Download Print this page
   
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Table of Contents
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492

Advertisement

WS5100 Series Switch
CLI Reference Guide

Advertisement

   Related Manuals for Motorola WS5100 Series

   Summary of Contents for Motorola WS5100 Series

  • Page 1

    WS5100 Series Switch CLI Reference Guide...

  • Page 2

    © 2008 Motorola, Inc. All rights reserved. MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. Symbol is a registered trademark of Symbol Technologies, Inc. All other product or service names are the property of their respective owners.

  • Page 3: About This Guide, Who Should Use This Guide

    About This Guide This preface introduces the WS5100 Series CLI Reference Guide and contains the following sections: • Who Should Use this Guide • How to Use this Guide • Conventions Used in this Guide • Motorola Service Information •...

  • Page 4: How To Use This Guide

    WS5100 Series Switch CLI Reference Guide How to Use this Guide This guide will help you implement, configure, and administer the WS5100 switch and associated network elements. This guide is organized into the following sections: Chapter Jump to this section if you want to...

  • Page 5: Conventions Used In This Guide

    Chapter Jump to this section if you want to... Chapter 12, “interface Summarizes the commands within the config-if Instance” WS5100 switch command line interface. Chapter 13, “spanning tree- Summarizes the instance commands (config-mst) mst Instance” within the WS5100 switch command line interface. Chapter 14, “Extended ACL Summarizes the commands within...

  • Page 6: Notational Conventions

    WS5100 Series Switch CLI Reference Guide Annotated Symbols The following document conventions are used in this document: NOTE: Indicate tips or special requirements. CAUTION: Indicates conditions that can cause equipment damage or data loss. WARNING! Indicates a condition or procedure that could result in personal injury or equipment damage.

  • Page 7

    Motorola Service Information Use the Motorola Support Center as the primary contact for any technical problem, question, or support issue involving Motorola products. Motorola Support Center responds to calls by email, telephone or fax within the time limits set forth in individual contractual...

  • Page 8: General Information

    WS5100 Series Switch CLI Reference Guide Customer Support Website Comprehensive on-line support is available at the MySymbolCare Web site at http://www.symbol.com/support/ . Registration is free and a variety of services can be linked through this Web portal. Product Sales and Product Information...

  • Page 9

    OTHER LEGAL ENTITY, YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO BIND THAT COMPANY, PERSON OR ENTITY. 1. LICENSE GRANT. Subject to the terms of this Agreement, Motorola, Inc. and/or its subsidiaries ("Licensor") hereby grants Licensee a limited, personal, non-sublicensable, non transferable, nonexclusive license to use the software that Licensee is about to download or install and the documentation that accompanies it (collectively, the "Software") for...

  • Page 10

    WS5100 Series Switch CLI Reference Guide 3. INTELLECTUAL PROPERTY; CONTENT. All title and intellectual property rights in and to the Software (including but not limited to any images, photographs, animations, video, audio, music, text and "applets" incorporated into the Software), and any copies you are permitted to make herein are owned by Licensor or its suppliers.

  • Page 11

    6. DISCLAIMER OF WARRANTIES. To the maximum extent permitted by applicable law, Licensor and its suppliers provide the Software and any (if any) Support Services AS IS AND WITH ALL FAULTS, and hereby disclaim all warranties and conditions, either express, implied or statutory, including, but not limited to, any (if any) implied warranties or conditions of merchantability, of fitness for a particular purpose, of lack of viruses, of accuracy or completeness of responses, of results, and of lack of negligence or lack of...

  • Page 12

    "Restricted Rights" as provided for in FAR, 48 CFR 52.227-14 (JUNE 1987) or DFAR, 48 CFR 252.227- 7013 (OCT 1988), as applicable. The "Manufacturer" for purposes of these regulations is Motorola, Inc., One Symbol Plaza, Holtsville, NY 11742. 12. EXPORT RESTRICTIONS. Licensee shall comply with all export laws and restrictions and regulations of the Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control ("OFAC"), or other United States or foreign agency or...

  • Page 13

    xvii waiver. This Agreement shall be governed by the laws of the State of New York without regard to the conflicts of law provisions thereof. The application the United Nations Convention of Contracts for the International Sale of Goods is expressly excluded. Unless waived by Licensor for a particular instance, any action or proceeding arising out of this Agreement must be brought exclusively in the state or federal courts of New York and Licensee hereby consents to the jurisdiction of such courts for any such action or proceeding.

  • Page 14

    WS5100 Series Switch CLI Reference Guide...

  • Page 15: Table Of Contents

    Contents Chapter 1. Introduction 1.1 CLI Overview ..............1-1 1.2 Getting Context Sensitive Help .

  • Page 16: Table Of Contents

    TOC-2 WS5100 Series Switch CLI Reference Guide 2.2.4 crypto ............. . . 2-29 2.2.5 environment.

  • Page 17: Table Of Contents

    Contents - TOC-3 2.2.42 ftp..............2-75 2.2.43 password-encryption .

  • Page 18: Table Of Contents

    TOC-4 WS5100 Series Switch CLI Reference Guide 4.1.13 dir..............4-16 4.1.14 disable .

  • Page 19: Table Of Contents

    Contents - TOC-5 5.1.12 fallback ............. 5-25 5.1.13 ftp.

  • Page 20: Table Of Contents

    TOC-6 WS5100 Series Switch CLI Reference Guide 6.1.10 no ..............6-6 6.1.11 service .

  • Page 21: Table Of Contents

    Contents - TOC-7 10.1.4 help ..............10-3 10.1.5 match .

  • Page 22: Table Of Contents

    TOC-8 WS5100 Series Switch CLI Reference Guide 12.1.12 port-channel............12-10 12.1.13 service .

  • Page 23: Table Of Contents

    Contents - TOC-9 Chapter 15. Standard ACL Instance 15.1 Standard ACL Config Commands ..........15-1 15.1.1 clrscr .

  • Page 24: Table Of Contents

    TOC-10 WS5100 Series Switch CLI Reference Guide 17.1.7 ddns ..............17-8 17.1.8 default-router.

  • Page 25: Table Of Contents

    Contents - TOC- Chapter 19. Radius Server Instance 19.1 Radius Configuration Commands ..........19-1 19.1.1 authentication .

  • Page 26: Table Of Contents

    TOC-12 WS5100 Series Switch CLI Reference Guide 20.1.4 ap ..............20-5 20.1.5 ap-detection.

  • Page 27: Table Of Contents

    Contents - TOC- Chapter 21. SOLE Instance 21.1 SOLE Config Commands ............21-1 21.1.1 adapter.

  • Page 28

    TOC-14 WS5100 Series Switch CLI Reference Guide...

  • Page 29: Cli Overview

    Introduction This chapter describes the commands defined by the switch Command Line Interface (CLI). Access the CLI by running a terminal emulation program on a computer connected to the serial port on the front of the switch, or by using a Telnet session via secure shell (SSH) to access the switch over the network.

  • Page 30

    WS5100 Series Switch CLI Reference Guide A session generally begins in USER EXEC mode (one of the two access levels of the EXEC mode). For security, only a limited subset of EXEC commands are available in the USER EXEC mode. This level is reserved for tasks that do not change the configuration of the switch (such as determining the current switch configuration).

  • Page 31

    Introduction 1- User Exec Mode Priv Exec Mode Global Configuration Mode help cluster-cli errdisable logout configure fallback copy page debug hostname ping delete interface quit diff service line show disable local telnet edit logging terminal enable traceroute erase mac-address-table exit management halt help...

  • Page 32: Getting Context Sensitive Help

    WS5100 Series Switch CLI Reference Guide User Exec Mode Priv Exec Mode Global Configuration Mode quit wlan-acl reload rename rmdir service show telnet terminal traceroute upgrade upgrade-abort write 1.2 Getting Context Sensitive Help Enter a question mark (?) at the system prompt to display a list of commands available for each mode.

  • Page 33

    Introduction 1- Command Description (prompt)# abbreviated-command- Completes a partial command name. entry<Tab> (prompt)# ? Lists all commands available in the command mode. prompt)# command ? Lists the available syntax options (arguments and keywords) for the command. (prompt)# command keyword ? Lists the next available syntax option for the command.

  • Page 34: Using The No And Default Forms Of Commands, Basic Conventions

    WS5100 Series Switch CLI Reference Guide It’s possible to abbreviate commands and keywords to allow a unique abbreviation. For example, “configure terminal” can be abbreviated as . Since the abbreviated config t command is unique, the switch accepts the abbreviation and executes the command.

  • Page 35: Using Cli Editing Features And Shortcuts, Moving The Cursor On The Command Line

    Introduction 1- • If an instance name (or other parameter) contains whitespace, the name must be enclosed in quotes: WS5100.(Cfg)> spol "Default Switch Policy" WS5100.(Cfg).SPolicy.[Default Switch Policy]> NOTE: CLI commands starting with , at the prompt, is WS5100# ignored and is not executed. Any leading space before a CLI command is ignored in execution 1.4 Using CLI Editing Features and Shortcuts A variety of shortcuts and editing features are available.

  • Page 36

    WS5100 Series Switch CLI Reference Guide Table 1.2 Key Combinations Used to Move the Cursor Function Keystrokes Summary Function Details Left Arrow or Ctrl-B Back character Moves the cursor one character to the left. When entering a command that extends...

  • Page 37: Completing A Partial Command Name

    Introduction 1- Function Keystrokes Summary Function Details Ctrl-Z Enters the command and returns to the root promp Ctrl-L Refresh input line 1.4.2 Completing a Partial Command Name If you cannot remember a complete command name, or if you want to reduce the amount of typing you have to perform, enter the first few letters of a command, then press the Tab key.

  • Page 38: Deleting Entries, Re-displaying The Current Command Line, Command Output Pagination, Transposing Mistyped Characters

    1-10 WS5100 Series Switch CLI Reference Guide 1.4.3 Deleting Entries Use any of the following keys (or key combinations) to delete command entries: Keystrokes Purpose Backspace Deletes the character to the left of the cursor. Ctrl-D Deletes the character at the cursor.

  • Page 39: Controlling Capitalization

    Introduction 1- 1.4.7 Controlling Capitalization Capitalize or lowercase words with a few simple key sequences. The switch’s CLI commands are generally case-insensitive, and all in lowercase. To change the capitalization of commands, use one of the following k sequences: Keystrokes Purpose Esc, C Capitalizes the letters to the right of cursor.

  • Page 40

    1-12 WS5100 Series Switch CLI Reference Guide...

  • Page 41: Common Commands

    Common Commands This chapter describes the CLI commands used in the USER EXEC and PRIV EXEC modes. The PRIV EXEC command set contains those commands available within the USER EXEC mode. Some commands can be entered in either mode. Commands entered in either USER EXEC mode or PRIV EXEC mode are referred to as EXEC mode commands.

  • Page 42: Clrscr, Exit, Help

    WS5100 Series Switch CLI Reference Guide 2.1.1 clrscr Common Commands Clears the screen and refreshes the prompt (#) Syntax clrscr Parameters None Example WS5100#clrscr 2.1.2 exit Common Commands Ends the current mode and moves to the previous mode Syntax exit...

  • Page 43

    Common Commands Syntax help Parameters None Example WS5100>show ? autoinstall autoinstall configuration banner Display Message of the Day Login banner commands Show command lists crypto encryption module environment show environmental information history Display the session command history interfaces Interface status and configuration Internet Protocol (IP) ldap LDAP server...

  • Page 44

    WS5100 Series Switch CLI Reference Guide 2.1.4 no Common Commands Negates a command or sets its defaults Syntax Parameters None Example (User Exec) WS5100>no ? cluster-cli Cluster context debug Debugging functions page Toggle paging service Service Commands WS5100>no Example (Priv Exec)

  • Page 45: Service

    Common Commands local Local user authentication database for VPN logging Modify message logging facilities MAC configuration mac-address-table Configure MAC address table management sets properties of the management interface Configure NTP prompt Reset system's prompt radius-server RADIUS server configuration commands redundancy Configure redundancy group parameters service Service Commands...

  • Page 46

    WS5100 Series Switch CLI Reference Guide service (encrypt)(secret)(2)(PASSPHRASE)(plaintext)(keyword) service (save-cli) service (show) [cli|command-history|crash-info|diag|info|memory| process|reboot-history|startup-log|upgrade-history|watchdog] service (show)(crash-info)(PANIC_FILENAME) service (show)(diag)(hardware|led-status|limits|period|stats|top) service (wireless) Parameters (User Exec) diag Diagnostics • enable – Enables in service diagnostics • fanduty <40-100> – Sets the CPU fan PWM duty cycle.

  • Page 47

    Common Commands • inodes[etc2|flash|ram] – File system inode limit • load [1|15|5] – Aggregate processor load • maxFDs <0-32767> – Configures the maximum number of file descriptors. Set between 0 to 32767 • pkbuffers <0-65535>– Configures the packet buffer head cache limit. Set between 0 and 65535 •...

  • Page 48

    WS5100 Series Switch CLI Reference Guide encrypt Encrypts a password or key with a secret passphrase • secret – Encrypts passwords/keys with a secret phrase • 2 – Type of encryption SHA256-AES256 • PASSPHRASE – Defines the passphrase used for encryption •...

  • Page 49

    Common Commands Displays running system information show • cli – Shows the CLI tree of the current mode • command-history – Displays the command (except show commands) history • crash-info – Displays information about core, panic and AP dump files •...

  • Page 50

    2-10 WS5100 Series Switch CLI Reference Guide Syntax (Priv Exec) service [clear|copy|diag|diag-shell|encrypt|pktcap|pm|save-cli| securitymgr|show|start-shell|test|watchdog|wireless] service clear [all|aplogs|clitree|cores|dumps|panics|securitymgr(flows) {<0-349>|WORD|all|eth <1-2>|vlan <1-4094>}] service copy (tech-support) (URL)[tftp|ftp|sftp] service diag [enable|fanduty|identify|limit|period] service diag-shell <Cr> service encrypt service pktcap (on) [bridge|interface|router] service pktcap (on) (bridge) [count <1-99999>|filter|verbose|write]...

  • Page 51

    Common Commands 2-11 service securitymgr [disable|disable-flow-rate-limit|dump-core| enable-http-stats] service (show) [cli|command-history|crash-info|diag|info|last- passwd|memory|pm (history)[name|all]|process|reboot- history|securitymgr|startup-log|upgrade-history|watchdog|wireless] service (show) (securitymgr) (flows)[details|source][A.B.C.D|any](destination) [A.B.C.D|any](protocol) [any|icmp|tcp|udp] service start-shell service test service watchdog service wireless [ap-history|buffer-counters|clear-ap-log| dump-core|enhanced-beacon-table|enhanced-probe-table| idle-radio-send-multicast|legacy-load-balance|radio-misc-cfg| rate-scale|request-ap-log|save-ap-log|snmp-trap-throttle| vlan-cache]...

  • Page 52

    2-12 WS5100 Series Switch CLI Reference Guide Parameters (Priv Exec) clear Performs a variety of reset functions • all – Removes all core, dump and panic files • aplogs – Removes all AP log files • clitree – Removes clitree.html (created by the save-cli command) •...

  • Page 53

    Common Commands 2-13 Sets or displays switch diagnostic values diag • enable – Enables in-service diagnostics • fanduty <40-100> – CPU fan PWM duty cycle. Set a value between 40-100%. Setting a value below 60 is considered unreliable • identify – Identifies a switch by flashing the LEDs •...

  • Page 54

    2-14 WS5100 Series Switch CLI Reference Guide • procRAM – Configures the RAM space used by a process. Set the percentage of RAM space between 0.0 and 100.0 percent. • ram – Configures the free space for the RAM. Configure the free space between 0.0 and 100.0 percent.

  • Page 55

    Common Commands 2-15 Packet capture pktcap (on) [bridge|interface|router| • on – Defines the Capture location vpn] • bridge – Captures at the bridge [count|filter|verbose| write] • count – Limits the capture packet count • filter – Captures the filter • verbose – Displays full packet body •...

  • Page 56

    2-16 WS5100 Series Switch CLI Reference Guide Process Monitor • stop – Stops the PM from monitoring all daemons save-cli Saves the CLI tree for all modes in HTML securitymgr Securitymgr parameterss • disable – Disables securitymgr • disable-flow-rate-limit – Disables flow rate limitings •...

  • Page 57

    Common Commands 2-17 Displays running system information show • cli – Shows the CLI tree of the current mode • command-history – Displays a command (except show commands) history • crash-info – Displays information about core, panic and AP dump files •...

  • Page 58

    2-18 WS5100 Series Switch CLI Reference Guide show securitymgr () Service Security Manager parameters • flows – Sessions established • details|source – Shows detailed flow statistics or source IP address • [A.B.C.D|any] – Flows where source address is A.B.C.D or flows with any source address •...

  • Page 59

    Common Commands 2-19 • legacy-load-balance – Invokes legacy load balance algorithms with the switch • radio-misc-cfg – Radio specific configuration U16 for all radios • rate-scale – Enables wireless rate scaling (default) • request-ap-log – Requests an AP log • save-ap-log – Saves debug/error logs sent by the access-port •...

  • Page 60

    2-20 WS5100 Series Switch CLI Reference Guide Process Monitor • sys-restart – Enables the PM to restart the system when a processes fails prompt Enable crash-info prompt • crash-info – Enables a crash-info prompt radius Enable radius server • restart – Restarts the radius server with updated configuration Set service parameters.

  • Page 61

    Common Commands 2-21 WS5100#service diag led ? 1 - upper LED 2 - lower LED WS5100#service diag led 1 ? amber amber blue blue WS5100#service diag led 1 amber ? flashing LED Flashing LED off LED on WS5100#service diag led 1 amber flashing WS5100#service diag led 1 amber flashing WS5100#service diag led 1 blue on WS5100#service diag led 1 red off...

  • Page 62

    2-22 WS5100 Series Switch CLI Reference Guide WS5100>service show command-history WS5100>service show command-history Configured size of command history is 200 Date & Time User Location Command =================================================================== May 31 21:57:44 2007 admin vty 130 exit May 31 20:30:11 2007 admin...

  • Page 63: Show

    Common Commands 2-23 - - - shutdown (ungraceful:unexpected cold restart) May 30 17:15:13 2007 startup - - - shutdown (ungraceful:unexpected cold restart) May 29 15:10:51 2007 startup - - - shutdown (ungraceful:unexpected cold restart) May 28 20:06:31 2007 startup - - - shutdown (ungraceful:unexpected cold restart) May 25 14:21:35 2007...

  • Page 64

    2-24 WS5100 Series Switch CLI Reference Guide Parameters Display Parameters Description Mode Example autoinstall Displays the autoinstall configuration Common page 27 banner Displays the message of the day login Common page 27 banner commands Displays command lists Common page 28...

  • Page 65

    Common Commands 2-25 Display Parameters Description Mode Example radius Displays RADIUS configuration Common page 48 commands redundancy-group Displays redundancy group parameters Common page 49 redundancy-history Displays the state transition history of Common page 51 the switch redundancy- Displays redundancy group members in Common page 52 members...

  • Page 66

    2-26 WS5100 Series Switch CLI Reference Guide Display Parameters Description Mode Example access-list Displays the access list Internet Protocol Privilege page 71 (IP) configuration /Global Config aclstats Displays ACL statistics Privilege page 72 /Global Config alarm-log Displays all the alarms currently in the...

  • Page 67: Autoinstall, Banner

    Common Commands 2-27 Display Parameters Description Mode Example running-config Displays the current operating Privilege page 76 configuration /Global Config securitymgr Displays debug information for ACL, VPN Privilege page 80 and NAT /Global Config sessions Displays currently open and active Privilege page 80 connections /Global...

  • Page 68: Commands

    2-28 WS5100 Series Switch CLI Reference Guide Parameters motd Defines the Message of the Day banner Example WS5100>show banner motd Welcome to CLI WS5100> 2.2.3 commands Common to all modes Syntax WS5100>show commands Parameters None Example WS5100#show commands acknowledge alarm-log (all|<1-65535>) acknowledge alarm-log (all|<1-65535>)

  • Page 69: Crypto

    Common Commands 2-29 2.2.4 crypto Common to all modes Syntax show crypto(ipsec|isakmp|key|map|pki) show crypto ipsec(sa|security-association(lifetime)|transformset) show crypto isakmp(policy(<1-10000>)|sa) show crypto key(mypubkey) show crypto map(interface|tag) show crypto pki(request|trustpoints)

  • Page 70

    2-30 WS5100 Series Switch CLI Reference Guide Parameters ipsec Displays the IPSEC policy [sa|securityassociation • sa – IPSec security association (lifetime)|transformset • security-association – Security association (name)] • lifetime – Defines the lifetime • transformset – Transformset • name – Defines the transform set name or all...

  • Page 71

    Common Commands 2-31 Example WS5100(config)#show crypto pki request tptest -----BEGIN CERTIFICATE REQUEST----- MIIB2zCCAUQCAQAwaDELMAkGA1UEBhMCaW4xEjAQBgNVBAgTCWthcm5hdGFrYTES MBAGA1UEBxMJYmFuZ2Fsb3JlMQ8wDQYDVQQKEwZzeW1ib2wxDDAKBgNVBAsTA3dp ZDESMBAGA1UEAxMJdGVzdC1jZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB gQC3qisZdTn7rKzv5TrGtKt7fwMwaYpgehyl52I4fDLZYY/WTTTJFyKwW6s+Pq2R mM9oiqX8mCZeSEIJIATpAVT2M5Ukb4Br9YQDcWHs84oXRJxKPeZ3WscBld2soPvK ui1LoizZH9iqawmkXED1TFMBbDWiOcfnqQKn8Tddeax/JQIDAQABoDMwMQYJKoZI hvcNAQkOMSQwIjALBgNVHQ8EBAMCBLAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJ KoZIhvcNAQEEBQADgYEAoJMylm3aaY1CnkOO5TbxB+qL4F4MKL6+o/m0yRPqy/2S gkk/OwxHvc3TbA9WjbKkFWIDyqU7X0d+c8f9KogwxDwWHll2IBiTCtBAq6hpgKOv Um9GFvMFps9XVkKtYttN3fer9tA+6xY9CKlr12mNGOYFHyVjMc3Pic0ODFiPHAU= -----END CERTIFICATE REQUEST----- WS5100(config)#show crypto pki trustpoints Trustpoint :default-trustpoint ----------------------------------------------- Server certificate configured Subject Name: Common Name: Symbol Technologies Issuer Name: Common Name: Symbol Technologies...

