About This Guide This preface introduces the WS5100 Series CLI Reference Guide and contains the following sections: • Who Should Use this Guide • How to Use this Guide • Conventions Used in this Guide • Motorola Service Information •...
WS5100 Series Switch CLI Reference Guide How to Use this Guide This guide will help you implement, configure, and administer the WS5100 switch and associated network elements. This guide is organized into the following sections: Chapter Jump to this section if you want to...
Chapter Jump to this section if you want to... Chapter 12, “interface Summarizes the commands within the config-if Instance” WS5100 switch command line interface. Chapter 13, “spanning tree- Summarizes the instance commands (config-mst) mst Instance” within the WS5100 switch command line interface. Chapter 14, “Extended ACL Summarizes the commands within...
WS5100 Series Switch CLI Reference Guide Annotated Symbols The following document conventions are used in this document: NOTE: Indicate tips or special requirements. CAUTION: Indicates conditions that can cause equipment damage or data loss. WARNING! Indicates a condition or procedure that could result in personal injury or equipment damage.
Page 7
Motorola Service Information Use the Motorola Support Center as the primary contact for any technical problem, question, or support issue involving Motorola products. Motorola Support Center responds to calls by email, telephone or fax within the time limits set forth in individual contractual...
WS5100 Series Switch CLI Reference Guide Customer Support Website Comprehensive on-line support is available at the MySymbolCare Web site at http://www.symbol.com/support/ . Registration is free and a variety of services can be linked through this Web portal. Product Sales and Product Information...
Page 9
OTHER LEGAL ENTITY, YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO BIND THAT COMPANY, PERSON OR ENTITY. 1. LICENSE GRANT. Subject to the terms of this Agreement, Motorola, Inc. and/or its subsidiaries ("Licensor") hereby grants Licensee a limited, personal, non-sublicensable, non transferable, nonexclusive license to use the software that Licensee is about to download or install and the documentation that accompanies it (collectively, the "Software") for...
Page 10
WS5100 Series Switch CLI Reference Guide 3. INTELLECTUAL PROPERTY; CONTENT. All title and intellectual property rights in and to the Software (including but not limited to any images, photographs, animations, video, audio, music, text and "applets" incorporated into the Software), and any copies you are permitted to make herein are owned by Licensor or its suppliers.
Page 11
6. DISCLAIMER OF WARRANTIES. To the maximum extent permitted by applicable law, Licensor and its suppliers provide the Software and any (if any) Support Services AS IS AND WITH ALL FAULTS, and hereby disclaim all warranties and conditions, either express, implied or statutory, including, but not limited to, any (if any) implied warranties or conditions of merchantability, of fitness for a particular purpose, of lack of viruses, of accuracy or completeness of responses, of results, and of lack of negligence or lack of...
Page 12
"Restricted Rights" as provided for in FAR, 48 CFR 52.227-14 (JUNE 1987) or DFAR, 48 CFR 252.227- 7013 (OCT 1988), as applicable. The "Manufacturer" for purposes of these regulations is Motorola, Inc., One Symbol Plaza, Holtsville, NY 11742. 12. EXPORT RESTRICTIONS. Licensee shall comply with all export laws and restrictions and regulations of the Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control ("OFAC"), or other United States or foreign agency or...
Page 13
xvii waiver. This Agreement shall be governed by the laws of the State of New York without regard to the conflicts of law provisions thereof. The application the United Nations Convention of Contracts for the International Sale of Goods is expressly excluded. Unless waived by Licensor for a particular instance, any action or proceeding arising out of this Agreement must be brought exclusively in the state or federal courts of New York and Licensee hereby consents to the jurisdiction of such courts for any such action or proceeding.
Page 14
WS5100 Series Switch CLI Reference Guide...
Introduction This chapter describes the commands defined by the switch Command Line Interface (CLI). Access the CLI by running a terminal emulation program on a computer connected to the serial port on the front of the switch, or by using a Telnet session via secure shell (SSH) to access the switch over the network.
Page 30
WS5100 Series Switch CLI Reference Guide A session generally begins in USER EXEC mode (one of the two access levels of the EXEC mode). For security, only a limited subset of EXEC commands are available in the USER EXEC mode. This level is reserved for tasks that do not change the configuration of the switch (such as determining the current switch configuration).
Page 31
Introduction 1- User Exec Mode Priv Exec Mode Global Configuration Mode help cluster-cli errdisable logout configure fallback copy page debug hostname ping delete interface quit diff service line show disable local telnet edit logging terminal enable traceroute erase mac-address-table exit management halt help...
WS5100 Series Switch CLI Reference Guide User Exec Mode Priv Exec Mode Global Configuration Mode quit wlan-acl reload rename rmdir service show telnet terminal traceroute upgrade upgrade-abort write 1.2 Getting Context Sensitive Help Enter a question mark (?) at the system prompt to display a list of commands available for each mode.
Page 33
Introduction 1- Command Description (prompt)# abbreviated-command- Completes a partial command name. entry<Tab> (prompt)# ? Lists all commands available in the command mode. prompt)# command ? Lists the available syntax options (arguments and keywords) for the command. (prompt)# command keyword ? Lists the next available syntax option for the command.
WS5100 Series Switch CLI Reference Guide It’s possible to abbreviate commands and keywords to allow a unique abbreviation. For example, “configure terminal” can be abbreviated as . Since the abbreviated config t command is unique, the switch accepts the abbreviation and executes the command.
Introduction 1- • If an instance name (or other parameter) contains whitespace, the name must be enclosed in quotes: WS5100.(Cfg)> spol "Default Switch Policy" WS5100.(Cfg).SPolicy.[Default Switch Policy]> NOTE: CLI commands starting with , at the prompt, is WS5100# ignored and is not executed. Any leading space before a CLI command is ignored in execution 1.4 Using CLI Editing Features and Shortcuts A variety of shortcuts and editing features are available.
Page 36
WS5100 Series Switch CLI Reference Guide Table 1.2 Key Combinations Used to Move the Cursor Function Keystrokes Summary Function Details Left Arrow or Ctrl-B Back character Moves the cursor one character to the left. When entering a command that extends...
Introduction 1- Function Keystrokes Summary Function Details Ctrl-Z Enters the command and returns to the root promp Ctrl-L Refresh input line 1.4.2 Completing a Partial Command Name If you cannot remember a complete command name, or if you want to reduce the amount of typing you have to perform, enter the first few letters of a command, then press the Tab key.
1-10 WS5100 Series Switch CLI Reference Guide 1.4.3 Deleting Entries Use any of the following keys (or key combinations) to delete command entries: Keystrokes Purpose Backspace Deletes the character to the left of the cursor. Ctrl-D Deletes the character at the cursor.
Introduction 1- 1.4.7 Controlling Capitalization Capitalize or lowercase words with a few simple key sequences. The switch’s CLI commands are generally case-insensitive, and all in lowercase. To change the capitalization of commands, use one of the following k sequences: Keystrokes Purpose Esc, C Capitalizes the letters to the right of cursor.
Page 40
1-12 WS5100 Series Switch CLI Reference Guide...
Common Commands This chapter describes the CLI commands used in the USER EXEC and PRIV EXEC modes. The PRIV EXEC command set contains those commands available within the USER EXEC mode. Some commands can be entered in either mode. Commands entered in either USER EXEC mode or PRIV EXEC mode are referred to as EXEC mode commands.
WS5100 Series Switch CLI Reference Guide 2.1.1 clrscr Common Commands Clears the screen and refreshes the prompt (#) Syntax clrscr Parameters None Example WS5100#clrscr 2.1.2 exit Common Commands Ends the current mode and moves to the previous mode Syntax exit...
Page 43
Common Commands Syntax help Parameters None Example WS5100>show ? autoinstall autoinstall configuration banner Display Message of the Day Login banner commands Show command lists crypto encryption module environment show environmental information history Display the session command history interfaces Interface status and configuration Internet Protocol (IP) ldap LDAP server...
Page 44
WS5100 Series Switch CLI Reference Guide 2.1.4 no Common Commands Negates a command or sets its defaults Syntax Parameters None Example (User Exec) WS5100>no ? cluster-cli Cluster context debug Debugging functions page Toggle paging service Service Commands WS5100>no Example (Priv Exec)
Common Commands local Local user authentication database for VPN logging Modify message logging facilities MAC configuration mac-address-table Configure MAC address table management sets properties of the management interface Configure NTP prompt Reset system's prompt radius-server RADIUS server configuration commands redundancy Configure redundancy group parameters service Service Commands...
Page 46
WS5100 Series Switch CLI Reference Guide service (encrypt)(secret)(2)(PASSPHRASE)(plaintext)(keyword) service (save-cli) service (show) [cli|command-history|crash-info|diag|info|memory| process|reboot-history|startup-log|upgrade-history|watchdog] service (show)(crash-info)(PANIC_FILENAME) service (show)(diag)(hardware|led-status|limits|period|stats|top) service (wireless) Parameters (User Exec) diag Diagnostics • enable – Enables in service diagnostics • fanduty <40-100> – Sets the CPU fan PWM duty cycle.
Page 47
Common Commands • inodes[etc2|flash|ram] – File system inode limit • load [1|15|5] – Aggregate processor load • maxFDs <0-32767> – Configures the maximum number of file descriptors. Set between 0 to 32767 • pkbuffers <0-65535>– Configures the packet buffer head cache limit. Set between 0 and 65535 •...
Page 48
WS5100 Series Switch CLI Reference Guide encrypt Encrypts a password or key with a secret passphrase • secret – Encrypts passwords/keys with a secret phrase • 2 – Type of encryption SHA256-AES256 • PASSPHRASE – Defines the passphrase used for encryption •...
Page 49
Common Commands Displays running system information show • cli – Shows the CLI tree of the current mode • command-history – Displays the command (except show commands) history • crash-info – Displays information about core, panic and AP dump files •...
Page 50
2-10 WS5100 Series Switch CLI Reference Guide Syntax (Priv Exec) service [clear|copy|diag|diag-shell|encrypt|pktcap|pm|save-cli| securitymgr|show|start-shell|test|watchdog|wireless] service clear [all|aplogs|clitree|cores|dumps|panics|securitymgr(flows) {<0-349>|WORD|all|eth <1-2>|vlan <1-4094>}] service copy (tech-support) (URL)[tftp|ftp|sftp] service diag [enable|fanduty|identify|limit|period] service diag-shell <Cr> service encrypt service pktcap (on) [bridge|interface|router] service pktcap (on) (bridge) [count <1-99999>|filter|verbose|write]...
Page 51
Common Commands 2-11 service securitymgr [disable|disable-flow-rate-limit|dump-core| enable-http-stats] service (show) [cli|command-history|crash-info|diag|info|last- passwd|memory|pm (history)[name|all]|process|reboot- history|securitymgr|startup-log|upgrade-history|watchdog|wireless] service (show) (securitymgr) (flows)[details|source][A.B.C.D|any](destination) [A.B.C.D|any](protocol) [any|icmp|tcp|udp] service start-shell service test service watchdog service wireless [ap-history|buffer-counters|clear-ap-log| dump-core|enhanced-beacon-table|enhanced-probe-table| idle-radio-send-multicast|legacy-load-balance|radio-misc-cfg| rate-scale|request-ap-log|save-ap-log|snmp-trap-throttle| vlan-cache]...
Page 52
2-12 WS5100 Series Switch CLI Reference Guide Parameters (Priv Exec) clear Performs a variety of reset functions • all – Removes all core, dump and panic files • aplogs – Removes all AP log files • clitree – Removes clitree.html (created by the save-cli command) •...
Page 53
Common Commands 2-13 Sets or displays switch diagnostic values diag • enable – Enables in-service diagnostics • fanduty <40-100> – CPU fan PWM duty cycle. Set a value between 40-100%. Setting a value below 60 is considered unreliable • identify – Identifies a switch by flashing the LEDs •...
Page 54
2-14 WS5100 Series Switch CLI Reference Guide • procRAM – Configures the RAM space used by a process. Set the percentage of RAM space between 0.0 and 100.0 percent. • ram – Configures the free space for the RAM. Configure the free space between 0.0 and 100.0 percent.
Page 55
Common Commands 2-15 Packet capture pktcap (on) [bridge|interface|router| • on – Defines the Capture location vpn] • bridge – Captures at the bridge [count|filter|verbose| write] • count – Limits the capture packet count • filter – Captures the filter • verbose – Displays full packet body •...
Page 56
2-16 WS5100 Series Switch CLI Reference Guide Process Monitor • stop – Stops the PM from monitoring all daemons save-cli Saves the CLI tree for all modes in HTML securitymgr Securitymgr parameterss • disable – Disables securitymgr • disable-flow-rate-limit – Disables flow rate limitings •...
Page 57
Common Commands 2-17 Displays running system information show • cli – Shows the CLI tree of the current mode • command-history – Displays a command (except show commands) history • crash-info – Displays information about core, panic and AP dump files •...
Page 58
2-18 WS5100 Series Switch CLI Reference Guide show securitymgr () Service Security Manager parameters • flows – Sessions established • details|source – Shows detailed flow statistics or source IP address • [A.B.C.D|any] – Flows where source address is A.B.C.D or flows with any source address •...
Page 59
Common Commands 2-19 • legacy-load-balance – Invokes legacy load balance algorithms with the switch • radio-misc-cfg – Radio specific configuration U16 for all radios • rate-scale – Enables wireless rate scaling (default) • request-ap-log – Requests an AP log • save-ap-log – Saves debug/error logs sent by the access-port •...
Page 60
2-20 WS5100 Series Switch CLI Reference Guide Process Monitor • sys-restart – Enables the PM to restart the system when a processes fails prompt Enable crash-info prompt • crash-info – Enables a crash-info prompt radius Enable radius server • restart – Restarts the radius server with updated configuration Set service parameters.
Page 61
Common Commands 2-21 WS5100#service diag led ? 1 - upper LED 2 - lower LED WS5100#service diag led 1 ? amber amber blue blue WS5100#service diag led 1 amber ? flashing LED Flashing LED off LED on WS5100#service diag led 1 amber flashing WS5100#service diag led 1 amber flashing WS5100#service diag led 1 blue on WS5100#service diag led 1 red off...
Page 62
2-22 WS5100 Series Switch CLI Reference Guide WS5100>service show command-history WS5100>service show command-history Configured size of command history is 200 Date & Time User Location Command =================================================================== May 31 21:57:44 2007 admin vty 130 exit May 31 20:30:11 2007 admin...
Common Commands 2-23 - - - shutdown (ungraceful:unexpected cold restart) May 30 17:15:13 2007 startup - - - shutdown (ungraceful:unexpected cold restart) May 29 15:10:51 2007 startup - - - shutdown (ungraceful:unexpected cold restart) May 28 20:06:31 2007 startup - - - shutdown (ungraceful:unexpected cold restart) May 25 14:21:35 2007...
Page 64
2-24 WS5100 Series Switch CLI Reference Guide Parameters Display Parameters Description Mode Example autoinstall Displays the autoinstall configuration Common page 27 banner Displays the message of the day login Common page 27 banner commands Displays command lists Common page 28...
Page 65
Common Commands 2-25 Display Parameters Description Mode Example radius Displays RADIUS configuration Common page 48 commands redundancy-group Displays redundancy group parameters Common page 49 redundancy-history Displays the state transition history of Common page 51 the switch redundancy- Displays redundancy group members in Common page 52 members...
Page 66
2-26 WS5100 Series Switch CLI Reference Guide Display Parameters Description Mode Example access-list Displays the access list Internet Protocol Privilege page 71 (IP) configuration /Global Config aclstats Displays ACL statistics Privilege page 72 /Global Config alarm-log Displays all the alarms currently in the...
Common Commands 2-27 Display Parameters Description Mode Example running-config Displays the current operating Privilege page 76 configuration /Global Config securitymgr Displays debug information for ACL, VPN Privilege page 80 and NAT /Global Config sessions Displays currently open and active Privilege page 80 connections /Global...
2-28 WS5100 Series Switch CLI Reference Guide Parameters motd Defines the Message of the Day banner Example WS5100>show banner motd Welcome to CLI WS5100> 2.2.3 commands Common to all modes Syntax WS5100>show commands Parameters None Example WS5100#show commands acknowledge alarm-log (all|<1-65535>) acknowledge alarm-log (all|<1-65535>)
Common Commands 2-29 2.2.4 crypto Common to all modes Syntax show crypto(ipsec|isakmp|key|map|pki) show crypto ipsec(sa|security-association(lifetime)|transformset) show crypto isakmp(policy(<1-10000>)|sa) show crypto key(mypubkey) show crypto map(interface|tag) show crypto pki(request|trustpoints)
Page 70
2-30 WS5100 Series Switch CLI Reference Guide Parameters ipsec Displays the IPSEC policy [sa|securityassociation • sa – IPSec security association (lifetime)|transformset • security-association – Security association (name)] • lifetime – Defines the lifetime • transformset – Transformset • name – Defines the transform set name or all...
Page 71
Common Commands 2-31 Example WS5100(config)#show crypto pki request tptest -----BEGIN CERTIFICATE REQUEST----- MIIB2zCCAUQCAQAwaDELMAkGA1UEBhMCaW4xEjAQBgNVBAgTCWthcm5hdGFrYTES MBAGA1UEBxMJYmFuZ2Fsb3JlMQ8wDQYDVQQKEwZzeW1ib2wxDDAKBgNVBAsTA3dp ZDESMBAGA1UEAxMJdGVzdC1jZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB gQC3qisZdTn7rKzv5TrGtKt7fwMwaYpgehyl52I4fDLZYY/WTTTJFyKwW6s+Pq2R mM9oiqX8mCZeSEIJIATpAVT2M5Ukb4Br9YQDcWHs84oXRJxKPeZ3WscBld2soPvK ui1LoizZH9iqawmkXED1TFMBbDWiOcfnqQKn8Tddeax/JQIDAQABoDMwMQYJKoZI hvcNAQkOMSQwIjALBgNVHQ8EBAMCBLAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJ KoZIhvcNAQEEBQADgYEAoJMylm3aaY1CnkOO5TbxB+qL4F4MKL6+o/m0yRPqy/2S gkk/OwxHvc3TbA9WjbKkFWIDyqU7X0d+c8f9KogwxDwWHll2IBiTCtBAq6hpgKOv Um9GFvMFps9XVkKtYttN3fer9tA+6xY9CKlr12mNGOYFHyVjMc3Pic0ODFiPHAU= -----END CERTIFICATE REQUEST----- WS5100(config)#show crypto pki trustpoints Trustpoint :default-trustpoint ----------------------------------------------- Server certificate configured Subject Name: Common Name: Symbol Technologies Issuer Name: Common Name: Symbol Technologies...
