: Set Mobility-Domain Mode Seed Domain-Name
WX4400# set mobility-domain mode member seed-ip 192.168.1.8 mode is: member seed IP is: 192.168.1.8 See Also Creates a Mobility Domain by setting the current WX switch as the seed mobility-domain device and naming the Mobility Domain. mode seed Syntax —...
Page 229: Map Access Point Commands By Usage
Be sure to do the following before using the commands: CAUTION: Changing the system country code after MAP configuration disables MAP access points and deletes their configuration. If you change the country code on a WX switch, you must reconfigure all MAP access points. MAP Access Point This chapter presents MAP access point commands alphabetically.
Page 230 9: M HAPTER ANAGED CCESS Table 43 Map Access Point Commands by Usage (continued) Type Radio Properties Authentication and Encryption RF Auto-Tuning OINT OMMANDS Command “set service-profile ssid-type” on page 307 “set service-profile beacon” on page 299 “set radio-profile 11g-only” on page 275 “set radio-profile beacon-interval”...
Page 231 Table 43 Map Access Point Commands by Usage (continued) Type Command “set radio-profile auto-tune channel-interval” on page 278 “set radio-profile auto-tune power-backoff- timer” on page 279 “set radio-profile auto-tune power-config” on page 280 “set radio-profile auto-tune power-interval” on page 281 “set {ap | dap} radio auto-tune max-power”...
Page 232: Clear {Ap | Dap} Radio
9: M HAPTER ANAGED CCESS clear {ap | dap} Disables an MAP radio and resets it to its factory default settings. radio Syntax — all} Defaults — The clear ap radio command resets the radio to the default settings listed in Table 44 and in Table 57 on page 287. Table 44 Radio-Specific Parameters Access —...
Page 233: Clear Radio-Profile
This command does not affect the PoE setting. Examples — The following command disables and resets radio 2 on the MAP access point connected to port 3: WX1200# clear ap 3 radio 2 See Also clear radio-profile Removes a radio profile or resets one of the profile’s parameters to its default value.
Page 234: Display {Ap | Dap} Config
9: M HAPTER ANAGED CCESS History — Introduced in MSS Version 3.0. Usage — If you specify a parameter, the setting for the parameter is reset to its default value. The settings of the other parameters are unchanged and the radio profile remains in the configuration. If you do not specify a parameter, the entire radio profile is deleted from the configuration.
Page 235 Description WX port number. Note: This field is applicable only if the MAP is directly connected to the WX switch and the WX switch’s port is configured as a MAP access port. Connection ID for the Distributed MAP. Note: This field is applicable only if the MAP is configured on the WX switch as a Distributed MAP.
Page 236 9: M HAPTER ANAGED CCESS Table 45 Output for display ap config (continued) Field AP model bias name boot-download- enable load balancing group Names of the MAP load-balancing groups to which the MAP Radio type mode channel antennatype tx pwr profile OINT OMMANDS...
Page 237 Table 45 Output for display ap config (continued) Field Description auto-tune Maximum power level the RF Auto-Tuning feature can set on max-power the radio. The value default means RF Auto-Tuning can set the power up to the maximum level allowed for the country of operation.
Page 238: Display {Ap | Dap} Counters
9: M HAPTER ANAGED CCESS display {ap | dap} Displays MAP access point and radio statistics counters. counters Syntax — Syntax — Defaults — None. Access — All. History — Introduced in MSS Version 3.0. Usage — To display statistics counters and other information for individual user sessions, use the display sessions network command.
Page 239 11.0: 8016 2590353 TOTL: 543705 52742 40087331 4445625 684050 17552381 Table 46 describes the fields in this display. Table 46 Output for display ap counters Field Port radio LastPktXferRate NumCntInPwrSave LastPktRxSigStrength Signal strength, in dBm, of the last packet received by the LastPktSigNoiseRatio TKIP Pkt Transfer Ct TKIP Pkt Replays...
Page 240: Display {Ap | Dap} Etherstats
Physical layer (PHY) errors. “display sessions network” on page 440 display {ap | dap} etherstats [port-list | dap-num] — List of WX switch ports directly connected to the MAPs port-list for which to display counters. — Number of a Distributed MAP for which to display dap-num counters.
Page 241 RxShortFrames: RxCrcErrors: RxOverruns: RxDiscards: Table 47 describes the fields in this display. Table 47 Output of display ap etherstats Field Description RxUnicast Number of unicast frames received. RxMulticast Number of multicast frames received. RxBroadcast Number of broadcast frames received. RxGoodFrames Number of frames received properly from the link.
Page 242: Display {Ap | Dap} Group
9: M HAPTER ANAGED CCESS Table 47 Output of display ap etherstats (continued) display {ap | dap} Displays configuration information and load-balancing status for MAP group access point groups. Syntax — Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0. Examples —...
Page 243: Display {Ap | Dap} Status
Number of association requests refused by the MAP access point due to load balancing. MSS resets this counter to 0 when the WX switch is restarted, MSS is reloaded, or the access point is removed from the group. “set {ap | dap} group” on page 263...
Page 244 48 operational power: 11 base mac: 00:0b:0e:00:11:96 bssid1: 00:0b:0e:00:11:94, ssid: private The following command displays the status of a directly connected MAP: WX1200# display ap status 1 Port: 1, AP model: AP2750, manufacturer 3Com, name: MAP01 ==================================================== State: operational CPU info:...
Page 245 Port WX port number. Note: This field is applicable only if the MAP is directly connected to the WX switch and the WX switch’s port is configured as an MAP access port. IP-addr IP address of the MAP. The address is assigned to the MAP by a DHCP server.
Page 246: Display Auto-Tune Attributes
9: M HAPTER ANAGED CCESS Table 49 Output for display ap status (continued) display auto-tune Displays the current values of the RF attributes RF Auto-Tuning uses to attributes decide whether to change channel or power settings. Syntax — [ap map-num [radio {1 | 2 | all}]] Syntax —...
Page 247 radio 2 does not apply to single-radio models.) radio all Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0. Examples — The following command displays RF attribute information for radio 1 on the directly connected MAP access point on port 2: WX1200# display auto-tune attributes ap 2 radio 1 Auto-tune attributes for port 2 radio 1: Noise:...
Page 248: Display Auto-Tune Neighbors
9: M HAPTER ANAGED CCESS display auto-tune Displays the other 3Com radios and third-party 802.11 radios that a neighbors 3Com radio can hear. Syntax — [ap map-num [radio {1 | 2| all}]] Syntax — [dap dap-num [radio {1 | 2| all}]] Defaults —...
Page 249 Information is displayed for a radio if the radio sends beacon frames or responds to probe requests. Even if a radio’s SSIDs are unadvertised, 3Com radios detect the empty beacon frames (beacon frames without SSIDs) sent by the radio, and include the radio in the neighbor list.
Page 250: Display Dap Connection
9: M HAPTER ANAGED CCESS display dap Displays the system IP address of the WX switch that has the active data connection connection for a Distributed MAP. Syntax — [dap-num | serial-id serial-ID] Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0.
Page 251: Display Dap Global
IP address assigned by DHCP to the Distributed MAP. WX IP Address System IP address of the WX switch on which the MAP has an active connection. This is the switch that the MAP used for booting and configuration and is using for data transfer.
Page 252 WX switch. Serial ID of the Distributed MAP. System IP address of the WX switch on which the Distributed MAP is configured. A separate row of output is displayed for each WX switch on which the Distributed MAP is configured.
Page 253: Display Dap Unconfigured
Usage — This command also displays an MAP that is directly connected to an WX switch, if the WX port to which the MAP is connected is configured as a network port instead of a MAP access port, and if the network port is a member of a VLAN.
Page 254: Display Radio-Profile
Access — Enabled. History — Introduced in MSS Version 3.0. Usage — MSS contains a default radio profile. 3Com recommends that you do not change this profile but instead keep the profile for reference. Examples — The following command shows radio profile information...
Page 255 Short Retry Limit: Long Preamble: Tune Channel: Tune Channel Interval: Client Backoff Timer: Service profiles: default-dot1x, default-clear Table 55 describes the fields in this display. Table 55 Output for display radio-profile Field Beacon Interval DTIM Interval Max Tx Lifetime Max Rx Lifetime RTS Threshold Frag Threshold Short Retry Limit...
Page 256 9: M HAPTER ANAGED CCESS Table 55 Output for display radio-profile (continued) Field Allow 802.11g clients only Tune Channel Tune Power Tune Channel Interval Tune Power Interval Client Backoff Timer Channel Holddown Service profiles OINT OMMANDS Description Indicates whether the 802.11b/g radios in the radio profile restrict associations to 802.11g clients only: No —...
Page 257: Display Service-Profile
See Also display Displays service profile information. service-profile Syntax — Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0. Examples — The following command displays information for service profile wpa_clients: “set radio-profile 11g-only” on page 275 “set radio-profile auto-tune channel-config”...
Page 258 Indicates whether the radio sends beacons, to advertise the SSID: Secondary (fallthru) encryption type when a user tries to authenticate but the WX switch managing the radio does not have an authentication rule with a userglob that matches the username.
Page 259 Table 56 Output for display service-profile (continued) Field Description WEP Key 1 value State of static WEP key number 1. Radios can use this key to encrypt traffic with static Wired-Equivalent Privacy (WEP): none —T he key is not configured. preset —...
Page 260: Reset {Ap | Dap
9: M HAPTER ANAGED CCESS See Also reset {ap | dap} Restarts an MAP access point. Syntax — Defaults — None. Access — Enabled. OINT OMMANDS “set service-profile auth-dot1x” on page 295 “set service-profile auth-fallthru” on page 296 “set service-profile auth-psk” on page 298 “set service-profile beacon”...
Page 261: Set {Ap | Dap} Bias
MAP through an intermediate Layer 2 or Layer 3 network. A MAP always attempts to boot on MAP port 1 first, and if an WX switch is directly attached on MAP port 1, the MAP always boots from it.
Page 262: Set {Ap | Dap} Blink
ANAGED CCESS If the bias for all connections is the same, the MAP selects the switch that has the greatest capacity to add more active MAPs. For example, if a MAP is dual homed to two WX4400 wireless LAN switches, and one of the switches has 50 active MAPs while the other switch has 60 active MAPs, the new MAP selects the switch that has only 50 active MAPs.
Page 263: Set {Ap | Dap} Group
History — Introduced in MSS Version 3.0. Usage — You can assign any subset or all of the MAP access points connected to an WX switch to a group on that switch. All access points in a group must be connected to the same WX switch.
Page 264: Set {Ap | Dap} Name
9: M HAPTER ANAGED CCESS Examples — The following command configures an MAP access point group named loadbalance1 that contains the MAP access points on ports 1, 3, and 5: WX1200# set ap 1,3,5 group loadbalance1 success: change accepted. The following command removes the MAP access point on port 4 from all MAP access point groups: WX1200# set ap 4 group none success: change accepted.
Page 265: Set {Ap | Dap} Radio Antennatype
See Also set {ap | dap} radio Sets the external antenna model for a MAP that supports external antennatype antennas. Syntax — antennatype {ANT1060 | ANT1120 | ANT1180} Defaults — The default antenna model is ANT1180. Examples — Enabled. History — Introduced in MSS Version 3.0. Usage —...