  • Page 72: Environment, History, Interfaces

    2-32 WS5100 Series Switch CLI Reference Guide 2.2.5 environment Common to all modes Syntax show environment Parameters None Example WS5100>show environment CPU temperature : 33.0 C system temperature : 33.0 C CPU fan 4354 rpm case fan 8766 rpm WS5100>...

  • Page 73

    Common Commands 2-33 Parameters IFNAME Displays the interface name Displays ethernet interface information switchport Displays native VLAN(s) and allowed VLAN information on switch ports vlan Displays VLAN interface details Usage Guidelines Use the command to display the administrative and operational status show interface of all the interfaces or a specified interface Example...

  • Page 74

    2-34 WS5100 Series Switch CLI Reference Guide 2.2.8 ip Common to all modes Syntax show ip (access-group (IFNAME | eth <1-2> | vlan <1-4094>) | arp | ddns(binding)|dhcp(binding|class|pool|sharednetwork)| dhcp-vendor-options | domain-name | http(secure-server|server)| interface(IFNAME|brief|vlan) | name-server | route(A.B.C.D|A.B.C.D/M|detail) | routing | ssh | telnet ) show ip access-group (IFNAME|eth <1-2>...

  • Page 75

    Common Commands 2-35 Parameters access-group Displays the ACLs attached to an interface • IFNAME – Enter the name of the interface to which the ACL is associated. access-group lists the details of the ACLs configured on the particular Layer 3 or Layer 2 interface •...

  • Page 76

    2-36 WS5100 Series Switch CLI Reference Guide interface Use the show ip interface command to display the administrative and operational status of all Layer-3 interfaces or a specified Layer-3 interface • IF NAME – Interface name. • brief – Brief summary of the IP status and its configuration •...

  • Page 77

    Common Commands 2-37 vlan3 unassigned WS5100(config-if)#shutdown c. Check the stauts. Note that the VLAN has now been disassociated and the status is DOWN. WS5100(config)#show ip interface brief Interface IP-Address Status Protocol vlan1 157.235.208.69(DHCP) vlan3 unassigned administratively down down WS5100(config)# 2. The above example could also occur when a DHCP interface is disconnected. DHCP is not effected though, because it runs on a virtual interface and not on a physical interface.

  • Page 78

    2-38 WS5100 Series Switch CLI Reference Guide option user-class UserClassTest ip dhcp class TestDHCPclass ip dhcp class Add-DHCP-class1 ip dhcp class MonarchDHCPclas option user-class MC9000 ip dhcp class WS5100DHCPclass option user-class MC800 WS5100(config)# WS5100#show ip dhcp pool ip dhcp pool pl ip dhcp pool pool1 domain-name test.com...

  • Page 79

    Common Commands 2-39 WS5100#show ip interface tunnel 1 ? brief Brief summary of IP status and configuration WS5100#show ip interface tunnel 1 brief Interface IP-Address Status Protocol tunnel1 unassigned WS5100#show ip interface vlan 1 brief Interface IP-Address Status Protocol vlan1 157.235.208.233 (DHCP)up WS5100#show ip name-server...

  • Page 80: Ldap

    2-40 WS5100 Series Switch CLI Reference Guide 2.2.9 ldap Common to all modes Syntax show ldap(configuration(primary|secondary)) Parameters ldap Defines the LDAP server configuration Sets the LDAP server primary Defines the Primary LDAP server secondary Defines the Secondary LDAP server Example...

  • Page 81: Licenses, Logging

    Common Commands 2-41 Bind DN cn=kumar,ou=symbol,dc=activedirectory,dc=com Base DN ou=symbol,dc=activedirectory,dc=com Password : 0 symbol@123 Password Attribute : UserPassword Group Name : cn Group Membership Filter: (&(objectClass=group)(member=%{Ldap-UserDn})) Group Member Attr : radiusGroupName Net timeout : 1 second(s) 2.2.10 licenses Common to all modes Syntax show licenses Parameters...

  • Page 82: Mac-address-table

    2-42 WS5100 Series Switch CLI Reference Guide Logging to: 10.0.0.2 Log Buffer (6520 bytes): Sep 14 19:11:59 2006: %DAEMON-6-INFO: radiusd[4643]: Ready to process requests. Sep 14 19:11:58 2006: %PM-5-PROCSTOP: Process "radiusd" has been stopped Sep 14 18:51:14 2006: %CC-5-RADIOADOPTED: 11a radio on AP 00-A0-F8-...

  • Page 83: Management, Mobility

    Common Commands 2-43 2.2.14 management Common to all modes Syntax show management Parameters None Example WS5100>show management Mgmt Interface: vlan1 Management access permitted via any vlan interface WS5100> 2.2.15 mobility Common to all modes Syntax show mobility [event-log|forwarding|global|mobile- unit|peer|statistics] show mobility event-log [mobile-unit|peer] show mobility forwarding (AA-BB-CC-DD-EE-FF) show mobility mobile-unit [<AA-BB-CC-DD-EE-FF>|detail] show mobility peer [<A.B.C.D>|detail]...

  • Page 84

    2-44 WS5100 Series Switch CLI Reference Guide Parameters event-log Displays the mobility event logs • mobile-unit – MU event logs • peer – Peer event logs forwarding Displays and defines Mobile units in the forwarding plane • AA-BB-CC-DD-EE-FF – MAC address of the mobile unit...

  • Page 85

    Common Commands 2-45 157.235.208.16 157.235.208.16 09/14 19:17:50 ADD-MU 00-0f-3d-e9-a6-54 0.0.0.0 157.235.208.16 157.235.208.16 WS5100>show mobility forwarding Mobility Forwarding-plane Information State: HS : Home-switch CS : Current-switch !HS: Not Home-switch !CS: Not Current-switch Mac-Address IP-Address State HS-Vlan Tunnel WS5100> WS5100>show mobility global Mobility Global Parameters Admin Status : DISABLED...

  • Page 86

    2-46 WS5100 Series Switch CLI Reference Guide WS5100(config)#show mobility statistics MU <00-0f-3d-e9-a6-54> Mob-State HS_AND_CS ----------------------------------------------- Inter- face |unicast Error |unicast Error wlan_port 2.2.16 ntp Common to all modes Syntax show ntp (association (detail)|status) Parameters Displays the Network Time Protocol (NTP) configuration...

  • Page 87: Port-channel, Privilege

    Common Commands 2-47 WS5100(config)#show ntp associations detail 157.235.208.105 configured, sane, valid, leap_sub, stratum 16 ref ID INIT, time 00000000.00000000 (Feb 07 06:28:16 UTC 2036) our mode client, peer mode unspec, our poll intvl 6, peer poll intvl 10 root delay 0.00 msec, root disp 0.00, reach 000, delay 0.00 msec, offset 0.0000 msec, dispersion 0.00 precision 2**-20, org time 00000000.00000000 (Feb 07 06:28:16 UTC 2036)

  • Page 88: Radius

    2-48 WS5100 Series Switch CLI Reference Guide Example WS5100>show privilege Current user privilege: superuser WS5100> 2.2.19 radius Common to all modes Syntax show radius (configuration | eap (configuration)| group | nas ( A.B.C.D/M)| proxy | rad-user | trust-point) Parameters radius...

  • Page 89: Redundancy-group

    Common Commands 2-49 2.2.20 redundancy-group Common to all modes This command displays the switch’s IP address, number of active neighbors, group license, installed license, cluster AP adoption count, switch adoption count, hold time, discovery time, heartbeat interval, cluster id and switch mode. In a cluster, this command displays the redundancy runtime and configuration of the “self-switch”.

  • Page 90

    2-50 WS5100 Series Switch CLI Reference Guide Radio Portals adopted by Group : Not Applicable Radio Portals adopted by this Switch : Not Applicable Rogue APs detected in this Group : Not Applicable Rogue APs detected by this Switch : Not Applicable...

  • Page 91: Redundancy-history

    Common Commands 2-51 MUs associated in this Group : Not Applicable MUs associated in this Switch : Not Applicable Selfhealing RPs in this Group : Not Applicable Selfhealing APs in this Switch : Not Applicable Group maximum AP adoption capacity : Not Applicable Switch Adoption capacity : Not Applicable...

  • Page 92: Redundancy-members, Snmp

    2-52 WS5100 Series Switch CLI Reference Guide 2.2.22 redundancy-members Common to all modes Displays the member switches in the cluster. The user can provide the of the IP address switch in cluster whose information alone is needed. Syntax show redundancy-members (A.B.C.D) Parameters A.B.C.D...

  • Page 93: Snmp-server

    Common Commands 2-53 Example WS5100>show snmp user snmpmanager userName access engineId Authentication Encryption snmpmanager 800001848067458b6bd7157745 WS5100> WS5100>show snmp user snmpoperator userName access engineId Authentication Encryption snmpoperator 800001848067458b6bd7157745 WS5100> WS5100>show snmp user snmptrap userName access engineId Authentication Encryption snmptrap 800001848067458b6bd7157745 WS5100> 2.2.24 snmp-server Common to all modes Syntax...

  • Page 94

    2-54 WS5100 Series Switch CLI Reference Guide Example WS5100>show snmp-server traps ------------------------------------------------------------------- Global enable flag for Traps ------------------------------------------------------------------- Enable flag status for Individual Traps ------------------------------------------------------------------- Module Type Trap Type Enabled?[Y/N] ------------------------------------------------------------------- snmp coldstart snmp linkdown snmp linkup snmp authenticationFail dhcpIPChanged...

  • Page 95: Sole

    Common Commands 2-55 nu-percent-greater-than disabled gave-up-percent-greater-than disabled avg-retry-greater-than disabled undecrypt-percent-greater-than disabled WS5100> WS5100>show snmp-server traps wireless-statistics radio pktsps-greater-than disabled tput-greater-than disabled avg-bit-speed-less-than disabled avg-signal-less-than disabled nu-percent-greater-than disabled gave-up-percent-greater-than disabled avg-retry-greater-than disabled undecrypt-percent-greater-than disabled num-stations-greater-than disabled WS5100> WS5100>show snmp-server traps wireless-statistics wireless-switch pktsps-greater-than disabled tput-greater-than...

  • Page 96

    2-56 WS5100 Series Switch CLI Reference Guide Parameters config (adapter) Shows the switch SOLE adapter configuration (ADAPTER NAME) • adapter – Show the existing configuration of the SOLE adapters stats (adapter) Displays SOLE adapter statstics (ADAPTER NAME) • adapter – Displays SOLE adapter statstics...

  • Page 97: Spanning-tree

    Common Commands 2-57 2.2.26 spanning-tree Common to all modes Syntax show spanning-tree (mst)[config| detail(interface){IF Name|eth <1-2>|vlan <1-4094>}| instance <1-15> (interface){IF NAME|eth <1-2>|vlan <1-4094>}] Parameters config Displays MSTP configuration information detail(interface) Displays detailed interface information {IF Name|eth <1-2>|vlan • IF Name – Displays the interface name <1-4094>} •...

  • Page 98: Static-channel-group

    2-58 WS5100 Series Switch CLI Reference Guide % portfast bpdu-guard disabled % portfast errdisable timeout disabled % portfast errdisable timeout interval 300 sec % cisco interoperability not configured - Current cisco interoperability off eth1: Port 2001 - Id 87d1 - Role Disabled - State Forwarding...

  • Page 99: Terminal, Timezone

    Common Commands 2-59 2.2.28 terminal Common to all modes Syntax show terminal Parameters None Example WS5100>show terminal Terminal Type: vt102 Length: 44 Width: 125 WS5100> 2.2.29 timezone Common to all modes Syntax show timezone Parameters None Example WS5100>show timezone Timezone is Etc/UTC WS5100>...

  • Page 100: Users, Version

    2-60 WS5100 Series Switch CLI Reference Guide 2.2.30 users Common to all modes Syntax show users Parameters None Example WS5100>show users Line User Uptime Location 0 con 0 admin 06:08:11 ttyS0 130 vty 0 2308 admin 00:35:18 WS5100> 2.2.31 version...

  • Page 101

    Common Commands 2-61 Switch uptime is 0 days, 6 hours 10 minutes CPU is Intel(R) Pentium(R) 4 CPU 2.00GHz PCI bus 3 device 8 function 1 Ethernet controller Intel Corporation 82546EB Gigabit Ethernet Controller (Copper) PCI bus 3 device 8 function 0 Ethernet controller Intel Corporation 82546EB Gigabit Ethernet Controller (Copper)

  • Page 102: Wireless

    2-62 WS5100 Series Switch CLI Reference Guide 2.2.32 wireless Common to all modes Syntax show wireless [(aap-version| ap (<1-48>|<AA-BB-CC-DD-EE-FF>)| ap-detection-config | ap-images | ap-unadopted | approved-aps | channel-power (11a (indoor | outdoor))| 11b (indoor | outdoor)| 11bg (indoor | outdoor))|...

  • Page 103

    Common Commands 2-63 Parameters aap-version Displays the minimum adaptive firmware version string Status of the adopted access port • <1-48> – Defines the index of the access port • AA-BB-CC-DD-EE-FF – Sets the MAC address of a access port ap-detection-config Detected AP configuration parameters ap-images Displays the access port images on the switch...

  • Page 104

    2-64 WS5100 Series Switch CLI Reference Guide Displays intrusion detection configuration parameters • configured-bad-essids – Displays a list of bad essids. This parameter sets the number of seconds a MU is filtered • filter-list – Displays the list of currently filtered mobile...

  • Page 105

    Common Commands 2-65 phrase-to-key Displays the WEP keys generated by a passphrase • wep128 – Displays WEP128 keys • wep64 – Displays WEP64 keys qos-mapping Quality of service mappings used for mapping WMM access categories and 802.1p/DSCP tags • wired-to-wireless – Mappings used when traffic is switched from wired to the wireless side •...

  • Page 106

    2-66 WS5100 Series Switch CLI Reference Guide unapproved-aps Defines unapproved APs seen by an access port or a mobile unit’s scan wireless-switch- Wireless-switch statistics statistics • detail – Displays detailed wireless-switch statistics wlan Displays wireless LAN parameters config WLAN configuration <1-32>...

  • Page 107

    Common Commands 2-67 ap4131 Revert-AP4131 665704 00.00-00 WS5100> WS5100>show wireless ap-unadopted WS5100> WS5100>show wireless approved-aps access-port detection is disabled WS5100> WS5100>show wireless channel-power 11a indoor % Error: No valid channels or power levels WS5100> WS5100>show wireless config country-code : None adoption-pref-id proxy-arp : enabled...

  • Page 108

    2-68 WS5100 Series Switch CLI Reference Guide Footer : Image URL main: Image URL small: Page-type : fail Title : Unable to authenticate Header : Authentication Failed. Description : Either the username and password are invalid, or service is unavailable at this time...

  • Page 109

    Common Commands 2-69 disassociations disabled 60 Sec authentication-fails disabled 60 Sec crypto-replay-fails disabled 60 Sec 80211-replay-fails disabled 60 Sec decryption-fails disabled 60 Sec unassoc-frames disabled 60 Sec eap-starts disabled 60 Sec null-destination disabled 60 Sec same-source-destination disabled 60 Sec multicast-source disabled 60 Sec weak-wep-iv...

  • Page 110: Wlan-acl

    2-70 WS5100 Series Switch CLI Reference Guide WS5100(config)#show wireless wlan config 1 WLAN: 1, status: enabled, description: WLAN1, ssid: sardarjee auth: none, encr: none, inactivity-timeout: 1800 seconds vlan 1: unlimited users mu-mu-disallow: disabled, secure-beacon: disabled, answer-bcast- ess: enabled, weight: 1, prioritize-voice: disabled, spectralink-voice-protocol:...

  • Page 111: Access-list

    Common Commands 2-71 2.2.34 access-list Priviledge / Global Config Displays the access lists (numbered and named) configured on the switch. The numbered access list displays numbered ACLs. The named access list displays named ACL details. Syntax show access-list show access-list ( <1-99> | <100-199> | <1300-1999> | <2000-2699> | WORD ) Show access-list <acl-name>...

  • Page 112: Aclstats, Alarm-log

    2-72 WS5100 Series Switch CLI Reference Guide 2.2.35 aclstats Priviledge / Global Config Displays the statisitcs of configured access lists Syntax aclstats [<name>|vlan <1-4094>] Parameters IFNAME Displays the interface name. vlan <1-4092> Defines the VLAN interface. Select from an index value...

  • Page 113: Boot, Clock

    Common Commands 2-73 severity-to-limit Displays the alarms having specified a severity, as well as those alarms with a severity higher than the specified value critical Displays all critical alarms informational Displays all informational or higher severity alarms major Displays all major or higher severity alarms normal Displays all normal or higher severity alarms warning...

  • Page 114: Debugging, Dhcp

    2-74 WS5100 Series Switch CLI Reference Guide Example WS5100#show clock Jun 01 00:51:34 UTC 2007 WS5100# 2.2.39 debugging Priviledge / Global Config Syntax show debugging (mstp) Parameters mstp Displays the current MSTP configuration Example WS5100(config)#show debugging mstp MSTP debugging status: WS5100(config)# 2.2.40 dhcp...

  • Page 115: File

    Common Commands 2-75 address range xxx.xxx.xx.xx aaa.aaa.aa.aa WS5100# 2.2.41 file Privilege / Global Config Syntax show file (information (FILE)| systems) Parameters information Displays file information FILE Displays the information on file systems Lists existing filesystems Example WS5100#show file systems File Systems: Size(b) Free(b) Type...

  • Page 116: Password-encryption, Running-config

    2-76 WS5100 Series Switch CLI Reference Guide FTP Server: Disabled User Name: anonymous or ftpuser Password: ******** Root dir: flash:/ WS5100# 2.2.43 password-encryption Priviledge / Global Config Syntax show password-encryption (status) Parameters status Displays the existing password-encryption status Example WS5100#show password-encryption status...

  • Page 117

    Common Commands 2-77 Example WS5100(config)#show running-config ! configuration of WS5100 version 3.1.0.0-008D version 1.0 service prompt crash-info username admin password 1 8e67bb26b358e2ed20fe552ed6fb832f397a507d username admin privilege superuser username operator password 1 fe96dd39756ac41b74283a9292652d366d73931f spanning-tree mst config name My Name country-code us logging buffered 4 logging console 4 snmp-server sysname WS5100 snmp-server manager v2...

  • Page 118

    2-78 WS5100 Series Switch CLI Reference Guide radius-server local interface eth1 switchport access vlan 2100 interface eth2 switchport access vlan 1 interface vlan1 ip address 192.168.2.1/24 sole aaa authentication login default local none line con 0 line vty 0 24...

  • Page 119

    Common Commands 2-79 name My Name no management secure ip domain-lookup service diag period 1000 service diag enable country-code us redundancy group-id 1 redundancy interface-ip 0.0.0.0 redundancy mode primary redundancy hold-period 15 redundancy heartbeat-period 5 redundancy discovery-period 30 no redundancy handle-stp enable no redundancy dhcp-server enable no redundancy enable ..........

  • Page 120: Securitymgr, Sessions, Startup-config

    2-80 WS5100 Series Switch CLI Reference Guide 2.2.45 securitymgr Privilege / Global Config Syntax show securitymgr(debug-logs) Parameters event-logs Display securitymgr event logs 2.2.46 sessions Privilege / Global Config Syntax show sessions Parameters None Example WS5100#show sessions SESSION USER LOCATION IDLE...

  • Page 121

    Common Commands 2-81 Example WS5100#show startup-config ! configuration of WS5100 version 3.1.0.0-008D version 1.0 service prompt crash-info username admin password 1 8e67bb26b358e2ed20fe552ed6fb832f397a507d username admin privilege superuser username operator password 1 fe96dd39756ac41b74283a9292652d366d73931f spanning-tree mst config name My Name country-code us logging buffered 4 logging console 4 snmp-server sysname WS5100 snmp-server manager v2...

  • Page 122: Upgrade-status

    2-82 WS5100 Series Switch CLI Reference Guide enhanced-beacon-table enable enhanced-beacon-table channel-set a 36 44 149 enhanced-beacon-table channel-set bg 1 2 4 5 radius-server local interface eth1 switchport access vlan 2100 interface eth2 switchport access vlan 1 interface vlan1 ip address 192.168.2.1/24...

  • Page 123: User Exec Commands

    User Exec Commands Logging in to the switch places you within the USER EXEC command mode. Typically, a login requires a user name and password. You have three login attempts before a connection attempt is refused. USER EXEC commands (available at the user level) are a subset of the commands available at the privileged level.

  • Page 124: Clear

    WS5100 Series Switch CLI Reference Guide Table 3.1 User Exec Mode Command Summary Command Description Ref. enable Turns on (enables) the privileged mode command set page 3-6 exit Ends the current mode and moves down to the page 2-2 previous mode...

  • Page 125

    User Exec Commands Parameters crypto Clears IPSec/ISAKMP SAs for a given peer • ipsec – Clears IPSec SA’s • isakmp – Clears ISAKMP SA’s • sa – Clears all IPSec/ISAKMP SA's • Peer IP – Peer IP address. mobility Clears mobility attributes •...

  • Page 126: Cluster-cli, Debug

    WS5100 Series Switch CLI Reference Guide 3.1.2 cluster-cli User Exec Commands Use this command to enter the cluster-cli context. The cluster-cli context provides centralized management to configure all cluster members from any one member. Any command executed under this context will be executed to all the switches in the cluster.

  • Page 127

    User Exec Commands ip () Internet Protocol (IP) • https – Secure HTTP (HTTPS) server • ssh – Secured Shell (SSH) server mobility () L3 mobility. • cc – ccserver events • error – Error events • forwarding – Dataplane forwarding •...

  • Page 128: Disable, Enable

    WS5100 Series Switch CLI Reference Guide WS5100>debug mobility peer WS5100> WS5100>debug mobility system WS5100> 3.1.4 disable User Exec Commands Enables the PRIV mode in order to use the disable command. Use the command disable to exit the PRIV mode. Syntax...

  • Page 129: Logout, Page, Ping

    Parameters None Example The WS5100 Series Switch logs off on execution of this command. 3.1.7 page User Exec Commands Use the page command to toggle the switch paging function. Enabling this command displays the CLI command output page by page, instead of running the entire output at once.