2-32 WS5100 Series Switch CLI Reference Guide 2.2.5 environment Common to all modes Syntax show environment Parameters None Example WS5100>show environment CPU temperature : 33.0 C system temperature : 33.0 C CPU fan 4354 rpm case fan 8766 rpm WS5100>...
Page 73
Common Commands 2-33 Parameters IFNAME Displays the interface name Displays ethernet interface information switchport Displays native VLAN(s) and allowed VLAN information on switch ports vlan Displays VLAN interface details Usage Guidelines Use the command to display the administrative and operational status show interface of all the interfaces or a specified interface Example...
Page 74
2-34 WS5100 Series Switch CLI Reference Guide 2.2.8 ip Common to all modes Syntax show ip (access-group (IFNAME | eth <1-2> | vlan <1-4094>) | arp | ddns(binding)|dhcp(binding|class|pool|sharednetwork)| dhcp-vendor-options | domain-name | http(secure-server|server)| interface(IFNAME|brief|vlan) | name-server | route(A.B.C.D|A.B.C.D/M|detail) | routing | ssh | telnet ) show ip access-group (IFNAME|eth <1-2>...
Page 75
Common Commands 2-35 Parameters access-group Displays the ACLs attached to an interface • IFNAME – Enter the name of the interface to which the ACL is associated. access-group lists the details of the ACLs configured on the particular Layer 3 or Layer 2 interface •...
Page 76
2-36 WS5100 Series Switch CLI Reference Guide interface Use the show ip interface command to display the administrative and operational status of all Layer-3 interfaces or a specified Layer-3 interface • IF NAME – Interface name. • brief – Brief summary of the IP status and its configuration •...
Page 77
Common Commands 2-37 vlan3 unassigned WS5100(config-if)#shutdown c. Check the stauts. Note that the VLAN has now been disassociated and the status is DOWN. WS5100(config)#show ip interface brief Interface IP-Address Status Protocol vlan1 157.235.208.69(DHCP) vlan3 unassigned administratively down down WS5100(config)# 2. The above example could also occur when a DHCP interface is disconnected. DHCP is not effected though, because it runs on a virtual interface and not on a physical interface.
Page 78
2-38 WS5100 Series Switch CLI Reference Guide option user-class UserClassTest ip dhcp class TestDHCPclass ip dhcp class Add-DHCP-class1 ip dhcp class MonarchDHCPclas option user-class MC9000 ip dhcp class WS5100DHCPclass option user-class MC800 WS5100(config)# WS5100#show ip dhcp pool ip dhcp pool pl ip dhcp pool pool1 domain-name test.com...
Page 79
Common Commands 2-39 WS5100#show ip interface tunnel 1 ? brief Brief summary of IP status and configuration WS5100#show ip interface tunnel 1 brief Interface IP-Address Status Protocol tunnel1 unassigned WS5100#show ip interface vlan 1 brief Interface IP-Address Status Protocol vlan1 157.235.208.233 (DHCP)up WS5100#show ip name-server...
2-40 WS5100 Series Switch CLI Reference Guide 2.2.9 ldap Common to all modes Syntax show ldap(configuration(primary|secondary)) Parameters ldap Defines the LDAP server configuration Sets the LDAP server primary Defines the Primary LDAP server secondary Defines the Secondary LDAP server Example...
Common Commands 2-41 Bind DN cn=kumar,ou=symbol,dc=activedirectory,dc=com Base DN ou=symbol,dc=activedirectory,dc=com Password : 0 symbol@123 Password Attribute : UserPassword Group Name : cn Group Membership Filter: (&(objectClass=group)(member=%{Ldap-UserDn})) Group Member Attr : radiusGroupName Net timeout : 1 second(s) 2.2.10 licenses Common to all modes Syntax show licenses Parameters...
2-42 WS5100 Series Switch CLI Reference Guide Logging to: 10.0.0.2 Log Buffer (6520 bytes): Sep 14 19:11:59 2006: %DAEMON-6-INFO: radiusd[4643]: Ready to process requests. Sep 14 19:11:58 2006: %PM-5-PROCSTOP: Process "radiusd" has been stopped Sep 14 18:51:14 2006: %CC-5-RADIOADOPTED: 11a radio on AP 00-A0-F8-...
Common Commands 2-43 2.2.14 management Common to all modes Syntax show management Parameters None Example WS5100>show management Mgmt Interface: vlan1 Management access permitted via any vlan interface WS5100> 2.2.15 mobility Common to all modes Syntax show mobility [event-log|forwarding|global|mobile- unit|peer|statistics] show mobility event-log [mobile-unit|peer] show mobility forwarding (AA-BB-CC-DD-EE-FF) show mobility mobile-unit [<AA-BB-CC-DD-EE-FF>|detail] show mobility peer [<A.B.C.D>|detail]...
Page 84
2-44 WS5100 Series Switch CLI Reference Guide Parameters event-log Displays the mobility event logs • mobile-unit – MU event logs • peer – Peer event logs forwarding Displays and defines Mobile units in the forwarding plane • AA-BB-CC-DD-EE-FF – MAC address of the mobile unit...
Page 85
Common Commands 2-45 157.235.208.16 157.235.208.16 09/14 19:17:50 ADD-MU 00-0f-3d-e9-a6-54 0.0.0.0 157.235.208.16 157.235.208.16 WS5100>show mobility forwarding Mobility Forwarding-plane Information State: HS : Home-switch CS : Current-switch !HS: Not Home-switch !CS: Not Current-switch Mac-Address IP-Address State HS-Vlan Tunnel WS5100> WS5100>show mobility global Mobility Global Parameters Admin Status : DISABLED...
2-46 WS5100 Series Switch CLI Reference Guide WS5100(config)#show mobility statistics MU <00-0f-3d-e9-a6-54> Mob-State HS_AND_CS ----------------------------------------------- Inter- face |unicast Error |unicast Error wlan_port 2.2.16 ntp Common to all modes Syntax show ntp (association (detail)|status) Parameters Displays the Network Time Protocol (NTP) configuration...
2-48 WS5100 Series Switch CLI Reference Guide Example WS5100>show privilege Current user privilege: superuser WS5100> 2.2.19 radius Common to all modes Syntax show radius (configuration | eap (configuration)| group | nas ( A.B.C.D/M)| proxy | rad-user | trust-point) Parameters radius...
Common Commands 2-49 2.2.20 redundancy-group Common to all modes This command displays the switch’s IP address, number of active neighbors, group license, installed license, cluster AP adoption count, switch adoption count, hold time, discovery time, heartbeat interval, cluster id and switch mode. In a cluster, this command displays the redundancy runtime and configuration of the “self-switch”.
Page 90
2-50 WS5100 Series Switch CLI Reference Guide Radio Portals adopted by Group : Not Applicable Radio Portals adopted by this Switch : Not Applicable Rogue APs detected in this Group : Not Applicable Rogue APs detected by this Switch : Not Applicable...
Common Commands 2-51 MUs associated in this Group : Not Applicable MUs associated in this Switch : Not Applicable Selfhealing RPs in this Group : Not Applicable Selfhealing APs in this Switch : Not Applicable Group maximum AP adoption capacity : Not Applicable Switch Adoption capacity : Not Applicable...
2-52 WS5100 Series Switch CLI Reference Guide 2.2.22 redundancy-members Common to all modes Displays the member switches in the cluster. The user can provide the of the IP address switch in cluster whose information alone is needed. Syntax show redundancy-members (A.B.C.D) Parameters A.B.C.D...
Common Commands 2-53 Example WS5100>show snmp user snmpmanager userName access engineId Authentication Encryption snmpmanager 800001848067458b6bd7157745 WS5100> WS5100>show snmp user snmpoperator userName access engineId Authentication Encryption snmpoperator 800001848067458b6bd7157745 WS5100> WS5100>show snmp user snmptrap userName access engineId Authentication Encryption snmptrap 800001848067458b6bd7157745 WS5100> 2.2.24 snmp-server Common to all modes Syntax...
Page 94
2-54 WS5100 Series Switch CLI Reference Guide Example WS5100>show snmp-server traps ------------------------------------------------------------------- Global enable flag for Traps ------------------------------------------------------------------- Enable flag status for Individual Traps ------------------------------------------------------------------- Module Type Trap Type Enabled?[Y/N] ------------------------------------------------------------------- snmp coldstart snmp linkdown snmp linkup snmp authenticationFail dhcpIPChanged...
Page 96
2-56 WS5100 Series Switch CLI Reference Guide Parameters config (adapter) Shows the switch SOLE adapter configuration (ADAPTER NAME) • adapter – Show the existing configuration of the SOLE adapters stats (adapter) Displays SOLE adapter statstics (ADAPTER NAME) • adapter – Displays SOLE adapter statstics...
Common Commands 2-57 2.2.26 spanning-tree Common to all modes Syntax show spanning-tree (mst)[config| detail(interface){IF Name|eth <1-2>|vlan <1-4094>}| instance <1-15> (interface){IF NAME|eth <1-2>|vlan <1-4094>}] Parameters config Displays MSTP configuration information detail(interface) Displays detailed interface information {IF Name|eth <1-2>|vlan • IF Name – Displays the interface name <1-4094>} •...
Common Commands 2-59 2.2.28 terminal Common to all modes Syntax show terminal Parameters None Example WS5100>show terminal Terminal Type: vt102 Length: 44 Width: 125 WS5100> 2.2.29 timezone Common to all modes Syntax show timezone Parameters None Example WS5100>show timezone Timezone is Etc/UTC WS5100>...
2-60 WS5100 Series Switch CLI Reference Guide 2.2.30 users Common to all modes Syntax show users Parameters None Example WS5100>show users Line User Uptime Location 0 con 0 admin 06:08:11 ttyS0 130 vty 0 2308 admin 00:35:18 WS5100> 2.2.31 version...
Page 101
Common Commands 2-61 Switch uptime is 0 days, 6 hours 10 minutes CPU is Intel(R) Pentium(R) 4 CPU 2.00GHz PCI bus 3 device 8 function 1 Ethernet controller Intel Corporation 82546EB Gigabit Ethernet Controller (Copper) PCI bus 3 device 8 function 0 Ethernet controller Intel Corporation 82546EB Gigabit Ethernet Controller (Copper)
2-62 WS5100 Series Switch CLI Reference Guide 2.2.32 wireless Common to all modes Syntax show wireless [(aap-version| ap (<1-48>|<AA-BB-CC-DD-EE-FF>)| ap-detection-config | ap-images | ap-unadopted | approved-aps | channel-power (11a (indoor | outdoor))| 11b (indoor | outdoor)| 11bg (indoor | outdoor))|...
Page 103
Common Commands 2-63 Parameters aap-version Displays the minimum adaptive firmware version string Status of the adopted access port • <1-48> – Defines the index of the access port • AA-BB-CC-DD-EE-FF – Sets the MAC address of a access port ap-detection-config Detected AP configuration parameters ap-images Displays the access port images on the switch...
Page 104
2-64 WS5100 Series Switch CLI Reference Guide Displays intrusion detection configuration parameters • configured-bad-essids – Displays a list of bad essids. This parameter sets the number of seconds a MU is filtered • filter-list – Displays the list of currently filtered mobile...
Page 105
Common Commands 2-65 phrase-to-key Displays the WEP keys generated by a passphrase • wep128 – Displays WEP128 keys • wep64 – Displays WEP64 keys qos-mapping Quality of service mappings used for mapping WMM access categories and 802.1p/DSCP tags • wired-to-wireless – Mappings used when traffic is switched from wired to the wireless side •...
Page 106
2-66 WS5100 Series Switch CLI Reference Guide unapproved-aps Defines unapproved APs seen by an access port or a mobile unit’s scan wireless-switch- Wireless-switch statistics statistics • detail – Displays detailed wireless-switch statistics wlan Displays wireless LAN parameters config WLAN configuration <1-32>...
Page 107
Common Commands 2-67 ap4131 Revert-AP4131 665704 00.00-00 WS5100> WS5100>show wireless ap-unadopted WS5100> WS5100>show wireless approved-aps access-port detection is disabled WS5100> WS5100>show wireless channel-power 11a indoor % Error: No valid channels or power levels WS5100> WS5100>show wireless config country-code : None adoption-pref-id proxy-arp : enabled...
Page 108
2-68 WS5100 Series Switch CLI Reference Guide Footer : Image URL main: Image URL small: Page-type : fail Title : Unable to authenticate Header : Authentication Failed. Description : Either the username and password are invalid, or service is unavailable at this time...
Common Commands 2-71 2.2.34 access-list Priviledge / Global Config Displays the access lists (numbered and named) configured on the switch. The numbered access list displays numbered ACLs. The named access list displays named ACL details. Syntax show access-list show access-list ( <1-99> | <100-199> | <1300-1999> | <2000-2699> | WORD ) Show access-list <acl-name>...
2-72 WS5100 Series Switch CLI Reference Guide 2.2.35 aclstats Priviledge / Global Config Displays the statisitcs of configured access lists Syntax aclstats [<name>|vlan <1-4094>] Parameters IFNAME Displays the interface name. vlan <1-4092> Defines the VLAN interface. Select from an index value...
Common Commands 2-73 severity-to-limit Displays the alarms having specified a severity, as well as those alarms with a severity higher than the specified value critical Displays all critical alarms informational Displays all informational or higher severity alarms major Displays all major or higher severity alarms normal Displays all normal or higher severity alarms warning...
2-74 WS5100 Series Switch CLI Reference Guide Example WS5100#show clock Jun 01 00:51:34 UTC 2007 WS5100# 2.2.39 debugging Priviledge / Global Config Syntax show debugging (mstp) Parameters mstp Displays the current MSTP configuration Example WS5100(config)#show debugging mstp MSTP debugging status: WS5100(config)# 2.2.40 dhcp...
Common Commands 2-75 address range xxx.xxx.xx.xx aaa.aaa.aa.aa WS5100# 2.2.41 file Privilege / Global Config Syntax show file (information (FILE)| systems) Parameters information Displays file information FILE Displays the information on file systems Lists existing filesystems Example WS5100#show file systems File Systems: Size(b) Free(b) Type...
2-76 WS5100 Series Switch CLI Reference Guide FTP Server: Disabled User Name: anonymous or ftpuser Password: ******** Root dir: flash:/ WS5100# 2.2.43 password-encryption Priviledge / Global Config Syntax show password-encryption (status) Parameters status Displays the existing password-encryption status Example WS5100#show password-encryption status...
Page 117
Common Commands 2-77 Example WS5100(config)#show running-config ! configuration of WS5100 version 3.1.0.0-008D version 1.0 service prompt crash-info username admin password 1 8e67bb26b358e2ed20fe552ed6fb832f397a507d username admin privilege superuser username operator password 1 fe96dd39756ac41b74283a9292652d366d73931f spanning-tree mst config name My Name country-code us logging buffered 4 logging console 4 snmp-server sysname WS5100 snmp-server manager v2...
Page 118
2-78 WS5100 Series Switch CLI Reference Guide radius-server local interface eth1 switchport access vlan 2100 interface eth2 switchport access vlan 1 interface vlan1 ip address 192.168.2.1/24 sole aaa authentication login default local none line con 0 line vty 0 24...
Page 119
Common Commands 2-79 name My Name no management secure ip domain-lookup service diag period 1000 service diag enable country-code us redundancy group-id 1 redundancy interface-ip 0.0.0.0 redundancy mode primary redundancy hold-period 15 redundancy heartbeat-period 5 redundancy discovery-period 30 no redundancy handle-stp enable no redundancy dhcp-server enable no redundancy enable ..........
User Exec Commands Logging in to the switch places you within the USER EXEC command mode. Typically, a login requires a user name and password. You have three login attempts before a connection attempt is refused. USER EXEC commands (available at the user level) are a subset of the commands available at the privileged level.
WS5100 Series Switch CLI Reference Guide Table 3.1 User Exec Mode Command Summary Command Description Ref. enable Turns on (enables) the privileged mode command set page 3-6 exit Ends the current mode and moves down to the page 2-2 previous mode...
Page 125
User Exec Commands Parameters crypto Clears IPSec/ISAKMP SAs for a given peer • ipsec – Clears IPSec SA’s • isakmp – Clears ISAKMP SA’s • sa – Clears all IPSec/ISAKMP SA's • Peer IP – Peer IP address. mobility Clears mobility attributes •...
WS5100 Series Switch CLI Reference Guide 3.1.2 cluster-cli User Exec Commands Use this command to enter the cluster-cli context. The cluster-cli context provides centralized management to configure all cluster members from any one member. Any command executed under this context will be executed to all the switches in the cluster.
Page 127
User Exec Commands ip () Internet Protocol (IP) • https – Secure HTTP (HTTPS) server • ssh – Secured Shell (SSH) server mobility () L3 mobility. • cc – ccserver events • error – Error events • forwarding – Dataplane forwarding •...
WS5100 Series Switch CLI Reference Guide WS5100>debug mobility peer WS5100> WS5100>debug mobility system WS5100> 3.1.4 disable User Exec Commands Enables the PRIV mode in order to use the disable command. Use the command disable to exit the PRIV mode. Syntax...
Parameters None Example The WS5100 Series Switch logs off on execution of this command. 3.1.7 page User Exec Commands Use the page command to toggle the switch paging function. Enabling this command displays the CLI command output page by page, instead of running the entire output at once.
User Exec Commands 3.1.11 terminal User Exec Commands Sets the length/number of lines displayed within the terminal window Syntax terminal[length <0-512>|no(length <0-512>|width)|width <0-512> ] Parameters length Sets the number of lines on a screen Negates a command or sets its defaults width Sets the width/number of characters on a screen line Example...
Page 132
3-10 WS5100 Series Switch CLI Reference Guide...