Page 266: Set {Ap | Dap} Radio Auto-Tune Max-Power
9: M HAPTER ANAGED CCESS See Also set {ap | dap} radio Sets the maximum power that RF Auto-Tuning can set on a radio. auto-tune Syntax — max-power auto-tune max-power power-level Defaults — The default maximum power setting that RF Auto-Tuning can set on a radio is the highest setting allowed for the country of operation or highest setting supported on the hardware, whichever is lower.
Page 267: Set {Ap | Dap} Radio Auto-Tune Max- Retransmissions
set {ap | dap} radio Sets the maximum percentage of client retransmissions a radio can auto-tune max- experience before RF Auto-Tuning considers changing the channel on the retransmissions radio. A high percentage of retransmissions is a symptom of interference on the channel. Syntax —...
Page 268 9: M HAPTER ANAGED CCESS The interval is 1000 packets. If more than the specified percentage of packets within a group of 1000 packets received by the radio are retransmissions, the radio increases power. When the percentage of retransmissions exceeds the max-retransmissions threshold, the radio does not immediately increase power.
Page 269: Set {Ap | Dap} Radio Channel
set {ap | dap} radio Sets an MAP radio’s channel. channel Syntax — channel channel-number Defaults — The default channel depends on the radio type: Access — Enabled. History — Introduced in MSS Version 3.0. Usage — You can configure a radio’s transmit power on the same command line.
Page 270: Set {Ap | Dap} Radio Min-Client-Rate
9: M HAPTER ANAGED CCESS See Also set {ap | dap} radio Sets the minimum rate at which a radio is allowed to transmit traffic to min-client-rate clients. The radio automatically increases its transmit power when necessary to maintain at least the minimum rate with an associated client. Syntax —...
Page 271: Set {Ap | Dap} Radio Mode
After all clients are at or above the minimum data transmit rate, the radio reduces power by 1 dBm. As long as the radio continues to transmit at the minimum data rate or higher for all clients, the radio continues reducing power in 1 dBm increments until it returns to its normal power level.
Page 272: Set {Ap | Dap} Radio Radio-Profile
9: M HAPTER ANAGED CCESS Access — Enabled. History — Introduced in MSS Version 3.0. Usage — To enable or disable one or more radios to which a profile is assigned, use the set ap radio radio-profile command. To enable or disable all radios that use a specific radio profile, use the set radio-profile command.
Page 273: Set {Ap | Dap} Radio Tx-Power
Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0. Usage — When you create a new profile, the radio parameters in the profile are set to their factory default values. To enable or disable all radios that use a specific radio profile, use set radio-profile.
Page 274 1 milliwatt (dBm). The valid values depend on the country of operation. The maximum transmit power you can configure on any 3Com radio is the maximum allowed for the country in which you plan to operate the radio or one of the following values if that value is less than the country maximum: on an 802.11a radio, 11 dBm for channel numbers...
Page 275: Set {Ap | Dap} Upgrade-Firmware
Usage — When the feature is enabled on an WX port, an MAP access point connected to that port upgrades its boot firmware to the latest version stored on the WX switch while booting. Examples — The following command disables automatic firmware...
Page 276: Set Radio-Profile Auto-Tune Channel-Config
9: M HAPTER ANAGED CCESS Defaults — The default setting is disable. 3Com 802.11b/g radios allow associations with 802.11g and 802.11b clients by default. Access — Enabled. History — Introduced in MSS Version 3.0. Usage — You must disable all radios that are using a radio profile before you can change parameters in the profile.
Page 277: Set Radio-Profile Auto-Tune Channel-Holddown
Syntax — {enable | disable} Defaults — Dynamic channel assignment is enabled by default. Access — Enabled. History — Introduced in MSS Version 3.0. Usage — If you disable RF Auto-Tuning for channels, MSS does not dynamically set the channels when radios are first enabled and also does not tune the channels during operation.
Page 278: Set Radio-Profile Auto-Tune Channel-Interval
9: M HAPTER ANAGED CCESS Syntax — holddown Defaults — The default RF Auto-Tuning channel holddown is 900 seconds. Access — Enabled. History — Introduced in MSS Version 3.0. Usage — The channel holddown applies even if RF anomalies occur that normally cause an immediate channel change.
Page 279: Set Radio-Profile Auto-Tune Power-Backoff- Timer
Access — Enabled. History — Introduced in MSS Version 3.0. Usage — 3Com recommends that you use an interval of at least 300 seconds (5 minutes). RF Auto-Tuning can change a radio’s channel before the channel interval expires in response to RF anomalies. Even in this case, channel changes cannot occur more frequently than the channel holddown interval.
Page 280: Set Radio-Profile Auto-Tune Power-Config
9: M HAPTER ANAGED CCESS History — Introduced in MSS Version 3.0. A radio can increase power again if required to preserve the minimum data rate for an associated client. Examples — The following command changes the power-backoff interval for radios in radio profile rp2 to 15 seconds: WX4400# set radio-profile rp2 auto-tune power-backoff-timer 15 success: change accepted.
Page 281: Set Radio-Profile Auto-Tune Power-Interval
When RF Auto-Tuning for power is enabled, MSS does not allow you to manually change the power level. Examples — The following command enables dynamic power tuning for radios in the rp2 radio profile: WX4400# set radio-profile rp2 auto-tune power-config enable success: change accepted.
Page 282: Set Radio-Profile Beacon-Interval
9: M HAPTER ANAGED CCESS Examples — The following command sets the power interval for radios in radio profile rp2 to 240 seconds: WX4400# set radio-profile rp2 auto-tune power-interval 240 success: change accepted. See Also set radio-profile Changes the rate at which each MAP radio in a radio profile advertises its beacon-interval service set identifier (SSID).
Page 283: Set Radio-Profile Dtim-Interval
set radio-profile Changes the number of times after every beacon that each MAP radio in dtim-interval a radio profile sends a delivery traffic indication map (DTIM). An MAP access point sends the multicast and broadcast frames stored in its buffers to clients who request them in response to the DTIM. The DTIM interval applies to both the beaconed SSID and the nonbeaconed SSID.
Page 284: Set Radio-Profile Long-Retry
9: M HAPTER ANAGED CCESS Syntax — Defaults — The default fragmentation threshold for MAP radios is 2346 bytes. Access — Enabled. History — Introduced in MSS Version 3.0. Usage — You must disable all radios that are using a radio profile before you can change parameters in the profile.
Page 285: Set Radio-Profile Max-Rx-Lifetime
Access — Enabled. History — Introduced in MSS Version 3.0. Usage — You must disable all radios that are using a radio profile before you can change parameters in the profile. Use the set radio-profile mode command. Examples — The following command changes the long retry threshold for radio profile rp1 to 8: WX4400# set radio-profile rp1 long-retry 8 success: change accepted.
Page 286: Set Radio-Profile Max-Tx-Lifetime
9: M HAPTER ANAGED CCESS Examples — The following command changes the maximum receive threshold for radio profile rp1 to 4000 ms: WX4400# set radio-profile rp1 max-rx-lifetime 4000 success: change accepted. See Also set radio-profile Changes the maximum transmit threshold for the MAP radios in a radio max-tx-lifetime profile.
Page 287: Set Radio-Profile Mode
See Also set radio-profile Creates a new radio profile, or disables or reenables all MAP radios that mode are using a specific profile. Syntax — Defaults — Each radio profile that you create has a set of properties with factory default values that you can change with the other set radio-profile commands in this chapter.
Page 288 9: M HAPTER ANAGED CCESS Table 57 Defaults for Radio Profile Parameters (continued) Parameter max-tx-lifetime preamble-length rts-threshold service-profile short-retry Access — Enabled. History — Introduced in MSS Version 3.0. Usage — If the radio profile does not already exist, MSS creates a new radio profile.
Page 289: Set Radio-Profile Preamble-Length
The following command enables the radios that use radio profile rp1: WX4400# set radio-profile rp1 mode enable The following commands disable the radios that use radio profile rp1, change the beacon interval, then reenable the radios: WX4400# set radio-profile rp1 mode disable WX4400# set radio-profile rp1 beacon-interval 200 WX4400# set radio-profile rp1 mode enable The following command enables the WPA IE on MAP radios in radio...
Page 290: Set Radio-Profile Rts-Threshold
9: M HAPTER ANAGED CCESS or long), an 802.11b/g radio accepts and can generate 802.11b/g frames with either short or long preambles. If a client associated with an 802.11b/g radio uses long preambles for unicast traffic, the MAP access point still accepts frames with short preambles but does not transmit frames with short preambles.
Page 291: Set Radio-Profile Service-Profile
Usage — You must disable all radios that are using a radio profile before you can change parameters in the profile. Use the set radio-profile mode command. Examples — The following command changes the RTS threshold for radio profile rp1 to 1500 bytes: WX4400# set radio-profile rp1 rts-threshold 1500 success: change accepted.
Page 292 9: M HAPTER ANAGED CCESS Table 58 Defaults for Service Profile Parameters (continued) Parameter auth-psk beacon cipher-ccmp cipher-tkip cipher-wep104 cipher-wep40 psk-phrase psk-raw rsn-ie shared-key-auth ssid-name ssid-type tkip-mc-time web-aaa-form OINT OMMANDS Default Value disable enable disable enable disable disable No passphrase defined No preshared key defined...
Page 293 Table 58 Defaults for Service Profile Parameters (continued) Parameter Default Value wep key-index No keys defined wep active- multicast-index wep active-unicast- index wpa-ie disable Access — Enabled. History — Introduced in MSS Version 3.0. Usage — You must configure the service profile before you can map it to a radio profile.
Page 294: Set Radio-Profile Short-Retry
9: M HAPTER ANAGED CCESS set radio-profile Changes the short retry threshold for the MAP radios in a radio profile. short-retry The short retry threshold specifies the number of times a radio can send a short unicast frame without receiving an acknowledgment. Syntax —...
Page 295: Set Service-Profile Auth-Dot1X
Examples — The following command changes the short retry threshold for radio profile rp1 to 3: WX4400# set radio-profile rp1 short-retry 3 success: change accepted. See Also set service-profile Disables or reenables 802.1X authentication of Wi-Fi Protected Access auth-dot1x (WPA) clients by MAP radios, when the WPA information element (IE) is enabled in the service profile that is mapped to the radio profile that the radios are using.
Page 296: Set Service-Profile Auth-Fallthru
The authentication method none allows access to the WX switch by an administrator. The fallthru authentication type none denies access to a network user. (See “set service-profile auth-fallthru”...
Page 297 If a username does not match a userglob in an authentication rule for the SSID requested by the user, the WX switch that is managing the radio the user is connected to redirects the user to a web page located on the WX switch.
Page 298: Set Service-Profile Auth-Psk
9: M HAPTER ANAGED CCESS See Also set service-profile Enables preshared key (PSK) authentication of Wi-Fi Protected Access auth-psk (WPA) clients by MAP radios in a radio profile, when the WPA information element (IE) is enabled in the service profile. Syntax —...
Page 299: Set Service-Profile Beacon