  • Page 130: Quit, Telnet

    WS5100 Series Switch CLI Reference Guide 128 bytes from 192.168.2.100: icmp_seq=0 ttl=128 time=2.7 ms 128 bytes from 192.168.2.100: icmp_seq=1 ttl=128 time=38.4 ms 128 bytes from 192.168.2.100: icmp_seq=2 ttl=128 time=4.6 ms --- 192.168.2.100 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 2.7/15.2/38.4 ms...

  • Page 131: Traceroute, Terminal

    User Exec Commands 3.1.11 terminal User Exec Commands Sets the length/number of lines displayed within the terminal window Syntax terminal[length <0-512>|no(length <0-512>|width)|width <0-512> ] Parameters length Sets the number of lines on a screen Negates a command or sets its defaults width Sets the width/number of characters on a screen line Example...

  • Page 132

    3-10 WS5100 Series Switch CLI Reference Guide...

  • Page 133: Priv Exec Command

    Privileged Exec Commands Most PRIV EXEC commands set operating parameters. Privileged-level access should be password protected to prevent unauthorized use. The PRIV EXEC command set includes commands contained within the USER EXEC mode. The PRIV EXEC mode also provides access to configuration modes, and includes advanced testing commands. The PRIV EXEC mode prompt consists of the host name of the device followed by a pound sign (#).

  • Page 134

    WS5100 Series Switch CLI Reference Guide Table 4.1 Priv Exec Mode Command Summary Command Description Ref. Changes current directory page 4-6 change-passwd Changes the password of the logged user page 4-6 clear Resets functions to last saved configuration page 4-7...

  • Page 135

    Privileged Exec Commands Table 4.1 Priv Exec Mode Command Summary Command Description Ref. mkdir Creates a directory page 4-21 more Displays the contents of a file page 4-21 Negates a command or sets its defaults page 2-4 page Toggles the paging function page 4-23 ping Sends ICMP echo messages to a specified location...

  • Page 136: Acknowledge, Archive

    WS5100 Series Switch CLI Reference Guide 4.1.1 acknowledge Priv Exec Command Acknowledges alarms Syntax acknowledge alarm-log [<1-65535> | all] Parameters alarm-log Acknowledges alarms • <1-65535> – Acknowledges the specific alarm ID • all – Acknowledges all alarms Example WS5100#acknowledge alarm-log all No corresponding record found in the Alarm Log.

  • Page 137

    Privileged Exec Commands FILE Defines a Tar filename Tar file URL Example How to zip the folder flash:/log/? WS5100#archive tar /create flash:/out.tar flash:/log/ tar: Removing leading '/' from member names flash/log/ flash/log/snmpd.log flash/log/messages.log flash/log/startup.log flash/log/radius/ WS5100#dir flash:/ Viewing the output tar file? Directory of flash:/ drwx 1024...

  • Page 138: Change-passwd

    WS5100 Series Switch CLI Reference Guide 4.1.3 cd Priv Exec Command Changes the current directory Syntax cd [DIR|] Parameters Changes current directory to DIR. Example WS5100#cd nvram:/ system:/ flash:/ WS5100#cd flash:/? Change current directory to DIR WS5100#cd flash:/ flash:/backup/ flash:/crashinfo/...

  • Page 139

    Privileged Exec Commands Verify the console displays a “password successfully changed” message. NOTE: The console (by default), does not display a user entered keyword for an old password and new password. Leaving the old password and new password fields empty displays the following error message: Error: Invalid password length.

  • Page 140

    WS5100 Series Switch CLI Reference Guide Parameters aclstats Clears ACl statistics alarm-log Clears alarm-log • <1-65535> – Clears the specific alarm ID • acknowledge – Clears acknowledged alarms • all – Clear all alarms • new – Clear new alarms arp-cache Clears the ARP cache.

  • Page 141

    Privileged Exec Commands mac-address-table Clears entries in the forwarding database • dynamic – Clears all dynamic entries • multicast – Clears all multicast entries • static – Clears all management configured entries • address – Clears a specified MAC address •...

  • Page 142: Clock, Cluster-cli

    4-10 WS5100 Series Switch CLI Reference Guide WS5100#clear arp-cache WS5100# WS5100#clear logging WS5100# WS5100#clear mobility event-log peer WS5100# WS5100#clear ip dhcp binding * WS5100# 4.1.6 clock Priv Exec Command Configures the software system clock Syntax clock set HH:MM:SS [1-31] MONTH [1993-2035]...

  • Page 143: Configure, Copy

    Privileged Exec Commands 4-11 Parameters enable Enables the switch cluster context Example 4.1.8 configure Priv Exec Command Enters into the configuration mode Syntax configure terminal Parameters terminal Configure from the terminal Example WS5100#configure terminal Enter configuration commands, one per line. End with CNTL/Z. WS5100(config)# 4.1.9 copy Priv Exec Command...

  • Page 144: Debug

    4-12 WS5100 Series Switch CLI Reference Guide Parameters FILE Target file from which to copy Target URL from which to copy Example Transferring file snmpd.log to remote tftp server? WS5100#copy flash:/log/snmpd.log tftp://157.235.208.105:/snmpd.log Accessing running-config file from remote tftp server into switchrunning-config? WS5100#copy tftp://157.235.208.105:/running-...

  • Page 145

    Privileged Exec Commands 4-13 Parameters Enables debugging Cellcontroller (wireless) debugging messages ccstats Cellcontroller statistics (wireless) debugging messages certmgr Certificate manager debugging messages dhcpsvr DHCP Conf Server debugging messages Integrated management interface debugging messages Internet protocol debugging messages logging Modify message logging facilities debugging messages mgmt Management daemon debugging messages mobility...

  • Page 146: Delete

    4-14 WS5100 Series Switch CLI Reference Guide Internet Protocol (IP) logging Modify message logging facilities mgmt Mgmt daemon mobility L3 Mobility mstp Multiple Spanning Tree Protocol (MSTP) Network Service Module (NSM) pktdrvr Pktdrvr (kernel wireless) debugging messages radius RADIUS server debugging messages...

  • Page 147: Diff

    Privileged Exec Commands 4-15 [y/n]? n Delete flash:/backup//imish_1087_18381X.core.gz [y/n]? n WS5100# 4.1.12 diff Priv Exec Command View the differences between 2 files Syntax diff (FILE|URL) (FILE|URL) Parameters FILE Displays the differences between a FILE Displays the differences between a URL Example WS5100#diff startup-config running-config --- startup-config...

  • Page 148

    4-16 WS5100 Series Switch CLI Reference Guide 4.1.13 Priv Exec Command View the list of files on a filesystem Syntax dir ({/all|/recursive}|) (DIR|all-filesystems|) Parameters /all Lists all files /recursive Lists files recursively Lists files in the named file path all-filesystems...

  • Page 149: Edit, Disable

    Privileged Exec Commands 4-17 4.1.14 disable Priv Exec Command Turns off the privileged mode command Syntax disable Parameters None Example WS5100#disable WS5100> 4.1.15 edit Priv Exec Command Edits a text file Syntax edit FILE Parameters FILE Name of the file to be modified Example WS5100#edit startup-config GNU nano 1.2.4...

  • Page 150: Enable, Erase

    4-18 WS5100 Series Switch CLI Reference Guide username operator password 1 fe96dd39756ac41b74283a9292652d366d73931f spanning-tree mst configuration name My Name no bridge multiple-spanning-tree enable bridge-forward 4.1.16 enable Priv Exec Command Turns on the privileged mode command Syntax enable Parameters None Example WS5100#enable WS5100# 4.1.17 erase...

  • Page 151: Halt, Kill

    Privileged Exec Commands 4-19 Example WS5100#erase flash: % Error: path is a directory WS5100#erase ne WS5100#erase nvram: % Error: no user deleteable files in nvram: WS5100#erase startup-config WS5100# 4.1.18 halt Priv Exec Command Stops (halts) the switch Syntax halt Parameters None Example WS5100#halt...

  • Page 152

    4-20 WS5100 Series Switch CLI Reference Guide Example Telnet to switch [xyz@xyz xyz]$ telnet 157.235.208.93 Trying 157.235.208.93... Connected to 157.235.208.93 (157.235.208.93). Escape character is '^]'. WS5100 release 3.0.0.0-19193X Login as 'cli' to access CLI. WS5100 login: root WS5100#show sessions SESSION...

  • Page 153: Mkdir, More

    Privileged Exec Commands 4-21 Example WS5100#logout WS5100 release 3.0.0.0-200B Login as 'cli' to access CLI. WS5100 login: 4.1.21 mkdir Priv Exec Command Creates a new directory in the filesystem. Syntax mkdir DIR Parameters Directory name Example WS5100#mkdir TestDIR WS5100# 4.1.22 more Priv Exec Command View the contents of a file Syntax...

  • Page 154

    4-22 WS5100 Series Switch CLI Reference Guide Licensed AP count changed to 48 Sep 08 12:27:31 2006: %CC-5-COUNTRYCODE: config: setting country code to [in: India] Sep 08 12:27:31 2006: %DAEMON-6-INFO: radiusd [460]: Ready to process requests. Sep 08 12:27:35 2006: %DAEMON-6-INFO: init:...

  • Page 155: Page, Ping

    Privileged Exec Commands 4-23 4.1.23 page Priv Exec Command Toggles switch paging. Enabling this command displays the command output page by page instead of running the entire output at once Syntax page Parameters None Example WS5100#page WS5100# 4.1.24 ping Priv Exec Command Send (transmits) ICMP echo messages.

  • Page 156: Reload, Quit

    4-24 WS5100 Series Switch CLI Reference Guide 4.1.25 pwd Priv Exec Command View the contents of the current directory. Syntax Parameters None Example WS5100#pwd flash:/ WS5100# 4.1.26 quit Priv Exec Command Exits the current mode and moves to the previous mode...

  • Page 157: Rename

    Privileged Exec Commands 4-25 Example WS5100#reload 4.1.28 rename Priv Exec Command Renames a file in the existing filesystem Syntax rename FILE FILE Parameters FILE Specifies the file to rename Example WS5100#rename flash:/TestDIR/ NewTestDir WS5100#DIR Directory of flash:/ drwx 1024 Wed Jul 19 19:14:05 2006 hotspot drwx Wed Aug 30 15:32:44 2006...

  • Page 158: Rmdir, Telnet

    4-26 WS5100 Series Switch CLI Reference Guide 4.1.29 rmdir Priv Exec Command Deletes an existing file from the file system Syntax rmdir DIR Parameters Name of the directory to delete Example WS5100#rmdir flash:/NewTestDir/ WS5100#DIR Directory of flash:/ drwx 1024 Wed Jul 19 19:14:05 2006...

  • Page 159

    Privileged Exec Commands 4-27 Example WS5100#telnet 157.111.222.33 Entering character mode Escape character is '^]'. Red Hat Linux release 9 (Shrike) Kernel 2.4.20-6bigmem on an i686 login: cli Password: 4.1.31 terminal Priv Exec Command Sets the length/number of lines displayed on the terminal Syntax terminal[length <0-512>|no(length <0-512>|width)|width <0-512>...

  • Page 160: Upgrade, Traceroute

    4-28 WS5100 Series Switch CLI Reference Guide 4.1.32 traceroute Priv Exec Command Traces a route to a destination Syntax traceroute (WORD | ip WORD) Parameters WORD Traces a route to a destination address or hostname IP trace Example WS5100#traceroute 157.222.333.33 traceroute to 157.235.208.39 (157.235.208.39), 30 hops max, 38 byte...

  • Page 161

    Privileged Exec Commands 4-29 Removing other partition Sep 08 15:57:18 2006: %KERN-6-INFO: EXT3 FS on hda1, internal journal. Making file system Extracting files (this can take some time).Sep 08 15:57:23 2006: %KERN-6-INFO: kjournald starting. Commit interval 5 seconds. Sep 08 15:57:23 2006: %KERN-6-INFO: EXT3 FS on hda6, internal journal.

  • Page 162: Upgradeabort, Write

    4-30 WS5100 Series Switch CLI Reference Guide 4.1.34 upgradeabort Priv Exec Command Aborts an ongoing upgrade process Syntax upgrade-abort Parameters None Example WS5100# 4.1.35 write Priv Exec Command Writes the running configuration to memory or a terminal Syntax write [memory | terminal]...

  • Page 163

    Privileged Exec Commands 4-31 !no country-code logging console 7 no logging on fallback enable ftp password 1 810a25d76c31e495cc070bdf42e076f7c9b0a1cd ip http server ip http secure-trustpoint local ip http secure-server ip ssh ip telnet snmp-server manager v2 snmp-server manager v3 crypto isakmp identity address crypto isakmp keepalive 10 crypto ipsec security-association lifetime kilobytes 4608000 !........

  • Page 164

    4-32 WS5100 Series Switch CLI Reference Guide...

  • Page 165: Global Configuration Commands

    Global Configuration Commands The term global is used to indicate characteristics or features effecting the system as a whole. Use the Global configuration mode to configure the system globally, or enter specific configuration modes to configure specific elements (such as interfaces or protocols).

  • Page 166: Global Configuration Commands

    WS5100 Series Switch CLI Reference Guide 5.1 Global Configuration Commands Table 5.1 summarizes the Global Config commands Table 5.1 Global Config Mode Command Summary Command Description Ref. Configures the current authentication, authorization page 5-4 and accounting (aaa) login settings access-list...

  • Page 167

    Global Configuration Commands Table 5.1 Global Config Mode Command Summary Command Description Ref. Internet Protocol (IP) page 5-27 license Sets license management commands page 5-32 line Configures a terminal line page 5-33 local Sets the username and password for local user page 5-33 authentication.

  • Page 168

    WS5100 Series Switch CLI Reference Guide Table 5.1 Global Config Mode Command Summary Command Description Ref. wireless Configures wireless parameters page 5-61 wlan-acl Apply an ACL on WLAN page 5-62 5.1.1 aaa Global Configuration Commands Configures the current authentication, authorization and accounting (aaa) login settings.

  • Page 169

    Global Configuration Commands A.B.C.D IP address Usage Guidelines Use an AAA login to determine whether management user authentication must be performed against a local user database or an external RADIUS server 5.1.2 access-list Global Configuration Commands Adds an access list entry. Use the access list command (under global configuration) to configure the access list mechanism for filtering frames by protocol type or vendor code Syntax access-list...

  • Page 170

    WS5100 Series Switch CLI Reference Guide NOTE Using moves you to the access-list [<100-199>|<2000-2699>] instance. For additional information, see (config-ext-nacl) Extended ACL Instance on page 14-1. Using moves you to the access-list [<1-99>|<1300-1999>] instance. For additional information, see (config-std-nacl) Standard ACL Instance on page 15-1.

  • Page 171

    Global Configuration Commands Parameters access-list Adds a standard access list entry. (<1-99>|<1300-1999>) • (<1-99>|<1300-1999>) – Defines access numbers from (deny|permit|mark 1 to 99 or 1300 to 1999 (8021p <0-7> | • (deny|permit|mark) – Defines action types on an ACL. tos <0-255>)) The action type is functional only over a Port ACL mark...

  • Page 172

    WS5100 Series Switch CLI Reference Guide access-list Adds an extended IP access list entry using IP keyword (<100-199>|<2000-2699>) • <100-199>|<2000-2699> – For IP type of extended ACL, {deny | permit | mark the ACL number must be between 100-199 {dot1p <0-7> | tos <0- •...

  • Page 173

    Global Configuration Commands access-list Adds an Extended IP access list entry using an icmp keyword. (<100-199>|<2000-2699>) • (<100-199>|<2000-2699>) – For ICMP extended ACLs, {deny | permit | mark the ACL must be between 2000-2699 {dot1p <0-7> | tos <0- • {deny | permit | mark {dot1p <0-7> | tos <0-255>}} – 255>}} Defines the action on an ACL.

  • Page 174

    5-10 WS5100 Series Switch CLI Reference Guide Use an access list command under the global configuration to create an access list. The switch supports port, router and WLAN ACL’s. • When the access list is applied on an Ethernet port, it becomes a port ACL •...

  • Page 175

    Global Configuration Commands 5-11 5.1.3 autoinstall Global Configuration Commands Autoinstalls the switch image. Syntax autoinstall [clear-config-history|cluster- config|config|image|start] autoinstall (cluster-config|config|image) (URL[tftp|ftp|http|cf]) autoinstall image version <number> Parameters clear-config-history Autoinstalls a clear configuration history, resulting in a reversion cluster-config Autoinstalls a cluster-config setup config Autoinstalls a config setup image <version number>...

  • Page 176: Banner

    5-12 WS5100 Series Switch CLI Reference Guide 5.1.4 banner Global Configuration Commands Defines a login banner for the switch Syntax banner(motd(LINE|default)) Parameters motd Sets the message of the day banner LINE Defrine a custom MOTD string default Sets a default MOTD string...

  • Page 177: Bridge, Boot

    Global Configuration Commands 5-13 5.1.5 boot Global Configuration Commands Reboots the switch with an image in the mentioned partition (either the primary or secondary partition) Syntax boot(system) [primary|secondary] Parameters system Specifies the boot image used after reboot primary Specifies the primary image secondary Specifies the secondary image Example...

  • Page 178: Country-code

    5-14 WS5100 Series Switch CLI Reference Guide Usage Guidelines Enables or disables MSTP globally. Use a command with the bridge-forward parameter to disable MSTP and change all ports to a forwarding state Example WS5100(config)#bridge multiple-spanning-tree enable WS5100(config)# 5.1.7 country-code Global Configuration Commands Sets the country of operation.

  • Page 179

    Global Configuration Commands 5-15 Denmark Dominican Republic Ecuador Estonia Egypt Spain Finland France United Kingdom Greece Guatemala Guam Hong Kong Honduras Croatia Haiti Hungary Indonesia Ireland Israel India Iceland Italy Jordan Japan South Korea Kuwait Kazakhstan Liechtenstein Sri Lanka Lithuania Luxembourg Latvia Morocco...

  • Page 180

    5-16 WS5100 Series Switch CLI Reference Guide Saudi Arabia Sweden Singapore Slovenia Slovak Republic Thailand Turkey Taiwan Ukraine United States Uruguay Venezuela Vietnam South Africa WS5100(config)#country-code 5.1.8 crypto Global Configuration Commands NOTE: moves you to the crypto isakmp(policy)Priority instance. For more information, see config-crypto-isakmp crypto-isakmp on page 6-1.

  • Page 181

    Global Configuration Commands 5-17 Syntax crypto(ipsec|isakmp|key|map|pki) crypto ipsec(security-association|transform-set) crypto ipsec security-association lifetime(kilobyte|Seconds)WORD crypto ipsec transform-set(ah-md5-hmac|ah-sha-hmac|esp-3des| esp-aes|esp-aes-192|esp-aes-256|esp-des|esp-md5-hmac|esp-sha-hmac) crypto isakmp(client|identity|keepalive|key|peer|policy) crypto isakmp client (configuration)(group)(default) crypto isakmp(identity|keepalive|key|peer|policy) crypto key(export|generate|import|zeroize) crypto key (export|import)rsa<indentifier>(URL)(password) crypto key generate(rsa <indentifier>)<key pair> <key pair> crypto key zeroize (rsa <identifier>) crypto map (map name)<sequence number>...

  • Page 182

    5-18 WS5100 Series Switch CLI Reference Guide Parameters ipsec (security- Configures IPSEC policies association| transform- • security-association – Defines the security association set) parameter used to define its lifetime • lifetime (kilobyte | seconds) – The lifetime of IPSEC security association. It can be defined in either: kilobytes –...

  • Page 183

    Global Configuration Commands 5-19 isakmp Configures the Internet Security Association and Key Management Protocol (ISAKMP) policy [client|keepalive|key| • client configuration (group) (default) – Leads to the peer|policy] config-cryptogroup instance For more details see crypto-group on page 7-1. • keepalive <10-3600> – Sets a keepalive interval for use with remote peers.

  • Page 184

    5-20 WS5100 Series Switch CLI Reference Guide Authentication key management functions [export|generate|import| • export rsa<name> URL [tftp|ftp] – Exports a keypair related configuration zeroize] • generate rsa<name> <1024-2048> – Generates a keypair • <1024-2048> – Size of keypair in bit •...

  • Page 185

    Global Configuration Commands 5-21 pki [authenticate|enroll| Configures certificate parameters. The public key export|import|trustpoint] infrastructure is a protocol that creates encrypted public keys using digital certificates from certificate authorities. PKI ensures each online party is who they claim to be • authenticate <name> (terminal|tftp|ftp) – Defines the authenticate and import CA certificate •...

  • Page 186

    5-22 WS5100 Series Switch CLI Reference Guide ................crypto isakmp key 12345678 address 4.4.4.4 crypto ipsec security-association lifetime kilobytes 4608000 WS5100(config)# WS5100(config)#no crypto isakmp key 12348 address 4.4.4.4 WS5100(config)# In the example above, is associated with IP . Currently key 12345678 address 4.4.4.4...

  • Page 187

    Global Configuration Commands 5-23 5.1.9 do Global Configuration Commands Runs commands from either the User Exec or Priv Exec mode Syntax do (command of other mode) Parameters None. Example WS5100(config)#do ping 157.235.208.69 PING 157.235.208.69 (157.235.208.69): 100 data bytes 128 bytes from 157.235.208.69: icmp_seq=0 ttl=64 time=0.1 ms 128 bytes from 157.235.208.69: icmp_seq=1 ttl=64 time=0.0 ms 128 bytes from 157.235.208.69: icmp_seq=2 ttl=64 time=0.0 ms 128 bytes from 157.235.208.69: icmp_seq=3 ttl=64 time=0.0 ms...

  • Page 188: Errdisable

    5-24 WS5100 Series Switch CLI Reference Guide Priv Exec commands: acknowledge Acknowledge alarms archive Manage archive files autoinstall autoinstall configuration command Change current directory ..................5.1.11 errdisable Global Configuration Commands Enables the timeout mechanism for the por Syntax errdisable (recovery)[cause (bpduguard)|interval <10-1000000>]...

  • Page 189: Fallback

    Global Configuration Commands 5-25 5.1.12 fallback Global Configuration Commands Enables and configures the software fallback feature. Failure to boot with configured "use on boot" image allows booting with other image Syntax fallback(enable) Parameters enable Enables the software fallback feature Example WS5100(config)#fallback enable WS5100(config)# 5.1.13 ftp...