Privileged Exec Commands Most PRIV EXEC commands set operating parameters. Privileged-level access should be password protected to prevent unauthorized use. The PRIV EXEC command set includes commands contained within the USER EXEC mode. The PRIV EXEC mode also provides access to configuration modes, and includes advanced testing commands. The PRIV EXEC mode prompt consists of the host name of the device followed by a pound sign (#).
Page 134
WS5100 Series Switch CLI Reference Guide Table 4.1 Priv Exec Mode Command Summary Command Description Ref. Changes current directory page 4-6 change-passwd Changes the password of the logged user page 4-6 clear Resets functions to last saved configuration page 4-7...
Page 135
Privileged Exec Commands Table 4.1 Priv Exec Mode Command Summary Command Description Ref. mkdir Creates a directory page 4-21 more Displays the contents of a file page 4-21 Negates a command or sets its defaults page 2-4 page Toggles the paging function page 4-23 ping Sends ICMP echo messages to a specified location...
WS5100 Series Switch CLI Reference Guide 4.1.1 acknowledge Priv Exec Command Acknowledges alarms Syntax acknowledge alarm-log [<1-65535> | all] Parameters alarm-log Acknowledges alarms • <1-65535> – Acknowledges the specific alarm ID • all – Acknowledges all alarms Example WS5100#acknowledge alarm-log all No corresponding record found in the Alarm Log.
Page 137
Privileged Exec Commands FILE Defines a Tar filename Tar file URL Example How to zip the folder flash:/log/? WS5100#archive tar /create flash:/out.tar flash:/log/ tar: Removing leading '/' from member names flash/log/ flash/log/snmpd.log flash/log/messages.log flash/log/startup.log flash/log/radius/ WS5100#dir flash:/ Viewing the output tar file? Directory of flash:/ drwx 1024...
WS5100 Series Switch CLI Reference Guide 4.1.3 cd Priv Exec Command Changes the current directory Syntax cd [DIR|] Parameters Changes current directory to DIR. Example WS5100#cd nvram:/ system:/ flash:/ WS5100#cd flash:/? Change current directory to DIR WS5100#cd flash:/ flash:/backup/ flash:/crashinfo/...
Privileged Exec Commands Verify the console displays a “password successfully changed” message. NOTE: The console (by default), does not display a user entered keyword for an old password and new password. Leaving the old password and new password fields empty displays the following error message: Error: Invalid password length.
Page 140
WS5100 Series Switch CLI Reference Guide Parameters aclstats Clears ACl statistics alarm-log Clears alarm-log • <1-65535> – Clears the specific alarm ID • acknowledge – Clears acknowledged alarms • all – Clear all alarms • new – Clear new alarms arp-cache Clears the ARP cache.
Page 141
Privileged Exec Commands mac-address-table Clears entries in the forwarding database • dynamic – Clears all dynamic entries • multicast – Clears all multicast entries • static – Clears all management configured entries • address – Clears a specified MAC address •...
Privileged Exec Commands 4-11 Parameters enable Enables the switch cluster context Example 4.1.8 configure Priv Exec Command Enters into the configuration mode Syntax configure terminal Parameters terminal Configure from the terminal Example WS5100#configure terminal Enter configuration commands, one per line. End with CNTL/Z. WS5100(config)# 4.1.9 copy Priv Exec Command...
4-12 WS5100 Series Switch CLI Reference Guide Parameters FILE Target file from which to copy Target URL from which to copy Example Transferring file snmpd.log to remote tftp server? WS5100#copy flash:/log/snmpd.log tftp://157.235.208.105:/snmpd.log Accessing running-config file from remote tftp server into switchrunning-config? WS5100#copy tftp://157.235.208.105:/running-...
Privileged Exec Commands 4-15 [y/n]? n Delete flash:/backup//imish_1087_18381X.core.gz [y/n]? n WS5100# 4.1.12 diff Priv Exec Command View the differences between 2 files Syntax diff (FILE|URL) (FILE|URL) Parameters FILE Displays the differences between a FILE Displays the differences between a URL Example WS5100#diff startup-config running-config --- startup-config...
4-16 WS5100 Series Switch CLI Reference Guide 4.1.13 Priv Exec Command View the list of files on a filesystem Syntax dir ({/all|/recursive}|) (DIR|all-filesystems|) Parameters /all Lists all files /recursive Lists files recursively Lists files in the named file path all-filesystems...
Privileged Exec Commands 4-17 4.1.14 disable Priv Exec Command Turns off the privileged mode command Syntax disable Parameters None Example WS5100#disable WS5100> 4.1.15 edit Priv Exec Command Edits a text file Syntax edit FILE Parameters FILE Name of the file to be modified Example WS5100#edit startup-config GNU nano 1.2.4...
Privileged Exec Commands 4-19 Example WS5100#erase flash: % Error: path is a directory WS5100#erase ne WS5100#erase nvram: % Error: no user deleteable files in nvram: WS5100#erase startup-config WS5100# 4.1.18 halt Priv Exec Command Stops (halts) the switch Syntax halt Parameters None Example WS5100#halt...
4-20 WS5100 Series Switch CLI Reference Guide Example Telnet to switch [xyz@xyz xyz]$ telnet 157.235.208.93 Trying 157.235.208.93... Connected to 157.235.208.93 (157.235.208.93). Escape character is '^]'. WS5100 release 3.0.0.0-19193X Login as 'cli' to access CLI. WS5100 login: root WS5100#show sessions SESSION...
Privileged Exec Commands 4-21 Example WS5100#logout WS5100 release 3.0.0.0-200B Login as 'cli' to access CLI. WS5100 login: 4.1.21 mkdir Priv Exec Command Creates a new directory in the filesystem. Syntax mkdir DIR Parameters Directory name Example WS5100#mkdir TestDIR WS5100# 4.1.22 more Priv Exec Command View the contents of a file Syntax...
Page 154
4-22 WS5100 Series Switch CLI Reference Guide Licensed AP count changed to 48 Sep 08 12:27:31 2006: %CC-5-COUNTRYCODE: config: setting country code to [in: India] Sep 08 12:27:31 2006: %DAEMON-6-INFO: radiusd [460]: Ready to process requests. Sep 08 12:27:35 2006: %DAEMON-6-INFO: init:...
4-24 WS5100 Series Switch CLI Reference Guide 4.1.25 pwd Priv Exec Command View the contents of the current directory. Syntax Parameters None Example WS5100#pwd flash:/ WS5100# 4.1.26 quit Priv Exec Command Exits the current mode and moves to the previous mode...
4-26 WS5100 Series Switch CLI Reference Guide 4.1.29 rmdir Priv Exec Command Deletes an existing file from the file system Syntax rmdir DIR Parameters Name of the directory to delete Example WS5100#rmdir flash:/NewTestDir/ WS5100#DIR Directory of flash:/ drwx 1024 Wed Jul 19 19:14:05 2006...
Privileged Exec Commands 4-27 Example WS5100#telnet 157.111.222.33 Entering character mode Escape character is '^]'. Red Hat Linux release 9 (Shrike) Kernel 2.4.20-6bigmem on an i686 login: cli Password: 4.1.31 terminal Priv Exec Command Sets the length/number of lines displayed on the terminal Syntax terminal[length <0-512>|no(length <0-512>|width)|width <0-512>...
4-28 WS5100 Series Switch CLI Reference Guide 4.1.32 traceroute Priv Exec Command Traces a route to a destination Syntax traceroute (WORD | ip WORD) Parameters WORD Traces a route to a destination address or hostname IP trace Example WS5100#traceroute 157.222.333.33 traceroute to 157.235.208.39 (157.235.208.39), 30 hops max, 38 byte...
Page 161
Privileged Exec Commands 4-29 Removing other partition Sep 08 15:57:18 2006: %KERN-6-INFO: EXT3 FS on hda1, internal journal. Making file system Extracting files (this can take some time).Sep 08 15:57:23 2006: %KERN-6-INFO: kjournald starting. Commit interval 5 seconds. Sep 08 15:57:23 2006: %KERN-6-INFO: EXT3 FS on hda6, internal journal.
Global Configuration Commands The term global is used to indicate characteristics or features effecting the system as a whole. Use the Global configuration mode to configure the system globally, or enter specific configuration modes to configure specific elements (such as interfaces or protocols).
WS5100 Series Switch CLI Reference Guide 5.1 Global Configuration Commands Table 5.1 summarizes the Global Config commands Table 5.1 Global Config Mode Command Summary Command Description Ref. Configures the current authentication, authorization page 5-4 and accounting (aaa) login settings access-list...
Page 167
Global Configuration Commands Table 5.1 Global Config Mode Command Summary Command Description Ref. Internet Protocol (IP) page 5-27 license Sets license management commands page 5-32 line Configures a terminal line page 5-33 local Sets the username and password for local user page 5-33 authentication.
Global Configuration Commands A.B.C.D IP address Usage Guidelines Use an AAA login to determine whether management user authentication must be performed against a local user database or an external RADIUS server 5.1.2 access-list Global Configuration Commands Adds an access list entry. Use the access list command (under global configuration) to configure the access list mechanism for filtering frames by protocol type or vendor code Syntax access-list...
Page 170
WS5100 Series Switch CLI Reference Guide NOTE Using moves you to the access-list [<100-199>|<2000-2699>] instance. For additional information, see (config-ext-nacl) Extended ACL Instance on page 14-1. Using moves you to the access-list [<1-99>|<1300-1999>] instance. For additional information, see (config-std-nacl) Standard ACL Instance on page 15-1.
Page 171
Global Configuration Commands Parameters access-list Adds a standard access list entry. (<1-99>|<1300-1999>) • (<1-99>|<1300-1999>) – Defines access numbers from (deny|permit|mark 1 to 99 or 1300 to 1999 (8021p <0-7> | • (deny|permit|mark) – Defines action types on an ACL. tos <0-255>)) The action type is functional only over a Port ACL mark...
Page 172
WS5100 Series Switch CLI Reference Guide access-list Adds an extended IP access list entry using IP keyword (<100-199>|<2000-2699>) • <100-199>|<2000-2699> – For IP type of extended ACL, {deny | permit | mark the ACL number must be between 100-199 {dot1p <0-7> | tos <0- •...
Page 173
Global Configuration Commands access-list Adds an Extended IP access list entry using an icmp keyword. (<100-199>|<2000-2699>) • (<100-199>|<2000-2699>) – For ICMP extended ACLs, {deny | permit | mark the ACL must be between 2000-2699 {dot1p <0-7> | tos <0- • {deny | permit | mark {dot1p <0-7> | tos <0-255>}} – 255>}} Defines the action on an ACL.
Page 174
5-10 WS5100 Series Switch CLI Reference Guide Use an access list command under the global configuration to create an access list. The switch supports port, router and WLAN ACL’s. • When the access list is applied on an Ethernet port, it becomes a port ACL •...
5-12 WS5100 Series Switch CLI Reference Guide 5.1.4 banner Global Configuration Commands Defines a login banner for the switch Syntax banner(motd(LINE|default)) Parameters motd Sets the message of the day banner LINE Defrine a custom MOTD string default Sets a default MOTD string...
Global Configuration Commands 5-13 5.1.5 boot Global Configuration Commands Reboots the switch with an image in the mentioned partition (either the primary or secondary partition) Syntax boot(system) [primary|secondary] Parameters system Specifies the boot image used after reboot primary Specifies the primary image secondary Specifies the secondary image Example...
5-14 WS5100 Series Switch CLI Reference Guide Usage Guidelines Enables or disables MSTP globally. Use a command with the bridge-forward parameter to disable MSTP and change all ports to a forwarding state Example WS5100(config)#bridge multiple-spanning-tree enable WS5100(config)# 5.1.7 country-code Global Configuration Commands Sets the country of operation.
Page 179
Global Configuration Commands 5-15 Denmark Dominican Republic Ecuador Estonia Egypt Spain Finland France United Kingdom Greece Guatemala Guam Hong Kong Honduras Croatia Haiti Hungary Indonesia Ireland Israel India Iceland Italy Jordan Japan South Korea Kuwait Kazakhstan Liechtenstein Sri Lanka Lithuania Luxembourg Latvia Morocco...
5-16 WS5100 Series Switch CLI Reference Guide Saudi Arabia Sweden Singapore Slovenia Slovak Republic Thailand Turkey Taiwan Ukraine United States Uruguay Venezuela Vietnam South Africa WS5100(config)#country-code 5.1.8 crypto Global Configuration Commands NOTE: moves you to the crypto isakmp(policy)Priority instance. For more information, see config-crypto-isakmp crypto-isakmp on page 6-1.
Page 182
5-18 WS5100 Series Switch CLI Reference Guide Parameters ipsec (security- Configures IPSEC policies association| transform- • security-association – Defines the security association set) parameter used to define its lifetime • lifetime (kilobyte | seconds) – The lifetime of IPSEC security association. It can be defined in either: kilobytes –...
Page 183
Global Configuration Commands 5-19 isakmp Configures the Internet Security Association and Key Management Protocol (ISAKMP) policy [client|keepalive|key| • client configuration (group) (default) – Leads to the peer|policy] config-cryptogroup instance For more details see crypto-group on page 7-1. • keepalive <10-3600> – Sets a keepalive interval for use with remote peers.
Page 184
5-20 WS5100 Series Switch CLI Reference Guide Authentication key management functions [export|generate|import| • export rsa<name> URL [tftp|ftp] – Exports a keypair related configuration zeroize] • generate rsa<name> <1024-2048> – Generates a keypair • <1024-2048> – Size of keypair in bit •...
Page 185
Global Configuration Commands 5-21 pki [authenticate|enroll| Configures certificate parameters. The public key export|import|trustpoint] infrastructure is a protocol that creates encrypted public keys using digital certificates from certificate authorities. PKI ensures each online party is who they claim to be • authenticate <name> (terminal|tftp|ftp) – Defines the authenticate and import CA certificate •...
Page 186
5-22 WS5100 Series Switch CLI Reference Guide ................crypto isakmp key 12345678 address 4.4.4.4 crypto ipsec security-association lifetime kilobytes 4608000 WS5100(config)# WS5100(config)#no crypto isakmp key 12348 address 4.4.4.4 WS5100(config)# In the example above, is associated with IP . Currently key 12345678 address 4.4.4.4...
Global Configuration Commands 5-23 5.1.9 do Global Configuration Commands Runs commands from either the User Exec or Priv Exec mode Syntax do (command of other mode) Parameters None. Example WS5100(config)#do ping 157.235.208.69 PING 157.235.208.69 (157.235.208.69): 100 data bytes 128 bytes from 157.235.208.69: icmp_seq=0 ttl=64 time=0.1 ms 128 bytes from 157.235.208.69: icmp_seq=1 ttl=64 time=0.0 ms 128 bytes from 157.235.208.69: icmp_seq=2 ttl=64 time=0.0 ms 128 bytes from 157.235.208.69: icmp_seq=3 ttl=64 time=0.0 ms...
Global Configuration Commands 5-25 5.1.12 fallback Global Configuration Commands Enables and configures the software fallback feature. Failure to boot with configured "use on boot" image allows booting with other image Syntax fallback(enable) Parameters enable Enables the software fallback feature Example WS5100(config)#fallback enable WS5100(config)# 5.1.13 ftp...
5-26 WS5100 Series Switch CLI Reference Guide Example WS5100(config)#ftp enable WS5100(config)# 5.1.14 hostname Global Configuration Commands Changes the system’s network name Syntax hostname(WORD) Parameters WORD Provide the name for the systems network Example WS5100(config)#hostname Eldorado Eldorado(config)# 5.1.15 interface Global Configuration Commands Configures a selected interface.
Page 191
Global Configuration Commands 5-27 vlan <1-4094> Defines the VLAN interface Usage Guidelines Use the to delete the specified SVI. Valid [no] interface {<interface-name>} interfaces include all VLANx interfaces. Example WS5100(config)#interface eth 2 WS5100(config-if)# WS5100(config)#interface vlan 2 WS5100(config-if)# 5.1.16 ip Global Configuration Commands Configures a selected Internet Protocol NOTE: Using moves you to the...
Page 192
5-28 WS5100 Series Switch CLI Reference Guide ip dhcp class (class name) ip dhcp excluded-address(A.B.C.D) ip dhcp option(option name) ip dhcp ping(timeout(<1-10>)) ip dhcp pool(pool name) ip domain-lookup ip domain-name(WORD) ip http(secure-server|secure-trustpoint(WORD)|server(localhost)) ip local[pool(default{low-ip-address(A.B.C.D)})] #ip name-server(A.B.C.D) ip nat (inside|outside) [destination|source] static <A.B.C.D>...
Page 193
Global Configuration Commands 5-29 dhcp DHCP server configuration • bootp – Defines the BOOTP specific configuration • ignore – Configures the DHCP server to ignore BOOTP requests • class – Defines a DHCP class and enters the DHCP class configuration mode •...
Page 194
5-30 WS5100 Series Switch CLI Reference Guide name-server (A.B.C.D) Specifies the DNS server for the DHCP client. A maximum of 6 name servers can be configured. Servers are tried in the order entered • A.B.C.D – IP address of DNS server.
Page 195
Global Configuration Commands 5-31 Usage Guidelines 1 1. Use the command along with ip to undo any IP based configuration. [no] ip(access-list|default-gateway|dhcp|domain-lookup| domain-name|http|local|name-server|nat|route|routing|ssh|telnet) 2. When using the parameter, enter the following contexts: ip access-list • ext-nacl – extended ACL. For more information, see Extended ACL Instance on page 14-1 •...
5-32 WS5100 Series Switch CLI Reference Guide 4. Associate the DHCP class, created in Step 1 with the pool created in Step 3. The switch supports the association of only 8 CDHCP classes with a pool. WS5100(config-dhcp)#class WS5100DHCPclass WS5100(config-dhcp-class)# 5. The switch leads you to a new mode (config-dhcp-class). Use this mode to add address range to be used for the DHCP class, associated with the pool.
Global Configuration Commands 5-33 5.1.18 line Global Configuration Commands Configures the terminal line Syntax line(console|vty) Parameters console Primary terminal line. Configure a value between 0-0 Virtual terminal. Set a value between 0-871 5.1.19 local Global Configuration Commands Sets the username and password for local user authentication Syntax local(username,password) Parameters...