set service-profile Disables or reenables beaconing of the SSID managed by the service beacon profile. A MAP radio responds to an 802.11 probe any request with only the beaconed SSID(s). For a nonbeaconed SSID, radios respond only to directed 802.11 probe requests that match the nonbeaconed SSID’s SSID string.
Page 300: Set Service-Profile Cipher-Tkip
9: M HAPTER ANAGED CCESS Defaults — CCMP encryption is disabled by default. Access — Enabled. History — Introduced in MSS Version 3.0. Usage — To use CCMP, you must also enable the WPA IE. Examples — The following command configures service profile sp2 to use CCMP encryption: WX4400# set service-profile sp2 cipher-ccmp enable success: change accepted.
Page 301: Set Service-Profile Cipher-Wep104
Examples — The following command disables TKIP encryption in service profile sp2: WX4400# set service-profile sp2 cipher-tkip disable success: change accepted. See Also set service-profile Enables dynamic Wired Equivalent Privacy (WEP) with 104-bit keys, in a cipher-wep104 service profile. Syntax — disable} Defaults —...
Page 302: Set Service-Profile Cipher-Wep40
9: M HAPTER ANAGED CCESS Microsoft Windows XP does not support WEP with WPA. To configure a service profile to provide dynamic WEP for XP clients, leave WPA disabled and use the set service-profile wep commands. To support non-WPA clients that use static WEP, you must configure static WEP keys.
Page 303: Set Service-Profile Psk-Phrase
When 40-bit WEP in WPA is enabled in the service profile, radios managed by a radio profile that is mapped to the service profile can also support non-WPA clients that use dynamic WEP. To support WPA clients that use 104-bit dynamic WEP, you must enable WEP with 104-bit keys in the service profile.
Page 304: Set Service-Profile Psk-Raw
History — Introduced in MSS Version 3.0. Usage — MSS converts the passphrase into a 256-bit binary number for system use and a raw hexadecimal key to store in the WX switch's configuration. Neither the binary number nor the passphrase itself is ever displayed in the configuration.
Page 305: Set Service-Profile Rsn-Ie
Usage — MSS converts the hexadecimal number into a 256-bit binary number for system use. MSS also stores the hexadecimal key in the WX switch's configuration. The binary number is never displayed in the configuration. To use PSK authentication, you must enable it and you also must enable the WPA IE.
Page 306: Set Service-Profile Shared-Key-Auth
Enables shared-key authentication, in a service profile. shared-key-auth Use this command only if advised to do so by 3Com. This command does not enable preshared key (PSK) authentication for Wi-Fi Protected Access (WPA). To enable PSK encryption for WPA, use the set service-profile auth-psk command.
Page 307: Set Service-Profile Ssid-Name
set service-profile Configures the SSID name in a service profile. ssid-name Syntax — Defaults — The default SSID name is private. Access — Enabled. History — Introduced in MSS Version 3.0. Examples — The following command applies the name guest to the SSID managed by service profile clear_wlan: WX4400# set service-profile clear_wlan ssid-name guest success: change accepted.
Page 308: Set Service-Profile Tkip-Mc-Time
9: M HAPTER ANAGED CCESS See Also set service-profile Changes the length of time that MAP radios use countermeasures if two tkip-mc-time message integrity code (MIC) failures occur within 60 seconds. When countermeasures are in effect, MAP radios dissociate all TKIP and WPA WEP clients and refuse all association and reassociation requests until the countermeasures end.
Page 309 Syntax — name page. Specify the full path. For example, corpa-ssid/corpa.html. Defaults — The 3Com Web login page is served by default. Access — Enabled. History — Introduced in MSS Version 3.0. Usage — 3Com recommends that you create a subdirectory for the custom page and place all the page’s files in that subdirectory.
Page 310: Set Service-Profile Wep Active-Multicast- Index
9: M HAPTER ANAGED CCESS See Also set service-profile Specifies the static Wired-Equivalent Privacy (WEP) key (one of four) to use for encrypting multicast frames. active-multicast- Syntax — index name wep active-multicast-index num Defaults — If WEP encryption is enabled and WEP keys are defined, MAP radios use WEP key 1 to encrypt multicast frames, by default.
Page 311: Set Service-Profile Wep Active-Unicast- Index
set service-profile Specifies the static Wired-Equivalent Privacy (WEP) key (one of four) to wep active-unicast- use for encrypting unicast frames. index Syntax — name wep active-unicast-index num Defaults — If WEP encryption is enabled and WEP keys are defined, MAP radios use WEP key 1 to encrypt unicast frames, by default. Access —...
Page 312: Set Service-Profile Wpa-Ie
9: M HAPTER ANAGED CCESS Defaults — By default, no static WEP keys are defined. Access — Enabled. History — Introduced in MSS Version 3.0. Usage — MSS automatically enables static WEP when you define a WEP key. MSS continues to support dynamic WEP. If you plan to use static WEP, do not map more than 8 service profiles that contain static WEP keys to the same radio profile.
Page 313 Access — Enabled. History — Introduced in MSS Version 3.0. Usage — When the WPA IE is enabled, the default authentication method is 802.1X. There is no default cipher suite. You must enable the cipher suites you want the radios to support. Examples —...
Page 314 9: M HAPTER ANAGED CCESS OINT OMMANDS...
Page 315: Stp Commands By Usage
Use Spanning Tree Protocol (STP) commands to configure and manage spanning trees on the virtual LANs (VLANs) configured on a wireless LAN switch or controller, to maintain a loop-free network. STP Commands by This chapter presents STP commands alphabetically. Use the following Usage table to locate commands in this chapter based on their use.
Page 316: Clear Spantree Portcost
Table 59 STP Commands by Usage (continued) clear spantree Resets to the default value the cost of a network port or ports on paths to portcost the STP root bridge in all VLANs on a WX switch. Syntax — Defaults — None. Access — Enabled.
Page 317: Clear Spantree Portpri
See Also clear spantree Resets to the default value the cost of a network port or ports on paths to portvlancost the STP root bridge for a specific VLAN on a wireless LAN switch, or for all VLANs. Syntax — vlan-id} clear spantree portpri port-list —...
Page 318: Clear Spantree Portvlanpri
10: STP C HAPTER OMMANDS Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0. Usage — MSS does not change a port’s cost for VLANs other than the one(s) you specify. Examples — The following command resets the STP cost for port 2 in VLAN sunflower: WX4400# clear spantree portvlancost 2 vlan sunflower success: change accepted.
Page 319: Clear Spantree Statistics
History — Introduced in MSS Version 3.0. Usage — MSS does not change a port’s priority for VLANs other than the one(s) you specify. Examples — The following command resets the STP priority for port 2 in VLAN avocado: WX4400# clear spantree portvlanpri 2 vlan avocado success: change accepted.
Page 320: Display Spantree
10: STP C HAPTER OMMANDS display spantree Displays STP configuration and port-state information. Syntax — [port-list | vlan vlan-id] [active] Defaults — None. Access — All. History — Introduced in MSS Version 3.0. Examples — The following command displays STP information for VLAN default: WX1200# display spantree vlan default VLAN...
Page 321 This WX switch’s maximum acceptable age for hello packets. This WX switch’s hello interval. Port number. Only network ports are listed. STP does not apply to 3Com Wireless LAN Managed Access Point AP2750 ports or wired authentication ports. VLAN ID.
Page 322: Display Spantree Backbonefast
10: STP C HAPTER OMMANDS Table 60 Output for display spantree (continued) See Also display spantree Indicates whether the STP backbone fast convergence feature is enabled backbonefast or disabled. Syntax — Defaults — None. Access — All. History — Introduced in MSS Version 3.0. Field Description Port-State...
Page 323: Display Spantree Blockedports
Examples — The following example shows the command output on a WX switch with backbone fast convergence enabled: WX4400# display spantree backbonefast See Also display spantree Lists information about wireless LAN switch ports that STP has blocked on blockedports one or all of its VLANs. Syntax — Defaults — None.
Page 324: Display Spantree Portfast
10: STP C HAPTER OMMANDS display spantree Displays STP uplink fast convergence information for all network ports or portfast for one or more network ports. Syntax — Defaults — None. Access — All. History — Introduced in MSS Version 3.0. Examples —...
Page 325: Display Spantree Portvlancost
display spantree Shows the cost of a port on a path to the STP root bridge, for each of the portvlancost port’s VLANs. Syntax — Defaults — None. Access — All. History — Introduced in MSS Version 3.0. Examples — The following command shows the STP port cost of port 1: WX4400# display spantree portvlancost 1 port 1 VLAN 1 have path cost 19 See Also...
Page 326 10: STP C HAPTER OMMANDS Usage — The command displays statistics separately for each port. Examples — The following command shows STP statistics for port 1: WX4400# display spantree statistics 1 BPDU related parameters Port 1 spanning tree enabled for VLAN = 1 port spanning tree state port_id...
Page 327 topology change timer value hold timer hold timer value delay root port timer delay root port timer value delay root port timer restarted is VLAN based information & statistics spanning tree type spanning tree multicast address bridge priority bridge MAC address bridge hello time bridge forward delay topology change initiator:...
Page 328 MAC address of the root bridge. Total path cost to reach the root bridge. Bridge to which this switch forwards traffic away from the root bridge. STP port through which this switch forwards traffic away from the root bridge.
Page 329 Status of the topology change timer. This timer determines the time period during which configured BPDUs are transmitted with the topology change flag set by this WX switch when it is the root bridge, after detection of a topology change. topology change timer Current value of the topology change timer, in seconds.
Page 330 Value of the forwarding delay interval, in seconds, when this WX switch is the root or is attempting to become the root. Port number that initiated the most recent topology change.
Page 331: Display Spantree Uplinkfast
Table 62 Output for display spantree statistics (continued) See Also display spantree Shows uplink fast convergence information for one VLAN or all VLANs. uplinkfast Syntax — Defaults — None. Access — All. History — Introduced in MSS Version 3.0. Field Description dynamic max age Number of times the maximum age parameter was...
Page 332: Set Spantree
Table 63 Output for display spantree uplinkfast See Also set spantree Enables or disables STP on one VLAN or all VLANs configured on a WX switch. Syntax — [{all | vlan vlan-id | port port-list vlan-id}] Defaults — Disabled. Access — Enabled.
Page 333: Set Spantree Backbonefast
Enables or disables STP backbone fast convergence on a wireless LAN backbonefast switch. This feature accelerates a port’s recovery following the failure of an indirect link. CAUTION: The backbone fast convergence feature is not compatible with switches that are running standard IEEE 802.1D Spanning Tree implementations.
Page 334: Set Spantree Fwddelay
See Also set spantree hello Changes the interval between STP hello messages sent by a wireless LAN switch when operating as the root bridge, on one or all of its configured VLANs. Syntax — “display spantree backbonefast” on page 322 set spantree fwddelay delay {all | vlan vlan-id} —...
Page 335: Set Spantree Maxage
Changes the maximum age for an STP root bridge hello packet that is maxage acceptable to a wireless LAN switch acting as a designated bridge on one or all of its VLANs. After waiting this period of time for a new hello packet, the WX switch determines that the root bridge is unavailable and issues a topology change message.
Page 336: Set Spantree Portcost