  • Page 190: Hostname, Interface

    5-26 WS5100 Series Switch CLI Reference Guide Example WS5100(config)#ftp enable WS5100(config)# 5.1.14 hostname Global Configuration Commands Changes the system’s network name Syntax hostname(WORD) Parameters WORD Provide the name for the systems network Example WS5100(config)#hostname Eldorado Eldorado(config)# 5.1.15 interface Global Configuration Commands Configures a selected interface.

  • Page 191

    Global Configuration Commands 5-27 vlan <1-4094> Defines the VLAN interface Usage Guidelines Use the to delete the specified SVI. Valid [no] interface {<interface-name>} interfaces include all VLANx interfaces. Example WS5100(config)#interface eth 2 WS5100(config-if)# WS5100(config)#interface vlan 2 WS5100(config-if)# 5.1.16 ip Global Configuration Commands Configures a selected Internet Protocol NOTE: Using moves you to the...

  • Page 192

    5-28 WS5100 Series Switch CLI Reference Guide ip dhcp class (class name) ip dhcp excluded-address(A.B.C.D) ip dhcp option(option name) ip dhcp ping(timeout(<1-10>)) ip dhcp pool(pool name) ip domain-lookup ip domain-name(WORD) ip http(secure-server|secure-trustpoint(WORD)|server(localhost)) ip local[pool(default{low-ip-address(A.B.C.D)})] #ip name-server(A.B.C.D) ip nat (inside|outside) [destination|source] static <A.B.C.D>...

  • Page 193

    Global Configuration Commands 5-29 dhcp DHCP server configuration • bootp – Defines the BOOTP specific configuration • ignore – Configures the DHCP server to ignore BOOTP requests • class – Defines a DHCP class and enters the DHCP class configuration mode •...

  • Page 194

    5-30 WS5100 Series Switch CLI Reference Guide name-server (A.B.C.D) Specifies the DNS server for the DHCP client. A maximum of 6 name servers can be configured. Servers are tried in the order entered • A.B.C.D – IP address of DNS server.

  • Page 195

    Global Configuration Commands 5-31 Usage Guidelines 1 1. Use the command along with ip to undo any IP based configuration. [no] ip(access-list|default-gateway|dhcp|domain-lookup| domain-name|http|local|name-server|nat|route|routing|ssh|telnet) 2. When using the parameter, enter the following contexts: ip access-list • ext-nacl – extended ACL. For more information, see Extended ACL Instance on page 14-1 •...

  • Page 196: License

    5-32 WS5100 Series Switch CLI Reference Guide 4. Associate the DHCP class, created in Step 1 with the pool created in Step 3. The switch supports the association of only 8 CDHCP classes with a pool. WS5100(config-dhcp)#class WS5100DHCPclass WS5100(config-dhcp-class)# 5. The switch leads you to a new mode (config-dhcp-class). Use this mode to add address range to be used for the DHCP class, associated with the pool.

  • Page 197: Line, Local

    Global Configuration Commands 5-33 5.1.18 line Global Configuration Commands Configures the terminal line Syntax line(console|vty) Parameters console Primary terminal line. Configure a value between 0-0 Virtual terminal. Set a value between 0-871 5.1.19 local Global Configuration Commands Sets the username and password for local user authentication Syntax local(username,password) Parameters...

  • Page 198: Logging

    5-34 WS5100 Series Switch CLI Reference Guide 5.1.20 logging Global Configuration Commands Modifies message logging facilities Syntax logging(aggregation- time|buffered|console|facility|host|monitor|on|syslog) logging aggregation-time(<1-20>) logging buffered(<0- 7>|alerts|critical|debugging|emergencies|errors|informational| notifications|warnings) Parameters aggregation-time Sets the number of seconds for aggregating repeated messages. The value can be configured between 1-60...

  • Page 199

    Global Configuration Commands 5-35 facility Syslog facility in which log messages are sent local0 Syslog facility local0 local1 Syslog facility local1 local2 Syslog facility local2 local3 Syslog facility local3 local4 Syslog facility local4 local5 Syslog facility local5 local6 Syslog facility local6 local7 Syslog facility local7 host...

  • Page 200

    5-36 WS5100 Series Switch CLI Reference Guide Usage Guidelines To delete Standard/Extended and MAC ACL, use no access-list <access-list name> under the Global Config mode. Example WS5100(config)#mac access-list extended Test1 WS5100(config-ext-macl)# NOTE: By using the parameter, enter the following ip access-list contexts: •...

  • Page 201

    Global Configuration Commands 5-37 5.1.23 management Global Configuration Commands Sets management interface properties Syntax management(secure) Parameters secure Limits local access (Web/Telnet etc.) to the management interface Example WS5100(config)#management secure WS5100(config)# 5.1.24 ntp Global Configuration Commands Configure NTP values Syntax ntp(access-group|authenticate|authentication-key|autokey| broadcast|broadcastdelay|master|peer|server|trusted-key) ntp access-group(peer|query-only|serve|serve-only) ntp access-group peer(<1-99>|<1300-1999>)

  • Page 202

    5-38 WS5100 Series Switch CLI Reference Guide ntp master <1-15> ntp peer(WORD) ntp peer WORD(autokey|key|prefer|version) ntp peer WORD autokey(prefer|version<1-4>) ntp peer WORD key(<1-65534>(prefer|version(<1-4>))) ntp peer WORD prefer (version<1-4>) ntp peer TestPeer version<1-4> ntp server(WORD) ntp server WORD(autokey|key|prefer|version) ntp server WORD autokey(prefer|version<1-4>) ntp server WORD key(<1-65534>(prefer|version(<1-4>)))

  • Page 203

    Global Configuration Commands 5-39 host Configures the switch as a trusted host broadcast Configures the NTP broadcast service client Listens to NTP broadcasts destination Configures broadcast destination address WORD Define the destination broadcast IP address Sets the broadcast key <1-65534> Defines the Key ID version Sets the NTP version...

  • Page 204

    5-40 WS5100 Series Switch CLI Reference Guide <1-65534> Define the Key number Example WS5100(config)#ntp peer ? WORD Name/IP address of peer WS5100(config)#ntp peer TestPeer ? autokey Configure autokey peer authentication scheme Configure peer authentication key prefer Prefer this peer when possible...

  • Page 205: Prompt, Radius-server

    Global Configuration Commands 5-41 5.1.25 prompt Global Configuration Commands Configures and sets the systems prompt Syntax prompt(LINE) Parameters LINE Enter the new prompt displayed by the system Example WS5100(config)#prompt NobleMan NobleMan 5.1.26 radius-server Global Configuration Commands Enters the RADIUS server mode. The system prompt changes from the default config mode to RADIUS server mode NOTE: mode moves you to the RADIUS server...

  • Page 206: Redundancy

    5-42 WS5100 Series Switch CLI Reference Guide Password is specified UNENCRYPTED Password is encrypted with password-encryption secret LINE Text of shared key, upto 127 characters local Configures local RADIUS server parameters.This takes you to a new context. Refer Radius config-radius-server...

  • Page 207

    Global Configuration Commands 5-43 auto-revert-period Sets the redundancy auto-revert delay interval in minutes. <1-1800> The default is 5 minutes dhcp-server (enable) Enables the DHCP Redundancy protocol discovery-period <10-60> Sets the redundancy discovery interval in seconds. The default is 30 seconds enable Enables the redundancy protocol group-id <1-65535>...

  • Page 208

    5-44 WS5100 Series Switch CLI Reference Guide 5.1.28 service Global Configuration Commands Use this command to retrieve system data (tables, log files, configuration, status and operation) for use in debugging and problem resolution. To view the command of service User Exec and Priv Exec Mode, refer to service on page 2-5.

  • Page 209

    Global Configuration Commands 5-45 Example WS5100(config)#service dhcp WS5100(config)# WS5100(config)#service radius restart WS5100(config)# 5.1.29 snmp-server Global Configuration Commands Modifies SNMP engine parameters Syntax snmp- server(community|contact|enable|host|location|manager|sysname|user) snmp-server community(WORD(ro|rw)) snmp-server contact LINE snmp-server enable traps(all|dhcp-server| diagnostics|miscellaneous|mobility|nsm|radius-server| redundancy|snmp|wireless|wireless-statistics) snmp-server enable traps all snmp-server enable traps dhcp-server [] snmp-server enable traps disgnostics [] snmp-server enable traps miscellaneous (caCertExpired|lowFsSpace|processMaxRestartsReached|savedConfigModi...

  • Page 210

    5-46 WS5100 Series Switch CLI Reference Guide snmp-server enable traps wireless (ids) [muExcessiveEvents|radioExcessiveEvents|switchExcessiveEvents] snmp-server enable traps wireless (radio) [adopted|detectedRadar|unadopted] snmp-server enable traps wireless self-healing activated snmp-server enable traps wireless station [associated|deniedAssociationAsPortCapacityReached| deniedAssociationOnCapability|deniedAssociationOnErr| deniedAssociationOnInvalidWPAWPA2IE|deniedAssociationO nRates|deniedAssociationOnSSID|deniedAssociationOnShor tPream|deniedAssociationOnSpectrum|deniedAuthenticatio n|disassociated|radiusAuthFailed|tkipCounterMeasures] snmp-server enable traps wireless wlan [vlanUserLimitReached]...

  • Page 211

    Global Configuration Commands 5-47 Parameters community Sets the community string and access privileges • ro – Read-only access with this community string. • rw – Read-write access with this community string. contact Text for mib object sysContact. • LINE – Sets the contact person for this managed node.

  • Page 212

    5-48 WS5100 Series Switch CLI Reference Guide enable (traps) diagnostics ( ) Enables diagnostics traps • cpuLoad15Min – Average CPU load for last 15 minutes exceeds limit • cpuLoad1Min • cpuLoad5Min • fanSpeedLow • fileDescriptors • ipRouteCache • packetBuffers • processMemoryUsage •...

  • Page 213

    Global Configuration Commands 5-49 enable (traps) radius-server () Enables radius-server traps. • radiusServerDown – RADIUS server down • radiusServerUp – RADIUS server up enable (traps) redundancy ( ) Enables redundancy traps • adoptionExceeded – Redundancy port adoption exceeded • grpAuthLevelChanged – Redundancy group Authorization Level changed •...

  • Page 214

    5-50 WS5100 Series Switch CLI Reference Guide enable (traps) wireless ( ) Enables wireless traps • ap-detection – Enables wireless AP detection traps • externalAPDetected – External AP detected • externalAPRemoved – External AP detected • ids – Enables wireless IDS traps.

  • Page 215

    Global Configuration Commands 5-51 • deniedAssociationOnErr – Wireless station denied association due to internal error • deniedAssociationOnInvalidWPAWPA2 IE – Wireless station denied association due to invalid/absent WPA/WPA2 IE • deniedAssociationOnRates – Wireless station denied association due to incompatible Transmission rates •...

  • Page 216

    5-52 WS5100 Series Switch CLI Reference Guide enable (traps) wireless- Modifies wireless-stats rate traps statistics ( ) • mesh – Modifies mesh rate traps • avg-bit-speed-less-than – Average bit speed in Mbps between <0.00> and <54.00> • avg-retry-greater-than – Average retry is greater than 0.00 and less...

  • Page 217

    Global Configuration Commands 5-53 • min-packets – Minimum packets required for sending the trap • <1-65535> – Defines the minimum packets for sending the trap. This can be set with a decimal number in the range of <1-65535>. • mobile-unit – Modifies mobile-unit rate traps. •...

  • Page 218

    5-54 WS5100 Series Switch CLI Reference Guide • tput-greater-than – Throughput in Mbps is greather than 0.00 and less than or equal to 100000.00 • undecrypt-percent-greater-than – Percentage of undecryptable pkts is geater than 0.00 and less than or equal to 100.00...

  • Page 219

    Global Configuration Commands 5-55 WS5100(config)# WS5100(config)#snmp-server enable traps snmp linkup WS5100(config)# WS5100(config)#snmp-server enable traps wireless ap-detection externalAPDetected WS5100(config)# WS5100(config)#snmp-server enable traps wireless excessiveProbes WS5100(config)# WS5100(config)#snmp-server enable traps wireless radio adopted WS5100(config)# WS5100(config)#snmp-server enable traps wireless self-healing activated WS5100(config)# WS5100(config)#snmp-server enable traps wireless station tkipCounterMeasures WS5100(config)# WS5100(config)#snmp-server enable traps wireless-statistics min-...

  • Page 220

    5-56 WS5100 Series Switch CLI Reference Guide Usage Guidelines The SOLE command is used to enter the instance. The prompt changes from config-sole the regular WS5100(config)# WS5100(config-wireless)# Example WS5100(config)#sole WS5100(config-sole)# 5.1.31 spanning-tree Global Configuration Commands Configures spanning-tree commands Syntax spanning-tree [mst|portfast] spanning-tree mst [<0-15>...

  • Page 221

    Global Configuration Commands 5-57 Parameters mst [<0-15> Enables the Multiple Spanning Tree Protocol on a bridge (priority <0-61440>)| • <0-15> (priority <0-61440>) – Set the bridge priority for cisco-interoperability an MST instance to the value specified. Use the no (enale|disable)| parameter with this command to restore the default configuration| bridge priority value...

  • Page 222

    5-58 WS5100 Series Switch CLI Reference Guide • max-age <6-40> – Max-age is the maximum time in seconds for which (if a bridge is the root bridge) a message is considered valid. This prevents the frames from looping indefinitely. The value of max-age must be...

  • Page 223

    Global Configuration Commands 5-59 portfast Enables the portfast feature on a bridge. It has the [bpdufilter|bpduguard] following options: (default) • bpdufilter (default) – Use the command to bpdu-filter set the portfast BPDU filter for the port. Use the parameter with this command to revert the port BPDU filter value to default The Spanning Tree Protocol sends BPDUs from all ports.

  • Page 224: Timezone, Username

    5-60 WS5100 Series Switch CLI Reference Guide 5.1.32 timezone Global Configuration Commands Configure switch timezone settings Syntax timezone Parameters TIMEZONE Press <tab> to traverse a list of files. This displays a list of files containing timezone information Example WS5100(config)#timezone America/...

  • Page 225

    Global Configuration Commands 5-61 Example WS5100(config)#username GoldenSwitch WS5100(config)# 5.1.34 vpn Global Configuration Commands Configure VPN settings Syntax vpn authentication-method(local|radius) Parameters authentication-method Selects the authenication scheme local Use this for user based authentication radius Use this for RADIUS server authentication Usage Guidelines Virtual Private Network (VPN) enables IP traffic to travel securely over a public TCP/IP network by encrypting all traffic from one network to another.

  • Page 226

    5-62 WS5100 Series Switch CLI Reference Guide Usage Guidelines The wireless command is used to enter the config-wireless instance wherein you can configure the WS5100 wireless parameters. You can confirm that you have entrered the wireless instance as the prompt changes from the the regular WS5100(config)# WS5100(config-wireless)#.

  • Page 227

    Global Configuration Commands 5-63 When a packet is send from a client to a WLAN index of an access port, it becomes an inbound traffic to the wireless LAN. When a packet goes out of a access port, it becomes a outbound traffic to the wireless LAN index.

  • Page 228

    5-64 WS5100 Series Switch CLI Reference Guide • Extended MAC access list macacl permit any host 00:01:02:03:04:05 type ip wlan 14 rule- precedence 11 permit host 00:01:03:04:07:08 any wlan 14 rule-precedence 21 permit any any wlan 14 rule-precedence 31 • Standard IP access list stdacl permit any wlan 5 rule-precedence 34 permit host 10.0.0.10 wlan 6 rule-precedence 44...

  • Page 229

    Global Configuration Commands 5-65 wlan-acl 14 macacl in 2. If ACL has mix of rules – with different WLAN indices and without an WLAN indices, then it should be grouped as follows. a. Create separate ACLs for all rules with a given WLAN index. b.

  • Page 230

    5-66 WS5100 Series Switch CLI Reference Guide The example below applies an ACL to WLAN index 200 in outbound direction from the global config mode. WS5100(config)#wlan-acl 2 150 out WS5100(config)#...

  • Page 231: Crypto Isakmp Config Commands

    crypto-isakmp Use the to initiate the crypto isakmp policy(priority) config-crypto-isakmp instance. 6.1 Crypto ISAKMP Config Commands Table 6.1 summarizes commands crypto-isakmp Table 6.1 Crypto ISAKMP Command Summary Command Description Ref. authentication Sets the authentication scheme page 6-2 clrscr Clears the display screen page 6-2 encryption Sets the encryption algorithm...

  • Page 232: Authentication, Clrscr

    WS5100 Series Switch CLI Reference Guide Table 6.1 Crypto ISAKMP Command Summary Command Description Ref. service Defines the switch’s service commands page 6-6 show Shows running system information page 6-7 6.1.1 authentication Crypto ISAKMP Config Commands Authenticates keys rsa-sig pre-share...

  • Page 233: Encryption

    crypto-isakmp 6.1.3 encryption Crypto ISAKMP Config Commands Configures the encryption level of the data transmitted using using crypto-isakmp command Syntax encryption(3des|aes|aes-192|aes-256|des) Parameters 3des 3des - Triple data encryption standard aes - advanced data encryption standard aes-192 aes-192 - advanced data encryption standard aes-256 aes-256 - advanced data encryption standard des - data encryption standard...

  • Page 234: Exit, Group

    WS5100 Series Switch CLI Reference Guide 6.1.5 exit Crypto ISAKMP Config Commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG). The prompt changes to WS5100(config)# Syntax exit Parameters None. Example WS5100(config-crypto-isakmp)#exit WS5100(config)# 6.1.6 group Crypto ISAKMP Config Commands...

  • Page 235: Hash, Help

    crypto-isakmp 6.1.7 hash Crypto ISAKMP Config Commands Specifies the hash algorithm used to authenticate data transmitted over the IKE SA Syntax hash(md5|sha) Parameters Choose the md5 hash algorithm Choose the sha hash algorithm Example WS5100(config-crypto-isakmp)#hash sha WS5100(config-crypto-isakmp)# 6.1.8 help Crypto ISAKMP Config Commands Accesses the system’s interactive help system Syntax help...

  • Page 236: Lifetime, Service

    WS5100 Series Switch CLI Reference Guide 6.1.9 lifetime Crypto ISAKMP Config Commands Specifies how long an IKE SA is valid before expiring Syntax lifetime <seconds> Parameters <seconds> Specifies how many seconds an IKE SA lasts before expiring. A time stamp (in seconds) can be configured between 3600 and 2147483647.

  • Page 237

    crypto-isakmp Parameters Displays the CLI tree of current mode Example WS5100(config-crypto-isakmp)#service show cli Crypto Isakmp Config mode: +-authentication +-pre-share [authentication ( rsa-sig | pre-share )] +-rsa-sig [authentication ( rsa-sig | pre-share )] +-clrscr [clrscr] +-do +-LINE [do LINE] +-encryption +-3des [encryption ( des | 3des | aes | aes-192 | aes-256 )] +-aes [encryption ( des | 3des | aes | aes-192 | aes-256 )] +-aes-192 [encryption ( des | 3des | aes | aes-192 | aes-256 )] +-aes-256 [encryption ( des | 3des | aes | aes-192 | aes-256 )]...

  • Page 238

    WS5100 Series Switch CLI Reference Guide Example WS5100(config-crypto-isakmp)#show ? access-list Internet Protocol (IP) aclstats Show ACL Statistics information alarm-log Display all alarms currently in the system autoinstall autoinstall configuration banner Display Message of the Day Login banner boot Display boot configuration.

  • Page 239

    crypto-isakmp users Display information about currently logged in users version Display software & hardware version wireless Wireless configuration commands wlan-acl wlan based acl WS5100(config-crypto-isakmp)#show...

  • Page 240

    6-10 WS5100 Series Switch CLI Reference Guide...

  • Page 241: Crypto Group Config Commands

    crypto-group Use the to initiate the crypto isakmp client (configuration)(group)(default) instance. config-crypto-group 7.1 Crypto Group Config Commands Table 7.1 summarizes the switch commands config-crypto-group Table 7.1 Crypto Group Command Summary Command Description Ref. clrscr Clears the display screen page 7-2 Defines a primary and secondary Domain Name Server page 7-2 (DNS)

  • Page 242

    WS5100 Series Switch CLI Reference Guide 7.1.1 clrscr Crypto Group Config Commands Clears the display screen. Syntax clrscr Parameters None Example WS5100(config-crypto-group)#clr WS5100(config-crypto-group)# 7.1.2 dns Crypto Group Config Commands Specifies the DNS server address(es) to assign to a client Syntax dns <IP Address>...

  • Page 243

    crypto-group 7.1.3 end Crypto Group Config Commands Ends and exits the current mode and changes to the PRIV EXEC mode. The prompt changes WS5100# Syntax Parameters None Example WS5100(config-crypto-group)#end WS5100# 7.1.4 exit Crypto Group Config Commands Ends the current mode and moves to theprevious mode (GLOBAL-CONFIG). The prompt changes to WS5100(config)# Syntax...

  • Page 244: Help

    WS5100 Series Switch CLI Reference Guide 7.1.5 help Crypto Group Config Commands Accesses the system’s interactive help system Syntax help Parameters None Example WS5100(config-crypto-group)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'.

  • Page 245

    crypto-group 7.1.6 service Crypto Group Config Commands Invokes the service commands used to trobuleshoot or debug the instance configurations (config-crypto-isakmp) Syntax service(show)(cli) Parameters Displays the CLI tree of current mode Example WS5100(config-crypto-group)#service show cli Crypto Client Config mode: +-clrscr [clrscr] +-dns +-A.B.C.D [dns A.B.C.D] +-do...

  • Page 246

    WS5100 Series Switch CLI Reference Guide 7.1.7 show Crypto Group Config Commands Displays the current system information running on the switch Syntax show <paramater> Parameters Displays the parameters for which information can be viewed using the show command Example WS5100(config-crypto-group)#show ?

  • Page 247

    crypto-group redundancy-history Display state transition history of the switch. redundancy-members Display redundancy group members in detail running-config Current Operating configuration securitymgr Securitymgr parameters sessions Display current active open connections snmp Display SNMP engine parameters snmp-server Display SNMP engine parameters sole Smart Opportunistic Location Engine Configuration spanning-tree...

  • Page 248: Wins

    WS5100 Series Switch CLI Reference Guide 7.1.8 wins Crypto Group Config Commands Specifies the Windows Internet Naming Service (WINS) servers to assign to a client Syntax wins <IP Address> <IP Address> Parameters <IP Address> The first WINS server address to assign <IP Address>...