5-34 WS5100 Series Switch CLI Reference Guide 5.1.20 logging Global Configuration Commands Modifies message logging facilities Syntax logging(aggregation- time|buffered|console|facility|host|monitor|on|syslog) logging aggregation-time(<1-20>) logging buffered(<0- 7>|alerts|critical|debugging|emergencies|errors|informational| notifications|warnings) Parameters aggregation-time Sets the number of seconds for aggregating repeated messages. The value can be configured between 1-60...
5-36 WS5100 Series Switch CLI Reference Guide Usage Guidelines To delete Standard/Extended and MAC ACL, use no access-list <access-list name> under the Global Config mode. Example WS5100(config)#mac access-list extended Test1 WS5100(config-ext-macl)# NOTE: By using the parameter, enter the following ip access-list contexts: •...
Global Configuration Commands 5-37 5.1.23 management Global Configuration Commands Sets management interface properties Syntax management(secure) Parameters secure Limits local access (Web/Telnet etc.) to the management interface Example WS5100(config)#management secure WS5100(config)# 5.1.24 ntp Global Configuration Commands Configure NTP values Syntax ntp(access-group|authenticate|authentication-key|autokey| broadcast|broadcastdelay|master|peer|server|trusted-key) ntp access-group(peer|query-only|serve|serve-only) ntp access-group peer(<1-99>|<1300-1999>)
Page 202
5-38 WS5100 Series Switch CLI Reference Guide ntp master <1-15> ntp peer(WORD) ntp peer WORD(autokey|key|prefer|version) ntp peer WORD autokey(prefer|version<1-4>) ntp peer WORD key(<1-65534>(prefer|version(<1-4>))) ntp peer WORD prefer (version<1-4>) ntp peer TestPeer version<1-4> ntp server(WORD) ntp server WORD(autokey|key|prefer|version) ntp server WORD autokey(prefer|version<1-4>) ntp server WORD key(<1-65534>(prefer|version(<1-4>)))
Page 203
Global Configuration Commands 5-39 host Configures the switch as a trusted host broadcast Configures the NTP broadcast service client Listens to NTP broadcasts destination Configures broadcast destination address WORD Define the destination broadcast IP address Sets the broadcast key <1-65534> Defines the Key ID version Sets the NTP version...
Page 204
5-40 WS5100 Series Switch CLI Reference Guide <1-65534> Define the Key number Example WS5100(config)#ntp peer ? WORD Name/IP address of peer WS5100(config)#ntp peer TestPeer ? autokey Configure autokey peer authentication scheme Configure peer authentication key prefer Prefer this peer when possible...
Global Configuration Commands 5-41 5.1.25 prompt Global Configuration Commands Configures and sets the systems prompt Syntax prompt(LINE) Parameters LINE Enter the new prompt displayed by the system Example WS5100(config)#prompt NobleMan NobleMan 5.1.26 radius-server Global Configuration Commands Enters the RADIUS server mode. The system prompt changes from the default config mode to RADIUS server mode NOTE: mode moves you to the RADIUS server...
5-42 WS5100 Series Switch CLI Reference Guide Password is specified UNENCRYPTED Password is encrypted with password-encryption secret LINE Text of shared key, upto 127 characters local Configures local RADIUS server parameters.This takes you to a new context. Refer Radius config-radius-server...
Page 207
Global Configuration Commands 5-43 auto-revert-period Sets the redundancy auto-revert delay interval in minutes. <1-1800> The default is 5 minutes dhcp-server (enable) Enables the DHCP Redundancy protocol discovery-period <10-60> Sets the redundancy discovery interval in seconds. The default is 30 seconds enable Enables the redundancy protocol group-id <1-65535>...
5-44 WS5100 Series Switch CLI Reference Guide 5.1.28 service Global Configuration Commands Use this command to retrieve system data (tables, log files, configuration, status and operation) for use in debugging and problem resolution. To view the command of service User Exec and Priv Exec Mode, refer to service on page 2-5.
Page 211
Global Configuration Commands 5-47 Parameters community Sets the community string and access privileges • ro – Read-only access with this community string. • rw – Read-write access with this community string. contact Text for mib object sysContact. • LINE – Sets the contact person for this managed node.
Page 212
5-48 WS5100 Series Switch CLI Reference Guide enable (traps) diagnostics ( ) Enables diagnostics traps • cpuLoad15Min – Average CPU load for last 15 minutes exceeds limit • cpuLoad1Min • cpuLoad5Min • fanSpeedLow • fileDescriptors • ipRouteCache • packetBuffers • processMemoryUsage •...
Page 213
Global Configuration Commands 5-49 enable (traps) radius-server () Enables radius-server traps. • radiusServerDown – RADIUS server down • radiusServerUp – RADIUS server up enable (traps) redundancy ( ) Enables redundancy traps • adoptionExceeded – Redundancy port adoption exceeded • grpAuthLevelChanged – Redundancy group Authorization Level changed •...
Page 215
Global Configuration Commands 5-51 • deniedAssociationOnErr – Wireless station denied association due to internal error • deniedAssociationOnInvalidWPAWPA2 IE – Wireless station denied association due to invalid/absent WPA/WPA2 IE • deniedAssociationOnRates – Wireless station denied association due to incompatible Transmission rates •...
Page 216
5-52 WS5100 Series Switch CLI Reference Guide enable (traps) wireless- Modifies wireless-stats rate traps statistics ( ) • mesh – Modifies mesh rate traps • avg-bit-speed-less-than – Average bit speed in Mbps between <0.00> and <54.00> • avg-retry-greater-than – Average retry is greater than 0.00 and less...
Page 217
Global Configuration Commands 5-53 • min-packets – Minimum packets required for sending the trap • <1-65535> – Defines the minimum packets for sending the trap. This can be set with a decimal number in the range of <1-65535>. • mobile-unit – Modifies mobile-unit rate traps. •...
Page 218
5-54 WS5100 Series Switch CLI Reference Guide • tput-greater-than – Throughput in Mbps is greather than 0.00 and less than or equal to 100000.00 • undecrypt-percent-greater-than – Percentage of undecryptable pkts is geater than 0.00 and less than or equal to 100.00...
5-56 WS5100 Series Switch CLI Reference Guide Usage Guidelines The SOLE command is used to enter the instance. The prompt changes from config-sole the regular WS5100(config)# WS5100(config-wireless)# Example WS5100(config)#sole WS5100(config-sole)# 5.1.31 spanning-tree Global Configuration Commands Configures spanning-tree commands Syntax spanning-tree [mst|portfast] spanning-tree mst [<0-15>...
Page 221
Global Configuration Commands 5-57 Parameters mst [<0-15> Enables the Multiple Spanning Tree Protocol on a bridge (priority <0-61440>)| • <0-15> (priority <0-61440>) – Set the bridge priority for cisco-interoperability an MST instance to the value specified. Use the no (enale|disable)| parameter with this command to restore the default configuration| bridge priority value...
Page 222
5-58 WS5100 Series Switch CLI Reference Guide • max-age <6-40> – Max-age is the maximum time in seconds for which (if a bridge is the root bridge) a message is considered valid. This prevents the frames from looping indefinitely. The value of max-age must be...
Page 223
Global Configuration Commands 5-59 portfast Enables the portfast feature on a bridge. It has the [bpdufilter|bpduguard] following options: (default) • bpdufilter (default) – Use the command to bpdu-filter set the portfast BPDU filter for the port. Use the parameter with this command to revert the port BPDU filter value to default The Spanning Tree Protocol sends BPDUs from all ports.
5-60 WS5100 Series Switch CLI Reference Guide 5.1.32 timezone Global Configuration Commands Configure switch timezone settings Syntax timezone Parameters TIMEZONE Press <tab> to traverse a list of files. This displays a list of files containing timezone information Example WS5100(config)#timezone America/...
Global Configuration Commands 5-61 Example WS5100(config)#username GoldenSwitch WS5100(config)# 5.1.34 vpn Global Configuration Commands Configure VPN settings Syntax vpn authentication-method(local|radius) Parameters authentication-method Selects the authenication scheme local Use this for user based authentication radius Use this for RADIUS server authentication Usage Guidelines Virtual Private Network (VPN) enables IP traffic to travel securely over a public TCP/IP network by encrypting all traffic from one network to another.
5-62 WS5100 Series Switch CLI Reference Guide Usage Guidelines The wireless command is used to enter the config-wireless instance wherein you can configure the WS5100 wireless parameters. You can confirm that you have entrered the wireless instance as the prompt changes from the the regular WS5100(config)# WS5100(config-wireless)#.
Page 227
Global Configuration Commands 5-63 When a packet is send from a client to a WLAN index of an access port, it becomes an inbound traffic to the wireless LAN. When a packet goes out of a access port, it becomes a outbound traffic to the wireless LAN index.
Page 228
5-64 WS5100 Series Switch CLI Reference Guide • Extended MAC access list macacl permit any host 00:01:02:03:04:05 type ip wlan 14 rule- precedence 11 permit host 00:01:03:04:07:08 any wlan 14 rule-precedence 21 permit any any wlan 14 rule-precedence 31 • Standard IP access list stdacl permit any wlan 5 rule-precedence 34 permit host 10.0.0.10 wlan 6 rule-precedence 44...
Page 229
Global Configuration Commands 5-65 wlan-acl 14 macacl in 2. If ACL has mix of rules – with different WLAN indices and without an WLAN indices, then it should be grouped as follows. a. Create separate ACLs for all rules with a given WLAN index. b.
Page 230
5-66 WS5100 Series Switch CLI Reference Guide The example below applies an ACL to WLAN index 200 in outbound direction from the global config mode. WS5100(config)#wlan-acl 2 150 out WS5100(config)#...
Page 231
crypto-isakmp Use the to initiate the crypto isakmp policy(priority) config-crypto-isakmp instance. 6.1 Crypto ISAKMP Config Commands Table 6.1 summarizes commands crypto-isakmp Table 6.1 Crypto ISAKMP Command Summary Command Description Ref. authentication Sets the authentication scheme page 6-2 clrscr Clears the display screen page 6-2 encryption Sets the encryption algorithm...
crypto-isakmp 6.1.3 encryption Crypto ISAKMP Config Commands Configures the encryption level of the data transmitted using using crypto-isakmp command Syntax encryption(3des|aes|aes-192|aes-256|des) Parameters 3des 3des - Triple data encryption standard aes - advanced data encryption standard aes-192 aes-192 - advanced data encryption standard aes-256 aes-256 - advanced data encryption standard des - data encryption standard...
WS5100 Series Switch CLI Reference Guide 6.1.5 exit Crypto ISAKMP Config Commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG). The prompt changes to WS5100(config)# Syntax exit Parameters None. Example WS5100(config-crypto-isakmp)#exit WS5100(config)# 6.1.6 group Crypto ISAKMP Config Commands...
crypto-isakmp 6.1.7 hash Crypto ISAKMP Config Commands Specifies the hash algorithm used to authenticate data transmitted over the IKE SA Syntax hash(md5|sha) Parameters Choose the md5 hash algorithm Choose the sha hash algorithm Example WS5100(config-crypto-isakmp)#hash sha WS5100(config-crypto-isakmp)# 6.1.8 help Crypto ISAKMP Config Commands Accesses the system’s interactive help system Syntax help...
WS5100 Series Switch CLI Reference Guide 6.1.9 lifetime Crypto ISAKMP Config Commands Specifies how long an IKE SA is valid before expiring Syntax lifetime <seconds> Parameters <seconds> Specifies how many seconds an IKE SA lasts before expiring. A time stamp (in seconds) can be configured between 3600 and 2147483647.
crypto-isakmp Parameters Displays the CLI tree of current mode Example WS5100(config-crypto-isakmp)#service show cli Crypto Isakmp Config mode: +-authentication +-pre-share [authentication ( rsa-sig | pre-share )] +-rsa-sig [authentication ( rsa-sig | pre-share )] +-clrscr [clrscr] +-do +-LINE [do LINE] +-encryption +-3des [encryption ( des | 3des | aes | aes-192 | aes-256 )] +-aes [encryption ( des | 3des | aes | aes-192 | aes-256 )] +-aes-192 [encryption ( des | 3des | aes | aes-192 | aes-256 )] +-aes-256 [encryption ( des | 3des | aes | aes-192 | aes-256 )]...
Page 238
WS5100 Series Switch CLI Reference Guide Example WS5100(config-crypto-isakmp)#show ? access-list Internet Protocol (IP) aclstats Show ACL Statistics information alarm-log Display all alarms currently in the system autoinstall autoinstall configuration banner Display Message of the Day Login banner boot Display boot configuration.
Page 239
crypto-isakmp users Display information about currently logged in users version Display software & hardware version wireless Wireless configuration commands wlan-acl wlan based acl WS5100(config-crypto-isakmp)#show...
Page 240
6-10 WS5100 Series Switch CLI Reference Guide...
Page 241
crypto-group Use the to initiate the crypto isakmp client (configuration)(group)(default) instance. config-crypto-group 7.1 Crypto Group Config Commands Table 7.1 summarizes the switch commands config-crypto-group Table 7.1 Crypto Group Command Summary Command Description Ref. clrscr Clears the display screen page 7-2 Defines a primary and secondary Domain Name Server page 7-2 (DNS)
WS5100 Series Switch CLI Reference Guide 7.1.1 clrscr Crypto Group Config Commands Clears the display screen. Syntax clrscr Parameters None Example WS5100(config-crypto-group)#clr WS5100(config-crypto-group)# 7.1.2 dns Crypto Group Config Commands Specifies the DNS server address(es) to assign to a client Syntax dns <IP Address>...
crypto-group 7.1.3 end Crypto Group Config Commands Ends and exits the current mode and changes to the PRIV EXEC mode. The prompt changes WS5100# Syntax Parameters None Example WS5100(config-crypto-group)#end WS5100# 7.1.4 exit Crypto Group Config Commands Ends the current mode and moves to theprevious mode (GLOBAL-CONFIG). The prompt changes to WS5100(config)# Syntax...
WS5100 Series Switch CLI Reference Guide 7.1.5 help Crypto Group Config Commands Accesses the system’s interactive help system Syntax help Parameters None Example WS5100(config-crypto-group)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'.
crypto-group 7.1.6 service Crypto Group Config Commands Invokes the service commands used to trobuleshoot or debug the instance configurations (config-crypto-isakmp) Syntax service(show)(cli) Parameters Displays the CLI tree of current mode Example WS5100(config-crypto-group)#service show cli Crypto Client Config mode: +-clrscr [clrscr] +-dns +-A.B.C.D [dns A.B.C.D] +-do...
Page 246
WS5100 Series Switch CLI Reference Guide 7.1.7 show Crypto Group Config Commands Displays the current system information running on the switch Syntax show <paramater> Parameters Displays the parameters for which information can be viewed using the show command Example WS5100(config-crypto-group)#show ?
Page 247
crypto-group redundancy-history Display state transition history of the switch. redundancy-members Display redundancy group members in detail running-config Current Operating configuration securitymgr Securitymgr parameters sessions Display current active open connections snmp Display SNMP engine parameters snmp-server Display SNMP engine parameters sole Smart Opportunistic Location Engine Configuration spanning-tree...
Page 248
WS5100 Series Switch CLI Reference Guide 7.1.8 wins Crypto Group Config Commands Specifies the Windows Internet Naming Service (WINS) servers to assign to a client Syntax wins <IP Address> <IP Address> Parameters <IP Address> The first WINS server address to assign <IP Address>...
crypto-peer Use the command to initiate crypto isakmp peer [IP Address|dns|hostname] instance. config-crypto-peer 8.1 Crypto Peer Config Commands Table 8.1 summarizes the commands config-crypto-peer Table 8.1 Crypto Peer Command Summary Command Description Ref. clrscr Clears the display screen page 8-2 Ends the current mode and moves to the EXEC mode page 8-2 exit...
Page 250
WS5100 Series Switch CLI Reference Guide 8.1.1 clrscr Crypto Peer Config Commands Clears the display screen Syntax clrscr Parameters None Example WS5100(config-crypto-peer)#clr WS5100(config-crypto-peer) 8.1.2 end Crypto Peer Config Commands Ends and exits the current mode and change to the PRIV EXEC mode. The prompt changes...
Page 251
crypto-peer Example WS5100(config-crypto-peer)#exit WS5100(config)# 8.1.4 help Crypto Peer Config Commands Accesses the system’s interactive help system Syntax help Parameters None Example WS5100(config-crypto-peer)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Page 252
WS5100 Series Switch CLI Reference Guide 8.1.6 service Crypto Peer Config Commands Invokes service commands to trobuleshoot or debug the (config-crypto-peer) instance configuration Syntax service(show)(cli) Parameters Show CLI tree of current mode Example WS5100(config-crypto-peer)#service show cli Crypto Peer Config mode:...
Page 253
crypto-peer 8.1.7 set Crypto Peer Config Commands Configures the aggressive-mode of crypto-peer Syntax set aggressive-mode (password) Parameters aggressive-mode Defines aggressive mode attributes • password – Specifies a tunnel-password attribute Example WS5100(config-crypto-peer)#set aggressive-mode password CheckMeIn WS5100(config-crypto-peer)# 8.1.8 show Crypto Peer Config Commands Displays the current system information running on the switch Syntax show <paramater>...
Page 254
WS5100 Series Switch CLI Reference Guide dhcp DHCP Server Configuration environment show environmental information file Display filesystem information Display FTP Server configuration history Display the session command history interfaces Interface status Internet Protocol (IP) ldap LDAP server licenses Show any installed licenses...
crypto-ipsec Use the instance to define the transform configuration for (config-crypto ipsec) securing data(e.g., esp-3des, esp-sha-hmac, etc.). The transform set is assigned to a crypto map using the map’s transform-set command. For more details, see crypto-map transform set on page 10-7.
WS5100 Series Switch CLI Reference Guide 9.1.1 mode Crypto IPsec Config Commands Use this command to configure IPSec mode of operation. Syntax mode(transport|tunnel) Parameters transport Transport mode tunnel Tunnel mode Example WS5100(config-crypto-ipsec)#mode transport WS5100(config-crypto-ipsec)# 9.1.2 show Crypto IPsec Config Commands...
Page 257
crypto-ipsec history Display the session command history interfaces Interface status and configuration Internet Protocol (IP) ldap ldap server licenses Show any installed licenses logging Show logging configuration and buffer Media Access Control management Display L3 Managment Interface name mobility Display Mobility Parameters Network time protocol password-encryption password encryption...