Changes the cost that transmission through a network port or ports in portcost the default VLAN on a wireless LAN switch adds to the total cost of a path to the STP root bridge. Syntax — Defaults — The default port cost depends on the port speed: Access —...
Page 337: Set Spantree Portfast
See Also set spantree Enables or disables STP port fast convergence on one or more ports on a portfast wireless LAN switch. Syntax — Defaults — STP port fast convergence is disabled by default. Access — Enabled. History — Introduced in MSS Version 3.0.
Page 338: Set Spantree Portvlancost
See Also set spantree Changes the cost of a network port or ports on paths to the STP root portvlancost bridge for a specific VLAN on a wireless LAN switch. Syntax — vlan vlan-id} set spantree portpri port-list priority value —...
Page 339: Set Spantree Portvlanpri
Defaults — The default port cost depends on the port speed: Access — Enabled. History — Introduced in MSS Version 3.0. Examples — The following command changes the cost on ports 3 and 4 to 20 in VLAN mauve: WX1200# set spantree portvlancost 3,4 cost 20 vlan mauve success: change accepted.
Page 340: Set Spantree Priority
WX1200# set spantree portvlanpri 3-4 priority 48 vlan mauve success: change accepted. See Also set spantree Changes the STP root bridge priority of a wireless LAN switch on one or priority all of its VLANs. Syntax — Defaults — The default root bridge priority for the switch on all VLANs is 32,768.
Page 341: Set Spantree Uplinkfast
Enables or disables STP uplink fast convergence on a wireless LAN switch. uplinkfast This feature enables a WX switch with redundant links to the network backbone to immediately switch to the backup link to the root bridge if the primary link fails. Syntax — set spantree uplinkfast {enable | disable} Defaults —...
Page 342 10: STP C HAPTER OMMANDS...
Page 343: Igmp Snooping Commands
IGMP S Use Internet Group Management Protocol (IGMP) snooping commands to configure and manage multicast traffic reduction on a WX. Commands by This chapter presents IGMP snooping commands alphabetically. Use the usage Table 64 to locate commands in this chapter based on their use. Table 64 IGMP Commands by Usage NOOPING Type...
Page 344: Clear Igmp Statistics
HAPTER NOOPING clear igmp statistics Clears IGMP statistics counters on one VLAN or all VLANs on a wireless LAN switch and resets them to 0. Syntax — Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0.
Page 345 router information: Port Mrouter-IPaddr Mrouter-MAC ---- --------------- ----------------- ----- ----- 192.28.7.5 00:01:02:03:04:05 dvmrp Group Port Receiver-IP --------------- ---- --------------- ----------------- ----- 224.0.0.2 none 237.255.255.255 237.255.255.255 237.255.255.255 237.255.255.255 237.255.255.255 Querier information: Querier for vlan orange Port Querier-IP Querier-MAC ---- --------------- ----------------- ----- 1 193.122.135.178 00:0b:cc:d2:e9:b4 IGMP vlan member ports: 1, 2, 3 IGMP static ports: none...
Page 346 11: IGMP S HAPTER NOOPING Table 65 Output for display igmp Field VLAN IGMP is enabled (disabled) Proxy reporting Mrouter solicitation Querier functionality Configuration values (qi) Configuration values (oqi) Configuration values (qri) Configuration values (lmqi) Configuration values (rvalue) Multicast router information Port Mrouter-IPaddr...
Page 347 VLAN becomes a receiver. For example, the list can include a MAP access port that is not configured to be in the VLAN when a user associated with the 3Com Wireless LAN Managed Access Point AP2750 on that port becomes a receiver for a group.
Page 348: Display Igmp Mrouter
Displays the multicast routers in a WX’s subnet, on one VLAN or all mrouter VLANs. Routers are listed separately for each VLAN, according to the port number through which the wireless LAN switch can reach the router. Syntax — Defaults — None.
Page 349: Display Igmp Querier
Table 66 Output for display igmp mrouter See Also display igmp Shows information about the active multicast querier, on one VLAN or all querier VLANs. Queriers are listed separately for each VLAN. Each VLAN can have only one querier. Syntax — Defaults —...
Page 350 I am the querier for vlan default, time to next query is 20 The output indicates how many seconds remain before the pseudo-querier on the WX switch broadcasts the next general query report to IP address 224.0.0.1, the multicast all-systems group.
Page 351: Display Igmp Receiver-Table
See Also display igmp Displays the receivers to which a WX forwards multicast traffic. You can receiver-table display receivers for all VLANs, a single VLAN, or a group or groups identified by group address and network mask. Syntax — [group group-ip-addr/mask-length] Defaults —...
Page 352: Display Igmp Statistics
11: IGMP S HAPTER NOOPING The following command lists all receivers for multicast groups 237.255.255.1 through 237.255.255.255, in all VLANs: WX1200# display igmp receiver-table group 237.255.255.0/24 VLAN: red Session Port Receiver-IP --------------- ---- --------------- ----------------- ----- 237.255.255.2 237.255.255.119 VLAN: green Session Port Receiver-IP --------------- ---- --------------- ----------------- -----...
Page 353 Defaults — None. Access — All. History — Introduced in MSS Version 3.0. Examples — The following command displays IGMP statistics for VLAN orange: WX1200# display igmp statistics vlan orange IGMP statistics for vlan orange: IGMP message type Received Transmitted Dropped ----------------- -------- ----------- ------- General-Queries GS-Queries...
Page 354 11: IGMP S HAPTER NOOPING Table 69 Output of display igmp statistics Field IGMP statistics for vlan IGMP message type Received Transmitted Dropped OMMANDS Description VLAN name. Statistics are listed separately for each VLAN. Type of IGMP message: General-Queries — General group membership queries sent by the multicast querier (multicast router or pseudo-querier).
Page 355: Set Igmp
Table 69 Output of display igmp statistics (continued) See Also set igmp Disables or reenables IGMP snooping on one VLAN or all VLANs on a wireless LAN switch. Syntax — History — Introduced in MSS Version 3.0. Examples — The following command disables IGMP snooping on VLAN...
Page 356: Set Igmp Lmqi
If there are no more receivers for the group, the WX switch also sends a leave message for the group to multicast routers. You can specify a value from 1 through 65,535.
Page 357: Set Igmp Mrsol
Defaults — By default, no ports are static multicast router ports. Access — Enabled. History — Introduced in MSS Version 3.0. Usage — You cannot add MAP access ports or wired authentication ports as static multicast ports. However, MSS can dynamically add these port types to the list of multicast ports based on multicast traffic.
Page 358: Set Igmp Mrsol Mrsi
11: IGMP S HAPTER NOOPING History — Introduced in MSS Version 3.0. Examples — The following command enables multicast router solicitation on VLAN orange: WX1200# set igmp mrsol enable vlan orange success: change accepted See Also set igmp mrsol mrsi Changes the interval between multicast router solicitations by a WX on one VLAN or all VLANs.
Page 359: Set Igmp Oqi
History — Introduced in MSS Version 3.0. Usage — A WX cannot become the querier unless the pseudo-querier feature is enabled on the WX switch. When the feature is enabled, the WX becomes the querier for a subnet so long as the WX does not receive a query message from a router with a lower IP address than the IP address of the WX in that subnet.
Page 360: Set Igmp Proxy-Report
— Number of seconds that elapse between general qi seconds queries sent by the WX when the WX switch is the querier for the subnet. You can specify a value from 1 through 65,535. — VLAN name or number. If you do not specify a vlan vlan-id VLAN, the timer change applies to all VLANs.
Page 361: Set Igmp Qri
Usage — The query interval is applicable only when the WX is querier for the subnet. For the WX switch to become the querier, the pseudo-querier feature must be enabled on the WX and the WX must have the lowest IP address among all the WX switches eligible to become a querier.
Page 362: Set Igmp Querier
Defaults — The pseudo-querier is disabled on all VLANs by default. Access — Enabled. History — Introduced in MSS Version 3.0. Usage — 3Com recommends that you use the pseudo-querier only when the VLAN contains local multicast traffic sources and no multicast router is servicing the subnet.
Page 363: Set Igmp Receiver
Examples — The following example enables the pseudo-querier on the orange VLAN: WX1200# set igmp querier enable vlan orange success: change accepted. See Also set igmp receiver Adds or removes a network port in the list of ports on which a WX forwards traffic to multicast receivers.
Page 364: Set Igmp Rv
11: IGMP S HAPTER NOOPING See Also set igmp rv Changes the robustness value for one VLAN or all VLANs on a WX. Robustness adjusts the IGMP timers to the amount of traffic loss that occurs on the network. Syntax — Defaults —...
Page 365: Security Acl Commands By Usage
(CoS) to define the priority of treatment for packet filtering. (Security ACLs are different from the location policy on a WX switch, which helps you locally control user access. For location policy commands, see “AAA Commands” on page 163.) Security ACL This chapter presents security ACL commands alphabetically.
Page 366: Clear Security Acl
12: S ACL C HAPTER ECURITY clear security acl Clears a specified security ACL, an access control entry (ACE), or all security ACLs, from the edit buffer. When used with the command commit security acl, clears the ACE from the running configuration. Syntax —...
Page 367: Clear Security Acl Map
Deletes the mapping between a security ACL and a virtual LAN (VLAN), one or more physical ports, or a virtual port. Or deletes all ACL maps to VLANs, ports, and virtual ports on a WX switch. Security ACLs are applied to users or groups dynamically via the Filter-Id attribute.
Page 368 — Removes security ACL mapping from all physical ports, virtual ports, and VLANs on a WX switch. — VLAN name or number. MSS removes the security vlan vlan-id ACL from the specified VLAN.
Page 369: Commit Security Acl
To clear all physical ports, virtual ports, and VLANs on a WX switch of the ACLs mapped for incoming and outgoing traffic, type the following command: WX4400# clear security acl map all success: change accepted. See Also commit security acl Saves a security ACL, or all security ACLs, in the edit buffer to the running configuration and nonvolatile storage on the WX switch.
Page 370: Display Security Acl
12: S ACL C HAPTER ECURITY Examples — The following commands commit all the security ACLs in the edit buffer to the configuration, display a summary of the committed ACLs, and show that the edit buffer has been cleared: WX4400# commit security acl all configuration accepted WX4400# display security acl ACL table...
Page 371: Display Security Acl Hits
See Also display security acl Displays the number of packets filtered by security ACLs (“hits”) on the hits WX switch. Each time a packet is filtered by a security ACL, the hit counter increments. Syntax — Defaults — None. Access — Enabled.
Page 372: Display Security Acl Info
12: S ACL C HAPTER ECURITY Examples — To display the security ACL hits on a WX switch, type the following command: WX4400# display security acl hits ACL hit-counters Index Counter ----- -------------------- -------- See Also display security acl Displays the contents of a specified security ACL or all security ACLs that info are committed —...
Page 373: Display Security Acl Map
2. deny IP source IP 192.168.2.11 0.0.0.0 destination IP any 3. deny SRC source IP 192.168.1.234 255.255.255.255 enable-hits See Also display security acl Displays the VLANs, ports, and virtual ports on the WX switch to which a security ACL is assigned. Syntax — Defaults — None.
Page 374: Display Security Acl Resource-Usage
Access — Enabled. History — Introduced in MSS Version 3.0. Usage — Use this command with the help of 3Com to diagnose an ACL resource problem. (To obtain 3Com Technical Support, see “Obtaining Support for your Product” on page 517.) OMMANDS “clear security acl map”...
Page 375 Examples — To display security ACL resource usage, type the following command: WX4400# display security acl resource-usage ACL resources Classifier tree counters ------------------------ Number of rules Number of leaf nodes Stored rule count Leaf chain count Longest leaf chain Number of non-leaf nodes Uncompressed Rule Count Maximum node depth Sub-chain count...
Page 376 12: S ACL C HAPTER ECURITY Table 71 Output of display security acl resource-usage Field Number of rules Number of leaf nodes Number of security ACL data entries stored in the rule tree. Stored rule count Leaf chain count Longest leaf chain Number of non-leaf nodes Uncompressed Rule...
Page 377 Security ACL mapping on the WX switch: True — Security ACLs are mapped. False — No security ACLs are mapped. No rules Security ACE rule mapping on the WX switch: True — No security ACEs are mapped. False — Security ACEs are mapped. Non-IP rules Non-IP security ACE mapping on the WX switch: True —...
Page 378: Hit-Sample-Rate
No VLAN or PORT Application of security ACLs to WX VLANs or ports on the mapping WX switch: True — No security ACLs are mapped to VLANs or ports. False — Security ACLs are mapped to VLANs or ports. No VPORT mapping...
Page 379: Rollback Security Acl
results show that 916 packets matching security acl_153 were sent since the ACL was mapped. WX4400# hit-sample-rate 15 WX4400# display security acl info acl_153 ACL information for acl_153 set security acl ip acl_153 (hits #3 916) --------------------------------------------------------- 1. permit IP source IP 20.1.1.1 0.0.0.0 destination IP any enable-hits WX4400# display security acl hits ACL hit counters Index Counter...
Page 380: Set Security Acl
12: S ACL C HAPTER ECURITY WX4400# display security acl info all editbuffer ACL edit-buffer information for all set security acl ip acl_122 (ACEs 3, add 3, del 0, modified 0) --------------------------------------------------------- 1. permit IP source IP 20.0.1.11 0.0.0.255 destination IP any enable-hits 2.
Page 381 Numbers 0 through 9 Hyphen (-), underscore (_), and period (.) 3Com recommends that you do not use the same name with different capitalizations for ACLs. For example, do not configure two separate ACLs with the names acl_123 and ACL_123.
Page 382 12: S ACL C HAPTER ECURITY OMMANDS 0 or 3—Best effort. Packets are queued in MAP forwarding queue 3. 4 or 5—Video. Packets are queued in MAP forwarding queue 2. Use CoS level 4 or 5 for voice over IP (VoIP) packets other than SpectraLink Voice Priority (SVP).
Page 383 (For a complete list of TCP and UDP port numbers, see www.iana.org/assignments/port-numbers.) destination-ip-addr mask network or host to which the packet is being sent. Specify both address and mask in dotted decimal notation. For more information, see “Wildcard Masks” on page 24. —...
Page 384: Display Security Acl Editbuffer
Usage — The WX switch does not apply security ACLs until you activate them with the commit security acl command and map them to a VLAN, port, or virtual port, or to a user. If the WX switch is reset or restarted, any ACLs in the edit buffer are lost.
Page 385: Set Security Acl Map
Assigns a committed security ACL to a VLAN, physical port or ports, virtual port, or Distributed MAP on the WX switch. To assign a security ACL to a user or group in the local WX database, use the command set user attr, set mac-user attr, set usergroup attr, or set mac-usergroup attr with the Filter-Id attribute.
Page 386 MSS assigns the security ACL to the specified Distributed MAPs. — Assigns the security ACL to traffic coming into the WX switch. — Assigns the security ACL to traffic coming from the WX switch. lan vlan-id...
Page 387 set security acl map See Also “clear security acl map” on page 367 “commit security acl” on page 369 “set mac-user attr” on page 207 “set mac-usergroup attr” on page 213 “set security acl” on page 380 “set user attr” on page 218 “set usergroup”...
Page 388 12: S ACL C HAPTER ECURITY OMMANDS...
Page 389: Commands By Usage
Depending on your network configuration, you must create keys and certificates to authenticate the WX switch to IEEE 802.1X wireless clients for which the WX switch performs authentication, and to 3Com wireless switch manager (3WXM) and Web Manager. Commands by This chapter presents cryptography commands alphabetically.
Page 390 — Stores the certificate authority’s certificate that signed the admin administrative certificate for the WX switch. The administrative certificate authenticates the WX to 3Com wireless switch manager (3XWM) or Web Manager. — Stores the certificate authority’s certificate that signed the Extensible Authentication Protocol (EAP) certificate for the WX switch.
Page 391: Crypto Certificate
Installs one of the WX switch’s PKCS #7 certificates into the certificate and key storage area on the WX switch. The certificate, which is issued and signed by a certificate authority, authenticates the WX switch either to 3WXM or Web Manager, or to 802.1X supplicants (clients).
Page 392: Crypto Generate Key
WX switch certificate as a PKCS #7 object file. Then do the following: 1 Open the PKCS #7 object file with an ASCII text editor such as Notepad or vi.
Page 393: Crypto Generate Request
{admin | eap | webaaa} — Generates a request for an administrative certificate to admin authenticate the WX switch to 3WXM or Web Manager. — Generates a request for an EAP certificate to authenticate the WX switch to 802.1X supplicants (clients).
Page 394 Enter. When you are prompted, type the identifying values in the fields, or press Enter if the field is optional. You must enter a common name for the WX switch. This command outputs a PKCS #10 text string in Privacy-Enhanced Mail...
Page 395: Crypto Generate Self-Signed
You then send the request to the certificate authority to obtain a signed copy of the WX switch certificate as a PKCS #7 object file. Examples — To request an administrative certificate from a certificate authority, type the following command:...
Page 396 Web AAA clients. — (Optional) Specify the abbreviation for the Country Name string country in which the WX switch is operating, in 2 alphanumeric characters with no spaces. — (Optional) Specify the abbreviation for the State Name string name of the state, in 2 alphanumeric characters with no spaces.
Page 397: Crypto Otp
Usage — To use this command, you must already have generated a public-private encryption key pair with the crypto generate key command. To generate a self-signed administrative certificate, type the following command: WX4400# crypto generate self-signed admin Country Name: State Name: Locality Name: Organizational Name: Organizational Unit:...
Page 398 WX switch. 3Com recommends that you create a password that is memorable to you but is not subject to easy guesses or a dictionary attack. For best results, create a password of alphanumeric uppercase and lowercase characters.
Page 399: Crypto Pkcs12
Unpacks a PKCS #12 object file into the certificate and key storage area on the WX switch. This object file contains a public-private key pair, an WX certificate signed by a certificate authority, and the certificate authority’s certificate.
Page 400: Display Crypto Ca-Certificate
— Displays information about the certificate authority’s admin certificate that signed the administrative certificate for the WX switch. The administrative certificate authenticates the WX to 3WXM or Web Manager. — Displays information about the certificate authority’s certificate that signed the Extensible Authentication Protocol (EAP) certificate for the WX switch.
Page 401: Display Crypto Certificate
WX switch. Syntax — — Displays information about the certificate authority’s webaaa certificate that signed the Web AAA certificate for the WX switch. The Web AAA certificate authenticates the WX switch to Web AAA clients. Fields Description Version Version of the X.509 certificate.
Page 402 Issuer Validity See Also OMMANDS — Displays information about the EAP certificate that authenticates the WX switch to 802.1X supplicants (clients). — Displays information about the Web AAA certificate that webaaa authenticates the WX switch to Web AAA clients. Description Version of the X.509 certificate.
Page 403: Radius And Server Group Commands
RADIUS Use RADIUS commands to set up communication between an WX switch and groups of up to four RADIUS servers for remote authentication, authorization, and accounting (AAA) of administrators and network users. Commands by This chapter presents RADIUS commands alphabetically. Use Table 75 to Usage locate commands in this chapter based on their uses.
Page 404 — Number of seconds to wait for the RADIUS server to timeout respond before retransmitting. deadtime—0 (zero) minutes (The WX switch does not designate unresponsive RADIUS servers as unavailable.) key—No key retransmit—3 (the total number of attempts, including the first attempt) timeout—5 seconds...
Page 405: Clear Radius Client System-Ip
History — Introduced in MSS Version 3.0. Usage — The clear radius client system-ip command causes the WX switch to use the IP address of the interface through which it sends a RADIUS client request as the source IP address. The WX switch selects a source interface address based on information in its routing table as the source address for RADIUS packets leaving the switch.
Page 406: Clear Server Group
14: RADIUS HAPTER Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0. Examples — The following command removes the RADIUS server rs42 from a list of remote AAA servers: WX4400# clear radius server rs42 success: change accepted. See Also clear server group Removes a RADIUS server group from the configuration, or disables load...
Page 407: Set Radius
See Also set radius Configures global defaults for RADIUS servers that do not explicitly set these values themselves. By default, the WX switch automatically sets all these values except the password (key). Syntax — retransmit number | timeout seconds} Defaults —...
Page 408: Set Radius Client System-Ip
Causes all RADIUS requests to be sourced from the IP address specified by system-ip the set system ip-address command, providing a permanent source IP address for RADIUS packets sent from the WX switch. Syntax — Defaults — None. If you do not use this command, RADIUS packets leaving the WX have the source IP address of the outbound interface, which can change as routing conditions change.
Page 409: Set Radius Server
— Number of minutes the WX switch waits after deadtime minutes declaring an unresponsive RADIUS server unavailable before retrying that RADIUS server. Specify between 0 (zero) and 1440 minutes (24 hours). A zero value causes the switch to identify unresponsive servers as available. set radius server server-name...
Page 410 RADIUS server. To configure the server as a remote authenticator for the WX switch, you must add it to a server group with the set server group command. Do not use the same name for a RADIUS server and a RADIUS server group.
Page 411: Set Server Group
timeout interval of 30 seconds, two transmit attempts, 5 minutes of dead time, and a key string of keys4u, type the following command: WX1200# set radius server RS42 address 198.162.1.1 timeout 30 retransmit 2 deadtime 5 key keys4U See Also set server group Configures a group of one to four RADIUS servers.
Page 412: Set Server Group Load-Balance
14: RADIUS HAPTER Do not use the same name for a RADIUS server and a RADIUS server group. Examples — To set server group shorebirds with members heron, egret, and sandpiper, type the following command: WX1200# set server group shorebirds members heron egret sandpiper success: change accepted.
Page 413 Examples — To enable load balancing between the members of server group shorebirds, type the following command: WX1200# set server group shorebirds load-balance enable success: change accepted. To disable load balancing between shorebirds server group members, type the following command: WX1200# set server group shorebirds load-balance disable success: change accepted.
Page 414 14: RADIUS HAPTER ERVER ROUP OMMANDS...
Page 415: Commands By Usage
Use 802. IEEE X management commands to modify the default settings for IEEE 802.1X sessions on an WX switch. For best results, change the settings only if you are aware of a problem with the WX switch’s 802.1X performance. CAUTION: 802.1X parameter settings are global for all SSIDs configured on the switch.
Page 416: Clear Dot1X Bonded-Period
(re)authentication for the user. When bonded authentication is enabled, it applies only to an 802.1X user whose authentication rule on the WX switch contains the bonded option. Syntax — Defaults — The default bonded authentication period is 0 seconds, which disables the feature.
Page 417: Clear Dot1X Max-Req
WX4400# clear dot1x max-req success: change accepted. See Also clear dot1x Resets all wired authentication ports on the WX switch to default 802.1X port-control authentication. Syntax — By default, all wired authentication ports are set to auto and they process authentication requests as determined by the set authentication dot1X command.
Page 418: Clear Dot1X Quiet-Period
15: 802.1X M HAPTER ANAGEMENT Usage — This command is overridden by the set dot1x authcontrol command. The clear dot1x port-control command returns port control to the method configured. This command applies only to wired authentication ports. Examples — Type the following command to reset the wired authentication port control: WX4400# clear dot1x port-control success: change accepted.
Page 419: Clear Dot1X Reauth-Period
Access — Enabled. History — Introduced in MSS Version 3.0. Examples — Type the following command to reset the maximum number of reauthorization attempts to the default: WX4400# clear dot1x reauth-max success: change accepted. See Also clear dot1x Resets the time period that must elapse before a reauthentication reauth-period attempt, to the default time period.
Page 420: Clear Dot1X Timeout Supplicant
Resets to the default setting the number of seconds that must elapse supplicant before the WX switch times out an authentication session with a supplicant (client). Syntax — Defaults — The default for the authentication timeout sessions is 30 seconds.
Page 421: Display Dot1X
Defaults — The default is 5 seconds. Access — Enabled. History — Introduced in MSS Version 3.0. Examples — Type the following command to reset the EAPoL retransmission time: WX4400# clear dot1x tx-period success: change accepted. See Also display dot1x Displays 802.1X client information for statistics and configuration settings.
Page 422 15: 802.1X M HAPTER ANAGEMENT Examples — Type the following command to display the 802.1X clients: WX4400# display dot1x clients MAC Address ------------- 00:20:a6:48:01:1f 00:05:3c:07:6d:7c 00:05:5d:7e:94:83 00:02:2d:86:bd:38 00:05:5d:7e:97:b4 00:05:5d:7e:98:1a 00:0b:be:a9:dc:4e 00:05:5d:7e:96:e3 00:02:2d:6f:44:77 00:05:5d:7e:94:89 00:06:80:00:5c:02 00:02:2d:6a:de:f2 00:02:2d:5e:5b:76 00:02:2d:80:b6:e1 00:30:65:16:8d:69 00:02:2d:64:8e:1b OMMANDS State Vlan -------...
Page 423 Type the following command to display the 802.1X configuration: WX1200# display dot1x config Username -------- *@xmple.com *@sqa.com nash@sqa.com ! EXAMPLE\* DBC-PROJECTOR\* host/*.xmple.com 802.1X parameter ---------------- supplicant timeout auth-server timeout quiet period transmit period reauthentication period maximum requests key transmission reauthentication authentication control WEP rekey period WEP rekey...
Page 424 Logoffs While Authenticated: Bad Packets Received: Description Number of times that the WX switch state transitions to the CONNECTING state from any other state. Number of times that the WX switch state transitions from CONNECTING to DISCONNECTED as a result of receiving an EAPoL-Logoff message.
Page 425: Set Dot1X Authcontrol
See Also Field Description Logoffs While Number of times that the WX switch state wildcard Authenticating transitions from AUTHENTICATING to ABORTING, as a result of an EAPoL-logoff message being received from the Supplicant (client). Bad Packets Received Number of EAPoL packets received that have an invalid version or type.
Page 426: Set Dot1X Bonded-Period
Access — Enabled. History — Introduced in MSS Version 3.0. Usage — 3Com recommends that you try 60 seconds, and change the period to a longer value only if clients are unable to authenticate within 60 seconds. The bonded authentication period applies only to 802.1X authentication rules that contain the bonded option.
Page 427: Set Dot1X Max-Req
Syntax — Defaults — Key transmission is enabled by default. Access — Enabled. History — Introduced in MSS Version 3.0. Examples — Type the following command to enable key transmission: WX4400# set dot1x key-tx enable success: dot1x key transmission enabled. See Also set dot1x max-req Sets the maximum number of times the WX retransmits an EAP request...
Page 428: Set Dot1X Port-Control
15: 802.1X M HAPTER ANAGEMENT See Also set dot1x Determines the 802.1X authentication behavior on individual wired port-control authentication ports or groups of ports. Syntax — {forceauth | forceunauth | auto} port-list Defaults — By default, wired authentication ports are set to auto. Access —...
Page 429: Set Dot1X Quiet-Period
WX4400# set dot1x quiet-period 90 success: dot1x quiet period set to 90. See Also set dot1x reauth Determines whether the WX switch allows the reauthentication of supplicants (clients). Syntax — Defaults — Reauthentication is enabled by default. Access — Enabled.
Page 430: Set Dot1X Reauth-Max
8: WX4400# set dot1x reauth-max 8 success: dot1x max reauth set to 8. See Also set dot1x Sets the number of seconds that must elapse before the WX switch reauth-period attempts reauthentication. Syntax — OMMANDS “display dot1x” on page 421 “set dot1x reauth-max”...
Page 431: Set Dot1X Timeout Auth-Server
WX4400# set dot1x reauth-period 100 success: dot1x auth-server timeout set to 100. See Also set dot1x timeout Sets the number of seconds that must elapse before the WX switch times auth-server out a request to a RADIUS authentication server. Syntax —...
Page 432: Set Dot1X Tx-Period
WX4400# set dot1x timeout supplicant 300 success: dot1x supplicant timeout set to 300. See Also set dot1x tx-period Sets the number of seconds that must elapse before the WX switch retransmits an EAPoL packet. Syntax — Defaults — The default is 5 seconds.
Page 433: Set Dot1X Wep-Rekey
set dot1x Enables or disables Wired Equivalency Privacy (WEP) rekeying for wep-rekey broadcast and multicast encryption keys. Syntax — Defaults — WEP key rotation is enabled, by default. Access — Enabled. History — Introduced in MSS Version 3.0. Usage — Reauthentication is not required for WEP key rotation to take place.
Page 434 15: 802.1X M HAPTER ANAGEMENT History — Introduced in MSS Version 3.0. Examples — Type the following command to set the WEP-rekey period to 300 seconds: WX4400# set dot1x wep-rekey-period 300 success: dot1x wep-rekey-period set to 300 See Also OMMANDS “display dot1x”...
Page 435: Session Management Commands
{admin | console | — Clears sessions for all users with administrative access to the admin WX switch through a Telnet or SSH connection or a console plugged into the switch. — Clears sessions for all users with administrative access to console the WX switch through a console plugged into the switch.
Page 436: Clear Sessions Network
16: S HAPTER ESSION ANAGEMENT Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0. Examples — To clear all administrator sessions type the following command: WX4400# clear sessions admin This will terminate manager sessions, do you wish to continue? (y|n) [n]y To clear all administrative sessions through the console, type the following command: WX4400# clear sessions console...
Page 437 character—either an at sign (@) or a period (.). (For details, see “User Globs” on page 24.) mac-addr mac-addr-glob address. Specify a MAC address in hexadecimal numbers separated by colons (:), or use the wildcard character (*) to specify a set of MAC addresses.
Page 438: Display Sessions
WX1200# clear sessions network vlan red See Also display sessions Displays session information and statistics for all users with administrative access to the WX switch, or for administrative users with either console or Telnet access. Syntax — [client]} Defaults — None.
Page 439 Examples — To view information about sessions of administrative users, type the following command: WX4400> display sessions admin Username ------- -------------------- tty0 tty2 tech tty3 sshadmin 3 admin sessions To view information about console users’ sessions, type the following command: WX4400>...
Page 440: Display Sessions Network
16: S HAPTER ESSION ANAGEMENT Table 79 display sessions admin, display sessions console, and display sessions telnet Output Table 80 describes the fields of the display sessions telnet client display. Table 80 display sessions telnet client Output See Also display sessions Displays summary or verbose information about all network sessions, or network network sessions for a specified username or set of usernames, MAC...
Page 441 Syntax — display sessions network [user user-glob | mac-addr mac-addr-glob | ssid ssid-name vlan vlan-glob | session-id session-id | wired] [verbose] — Displays all network sessions for a single user or user user-glob set of users. Specify a username, use the double-asterisk wildcard character (**) to specify all usernames, or use the single-asterisk wildcard character (*) to specify a set of usernames up to or following the first delimiter character—either an at sign (@) or a period (.).
Page 442 16: S HAPTER ESSION ANAGEMENT Usage — MSS displays information about network sessions in three types of displays. See the following tables for field descriptions. Examples — To display summary information for all network sessions, type display sessions network. For example: WX1200# display sessions network User Name...
Page 443 (Table 81 on page 444 describes the summary displays of display sessions network commands.) The following command displays detailed (verbose) session information about user nin@example.com: WX1200# display sessions network user nin@example.com verbose User Name ----------------------------- ---- nin@example.com Client MAC: 00:02:2d:6e:ab:a5 State: ACTIVE now on: WX 192.168.12.7, AP/radio 1 sessions match criteria (of 10 total)
Page 444 16: S HAPTER ESSION ANAGEMENT Tag: 1 Session Timeout: 1800 Authentication Method: PEAP, using server 10.10.70.20 Session statistics as updated from AP: Unicast packets in: 653 Unicast bytes in: 46211 Unicast packets out: 450 Unicast bytes out: 50478 Multicast packets in: 317 Multicast bytes in: 10144 Number of packets with encryption errors: 0 Number of bytes with encryption errors: 0...
Page 445 IP address and port and radio numbers of the session’s current WX switch, the MAC address of the MAP access point, and the last update time. from IP address and port and radio numbers of the session’s previous WX switch, the MAC address of the MAP access point, and the last update time.
Page 446 WX switch in the Mobility Domain. ROAMING AWAY — The WX switch has been sent a request to transfer the user, who is roaming, to another WX switch. STATUS UPDATED — WX switch is receiving a final update from an MAP access point about the user, who has roamed away.
Page 447 Table 83 display sessions network session-id Output (continued) Field Description Session Assigned session timeout in seconds. Timeout Authentication Extensible Authentication Protocol (EAP) type used to authenticate Method the session user, and the IP address of the authentication server. Session Time the session statistics were last updated from the MAP access statistics as point, in seconds since a fixed standard date and time.
Page 448 16: S HAPTER ESSION ANAGEMENT OMMANDS...
Page 449: Commands By Usage
A rogue access point is a BSSID (MAC address associated with an SSID) that does not belong to a 3Com switch and is not a member of the ignore list configured on the seed switch of the Mobility Domain.
Page 450: Clear Rfdetect Countermeasures Mac
This command is valid only on the seed switch of the Mobility Domain, and does not become part of the configuration file when you save the configuration and therefore is not reloaded if the switch is restarted.
Page 451: Clear Rfdetect Ignore
commands, RF detection returns to the default handling of countermeasures. Consequently, the rogue you cleared can still be attacked if it is still in the rogue list. To stop countermeasures against a device, add the device to the known addresses list using the set rfdetect ignore command.
Page 452: Display Rfdetect Countermeasures
Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0. Usage — This command is valid only on the seed switch of the Mobility Domain. Examples — The following example displays countermeasures status for the Mobility Domain managed by this seed switch:...
Page 453: Display Rfdetect Data
Usage — You can enter this command on any WX switch in the Mobility Domain. The output applies only to the switch on which you enter the command. To display all devices that a specific 3Com radio has detected, even if the radio is managed by another WX switch, use the display rfdetect visible command.
Page 454 17: RF D HAPTER ETECTION Only one MAC address is listed for each 3Com radio, even if the radio is beaconing multiple SSIDs. Examples — The following command shows the devices detected by this WX switch during the most recent RF detection scan:...
Page 455: Display Rfdetect Ignore
Usage — This command is valid only on the seed switch of the Mobility Domain. To display rogue information for an individual switch, use the display rfdetect data command on that switch. Only rogues are listed. To display all devices detected, including 3Com radios, use the display rfdetect data command. display rfdetect ignore Ignore MAC “clear rfdetect ignore”...
Page 456 The BSSID is listed first. The MAC addresses of the 3Com radios that detected the BSSID are listed underneath the BSSID. If a 3Com radio is supporting more than one SSID, each of the corresponding BSSIDs is listed separately. System IP address of the WX switch that is managing the MAP that detected the rogue.
Page 457: Display Rfdetect Visible
Access — Enabled. History — Introduced in MSS Version 3.0. Usage — If a 3Com radio is supporting more than one SSID, each of the corresponding BSSIDs is listed separately. To display rogue information for the entire Mobility Domain, use the display rfdetect mobility-domain command on the seed switch.
Page 458: Set Rfdetect Active-Scan
3Com radio 00:0b:0e:00:0a:6a: WX1200# display rfdetect visible 00:0b:0e:00:0a:6a Total number of entries: 4 The following command displays the devices detected by 3Com radio 1 on the MAP connected to WX port 3: WX1200# display rfdetect visible ap 3 radio 1 Total number of entries: 3 Table 88 describes the fields in this display.
Page 459: Set Rf Detect Countermeasures
Access — Enabled. History — Introduced in MSS Version 3.0. Usage — You can enter this command on any WX switch in the Mobility Domain. The command takes effect only on that switch. Examples — The following command disables active scanning on a WX...
Page 460: Set Rfdetect Countermeasures Mac
MSS automatically issues countermeasures against detected rogues, use the clear rfdetect countermeasures mac all command. This command is valid only on the seed switch of the Mobility Domain. The countermeasures take effect only if countermeasures are enabled for OMMANDS countermeasures are now enabled.
Page 461: Set Rfdetect Ignore
Mobility Domain, using the set rfdetect countermeasures enable command. This command does not become part of the configuration file when you save the configuration and therefore is not reloaded if the switch is restarted. Examples — The following command begins countermeasures against...
Page 462: Set Rfdetect Log
Defaults — RF detection logging is enabled by default. Access — Enabled. History — Introduced in MSS Version 3.0. Usage — This command is valid only on the seed switch of the Mobility Domain. The log messages for rogues are generated only on the seed and appear only in the seed’s log message buffer.
Page 463: Commands By Usage
Use file management commands to manage system files and to display software and boot information. Commands by This chapter presents file management commands alphabetically. Use Usage Table 89 to locate commands in this chapter based on their use. Table 89 File Management Commands by Usage clear boot config Resets to the factory default the configuration that MSS loads during a reboot.
Page 464: Copy
Access — Enabled. History — Introduced in MSS Version 3.0. Examples — The following commands back up the configuration file on an WX switch, reset the switch to its factory default configuration, and reboot the switch: WX4400# copy configuration tftp://10.1.1.1/backupcfg Sent write request .Done...
Page 465 History — Introduced in MSS Version 3.0. Usage — The filename and file:filename URLs are equivalent. You can use either URL to refer to a file in an WX switch’s nonvolatile memory. The tftp://ip-addr/filename URL refers to a file on a TFTP server. If DNS is configured on the WX switch, you can specify a TFTP server’s hostname...
Page 466: Delete
WX4400# delete test-config success: file deleted. The following command copies file corpa-login.html from a TFTP server into subdirectory corpa in an WX switch’s nonvolatile storage: WX4400# copy tftp://10.1.1.1/corpa-login.html corpa/corpa-login.html success: received 637 bytes in 0.253 seconds [ 2517 bytes/sec] See Also delete Deletes a file.
Page 467: Dir
Syntax — Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0. Usage — You might want to copy the file to a TFTP server as a backup before deleting the file. Examples — The following commands copy file testconfig to a TFTP server and delete the file from nonvolatile storage: WX4400# copy testconfig tftp://10.1.1.1/testconfig Sent write request...
Page 468 18: F HAPTER ANAGEMENT Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0. Examples — The following command displays the files in the root directory: WX4400# dir =============================================================================== file: Filename file:configuration file:configuration.txt file:dangcfg dangdir/ old/ Total: 32 Kbytes used, 207824 Kbytes free =============================================================================== Boot:...
Page 469: Display Boot
Syntax — Defaults — None. Access — Access. History — Introduced in MSS Version 3.0. Examples — The following command shows the boot information for an WX switch: WX1200# display boot Configured boot image: Configured boot configuration: Booted version: Booted image:...
Page 470: Display Config
HAPTER ANAGEMENT Table 91 describes the fields in the display boot output. Table 91 Output for display boot See Also display config Displays the configuration running on the WX switch. Syntax — OMMANDS Field Description Configured boot Boot partition and image filename MSS will use to boot next image time the software is rebooted.
Page 471 portconfig portgroup radio-profile rfdevice service-profile snmp spantree system trace vlan vlan-fdb If you do not specify a configuration area, nondefault information for all areas is displayed. — Includes configuration items that are set to their default values. Defaults — None. Access —...
Page 472: Display Version
History — Introduced in MSS Version 3.0. Examples — The following command displays version information for a WX switch: WX1200# display version Mobility System Software, Version: 3.0.1 Copyright (c) 2004 3Com Corporation. All rights reserved. Build Information: (build#168) TOP 2004-09-23 08:35:00 Model: WX1200 Hardware Mainboard: version 1 ;...
Page 473 The following command displays additional software build information and MAP access point information: WX1200# display version details Mobility System Software, Version: 3.0.1 Copyright (c) 2004 3Com Corporation. All rights reserved. Build Information: (build#168) TOP 2004-09-23 08:35:00 Label: 3.0.1_092304_WX1200 Build Suffix:...
Page 474: Load Config
CAUTION: This command completely removes the running configuration and replaces it with the configuration contained in the file. 3Com recommends that you save a copy of the current running configuration to a backup configuration file before loading a new configuration.
Page 475: Mkdir
If you do not specify a filename, MSS uses the same configuration filename that was used for the previous configuration load. For example, if the WX switch used configuration for the most recent configuration load, MSS uses configuration again unless you specify a different filename.
Page 476: Reset System
Boot1: Total: =============================================================================== temporary files: Filename Total: 0 bytes used, 93537 Kbytes free See Also reset system Restarts an WX switch and reboots the software. Syntax — OMMANDS 512 bytes 512 bytes 512 bytes 512 bytes 8182 KB 8197 KB...
Page 477: Rmdir
If the running configuration and configuration file do not match, MSS does not restart the WX switch but instead displays a message advising you to either save the configuration changes or use the force option.
Page 478: Save Config
18: F HAPTER ANAGEMENT History — Introduced in MSS Version 3.0. Usage — MSS does not allow the subdirectory to be removed unless it is empty. Delete all files from the subdirectory before attempting to remove Examples — The following example removes subdirectory corp2: WX4400# rmdir corp2 success: change accepted.
Page 479: Set Boot Configuration-File
Defaults — The default configuration filename is configuration. Access — Enabled. History — Introduced in MSS Version 3.0. Usage — The file must be located in the switch’s nonvolatile storage. Examples — The following command sets the boot configuration file to testconfig1: WX4400# set boot configuration-file testconfig1 success: boot config set.
Page 480: Set Boot Partition
Specifies the boot partition in which to look for the system image file following the next system reset, software reload, or power cycle. Syntax — Defaults — By default, an WX switch uses the same boot partition for the next software reload that was used to boot the currently running image.
Page 481: Clear Log Trace
MSS allows, type the set trace ? command. CAUTION: Using the set trace command can have adverse effects on system performance. 3Com recommends that you use the lowest levels possible for initial trace commands, and slowly increase the levels to get the data you need.
Page 482: Clear Trace
19: T HAPTER RACE OMMANDS Access — Enabled. History — Introduced in MSS Version 3.0. Examples — To delete the trace log, type the following command: WX4400# clear log trace See Also clear trace Deletes running trace commands and ends trace processes. Syntax —...
Page 483: Display Trace
See Also display trace Displays information about traces that are currently configured on the WX switch, or all possible trace options. Syntax — Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0. Examples — To view the traces currently running, type the following...
Page 484: Save Trace
HAPTER RACE OMMANDS save trace Saves the accumulated trace data for enabled traces to a file in the WX switch’s nonvolatile storage. Syntax — Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0. Examples — To save trace data into the file trace1 in the subdirectory...
Page 485: Set Trace Authorization
Examples — The following command starts a trace for information about user jose’s authentication: WX4400# set trace authentication user jose success: change accepted. See Also set trace Traces authorization information. authorization Syntax — [port port-num] [user username] [level level] Defaults — The default trace level is 5. Access —...
Page 486: Set Trace Dot1X
19: T HAPTER RACE OMMANDS See Also set trace dot1x Traces 802.1X sessions. Syntax — Defaults — The default trace level is 5. Access — Enabled. History — Introduced in MSS Version 3.0. Examples — The following command starts a trace for the 802.1X sessions for MAC address 00:01:02:03:04:05: WX4400# set trace dot1x mac-addr 00:01:02:03:04:05: success: change accepted.
Page 487 Syntax — set trace sm [mac-addr mac-address] [port port-num] [user username] [level level] mac-addr mac-address address, using colons to separate the octets (for example, 00:11:22:aa:bb:cc). — Traces on a WX port number. port port-num — Traces a user. Specify a username of up to user username 80 alphanumeric characters, with no spaces.
Page 488 19: T HAPTER RACE OMMANDS...
Page 489: Commands By Usage
Use the system log commands to record information for monitoring and troubleshooting. MSS system logs are based on RFC 3164, which defines the log protocol. Commands by This chapter present system log commands alphabetically. Use Table 94 to Usage locate commands in this chapter based on their use. Table 94 System Log Commands by Usage clear log Clears the log messages stored in the log buffer, or removes the...
Page 490: Display Log Buffer
20: S HAPTER YSTEM Access — Enabled. History — Introduced in MSS Version 3.0. Examples — To stop sending system logging messages to a server at 192.168.253.11, type the following command: WX4400# clear log server 192.168.253.11 success: change accepted. Type the following command to clear all messages from the log buffer: WX4400# clear log buffer success: change accepted.
Page 491 Usage — The debug level produces a lot of messages, many of which can appear to be somewhat cryptic. Debug messages are used primarily by 3Com for troubleshooting and are not intended for administrator use. Examples — Type the following command to see the facilities for which...
Page 492: Display Log Config
20: S HAPTER YSTEM See Also display log config Displays log configuration information. Syntax — Defaults — None. Access — Enabled. History — Introduced in MSS Version 3.0. Examples — To display how logging is configured, type the following command: WX4400# display log config Logging console: Logging console severity:...
Page 493 IP address. severity severity-level greater than or equal to the level specified. Specify one of the following: — The WX switch is unusable. emergency — Action must be taken immediately. alert — You must resolve the critical conditions. If the critical conditions are not resolved, the WX can reboot or shut down.
Page 494: Set Log
20: S HAPTER YSTEM History — Introduced in MSS Version 3.0. Examples — Type the following command to see the facilities for which you can view event messages archived in the buffer: WX4400# display log trace facility ? <facility name> ASO, BOOT, CLI, CLUSTER, COPP, CRYPTO, DOT1X, ENCAP, ETHERNET, GATEWAY, HTTPD, IGMP, IP, MISC, NOSE, NP, RAND, RESOLV, RIB, ROAM, ROGUE, SM, SNMPD, SPAN, STORE, SYS, TAGMGR, TBRIDGE, TCPSSL, TELNET, TFTP, TLS, TUNNEL, VLAN, X509, XML, MAP,...
Page 495 — Sets log parameters for trace files. trace severity severity-level than or equal to the level specified. Specify one of the following: — The WX switch is unusable. emergency — Action must be taken immediately. alert — You must resolve the critical conditions. If the critical conditions are not resolved, the WX can reboot or shut down.
Page 496: Set Log Trace Mbytes
20: S HAPTER YSTEM Defaults — The following are defaults for the set log commands. Access — Enabled. History — Introduced in MSS Version 3.0. Usage — Using the command with only enable or disable turns logging on or off for the target at all levels. For example, entering set log buffer enable with no other keywords turns on logging to the system buffer of all facilities at all levels.
Page 497 set log trace mbytes Examples — The following command increases the trace buffer size to 4 WX4400# set log trace mbytes 4 success: change accepted. See Also “display log config” on page 492...
Page 498 20: S HAPTER YSTEM OMMANDS...
Page 499: Boot Prompt Commands By Usage
CAUTION: Generally, boot prompt commands are used only for troubleshooting. 3Com recommends that you use these commands only when working with 3Com Technical Support to diagnose a system issue. In particular, commands that change boot parameters can interfere with a WX switch’s ability to boot successfully.
Page 500: Autoboot
Table 95 Boot Prompt Commands by Usage (continued) autoboot Displays or changes the state of the autoboot option. The autoboot option controls whether a WX switch automatically boots a system image after initializing the hardware, following a system reset or power cycle. Syntax —...
Page 501: Boot
OPT+=option booted system image in addition to the boot option(s) in the currently active boot profile. The options are appended to the options already in the boot profile. Use this parameter only if advised to do so by 3Com. boot...
Page 502 All rights reserved. SYS Sep 29 21:45:36.849457 NOTICE Port 1 up 1000 Full Duplex SYSLOGD Sep 29 21:45:38.857125 ALERT SYSTEM_READY: The system has finished booting. (cause was "Warm Reboot") Copyright (c) 2004 3Com Corporation. All rights reserved. Username: See Also OMMANDS All rights reserved.
Page 503: Change
change Changes parameters in the currently active boot profile. (For information about boot profiles, see “display” on page 507.) Syntax — Defaults — The default boot type is c (compact flash). The default filename is default. The default flags setting is 0x00000000 (all flags disabled) and the default options list is run=nos;boot=0.
Page 504: Create
Access — Boot prompt. History — Introduced in MSS Version 3.0. Usage — A WX switch can have up to four boot profiles. The boot profiles are stored in slots, numbered 0 through 3. When you create a new profile, the system uses the next available slot for the profile. If all...
Page 505: Delete
delete Removes the currently active boot profile. (For information about boot profiles, see “display” on page 507.) Syntax — Defaults — None. Access — Boot prompt. History — Introduced in MSS Version 3.0. Usage — When you type the delete command, the next-lower numbered boot profile becomes the active profile.
Page 506: Dir
History — Introduced in MSS Version 3.0. Usage — Access to the diagnostic mode requires a password, which is not user configurable. Use this mode only if advised to do so by 3Com. Displays the boot code and system image files on a WX switch.
Page 507: Display
WX switch uses to control the boot process. Each boot profile contains the following parameters: A WX switch can have up to four boot profiles, numbered 0 through 3. Only one boot profile can be active at a time. You can create, change, and delete boot profiles.
Page 508: Fver
Table 96 describes the fields in the display. Table 96 Output of display command See Also fver Displays the version of a system image file installed in a specific location on a WX switch. Syntax — [filename] OMMANDS Field Description BOOT Index Boot profile slot, which can be a number from 0 to 3.
Page 509: Help
Defaults — None. Access — Boot prompt. History — Introduced in MSS Version 3.0. Usage — To display the image filenames, use the dir command. This command does not list the boot code versions. To display the boot code versions, use the version command. Examples —...
Page 510 21: B HAPTER ROMPT Usage — If you specify a command name, detailed information is displayed for that command. If you do not specify a command name, all the boot prompt commands are listed. Examples — The following command displays detailed information for the fver command: boot>...
Page 511: Next
Access — Boot prompt. History — Introduced in MSS Version 3.0. Usage — A WX switch contains 4 boot profile slots, numbered 0 through 3. This command activates the boot profile in the next slot, in ascending numerical order. If the currently active slot is 3, the command activates the boot profile in slot 0.
Page 512: Reset
Examples — To activate the boot profile in the next slot and display the profile, type the following command: boot> next See Also reset Resets a WX switch’s hardware. Syntax — Defaults — None. Access — Boot prompt. History — Introduced in MSS Version 3.0.
Page 513: Test
Syntax — Defaults — The poweron test flag is disabled by default. Access — Boot prompt. History — Introduced in MSS Version 3.0. 3Com WX-4400 Bootstrap/Bootloader Version Compiled on Wed Sep 22 09:18:47 PDT 2004 by Bootstrap 0 version: Bootloader 0 version:...
Page 514: Version
The diagnostic execution flag is not set. See Also version Displays version information for a WX switch’s hardware and boot code. Syntax — Defaults — None. Access — Boot prompt. History — Introduced in MSS Version 3.0.
Page 515 version See Also “dir” on page 506 “fver” on page 508...
Page 516 21: B HAPTER ROMPT OMMANDS...
Page 517: Register Your Product
More information on 3Com maintenance and Professional Services is available at http://www.3com.com/ Contact your authorized 3Com reseller or 3Com for a complete list of the value-added services available in your area. Troubleshoot You will find support tools posted on the 3Com web site at Online http://www.3com.com/...
Page 518: Access Software Downloads
When you contact 3Com for assistance, please have the following information ready: To send a product directly to 3Com for repair, you must first obtain a return authorization number (RMA). Products sent to 3Com, without authorization numbers clearly marked on the outside of the package, will be returned to the sender unopened, at the sender’s expense.
Page 519: Contact Us
Pakistan +61 2 9937 5083 You can also obtain support in this region using the following e-mail: apr_technical_support@3com.com Or request a repair authorization number (RMA) by fax using this number: Europe, Middle East, and Africa Telephone Technical Support and Repair...
Page 520 BTAINING UPPORT FOR YOUR Country Telephone Number Latin America Telephone Technical Support and Repair Antigua 1 800 988 2112 Argentina 0 810 444 3COM Aruba 1 800 998 2112 Bahamas 1 800 998 2112 Barbados 1 800 998 2112 Belize...
Page 521 NDEX autoboot 500 boot 501 change 503 clear {ap | dap} radio 232 clear accounting 165 clear authentication admin 165 clear authentication console 166 clear authentication dot1x 167 clear authentication last-resort 168 clear authentication mac 169 clear authentication web 170 clear banner motd 38 clear boot config 463 clear dap 58...
Page 522 NDEX clear usergroup attr 179 clear vlan 91 commit security acl 369 copy 464 create 504 crypto certificate 391 crypto certificate admin 391 crypto certificate eap 391 crypto generate key 392 crypto generate request 393 crypto generate request admin 393 crypto generate request eap 393 crypto generate self-signed 395 crypto generate self-signed admin 395...
Page 523 display tunnel 98 display version 472 display vlan config 99 fver 508 help 45, 509 history 46 hit-sample-rate 378 load config 474 ls 510 mkdir 475 monitor port counters 68 next 511 ping 131 quit 34 reset 512 reset {ap | dap} 260 reset port 73 reset system 476 rmdir 477...
Page 524 NDEX set ip snmp server 142 set ip ssh 143 set ip ssh absolute-timeout 143 set ip ssh idle-timeout 144 set ip ssh server 145 set ip telnet 146 set ip telnet server 146 set length 48 set license 49 set location policy 203 set log 494 set log buffer 494...
Page 525 NDEX set spantree portfast 337 set spantree portpri 337 set spantree portvlancost 338 set spantree portvlanpri 339 set spantree priority 340 set spantree uplinkfast 341 set summertime 153 set system contact 51 set system countrycode 51 set system ip-address 53, 155 set system location 54 set system name 55 set timedate 156...
Page 526 NDEX...

This manual is also suitable for:

3crwx440095a

3Com 3CRWX120695A Command Reference Manual

Table of Contents

Bout His Uide

Using the Command -Line Interface

Access Commands

3 S S C Ystem Ervice Ommands

Commands

Igmp Snooping Commands

Radius and Server Group Commands

Session Management Commands

Quick Links

Command Reference

Chapters

Related Manuals for 3Com 3CRWX120695A

Summary of Contents for 3Com 3CRWX120695A