  • Page 249: Crypto Peer Config Commands

    crypto-peer Use the command to initiate crypto isakmp peer [IP Address|dns|hostname] instance. config-crypto-peer 8.1 Crypto Peer Config Commands Table 8.1 summarizes the commands config-crypto-peer Table 8.1 Crypto Peer Command Summary Command Description Ref. clrscr Clears the display screen page 8-2 Ends the current mode and moves to the EXEC mode page 8-2 exit...

  • Page 250

    WS5100 Series Switch CLI Reference Guide 8.1.1 clrscr Crypto Peer Config Commands Clears the display screen Syntax clrscr Parameters None Example WS5100(config-crypto-peer)#clr WS5100(config-crypto-peer) 8.1.2 end Crypto Peer Config Commands Ends and exits the current mode and change to the PRIV EXEC mode. The prompt changes...

  • Page 251

    crypto-peer Example WS5100(config-crypto-peer)#exit WS5100(config)# 8.1.4 help Crypto Peer Config Commands Accesses the system’s interactive help system Syntax help Parameters None Example WS5100(config-crypto-peer)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.

  • Page 252

    WS5100 Series Switch CLI Reference Guide 8.1.6 service Crypto Peer Config Commands Invokes service commands to trobuleshoot or debug the (config-crypto-peer) instance configuration Syntax service(show)(cli) Parameters Show CLI tree of current mode Example WS5100(config-crypto-peer)#service show cli Crypto Peer Config mode:...

  • Page 253

    crypto-peer 8.1.7 set Crypto Peer Config Commands Configures the aggressive-mode of crypto-peer Syntax set aggressive-mode (password) Parameters aggressive-mode Defines aggressive mode attributes • password – Specifies a tunnel-password attribute Example WS5100(config-crypto-peer)#set aggressive-mode password CheckMeIn WS5100(config-crypto-peer)# 8.1.8 show Crypto Peer Config Commands Displays the current system information running on the switch Syntax show <paramater>...

  • Page 254

    WS5100 Series Switch CLI Reference Guide dhcp DHCP Server Configuration environment show environmental information file Display filesystem information Display FTP Server configuration history Display the session command history interfaces Interface status Internet Protocol (IP) ldap LDAP server licenses Show any installed licenses...

  • Page 255: Crypto Ipsec Config Commands

    crypto-ipsec Use the instance to define the transform configuration for (config-crypto ipsec) securing data(e.g., esp-3des, esp-sha-hmac, etc.). The transform set is assigned to a crypto map using the map’s transform-set command. For more details, see crypto-map transform set on page 10-7.

  • Page 256: Mode, Show

    WS5100 Series Switch CLI Reference Guide 9.1.1 mode Crypto IPsec Config Commands Use this command to configure IPSec mode of operation. Syntax mode(transport|tunnel) Parameters transport Transport mode tunnel Tunnel mode Example WS5100(config-crypto-ipsec)#mode transport WS5100(config-crypto-ipsec)# 9.1.2 show Crypto IPsec Config Commands...

  • Page 257

    crypto-ipsec history Display the session command history interfaces Interface status and configuration Internet Protocol (IP) ldap ldap server licenses Show any installed licenses logging Show logging configuration and buffer Media Access Control management Display L3 Managment Interface name mobility Display Mobility Parameters Network time protocol password-encryption password encryption...

  • Page 258

    WS5100 Series Switch CLI Reference Guide...

  • Page 259: Crypto Map Config Commands

    crypto-map commands define a Certificate Authority (CA) trustpoint. This is config-crypto-map a seperate instance, but belongs to the mode under the crypto pki trustpoint instance. config 10.1 Crypto Map Config Commands Table 10.1 summarizes commands T config-crypto-map Table 10.1 Crypto Map Command Summary Command Description Ref.

  • Page 260

    10-2 WS5100 Series Switch CLI Reference Guide 10.1.1 clrscr Crypto Map Config Commands Clears the display screen Syntax clrscr Parameters None Example WS5100(config-crypto-map)#clr WS5100(config-crypto-map) 10.1.2 end Crypto Map Config Commands Use this command to end and exit the current mode and move to the to PRIV EXEC mode.

  • Page 261: Match, Help

    crypto-map 10-3 Example WS5100(config-crypto-map)#exit WS5100(config)# 10.1.4 help Crypto Map Config Commands Use this command to access the system’s interactive help system Syntax help Parameters None Example WS5100(config-crypto-map)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.

  • Page 262

    10-4 WS5100 Series Switch CLI Reference Guide When a packet is transmitted on an interface, the crypto map set associated with that interface is processed. The first crypto map entry that matches the packet is used to secure the packet. If a suitable SA exists, it is used for transmission. Otherwise, IKE is used to establish an SA with the peer.

  • Page 263

    crypto-map 10-5 10.1.6 no Crypto Map Config Commands Negates a command or sets its defaults Syntax no <previous command used> Parameters Use the commands configured under this instance Example WS5100(config-crypto-map)#no aggrerssive-mode WS5100(config-crypto-map)#...

  • Page 264

    10-6 WS5100 Series Switch CLI Reference Guide 10.1.7 service Crypto Map Config Commands Invokes service commands to trobuleshoot or debug instance (config-crypto-isakmp) configurations Syntax service(clear|diag-shell|save-cli|show|start-shell|tethereal) Parameters clear Removes specified support information diag-shell Provides diag shell access save-cli Saves the CLI tree for all modes in HTML...

  • Page 265

    crypto-map 10-7 upgrade.history Aug 29 18:32 Please export these files or delete them for more space. WS5100(config-crypto-map)# 10.1.8 set Crypto Map Config Commands Use this command to set the various set parameters of the peer device. Syntax set (localid|mode|peer|pfs|remote-type[ipsec-l2tp|xauth]| security-association|session-key|transformset) set localid(dn|hostname) set security-association (level(perhost)|lifetime(kilobytes|seconds)<value>)

  • Page 266

    10-8 WS5100 Series Switch CLI Reference Guide Use the set pfs command to choose the type of perfect forward secrecy (if any) required during IPSec negotiation of SAs for this crypto map. Use the no form of this command to require no PFS •...

  • Page 267

    crypto-map 10-9 inbound/outbound Defines encryption keys for inbound/outbound traffic (ah|esp) • ah – Authentication header protocol • <256-4294967295> – Security Parameter Index (SPI) for the security association • esp – Encapsulating security payload protocol • <256-4294967295> – Derfines the security parameter Index •...

  • Page 268

    10-10 WS5100 Series Switch CLI Reference Guide The inbound local SPI (security parameter index) must equal the outbound remote SPI. The outbound local SPI must equal the inbound remote SPI. The key values are the hexadecimal representations of the keys.

  • Page 269

    crypto-map 10-11 Example WS5100(config-crypto-map)#show ? access-list Internet Protocol (IP) alarm-log Display all alarms currently in the system autoinstall autoinstall configuration banner Display Message of the Day Login banner boot Display boot configuration. clock Display system clock commands Show command lists crypto crypto debugging...

  • Page 270

    10-12 WS5100 Series Switch CLI Reference Guide...

  • Page 271: Trustpoint (pki) Config Commands

    crypto-trustpoint Instance commands define a Certificate Authority (CA) trustpoint. config-crypto-trustpoint This is a separate instance, but belongs to the mode under the crypto pki trustpoint instance. config 11.1 Trustpoint (PKI) Config Commands Table 11.1 summarizes commands: config-crypto-trustpoint Table 11.1 Trustpoint (PKI) Config Command Summary Command Description Ref.

  • Page 272: Company-name, Clrscr

    11-2 WS5100 Series Switch CLI Reference Guide Table 11.1 Trustpoint (PKI) Config Command Summary Command Description Ref. password Sets the challenge password (applicable only for page 11-6 requests), to access the trustpoint rsakeypair Defines a RSA Keypair to associate with the trustpoint...

  • Page 273: Email

    crypto-trustpoint Instance 11-3 Example WS5100(config-trustpoint)#company-name RetailKing WS5100(config-trustpoint)# 11.1.3 email Trustpoint (PKI) Config Commands Sets the e-mail ID for the trustpoint Syntax email Parameters WORD email address (2 to 64 characters ) Example WS5100(config-trustpoint)#email abcTestemailID@symbol.com WS5100(config-trustpoint)# 11.1.4 end Trustpoint (PKI) Config Commands Ends and exits the current mode and moves to the PRIV EXEC mode.

  • Page 274: Fqdn, Exit

    11-4 WS5100 Series Switch CLI Reference Guide 11.1.5 exit Trustpoint (PKI) Config Commands Ends the current mode and moves to previous the mode (GLOBAL-CONFIG). The prompt changes to WS5100(config)# Syntax exit Parameters None Example WS5100(config-trustpoint)#exit WS5100(config)# 11.1.6 fqdn Trustpoint (PKI) Config Commands...

  • Page 275: Ip-address, Help

    crypto-trustpoint Instance 11-5 11.1.7 help Trustpoint (PKI) Config Commands Displays the systems interactive help system Syntax help Parameters None Example WS5100(config-trustpoint)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.

  • Page 276: Password

    11-6 WS5100 Series Switch CLI Reference Guide 11.1.9 no Trustpoint (PKI) Config Commands Negates a command or sets its defaults Syntax no <previous command used> Parameters None. Example WS5100(config-trustpoint)#no ip-address WS5100(config-trustpoint)# 11.1.10 password Trustpoint (PKI) Config Commands Sets the challenge password (applicable only for requests) to acces trustpoint.

  • Page 277: Rsakeypair, Service

    crypto-trustpoint Instance 11-7 11.1.11 rsakeypair Trustpoint (PKI) Config Commands Configures a RSA Keypair to associate with the trustpoint Syntax rsakeypair Parameters WORD RSA Keypair Identifier. Usage Guidelines The RSA key pair configures the switch to have Rivest, Shamir, and Adelman (RSA) key pairs.

  • Page 278

    11-8 WS5100 Series Switch CLI Reference Guide start-shell Provides shell access tethereal Dumps and analyzes network traffic Example WS5100(config-trustpoint)#service diag-shell Diagnostic shell started for testing diag > boot Reboots the switch delete Deletes specified file from the system. exit Exit from the CLI...

  • Page 279

    crypto-trustpoint Instance 11-9 [-p (no promiscuous mode for interface)] [-n (disable name resolution)] [-c <count> ] [-h (detailed help)] [-E (to capture ESPD) ][-e (capture nonEspd packets)] [-f <capture filter expression in format "xx xx xx"> ] [-i <interface on which to capture packets> ] [-W (wisp packet only)] [-s <snaplen>...

  • Page 280

    11-10 WS5100 Series Switch CLI Reference Guide management Display L3 Managment Interface name mobility Display Mobility Parameters Network time protocol password-encryption password encryption privilege Show current privilege level radius Radius configuration commands redundancy-group Display redundancy group parameters redundancy-history Display state transition history of the switch.

  • Page 281: Subject-name

    crypto-trustpoint Instance 11-11 Location: State: Country: Valid From: 8 19:21:55 2007 GMT Valid Until: 7 19:21:55 2008 GMT Trustpoint :test1 ----------------------------------------------- Server certificate configured Subject Name: Common Name: Organizational Unit: mm Organization: Location: State: Country: Issuer Name: Common Name: Organizational Unit: mm Organization: Location: State:...

  • Page 282

    11-12 WS5100 Series Switch CLI Reference Guide Example WS5100(config-trustpoint)#subject-name TestPool ? WORD Country ( 2 character ISO Code ) WS5100(config-trustpoint)#subject-name TestPool US ? WORD State( 2 to 128 characters ) WS5100(config-trustpoint)#subject-name TestPool US OH ? WORD City( 2 to 128 characters )

  • Page 283: Interface Config Commands

    interface Instance Use the ) instance to configure the interfaces — Ethernet, VLAN and tunnel (config-if associated with the switch. 12.1 Interface Config Commands Table 12.1 summarizes the commands: config-if Table 12.1 Interface Config Command Summary Command Description Ref. clrscr Clears the display screen page 12-2 crypto...

  • Page 284

    12-2 WS5100 Series Switch CLI Reference Guide Table 12.1 Interface Config Command Summary (Continued) Command Description Ref. management Sets the selected interface as management interface page 12-9 Negates a command or sets its defaults page 12-9 port-channel Configures the load-balancing criteria of an aggregated...

  • Page 285: Description, Crypto

    interface Instance 12-3 Example WS5100(config-if)#clrscr WS5100(config-if)# 12.1.2 crypto Interface Config Commands Syntax crypto map(WORD) Parameters map <tag> Assigns a Crypto Map • <tag> – Crypto Map tag Usage Guidelines At any given instance you can add one crypto mapset to a single interface. The switch does not allow the same cryptomap set to be attached to multiple interfaces 12.1.3 description Interface Config Commands...

  • Page 286: Duplex

    12-4 WS5100 Series Switch CLI Reference Guide 12.1.4 duplex Interface Config Commands Specifies the duplex mode of operation NOTE: • Duplexity can only be set for an Ethernet Interface. Enter the instance using the parameter of the (config-if) interface mode •...

  • Page 287

    interface Instance 12-5 12.1.5 end Interface Config Commands Ends and exits the current mode and moves to the PRIV EXEC mode. The prompt changes WS5100# Syntax Parameters None Example WS5100(config-if)#end WS5100# 12.1.6 exit Interface Config Commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG). The prompt changes to WS5100(config)# Syntax...

  • Page 288

    12-6 WS5100 Series Switch CLI Reference Guide Example WS5100(config-if)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.

  • Page 289

    interface Instance 12-7 address Sets a static IP address and network mask for a Layer 3 SVI (Switch Virtual Interface) • A.B.C.D/M – Sets the IP address (10.0.0.1/8) • secondary – Defines an optional secondary IP address • dhcp – Uses a DHCP Client to obtain an IP address for the interface.

  • Page 290

    12-8 WS5100 Series Switch CLI Reference Guide WS5100(config-if)#ip helper-address 172.168.100.10 vlan 1000 WS5100(config-if)# The example below displays static NAT source translation: WS5100(config)#interface vlan 1000 WS5100(config-if)#ip nat inside WS5100(config-if)#interface vlan 2000 WS5100(config-if)#ip nat outside WS5100(config)#ip nat inside source static 172.168.200.10 157.235.205.57 WS5100(config)# 12.1.9 mac...

  • Page 291

    interface Instance 12-9 12.1.10 management Interface Config Commands Sets the selected interface as management interface. It can only be used on a VLANx interface. The TFTP/FTP server providing the switch its config file at startup must be accessible via this interface. VLAN 1 is the default management interface for the switch Syntax management...

  • Page 292

    12-10 WS5100 Series Switch CLI Reference Guide 12.1.12 port-channel Interface Config Commands Selects the load-balance criteria of an aggregated port Syntax port-channel (load-balance) [src-dst-ip|src-dst-mac] Parameters load-balance Sets load-balancing for port channel [src-dst-ip|src-dst-mac] • src-dst-ip – Defines the Source and Destination IP address based on the current load balancing •...

  • Page 293

    interface Instance 12-11 12.1.13 service Interface Config Commands Invokes service commands to troubleshoot or debug the instance (config-if) configuration Syntax service(show)(cli) Parameters Shows the CLI tree of current mode Example WS5100(config-if)#service show cli Interface Config mode: +-clrscr [clrscr] +-crypto +-map +-WORD [crypto map WORD] +-description +-LINE [description LINE]...

  • Page 294

    12-12 WS5100 Series Switch CLI Reference Guide 12.1.14 show Interface Config Commands Displays current system information running on the switch Syntax show <parameter> Parameters Displays the parameters for which information can be viewed using the show command Example WS5100(config-if)#show ?

  • Page 295

    interface Instance 12-13 redundancy-history Display state transition history of the switch. redundancy-members Display redundancy group members in detail running-config Current Operating configuration securitymgr Securitymgr parameters sessions Display current active open connections snmp Display SNMP engine parameters snmp-server Display SNMP engine parameters sole Smart Opportunistic Location Engine Configuration...

  • Page 296

    12-14 WS5100 Series Switch CLI Reference Guide channel-power List of available channel and power levels for a radio config Wireless Configuration Parameters hotspot-config Wlan hotspot configuration Intrusion detection parameters mac-auth-local list out the mac-auth-local entries mobile-unit Details of associated mobile-units...

  • Page 297: Shutdown, Spanning-tree

    interface Instance 12-15 12.1.15 shutdown Interface Config Commands Disables the selected interface. The interface is administratively enabled unless explicitly disabled using this command Syntax shutdown Parameters None Example WS5100(config-if)#shutdown WS5100(config-if)# 12.1.16 spanning-tree Interface Config Commands Configures spanning tree parameters Syntax spanning-tree [bpdufilter(enable|disable)| bpduguard(enable|disable)|edgeport| force-version <0-3>|guard (root)|link-type(point-topoint|shared)|...

  • Page 298

    12-16 WS5100 Series Switch CLI Reference Guide bpduguard (disable|enable) Use this command to enable or disable the BPDU guard feature on a port. Use the parameter with this command to set the BPDU guard feature to default values. When the BPDU guard is set for a bridge, all portfast- enabled ports that have the BPDU-guard set to default shut down the port upon receiving a BPDU.

  • Page 299: Speed

    interface Instance 12-17 mst [<0-15> Configures MST values on a spanning tree (cost <1-200000000>| • <0-15> – Defines the Instance ID port-priority <0-240>)| • cost <1-200000000> – Defines the path port-cisco-interoperability cost for a port (disable|enable)] • port-priority <0-240> – Defines the port priority for a bridge •...

  • Page 300

    12-18 WS5100 Series Switch CLI Reference Guide Parameters Forces 10 Mbps operation Forces 100 Mbps operation 1000 Forces 1000 Mbps operation auto Port automatically detects the speed it should run based on the port at the other end of the link Usage Guidelines Set the interface speed to auto to detect and use the fastest speed available.

  • Page 301: Switchport

    interface Instance 12-19 12.1.19 switchport Interface Config Commands Sets switching mode characteristics for the selected interface Syntax switchport(access|mode|trunk) switchport access vlan <1-4094> switchport mode(access|trunk) switchport trunk(allowed|native) switchport trunk allowed vlan(add|none|remove)[VLAN_ID] switchport trunk native(tagged|vlan<1-4094>) Parameters access Configures the access VLAN of an access-mode port •...

  • Page 302

    12-20 WS5100 Series Switch CLI Reference Guide trunk Sets the trunking mode characteristics • allowed – Configures trunk characteristics when the port is in trunk-mode. • vlan – Sets allowed VLANs • add – Adds VLANs to the current list •...

  • Page 303: Mst Config Commands

    spanning tree-mst Instance Use the instance to configure the switch’s Multi Spanning Tree Protocol (config-mst) (MSTP) configuration. 13.1 mst Config Commands Table 13.1 summarizes the commands: (config-mst) Table 13.1 MSTP Config Command Summary Command Description Ref. clrscr Clears the display screen page 13-2 Ends the current mode and moves to the EXEC mode page 13-2...

  • Page 304

    13-2 WS5100 Series Switch CLI Reference Guide Table 13.1 MSTP Config Command Summary (Continued) Command Description Ref. show Shows running system information page 13-7 13.1.1 clrscr mst Config Commands Clears the display Syntax clrscr Parameters None Example WS5100(config-mst)#clrscr WS5100(config-mst)# 13.1.2 end mst Config Commands Ends and exits the current mode and moves to the PRIV EXEC mode.

  • Page 305

    spanning tree-mst Instance 13-3 13.1.3 exit mst Config Commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG). The prompt changes to WS5100(config)# Syntax exit Parameters None Example WS5100(config-mst)#exit WS5100(config)# 13.1.4 help mst Config Commands Dispalys the system’s interactive help system Syntax help Parameters...

  • Page 306: Instance, Name

    13-4 WS5100 Series Switch CLI Reference Guide 13.1.5 instance mst Config Commands Associates VLAN(s) with an instance Syntax instance <1-15> vlan <VLAN_ID> Parameters <1-15> Defines the instance ID to which the VLAN is associated vlan <VLAN_ID> Sets the VLAN ID for its association with an instance Usage Guidelines MSTP works based instances.

  • Page 307: Revision

    spanning tree-mst Instance 13-5 13.1.7 no mst Config Commands Negates a command or sets its defaults Syntax no [instance|name|revision] Parameters instance Sets the MST Instance name Assigns a name to the MST region revision Defines the revision number for configuration information Usage Guidelines command negates any command associated with it.

  • Page 308

    13-6 WS5100 Series Switch CLI Reference Guide Example WS5100(config-mst)#revision 20 WS5100(config-mst)# 13.1.9 service mst Config Commands Invokes the service commands needed to troubleshoot or debug instance (config-if) configurations Syntax service(show) (cli) Parameters None Example WS5100(config-mst)#service show cli MSTI configuration mode:...

  • Page 309

    spanning tree-mst Instance 13-7 +-show +-cli [service show cli] +-show +-access-list [show access-list] +-<1-99> [show access-list (<1-99>|<100-199>|<1300-1999>|<2000- 2699>|WORD)] +-<100-199> [show access-list (<1-99>|<100-199>|<1300- 1999>|<2000-2699>|WORD)] +-<1300-1999> [show access-list (<1-99>|<100-199>|<1300- 1999>|<2000-2699>|WORD)] +-<2000-2699> [show access-list (<1-99>|<100-199>|<1300- 1999>|<2000-2699>|WORD)] +-WORD [show access-list (<1-99>|<100-199>|<1300-1999>|<2000- 2699>|WORD)] +-aclstats +-vlan +-<1-4094>...

  • Page 310: Contents -

    13-8 WS5100 Series Switch CLI Reference Guide debugging Debugging information outputs dhcp DHCP Server Configuration environment show environmental information file Display filesystem information Display FTP Server configuration history Display the session command history interfaces Interface status Internet Protocol (IP) ldap...

  • Page 311: Extended Acl Config Commands

    Extended ACL Instance Use the instance to configure the ACLs (config-ext-nacl) ip access-list extended associated with the switch 14.1 Extended ACL Config Commands Table 14.1 summarizes commands: config-ext-nacl Table 14.1 Extended ACL Config Command Summary Command Description Ref. clrscr Clears the display screen page 14-2 deny Specifies packets to reject...