Page 258
WS5100 Series Switch CLI Reference Guide...
crypto-map commands define a Certificate Authority (CA) trustpoint. This is config-crypto-map a seperate instance, but belongs to the mode under the crypto pki trustpoint instance. config 10.1 Crypto Map Config Commands Table 10.1 summarizes commands T config-crypto-map Table 10.1 Crypto Map Command Summary Command Description Ref.
Page 260
10-2 WS5100 Series Switch CLI Reference Guide 10.1.1 clrscr Crypto Map Config Commands Clears the display screen Syntax clrscr Parameters None Example WS5100(config-crypto-map)#clr WS5100(config-crypto-map) 10.1.2 end Crypto Map Config Commands Use this command to end and exit the current mode and move to the to PRIV EXEC mode.
Page 261
crypto-map 10-3 Example WS5100(config-crypto-map)#exit WS5100(config)# 10.1.4 help Crypto Map Config Commands Use this command to access the system’s interactive help system Syntax help Parameters None Example WS5100(config-crypto-map)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Page 262
10-4 WS5100 Series Switch CLI Reference Guide When a packet is transmitted on an interface, the crypto map set associated with that interface is processed. The first crypto map entry that matches the packet is used to secure the packet. If a suitable SA exists, it is used for transmission. Otherwise, IKE is used to establish an SA with the peer.
Page 263
crypto-map 10-5 10.1.6 no Crypto Map Config Commands Negates a command or sets its defaults Syntax no <previous command used> Parameters Use the commands configured under this instance Example WS5100(config-crypto-map)#no aggrerssive-mode WS5100(config-crypto-map)#...
Page 264
10-6 WS5100 Series Switch CLI Reference Guide 10.1.7 service Crypto Map Config Commands Invokes service commands to trobuleshoot or debug instance (config-crypto-isakmp) configurations Syntax service(clear|diag-shell|save-cli|show|start-shell|tethereal) Parameters clear Removes specified support information diag-shell Provides diag shell access save-cli Saves the CLI tree for all modes in HTML...
crypto-map 10-7 upgrade.history Aug 29 18:32 Please export these files or delete them for more space. WS5100(config-crypto-map)# 10.1.8 set Crypto Map Config Commands Use this command to set the various set parameters of the peer device. Syntax set (localid|mode|peer|pfs|remote-type[ipsec-l2tp|xauth]| security-association|session-key|transformset) set localid(dn|hostname) set security-association (level(perhost)|lifetime(kilobytes|seconds)<value>)
Page 266
10-8 WS5100 Series Switch CLI Reference Guide Use the set pfs command to choose the type of perfect forward secrecy (if any) required during IPSec negotiation of SAs for this crypto map. Use the no form of this command to require no PFS •...
Page 267
crypto-map 10-9 inbound/outbound Defines encryption keys for inbound/outbound traffic (ah|esp) • ah – Authentication header protocol • <256-4294967295> – Security Parameter Index (SPI) for the security association • esp – Encapsulating security payload protocol • <256-4294967295> – Derfines the security parameter Index •...
10-10 WS5100 Series Switch CLI Reference Guide The inbound local SPI (security parameter index) must equal the outbound remote SPI. The outbound local SPI must equal the inbound remote SPI. The key values are the hexadecimal representations of the keys.
Page 269
crypto-map 10-11 Example WS5100(config-crypto-map)#show ? access-list Internet Protocol (IP) alarm-log Display all alarms currently in the system autoinstall autoinstall configuration banner Display Message of the Day Login banner boot Display boot configuration. clock Display system clock commands Show command lists crypto crypto debugging...
Page 270
10-12 WS5100 Series Switch CLI Reference Guide...
Page 271
crypto-trustpoint Instance commands define a Certificate Authority (CA) trustpoint. config-crypto-trustpoint This is a separate instance, but belongs to the mode under the crypto pki trustpoint instance. config 11.1 Trustpoint (PKI) Config Commands Table 11.1 summarizes commands: config-crypto-trustpoint Table 11.1 Trustpoint (PKI) Config Command Summary Command Description Ref.
11-2 WS5100 Series Switch CLI Reference Guide Table 11.1 Trustpoint (PKI) Config Command Summary Command Description Ref. password Sets the challenge password (applicable only for page 11-6 requests), to access the trustpoint rsakeypair Defines a RSA Keypair to associate with the trustpoint...
crypto-trustpoint Instance 11-3 Example WS5100(config-trustpoint)#company-name RetailKing WS5100(config-trustpoint)# 11.1.3 email Trustpoint (PKI) Config Commands Sets the e-mail ID for the trustpoint Syntax email Parameters WORD email address (2 to 64 characters ) Example WS5100(config-trustpoint)#email abcTestemailID@symbol.com WS5100(config-trustpoint)# 11.1.4 end Trustpoint (PKI) Config Commands Ends and exits the current mode and moves to the PRIV EXEC mode.
11-4 WS5100 Series Switch CLI Reference Guide 11.1.5 exit Trustpoint (PKI) Config Commands Ends the current mode and moves to previous the mode (GLOBAL-CONFIG). The prompt changes to WS5100(config)# Syntax exit Parameters None Example WS5100(config-trustpoint)#exit WS5100(config)# 11.1.6 fqdn Trustpoint (PKI) Config Commands...
crypto-trustpoint Instance 11-5 11.1.7 help Trustpoint (PKI) Config Commands Displays the systems interactive help system Syntax help Parameters None Example WS5100(config-trustpoint)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
11-6 WS5100 Series Switch CLI Reference Guide 11.1.9 no Trustpoint (PKI) Config Commands Negates a command or sets its defaults Syntax no <previous command used> Parameters None. Example WS5100(config-trustpoint)#no ip-address WS5100(config-trustpoint)# 11.1.10 password Trustpoint (PKI) Config Commands Sets the challenge password (applicable only for requests) to acces trustpoint.
crypto-trustpoint Instance 11-7 11.1.11 rsakeypair Trustpoint (PKI) Config Commands Configures a RSA Keypair to associate with the trustpoint Syntax rsakeypair Parameters WORD RSA Keypair Identifier. Usage Guidelines The RSA key pair configures the switch to have Rivest, Shamir, and Adelman (RSA) key pairs.
Page 278
11-8 WS5100 Series Switch CLI Reference Guide start-shell Provides shell access tethereal Dumps and analyzes network traffic Example WS5100(config-trustpoint)#service diag-shell Diagnostic shell started for testing diag > boot Reboots the switch delete Deletes specified file from the system. exit Exit from the CLI...
11-10 WS5100 Series Switch CLI Reference Guide management Display L3 Managment Interface name mobility Display Mobility Parameters Network time protocol password-encryption password encryption privilege Show current privilege level radius Radius configuration commands redundancy-group Display redundancy group parameters redundancy-history Display state transition history of the switch.
Page 281
crypto-trustpoint Instance 11-11 Location: State: Country: Valid From: 8 19:21:55 2007 GMT Valid Until: 7 19:21:55 2008 GMT Trustpoint :test1 ----------------------------------------------- Server certificate configured Subject Name: Common Name: Organizational Unit: mm Organization: Location: State: Country: Issuer Name: Common Name: Organizational Unit: mm Organization: Location: State:...
Page 282
11-12 WS5100 Series Switch CLI Reference Guide Example WS5100(config-trustpoint)#subject-name TestPool ? WORD Country ( 2 character ISO Code ) WS5100(config-trustpoint)#subject-name TestPool US ? WORD State( 2 to 128 characters ) WS5100(config-trustpoint)#subject-name TestPool US OH ? WORD City( 2 to 128 characters )
12-2 WS5100 Series Switch CLI Reference Guide Table 12.1 Interface Config Command Summary (Continued) Command Description Ref. management Sets the selected interface as management interface page 12-9 Negates a command or sets its defaults page 12-9 port-channel Configures the load-balancing criteria of an aggregated...
Page 285
interface Instance 12-3 Example WS5100(config-if)#clrscr WS5100(config-if)# 12.1.2 crypto Interface Config Commands Syntax crypto map(WORD) Parameters map <tag> Assigns a Crypto Map • <tag> – Crypto Map tag Usage Guidelines At any given instance you can add one crypto mapset to a single interface. The switch does not allow the same cryptomap set to be attached to multiple interfaces 12.1.3 description Interface Config Commands...
Page 286
12-4 WS5100 Series Switch CLI Reference Guide 12.1.4 duplex Interface Config Commands Specifies the duplex mode of operation NOTE: • Duplexity can only be set for an Ethernet Interface. Enter the instance using the parameter of the (config-if) interface mode •...
Page 287
interface Instance 12-5 12.1.5 end Interface Config Commands Ends and exits the current mode and moves to the PRIV EXEC mode. The prompt changes WS5100# Syntax Parameters None Example WS5100(config-if)#end WS5100# 12.1.6 exit Interface Config Commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG). The prompt changes to WS5100(config)# Syntax...
Page 288
12-6 WS5100 Series Switch CLI Reference Guide Example WS5100(config-if)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Page 289
interface Instance 12-7 address Sets a static IP address and network mask for a Layer 3 SVI (Switch Virtual Interface) • A.B.C.D/M – Sets the IP address (10.0.0.1/8) • secondary – Defines an optional secondary IP address • dhcp – Uses a DHCP Client to obtain an IP address for the interface.
interface Instance 12-9 12.1.10 management Interface Config Commands Sets the selected interface as management interface. It can only be used on a VLANx interface. The TFTP/FTP server providing the switch its config file at startup must be accessible via this interface. VLAN 1 is the default management interface for the switch Syntax management...
Page 292
12-10 WS5100 Series Switch CLI Reference Guide 12.1.12 port-channel Interface Config Commands Selects the load-balance criteria of an aggregated port Syntax port-channel (load-balance) [src-dst-ip|src-dst-mac] Parameters load-balance Sets load-balancing for port channel [src-dst-ip|src-dst-mac] • src-dst-ip – Defines the Source and Destination IP address based on the current load balancing •...
Page 293
interface Instance 12-11 12.1.13 service Interface Config Commands Invokes service commands to troubleshoot or debug the instance (config-if) configuration Syntax service(show)(cli) Parameters Shows the CLI tree of current mode Example WS5100(config-if)#service show cli Interface Config mode: +-clrscr [clrscr] +-crypto +-map +-WORD [crypto map WORD] +-description +-LINE [description LINE]...
Page 294
12-12 WS5100 Series Switch CLI Reference Guide 12.1.14 show Interface Config Commands Displays current system information running on the switch Syntax show <parameter> Parameters Displays the parameters for which information can be viewed using the show command Example WS5100(config-if)#show ?
Page 295
interface Instance 12-13 redundancy-history Display state transition history of the switch. redundancy-members Display redundancy group members in detail running-config Current Operating configuration securitymgr Securitymgr parameters sessions Display current active open connections snmp Display SNMP engine parameters snmp-server Display SNMP engine parameters sole Smart Opportunistic Location Engine Configuration...
Page 296
12-14 WS5100 Series Switch CLI Reference Guide channel-power List of available channel and power levels for a radio config Wireless Configuration Parameters hotspot-config Wlan hotspot configuration Intrusion detection parameters mac-auth-local list out the mac-auth-local entries mobile-unit Details of associated mobile-units...
Page 297
interface Instance 12-15 12.1.15 shutdown Interface Config Commands Disables the selected interface. The interface is administratively enabled unless explicitly disabled using this command Syntax shutdown Parameters None Example WS5100(config-if)#shutdown WS5100(config-if)# 12.1.16 spanning-tree Interface Config Commands Configures spanning tree parameters Syntax spanning-tree [bpdufilter(enable|disable)| bpduguard(enable|disable)|edgeport| force-version <0-3>|guard (root)|link-type(point-topoint|shared)|...
Page 298
12-16 WS5100 Series Switch CLI Reference Guide bpduguard (disable|enable) Use this command to enable or disable the BPDU guard feature on a port. Use the parameter with this command to set the BPDU guard feature to default values. When the BPDU guard is set for a bridge, all portfast- enabled ports that have the BPDU-guard set to default shut down the port upon receiving a BPDU.
interface Instance 12-17 mst [<0-15> Configures MST values on a spanning tree (cost <1-200000000>| • <0-15> – Defines the Instance ID port-priority <0-240>)| • cost <1-200000000> – Defines the path port-cisco-interoperability cost for a port (disable|enable)] • port-priority <0-240> – Defines the port priority for a bridge •...
12-18 WS5100 Series Switch CLI Reference Guide Parameters Forces 10 Mbps operation Forces 100 Mbps operation 1000 Forces 1000 Mbps operation auto Port automatically detects the speed it should run based on the port at the other end of the link Usage Guidelines Set the interface speed to auto to detect and use the fastest speed available.
interface Instance 12-19 12.1.19 switchport Interface Config Commands Sets switching mode characteristics for the selected interface Syntax switchport(access|mode|trunk) switchport access vlan <1-4094> switchport mode(access|trunk) switchport trunk(allowed|native) switchport trunk allowed vlan(add|none|remove)[VLAN_ID] switchport trunk native(tagged|vlan<1-4094>) Parameters access Configures the access VLAN of an access-mode port •...
Page 302
12-20 WS5100 Series Switch CLI Reference Guide trunk Sets the trunking mode characteristics • allowed – Configures trunk characteristics when the port is in trunk-mode. • vlan – Sets allowed VLANs • add – Adds VLANs to the current list •...
Page 303
spanning tree-mst Instance Use the instance to configure the switch’s Multi Spanning Tree Protocol (config-mst) (MSTP) configuration. 13.1 mst Config Commands Table 13.1 summarizes the commands: (config-mst) Table 13.1 MSTP Config Command Summary Command Description Ref. clrscr Clears the display screen page 13-2 Ends the current mode and moves to the EXEC mode page 13-2...
13-2 WS5100 Series Switch CLI Reference Guide Table 13.1 MSTP Config Command Summary (Continued) Command Description Ref. show Shows running system information page 13-7 13.1.1 clrscr mst Config Commands Clears the display Syntax clrscr Parameters None Example WS5100(config-mst)#clrscr WS5100(config-mst)# 13.1.2 end mst Config Commands Ends and exits the current mode and moves to the PRIV EXEC mode.
spanning tree-mst Instance 13-3 13.1.3 exit mst Config Commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG). The prompt changes to WS5100(config)# Syntax exit Parameters None Example WS5100(config-mst)#exit WS5100(config)# 13.1.4 help mst Config Commands Dispalys the system’s interactive help system Syntax help Parameters...
13-4 WS5100 Series Switch CLI Reference Guide 13.1.5 instance mst Config Commands Associates VLAN(s) with an instance Syntax instance <1-15> vlan <VLAN_ID> Parameters <1-15> Defines the instance ID to which the VLAN is associated vlan <VLAN_ID> Sets the VLAN ID for its association with an instance Usage Guidelines MSTP works based instances.
spanning tree-mst Instance 13-5 13.1.7 no mst Config Commands Negates a command or sets its defaults Syntax no [instance|name|revision] Parameters instance Sets the MST Instance name Assigns a name to the MST region revision Defines the revision number for configuration information Usage Guidelines command negates any command associated with it.
13-6 WS5100 Series Switch CLI Reference Guide Example WS5100(config-mst)#revision 20 WS5100(config-mst)# 13.1.9 service mst Config Commands Invokes the service commands needed to troubleshoot or debug instance (config-if) configurations Syntax service(show) (cli) Parameters None Example WS5100(config-mst)#service show cli MSTI configuration mode:...
Page 310
13-8 WS5100 Series Switch CLI Reference Guide debugging Debugging information outputs dhcp DHCP Server Configuration environment show environmental information file Display filesystem information Display FTP Server configuration history Display the session command history interfaces Interface status Internet Protocol (IP) ldap...
Page 311
Extended ACL Instance Use the instance to configure the ACLs (config-ext-nacl) ip access-list extended associated with the switch 14.1 Extended ACL Config Commands Table 14.1 summarizes commands: config-ext-nacl Table 14.1 Extended ACL Config Command Summary Command Description Ref. clrscr Clears the display screen page 14-2 deny Specifies packets to reject...
14-2 WS5100 Series Switch CLI Reference Guide Table 14.1 Extended ACL Config Command Summary (Continued) Command Description Ref. service Invokes the service commands to troubleshoot or page 14-18 debug instance configurations (config-if) show Displays running system information page 14-20 terminal...
Page 313
Extended ACL Instance 14-3 deny {tcp|udp} {source/source-mask | host source | any} [operator source-port] {destination/destination-mask | host destination | any} [operator destination-port] [log] [rule-precedence access- list-entry precedence] Parameters deny deny {ip} {source/source- Use with a command to reject IP packets mask | host source | any} •...
Page 314
14-4 WS5100 Series Switch CLI Reference Guide deny {icmp} {source/ deny Use with the command to reject ICMP packets source-mask | host source • deny – Rejects ICMP packets | any} {destination/ • {icmp} – Specifies ICMP as the protocol...
Page 315
Extended ACL Instance 14-5 deny {tcp|udp} {source/ Use with the deny command to reject TCP or UDP packets source-mask | host source • deny – Rejects TCP or UDP packets | any} [operator source- • {tcp|udp} – Specifies TCP or UDP as the protocol port] {destination/ destination-mask | host •...
14-6 WS5100 Series Switch CLI Reference Guide Usage Guidelines Use this command to deny traffic between networks/hosts based on the protocol type selected in the access list configuration. The following protocol types are supported: • ip • icmp • tcp •...
Extended ACL Instance 14-7 The following example denies ICMP traffic from any source to any destination. The keyword any is used to match: any source or destination IP address. WS5100(config-ext-nacl)#deny icmp any any WS5100(config-ext-nacl)#permit ip any any WS5100(config-ext-nacl)# 14.1.3 end Extended ACL Config Commands Ends and exits the current mode and moves to the PRIV EXEC mode.
14-8 WS5100 Series Switch CLI Reference Guide 14.1.5 help Extended ACL Config Commands Displays the system’s interactive help system Syntax help Parameters None Example WS5100(config-ext-nacl)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'.
Page 319
Extended ACL Instance 14-9 Parameters mark {dot1p <0-7> | tos Use with the mark command to specify IP packets as marked <0-255>}} {ip} {source/ • mark {dot1p <0-7> | tos <0-255>} – Defines action source-mask | host source mark types on an ACL. is functional only over a Port | any} {destination/ destination-mask | host...
Page 320
14-10 WS5100 Series Switch CLI Reference Guide mark {dot1p <0-7> | tos mark Use with the command to specify ICMP packets as <0-255>}} {icmp} marked. {source/source-mask | • mark {dot1p <0-7> | tos <0-255>} – Action types on host source | any} mark an ACL.
Extended ACL Instance 14-11 Usage Guidelines This command marks traffic between networks/hosts based on the protocol type selected in the access list configuration Use the mark option to specify the type of service (tos) and priority value. The tos value is marked in the IP header and the 802.1p priority value is marked in the dot1q frame.
Page 322
14-12 WS5100 Series Switch CLI Reference Guide 14.1.7 no Extended ACL Config Commands Negates a command or sets its defaults Syntax no(deny|mark|permit) Negates all the syntax combinations used in the deny, mark permit designations to configure the Extended ACL Parameters...
Extended ACL Instance 14-13 14.1.8 permit Extended ACL Config Commands Permits specific packets NOTE: ACLs do not allow DHCP messages to flow by default. Configure an Access Control Entry (ACE) to allow DHCP messages to flow through. WS5100(config-ext-nacl)#permit ip xxx.xxx.xxx.xxx/x 192.168.2.0/24 WS5100(config-ext-nacl)#permit ip any host xxx.xxx.xxx.xxx...
Page 324
14-14 WS5100 Series Switch CLI Reference Guide Parameters permit permit {ip} Use the command to allow IP packets {source/source-mask | • permit – Allows IP packets host source | any} • {ip} – Specifies the IP (to match to any protocol)
Page 325
Extended ACL Instance 14-15 permit {icmp} Use with the permit command to allow ICMP packets {source/source-mask | • permit – Allows ICMP packets on an ACL. host source | any} • {icmp} – Specifies ICMP as the protocol. {destination/ destination- mask | host destination | •...
Page 326
14-16 WS5100 Series Switch CLI Reference Guide permit{tcp|udp} permit Use with the command to allow TCP or UDP {source/source-mask | packets host source | any} • permit – Allows TCP or UDP packets [operator source-port] • {tcp|udp} – Specifies TCP or UDP as the protocol.
Page 327
Extended ACL Instance 14-17 Usage Guidelines Use this command to permit traffic between networks/hosts based on the protocol type selected in the access list configuration. The following protocols are supported: • ip • icmp • tcp • udp The last ACE in the access list is an implicit deny statement. Whenever the interface receives the packet, its content is checked against all the ACEs in the ACL.
14-18 WS5100 Series Switch CLI Reference Guide 14.1.9 service Extended ACL Config Commands Invokes service commands to troubleshoot or debug the instance (config-if) configurations Syntax service(clear|diag-shell|save-cli|show|start-shell|tethereal) Parameters clear Removes the specified support information diag-shell Provides diagnostic shell access to debug and test the...
Page 329
Extended ACL Instance 14-19 diag > WS5100(config-ext-nacl)#service save-cli CLI command tree is saved as clitree.html. This tree can be viewed via web at http://<ipaddr>/cli/ clitree.html WS5100(config-ext-nacl)# WS5100(config-ext-nacl)#service show ? Show CLI tree of current mode command-history Display command (except show commands) history. crash-info Display information about core, panic and AP dump files...
14-20 WS5100 Series Switch CLI Reference Guide 14.1.10 show Extended ACL Config Commands Displays current system information running on the switch Syntax show<paramater> Parameters Displays the parameters for which information can be viewed using the show command Example WS5100(config-ext-nacl)#show ?
Extended ACL Instance 14-21 sessions Display current active open connections snmp Display SNMP engine parameters snmp-server Display SNMP engine parameters startup-config Contents of startup configuration terminal Display terminal configuration parameters timezone Display timezone upgrade-status Display last image upgrade status users Display information about terminal lines version Display software &...
Page 332
14-22 WS5100 Series Switch CLI Reference Guide...
Page 333
Standard ACL Instance Use the instance to configure ACLs. (config-std-nacl) ip access-list standard 15.1 Standard ACL Config Commands Table 15.1 summarizes the commands: config-std-nacl Table 15.1 Standard ACL Config Command Summary Command Description Ref. clrscr Clears the display screen page 15-2 deny Specifies packets to reject page 15-2...
Standard ACL Instance 15-3 host Single host address. • A.B.C.D – Exact source IP address to match. Usage Guidelines Use this command to deny traffic based on the source IP address or network address. The last ACE in the access list is an implicit deny statement. Whenever the interface receives the packet, its content is checked against all the ACEs in the ACL.
15-4 WS5100 Series Switch CLI Reference Guide 15.1.4 exit Standard ACL Config Commands Ends the current mode and moves to previous mode (GLOBAL-CONFIG). The prompt changes to WS5100(config)# Syntax exit Parameters None Example WS5100(config-std-nacl)#exit WS5100(config)# 15.1.5 help Standard ACL Config Commands Displays the system’s interactive help in HTML format...
Standard ACL Instance 15-5 15.1.6 mark Standard ACL Config Commands Specifies packets to mark Syntax mark(8021.1p<0-7>|tos<0-255>)(A.B.C.D/M|any|host) mark(8021.1p<0-7>|tos<0-255>)any|host(log|rule-precedence<1-5000>| |A.B>C.D) Parameters 8021.1p<0-7>|tos<0-255>) • Specifies .1p priority value between 0 and 7 • Specifies a Type of Service (tos) value between 0 and (A.B.C.D/M|any|host) source is the source IP address of the network or host in dotted decimal format.
15-6 WS5100 Series Switch CLI Reference Guide Example The example below marks the type of service (TOS) value to 254 for all traffic coming from the source network: WS5100(config)#access-list 3 mark tos 254 xxx.xxx.3.0/24 WS5100 (config)#access-list 3 permit any 15.1.7 no...
Page 339
Standard ACL Instance 15-7 permit host A.B.C.D Parameters A.B.C.D/M Defines the source IP address range to match Any source IP address. • log – The log matches against this entry • rule-precedence<1-500> – Defines the access-list entry precedence host Single host address. •...
15-8 WS5100 Series Switch CLI Reference Guide 15.1.9 service Standard ACL Config Commands Invokes service commands to troubleshoot or debug instance (config-if) configurations Syntax service(clear|diag-shell|save-cli|show|start-shell|tethereal) Parameters clear Removes specified support information diag-shell Provides diagnostic shell access to debug and test the...
Standard ACL Instance 15-9 WS5100(config-std-nacl)#service start-shell Last password used: password with MAC 00:a0:f8:65:ea:8e Password: WS5100(config-std-nacl)# WS5100(config-std-nacl)#service tethereal ? LINE tethereal options in the format [-V (print detailed packet)] [-x (hex dump of packet)] [-p (no promiscuous mode for interface)] [-n (disable name resolution)] [-c <count> ] [-h (detailed help)] [-E (to capture ESPD) ][-e (capture nonEspd packets)] [-f <capture filter expression in format "xx xx xx">...
Page 342
15-10 WS5100 Series Switch CLI Reference Guide Example WS5100(config-std-nacl)#show ? access-list Internet Protocol (IP) alarm-log Display all alarms currently in the system autoinstall autoinstall configuration banner Display Message of the Day Login banner boot Display boot configuration. clock Display system clock...
Standard ACL Instance 15-11 15.1.11 terminal Standard ACL Config Commands Sets the number of lines displayed on the terminal window Syntax terminal(monitor|no) terminal no(monitor) Parameters monitor Copies debug output to the current terminal line Negates a command or set its defaults monitor Copies debug output to the current terminal line Usage Guidelines...
Page 344
15-12 WS5100 Series Switch CLI Reference Guide...
Page 345
Extended MAC ACL Instance Use the instance to configure ACLs. (config-ext-macl) mac access-list extended 16.1 MAC Extended ACL Config Commands Table summarizes commands: config-ext-macl Table 16.1 MAC Extended ACL Config Command Summary Command Description Ref. clrscr Clears the display screen page 16-2 deny Specifies packets to reject...
16-2 WS5100 Series Switch CLI Reference Guide Table 16.1 MAC Extended ACL Config Command Summary (Continued) Command Description Ref. terminal Sets terminal line parameters page 16-14 16.1.1 clrscr MAC Extended ACL Config Commands Clears the display screens Syntax clrscr Parameters...
Page 347
Extended MAC ACL Instance 16-3 Parameters Source Mask Define a source mask specifying the bits to match. The source wildcard can be any one of the following: • xx:xx:xx:xx:xx:xx/ –Source MAC address xx:xx:xx:xx:xx:xx and mask • any – Any source host •...
Page 348
16-4 WS5100 Series Switch CLI Reference Guide The most common ethertypes are: • arp • wisp • ip • 802.1q By default, the switch does not allow layer 2 traffic to pass through the interface. To adopt an access port through an interface, configure an access control list to allow an ethernet wisp.
Extended MAC ACL Instance 16-5 16.1.3 end MAC Extended ACL Config Commands Ends and exits from the current mode and moves to the PRIV EXEC mode. The prompt changes to WS5100# Syntax Parameters None Example WS5100(config-ext-macl)#end WS5100# 16.1.4 exit MAC Extended ACL Config Commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG).
16-6 WS5100 Series Switch CLI Reference Guide Example WS5100(config-ext-macl)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Page 351
Extended MAC ACL Instance 16-7 Source MAC Address Specifies the bits to match. The source wildcard can be any one of the following: • xx:xx:xx:xx:xx:xx/ –Source MAC address xx:xx:xx:xx:xx:xx and mask • any – Any source host • host Exact source MAC address to match –...
Page 352
16-8 WS5100 Series Switch CLI Reference Guide WS5100(config-ext-macl)#mark 8021p 6 any any vlan 5 type 8021q WS5100(config-ext-macl)# The example below marks the tos field to 254 for IP traffic coming from the source MAC WS5100(config-ext-macl)#mark tos 254 host 00:33:44:55:66:77 any...
Extended MAC ACL Instance 16-9 16.1.8 permit MAC Extended ACL Config Commands Specifies packets to forward NOTE: Use a decimal value representation of ethertypes to implement permit/deny/mark designations for a packet. An Extended MAC ACL provides the hexadecimal values for each listed ethertype. The switch supports all ethertypes.
Page 354
16-10 WS5100 Series Switch CLI Reference Guide rule-precedence<1-5000> Defines an access list entry precedence type(<1- Sets an ethertype 65535>|arp|ip|ipv6|vlan|wisp) vlan<1-4095> Sets the VLAN ID Usage Guidelines When creating a Port ACL, the switch (by default) does not permit an ethertype WISP.
Extended MAC ACL Instance 16-11 The last ACE in the access list is an implicit deny statement. Whenever the interface receives the packet, its content is checked against all the ACEs in the ACL. It is allowed/denied based on the ACL’s configuration. Example The example below permits WISP traffic from any source MAC address to any destination MAC address:...
Page 356
16-12 WS5100 Series Switch CLI Reference Guide Example WS5100(config-ext-macl)#service show cli MAC Extended ACL Config mode: +-clrscr [clrscr] +-deny +-XX:XX:XX:XX:XX:XX/XX:XX:XX:XX:XX:XX +-XX:XX:XX:XX:XX:XX/XX:XX:XX:XX:XX:XX [(deny|permit|mark (8021p <0-7> | tos <0-255>))(XX:XX:XX:XX:XX:XX/XX:XX:XX:XX:XX:XX | host XX:XX:XX:XX:XX:XX | any)(XX :XX:XX:XX:XX:XX/XX:XX:XX:XX:XX:XX | host XX:XX:XX:XX:XX:XX | any)(vlan <1-4095> | dot1p <0-7> |) (type (<1-65535> | ip | ipv6...
Extended MAC ACL Instance 16-13 16.1.10 show MAC Extended ACL Config Commands Displays current system information running on the switch Syntax show<paramater> Parameters Displays all the parameters for which information can be viewed using the show command Usage Guidelines command displays the access lists configured for the switch. show access-list Provide the access list name or number to view specific ACL details Example...
16-14 WS5100 Series Switch CLI Reference Guide redundancy-members Display redundancy group members in detail running-config Current Operating configuration securitymgr Display debug info for ACL, VPN and NAT sessions Display current active open connections snmp Display SNMP engine parameters snmp-server Display SNMP engine parameters...
Page 359
DHCP Server Instance to enter the instance. Use (config)#ip dhcp pool <pool name> (config-dhcp) this instance to configure the DHCP server address pool associated the switch. Also refer to ip on page 12-6 for other DHCP related configurations. 17.1 DHCP Config Commands Table 17.1 summarizes config-dhcp...
Page 360
17-2 WS5100 Series Switch CLI Reference Guide Table 17.1 DHCP Server Command Summary Command Description Ref. default-router Configures a default router’s IP address page 17-9 dns-server Sets the IP address of a DNS Server page 17-10 domain-name Sets the domain name...
DHCP Server Instance 17-3 17.1.1 address DHCP Config Commands Specifies a range of addresses for the DHCP network pool Syntax address (range) (low IP address) (high IP address) Parameters range (low IP address) (high IP Adds an address range for the DHCP server address) •...
17-4 WS5100 Series Switch CLI Reference Guide Parameters bootfile <filename> Sets the boot image for BOOTP clients. The file name can contain letters, numbers, dots and hyphens. Consecutive dots and hyphens are not permitted. Usage Guidelines Use the command to specify the boot image. The boot file contains the boot bootfile image name used for booting the bootp clients (DHCP clients).
DHCP Server Instance 17-5 Usage Guidelines Follow the steps mentioned below to create a DHCP User Class: 1. Create a DHCP class named . The switch supports a maximum of 32 WS5100DHCPclass DHCP classes. WS5100(config)#ip dhcp class WS5100DHCPclass WS5100(config-dhcpclass)# 2. Create a USER class named .
Page 364
17-6 WS5100 Series Switch CLI Reference Guide Table 17.2 DHCP Server Class Command Summary Command Description clrscr Clears the display screen Ends the current mode and moves to the EXEC mode exit Ends the current mode and moves to the previous mode...
DHCP Server Instance 17-7 17.1.4 client-identifier DHCP Config Commands Assigns a name to the client-identifier. A client identifier is used to reserve an IP address for DHCP client Syntax client-identifier <ascii string> Parameters client-identifier Prepends a null character. Use at beginning. A <ascii string>...
DHCP Server Instance 17-9 Usage Guidelines to enable an internal DHCP server to send DDNS update (dns) (override) updates for resource records (RRs) A, TXT and PTR. A DHCP server can always override the client even if the client is configured to perform the updates In the DHCP server network pool, FQDN is defined as the DDNS domain name.
17-10 WS5100 Series Switch CLI Reference Guide 17.1.9 dns-server DHCP Config Commands Sets the DNS server’s IP address that’s available to all DHCP clients connected to the pool. Use the command to remove the DNS server list no dns-server Syntax dns-server <ip address1>...
DHCP Server Instance 17-11 17.1.11 end DHCP Config Commands Exits the current mode and moves to the PRIV EXEC mode. The prompt changes to WS5100# Syntax Parameters None Example WS5100(config-dhcp)#end WS5100# 17.1.12 exit DHCP Config Commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG). The prompt changes to WS5100#(config)# Syntax...
DHCP Server Instance 17-13 17.1.15 host DHCP Config Commands Defines a fixed IP address for the host in dotted decimal format. Use the no host command to remove the host from the DHCP pool Syntax host <IP address> Parameters host <IP address> Sets a fixed address for the host •...
Page 372
17-14 WS5100 Series Switch CLI Reference Guide Parameters lease [ Sets the lease time for an IP address {<0-365> <0-23> <0-59>} • <0-365> –Sets the lease period in days. |infinite] Days can be made as 0 only when hours and/or mins are greater than 0 •...
DHCP Server Instance 17-15 17.1.17 netbios-name-server DHCP Config Commands Sets the netbios-name server’s IP address Syntax netbios-name-server <IP address> Parameters netbios-name-server Defines the NetBIOS (WINS) name server <IP address> • <IP address> – Sets the NetBIOS name server's IP address Example WS5100(config-dhcp)#netbios-name-server 2.2.2.222 WS5100(config-dhcp)#...
17-16 WS5100 Series Switch CLI Reference Guide 17.1.19 network DHCP Config Commands Sets the network pool’s IP address. This address maps the current DHCP pool with a specific network Syntax network [A.B.C.D|A.B.C.D/M] Parameters network [A.B.C.D|A.B.C.D/M] Sets the network number and mask •...
DHCP Server Instance 17-17 Example WS5100(config-dhcp)#next-server 2.2.2.22 WS5100(config-dhcp)# 17.1.21 no DHCP Config Commands Negates a command or sets itsdefaults. Syntax no [address|bootfile|client-identifier|client-name|ddns|default- router|dns-server|domain-name|hardware-address|host|lease|netbios- name-server|netbios-node-type|network|next-server|option|update] Parameters command negates any command associated with it. Wherever required, use the same parameters associated with the command getting negated Example WS5100(config)#no ip dhcp pool hotpool WS5100(config)#...
17-18 WS5100 Series Switch CLI Reference Guide Parameters option (name) Sets raw DHCP options • (name) – Sets the name of the DHCP option • IP Value – Sets the IP Value of the DHCP option • ASCII Value – Sets the ASCII Value...
Page 377
DHCP Server Instance 17-19 Example WS5100(config-dhcp)#service show cli DHCP Server Config mode: +-address +-range +-A.B.C.D [address range A.B.C.D ( A.B.C.D |)] +-A.B.C.D [address range A.B.C.D ( A.B.C.D |)] +-bootfile +-WORD [bootfile WORD] +-client-identifier +-WORD [client-identifier WORD] +-client-name +-WORD [client-name WORD] +-clrscr [clrscr] +-ddns +-domainname...
17-20 WS5100 Series Switch CLI Reference Guide 17.1.24 show DHCP Config Commands Displays current system information Syntax show <paramater> Parameters Displays parameters for which information can be viewed using the show command Example WS5100(config-dhcp)#show ? access-list Internet Protocol (IP) aclstats...
Page 379
DHCP Server Instance 17-21 redundancy-history Display state transition history of the switch. redundancy-members Display redundancy group members in detail running-config Current Operating configuration securitymgr Securitymgr parameters sessions Display current active open connections snmp Display SNMP engine parameters snmp-server Display SNMP engine parameters sole Smart Opportunistic Location Engine Configuration...
17-22 WS5100 Series Switch CLI Reference Guide WS5100(config)# WS5100(config)#show ip dhcp binding MAC/Client-Id Type Expiry Time ------------- ---- ----------- WS5100(config)# 17.1.25 update DHCP Config Commands Controls the usage of the DDNS service Syntax update (dns)(override) Parameters update (dns) (override) Controls the usage of the DDNS service •...
DHCP Server Instance 17-23 17.2 Configuring the DHCP Server using Switch CLI The switch DHCP configuration is conducted by creating pools and mapping them to L3 interfaces (SVI). • A Network pool is the pool with “include” ranges. When the network pool is mapped to a L3 interface, DHCP clients requesting IPs from the L3 interface get an IP from the configured range •...
17-24 WS5100 Series Switch CLI Reference Guide 17.2.2 Creating a Host Pool To create a host pool: 1. Create a DHCP server host address pool. WS5100(config)#ip dhcp pool hostpool 2. Assign the client name of the host for which static allocation is required.
DHCP Server Instance 17-25 the L3 interface is 192.168.0.0/16, DHCP is not enabled on 192.168.0.0/16, since it is different from 192.168.0.0/24. 3. A network pool without any include range is as good as not having a pool. Add a include range using the command address range address range 192.168.0.30 192.168.0.30...
17-26 WS5100 Series Switch CLI Reference Guide 10.A host pool can have either configured, client-identifier hardware-address but not both. 11.An excluded address range has a higher precedence than an included address range. Thus, if a range is part of both an excluded and included range, it will be excluded.
DHCP Class Instance (config)#ip dhcp class <class name> to enter the instance. Use this instance to configure DHCP user classes. The (config-dhcpclass) switch supports a maximum of 8 user classes per DHCP class. Refer to ip on page 12-6 and DHCP Class Instance on page 18-1for other DHCP related configurations.
18-2 WS5100 Series Switch CLI Reference Guide Table 18.1 DHCP Server Class Command Summary Command Description Ref. option Defines DHCP Server options page 18-5 service Invokes service commands to troubleshoot or debug page 18-6 instance configurations (config-if) show Displays running system information page 18-7 18.1.1 clrscr...
DHCP Class Instance 18-3 18.1.3 exit DHCP Server Class Config Commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG). The prompt changes to WS5100(config)# Syntax exit Parameters None Example WS5100(config-dhcpclass)#exit WS5100(config)# 18.1.4 help DHCP Server Class Config Commands Displays the system’s interactive help system in HTML format Syntax help...
18-4 WS5100 Series Switch CLI Reference Guide 18.1.5 multiple-user-class DHCP Server Class Config Commands Enables the multiple user class option. Once invoked, the client (MU) sends multiple user classes Syntax help Parameters None Example WS5100(config-dhcpclass)#multiple-user-class WS5100(config-dhcpclass)# 18.1.6 no DHCP Server Class Config Commands Negates a command or sets its defaults.
DHCP Class Instance 18-5 18.1.7 option DHCP Server Class Config Commands Specifies a value for DHCP user class options Syntax option (user-class)(user class name) Parameters user-class (user class Creates/modifies DHCP Server user class options name) Usage Guidelines Follow the steps below to create a DHCP user class: 1.
18-6 WS5100 Series Switch CLI Reference Guide Example WS5100(config-dhcpclass)#option user-class MC800 WS5100(config-dhcpclass)# 18.1.8 service DHCP Server Class Config Commands Invokes service commands to troubleshoot or debug instance configurations (config-if) Syntax service (show) (cli) Parameters show (cli) Displays the CLI tree of the current mode...
DHCP Class Instance 18-7 18.1.9 show DHCP Server Class Config Commands Displays current system information Syntax show <parameters> show dhcp [config|status] show ip dhcp [binding|class|pool|sharednetwork] Displays the parameters for which information can be viewed using the show command Example WS5100(config-dhcpclass)#show ? access-list Internet Protocol (IP) aclstats...
Page 392
18-8 WS5100 Series Switch CLI Reference Guide redundancy-history Display state transition history of the switch. redundancy-members Display redundancy group members in detail running-config Current Operating configuration securitymgr Securitymgr parameters sessions Display current active open connections snmp Display SNMP engine parameters...
Radius Server Instance Use the command to move to the RADIUS server mode. Local radius-server local (Onboard) RADIUS server commands are listed under this mode. Use the instance to configure local RADIUS server parameters. (config-radsrv) 19.1 Radius Configuration Commands Table 19.1 summarizes the Global Config command: Table 19.1 RADIUS Server Command Summary Command...
19-2 WS5100 Series Switch CLI Reference Guide Table 19.1 RADIUS Server Command Summary Command Description Ref. help Displays the interactive help system page 19-16 ldap-server Sets LDAP server parameters page 19-17 Sets RADIUS client parameters page 19-19 Negates a command or sets its defaults...
Page 395
Radius Server Instance 19-3 peap-mschapv2 Sets the EAP/PEAP type used with mschapv2 Defines an EAP/TLS configuration scheme ttls-md5 Sets the EAP/TTLS configuration used with the default md5 authentication scheme ttls-mschapv2 Sets the EAP/TTLS configuration used with the default mschapv2 authentication scheme ttls-pap Sets the EAP/TTLS configuration used with the default pap authentication scheme...
19-4 WS5100 Series Switch CLI Reference Guide Usage Guidelines Configures the trustpoint used by the local RADIUS server. Create the before trustpoint it can be used by the command crypto pki trustpoint The default trust point in use is –...
Radius Server Instance 19-5 Usage Guidelines TLS uses certificates for authentication. CRL (updated with a trustpoint), contains index numbers of revoked certificates. The CRL checks for any revoked certificates used for authentication Example WS5100(config-radsrv)#crl-check enable WS5100(config-radsrv)# 19.1.5 end Radius Configuration Commands Ends and exits the current mode and moves to the PRIV EXEC mode.
19-6 WS5100 Series Switch CLI Reference Guide 19.1.7 group Radius Configuration Commands Configures RADIUS user groups. The CLI moves to the config-radsrv-group sub-instance to create a new group The prompt changes from WS5100(config-radsrv)# WS5100 (config-radsrv-group)# Table 19.2 summarizes the RADIUS user group commands within the (config-radsrv-group) sub-instance Table 19.2 RADIUS User Group Command Summary...
Radius Server Instance 19-7 19.1.7.1 clrscr Radius Configuration Commands Clears the display screen Syntax clrscr Parameters None Example WS5100(config-radsrv-group)#clrscr WS5100(config-radsrv-group)# 19.1.7.2 end Radius Configuration Commands Ends and exits the current mode and changes to the PRIV EXEC mode. The prompt changes WS5100# Syntax Parameters...
19-8 WS5100 Series Switch CLI Reference Guide Example WS5100(config-radsrv-group)#exit WS5100(config-radsrv)#group 19.1.7.4 group Radius Configuration Commands Establishes RADIUS user group parameters. This command creates a group within the existing RADIUS group Syntax group Parameters WORD Defines the RADIUS group name Example...
Radius Server Instance 19-9 19.1.7.6 help Radius Configuration Commands Displays the system’s interactive help in HTML format Syntax help Parameters None Example WS5100(config-radsrv-group)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Page 402
19-10 WS5100 Series Switch CLI Reference Guide vlan Sets the VLAN ID for the group wlan Configures WLAN access policy for this group <1-32> Sets the WLAN range for the access policy Removes all the WLAN allowed rad-user Removes a user from this group...
Radius Server Instance 19-11 19.1.7.8 policy Radius Configuration Commands Sets the authorization policies for a particular group (like day/time of access, WLANs allowed etc.) NOTE: A user-based VLAN is effective only if dynamic VLAN authorization is enabled for the WLAN (as defined within the WLAN Configuration screen).
19-12 WS5100 Series Switch CLI Reference Guide <0-59> Sets the minute (mm) access limit vlan Sets the VLAN ID for this group <1-4094> Defines the VLAN range wlan Sets the WLAN access policy for this group <1-32> Sets the WLAN index...
Radius Server Instance 19-13 19.1.7.10 service Radius Configuration Commands Invokes RADIUS service commands (if they have been stopped). This command enables the RADIUS server. A RADIUS restart is executed only from the mode. config Syntax service(clear|diag-shell|radius|save-cli|show|start- shell|tethereal) service radius restart Parameters clear Removes the specified support information...
Page 406
19-14 WS5100 Series Switch CLI Reference Guide Example WS5100(config-radsrv-group)#show ? access-list Internet Protocol (IP) alarm-log Display all alarms currently in the system autoinstall autoinstall configuration banner Display Message of the Day Login banner boot Display boot configuration. clock Display system clock...
Radius Server Instance 19-15 ________________________________ Server Trust-point : default-trustpoint CA Trust-point : default-trustpoint WS5100(config-radsrv)# 19.1.7.12 Example–Creating a Group sub-instance is explained in the example below: (config-radsrv-group) 1. Create a group called Sales in the local RADIUS server database. WS5100(config-radsrv)#group sales 2.
19-16 WS5100 Series Switch CLI Reference Guide 7. Use to add a NAS entry for the group (config-radsrv)#nas WS5100(config-radsrv)#nas ? A.B.C.D/M Radius client IP address WS5100(config-radsrv)#nas 10.10.10.0/24 ? key Radius client shared secret WS5100(config-radsrv)#nas 10.10.10.0/24 key ? Password is specified UNENCRYPTED...
Radius Server Instance 19-17 WS5100(config-radsrv)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1.
Page 410
19-18 WS5100 Series Switch CLI Reference Guide base-dn Specifies a distinguished name that establishes the base object for the search. The base object is the point in the LDAP tree at which to start searching passwd Sets a valid password for the LDAP server...
Radius Server Instance 19-19 19.1.10 nas Radius Configuration Commands Sets the configuration of the RADIUS client Syntax nas(A.B.C.D/M)key(0|2|LINE) Parameters A.B.C.D/M Sets the RADIUS client’s IP address. Sets the RADIUS client’s shared key Defines the Password as UNENCRYPTED Password is encrypted with password-encryption secret LINE Defines the secret (client shared secret) up to 32 characters Example...
Page 412
19-20 WS5100 Series Switch CLI Reference Guide 19.1.11 no Radius Configuration Commands Negates a command or sets its defaults. Syntax no(authentication|ca|crl-check|group|ldap-server|nas|proxy|rad- user|server|service) Parameters authentication Defines the RADIUS authentication Configures Certificate Authority (CA) parameters crl-check Enables a Certificate Revocation List (CRL) check group Sets the local RADIUS server’s group configuration...
Radius Server Instance 19-21 19.1.12 proxy Radius Configuration Commands Configures a proxy RADIUS server based on the realm/suffix Syntax proxy(realm|retry-count|retry-delay) proxy relam(WORD)server(A.B.C.D)port(<1024-65535>)secret(0|2|WORD) Parameters realm WORD The realm name is a string of up to 50 characters • server (A.B.C.D) – Sets the proxy server IP address •...
Radius Server Instance 19-23 Example WS5100(config-radsrv)#rad-user TestRadUser password "I SPY U" WS5100(config-radsrv)# WS5100(config-radsrv)#rad-user guest1 password 0 password1 group guest-group guest expiry-time 12:12 expiry-date 05:12:2007 start-time 12:12 start-date 05:11:2007 WS5100(config-radsrv)# 19.1.14 server Radius Configuration Commands Configures server certificate parameters used by a RADIUS server. The server certificate is a part of a trustpoint created using crypto on page 5-16 Syntax...
19-24 WS5100 Series Switch CLI Reference Guide 19.1.15 service Radius Configuration Commands Invokes the service commands to trobuleshoot or debug the instance (config-radsrv) configuration. This command is also used to enable the RADIUS server Syntax service(clear|diag-shell|radius|save-cli|show|start- shell|tethereal) service radius restart...
Radius Server Instance 19-25 +-tls [authentication eap-auth-type (ttls-md5|ttls-pap|ttls- mschapv2|peap-gt c|peap-mschapv2|tls|all)] +-ttls-md5 [authentication eap-auth-type (ttls-md5|ttls- pap|ttls-mschapv2|pe ap-gtc|peap-mschapv2|tls|all)] +-ttls-mschapv2 [authentication eap-auth-type (ttls-md5|ttls- pap|ttls-mschap v2|peap-gtc|peap-mschapv2|tls|all)] +-ttls-pap [authentication eap-auth-type (ttls-md5|ttls- pap|ttls-mschapv2|pe ap-gtc|peap-mschapv2|tls|all)] +-ca +-trust-point -- MORE --, next page: Space, next line: Enter, quit: Control-C 19.1.16 show Radius Configuration Commands Displays current system information running on the switch...
Page 418
19-26 WS5100 Series Switch CLI Reference Guide licenses Show any installed licenses logging Show logging configuration and buffer Media Access Control management Display L3 Managment Interface name mobility Display Mobility Parameters Network time protocol password-encryption password encryption privilege Show current privilege level...
Wireless Instance Use the instance to configure local RADIUS server parameters (config-wireless) associated with the switch. 20.1 Wireless Configuration Commands Table 20.1 summarizes commands: (config-wireless) Table 20.1 Wireless Config Command Summary Command Description Ref. Sets Adaptive AP (AAP) related commands page 20-4 adopt-unconf-radio Adopts a radio even if its not yet...
Page 420
20-2 WS5100 Series Switch CLI Reference Guide Table 20.1 Wireless Config Command Summary (Continued) Command Description Ref. ap-timeout Changes the default inactivity timeout for page 20-9 access ports ap-udp-port Configures the UDP port for AP L3 adoption page 20-9 NOTE: Enable this option in the DHCP...
Page 421
Wireless Instance 20-3 Table 20.1 Wireless Config Command Summary (Continued) Command Description Ref. mac-auth-local Defines the local MAC authentication list page 20-23 manual-wlan-mapping Allows the manual mapping/un-mapping page 20-24 of WLANs to configured radios mobile-unit Configures mobile unit parameters page 20-24 mobility Configures mobility parameters page 20-25...
Wireless Instance 20-5 20.1.3 adoption-pref-id Wireless Configuration Commands Use as a preference identifier for the switch. All radios configured with this preference identifier are more likely to be adopted by this switch Syntax adoption-pref-id Parameters <1-65535> Set a Pref-ID (1-65535) Example WS5100(config-wireless)#adoption-pref-id 500 20.1.4 ap...
Wireless Instance 20-7 Example WS5100(config-wireless)#ap-detection enable WS5100(config-wireless)# WS5100(config-wireless)#ap-detection approved add 150 any any WS5100(config-wireless)# WS5100(config-wireless)#ap-detection mu-assisted-scan enable WS5100(config-wireless)# WS5100(config-wireless)#ap-detection mu-assisted-scan refresh 520 WS5100(config-wireless)# 20.1.6 ap-ip Wireless Configuration Commands Modifies the static IP address for an access port Syntax ap-ip [<List of Indices/MAC address >|default-ap] ap-ip <List of Indices>...
Page 426
20-8 WS5100 Series Switch CLI Reference Guide Parameters <List of Indices> / MAC to view an AP’s index or MAC show wireless ap address. Select the AP’s index / MAC Address to modify its address static IP address • static-ip – Sets the static IP address, netmask and gateway address of the AP •...
Wireless Instance 20-9 20.1.7 ap-timeout Wireless Configuration Commands Changes the default inactivity timeout for access ports Syntax ap-timeout <index> <40-180> Parameters <Index> <40-180> Access-ports identified by a single MAC address or by a list of indices. Use to view the AP’s index show wireless ap or MAC address •...
20-10 WS5100 Series Switch CLI Reference Guide 20.1.9 broadcast-tx-speed Wireless Configuration Commands Configure the rate at which broadcast and multicast traffic is transmitted between the switch and mobile unit Syntax broadcast-tx-speed(range|throughput) Parameters range Uses a lowest basic rate. Provides maximum range throughput Uses a highest basic rate.
Page 429
Wireless Instance 20-11 include-list Defines the wireless client include list configuration. No MU NAC check is conducted, except for those in the include list. Devices in the include-list will have NAC checks Usage Guidelines Refer to the configurations below to: •...
20-12 WS5100 Series Switch CLI Reference Guide WS5100(config-wireless)# no wlan 1 nac-server primary WS5100(config-wireless)# no wlan 1 nac-server primary secret WS5100(config-wireless)# no wlan 1 nac-server secondary WS5100(config-wireless)# no wlan 1 nac-server secondary radius-key WS5100(config-wireless)# no wlan 1 nac exclude-list protected-...
Page 431
Wireless Instance 20-13 station config-wireless-client-list Adds a specified MAC entry into the client’s exclude or include list Syntax (config-wireless-client-list) station (host-name) [MU mac address|MU mac mask] Parameters host-name Defines an index for this host entry in the client list. The host station name must be of size <1-21>...
20-14 WS5100 Series Switch CLI Reference Guide Example WS5100(config-wireless-client-list)#wlan 1 WS5100(config-wireless-client-list)# 20.1.11 clrscr Wireless Configuration Commands Clears the display screen Syntax clrscr Parameters None Example WS5100(config-wireless)#clrscr WS5100(config-wireless)# 20.1.12 convert-ap Wireless Configuration Commands Changes the mode of operation of an AP to either sensor or standalone Syntax convert-ap <1-48>(default|sensor|standalone)
Wireless Instance 20-15 standalone Converts a thin AP-4131 back to a stand-alone AP Note: The switch will not be able to adopt this AP again until the AP is converted back to a thin-AP using the AP’s configuration interface Example WS5100(config-wireless)#convert-ap 1 default WS5100(config-wireless)# 20.1.13 country-code...
Page 434
20-16 WS5100 Series Switch CLI Reference Guide Colombia Costa Rica Cyprus Czech Republic Germany Denmark Dominican Republic Ecuador Estonia Egypt Spain Finland France United Kingdom Greece Guatemala Guam Hong Kong Honduras Croatia Haiti Hungary Indonesia Ireland Israel India Iceland Italy...
Wireless Instance 20-17 Poland Portugal Qatar Romania Russia Saudi Arabia Sweden Singapore Slovenia Slovak Republic Thailand Turkey Taiwan Ukraine United States Uruguay Venezuela Vietnam South Africa WS5100(config-wireless)#country-code 20.1.14 dhcp-sniff-state Wireless Configuration Commands Records mobile unit DHCP state information Syntax dhcp-sniff-state Parameters enable Allows support for recording DHCP state information for...
20-18 WS5100 Series Switch CLI Reference Guide 20.1.15 dot11-shared-key-auth Wireless Configuration Commands Enables support for 802.11 shared key authentication NOTE: Shared key authentication has known weaknesses that can compromise your WEP key. It should only be configured to accommodate wireless stations unable to carry out Open-System...
Wireless Instance 20-19 20.1.17 exit Wireless Configuration Commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG). The prompt changes to WS5100(config)# Syntax exit Parameters None Example WS5100(config-wireless)#exit WS5100(config)# 20.1.18 fix-broadcast-dhcp-rsp Wireless Configuration Commands Converts broadcast DHCP server responses to unicast Syntax fix-windows-dhcp Parameters...
20-20 WS5100 Series Switch CLI Reference Guide Parameters None Example WS5100(config-wireless)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Page 439
Wireless Instance 20-21 Parameters anomaly-detection Configures parameters related to the detection of {options} (enable|filter- anomalous frames on the RF network ageout) • all – Enables all types of anomalous frames • average-noise-level [enable|filter-ageout|threshold] – Enables and sets the filters and threshold levels for sudden changes in RSSI •...
Page 440
20-22 WS5100 Series Switch CLI Reference Guide ex-ops {} Sets values related to the detection of excessive operations on the RF network • 80211-replay-fails – 802.11 replay check failure • all – Changes for all types of excessive operations • association-requests – 802.11 authentication and association requests authentication-fails –...
Wireless Instance 20-23 WS5100(config-wireless)# WS5100(config-wireless)#ids ex-ops 80211-replay-fails filter-ageout 5200 WS5100(config-wireless)# 20.1.21 mac-auth-local Wireless Configuration Commands Configures the local MAC authentication list Syntax mac-auth-local<1-1000> (allow|deny)(Starting MAC Address)(Ending MAC Address)(range/list of WLAN indicies)WORD Parameters <1-1000> Sets the mac-auth-local entry allow Allows mobile units that match this rule to associate deny Denies association to mobile units that match this rule Starting MAC Address...
20-24 WS5100 Series Switch CLI Reference Guide 20.1.22 manual-wlan-mapping Wireless Configuration Commands Manually maps WLANs configured on a radio Syntax manual-wlan-mapping Parameters enable Enables support for manual WLAN mapping Example WS5100(config-wireless)#manual-wlan-mapping enable WS5100(config-wireless)# 20.1.23 mobile-unit Wireless Configuration Commands Configures mobile unit related parameters...
20-26 WS5100 Series Switch CLI Reference Guide WS5100(config-wireless)#mobility max-roam-period 10 WS5100(config-wireless)# WS5100(config-wireless)#mobility peer 157.208.235.108 WS5100(config-wireless)# 20.1.25 multicast-packet-limit Wireless Configuration Commands Sets a multicast packet limit (per second) for a VLAN. This limits broadcast/multicast packets per VLAN. The default vlaue is 32 broadcast/multicast packets per second Syntax multicast-packet-limit <1-128>...
Page 445
Wireless Instance 20-27 Parameters low <0-100> Sets the low water-mark. If the percentage of free packets in the system is lower than this threshold, the incoming frame is dropped high <0-100> Sets the high water-mark. If the percentage of free packets in the system is between the low water-mark and this value, the packet is subjected to a random-early-drop.
20-28 WS5100 Series Switch CLI Reference Guide 20.1.28 proxy-arp Wireless Configuration Commands Responds to ARP requests from the RON to the WLAN on behalf of mobile units Syntax proxy-arp Parameters enable Enables the support of proxy arp Example WS5100(config-wireless)#proxy-arp enable WS5100(config-wireless)# 20.1.29 qos-mapping...
Wireless Instance 20-29 video Prioritizes Video category traffic voice Prioritizes Voice category traffic wireless-to-wired Sets the mappings used while switching wireless traffic to the RON side dot1p<0-7> Configures the 802.1p tags that correspond to a selected access category Example WS5100(config-wireless)#qos-mapping wireless-to-wired background dot1p 5 WS5100(config-wireless)# 20.1.30 radio...
Page 448
20-30 WS5100 Series Switch CLI Reference Guide radio <1-1000> bridge-msg-age <6-40> radio <1-1000> bridge-priority <0-65535> radio <1-1000> channel-power(indoor|outdoor)(<1-200>|acs|random) <4-20> radio <1-1000> client-bridge [enable|mesh-timeout <2-200>| ssid (SSID name)] radio <1-1000> coordinates <-65535-65535> <-65535-65535> radio 1 copy-config-from [<1-1000>|default-11a|default-11b| default-11bg] radio <1-1000> dtim-period<1-50> bss<1-4>...
Page 449
Wireless Instance 20-31 Adopts the default 11b configuration template default-11b default-11bg Adopts the default 11bg configuration template adoption-pref-id <0- Employs a preference identifier for this radio port. The radio 65535> port is more likely to be adopted by a wireless switch that is a preferred switch antenna-mode Defines the antenna diversity mode.
Page 450
20-32 WS5100 Series Switch CLI Reference Guide bss (<1-4>|add- Maps WLANs to radio BSSIDs wlans|auto) WLAN • <1-4>– Sets the BSS where WLANs are mapped • add-wlans – Adds new WLANs to existing radios. The other WLANs on the radios are left as is •...
Page 451
Wireless Instance 20-33 copy-config-from Copies the configuration from a previously configured radio [<1-1000>|default-11a| • <1-1000> – Defines a single radio index default-11b| • default-11a – Uses the default 11a configuration default-11bg] template • default-11b – Uses the default 11b configuration template •...
Page 452
20-34 WS5100 Series Switch CLI Reference Guide mac <MAC address> Changes the parent (access-port) MAC address of the radio max-mobile-units <1- Maximum number of mobile units allowed to associate 256> mu-power <0-20> Power adjustment level for mobile units associated with this access-port.
Page 454
20-36 WS5100 Series Switch CLI Reference Guide tag_type Configures the WI-FI tag type. [aeroscout|cricket|newb • aeroscout – Aeroscout active tag ury] (listen-addr) • cricket – Cricket (Motorola) Active tag <MAC address> • newbury – Newbury active tag • listen-addr – Configures a multicast listening address for active tags •...
Page 455
Wireless Instance 20-37 • burst<0-65535> – (transmit-opportunity) Sets an interval when a particular WMM STA has the right to initiate transmissions onto the wireless medium • cw<0-15> – (Contention Window parameters) Wireless stations pick a number between 0 and the minimum contention window to wait before re-trying transmissions Stations then double their wait time on a collision, until it reaches the maximum contention window...
20-38 WS5100 Series Switch CLI Reference Guide 20.1.31 rate-limit Wireless Configuration Commands Sets the default rate limit per user Syntax rate-limit {down|up}<0-100000> Parameters down <0-100000> Sets the up link direction - from the wireless client to the network Defines the rate in the range of <0-100000> kbps, 0=disable rate limit up <0-100000>...
Page 457
Wireless Instance 20-39 Parameters interference-avoidance Interference avoidance configuration. enable Enables/disables interference avoidance hold-time<0-65535> The number of seconds to disable interference avoidance after a detection. This prevents a radio from changing channels continuously. Set the hold-time between 0-65535 seconds retries<0.0-15.0> Defines the average number retries to cause a radio to re-run auto channel selection.
20-40 WS5100 Series Switch CLI Reference Guide Example WS5100(config-wireless)#self-heal interference-avoidance enable WS5100(config-wireless)# WS5100(config-wireless)#self-heal interference-avoidance hold-time WS5100(config-wireless)# WS5100(config-wireless)#self-heal neighbor-recovery enable Note: reducing the configured transmit power of radios will ensure that there is room to increase power when a neighbor fails...
Wireless Instance 20-41 default-config Invokes the default configuration sent to sensors when (ip-mode|wips-server-ip) configured • ip-mode – Configures the IP address of the sensors • dhcp – Sensors use DHCP to obtain an IP address • static (A.B.C.D/M)(A.B.C.D) – Sensors use the specific static IP address A.B.C.D/M –...
Page 460
20-42 WS5100 Series Switch CLI Reference Guide service show (wireless) [ap-history|ap-list|buffer-counters| enhanced-beacon-table|enhanced-probe-table|legacy-load-balance| mu-cache-buckets|mu-cache-entry|mvlan <1-32>| radio(<1-1000>|description)|snmp-trap-throttle|vlan-cache-buckets| vlan-cache-entry] service wireless [ap-history|buffer-counters|clear-ap-log| dump-core|enhanced-beacon-table|enhanced-probe-table| idle-radio-send-multicast|legacy-load-balance|radio-misc-cfg| rate-scale|request-ap-log|save-ap-log|snmp-trap-throttle| vlan-cache] service (wireless)ap-history [clear|enable] service (wireless)buffer-counters (clear) service (wireless)clear-ap-log <1-48> service (wireless)idle-radio-send-multicast (enable) service (wireless)request-ap-log <1-48> Parameters ap-history...
Page 461
Wireless Instance 20-43 mvlan <1-32> Displays multi-Vlan Debug stats • <1-32> – Defines a single WLAN’s index radio Sets a radio’s serviceability parameters [<1-1000>|description] • <1-1000> – Defines a single radio’s index • description – Displays the description and location coordinates of detected radios snmp-trap-throttle Displays stats related to SNMP trap throttling...
Page 462
20-44 WS5100 Series Switch CLI Reference Guide enhanced-beacon-table Configures an AP for detecting and locating other APs in the [channel-set (a|bg) <1- network 200> | enable | erase- • channel-set (a|bg) <1-200> – 802.11a / 802.11bg report | max-ap <0-512> | channel-set settings used for AP locationing scan-interval <10-60>...
Page 463
Wireless Instance 20-45 enhanced-probe-table Configures an AP for detecting and locating MUs. The [enable | erase-report | switch maintains an enhanced-probe-table to track the max-mu <0-512> | probes received by an AP. preferred (add) • enable – Disables or enables the gathering of <MAC Address>...
Page 464
20-46 WS5100 Series Switch CLI Reference Guide Example WS5100(config-wireless)#service show wireless ap-history AP MAC Radio Timestamp Event Reason =================================================================== 00-A0-F8-BF-8A-4B 20070926-20:23:10 Adoption WS5100(config-wireless)# WS5100(config-wireless)#service show wireless mvlan 20 Wlan 20: pool_size =1 ----------------------------------------------------- [ 0]: wlan=20, vlan_id=1, limit=0, users=0, log_sent=0...
Page 465
Wireless Instance 20-47 2] 00-A0-F8-BF-8A-4B 00-A0-F8-BF-ED-BC 11a RADIO2 0 0 0 WS5100(config-wireless)# WS5100(config-wireless)#service show wireless snmp-trap-throttle throttle : 10 (default = 10) traps allowed through throttle: 9 traps dropped through throttle: 0 WS5100(config-wireless)# 20.1.35 show Wireless Configuration Commands Displays current system information running on the switch Syntax show<paramater>...
Page 466
20-48 WS5100 Series Switch CLI Reference Guide management Display L3 Managment Interface name mobility Display Mobility parameters Network time protocol password-encryption password encryption port-channel Portchannel commands privilege Show current privilege level radius RADIUS configuration commands redundancy-group Display redundancy group parameters...
Page 469
Wireless Instance 20-51 aap-proxy-radius Enables configuring of proxying AAP radius requests (enable) (realm) <name> • realm <name> – Provide proxy realm name (strip) • strip – Strip realm name while proxying requests accounting Defrines the accounting configuration on this WLAN (none|radius|syslog) •...
Page 470
20-52 WS5100 Series Switch CLI Reference Guide authentication-type Sets the authentication type for this WLAN (eap|hotspot|kerberos| • eap – EAP authentication (802.1X) mac-auth|none) • hotspot – Web based authentication • kerberos – Kerberos authentication (encryption will change to WEP128 if its not already wep128/keyguard) •...
Page 471
Wireless Instance 20-53 • key(0|2|WORD) – Configure the key (PMK) • 0 – Password is specified UNENCRYPTED • 2 – Password is encrypted with password- encryption secret • WORD – The 256bit (64 hex characters) long • key-rotation (enable) – Controls the periodic update of the broadcast keys for associated mobile units •...
Page 472
20-54 WS5100 Series Switch CLI Reference Guide • WORD – Sets the 256bit (64 hex characters) • tkip-cntrmeas-hold-time <0-65535> – Configures the hold-time (in seconds) that clients are blocked whenTKIP countermeasures are invoked. Default is 60 seconds • wpa2-tkip (enable) – Enables support for WPA2-TKIP (in...
Page 473
Wireless Instance 20-55 hotspot() Modifies hotspot related parameters • allow (rule index) (IP address) – Modifies hotspot allow- list parameters Users who have not yet authenticated must be allowed access to these IP addresses • Rule index – Allow-list Rule index (must be between (1-10) •...
Page 474
20-56 WS5100 Series Switch CLI Reference Guide inactivity-timeout Sets an inactivity timeout in seconds. If a frame is not <60-86400> received from a mobile unit for this amount of time, the mobile unit is disassociated kdc [password (0||LINE) | Modifies KDC related parameters.
Page 475
Wireless Instance 20-57 mu-mu-disallow Disallows frames from one mobile unit to another mobile unit on this WLAN (switch-to-wired) • switch-to-wired – Disallows by switching the frame out on the wired side (to allow an externalswitch to decide whether this frame is to be allowed or dropped) nac-mode Sets the Network Access Control (NAC) mode configuration [bypass-nac-except-...
Page 476
20-58 WS5100 Series Switch CLI Reference Guide nac-server () Configure a NAC server IP address and an optional [primary|secondary|time authentication port number out] • [primary|secondary] [EAP Server IP Address|RADIUS Key] – Primary server or secondary server’s IP address • A.B.C.D (auth-port) – Set an EAP server IP...
Page 477
Wireless Instance 20-59 Quality of Service commands [classification | • classification [background|best-effort|video|voice|wmm] mcast-with-dot11i| – Select how traffic on this WLAN is classified (relative mcast1 | mcast2 | prioritization on the access port) prioritize-voice | svp | • background – Traffic on this WLAN is treated weight|wmm] as background traffic •...
Page 478
20-60 WS5100 Series Switch CLI Reference Guide • ip-address – Sets the RADIUS server’s IP address • auth-port<1024-65535> – Establishes the RADIUS server’s authentication port (default:1812) • radius-key – Sets the RADIUS server shared secret, up to 127 characters • 0 – Password is specified UNENCRYPTED •...
Page 479
Wireless Instance 20-61 ssid Enter the SSID of this WLAN syslog (accounting) Syslog Accounting. server <IP Address> • accounting – Modifies accounting parameters port <Port number> • server<IP Address> – Modifies the Syslog accounting server IP Address • port <Port Number> – Defines the Syslog server port The default port number is 514 vlan<1-4094>...
Page 482
20-64 WS5100 Series Switch CLI Reference Guide...
Page 483
SOLE Instance Use the instance to configure SOLE related configuration commands. (config-sole) 21.1 SOLE Config Commands Table 21.1 summarizes commands: config-sole Table 21.1 Location Engine Config Command Summary Command Description Ref. adapter Configures the SOLE adapter page 21-2 clrscr Clears the display screen page 21-2 Ends the current mode and moves to the EXEC mode page 21-3...
21-2 WS5100 Series Switch CLI Reference Guide 21.1.1 adapter SOLE Config Commands Enables/disables a specified adapter, or all the adapters Syntax adapter (aeroscout) (enable) Parameters adapter (aeroscout) SOLE adapter name. (enable) • aeroscout – Defines the name of the adapter •...
Page 485
SOLE Instance 21-3 21.1.3 end SOLE Config Commands Ends and exits the current mode and moves to the PRIV EXEC mode. The prompt changes WS5100# Syntax Parameters None Example WS5100(config-sole)#end WS5100# 21.1.4 exit SOLE Config Commands Ends the current mode and moves to the previous mode (GLOBAL-CONFIG). The prompt changes to WS5100(config)# Syntax...
Page 486
21-4 WS5100 Series Switch CLI Reference Guide Example WS5100(config-sole)#help CLI provides advanced help feature. When you need help, anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.
Page 487
SOLE Instance 21-5 21.1.7 service SOLE Config Commands Invokes service commands to troubleshoot or debug instance configurations (config-if) Syntax service (show) (cli) Parameters show (cli) Displays the CLI tree of current mode Example WS5100(config-sole)#service show cli Location Engine Config mode: +-adapter +-ADAPTER +-enable [adapter (ADAPTER|) enable]...
21-6 WS5100 Series Switch CLI Reference Guide 21.1.8 show SOLE Config Commands Displays current system information Syntax show <parameters> show sole [config(adapter)|stats (adapter)|status(adapter|engine)] Parameters Displays the parameters for which information can be viewed using the show command Example sole)#show WS5100(config-...
Page 489
SOLE Instance 21-7 redundancy-history Display state transition history of the switch. redundancy-members Display redundancy group members in detail running-config Current Operating configuration securitymgr Securitymgr parameters sessions Display current active open connections snmp Display SNMP engine parameters snmp-server Display SNMP engine parameters sole Smart Opportunistic Location Engine Configuration...
Page 490
21-8 WS5100 Series Switch CLI Reference Guide WS5100(config-sole)#show sole status adapter Type Status ----------------------------- AeroScout disabled WS5100(config-sole)# WS5100(config-sole)#show sole status engine Type Engine State ------------------------------------------- AeroScout 0.0.0.0 Offline WS5100(config-sole)#...
Page 492
MOTOROLA INC. 1303 E. ALGONQUIN ROAD SCHAUMBURG, IL 60196 http://www.motorola.com 72E-103896-01 Revision A January 2008...