  • Page 312: Deny, Clrscr

    14-2 WS5100 Series Switch CLI Reference Guide Table 14.1 Extended ACL Config Command Summary (Continued) Command Description Ref. service Invokes the service commands to troubleshoot or page 14-18 debug instance configurations (config-if) show Displays running system information page 14-20 terminal...

  • Page 313

    Extended ACL Instance 14-3 deny {tcp|udp} {source/source-mask | host source | any} [operator source-port] {destination/destination-mask | host destination | any} [operator destination-port] [log] [rule-precedence access- list-entry precedence] Parameters deny deny {ip} {source/source- Use with a command to reject IP packets mask | host source | any} •...

  • Page 314

    14-4 WS5100 Series Switch CLI Reference Guide deny {icmp} {source/ deny Use with the command to reject ICMP packets source-mask | host source • deny – Rejects ICMP packets | any} {destination/ • {icmp} – Specifies ICMP as the protocol...

  • Page 315

    Extended ACL Instance 14-5 deny {tcp|udp} {source/ Use with the deny command to reject TCP or UDP packets source-mask | host source • deny – Rejects TCP or UDP packets | any} [operator source- • {tcp|udp} – Specifies TCP or UDP as the protocol port] {destination/ destination-mask | host •...

  • Page 316

    14-6 WS5100 Series Switch CLI Reference Guide Usage Guidelines Use this command to deny traffic between networks/hosts based on the protocol type selected in the access list configuration. The following protocol types are supported: • ip • icmp • tcp •...

  • Page 317

    Extended ACL Instance 14-7 The following example denies ICMP traffic from any source to any destination. The keyword any is used to match: any source or destination IP address. WS5100(config-ext-nacl)#deny icmp any any WS5100(config-ext-nacl)#permit ip any any WS5100(config-ext-nacl)# 14.1.3 end Extended ACL Config Commands Ends and exits the current mode and moves to the PRIV EXEC mode.

  • Page 318: Mark, Help

    14-8 WS5100 Series Switch CLI Reference Guide 14.1.5 help Extended ACL Config Commands Displays the system’s interactive help system Syntax help Parameters None Example WS5100(config-ext-nacl)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'.

  • Page 319

    Extended ACL Instance 14-9 Parameters mark {dot1p <0-7> | tos Use with the mark command to specify IP packets as marked <0-255>}} {ip} {source/ • mark {dot1p <0-7> | tos <0-255>} – Defines action source-mask | host source mark types on an ACL. is functional only over a Port | any} {destination/ destination-mask | host...

  • Page 320

    14-10 WS5100 Series Switch CLI Reference Guide mark {dot1p <0-7> | tos mark Use with the command to specify ICMP packets as <0-255>}} {icmp} marked. {source/source-mask | • mark {dot1p <0-7> | tos <0-255>} – Action types on host source | any} mark an ACL.

  • Page 321

    Extended ACL Instance 14-11 Usage Guidelines This command marks traffic between networks/hosts based on the protocol type selected in the access list configuration Use the mark option to specify the type of service (tos) and priority value. The tos value is marked in the IP header and the 802.1p priority value is marked in the dot1q frame.

  • Page 322

    14-12 WS5100 Series Switch CLI Reference Guide 14.1.7 no Extended ACL Config Commands Negates a command or sets its defaults Syntax no(deny|mark|permit) Negates all the syntax combinations used in the deny, mark permit designations to configure the Extended ACL Parameters...

  • Page 323: Permit

    Extended ACL Instance 14-13 14.1.8 permit Extended ACL Config Commands Permits specific packets NOTE: ACLs do not allow DHCP messages to flow by default. Configure an Access Control Entry (ACE) to allow DHCP messages to flow through. WS5100(config-ext-nacl)#permit ip xxx.xxx.xxx.xxx/x 192.168.2.0/24 WS5100(config-ext-nacl)#permit ip any host xxx.xxx.xxx.xxx...

  • Page 324

    14-14 WS5100 Series Switch CLI Reference Guide Parameters permit permit {ip} Use the command to allow IP packets {source/source-mask | • permit – Allows IP packets host source | any} • {ip} – Specifies the IP (to match to any protocol)

  • Page 325

    Extended ACL Instance 14-15 permit {icmp} Use with the permit command to allow ICMP packets {source/source-mask | • permit – Allows ICMP packets on an ACL. host source | any} • {icmp} – Specifies ICMP as the protocol. {destination/ destination- mask | host destination | •...

  • Page 326

    14-16 WS5100 Series Switch CLI Reference Guide permit{tcp|udp} permit Use with the command to allow TCP or UDP {source/source-mask | packets host source | any} • permit – Allows TCP or UDP packets [operator source-port] • {tcp|udp} – Specifies TCP or UDP as the protocol.

  • Page 327

    Extended ACL Instance 14-17 Usage Guidelines Use this command to permit traffic between networks/hosts based on the protocol type selected in the access list configuration. The following protocols are supported: • ip • icmp • tcp • udp The last ACE in the access list is an implicit deny statement. Whenever the interface receives the packet, its content is checked against all the ACEs in the ACL.

  • Page 328

    14-18 WS5100 Series Switch CLI Reference Guide 14.1.9 service Extended ACL Config Commands Invokes service commands to troubleshoot or debug the instance (config-if) configurations Syntax service(clear|diag-shell|save-cli|show|start-shell|tethereal) Parameters clear Removes the specified support information diag-shell Provides diagnostic shell access to debug and test the...

  • Page 329

    Extended ACL Instance 14-19 diag > WS5100(config-ext-nacl)#service save-cli CLI command tree is saved as clitree.html. This tree can be viewed via web at http://<ipaddr>/cli/ clitree.html WS5100(config-ext-nacl)# WS5100(config-ext-nacl)#service show ? Show CLI tree of current mode command-history Display command (except show commands) history. crash-info Display information about core, panic and AP dump files...

  • Page 330

    14-20 WS5100 Series Switch CLI Reference Guide 14.1.10 show Extended ACL Config Commands Displays current system information running on the switch Syntax show<paramater> Parameters Displays the parameters for which information can be viewed using the show command Example WS5100(config-ext-nacl)#show ?

  • Page 331

    Extended ACL Instance 14-21 sessions Display current active open connections snmp Display SNMP engine parameters snmp-server Display SNMP engine parameters startup-config Contents of startup configuration terminal Display terminal configuration parameters timezone Display timezone upgrade-status Display last image upgrade status users Display information about terminal lines version Display software &...

  • Page 332

    14-22 WS5100 Series Switch CLI Reference Guide...

  • Page 333: Standard Acl Config Commands

    Standard ACL Instance Use the instance to configure ACLs. (config-std-nacl) ip access-list standard 15.1 Standard ACL Config Commands Table 15.1 summarizes the commands: config-std-nacl Table 15.1 Standard ACL Config Command Summary Command Description Ref. clrscr Clears the display screen page 15-2 deny Specifies packets to reject page 15-2...

  • Page 334

    15-2 WS5100 Series Switch CLI Reference Guide Table 15.1 Standard ACL Config Command Summary (Continued) Command Description Ref. terminal Sets terminal line parameters page 15-11 15.1.1 clrscr Standard ACL Config Commands Clears the display screen Syntax clrscr Parameters None Example...

  • Page 335

    Standard ACL Instance 15-3 host Single host address. • A.B.C.D – Exact source IP address to match. Usage Guidelines Use this command to deny traffic based on the source IP address or network address. The last ACE in the access list is an implicit deny statement. Whenever the interface receives the packet, its content is checked against all the ACEs in the ACL.

  • Page 336

    15-4 WS5100 Series Switch CLI Reference Guide 15.1.4 exit Standard ACL Config Commands Ends the current mode and moves to previous mode (GLOBAL-CONFIG). The prompt changes to WS5100(config)# Syntax exit Parameters None Example WS5100(config-std-nacl)#exit WS5100(config)# 15.1.5 help Standard ACL Config Commands Displays the system’s interactive help in HTML format...

  • Page 337

    Standard ACL Instance 15-5 15.1.6 mark Standard ACL Config Commands Specifies packets to mark Syntax mark(8021.1p<0-7>|tos<0-255>)(A.B.C.D/M|any|host) mark(8021.1p<0-7>|tos<0-255>)any|host(log|rule-precedence<1-5000>| |A.B>C.D) Parameters 8021.1p<0-7>|tos<0-255>) • Specifies .1p priority value between 0 and 7 • Specifies a Type of Service (tos) value between 0 and (A.B.C.D/M|any|host) source is the source IP address of the network or host in dotted decimal format.

  • Page 338

    15-6 WS5100 Series Switch CLI Reference Guide Example The example below marks the type of service (TOS) value to 254 for all traffic coming from the source network: WS5100(config)#access-list 3 mark tos 254 xxx.xxx.3.0/24 WS5100 (config)#access-list 3 permit any 15.1.7 no...

  • Page 339

    Standard ACL Instance 15-7 permit host A.B.C.D Parameters A.B.C.D/M Defines the source IP address range to match Any source IP address. • log – The log matches against this entry • rule-precedence<1-500> – Defines the access-list entry precedence host Single host address. •...

  • Page 340

    15-8 WS5100 Series Switch CLI Reference Guide 15.1.9 service Standard ACL Config Commands Invokes service commands to troubleshoot or debug instance (config-if) configurations Syntax service(clear|diag-shell|save-cli|show|start-shell|tethereal) Parameters clear Removes specified support information diag-shell Provides diagnostic shell access to debug and test the...

  • Page 341

    Standard ACL Instance 15-9 WS5100(config-std-nacl)#service start-shell Last password used: password with MAC 00:a0:f8:65:ea:8e Password: WS5100(config-std-nacl)# WS5100(config-std-nacl)#service tethereal ? LINE tethereal options in the format [-V (print detailed packet)] [-x (hex dump of packet)] [-p (no promiscuous mode for interface)] [-n (disable name resolution)] [-c <count> ] [-h (detailed help)] [-E (to capture ESPD) ][-e (capture nonEspd packets)] [-f <capture filter expression in format "xx xx xx">...

  • Page 342

    15-10 WS5100 Series Switch CLI Reference Guide Example WS5100(config-std-nacl)#show ? access-list Internet Protocol (IP) alarm-log Display all alarms currently in the system autoinstall autoinstall configuration banner Display Message of the Day Login banner boot Display boot configuration. clock Display system clock...

  • Page 343

    Standard ACL Instance 15-11 15.1.11 terminal Standard ACL Config Commands Sets the number of lines displayed on the terminal window Syntax terminal(monitor|no) terminal no(monitor) Parameters monitor Copies debug output to the current terminal line Negates a command or set its defaults monitor Copies debug output to the current terminal line Usage Guidelines...

  • Page 344

    15-12 WS5100 Series Switch CLI Reference Guide...

  • Page 345: Mac Extended Acl Config Commands

    Extended MAC ACL Instance Use the instance to configure ACLs. (config-ext-macl) mac access-list extended 16.1 MAC Extended ACL Config Commands Table summarizes commands: config-ext-macl Table 16.1 MAC Extended ACL Config Command Summary Command Description Ref. clrscr Clears the display screen page 16-2 deny Specifies packets to reject...

  • Page 346

    16-2 WS5100 Series Switch CLI Reference Guide Table 16.1 MAC Extended ACL Config Command Summary (Continued) Command Description Ref. terminal Sets terminal line parameters page 16-14 16.1.1 clrscr MAC Extended ACL Config Commands Clears the display screens Syntax clrscr Parameters...

  • Page 347

    Extended MAC ACL Instance 16-3 Parameters Source Mask Define a source mask specifying the bits to match. The source wildcard can be any one of the following: • xx:xx:xx:xx:xx:xx/ –Source MAC address xx:xx:xx:xx:xx:xx and mask • any – Any source host •...

  • Page 348

    16-4 WS5100 Series Switch CLI Reference Guide The most common ethertypes are: • arp • wisp • ip • 802.1q By default, the switch does not allow layer 2 traffic to pass through the interface. To adopt an access port through an interface, configure an access control list to allow an ethernet wisp.

  • Page 349

    Extended MAC ACL Instance 16-5 16.1.3 end MAC Extended ACL Config Commands Ends and exits from the current mode and moves to the PRIV EXEC mode. The prompt changes to WS5100# Syntax Parameters None Example WS5100(config-ext-macl)#end WS5100# 16.1.4 exit MAC Extended ACL Config Commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG).

  • Page 350

    16-6 WS5100 Series Switch CLI Reference Guide Example WS5100(config-ext-macl)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.

  • Page 351

    Extended MAC ACL Instance 16-7 Source MAC Address Specifies the bits to match. The source wildcard can be any one of the following: • xx:xx:xx:xx:xx:xx/ –Source MAC address xx:xx:xx:xx:xx:xx and mask • any – Any source host • host Exact source MAC address to match –...

  • Page 352

    16-8 WS5100 Series Switch CLI Reference Guide WS5100(config-ext-macl)#mark 8021p 6 any any vlan 5 type 8021q WS5100(config-ext-macl)# The example below marks the tos field to 254 for IP traffic coming from the source MAC WS5100(config-ext-macl)#mark tos 254 host 00:33:44:55:66:77 any...

  • Page 353

    Extended MAC ACL Instance 16-9 16.1.8 permit MAC Extended ACL Config Commands Specifies packets to forward NOTE: Use a decimal value representation of ethertypes to implement permit/deny/mark designations for a packet. An Extended MAC ACL provides the hexadecimal values for each listed ethertype. The switch supports all ethertypes.

  • Page 354

    16-10 WS5100 Series Switch CLI Reference Guide rule-precedence<1-5000> Defines an access list entry precedence type(<1- Sets an ethertype 65535>|arp|ip|ipv6|vlan|wisp) vlan<1-4095> Sets the VLAN ID Usage Guidelines When creating a Port ACL, the switch (by default) does not permit an ethertype WISP.

  • Page 355

    Extended MAC ACL Instance 16-11 The last ACE in the access list is an implicit deny statement. Whenever the interface receives the packet, its content is checked against all the ACEs in the ACL. It is allowed/denied based on the ACL’s configuration. Example The example below permits WISP traffic from any source MAC address to any destination MAC address:...

  • Page 356

    16-12 WS5100 Series Switch CLI Reference Guide Example WS5100(config-ext-macl)#service show cli MAC Extended ACL Config mode: +-clrscr [clrscr] +-deny +-XX:XX:XX:XX:XX:XX/XX:XX:XX:XX:XX:XX +-XX:XX:XX:XX:XX:XX/XX:XX:XX:XX:XX:XX [(deny|permit|mark (8021p <0-7> | tos <0-255>))(XX:XX:XX:XX:XX:XX/XX:XX:XX:XX:XX:XX | host XX:XX:XX:XX:XX:XX | any)(XX :XX:XX:XX:XX:XX/XX:XX:XX:XX:XX:XX | host XX:XX:XX:XX:XX:XX | any)(vlan <1-4095> | dot1p <0-7> |) (type (<1-65535> | ip | ipv6...

  • Page 357

    Extended MAC ACL Instance 16-13 16.1.10 show MAC Extended ACL Config Commands Displays current system information running on the switch Syntax show<paramater> Parameters Displays all the parameters for which information can be viewed using the show command Usage Guidelines command displays the access lists configured for the switch. show access-list Provide the access list name or number to view specific ACL details Example...

  • Page 358

    16-14 WS5100 Series Switch CLI Reference Guide redundancy-members Display redundancy group members in detail running-config Current Operating configuration securitymgr Display debug info for ACL, VPN and NAT sessions Display current active open connections snmp Display SNMP engine parameters snmp-server Display SNMP engine parameters...

  • Page 359: Dhcp Config Commands

    DHCP Server Instance to enter the instance. Use (config)#ip dhcp pool <pool name> (config-dhcp) this instance to configure the DHCP server address pool associated the switch. Also refer to ip on page 12-6 for other DHCP related configurations. 17.1 DHCP Config Commands Table 17.1 summarizes config-dhcp...

  • Page 360

    17-2 WS5100 Series Switch CLI Reference Guide Table 17.1 DHCP Server Command Summary Command Description Ref. default-router Configures a default router’s IP address page 17-9 dns-server Sets the IP address of a DNS Server page 17-10 domain-name Sets the domain name...

  • Page 361: Address, Bootfile

    DHCP Server Instance 17-3 17.1.1 address DHCP Config Commands Specifies a range of addresses for the DHCP network pool Syntax address (range) (low IP address) (high IP address) Parameters range (low IP address) (high IP Adds an address range for the DHCP server address) •...

  • Page 362: Class

    17-4 WS5100 Series Switch CLI Reference Guide Parameters bootfile <filename> Sets the boot image for BOOTP clients. The file name can contain letters, numbers, dots and hyphens. Consecutive dots and hyphens are not permitted. Usage Guidelines Use the command to specify the boot image. The boot file contains the boot bootfile image name used for booting the bootp clients (DHCP clients).

  • Page 363: Config-dhcp-class

    DHCP Server Instance 17-5 Usage Guidelines Follow the steps mentioned below to create a DHCP User Class: 1. Create a DHCP class named . The switch supports a maximum of 32 WS5100DHCPclass DHCP classes. WS5100(config)#ip dhcp class WS5100DHCPclass WS5100(config-dhcpclass)# 2. Create a USER class named .

  • Page 364

    17-6 WS5100 Series Switch CLI Reference Guide Table 17.2 DHCP Server Class Command Summary Command Description clrscr Clears the display screen Ends the current mode and moves to the EXEC mode exit Ends the current mode and moves to the previous mode...

  • Page 365: Client-identifier, Client-name

    DHCP Server Instance 17-7 17.1.4 client-identifier DHCP Config Commands Assigns a name to the client-identifier. A client identifier is used to reserve an IP address for DHCP client Syntax client-identifier <ascii string> Parameters client-identifier Prepends a null character. Use at beginning. A <ascii string>...

  • Page 366: Ddns, Clrscr

    17-8 WS5100 Series Switch CLI Reference Guide 17.1.6 clrscr DHCP Config Commands Clears the display screen Syntax clrscr Parameters None Example WS5100(config-dhcp)#clrscr WS5100(config-dhcp)# 17.1.7 ddns DHCP Config Commands Sets dynamic DNS parameters Syntax ddns [domainname (name)|multiple-user-class|server (IP address) (IP address)|ttl <1-864000>]...

  • Page 367: Default-router

    DHCP Server Instance 17-9 Usage Guidelines to enable an internal DHCP server to send DDNS update (dns) (override) updates for resource records (RRs) A, TXT and PTR. A DHCP server can always override the client even if the client is configured to perform the updates In the DHCP server network pool, FQDN is defined as the DDNS domain name.

  • Page 368: Dns-server, Domain-name

    17-10 WS5100 Series Switch CLI Reference Guide 17.1.9 dns-server DHCP Config Commands Sets the DNS server’s IP address that’s available to all DHCP clients connected to the pool. Use the command to remove the DNS server list no dns-server Syntax dns-server <ip address1>...

  • Page 369: Hardware-address, Exit

    DHCP Server Instance 17-11 17.1.11 end DHCP Config Commands Exits the current mode and moves to the PRIV EXEC mode. The prompt changes to WS5100# Syntax Parameters None Example WS5100(config-dhcp)#end WS5100# 17.1.12 exit DHCP Config Commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG). The prompt changes to WS5100#(config)# Syntax...

  • Page 370

    17-12 WS5100 Series Switch CLI Reference Guide Parameters hardware-address Sets the client’s hardware address [XX-XX-XX-XX-XX-XX | • XX-XX-XX-XX-XX-XX – Defines a dashed XX:XX:XX:XX:XX:XX] hexadecimal string • XX:XX:XX:XX:XX:XX – Sets a dotted hexadecimal string Usage Guidelines Accepts only hexadecimal values Example...

  • Page 371: Host, Lease

    DHCP Server Instance 17-13 17.1.15 host DHCP Config Commands Defines a fixed IP address for the host in dotted decimal format. Use the no host command to remove the host from the DHCP pool Syntax host <IP address> Parameters host <IP address> Sets a fixed address for the host •...

  • Page 372

    17-14 WS5100 Series Switch CLI Reference Guide Parameters lease [ Sets the lease time for an IP address {<0-365> <0-23> <0-59>} • <0-365> –Sets the lease period in days. |infinite] Days can be made as 0 only when hours and/or mins are greater than 0 •...

  • Page 373: Netbios-name-server, Netbios-node-type

    DHCP Server Instance 17-15 17.1.17 netbios-name-server DHCP Config Commands Sets the netbios-name server’s IP address Syntax netbios-name-server <IP address> Parameters netbios-name-server Defines the NetBIOS (WINS) name server <IP address> • <IP address> – Sets the NetBIOS name server's IP address Example WS5100(config-dhcp)#netbios-name-server 2.2.2.222 WS5100(config-dhcp)#...

  • Page 374: Network, Next-server

    17-16 WS5100 Series Switch CLI Reference Guide 17.1.19 network DHCP Config Commands Sets the network pool’s IP address. This address maps the current DHCP pool with a specific network Syntax network [A.B.C.D|A.B.C.D/M] Parameters network [A.B.C.D|A.B.C.D/M] Sets the network number and mask •...

  • Page 375: Option

    DHCP Server Instance 17-17 Example WS5100(config-dhcp)#next-server 2.2.2.22 WS5100(config-dhcp)# 17.1.21 no DHCP Config Commands Negates a command or sets itsdefaults. Syntax no [address|bootfile|client-identifier|client-name|ddns|default- router|dns-server|domain-name|hardware-address|host|lease|netbios- name-server|netbios-node-type|network|next-server|option|update] Parameters command negates any command associated with it. Wherever required, use the same parameters associated with the command getting negated Example WS5100(config)#no ip dhcp pool hotpool WS5100(config)#...

  • Page 376

    17-18 WS5100 Series Switch CLI Reference Guide Parameters option (name) Sets raw DHCP options • (name) – Sets the name of the DHCP option • IP Value – Sets the IP Value of the DHCP option • ASCII Value – Sets the ASCII Value...

  • Page 377

    DHCP Server Instance 17-19 Example WS5100(config-dhcp)#service show cli DHCP Server Config mode: +-address +-range +-A.B.C.D [address range A.B.C.D ( A.B.C.D |)] +-A.B.C.D [address range A.B.C.D ( A.B.C.D |)] +-bootfile +-WORD [bootfile WORD] +-client-identifier +-WORD [client-identifier WORD] +-client-name +-WORD [client-name WORD] +-clrscr [clrscr] +-ddns +-domainname...

  • Page 378

    17-20 WS5100 Series Switch CLI Reference Guide 17.1.24 show DHCP Config Commands Displays current system information Syntax show <paramater> Parameters Displays parameters for which information can be viewed using the show command Example WS5100(config-dhcp)#show ? access-list Internet Protocol (IP) aclstats...

  • Page 379

    DHCP Server Instance 17-21 redundancy-history Display state transition history of the switch. redundancy-members Display redundancy group members in detail running-config Current Operating configuration securitymgr Securitymgr parameters sessions Display current active open connections snmp Display SNMP engine parameters snmp-server Display SNMP engine parameters sole Smart Opportunistic Location Engine Configuration...

  • Page 380: Update

    17-22 WS5100 Series Switch CLI Reference Guide WS5100(config)# WS5100(config)#show ip dhcp binding MAC/Client-Id Type Expiry Time ------------- ---- ----------- WS5100(config)# 17.1.25 update DHCP Config Commands Controls the usage of the DDNS service Syntax update (dns)(override) Parameters update (dns) (override) Controls the usage of the DDNS service •...

  • Page 381: Configuring The Dhcp Server Using Switch Cli, Creating Network Pool

    DHCP Server Instance 17-23 17.2 Configuring the DHCP Server using Switch CLI The switch DHCP configuration is conducted by creating pools and mapping them to L3 interfaces (SVI). • A Network pool is the pool with “include” ranges. When the network pool is mapped to a L3 interface, DHCP clients requesting IPs from the L3 interface get an IP from the configured range •...

  • Page 382: Creating A Host Pool, Troubleshooting Dhcp Configuration

    17-24 WS5100 Series Switch CLI Reference Guide 17.2.2 Creating a Host Pool To create a host pool: 1. Create a DHCP server host address pool. WS5100(config)#ip dhcp pool hostpool 2. Assign the client name of the host for which static allocation is required.

  • Page 383: Address Range

    DHCP Server Instance 17-25 the L3 interface is 192.168.0.0/16, DHCP is not enabled on 192.168.0.0/16, since it is different from 192.168.0.0/24. 3. A network pool without any include range is as good as not having a pool. Add a include range using the command address range address range 192.168.0.30 192.168.0.30...

  • Page 384: Creating A Dhcp Option

    17-26 WS5100 Series Switch CLI Reference Guide 10.A host pool can have either configured, client-identifier hardware-address but not both. 11.An excluded address range has a higher precedence than an included address range. Thus, if a range is part of both an excluded and included range, it will be excluded.

  • Page 385: Dhcp Server Class Config Commands

    DHCP Class Instance (config)#ip dhcp class <class name> to enter the instance. Use this instance to configure DHCP user classes. The (config-dhcpclass) switch supports a maximum of 8 user classes per DHCP class. Refer to ip on page 12-6 and DHCP Class Instance on page 18-1for other DHCP related configurations.

  • Page 386

    18-2 WS5100 Series Switch CLI Reference Guide Table 18.1 DHCP Server Class Command Summary Command Description Ref. option Defines DHCP Server options page 18-5 service Invokes service commands to troubleshoot or debug page 18-6 instance configurations (config-if) show Displays running system information page 18-7 18.1.1 clrscr...

  • Page 387

    DHCP Class Instance 18-3 18.1.3 exit DHCP Server Class Config Commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG). The prompt changes to WS5100(config)# Syntax exit Parameters None Example WS5100(config-dhcpclass)#exit WS5100(config)# 18.1.4 help DHCP Server Class Config Commands Displays the system’s interactive help system in HTML format Syntax help...

  • Page 388: Multiple-user-class

    18-4 WS5100 Series Switch CLI Reference Guide 18.1.5 multiple-user-class DHCP Server Class Config Commands Enables the multiple user class option. Once invoked, the client (MU) sends multiple user classes Syntax help Parameters None Example WS5100(config-dhcpclass)#multiple-user-class WS5100(config-dhcpclass)# 18.1.6 no DHCP Server Class Config Commands Negates a command or sets its defaults.

  • Page 389

    DHCP Class Instance 18-5 18.1.7 option DHCP Server Class Config Commands Specifies a value for DHCP user class options Syntax option (user-class)(user class name) Parameters user-class (user class Creates/modifies DHCP Server user class options name) Usage Guidelines Follow the steps below to create a DHCP user class: 1.

  • Page 390

    18-6 WS5100 Series Switch CLI Reference Guide Example WS5100(config-dhcpclass)#option user-class MC800 WS5100(config-dhcpclass)# 18.1.8 service DHCP Server Class Config Commands Invokes service commands to troubleshoot or debug instance configurations (config-if) Syntax service (show) (cli) Parameters show (cli) Displays the CLI tree of the current mode...

  • Page 391: Radius Configuration Commands, Show

    DHCP Class Instance 18-7 18.1.9 show DHCP Server Class Config Commands Displays current system information Syntax show <parameters> show dhcp [config|status] show ip dhcp [binding|class|pool|sharednetwork] Displays the parameters for which information can be viewed using the show command Example WS5100(config-dhcpclass)#show ? access-list Internet Protocol (IP) aclstats...

  • Page 392

    18-8 WS5100 Series Switch CLI Reference Guide redundancy-history Display state transition history of the switch. redundancy-members Display redundancy group members in detail running-config Current Operating configuration securitymgr Securitymgr parameters sessions Display current active open connections snmp Display SNMP engine parameters...

  • Page 393

    Radius Server Instance Use the command to move to the RADIUS server mode. Local radius-server local (Onboard) RADIUS server commands are listed under this mode. Use the instance to configure local RADIUS server parameters. (config-radsrv) 19.1 Radius Configuration Commands Table 19.1 summarizes the Global Config command: Table 19.1 RADIUS Server Command Summary Command...

  • Page 394

    19-2 WS5100 Series Switch CLI Reference Guide Table 19.1 RADIUS Server Command Summary Command Description Ref. help Displays the interactive help system page 19-16 ldap-server Sets LDAP server parameters page 19-17 Sets RADIUS client parameters page 19-19 Negates a command or sets its defaults...

  • Page 395

    Radius Server Instance 19-3 peap-mschapv2 Sets the EAP/PEAP type used with mschapv2 Defines an EAP/TLS configuration scheme ttls-md5 Sets the EAP/TTLS configuration used with the default md5 authentication scheme ttls-mschapv2 Sets the EAP/TTLS configuration used with the default mschapv2 authentication scheme ttls-pap Sets the EAP/TTLS configuration used with the default pap authentication scheme...

  • Page 396: Crl-check, Clrscr

    19-4 WS5100 Series Switch CLI Reference Guide Usage Guidelines Configures the trustpoint used by the local RADIUS server. Create the before trustpoint it can be used by the command crypto pki trustpoint The default trust point in use is –...

  • Page 397

    Radius Server Instance 19-5 Usage Guidelines TLS uses certificates for authentication. CRL (updated with a trustpoint), contains index numbers of revoked certificates. The CRL checks for any revoked certificates used for authentication Example WS5100(config-radsrv)#crl-check enable WS5100(config-radsrv)# 19.1.5 end Radius Configuration Commands Ends and exits the current mode and moves to the PRIV EXEC mode.

  • Page 398: Group, Guest-group

    19-6 WS5100 Series Switch CLI Reference Guide 19.1.7 group Radius Configuration Commands Configures RADIUS user groups. The CLI moves to the config-radsrv-group sub-instance to create a new group The prompt changes from WS5100(config-radsrv)# WS5100 (config-radsrv-group)# Table 19.2 summarizes the RADIUS user group commands within the (config-radsrv-group) sub-instance Table 19.2 RADIUS User Group Command Summary...

  • Page 399

    Radius Server Instance 19-7 19.1.7.1 clrscr Radius Configuration Commands Clears the display screen Syntax clrscr Parameters None Example WS5100(config-radsrv-group)#clrscr WS5100(config-radsrv-group)# 19.1.7.2 end Radius Configuration Commands Ends and exits the current mode and changes to the PRIV EXEC mode. The prompt changes WS5100# Syntax Parameters...

  • Page 400

    19-8 WS5100 Series Switch CLI Reference Guide Example WS5100(config-radsrv-group)#exit WS5100(config-radsrv)#group 19.1.7.4 group Radius Configuration Commands Establishes RADIUS user group parameters. This command creates a group within the existing RADIUS group Syntax group Parameters WORD Defines the RADIUS group name Example...

  • Page 401: Policy, Help

    Radius Server Instance 19-9 19.1.7.6 help Radius Configuration Commands Displays the system’s interactive help in HTML format Syntax help Parameters None Example WS5100(config-radsrv-group)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.

  • Page 402: Rad-user

    19-10 WS5100 Series Switch CLI Reference Guide vlan Sets the VLAN ID for the group wlan Configures WLAN access policy for this group <1-32> Sets the WLAN range for the access policy Removes all the WLAN allowed rad-user Removes a user from this group...

  • Page 403

    Radius Server Instance 19-11 19.1.7.8 policy Radius Configuration Commands Sets the authorization policies for a particular group (like day/time of access, WLANs allowed etc.) NOTE: A user-based VLAN is effective only if dynamic VLAN authorization is enabled for the WLAN (as defined within the WLAN Configuration screen).

  • Page 404

    19-12 WS5100 Series Switch CLI Reference Guide <0-59> Sets the minute (mm) access limit vlan Sets the VLAN ID for this group <1-4094> Defines the VLAN range wlan Sets the WLAN access policy for this group <1-32> Sets the WLAN index...

  • Page 405

    Radius Server Instance 19-13 19.1.7.10 service Radius Configuration Commands Invokes RADIUS service commands (if they have been stopped). This command enables the RADIUS server. A RADIUS restart is executed only from the mode. config Syntax service(clear|diag-shell|radius|save-cli|show|start- shell|tethereal) service radius restart Parameters clear Removes the specified support information...

  • Page 406

    19-14 WS5100 Series Switch CLI Reference Guide Example WS5100(config-radsrv-group)#show ? access-list Internet Protocol (IP) alarm-log Display all alarms currently in the system autoinstall autoinstall configuration banner Display Message of the Day Login banner boot Display boot configuration. clock Display system clock...

  • Page 407: Example–creating A Group

    Radius Server Instance 19-15 ________________________________ Server Trust-point : default-trustpoint CA Trust-point : default-trustpoint WS5100(config-radsrv)# 19.1.7.12 Example–Creating a Group sub-instance is explained in the example below: (config-radsrv-group) 1. Create a group called Sales in the local RADIUS server database. WS5100(config-radsrv)#group sales 2.

  • Page 408

    19-16 WS5100 Series Switch CLI Reference Guide 7. Use to add a NAS entry for the group (config-radsrv)#nas WS5100(config-radsrv)#nas ? A.B.C.D/M Radius client IP address WS5100(config-radsrv)#nas 10.10.10.0/24 ? key Radius client shared secret WS5100(config-radsrv)#nas 10.10.10.0/24 key ? Password is specified UNENCRYPTED...

  • Page 409: Ldap-server

    Radius Server Instance 19-17 WS5100(config-radsrv)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1.

  • Page 410

    19-18 WS5100 Series Switch CLI Reference Guide base-dn Specifies a distinguished name that establishes the base object for the search. The base object is the point in the LDAP tree at which to start searching passwd Sets a valid password for the LDAP server...

  • Page 411

    Radius Server Instance 19-19 19.1.10 nas Radius Configuration Commands Sets the configuration of the RADIUS client Syntax nas(A.B.C.D/M)key(0|2|LINE) Parameters A.B.C.D/M Sets the RADIUS client’s IP address. Sets the RADIUS client’s shared key Defines the Password as UNENCRYPTED Password is encrypted with password-encryption secret LINE Defines the secret (client shared secret) up to 32 characters Example...

  • Page 412: Proxy, Rad-user

    19-20 WS5100 Series Switch CLI Reference Guide 19.1.11 no Radius Configuration Commands Negates a command or sets its defaults. Syntax no(authentication|ca|crl-check|group|ldap-server|nas|proxy|rad- user|server|service) Parameters authentication Defines the RADIUS authentication Configures Certificate Authority (CA) parameters crl-check Enables a Certificate Revocation List (CRL) check group Sets the local RADIUS server’s group configuration...

  • Page 413: Server

    Radius Server Instance 19-21 19.1.12 proxy Radius Configuration Commands Configures a proxy RADIUS server based on the realm/suffix Syntax proxy(realm|retry-count|retry-delay) proxy relam(WORD)server(A.B.C.D)port(<1024-65535>)secret(0|2|WORD) Parameters realm WORD The realm name is a string of up to 50 characters • server (A.B.C.D) – Sets the proxy server IP address •...

  • Page 414

    19-22 WS5100 Series Switch CLI Reference Guide Example WS5100(config-radsrv)#proxy realm Test server 10.10.10.1 port 2220 secret "Very Very Secret !!!" WS5100(config-radsrv)# WS5100(config-radsrv)#proxy retry-count 5 WS5100(config-radsrv)# WS5100(config-radsrv)#proxy retry-delay 8 WS5100(config-radsrv)# 19.1.13 rad-user Radius Configuration Commands Sets RADIUS user parameters Syntax rad-user(WORD)password(0|2|WORD)

  • Page 415

    Radius Server Instance 19-23 Example WS5100(config-radsrv)#rad-user TestRadUser password "I SPY U" WS5100(config-radsrv)# WS5100(config-radsrv)#rad-user guest1 password 0 password1 group guest-group guest expiry-time 12:12 expiry-date 05:12:2007 start-time 12:12 start-date 05:11:2007 WS5100(config-radsrv)# 19.1.14 server Radius Configuration Commands Configures server certificate parameters used by a RADIUS server. The server certificate is a part of a trustpoint created using crypto on page 5-16 Syntax...

  • Page 416

    19-24 WS5100 Series Switch CLI Reference Guide 19.1.15 service Radius Configuration Commands Invokes the service commands to trobuleshoot or debug the instance (config-radsrv) configuration. This command is also used to enable the RADIUS server Syntax service(clear|diag-shell|radius|save-cli|show|start- shell|tethereal) service radius restart...

  • Page 417

    Radius Server Instance 19-25 +-tls [authentication eap-auth-type (ttls-md5|ttls-pap|ttls- mschapv2|peap-gt c|peap-mschapv2|tls|all)] +-ttls-md5 [authentication eap-auth-type (ttls-md5|ttls- pap|ttls-mschapv2|pe ap-gtc|peap-mschapv2|tls|all)] +-ttls-mschapv2 [authentication eap-auth-type (ttls-md5|ttls- pap|ttls-mschap v2|peap-gtc|peap-mschapv2|tls|all)] +-ttls-pap [authentication eap-auth-type (ttls-md5|ttls- pap|ttls-mschapv2|pe ap-gtc|peap-mschapv2|tls|all)] +-ca +-trust-point -- MORE --, next page: Space, next line: Enter, quit: Control-C 19.1.16 show Radius Configuration Commands Displays current system information running on the switch...

  • Page 418

    19-26 WS5100 Series Switch CLI Reference Guide licenses Show any installed licenses logging Show logging configuration and buffer Media Access Control management Display L3 Managment Interface name mobility Display Mobility Parameters Network time protocol password-encryption password encryption privilege Show current privilege level...

  • Page 419: Wireless Configuration Commands

    Wireless Instance Use the instance to configure local RADIUS server parameters (config-wireless) associated with the switch. 20.1 Wireless Configuration Commands Table 20.1 summarizes commands: (config-wireless) Table 20.1 Wireless Config Command Summary Command Description Ref. Sets Adaptive AP (AAP) related commands page 20-4 adopt-unconf-radio Adopts a radio even if its not yet...

  • Page 420

    20-2 WS5100 Series Switch CLI Reference Guide Table 20.1 Wireless Config Command Summary (Continued) Command Description Ref. ap-timeout Changes the default inactivity timeout for page 20-9 access ports ap-udp-port Configures the UDP port for AP L3 adoption page 20-9 NOTE: Enable this option in the DHCP...

  • Page 421

    Wireless Instance 20-3 Table 20.1 Wireless Config Command Summary (Continued) Command Description Ref. mac-auth-local Defines the local MAC authentication list page 20-23 manual-wlan-mapping Allows the manual mapping/un-mapping page 20-24 of WLANs to configured radios mobile-unit Configures mobile unit parameters page 20-24 mobility Configures mobility parameters page 20-25...

  • Page 422: Adopt-unconf-radio

    20-4 WS5100 Series Switch CLI Reference Guide 20.1.1 aap Wireless Configuration Commands Defines the AAP configuration Syntax aap (config-aaply)[def-delay|mesh-delay]<3-10000> Parameters config-apply Applies AAP configuration settings [def-delay|mesh-delay] • def-delay – Sets the default time to delay before <30-10000> applying AAP configuration •...

  • Page 423: Adoption-pref-id

    Wireless Instance 20-5 20.1.3 adoption-pref-id Wireless Configuration Commands Use as a preference identifier for the switch. All radios configured with this preference identifier are more likely to be adopted by this switch Syntax adoption-pref-id Parameters <1-65535> Set a Pref-ID (1-65535) Example WS5100(config-wireless)#adoption-pref-id 500 20.1.4 ap...

  • Page 424: Ap-detection

    20-6 WS5100 Series Switch CLI Reference Guide 20.1.5 ap-detection Wireless Configuration Commands Configures access port detection parameters Syntax ap-detection [approved|enable|mu-assisted-scan|timeout (approved|unapproved)] ap-detection approved add <1-200> (MAC Address)(SSID) ap-detection mu-assisted-scan(enable|refresh<300-86400>) Parameters aap-version AP detection configuration commands approved Sets the approved access port list •...

  • Page 425: Ap-ip

    Wireless Instance 20-7 Example WS5100(config-wireless)#ap-detection enable WS5100(config-wireless)# WS5100(config-wireless)#ap-detection approved add 150 any any WS5100(config-wireless)# WS5100(config-wireless)#ap-detection mu-assisted-scan enable WS5100(config-wireless)# WS5100(config-wireless)#ap-detection mu-assisted-scan refresh 520 WS5100(config-wireless)# 20.1.6 ap-ip Wireless Configuration Commands Modifies the static IP address for an access port Syntax ap-ip [<List of Indices/MAC address >|default-ap] ap-ip <List of Indices>...

  • Page 426

    20-8 WS5100 Series Switch CLI Reference Guide Parameters <List of Indices> / MAC to view an AP’s index or MAC show wireless ap address. Select the AP’s index / MAC Address to modify its address static IP address • static-ip – Sets the static IP address, netmask and gateway address of the AP •...

  • Page 427: Ap-timeout, Ap-udp-port

    Wireless Instance 20-9 20.1.7 ap-timeout Wireless Configuration Commands Changes the default inactivity timeout for access ports Syntax ap-timeout <index> <40-180> Parameters <Index> <40-180> Access-ports identified by a single MAC address or by a list of indices. Use to view the AP’s index show wireless ap or MAC address •...

  • Page 428: Broadcast-tx-speed, Client

    20-10 WS5100 Series Switch CLI Reference Guide 20.1.9 broadcast-tx-speed Wireless Configuration Commands Configure the rate at which broadcast and multicast traffic is transmitted between the switch and mobile unit Syntax broadcast-tx-speed(range|throughput) Parameters range Uses a lowest basic rate. Provides maximum range throughput Uses a highest basic rate.

  • Page 429

    Wireless Instance 20-11 include-list Defines the wireless client include list configuration. No MU NAC check is conducted, except for those in the include list. Devices in the include-list will have NAC checks Usage Guidelines Refer to the configurations below to: •...

  • Page 430: Config-wireless-client-list

    20-12 WS5100 Series Switch CLI Reference Guide WS5100(config-wireless)# no wlan 1 nac-server primary WS5100(config-wireless)# no wlan 1 nac-server primary secret WS5100(config-wireless)# no wlan 1 nac-server secondary WS5100(config-wireless)# no wlan 1 nac-server secondary radius-key WS5100(config-wireless)# no wlan 1 nac exclude-list protected-...

  • Page 431

    Wireless Instance 20-13 station config-wireless-client-list Adds a specified MAC entry into the client’s exclude or include list Syntax (config-wireless-client-list) station (host-name) [MU mac address|MU mac mask] Parameters host-name Defines an index for this host entry in the client list. The host station name must be of size <1-21>...

  • Page 432: Convert-ap, Clrscr

    20-14 WS5100 Series Switch CLI Reference Guide Example WS5100(config-wireless-client-list)#wlan 1 WS5100(config-wireless-client-list)# 20.1.11 clrscr Wireless Configuration Commands Clears the display screen Syntax clrscr Parameters None Example WS5100(config-wireless)#clrscr WS5100(config-wireless)# 20.1.12 convert-ap Wireless Configuration Commands Changes the mode of operation of an AP to either sensor or standalone Syntax convert-ap <1-48>(default|sensor|standalone)

  • Page 433

    Wireless Instance 20-15 standalone Converts a thin AP-4131 back to a stand-alone AP Note: The switch will not be able to adopt this AP again until the AP is converted back to a thin-AP using the AP’s configuration interface Example WS5100(config-wireless)#convert-ap 1 default WS5100(config-wireless)# 20.1.13 country-code...

  • Page 434

    20-16 WS5100 Series Switch CLI Reference Guide Colombia Costa Rica Cyprus Czech Republic Germany Denmark Dominican Republic Ecuador Estonia Egypt Spain Finland France United Kingdom Greece Guatemala Guam Hong Kong Honduras Croatia Haiti Hungary Indonesia Ireland Israel India Iceland Italy...

  • Page 435: Dhcp-sniff-state

    Wireless Instance 20-17 Poland Portugal Qatar Romania Russia Saudi Arabia Sweden Singapore Slovenia Slovak Republic Thailand Turkey Taiwan Ukraine United States Uruguay Venezuela Vietnam South Africa WS5100(config-wireless)#country-code 20.1.14 dhcp-sniff-state Wireless Configuration Commands Records mobile unit DHCP state information Syntax dhcp-sniff-state Parameters enable Allows support for recording DHCP state information for...

  • Page 436: Dot11-shared-key-auth

    20-18 WS5100 Series Switch CLI Reference Guide 20.1.15 dot11-shared-key-auth Wireless Configuration Commands Enables support for 802.11 shared key authentication NOTE: Shared key authentication has known weaknesses that can compromise your WEP key. It should only be configured to accommodate wireless stations unable to carry out Open-System...

  • Page 437: Fix-broadcast-dhcp-rsp, Exit, Help

    Wireless Instance 20-19 20.1.17 exit Wireless Configuration Commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG). The prompt changes to WS5100(config)# Syntax exit Parameters None Example WS5100(config-wireless)#exit WS5100(config)# 20.1.18 fix-broadcast-dhcp-rsp Wireless Configuration Commands Converts broadcast DHCP server responses to unicast Syntax fix-windows-dhcp Parameters...

  • Page 438

    20-20 WS5100 Series Switch CLI Reference Guide Parameters None Example WS5100(config-wireless)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.

  • Page 439

    Wireless Instance 20-21 Parameters anomaly-detection Configures parameters related to the detection of {options} (enable|filter- anomalous frames on the RF network ageout) • all – Enables all types of anomalous frames • average-noise-level [enable|filter-ageout|threshold] – Enables and sets the filters and threshold levels for sudden changes in RSSI •...

  • Page 440

    20-22 WS5100 Series Switch CLI Reference Guide ex-ops {} Sets values related to the detection of excessive operations on the RF network • 80211-replay-fails – 802.11 replay check failure • all – Changes for all types of excessive operations • association-requests – 802.11 authentication and association requests authentication-fails –...

  • Page 441: Mac-auth-local

    Wireless Instance 20-23 WS5100(config-wireless)# WS5100(config-wireless)#ids ex-ops 80211-replay-fails filter-ageout 5200 WS5100(config-wireless)# 20.1.21 mac-auth-local Wireless Configuration Commands Configures the local MAC authentication list Syntax mac-auth-local<1-1000> (allow|deny)(Starting MAC Address)(Ending MAC Address)(range/list of WLAN indicies)WORD Parameters <1-1000> Sets the mac-auth-local entry allow Allows mobile units that match this rule to associate deny Denies association to mobile units that match this rule Starting MAC Address...

  • Page 442: Manual-wlan-mapping, Mobile-unit

    20-24 WS5100 Series Switch CLI Reference Guide 20.1.22 manual-wlan-mapping Wireless Configuration Commands Manually maps WLANs configured on a radio Syntax manual-wlan-mapping Parameters enable Enables support for manual WLAN mapping Example WS5100(config-wireless)#manual-wlan-mapping enable WS5100(config-wireless)# 20.1.23 mobile-unit Wireless Configuration Commands Configures mobile unit related parameters...

  • Page 443: Mobility

    Wireless Instance 20-25 Example WS5100(config-wireless)#mobile-unit probe-history enable WS5100(config-wireless)# WS5100(config-wireless)#mobile-unit association-history enable WS5100(config-wireless)# WS5100(config-wireless)#mobile-unit probe-history add 20 AA-BB-CC- DD-EE-FF WS5100(config-wireless)# 20.1.24 mobility Wireless Configuration Commands Sets mobility parameters Syntax mobility(enable|local-address|max-roam-period|peer) mobility local-address (IP Address) mobility max-roam-period<1-15> mobililty peer (IP Address) Parameters enable Enables mobility globally local-address <IP...

  • Page 444: Multicast-packet-limit, Multicast-throttle-watermark

    20-26 WS5100 Series Switch CLI Reference Guide WS5100(config-wireless)#mobility max-roam-period 10 WS5100(config-wireless)# WS5100(config-wireless)#mobility peer 157.208.235.108 WS5100(config-wireless)# 20.1.25 multicast-packet-limit Wireless Configuration Commands Sets a multicast packet limit (per second) for a VLAN. This limits broadcast/multicast packets per VLAN. The default vlaue is 32 broadcast/multicast packets per second Syntax multicast-packet-limit <1-128>...

  • Page 445

    Wireless Instance 20-27 Parameters low <0-100> Sets the low water-mark. If the percentage of free packets in the system is lower than this threshold, the incoming frame is dropped high <0-100> Sets the high water-mark. If the percentage of free packets in the system is between the low water-mark and this value, the packet is subjected to a random-early-drop.

  • Page 446: Proxy-arp, Qos-mapping

    20-28 WS5100 Series Switch CLI Reference Guide 20.1.28 proxy-arp Wireless Configuration Commands Responds to ARP requests from the RON to the WLAN on behalf of mobile units Syntax proxy-arp Parameters enable Enables the support of proxy arp Example WS5100(config-wireless)#proxy-arp enable WS5100(config-wireless)# 20.1.29 qos-mapping...

  • Page 447: Radio

    Wireless Instance 20-29 video Prioritizes Video category traffic voice Prioritizes Voice category traffic wireless-to-wired Sets the mappings used while switching wireless traffic to the RON side dot1p<0-7> Configures the 802.1p tags that correspond to a selected access category Example WS5100(config-wireless)#qos-mapping wireless-to-wired background dot1p 5 WS5100(config-wireless)# 20.1.30 radio...

  • Page 448

    20-30 WS5100 Series Switch CLI Reference Guide radio <1-1000> bridge-msg-age <6-40> radio <1-1000> bridge-priority <0-65535> radio <1-1000> channel-power(indoor|outdoor)(<1-200>|acs|random) <4-20> radio <1-1000> client-bridge [enable|mesh-timeout <2-200>| ssid (SSID name)] radio <1-1000> coordinates <-65535-65535> <-65535-65535> radio 1 copy-config-from [<1-1000>|default-11a|default-11b| default-11bg] radio <1-1000> dtim-period<1-50> bss<1-4>...

  • Page 449

    Wireless Instance 20-31 Adopts the default 11b configuration template default-11b default-11bg Adopts the default 11bg configuration template adoption-pref-id <0- Employs a preference identifier for this radio port. The radio 65535> port is more likely to be adopted by a wireless switch that is a preferred switch antenna-mode Defines the antenna diversity mode.

  • Page 450

    20-32 WS5100 Series Switch CLI Reference Guide bss (<1-4>|add- Maps WLANs to radio BSSIDs wlans|auto) WLAN • <1-4>– Sets the BSS where WLANs are mapped • add-wlans – Adds new WLANs to existing radios. The other WLANs on the radios are left as is •...

  • Page 451

    Wireless Instance 20-33 copy-config-from Copies the configuration from a previously configured radio [<1-1000>|default-11a| • <1-1000> – Defines a single radio index default-11b| • default-11a – Uses the default 11a configuration default-11bg] template • default-11b – Uses the default 11b configuration template •...

  • Page 452

    20-34 WS5100 Series Switch CLI Reference Guide mac <MAC address> Changes the parent (access-port) MAC address of the radio max-mobile-units <1- Maximum number of mobile units allowed to associate 256> mu-power <0-20> Power adjustment level for mobile units associated with this access-port.

  • Page 453

    Wireless Instance 20-35 speed Configures the basic and supported data rates/speed • 1 1-Mbps • 11 11-Mbps • 12 12-Mbps • 18 18-Mbps • 2 2-Mbps • 24 24-Mbps • 36 36-Mbps • 48 48-Mbps • 54 54-Mbps • 5p5 5.5-Mbps •...

  • Page 454

    20-36 WS5100 Series Switch CLI Reference Guide tag_type Configures the WI-FI tag type. [aeroscout|cricket|newb • aeroscout – Aeroscout active tag ury] (listen-addr) • cricket – Cricket (Motorola) Active tag <MAC address> • newbury – Newbury active tag • listen-addr – Configures a multicast listening address for active tags •...

  • Page 455

    Wireless Instance 20-37 • burst<0-65535> – (transmit-opportunity) Sets an interval when a particular WMM STA has the right to initiate transmissions onto the wireless medium • cw<0-15> – (Contention Window parameters) Wireless stations pick a number between 0 and the minimum contention window to wait before re-trying transmissions Stations then double their wait time on a collision, until it reaches the maximum contention window...

  • Page 456: Rate-limit, Self-heal

    20-38 WS5100 Series Switch CLI Reference Guide 20.1.31 rate-limit Wireless Configuration Commands Sets the default rate limit per user Syntax rate-limit {down|up}<0-100000> Parameters down <0-100000> Sets the up link direction - from the wireless client to the network Defines the rate in the range of <0-100000> kbps, 0=disable rate limit up <0-100000>...

  • Page 457

    Wireless Instance 20-39 Parameters interference-avoidance Interference avoidance configuration. enable Enables/disables interference avoidance hold-time<0-65535> The number of seconds to disable interference avoidance after a detection. This prevents a radio from changing channels continuously. Set the hold-time between 0-65535 seconds retries<0.0-15.0> Defines the average number retries to cause a radio to re-run auto channel selection.

  • Page 458: Sensor

    20-40 WS5100 Series Switch CLI Reference Guide Example WS5100(config-wireless)#self-heal interference-avoidance enable WS5100(config-wireless)# WS5100(config-wireless)#self-heal interference-avoidance hold-time WS5100(config-wireless)# WS5100(config-wireless)#self-heal neighbor-recovery enable Note: reducing the configured transmit power of radios will ensure that there is room to increase power when a neighbor fails...

  • Page 459

    Wireless Instance 20-41 default-config Invokes the default configuration sent to sensors when (ip-mode|wips-server-ip) configured • ip-mode – Configures the IP address of the sensors • dhcp – Sensors use DHCP to obtain an IP address • static (A.B.C.D/M)(A.B.C.D) – Sensors use the specific static IP address A.B.C.D/M –...

  • Page 460

    20-42 WS5100 Series Switch CLI Reference Guide service show (wireless) [ap-history|ap-list|buffer-counters| enhanced-beacon-table|enhanced-probe-table|legacy-load-balance| mu-cache-buckets|mu-cache-entry|mvlan <1-32>| radio(<1-1000>|description)|snmp-trap-throttle|vlan-cache-buckets| vlan-cache-entry] service wireless [ap-history|buffer-counters|clear-ap-log| dump-core|enhanced-beacon-table|enhanced-probe-table| idle-radio-send-multicast|legacy-load-balance|radio-misc-cfg| rate-scale|request-ap-log|save-ap-log|snmp-trap-throttle| vlan-cache] service (wireless)ap-history [clear|enable] service (wireless)buffer-counters (clear) service (wireless)clear-ap-log <1-48> service (wireless)idle-radio-send-multicast (enable) service (wireless)request-ap-log <1-48> Parameters ap-history...

  • Page 461

    Wireless Instance 20-43 mvlan <1-32> Displays multi-Vlan Debug stats • <1-32> – Defines a single WLAN’s index radio Sets a radio’s serviceability parameters [<1-1000>|description] • <1-1000> – Defines a single radio’s index • description – Displays the description and location coordinates of detected radios snmp-trap-throttle Displays stats related to SNMP trap throttling...

  • Page 462

    20-44 WS5100 Series Switch CLI Reference Guide enhanced-beacon-table Configures an AP for detecting and locating other APs in the [channel-set (a|bg) <1- network 200> | enable | erase- • channel-set (a|bg) <1-200> – 802.11a / 802.11bg report | max-ap <0-512> | channel-set settings used for AP locationing scan-interval <10-60>...

  • Page 463

    Wireless Instance 20-45 enhanced-probe-table Configures an AP for detecting and locating MUs. The [enable | erase-report | switch maintains an enhanced-probe-table to track the max-mu <0-512> | probes received by an AP. preferred (add) • enable – Disables or enables the gathering of <MAC Address>...

  • Page 464

    20-46 WS5100 Series Switch CLI Reference Guide Example WS5100(config-wireless)#service show wireless ap-history AP MAC Radio Timestamp Event Reason =================================================================== 00-A0-F8-BF-8A-4B 20070926-20:23:10 Adoption WS5100(config-wireless)# WS5100(config-wireless)#service show wireless mvlan 20 Wlan 20: pool_size =1 ----------------------------------------------------- [ 0]: wlan=20, vlan_id=1, limit=0, users=0, log_sent=0...

  • Page 465

    Wireless Instance 20-47 2] 00-A0-F8-BF-8A-4B 00-A0-F8-BF-ED-BC 11a RADIO2 0 0 0 WS5100(config-wireless)# WS5100(config-wireless)#service show wireless snmp-trap-throttle throttle : 10 (default = 10) traps allowed through throttle: 9 traps dropped through throttle: 0 WS5100(config-wireless)# 20.1.35 show Wireless Configuration Commands Displays current system information running on the switch Syntax show<paramater>...

  • Page 466: Wlan

    20-48 WS5100 Series Switch CLI Reference Guide management Display L3 Managment Interface name mobility Display Mobility parameters Network time protocol password-encryption password encryption port-channel Portchannel commands privilege Show current privilege level radius RADIUS configuration commands redundancy-group Display redundancy group parameters...

  • Page 467

    Wireless Instance 20-49 wlan<1-32> aap-proxy-radius (enable)(realm)<realm name> (strip) wlan<1-32> (accounting)[none|radius|ssyslog] wlan<1-32> (add-vlan)[<1-4094>|VLAN] (limit)<0-4096> wlan<1-32> (authentication-type) [eap|hotspot|kerberos|mac- auth|none] wlan<1-32> (client-bridge-backhaul)(enable) wlan<1-32> (dot11i)[handshake|key|key-rotation|key-rotation- interval|opp-pmk-caching|phrase|pmk-caching| preauthentication|second-key|tkip-cntrmeas-hold-time] wlan<1-32> dot11i handshake timeout<100-5000> retransmit<1-10> wlan<1-32> key[0|2|WORD] wlan<1-32> encryption-type[ccmp|keyguard|none|tkip|tkip-ccmp| wep128|wep128-keyguard|wep64] wlan<1-32> hotspot[allow-list|webpage|webpage-location] wlan<1-32> hotspot allow-list(Rule index)(IP address) wlan<1-32>...

  • Page 468

    20-50 WS5100 Series Switch CLI Reference Guide wlan<1-32> radius[accounting|authentication-protocol|dscp| dynamic-authorization|dynamic-vlan-assignment| mobile-unit|reauth|server] wlan<1-32> radius accounting[mode|timeout] wlan<1-32> radius accounting mode[start-interim-stop(interval) <60-3600>|start-stop|stop-only] wlan<1-32> radius accounting timeout<1-60> retransmit<1-100> wlan<1-32> radius authentication-protocol(chap|pap) wlan<1-32> radius server[primary|secondary|timeout] wlan<1-32> radius server[primary|secondary] [ip-address(auth-port)<1024-65535>)(radius-key(0|2|LINE)] wlan<1-32> radius server timeout<1-60> retransmit<1-10> wlan<1-32> secure-beacon wlan<1-32>...

  • Page 469

    Wireless Instance 20-51 aap-proxy-radius Enables configuring of proxying AAP radius requests (enable) (realm) <name> • realm <name> – Provide proxy realm name (strip) • strip – Strip realm name while proxying requests accounting Defrines the accounting configuration on this WLAN (none|radius|syslog) •...

  • Page 470

    20-52 WS5100 Series Switch CLI Reference Guide authentication-type Sets the authentication type for this WLAN (eap|hotspot|kerberos| • eap – EAP authentication (802.1X) mac-auth|none) • hotspot – Web based authentication • kerberos – Kerberos authentication (encryption will change to WEP128 if its not already wep128/keyguard) •...

  • Page 471

    Wireless Instance 20-53 • key(0|2|WORD) – Configure the key (PMK) • 0 – Password is specified UNENCRYPTED • 2 – Password is encrypted with password- encryption secret • WORD – The 256bit (64 hex characters) long • key-rotation (enable) – Controls the periodic update of the broadcast keys for associated mobile units •...

  • Page 472

    20-54 WS5100 Series Switch CLI Reference Guide • WORD – Sets the 256bit (64 hex characters) • tkip-cntrmeas-hold-time <0-65535> – Configures the hold-time (in seconds) that clients are blocked whenTKIP countermeasures are invoked. Default is 60 seconds • wpa2-tkip (enable) – Enables support for WPA2-TKIP (in...

  • Page 473

    Wireless Instance 20-55 hotspot() Modifies hotspot related parameters • allow (rule index) (IP address) – Modifies hotspot allow- list parameters Users who have not yet authenticated must be allowed access to these IP addresses • Rule index – Allow-list Rule index (must be between (1-10) •...

  • Page 474

    20-56 WS5100 Series Switch CLI Reference Guide inactivity-timeout Sets an inactivity timeout in seconds. If a frame is not <60-86400> received from a mobile unit for this amount of time, the mobile unit is disassociated kdc [password (0||LINE) | Modifies KDC related parameters.

  • Page 475

    Wireless Instance 20-57 mu-mu-disallow Disallows frames from one mobile unit to another mobile unit on this WLAN (switch-to-wired) • switch-to-wired – Disallows by switching the frame out on the wired side (to allow an externalswitch to decide whether this frame is to be allowed or dropped) nac-mode Sets the Network Access Control (NAC) mode configuration [bypass-nac-except-...

  • Page 476

    20-58 WS5100 Series Switch CLI Reference Guide nac-server () Configure a NAC server IP address and an optional [primary|secondary|time authentication port number out] • [primary|secondary] [EAP Server IP Address|RADIUS Key] – Primary server or secondary server’s IP address • A.B.C.D (auth-port) – Set an EAP server IP...

  • Page 477

    Wireless Instance 20-59 Quality of Service commands [classification | • classification [background|best-effort|video|voice|wmm] mcast-with-dot11i| – Select how traffic on this WLAN is classified (relative mcast1 | mcast2 | prioritization on the access port) prioritize-voice | svp | • background – Traffic on this WLAN is treated weight|wmm] as background traffic •...

  • Page 478

    20-60 WS5100 Series Switch CLI Reference Guide • ip-address – Sets the RADIUS server’s IP address • auth-port<1024-65535> – Establishes the RADIUS server’s authentication port (default:1812) • radius-key – Sets the RADIUS server shared secret, up to 127 characters • 0 – Password is specified UNENCRYPTED •...

  • Page 479

    Wireless Instance 20-61 ssid Enter the SSID of this WLAN syslog (accounting) Syslog Accounting. server <IP Address> • accounting – Modifies accounting parameters port <Port number> • server<IP Address> – Modifies the Syslog accounting server IP Address • port <Port Number> – Defines the Syslog server port The default port number is 514 vlan<1-4094>...

  • Page 480

    20-62 WS5100 Series Switch CLI Reference Guide wep64 Configures WEP64 parameters Example WS5100(config-wireless)#wlan 25 accounting syslog WS5100(config-wireless)# WS5100(config-wireless)#wlan 25 answer-bcast-ess WS5100(config-wireless)# WS5100(config-wireless)#wlan 25 authentication-type kerberos WS5100(config-wireless)# WS5100(config-wireless)#wlan 25 description "TestWLAN" WS5100(config-wireless)# WS5100(config-wireless)#wlan 25 dot11i handshake timeout 2500 retransmit 5 WS5100(config-wireless)#...

  • Page 481: Wlan-bw-allocation

    Wireless Instance 20-63 WS5100(config-wireless)#wlan 25 radius accounting timeout 30 retransmit 50 WS5100(config-wireless)# WS5100(config-wireless)#wlan 25 radius mobile-unit timeout 30 retransmit 5 WS5100(config-wireless)# WS5100(config-wireless)#wlan 25 ssid TestString WS5100(config-wireless)# WS5100(config-wireless)#wlan 25 symbol-extensions fast-roaming enable WS5100(config-wireless)# WS5100(config-wireless)#wlan 25 syslog accounting server 12.13.14.125 port 5005 WS5100(config-wireless)# WS5100(config-wireless)#wlan 24 qos mcast-with-dot11i enable WS5100(config-wireless)#...

  • Page 482

    20-64 WS5100 Series Switch CLI Reference Guide...

  • Page 483: Sole Config Commands

    SOLE Instance Use the instance to configure SOLE related configuration commands. (config-sole) 21.1 SOLE Config Commands Table 21.1 summarizes commands: config-sole Table 21.1 Location Engine Config Command Summary Command Description Ref. adapter Configures the SOLE adapter page 21-2 clrscr Clears the display screen page 21-2 Ends the current mode and moves to the EXEC mode page 21-3...

  • Page 484: Adapter, Clrscr

    21-2 WS5100 Series Switch CLI Reference Guide 21.1.1 adapter SOLE Config Commands Enables/disables a specified adapter, or all the adapters Syntax adapter (aeroscout) (enable) Parameters adapter (aeroscout) SOLE adapter name. (enable) • aeroscout – Defines the name of the adapter •...

  • Page 485

    SOLE Instance 21-3 21.1.3 end SOLE Config Commands Ends and exits the current mode and moves to the PRIV EXEC mode. The prompt changes WS5100# Syntax Parameters None Example WS5100(config-sole)#end WS5100# 21.1.4 exit SOLE Config Commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG). The prompt changes to WS5100(config)# Syntax...

  • Page 486

    21-4 WS5100 Series Switch CLI Reference Guide Example WS5100(config-sole)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.

  • Page 487

    SOLE Instance 21-5 21.1.7 service SOLE Config Commands Invokes service commands to troubleshoot or debug instance configurations (config-if) Syntax service (show) (cli) Parameters show (cli) Displays the CLI tree of current mode Example WS5100(config-sole)#service show cli Location Engine Config mode: +-adapter +-ADAPTER +-enable [adapter (ADAPTER|) enable]...

  • Page 488

    21-6 WS5100 Series Switch CLI Reference Guide 21.1.8 show SOLE Config Commands Displays current system information Syntax show <parameters> show sole [config(adapter)|stats (adapter)|status(adapter|engine)] Parameters Displays the parameters for which information can be viewed using the show command Example sole)#show WS5100(config-...

  • Page 489

    SOLE Instance 21-7 redundancy-history Display state transition history of the switch. redundancy-members Display redundancy group members in detail running-config Current Operating configuration securitymgr Securitymgr parameters sessions Display current active open connections snmp Display SNMP engine parameters snmp-server Display SNMP engine parameters sole Smart Opportunistic Location Engine Configuration...

  • Page 490

    21-8 WS5100 Series Switch CLI Reference Guide WS5100(config-sole)#show sole status adapter Type Status ----------------------------- AeroScout disabled WS5100(config-sole)# WS5100(config-sole)#show sole status engine Type Engine State ------------------------------------------- AeroScout 0.0.0.0 Offline WS5100(config-sole)#...

  • Page 492

    MOTOROLA INC. 1303 E. ALGONQUIN ROAD SCHAUMBURG, IL 60196 http://www.motorola.com 72E-103896-01 Revision A January 2008...

Comments to this Manuals

Symbols: 0
Latest comments: