WS5100 Series Switch
Contents
1. Command Description Ret ip Internet Protocol IP page 5 27 license Sets license management commands page 5 32 line Configures a terminal line page 5 33 local Sets the username and password for local user page 5 33 authentication logging Modifies message logging facilities page 5 34 mac Configures MAC access lists page 5 35 mac address Configures MAC address table page 5 36 table management Sets properties of the management interface page 5 37 no Negates a command or set its defaults page 2 4 ntp Configures NTP parameters page 5 37 prompt Sets the system prompt page 5 41 radius server Enters the RADIUS server mode page 5 41 redundancy Configures redundancy group parameters page 5 42 service Service commands page 5 44 snmp server Modifies SNMP engine parameters page 5 45 sole Configures location engine parameters page 5 55 spanning tree Configures spanning tree commands page 5 56 timezone Configures the timezone page 5 60 username Establishes user name authentication page 5 60 vpn Defines the VPN configuration page 5 61 5 4 WS5100 Series Switch CLI Reference Guide 5 1 1 Table 5 1 Global Contig Mode Command Summary Command Description Ret wireless Configures wireless parameters page 5 61 wlan acl Apply an ACL on WLAN page 5 62 aaa Global Configuration Commands Configures the current authentication authorization and accounting aaa login settings Syntax aaa authentication2. Syntax terminal length lt 0 512 gt no length lt 0 512 gt width width lt 0 512 gt Parameters length Sets the number of lines on a screen no Negates a command or sets Its defaults width Sets the width number of characters on a screen line Example WS5100 gt terminal length 100 WS5100 gt WS5100 gt terminal width 200 WS5100 gt traceroute User Exec Commands Traces the route to its defined destination Syntax traceroute WORD ip WORD Parameters WORD Traces the route to a destination address or hostname IP Address IP trace Example WS5100 traceroute 157 222 333 33 traceroute to 157 235 208 39 157 235 208 39 30 hops max 38 byte packets 1 157 235 208 39 157 235 208 39 0 466 ms 0 363 ms 0 226 ms WS5100 3 10 WS5100 Series Switch CLI Reference Guide Privileged Exec Commands Most PRIV EXEC commands set operating parameters Privileged level access should be password protected to prevent unauthorized use The PRIV EXEC command set includes commands contained within the USER EXEC mode The PRIV EXEC mode also provides access to configuration modes and includes advanced testing commands The PRIV EXEC mode prompt consists of the host name of the device followed by a pound sign To access the PRIV EXEC mode enter the following at the prompt WS5100 enable The PRIV EXEC mode is often referred to as the enable mode because the enable command is used to enter the mode
3. Example WS5100 config timezone America Asia Atlantic Australia Etc Europe Pacific Africa WS5100 config timezone America America Anchorage America Bogota America Buenos Aires America Caracas America Chicago 7 America Costa_Rica America Denver America Los Angeles America Mexico City America Montreal America New_ York America Phoenix America Santiago America Sao_ Paulo America St_ Johns America Tegucigalpa America Thule America Winnipeg America Indianapolis WS5100 config timezone America Chicago WS5100 config username Global Configuration Commands Establishes user name authentication Syntax username Parameters WORD Enter a name to authenticate the switch The username should be between 1 and 28 characters 5 1 34 5 1 35 Global Configuration Commands 5 61 Example WS5100 config username GoldenSwitch WS5100 config vpn Global Configuration Commands Configure VPN settings Syntax vpn authentication method local radius Parameters authentication method Selects the authenication scheme local Use this for user based authentication radius Use this for RADIUS server authentication Usage Guidelines Virtual Private Network VPN enables IP traffic to travel securely over a public TCP IP network by encrypting all traffic from one network to another A VPN uses tunneling to encrypt all information at the IP level Example wire
4. ip route A B C D A B C D M lt next hop gt lp routing lp ssh port rsa ip ssh port lt 0 65536 gt lp ssh rsa keypair name WORD lp telnet port lt 0 65535 gt Parameters access list Using the access list parameter options to enter the ext nac1 context and the std nac1 context The prompt changes to the context entered e For more information see Extended ACL Instance on page 14 1 e Foran extended ACL and Standard ACL Instance on page 15 1 for standard ACL default gateway Configures the IP address of the default gateway A B C D e A B C D IP address of the next hop router Global Configuration Commands 5 29 dhcp DHCP server configuration e bootp Defines the BOOTP specific configuration e ignore Configures the DHCP server to ignore BOOTP requests class Defines a DHCP class and enters the DHCP class configuration mode e WORD DHCP class name excluded address Prevents DHCP server from assigning certain addresses e B C D Low IP address option lt name gt Defines the DHCP servers option name ping timeout lt 1 10 gt Specifies HDHCP servers ping timeout in seconds e pool lt name gt Configures the DHCP server s address pool For more information see DHCP Server Instance on page 17 1 domain lookup Enables the DNS based name to address translation on the switch domain name Sets the domain name for the switch http Hyper Text
5. configurations Syntax service clear diag shell save cli show start shell tethereal Parameters clear Removes the specified support information diag shell Provides diagnostic shell access to debug and test the switch save cli Saves CLI tree for all modes in HTMLformat show Displays the running system information start shell Provides shell access tethereal Dumps and analyzes network traffic Example WS5100 config ext nacl service diag shell Diagnostic shell started for testing diag gt boot delete exit fallback help logout no reload service show upgrade Reboots the switch Deletes specified file from the system Exit from the CLI Configures firmware fallback feature Description of the interactive help system Exit from the CLI Negate a command or set its defaults Halt and perform a warm reboot Service Commands Show running system information Upgrade firmware image Extended ACL Instance 14 19 diag gt WS5100 config ext nacl service save cli CLI command tree is saved as clitree html This tr can be viewed via web at http lt ipaddr gt cli clitree html WS5100 config ext nacl WS5100 config ext nacl service show cli Show CLI tree of current mode command history Display command except show commands history crash info dump files info last passwd reboot history startup log upgrade history Show Display last Show startup Show upgrade WS5100 config e
6. Negates a command or sets ts defaults Specifies packets to forward Invokes service commands to troubleshoot or debug config if instance configurations show Displays running system information 15 2 15 1 1 15 1 2 WS5100 Series Switch CLI Reference Guide Table 15 1 Standard ACL Config Command Summary Continued Sets terminal line parameters Command Ref terminal page 15 11 clrscr Standard ACL Config Commands Clears the display screen Syntax clrscr Parameters None Example WS5100 config std nacl clrscr WS5100 config std nacl deny Standard ACL Config Commands Specifies packets to reject Syntax deny A B C D M any host deny any log rule precedence deny any log rule precedence lt 1 5000 gt deny any rule precedence lt 1 5000 gt deny host A B C D Parameters A B C D M Sets the source IP address range to match any Any source IP address e log The log matches against this entry e rule precedence lt 1 5000 gt Determines the access list entry precedence 15 1 3 Standard ACL Instance 15 3 host Single host address e A B C D Exact source IP address to match Usage Guidelines Use this command to deny traffic based on the source IP address or network address The last ACE in the access list is an implicit deny statement Whenever the interface receives the packet its content is checked against all the
7. 11 1 10 password gt Trustpoint PKI Config Commands Sets the challenge password applicable only for requests to acces trustpoint Syntax password 0 2 WORD Parameters 0 Password is specified as UNENCRYPTED The password should be between 4 to 20 characters 2 Password is encrypted with password encryption secret The string length of encrypted password should be between 44 64 characters WORD Sets the password 4 to 20 characters Example WS5100 config trustpoint password 0 TestPassword WS5100 config trustpoint crypto trustpoint Instance 11 7 11 1 11 rsakeypair gt Trustpoint PKI Config Commands Configures a RSA Keypair to associate with the trustpoint Syntax rsakeypair Parameters WORD RSA Keypair Identifier Usage Guidelines The RSA key pair configures the switch to have Rivest Shamir and Adelman RSA key pairs Thus the switch software can maintain a different key pair for each identity certificate Example WS5100 config trustpoint rsakeypair were WS5100 config trustpoint The rsakeypair name were in this example is an exisitng keypair value 11 1 12 service gt Trustpoint PKI Config Commands Invokes service commands to trobuleshoot or debug the crypto pki trustpoint instance configuration Syntax service clear diag shell save cli show start shell tethereal Parameters clear Removes specified support information diag shell Provides diagnosti
8. Display current active open connections Display SNMP engine parameters Display SNMP engine parameters Smart Opportunistic Location Engine Configuration Display spanning tree information Contents of startup configuration static channel group static channel group membership terminal Display terminal configuration parameters timezone Display timezone upgrade status Display last image upgrade status users Display information about currently logged in users version Display software amp hardware version wireless Wireless configuration commands wlan acl wlan based acl WS5100 config if show WS5100 config if Standard IP access li st 1 show access list deny any rule precedence 1 WS5100 config if WS5100 config if show boot Image Build Date Install Date Version Primary Aug 28 14 05 16 2006 Aug 29 18 32 17 2006 3 0 0 0 2008 Secondary Aug 14 06 18 03 2006 Aug 17 15 08 28 2006 3 0 0 0 180B Current Boot Next Boot Software Fallback WS5100 config if Primary Primary Enabled WS5100 config if show wireless ap ap detection config ap images wireless ap unadopted approved aps scans Status of adopted access port Detected AP Configuration Parameters List of access port images on the switch List of unadopted access port Approved APs seen by access port channel power levels for config hotspot config ids mac auth local mobile unit phrase to key passphrase qos ma
9. NEE ETAT A A le 8 g 9 g rias dida tea A eee is A E A o Manual WanNINNNG 2 cresacseetiaseiecieeacsedissdacesreseracsdda 20 24 MONS ALINE lt 3 Sc hrs eae ds Senne 20 24 NEY ara pa dnd vette ratas srl ds ted did Be 20 25 TKASOSCHETENNIE ccoo rines 20 26 multicast throttle watermark 2 0 2 0 cee eee eee eee 20 26 Manel soo 6ccdndochoedoddesaveadekinddovaedadsussedweseaneelhOd Contents TOC Chapter 21 SOLE Instance ZA SOLE Contig LOMAS vernos rr dr a aca 21 1 AREE E N EES E EEEE S ea aba Wed aed TES E died fed 21 2 I eee areae A e E NE E E EA 21 2 AEE TETT EEEE EE ETE TEE E E TE EE EEEE ETE E 21 3 DEAS COMI E EA AE a E hess 21 3 ANS Id ais E S PE eee or 21 3 AREE NANE A AA 21 4 ULA SS AE E A EN E E A EEE rie 21 5 AME E E VEEE TEENE E ATEST INE ETELE TIETE NEET OE PESE TIEA 21 6 TOC 14 WS5100 Series Switch CLI Reference Guide 1 1 Introduction This chapter describes the commands defined by the switch Command Line Interface CLI Access the CLI by running a terminal emulation program on a computer connected to the serial port on the front of the switch or by using a Telnet session via secure shell SSH to access the switch over the network The default CLI user designation is eli The default username and password are adminand superuser CLI Overview The CLI is used for configuring monitoring and maintaining the switch managed network The user interface allows you to execute comm
10. Specifies ICMP as the protocol source source mask host source any The keyword source is the source IP address of the network or host in dotted decimal format The source mask is the network mask For example 10 1 1 10 24 indicates the first 24 bits of the source IP are used for matching e anyis an abbreviation for source IP of 0 0 0 0 and source mask bits equal to 0 e hostis an abbreviation for exact source A B C D and source mask bits equal to 32 destination destination mask host destination any Defines the destination host IP address or destination network address icmp type icmp type icmp code Sets the ICMP type value from 0 to 255 valid only for ICMP Set an ICMP code value from 0 to 255 valid only for ICMP log Generates log messages when the packet coming from the interface matches the ACL entry Log messages are generated only for router ACLs rule precedence access list entry precedence Set an integer value between 1 5000 This value sets the rule precedence in the ACL WS5100 Series Switch CLI Reference Guide permit tep udp source source mask host source any operator source port destination destination mask host destination any operator destination port log rule precedence access list entry precedence Use with the permit command to allow TCP or UDP packets permit Allows TCP or UDP packets tcp udp Specifies TC
11. WS5100 config ext nacl mark Extended ACL Config Commands Specifies packets to mark Syntax mark dotlp lt 0 7 gt tos lt 0 255 gt ip source source mask host source any destination destination mask host destination any log rule precedence access list entry precedence mark dotlp lt 0 7 gt tos lt 0 255 gt icmp source source mask host source any destination destination mask host destination any icmp type icmp type icmp code log rule precedence access list entry precedence mark dotlp lt 0 7 gt tos lt 0 255 gt tep udp source source mask host source any operator source port destination destination mask host destination any operator destination port log rule precedence access list entry precedence Parameters Extended ACL Instance 14 9 mark dot1p lt 0 7 gt tos lt 0 255 gt ip source source mask host source any destination destination mask host destination any log rule precedence access list entry precedence Use with the mark command to specify IP packets as marked mark dot1p lt 0 7 gt tos lt 0 255 gt Defines action types on an ACL mark is functional only over a Port ACL e dot1p lt 0 7 gt Used only with the action type mark to specify 8021p priority values e tos lt 0 255 gt Used only with action the type mark to specify Type Of Service tos values ip Specifie
12. pki request trustpoints name Displays Public Key Infrastructure PKI commands e request name Displays the certificate requests e trustpoints name Displays the trustpoints and their configuration Usage Guidelines The security engine periodically updates the IPSec and Isakamp statistics every 60 seconds Common Commands 2 31 Example WS5100 config show crypto pki request tptest Sani BEGIN CERTIFICATE REQUEST MI IB2zCCAUQCAQAwWa DELMAkKGA1LUEBhMCaW4 xEj AOBGNVBAgTCWthem5hdGFrYTES MBAGA1UEBxMJYmFuZ2Fsb3J1MQ8wDOYDVOOKEwZzeW1 ib2wxDDAKBgNVBAsTA3dp ZDESMBAGA1UEAxMJdGVzdC1j ZXJOMIG MA0DGCSQGS Ib3DQEBAQUAA4GNADCBiQKB g0C3qisZzdTn7rKzv5TrGtKt7fwMwaYpgehy15214fDLZYY WTTTIFyKwW6s Pq2R mM90iqx8mC ZeESEIJIATpAVT2M5Ukb4Br 9YO0DcWHs84oXRJIxKPeZ3WscB1d2soPvK uilLoizZH9igqawmkXED1TFMBbDWiO0cfngQKn8Tddeax JQIDAQABODMwMOYJKoZI hvcNAQkOMSQwIjALBgNVHO8EBAMCBLAWEwY DVRO 1BAwwCgY I KwYBBQUHAWEWDOYJ KoZIhvcNAQEEBOADgYEAoJMy1m3aaY1Cnk005TbxB qL4F4MKL6 0 m0yRPqy 2S gkk OwxHvc3TbA9Wj bKkFWIDyqU7X0d c8 f 9KogwxDwWH1121BiTCtBAq hpgKOv Um9GFVMFps IXVKKtYttN3fer9tA 6xY9CK1r12mNGOYFHyVjMc3Pic00ODFiPHAU Sears END CERTIFICATE REQUEST T WS5100 config show crypto pki trustpoints Trustpoint default trustpoint Server certificate configured Subject Name Common Name Issuer Name Common Nam
13. 2 62 WS5100 Series Switch CLI Reference Guide 2 2 32 wireless Common to all modes Syntax show wireless aap version ap lt 1 48 gt lt AA BB CC DD EE FF gt ap detection config ap images ap unadopted approved aps channel power lla indoor indoor outdoor F outdoor 11b indoor outdoor 11bg client exclude list include list config country code list default ap hotspot config lt 1 32 gt ids filter list known ap statistics lt 1 256 gt mac auth local lt 1 1000 gt mesh statistics lt 32 gt detail mobile unit lt 1 4096 gt history radio s multicast packet 1imit phrase to key wep128 wep64 gos mapping wired to wireless AA BB CC DD tatistics wlan F E FF association history probe wireless to wired radio lt 1 1000 gt beacon table config lt 1 1000 gt default lla default 11b default 11bg monitor table statistics lt 1 1000 gt regulatory country codes self heal config lt 1 1000 gt sensor lt 1 48 gt default config unapproved aps wireless switch statistics deta wlan config lt 1 32 gt all enabled il statistics lt 1 32 gt Common Commands 2 63 Parameters aap version Displays the minimum adaptive firmware version string ap Status of the adopted access port ap detection config e lt 1 48 gt Defines the i
14. 3 4 WS5100 Series Switch CLI Reference Guide 3 1 2 3 1 3 cluster cli User Exec Commands Use this command to enter the cluster cli context The cluster cli context provides centralized management to configure all cluster members from any one member Any command executed under this context will be executed to all the switches in the cluster A new context redundancy supports the cluster cli Any commands executed under this context are executed to all members of the cluster Syntax cluster cli enable Parameters enable Enables the cluster context Example WS5100 gt cluster cli enable WS5100 gt debug User Exec Commands Use this command to debug the switch Syntax debug certmgr all err info ip https ssh mobility cc error forwarding mu packet peer system Parameters certmgr Certificate Manager Debugging Messages e all Traces error and informational messages from the certificate manager e error Traces error messages from the certificate manager e info Traces informational messages from the certificate manager User Exec Commands 3 5 ip Internet Protocol IP e https Secure HTTP HTTPS server e ssh Secured Shell SSH server mobility L3 mobility e cc ccserver events e error Error events e forwarding Dataplane forwarding e mu MU events and state changes e packet Control packets events e peer
15. load 111515 maxFDs lt 0 32767 gt pkbuffers lt 0 65535 gt procRAM ram routecache lt 0 65535 gt temperature lt 1 8 gt d period lt 100 30000 gt 2 6 WS5100 Series Switch CLI Reference Guide service encrypt secret 2 PASSPHRASE plaintext keyword service save cli service show cli command history crash info diag info memory process reboot history startup log upgrade history watchdog service show crash info PANIC FILENAME service show diag hardware led status limits period stats top service wireless Parameters User Exec diag Diagnostics e enable Enables in service diagnostics e fanduty lt 40 100 gt Sets the CPU fan PWM duty cycle Define a value between 40 100 Setting a value below 60 is considered unreliable e identify Identifies a switch by flashing its LEDs e limit Sets the diagnostic limit command e buffer Configures the buffer usage warning limit The warning limit can be set to a buffer limit size 128 128k 16k 1k 256 2k 32 32k 4k 512 64 6 Ak 8k e fan lt 1 2 gt low Sets the fan speed limit Configure the fan speed limit for both Fan 1 and Fan 2 e filesys etc2 flash ram Sets the file system freespace limit Common Commands 2 7 inodesletc2 flash ram File system inode limit load 1 15 5 Aggregate processor load maxFDs lt 0 327
16. 10 10 10 2 mgmt vlan Port Number 58788 ax Roam Period 5 sec Number of Peers 0 established 0 Number of MUs 0 Home 0 Foreign 0 Delete pend 0 L3 Mobility enabled WLANs NONE WS5100 gt WS5100 config show mobility mobile unit detail HOME MU Database Total 1 U MAC Address 00 0f 3d e9 a6 54 IP Address 157 235 208 134 SSID wios rad testl Home Switch 157 235 208 16 Current Switch 157 235 208 16 HS VLAN 1 Foreign MU Database Total 0 WS5100 config show mobility peer detail obility Peers Total 1 Established 0 Peer 1 1 1 1 State PASSIVE CONNECTING Join Sent 0 Join Revd 0 Leave Sent 0 Leave Revd 0 Rehome Sent 0 Rehome Revd 0 L3roam Sent 0 L3roam Revd 0 Num flaps 0 Connect retries 0 Peer Uptime 0 days 00 00 00 2 46 WS5100 Series Switch CLI Reference Guide WS5100 config show mobility statistics MU lt 00 0f 3d e9 a6 54 gt Mob State HS AND CS Inter Rx Tx face lunicast MC BC Error lunicast MC BC Error wlan port 0 0 0 0 0 a 0 0 2 2 16 ntp Common to all modes Syntax show ntp association detail status Parameters ntp Displays the Network Time Protocol NTP configuration association Displays existing NTP associations detail Displays NTP association details status Displays NTP status Example WS5100 gt show ntp associations address ref clock st when poll reach delay offset disp maste
17. 16 8 WS5100 Series Switch CLI Reference Guide WS5100 config ext macl mark 8021p 6 any any vlan 5 type 8021q WS5100 config ext macl The example below marks the tos field to 254 for IP traffic coming from the source MAC WS5100 config ext macl mark tos 254 host 00 33 44 55 66 77 any type ip WS5100 config ext macl 16 1 7 no MAC Extended ACL Config Commands Negates a command or sets its defaults Syntax no deny mark permit Negates all the syntax combinations used in deny mark and permit designations to configure the Extended ACL Parameters deny Specifies packets to reject mark Specifies packets to mark permit Specifies packets to forward Example WS5100 config ext macl no mark tos 254 host 00 33 44 55 66 77 any type ip rule precedence 50 WS5100 config ext macl WS5100 config ext macl no deny any any vlan 5 type 8021q rule precedence 10 WS5100 config ext macl WS5100 config ext macl no permit any any type wisp rule precedence 50 WS5100 config ext macl Extended MAC ACL Instance 16 9 16 1 8 permit MAC Extended ACL Config Commands Specifies packets to forward NOTE Use a decimal value representation of ethertypes to implement permit deny mark designations for a packet An Extended MAC ACL provides the hexadecimal values for each listed ethertype The switch supports all ethertypes Use the decimal equvilant of the ethertype listed in the CLI or any other ty
18. Parameters FILE Displays the contents of the file Example WS5100 more flash log messages log Sep 08 12 27 30 2006 SPM 5 PROCSTOP Process radiusd has been stopped Sep 08 12 27 31 2006 SLICMGR 6 NEWLICENSE 4 22 WS5100 Series Switch CLI Reference Guide Licensed AP count changed to 48 Sep 08 12 27 31 2006 CC 5 COUNTRYCODE config setting country code to in India Sep 08 12 27 31 2006 SDAEMON 6 INFO radiusd 460 Ready to process requests Sep 08 12 27 35 2006 SDAEMON 6 INFO init Starting pid 328 console dev ttys0 Sep 08 12 27 37 2006 SAUTH 6 INFO login 328 root login on ttyS0 from Console Sep 08 12 27 47 2006 SIMI 5 USERAUTHSUCCESS User admin logged in with role of superuser from auth source local Sep 08 12 28 01 2006 SNSM 6 DHCPDEFRT Default route with gateway 157 235 208 246 learnt via DHCP Sep 08 12 28 01 2006 SNSM 6 DHCPIP Interface vlanl acquired IP address 157 235 208 93 24 via DHCP Sep 08 12 29 07 2006 SCC 5 RADIOADOPTED 11lbg radio on AP 00 A0 F8 BF 8A A2 adopted Sep 08 12 29 07 2006 CC 5 RADIOADOPTED lla radio on AP 00 A0 F8 BF 8A A2 adopted Sep 08 12 29 12 2006 SMOB 6 MUADD Station 00 0F 3D E9 A6 54 Added to Mobility Database Sep 08 12 29 12 2006 SCC 6 STATIONASSOC Station 00 0F 3D E9 A6 54 associated to radio 3 wlan 1 MORE next page Space next lin Enter quit
19. TKIP counter measures invoked e wlan Enables wireless wlan traps e vlanUserLimitReached WALN VLAN user limit reached 5 52 WS5100 Series Switch CLI Reference Guide enable traps wireless statistics Modifies wireless stats rate traps e mesh Modifies mesh rate traps avg bit speed less than Average bit speed in Mbps between lt 0 00 gt and lt 04 00 gt avg retry greater than Average retry is greater than 0 00 and less than or equal to 16 00 avg signal less than Average signal in dBm is less than 0 00 and greater than or equal to 120 00 gave up percent greater than Percentage of pkts dropped is greater than 0 00 and less than or equal to 100 00 nu percent greater than Percentage of non unicast pkts is greater than 0 00 and less than or equal to 100 00 num mobile units greater than Number of associated mobile unit is lt 1 4096 gt pktsps greater than Packets per sec is greather than 0 00 and less than or equal to 100000 00 tput greater than Throughput in Mbps is greather than 0 00 and less than or equal to 100000 00 undecrypt percent greater than Percentage of undecryptable pkts is geater than 0 00 and less than or equal to 100 00 Global Configuration Commands 5 53 e min packets Minimum packets required for sending the trap lt 1 65535 gt Defines the minimum packets for sending the trap This can be set with a decima
20. WS5100 Series Switch CLI Reference Guide 2008 Motorola Inc All rights reserved MOTOROLA and the Stylized M Logo are registered in the US Patent amp Trademark Office Symbol is a registered trademark of Symbol Technologies Inc All other product or service names are the property of their respective owners About This Guide This preface introduces the WS5700 Series CLI Reference Guide and contains the following sections Who Should Use this Guide The WS5100 Series CLI Reference Guide is intended for system administrators responsible for the implementing configuring and maintaining the WS5100 switch using the switch s command line interface CLI lt also serves as a reference for configuring and modifying most common system settings The administrator should be familiar with wireless technologies network concepts ethernet concepts as well as IP addressing and SNMP concepts WS5100 Series Switch CLI Reference Guide How to Use this Guide This guide will help you implement configure and administer the WS5100 switch and associated network elements This guide is organized into the following sections Chapter Jump to this section if you want to Chapter 1 Introduction Review the overall feature set of the WS5100 switch as well as the many configuration options available Chapter 2 Common Commands Chapter 3 User Exec Commands Summarizes the commands common amo
21. WS5100 archive tar table flash out tar 0 2007 05 08 12 27 20 flash log 381 2007 05 08 12 27 28 flash log snmpd log 151327 2007 05 08 14 37 26 flash log messages log 17318 2007 05 08 12 27 29 flash log startup log 0 2007 05 08 12 27 14 flash log radius drwxrwxrwt rw r r rw r r rw r r drwxrwxrwt Untar fails 0 600 0 0 0 0 0 0 0 600 hotspot log crashinfo backup cut tar WS5100 archive tar xtract flash out tar flash out tar flash out tar No such file or directory 4 6 4 1 3 4 1 4 WS5100 Series Switch CLI Reference Guide cd Priv Exec Command Changes the current directory Syntax cd DIR Parameters DIR Changes current directory to DIR Example WS5100 cd nvram system flash WS5100 cd flash DIR Change current directory to DIR WS5100 cd flash flash backup flash crashinfo flash hotspot flash log flash out WS5100 cd flash log DIR Change current directory to DIR WS5100 cd flash log WS5100 pwd flash log WS5100 change passwd Changes the password of a logged in user Priv Exec Command Syntax change passwd Parameters None Usage Guidelines A password must be between 8 to 32 characters in length For security the console does not display user entered key words or the old password and new password fields 4 1 5 Privileged Exec Commands 4 7 Verify the console displays a password successfully changed
22. Wireless Configuration Commands Ends and exits the current mode and changes to the PRIV EXEC mode The prompt changes to wS5100 Syntax end Parameters None Example WS5100 config wireless end WS5100 Wireless Instance 20 19 20 1 17 exit Wireless Configuration Commands Ends the current mode and moves to the previous mode GLOBAL CONFIG The prompt changes to wS5100 config Syntax exit Parameters None Example WS5100 config wireless exit WS5100 config 20 1 18 fix broadcast dhcp rsp gt Wireless Configuration Commands Converts broadcast DHCP server responses to unicast Syntax fix windows dhcp Parameters enable Enables support for converting broadcast DHCP server responses to unicast Example WS5100 config wireless fix broadcast dhcp rsp enable WS5100 config wireless 20 1 19 help Wireless Configuration Commands Displays the system s interactive help in HTML format Syntax help 20 20 20 1 20 WS5100 Series Switch CLI Reference Guide Parameters None Example WS5100 config wireless help CLI provides advanced help feature When you need help anytime at the command line please press If nothing matches the help list will be empty and you must backup until entering a shows the available options Two styles of help are provided 1 Full help is available when you are ready to enter a command argument e g show and describes e
23. admin vty 130 exit admin vty 130 configure terminal admin vty 130 enable admin con 0 ip address 10 10 10 2 24 admin con 0 interface vlan 1 admin con 0 configure terminal admin con 0 enable admin vty 131 enable admin con 0 exit admin con 0 ip address 10 10 10 2 24 admin con 0 exit admin con 0 exit admin con 0 interface vlan 1 admin con 0 configure terminal admin con 0 enable admin vty 131 configure terminal admin vty 131 enable admin vty 131 configure terminal admin vty 131 enable admin vty 131 configure terminal admin vty 131 enable admin vty 130 enable admin vty 130 enable admin con 0 enable WS5100 gt service show reboot history Configured size of reboot history is 50 Date amp Time Event May 31 18 29 42 2007 restart May 31 15 42 23 2007 restart May 31 12 35 18 2007 startup shutdown ungraceful unexpected cold startup shutdown ungraceful unexpected cold startup Common Commands 2 23 Shes shutdown ungraceful unexpected cold restart ay 30 17 15 13 2007 startup Saa shutdown ungraceful unexpected cold restart ay 29 15 10 51 2007 startup SS shutdown ungraceful unexpected cold restart ay 28 20 06 31 2007 startup shutdown ungraceful unexpected cold restart ay 25 14 21 35 2007 startup p shutdown ungraceful unexpected cold restart ay 24 14 20 09 2007 startup et ida ie shutdown ungraceful unexpe
24. encryption secret e LINE Defines RADIUS server shared secret upto 127 characters e server timeout lt 1 300 gt retransmit lt 1 100 gt Modify RADIUS 802 1X server parameters e timeout lt 1 300 gt Time in seconds the switch waits for a response from the RADIUS server before retrying e retransmit lt 1 100 gt Number of retries before the switch gives up and disassociates the mobile unit NOTE The ws51000 config wireless radius server timeout lt gt retransmit lt gt should be less than what is defined for an MU s timeout and retries If the MU s time is less than the server s a fallback to the secondary server will not work secure beacon Does not include the SSID of this WLAN in beacon frames set vlan user limit lt 1 4094 gt VLAN lt 0 4096 gt Sets user limits on VLANs for this WLAN e lt 1 4094 gt VLAN VLAN range list It can be either a single index a list 1 3 7 or a range 3 7 of indices e lt 0 4096 gt Sets the VLAN index The limit is lt 0 4096 gt Wireless Instance 20 61 ssid Enter the SSID of this WLAN syslog accounting server lt IP Address gt port lt Port number gt Syslog Accounting e accounting Modifies accounting parameters e server lt IP Address gt Modifies the Syslog accounting server IP Address e port lt Port Number gt Defines the Syslog server port The default port number is 514 vian lt 1 4094 gt
25. limit range Sets the VLAN assignment of this WLAN This command starts a new VLAN assignment for a WLAN index All prior VLAN settings are erased e lt 1 4094 gt VLAN Establishesd the VLAN range list It can be either a single index a list 1 3 7 or a range 3 7 e limit Sets user limits on VLANs for this WLAN wep128 key lt 7 4 gt ascii hex lt 0 2 WORD gt phrase LINE wep default key lt 1 4 gt Configures WEP128 parameters e key lt 7 4 gt Configures pre shared hex keys e ascii Sets keys as ascii characters 5 characters for wep64 13 for wep128 hex Sets keys as hexadecimal characters 10 characters for wep64 26 for wep128 0 Password is specified UNENCRYPTED 2 Password is encrypted with password encryption secret e WORD Key 10 hex or 5 ascii characters for wep64 26 hex or 13 ascii characters for wep128 phrase Specifies a passphrase from which keys are to be derived LINE Sets the passphrase between 4 and 32 characters wep defauly key lt 7 4 gt Defines the key index used for transmission from AP to MU 20 62 WS5100 Series Switch CLI Reference Guide wep64 Configures WEP64 parameters Example WS5100 config wireless twlan 25 accounting syslog WS5100 config wireless WS5100 config wireless wlan 25 answer bcast ess WS5100 config wireless WS5100 config wireless wlan 25 authentication type kerberos WS5100 config wireless
26. lt 1300 1999 gt lt 2000 2699 gt WORD WS5100 config crypto group 7 6 WS5100 Series Switch CLI Reference Guide 7 1 7 show gt Crypto Group Config Commands Displays the current system information running on the switch Syntax show lt paramater gt Parameters Displays the parameters for which information can be viewed using the show command Example WS5100 config crypto group show access list Internet Protocol IP aclstats Show ACL Statistics information alarm log Display all alarms currently in the system autoinstall autoinstall configuration banner Display Message of the Day Login banner boot Display boot configuration clock Display system clock commands Show command lists crypto encryption module debugging Debugging information outputs dhcp DHCP Server Configuration environment show environmental information file Display filesystem information ftp Display FTP Server configuration history Display the session command history interfaces Interface status ip Internet Protocol IP ldap LDAP server licenses Show any installed licenses logging Show logging configuration and buffer mac Internet Protocol IP mac address table Display MAC address table management Display L3 Managment Interface nam mobility Display Mobility parameters ntp Network time protocol password encryption port channel privilege radius redundancy group password en
27. max age lt 6 40 gt Max age is the maximum time in seconds for which if a bridge is the root bridge a message Is considered valid This prevents the frames from looping indefinitely The value of max age must be greater than twice the value of hello time plus one but less than twice the value of forward delay minus one The allowable range for max age is 6 40 seconds Configure this value sufficiently high so a frame generated by root can be propagated to the leaf nodes without exceeding the max age Use this command to set the max age for a bridge This value is used by all instances The default value of bridge max age is 20 seconds max hops lt 7 127 gt Specifies the maximum allowed hops for a BPDU in an MST region This parameter is used by all MST instances To restore the default value use the no parameter with this command The default maxhops in a MST region is 20 Global Configuration Commands 5 59 portfast Enables the portfast feature on a bridge It has the bpdufilter bpduguard following options default e bpdufilter default Use the bpdu f ilter command to set the portfast BPDU filter for the port Use the no parameter with this command to revert the port BPDU filter value to default The Spanning Tree Protocol sends BPDUs from all ports Enabling the BPDU Filter feature ensures PortFastenabled ports do not transmit or receive BPDUs bpduguard default Use the bpdu guard command to enabl
28. range low IP Address High IP Assigns an address range for the DHCP class Address e A B C D Derfines the low IP address e A B C D Defines the high IP address Example WS5100 config dhcp class address range 11 22 13 14 11 22 33 56 WS5100 config dhcp class 17 1 4 17 1 5 client identifier DHCP Config Commands DHCP Server Instance 17 7 Assigns a name to the client identifier A client identifier is used to reserve an IP address for DHCP client Syntax client identifier lt ascii string gt Parameters client identifier lt ascil string gt Prepends a null character Use 0 at beginning A single in the input is ignored Example WS5100 config dhcp client identifier testid WS5100 config dhcp client name DHCP Config Commands Adds name for DHCP clients Syntax client name lt name gt Parameters client name lt name gt Use client name to add a client name The domain name must not be included Example WS5100 config dhcp client name testpc WS5100 config dhcp 17 8 WS5100 Series Switch CLI Reference Guide 17 1 6 clirser DHCP Config Commands Clears the display screen Syntax clrscr Parameters None Example WS5100 config dhcp clrscr WS5100 config dhcp 17 1 7 ddns DHCP Config Commands Sets dynamic DNS parameters Syntax ddns domainname name multiple user class server IP address IP address ttl
29. tos lt 0 255 gt Modifies the TOS bits in an IP header Extended MAC ACL Instance 16 7 Source MAC Address Specifies the bits to match The source wildcard can be any one of the following MMIKKIE XK KK ERK KK xx xx xx xx xx xx S0urce MAC address and mask e any Any source host e host Exact source MAC address to match Destination MAC Address Specifies the bits to match The destination wildcard can be any one of the following XX XKXIKXIXX KIXX xx xx xx xx xx xx Destination MAC address and mask e any Any destination host e host Exact destination MAC address to match dot1p lt 0 7 gt Defines a VLAN 802 1p priority value to match rule precedence lt 1 5000 gt Establishes an access list entry precedence type lt 7 65535 gt arp ip ipv6 vian wisp Defines an ethertype value represented as an integer or keyword for well known ethertypes like IP IPv6 ARP etc vlan lt 1 4095 gt Defines the VLAN tag ID to match Usage Guidelines Use the mark option to specify the type of service tos and priority value The tos value is marked in the IP header and the 802 1p priority value is marked in the dot1q frame Whenever the interface receives the packet its content is checked against all the ACEs in the ACL It is marked based on the ACLs configuration Example The example below marks the dot1p priority value to 6 for all 802 1q tagged traffic from VLAN interface 5
30. AP dump files e PANIC_FILENAME Shows contents of a specified kernel panic file e diag Sets or displays switch diagnostics e hardware Shows the system hardware configuration led status Show LED state variables and current state limits Show limit values period Shows the period ms for in service diagnostics e stats Shows curent diagnostics statistics e top Shows the top processes sorted by memory usage e info Shows a snapshot of available support information e memory Shows memory statistics e process Shows processes sorted by memory usage e reboot history Shows a reboot history e startup log Shows the startup log e upgrade history Shows an upgrade history e watchdog Shows watchdog status wireless Displays current wireless parameters 2 10 WS5100 Series Switch CLI Reference Guide Syntax Priv Exec service clear copy diag diag shell encrypt pktcap pm save cli securitymgr show start shell test watchdog wireless service clear all aplogs clitree cores dumps panics securitymgr flows lt 0 349 gt WORD all eth lt 1 2 gt vlan lt 1 4094 gt service copy tech support URL tftp ftp sftp service diag enable fandutylidentify limit period service diag shell lt Cr gt service encrypt service pktcap on bridge interface router service pktcap on bridge
31. Control C Privileged Exec Commands 4 23 4 1 23 page Priv Exec Command Toggles switch paging Enabling this command displays the command output page by page instead of running the entire output at once Syntax page Parameters None Example WS5100 page WS5100 4 1 24 ping Priv Exec Command Send transmits ICMP echo messages Syntax ping WORD Parameters WORD Ping destination address or hostname Example WS5100 ping 157 235 208 39 PING 157 235 208 39 157 235 208 39 100 data bytes 128 bytes from 157 235 208 39 icmp seg 0 ttl 64 time 2 3 ms 128 bytes from 157 235 208 39 icmp seg 1 ttl 64 time 0 2 ms 128 bytes from 157 235 208 39 icmp seg 2 ttl 64 time 0 3 ms 128 bytes from 157 235 208 39 icmp seg 3 ttl 64 time 0 2 ms 128 bytes from 157 235 208 39 icmp seq 4 ttl 64 time 0 1 ms 157 235 208 39 ping statistics 5 packets transmitted 5 packets received 0 packet loss round trip min avg max 0 1 0 6 2 3 ms WS5100 4 24 WS5100 Series Switch CLI Reference Guide 4 1 25 4 1 26 4 1 27 pwd Priv Exec Command View the contents of the current directory Syntax pwd Parameters None Example WS5100 pwd flash WS5100 quit Priv Exec Command Exits the current mode and moves to the previous mode Syntax quit Parameters None Example WS5100 quit WS5100 release 3 0 0 0 200B Login as cli to access CLI WS5100 login reload Priv
32. Devices in the include list will have NAC checks Usage Guidelines Refer to the configurations below to e Create an exclude list WS5100 config wirel WS5100 config wirel e Add a host entry into the exclude list WS5100 config wirel 00 00 AA DD E WS5100 config wirel 00 11 AA 03 1B FE e Associate the exclude list to a WLAN WS5100 config wirel e Configure WS5100 config wireless wlan 1 WS5100 config wireless wlan 1 testing WS5100 config wireless wlan 1 WS5100 config wireless wlan 1 testing123 RADIUS server parameters e Enable NAC for a WLAN WS5100 config wireless wlan list e Undo a configuration less client less client less tclient exclude list protected hosts list list station printers E 11 00 00 FF DD F E 11 less client list station testing hostl less client list wlan 1 nac server primary 192 168 0 1 nac server primary secret 0 nac server secondary 192 168 1 1 nac server secondary secret 0 1 nac mode do nac except exclude WS5100 config wireless client exclude list protected hosts WS5100 config wireless client client no station testing hostl WS5100 config wireless no client exclude list protected hosts 20 12 20 1 10 1 WS5100 Series Switch CLI Reference Guide WS5100 config wireless no wlan 1 nac server primary WS5100 config wireless no wlan 1 nac serve
33. Only currently enabled WLANs e statistics WLAN statistics e lt 1 32 gt Defines a WLAN s index lt 1 32 gt Example WS5100 gt show wireless ap Number of access ports adopted 2 0 Available licenses 20 Clustering enabled N Clustering mode primary WS5100 gt WS5100 gt show wireless ap detection config Rogue AP timeout 300 seconds Approved AP timeout 300 seconds mu assisted scan enabled mu assisted scan refresh 300 seconds configured approved aps Index Bss Mac Ssid Adaptive minimum adoption version 2 0 0 0 000R WS5100 gt WS5100 gt show wireless ap images Idx ap type Image Name Size bytes Version 1 ap300 WISP AP300 293516 00 02 29 2 ap300 WIAP 300 244076 01 00 1635b 3 ap300 AP300 IDS Sensor 295064 00 00 04 4 ap100 AP100 31034 02 05 00 5 ap4131 AP4131 191440 07 00 01 Common Commands 2 67 6 ap4131 Revert AP4131 665704 00 00 00 WS5100 gt WS5100 gt show wireless ap unadopted WS5100 gt WS5100 gt show wireless approved aps access port detection is disabled WS5100 gt WS5100 gt show wireless channel power 1la indoor Error No valid channels or power levels WS5100 gt WS5100 gt show wireless config country code None adoption pref id eae proxy arp enabled adopt unconf radio enabled dot11 shared key auth disabled ap detection disabled oversized frames disabled manual wlan mapping disabled dhcp sniff state disabled dhcp fix windows disabled broadcast t
34. Parameters user Displays SNMP user information snmpmanager Shows SNMP manager information snmpoperator Shows SNMP operator information snmptrap Shows SNMP trap information 2 2 24 Common Commands 2 53 Example WS5100 gt show snmp user snmpmanager userName access engineld Authentication Encryption snmpmanager rw 800001848067458b6bd7157745 MD5 DES WS5100 gt WS5100 gt show snmp user snmpoperator userName access engineld Authentication Encryption snmpoperator ro 800001848067458b6bd7157745 MD5 DES WS5100 gt WS5100 gt show snmp user snmptrap userName access engineld Authentication Encryption snmptrap rw 800001848067458b6bd7157745 MD5 DES WS5100 gt snmp server Common to all modes Syntax show snmp server traps wireless statistics mobile unit radio wireless switch wlan Parameters traps Displays trap enabled flags wireless statistics Displays existing wireless stats rate traps mobile unit Displays existing mobile unit rate traps radio Displays existing radio rate traps wireless switch Displays existing wireless switch rate traps wlan Displays existing WLAN rate traps 2 54 WS5100 Series Switch CLI Reference Guide Example WS5100 gt show snmp server traps odule Type Trap Type Enabled Y N snmp coldstart N snmp linkdown N snmp linkup N snmp authenticationFail N nsm dhcpIPChanged N redundancy memberU
35. Sets the NTP version number trusted key Key numbers for trusted time sources 5 40 WS5100 Series Switch CLI Reference Guide lt 1 65534 gt Define the Key number Example WS5100 config ntp peer WORD Name IP address of peer WS5100 config ntp peer TestPeer autokey Configur autokey p r authentication scheme key Configure peer authentication key prefer Prefer this peer when possible version Configure NTP version lt cr gt WS5100 config ntp peer TestPeer prefer Prefer this peer when version Configure NTP version lt cr gt WS5100 config ntp peer TestPeer version Configure NTP version lt er gt WS5100 config ntp p lt 1 4 gt NTP version WS5100 config ntp p WS5100 config WS5100 config ntp peer lt 1 65534 gt Peer ke WS5100 config ntp p prefer Prefer th version Configure lt cr gt WS5100 config ntp p version Configure lt cr gt WS5100 config ntp p lt 1 4 gt NTP version WS5100 config ntp p Invalid server nam m eer TestPeer number eer TestPeer autokey possible autokey prefer autokey prefer version autokey prefer version 3 TestPeer key y number r TestPeer key 20 is peer when NTP version r TestPeer possible NTP version key 20 prefer r TestPeer number r TestPeer key 20 prefer version WS5100 config key 20 prefe
36. Syntax do Parameters None Example command of other mode WS5100 config do ping 157 235 208 69 157 235 208 69 PING 157 235 208 69 ow an 157 128 128 128 128 128 bytes bytes bytes bytes bytes from from from from from 157 157 157 157 235 208 69 23D 23D ie 235 235 230 ping statistics 5 packets transmitted 5 packets received round trip min avg max WS5100 config 208 208 208 208 208 69 69 69 69 69 icmp_s icmp_s icmp_s icmp_s icmp_s data bytes tt1 64 tim tt1 64 tim tt1 64 tt1 64 tim tim tt1 64 tim o oooorp 0 0 0 0 0 1 ms 0 packet loss ms ms ms ms ms 9 23 NOTE In the example above ping is a PRIV EXEC command end Global Configuration Commands Ends the current mode and changes to the EXEC mode Syntax end Parameters None Example WS5100 config end WS5100 5 24 WS5100 Series Switch CLI Reference Guide 5 1 11 Priv Exec commands acknowledge Acknowledge alarms archive Manage archive files autoinstall autoinstall configuration command cd Change current directory errdisable Global Configuration Commands Enables the timeout mechanism for the por Syntax errdisable recovery cause bpduguard interval lt 10 1000000 gt Parameters recovery Enables the timeout mechanism for the port to be enabled back
37. WS5100 config wireless aap config apply mesh delay 300 WS5100 config wireless adopt unconf radio gt Wireless Configuration Commands Adopts a radio even if not yet configured Default templates are used for configuration Syntax adopt unconf radio Parameters enable Enables the adoption of non configured radios Example WS5100 config wireless adopt unconf radio enable WS5100 config wireless 20 1 3 20 1 4 Wireless Instance 20 5 adoption pref id Wireless Configuration Commands Use as a preference identifier for the switch All radios configured with this preference identifier are more likely to be adopted by this switch Syntax adoption pref id Parameters lt 1 65535 gt Set a Pref ID 1 65535 Example WS5100 config wireless adoption pref id 500 ap Wireless Configuration Commands Defines the name and location of the access port Syntax ap lt AP index gt lt MAC Address gt location name Parameters AP Index Sets a single AP index Use the show wireless ap command to view the AP s index value e location Defines the location description of the AP e name Sets the name for this AP MAC Address Lists an AP s MAC address Use the show wireless ap command to view the AP s index Example WS5100 config wireless ap 00 15 70 14 FE C4 location 5th Floor SalesUnit WS5100 config wireless WS5100 config wireless ap 1 location BLR
38. ae cali e deny Sets the action type on an ACL destination destination Y RAE mask host destination e ip Specifies an IP to match to a protocol any log rule e source source mask host source any The precedence access list keyword source is the source IP address of the entry precedence network or host in dotted decimal format The source mask is the network mask For example 10 1 1 10 24 indicates the first 24 bits of the source IP is used for matching e anyis an abbreviation for a source IP of 0 0 0 0 and source mask bits equal to 0 e hostis an abbreviation for the exact source A B C D and source mask bits equal to 32 e destination destination mask host destination any Defines the destination host IP address or destination network address e log Generates log messages when the packet coming from the interface matches an ACL entry Log messages are generated only for router ACLs e rule precedence access list entry precedence Defines an integer value between 1 5000 This value sets the rule precedence in the ACL 14 4 WS5100 Series Switch CLI Reference Guide deny icmp source source mask host source any destination destination mask host destination any icmp type icmp type icmp codel log rule precedence access list entry precedence Use with the deny command to reject ICMP packets e deny Rejects ICMP packets e icmp Spe
39. ccc cence nent REST 6 1 Bolo AAA pdrape ced eeke cine 6 2 SAE O ner ee Bate AN 6 2 A crite A A re setae 6 3 A E A NC PEA 6 3 lo I AES ridad 6 4 AAA Ad DOERR eho RRR Ae eae ee es 6 4 Dole MWe eid ae Oia hae cree eb ae edna eb bee EAE EEE 6 5 AE ara diia 6 5 A A A A 6 6 TOC 6 WS5100 Series Switch CLI Reference Guide A A NES EAE TEN 6 6 A A eae 6 6 E A a tia dia 6 7 Chapter 7 crypto group 7 1 Crypto Group Config Commands ooooooooccoco ccoo 7 1 DAM MO AAA 7 2 Behe ps se sin bees eee esd ey hese ya eb ae ees ae TEE 7 2 PN ps NOE IN TE EAE PEE TONN 7 3 APOE A O EErEE ES 7 3 AE terri di 7 4 Pe Bee caren vier ek EN T 75 AS Md ria iia 7 6 AA cen dion EEST IEN A EE IN NA A ENES ETN EOI N 7 8 Chapter 8 crypto peer 8 1 Ciypto Peer Conf Commands cocina a krip kS II SRAN E da SEE 8 1 Bell USER irradia raara ii 8 2 A A A POE O AEEA ETEN OIE A ES 8 2 A A reaa tre trae 8 2 AE A dd ES EE ENSS TE 8 3 A A AEE OO 8 3 AA AAA DN 8 4 ERE A EE E VENES EIT ATAA TE IAS E ESEE AEN A EEE Mae eee 8 5 C P EAEE E AP E EE IENE ESEI ANL ETE S EOT E ERTEN 8 5 Chapter 9 crypto ipsec 9 1 Crypto a AA 9 1 BAM IND AEAEE EN EESE eases EELEE TEET TTEA 9 2 DAZ SOW A 9 2 Chapter 10 crypto map 10 1 Crypto Map Config Commands 00 ccc ccc tirak EKAR EEREN EENE 10 1 WIT SEP Sins ob coke bee kaw a beds suds cabe awh qeasueees 10 2 DEEE usa ir eee ENES S TOT 10 2 AA E A A E ES EAT T hes 10 2 Contents TOC
40. config wirel 00 config wirel 00 config wirel 00 config wirel ap ip Wireless Configuration Commands Modifies the static IP address for an access port Syntax ap ip lt List of Indices MAC address gt default ap ap ip lt I ap ip lt I ap ip lt I ap ip default ap address gt set default ess ess ess ess ess ess ess ess ap de ap de ap de ap de tec tec tec tec tion tion tion tion static ip switch ip add lt IP address gt delete lt IP address Index gt lt IP address gt set default Wireless Instance 20 7 enable approved add 150 any any mu assisted scan enable mu assisted scan refresh 520 List of Indices gt static ip switch ip List of Indices gt List of Indices gt lt IP address mask gt lt gateway IP gt add lt IP address gt delete lt IP address Index gt lt IP 20 8 WS5100 Series Switch CLI Reference Guide Parameters lt List of Indices gt MAC Use show wireless ap to view an AP s index or MAC address address Select the AP s index MAC Address to modify its static IP address e static ip Sets the static IP address netmask and gateway address of the AP e A B C D M Defines the static IP address and mask e A B C D Sets the gateway IP address e switch ip Defines the static switch IP address e add Adds a static switch IP address e delete Deletes a st
41. count lt 1 99999 gt filter verbose write service pktcap on bridge filter LINE arp capwap dst ether host icmpliplip6 12 13 14 net not port src tcpludp vlan wlan service pktcap on bridge filter arp LINE and or service pktcap on bridge filter capwap LINE and ctrl data or service pktcap on bridge filter dst A B C D net service pktcap on bridge filter ether broadcast dst host multicast proto src service pktcap on bridge filter host lt IP address gt service pktcap on bridge filter icmp LINE and or service pktcap on bridge filter ip LINE and multicast or proto service pktcap on bridge filter ip6 LINE andl or service pktcap on bridge filter 12 13 14 ul6 u32 u8 service pktcap on bridge filter net lt IP subnet gt service pktcap on bridge filter not arp capwap dst ether host icmp ip ip6 12 13 14 net not port src tcp udp vlan wlan service pktcap on bridge filter port lt 0 65535 gt service pktcap on bridge filter src lt IP address gt net service pktcap on bridge filter tcp LINE and or syn service pktcap on bridge filter udp LINE andl or service pktcap on bridge filter vlan lt 1 4095 gt service pktcap on bridge filter wlan lt 1 2 gt service pm stop service save cli Common Commands 2 11 service securitymgr disable disable flow rate limit dump core enable ht
42. e enable Enables CISCO Interoperability e disable Disables CISCO Interoperability The default value for is disabled portfast Enables rapid transitions Example WS5100 config if spanning tree edgeport WS5100 config if WS5100 config if spanning tree guard root WS5100 config if WS5100 config if spanning tree link type point to point WS5100 config if WS5100 config if spanning tree link type shared WS5100 config if 12 1 17 speed Interface Config Commands Specifies the speed of a fast ethernet 10 100 or a gigabit ethernet port 10 100 1000 Syntax speed 10 100 1000 auto 12 18 WS5100 Series Switch CLI Reference Guide Parameters 10 Forces 10 Mbps operation 100 Forces 100 Mbps operation 1000 Forces 1000 Mbps operation auto Port automatically detects the speed it should run based on the port at the other end of the link Usage Guidelines Set the interface speed to auto to detect and use the fastest speed available Speed detection is based on connected network hardware Example WS5100 config if speed auto WS5100 config if 12 1 18 static channel group Interface Config Commands Adds an interface to a static channel group Syntax static channel group lt 1 2 gt Parameters lt 1 2 gt Sets a static channel group to associate the link with Usage Guidelines This command aggregates individual giga port s into a single aggregate link to provid
43. for a VLAN multicast throttle Configures watermarks for handling bursts page 20 26 watermark of broadcast multicast frames no Negates a command or sets its defaults page 20 27 proxy arp Responds to ARP requests from the RON to page 20 28 a WLAN on behalf of MUs gos mapping Defines the QoS mapping between wired page 20 28 and wireless domains radio Defines the radio s configuration page 20 29 rate limit Sets the default rate limit per user page 20 38 self heal Sets the self healing configuration page 20 38 sensor Defines the Wireless Intrusion Protection page 20 40 System WIPS configuration service Invokes service commands to troubleshoot page 20 41 or debug the config wireless instance configuration show Displays running system information page 20 47 wlan Sets WLAN related parameters page 20 48 wlan bw allocation Allocates radio bandwidth per WLAN page 20 63 20 4 WS5100 Series Switch CLI Reference Guide 20 1 1 20 1 2 aap Wireless Configuration Commands Defines the AAP configuration Syntax aap config aaply def delay mesh delay lt 3 10000 gt Parameters config apply Applies AAP configuration settings def delay mesh delay e def delay Sets the default time to delay before lt 30 10000 gt applying AAP configuration e mesh delay Defines the interval to delay before applying AAP configuration to Mesh APs e lt 30 10000 gt Set the delay time in seconds Example
44. lan 20 vlan id 0 limi wlan 20 vlan id 0 limi wlan 20 vlan id 0 limi wlan 20 vlan_id 0 limi wlan 20 vlan id 0 limi wlan 20 vlan id 0 limit wlan 20 vlan id 0 limi wlan 20 vlan id 0 limi wlan 20 vlan id 0 limi wlan 20 vlan id 0 limi users 0 log _sent users 0 log sen users 0 log sen users 0 log sen users 0 log _sent users 0 log sen users 0 log sen users 0 log sen users 0 log sen users 0 log sen users 0 log sen 0 0 0 0 0 0 0 0 0 0 0 0 0 0 pa 0 users 0 log _sent 0 users 0 log sen 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 users 0 log sen users 0 log sen users 0 log sen DIDNDMOAPWNFOWO ATAU BWNE OO L oo00000000000000000000000000000O0Oo O EDO a E T Sah or T UE e O e oh ei get e A E A O A O e Er et gor E A Ee e A at A ee CA O e O A a IA a O o SR e A e NT A O A e e eS A e IR T O e E TE A A O O A eS 19 wlan 20 vlan id 0 limit 0 users 0 log _sent 20 wlan 20 vlan id 0 limit 0 users 0 log sent 21 wlan 20 vlan id 0 limit 0 users 0 log _sent 22 wlan 20 vlan id 0 limit 0 users 0 log _sent 23 wlan 20 vlan id 0 limit 0 users 0 log sent 24 wlan 20 vlan id 0 limit 0 users 0 log sent 25 wlan 20 vlan id 0 limit 0 users 0 log _sent 26 wlan 20 vlan id 0 limit 0 users 0 log _sent 27 wlan 20 vlan id 0 limit 0 users 0 log sent 28 wlan 20 vlan id 0
45. login default local none radius vpn authentication primary A B C D secondary A B C D nas aaa authentication login default none local radius aaa nas WORD aaa vpn authentication primary secondary A B C D key WORD authport PORT RANGE Parameters authentication Authentication configuration parameters login Sets the authentication lists for login default Defines the default authentication list local Sets the local user database none No authentication radius Defines an external RADIUS server nas NAS identifier This parameter accepts a string of 64 characters vpn authentication VPN authentication using RADIUS primary Defines the primary address secondary Defines the secondary address Global Configuration Commands 5 5 A B C D IP address Usage Guidelines Use an AAA login to determine whether management user authentication must be performed against a local user database or an external RADIUS server 5 1 2 access list Global Configuration Commands Adds an access list entry Use the access list command under global configuration to configure the access list mechanism for filtering frames by protocol type or vendor code Syntax access list For Standard IP ACL s access list lt 1 99 gt lt 1300 1999 gt deny permit mark 8021p lt 0 7 gt tos lt 0 255 gt A B C D M host A B C D any log rule pre
46. lt 1 864000 gt Parameters domainname name Sets the domain name used for DDNS updates multiple user class Enables the multiple user class option server IP address Specifies the server to which DDNS updates have IP address been sent e ip address Defines an IP address in dotted decimal format ttl lt 1 864000 gt Sets a Time To Live TTL value for DDNS updates e lt 1 864000 gt TTL value in seconds 17 1 8 DHCP Server Instance 17 9 Usage Guidelines Use update dns override to enable an internal DHCP server to send DDNS updates for resource records RRs A TXT and PTR A DHCP server can always override the client even if the client is configured to perform the updates In the DHCP server network pool FODN is defined as the DDNS domain name This is used internally in DHCP packets between the DHCP server on the switch and the DNS server Example WS5100 config dhcp ddns domainname TestDomain com WS5100 config dhcp WS5100 config dhcp ddns multiple user class WS5100 config dhcp WS5100 config dhcp ddns ttl 1000 WS5100 config dhcp WS5100 config dhcp ddns update all WS5100 config dhcp default router DHCP Config Commands Configures the default router or gateway IP address for the network pool To remove the default router list use the no default router command default router lt Router IP address gt Parameters default router Specifies the default route
47. message NOTE The console by default does not display a user entered keyword for an old password and new password Leaving the old password and new password fields empty displays the following error message Error Invalid password length It should be between 8 32characters Example WS5100 change passwd Enter old password Enter new password Password for user admin WS5100 changed successfully clear Priv Exec Command Resets the current context Syntax clear aclstats alarm log arp cache counters crypto ip logging mac address table mobility spanning tree clear clear alarm log lt 1 65535 gt acknowledge all new counters all bridge interface lt NAME gt all eth lt 1 2 gt vlan lt 1 4094 gt router thread crypto ike ipsec sa remote peer clear clear clear ip dhcp binding A B C D mac address table dynamic address clear mobility mu mu log peer log nat translation multicast static bridge interface vlan peer statistics clear clear mobility mu lt MAC Address gt al spanning tree 11 foreign database home database detected protocols interface lt INTF Name gt 4 8 WS5100 Series Switch CLI Reference Guide Parameters aclstats alarm log Clears ACI statistics Clears alarm log e lt 1 65535 gt Clears the specific alarm ID e acknowledge Clears acknowledged alarms e all Clear all alarm
48. 0 line vty 0 24 end WS5100 config WS5100 config show running config include factory j configuration of WS5100 version 3 1 0 0 008D version 1 0 service prompt crash info no service set command history no service set reboot history no service set upgrade history l hostname WS5100 banner motd Welcome to CLI username admin password 1 8e67bb26b358e2ed20fe552ed6fb832f397a507d username admin access console web ssh telnet username admin privilege superuser username operator password 1 fe96dd39756ac41b74283a9292652d366d73931f username operator access console web ssh telnet username operator privilege monitor spanning tree mst config Common Commands name My Name no management secure ip domain lookup service diag period 1000 service diag enabl country code us redundancy group id 1 redundancy interface ip 0 0 0 0 redundancy mode primary redundancy hold period 15 redundancy heartbeat period 5 redundancy discovery period 30 no redundancy handle stp enable no redundancy dhcp server enable no redundancy enable no radio default 11b enhanced beacon table no radio default 11b enhanced probe tabl no radio 1 neighbor smart scan no radio 2 neighbor smart scan no ap detection enabl ip address 123 111 2 1 24 no ip helper address sole no adapter AeroScout enable radius server retransmit 3 radius server timeout 5 radius server key l aaa authentication logi
49. 1 1000 gt RADIO self heal neighbor recovery neighbors lt 1 1000 gt lt 1 1000 gt RADIO Parameters Wireless Instance 20 39 interference avoidance Interference avoidance configuration enable Enables disables interference avoidance hold time lt 0 65535 gt The number of seconds to disable interference avoidance after a detection This prevents a radio from changing channels continuously Set the hold time between 0 65535 seconds retries lt 0 0 15 0 gt Defines the average number retries to cause a radio to re run auto channel selection Set between 0 15 neighbor recovery Invokes neighbor recovery configuration commands action both none open rates raise power radio lt 7 7000 gt RADIO Defines the radio s self healing action when neighbors are detected as down e both Raises the power to max and open all rates e none No action taken e open rates Opens all rates e raise power Raises the power to maximum e radio Modifies the action for specified radio s e lt 1 1000 gt Sets a single radio index e RADIO Defines a list 1 3 7 or range 3 7 of radio indices enable Monitors access ports and attempts to increase coverage on a detected failure neighbors lt 7 1000 gt lt 1 1000 gt RADIO Adds a radio as a neighbor run neighbor detect Disassociates all mobile units clears current neighbors and runs neighbor detection
50. 17 1 22 DHCP Server Instance 17 17 Example WS5100 config dhcp next server 2 2 2 22 WS5100 config dhcp no DHCP Config Commands Negates a command or sets itsdefaults Syntax no address bootfile client identifier client name ddns default router dns server domain name hardware address host lease netbios name server netbios node type network next server option update Parameters The no command negates any command associated with it Wherever required use the same parameters associated with the command getting negated Example WS5100 config no ip dhcp pool hotpool WS5100 config WS5100 config no ip dhcp pool test WS5100 config WS5100 config dhcp Hno update dns WS5100 config dhcp option DHCP Config Commands Define the DHCP option used in DHCP pools Syntax option name 17 18 WS5100 Series Switch CLI Reference Guide Parameters option name Sets raw DHCP options e name Sets the name of the DHCP option e P Value Sets the IP Value of the DHCP option e ASCII Value Sets the ASCII Value of the DHCP option Usage Guidelines Defines non standard DHCP option codes 0 254 Example WS5100 config ip dhcp option option189 189 ascii WS5100 config 17 1 23 service DHCP Config Commands Invoke service commands to troubleshoot or debug config dhep instance configurations Syntax service show cli Parameters show
51. 2 A EO os E 3 6 AR 3 7 ONS Pta cad 3 7 nn 3 7 EAE AE EE E A B eos O E E E A E E TN 3 8 Ol EE aaea eE E E 3 8 A II TEENE EAEE OT EN 3 9 ee AIM tania tac 3 9 Chapter 4 Privileged Exec Commands IMP Exec Command error reest t riiete irea aE r AE arar ter erha 4 1 o A A AR 4 4 E A bod EEA OAS IDE ORT Lee een 4 4 E E E dear redee bee sens 4 6 41A SSS A Cae reini as hipaa in Ohad dress wees 4 6 A AA 4 7 IU Married edited 4 10 AE AA AA 4 10 ANB COM rie 4 11 NE EE I EENES ASA LN EN E E S TE EN EIS N E web ied 4 11 EE I EION EE EERE EE A AE I EAEE EE EEN 4 12 NEE E EEE NEE TEE P E EET EEE TEIS E E ETE ETA 4 14 A dase ae ae aa 4 15 TOC 4 WS5100 Series Switch CLI Reference Guide a Mike dancer taeda beans Lees a aoe Lee eee ea eee es 4 16 ANY A ei eerdaed peor hae reine seer aes 4 17 TVs ev bso bein bape Bok as deena A IA 4 17 A aac ae hg i etp Saha Eae EEEE deeb Shek cee scars TE 4 18 POU A deeds We ewes aie A aoe 4 18 A petetaeia bey dantir hacia bhidan ioe doy setae tae cne arb aes 4 19 A A A ee hetaa tad gabkebetateaden x ones 4 19 O ALT AA IE TEN 4 20 AAA 4 21 A ME a id 4 21 ULA VID barril derbi 4 23 A MIMD aire eaten oe oa na Bae FA ae a ee ae A ae aa ee een ee Ree 4 23 AMES O inca ate hada aed dee ee es 4 24 Ad Me orando ema lados 4 24 i e E ee AE E de kode bableae inched akieeareae EET T aes 4 24 ALO NM id eoa annA 4 25 A E EEEE pee Hehehe 4 26 A ON 4 26 AI mE eeir A iA 4 27 A e U EEE A ESEN ES ET 4 28 E o E l EE E
52. 3 log rule precedence 10 e Extended IP access list 110 deny icmp host 5 6 7 8 host 5 6 7 9 wlan 4 rule precedence 10 deny icmp host 5 6 7 8 host 5 6 7 9 rule precedence 20 e Extended IP access list extacl permit icmp host 192 172 0 10 any wlan 12 rule precedence 23 deny icmp any any rule precedence 33 5 64 WS5100 Series Switch CLI Reference Guide e Extended MAC access list macacl permit any host 00 01 02 03 04 05 type ip wlan 14 rule precedence 11 permit host 00 01 03 04 07 08 any wlan 14 rule precedence 21 permit any any wlan 14 rule precedence 31 e Standard IP access list stdacl permit any wlan 5 rule precedence 34 permit host 10 0 0 10 wlan 6 rule precedence 44 deny host 30 0 0 14 rule precedence 54 After upgrade to 3 0 2 the configuration will look like e Standard IP access list 10 permit host 1 2 3 4 log rule precedence 10 Extended IP access list 110 deny icmp host 5 6 7 8 host 5 6 7 9 rule precedence 10 Extended IP access list extacl permit icmp host 192 172 0 10 any rule precedence 23 deny icmp any any rule precedence 33 Extended MAC access list macacl permit any host 00 01 02 03 04 05 type ip rule precedence 11 permit host 00 01 03 04 07 08 any rule precedence 21 permit any any rule precedence 31 Standard IP access list stdacl permit any rule precedence 34 permit host 10 0 0 10 rule precedence 44 deny host 30 0 0 14 rule precedence 54 NOTE Al ACLs which had WLAN index are now replaced with
53. 7 WA rra eres 10 3 EN A a treed ak hear EPEN TTT 10 3 A EE PEN EAE EEN EA T ET I EEEE E EA 10 5 AE rererere aa a a 10 6 EE EEE AA SIE SIAN VAENE A E A A A T 10 7 EE pr NAAA 10 10 Chapter 11 crypto trustpoint Instance 11 1 Trastpoint PK Config Commands rre ee E A rI 11 1 A E A Mute E e EREA 11 2 A E EEE eE EREE 11 2 e i E A E AREA A TE E 11 3 A ene ene wane Taree etter s ere P 1 3 A A 1 4 LL y PAPA ENIE NEI EA A nee omnia neeeeseeece eee aes 1 4 AR NEI escriar retratar arrasa rr its 1 5 MAR WOOT oho cinco eA SO has panied aa 1 5 A A 1 6 AVA PASTA 20 arta rise ta 11 6 MANTA rro ads 11 7 URREA o SENTETE IAE T TE EEE A nie TEENE nee E TET T 11 7 A EE AE E EE I PES PEET E APII EEO E a T PAR 1 9 TELETA SINO eii a ae 11 11 Chapter 12 interface Instance 121 Mires AIM yr ide dd dia 12 1 WA OSCE riene eaea e aeaee 12 2 Ed el eee eee E E ET eee E N re eee eer oe eN 12 3 pa E 453i ciel A ETE EE hades Faron TTT 12 3 A A O II 12 4 A o er E E 12 5 PARE ETEEN E EEE TA EEE AE ETAN AT 12 5 e aaa a N a 12 5 TEBA ai FEES S T 12 6 ARE E I ge ences E E E A E ETTET 12 8 121 10 MATISMEN oc0ciced ecochecneaneheddedkesrdeopadeied eeeriwkoenaadead 12 9 IN eye Sete aiaed neh haar Aaa nde owen tet a 12 9 TOC 8 WS5100 Series Switch CLI Reference Guide Ie POT A e TN 12 10 a A det ein kok NIE A E ETE ear ede doe eae rs 12 11 MAA A ia it pie sen EE E id ad 12 12 A ao IL ee ee ee ee eer eee car ee nw ers ary
54. Attributes e mu Clears the MU e MAC Address MAC address of the MU e all All MUs Home and Foreign e foreign database Displays MUs present in the foreign MU database home database Displays MUs present in the home MU database e mu log Clears the mobility MU event log peer log Clears the mobility PEER event log peer statisitcs Clears mobility peer statistcs spanning tree detected protocols interface lt NAME gt Clears existing spanning tree commands Example WS5100 clear alarm log new WS5100 WS5100 clear alarm log acknowledged WS5100 4 10 4 1 6 4 1 7 WS5100 Series Switch CLI Reference Guide WS5100 clear arp cache WS5100 WS5100 clear logging WS5100 WS5100 clear mobility event log peer WS5100 WS5100 clear ip dhcp binding WS5100 clock Priv Exec Command Configures the software system clock Syntax clock set HH MM SS 1 31 MONTH 1993 2035 Parameters set Sets system date and time Example WS5100 clock set 15 10 30 25 May 2007 WS5100 show clock May 25 15 10 31 UTC 2007 cluster cli Priv Exec Command Use this command to access the cluster cli context The cluster cli context provides centralized management to configure all members of cluster from one member Any command executed under this context is executed to all switches in the cluster A new context redundancy is available to support the cluster c
55. DD EE FF MAC address of the mobile unit e detail Displays detailed information peer Mobility peers e A B C D IP address of Peer e detail Displays detailed peer information Statistics Mobility statistics e AA BB CC DD EE FF MAC address of the mobile unit Example WS5100 config show mobility event log forwarding global mobile unit peer statistics Event Log obile unit information in the forwarding plane Global Mobility parameters obile units in the Mobility Database obility peers obile unit Statistics WS5100 config show mobility event log mobile unit Time IP HS 1P 09 14 19 17 52 157 235 208 134 09 14 19 17 51 0 0 0 0 157 235 208 16 09 14 19 17 51 0 0 0 0 Event Evt Sre 1P U Mac MU One Le IP UPD MU n a 00 0f 3d e9 a6 54 157 235 208 16 157 235 208 16 ADD MU n a 00 0f 3d e9 a6 54 157 235 208 16 DEL MU n a 00 0f 3d e9 a6 54 Common Commands 2 45 157 235 208 16 157 235 208 16 09 14 19 17 50 ADD MU n a 00 0f 3d e9 a6 54 0 0 0 0 15723920816 157 235 208 176 WS5100 gt show mobility forwarding Mobility Forwarding plane Information State HS Home switch CS Current switch HS Not Home switch ICS Not Current switch Mac Address IP Address State HS Vlan Tunnel WS5100 gt WS5100 gt show mobility global obility Global Parameters Admin Status DISABLED Operational Status DISABLED Admin status is DISABLED Local Address
56. LDAP IP Address TO TOs 10 09 Port z 369 Login E sAMAccountName Stripped User Name User Name Common Commands 2 41 Bind DN E cn kumar ou symbol dc activedirectory dc com Base DN ou symbol dc activedirectory dc com Password 0 symbol 123 Password Attribute UserPassword Group Name cn Group Membership Filter objectClass group member Ldap UserDn Group Member Attr radiusGroupName Net timeout 1 second s 2 2 10 licenses Common to all modes Syntax show licenses Parameters None Example WS5100 config show licenses feature usag license string license value usage AP 2FFD7fE9 CDO16155 14A92C70 48 1 2 2 11 logging Common to all modes Syntax show logging Parameters None Example WS5100 config show logging Logging module enabled Aggregation time disabled Console logging level debugging Buffered logging level informational Syslog logging level debugging Facility local7 Logging to 157 235 203 37 2 42 2 2 12 2 2 13 WS5100 Series Switch CLI Reference Guide Logging to 10 0 0 2 Log Buffer 6520 bytes Sep 14 19 11 59 2006 SDAEMON 6 INFO radiusd 4643 Ready to process requests Sep 14 19 11 58 2006 SPM 5 PROCSTOP Process radiusd has been stopped Sep 14 18 51 14 2006 CC 5 RADIOADOPTED lla radio on AP 00 A0 F8 BF 8A A2 adopted Sep 14 18 51 14 2006 SCC 5 RADIOADOPTED 11bg radio on A
57. None Example WS5100 config crypto isakmp no lifetime WS5100 config crypto isakmp service Crypto ISAKMP Config Commands Invokes service commands to trobuleshoot or debug config crypto isakmp instance configurations Syntax service show cli crypto isakmp 6 7 Parameters cli Displays the CLI tree of current mode Example WS5100 config crypto isakmp service show cli Crypto Isakmp Config mode authentication pre share authentication rsa sig pre share rsa sig authentication rsa sig pre share clrscr clrscr do LINE do LINE encryption 3des encryption des 3des aes aes 192 aes 256 t aes encryption des 3des aes aes 192 aes 256 t aes 192 encryption des 3des aes aes 192 aes 256 t aes 256 encryption des 3des aes aes 192 aes 256 des encryption des 3des aes aes 192 aes 256 end end t exit exit group 1 group 1 215 2 group 1 2 5 5 group 1 2 5 hash md5 hash sha md5 WS5100 config crypto isakmp 6 1 12 show Crypto ISAKMP Config Commands Use this command to view current system information running on the switch Syntax show lt paramater gt Parameters 2 Displays all the parameters for which information can be viewed using the show command 6 8 WS5100 Series Switch CLI Reference Guide Examp
58. Parameters list name Enter the name of the access list or ACL ID to assign to this crypto map Usage Guidelines Crypto map entries do not directly contain the selectors used to determine which data to secure Instead the crypto map entry refers to an access control list An access control list ACL is assigned to the crypto map using the match address command If no ACL is configured for a crypto map the entry is incomplete and will have no effect on the system The entries of the ACL used in a crypto map should be created with respect to traffic sent by the OS The source information must be the local OS and the destination must be the peer Only extended access lists can be used in crypto maps Example The following shows setting up an ACL called TestList and assigning the new list to a crypto map called TestMap WS5100 config ip access list extended TestList Configuring New Extended ACL TestList config ext nacl exit WS5100 config crypto map TestMap 220 isakmp dynamic WS5100 config crypto map WS5100 config crypto map match address TestMap WS5100 config crypto map crypto map 10 5 10 1 6 no Crypto Map Config Commands Negates a command or sets its defaults Syntax no lt previous command used gt Parameters Use the commands configured under this instance Example WS5100 config crypto map Hno aggrerssive mode WS5100 config crypto map 10 6 WS5100 Series Switch CLI
59. Privilege Global Config Syntax show file information FILE systems Parameters information Displays file information FILE Displays the information on file systems Lists existing filesystems Example WS5100 show file systems File Systems Size b Free b Type Prefix z opaque system 13704192 11904000 flash nvram 19524608 16866304 flash flash network sftp network http network ftp network tftp WS5100 22 42 ftp Privilege Global Config Syntax show ftp Parameters None Example WS5100 show ftp 2 76 2 2 43 2 2 44 WS5100 Series Switch CLI Reference Guide FTP Server Disabled User Name anonymous or ftpuser Password Kk KK KK RK Root dir flash WS5100 password encryption Priviledge Global Config Syntax show password encryption status Parameters status Displays the existing password encryption status Example WS5100 show password encryption status Password encryption is disabled WS5100 running config Privilege Global Config Displays the contents of those configuration files wherein all configured MAC and IP access lists are applied to an interface Syntax show running config full include factory Parameters full Displays the file s full complpete configuration include factory Includes factory defaults Common Commands 2 77 Example WS5100 config show running config configuration of WS5100 version 3
60. RMZ Ecospace WS5100 config wireless 20 6 WS5100 Series Switch CLI Reference Guide 20 1 5 ap detection Wireless Configuration Commands Configures access port detection parameters Syntax ap detection approved enable mu assisted scan timeout approved unapproved ap detection approved add lt 1 200 gt MAC Address SSID ap detection mu assisted scan enable refresh lt 300 86400 gt Parameters aap version AP detection configuration commands approved Sets the approved access port list e add lt 1 200 gt Adds an entry to the approved access port list e MAC Address Select either e MAC Define a MAC address in AA BB CC DD EE FF format e any Assigns any MAC address e SSID Select either e LINE Enter a string up to 32 characters e any Assigns any SSID enable Allows access ports to look for APs mu assisted scan Sets mobile unit assisted scanning configuration e enable Enables mobile unit assisted scanning e refresh lt 30 86400 gt Defines the period in seconds used by all scan capable mobile units are polled to scan for neighboring access ports timeout lt 7 65535 gt The amount of time in seconds an AP remains in the list after it is no longer seen e approved e unapproved 20 1 6 Example ws51 WS51 WS51 ws51 ws51 WS51 WS51 ws51 00 config wirel 00 config wirel 00 config wirel 00 config wirel 00
61. Radius Configuration Commands Sets the configuration of the RADIUS client Syntax nas A B C D M key 0 2 LINE Parameters A B C D M Sets the RADIUS client s IP address key Sets the RADIUS client s shared key 0 Defines the Password as UNENCRYPTED 2 Password is encrypted with password encryption secret LINE Defines the secret client shared secret up to 32 characters Example WS5100 config radsrv tinas A B C D M Radius client IP address WS5100 config radsrv nas 10 10 10 0 24 key Radius client shared secret WS5100 config radsrv nas 10 10 10 0 24 key 0 Password is specified UNENCRYPTED 2 Password is encrypted with password encryption secret LINE The secret client shared secret upto 32 characters WS5100 config radsrv nas 10 10 10 0 24 key 0 very secret 19 20 WS5100 Series Switch CLI Reference Guide 19 1 11 no Radius Configuration Commands Negates a command or sets its defaults Syntax no authentication ca cril check group ldap server nas proxy rad user server service Parameters authentication Defines the RADIUS authentication ca Configures Certificate Authority CA parameters cri check Enables a Certificate Revocation List CRL check group Sets the local RADIUS server s group configuration Idap server Defines LDAP server parameters nas Sets the RADIUS client configuration proxy Defines the RADIUS proxy server rad user Se
62. TCP or UDP as the protocol source source mask host source any The source is the source IP address of the network or host in dotted decimal format The source mask is the network mask For example 10 1 1 10 24 indicates the first 24 bits of the source IP are used for matching e any is an abbreviation for a source IP of 0 0 0 0 and the source mask bits are equal to 0 e hostis an abbreviation for exact source A B C D and the source mask bits equal to 32 operator source port Valid only for TCP or UDP protocols Valid values are eq and range e range Specifies the protocol range starting and ending protocol numbers e port Sets the valid port number destination destination mask host destination any Defines the destination host IP address or destination network address operator destination port Specifies the destination port log Generates log messages when the packet coming from the interface matches the ACL entry Log messages are generated only for router ACLs rule precedence access list entry precedence Defines an integer value between 1 5000 This value sets the rule precedence in the ACL 14 6 WS5100 Series Switch CLI Reference Guide Usage Guidelines Use this command to deny traffic between networks hosts based on the protocol type selected in the access list configuration The following protocol types are supported e ip e icmp e tcp e udp The last AC
63. TE E E A EE E NE EE 4 28 E AA 4 30 A A E ewe mks 4 30 Chapter 5 Global Configuration Commands 5 1 Global Configuration Commands scosorpracinia erre arar 5 2 la atrasados baii 5 4 IZ MESSI iia dee 5 5 A AA 5 11 A cane rank aah teen eee 5 12 A A tee erdaes 5 13 BNE A E bak Staonal VEEE ET 5 13 S17 CAE 4 46 i cha bbe ideas 5 14 AE NG a coda ke Ae hae RE Oh aR ER ET TA TEN AE TEST dae 5 16 A A ee Ae E ess 5 23 A A dee Sal eaotn ks 5 23 1 SAU pote cen eee Renown E E A E AA aye EE AAA A TA 5 24 Contents TOC 5 SLIZ TADEK casi dera den cada 5 25 A ATE E One db ENE ae EEE NE PO 5 25 A A a dbi ea deka eee 5 26 AS MI errada drid 5 26 A O nde here TE E 5 27 SEI WEBCO todo pede tae na hep demlips Ae 5 32 A A A A 5 33 A A O IN ee ane eee 5 33 S120 Or aocosmsrrrrrrrcradaro arcaica rial rd 5 34 A A O EN 5 35 51 22 macaddess lle oorcciteris de rrrciids errar 5 36 MEER E N ercer de 5 37 EA Aiseee aN E a a 5 37 Sele POU AA 5 41 SO e aria E A E N 5 41 MEA E e E O EENE EE A E E EE ETE 5 42 A 5 44 A eli Len inaad en eea Guha wake T E E 5 45 Ae a A a A a Soa den anna eh A ee 5 55 Sad SAMO HEE cs rra ba 5 56 ASS TNE 4 A A E AS E E 5 60 AREE a r ico erncanrcuanedcasarpedud dedmabdgneade hea hammetondnaada carder 5 60 Ne ae ce ae ace an betes eee ean ae hea ane na aaa seeks 5 61 Bio WWE oct eted ESE SAA ASEEN E E L EE EESE S AT E TEAS AI ANT 5 61 SL Mi bd 5 62 Chapter 6 crypto isakmp 6 1 Crypto ISAKMP Config Commands 2 0 00
64. WS5100 config wireless wlan 25 description TestWLAN WS5100 config wireless WS5100 config wireless twlan 25 dot11i handshake timeout 2500 retransmit 5 WS5100 config wireless WS5100 config wireless wlan 25 dot1li key rotation enable WS5100 config wireless WS5100 config wireless wlan 25 dotl1li key rotation interval 2000 WS5100 config wireless WS5100 config wireless wlan 25 enable WS5100 config wireless WS5100 config wireless wlan 25 hotspot webpage external failure This feature is under development WS5100 config wireless WS5100 config wireless wlan 25 kde server primary 1 2 3 4 auth port 50000 WS5100 config wireless WS5100 config wireless wlan 25 mobility enable WS5100 config wireless wlan 1 nac mode bypass nac except include list WS5100 config wireless WS5100 config wireless wlan 1 nac server primary 11 22 33 22 auth port 1221 WS5100 config wireless WS5100 config wireless 20 1 37 Wireless Instance 20 63 WS5100 config wireless wlan 25 radius accounting timeout 30 retransmit 50 WS5100 config wireless WS5100 config wireless wlan 25 radius mobile unit timeout 30 retransmit 5 WS5100 config wireless WS5100 config wireless wlan 25 ssid TestString WS5100 config wireless WS5100 config wireless wlan 25 symbol extensions fast roaming enable WS5100 config wireless WS5100 config wireless wlan 25 syslog accounting server 12 13 14 125 port 5005 WS5100
65. Wireless Configuration Commands Sets a multicast packet limit per second for a VLAN This limits broadcast multicast packets per VLAN The default vlaue is 32 broadcast multicast packets per second Syntax multicast packet limit lt 1 128 gt lt 1 4094 gt lt vlan range gt Parameters lt 1 128 gt Sets the multicast packet limit per second lt 1 4094 gt Defines the single VLAN ID 1 4094 the new limit applies to lt vlan range gt Defines the list 1 3 7 or range 3 7 of VLAN IDs Example WS5100 config wireless multicast packet limit 120 50 WS5100 config wireless WS5100 config wireless multicast packet limit 120 1 10 25 WS5100 config wireless multicast throttle watermark Wireless Configuration Commands Configures watermarks for supporting bursts of broadcast multicast frames Syntax multicast throttle watermarks low lt 0 100 gt high lt 0 100 gt Wireless Instance 20 27 Parameters low lt 0 100 gt Sets the low water mark If the percentage of free packets in the system is lower than this threshold the incoming frame is dropped high lt 0 100 gt Sets the high water mark If the percentage of free packets in the system is between the low water mark and this value the packet is subjected to a random early drop If free packets are greater than this value the packet is processed Example WS5100 config wireless multicast throttle watermarks low 10 high 20 WS5100 con
66. a detector No mobile units can associate to a detector dtim period lt 1 50 gt bss lt 1 4 gt Set the DTIM period number of beacons between successive DTIMs radio dtim period lt 50 gt bss lt 4 gt e lt 1 50 gt Sets the DTIM period e bss lt 1 4 gt BSS index enforce spec mgmt enable Enforces spectrum management checks on specified radios Only mobile units that advertise spectrum management capabilities will be allowed to associate on this radio enhanced beacon table Enables the enhanced beacon table for AP locationing enhanced probe table Enables the enhanced probe table for MU locationing location led start flashing stop flashing Changes the mode of operation of the LEDs on an AP e start flashing Requests parent ap of specified radio to begin flashing its LEDs to help locate it e stop flashing Requests parent ap of specified radio to revert its LEDs to normal mode of operation location message Specifies a message sent to all mobile units that associate with these radios This message should not exceed 80 characters 20 34 WS5100 Series Switch CLI Reference Guide mac lt MAC address gt Changes the parent access port MAC address of the radio max mobile units lt 1 Maximum number of mobile units allowed to associate 256 gt mu power lt 0 20 gt Power adjustment level for mobile units associated with this access port MUs that support this
67. added to group sales 19 16 WS5100 Series Switch CLI Reference Guide 7 Use config radsrv tinas to add a NAS entry for the group WS5100 config radsrv nas A B C D M Radius client IP address WS5100 config radsrv nas 10 10 10 0 24 key Radius client shared secret WS5100 config radsrv nas 10 10 10 0 24 key 0 Password is specified UNENCRYPTED 2 Password is encrypted with password encryption secret LINE The secret client shared secret upto 32 characters WS5100 config radsrv nas 10 10 10 0 24 key 0 very secret 8 Use config radsrv proxy to add a realm name for the group WS5100 config radsrv proxy realm mydomain com server 10 10 1 10 port 1812 secret 0 testing 9 Save the changes and restart the RADIUS server WS5100 config radsrv service radius restart Sep 08 17 48 04 2006 SPM 5 PROCSTOP Process radiusd has been stopped Sep 08 17 48 05 2006 RADCONF radius config files generated successfully WS5100 config radsrv Sep 08 17 48 05 2006 SDAEMON 6 INFO radiusd 8830 Ready to process requests 19 1 8 help Radius Configuration Commands Displays the system s interactive help in HTML format Syntax help Parameters None Example WS5100 config radsrv help help Description of the interactive help system 19 1 9 Radius Server Instance 19 17 WS5100 config radsrv help CLI provides advanced help feature When you need help anytime at the command line pl
68. adoption capacity Switch Adoption capacity Established Peer s Count Redundancy Group Connectivity status DHCP Server in group WS5100 config redundancy history Common to all modes Displays the switch state transition history Syntax show redundancy history Parameters None Example WS5100 gt show redundancy history State Transition History Time Event Triggered Ch Gin Ct eGR a A AN Pop PD Pp PP D GIO NOOO o jo AO o O Common Commands 2 51 plicable plicable plicable plicable licable plicable plicable plicable plicable Sat Oct 06 12 07 55 Redundancy Enabled Sat Oct 06 12 07 56 Startup Done Sat Oct 06 12 08 26 Discovery Done Sat Oct 06 22 10 10 Redundancy Disabled WS5100 gt show Startup Discovery Active Startup 2 52 WS5100 Series Switch CLI Reference Guide 2 2 22 redundancy members 2 2 23 Common to all modes Displays the member switches in the cluster The user can provide the 1P address of the switch in cluster whose information alone is needed Syntax show redundancy members A B C D Parameters A B C D Displays the IP addresses of member switches Example WS5100 config show redundancy members brief Member ID Self Member State Member ID Member State 10 10 10 10 Not Applicable 10 10 10 1 Peer Configured snmp Common to all modes Syntax show snmp user snmpmanager snmpoperator snmptrap
69. channel and transmit power level e indoor Defines an indoor location e outdoor Defines an outdoor location e lt 1 2000 gt Sets the channel number e acs Enables ACS auto channel selection A radio will scan for the least congested channel at startup or switch reconfiguration e random Random channel selection e lt 2 20 gt Sets the power in dBm client bridge enable mesh timeout lt 2 200 gt ssid SSID name Defines client bridge settings e enable Enables client bridge functionality on radio e mesh timeout 1 lt 2 200 gt Sets the client bridge link timeout e ssid SSID name Defines the ESSID of the WLAN coordinates lt 65535 65535 gt lt 65535 65535 gt Configures the location of this radio in terms of x y z coordinates e lt 65535 65535 gt Sets the X coordinate e lt 65535 65535 gt Sets the Y coordinate e lt 65535 65535 gt Sets the Z coordinate Wireless Instance 20 33 copy config from lt 1 1000 gt default 1 1a default 11b default 11bg Copies the configuration from a previously configured radio e lt 1 1000 gt Defines a single radio index e default 11a Uses the default 11a configuration template default 11b Uses the default 11b configuration template default 11bg Uses the default 11bg configuration template description Defines a description for this radio detector Dedicates this radio as
70. clrscr exit Common Commands Ends the current mode and moves to the previous mode Syntax exit Parameters None Example WS5100 config exit help Common Commands Use this command to access the advanced help feature Use anytime at the command prompt to access the help topic Two kinds of help are provided 1 Full help is available when ready to enter a command argument 2 Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input for example show ve Syntax help or Parameters None Example WS5100 gt show autoinstall banner commands crypto environment history interfaces ip ldap licenses logging mac management mobility ntp privilege radius redundancy group redundancy history redundancy members snmp snmp server terminal timezone users version wireless wlan acl WS5100 gt show Common Commands 2 3 autoinstall configuration Display Message of the Day Login banner Show command lists encryption module show environmental information Display the session command history Interface status and configuration Internet Protocol IP LDAP server Show any installed licenses Show logging configuration and buffer AC access list assignment Display L3 Managment Interface nam Display Mobility Parameters Network time protocol Show current privilege level RADIUS configuration commands Display redu
71. config wireless WS5100 config wireless wlan 24 qos mcast with dotlli enable WS5100 config wireless wlan bw allocation Wireless Configuration Commands Enables WLAN bandwidth allocation on all radios Syntax wlan bw allocation enable Parameters enable Enables WLAN bandwidth allocation on all radios Example WS5100 config wireless wlan bw allocation enable WS5100 config wireless 20 64 WS5100 Series Switch CLI Reference Guide SOLE Instance Use the config sole instance to configure SOLE related configuration commands 21 1 SOLE Config Commands summarizes config sole commands Command Table 21 1 Location Engine Config Command Summary Description Configures the SOLE adapter Ref Clears the display screen Ends the current mode and moves to the EXEC mode Ends the current mode and moves to the previous mode Displays the interactive help system in HTML format Negated a command or sets defaults values Invokes service commands to troubleshoot or debug config if instance configurations Displays running system information 21 2 21 1 1 21 1 2 WS5100 Series Switch CLI Reference Guide adapter SOLE Config Commands Enables disables a specified adapter or all the adapters Syntax adapter aeroscout enable Parameters adapter aeroscout SOLE adapter name enable e aeroscout Defines the name of the adapte
72. dhcp status DHCP Server is Running on following interfaces vian4 17 22 WS5100 Series Switch CLI Reference Guide WS5100 config WS5100 config show ip dhcp binding IP MAC Client Id Type Expiry Time WS5100 config 17 1 25 update DHCP Config Commands Controls the usage of the DDNS service Syntax update dns override Parameters update dns override Controls the usage of the DDNS service e dns Dynamic DNS Configuration e override Enable Dynamic Updates by onboard DHCP Server Usage Guidelines A DHCP client cannot perform updates for RR s A TXT and PTR Use update dns override to enable the internal DHCP Server to send DDNS updates for resource records RR s A TXT and PTR The DHCP Server can override the client even if the client is configured to perform the updates In the network pool of DHCP Server FODN is configured as the DDNS domain name This is used internally in DHCP packets between the switch s DHCP Server and the DNS server Example WS5100 config dhcp update dns override WS5100 config dhcp DHCP Server Instance 17 23 17 2 Configuring the DHCP Server using Switch CLI The switch DHCP configuration is conducted by creating pools and mapping them to L3 interfaces SVI e A Network pool is the pool with include ranges When the network pool is mapped to a L3 interface DHCP clients requesting IPs from the L3 interface get an IP from the con
73. dhcpclass service DHCP Server Class Config Commands Invokes service commands to troubleshoot or debug config if instance configurations Syntax service show cli Parameters show cli Displays the CLI tree of the current mode Example WS5100 config dhcpclass service show cli DHCP Server Class Config mode clrscr clrscr do LINE do LINE end end t exit exit t help help multiple user class multiple user class cmd no multiple user class no multiple user class cmd option user class WORD no option user class WORD option user class WORD option user class WORD t quit quit s commands show commands WORD show commands WORD running config show running config F ulLL show funning c ntig UL a aaa WS5100 config dhcpclass 18 1 9 show DHCP Class Instance 18 7 DHCP Server Class Config Commands Displays current system information Syntax show lt parameters gt show dhcp config status show ip dhcp binding class pool sharednetwork Displays the parameters for which information can be viewed using the show command Example WS5100 config dhcpclass access list aclstats alarm log autoinstall banner boot clock commands crypto debugging dhcp environment file ftp history interfaces ip ldap licenses logging mac management mobility ntp password encryption port channel
74. dynamic WS5100 show ip routing IP routing is on WS5100 config show ip route detail Codes K kernel icmp C connected S static D DHCP gt Active route Next hop in FIB p stale info 1 1 0 0 16 1 0 via 1 1 1 1 inactive 1 1 1 0 24 1 0 via 1 1 1 2 inactive 10 0 0 0 8 1 0 via 10 10 10 10 inactive 157 235 208 0 24 1 0 via 157 235 208 246 inactive nun un un WS5100 show ip ssh SSH server enabled Status running Keypair name default_ssh_rsa_key Port 22 WS5100 show ip telnet Telnet server enabled Status running Port 23 2 40 WS5100 Series Switch CLI Reference Guide 2 2 9 Idap Common to all modes Syntax show ldap configuration primary secondary Parameters Idap Defines the LDAP server configuration Sets the LDAP server primary Defines the Primary LDAP server secondary Defines the Secondary LDAP server Example WS5100 config radsrv show ldap configuration LDAP Server Config Details Primary LDAP Server configuration IP Address 2 20 LLO LOT Port 369 Login sAMAccountName Stripped User Nam User Name Bind DN cn kumar ou symbol dc activedirectory dc com Base DN ou symbol dc activedirectory de com Password 0 symbol 123 Password Attribute UserPassword Group Name cn Group Membership Filter objectClass group member Ldap UserDn Group Member Attr radiusGroupName Net timeout 1 second s Secondary
75. element will reduce their transmit power by the specified value e lt 0 20 gt Power adjustment level in dBm neighbor smart scan Configures neighbor radios for smart scans lt 1 4096 gt lt radio range gt e lt 1 4096 gt Sets a single radio index e lt radio range gt Set a list 1 3 7 or range 3 7 of radio indices on channel scan Enables rogue scanning on this radio reset Resets a radio this will only reset the specified radio not the complete access port reset ap Resets the parent AP this will reset all radios on that access port rss enable Enables Remote Site Survivability RSS rts threshold lt 0 2347 gt Defines the RTS threshold in bytes run acs Runs an auto channel selection on a radio The radio should already have been configured for ACS support self heal offset lt 0 30 gt Configures the self healing offset measured in dBm for regulatory Note The offset is based off the regulatory maximum power for the specified channel show wireless regulatory displays the max power allowed Wireless Instance 20 35 speed Configures the basic and supported data rates speed e 1 Mbps e 11 11 Mbps e 12 12 Mbps e 18 18 Mbps e 2 Mbps e 24 24 Mbps e 36 36 Mbps e 48 48 Mbps e 54 54 Mbps e 5po 5 5 Mbps e 6 6 Mbps eg 9 Mbps e basicl basic 1 Mbps e basic11 basic 11 Mbps e basic12 basic 12 Mbps e basic18 basic 18 Mbps e basic basic 2 Mbp
76. export generate import zeroize Authentication key management functions e export rsa lt name gt URL tftp ftp Exports a keypair related configuration generate rsa lt name gt lt 1024 2048 gt Generates a keypair e lt 1024 2048 gt Size of keypair in bit import rsa lt name gt URL tftp ftp Imports keypair related configuration zeroize rsa lt name gt Deletes a keypair rsa lt identifier gt RSA keypair identifier associated with keypair URL URL for sending the key to It can be one of the following e tftp lt IP gt path file or e ftp lt user gt lt passwd gt lt IP gt path file map lt name gt lt sequence gt lipsec isakmp ipsec manual dynamic Enter a crypto map For more details see crypto map on page 10 1 e name lt name gt Names the crypto map entry not to exceed 32 characters e lt 1 1000 gt Sequence to insert into crypto map entry e ipsec isakmp IPSEC w ISAKMP e ipsec manual IPSEC w manual keying e dynamic Dynamic map entry remote VPN configuration for XAUTH with mode config or ipsec 12tp configuration Global Configuration Commands 5 21 pki authenticatelenroll Configures certificate parameters The public key export import trustpoint infrastructure is a protocol that creates encrypted public keys using digital certificates from certificate authorities PKI ensures each online party is who they claim to be e authentic
77. failure decryption fails Decryption failures disassociations Disassociation and Deauthentication frames eap naks Excessive EAP NAKs The threshold upper limit for this field is 65535 the default limit is 0 eap starts EAP 802 1x Start frames probe requests Probe Request frames unassoc frames Frames from unassociated stations e filter ageout lt 0 86400 gt Sets the number of seconds mobile units will be filtered out e threshold mu radio switch lt 0 9999 gt Sets the threshold allowed in the detection window mu Uses the threshold for monitoring on a per mobile unit basis radio Uses the threshold for monitoring on a per radio basis switch Uses the threshold for monitoring at the switch level Example WS5100 config wireless ids anomaly detection tkip countermeasures enable WS5100 config wireless WS5100 config wireless ids detect window 250 20 1 21 Wireless Instance 20 23 WS5100 config wireless WS5100 config wireless ids ex ops 80211 replay fails filter ageout 5200 WS5100 config wireless mac auth local Wireless Configuration Commands Configures the local MAC authentication list Syntax mac auth local lt 1 1000 gt allow deny Starting MAC Address Ending MAC Address range list of WLAN indicies WORD Parameters lt 1 1000 gt Sets the mac auth local entry allow Allows mobile units that match this rule to associat
78. feature license string license valu usag AP 48 4 WS5100 config Global Configuration Commands 5 33 5 1 18 line Global Configuration Commands Configures the terminal line Syntax line console vty Parameters console Primary terminal line Configure a value between 0 0 vty Virtual terminal Set a value between 0 871 5 1 19 local Global Configuration Commands Sets the username and password for local user authentication Syntax local username password Parameters username Define the local user name The username can be a string of upto 64 characters password Define the local user password The password can be a string of up to 21 characters Example WS5100 config local username Noble Man password Noble Soul 5 34 WS5100 Series Switch CLI Reference Guide 5 1 20 logging Global Configuration Commands Modifies message logging facilities Syntax logging aggregation time buffered console facility host monitor on syslog logging aggregation time lt 1 20 gt logging buffered lt 0 7 gt lalerts critical debugging emergencies errors informational notifications warnings Parameters aggregation time Sets the number of seconds for aggregating repeated messages The value can be configured between 1 60 seconds buffered Sets the buffered logging level console Sets the console logging level monitor Sets the terminal lines logging level sys
79. file Syntax edit FILE Parameters FILE Name of the file to be modified Example WS5100 edit startup config GNU nano 1 2 4 File startup config I configuration of WS5100 version 3 1 0 0 038R version 1 1 I aaa authentication login default local none service prompt crash info Ji username admin password 1 8e67bb26b358e2ed20fe552ed6fb832f397a507d username admin privilege superuser 4 18 4 1 16 4 1 17 WS5100 Series Switch CLI Reference Guide username operator password 1 fe96dd39756ac41b74283a9292652d366d73931f I spanning tree mst configuration name My Name I no bridge multiple spanning tr nable bridge forward enable gt Priv Exec Command Turns on the privileged mode command Syntax enable Parameters None Example WS5100 enable WS5100 erase Priv Exec Command Erases a target filesystem Syntax erase nvram flash startup config Parameters nvram Erases everything in nvram flash Erases everything in flash startup config Resets the configuration to factory default Privileged Exec Commands 4 19 Example WS5100 erase flash Error path is a directory WS5100 erase ne WS5100 erase nvram Error no user deleteable files in nvram WS5100 erase startup config WS5100 4 1 18 halt Priv Exec Command Stops halts the switch Syntax halt Parameters None Example WS5100 halt Wireless switch will be halt
80. greater than tput greater than undecrypt percent greater than snmp server enable traps wireless statistics min packets lt 1 65535 gt nmp server enable traps wireless statistics mobile unit avg bit speed less than avg retry greater thanlavg signal less han gave up percent greater than nu percent greater than ktsps greater than tput greater than undecrypt percent greater han AO 0U0 nmp server enable traps wireless statistics radio avg bit speed less than avg retry greater than avg noise level hreshold avg signal less than gave up percent greater than nu ercent greater than um mobile units greater than pktsps greater than tput greater han undecrypt percent greater than snmp server enable traps wireless statistics wireless switch num mobile units greater than pktsps greater than tput greater than 45D tu snmp server enable traps wireless statistics wlan avg bit speed less than avg retry greater than avg signal less than gave up percent greater than nu percent greater than num mobile units greater than pktsps greater than tput greater than undecrypt percent greater than snmp server host A B C D snmp server location LINE snmp server manager all v2 v3 snmp server sysname snmp server user snmpmanager snmpoperator snmptrap Global Configuration Commands 5 47 Parameters community Sets the community string and access privileges e ro Read only access
81. help CLI provides advanced help feature When you need help anytime at the command line please press If nothing matches the help list will be empty and you must backup until entering a shows the available options Two styles of help are provided 1 Full help is available when you are ready to enter a command argument e g show and describes each possible argument 2 Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input e g show ve WS5100 config mst 13 4 WS5100 Series Switch CLI Reference Guide 13 1 5 13 1 6 instance mst Config Commands Associates VLAN s with an instance Syntax instance lt 1 15 gt vlan lt VLAN_ID gt Parameters lt 1 15 gt Defines the instance ID to which the VLAN is associated vlan lt VLAN_ID gt Sets the VLAN ID for its association with an instance Usage Guidelines MSTP works based instances An instance is a group of VLANs with a common spanning tree A single VLAN cannot be associated with multiple instances Switches with the same instance VLAN mapping revision number and region names define a unique region Switches in the same region exchange bridge protocol data units BPDUs with instance record information within it Example The example below sets an instance named 10 and maps VLAN 20 to It WS5100 config mst instance 10 vlan 20 WS5100 config mst name mst Confi
82. if static channel group 1 WS5100 config interface ge2 WS5100 config if static channel group 1 The example below defines the load balance based on the IP or MAC address WS5100 config interface sal WS5100 config if port channel load balance src dst ip WS5100 config if interface Instance 12 11 12 1 13 service Interface Config Commands Invokes service commands to troubleshoot or debug the config if instance configuration Syntax service show cli Parameters cli Shows the CLI tree of current mode Example WS5100 config if service show cli Interface Config mode clrscr clrscr crypto map WORD crypto map WORD description LINE description LINE do LINE do LINE duplex auto duplex half fulllauto full duplex half full auto half duplex half full auto end end t exit exit t help help ip access group lt 1 99 gt in ip access group lt 1 99 gt lt 100 199 gt lt 1300 1999 gt lt 2000 2699 gt WORD in lt 100 199 gt WS5100 config if 12 12 WS5100 Series Switch CLI Reference Guide 12 1 14 show Interface Config Commands Displays current system information running on the switch Syntax show lt parameter gt Parameters Displays the parameters for which information can be viewed using the show command Example WS5100 config if show access l
83. keepalive 10 crypto ipsec security association lifetime kilobytes 4608000 fallback enable ip http server ip http secure trustpoint default trustpoint ip http secure server ip ssh ip telnet no service pm sys restart l wireless wlan 1 enable wlan 1 ssid sardarjee radio add 1 00 A0 F8 BF 8A 4B 11bg ap300 radio 1 enhanced beacon table radio 1 enhanced probe tabl radio add 2 00 A0 F8 BF 8A 4B lla ap300 ap detection approved add 1 any any 2 82 2 2 48 WS5100 Series Switch CLI Reference Guide enhanced beacon table enable enhanced beacon table channel set a 36 44 149 enhanced beacon table channel set bg 1 2 4 5 radius server local l interface eth1 switchport access vlan 2100 l interface eth2 switchport access vlan 1 interface vlanl ip address 192 168 2 1 24 sole aaa authentication login default local none line con 0 line vty 0 24 end WS5100 upgrade status Privilege Global Config Syntax show upgrade status detail Parameters detail Displays the image s last upgrade log Example WS5100 show upgrade status Last Image Upgrade Status Successful Last Image Upgrade Time Mon May 21 16 27 40 2007 WS5100 User Exec Commands Logging in to the switch places you within the USER EXEC command mode Typically a login requires a user name and password You have three login attempts before a connection attempt is refused USER EXEC com
84. mu cache entry Displays mobile unit cache information Wireless Instance 20 43 mvlan lt 1 32 gt Displays multi Vlan Debug stats e lt 1 32 gt Defines a single WLAN s index radio Sets a radio s serviceability parameters lt 1 1000 gt description e lt 1 1000 gt Defines a single radio s index e description Displays the description and location coordinates of detected radios snmp trap throttle Displays stats related to SNMP trap throttling vlan cache buckets Displays VLAN cache buckets vlan cache entry Displays mobile unit VLAN information service wireless ap history clear enable AP history e clear Deletes the history of all APs e enable Enables the tracking of the AP history buffer counters clear Allocation counts for various buffers e clear Resets counters to zero clear ap log lt 1 48 gt Clears AP logs for the a selected index dump core Creates a core file of the ccsrvr process 20 44 WS5100 Series Switch CLI Reference Guide enhanced beacon table channel set albg lt 1 200 gt enable erase report max ap lt 0 512 gt scan interval lt 10 60 gt scan time lt 100 1000 gt Configures an AP for detecting and locating other APs in the network e channel set a bg lt 1 200 gt 802 1 1a 802 1 1bg channel set settings used for AP locationing e albg Adds channels to the Enhanced Beacon Ta
85. pm max sys restarts sys restart Process Monitor e max sys restarts Maximum number of times PM will restart the system because of a failed processes e sys restart Enable PM to restart the system when a processes fails Note The process restart is one count less than what is configured prompt Enables crash info prompt radius Enables RADIUS server set Sets service parameters show Shows running system information terminal length System wide terminal length configuration watchdog Enables service for watchdog 5 1 29 Global Configuration Commands 5 45 Example WS5100 config service dhcp WS5100 config WS5100 config service radius restart WS5100 config Snmp server Global Configuration Commands Modifies SNMP engine parameters Syntax snmp server community contact enable host location manager sysname user snmp server community WORD ro rw snmp server contact LINE snmp server enable traps all dhcp server diagnostics miscellaneous mobility nsm radius server redundancy snmp wireless wireless statistics snmp server enable traps all snmp server enable traps dhcp server snmp server enable traps disgnostics snmp server enable traps miscellaneous caCertExpired lowFsSpace processMaxRestartsReached savedConfigModi fied serverCertExpired snmp server enable traps mobility snmp server enable traps nsm dhcpIPChanged snmp server enable t
86. privilege radius redundancy group show Internet Protocol IP Show ACL Statistics information Display all alarms currently in the system autoinstall configuration Display Message of the Day Login banner Display boot configuration Display system clock Show command lists encryption module Debugging information outputs DHCP Server Configuration show environmental information Display filesystem information Display FTP Server configuration Display the session command history Interface status Internet Protocol IP LDAP server Show any installed licenses Show logging configuration and buffer Internet Protocol IP Display L3 Managment Interface nam Display Mobility parameters Network time protocol password encryption Portchannel commands Show current privilege level RADIUS configuration commands Display redundancy group parameters 18 8 WS5100 Series Switch CLI Reference Guide redundancy history Display state transition history of the switch redundancy members Display redundancy group members in detail running config Current Operating configuration securitymgr Securitymgr parameters sessions Display current active open connections snmp Display SNMP engine parameters snmp server Display SNMP engine parameters sole Smart Opportunistic Location Engine Configuration spanning tree Display spanning tree information startup config Contents of startup configuration static
87. remove from all computers hard drives networks and other storage media all copies of the Software and shall so certify to Licensor that such actions have occurred Sections 2 13 shall survive termination of this Agreement 6 XV DISCLAIMER OF WARRANTIES To the maximum extent permitted by applicable law Licensor and its suppliers provide the Software and any if any Support Services AS IS AND WITH ALL FAULTS and hereby disclaim all warranties and conditions either express implied or statutory including but not limited to any if any implied warranties or conditions of merchantability of fitness for a particular purpose of lack of viruses of accuracy or completeness of responses of results and of lack of negligence or lack of workmanlike effort all with regard to the Software and the provision of or failure to provide Support Services ALSO THERE IS NO WARRANTY OR CONDITION OF TITLE QUIET ENJOYMENT QUIET POSSESSION CORRESPONDENCE TO DESCRIPTION OR NONINFRINGEMENT WITH REGARD TO THE SOFTWARE THE ENTIRE RISK AS TO THE QUALITY OF OR ARISING OUT OF USE OR PERFORMANCE OF THE SOFTWARE AND SUPPORT SERVICES IF ANY REMAINS WITH LICENSEE EXCLUSION OF INCIDENTAL CONSEQUENTIAL AND CERTAIN OTHER DAMAGES TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW IN NO EVENT SHALL LICENSOR OR ITS SUPPLIERS BE LIABLE FOR ANY GENERAL SPECIAL INCIDENTAL DIRECT INDIRECT OR CONSEQUENTIAL DAMAGES WHATSOEVER INCLUDING BUT NOT LIMITED TO
88. screen Syntax clrscr Parameters None Example WS5100 config trustpoint clrscr WS5100 config trustpoint company name gt Trustpoint PKI Config Commands Sets the company name Applicable only for request Syntax company name Parameters WORD Company name 2 to 64 characters 11 1 3 11 1 4 crypto trustpoint Instance 11 3 Example WS5100 config trustpoint company name RetailKing WS5100 config trustpoint email gt Trustpoint PKI Config Commands Sets the e mail ID for the trustpoint Syntax email Parameters WORD email address 2 to 64 characters Example WS5100 config trustpoint email abcTestemailID symbol com WS5100 config trustpoint end gt Trustpoint PKI Config Commands Ends and exits the current mode and moves to the PRIV EXEC mode The prompt changes to wS5100 Syntax end Parameters None Example WS5100 config trustpoint end WS5100 11 4 WS5100 Series Switch CLI Reference Guide 11 1 5 11 1 6 exit gt Trustpoint PKI Config Commands Ends the current mode and moves to previous the mode GLOBAL CONFIG The prompt changes to wS5100 config Syntax exit Parameters None Example WS5100 config trustpoint exit WS5100 config fqdn gt Trustpoint PKI Config Commands Configures the domain name of the trustpoint Syntax fqdn Parameters None NOTE The length of domain name should be betw
89. seconds Excessive Operations Threshold mu radio switch Filter Ageout probe requests 0 0 0 60 Sec association requests 0 0 0 60 Sec disassociations 0 0 0 60 Sec authentication fails 0 0 0 60 Sec crypto replay fails 0 0 0 60 Sec 80211 replay fails 0 0 0 60 Sec decryption fails 0 0 0 60 Sec unassoc frames 0 0 0 60 Sec eap starts 0 0 0 60 Sec Anomaly Detection Status Filter Ageout probe requests 3 disabled 60 Sec association requests disabled 60 Sec Common Commands 2 69 disassociations disabled 60 Sec authentication fails disabled 60 Sec crypto replay fails disabled 60 Sec 80211 replay fails disabled 60 Sec decryption fails disabled 60 Sec unassoc frames disabled 60 Sec eap starts disabled 60 Sec null destination disabled 60 Sec same source destination disabled 60 Sec multicast source disabled 60 Sec weak wep iv disabled 60 Sec tkip countermeasures disabled 60 Sec invalid frame length disabled 60 Sec WS5100 gt WS5100 gt show wireless mac auth local 50 WS5100 gt WS5100 gt show wireless mobile unit statistics Error None of the mobile units are associated WS5100 config show wireless mobile unit index MAC address radio type wlan vlan tunnel ready IP address last active Posture Status 2 00 0E 9B 98 F9 34 1 llg 1 vlan 1 Y 192 168 2 45 0 Sec Number of mobile units associated 1 WS5100 config WS5100 config show wireless mobile unit association history MU MAC Radio WLAN T
90. sha hash algorithm Example WS5100 config crypto isakmp hash sha WS5100 config crypto isakmp help Crypto ISAKMP Config Commands Accesses the system s interactive help system Syntax help Parameters None Example WS5100 config crypto isakmp help CLI provides advanced help feature When you need help anytime at the command line please press If nothing matches the help list will be empty and you must backup until entering a shows the available options Two styles of help are provided 1 Full help is available when you are ready to enter a command argument e g show and describes each possible argument 2 Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input e g show ve WS5100 config crypto isakmp 6 6 6 1 9 6 1 10 6 1 11 WS5100 Series Switch CLI Reference Guide lifetime Crypto ISAKMP Config Commands Specifies how long an IKE SA is valid before expiring Syntax lifetime lt seconds gt Parameters lt seconds gt Specifies how many seconds an IKE SA lasts before expiring A time stamp in seconds can be configured between 3600 and 2147483647 Example WS5100 config crypto isakmp lifetime 5200 WS5100 config crypto isakmp no gt Crypto ISAKMP Config Commands Negates a command or sets its defaults Syntax no authentication encryption group hash lifetime Parameters
91. std nacl permit xxx xxx 1 0 24 log rule precedence 60 WS5100 config std nacl 15 8 WS5100 Series Switch CLI Reference Guide 15 1 9 service Standard ACL Config Commands Invokes service commands to troubleshoot or debug config if instance configurations Syntax service clear diag shell save cli show start shell tethereal Parameters clear Removes specified support information diag shell Provides diagnostic shell access to debug and test the switch save cli Saves the CLI tree for all modes in HTML format show Displays running system information start shell Provides shell access tethereal Dumps and analyzes network traffic Example WS5100 config std nacl service diag shell Diagnostic shell started for testing diag gt WS5100 config std nacl service save cli CLI command tree is saved as clitree html This tr can b clitree html viewed via web at http lt ipaddr gt cli WS5100 config std nacl WS5100 config std cli command history crash info dump files info last passwd reboot history startup log upgrade history nacl Show Displ Displ Show Displ Show Show Show service show CLI tree of current mode ay command except show commands history ay information about core panic and AP snapshot of available support information ay last password used to enter shell reboot history startup log upgrade history WS5100 config
92. std nacl service show 15 1 10 Standard ACL Instance 15 9 WS5100 config std nacl service start shell Last password used password with MAC 00 a0 f8 65 ea 8e Password WS5100 config std nacl WS5100 config std nacl service tethereal LINE tethereal options in the format V print detailed packet x hex dump of packet p no promiscuous mode for interface n disable name resolution c lt count gt h detailed help J E to capture ESPD e capture nonEspd packets f lt capture filter expression in format xx xx xx gt i lt interface on which to capture packets gt W wisp packet only s lt snaplen gt r lt filename gt read contents of specified file w lt savefile gt save capture in specified file X for examples on tethereal capture filter WS5100 config std nacl show Standard ACL Config Commands Displays current system information running on the switch Syntax show lt paramater gt Parameters Displays all the parameters for which the information can be viewed using the show command 15 10 WS5100 Series Switch CLI Reference Guide Example WS5100 config std nacl show access list Internet Protocol IP alarm log Display all alarms currently in the system autoinstall autoinstall configuration banner Display Message of the Day Login banner boot Display boot confi
93. supports the association of only 8 DHCP classes with a pool WS5100 config dhcp class WS5100DHCPclass WS5100 config dhcp class 5 The switch moves to a new mode config dhcp class Use this mode to add an address range used for the DHCP class associated with the pool WS5100 config dhcp class address range 11 22 33 44 Example WS5100 config dhcp class WS5100DHCPclass config dhcp class Use config dhcp class to enter the config dhcp class instance Use this instance to set an address range for a DHCP user class within a DHCP server address pool Table 17 2 summarizes config dhcp class commands Table 17 2 DHCP Server Class Command Summary Command Description Sets an address range for a DHCP class in a DHCP server address pool address 17 6 WS5100 Series Switch CLI Reference Guide Table 17 2 DHCP Server Class Command Summary Command Description clrscr Clears the display screen end Ends the current mode and moves to the EXEC mode exit Ends the current mode and moves to the previous mode help Displays the interactive help system in HTML format no Negates a command or sets its defaults service Assists in troubleshooting or debugging issues show Displays running system information address gt config dhcp class Sets an address range for a DHCP class within a DHCP server address pool Syntax address range low IP Address high IP Address Parameters
94. th Thursday tu Tuesday we Wednesday weekdays Allows access only during weekdays M F time Sets the access policy time for this group start Sets the start time end Defines the end time must be greater than the start time lt 0 23 gt Sets the hourly hh access limit 19 12 19 1 7 9 WS5100 Series Switch CLI Reference Guide lt 0 59 gt Sets the minute mm access limit vlan Sets the VLAN ID for this group lt 1 4094 gt Defines the VLAN range wlan Sets the WLAN access policy for this group lt 1 32 gt Sets the WLAN index Example WS5100 config radsrv group policy day weekdays WS5100 config radsrv group WS5100 config radsrv group policy time start 12 12 end 22 22 WS5100 config radsrv group WS5100 config radsrv group policy vlan 20 WS5100 config radsrv group WS5100 config radsrv group policy wlan 20 21 22 23 WS5100 config radsrv group rad user Radius Configuration Commands Adds an exisitng RADIUS user to this group If the RADIUS user is not available in the Onboard RADIUS server s database create a new RADIUS user using the rad user command from within the config radsrv mode For more information see rad user on page 19 22 Syntax rad user Parameters WORD Existing RADIUS user name Example WS5100 config radsrv rad user userl password userl WS5100 config radsrv group groupl WS5100 config radsrv group rad user userl WS5100 confi
95. the command history default is 200 e reboot history lt 10 300 gt Sets the size of the reboot history default is 50 e upgrade history lt 10 300 gt Sets the size of upgrade history default is 50 show Shows running system information e cli Shows the CLI tree of the current mode terminal length System wide terminal length configuration e lt 0 512 gt Number of lines of VTY 0 means no line control watchdog Enables the watchdog Example WS5100 service diag enable led limit period Enable in service diagnostics ED control diagnostic limit command Set diagnostics period WS5100 service diag enable ws5100 service 1 2 1 upper 2 lower WS5100 service amber amber blue blue red red WS5100 service flashing off on E E WS5100 service WS5100 service WS5100 service WS5100 service WS5100 service WS5100 service buffer fan filesys load maxFDs pkbuffers procRAM ram routecache temperatur diag led ED ED diag led diag led D off Don led led led led led diag diag diag diag diag diag limit Common Commands 2 21 2 1 1 amber ED Flashing amber flashing amber flashing blue on red off amber flashing Neer 2 buffer usage warning limit Fan speed limit fil agregate system fr space limit processor load maximum number of file descriptors IP route packet buffer head cache perc
96. the standard IP access list lt 1300 1999 gt Standard IP access list expanded range authenticate Authenticates time sources authentication key Defines the authentication key for trusted time sources md5 Sets MD5 authentication WORD Authentication key autokey Enables the NTP autokey authentication scheme client only The switch is a client to other trusted hosts in the autokey group Global Configuration Commands 5 39 host Configures the switch as a trusted host broadcast Configures the NTP broadcast service client Listens to NTP broadcasts destination Configures broadcast destination address WORD Define the destination broadcast IP address key Sets the broadcast key lt 1 65534 gt Defines the Key ID version Sets the NTP version lt 1 4 gt Sets the NTP Version number broadcastdelay Defines the estimated round trip delay lt 1 999999 gt Sets the round trip delay in microseconds master Acts as a NTP master clock lt 1 15 gt Sets teh stratum number for the NTP master clock peer Configures the NTP peer server Configures the NTP server lt Peer IP gt Sets the IP address of the peer only autokey Configures an autokey peer authentication scheme key Configures the peer authentication key lt 1 65534 gt Sets the peer key number prefer Prefer this peer when possible version Configures the NTP version lt 1 4 gt
97. upgrade history Shows an upgrade history watchdog Show the watchdog status wireless Wireless parameters display 2 18 WS5100 Series Switch CLI Reference Guide show securitymgr Service Security Manager parameters e flows Sessions established e details source Shows detailed flow statistics or source IP address e A B C Dlany Flows where source address is A B C D or flows with any source address e destination Destination IP address e A B C Dlany Flows where the destination address is A B C D or flows with any destination address e protocol Protocol type e any icmp tcp udp Flows having any or icmp or tcp or udp protocol start shell Provides shell access test Provides test parameters watchdog Enables the switch watchdog wireless Wireless parameters ap history Access port history buffer counters Allocation counts for various buffers clear ap log Clears the AP logs dump core Creates a core file of the ccsrvr process enhanced beacon table Enhanced beacon table for AP locationing enhanced probe table Enhanced probe table for MU locationing idle radio send multicast Forwards multicast packets to radios without associated MUs Common Commands 2 19 legacy load balance Invokes legacy load balance algorithms with the switch radio misc cfg Radio specific configuration U16 for all radios rate s
98. wireless debugging messages certmgr Certificate manager debugging messages dhcpsvr DHCP Conf Server debugging messages imi Integrated management interface debugging messages ip Internet protocol debugging messages logging Modify message logging facilities debugging messages mgmt Management daemon debugging messages mobility L3 mobility debugging messages mstp Multiple Spanning Tree Protocol MSTP debugging message nsm Network Service Module NSM debugging messages pktdrvr Pktdrvr kernel wireless debugging messages radius RADIUS server debugging messages redundancy Redundancy protocol debugging messages securitymgr Security manager debugging messages sole Location engine debugging messages Example WS5100 debug all fore ccstats certmgr dhcpsvr imi Enable all debugging Cellcontroller wireless debugging messages Cellcontroller wireless debugging messages Certificate Manager Debugging Messages DHCP Conf Server Debugging Messages Integrated Management Interfac 4 14 WS5100 Series Switch CLI Reference Guide 4 1 11 ip Internet Protocol IP logging Modify message logging facilities mgmt Mgmt daemon mobility L3 Mobility mstp Multiple Spanning Tree Protocol MSTP nsm Network Service Module NSM pktdrvr Pktdrvr kernel wireless debugging messages radius RADIUS server debugging messages redundancy Redundancy Protocol debugging messages securitymgr Security Manager Debugging Messages sole Locati
99. with the accompanying documentation Licensee may download install and use the Software only on a single computer Licensee may make one copy of the Software excluding any documentation for backup purposes provided that copyright and other restricted rights notices of Licensor and its suppliers are reproduced exactly 2 LICENSE RESTRICTIONS Except as expressly permitted by this Agreement Licensee shall not nor permit anyone else to directly or indirectly i copy except for one backup copy modify distribute or create derivative works based upon the Software ii reverse engineer disassemble decompile or otherwise attempt to discover the source code or structure sequence and organization of the Software or iii rent lease or use the Software for timesharing or service bureau purposes or otherwise use the Software for any commercial purpose on behalf of any third party Licensee shall maintain and not remove or obscure any proprietary notices on the Software and shall reproduce such notices exactly on all permitted copies of the Software All title ownership rights and intellectual property rights in and to the Software and any copies or portions thereof shall remain in Licensor and its suppliers or licensors Licensee understands that Licensor may modify or discontinue offering the Software at any time The Software is protected by the copyright laws of the United States and international copyright treaties The Software is licens
100. with this community string e rw Read write access with this community string contact Text for mib object sysContact e LINE Sets the contact person for this managed node enable traps Enables SNMP traps e all Enables all traps e dhcp server Enables dhcp server traps diagnostics Enables diagnostics traps miscellaneous Enables miscellaneous traps mobility Enables mobility traps nsm Enables nsm traps radius server Enables radius server traps redundancy Enables redundancy traps snmp Enables SNMP traps wireless Enables wireless traps wireless statistics Modifies wireless stats rate traps enable traps dhcp server Enables dhcp server traps e dhcpServerDown DHCP Server down e dhcpServerUp DHCP Server up 5 48 WS5100 Series Switch CLI Reference Guide enable traps diagnostics Enables diagnostics traps cpuLoad15Min Average CPU load for last 15 minutes exceeds limit cpuLoad1Min cpuLoad5Min fanSpeedLow fileDescriptors ipRouteCache packetBuffers processMemoryUsage ramFree tempHigh tempOver usedKernelBuffer enable traps miscellaneous Enables miscellaneous traps caCertExpired CA certificate has expired lowFsSpace Available file system space is lower than the limit processMaxRestartsReached Process has reached max restart savedConfigModified Saved configuration has been modif
101. 0 config dhcpclass exit WS5100 config help DHCP Server Class Config Commands Displays the system s interactive help system in HTML format Syntax help Parameters None Example WS5100 config dhcpclass help CLI provides advanced help feature When you need help anytime at the command line please press If nothing matches the help list will be empty and you must backup until entering a shows the available options Two styles of help are provided 1 Full help is available when you are ready to enter a command argument e g show and describes each possible argument 2 Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input e g show ve WS5100 config dhcpclass 18 4 WS5100 Series Switch CLI Reference Guide 18 1 5 18 1 6 multiple user class DHCP Server Class Config Commands Enables the multiple user class option Once invoked the client MU sends multiple user classes Syntax help Parameters None Example WS5100 config dhcpclass multiple user class WS5100 config dhcpclass no DHCP Server Class Config Commands Negates a command or sets its defaults Syntax no multiple user class option Parameters multiple user class Disables the multiple user class option option Modifies the parameters of existing DHCP Server options Example WS5100 config dhcpclass no multiple user cl
102. 0 Series Switch CLI Reference Guide Table 12 1 Interface Config Command Summary Continued Command Description Ret management Sets the selected interface as management interface page 12 9 no Negates a command or sets its defaults page 12 9 port channel Configures the load balancing criteria of an aggregated page 12 10 port service Invokes service commands to troubleshoot or debug page 12 11 the config if instance configurations show Displays running system information page 12 12 shutdown Shuts down a selected interface page 12 15 spanning tree Disables the selected interface The interface is page 12 15 administratively enabled unless explicitly disabled using this command speed Specifies the speed of a fast ethernet 10 100 or a page 12 17 gigabit ethernet port 10 100 1000 static Configures static channel commands page 12 18 channel group switchport Sets switching mode characteristics page 12 19 12 1 1 clrser Interface Config Commands Clears the display screen Syntax clrscr Parameters None 12 1 2 12 1 3 interface Instance 12 3 Example WS5100 config if clrscr WS5100 config if crypto Interface Config Commands Syntax crypto map WORD Parameters map lt tag gt Assigns a Crypto Map e lt tag gt Crypto Map tag Usage Guidelines At any given instance you can add one crypto mapset to a single interface The switch does not allo
103. 0 switch command line interface 4 Chapter 13 spanning tree mst Instance Summarizes the config mst instance commands within the WS5100 switch command line interface Chapter 14 Extended ACL Instance Chapter 15 Standard ACL Instance Summarizes the con ig ext nael commands within the WS5100 switch command line Summarizes the config std nael commands within the WS5100 switch command line Chapter 16 Extended MAC ACL Instance Summarizes the config ext mac1 commands within the WS5100 switch command line Chapter 17 DHCP Server Instance Summarizes the config dhep pool commands within the WS5100 switch command line Chapter 18 DHCP Class Instance Summarizes the config dhep class instance commands within the WS5100 switch command line interface Chapter 19 Radius Server Instance Summarizes the config radsrv instance commands within the WS5100 switch command line interface Chapter 20 Wireless Instance Summarizes the config wireless instance commands within the WS5100 switch command line interface Chapter 21 SOLE Instance Summarizes the config sole instance commands within the WS5100 switch command line interface Conventions Used in this Guide This section describes the following topics e Annotated Symbols e Notational Conventions x WS5100 Series Switch CLI Reference Gui
104. 1 0 0 008D version 1 0 service prompt crash info username admin password 1 8e67bb26b358e2ed20fe552ed6fb832f397a507d username admin privilege superuser username operator password 1 fe96dd39756ac41b74283a9292652d366d73931f spanning tree mst config name My Name country code us logging buffered 4 logging console 4 snmp server sysname WS5100 snmp server manager v2 snmp server manager v3 snmp server user snmptrap v3 encrypted auth md5 Ox7be2cb56 6060226 15974c936e2739b snmp server user snmpmanager v3 encrypted auth md5 Ox7be2cb56 6060226 15974c936e2739b snmp server user snmpoperator v3 encrypted auth md5 0x49c451c7c6893ffcede0491bbd0a12c4 crypto isakmp keepalive 10 crypto ipsec security association lifetime kilobytes 4608000 fallback enable ip http server ip http secure trustpoint default trustpoint ip http secure server ip ssh ip telnet no service pm sys restart l wireless wlan 1 enable wlan 1 ssid sardarjee radio add 1 00 A0 F8 BF 8A 4B 11bg ap300 radio add 2 00 A0 F8 BF 8A 4B lla ap300 enhanced beacon table enable enhanced beacon table channel set a 36 44 149 enhanced beacon table channel set bg 12 45 2 78 WS5100 Series Switch CLI Reference Guide l radius server local l interface eth1 switchport access vlan 2100 l interface eth2 switchport access vlan 1 1 interface vlanl p address 192 168 2 1 24 H sole l aaa authentication login default local none line con
105. 16 1 6 WS5100 Series Switch CLI Reference Guide Example WS5100 config ext macl help CLI provides advanced help feature When you need help anytime at the command line please press If nothing matches the help list will be empty and you must backup until entering a shows the available options Two styles of help are provided 1 Full help is available when you are ready to enter a command argument e g show and describes each possible argument 2 Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input e g show ve WS5100 config ext macl mark MAC Extended ACL Config Commands Specifies the packet to mark NOTE Use a decimal value representation of ethertypes to implement permit deny mark designations for a packet An Extended MAC ACL provides the hexadecimal values for each listed ethertype The switch supports all ethertypes Use the decimal equvilant of the ethertype listed in the CLI or any other type of ethertype Syntax mark dotlp lt 0 7 gt tos lt 0 255 gt any host source MAC address source MAC source MAC address mask any host destination MAC address destination MAC destination MAC address mask vlan vlan id dotlp dotlp value type valueliplipv6larplvlan wisp 0 65535 log rule precedence access list entry precedence Parameters 8021p lt 0 7 gt Modifies the 802 1p VLAN user priority
106. 2 key1 key2 Selective keyword in infinite recursive multiple tokens but you can pick one that s only allowed once key1 key1 key2 Motorola Service Information Use the Motorola Support Center as the primary contact for any technical problem question or support issue involving Motorola products Motorola Support Center responds to calls by email telephone or fax within the time limits set forth in individual contractual agreements Telephone North America 1 800 653 5350 Telephone International 1 631 738 6213 Fax 631 738 5410 Email emb support motorola com When contacting Motorola Support Center please provide the following information e Serial number of the unit e Model number or product name e Software type and version number xii WS5100 Series Switch CLI Reference Guide Customer Support Website Comprehensive on line support is available at the MySymbolCare Web site at http Avww symbol com support Registration is free and a variety of services can be linked through this Web portal Product Sales and Product Information North America International Motorola Inc Motorola Inc One Symbol Plaza Symbol Place Holtsville New York 11742 1300 Winnersh Triangle Berkshire RG41 5TP United Kingdom Tel 1 631 738 2400 or 1 00 7220 Tel 0800 328 2424 Inside UK Fax 1 631 738 5990 44 118 945 7529 Outside UK General Information For general inform
107. 20 40 WS5700 Series Switch CLI Reference Guide Example WS5100 config wireless self heal interference avoidance enable WS5100 config wireless WS5100 config wireless self heal interference avoidance hold time 600 WS5100 config wireless WS5100 config wireless self heal neighbor recovery enabl Note reducing the configured transmit power of radios will ensure that there is room to increase power when a neighbor fails WS5100 config wireless WS5100 config wireless self heal neighbor recovery neighbors 1 1 WS5100 config wireless 20 1 33 sensor gt Wireless Configuration Commands Configures Wireless Intrusion Protection System WIPS parameters Syntax sensor lt 1 48 gt default config ping interval lt 2 60 gt vlan sensor lt 1 48 gt default config request config revert to ap sensor default config ip mode wips server ip sensor default config ip mode dhcp static A B C D M A B C D sensor default config wips server ip primary secondary A B C D Parameters lt 1 48 gt defaultconfig Select a sensor to reset revert the AP to its original state requestconfig Use the show wireless sensor command to view the revert to ap sensor index e default config Restores the internal configuration of the sensor to default values This sends the configuration to the sensor e request config Polls the sensor for its latest configuration e revert to ap Re
108. 308 admin 00 35 18 0 WS5100 gt version Common to all modes Syntax show version verbose Parameters verbose Displays software and hardware version information Example WS5100 gt show version WS5100 version 3 0 2 0 003B Copyright c 2006 Symbol Technologies Inc Booted from primary Switch uptime is 0 days 6 hours 10 minutes CPU is Intel R Pentium R 4 CPU 2 00GHz 256208 kB of on board RAM ide device hda disk model Kouwell DOM capacity 501760 blocks cache 0 WS5100 gt WS5100 gt show version verbose WS5100 version 3 0 2 0 003B Copyright c 2006 Symbol Technologies Inc Booted from primary Common Commands 2 61 Switch uptime is 0 days 6 hours 10 minutes CPU is Intel R Pentium R 4 CPU 2 00GHz PCI bus 3 device 8 function 1 Ethernet controller Intel Corporation 82546EB Gigabit Ethernet Controller Copper PCI bus 3 device 8 function 0 Ethernet controller Intel Corporation 82546EB Gigabit Ethernet Controller Copper PCI bus 1 device 3 function 0 PTG VIA Technologies Inc VPX VPX2 I O APIC Interrupt Controller PCI bus 0 device 17 function 0 ISA bridge VIA Technologies Inc VT8237 ISA bridge KT600 K8T800 K8T890 South PCI bus 0 device 15 function 0 IDE interface VIA Technologies Inc VT82C586A B VT82C686 A B VT823x A C PIPC Bus Master ID 256208 kB of on board RAM ide device hda disk model Kouwell DOM capacity 501760 bloc 0 WS5100 gt ks cache
109. 67 gt Configures the maximum number of file descriptors Set between 0 to 32767 pkbuffers lt 0 65535 gt Configures the packet buffer head cache limit Set between 0 and 65535 procRAM Defines the RAM space used by a process Set he percentage of RAM space used by the processor between 0 0 and 100 0 percent ram Configures free space for the RAM Configures the free space to anything between 0 0 to 100 0 percent routecache lt 0 65535 gt Configures IP route cache usage Set with a value between 0 and 65553 tempreature lt 1 8 gt Sets the temperature sensor for the switch Set as many as 8 temperature sensors e period lt 100 30000 gt Configures the diagnostics period Seta value between 100 30000 milliseconds The default value is 1000 milliseconds 2 8 WS5100 Series Switch CLI Reference Guide encrypt Encrypts a password or key with a secret passphrase e secret Encrypts passwords keys with a secret phrase e 2 Type of encryption SHA256 AES256 e PASSPHRASE Defines the passphrase used for encryption e ENCRYPT_KEY Defines the plain text password or key to encrypt save cli Saves the CLI tree for all modes inHTML Common Commands 2 9 show Displays running system information e cli Shows the CLI tree of the current mode e command history Displays the command except show commands history e crash info Displays information about core panic and
110. 8 exit Ends the current mode and moves to the previous page 2 2 mode halt Halts the switch page 4 19 help Displays a description of the interactive help system page 2 2 kill Kills terminates a specified session page 4 19 logout Exits the EXEC mode page 4 20 Privileged Exec Commands 4 3 Table 4 1 Priv Exec Mode Command Summary Command Description Ret mkdir Creates a directory page 4 21 more Displays the contents of a file page 4 21 no Negates a command or sets its defaults page 2 4 page Toggles the paging function page 4 23 ping Sends ICMP echo messages to a specified location page 4 23 pwd Displays the current directory page 4 24 quit Exits the current mode and moves to the previous page 4 24 mode reload Halts the switch and performs a warm reboot page 4 24 rename Renames a file page 4 25 rmdir Deletes a directory page 4 26 service Displays service commands page 2 5 show Shows running system information Refer to page 2 23 Common Commands on page 2 23 telnet Opens a telnet session page 4 26 terminal Sets terminal line parameters page 4 27 traceroute Traces a route to a destination page 4 28 upgrade Upgrades the switch software image page 4 28 upgradeabort Aborts an ongoing upgrade operation page 4 30 write Writes the running configuration to memory or a page 4 30 terminal 4 4 WS5100 Series Switch CLI Reference Guide 4 1 1 4 1 2 acknowledge Priv E
111. 8 bed red avaesgusdeuweneds 2 42 NA hate gidaedachls oad eeddenecauaks 2 43 A Ms ose Lon onda een AN a 2 43 22 1G Mie eee P ee tee ee ems Cette errors Terre tear ee ewer A O bueees 2 47 o AA MP ere dnc EE vege ese uueens eer aed 2 47 BWM US isc hie sk du wd vot Se A I ARETE PEET deh 2 48 EEE OLE e OEE ET E A E E A EEEE EE RE hed RE RES 2 49 2 al TESEO a AAA 2 51 2 2 22 redundancy members ooo 2 52 So SUN eli dee dd 2 52 ZW SUM E 3 022 063 0522 e es eee ane anseegde qa 2 53 12d urraca rra rr arista EE 2 55 222b spanni MEE A A A da ses 2 57 Aa eed eehadiuddusarpedeaudes 2 58 2 2 28 terminal ps da add 2 2 29 timezone pda A A A E 2 60 A dniok hinder edu ae eaer ae 2 60 E PMU ENE ek dpe aye Ru pet teens Sob los ere ists A EET is 2 62 A sk od oe y catia pn twat oehok nowt ane EE TEENS ANA 2 70 Pe A 2 71 Be OO a Ss wc eds E A OAEIAE A AAN EEEE LET EI E AEAEE A E T bas 2 72 NEE A E E E N EE T NENIE TIT 2 72 ee E A A AE E EE EEA O EEE TAA 2 73 a AAA 2 13 A O poe E ke dacs 2 74 PA A A e ETS TETE F 2 74 2 FING S NIDE E A A E AE 2 75 Contents TOC 3 Pe A E O E besa 2 75 o E e E EE Carer hard oh bee de eae EEE E TST 2 16 ZALES MUNG CONE errada edi 2 16 E A 2 80 A AS aes 2 80 e A IN 2 80 2 apode corales 2 82 Chapter 3 User Exec Commands 3 1 User Exec COmM NdS cscs rra 3 1 O errie bree Phased EE disse ewe eee 3 2 Le SP xe char aa 3 4 CCC AAA 3 4 DAG MAUI danton hue IITE ENI EIE A 3 6 eA HEINE fie one ange
112. 99 gt tp access group query only lt 1 99 gt lt 1300 1999 gt tp access group serve lt 1 99 gt lt 1300 1999 gt tp access group serve only lt 1 99 gt lt 1300 1999 gt pepaas authenticate ho ct Jo ntp authentication key md5 WORD autokey client only host 5 ct JO tp broadcast client destination tp broadcast destination WORD key version tp broadcast destination WORD key lt 1 65534 gt tp broadcast destination WORD version lt 1 4 gt Dopp broadcastdelay lt 1 999999 gt 5 ct O 5 38 ntp master lt 1 15 gt ntp peer WORD WS5100 Series Switch CLI Reference Guide ntp peer WORD autokey key prefer version ntp peer WORD autokey prefer version lt 1 4 gt ntp peer WORD key lt 1 65534 gt prefer version lt 1 4 gt ntp peer WORD prefer ntp peer TestP ntp server WORD version lt 1 4 gt r version lt 1 4 gt ntp server WORD autokey key prefer version ntp server WORD autokey prefer version lt 1 4 gt ntp server WORD key lt 1 65534 gt prefer version lt 1 4 gt ntp server WORD prefer ntp server TestP version lt 1 4 gt r version lt 1 4 gt ntp trusted key lt 1 65534 gt Parameters access group Controls NTP access peer Provides full access query only Allows only control queries serve Provides server and query access serve only Provides only server access lt 1 99 gt Defines
113. A A O A ETE TE 5 9 A o 15 11 Chapter 16 Extended MAC ACL Instance 16 1 MAC Extended ACL Config COMMANdS oooooooocococooo corro 16 1 A A RS 16 2 IAS Aa 16 2 A sei eac aes 16 5 A er cena T 16 5 VEGAS WEIS ETENE TAE EE A E EES A IEIET 16 5 EE E A E T AAEE EET ENT A EETA T EE EERS E T YA T 6 6 WAR EENE ETA EE E A N A EEES E OOE 6 8 EAE LE EEEE E O AE EEN E E AELE E EAEE E 16 9 a oor ndeape emi eerta e eE 16 11 LINUR o PENEN AEE A AE A E T ES 16 13 TE AAT TONNE TE F EELEE EN EIE POOLSET ORTE PIN PIETET EEY 16 14 Chapter 17 DHCP Server Instance 17 1 DHGP Gong COMMA cooporrrior tardar ta Res 17 1 O A T 17 3 AZ DOM ari eri 17 3 E E 17 4 ARA Es o A ae trea TEE TE sed 17 5 a o A A A E TA 17 7 AA SESETAN ET EIE NORET E N PTN 17 7 PA EEEE NEES TE A N EE T S ENE N ted T ETS E EN 17 8 TOC 10 WS5100 Series Switch CLI Reference Guide A A E re 17 8 AE E AA deed EET de ear kes TEEN TIS 17 9 A AS SOE MA aebuinddedaydcoabunbamiee ieee a aa kaei 17 10 SURG eal ae See er a eee eee ee eer ae new ers ater A 17 10 E E E ES T 17 11 A A A 17 11 LAS DMA Ware ed MESS Lesprto lead 17 11 A o Ge mians mis ais as wee ee RR ai are een Oe 17 12 VAS A 17 13 17 1 16 lease 17 13 AAAS NEMS AAA Sutehoeeneeddouddauss 17 15 T7118 nebo Nod D 4 04 5 ecg eek cari edad 17 15 A IK EEE EEA EE rs 17 16 PUR ee es ee ee ee eee eee cree ene eee ree eee eee Terre ee 17 16 A AAA 17 17 RA A E 17 17 E e EEEIEE EAA EE E A A ET E
114. ACEs in the ACL It is allowed denied based on the ACL configuration NOTE The log option is functional only for router ACL s The log option results in an informational logging message for the packet matching the entry sent to the console Example The example below denies all traffic entering the interface a log message is generated whenever the interface receives a packet WS5100 config std nacl deny any log rule precedence 50 WS5100 config std nacl The example below denies traffic from the source network xxx xxx 1 0 24 and allows all other traffic to flow through the interface WS5100 config std nacl deny xxx xxx 1 0 24 rule precedence 60 WS5100 config std nacl permit any end gt Standard ACL Config Commands Ends and exits from the current mode and moves to the PRIV EXEC mode The prompt changes to ws51004 Syntax end Parameters None Example WS5100 config std nacl end WS5100 15 4 WS5100 Series Switch CLI Reference Guide 15 1 4 exit Standard ACL Config Commands 15 1 5 Ends the current mode and moves to previous mode GLOBAL CONFIG The prompt changes to wS5100 config Syntax exit Parameters None Example WS5100 config std nacl exit WS5100 config help Standard ACL Config Commands Displays the system s interactive help in HTML format Syntax help Parameters None Example WS5100 config std nacl help CLI provides adv
115. ACL Instance 15 11 15 1 11 terminal Standard ACL Config Commands Sets the number of lines displayed on the terminal window Syntax terminal monitor no terminal no monitor Parameters monitor Copies debug output to the current terminal line no Negates a command or set its defaults monitor Copies debug output to the current terminal line Usage Guidelines By default log messages are generally not displayed over a Telnet session Use the terminal monitor command to view the log messages over a Telnet session Example WS5100 config std nacl terminal monitor WS5100 config std nacl WS5100 config std nacl terminal no monitor WS5100 config std nacl 15 12 WS5100 Series Switch CLI Reference Guide Extended MAC ACL Instance Use the config ext macl instance to configure mac access list extended ACLs 16 1 MAC Extended ACL Config Commands summarizes config ext macl commands Table 16 1 MAC Extended ACL Config Command Summary Command Description Ret Clears the display screen Specifies packets to reject Ends the current mode and moves to the EXEC mode Ends the current mode and moves to the previous mode help Displays the interactive help system mark Specifies packets to mark no Negates a command or sets its defaults Specifies packets to forward Invokes the service commands to troubleshoot or debug the config if instance configurations Shows running
116. ACL entry Log messages are generated only for router ACL s rule precedence access list entry precedence Define an integer value between 1 5000 This value sets the rule precedence in the ACL Global Configuration Commands 5 9 access list lt 100 199 gt lt 2000 2699 gt deny permit mark dot1p lt 0 7 gt tos lt 0 255 gt icmp source source mask host source any destination destination mask host destination any icmp type icmp type icmp code log rule precedence access list entry precedence Adds an Extended IP access list entry using an iemp keyword e lt 100 199 gt lt 2000 2699 gt For ICMP extended ACLs the ACL must be between 2000 2699 e deny permit mark dot1p lt 0 7 gt tos lt 0 255 gt Defines the action on an ACL The action type mark is functional only over a Port ACL e icmp Specifies ICMP as the protocol e source source mask host source any Source is the source address of the network or host in dotted decimal Source mask is the network mask For example 10 1 1 10 24 indicates the first 24 bits of the source IP are used for matching e The keyword any is an abbreviation for source an IP of 0 0 0 0 and source mask bits equal to 0 e The keyword host is an abbreviation for exact source A B C D and source mask bits equal to 32 e destination destination mask host destination any Sets the destination host I
117. CL without WLAN index selector During this process a warning is raised to the user as mentioned in the example below WS5100 config access list 14 permit any wlan 19 log Warning Acl rules with Wlan Index is deprecated Wlan index configured for the rule will be ignored Please use wlan acl CLI to apply ACLs on WLAN Example The example below applies an ACL to WLAN index 200 in inbound direction from the global config mode WS5100 config wlan acl 2 150 in WS5100 config NOTE A MAC access list entry to allow arp is mandatory to apply an IP based ACL to an interface MAC ACL always takes precedence over IP based ACLs 5 66 WS5100 Series Switch CLI Reference Guide The example below applies an ACL to WLAN index 200 in outbound direction from the global config mode WS5100 config wlan acl 2 150 out WS5100 config crypto isakmp Use the crypto isakmp policy priority to initiate the config crypto isakmp instance 6 1 Crypto ISAKMP Config Commands summarizes crypto isakmp Commands Command Table 6 1 Crypto ISAKMP Command Summary Description Sets the authentication scheme Ref Clears the display screen Sets the encryption algorithm Ends the current mode and moves to the EXEC mode Ends the current mode and moves to the previous mode Sets the Diffie Hellman group Sets the hash algorithm Provides a desription of the interactive help system S
118. DAMAGES FOR LOSS OF PROFITS OR CONFIDENTIAL OR OTHER INFORMATION FOR BUSINESS INTERRUPTION FOR PERSONAL INJURY FOR LOSS OF PRIVACY FOR FAILURE TO MEET ANY DUTY INCLUDING OF GOOD FAITH OR OF REASONABLE CARE FOR NEGLIGENCE AND FOR ANY OTHER PECUNIARY OR OTHER LOSS WHATSOEVER ARISING OUT OF OR IN ANY WAY RELATED TO THE USE OF OR INABILITY TO USE THE SOFTWARE THE PROVISION OF OR FAILURE TO PROVIDE SUPPORT SERVICES OR OTHERWISE UNDER OR IN CONNECTION WITH ANY PROVISION OF THIS AGREEMENT EVEN IN THE EVENT OF THE FAULT TORT INCLUDING NEGLIGENCE STRICT LIABILITY BREACH OF CONTRACT OR BREACH OF WARRANTY OF LICENSOR OR ANY SUPPLIER AND EVEN IF LICENSOR OR ANY SUPPLIER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES LIMITATION OF LIABILITY AND REMEDIES Notwithstanding any damages that Licensee might incur for any reason whatsoever including without limitation all damages referenced above and all direct or general damages the entire liability of Licensor and any of its suppliers under any provision of this Agreement and Licensee s exclusive remedy for all of the foregoing shall be limited to the greater of the amount actually paid by Licensee for the Software or U S 5 00 The foregoing limitations exclusions and disclaimers shall apply to the maximum extent permitted by applicable law even if any remedy fails its essential purpose XV WS5100 Series Switch CLI Reference Guide INDEMNITY Licensee agrees that Licensor shall have no l
119. Define a destination mask specifying the bits to match The destination wildcard can be any one of the following O XX XXIXXIXXIXXIXX xx 3xx xx xx xx xx Destination MAC address and mask e any Any destination host e host Exact destination MAC address to match dot1p lt 0 7 gt Determine a 802 1p priority value to match rule precedence lt 1 5000 gt Define an access list entry precedence type lt 7 65535 gt arp ip ipv6 vian wisp Set an ethertype value represented as an integer Use keywords for well known ethertypes IP IPv6 ARP etc vlan lt 1 4095 gt Set a VLAN tag ID to match Usage Guidelines The deny command disallows traffic based on layer 2 data link layer data The MAC access list denies traffic from a particular source MAC address or any MAC address It can also disallow traffic from a list of MAC addresses based on the source mask The MAC access list can disallow traffic based on the VLAN and ethertype 16 4 WS5100 Series Switch CLI Reference Guide The most common ethertypes are e arp e wisp e ip 802 1q By default the switch does not allow layer 2 traffic to pass through the interface To adopt an access port through an interface configure an access control list to allow an ethernet wisp NOTE A MAC access list entry to allow arp is mandatory to apply an IP based ACL to an interface MAC ACL always takes precedence over IP based ACL The last ACE i
120. E in the access list is an implicit deny statement Whenever the interface receives the packet its content is checked against the ACEs in the ACL It is allowed denied based on the ACL configuration e Filtering TCP UDP allows the user to specify port numbers as filtering criteria e Select the ICMP as the protocol to allow deny ICMP packets Selecting icmp provides the option of filtering icmp packets based on icmp type and code NOTE The log option is functional only for router ACL s The log option displays an informational logging message about the packet that matches the entry sent to the console Example The following example denies traffic between two subnets WS5100 config ext nacl deny ip 192 168 2 0 24 192 168 1 0 24 WS5100 config ext nacl permit ip any any WS5100 config ext nacl The following example denies TCP traffic with a source port range between 20 23 from the source subnet to destination subnet WS5100 config ext nacl deny tcp 192 168 1 0 24 192 168 2 0 24 range 20 23 WS5100 config ext nacl permit ip any any WS5100 config ext nacl The following example denies UDP traffic with a source port range between 20 23 from the source subnet to destination subnet WS5100 config ext nacl deny udp 192 168 1 0 24 192 168 2 0 24 range 20 23 WS5100 config ext nacl permit ip any any WS5100 config ext nacl 14 1 3 14 1 4 Extended ACL Instance 14 7 The following example de
121. EAEN ETE 17 18 FAE E EENAA eek end ep ee EO pee pee E Dee aR 17 20 TPT Wine 55 ie 5 cob yh A aie 17 22 17 2 Configuring the DHCP Server using Swich CU 0200 sc0 rara 17 23 17 2 1 Creating network pool 2 2 cece RIERA eens 17 23 1722 Uieating a Host Pil 2 ofs4 ce4udneededendeneetiabeatehedemeasetacses 17 24 17 2 3 Troubleshooting DHCP Configuration 0 ccc cece eee 17 24 12A Cleat A A 17 26 Chapter 18 DHCP Class Instance 18 1 DHCP Server Class Config Commands escenarios 18 1 O 18 2 TALA red EE 18 2 A A 18 3 A eae ee eed ened paeen ede ee ee ees 18 3 18 15 MIMI A AA Ved NEA 18 4 NESE Wii beet baer dbaker bien pigs Ry dira 18 4 A O A ENEA 18 5 A e AEE T E E EE ONE E oe eT re ee eee cree er ee ren 18 6 IBAN SOW 5 iicccusccseadientesecresnnies dokeseceaaacadeedeesededpensagedd 18 7 Contents TOC Chapter 19 Radius Server Instance 19 1 Radius Configuration Commands ss ssssssssssrisserss borisa d rr 19 1 TEA AUN iia wanda 19 2 Woh Ota ao ree seen haa O E etna tees 19 3 IT MONIC 5 ceca gets esha hese apd sh ta ti ed pie rre 19 4 PAER e 3 0505 had dig adage Shan EAEI A STET EET EEY 19 4 EE EEA ITE betas rene dante EIE ETES ATETEA TE EE ETES P 19 5 A A E EEEN I E A EENS AE ED EIE EA AA ET VE TEIE 195 Si eaea aa aae 19 6 A ETETETT EA SIWE A E EAE EE IETA TATT 19 7 Til EEE EAREN AATE EEEE AE ETTET 19 7 EEE EEES E EE E EE EEE E E TT 19 7 FTIA OUN aeaa E AEREN 9 8 LES QUESO DU e oc occcccedeot
122. Exec Command Halts the switch and performs a warm reboot Syntax reload Parameters None 4 1 28 Example WS5100 reload rename Priv Exec Command Renames a file in the existing filesystem Syntax rename FILE FILE Parameters Privileged Exec Commands 4 25 FILE Specifies the file to rename Example WS5100 rename flash TestDIR NewTestDir WS5100 DIR Directory of flash drwx 1024 Wed Jul 19 19 14 05 2006 drwx 120 Wed Aug 30 15 32 44 2006 drwx 1024 Thu Aug 31 23 50 09 2006 rw 14271 Tue Jul 25 15 16 41 2006 rw 14271 Wed Jul 26 15 42 08 2006 drwx 1024 Wed Aug 9 17 35 08 2006 rw 3426 Wed Jul 26 16 08 02 2006 rw 13163 Wed Jul 26 16 08 42 2006 rw 80898 Thu Aug 17 14 59 39 2006 rw 65015 Fri Aug 11 19 57 37 2006 cli_commands txtli_commands txt rw 65154 Thu Aug 17 15 11 23 2006 rw 32 Sat Sep 2 00 15 38 2006 drwx 1024 Sat Sep 2 00 31 24 2006 WS5100 hotspot log crashinfo Radius config flash radius running config new radius config cli_commands txt cli_commands 180B txt cli_commands save NewTestDir 4 26 4 1 29 4 1 30 WS5100 Series Switch CLI Reference Guide rmdir Priv Exec Command Deletes an existing file from the file system Syntax rmdir DIR Parameters DIR Name of the directory to delete Example WS5100 rmdir flash NewTestDir WS5100 DIR Directory of flash drwx 1024 Wed Jul 19 19 14 05 2006 hotsp
123. Guidelines To delete Standard Extended and MAC ACL use no access list lt access list name gt under the Global Config mode Example WS5100 config mac access list extended Testl WS5100 config ext mac1 NOTE By using the ip access list parameter enter the following E contexts e ext macl extended MAC ACL For more details see Extended MAC ACL Instance on page 16 1 mac address table Global Configuration Commands Configures the MAC address table Syntax mac address table aging time 0 lt 10 1000000 gt Parameters aging time The duration for which a learned mac address persists after 0 lt 10 1000000 gt the last update e 0 Disables aging e lt 10 1000000 gt Sets the aging time in seconds Example WS5100 config mac address table aging time 100 WS5100 config 5 1 23 5 1 24 Global Configuration Commands 5 37 management Global Configuration Commands Sets management interface properties Syntax management secure Parameters secure Limits local access Web Telnet etc to the management interface Example WS5100 config management secure WS5100 config ntp Global Configuration Commands Configure NTP values Syntax ntp access group authenticate authentication key autokey broadcast broadcastdelay master peer server trusted key tp access group peer query only serve serve only tp access group peer lt 1 99 gt lt 1300 19
124. I Reference Guide 21 1 8 show SOLE Config Commands Displays current system information Syntax show lt parameters gt show sole config adapter stats adapter status adapter engine Parameters 4 Displays the parameters for which information can be viewed using the show command Example WS5100 config sole show access list Internet Protocol IP aclstats Show ACL Statistics information alarm log Display all alarms currently in the system autoinstall autoinstall configuration banner Display Message of the Day Login banner boot Display boot configuration clock Display system clock commands Show command lists crypto encryption module debugging Debugging information outputs dhcp DHCP Server Configuration environment show environmental information file Display filesystem information ftp Display FTP Server configuration history Display the session command history interfaces Interface status ip Internet Protocol IP ldap LDAP server licenses Show any installed licenses logging Show logging configuration and buffer mac Internet Protocol IP management Display L3 Managment Interface nam mobility Display Mobility parameters ntp Network time protocol password encryption port channel privilege radius redundancy group password encryption Portchannel commands Show current privilege level RADIUS configuration commands Display redundancy group parameters redundancy history redunda
125. If a password has been configured you are prompted to enter it before you can access the PRIV EXEC mode The password is not displayed and is case sensitive If an enable password has not been set the PRIV EXEC mode can be accessed only from the router console terminal connected to the console port 4 1 Priv Exec Command summarizes the switch PRIV EXEC commands Table 4 1 Priv Exec Mode Command Summary Command Description Ret Acknowledges alarms Manages archive files 4 2 WS5100 Series Switch CLI Reference Guide Table 4 1 Priv Exec Mode Command Summary Command Description Ref cd Changes current directory page 4 6 change passwd Changes the password of the logged user page 4 6 clear Resets functions to last saved configuration page 4 7 clock Configures the software system clock page 4 10 clrscr Clears the displayed screen page 2 2 cluster cli Displays the cluster context page 4 10 configure Enters the configuration mode page 4 11 copy Copies content from one file to another page 4 11 debug Displays debugging functions page 4 12 delete Deletes a specified file from the system page 4 14 diff Displays differences between two files page 4 15 dir Lists the files on a filesystem page 4 16 disable Turns off privileged mode command page 4 17 edit Edits a text file page 4 17 enable Turns on the privileged mode command page 4 18 erase Erases a filesystem page 4 1
126. Is the default mode for both ports 12 20 WS5100 Series Switch CLI Reference Guide trunk Sets the trunking mode characteristics e allowed Configures trunk characteristics when the port is in trunk mode e vlan Sets allowed VLANs e add Adds VLANs to the current list e none Allows no VLANs to Xmit Rx through the Layer2 interface e remove Removes VLANs from the current lis e VLAN_ID VLAN_IDs added or removed Can be either a range of VLANs 55 60 or a list of comma separated VLAN IDs 35 41 etc e native Configures the native VLAN ID of the trunk mode port e tagged Tags the native VLAN e vlan lt 1 4094 gt Sets the native VLAN for classifying untagged traffic when interface is in trunking mode Usage Guidelines Interfaces ge1 ge4 can be configured as trunk or in access mode An interface when configured as trunk allows packets from the given list of VLANs to be added to the trunk An inerface configured as access allows packets only from native VLANs Use the no switchport access mode trunk to undo switchport configurations Example WS5100 config if switchport mode access WS5100 config if spanning tree mst Instance Use the config mst instance to configure the switch s Multi Spanning Tree Protocol MSTP configuration 13 1 mst Config Commands summarizes the config mst commands Command Table 13 1 MSTP Config Command Summary Description C
127. NE end end t exit exit t help help no Sset aggressive mode password no set aggressive mode password t quit quit s commands show commands WORD show commands WORD running config show running config full show running config full include factory show running config include factory service show cli service show cli set aggressive mode password WS5100 config crypto peer crypto peer 8 5 8 1 7 set 8 1 8 Crypto Peer Config Commands Configures the aggressive mode of crypto peer Syntax set aggressive mode password Parameters aggressive mode Defines aggressive mode attributes e password Specifies a tunnel password attribute Example WS5100 config crypto peer set aggressive mode password CheckMeIn WS5100 config crypto peer show Crypto Peer Config Commands Displays the current system information running on the switch Syntax show lt paramater gt Parameters Displays the parameters for which the information can be viewed using the show command Example WS5100 config crypto peer show access list Internet Protocol IP aclstats Show ACL Statistics information alarm log Display all alarms currently in the system autoinstall autoinstall configuration banner Display Message of the Day Login banner boot Display boot configuration clock Display system clock commands Show command l
128. P 00 A0 F8 BF 8A A2 adopted mac Common to all modes Syntax show mac access list Parameters access list Displays existing MAC access lists Example WS5100 config show mac access list WS5100 config mac address table Common to all modes Syntax show mac address table Parameters None Example WS5100 config show mac address table WS5100 config Common Commands 2 43 2 2 14 management Common to all modes Syntax show management Parameters None Example WS5100 gt show management Mgmt Interface vlanl Management access permitted via any vlan interface WS5100 gt 2 2 15 mobility Common to all modes Syntax show mobility event log forwarding global mobile unit peer statistics show mobility event log mobile unit peer show mobility forwarding AA BB CC DD EE FF show mobility mobile unit lt AA BB CC DD EE FF gt detail show mobility peer lt A B C D gt detail show mobility statistics lt AA BB CC DD EE FF gt 2 44 WS5100 Series Switch CLI Reference Guide Parameters event log Displays the mobility event logs e mobile unit MU event logs e peer Peer event logs forwarding Displays and defines Mobile units in the forwarding plane e AA BB CC DD EE FF MAC address of the mobile unit global Displays and defines global mobility parameters mobile unit Mobile units in the mobility database e AA BB CC
129. P Config Commands Sets a valid lease time for the IP address used by DHCP clients in the network pool Syntax lease lt 0 365 gt lt 0 23 gt lt 0 59 gt infinite 17 14 WS5100 Series Switch CLI Reference Guide Parameters lease Sets the lease time for an IP address ae lt 0 23 gt lt 0 59 gt e lt 0 365 gt Sets the lease period in days infini Days can be made as 0 only when hours and or mins are greater than 0 e lt 0 23 gt Sets the hours for the lease period Hours can be 0 only when days and or minutes are configured with a value greater than 0 e lt 0 59 gt Sets the minutes for the lease period Minutes can be 0 only when days and or hours are configured with a value greater than 0 e infinite Sets the lease period as infinite Usage Guidelines If lease parameter is not configured on the DHCP network pool the default value is used The default value of the lease is 24 hours The lease vlaue for DHCP host pool is infinite Example WS5100 config dhcp lease 20 12 30 WS5100 config dhcp 17 1 17 17 1 18 DHCP Server Instance 17 15 netbios name server DHCP Config Commands Sets the netbios name server s IP address Syntax netbios name server lt IP address gt Parameters netbios name server Defines the NetBIOS WINS name server lt IP address gt e lt IP address gt Sets the NetBIOS name server s IP address Example WS5100 config dhcp netbios
130. P address or destination network address icmp type icmp type icmp code ICMP type value from 0 255 Valid only for protocol type icmp ICMP code value from 0 255 Valid only for a protocol type of ICMP log Generates log messages when the packet coming from the interface matches the ACL entry Log messages are generated only for router ACL s rule precedence access list entry precedence Define an integer value between 1 5000 This value sets the rule precedence in the ACL 5 10 WS5100 Series Switch CLI Reference Guide Use an access list command under the global configuration to create an access list The switch supports port router and WLAN ACLs e When the access list is applied on an Ethernet port it becomes a port ACL e When the access list is applied on a VLAN interface it becomes a router ACL e When the access list is applied on a WLAN index it becomes a WLAN ACL AMAC access list to allow arp is mandatory for both port and WLAN ACLs For more information on how to configure a MAC access list see permit on page 16 9 Example The example below creates a standard access list ACL to permit any traffic coming to the interface WS5100 config access list 1 permit any WS5100 config The example below creates a extended IP access list to permit IP traffic between two networks WS5100 config access list 101 permit ip 192 168 1 0 24 192 168 2 0 24 WS5100 config The example below cre
131. P or UDP as the protocol source source mask host source any The source is the source IP address of the network or host in dotted decimal format The source mask is the network mask For example 10 1 1 10 24 indicates the first 24 bits of the source IP are used for matching e any is an abbreviation for a source IP of 0 0 0 0 with the source mask bits being equal to 0 e hostis an abbreviation for exact source A B C D with the source mask bits being equal to 32 operator source port Valid only for TCP or UDP protocols Valid values are eq and range e range Specifies the protocol range starting and ending protocol numbers e port Sets the valid port number destination destination mask host destination any Sets the destination host IP address or destination network address operator destination port Specifies the destination port log Generates log messages when the packet coming from the interface matches the ACL entry Log messages are generated only for router ACLs rule precedence access list entry precedence Sets an integer value between 1 5000 This value sets the rule precedence in the ACL Extended ACL Instance 14 17 Usage Guidelines Use this command to permit traffic between networks hosts based on the protocol type selected in the access list configuration The following protocols are supported e ip e icmp e tcp e udp The last ACE in the access lis
132. P tree at which to start searching passwd Sets a valid password for the LDAP server passwd attr Enter the password attribute used by the LDAP server for authentication group attr Specifies the group attribute used by the LDAP server group filter Specifies the group filters used by the LDAP server group membership Specifies the Group Member Attribute sent to the LDAP server when authenticating users net timeout Enter a timeout the system uses to terminate the connection to the RADIUS Server if no activity is detected Usage Guidelines Use the login filter and group filter values described in the example below for all LDAP configuration scenarios Use passwd parameter to enter the password for active directory user mentioned in bind dn This is used for the initial login to the active directory The passwd attr and group membership Is retained as described in the following example Example WS5100 config ldap server primary host xxx xxx x xx port 389 login sAMAccountName Stripped User Name User Name bin d dn cn admin ou wid dc symbolTech dc local base dn ou wid dc symbolTech dc local passwd SYMBOL 123 passwd attr UserPassword group attr cn group filter amp objectClass group member Ldap UserDn 8 objectClass GroupOfUniqueNames uniquemember L dap UserDn group membership radiusGroupName net timeout 1 WS5100 config Radius Server Instance 19 19 19 1 10 nas
133. P version v2 e v3 Enables SNMP version v3 sysname SNMP system name user Defines a user who can access SNMP engine snmpmanager Manager user e snmpoperator Operator user e snmptrap Trap user Example WS5100 config snmp server community TestCommunity ro WS5100 config WS5100 config snmp server contact TestManager WS5100 config WS5100 config snmp server enable traps all WS5100 config WS5100 config snmp server enable traps miscellaneous lowFsSpace WS5100 config WS5100 config snmp server enable traps redundancy memberUp 5 1 30 WS5 WSS WSS WSS 100 config 100 config 100 config 100 config snmp server snmp server externalAPDetected WSS WSS excessiveProbes WSS WSS WSS WSS 100 config 100 config 100 config 100 config 100 config 100 config activated WSS WSS 100 config 100 config snmp server snmp server snmp server snmp server tkipCounterMeasures WSS WSS 100 config 100 config packets 120 WSS WSS WSS WSS WSS 100 config 100 config 100 config 100 config 100 config sole snmp server snmp server snmp server Global Configuration Commands enable enable enable enable enable enable enable location sysname traps traps traps traps traps traps traps Global Configuration Comm
134. P128 as well as Keyguard MCM on this WLAN wep64 Enables Wired Equivalence Privacy WEP with 64 bit keys NOTE A WEP64 configuration is insecure when two WLANs are mapped to the same VLAN and one uses no encryption and the other uses WEP Wireless Instance 20 55 hotspot Modifies hotspot related parameters e allow rule index IP address Modifies hotspot allow list parameters Users who have not yet authenticated must be allowed access to these IP addresses e Rule index Allow list Rule index must be between 1 10 e P address Allow list IP address e webpage externallinternal failure login welcome Modifies hotspot page parameters e external Modifies a hotspot s External Web page e internal Modifies hotspot s Internal Web page e failure Users are redirected to this Web page if they fail authentication e login Users are prompted for their username and password within this Web page e welcome Users are redirected to this Web page after they authenticate successfully e webpage location advanced external internal The location ofthe Web pages used for authentication These pages can either be hosted on the switch or an external Web Server e advanced Invokes login welcome failure Web pages created by the user on the switch e external Invokes login welcome failure Web pages on an external server e internal Invokes login welcome failure Web pages crea
135. Peer establishments e system System events Examples WS5100 gt debug certmgr all WS5100 gt WS5100 gt debug certmgr error WS5100 gt WS5100 gt debug certmgr info WS5100 gt WS5100 gt debug ip ssh WS5100 gt WS5100 gt debug mobility cc WS5100 gt WS5100 gt debug mobility error WS5100 gt WS5100 gt debug mobility forwarding WS5100 gt WS5100 gt debug mobility mu WS5100 gt WS5100 gt debug mobility packet WS5100 gt 3 6 WS5100 Series Switch CLI Reference Guide WS5100 gt debug mobility peer WS5100 gt WS5100 gt debug mobility system WS5100 gt 3 1 4 disable gt User Exec Commands Enables the PRIV mode in order to use the disable command Use the disable command to exit the PRIV mode Syntax disable Parameters None Example WS5100 gt disable WS5100 gt 3 1 5 enable gt User Exec Commands Use the enable command to enter the PRIV mode Syntax enable Parameters None Example WS5100 gt enable 3 1 6 3 1 7 3 1 8 User Exec Commands 3 7 logout User Exec Commands Use this command instead of the exit command to exit the EXEC mode Syntax logout Parameters None Example The WS5100 Series Switch logs off on execution of this command page User Exec Commands Use the page command to toggle the switch paging function Enabling this command displays the CLI command output page by page instead of running the entire output at once Syntax page Parame
136. Policy WS5100 Cfg SPolicy Default Switch Policy gt NOTE CLI commands starting with at the ws51004 prompt is ignored and is not executed Any leading space before a CLI command is ignored in execution Using CLI Editing Features and Shortcuts A variety of shortcuts and editing features are available The following describe these features e Moving the Cursor on the Command Line e Completing a Partial Command Name e Deleting Entries e Re displaying the Current Command Line e Transposing Mistyped Characters e Controlling Capitalization Moving the Cursor on the Command Line Table 1 2 shows the key combinations or sequences you can use to move the cursor around on the command line Ctrl defines the Control key which must be pressed simultaneously with its associated letter key Esc supports the Escape key which must be pressed first followed by its associated letter key Keys are not case sensitive Specific letters were chosen to provide an easy way of remembering their functions In Table 1 2 characters in bold inside the Function Summary column indicate the relation between a letter and its function 1 8 WS5100 Series Switch CLI Reference Guide Table 1 2 Key Combinations Used to Move the Cursor Keystrokes Function Summary Function Details Left Arrow or Ctrl B Back character Moves the cursor one character to the left When entering a command that extends beyond a single line
137. Reference Guide 10 1 7 service Crypto Map Config Commands Invokes service commands to trobuleshoot or debug config crypto isakmp instance configurations Syntax service clear diag shell save cli show start shell tethereal Parameters clear Removes specified support information diag shell Provides diag shell access save cli Saves the CLI tree for all modes in HTML show Shows the running system information start shell Provides shell access tethereal Dumps and analyzes network traffic Example WS5100 config crypto map service show cli Show CLI tree of current mode command history Display command except show commands history crash info Display information about core panic and AP dump files info Show snapshot of available support information last passwd Display last password used to enter shell reboot history Show reboot history startup log Show startup log upgrade history Show upgrade history WS5100 config crypto map service show WS5100 config crypto map service show info 4 0M out of 4 0M available for logs 9 7M out of 11 4M available for history 16 4M out of 18 6M available for crashinfo List of Files messages log 0 Oct 9 13301 snmpd log 316 Oct 9 13 01 startup log 16 5k Oct S 13201 command history 8 5k Oct 9 20 26 reboot history 3 4k Oct 9 13701 10 1 8 crypto map 10 7 upgrade history 782 Aug 29 18 32 Please export these files or delete them for more space WS5100 co
138. S5100 copy flash log snmpd log tftp 157 235 208 105 snmpd log Accessing running config file from remote tftp server into switchrunning config WS5100 copy tftp 157 235 208 105 running config running config debug Priv Exec Command Use this command for debugging This command is also used for debugging Syntax debug all debug cc access port all alt ap detect capwap cluster config dot11 eaplids kerberos 13 mob loc apl loc mu media mobile unit radio radius self heal snmp system wips wisp wlan debug ccstats lt CCStats Module gt debug certmgr all error info debug dhcpsvr all error info debug imi all cli client cli server errors init ntp debug ip https ssh debug logging all errors monitor subagent debug mgmt all cgilerr sys debug mobility ll cc error forwarding mu packet peer system debug mstp all cli packet protocol timer debug nsm all nts kernel packet debug pktdrvr rate limit skip packet filter debug radius all err info warn debug redundancy all ccmsg config errors general heartbeats init packets proc shutdown states subagent timer warnings debug securitymgr all debug error ikeerror pmdebug pmerror debug sole adapters algo all errors init ESAW Privileged Exec Commands 4 13 Parameters all Enables debugging cc Cellcontroller wireless debugging messages cestats Cellcontroller statistics
139. ST Root 000000a0f865ea8e ethl Regional Root 000000a0f865ea8e thl Designated Bridge 000000a0f865ea8e thi ssage Age 0 Max Age 0 ethl CIST Hello Time 0 Forward Delay 0 ethl CIST Forward Timer 0 Msg Age Timer 0 Hello Timer 0 ethl Version Multiple Spanning Tree Protocol Received None Send STP ethl No portfast configured Current portfast off ethl portfast bpdu guard default Current portfast bpdu guard off ethl portfast bpdu filter default Current portfast bpdu filter off ethl no root guard configured Current root guard off ethl Configured Link Type point to point Current shared 6 WS5100 config 2 2 27 static channel group Common to all modes Syntax show static channel group Parameters None Example WS5100 config show static channel group WS5100 config 2 2 28 2 2 29 terminal Common to all modes Syntax show terminal Parameters None Example WS5100 gt show terminal Terminal Type vt102 Length 44 Width 125 WS5100 gt timezone Common to all modes Syntax show timezone Parameters None Example WS5100 gt show timezone Timezone is Etc UTC WS5100 gt Common Commands 2 59 2 60 WS5100 Series Switch CLI Reference Guide 2 2 30 users 2 2 31 Common to all modes Syntax show users Parameters None Example WS5100 gt show users Line PID User Uptime Location 0 con 0 316 admin 06 08 11 ttys0 130 vty 0 2
140. Server Class Config Commands summarizes config std nacl commands Command Table 18 1 DHCP Server Class Command Summary Description Clears the display screen Ref Ends the current mode and moves to the EXEC mode Ends the current mode and moves to the previous mode Displays the interactive help system in HTML format Enables multiple user class options Negates a command or sets ts defaults 18 2 18 1 1 18 1 2 WS5100 Series Switch CLI Reference Guide Table 18 1 DHCP Server Class Command Summary Command Description Ret option Defines DHCP Server options page 18 5 service Invokes service commands to troubleshoot or debug page 18 6 config if instance configurations show Displays running system information page 18 7 clrscr DHCP Server Class Config Commands Clears the display screen Syntax clrscr Parameters None Example WS5100 config dhcpclass clrscr WS5100 config dhcpclass end DHCP Server Class Config Commands Ends and exits the current mode and moves to the PRIV EXEC mode The prompt changes to WS5100 Syntax end Parameters None Example WS5100 config dhcpclass end WS5100 18 1 3 18 1 4 DHCP Class Instance 18 3 exit DHCP Server Class Config Commands Ends the current mode and moves to the previous mode GLOBAL CONFIG The prompt changes to wS5100 config Syntax exit Parameters None Example WS510
141. Shows running system information cli Shows the CLI tree of current mode DHCP Server Instance 17 19 Example WS5100 config dhcp service show cli DHCP Server Config mode address range A B C D address range A B A B C D address range A bootfile WORD bootfile WORD client identifier WORD client identifier WORD client name WORD client name WORD clrscr clrscr ddns domainname WORD ddns domainname WORD multiple user class ddns multiple user class server A B C D ddns server es A B C D ddns server A B ttl lt 1 864000 gt ddns ttl lt 1 864000 gt update all ddns update all default router A B C D default router A B C D dns server A B C D dns server A B C D do LINE do LINE domain name WORD domain name WORD end end t exit exit hardware address XX XX XX XX XX XX hardware address XX XX XX XX XX XX XX XX XX XX XX XX ethernet token ring J ethernet hardware address XX XX XX XX XX XX XX XX XX XX XX XX ethernet token ring token ring hardware address XX XX XX XX XX XX XX XX XX XX XX XX ethernet token ringl XX XX XX XX XX XX hardware address XX XX XX XX XX XX XX XX XX XX XX XX ethernet token ringl ethernet hardware address XX XX XX XX XX XX XX XX XX XX XX XX ethernet token ring token ring hardware address XX XX XX XX XX XX XX XX XX XX XX XX ethernet token r
142. Transfer Protocol HTTP e secure server Sets the Secure HTTP Server HTTPS e secure trustpoint Enter the name of the trustpoint used for secure connection e server localhost HTTP server used only to serve requests from localhost local VPN local IP pool configuration e pool default Specifies the address range for the default group tag e fow ip address A B C D Specifies the Lowest range for IP address WS5100 Series Switch CLI Reference Guide name server A B C D Specifies the DNS server for the DHCP client A maximum of 6 name servers can be configured Servers are tried in the order entered e A B C D IP address of DNS server nat Defines Network Address Translation NAT values inside outside destination source static lt A B C D gt lt 1 65535 gt tcp udp lt A B C D gt e inside outside Specifies the inside outside address translation e destination source Destination source address translation e static lt A B C D gt Specifies the static local global mapping for the inside local IP address e lt 1 65535 gt tcp udp Inside local Port Select tcp or udp route Adds a static route entry in the routing table lt A B C D gt lt A B C D M e A B C D IP destination prefix gt 4 B C D M IP destination prefix SEND e lt next hop gt IP address of the next hop used to reach the destination routing Turn
143. WS5100 config crypto group twins 128 2 11 1 128 2 19 23 WS5100 config crypto group 8 1 crypto peer Use the crypto isakmp peer IP Address dns hostname command to initiate config crypto peer instance Crypto Peer Config Commands summarizes the config crypto peer commands Table 8 1 Crypto Peer Command Summary Command Description Ref Clears the display screen Ends the current mode and moves to the EXEC mode Ends the current mode and moves to the previous mode Descrbes the interactive help system Negates a command or sets its defaults Invokes service commands to trobuleshoot or debug the config crypto peer instance configuration Sets configuration parameters Displays running system 8 2 WS5100 Series Switch CLI Reference Guide 8 1 1 clirscr Crypto Peer Config Commands Clears the display screen Syntax clrscr Parameters None Example WS5100 config crypto peer clr WS5100 config crypto peer 8 1 2 end gt Crypto Peer Config Commands Ends and exits the current mode and change to the PRIV EXEC mode The prompt changes to wS5100 Syntax end Parameters None Example WS5100 config crypto peer end WS5100 8 1 3 exit gt Crypto Peer Config Commands Ends the current mode and moves to the previous mode GLOBAL CONFIG The prompt changes to ws5100 config Syntax exit Parameters None 8 1 4 8 1 5 crypto peer 8 3 Examp
144. a response from the RADIUS server before retrying This is a global setting for boththe primary and secondary servers NOTE The ws51000 config wireless nac server timeout lt gt retransmit lt gt should be less than what is defined for an MU s timeout and retries If the MU s time is less than the server s a fallback to the secondary server will not work Wireless Instance 20 59 qos classification mcast with dot1 11 mcast1 mcast2 prioritize voice svp weight wmm Quality of Service commands e classification background best effort video voice wmm Select how traffic on this WLAN is classified relative prioritization on the access port background Traffic on this WLAN is treated as background traffic best effort Traffic on this WLAN is treated as best effort video Traffic on this WLAN is treated as video voice Traffic on this WLAN is treated as voice wmm Use the WMM based classification using DSCP or 802 1p tags to classify traffic into different queues acm Admission Control Parameters 20 60 WS5100 Series Switch CLI Reference Guide e ip address Sets the RADIUS server s IP address e auth port lt 1024 65535 gt Establishes the RADIUS server s authentication port default 1812 e radius key Sets the RADIUS server shared secret up to 127 characters e 0 Password is specified UNENCRYPTED e 2 Password is encrypted with password
145. a e ee ee were cy 12 15 A A ames eetids pres ae eed ie A NT 12 15 RA dard aeie PY 12 17 121 16 stane channel Gearet dere ri 12 18 pA E a n EE EE EE E A T E esha aa nied meow acadaiy oe 12 19 Chapter 13 spanning tree mst Instance Tot CSCC COMMAS e drcaesr cade deh deere ae ae beet sede eH detest ease 13 1 es Aa A O EEE E EATE E aes 13 2 Tele sas 13 2 A aa ii ridad 13 3 LAE Pa OPA ooo E TETE T 13 3 EL A 13 4 Tete E 13 4 Bla Murano trinidad 13 5 ARE EEEN t end oobernine spay AE AE A E E EA EE 13 5 a A PEE AE EE ARTEA E E EEE E A eee 13 6 O NI O T E IETT 13 7 Chapter 14 Extended ACL Instance 1 Extended ACL Config Commands s 20 06 c6ss0 es4aencadsedteeswenavaeanendes 14 1 MAA A EAE dir isa botas 14 2 A A A A 14 2 IS OW eins be oa hh ek ee os do 14 7 A A 14 7 CSPE PNTE E E E ae E EA ae E P 14 8 CAE O de PE EPET AS EENE ETEESI A NETE ETEA EA TE TE TETS 14 8 Wi ONG reee EEEE 14 12 AAA E EA E EET EE TNS 14 13 e e k a aaa aa ANAE E E 14 18 VAC SW BOO dl E 14 20 CAAT e AEE A E TE ETE E EEE 14 21 Contents TOC 9 Chapter 15 Standard ACL Instance 15 1 Standard ACL Config Commands 0 0 0 0 cece nee een cence ene e NINTERESSA 15 1 TSA GWE apra il is tr ilers 15 2 A AEA AEL EE AE AE E AATE AE A anes a aed 15 2 LAEE AAA 15 3 nE E E AE A IE N TLE EE NE TET TS 5 4 LARE eee ETETE P PIEEO EIE AEAT A E eee rs 15 4 A ETENE ETEO EAEN AE EEE AAAA E TEE 5 5 Ela Werker a a E 5 6 E 15 6 LAR A A 5 8 AS A EPER E
146. ach possible argument 2 Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input e g show ve WS5100 config wireless ids Wireless Configuration Commands Defines the Wireless Intrusion Detection System WIPS configuration Syntax ids anomaly detection detect window ex ops ids anomaly detection all average noise level bad essid frame beacon broadcast essid invalid 8021x frame invalid frame length invalid frame type multicast source non changing wep iv null destination same source destination tkip countermeasures unencrypted traffic weak wep iv enable filter ageout ids detect window lt 5 300 gt ids ex ops 80211 replay fails all association requests authentication fails crypto replay fails decryption fails disassociations eap naks eap starts probe requests unassoc frames filter ageout lt 0 86400 gt threshold mu radio switch lt 0 9999 gt Parameters Wireless Instance 20 21 anomaly detection options enable filter ageout Configures parameters related to the detection of anomalous frames on the RF network e all Enables all types of anomalous frames e average noise level enable filter ageout threshold Enables and sets the filters and threshold levels for sudden changes in RSSI e threshold Sets the threshold for sudden changes in RSSI bad essid frame Enables an AP detector to find fram
147. adioExcessiveEvents Excessive radio events e switchExcessiveEvents Excessive switch events e radio Enables wireless radio traps e adopted Radio adopted e detectedRadar Radio detected radar e unadopted Radio detected radar e self healing Enables self healing traps e activated Self healing activated e station Enables wireless station traps e associated Wireless station associated e deniedAssociationAsPortCapacityRea ched Wireless station denied association port capacity reached e deniedAssociationOnCapability Wireless station denied association due to unsupported capability Global Configuration Commands 5 51 deniedAssociationOnErr Wireless station denied association due to internal error deniedAssociationOnInvalid WPAWPA2 IE Wireless station denied association due to invalid absent WPA WPAZ IE deniedAssociationOnRates Wireless station denied association due to incompatible Transmission rates deniedAssociationOnSSID Wireless station denied association due to invalid SSID deniedAssociationOnShortPream Wireless station denied association due to lack of short preamble support deniedAssociationOnSpectrum Wireless station denied association due to lack of spectrum management capability deniedAuthentication Wireless station denied 802 11 authentication disassociated Wireless station disassociated tkipCounterMeasures
148. ah md5 hmac ah sha hmac esp 3des aes esp aes 192 esp aes 256 esp des esp md5 hmac esp sha hmac pto pto pto crypto cry cry cry cry crypto cry cry cry isakmp client identity keepalive key peer policy isakmp client configuration group default isakmp identity keepalive key peer policy key export generate import zeroize key export import rsa lt indentifier gt URL password key generate rsa lt indentifier gt lt key pair gt lt key pair gt key zeroize rsa lt identifier gt map map name lt sequence number gt isakmp manual dynamic pki authenticate enroll export import trustpoint pki authenticate lt name gt terminal URL pki enroll lt name gt request self signed pki import export lt name gt request trustpoint URL 5 18 WS5100 Series Switch CLI Reference Guide Parameters ipsec security association transform set Configures IPSEC policies e security association Defines the security association parameter used to define its lifetime lifetime kilobyte seconds The lifetime of IPSEC security association It can be defined in either kilobytes Volume based key duration Minimum is 500 KB and maximum is 2147483646 KB seconds Time based key duration Minimum is 90 seconds and maximum is 2147483646 seconds e transform set set name Uses the crypto ipsec transform set command to define the trans
149. alarms major Displays all major or higher severity alarms normal Displays all normal or higher severity alarms warning Displays all warning or higher severity alarms boot Priviledge Global Config Syntax show boot Parameters None Example WS5100 show boot Image Build Date Install Date Primary May 17 21 34 52 2007 May 21 16 27 40 2007 Secondary May 10 23 21 58 2007 May 17 20 09 23 2007 Current Boot Primary Next Boot Primary Software Fallback Enabled WS5100 clock Priviledge Global Config Syntax show clock Parameters None Version 3 0 2 0 003B 3 0 2 0 002D 2 74 WS5100 Series Switch CLI Reference Guide 2 2 39 2 2 40 Example WS5100 show clock Jun 01 00 51 34 UTC 2007 WS5100 debugging Priviledge Global Config Syntax show debugging mstp Parameters mstp Displays the current MSTP configuration Example WS5100 config show debugging mstp MSTP debugging status WS5100 config dhcp Privilege Global Config Displays existing DHCP server configurations Syntax show dhcp config status Parameters config Displays the current DHCP server configuration status Displays whether the DHCP server is running Example WS5100 show dhcp config service dhcp l ip dhcp pool vlan6 default router XXX XXX XXX 2 network xxx xxx xx 0 24 Common Commands 2 75 address range XXX XXX XX XX aaa aaa aa aa WS5100 2 2 41 file
150. ame Engineering WS5100 config dhcp 17 1 11 17 1 12 DHCP Server Instance 17 11 end DHCP Config Commands Exits the current mode and moves to the PRIV EXEC mode The prompt changes to ws5100 Syntax end Parameters None Example WS5100 config dhcp end WS5100 exit DHCP Config Commands Ends the current mode and moves to the previous mode GLOBAL CONFIG The prompt changes to WS5100 config Syntax exit Parameters None Example WS5100 config ip dhcp pool TestPool WS5100 config dhcp exit WS5100 config 17 1 13 hardware address DHCP Config Commands Reserves an IP address manually based on a DHCP client s hardware address Use the no hardware address command to remove this from the DHCP pool Syntax hardware address XX XX XX XX XX XX XX XX XX XX XK XX 17 12 17 1 14 WS5100 Series Switch CLI Reference Guide Parameters hardware address Sets the client s hardware address XX XX XX XX XX XX e XX XX XX XX XX XX Defines a dashed XX XX XX XX XX XX hexadecimal string O XX XX XX XX XX XX Sets a dotted hexadecimal string Usage Guidelines Accepts only hexadecimal values Example WS5100 config dhcp hardware address 00 01 23 45 32 22 WS5100 config dhcp help DHCP Config Commands Displays the system s interactive help in HTML format Syntax help Parameters None Example WS5100 config dhcp help CLI provides advanced help fea
151. ameters Global Configuration Commands 5 7 access list lt 1 99 gt lt 1300 1999 gt deny permit mark 8021p lt 0 7 gt tos lt 0 255 gt A B C D M host A B C D any llog rule precedence lt 1 5000 gt Adds a standard access list entry e lt 1 99 gt lt 1300 1999 gt Defines access numbers from 1 to 99 or 1300 to 1999 e deny permit mark Defines action types on an ACL The action type mark is functional only over a Port ACL 8021p lt 0 7 gt Used only with the action type mark to specify 8021p priority values tos lt 0 255 gt Used only with the action type mark to specify type of service tos values e A B C D M host A B C D any Source is the source address of the network or host in dotted decimal Source mask is the network mask For example 10 1 1 10 24 indicates the first 24 bits of the source IP are used for matching The keyword any is an abbreviation for a source IP of 0 0 0 0 and source mask bits equal to 0 The keyword host is an abbreviation for exact source A B C D and source mask bits equal to 32 e log Generates log messages when the packet coming from the interface matches the ACL entry Log messages are generated only for router ACL s e rule precedence lt 1 5000 gt Define an Integer value between 1 5000 This value sets the rule precedence in the ACL 5 8 WS5100 Series Switch CLI Reference Guide access list lt 100 199 gt l
152. an IDS sensor Note The switch will not be able to adopt this AP again until it is converted back to a AP300 using the sensor lt 1 256 gt revert to ap command 20 1 13 Wireless Instance 20 15 standalone Converts a thin AP 4131 back to a stand alone AP Note The switch will not be able to adopt this AP again until the AP is converted back to a thin AP using the AP s configuration interface Example WS5100 config wireless convert ap 1 default WS5100 config wireless country code Wireless Configuration Commands Sets the country of operation All existing radio configuration will be erased Syntax country code Parameters Abbreviation Configures the switch to operate in a defined country Usage Guidelines Use the show wireless country code command to view the list of supported countries Example WS5100 config wireless country code ae United Arab Emirates ar Argentina at Austria au Australia ba Bosnia Herzegovina be Belgium bg Bulgaria bh Bahrain bm Bermuda br Brazil bs Bahamas by Belarus ca Canada ch Switzerland cl Chile cn China 20 16 WS5100 Series Switch CLI Reference Guide Colombia Costa Rica Cyprus Czech Republic Germany Denmark Dominican Republic Ecuador Estonia Egypt Spain Finland France United Kingdom Greece Guatemala Guam Hong Kong Honduras Croatia Haiti Hungary Indonesia Ireland Israel India Iceland Italy Jordan Japan South K
153. anced help feature When you need help anytime at the command line please press If nothing matches the help list will be empty and you must backup until entering a shows the available options Two styles of help are provided Ls Full help is available when you are ready to enter a command argument e g show and describes each possible argument Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input e g show ve WS5100 config std nacl 15 1 6 mark Standard ACL Instance 15 5 gt Standard ACL Config Commands Specifies packets to mark Syntax mark 8021 1p lt 0 7 gt tos lt 0 255 gt A B C D M any host mark 8021 1p lt 0 7 gt tos lt 0 255 gt any host log rule precedence lt 1 5000 gt A B gt C D Parameters 8021 1p lt 0 7 gt tos lt 0 255 gt e Specifies 1p priority value between 0 and 7 e Specifies a Type of Service tos value between 0 and 255 A B C D Mlany host source is the source IP address of the network or host in dotted decimal format Source mask is the network mask For example 10 1 1 10 24 indicates the first 24 bits of the source IP are used for matching any any is an abbreviation for source IP of 0 0 0 0 and source mask bits equal to 0 host log rule precedence lt 7 5000 gt A B gt C D host is an abbreviation for the exact source A B C D and source mask
154. and Example WS5100 config ext nacl rule precedence 10 WS5100 config ext nacl WS5100 config ext nacl WS5100 config ext nacl WS5100 config ext nacl WS5100 config ext nacl no mark 8021p 5 tcp 192 168 2 0 24 any no permit ip any any rule precedence 10 no deny icmp any any rule precedence 10 Extended ACL Instance 14 13 14 1 8 permit gt Extended ACL Config Commands Permits specific packets NOTE ACLs do not allow DHCP messages to flow by default Configure an Access Control Entry ACE to allow DHCP messages to flow through WS5100 config ext nacl permit ip XXX XXX XXX XXX X 192 168 2 0 24 WS5100 config ext nacl permit ip any host XXX XXX XXX XXX WS5100 config ext nacl Syntax permit ip source source mask host source any destination destination mask host destination any log rule precedence access list entry precedence permit icmp source source mask host source any destination destination mask host destination any icmp type icmp type icmp code log rule precedence access list entry precedence permit tep udp source source mask host source any operator source port destination destination mask host destination any operator destination port log rule precedence access list entry precedence 14 14 WS5100 Series Switch CLI Reference Guide Parameters permit ip source source mask host so
155. ands whether using a serial console or using a remote access method This chapter describes the basic features of the CLI Topics covered include an introduction to command modes navigation and editing features help features and command history features The CLI is segregated into different command modes Each mode has its own set of commands for configuration maintenance and monitoring The commands available at any given time depend on the mode you are in Enter a question mark at the system prompt to view a list of commands available for each command mode instance Use specific commands to navigate from one command mode to another The standard order is USER EXEC mode PRIV EXEC mode and GLOBAL CONFIG mode 1 2 WS5100 Series Switch CLI Reference Guide A session generally begins in USER EXEC mode one of the two access levels of the EXEC mode For security only a limited subset of EXEC commands are available in the USER EXEC mode This level is reserved for tasks that do not change the configuration of the switch such as determining the current switch configuration To access commands enter the PRIV EXEC mode the second access level for the EXEC mode In PRIV EXEC mode enter any EXEC command The PRIV EXEC mode is a superset of the USER EXEC mode Most of the USER EXEC mode commands are one time commands and are not saved across reboots of the switch For example the show command displays the current configuration and th
156. ands 5 55 snmp linkup wireless ap detection wireless ids wireless radio adopted wireless self healing station wireless wireless statistics min Located at thh 5th FLoor Gold Mine Sets SOLE related configuration commands This command leads you to the config sole instance For more information on SOLE parameters refer to SOLE Instance on page 21 1 Syntax sole Parameters None 5 56 WS5100 Series Switch CLI Reference Guide Usage Guidelines The SOLE command is used to enter the config sole instance The prompt changes from the regular ws5100 config tO WS5100 config wireless Example WS5100 config sole WS5100 config sole 5 1 31 spanning tree Global Configuration Commands Configures spanning tree commands Syntax spanning tree mst portfast spanning tree mst lt 0 15 gt priority lt 0 61440 gt cisco interoperability enale disable configuration forward time lt 4 30 gt hello time lt 1 10 gt max age lt 6 40 gt max hops lt 7 127 gt spanning tree portfast bpdufilter bpduguard default Parameters Global Configuration Commands 5 57 mst lt 0 15 gt priority lt 0 61440 gt cisco interoperability enale disable configuration forward time lt 4 30 gt hello time lt 1 10 gt max age lt 6 40 gt max hops lt 7 127 gt Enables the Multiple Spanning Tree Protocol on a bridge e lt 0 15 gt priority lt 0 61440 gt Set t
157. ass WS5100 config dhcpclass DHCP Class Instance 18 5 18 1 7 option DHCP Server Class Config Commands Specifies a value for DHCP user class options Syntax option user class user class name Parameters user class user class Creates modifies DHCP Server user class options name Usage Guidelines Follow the steps below to create a DHCP user class 1 Creates a DHCP class named ws5100DHCPclass The switch supports a maximum of 32 DHCP classes WS5100 config tip dhcp class WS5100DHCPclass WS5100 config dhcpclass Create a USER class named mcsoo The privilege mode changes to config dhcpclass The switch supports a maximum of 8 user classes per DHCP class WS5100 config dhcpclass option user class MC800 WS5100 config dhcpclass Create a Pool named wap using config mode WS5100 config ip dhcp pool WID WS5100 config dhcp Associate the DHCP class created in Step 1 with the pool created in Step 3 The switch supports the association of 8 DHCP classes with a pool WS5100 config dhcp class WS5100DHCPclass WS5100 config dhcp class The switch moves to a new mode config dhcp class Use this mode to an add address range for the DHCP class associated with the pool WS5100 config dhcp class address range 11 22 33 44 18 6 18 1 8 WS5100 Series Switch CLI Reference Guide Example WS5100 config dhcpclass option user class MC800 WS5100 config
158. ate lt name gt terminal tftp ftp Defines the authenticate and import CA certificate e enroll lt name gt request self signed Generates a certificate request or selfsigned certificate for the trustpoint e export lt name gt request trustpoint tftp ftp Exports the trustpoint related configuraiton e import Imports a trustpoint related configuration e trustpoint Creates and configures a trustpoint e terminal Copies and pastes enrollment mode e request Certificate request mode of enrollment e self signed Selfsigned mode of enrollment e trustpoint Trustpoint configuration Usage Guidelines Currently a peer address can be deleted with wrong isakmp value Crypto currently matches only the IP address when a no command is issued WS5100 config crypto isakmp key 12345678 address 4 4 4 4 WS5100 config show running config configuration of WS5100 version 3 0 0 0 200B version 1 0 l service prompt crash info l username admin password 1 8e67bb26b358e2ed20fe552ed6fb832f397a507d username admin privilege superuser username operator password 1 fe96dd39756ac41b74283a9292652d366d73931f username manager password 1 45b27d46483fc63098l1ad5096ff26a7956ce0c038 5 22 WS5100 Series Switch CLI Reference Guide crypto isakmp key 12345678 address 4 4 4 4 crypto ipsec security association lifetime kilobytes 4608000 WS5100 config WS5100 config no crypto isakmp key 12348 addr
159. ates a extended access list to permit tcp traffic between two networks with destination port range between 20 and 23 WS5100 config access list 101 permit tcp 192 168 1 0 24 192 168 2 0 24 range 20 23 WS5100 config The example below denies icmp traffic from any source to any destination WS5100 config access list 115 deny icmp any any WS5100 config access list 115 permit ip any any WS5100 config 5 1 3 autoinstall Global Configuration Commands Global Configuration Commands 5 11 Autoinstalls the switch image Syntax autoinstall clear config history cluster config config image start autoinstall cluster config config image URL tftp ftpl http cf autoinstall image version lt number gt Parameters clear config history Autoinstalls a clear configuration history resulting in a reversion cluster config Autoinstalls a cluster config setup config Autoinstalls a config setup image lt version number gt Autoinstalls the image setup e Version number The version number cannot be the same as the currently installed version number Attempting to install the same version results in an unsuccessful download start Starts the autoinstall sequence Example WS5100 config autoinstall clear config history WS5100 config 5 12 WS5100 Series Switch CLI Reference Guide 5 1 4 banner Global Configuration Commands Defines a login banner for th
160. atic switch IP address e set default Default switch IP address default ap Sets the default static switch IP address e switch ip Static switch IP address e add Adds a static switch IP address e delete Deletes a static switch IP address e set default Sets a default switch IP address Example WS5100 config wireless ap ip 1 static ip 192 168 10 25 24 192 168 10 1 WS5100 config wireless WS5100 config wireless ap ip 1 switch ip add 192 168 10 25 10 10 1 4 WS5100 config wireless WS5100 config wireless ap ip default ap switch ip set default WS5100 config wireless 20 1 7 20 1 8 Wireless Instance 20 9 ap timeout Wireless Configuration Commands Changes the default inactivity timeout for access ports Syntax ap timeout lt index gt lt 40 180 gt Parameters lt Index gt lt 40 180 gt Access ports identified by a single MAC address or by a list of indices Use show wireless ap to view the AP s index or MAC address e lt 40 180 gt Sets the new inactivity timeout in seconds Example WS5100 config wireless ap timeout 1 40 WS5100 config wireless ap udp port Wireless Configuration Commands Configures the UDP port for layer 3 adoption of APs You also need to configure the DHCP server serving the APs with the same parameter Syntax ap udp port lt 1 65535 gt Parameters lt 1 65535 gt Sets the port number for layer 3 adoption of APs Exam
161. ation contact Motorola at Telephone North America 1 800 722 6234 Telephone International 1 631 738 5200 Website http www motorola com xiii Motorola Inc End User License Agreement BY DOWNLOADING INSTALLING OR USING THE SOFTWARE DESCRIBED IN THIS DOCUMENT YOU OR THE ENTITY OR COMPANY THAT YOU REPRESENT LICENSEE ARE UNCONDITIONALLY CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THIS LICENSE AGREEMENT AGREEMENT LICENSEE S USE OR CONTINUED USE OF THE DOWNLOADED OR INSTALLED MATERIALS SHALL ALSO CONSTITUTE ASSENT TO THE TERMS OF THIS AGREEMENT IF LICENSEE DOES NOT UNCONDITIONALLY AGREE TO ALL OF THE TERMS OF THIS AGREEMENT DO NOT CONTINUTE THE INSTALLATION PROCESS IF THESE TERMS ARE CONSIDERED AN OFFER ACCEPTANCE IS EXPRESSLY LIMITED TO AND EXPRESSLY CONTINGENT UPON THESE TERMS IF YOU ARE ACCEPTING THESE TERMS ON BEHALF OF A COMPANY ANOTHER PERSON OR ANY OTHER LEGAL ENTITY YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO BIND THAT COMPANY PERSON OR ENTITY 1 LICENSE GRANT Subject to the terms of this Agreement Motorola Inc and or its subsidiaries Licensor hereby grants Licensee a limited personal non sublicensable non transferable nonexclusive license to use the software that Licensee is about to download or install and the documentation that accompanies it collectively the Software for Licensee s personal use in connection with hardware produced by Licensor and only in accordance
162. ation file Display filesystem information ftp Display FTP Server configuration history Display the session command history interfaces Interface status and configuration ip Internet Protocol IP ldap ldap server licenses Show any installed licenses logging Show logging configuration and buffer mac Media Access Control management Display L3 Managment Interface nam mobility Display Mobility Parameters ntp Network time protocol password encryption password encryption privilege Show current privilege level radius Radius configuration commands redundancy group Display redundancy group parameters redundancy history Display switch state transition history 16 14 WS5100 Series Switch CLI Reference Guide 16 1 11 redundancy group members in detail Operating configuration redundancy members running config Display Current securitymgr Display debug info for ACL VPN and NAT sessions Display current active open connections snmp Display SNMP engine parameters snmp server Display SNMP engine parameters startup config Contents of startup configuration terminal Display terminal configuration parameters timezone Display timezone upgrade status Display last image upgrade status users Display information about terminal lines version Display software amp hardware version wireless Wireless configuration commands WS5100 config ext mac1 show terminal MAC Extended ACL Config Commands Sets the length number of lines dis
163. ation mode you are in When using context sensitive help the space or lack of a space before the question mark 2 is significant To obtain a list of commands that begin with a particular sequence enter the characters followed by a question mark Do not include a space This form of help is called word help because it completes a word WS5100 service servic Service Commands WS5100 service Enter a question mark in place of a keyword or argument to list keywords or arguments Include a space before the This kind of help is called command syntax help It shows keywords or arguments are available based on the command keyword and argument already entered WS5100 gt service diag Diagnostics encrypt Encrypt password or key with secret save cli Save CLI tree for all modes in html format show Show running system information WS5100 gt service 1 6 1 3 1 3 1 WS5100 Series Switch CLI Reference Guide It s possible to abbreviate commands and keywords to allow a unique abbreviation For example configure terminal can be abbreviated as config t Since the abbreviated command is unique the switch accepts the abbreviation and executes the command Enter the help command available in any command mode to provide the following description WS5100 gt help CLI provides advanced help feature When you need help anytime at the command line please press If nothing matches the help list will b
164. ation for ACL VPN Privilege page 80 and NAT Global Config sessions Displays currently open and active Privilege page 80 connections Globa Config startup config Displays the content of the startup Privilege page 80 configuration Globa Config upgrade status Displays the status of the last image Privilege page 82 upgrade Globa Config 2 2 1 autoinstall Common to all modes Syntax show autoinstall Parameters None Example WS5100 gt show autoinstall WS5100 gt 2 2 2 banner Common to all modes Syntax show banner 2 28 WS5100 Series Switch CLI Reference Guide Parameters motd Defines the Message of the Day banner Example WS5100 gt show banner motd Welcome to CLI WS5100 gt 2 2 3 commands Common to all modes Syntax WS5100 gt show commands Parameters None Example WS5100 show commands acknowledge alarm log all lt 1 65535 gt acknowledge alarm log al1 lt 1 65535 gt archive tar create FILE URL FILE archive tar create FILE URL FILE archive tar table FILE URL archive tar table FILE URL archive tar xtract FILE URL DIR archive tar xtract FILE URL DIR cd DIRI cd DIRI change passwd lear aclstats lear alarm log new all acknowledged lt 1 65535 gt lear alarm log new all acknowledged lt 1 65535 gt lear alarm log new all acknowledged lt 1 65535 gt lear alarm log
165. be history logging 20 1 24 Example WS5100 config wirel WS5100 config wirel WS5100 config wirel WS5100 config wirel WS5100 config wirel DD EE FE WS5100 config wirel mobility Wireless Instance 20 25 ess mobile unit probe history enable ess ess mobile unit association history enable ess ess mobile unit probe history add 20 AA BB CC ess Wireless Configuration Commands Sets mobility parameters Syntax mobility enable local address max roam period peer mobility local address IP Address mobility max roam period lt 1 15 gt mobililty peer IP Address Parameters enable Enables mobility globally local address lt IP address gt Sets the local address for mobility e A B C D IP address of A B C D format max roam period lt 7 300 gt Sets the Max Roam Period for a mobile unit in seconds peer lt Peer IP Address gt Adds a peer to this mobility region e A B C D IP address of the Peer Example WS5100 config wireless mobility enable WS5100 config wireless WS5100 config wireless mobility local address 12 12 12 1 WS5100 config wireless 20 26 20 1 25 20 1 26 WS5100 Series Switch CLI Reference Guide WS5100 config wireless mobility max roam period 10 WS5100 config wireless WS5100 config wireless mobility peer 157 208 235 108 WS5100 config wireless multicast packet limit
166. bia se Sweden sg Singapore si Slovenia sk Slovak Republic th Thailand tr Turkey tw Taiwan ua Ukraine us United States uy Uruguay ve Venezuela vn Vietnam za South Africa WS5100 config country code 5 1 8 crypto Global Configuration Commands NOTE crypto isakmp policy Priority moves you to the config crypto isakmp instance For more information see crypto isakmp on page 6 1 crypto isakmp client configuration group default moves you to the config crypto group instance For more details see crypto group on page 7 1 crypto isakmp peer IP Address moves you to the config crypto peer instance For more details see crypto peer on page 8 1 crypto ipsec transformset name lt value gt leads you to config crypto ipsec Use the crypto ipsec transform set command to define the transform configuration for securing data for example esp 3des esp sha hmac etc The transform set is assigned to a crypto map using the map s set transform set command For more details see crypto ipsec on page 9 1 crypto pki trustpoint mode leads to the config trustpoint instance For more details see crypto trustpoint Instance on page 11 1 Syn cry tax crypto cry cry esp cry cry cry pto pto Global Configuration Commands 5 17 pto ipsec isakmp key map pki ipsec security association transform set ipsec security association lifetime kilobyte Seconds WORD ipsec transform set
167. bits equal to 32 Usage Guidelines Use this command to mark traffic from the source network host Use the mark option to specify the type of service TOS and priority value The TOS value is marked in the IP header The 802 1p priority value is marked in the frame When the interface receives the packet its content is checked against the ACEs in the ACL It is marked based on the ACL configuration NOTE The log option is functional only for router ACLs The log option results in an informational logging message about the packet matching the entry sent to the console 15 6 WS5100 Series Switch CLI Reference Guide Example The example below marks the type of service TOS value to 254 for all traffic coming from the source network WS5100 config access list 3 mark tos 254 xxx xxx 3 0 24 WS5100 config access list 3 permit any 15 1 7 no gt Standard ACL Config Commands Negates a command or set its defaults Syntax no deny mark permit Negates all the syntax combinatins used in deny mark and permit designations Parameters deny Specifies packets to reject mark Specifies packets to mark permit Specifies packets to forward Example WS5100 config std nacl WS5100 config std nacl WS5100 config std nacl WS5100 config std nacl WS5100 config std nacl precedence 30 WS5100 config std nacl 15 1 8 permit Standard ACL Config Commands no permit any rule p
168. ble for 802 11a bg A seperate channel set can be configured for a and bg radios e lt 1 200 gt List of space separated channel number s between 1 and 200 enable Enables or disables the gathering of information for AP locationing erase report Erases AP beacon locationing reports captured by the switch max ap lt 0 512 gt Sets the maximum number of APs allowed in the AP locationing table scan interval lt 10 60 gt Defines the duration between two scans in seconds scan time lt 100 1000 gt The time the radio dwells on each channel in the a bg channel set in milli seconds Wireless Instance 20 45 enhanced probe table enable erase report max mu lt 0 512 gt preferred add lt MAC Address gt window time lt 10 60 gt Configures an AP for detecting and locating MUs The switch maintains an enhanced probe table to track the probes received by an AP e enable Disables or enables the gathering of information for MU locationing erase report Erases all MU Probe Table locationing reports collected by the switch max mu lt 0 512 gt Configures the maximum number of MUs that can be scanned for Probe Table information preferred lt MAC Address gt Adds an entry to the preferred MU list This will list MU MAC addresses window time lt 10 60 gt Defines the time the probes are assimilated The probe with the highest signal strength dBm is reported for a give
169. c shell access to debug and test the switch save cli Saves the CLI tree for all modes in HTML show Displays the running system information 11 8 WS5100 Series Switch CLI Reference Guide start shell Provides shell access tethereal Dumps and analyzes network traffic Example WS5100 config trustpoint service diag shell Diagnostic shell started for testing diag gt boot Reboots the switch delete Deletes specified file from the system exit Exit from the CLI fallback Configures firmware fallback feature help Description of the interactive help system logout Exit from the CLI no Negate a command or set its defaults reload Halt and perform a warm reboot service Service Commands show Show running system information upgrade Upgrade firmware image diag gt WS5100 config trustpoint service save cli CLI command tree is saved as clitree html This tr can be viewed via web at http lt ipaddr gt cli clitree html WS5100 config trustpoint WS5100 config trustpoint service show cli Show CLI tree of current mode command history Display command except show commands history crash info Display information about core panic and AP dump files nfo how snapshot of available support information i S last passwd Display last password used to enter shell reboot history Show reboot history startup log Show startup log upgrade history Show upgrade history WS5100 config trus
170. cale Enables wireless rate scaling default request ap log Requests an AP log save ap log Saves debug error logs sent by the access port snmp trap throttle Limits the number of SNMP traps generated from the wireless module e vlan cache VLAN cache mode Syntax GLOBAL Config service advanced vty dhcp diag password encryption pm sys restart prompt crash info radius restart set command history reboot history upgrade history lt 10 300 gt show cli terminal length lt 0 512 gt watchdog Parameters GL BAL Config advanced vty Enables advanced mode vty interface dhcp Enables the DHCP server diag e enable Enables in service diagnostics e limit Diagnostic limit command e period Sets the diagnostics period password encryption Encrypts passwords e secret Encrypts passwords keys with a secret phrase e 2 Type of encryption SHA256 AES256 e PASSPHRASE Passphrase for encryption e ENCRYPT_KEY Plaintext password or key to encrypt 2 20 WS5100 Series Switch CLI Reference Guide pm Process Monitor e sys restart Enables the PM to restart the system when a processes fails prompt Enable crash info prompt e crash info Enables a crash info prompt radius Enable radius server e restart Restarts the radius server with updated configuration set Set service parameters e command history lt 10 300 gt Sets the size of
171. cause bpduguard Reason for errdisable e bpduguard Recovers from errdisable due to bpduguard interval lt 10 1000000 gt Interval after which the port is enabled e lt 10 1000000 gt Errdisable timeout interval in seconds Usage Guidelines Use no command with errdisable parameter to the disable bridge timeout mechanism for the port Example WS5100 config errdisable recovery interval 100 WS5100 config WS5100 config errdisable recovery cause bpduguard WS5100 config WS5100 config no errdisable recovery cause bpduguard WS5100 config 5 1 12 5 1 13 Global Configuration Commands 5 25 fallback Global Configuration Commands Enables and configures the software fallback feature Failure to boot with configured use on boot image allows booting with other image Syntax fallback enable Parameters enable Enables the software fallback feature Example WS5100 config fallback enable WS5100 config ftp Global Configuration Commands Configures the switch as an FTP server Syntax ftp enable ftp password 0 1 LINE ftp rootdir DIR Parameters enable Enables FTP server password Configures the FTP password Set the password using one of the following options e 0 Password is specified UNENCRYPTED e 1 Password is encrypted with SHA1 algorithm e LINE Password rootdir Configures the FTP root dir Setthe ROOT directory l
172. ccess list expanded range e word Defines the access list name e in Sets incoming packets interface Instance 12 7 address Sets a static IP address and network mask for a Layer 3 SVI Switch Virtual Interface e A B C D M Sets the IP address 10 0 0 1 8 e secondary Defines an optional secondary IP address e dhcp Uses a DHCP Client to obtain an IP address for the interface This enables DHCP on a Layer 3 SVI helper address Forwards DHCP and BOOTP packets e A B C D Defines the P to which DHCP and BOOTP packets are forwarded nat Sets Network Address Translation NAT parameters e inside Inside interface e outside Outside interface Usage Guidelines IPv4 commands are not allowed on a L2 interface Use the ip access group command to attach an access list to an interface Use the no ip access group command to remove the access list from the interface Use mac access group to attach a MAC access list to an interface Use the no ip options command to undo IP based interface configurations Example WS5100 config if ip access group 110 in WS5100 config if WS5100 config if ip address 192 168 234 1 24 WS5100 config if Follow the steps below to create a helper address on VLAN 2000 for using a DHCP server on VLAN 1000 WS5100 config interface vlan 1000 WS5100 config if ip address 172 168 100 1 24 WS5100 config if interface vlan 2000 WS5100 config
173. cedence lt 1 5000 gt For Extended IP ACL s access list lt 100 199 gt lt 2000 2699 gt deny permit mark dotlp lt 0 7 gt tos lt 0 255 gt ip source source mask host source any destination destination mask host destination any log rule precedence access list entry precedence access list lt 100 199 gt lt 2000 2699 gt deny permit mark dotlp lt 0 7 gt tos lt 0 255 gt icmp source source mask host source any destination destination mask host destination any icmp type icmp type icmp code log rule precedence access list entry precedence access list lt 100 199 gt lt 2000 2699 gt deny permit mark dotlp lt 0 7 gt tos lt 0 255 gt tcpludp source source mask host source any operator source port destination destination mask host destination any operator destination port log rule precedence access list entry precedence 5 6 WS5700 Series Switch CLI Reference Guide NOTE Using access list lt 100 199 gt lt 2000 2699 gt moves you to the config ext nacl instance For additional information see Extended ACL Instance on page 14 1 Using access list lt 1 99 gt lt 1300 1999 gt moves you to the config std nacl instance For additional information see Standard ACL Instance on page 15 1 To create a named ACL use ip access 1sit Standard Extended For more information check ip on page 5 27 Par
174. channel commands Show current privilege level RADIUS configuration commands play redundancy group parameters play state transition history of the tch play redundancy group members in detail Current Operating configuration Securitymgr parameters lay current active open connections lay SNMP engine parameters lay SNMP engine parameters Smart Opportunistic Location Engine Configuration lay spanning tree information ents of startup configuration ic channel group membership lay terminal configuration parameters lay timezone pl lay last image upgrade status users version wireless wlan acl crypto isakmp 6 9 Display information about currently logged in users Display software amp hardware version Wireless configuration commands wlan based acl WS5100 config crypto isakmp show 6 10 WS5100 Series Switch CLI Reference Guide 7 1 crypto group Use the crypto isakmp client configuration group default to initiate the config crypto group instance Crypto Group Config Commands summarizes the switch config crypto group commands Table 7 1 Crypto Group Command Summary Command Description Ret Clears the display screen Defines a primary and secondary Domain Name Server DNS Ends the current mode and moves to the EXEC mode Ends the current mode and moves to the previous mode Describe the interactive help system Invokes service commands to trobuleshoo
175. channel group static channel group membership terminal Display terminal configuration parameters timezone Display timezone upgrade status Display last image upgrade status users Display information about currently logged in users version Display software amp hardware version wireless Wireless configuration commands wlan acl wlan based acl WS5100 config dhcpclass show WS5100 config dhcpclass show ip dhcp binding IP AC Client Id Expiry Time WS5100 config dhcpclass WS5100 config dhcpclass show ip dhcp class WS5100DHCPclass l ip dhcp class WS5100DHCPclass option user class MC800 WS5100 config dhcpclass WS5100 config dhcpclass show ip dhcp pool WID l ip dhcp pool WID class WS5100DHCPclass address range 11 22 33 44 WS5100 config dhcpclass Radius Server Instance Use the radius server local command to move to the RADIUS server mode Local Onboard RADIUS server commands are listed under this mode Use the config radsrv instance to configure local RADIUS server parameters 19 1 Radius Configuration Commands summarizes the Global Config command Table 19 1 RADIUS Server Command Summary Command Description Ref Configure the authentication scheme used with the RADIUS server ca Defines CA parameters Clears the display screen Enables a Certificate Revocation List CRL check Ends the current mode and moves to the EXEC mode Ends the current mode and mo
176. channel load balance WS5100 gt privilege Common to all modes Syntax show privilege Parameters None 2 48 2 2 19 WS5100 Series Switch CLI Reference Guide Example WS5100 gt show privilege Current user privilege superuser WS5100 gt radius Common to all modes Syntax show radius configuration eap configuration group A B C D M proxy rad user trust point Parameters nas radius Displays RADIUS configuration commands configuration RADIUS server configuration parameters eap configuration Displays and defines the EAP configuration group Displays the RADIUS group configuration nas A B C D M Defines a client IP address and mask proxy Lists proxy information rad user Displays RADIUS user information trust point Defines the RADIUS trust point configuration Example WS5100 config show radius proxy Proxy Details Proxy retry delay 6 Proxy retry count 4 Proxy Realm Details Realm symbol com IP Address Port Shared secret seconds LO 10 10 9 1812 0 secret123 Common Commands 2 49 2 2 20 redundancy group Common to all modes This command displays the switch s IP address number of active neighbors group license installed license cluster AP adoption count switch adoption count hold time discovery time heartbeat interval cluster id and switch mode In a cluster this command displays the redundan
177. cifies ICMP as the protocol e source source mask host source any The source is the source IP address of the network or host in dotted decimal format The source mask is the network mask For example 10 1 1 10 24 indicates the first 24 bits of the source IP is used for matching e anyis an abbreviation for a source IP of 0 0 0 0 and source mask bits equal to 0 e hostis an abbreviation for exact source A B C D and source mask bits equal to 32 e destination destination mask host destination any Defines the destination host IP address or destination network address e icmp type icmp type icmp code Sets the ICMP type value from 0 to 255 and is valid only for ICMP The ICMP code value is from 0 to 255 and is valid only for protocol type icmp e log Generates log messages when the packet coming from the interface matches the ACL entry Log messages are generated only for router ACLs e I rule precedence access list entry precedence Defines an integer value between 1 5000 This value sets the rule precedence in the ACL Extended ACL Instance 14 5 deny tep udp source source mask host source any operator source port destination destination mask host destination any operator destination port log rule precedence access list entry precedence Use with the deny command to reject TCP or UDP packets deny Rejects TCP or UDP packets tcp udp Specifies
178. commands Show current privilege level RADIUS configuration commands Display redundancy group parameters DHCP Server Instance 17 21 redundancy history Display state transition history of the switch redundancy members Display redundancy group members in detail running config Current Operating configuration securitymgr Securitymgr parameters sessions Display current active open connections snmp Display SNMP engine parameters snmp server Display SNMP engine parameters sole Smart Opportunistic Location Engine Configuration spanning tree Display spanning tree information startup config Contents of startup configuration static channel group static channel group membership terminal Display terminal configuration parameters timezone Display timezone upgrade status Display last image upgrade status users Display information about currently logged in users version Display software amp hardware version wireless Wireless configuration commands wlan acl wlan based acl WS5100 config dhcp show WS5100 config show dhcp config service dhcp ip dhcp option option189 189 ascii 1 ip dhcp pool vlan4 default router 2 2 2 1 network 4 4 4 0 24 address range 4 4 4 100 4 4 4 200 1 ip dhcp pool vlan2 l ip dhcp pool TestPool lease 200 12 30 domain name TestDomain bootfile DHCPbootfile netbios node type p node ddns domainname TestDomain address range 1 2 3 2 2 3 2 1 WS5100 config show
179. commands define a Certificate Authority CA trustpoint This is a separate instance but belongs to the crypto pki trustpoint mode under the config instance 11 1 Trustpoint PKI Config Commands summarizes config crypto trustpoint commands Table 11 1 Trustpoint PKI Config Command Summary Command Description Ref Clears the display screen Defines a company name for the trustpoint email Sets an e mail ID for the trustpoint end Ends the current mode and moves to the EXEC mode exit Ends the current mode and moves to the previous mode Sets the domain name of the trustpoint help Displays the interactive help system ip address Sets an IP address for the trustpoint no Negates a command or sets its defaults 11 2 11 1 1 11 1 2 WS5100 Series Switch CLI Reference Guide Table 11 1 Trustpoint PKI Config Command Summary Command Description Ret password Sets the challenge password applicable only for page 11 6 requests to access the trustpoint rsakeypair Defines a RSA Keypair to associate with the trustpoint page 71 7 service Invokes service commands to troubleshoot or debug page 11 7 the crypto pki trustpoint Instance configuration show Displays running system information page 11 9 subject name The subject name is a collection of required page 11 11 parameters to configure a trustpoint clrscr gt Trustpoint PKI Config Commands Clears the display
180. cryption Portchannel commands Show current privilege level RADIUS configuration commands Display redundancy group parameters crypto group 7 7 redundancy history Display state transition history of the switch redundancy members Display redundancy group members in detail running config Current Operating configuration securitymgr Securitymgr parameters sessions Display current active open connections snmp Display SNMP engine parameters snmp server Display SNMP engine parameters sole Smart Opportunistic Location Engine Configuration spanning tree Display spanning tree information startup config Contents of startup configuration static channel group static channel group membership terminal Display terminal configuration parameters timezone Display timezone upgrade status Display last image upgrade status users Display information about currently logged in users version Display software amp hardware version wireless Wireless configuration commands wlan acl wlan based acl WS5100 config crypto group show 7 8 WS5100 Series Switch CLI Reference Guide 7 1 8 wins gt Crypto Group Config Commands Specifies the Windows Internet Naming Service WINS servers to assign to a client Syntax wins lt IP Address gt lt IP Address gt Parameters lt IP Address gt The first WINS server address to assign lt IP Address gt optional Assign a second optional WINS server address Example
181. crypto isakmp encryption 3des WS5100 config crypto isakmp WS5100 config crypto isakmp encryption aes 256 WS5100 config crypto isakmp end gt Crypto ISAKMP Config Commands Ends and exits the current mode and changes to the PRIV EXEC mode The prompt changes to wS5100 Syntax end Parameters None Example WS5100 config crypto isakmp end WS5100 6 4 WS5100 Series Switch CLI Reference Guide 6 1 5 6 1 6 exit Crypto ISAKMP Config Commands Ends the current mode and moves to the previous mode GLOBAL CONFIG The prompt changes to wS5100 config Syntax exit Parameters None Example WS5100 config crypto isakmp exit WS5100 config group Crypto ISAKMP Config Commands Specifies the Diffie Hellman group 1 or 2 used by this IKE policy to generate keys which are then used to create the IPSec SA Syntax group 11215 Parameters 1 768 bit mod P 2 1024 bit mod P 5 Diffie Hellman group 5 Usage Guidelines The local IKE policy and the peer IKE policy must have matching group settings in order for negotiation to be successful Example WS5100 config crypto isakmp group 5 WS5100 config crypto isakmp 6 1 7 6 1 8 crypto isakmp 6 5 hash Crypto ISAKMP Config Commands Specifies the hash algorithm used to authenticate data transmitted over the IKE SA Syntax hash md5 sha Parameters md5 Choose the md5 hash algorithm sha Choose the
182. cted cold restart ay 23 14 07 21 2007 startup eie shutdown ungraceful unexpected cold show Common Commands Displays the settings for the specified system component There are a number of ways to invoke the show command e When invoked without any arguments it displays information about the current context If the current context contains instances the show command usually displays a list of these instances e When invoked with the display_parameter it displays information about that component Syntax show display parameter 2 24 WS5100 Series Switch CLI Reference Guide Parameters Display Parameters Description Mode Example autoinstall Displays the autoinstall configuration Common page 27 banner Displays the message of the day login Common page 27 banner commands Displays command lists Common page 28 crypto Displays current encryption details Common page 29 environment Displays environmental information Common page 32 history Displays the session command history Common page 32 interfaces Displays the current interface status and Common page 32 configuration ip Displays the internet protocol Common page 34 ldap Displays LDAP server configuration Common page 40 parameters licenses Displays the installed licenses if any Common page 41 logging Displays the logging configuration and Common page 47 buffer mac Displa
183. currently logged in users version Display software amp hardware version wireless Wireless configuration commands wlan acl wlan based acl WS5100 config wireless show wlan Wireless Configuration Commands Configures Wireless LAN related commands Syntax wlan lt 1 32 gt WLAN 80211 extensions aap proxy radius accounting add vlan answer bcast ess authentication type client bridge backhaul description dot11li enable encryption type hold time hotspot inactivity timeout kdc mobility mu mu disallow nac mode nac server qos radius secure beacon set vlan user limit ssid syslog vlan wep128 wep64 wlan lt 1 32 gt 80211 extensions move command enable wd wd wd lan lt l lan lt 1 lan lt l lan lt l Wireless Instance 20 49 32 gt aap proxy radius enable realm lt realm name gt strip 32 gt accounting none radius ssyslog 32 gt add vlan lt 1 4094 gt VLAN limit lt 0 4096 gt 32 gt authentication type eap hotspot kerberos mac auth none wlan lt x wW lan lt 1 interval opp pmk caching phrase pmk caching 1 32 gt client bridge backhaul enable 32 gt dot11i handshake key key rotation key rotation preauthentication second key tkip cntrmeas hold time Wi WwW lan lt 1 Lan lt 1 lan lt 1 32 gt dot1li handshake timeout lt 100 5000 gt retransmit lt 1 10 gt 32 gt key 0 2 WORD L 32 gt encryption type ccmp keyguard none t
184. cy runtime and configuration of the self switch Use config to view only configuration information and or runtime parameters Syntax show redundancy group config runtime Parameters config Displays configured redundancy group information runtime Displays runtime redundancy group information Example WS5100 config show redundancy group Redundancy Group Configuration Detail Redundancy Feature Disabled Redundancy group ID 1 Redundancy Mode Primary Redundancy Interface IP 0 0 0 0 umber of configured peer s 0 Heartbeat period 5 Seconds Hold period 15 Seconds Discovery period 30 Seconds Handle STP Disabled Switch Installed License 48 Switch running image version 3 1 0 0 008D Auto revert period 5 mins Auto revert Feature Disabled DHCP Server Redundancy Disabled Redundancy Group Runtime Information Redundancy Protocol Version 250 Redundancy Group License 0 Cluster AP Adoption Count Switch AP Adoption Count Redundancy State Not Applicable Not Applicable Disabled WS5100 Series Switch CLI Reference Guide Radio Portals adopted by Gr Radio Portals adopted by th oup is Switch Rogue APs detected in this Group Rogue APs detected by this MUs associated in this Grou Switch p plicable plicable plicable plicable plicable MUs associated in this Switch Selfhealing RPs in this Group Selfhealing APs in this Switch Group maximum AP adoption capacity Switch Adoption capacity Establis
185. d entries Keystrokes Purpose Backspace Deletes the character to the left of the cursor Ctrl D Deletes the character at the cursor Ctrl K Deletes all characters from the cursor to the end of the command line Ctrl W Deletes a word up to the cursor Esc D Deletes from the cursor to the end of the word 1 4 4 Re displaying the Current Command Line If you are entering a command and the system suddenly sends a message to your screen you can easily recall your current command entry To redisplay the current command line refresh the screen use the following key combination Keystrokes Purpose Ctrl L Re displays the current command line 1 4 5 Command Output pagination Output often extends beyond the visible screen length For cases where output continues beyond the screen the output is paused and a Press Any Key to Continue Q to Quit prompt displays at the bottom of the screen To resume the output press the Return key to scroll down one line or press the Spacebar to display the next full screen of output 1 4 6 Transposing Mistyped Characters If you have mistyped a command entry you can transpose the mistyped characters To transpose characters use the following key combination Keystrokes Purpose Ctrl T Transposes the character to the left of the cursor with the character located at the cursor Introduction 1 11 1 4 7 Controlling Capitalization Capitaliz
186. data source local ldap eap auth type t all authentication eap auth type ttls md5 ttls pap ttls mschapv2 peap gt c peap mschapv2 tls all peap gtc authentication eap auth type ttls md5 ttls pap ttls mschapv2 pe ap gtc peap mschapv2 tls all peap mschapv2 authentication eap auth type ttls md5 ttls pap ttls mschap v2 peap gtc peap mschapv2 tls all 19 1 16 Radius Server Instance 19 25 tls authentication eap auth type ttls md5 ttls pap ttls mschapv2 peap gt c peap mschapv2 tl1s al1 ttls md5 authentication eap auth type ttls md5 ttls pap ttls mschapv2 pe ap gtc peap mschapv2 tls all ttls mschapv2 authentication eap auth type ttls md5 ttls pap ttls mschap v2 peap gtc peap mschapv2 tls all ttls pap authentication eap auth type ttls md5 ttls pap ttls mschapv2 pe ap gtc peap mschapv2 tls all ca trust point MORE next page Space next line Enter quit Control C show Radius Configuration Commands Displays current system information running on the switch Syntax show lt paramater gt Parameters 2 Displays the parameters for which information can be viewed using the show command Example WS5100 config radsrv show access list Internet Protocol IP alarm log Display all alarms currently in the system autoinstall autoinstall configuration banner Display Message of the Day Login banner boot Display boot confi
187. ddress WS5100 config ext macl permit any any type arp WS5100 config ext macl The example below permits IP based traffic from a source MAC address to any destination MAC address WS5100 config ext macl permit host 11 22 33 44 55 66 any type ip WS5100 config ext macl service gt MAC Extended ACL Config Commands Invokes service commands to troubleshoot or debug config if instance configurations Syntax service clear diag shell save cli show start shell tethereal Parameters show cli Displays running system information 16 12 WS5100 Series Switch CLI Reference Guide Example WS5100 config ext macl service show cli MAC Extended ACL Config mode H clrser clrscer deny XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX deny permit mark 8021p lt 0 7 gt tos lt 0 255 gt XX XX XX XX XX XX XX XX XX XX XX XX host XX XX XX XX XX XX any XX XX XX XX XX XX XX XX XX XX XX XX host XX XX XX XX XX XX any vlan lt 1 4095 gt dotlp lt 0 7 gt type lt 1 65535 gt ip ipv6 arp wisp 80213 ra rp aarp appletalk ipx rule precedence lt 1 5000 gt dotlp lt 0 7 gt deny permit mark 8021p lt 0 7 gt tos lt 0 255 gt XX XX XX XX XX X X XX XX XX XX XX XX host XX XX XX XX XX XX any XX XX XX XX XX XX XX XX XX X X XX XX host XX XX XX XX XX XX any vlan lt 1 4095 gt dotlp lt 0 7
188. de Annotated Symbols The following document conventions are used in this document NOTE Indicate tips or special requirements A CAUTION Indicates conditions that can cause equipment damage or data loss AN WARNING Indicates a condition or procedure that could result in personal injury or equipment damage Notational Conventions The following notational conventions are used in this document e Italics are used to highlight specific items in the general text and to identify chapters and sections in this and related documents e Bullets e indicate e action items e lists of alternatives e lists of required steps that are not necessarily sequential e Sequential lists those describing step by step procedures appear as numbered lists Convention Example Token Description Valid Inputs bold Bold text indicates commands and keywords that you enter literally italics Italic text indicates arguments for which you supply values on off Grouping exactly one of a list of tokens Xi Convention Example Token Description Valid Inputs key1 key2 key Selective recursive multiple key1 key3 3 tokens allowed but each can only be used once Infinite recursive multiple key1 key1 key2 key3 key1 key2 key tokens allowed each can be key2 key3 3 used multiple times lt 1 10 gt Simple infinite recursive 126
189. de in writing and signed by a duly authorized representative of such party and no failure or delay in enforcing any right will be deemed a xvii waiver This Agreement shall be governed by the laws of the State of New York without regard to the conflicts of law provisions thereof The application the United Nations Convention of Contracts for the International Sale of Goods is expressly excluded Unless waived by Licensor for a particular instance any action or proceeding arising out of this Agreement must be brought exclusively in the state or federal courts of New York and Licensee hereby consents to the jurisdiction of such courts for any such action or proceeding This Agreement supersedes all prior discussions and writings and constitutes the entire agreement between the parties with respect to the subject matter hereof The prevailing party in any action arising out of this Agreement shall be entitled to costs and attorneys fees xviii WS5100 Series Switch CLI Reference Guide Contents Chapter 1 Introduction 1 1 CLI Overview as e ETE TOC 2 WS5100 Series Switch CLI Reference Guide 2 eo Ce E eT ee eee eee eee ee Teen eee ee eee ner tee ee eee 2 29 2 2 5 environment een ates A 2 32 220 MO id did eee Ze WS rt A eds 2 32 A Ved ed eye O A eas 2 34 A A PIN ERETTE T 2 40 rE Ml ad E EA NEIE E E cdts 2 41 A E EEE OE EO S EESE E A EE EA 2 41 2 2 42 22 13 mac address table 2 2 42 44 4
190. dering STP heartbeat period lt 1 255 gt Sets the redundancy heartbeat interval hold period lt 10 255 gt Sets the redundancy hold interval interface ip lt Switch IP gt Sets the redundancy interface IP address manual revert Reverts standby to non active mode member ip lt Member IP gt Adds a member to this redundancy group mode primary standby Sets the mode to either primary or standby Example WS5100 config WS5100 config WS5100 config WS5100 config WS5100 config WS5100 config WS5100 config WS5100 config WS5100 config WS5100 config redundancy discovery period 20 redundancy handle stp enable redundancy heartbeat period 20 redundancy hold period 25 redundancy mode primary 5 44 WS5100 Series Switch CLI Reference Guide 5 1 28 service Global Configuration Commands Use this command to retrieve system data tables log files configuration status and operation for use in debugging and problem resolution To view the service command of User Exec and Priv Exec Mode refer to service on page 2 5 Syntax service advanced vty dhcp diag password encryption pm prompt radius set show terminal length watchdog Parameters advanced vty Enables advanced mode vty interface dhcp Enables the DHCP server service diag Services diag password encryption Encrypts passwords in configuration
191. dress range command Se address range 192 168 0 30 192 168 0 30 4 To work properly a host pool should have the following 3 items configured e client name CLI is client name lt name gt e fixed address CLI is host lt ip gt e hardware address client identifier The hardware address Is hardware address lt addr gt The client identifier is client identifier lt id gt If you use client identifier instead of hardware address a DHCP client sends the client identifier when it requests for IP address The Client identifier has to be configured in the DHCP Client as an ASCII value and the same has to be used in the DHCP server option for example the Client identifier option 5 A host pool should have its corresponding network pool configured otherwise the host pool is useless The fixed IP address configured in the host pool must be in the subnet of the corresponding network pool 6 If you create a pool and map it to interface it automatically gets enabled provided DHCP is enabled at a global level Use the no network command to disable DHCP on per pool interface basis 7 To set a newly created pool as a network pool use one of the following CLI commands e network for example network 192 168 0 0 24 e address range for example address range 192 168 0 30 192 168 0 50 8 To set a newly created pool as a host pool use one of the following CLI commands e host for example host 192 168 0 1 e client name Eg client name
192. e Common Name Issuer Name Common Name Valid From Valid Until Trustpoint default trustpoint WS5100 config show crypto pki trustpoints Symbol Technologies Symbol Technologies May 17 14 48 25 2007 GMT May 16 14 48 25 2008 GMT Trustpoint test Server certificate configured Subject Name Common Name Organizational Unit Organization Location State Country Issuer Name Common Name Organizational Unit Organization nn nn nn nn nn nn nn nn nn Vali Vali Trustp Serv Su Is Vali Vali WS5100 11 1 14 subje crypto trustpoint Instance 11 11 Location nn State nn Country nn d From Jun 8 19 21 55 2007 GMT d Until Jun 7 19 21 55 2008 GMT oint testl er certificate configured bject Name Common Name mm Organizational Unit mm Organization mm Location mm State mm Country mm suer Name Common Name mm Organizational Unit mm Organization mm Location mm State mm Country mm d From Jun 8 19 24 38 2007 GMT d Until Jun 7 19 24 38 2008 GMT config ct name gt Trustpoint PKI Config Commands Creates a subject name to configure a trustpoint The subject name is a collection of required parameters to configure a trustpoint Syntax subjec t name Parameters WORD Enter brief descriptions when prompted 11 12 WS5100 Series Switch CLI Reference Guide Example WS5100 config WORD Cou
193. e Valid From Valid Until Symbol Technologies Symbol Technologies Sep 13 16 14 49 2006 GMT Sep 13 16 14 49 2007 GMT Trustpoint tptest CA certificate configured Subject Name Common Name monarch Organizational Unit wid Organization symbol Location bangalore State karnataka Country in email testuser domain com Issuer Name Common Name monarch Organizational Unit wid Organization symbol Location bangalore State karnataka Country in email testuser domain com Valid From Sep 11 05 48 52 2006 GMT Valid Until Sep 11 05 48 52 2007 GMT 2 32 WS5100 Series Switch CLI Reference Guide 2 2 5 environment 2 2 6 2 2 7 Common to all modes Syntax show environment Parameters None Example WS5100 gt show environment CPU temperature 33 0 C system temperature 33 0 C CPU fan 4354 rpm Case fan 8766 rpm WS5100 gt history Common to all modes Syntax show history Parameters None Example WS5100 gt show history 1 show clrscr enable GlLeser configure terminal exit clrscr 8 show history WS5100 gt ZO OB WD interfaces Common to all modes Syntax show interfaces IFNAME eth lt 1 2 gt switchport vlan Common Commands 2 33 Parameters IFNAME Displays the interface name eth Displays ethernet interface information switchport Displays native VLAN s and allowed VLAN information on switch ports vlan Displays VLAN i
194. e deny Denies association to mobile units that match this rule Starting MAC Address Starting MAC address in AA BB CC DD EE FF format Ending MAC Address Ending MAC address in AA BB CC DD EE FF format Range List of WLAN Set the list 1 3 7 or range 3 7 of WLAN indices Indices WORD Optional radio description substring Example WS5100 config wireless mac auth local 452 allow 12 11 11 120 12 11 11 150 3 7 TestString WS5100 config wireless 20 24 WS5100 Series Switch CLI Reference Guide 20 1 22 manual wlan mapping Wireless Configuration Commands Manually maps WLANs configured on a radio Syntax manual wlan mapping Parameters enable Enables support for manual WLAN mapping Example WS5100 config wireless manual wlan mapping enable WS5100 config wireless 20 1 23 mobile unit Wireless Configuration Commands Configures mobile unit related parameters Syntax mobile unit association history enable probe history mobile unit probe history add lt 1 200 gt lt MAC Address gt enable Parameters association history Enables a mobile unit s association history e enable Enables a mobile unit s association history probe history Mobile unit probe logging configuration commands e add lt 1 200 gt Adds a mobile unit to probe history logging Select an index value between 1 and 200 to add probe logging MAC e MAC Address Sets the MAC address of the mobile used for pro
195. e lt 1 15 gt interface IF NAMEJeth lt 1 2 gt vlan lt 1 4094 gt Displays instance information e IF Name Displays the interface name e eth lt 1 2 gt Defines the Ethernet interface e vlan 1 4094 gt Defines the VLAN interface Example WS5100 config show spanning tree mst config MSTP Configuration Information for bridge 1 Format Id 0 Name My Name Revision Level 0 Digest 0xAC36177F50283CD4B83821D8AB2 6DE62 WS5100 config WS5100 config show s Ao Ao CIST Root Path Cost 32768 Forward Delay 15 1 CIST Root Id 800 1 CIST Reg Root Id 1 CST Bridge Id 80 oe oe a Je Ao panning tree mst detail interface eth 1 Bridge up Spanning Tree Disabled 0 CIST Root Port 0 CIST Bridge Priority Hello Time 2 Max Age 20 Max hops 20 0000000000000 8000000000000000 0000a0f865ea8e portfast bpdu filter disabled 2 58 WS5100 Series Switch CLI Reference Guide portfast bpdu guard disabled portfast errdisable timeout disabled portfast errdisable timeout interval 300 sec cisco interoperability not configured Current cisco interoperability off ethl Port 2001 Id 87d1 Role Disabled State Forwarding thl Designated External Path Cost 0 Internal Path Cost 0 ethl Configured Path Cost 2000000 Add type Explicit ref count 1 thl Designated Port Id 0 CST Priority 128 ethl CI
196. e a larger bandwidth The static channel group is used to provide additional bandwidth in multiples of 1Gbps on the switch All MAC layer and higher protocols see only the static channel group aggregate link rather than the individual ports that comprise it Example WS5100 config if static channel group 2 WS5100 config if 12 1 19 switchport Interface Config Commands interface Instance 12 19 Sets switching mode characteristics for the selected interface Syntax switchport access mode trunk switchport access vlan lt 1 4094 gt switchport mode access trunk switchport trunk allowed native switchport trunk allowed vlan add none remove VLAN 1D switchport trunk native tagged vlan lt 1 4094 gt Parameters access Configures the access VLAN of an access mode port e vlan lt 1 4094 gt Sets the VLAN when interface is in access mode mode Sets the mode of the interface to access or trunk mode Can only be used on physical layer2 interfaces e access lf access mode is selected the access VLAN is automatically set to VLAN1 In this mode only untagged packets in the access VLAN vlan1 are accepted on this port All tagged packets are discarded e trunk If trunk mode is selected tagged VLAN packets VLANs are accepted The native VLAN is automatically set to VLAN1 Untagged packets are placed in the native VLAN by the switch Outgoing packets in the native VLAN are sent untagged trunk
197. e clear command clears the interface Access the GLOBAL CONFIG mode from the PRIV EXEC mode In the GLOBAL CONFIG mode enter commands that set general system characteristics Configuration modes allow you to change the running configuration If you save the configuration later these commands are stored across switch reboots Access a variety of protocol specific or feature specific modes from the global configuration mode The CLI hierarchy requires you access specific configuration modes only through the global configuration mode You can also access sub modes from the global configuration mode Configuration sub modes define specific features within the context of a configuration mode Table 1 1 summarizes the commands available from the switch Table 1 1 WS5100 CLI Hierarchy User Exec Mode Priv Exec Mode Global Configuration Mode clear acknowledge aaa clrscr archive access list cluster cli cd autoinstall debug change passwd banner disable clear bridge enable clock country code exit clrscr crypto Introduction 1 3 User Exec Mode Priv Exec Mode Global Configuration Mode help cluster cli errdisable logout configure fallback no copy ftp page debug hostname ping delete interface quit diff ip service dir ine show disable ocal telnet edit ogging terminal enable mac traceroute erase mac address table exit management halt ntp
198. e empty and you must backup until entering a shows the available options Two styles of help are provided 1 Full help is available when you are ready to enter a command argument e g show and describes each possible argument 2 Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input e g show ve WS5100 gt Using the no and default Forms of Commands Almost every command has a no form Use the no form to disable a feature or function Use the command without the no keyword to re enable a disabled feature or enable a feature disabled by default Basic Conventions Keep the following conventions in mind while working within the CLI e Always use at the end of a command to view sub modes that can be used If yes type the first few characters of the sub mode and press the tab key to add the sub mode Continue using until you reach the final sub mode you would like to use e Pre defined CLI commands and keywords are case insensitive cfg Cfg CFG However for clarity CLI commands and keywords are displayed in this guide using mixed case For example apPolicy trapHosts channelInfo e Enter commands in uppercase lowercase or mixed case Only passwords are case sensitive 1 4 1 4 1 Introduction 1 7 e If an instance name or other parameter contains whitespace the name must be enclosed in quotes WS5100 Cfg gt spol Default Switch
199. e mac max mobile units mu power lt 0 20 gt neighbor smart scan on channel scan radio number reset reset ap rss rts threshold run acs self heal offset short preamble speed tag type timeout wmm radio lt 1 1000 gt bss lt 1 4 gt add wlans auto gt WLAN radio lt 1 1000 gt base bridge enable max clients lt 1 12 gt radio lt 1 1000 gt bridge fwd delay lt 4 30 gt radio lt 1 1000 gt bridge hello lt 1 10 gt radio lt 1 1000 gt bridge max ageout lt 4 3600 gt 20 30 WS5100 Series Switch CLI Reference Guide radio lt 1 1000 gt bridge msg age lt 6 40 gt radio lt 1 1000 gt bridge priority lt 0 65535 gt radio lt 1 1000 gt channel power indoor outdoor lt 1 200 gt acs random lt 4 20 gt radio lt 1 1000 gt client bridge enable mesh timeout lt 2 200 gt ssid SSID name radio lt 1 1000 gt coordinates lt 65535 65535 gt lt 65535 65535 gt radio 1 copy config from lt 1 1000 gt default lla default 11b default 11bg radio lt 1 1000 gt dtim period lt 1 50 gt bss lt 1 4 gt radio lt 1 1000 gt location led start flashing stop flashing radio lt 1 1000 gt speed 1 11 12 18 2 24 36 48 54 5p5 6 9 basicl basicll basicl2 basicl18 basic2 basic24 basic36 basic48 basic54 basic5p5lbasic6 basic9 default range throughput radio lt 1 1000 gt wmm background best effort video voice aifsn lt 1 15 gt burst lt 0 65535 gt cw lt 0 15 gt radio lt 1 1000 gt wmm video
200. e or lowercase words with a few simple key sequences The switch s CLI commands are generally case insensitive and all in lowercase To change the capitalization of commands use one of the following k sequences Keystrokes Purpose Esc C Capitalizes the letters to the right of cursor Esc L Changes the letters at the right of cursor to lowercase 1 12 WS5100 Series Switch CLI Reference Guide Common Commands This chapter describes the CLI commands used in the USER EXEC and PRIV EXEC modes The PRIV EXEC command set contains those commands available within the USER EXEC mode Some commands can be entered in either mode Commands entered in either USER EXEC mode or PRIV EXEC mode are referred to as EXEC mode commands If a user or privilege is not specified the referenced command can be entered in either mode 2 1 Common Commands summarizes available common commands Command Table 2 1 Common Commands in WS5100 Description Clears the display screen Ref Ends the current mode and moves to the previous mode help Displays the interactive help system no Negates a command or sets its defaults Services or debugs the switch show Shows running system information 2 2 2 1 1 2 1 2 2 1 3 WS5100 Series Switch CLI Reference Guide clrscr Common Commands Clears the screen and refreshes the prompt Syntax clrscr Parameters None Example WS5100
201. e switch Syntax banner motd LINE default Parameters motd Sets the message of the day banner LINE Defrine a custom MOTD string default Sets a default MOTD string Example WS5100 config banner motd Welcome to my WS5100 CLI WS5100 config WS5100 release 3 0 2 0 003B Login as cli to access CLI WS5100 login cli Welcome to my WS5100 CLI Welcome to my WS5100 CLI WS5100 gt WS5100 config banner motd default WS5100 config WS5100 release 3 0 2 0 003B Login as cli to access CLI WS5100 login cli Welcome to CLI Welcome to CLI WS5100 gt 5 1 5 5 1 6 Global Configuration Commands 5 13 boot Global Configuration Commands Reboots the switch with an image in the mentioned partition either the primary or secondary partition Syntax boot system primary secondary Parameters system Specifies the boot image used after reboot primary Specifies the primary image secondary Specifies the secondary image Example WS5100 config boot system primary Wireless switch will be rebooted do you want to continue y n y Do you want to save the configuration y n y The system is going down NOW Connection is closed by administrator Please stand by while rebooting the system bridge Global Configuration Commands Configures bridge specific commands Syntax bridge multiple spanning tree enable Parameters multiple spanning tree Enabl
202. e the BPDU Bridge Protocol Data Unit Guard feature on a bridge Use the no parameter with this command to disable BPDU Guard When the BPDU Guard is set for a bridge all portfast enabled ports of the bridge that have BPDU guard set to default shut down the port on receiving a BPDU In this case the BPDU is not processed The port can be brought back up manually using the no shutdown command or by configuring a errdisable timeout to enable the port after the specified interval Usage Guidelines The mst gt configuration command moves you to the spanning tree mst Instance on page 13 1 Instance instance If a bridge does not hear bridge protocol data units BPDUs from the root bridge within the specified interval defined in the max age seconds parameter assume the network has changed and recomputed the spanning tree topology Generally spanning tree configuration settings in config mode performs the configuration for bridge and bridge instances for the switch Example WS5100 config spanning tree portfast bpduguard default WS5100 config WS5100 config spanning tree mst configuration WS5100 config mst 5 60 5 1 32 5 1 33 WS5100 Series Switch CLI Reference Guide timezone Global Configuration Commands Configure switch timezone settings Syntax timezone Parameters TIMEZONE Press lt tab gt to traverse a list of files This displays a list of files containing timezone information
203. eaprkoretecserhediecorerenesadbacd 9 8 A A EE adoadeee Aceadonatee 9 9 NEG Pere ree ee ete Ce A 9 9 EE A eaten each pine A we 19 11 A 19 12 ARAS A tnd E dea alron 19 13 VOU SN ideas 19 13 19 1 7 12 Example Creating a Group 00 ccc eee en 19 15 A aaea a aaa beta e inaa 19 16 DES MA is di 19 17 ESO AA AE EE EE EE AEE IN 9 19 Te UAT viaria a 19 20 WO ROS os ccaktektngeehie A ceed aks 19 21 AOA HAE cr ceca oo bane E T E EE EAI TE E E EN 9 22 CN AA 9 23 A O AN 9 24 A A ar eaen eE 9 25 Chapter 20 Wireless Instance 20 1 Wireless Configuration COMMANdS oooooooooccoco corro 20 1 CUA Gay EEE ET EEEN ang cease ath anaenaaee ITAA eased 20 4 20 1 2 AUOPHUNCONIATAEIO 4 n0s ocnchcnnrearieroreraeteorseareeoasardemacadcarons 20 4 20 1 3 adoption pref id 2 0 0 2 e neces 20 5 TOC 12 WS5100 Series Switch CLI Reference Guide 20 1 1 20 1 1 20 1 1 20 1 1 20 1 1 20 1 1 20 1 1 20 1 1 20 1 1 20 1 20 1 20 1 20 1 20 1 20 1 20 1 20 1 20 1 20 1 20 1 20 1 20 1 20 1 20 1 20 1 20 1 20 1 e Oo oo I OF OT E N N O 22 ed 24 25 26 2 28 29 30 gt gt de E 34 ao 3 36 at oon no fF UN BDC CHON Rar A beeen deu estaa a 1 DOOR COOP ba oge sant reaen need e EN E EE A ESTON T E E T E NEAT 20 10 20 1 10 1 config wireless client list 00 0 0 aana 20 12 E A E E NS EE SET EE A AEE EEE 20 14 SN 20 14 A 20 15 A O E T dot11 shared key auth
204. ease press If nothing matches the help list will be empty and you must backup until entering a shows the available options Two styles of help are provided 1 Full help is available when you are ready to enter a command argument e g show and describes each possible argument 2 Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input e g show ve WS5100 config radsrv Idap server Radius Configuration Commands Sets the LDAP server s configuration It uses the exisitng external database active directory with the onboard RADIUS server instead of the local database on the switch Syntax ldap server primary secondary host A B C D Parameters primary Sets the primary LDAP server s configuration secondary Defines the secondary LDAP server s configuration host lt LDAP IP Address gt Sets the LDAP server s IP configuration e A B C D Defines the LDAP server IP address port lt number gt Enter the TCP IP port number for the LDAP server acting as the data source login Use the following as the login sAMAccountName St ripped User Name User Name bind dn Specifies the distinguished name to bind with the LDAP server 19 18 WS5100 Series Switch CLI Reference Guide base dn Specifies a distinguished name that establishes the base object for the search The base object is the point in the LDA
205. eck the stauts Note that the VLAN has now been disassociated and the status is DOWN WS5100 config show ip interface brief Interface IP Address Status Protocol vlanl 157 235 208 69 DHCP up up vlan3 unassigned administratively down down WS5100 config 2 The above example could also occur when a DHCP interface is disconnected DHCP is not effected though because it runs on a virtual interface and not on a physical interface In this case it is the physical interface that is disconnected not the virtual interface When the ethernet interface comes back up it will restart the dDHCP client on any virtual interfaces SVIs of which the physical interface is a member port This ensures if the interface was disconnected and reconnected to a different interface it will obtain a new IP address route name server domain name etc corresponding to the new DHCP server configuration Example WS5100 config show ip access group eth 1 Interface ethl Inbound IP Access List Inbound MAC Access List WS5100 config show ip access group vlan 1 Interface vlanl Inbound IP Access List WS5100 config show ip access group eth2 Interface eth2 Inbound IP Access List Inbound MAC Access List WS5100 show ip dhcp binding IP MAC Client Id Type Expiry Time WS5100 config show ip dhcp class l ip dhcp class TestClass2 option user class MC900 l ip dhcp class BlahBlahBlah l ip dhcp class ClassNameTest 2 38 WS5100 Ser
206. ed do you want to continue y n y 4 1 19 kill Priv Exec Command Kills terminates a specified session Syntax kill session lt 1 16 gt Parameters session Active session There are 16 active sessions which can be terminated 4 20 4 1 20 WS5100 Series Switch CLI Reference Guide Example Telnet to switch xyz xyz xyz telnet 157 239 208 93 Trying 157 235 208 93 Connected to 157 235 208 93 157 235 208 93 Escape character is WS5100 release 3 0 0 0 19193X Login as cli to access CLI WS5100 login root WS5100 show sessions SESSION USER LOCATION IDLE START TIME Exe T root Console 00 00m Jan 1 00 00 00 1970 2 root 157 235 208 105 00 38m Jan 1 00 00 00 1970 3 root 157 235 208 105 00 00m Jan 1 00 00 00 1970 WS5100 kill session 9 Error Invalid session number WS5100 kill session 3 Connection closed by foreign host xyz xyz xyz logout Priv Exec Command Exits from the EXEC mode Syntax logout Parameters None Privileged Exec Commands 4 21 Example WS5100 logout WS5100 release 3 0 0 0 200B Login as cli to access CLI WS5100 login 4 1 21 mkdir Priv Exec Command Creates a new directory in the filesystem Syntax mkdir DIR Parameters DIR Directory name Example WS5100 mkdir TestDIR WS5100 4 1 22 more Priv Exec Command View the contents of a file Syntax more FILE
207. ed not sold This Agreement does not give Licensee any rights not expressly granted herein xiv WS5100 Series Switch CLI Reference Guide INTELLECTUAL PROPERTY CONTENT All title and intellectual property rights in and to the Software including but not limited to any images photographs animations video audio music text and applets incorporated into the Software and any copies you are permitted to make herein are owned by Licensor or its suppliers All title and intellectual property rights in and to the content which may be accessed through use of the Software is the property of the respective content owner and may be protected by applicable copyright or other intellectual property laws and treaties This EULA grants you no rights to use such content As a condition to Licensee s use of the Software Licensee represents warrants and covenants that Licensee will not use the Software i to infringe the intellectual property rights or proprietary rights or rights of publicity or privacy of any third party ii to violate any applicable law statute ordinance or regulation ili to disseminate information or materials in any form or format Content that are harmful threatening abusive harassing tortuous defamatory vulgar obscene libelous or otherwise objectionable or iv to disseminate any software viruses or any other computer code files or programs that mayinterrupt destroy or limit the functionality of any computer so
208. ee space between 0 0 and 100 0 percent e routecache lt 0 65535 gt Configures IP route cache usage Set between 0 and 65553 e tempreature lt 1 8 gt Sets the temperature sensor for the switch Set as many as 8 temperature sensors e period lt 100 30000 gt Configures the diagnostics period Seta value between 100 30000 milli seconds The default value is 1000 milliseconds diag shell Provides diag shell access encrypt Encrypt password or key with secret e secret Encrypt passwords keys with secret phrase e 2 Type of encryption SHA256 AES256 PASSPHRASE Passphrase for encryption ENCRYPT_KEY Plaintext password or key to encrypt Common Commands 2 15 pktcap on bridgefinterfacefrouter von count filterlverbose write Packet capture e on Defines the Capture location e bridge Captures at the bridge e count Limits the capture packet count e filter Captures the filter e verbose Displays full packet body e write Captures to a file e interface Captures at an interface e WORD Interface name e ge GigabitEthernet interface e mel FastEthernet interface e sa StaticAggregate interface e vlan VLAN e router Capture at the router e count Limits capture packet count e filter Captures filter e verbose Displays the full packet body e write Captures to a file e vpn Capture at the VPN e count Limits capture pac
209. een 9 and 64 characters Example WS5100 config trustpoint fqdn RetailKing com WS5100 config trustpoint 11 1 7 11 1 8 crypto trustpoint Instance 11 5 help gt Trustpoint PKI Config Commands Displays the systems interactive help system Syntax help Parameters None Example WS5100 config trustpoint help CLI provides advanced help feature When you need help anytime at the command line please press If nothing matches the help list will be empty and you must backup until entering a shows the available options Two styles of help are provided 1 Full help is available when you are ready to enter a command argument e g show and describes each possible argument 2 Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input e g show ve WS5100 config trustpoint ip address gt Trustpoint PKI Config Commands Sets an IP address for the trustpoint Syntax ip address Parameters A B C D Enter the IP address for the trustpoint Example WS5100 config trustpoint ip address 157 200 200 02 WS5100 config trustpoint 11 6 WS5100 Series Switch CLI Reference Guide 11 1 9 no gt Trustpoint PKI Config Commands Negates a command or sets its defaults Syntax no lt previous command used gt Parameters None Example WS5100 config trustpoint no ip address WS5100 config trustpoint
210. efines an existing user name in this group all Removes all users from this group service Invokes service commands for troubleshooting or debugging the parameters of the group radius Disables the RADIUS server Example WS5100 config radsrv group no policy day WS5100 config radsrv group WS5100 config radsrv group no policy time WS5100 config radsrv group WS5100 config radsrv group no policy vlan WS5100 config radsrv group WS5100 config radsrv group no policy wlan 2 5 WS5100 config radsrv g WS5100 config WS5100 config radsrv g radsrv g radsrv g roup roup tfno rad user all roup roup no service radius SInfo Radius service stopped WS5100 config I 5 WS 100 config radsrv g roup Radius Server Instance 19 11 19 1 7 8 policy Radius Configuration Commands Sets the authorization policies for a particular group like day time of access WLANs allowed etc NOTE A user based VLAN is effective only if dynamic VLAN authorization is enabled for the WLAN as defined within the WLAN Configuration screen Syntax policy day time vlan wlan policy day all fr mo sa su th tu we weekdays ploicy time start end lt 0 23 gt lt 0 59 gt policy vlan lt 1 4094 gt Parameters day Day of access policy configuration all All days from Sunday to Saturday tr Friday mo Monday sa Saturday su Sunday
211. encryption secret e LINE Set passphrase between 8 and 63 characters pmk caching Enables the use of cached pairwise master keys fast roaming with eap 802 1X preauthentication Enables support for 802 111 pre authentication second key enable key phrase 0 2 WORD Configures a secondary set of key passphrase for this WLAN e enable Enables the use of a secondary key passphrase e key Configures the key PMK e phrase Configures the passphrase e 0 Password is specified as UNENCRYPTED e 2 Password is encrypted with password encryption secret 20 54 WS5100 Series Switch CLI Reference Guide e WORD Sets the 256bit 64 hex characters key e tkip cntrmeas hold time lt 0 65535 gt Configures the hold time in seconds that clients are blocked whenTKIP countermeasures are invoked Default is 60 seconds e wpa2 tkip enable Enables support for WPA2 TKIP in addition to WPA TKIP when TKIP is enabled on this WLAN enable Enables specified WLAN s encryption type Sets the encryption type for this WLAN Options include e ccmp AES Counter Mode CBC MAC Protocol AES CCM CCMP keyguard Keyguard MCM Mobile Computing Mode none No encryption tkip Enables Temporal Key Integrity Protocol TKIP tkip ccmp Enables both TKIP and CCMP on this WLAN wep128 Enables Wired Equivalence Privacy WEP with 128 bit keys wep128 keyguard Enables WE
212. ent RAM used by a process percent free RAM cache usage limit WS51 128 128k 16k 1k 256 2k 32 32k 4k 12 128 by 128k b 16k by 1k by 256 b 2k by 32 by 32k b 4k by 12 b 4 by 4k b k by y y y k y 00 00 Ul 3 4 6 4 6 k 8 te buffer y te buffer e buffer te buffer e buffer e buffer te buffer e buffer te buffer e buffer te buffer temperatur l0O0 service diag limit buffer te buffer limi limi limit limit limi Limi lim Limi lim lim Limi lim e buffer 1 CP SRE Cr eek Aer e UN Limi 2 22 WS5100 Series Switch CLI Reference Guide WS5100 gt service show command history WS5100 gt service show command history Configured size of command history is 200 Date amp Time User Location Command ay 31 21 57 44 2007 ay 31 20 30 11 2007 ay 31 20 27 08 2007 ay 31 20 18 03 2007 ay 31 20 17 32 2007 ay 31 20 17 26 2007 ay 31 18 32 42 2007 ay 31 18 32 29 2007 ay 31 18 31 48 2007 ay 31 18 31 45 2007 ay 29 15 40 04 2007 ay 29 15 23 43 2007 ay 29 15 23 36 2007 ay 29 15 23 19 2007 ay 29 15 23 19 2007 ay 29 15 23 03 2007 ay 29 15 22 48 2007 ay 29 15 22 45 2007 ay 25 21 32 27 2007 ay 25 21 32 21 2007 ay 24 18 34 36 2007 ay 24 18 34 21 2007 ay 23 19 07 35 2007 ay 23 19 06 59 2007 ay 23 14 36 09 2007 ay 21 16 37 13 2007 ay 21 16 34 36 2007 admin vty 130 exit admin vty 130 configure terminal admin vty 130 enable
213. er status e adapter Displays the current SOLE adapter status e engine ADAPTER Show the external location engine status for SOLE adapter Example WS5100 show sole config adapter SOLE Adapter Adapter Type AeroScout Adapter Version 2 01 Configured Status enabled Operational Status enabled Adapter Build Time WS5100 Thu Sep 13 21 44 45 2007 WS5100 show sole status adapter Type Status WS5100 show sole stats adapter Adapter Type AeroScout Adapter Status enabled Number of messages received from engine Number of messages sent to engin Number of tag reports sent to engine Time at which last message was received from engine Time at which last message was sent to engin Bh WS5100 LOOO WS5100 show sole status engine Type Engine AeroScout 0 0 0 0 ws5100 State 2 2 26 spanning tree Common to all modes Syntax Common Commands 2 57 show spanning tree mst config detail interface IF Nameleth lt 1 2 gt vlan lt 1 4094 gt instance lt 1 15 gt interface IF NAME eth lt 1 2 gt vlan lt 1 4094 gt Parameters config Displays MSTP configuration information detail interface IF Nameleth lt 1 2 gt vlan lt 1 4094 gt Displays detailed interface information e F Name Displays the interface name e eth lt 1 2 gt Defines the Ethernet interface e vlan 1 4094 gt Defines the VLAN interface instanc
214. ers of startup configuration erminal configuration parameters imezone ast image upgrade status nformation about terminal lines oftware hardware version configuration commands r O Display debug info for ACL VPN and NAT e 5 S trust point S Server Trust po CA Trust point WS5100 config int def def ault trustpoint ault trustpoint Wireless Instance Use the config wireless instance to configure local RADIUS server parameters associated with the switch 20 1 Wireless Configuration Commands summarizes config wireless commands Table 20 1 Wireless Config Command Summary Command Description Ret Sets Adaptive AP AAP related commands adopt unconfradio Adopts a radio even if its not yet configured The default templates can be used for configuration Used as a preference identifier for this switch All radios configured with this preference identifier are more likely to be adopted by this switch Displays access port related commands ap detection Defines the AP detection configuration Modifies static IP information for access ports WS5100 Series Switch CLI Reference Guide Table 20 1 Wireless Config Command Summary Continued Command Description Ret ap timeout Changes the default inactivity timeout for page 20 9 access ports ap udp port Configures the UDP port for APL3 adoption page 20 9 NOTE Enable t
215. ers None Example WS5100 config crypto group help CLI provides advanced help feature When you need help anytime at the command line please press If nothing matches the help list will be empty and you must backup until entering a shows the available options Two styles of help are provided 1 Full help is available when you are ready to enter a command argument e g show and describes each possible argument 2 Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input e g show ve WS5100 config crypto group crypto group 7 5 7 1 6 service Crypto Group Config Commands Invokes the service commands used to trobuleshoot or debug the config crypto isakmp instance configurations Syntax service show cli Parameters cli Displays the CLI tree of current mode Example WS5100 config crypto group service show cli Crypto Client Config mode clrscr clrscr dns A B C D dns A B C D do LINE do LINE end end t exit exit t help help quit quit s commands show commands WORD show commands WORD running config show running config full show running config full include factory show running config include factory service show cli service show cli show access list show access list lt 1 99 gt show access list lt 1 99 gt lt 100 199 gt
216. es with bad ESSIDs beacon broadcast essid Enables an AP detector to find beacons with broadcast ESSIDs invalid 8021x frame Detects invalid 802 1x frames invalid frame length Detects frames with an invalid length invalid frame type Detects frames with an invalid type multicast source Broadcast or multicast source non changing wep iv Detects frames wit h a non changing WEP IV null destination Sets all zeros for an address same source destination Identical source and destination addresses tkip countermeasures Filters mobile units causing TKIIP countermeasures e unencrypted traffic Detects unencrypted traffic e weak wep iv Uses weak WEP sequence numbers e enable Enables monitoring and filtering e filter ageout Sets the number of seconds mobile units are filtered out detect window lt 5 300 gt Sets the number of seconds information is collected before analysis All thresholds are a function of this window size 20 22 WS5100 Series Switch CLI Reference Guide ex ops Sets values related to the detection of excessive operations on the RF network 80211 replay fails 802 11 replay check failure all Changes for all types of excessive operations association requests 802 11 authentication and association requests authentication fails Failure to authenticate with servers RADIUS Kerberos crypto replay fails TKIP CCMP IV replay check
217. es Multiple Spanning Tree Protocol MSTP enable commands 5 14 WS5100 Series Switch CLI Reference Guide Usage Guidelines Enables or disables MSTP globally Use a no command with the bridge forward parameter to disable MSTP and change all ports to a forwarding state Example WS5100 config bridge multiple spanning tree enable WS5100 config 5 1 7 country code Global Configuration Commands Sets the country of operation Syntax country code Parameters None Usage Guidelines Erases all existing radio configuration Example WS5100 config country code ae United Arab Emirates ar Argentina at Austria au Australia ba Bosnia Herzegovina be Belgium bg Bulgaria bh Bahrain bm Bermuda br Brazil bs Bahamas by Belarus ca Canada ch Switzerland cl Chile cn China co Colombia cr Costa Rica cy Cyprus cz Czech Republic de Germany Denmark Dominican Republic Ecuador Estonia Egypt Spain Finland France United Kingdom Greece Guatemala Guam Hong Kong Honduras Croatia Haiti Hungary Indonesia Ireland Israel India Iceland Italy Jordan Japan South Korea Kuwait Kazakhstan Liechtenstein Sri Lanka Lithuania Luxembourg Latvia orocco alta exico alaysia Netherlands Norway New Zealand Oman Peru Philippines Pakistan Poland Portugal Qatar Romania Russia Global Configuration Commands 9 15 5 16 WS5100 Series Switch CLI Reference Guide sa Saudi Ara
218. ess 4 4 4 4 WS5100 config In the example above key 12345678 is associated with IP address 4 4 4 4 Currently you can delete this key by using the no command and a wrong key number Example WS5100 config erypto pki authenticat Authenticat enroll export import trustpoint nroll xport Import ad WS5100 config crypto pki trustpoint WORD Trustpoint Name WS5100 config crypto pki trustpoint WS5100 config trustpoint Trustpoint Config commands Clears the display screen Company Name Applicable only for request clrscr company name email end exit fqdn help ip address no password rsakeypair service show email End current End current Domain Name Description of th mode and mode and Configuration int and import CA Certificate Define a CA trustpoint Test change to EXEC mode down to previous mode ractiv Internet Protocol I Negate a command or Challenge Password A Rsa Keypair to assoc Service Commands Show running system subject nam Subject Nam to configure a trust WS5100 config trustpoint is a col help system P set its defaults pplicable only for request late with the trustpoint information llection of required parameters point 5 1 9 5 1 10 do Global Configuration Commands Global Configuration Commands Runs commands from either the User Exec or Priv Exec mode
219. et its content is checked against all ACEs in the ACL It is marked based on the ACL configuration e Filtering protocol types TCP UDP allows the user to specify port numbers as filtering criteria e Select ICMP to allow deny ICMP packets Selecting ICMP allows you to filter packets based on the ICMP type and code NOTE The log option is functional only for router ACL s The log option provides an informational logging message about the packet matching the entry sent to the console Example The example below marks the dot1p priority value in the ethernet header to 5 on all TCP traffic coming from the source subnet WS5100 config ext nacl mark 8021p 5 tcp 192 168 2 0 24 any WS5100 config ext nacl The example below marks the tos value in the IP header to 245 on all tcp traffic coming from the source subnet WS5100 config ext nacl mark tos 245 tcp 192 168 2 0 24 any WS5100 config ext nacl 14 12 WS5100 Series Switch CLI Reference Guide 14 1 7 no Extended ACL Config Commands Negates a command or sets its defaults Syntax no deny mark permit Negates all the syntax combinations used in the deny mark and permit designations to configure the Extended ACL Parameters deny Specifies packets to reject mark Specifies packets to mark permit Specifies packets to forward Usage Guidelines Removes an access list control entry Provide the rule precedence value when using the no comm
220. ets its defaults Specifies packets to forward 14 2 WS5100 Series Switch CLI Reference Guide 14 1 1 14 1 2 Table 14 1 Extended ACL Config Command Summary Continued Command Description Ret service Invokes the service commands to troubleshoot or page 14 18 debug config if instance configurations show Displays running system information page 14 20 terminal Sets terminal line parameters page 14 21 clrscr gt Extended ACL Config Commands Clears the display screen Syntax clrscr Parameters None Example WS5100 config ext nacl clrscr WS5100 config ext nacl deny Extended ACL Config Commands Specifiesy packets to reject Syntax deny icmp ip tcp udp deny ip source source mask host source any destination destination mask host destination any log rule precedence access list entry precedence deny icmp source source mask host source any destination destination mask host destination any icmp type icmp type icmp code log rule precedence access list entry precedence Extended ACL Instance 14 3 deny tcp udp source source mask host source any operator source port destination destination mask host destination any operator destination port log rule precedence access list entry precedence Parameters deny ip source source Use with a deny command to reject IP packets mask host source any
221. ets the lifetime for the ISAKMP security association Negates a command or sets its defaults 6 2 6 1 1 6 1 2 WS5100 Series Switch CLI Reference Guide Table 6 1 Crypto ISAKMP Command Summary Command Description Ref service Defines the switch s service commands page 6 6 show Shows running system information page 6 7 authentication Crypto ISAKMP Config Commands Authenticates rsa sig and pre share keys Syntax authentication pre share rsa sig Parameters pre share pre shared key rsa sig rsa signature Example WS5100 config crypto isakmp authentication pre share WS5100 config crypto isakmp WS5100 config crypto isakmp authentication rsa sig WS5100 config crypto isakmp clrscr Crypto ISAKMP Config Commands Clears the display screen Syntax clrscr Parameters None Example WS5100 config crypto isakmp clr WS5100 config crypto isakmp 6 1 3 6 1 4 crypto isakmp 6 3 encryption Crypto ISAKMP Config Commands Configures the encryption level of the data transmitted using using crypto isakmp command Syntax encryption 3des aes aes 192 aes 256 des Parameters 3des 3des Triple data encryption standard aes aes advanced data encryption standard aes 192 aes 192 advanced data encryption standard aes 256 aes 256 advanced data encryption standard des des data encryption standard Example WS5100 config
222. face vlan 2 WS5100 config if ip Global Configuration Commands Configures a selected Internet Protocol NOTE Using access list extended moves you to the SY config ext nac1 instance For more information see Extended ACL Instance on page 14 1 Using access list extended moves you to the config std nacl instance For more information see Standard ACL Instance on page 15 1 Use an ip dhcp pool pool name command to move to the config dhep instance For additional information see DHCP Server Instance on page 17 1 Syntax ip access list default gateway dhcp domain lookup domain name http local name server nat route routing ssh telnet ip access list extended lt 100 199 lt 2000 2699 gt WORD standard lt 1 99 gt lt 1300 1999 gt WORD ip default gateway A B C D ip dhcp bootp class excluded address option ping pool restart ip dhcp bootp ignore 5 28 WS5100 Series Switch CLI Reference Guide ip ip ip ip ip ip ip ip ip dhcp class class name dhcp excluded address A B C D dhcp option option name dhcp ping timeout lt 1 10 gt dhcp pool pool name domain lookup domain name WORD http secure server secure trustpoint WORD server localhost local pool default low ip address A B C D ip name server A B C D ip nat inside outside destination source static lt A B C D gt lt 1 65535 gt tcpludp lt A B C D gt
223. facturer for purposes of these regulations is Motorola Inc One Symbol Plaza Holtsville NY 11742 EXPORT RESTRICTIONS Licensee shall comply with all export laws and restrictions and regulations of the Department of Commerce the United States Department of Treasury Office of Foreign Assets Control OFAC or other United States or foreign agency or authority and Licensee shall not export or allow the export or re export of the Software in violation of any such restrictions laws or regulations By downloading or using the Software Licensee agrees to the foregoing and represents and warrants that Licensee is not located in under the control of or a national or resident of any restricted country MISCELLANEOUS Licensee may not sublicense assign or transfer this Agreement or its rights or obligations hereunder without the prior written consent of Licensor Any attempt to otherwise sublicense assign or transfer any of the rights duties or obligations hereunder is null and void Licensor may assign this Agreement in its sole discretion In the event that any of the provisions of this Agreement shall be held by a court or other tribunal of competent jurisdiction to be illegal invalid or unenforceable such provisions shall be limited or eliminated to the minimum extent necessary so that this Agreement shall otherwise remain in full force and effect No waiver or modification of this Agreement will be binding upon a party unless ma
224. fig wireless 20 1 27 no Wireless Configuration Commands Negates a command or sets its defaults All the parameters mentioned in the syntax can be negated using this command Syntax no adopt unconf radio adoption pref id ap detection broadcast tx speed country code dhcp sniff state dot1ll shared key auth fix windows dhcp ids mac auth local manual wlan mapping mobile unit mobility oversized frames proxy arp qos mapping radio self heal sensor service smart scan channels wlan Parameters Refer to Table 20 1 on page 1 for the parameters negated using the no command Example WS5100 config wireless no mobility enable WS5100 config wireless 20 28 WS5100 Series Switch CLI Reference Guide 20 1 28 proxy arp Wireless Configuration Commands Responds to ARP requests from the RON to the WLAN on behalf of mobile units Syntax proxy arp Parameters enable Enables the support of proxy arp Example WS5100 config wireless proxy arp enable WS5100 config wireless 20 1 29 qos mapping Wireless Configuration Commands Confiures QoS mappings between the wired and wireless domains Syntax gqos mapping wired to wireless wireless to wired gqos mapping wired to wireless dot1p lt 0 7 gt dscp lt 0 63 gt background best effort video voice gqos mapping wireless to wired background best effort video voice dotip lt 0 7 gt Parameters wired to wireless Mappings used w
225. figured range e A host pool is the pool used to assign static fixed IP address to DHCP clients 17 2 1 Creating network pool To create a network pool using the switch CLI 1 WS5100 config WS5100 config WS5100 config Assign a domain WS5100 config Configure the DN WS5100 config Configure the DH WS5100 config WS5100 config Create a DHCP server dynamic address pool ip dhcp pool test d d Map the DHCP pool to the hcp Add the address range for hcp name as d hcp network pool network 192 168 0 0 24 the dynamic pool address range 192 168 0 30 192 168 0 60 appropriate to this dynamic pool domain name test com S server s IP address d hcp dns server 192 168 0 10 192 168 0 11 CP client s IP address lease period d d WS5100 config hep hep lease 10 Exit from the DHCP instance upon creation of the network pool exit Start the DHCP Server to instantiate the network pool service dhcp 17 24 WS5100 Series Switch CLI Reference Guide 17 2 2 Creating a Host Pool To create a host pool i Create a DHCP server host address pool WS5100 config ip dhcp pool hostpool Assign the client name of the host for which static allocation is required WS5100 config dhcp client name linuxbox Assign an IP address for the host WS5100 config dhcp host 192 168 0 50 C
226. figures a base bridge Enter maximum client bridges allowed beacon interval lt 50 200 gt Sets the beacon interval in K uSec bridge fwd delay lt 4 30 gt Sets the STP bridge forward delay in seconds e lt 4 30 gt Time in seconds bridge hello lt 1 10 gt Sets the STP bridge hello in seconds e lt 1 10 gt Time in seconds bridge max ageout lt 4 3600 gt Sets the STP bridge maximum ageout in seconds e lt 4 3600 gt Time in seconds bridge msg age lt 6 40 gt Sets the STP bridge message age in seconds e lt 6 40 gt Time in seconds bridge priority lt 0 65535 gt Sets the STP bridge priority in seconds e lt 0 65535 gt Priority value WS5100 Series Switch CLI Reference Guide bss lt 7 4 gt add wlans auto WLAN Maps WLANs to radio BSSIDs e lt 7 4 gt Sets the BSS where WLANs are mapped e add wlans Adds new WLANs to existing radios The other WLANs on the radios are left as is auto Sets the automatic assignment of a BSS The user selects WLANs and the system assigns them to a BSS automatically WLAN Defines a list 1 3 7 or range 3 7 of WLAN indices When a BSS is also specified the first WLAN is used as the primary WLAN When the auto option is used the system automatically assigns the first four WLANs as primaries on their respective BSSIDs channel power indoor outdoor lt 1 2000 gt acs random lt 4 20 gt Sets the location
227. form configuration for securing data ah md5 hmac ah sha hmac esp 3des esp aes esp aes 192 esp aes 256 esp des esp md5 hmac esp sha hmac The transform set is then assigned to a crypto map using the map s set transform set command See crypto map on page 10 1 Global Configuration Commands 5 19 isakmp client keepalive key peer policy Configures the nternet Security Association and Key Management Protocol ISAKMP policy e client configuration group default Leads to the config cryptogroup instance For more details see crypto group on page 7 1 e keepalive lt 10 3600 gt Sets a keepalive interval for use with remote peers It defines the number of seconds between DPD messages e key 0 2 word address hostname Sets a pre shared key for remote peer e 0 Password is specified UNENCRYPTED e 2 Password is encrypted with password encryption secret e WORD User provided password e address Defines a shared key with an IP address e hostname Defines the shared key with a hostname e peer address dn hostname Sets the remote peer e address The IP address acts as an identity of the remote peer e dn The identity of the remote peer is the Distinguished Name e hostname The identity of the remote peer is the hostname e policy lt 1 10000 gt Sets a policy for an ISAKMP protection suite 5 20 WS5100 Series Switch CLI Reference Guide key
228. ftware or hardware or telecommunications equipment Licensee not Licensor remains solely responsible for all Content that Licensee uploads posts e mails transmits or otherwise disseminates using or in connection with the Software FEES SUPPORT AND UPGRADES Licensor may at Licensor s sole option provide support services related to the Software Support Services Nothing in this Agreement grants Licensee any right to receive any Support Services Use of any Support Services provided is governed by the Licensor policies and programs described in the user manual in online documentation and or in other Licensor provided materials or support agreements Any supplemental software code provided to you as part of any Support Services shall be considered part of the Software and subject to the terms and conditions of this EULA With respect to technical information you provide to Licensor as part of any Support Services Licensor may use such information for its business purposes including for product support and development Licensor will not utilize such technical information in a form that personally identifies Licensee TERMINATION Either party may terminate this Agreement at any time with or without cause upon written notice Any termination of this Agreement shall also terminate the licenses granted hereunder Upon termination of this Agreement for any reason Licensee shall return all copies of the Software to Licensor or destroy and
229. g Commands Sets the name for the MST region Syntax name region name Parameters region name MST region name Example WS5100 config mst name MyRegion WS5100 config mst 13 1 7 13 1 8 spanning tree mst Instance 13 5 no mst Config Commands Negates a command or sets its defaults Syntax no instance name revision Parameters instance Sets the MST Instance name Assigns a name to the MST region revision Defines the revision number for configuration information Usage Guidelines The no command negates any command associated with it Wherever required use the same parameters associated with the command getting negated Example WS5100 config mst no instance 10 vlan 20 WS5100 config mst WS5100 config mst no name MyRegion WS5100 config mst WS5100 config mst no revision WS5100 config mst revision mst Config Commands Sets the revision number of the MST bridge Syntax revision lt 0 255 gt Parameters 0 255 Defines the revision number for configuration information 13 6 13 1 9 WS5100 Series Switch CLI Reference Guide Example WS5100 config mst revision 20 WS5100 config mst service mst Config Commands Invokes the service commands needed to troubleshoot or debug config if instance configurations Syntax service show cli Parameters None Example WS5100 config mst service show cli MSTI confi
230. g radsrv group Radius Server Instance 19 13 19 1 7 10 service 19 1 7 11 Radius Configuration Commands Invokes RADIUS service commands if they have been stopped This command enables the RADIUS server A RADIUS restart is executed only from the config mode Syntax service clear diag shell radius save cli show start shell tethereal service radius restart Parameters clear Removes the specified support information diag shell Provides diag shell access radius Enables a RADIUS server restart save cli Saves the CLI tree for all modes in HTML show Displays running system information start shell Provides shell access tethereal Dumps and analyzes network traffic Example WS5100 config radsrv group service radius restart WS5100 config radsrv group show Radius Configuration Commands Displays current system information running on the switch Syntax show lt paramater gt Parameters Displays the parameters for which information can be viewed using the show command 19 14 WS5100 Series Switch CLI Reference Guide Example WS5100 config radsrv group show access list Internet Protocol IP alarm log Display all alarms currently in the system autoinstall autoinstall configuration banner Display Message of the Day Login banner boot Display boot configuration clock Display system clock commands Show command lists crypto crypto debugging Disp
231. gine ooo ine Time at which last messag was received from engine Time at which last messag was sent to engin 21 8 WS5100 Series Switch CLI Reference Guide WS5 al WS5 Typ Aer 100 config sol show sole status adapter Type Status AeroScout disabled 100 config sole 100 config sole show sole status engine e Engine State oScout 0 0 0 0 Offline 100 config sole MOTOROLA INC 1303 E ALGONQUIN ROAD SCHAUMBURG IL 60196 http www motorola com 72E 103896 01 Revision A January 2008
232. gt type lt 1 65535 gt ip ipv6 arp wisp 8021lq rarp aarp appletalk ip x rule precedence lt 1 5000 gt rule precedence lt 1 5000 gt deny permit mark 8021p lt 0 7 gt tos lt 0 255 gt XX XX XX XX XX XX XX XX XX XX XX XX host XX XX XX XX XX XX any XX XX XX XX XX XX XxX XX XX XX XX XX host XX XX XX XX XX XX any vlan lt 1 4095 gt dotlp lt 0 7 gt t ype lt 1 65535 gt ip ipv6 arp wisp 8021q rarp aarp appleta lk ipx rule precedence lt 1 5000 gt type WS5100 config ext macl Extended MAC ACL Instance 16 13 16 1 10 show MAC Extended ACL Config Commands Displays current system information running on the switch Syntax show lt paramater gt Parameters Displays all the parameters for which information can be viewed using the show command Usage Guidelines The show access list command displays the access lists configured for the switch Provide the access list name or number to view specific ACL details Example WS5100 config ext macl show access list Internet Protocol IP alarm log Display all alarms currently in the system autoinstall autoinstall configuration banner Display Message of the Day Login banner boot Display boot configuration clock Display system clock commands Show command lists crypto crypto debugging Display debugging setting environment show environmental inform
233. guration clock Display system clock commands Show command lists crypto crypto debugging Display debugging setting environment show environmental information file Display filesystem information ftp Display FTP Server configuration history Display the session command history interfaces Interface status and configuration ip Internet Protocol IP ldap ldap server 19 26 WS5100 Series Switch CLI Reference Guide licenses logging mac management mobility ntp password encryption privilege radius redundancy group redundancy history switch redundancy members running config securitymgr sessions snmp snmp server startup config terminal timezone upgrade status users version wireless WS5100 config radsrv s WS5100 config show radius Trust point Configured Show any installed licenses Show logging configuration and buffer edia Acc Display L Network t password Show curr Display r Display s Display Current Display Display Display Contents Display t Display t Display l Display i Display s Wireless now For Radiu ess Control 3 Managment Interface nam Display Mobility Parameters ime protocol encryption ent privilege level Radius configuration commands edundancy group parameters tate transition history of the edundancy group members in detail perating configuration urrent active open connections NMP engine parameters NMP engine paramet
234. guration clock Display system clock commands Show command lists crypto crypto debugging Display debugging setting environment show environmental information file Display filesystem information ftp Display FTP Server configuration history Display the session command history interfaces Interface status and configuration ip Internet Protocol IP ldap ldap server licenses Show any installed licenses logging Show logging configuration and buffer mac edia Access Control management Display L3 Managment Interface nam mobility Display Mobility Parameters ntp Network time protocol password encryption password encryption privilege Show current privilege level radius Radius configuration commands redundancy group Display redundancy group parameters redundancy history Display state transition history of the switch redundancy members Display redundancy group members in detail running config Current Operating configuration securitymgr Display debug info for ACL VPN and NAT sessions Display current active open connections snmp Display SNMP engine parameters snmp server Display SNMP engine parameters startup config Contents of startup configuration terminal Display terminal configuration parameters timezone Display timezone upgrade status Display last image upgrade status users Display information about terminal lines version Display software amp hardware version wireless Wireless configuration commands WS5100 config std nacl1 show Standard
235. guration mode clrscr clrscr end end t exit exit t help help instance lt 1 15 gt instance lt 1 15 gt vlan VLAN ID instance lt 1 15 gt vlan VLAN ID name LINE name LINE no instance lt 1 15 gt no instance lt 1 15 gt vlan VLAN ID no instance lt 1 15 gt vlan VLAN 1D name no name revision no revision quit quit revision REVISION NUM revision REVISION NUM s commands show commands WORD show commands WORD running config show running config full show running config full include factory show running config include factory service 13 1 10 spanning tree mst Instance 13 7 show cli service show cli show access list show access list lt 1 99 gt show access list lt 1 99 gt lt 100 199 gt lt 1300 1999 gt lt 2000 2699 gt WORD lt 100 199 gt show access list lt 1 99 gt lt 100 199 gt lt 1300 1999 gt lt 2000 2699 gt WORD lt 1300 1999 gt show access list lt 1 99 gt lt 100 199 gt lt 1300 1999 gt lt 2000 2699 gt WORD lt 2000 2699 gt show access list lt 1 99 gt lt 100 199 gt lt 1300 1999 gt lt 2000 2699 gt WORD WORD show access list lt 1 99 gt lt 100 199 gt lt 1300 1999 gt lt 2000 2699 gt WORD aclstats vlan lt 1 4094 gt show aclstats vlan lt 1 4094 gt WS5100 c
236. he bridge priority for an MST instance to the value specified Use the no parameter with this command to restore the default bridge priority value e priority Sets the bridge priority for the common instance e lt 0 61440 gt Define the bridge priority in increments of 4096 Lower priority indicates greater likelihood of becoming root The default value of the priority for each instance Is 32768 cisco interoperability enale disable Enables disables interoperability with Cisco s version of MSTP incompatible with standard MSTP e enable Enables CISCO Interoperability e disable Disables CISCO Interoperability configuration Multiple spanning tree configuration This command moves to the spanning tree mst Instance on page 13 1 forward time lt 4 30 gt Sets the time in seconds after which if this bridge is the root bridge each port changes states to learning and forwarding This value is used by all instances The default value is 15 seconds hello time lt 1 10 gt Sets the hello time The hello time is the time in seconds after which if this bridge is the root bridge all the bridges in a bridged LAN exchange Bridge Protocol Data Units BPDUs A very low value leads to excessive traffic on the network while a higher value delays the detection of a topology change This value is used by all instances The default value is 2 seconds 5 58 WS5100 Series Switch CLI Reference Guide
237. he crypto pki trustpoint command The default trust point in use is default trustpoint Example WS5100 config radius server local WS5100 config radsrv ca trust point tpl WS5100 config radsrv clrscr Radius Configuration Commands Clears the display screen Syntax clrscr Parameters None Example WS5100 config radsrv clrscr WS5100 config radsrv crl check Radius Configuration Commands Enables a Certificate Revocation List CRL check To enable the certificate revocation list ensure the cri list is loaded using a crypto pki import lt trustpoint name gt crl command Syntax crl check Parameters enable Enables the CRL check 19 1 5 19 1 6 Radius Server Instance 19 5 Usage Guidelines TLS uses certificates for authentication CRL updated with a trustpoint contains index numbers of revoked certificates The CRL checks for any revoked certificates used for t1s authentication Example WS5100 config radsrv crl check enable WS5100 config radsrv end Radius Configuration Commands Ends and exits the current mode and moves to the PRIV EXEC mode The prompt changes to wS5100 Syntax end Parameters None Example WS5100 config radsrv end WS5100 exit Radius Configuration Commands Ends the current mode and moves to the previous mode GLOBAL CONFIG The prompt changes to ws5100 config Syntax exit Parameters None Example WS5100 c
238. hed Peer s Count DHCP Server in group WS5100 config Redundancy Group Connectivity status O O D DDD od dt dd DDD 9 9 9 OOO 0 199 NNS NORMS IO Gh erect S E E A i a q S A Gk AA WS5100 config show redundancy group config Redundancy Group Configuration Detail Redundancy Feature Redundancy group ID Redundancy Mode Redundancy Interface IP Number of configured peer s Heartbeat period Hold period Discovery period Handle STP Switch Installed License Switch running image version Auto revert period Auto revert Feature DHCP Server Redundancy WS5100 config WS5100 config Redundancy Group Runtime Information Redundancy Protocol Version Redundancy Group License Cluster AP Adoption Count show redundancy group Disabled 1 Primary 0 0 0 0 0 5 Seconds 15 Seconds 30 Seconds Disabled 48 3 1 0 0 008D 5 mins Disabled Disabled runtime 2 0 0 plicable plicable plicable licable licable plicable plicable plicable Switch AP Adoption Count Redundancy State Radio Portals adopted by Group Radio Portals adopted by th is Switch Rogue APs detected in this Group Rogue APs detected by this Switch Not Applicable Not Applicable Disabled Not Applicable Not Applicable Not Applicable Not Applicable 2 2 21 MUs associated in this Group MUs associated in this Switch Selfhealing RPs in this Group Selfhealing APs in this Switch Group maximum AP
239. help Radius Configuration Commands Displays the system s interactive help in HTML format Syntax help Parameters None Example WS5100 config radsrv group help CLI provides advanced help feature When you need help anytime at the command line please press If nothing matches the help list will be empty and you must backup until entering a shows the available options Two styles of help are provided 1 Full help is available when you are ready to enter a command argument e g show and describes each possible argument 2 Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input e g show ve WS5100 config radsrv group no Radius Configuration Commands Use this command to negate a command or set its defaults Syntax no policy rad user service no policy day time vlan wlan no policy wlan lt 1 32 gt all lt 1 32 gt Parameters policy Defines the RADIUS group access policy configuration day Resets the access policy days of permitted access for this group time Configures the group s hourly access permissions 19 10 WS5100 Series Switch CLI Reference Guide vlan Sets the VLAN ID for the group wlan Configures WLAN access policy for this group lt 1 32 gt Sets the WLAN range for the access policy all Removes all the WLAN allowed rad user Removes a user from this group WORD D
240. help prompt kill radius server logout redundancy mkdir service more snmp server no spanning tree page timezone ping username pwd vpn 1 4 WS5100 Series Switch CLI Reference Guide User Exec Mode Priv Exec Mode Global Configuration Mode quit wlan acl reload rename rmdir service show telnet terminal traceroute upgrade upgrade abort write 1 2 Getting Context Sensitive Help Enter a question mark at the system prompt to display a list of commands available for each mode Optionally obtain a list of arguments and keywords for any command using the switch CLI context sensitive help Use the following commands to obtain help specific to a command mode command name keyword or argument Command Description orompt help Displays a brief description of the help system orompt abbreviated command Lists commands in the current mode that begin entry with a particular character string Introduction 1 5 Command Description prompt abbreviated command Completes a partial command name entry lt Tab gt prompt Lists all commands available in the command mode prompt command Lists the available syntax options arguments and keywords for the command prompt command keyword Lists the next available syntax option for the command NOTE The system prompt varies depending on which configur
241. hile switching wired traffic over the air dot1p lt 0 7 gt Configures the mapping of 802 1p tags to access categories You can specify more than one 802 1p tag 0 7 dscp lt 0 63 gt Configures the mapping of DSCP values to access categories You can specify more than one DSCP value 0 63 background Prioritizes Background category traffic best effort Prioritizes Best Effort category traffic 20 1 30 Wireless Instance 20 29 video Prioritizes Video category traffic voice Prioritizes Voice category traffic wireless to wired Sets the mappings used while switching wireless traffic to the RON side dot1p lt 0 7 gt Configures the 802 1p tags that correspond to a selected access category Example WS5100 config wireless qos mapping wireless to wired background dotlp 5 WS5100 config wireless radio Wireless Configuration Commands Sets radio related parameters Syntax radio lt 1 1000 gt RADIO add all 1lla all 11lb all 1lbg configure 8021X default 11la default 11b default 11bg dns name radio lt 1 1000 gt adoption pref id antenna mode base bridge beacon interval bridge fwd delay lt 4 30 gt bridge hello lt 1 10 gt bridge max ageout lt 4 3600 gt bridge msg age lt 6 40 gt bridge priority lt 0 65535 gt bss channel power client bridge coordinates copy config from description detector dtim period enforce spec mgmt enhanced beacon tabl nhanced probe table location led location messag
242. his option in the DHCP Server supporting this access port broadcast tx speed Sets the rate at which broadcast and page 20 10 multicast traffic is transmitted client Defines the wireless client configuration page 20 10 clrscr Clears the display screen page 20 14 convert ap Changes an AP s mode of operation page 20 14 country code Configures the country of operation All page 20 15 existing radio configurations are erased dhep sniff state Records mobile unit DHCP state page 20 17 information dot 1 shared key auth Enables support for 802 11 shared key page 20 18 authentication end Ends the current mode and moves to the page 20 18 EXEC mode exit Ends the current mode and moves to the page 20 19 previous mode fix broadcast dhcp rsp Converts broadcast DHCP server page 20 19 responses to unicast responses help Displays the interactive help system page 20 19 ids Sets intrusion detection configuration page 20 20 commands Wireless Instance 20 3 Table 20 1 Wireless Config Command Summary Continued Command Description Ret mac auth local Defines the local MAC authentication list page 20 23 manual wlan mapping Allows the manual mapping un mapping page 20 24 of WLANs to configured radios mobile unit Configures mobile unit parameters page 20 24 mobility Configures mobility parameters page 20 25 multicast packet limit Sets a multicast packet limit per second page 20 26
243. how Shows the running system information Refer to page 2 23 Common Commands on page 2 23 telnet Opens a telnet session page 3 8 terminal Sets terminal line parameters page 3 9 traceroute Traces the route to a destination page 3 9 3 1 1 clear User Exec Commands Resets the previous last saved command Syntax clear crypto ipsec isakmp sa lt A B C D gt mobility event log mobile unit peer statistics spanning tree spanning tree interface lt NAME gt User Exec Commands 3 3 Parameters crypto Clears IPSec ISAKMP SAs for a given peer e ipsec Clears IPSec SA s e isakmp Clears ISAKMP SA s e sa Clears all IPSec ISAKMP SA s e Peer IP Peer IP address mobility Clears mobility attributes e event log Clears event log e mobile unit Clears MU event logs e peer Clears peer event logs e mobile unit Clears MUs e MU MAC address Clears the MAC address of a MU e all Clears the MU MAC address including the foreign and home database e foreign database Clears MUs present in the foreign MU database e home database Clears MUs present in the home MU database e peer statistics Clears Mobility Peer Statistics e Peer IP Address IP address of Peer spanning tree Clears the spanning tree protocols configured for the interface Example WS5100 gt clear crypto ike sa 111 222 333 01 WS5100 gt WS5100 gt clear crypto ipsec sa WS5100 gt
244. iability whatsoever for any use Licensee makes of the Software Licensee shall indemnify and hold harmless Licensor from any claims damages liabilities costs and fees including reasonable attorney fees arising from Licensee s use of the Software as well as from Licensee s failure to comply with any term of this Agreement FAULT TOLERANCE The Software is not fault tolerant and is not designed manufactured or intended for use or resale in on line control equipment in hazardous environments requiring fail safe performance such as but not limited to the operation of nuclear facilities aircraft navigation or communication systems air traffic control life support machines or weapons systems in which the failure of the Software could lead directly or indirectly to death personal injury or physical or environmental damage High Risk Activities Licensor and its suppliers specifically disclaim any express or implied warranty of fitness for High Risk Activities U S GOVERNMENT LICENSE RIGHTS Software provided to the U S Government pursuant to solicitations issued on or after December 1 1995 is provided with the commercial license rights and restrictions described elsewhere herein Software provided to the U S Government pursuant to solicitations issued prior to December 1 1995 is provided with Restricted Rights as provided for in FAR 48 CFR 52 227 14 JUNE 1987 or DFAR 48 CFR 252 227 7013 OCT 1988 as applicable The Manu
245. ic vlan assignment mobile unit reauth server lan lt 1 32 gt radius accounting mode timeout lan lt 1 32 gt radius accounting mode start interim stop interval 60 3600 gt start stop stop only lan lt 1 32 gt radius accounting timeout lt 1 60 gt retransmit lt 1 100 gt lan lt 1 32 gt radius authentication protocol chap pap lan lt 1 32 gt radius server primary secondary timeout lan lt 1 32 gt radius server primary secondary ip address auth port lt 1024 65535 gt radius key 0 2 LINE an lt 1 32 gt radius server timeout lt 1 60 gt retransmit lt 1 10 gt lan lt 1 32 gt secure beacon lan lt 1 32 gt set vlan user limit lt 1 4094 gt VLAN lt 0 4096 gt lan lt 1 32 gt syslog accounting server lt IP Address gt port lt Port Number gt lan lt 1 32 gt tunnel lt 1 32 gt gateway lt IP Address and mask gt lan lt 1 32 gt VLAN lt 1 4094 gt VLAN an lt 1 32 gt wep128 key lt 1 4 gt asciilhex 0 2 WORD phrase LINE wep default key lt 1 4 gt Parameters lt 1 32 gt Defines a single WLAN index WLAN Set a list 1 3 7 or range 3 7 of WLAN indices 80211 extensions Enables support for 802 11 extensions move command e move command Enables support for the move enable command fast roaming e enable Enables this extension Wireless Instance 20 51 aap proxy radius enable realm lt name gt strip Enables configuring of proxying AAP radius requests e realm lt
246. ide traceroute gt Priv Exec Command Traces a route to a destination Syntax traceroute WORD ip WORD Parameters WORD Traces a route to a destination address or hostname ip IP trace Example WS5100 traceroute 157 222 333 33 traceroute to 157 235 208 39 157 235 208 39 30 hops max 38 byte packets 1 157 235 208 39 157 235 208 39 0 466 ms 0 363 ms 0 226 ms WS5100 upgrade Priv Exec Command Upgrades the software image Syntax upgrade URL background Parameters URL Location of target firmware image to be used in upgrade Example WS5100 upgrade tftp 157 235 208 105 img var2 is 10 percent full tmp is 2 percent full Free Memory 161896 kB FWU invoked via Linux shell Running from partition dev hda5 partition to update is dev hda6 Reading image file header Removing other partition Sep 08 15 57 18 2006 SKERN 6 INFO hdal internal journal aking file system Extracting files this can tak some time Privileged Exec Commands EXT3 FS on S 08 15 57 23 2006 SKERN 6 INFO kjournald starting Sep 08 15 57 23 2006 SKERN 6 INFO hda6 internal journal Sep 08 15 57 23 2006 SKERN 6 INFO mounted filesystem with ordered data mode Sep 08 15 58 17 2006 p P Commit interval 5 seconds EXT3 FS on EXT3 fs SDIAG 4 CPULOAD One top process Process Process Process Pr
247. ied serverCertExpired Server certificate has expired enable traps mobility Enable mobility traps operationallyDown Mobility down operationallyUp Mobility up peerDown Mobility peer down peerUp Mobility peer up enable traps nsm Enables nsm traps dhcpIPChanged DHCP IP changed Global Configuration Commands 5 49 enable traps radius server Enables radius server traps e radiusServerDown RADIUS server down e radiusServerUp RADIUS server up enable traps redundancy Enables redundancy traps e adoptionExceeded Redundancy port adoption exceeded e grpAuthLevelChanged Redundancy group Authorization Level changed e memberDown Redundancy member down e memberMisConfigured Redundancy member mis configuration e memberUp Defrines redundancy member as up enable traps snmp Enables SNMP traps e authenticationFail Enables authentication failure trap e coldstart Enables coldStart trap e linkdown Enables linkDown trap e linkup Enables linkUp trap 5 50 WS5100 Series Switch CLI Reference Guide enable traps wireless Enables wireless traps e ap detection Enables wireless AP detection traps e externalAPDetected External AP detected e externalAPRemoved External AP detected e ids Enables wireless IDS traps e muExcessiveEvents Excessive MU events e r
248. ies Switch CLI Reference Guide option user class UserClassTest lp dhcp class TestDHCPclass ip dhcp class Add DHCP class1l l ip dhcp class MonarchDHCPclas option user class MC9000 ip dhcp class WS5100DHCPclass option user class MC800 WS5100 config WS5100 show ip dhcp pool 1 ip dhcp pool pl l ip dhcp pool pooll domain name test com bootfile 123 network 10 10 10 0 24 address range 10 10 10 2 10 10 10 30 ip dhcp pool poo110 next server 1 1 1 1 netbios node type b node WS5100 show ip dhcp vendor options Server Info Firmware Image File Config File Cluster Config File WS5100 show ip domain name IP domain lookup Enable Domain Name symbol com WS5100 show ip http server HTTP server Running Config status Enabled WS5100 show ip http secure server HTTP secure server Running Config status Enabled Trustpoint default trustpoint WS5100 show ip interface brief Interface IP Address Status Protocol vlanl 157 235 208 233 DHCP up up tunnell unassigned up up Common Commands 2 39 WS5100 show ip interface tunnel 1 brief Brief summary of IP status and configuration WS5100 show ip interface tunnel 1 brief Interface IP Address Status Protocol tunnell unassigned up up WS5100 show ip interface vlan 1 brief Interface IP Address Status Protocol vlanl 157 235 208 233 DHCP up up WS5100 show ip name server 157 239 3 195 dynamic 157 235 3 196
249. ies for a transaction default is 3 timeout Time to wait for a RADIUS server to reply lt 1 1000 gt Wait time default 5 seconds Usage Guidelines The RADIUS server host is used to configure RADIUS server details These details are required for management user authentication if AAA authentication has been defined as RADIUS Example WS5100 config radius server local WS5100 config radsrv redundancy Global Configuration Commands Configures redundancy group parameters Syntax redundancy auto revert enable auto revert period lt 1 1800 gt dhcp server enable discovery period lt 10 60 gt enable group id lt 1 65535 gt handle stp enable heartbeat period lt 1 255 gt hold period lt 10 255 gt interface ip lt IP Address gt manual revert member ip lt IP address gt mode primary standby Parameters auto revert enable Enables auto revert Global Configuration Commands 5 43 auto revert period lt 1 1800 gt Sets the redundancy auto revert delay interval in minutes The default is 5 minutes dhcp server enable Enables the DHCP Redundancy protocol discovery period lt 10 60 gt Sets the redundancy discovery interval in seconds The default is 30 seconds enable Enables the redundancy protocol group id lt 1 65535 gt Sets the cluster ID The default cluster ID is 1 handle stp enable Delays the redundancy protocol state machine exec consi
250. if ip address 172 168 200 1 24 12 8 12 1 9 WS5100 Series Switch CLI Reference Guide WS5100 config if ip helper address 172 168 100 10 vlan 1000 WS5100 config if The example below displays static NAT source translation WS5100 config interface vlan 1000 WS5100 config if ip nat inside WS5100 config if interface vlan 2000 WS5100 config if ip nat outside WS5100 config ip nat inside source static 172 168 200 10 157 235 205 957 WS5100 config mac Interface Config Commands Applies a MAC access list to a gigabit ethernet interface NOTE The access list cannot be applied on a management interface me1 Syntax mac access group lt acl_ name gt in Parameters access group lt acl_name gt Sets the MAC access groups ACL in Applies the ACL to ingress packets Example WS5100 config if mac access group Ark200 in WS5100 config if interface Instance 12 9 12 1 10 management 12 1 11 Interface Config Commands Sets the selected interface as management interface It can only be used on a VLANx interface The TFTP FTP server providing the switch its config file at startup must be accessible via this interface VLAN 1 is the default management interface for the switch Syntax management Parameters None Usage Guidelines The management privilege can be set only on aL3 interface Use this command along with the config management secure i
251. igures server certificate parameters used by a RADIUS server The server certificate is a part of a trustpoint created using crypto on page 5 16 Syntax server trust point Parameters trust point Sets the trustpoint configuration WORD Existing trustpoint name Usage Guidelines Create a trustpoint using crypto pki trustpoint The server certificate must be created under the trustpoint using crypto pki commands Refer to crypto on page 5 16 for more information Example WS5100 config radsrv server trust point TestTP WS5100 config radsrv 19 24 WS5100 Series Switch CLI Reference Guide 19 1 15 service Radius Configuration Commands Invokes the service commands to trobuleshoot or debug the config radsrv instance configuration This command is also used to enable the RADIUS server Syntax service clear diag shell radius save cli show start shell tethereal service radius restart Parameters clear Removes the specified support information diag shell Provides diag shell access radius Enables a RADIUS server restart save cli Saves the CLI tree for all modes in HTML format show Displays running system information start shell Provides shell access tethereal Dumps and analyzes network traffic Example WS5100 config radsrv service show cli Radius Configuration mode authentication data source ldap authentication data source local ldap local authentication
252. igures the DNS name used in L3 Discovery on adopted access ports e AA BB CC DD EE FF Change the name only on the access port with a specified MAC address If not specified the DNS name update is sent to all adopted access ports Example WS5100 config wireless radio 250 bss auto 3 5 WS5100 config wireless 20 38 WS5100 Series Switch CLI Reference Guide 20 1 31 rate limit Wireless Configuration Commands Sets the default rate limit per user Syntax rate limit down up lt 0 100000 gt Parameters down lt 0 100000 gt Sets the up link direction from the wireless client to the network Defines the rate in the range of lt 0 100000 gt kbps O disable rate limit up lt 0 100000 gt Sets the down link direction from network to wireless client Sets the rate in the range of lt 0 100000 gt kbps O disable rate limit Example WS5100 config wireless rate limit down 1000 WS5100 config wireless WS5100 config wireless rate limit up 20000 WS5100 config wireless 20 1 32 self heal Wireless Configuration Commands Configures Self Healing values Syntax self heal interference avoidance neighbor recovery self heal interference avoidance enable hold time lt 0 65535 gt retries lt 0 0 15 0 gt self heal neighbor recovery action enable neighbors run neighbor detect self heal neighbor recovery action both none open rates raise power radio lt
253. ile unit to another mobile unit on this WLAN e switch to wired Disallows by switching the frame out on the wired side to allow an externalswitch to decide whether this frame is to be allowed or dropped nac mode bypass nac except include list do nac except exclude list none Sets the Network Access Control NAC mode configuration e bypass nac except include list No MU NAC check is done except for those in include list Devices in the include list have NAC checks e do nac except exclude list A MU NAC check is done except for those in the exclude list Devices in the exclude list will not have any NAC checks e none NAC disabled no NAC is done An MU can only get authenticated by a Radius server 20 58 WS5100 Series Switch CLI Reference Guide nac server primary secondary time out Configure a NAC server IP address and an optional authentication port number e primary secondary EAP Server IP Address RADIUS Key Primary server or secondary server s IP address e A B C D auth port Set an EAP server IP address and EAP server authentication port default is 1812 e RADIUS Key 0 2 Shared Create a Radius server shared secret up to 127 characters e 0 Password is specified as UNENCRYPTED e 2 Password is encrypted with password encryption secret e Shared Configures a NAC server shared secret e timeout lt 1 300 gt Sets the time the switch waits for
254. ile until a copy running config startup config EXEC command is issued 5 2 WS5100 Series Switch CLI Reference Guide 5 1 Global Configuration Commands Table 5 1 summarizes the Global Config commands Table 5 1 Global Config Mode Command Summary Command Description Ret aaa Configures the current authentication authorization page 5 4 and accounting aaa login settings access list Adds an access list entry page 5 5 autoinstall Autoinstalls a configuration command page 5 11 banner Defines a login banner page 5 12 boot Reboots the switch page 5 13 bridge Displays bridge group commands page 5 13 clrscr Clears the display screen page 2 2 country code Configures the country of operation All existing radio page 5 14 configuration will be erased crypto Defines encryption parameters page 5 16 do Runs commands from the EXEC mode page 5 23 end Ends the current mode and moves to the EXEC mode page 5 23 errdisable errdisable page 5 24 exit Ends the current mode and moves to the previous page 2 2 mode fallback Configures the software fallback feature page 5 25 ftp Configures FTP server parameters page 5 25 help Describes the interactive help system page 2 2 hostname Sets the system s network name page 5 26 interface Defines an interface to configure page 5 26 Global Configuration Commands 5 3 Table 5 1 Global Contig Mode Command Summary
255. imestamp Event 00 0E 9B 98 F9 34 1 1 1116316 Association 00 0E 9B 98 F9 34 1 1 12248923 Unassociation 00 0E 9B 98 F9 34 1 I 12250053 Association 00 0E 9B 98 F9 34 1 1 4280690527 Unassociation 00 0E 9B 98 F9 34 1 T 4280691647 Association 00 0E 9B 98 F9 34 1 1 4280716777 Unassociation 00 0E 9B 98 F9 34 1 1 4280717937 Association WS5100 config WS5100 config Sshow wireless mobile unit radio 1 index MAC address radio type wlan vlan tunnel ready IP address last active Posture Status 2 00 0E 9B 98 F9 34 1 Ig 1 vlan 1 Y 192 168 2 45 0 Sec Listed 1 of a total of 1 mobile units WS5100 config 2 70 2 2 33 WS5100 Series Switch CLI Reference Guide WS5100 config show wireless wlan config 1 WLAN 1 status enabled description WLAN1 ssid sardarjee auth none encr none inactivity timeout 1800 seconds vlan 1 unlimited users mu mu disallow disabled secure beacon disabled answer bcast ess enabled weight 1 prioritize voice disabled spectralink voice protocol disabled multicast mask1 00 00 00 00 00 00 mask2 00 00 00 00 00 00 traffic classification normal wmm mapping 8021p L3 mobility disabled Client Bridge Backhaul is disabled on this WLAN NAC Mode bypass nac except include 1list Exclude list s NotMe ye WS5100 config wlan acl Common to all modes Syntax show wlan acl lt 1 32 gt all Parameters lt 1 32 gt Displays ACLs attached to the specified WLAN ID a
256. information file Display filesystem information ftp Display FTP Server configuration history Display the session command history interfaces Interface status ip Internet Protocol IP ldap LDAP server licenses Show any installed licenses logging Show logging configuration and buffer mac Internet Protocol IP 20 48 WS5100 Series Switch CLI Reference Guide 20 1 36 management mobility ntp password encryption port channel Display L3 Managment Interface nam Display Mobility parameters Network time protocol password encryption Portchannel commands privilege radius redundancy group redundancy history Show current privilege level RADIUS configuration commands Display redundancy group parameters Display state transition history of the switch Display redundancy group members in detail Current Operating configuration redundancy members running config securitymgr Securitymgr parameters sessions Display current active open connections snmp Display SNMP engine parameters snmp server Display SNMP engine parameters sole Smart Opportunistic Location Engine Configuration Display spanning tree information Contents of startup configuration static channel group membership spanning tree startup config static channel group terminal Display terminal configuration parameters timezone Display timezone upgrade status Display last image upgrade status users Display information about
257. ingl oooooooooooo oo D A B DI C D A B C D WS5100 config dhcp 17 20 WS5100 Series Switch CLI Reference Guide 17 1 24 show DHCP Config Commands Displays current system information Syntax show lt paramater gt Parameters Displays parameters for which information can be viewed using the show command Example access list WS5100 config dhcp show Internet Protocol IP aclstats Show ACL Statistics information alarm log Display all alarms currently in the system autoinstall autoinstall configuration banner Display Message of the Day Login banner boot Display boot configuration clock Display system clock commands Show command lists crypto encryption module debugging Debugging information outputs dhcp DHCP Server Configuration environment show environmental information file Display filesystem information ftp Display FTP Server configuration history Display the session command history interfaces Interface status ip Internet Protocol IP ldap LDAP server licenses Show any installed licenses logging Show logging configuration and buffer mac Internet Protocol IP mac address table Display MAC address table management Display L3 Managment Interface nam mobility Display Mobility parameters ntp Network time protocol password encryption port channel privilege radius redundancy group password encryption Portchannel
258. ist Internet Protocol IP aclstats Show ACL Statistics information alarm log Display all alarms currently in the system autoinstall autoinstall configuration banner Display Message of the Day Login banner boot Display boot configuration clock Display system clock commands Show command lists crypto encryption module debugging Debugging information outputs dhcp DHCP Server Configuration environment show environmental information file Display filesystem information ftp Display FTP Server configuration history Display the session command history interfaces Interface status ip Internet Protocol IP ldap LDAP server licenses Show any installed licenses logging Show logging configuration and buffer mac Internet Protocol IP mac address table Display MAC address table management Display L3 Managment Interface nam mobility Display Mobility parameters ntp Network time protocol password encryption port channel privilege radius redundancy group password encryption Portchannel commands Show current privilege level RADIUS configuration commands Display redundancy group parameters redundancy history redundancy members running config securitymgr sessions snmp snmp server sole spanning tree startup config interface Instance 12 13 Display state transition history of the switch Display redundancy group members in detail Current Operating configuration Securitymgr parameters
259. ists crypto encryption module debugging Debugging information outputs dhcp environment file ftp history interfaces ip ldap licenses logging mac mac address table management mobility ntp password encryption port channel privilege radius redundancy group redundancy history redundancy members running config securitymgr sessions snmp snmp server sole spanning tree startup config static channel group terminal timezone upgrade status users version wireless wlan acl 8 6 WS5100 Series Switch CLI Reference Guide DHCP Server Configuration show environmental information Display filesystem information Display FTP Server configuration Display the session command history Interface status Internet Protocol LDAP server Show any installed licenses Show logging configuration and buffer Internet Protocol IP Display MAC address table Display L3 Managment Interfac Display Mobility parameters Network time protocol password encryption Portchannel commands Show current privilege level RADIUS configuration commands Display redundancy group parameters Display state transition history of the switch Display redundancy group members in detail Current Operating configuration Securitymgr parameters Display current active open connections Display SNMP engine parameters Display SNMP engine parameters Smart Opportunistic Location Engine Configuration Display spanning tree information Contents of sta
260. kaveri e client identifier Eg client identifier aabb ccdd e hardware address Eg hardware address aa bb cc dd ee ff 9 A pool can be configured either as the host pool or network pool but not both 17 26 WS5100 Series Switch CLI Reference Guide 10 A host pool can have either client identifier OF hardware address configured but not both 11 An excluded address range has a higher precedence than an included address range Thus if a range is part of both an excluded and included range it will be excluded 12 DHCP options are first defined at the global level using ip dhcp option lt name gt lt code gt lt type gt The value for these options are defined using the option under the DHCP pool context 17 2 4 Creating a DHCP Option To create a DHCP option 1 To create a non standard option named tftp server WS5100 config ip dhcp option tftp server 183 ip 2 Enter the DHCP pool test WS5100 config ip dhcp pool test 3 Assign a value to the DHCP option configured above WS5100 config dhcp option tftp server 192 168 0 100 4 Exit the DHCP instance WS5100 config dhcp exit DHCP Class Instance Use config tip dhcp class lt class name gt to enter the config dhcpclass instance Use this instance to configure DHCP user classes The switch supports a maximum of 8 user classes per DHCP class and DHCP Class Instance on page 18 1for other DHCP related Refer to configurations 18 1 DHCP
261. ket count e filter Captures the filter e inbound Captures ingress direction only e outbound Captures egress direction only e verbose Displays full packet body e write Captures to a file 2 16 WS5100 Series Switch CLI Reference Guide pm Process Monitor e stop Stops the PM from monitoring all daemons save cli Saves the CLI tree for all modes in HTML securitymgr Securitymgr parameterss disable Disables securitymgr disable flow rate limit Disables flow rate limitings dump core Creates a core file of the securitymgr processs enable http stats Enables the securitymgr HTTP statistics interface Common Commands 2 17 show Displays running system information cli Shows the CLI tree of the current mode command history Displays a command except show commands history crash info Displays information about core panic and AP dump files diag Displays diagnostics info Shows a snapshot of available support information last passwd Displays the last password used to enter shell memory Shows memory statistics pm Process Monitor e history State changes for a process the time they happened and events e WORD Process name e all All processes process Shows processes sorted by memory usage reboot history Shows a reboot history securitymgr Security manager information displays startup log Shows the startup log
262. kip tkip ccmp wd wd wd wd wd wd wi wi Lan lt Lan lt Lan lt Lan lt 1 Lan lt 1 Lan lt 1 lan lt l password 0 LINE realm LINE server primary secondary timeout lan lt 1 exclude list none p128 wep128 keyguard wep64 32 gt hotspot allow list webpage webpage location 32 gt hotspot allow list Rule index IP address 1 32 gt hotspot webpage external internal failure login welcome 1 32 gt hotspot webpage location advanced external internal 32 gt inactivity timeout lt 60 86400 gt 32 gt kde 1 32 gt kdc server primary secondary timeout auth port lt 1 65535 gt 32 gt nac mode bypass nac except include 1ist do nac except wlan lt 1 32 gt nac server primary secondary timeout wlan lt 1 32 gt nac server primary secondary A B C D auth port radius key 0 2 Shared Secret wlan lt 1 32 gt nac server timeout lt 1 300 gt wlan lt 1 32 gt qos classification mcast with dot11li mcastl mcast2 prioritize voice svp weight lt 1 10 gt wmm wlan lt 1 32 gt qos classification background best effort video voice wmm wlan lt 1 32 gt qos wmm 8021p background best effort dscp video voice aifsn cw txop limit acm 20 50 WS5100 Series Switch CLI Reference Guide w d w w i wl wL ALE lan lt 1 32 gt radius accounting authentication protocol dscp ynamic authorization dynam
263. l SPI must equal the inbound remote SPI The key values are the hexadecimal representations of the keys They are not true ASCII strings Therefore a key of 3031323334353637 represents 01234567 WS5100 config crypto map set transformset name Crypto map entries do not directly contain the transform configuration for securing data Instead the crypto map Is associated with transform sets which contain specific security algorithms If a transform set is not configured for a crypto map the entry is incomplete and has no effect For manual key crypto maps only one transform set can be specified Example WS5100 config crypto map set localid hostname TestMapHost WS5100 config crypto map show Crypto Map Config Commands Displays the current system information running on the switch Syntax show lt paramater gt Parameters Displays all the parameters for which information can be viewed using the show command Example WS5100 config crypto ma access list alarm log autoinstall banner boot clock commands crypto debugging environment file ftp history interfaces ip ldap licenses logging mac management mobility ntp password encryption privilege radius redundancy group redundancy history switch redundancy members running config securitymgr sessions snmp snmp server startup config terminal timezone upgrade status users version wireles
264. l number in the range of lt 1 65535 gt e mobile unit Modifies mobile unit rate traps avg bit speed less than Average bit speed in Mbps is between lt 0 00 gt and lt b4 00 gt avg retry greater than Average retry is greater than 0 00 and less than or equal to 16 00 avg signal less than Average signal in dBm is less than 0 00 and greater than or equal to 120 00 gave up percent greater than Percentage of pkts dropped is greater than 0 00 and less than or equal to 100 00 nu percent greater than Percentage of non unicast pkts is greater than 0 00 and less than or equal to 100 00 pktsps greater than Packets per sec is greather than 0 00 and less than or equal to 100000 00 tput greater than Throughput in Mbps is greather than 0 00 and less than or equal to 100000 00 undecrypt percent greater than Percentage of undecryptable pkts is geater than 0 00 and less than or equal to 100 00 5 54 WS5100 Series Switch CLI Reference Guide e tput greater than Throughput in Mbps is greather than 0 00 and less than or equal to 100000 00 undecrypt percent greater than Percentage of undecryptable pkts is geater than 0 00 and less than or equal to 100 00 host SNMP server host e A B C D SNMP server host IP address location Text for mib object sysLocation manager Enables the SNMP manager e all Enables SNMP version v2 and v3 e v2 Enables SNM
265. lay debugging setting environment show environmental information file Display filesystem information ftp Display FTP Server configuration history Display the session command history interfaces Interface status and configuration ip Internet Protocol IP ldap ldap server licenses Show any installed licenses logging Show logging configuration and buffer mac edia Access Control management Display L3 Managment Interface nam mobility Display Mobility Parameters ntp Network time protocol password encryption password encryption privilege Show current privilege level radius Radius configuration commands redundancy group Display redundancy group parameters redundancy history Display state transition history of the switch redundancy members Display redundancy group members in detail running config Current Operating configuration securitymgr Display debug info for ACL VPN and NAT sessions Display current active open connections snmp Display SNMP engine parameters snmp server Display SNMP engine parameters startup config Contents of startup configuration terminal Disp timezone Disp upgrade status Disp users Disp version Disp wireless Wirel WS5100 config radsrv group lay terminal configuration parameters lay timezone lay last image upgrade status lay information about terminal lines lay software amp hardware version less configuration commands WS5100 config radsrv show radius trust point Trust point Configured F
266. le WS5100 config crypto isa access list aclstats alarm log autoinstall banner boot clock commands crypto debugging dhcp environment file ftp history interfaces ip ldap licenses logging mac mac address table management mobility ntp password encryption port channel privilege radius redundancy group redundancy history redundancy members running config securitymgr sessions snmp snmp server sole spanning tree startup config static channel group terminal timezone upgrade status kmp Dis Dis Dis Dis DHC Dis Dis Dis LDA p O p p show Internet Protocol IP Show ACL Statistics information lay all alarms currently in the system autoinstall configuration play Message of the Day Login banner play boot configuration lay system clock Show command lists encryption module Debugging information outputs Server Configuration show environmental information play filesystem information play FTP Server configuration play the session command history Interface status Internet Protocol IP server Show any installed licenses Show logging configuration and buffer Internet Protocol IP Dis Dis Dis Por Dis Dis swi Dis Dis Dis Dis Dis Con sta Dis Dis Dis p p p pl p p play MAC address table play L3 Managment Interface nam play Mobility parameters Network time protocol password encryption t
267. le WS5100 config crypto peer exit WS5100 config help gt Crypto Peer Config Commands Accesses the system s interactive help system Syntax help Parameters None Example WS5100 config crypto peer help CLI provides advanced help feature When you need help anytime at the command line please press If nothing matches the help list will be empty and you must backup until entering a shows the available options Two styles of help are provided 1 Full help is available when you are ready to enter a command argument e g show and describes each possible argument 2 Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input e g show ve WS5100 config crypto peer no gt Crypto Peer Config Commands Negates a command or sets its defaults Syntax no set aggressive mode password Parameters See set command for parameters details Example WS5100 config crypto peer no aggrerssive mode WS5100 config crypto peer 8 4 WS5100 Series Switch CLI Reference Guide 8 1 6 service gt Crypto Peer Config Commands Invokes service commands to trobuleshoot or debug the config crypto peer instance configuration Syntax service show cli Parameters cli Show CLI tree of current mode Example WS5100 config crypto peer service show cli Crypto Peer Config mode clrscr clrscr do LINE do LI
268. le 17 1 DHCP Server Command Summary Command Description Ret default router Configures a default router s IP address page 17 9 dns server Sets the IP address of a DNS Server page 17 10 domain name Sets the domain name page 17 10 end Ends the current mode and moves to the EXEC mode page 17 11 exit Ends the current mode and moves to the previous page 17 11 mode hardware Defines the hardware address using either a dashed page 17 11 address or dotted hexadecimal string help Displays the interactive help system in HTML format page 17 12 host Configures an IP address for the host page 17 13 lease Assigns the lease time for a DHCP leased IP address page 17 13 netbios name Configures NetBIOS WINS name servers page 17 15 server netbios node Defines the NetBIOS node type page 17 15 type network Sets a network number and mask for the DHCP page 17 16 Server next server Configures the next server in boot process page 17 16 no Negates a command or sets its defaults page 17 17 option Assigns a name for a DHCP option page 17 17 service Invokes service commands to trobuleshoot or debug page 17 18 config dhcp Instance configurations show Displays the running system information page 17 20 update Controls the usage of Dynamic DNS DDNS page 17 22 DHCP Server Instance 17 3 17 1 1 address DHCP Config Commands Specifies a range of addresses for the DHCP network pool Syntax addres
269. lears the display screen Ref Ends the current mode and moves to the EXEC mode Ends the current mode and moves to the previous mode Displays the system s interactive help system Assigns a VLAN to the bridge instance Sets a name for the MST region Negates a command or sets defaults Configures the revision number of the MST bridge Invokes the service commands needed to troubleshoot or debug config if instance configurations 13 2 WS5100 Series Switch CLI Reference Guide Table 13 1 MSTP Config Command Summary Continued Shows running system information Command Ref show page 13 7 13 1 1 clrscr mst Config Commands Clears the display Syntax clrscr Parameters None Example WS5100 config mst clrscr WS5100 config mst 13 1 2 end mst Config Commands Ends and exits the current mode and moves to the PRIV EXEC mode The prompt changes to ws5100 Syntax end Parameters None Example WS5100 config mst end WS5100 13 1 3 13 1 4 spanning tree mst Instance 13 3 exit mst Config Commands Ends the current mode and moves to the previous mode GLOBAL CONFIG The prompt changes to ws5100 config Syntax exit Parameters None Example WS5100 config mst exit WS5100 config help mst Config Commands Dispalys the system s interactive help system Syntax help Parameters None Example WS5100 config mst
270. less Global Configuration Commands Configures switch wireless parameters This command moves you to the config wireless instance For more information see Wireless Instance on page 20 1 Syntax wireless Parameters None 5 62 WS5100 Series Switch CLI Reference Guide Usage Guidelines The wireless command is used to enter the config wireless instance wherein you can configure the WS5100 wireless parameters You can confirm that you have entrered the wireless instance as the prompt changes from the the regular ws5100 config to WS5100 config wireless Example WS5100 config wireless WS5100 config wireless 5 1 36 wlan acl Global Configuration Commands Use this command to apply an ACL on a WLAN index Syntax wlan acl lt 1 32 gt lt 1 99 gt lt 100 199 gt lt 1300 1999 gt lt 2000 2699 gt word in out Parameters lt 1 32 gt WLAN number e lt 1 99 gt IP standard access list e lt 100 199 gt IP extended access list e lt 1300 1999 gt IP standard access list expanded range e lt 2000 2699 gt IP extended access list expanded range e WORD Access list name Usage Guidelines 1 Every WLAN created is mapped to an index When an ACL is applied on a WLAN index it becomes a WLAN ACL The following type of ACL s can be applied on a WLAN e P Standard ACL e P Extended ACL e MAC Extended ACL Global Configuration Commands 5 63 When a packet is
271. li Any commands executed under this context are executed on each cluster member Use no cluster c1i to exit the cluster cli context Syntax cluster cli enable 4 1 8 4 1 9 Privileged Exec Commands 4 11 Parameters enable Enables the switch cluster context Example configure Priv Exec Command Enters into the configuration mode Syntax configure terminal Parameters terminal Configure from the terminal Example WS5100 configure terminal Enter configuration commands one per line End with CNTL Z WS5100 config copy Priv Exec Command Use this command to copy any file config log txt etc from any location to the switch and vice versa NOTE Copying a new config file onto an existing running config file merges it with the existing running config on the switch Both the existing running config and the new config file are applied as the current running config Copying a new config file onto a start up config files replaces the existing start up config file with the parameters of the new file It is better to erase the existing start up config file from and then copy the new config file to the startup config Syntax copy FILE URL FILE URL 4 12 4 1 10 WS5100 Series Switch CLI Reference Guide Parameters FILE Target file from which to copy URL Target URL from which to copy Example Transferring file snmpd log to remote tftp server W
272. limit 0 users 0 log sent 29 wlan 20 vlan id 0 limit 0 users 0 log sent 30 wlan 20 vlan id 0 limit 0 users 0 log _sent 31 wlan 20 vlan id 0 limit 0 users 0 log _sent WS5100 config wireless WS5100 config wireless service show wireless radio description access port MAC start BSS radio description coordinates 1 00 A0 F8 BF 8A 4B 00 A0 F8 BF EF BO 11lbg RADIO1 000 20 1 35 Wireless Instance 20 47 2 00 A0 F8 BF 8A 4B 00 A0 F8 BF ED BC lla 000 WS5100 config wireless RADIO2 WS5100 config wireless servic throttle 10 default 10 traps allowed through throttle 9 traps dropped through throttle 0 WS5100 config wireless show wireless snmp trap throttle show Wireless Configuration Commands Displays current system information running on the switch Syntax show lt paramater gt Parameters Displays all the parameters for which information can be viewed using the show command Example WS5100 config wireless show access list Internet Protocol IP aclstats Show ACL Statistics information alarm log Display all alarms currently in the system autoinstall autoinstall configuration banner Display Message of the Day Login banner boot Display boot configuration clock Display system clock commands Show command lists crypto encryption module debugging Debugging information outputs dhcp DHCP Server Configuration environment show environmental
273. ll Displays all ACLs attached to a WLAN port Example WS5100 gt show wlan acl 20 WLAN port 20 Inbound IP Access List Inbound MAC Access List Outbound IP Access List Outbound MAC Access List WS5100 gt WS5100 gt show wlan acl all WLAN port 1 Inbound IP Access List 278 Inbound MAC Access List 200 Outbound IP Access List 78 Outbound MAC Access List 200 WS5100 gt 2 2 34 access list Common Commands 2 71 Priviledge Global Config Displays the access lists numbered and named configured on the switch The numbered access list displays numbered ACLs The named access list displays named ACL details Syntax show access list show access list lt 1 99 gt lt 100 199 gt lt 1300 1999 gt lt 2000 2699 gt WORD Show access list lt acl name gt Parameters lt 1 99 gt IP standard access list lt 100 199 gt IP extended access list lt 1300 1999 gt IP standard access list expanded range lt 2000 2699 gt IP extended access list expanded range WORD Name of ACL Example WS5100 config permit ip permit ip permit ip WS5100 config WS5100 config permit ip permit ip permit ip WS5100 config show access list Extended IP access list 110 192 168 1 0 24 192 168 100 0 24 rule precedence 5 192 168 63 0 24 192 168 100 0 24 rule precedence 63 192 168 157 0 24 192 168 100 0 24 rule precedence 157 show access list 110 Ex
274. log Sets the syslog servers logging level lt 0 7 gt Enter the Logging severity level Can be between 0 7 alerts Immediate action needed severity 1 critical Critical conditions severity 2 debugging Debugging messages severity 7 emergencies System is unusable severity 0 errors Error conditions severity 3 informational Informational messages severity 6 notifications Normal but significant conditions severity 5 warnings Warning conditions severity 4 5 1 21 Global Configuration Commands 5 35 facility Syslog facility in which log messages are sent ocal0 Syslog facility local0 ocal1 Syslog facility local ocal2 Syslog facility local2 ocal3 Syslog facility local3 ocal4 Syslog facility local4 ocal5 Syslog facility local5 ocal6 Syslog facility local6 ocal7 Syslog facility local7 host Configure remote host to receive log messages A B C D Remote host s IP address on Enables the logging of system messages Example WS5100 config logging aggregation time 20 WS5100 config mac Global Configuration Commands Configures MAC access lists Syntax mac access list extended WORD Parameters access list Defrines the ACL config for the MAC address extended MAC Extended ACL WORD Define the name of the ACL 5 36 5 1 22 WS5100 Series Switch CLI Reference Guide Usage
275. lt 1 2 gt vlan lt 1 4094 gt Show ip access group lt interface name gt show ip arp show ip ddns binding show ip dhcp binding class pool sharednetwork show ip dhcp vendor options show ip domain name show ip http secure server server show ip interface IFNAME brief eth vlan show ip name server show ip route A B C D lt IP prefix len gt detail show ip routing show ip ssh show ip telnet Parameters Common Commands 2 35 access group Displays the ACLs attached to an interface e FNAME Enter the name of the interface to which the ACL is associated access group lists the details of the ACLs configured on the particular Layer 3 or Layer 2 interface e eth Enter the name of the ethernet interface to which the ACL is associated e vlan Enter the name of the VLAN interface to which the ACL is associated arp Displays existing entries in the Address Resolution Protocol ARP table ddns Displays the DDNS configuration e binding DNS address bindings dhcp Displays the DHCP server configuration e binding DNS address bindings e class Configures the DHCP Server class e pool DHCP Pool designation e sharednetwork Shared network information dhcp vendor options DHCP Option 43 parameters received from DHCP server domain name Displays domain name information http Hyper Text Transfer Protocol HTTP e secure server Secure HTTP server e se
276. mands available at the user level are a subset of the commands available at the privileged level In general USER EXEC commands allow you to connect to remote devices perform basic tests and list system information To list available USER EXEC commands use at the command prompt The USER EXEC prompt consists of the device host name followed by an angle bracket gt The default host name is generally WLAN Module Use the GLOBAL CONFIG command to change the hostname 3 1 User Exec Commands summarizes USER EXEC commands Table 3 1 User Exec Mode Command Summary Command Description Ret Resets the command to the previous configuration Clears the display screen Displays the cluster context Displays debugging functions Turns off disables the privileged mode command set 3 2 WS5100 Series Switch CLI Reference Guide Table 3 1 User Exec Mode Command Summary Command Description Ref enable Turns on enables the privileged mode command set page 3 6 exit Ends the current mode and moves down to the page 2 2 previous mode help Describes the interactive help system page 2 2 logout Exits the EXEC mode page 3 7 no Negates a command or sets ts defaults page 2 4 page Toggles the paging functionality page 3 7 ping Sends ICMP echo messages page 3 7 quit Exits the current mode and moves to the previous page 3 8 mode service Displays service commands page 2 5 s
277. ment e g show and describes each possible argument 2 Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input e g show ve WS5100 config sole no SOLE Config Commands Defines the name of the adapter or disables the adapter s Syntax no adapter aeroscout enable Parameters adapter aeroscout SOLE adapter name enable e aeroscout Defines the name of the adapter e enable Use with no to disable all the SOLE adapters Usage Guidelines Use no adapter aeroscout enable enable to disable specified or all SOLE adapters The SOLE adapter is disabled by default Example WS5100 config sole no adapter enable WS5100 config sole SOLE Instance 21 5 21 1 7 service SOLE Config Commands Invokes service commands to troubleshoot or debug config if instance configurations Syntax service show cli Parameters show cli Displays the CLI tree of current mode Example WS5100 config sole service show cli Location Engine Config mode adapter ADAPTER t enable adapter ADAPTER enable t enable adapter ADAPTER enable clrscr clrscr end end t exit exit t help help no adapter ADAPTER enable no adapter ADAPTER enable t enable no adapter ADAPTER enable quit quit WS5100 config sole 21 6 WS5100 Series Switch CL
278. n AP MU pair idle radio send multicast enable Enables the forwarding of multicast packets to radios without associated MUs legacy load balance Invokes a legacy load balance algorithm radio misc cfg Used for radio specific miscellaneous configurations rate scale Enables wireless rate scaling default request ap log lt 1 48 gt Requests an AP log for a selected AP index save ap log Saves debug error logs sent by the access port snmp trap throttle Limits the number of SNMP traps generated lt 1 20 gt e lt 1 20 gt Sets the maximum number of traps per second that can be generated vlan cache Services a switch s VLAN cache Usage Guidelines To stop a service use the no command For instance use no servic wireless idle radio send multicast enable to stop sending broadcast multicast frames to idle radios 20 46 WS5100 Series Switch CLI Reference Guide Example WS5100 config wireless service show wireless ap history AP MAC Radio Timestamp Event Reason 00 A0 F8 BF 8A 4B N A 20070926 20 23 10 Adoption N A WS5100 config wireless WS5100 config wireless service show wireless mvlan 20 Wlan 20 pool size 1 wlan 20 vlan id 1 limit wlan 20 vlan id 0 limi wlan 20 vlan_id 0 limi wlan 20 vlan id 0 limi wlan 20 vlan id 0 limi wlan 20 vlan id 0 limit wlan 20 vlan id 0 limi wlan 20 vlan id 0 limi wlan 20 vlan id 0 limi
279. n an abbreviated argument is entered and you want to know what arguments match the input e g show ve WS5100 config crypto map match Crypto Map Config Commands Use this command to assign an IP access list to a crypto map definition The access list designates the IP packets to be encrypted by this crypto map A crypto map entry is a single policy that describes how certain traffic is secured There are two types of crypto map entries ipsec manual and ipsec ike entries Each entry is given an index used to sort the ordered list When a non secured packet arrives on an interface the crypto map set associated with that interface is processed in order If a crypto map entry matches the non secured traffic the traffic is discarded 10 4 WS5100 Series Switch CLI Reference Guide When a packet is transmitted on an interface the crypto map set associated with that interface is processed The first crypto map entry that matches the packet is used to secure the packet If a suitable SA exists it is used for transmission Otherwise IKE is used to establish an SA with the peer If no SA exists and the crypto map entry is respond only the packet is discarded When a secured packet arrives on an interface its SPI is used to look up a SA If a SA does not exist or if the packet fails any of the security checks it is discarded If all checks pass the packet is forwarded normally Syntax match lt list name gt
280. n default local none line con 0 line vty 0 24 end WS5100 config 2 79 2 80 WS5100 Series Switch CLI Reference Guide 2 2 45 securitymgr 2 2 46 2 2 47 Privilege Global Config Syntax show securitymgr debug logs Parameters event logs Display securitymgr event logs sessions Privilege Global Config Syntax show sessions Parameters None Example WS5100 show sessions SESSION USER LOCATION IDLE START TIME 1 elt Console 06 24m May 31 18 31 36 2007 KS 2 cli TOTO 0 1 00 00m Jun 1 00 04 30 2007 WS5100 startup config Privilege Global Config Syntax show startup config Parameters None Common Commands 2 81 Example WS5100 show startup config configuration of WS5100 version 3 1 0 0 008D version 1 0 service prompt crash info username admin password 1 8e67bb26b358e2ed20fe552ed6fb832f397a507d username admin privilege superuser username operator password 1 fe96dd39756ac41b74283a9292652d366d73931f spanning tree mst config name My Name country code us logging buffered 4 logging console 4 snmp server sysname WS5100 snmp server manager v2 snmp server manager v3 snmp server user snmptrap v3 encrypted auth md5 Ox7be2cb56 6060226 15974c936e2739b snmp server user snmpmanager v3 encrypted auth md5 Ox7be2cb56 6060226 15974c936e2739b snmp server user snmpoperator v3 encrypted auth md5 0x49c451c7c6893ffcede0491bbd0a12c4 crypto isakmp
281. n the access list is an implict deny statement Whenever the interface receives the packet its content is checked against all the ACEs in the ACL It is allowed denied based on the ACL configuration Example The MAC AC in the example below denies traffic from any source MAC address to a particular host MAC address WS5100 config ext macl deny any host 00 01 ae 00 22 11 WS5100 config ext macl The MAC ACL in the example below denies dot q tagged traffic from VLAN interface 5 WS5100 config ext macl deny any any vlan 5 type 8021q WS5100 config ext macl The example below denies traffic between two hosts based on MAC addresses WS5100 config ext macl deny host 01 02 fe 45 76 89 host 01 02 89 78 78 45 WS5100 config ext macl 16 1 3 16 1 4 16 1 5 Extended MAC ACL Instance 16 5 end MAC Extended ACL Config Commands Ends and exits from the current mode and moves to the PRIV EXEC mode The prompt changes to ws51004 Syntax end Parameters None Example WS5100 config ext macl end WS5100 exit MAC Extended ACL Config Commands Ends the current mode and moves to the previous mode GLOBAL CONFIG The prompt changes to ws5100 config Syntax exit Parameters None Example WS5100 config ext macl exit WS5100 config help gt MAC Extended ACL Config Commands Displays the system s interactive help in HTML format Syntax help Parameters None 16 6
282. n the config mode This ensure management access is restricted to the management VLAN only Refer management on page 5 37 for config management secure configuration Example WS5100 config interface vlan 1000 WS5100 config if management WS5100 config if no Interface Config Commands Negates a command or sets its defaults Syntax no crypto description duplex ip mac port channel shutdown spanning tree speed static channel group switchport Parameters The no command negates any command associated with it Wherever required use the same parameters associated with the command getting negated Example WS5100 config if no duplex WS5100 config if 12 10 WS5100 Series Switch CLI Reference Guide 12 1 12 port channel Interface Config Commands Selects the load balance criteria of an aggregated port Syntax port channel load balance src dst ip src dst mac Parameters load balance Sets load balancing for port channel src dst ip src dst mac e src dst ip Defines the Source and Destination IP address based on the current load balancing e src dst mac Sets the Source and Destination MAC address based on the load balancing Usage Guidelines Use this command to configure and set load balance on the aggregated port using config if static channel group Example The example below creates a channel group 1 with interface ge1 and ge 2 WS5100 config interface gel WS5100 config
283. name gt Provide proxy realm name e strip Strip realm name while proxying requests accounting none radius syslog Defrines the accounting configuration on this WLAN e none No accounting performed on this WLAN e radius Uses RADIUS accounting on this WLAN e syslog Uses Syslog accounting on this WLAN add vlan lt 1 4094 gt VLAN limit Instead of starting a new VLAN assignment for given WLAN this command adds a VLAN assignment to an existing VLAN assignment All prior VLAN settings are retained e lt 1 4094 gt VLAN Sets the VLAN range list It can be either a single index or a list 1 3 7 or range 3 7 e limit Sets user limits on VLANs for this WLAN NOTE The no form of add vlan command deletes the specified VLAN mapping over the specified WLAN range list If the specified mapping does not exist for a particular WLAN a specified vlan does not exists message displays The delete action continues on remaining VLANs If all the VLANs are deleted A default VLAN assignment takes effect answer bcast ess Allows this WLAN to respond to probes for broadcast ESS WS5100 Series Switch CLI Reference Guide authentication type eap hotspot kerberos mac auth none Sets the authentication type for this WLAN e eap EAP authentication 802 1X e hotspot Web based authentication e kerberos Kerberos authentication encryption will change to WEP128 if i
284. name server 2 2 2 222 WS5100 config dhcp netbios node type DHCP Config Commands Defines the netbios node type Syntax netbios node type b node h node m node p node Parameters netbios node type Defines the NetBIOS WINS name servers b node h node e b node Broadcast node m node p node e h node Hybrid node e m node Mixed node e p node Peer to peer node Example WS5100 config dhcp netbios node type p node WS5100 config dhcp 17 16 17 1 19 17 1 20 WS5100 Series Switch CLI Reference Guide network DHCP Config Commands Sets the network pool s IP address This address maps the current DHCP pool with a specific network Syntax network A B C D A B C D M Parameters network A B C D A B C D M Sets the network number and mask e A B C D Network number in dotted decimal format e A B C D M Network number and mask Usage Guidelines Ensure a VLAN interface with specific network subnet exists on the switch before mapping a DHCP pool to a particular network Example WS5100 config dhcp network 2 2 2 0 24 WS5100 config dhcp next server DHCP Config Commands Sets the IP address of the next server in the boot process Syntax next server lt IP address gt Parameters next server lt IP address gt Sets the next server in boot process e lt IP address gt Defines the server s IP address 17 1 21
285. ncy members running config securitymgr sessions snmp snmp server sole spanning tree startup config static channel group sta terminal timezone upgrade status users version wireless wlan acl Display s switch Current O Display s Con in users SOLE Instance 21 7 tate transition history of the Display redundancy group members in detail perating configuration Securitymgr parameters Display current active open connections Display SNMP engine parameters Display SNMP engine parameters Smart Opportunistic Location Engine Configuration panning tree information ents of startup configuration ic channel group membership Display terminal configuration parameters Display timezone Display last image upgrade status Display information about currently logged Display software amp hardware version Wireless configuration commands wlan based acl WS5100 config sole show WS5100 config sole show sole config adapter SOLE Adapter Ad w pter Type AeroScout Adapter Version 2 01 Configured Status disabled Operational Status disabled Thu Sep 13 21 44 45 2007 Adapter Build Time WS5100 config sole WS5100 config sole show sole stats adapter Adapter Type AeroScout Ada Number of messages r Number of messages s nt to engin Number of tag reports sent to eng a a WS5100 config sole pter Status disabled ceived from en
286. ndancy group parameters Display state transition history of the switch Display redundancy group members in detail Display SNMP engine parameters Display SNMP engine parameters Display terminal configuration parameters Display timezone Display information about terminal lines Display software amp hardware version Wireless configuration commands wlan based acl 2 4 WS5100 Series Switch CLI Reference Guide 2 1 4 no Common Commands Negates a command or sets its defaults Syntax no Parameters None Example User Exec WS5100 gt no cluster cli Cluster context debug Debugging functions page Toggle paging service Service Commands WS5100 gt no Example Priv Exec WS5100 no cluster cli Cluster context debug Debugging functions page Toggle paging service Service Commands upgrade Name of the patch to remove WS5100 no Example Global Config WS5100 config no aaa VPN AAA authentication settings access list Configure access lists autoinstall autoinstall configuration command banner Reset login banner to nothing bridge Bridge group commands country code Clear the currently configured country code All existing configurations will be erased crypto encryption module errdisable errdisable fallback Configures software fallback feature ftp Configure FTP Server hostname Reset system s network name to default interface Delete a virtual interface ip Internet Protoc
287. ndex lt 1 256 gt e statistics Displays known adaptive AP stats e lt 1 256 gt Displays adaptive ap statistics for known adaptive APs between 1 256 mac auth local lt 1 1000 gt Displays mac auth local entries mesh statistics lt 1 32 gt Displays mesh related parameters detail e statistics Dispalys mesh statistics e lt 1 32 gt Defines the mesh index e detail Detailed mesh statistics mobile unit Displays the paramters of associated mobile units e lt 1 4096 gt Index of mobile unit e AA BB CC DD EE FF MAC address of mobile unit e association history Displays the mobile unit history e probe history Displays the MU probe history e lt 1 200 gt Defines index to display probe logging e config list Lists probe history MAC addresses e radio Displays mobile units associated to this radio e statistics Displays mobile unit RF statistics e wlan Displays mobile units associated to this WLAN multicast packet limit Displays multicast packet limit Common Commands 2 65 phrase to key Displays the WEP keys generated by a passphrase e wep128 Displays WEP128 keys e wep64 Displays WEP64 keys qos mapping Quality of service mappings used for mapping WMM access categories and 802 1p DSCP tags e wired to wireless Mappings used when traffic is switched from wired to the wireless side e wireless to wired Mappings used when traffic is
288. ndex of the access port e AA BB CC DD EE FF Sets the MAC address of a access port Detected AP configuration parameters ap images ap unadopted Displays the access port images on the switch Lists unadopted access ports approved aps Dispalys approved APs detected by access port scans channel power Lists the channels and power levels available for a radio e 11a Defines the radio as 802 11a e 11b Defines the radio as 802 11b e 11bg Defines the radio as 802 11bg e indoor Radio is placed indoor e outdoor Radio is placed outdoor client exclude list include list Wireless client configuration e exclude list Sets the exclude list configuration e include list Sets the include list configuration config Wireless configuration parameters country code list Displays the list of supported country names and 2 letter ISO 3166 codes default ap Displays default access port information hotspot config lt 1 32 gt WLAN hotspot configuration for specified index 2 64 WS5100 Series Switch CLI Reference Guide Displays intrusion detection configuration parameters e configured bad essids Displays a list of bad essids This parameter sets the number of seconds a MU is filtered e filter list Displays the list of currently filtered mobile units known ap statistics lt 1 256 gt Displays known AP parameters e ap Defines a known AP i
289. ne Display timezone upgrade status Display last image upgrade status users Display information about terminal lines version Display software amp hardware version wireless Wireless configuration commands WS5100 config ext nacl show terminal gt Extended ACL Config Commands Sets the length number of lines displayed on the terminal window Syntax terminal monitor no terminal no monitor Parameters monitor Copies debug output to the current terminal line no Negates a command or set its defaults e monitor Copies debug output to the current terminal line Usage Guidelines By default log messages are generally not displayed using a Telnet session Use the terminal monitor command to view Telnet log messages Example WS5100 config ext nacl terminal monitor WS5100 config ext nacl WS5100 config ext nacl terminal no monitor WS5100 config ext nacl 14 22 WS5100 Series Switch CLI Reference Guide Standard ACL Instance Use the config std nacl instance to configure ip access list standard ACLs 15 1 Standard ACL Config Commands summarizes the config std nacl commands Table 15 1 Standard ACL Config Command Summary Command Description Ref Clears the display screen Specifies packets to reject Ends the current mode and moves to the EXEC mode Ends the current mode and moves to the previous mode Displays the interactive help system Specifies packets to mark
290. new all acknowledged lt 1 65535 gt lear arp cache lear crypto ipsec sa A lear crypto ipsec sa A lear crypto isakmp sa lear crypto isakmp sa lear ip dhcp binding 00000000000 WS5100 2 2 4 crypto Common to all modes Syntax show show show show show show Common Commands 2 29 crypto ipsec isakmp key map pki crypto crypto crypto crypto crypto ipsec sa security association lifetime transformset isakmp policy lt 1 10000 gt sa key mypubkey map interface tag pki request trustpoints 2 30 WS5100 Series Switch CLI Reference Guide Parameters ipsec sa securityassociation lifetime transformset Displays the IPSEC policy e sa IPSec security association e security association Security association name e lifetime Defines the lifetime e transformset Transformset e name Defines the transform set name or all transform sets isakmp Displays ISAKMP policies policy lt 1 10000 gt sa e policy lt 1 10000 gt Displays the priority allthe isakmp policies e sa All crypto ISAKMP security associations key mypubkey rsa Displays authentication key management e mypubkey Shows the public keys assoicated with the switch e rsa Displays the RSA public keys map interface tag name Displays crypto maps e interface name Sets crypto maps for an interface e tag name Sets crypto maps with a given tag
291. nfig crypto map set Crypto Map Config Commands Use this command to set the various set parameters of the peer device Syntax set localid mode peer pfs remote type ipsec 12tp xauth security association session key transformset set localid dn hostname set security association level perhost Lifetime kilobytes seconds lt value gt set session key inbound outbound ah esp set session key inbound outbound ah lt hexkey data gt set session key inbound outbound esp lt SPI gt cipher lt hexdata key gt authenticator lt hexkey data gt Parameters local id Sets the local identity e dn Defines the distinguished name e hostname Sets the hostname mode Sets the mode of the tunnels for this Crypto Map e aggressive Initiates aggressive mode e main Initiates main mode peer Sets the IP address of the peer device This can be set for multiple remote peers The remote peer can be either an IP address or hostname Note In manual mode only one remote peer can be added for a crypto map e P address Enter the IP address of the peer device If not configured it implies responder only to any peer 10 8 WS5100 Series Switch CLI Reference Guide pfs Use the set pfs command to choose the type of perfect forward secrecy if any required during IPSec negotiation of SAs for this crypto map Use the no form of this command to require no PFS e group 1 PSec is req
292. nfiguration Commands Ends and exits the current mode and changes to the PRIV EXEC mode The prompt changes to wS5100 Syntax end Parameters None Example WS5100 config radsrv group end WS5100 exit Radius Configuration Commands Ends the current mode and moves to the previous mode config radsrv The prompt changes to wS5100 config Syntax exit Parameters None 19 8 19 1 7 4 19 1 7 5 WS5100 Series Switch CLI Reference Guide Example WS5100 config radsrv group exit WS5100 config radsrv group group Radius Configuration Commands Establishes RADIUS user group parameters This command creates a group within the existing RADIUS group Syntax group Parameters WORD Defines the RADIUS group name Example WS5100 config radsrv group group TestGroup WS5100 config radsrv group guest group Radius Configuration Commands Manages a guest user linked with a hotspot Create a guest user and associate it with the guest group The guest user and the policies of the guest group are used for hotspot authentication authorization Syntax guest group Parameters enable Defines this group as a guest group Usage Guidelines Creates a guest group The guest user created using rad user can only be part of the guest group Example WS5100 config radsrv group guest group enable WS5100 config radsrv group 19 1 7 6 19 1 7 7 Radius Server Instance 19 9
293. ngst many contexts and instance contexts within the WS5100 switch command line interface Summarizes the User Exec commands within the WS5100 switch command line interface Chapter 4 Privileged Exec Commands Summarizes the Priv Exec commands within the WS51 00 switch command line inter ace Chapter 5 Global Configuration Commands Summarizes the Global Config commands within the WS51 00 switch command line inter ace Chapter 6 crypto isakmp Summarizes the crypto isakmp commands within the WS51 00 switch command line inter ace Chapter 7 crypto group Summarizes the erypto group commands within the 00 switch command line inter WS51 ace Chapter 8 crypto peer Summarizes the erypto peer commands within the 00 switch command line inter WS51 ace Chapter 9 crypto ipsec Summarizes the erypto ipsec commands within the 00 switch command line interface WS51 Chapter 10 crypto map Summarizes the erypto map commands within the 00 switch command line inter WS51 ace Chapter 11 crypto trustpoint Instance Summarizes the crypto trustpoint commands within the WS5100switch command line interface Chapter Jump to this section if you want to Chapter 12 interface Instance Summarizes the config if commands within the WS510
294. nies ICMP traffic from any source to any destination The keyword any is used to match any source or destination IP address WS5100 config ext nacl deny icmp any any WS5100 config ext nacl permit ip any any WS5100 config ext nacl end Extended ACL Config Commands Ends and exits the current mode and moves to the PRIV EXEC mode The prompt changes to wS5100 Syntax end Parameters None Example WS5100 config ext nacl end WS5100 exit gt Extended ACL Config Commands Ends the current mode and moves to the previous mode GLOBAL CONFIG The prompt changes to ws5100 config Syntax exit Parameters None Example WS5100 config ext nacl texit WS5100 config 14 8 14 1 5 14 1 6 WS5100 Series Switch CLI Reference Guide help gt Extended ACL Config Commands Displays the system s interactive help system Syntax help Parameters None Example WS5100 config ext nacl help CLI provides advanced help feature When you need help anytime at the command line please press If nothing matches the help list will be empty and you must backup until entering a shows the available options Two styles of help are provided 1 Full help is available when you are ready to enter a command argument e g show and describes each possible argument 2 Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input e g show ve
295. nterface details Usage Guidelines Use the show interface command to display the administrative and operational status of all the interfaces or a specified interface Example WS5100 show interfaces eth 1 Interface eth1 Hardware Type Ethernet Interface Mode Layer 2 address is 00 a0 f8 65 ea 8e index 2001 metric 1 mtu 1500 HAL IF lt UP BROADCAST RUNNING MULTICAST gt Speed Admin Auto Operational 10M Maximum 1G Duplex Admin Auto Operational Half Switchport Settings Mode Access Access Vlan 2100 input packets 0 bytes 0 dropped 0 multicast packets 0 input errors 0 length 0 overrun 0 CRC 0 frame 0 fifo 0 missed 0 output packets 0 bytes 0 dropped 0 output errors 0 aborted 0 carrier 0 fifo 0 heartbeat 0 window 0 WS5100 WS5100 config show interfaces switchport ethl Interface ethl Switchport Settings Mode Access Access Vlan 2100 WS5100 config show interfaces switchport vlanl Interface vlanl Switchport Settings Mode Access Access Vlan 0 2 34 WS5100 Series Switch CLI Reference Guide 228 ip Common to all modes Syntax show ip access group IFNAME eth lt 1 2 gt vlan lt 1 4094 gt arp ddns binding dhcp binding class pool sharednetwork dhcp vendor options domain name http secure server server interface IFNAME brief vlan name server route A B C D A B C D M detail routing ssh telnet show ip access group IFNAME eth
296. ntry WS5100 config WORD State WS5100 config WORD City WS5100 config WORD Organi WS5100 config WORD Organi WS5100 config gt lt cr gt WS5100 config WS5100 config trustpoint subject name TestPool 2 character ISO Code trustpoint subject name TestPool 2 to 128 characters trustpoint subject name TestPool 2 to 128 characters trustpoint subject name TestPool zation 2 to 64 characters trustpoint subject name TestPool zation Unit 2 to 64 characters trustpoint subject name TestPool trustpoint subject name TestPool trustpoint PB PB SYMBOL PB SYMBOL WID PB SYMBOL WID interface Instance Use the config i instance to configure the interfaces Ethernet VLAN and tunnel associated with the switch 12 1 Interface Config Commands summarizes the config if commands Table 12 1 Interface Config Command Summary Command Description Clears the display screen Ref Defines the encryption module Creates an interface specific description Sets the duplex mode used by the interface Ends the current mode and moves to the EXEC mode exit Ends the current mode and moves to the previous mode Displays the interactive help system Sets the IP address for the assigned ethernet VLAN or tunnel Applies a MAC access list to a gigabit ethernet interface 12 2 WS510
297. ocation of the FTP server using e DIR Used to set root dir of the ftp server 5 26 5 1 14 5 1 15 WS5100 Series Switch CLI Reference Guide Example WS5100 config ftp enable WS5100 config hostname Global Configuration Commands Changes the system s network name Syntax hostname WORD Parameters WORD Provide the name for the systems network Example WS5100 config hostname Eldorado Eldorado config interface Global Configuration Commands Configures a selected interface This command is used to enter the interface configuration mode for the specified physical Switch Virtual Interface SVI interface If the VLANx SVI interface does not exist it is automatically created NOTE The interface mode leads to the config if instance For more Sy details see interface Instance on page 12 1 The prompt changes from ws5100 config tO ws5100 config if Syntax interface IFNAME eth lt 1 2 gt vlan lt 1 4094 gt Parameters IFNAME Defines the interface name eth lt 1 2 gt Defines the Ethernet interface 5 1 16 Global Configuration Commands 5 27 vlan lt 1 4094 gt Defines the VLAN interface Usage Guidelines Use the no interface lt interface name gt to delete the specified SVI Valid interfaces include all VLANx interfaces Example WS5100 config interface eth 2 WS5100 config if WS5100 config inter
298. ocess minute average load limit exceeded value is 100 00 limit is 99 90 kernel ISR 100 00 Sep 08 15 58 44 2006 PM 4 PROCNORESP logd is not responding Sep 08 15 58 44 2006 PM 4 PROCNORESP logd is not responding Sep 08 15 58 44 2006 PM 4 PROCNORESP logd is not responding Sep 08 15 58 44 2006 PM 4 PROCNORES logd is not responding Version of firmware update file is 3 0 0 0 19193X Sep 08 15 58 44 2006 SKERN 6 INFO hdal internal journal Creating LILO files Running LILO Successful Sep 08 15 58 46 2006 T SEWU 6 FWUDONE update successful new version is 3 0 0 0 19193X WS5100 EXT3 FS on Firmware 4 29 4 30 4 1 34 4 1 35 WS5100 Series Switch CLI Reference Guide upgradeabort Priv Exec Command Aborts an ongoing upgrade process Syntax upgrade abort Parameters None Example WS5100 write Priv Exec Command Writes the running configuration to memory or a terminal Syntax write memory terminal Parameters memory Writes to NV memory terminal Writes to terminal Example WS5100 write terminal configuration of WS5100 version 3 0 0 0 200B version 1 0 I service prompt crash info username admin password 1 8e67bb26b358e2ed20fe552ed6fb832f397a507d username admin privilege superuser username operator password 1 fe96dd39756ac41b74283a9292652d366473931f username manager password 1 45b27d46483fc63098l1ad5096ff26a7956ce0c038
299. ol IP line Configure a terminal line 2 1 5 local logging mac mac address table management ntp prompt radius server redundancy service snmp server spanning tree timezone username vpn wlan acl WS5100 config no service Common Commands Common Commands 2 5 Local user authentication database for VPN Modify message logging facilities MAC configuration Configure MAC address table sets properties of the management interfac Configure NTP Reset system s prompt RADIUS server configuration commands Configure redundancy group parameters Service Commands odify SNMP engine parameters Spanning tree Revert the timezone to default UTC Establish User Name Authentication vpn Remove an ACL from WLAN Services or debugs the switch Syntax User Exec service diaglencry pt save cli show wireless service diag enable fanduty lt 40 100 gt identify limit period t buffer fan filesys inodes load maxFDs pkbuffers procRAM ram routecache temperature service diag limi service diag limi 64 64k 8k service diag Limi service diag limi service diag Limi service diag limi service diag limi service diag limi service diag limi service diag limi service diag limi service diag limi service diag t buffer 128 128k 16k 1k 256 2k 32 32k 4k 512 fan lt 1 2 gt low filesys etc2 flash ram inodes etc2 flash ram
300. ollowing command to attach a MAC access list to a port on a layer 2 interface mac access group lt acl number name gt in The permit command in the MAC ACL disallows traffic based on layer 2 data link layer information A MAC access list permits traffic from a source MAC address or any MAC address It also has an option to allow traffic from a list of MAC addresses based on the source mask The MAC access list can be configured to allow traffic based on VLAN information ethernet type Common types include e arp e wisp e ip 802 1q The switch by default does not allow layer 2 traffic to pass through the interface To adopt an access port through an interface configure an access control list to allow an ethernet wisp NOTE To apply an IP based ACL to an interface a MAC access list entry to allow ARP is mandatory A MAC ACL always takes precedence over IP based ACLs 16 1 9 Extended MAC ACL Instance 16 11 The last ACE in the access list is an implicit deny statement Whenever the interface receives the packet its content is checked against all the ACEs in the ACL It is allowed denied based on the ACL s configuration Example The example below permits WISP traffic from any source MAC address to any destination MAC address WS5100 config ext macl permit any any type wisp WS5100 config ext macl The example below permits arp based traffic from any source MAC address to any destination MAC a
301. on configuration 19 1 2 Radius Server Instance 19 3 peap mschapv2 Sets the EAP PEAP type used with mschapv2 tls Defines an EAP TLS configuration scheme ttls md5 Sets the EAP TTLS configuration used with the default md5 authentication scheme ttls mschapv2 Sets the EAP TTLS configuration used with the default mschapv2 authentication scheme ttls pap Sets the EAP TTLS configuration used with the default pap authentication scheme Sets eap auth type to a11 to service RADIUS requests received from mobile units Setting eap auth type t0 peap gtc peap mschapv2 ensures peap gtc peap mschapv2 service only Similarly setting eap auth type t0 ttls md5 ttls mschapv2 ttls pap services all ttls authentication requests from mobile units Setting eap auth type to tis ensures only tls authentication is serviced Example WS5100 config radsrv authentication eap auth type peap mschapv2 WS5100 config radsrv WS5100 config radsrv authentication data source ldap WS5100 config radsrv ca Radius Configuration Commands Configures CA Certificate Authority parameters Syntax ca trust point WORD Parameters trust point Defines the trustpoint configuration WORD Displays the existing trustpoint name 19 4 WS5100 Series Switch CLI Reference Guide 19 1 3 19 1 4 Usage Guidelines Configures the trustpoint used by the local RADIUS server Create the trustpoint before it can be used by t
302. on engine debugging messages WS5100 debug delete Priv Exec Command Deletes a specified file from the system Syntax delete force recursive FILE Parameters force Forces deletion without a prompt recursive Performs a recursive delete FILE Specifies the filename s to be deleted Example WS5100 delete flash out tar flash out tar gz Delete flash out tar y n y Delete flash out tar gz y n y WS5100 delete force flash tmp txt WS5100 WS5100 delete recursive flash backup Delete flash backup fileMgmt_350 180B core y n y Delete flash backup fileMgmt 350 18212X core bk 4 1 12 y n n Privileged Exec Commands 4 15 Delete flash backup imish_1087_18381X core gz y n n WS5100 diff Priv Exec Command View the differences between 2 files Syntax diff FILE URL FILE URL Parameters FILE Displays the differences between a FILE URL Displays the differences between a URL Example WS5100 diff startup config running config startup config running config 89 7 89 7 RR mobility peer 157 235 208 16 wlan wlan wlan wlan wlan wlan wlan 1 1 HE 1 il 1 1 enable ssid wlan123 encryption type wep128 encryption type tkip authentication type eap mobility enable radius server primary 127 0 0 1 eg 184 10 184 12 ee rad user adam password 0 mypassword rad user eve password 0 mypasswordl23 rad use
303. on parameters show Displays the running system information 10 2 10 1 1 10 1 2 10 1 3 WS5100 Series Switch CLI Reference Guide clrscr Crypto Map Config Commands Clears the display screen Syntax clrscr Parameters None Example WS5100 config crypto map clr WS5100 config crypto map end Crypto Map Config Commands Use this command to end and exit the current mode and move to the to PRIV EXEC mode The prompt now changes to ws5100 Syntax end Parameters None Example WS5100 config crypto map end WS5100 exit Crypto Map Config Commands Ends the current mode and moves to the previous mode GLOBAL CONFIG The prompt changes to ws5100 config Syntax exit Parameters None 10 1 4 10 1 5 crypto map 10 3 Example WS5100 config crypto map exit WS5100 config help Crypto Map Config Commands Use this command to access the system s interactive help system Syntax help Parameters None Example WS5100 config crypto map help CLI provides advanced help feature When you need help anytime at the command line please press If nothing matches the help list will be empty and you must backup until entering a shows the available options Two styles of help are provided 1 Full help is available when you are ready to enter a command argument e g show and describes each possible argument 2 Partial help is provided whe
304. ones that don t have WLAN index In the above process the acl 110 had two rules which got replaced by only one rule because after removal of WLAN index selector both the rules look similar Follow the procedure mentioned below to manually upgrade the ACLs to the same configuration 1 If all the rules in ACL have same WLAN index as selector and there are no other ACL rules then attach the ACL to the WLAN port In the above example the ACL macacl has two rules for WLAN 14 which can be attached to WLAN port as follows Global Configuration Commands 5 65 wlan acl 14 macacl in 2 If ACL has mix of rules with different WLAN indices and without an WLAN indices then it should be grouped as follows a Create separate ACLs for all rules with a given WLAN index b Create separate ACLs for rules which do not have any WLAN index To manually configure the Standard ACL in the above example it has to be split into 3 ACLs ip access list standard stdacll permit any rule precedence 34 ip access list standard stdacl2 permit host 10 0 0 10 rule precedence 44 ip access list standard stdacl3 deny host 30 0 0 14 rule precedence 54 no access list stdacl wlan acl 5 stdacll in wlan acl 6 stdacl2 in The stdacl must be detached from the interface to which it was associated and stdacl3 must be attached to that interface When the user explicitly creates ACL rules with WLAN index as selector the switch consumes that A
305. onfig mst show mst Config Commands Displays current system information Syntax show lt parameter gt Parameters Displays the parameters for which information can be viewed using the show command Example WS5100 config mst show access list Internet Protocol IP aclstats Show ACL Statistics information alarm log Display all alarms currently in the system autoinstall autoinstall configuration banner Display Message of the Day Login banner boot Display boot configuration clock Display system clock commands Show command lists crypto encryption module debugging dhcp environment file ftp history interfaces ip ldap licenses logging mac management mobility ntp password encryption port channel privilege radius redundancy group redundancy history switch redundancy members running config securitymgr sessions snmp snmp server sole Configuration spanning tree startup config static channel group terminal timezone upgrade status users in users version wireless wlan acl WS5100 config mst show 13 8 WS5100 Series Switch CLI Reference Guide Debugging information outputs DHCP Server Configuration show environmental information Display filesystem information Display FTP Server configuration Display the session command history Interface status Internet Protocol LDAP server Show any installed licenses Show logging configuration and buffer Internet Pro
306. onfig radsrv exit WS5100 config WS5100 Series Switch CLI Reference Guide 19 1 7 group Radius Configuration Commands Configures RADIUS user groups The CLI moves to the config radsrv group sub instance to create a new group The prompt changes from ws5100 config radsrv to WS5100 config radsrv group Table 19 2 summarizes the RADIUS user group commands within the config radsrv group sub instance Table 19 2 RADIUS User Group Command Summary Command Description Ret clrscr Clears the display screen page 19 7 end Ends the current mode and moves to the EXEC mode page 19 7 exit Ends the current mode and moves to the previous page 19 7 mode group Sets RADIUS user group parameters page 19 8 guest group Defines guest group permissions page 19 8 help Displays the interactive help system in HTML format page 19 9 no Negates a command or sets ts defaults page 19 9 policy Defines the RADIUS group access policy page 19 11 configuration rad user Adds a RADIUS user to this group page 19 12 service Invokes RADIUS service commands ifthey have been page 19 13 stopped show Displays running system information page 19 13 19 1 7 1 19 1 7 2 19 1 7 3 Radius Server Instance 19 7 clrscr Radius Configuration Commands Clears the display screen Syntax clrscr Parameters None Example WS5100 config radsrv group clrscr WS5100 config radsrv group end Radius Co
307. onfigure the hardware address of the host WS5100 config dhcp hardware 00 a0 f8 6f 6b 88 Exit from the DHCP instance upon creation of the network pool WS5100 config dhcp exit Start the DHCP Server to instantiate the network pool WS5100 config service dhcp 17 2 3 Troubleshooting DHCP Configuration if N The DHCP Server is disabled by default Use the following command to enable the DHOP Server WS5100 config service dhcp This command administratively enables the DHCP server If the DHCP configuration is incomplete it is possible the DHCP server will be disabled even after the execution of this command Use the network command to map the network pool to interface network 192 168 0 0 24 In the above example 192 168 0 0 24 represents the L3 interface When you execute this command no check is performed to endorse whether an interface with the specified IP Netmask exists The verification is not performed because you can create a pool and map it to non existing L3 interface When you add a L3 interface and assign an IP address to it the DHCP server gets enabled started on this interface If you have a pool for network 192 168 0 0 24 but DHCP Server Instance 17 25 the L3 interface is 192 168 0 0 16 DHCP is not enabled on 192 168 0 0 16 since it is different from 192 168 0 0 24 A network pool without any include range is as good as not having a pool Add a include range using the ad
308. or Radius Radius Server Instance 19 15 Server Trust point default trustpoint CA Trust point default trustpoint WS5100 config radsrv 19 1 7 12 Example Creating a Group The config radsrv group sub instance is explained in the example below 1 Create a group called Sales in the local RADIUS server database WS5100 config radsrv group sales 2 Check the RADIUS user group s configuration commands WS5100 config radsrv group RADIUS user group configuration commands 3 Use a policy command to configure group policies for the group created in Step 1 WS5100 config radsrv group policy day Day of access policy configuration time Configure time of access policy for this group vlan VLAN id for this group wlan Configure wlan access policy for this group WS5100 config radsrv group policy day weekdays WS5100 config radsrv group policy time start 12 30 end 15 30 4 Use the policy vlan command to assign a VLAN ID of 10 to the Sales group WS5100 config radsrv group policy vlan 10 5 Use the policy wlan command to allow only authorized users to access this group s WLAN WS5100 config radsrv group policy wlan 1 2 5 6 Use config radsrv rad user to create a user called testuser and add it to the group WS5100 config radsrv rad user testuser password testpassword group sales Sep 08 17 41 55 2006 RADCONF Adding user testuser into local database Sep 08 17 41 55 2006 RADCONF User testuser is
309. orea Kuwait Kazakhstan Liechtenstein Sri Lanka Lithuania Luxembourg Latvia orocco alta exico alaysia Netherlands Norway New Zealand Oman Peru Philippines Pakistan 20 1 14 pl pt qa ro ru sa se sg si sk th EX tw ua us uy ve vn za Poland Portugal Qatar Romania Russia Saudi Arabia Sweden Singapore Slovenia Slovak Republic Thailand Turkey Taiwan Ukraine United States Uruguay Venezuela Vietnam South Africa A Wireless Instance 20 17 WS5100 config wireless country code dhcp sniff state Wireless Configuration Commands Records mobile unit DHCP state information Syntax dhcp sniff state Parameters enable Allows support for recording DHCP state information for mobile units Example WS5100 config wireless dhcp sniff state enable WS5100 config wireless 20 18 WS5100 Series Switch CLI Reference Guide 20 1 15 dot11 shared key auth Wireless Configuration Commands Enables support for 802 11 shared key authentication NOTE Shared key authentication has known weaknesses that can compromise your WEP key It should only be configured to accommodate wireless stations unable to carry out Open System authentication Syntax dot11 shared key auth Parameters enable Enables support for shared key authentication Example WS5100 config wireless tdot11 shared key auth enable WS5100 config wireless 20 1 16 end
310. ort or IP gt path file e ftp lt user gt lt passwd gt lt hostname port or IP gt path file e sftp lt user gt lt hostname port or IP gt path file Common Commands 2 13 diag Sets or displays switch diagnostic values e enable Enables in service diagnostics e fanduty lt 40 100 gt CPU fan PWM duty cycle Set a value between 40 100 Setting a value below 60 is considered unreliable e identify Identifies a switch by flashing the LEDs e limit Diagnostic limit commands buffer Configures the buffer usage warning limit The warning limit can be set to the buffer limit size of 128 128k 16k 1k 256 2k 32 32k 4k 512 64 6 Ak 8k fan lt 1 2 gt low Sets the fan speed limit Configure the fan speed limit for both Fan 1 and Fan 2 filesys etc2 flash ram Sets the file system freespace limit inodes etc2 flash ram Sets the file system inode limit load 1 15 5 Aggregate processor load maxFDs lt 0 32767 gt Configures the maximum number of file descriptors Set between 0 to 32767 file descriptors pkbuffers lt 0 65535 gt Sets the packet buffer head cache limit Set between 0 to 65535 as the buffer cache limit 2 14 WS5100 Series Switch CLI Reference Guide e procRAM Configures the RAM space used by a process Set the percentage of RAM space between 0 0 and 100 0 percent e ram Configures the free space for the RAM Configure the fr
311. ot drwx 120 Wed Aug 30 15 32 44 2006 log drwx 1024 Thu Aug 31 23 50 09 2006 crashinfo rw 14271 Tue Jul 25 15 16 41 2006 Radius config rw 14271 Wed Jul 26 15 42 08 2006 flash drwx 1024 Wed Aug 9 17 35 08 2006 radius rw 3426 Wed Jul 26 16 08 02 2006 running config new rw 13163 Wed Jul 26 16 08 42 2006 radius config rw 80898 Thu Aug 17 14 59 39 2006 cli_commands txt rw 65015 Fri Aug 11 19 57 37 2006 cli commands txtli commands txt rw 65154 Thu Aug 17 15 11 23 2006 cli_commands 180B txt Iw 32 Sat Sep 2 00 15 38 2006 cli_commands save telnet Priv Exec Command Opens a telnet session Syntax telnet WORD PORT Parameters WORD IP address or hostname of the remote system 4 1 31 Privileged Exec Commands 4 27 Example WS5100 telnet 157 111 222 33 Entering character mode Escape character is Red Hat Linux release 9 Shrike Kernel 2 4 20 6bigmem on an i686 login cli Password terminal Priv Exec Command Sets the length number of lines displayed on the terminal Syntax terminal length lt 0 512 gt no length lt 0 512 gt width width lt 0 512 gt Parameters length Sets the number of lines on a screen no Negates a command or sets its defaults width Sets the width number of characters on a screen line Example WS5100 gt terminal length 100 WS5100 gt WS5100 gt terminal width 200 WS5100 gt 4 28 4 1 32 4 1 33 WS5100 Series Switch CLI Reference Gu
312. p N redundancy memberDown N redundancy memberMisConfigured N redundancy adoptionExceeded N redundancy grpAuthLevelChanged N misc lowFsSpace N misc processMaxRestartsReached N wireless station associated N wireless station disassociated N wireless station deniedAssociationOnCapability N wireless station deniedAssociationOnShortPream N wireless station deniedAssociationOnSpectrum N wireless station deniedAssociationOnErr N wireless station deniedAssociationOnSSID N wireless station deniedAssociationOnRates N wireless station deniedAssociationOnInvalidWPAWPA2TE N wireless station deniedAssociationAsPortCapacityReached N wireless station tkipCounterMeasures N wireless station deniedAuthentication N wireless station radiusAuthFailed N wireless radio adopted N wireless radio unadopted N wireless radio detectedRadar N wireless ap detection externalAPDetected N wireless self healing activated N wireless ids excessiveAuthAssociation N wireless ids xcessiveProbes N misc savedConfigModified N WS5100 gt WS5100 gt show snmp server traps wireless statistics mobile unit pktsps greater than disabled tput greater than disabled avg bit speed less than disabled avg signal less than disabled Common Commands 2 55 nu percent greater than disabled gave up percent greater than disabled avg retry greater than disabled undecrypt percent greater than disabled WS5100 gt WS5100 gt show snmp server traps wireless statistics radio pktsp
313. p class WS5100DHCPclass WS5100 config dhcpclass Create a USER class named mceoo The privilege mode changes to config dhcpclass WS5100 supports a maximum of 8 Users classes per DHCP class WS5100 config ip dhcp class WS5100DHCPclass WS5100 config dhcpclass Create a Pool named wap using config mode WS5100 config ip dhcp pool WID WS5100 config dhcp 5 32 5 1 17 WS5100 Series Switch CLI Reference Guide 4 Associate the DHCP class created in Step 1 with the pool created in Step 3 The switch supports the association of only 8 CDHCP classes with a pool WS5100 config dhcp class WS5100DHCPclass WS5100 config dhcp class 5 The switch leads you to a new mode config dhcp class Use this mode to add address range to be used for the DHCP class associated with the pool WS5100 config dhcp class address range 11 22 33 44 Example WS5100 config ip access list extended TestACL WS5100 config ext nacl WS5100 config ip access list standard TestStdACL WS5100 config std nacl WS5100 config ip dhcp pool TestPool WS5100 config dhcp WS5100 config ip dhcp class TestDHCPclass WS5100 config dhcpclass license Global Configuration Commands Display the details of the license Syntax license Parameters WORD Enter the name of the feature for which you wish to add license Example WS5100 config show licenses Serial Number 6283529900020
314. pe of ethertype Syntax permit any host source MAC address source MAC source MAC address mask any host destination MAC address destination MAC destination MAC address mask vlan vlan id dotlp dotlp value type valueliplipv6larp vlan wisp 0 65535 log rule precedence access list entry precedence Parameters Source MAC Address Specifies the bits to match The source wildcard can be any one of the following XXIKXIXXIKXXIXXIXX xx xx xx xx xx xx 90urce MAC address and mask e any Uses any source host e host Defines the exact source MAC address to match Destination MAC Address Bit mask specifying the bits to match The destination wildcard can be any one of the following O XX XXIXXIXXIXXIXX xx xx xx xx xx xx Destination MAC address and mask e any Uses any available destination host e host Defines the exact destination MAC address to match dot1p lt 0 7 gt Establishes the 802 1p priority 16 10 WS5100 Series Switch CLI Reference Guide rule precedence lt 7 5000 gt Defines an access list entry precedence type lt 7 Sets an ethertype 65535 gt arp ip ipv6 vlan wisp vlan lt 1 4095 gt Sets the VLAN ID Usage Guidelines When creating a Port ACL the switch by default does not permit an ethertype WISP Create a rule to allow WISP to adopt access ports Use the following command to adopt access ports permit any any type wisp NOTE Use the f
315. play system clock Show command lists crypto Display debugging setting show environmental information Display filesystem information Display FTP Server configuration Display the session command history Interface status and configuration Internet Protocol IP ldap server Show any installed licenses Show logging configuration and buffer Media Access Control 11 10 WS5100 Series Switch CLI Reference Guide management Display L3 Managment Interface nam mobility Display Mobility Parameters ntp Network time protocol password encryption password encryption privilege Show current privilege level radius Radius configuration commands redundancy group Display redundancy group parameters redundancy history Display state transition history of the switch redundancy members Display redundancy group members in detail running config Current Operating configuration securitymgr Display debug info for ACL VPN and NAT sessions Display current active open connections snmp Display SNMP engine parameters snmp server Display SNMP engine parameters startup config Contents of startup configuration terminal Display terminal configuration parameters timezone Display timezone upgrade status Display last image upgrade status users Display information about terminal lines version Display software amp hardware version wireless Wireless configuration commands Server certificate configured Subject Nam
316. played on the terminal window Syntax terminal monitor no terminal no monitor Parameters monitor Copies debug output to the current terminal line no Negates a command or sets its defaults monitor Copies debug output to the current terminal line Usage Guidelines By default log messages are generally not displayed over a telnet session Use the terminal monitor command to view log messages using telnet Example WS5100 config ext macl terminal monitor WS5100 config ext macl WS5100 config ext macl terminal no monitor WS5100 config ext macl DHCP Server Instance Use config ip dhcp pool lt pool name gt to enter the config dhcp instance Use this instance to configure the DHCP server address pool associated the switch Also refer to for other DHCP related configurations 17 1 DHCP Config Commands summarizes config dhcp commands Table 17 1 DHCP Server Command Summary Command Description Ret Defines the DHCP server include range Assigns a boot file name The bootfile name can contain letters numbers dots and hyphens Consecutive dots and hyphens are not permitted Associates a class with a pool and moves to the DHCP pool class configuration mode client identifier Uses an ASCII string as a client identifier Assigns a client name clrscr Clears the display screen Configures Dynamic DNS DDNS values WS5100 Series Switch CLI Reference Guide Tab
317. ple WS5100 config wireless ap udp port 20 WS5100 config wireless 20 10 20 1 9 20 1 10 WS5100 Series Switch CLI Reference Guide broadcast tx speed Wireless Configuration Commands Configure the rate at which broadcast and multicast traffic is transmitted between the switch and mobile unit Syntax broadcast tx speed range throughput Parameters range Uses a lowest basic rate Provides maximum range throughput Uses a highest basic rate Provides maximum throughput default Example WS5100 config wireless broadcast tx speed range WS5100 config wireless WS5100 config wireless broadcast tx speed throughput WS5100 config wireless client Wireless Configuration Commands Use this command to configure a wireless client This command creates an exclude list or include list Creating a list moves the user to a new mode config wireless client list Refer to config wireless client list on page 20 12 fora config wireless client list command summary Syntax client exclude list include list NAME Parameters exclude list Sets the wireless client exclude list configuration A MU NAC check is conducted except for those in the exclude list Devices in the exclude list will not have a NAC check performed Wireless Instance 20 11 include list Defines the wireless client include list configuration No MU NAC check is conducted except for those in the include list
318. pping mapping DSCP tags radio regulatory information self heal config sensor parameters unapproved aps wireless switch statisti wlan WS5100 config if WS5100 config if show wir country code A adoption pref id proxy arp adopt unconf radio dot11 shared key auth ap detection oversized frames manual wlan mapping dhcp sniff state dhcp fix windows broadcast tx speed smart scan lla channels smart scan llbg channels WS5100 config if 12 14 WS5100 Series Switch CLI Reference Guide List of available channel and power a radio Wireless Configuration Parameters Wlan hotspot configuration Intrusion detection parameters list out the mac auth local entries Details of associated mobile units display the WEP keys generated by a Quality of Service mappings used for WMM access categories and 802 1p Radio related commands Regulatory allowed channel power for a particular country Self Healing Configuration Parameters Wireless Intrusion Protection System Unapproved APs seen by access port or mobile unit scans cs wireless switch statistics Wireless LAN related parameters eless config None al enabled enabled disabled disabled disabled disabled disabled disabled optimize for throughput interface Instance 12 15 12 1 15 shutdown Interface Config Commands Disables the selected interface The interface is administratively enabled unless explicitly disabled using this command Syn
319. press the Left Arrow or Ctrl B keys repeatedly to scroll back to the system prompt and verify the beginning of the command entry You can press the Ctrl A key combination Right Arrow or Ctrl Forward Moves the cursor one character to the F character right Esc B Back word Moves the cursor back one word Esc F Forward word Moves the cursor forward one word Ctrl A Beginning of line Moves the cursor to the beginning of the line Ctrl E End of line Moves the cursor to the end of the command line Ctrl d Deletes the current character Ctrl U Deletes text up to cursor Ctrl K Deletes from cursor to end of the line Ctrl P Obtains the prior command from memory Ctrl N Obtains the next command from memory Esc C Converts the rest of a word to uppercase Esc L Converts the rest of a word to lowercase Esc D Deletes the remainder of a word Ctrl W Deletes the word up to the cursor Introduction 1 9 Function Keystrokes Summary Function Details Ctrl Z Enters the command and returns to the root promp Ctrl L Refresh input line 1 42 Completing a Partial Command Name If you cannot remember a complete command name or if you want to reduce the amount of typing you have to perform enter the first few letters of a command then press the Tab key The command line parser completes the command if the string entered is unique to the command mode If your keyboard does not ha
320. pto debugging environment file ftp history interfaces ip ldap licenses logging mac management mobility ntp password encryption privilege radius redundancy group redundancy history switch redundancy members running config securitymgr show Internet Protocol IP Display all alarms currently in the system autoinstall configuration Display Message of the Day Login banner Display boot configuration Display system clock Show command lists crypto Display debugging setting show environmental information Display filesystem information Display FTP Server configuration Display the session command history Interface status and configuration Internet Protocol IP ldap server Show any installed licenses Show logging configuration and buffer Media Access Control Display L3 Managment Interface nam Display Mobility Parameters Network time protocol password encryption Show current privilege level Radius configuration commands Display redundancy group parameters Display state transition history of the Display redundancy group members in detail Current Operating configuration Display debug info for ACL VPN and NAT 14 1 11 Extended ACL Instance 14 21 sessions Display current active open connections snmp Display SNMP engine parameters snmp server Display SNMP engine parameters startup config Contents of startup configuration terminal Display terminal configuration parameters timezo
321. r e enable Enables the SOLE adapter Usage Guidelines Use no adapter aeroscout enable enable to disable aeroscout or all SOLE adapters The SOLE adapter is disabled by default Example WS5100 config sole adapter enable WS5100 config sole clrscr SOLE Config Commands Clears the display screen Syntax clrscr Parameters None Example WS5100 config sole clrscr WS5100 config sole SOLE Instance 21 3 21 1 3 end SOLE Config Commands Ends and exits the current mode and moves to the PRIV EXEC mode The prompt changes to wS5100 Syntax end Parameters None Example WS5100 config sole end WS5100 21 1 4 exit SOLE Config Commands Ends the current mode and moves to the previous mode GLOBAL CONFIG The prompt changes to ws5100 config Syntax exit Parameters None Example WS5100 config sole exit WS5100 config 21 1 5 help SOLE Config Commands Displays the system s interactive help system in HTML format Syntax help Parameters None 21 4 WS5100 Series Switch CLI Reference Guide 21 1 6 Example WS5100 config sole help CLI provides advanced help feature When you need help anytime at the command line please press If nothing matches the help list will be empty and you must backup until entering a shows the available options Two styles of help are provided 1 Full help is available when you are ready to enter a command argu
322. r synced master unsynced selected candidate configured WS5100 gt WS5100 gt show ntp status Clock is synchronized stratum 0 actual frequency is 0 0000 Hz precision is 2 0 reference time is 00000000 00000000 Feb 07 06 28 16 UTC 2036 clock offset is 0 000 msec root delay is 0 000 msec root dispersion is 0 000 msec WS5100 gt 2 2 17 2 2 18 Common Commands 2 47 WS5100 config show ntp associations detail 157 235 208 105 configured sane valid leap sub stratum 16 ref ID INIT time 00000000 00000000 Feb 07 06 28 16 UTC 2036 our mode client peer mode unspec our poll intvl 6 peer poll intvl 10 root delay 0 00 msec root disp 0 00 reach 000 delay 0 00 msec offset 0 0000 msec dispersion 0 00 precision 2 20 org time 00000000 00000000 Feb 07 06 28 16 UTC 2036 rcv time 00000000 00000000 Feb 07 06 28 16 UTC 2036 xmt time c8b42a7e 6eb04252 Sep 14 19 22 38 UTC 2006 filtdelay 0 00 0 00 0 00 0 00 0 00 0 00 0 00 0 00 WS5100 gt show ntp status Clock is synchronized stratum 0 actual frequency is 0 0000 Hz precision is 2 0 reference time is 00000000 00000000 Feb 07 06 28 16 UTC 2036 clock offset is 0 000 msec root delay is 0 000 msec root dispersion is 0 000 msec WS5100 gt port channel Common to all modes Syntax show port channel load balance Parameters load balance Displays the existing load balancing configuration Example WS5100 gt show port
323. r IP address for the lt router IP address gt network pool e lt router IP address gt Sets the router s IP address Usage Guidelines The IP address of the router should be on the same subnet as the client subnet Example WS5100 config dhcp default router 2 2 2 1 WS5100 config dhcp 17 10 WS5100 Series Switch CLI Reference Guide 17 1 9 dns server DHCP Config Commands Sets the DNS server s IP address that s available to all DHCP clients connected to the pool Use the no dns server command to remove the DNS server list Syntax dns server lt ip addressl gt lt ip address2 gt lt ip address3 gt lt ip address8 gt Parameters dns server lt IP address gt Configures the DNS server s IP address e lt IP address gt Sets the server s IP address Usage Guidelines For DHCP clients the DNS server s IP address maps the host name to an IP address DHCP clients use the DNS server s IP address based on the order sequence it is configured Example WS5100 config dhcp dns server 2 2 2 222 WS5100 config dhcp 17 1 10 domain name DHCP Config Commands Sets the domain name for the network pool Use the no domain name command to remove the domain name Syntax domain name name Parameters domain name name Defines the domain name for the network pool Usage Guidelines The domain name cannot be more than 256 characters Example WS5100 config dhcp domain n
324. r primary secret WS5100 config wireless no wlan 1 nac server secondary WS5100 config wireless no wlan 1 nac server secondary radius key WS5100 config wireless no wlan 1 nac exclude list protected hosts Example WS5100 config wireless client exclude list JustMe WS5100 config wireless client list config wireless client list Use config wireless client to enter the config wireless client 1ist instance Use this instance to create an exclude list or include list Table 20 2 summarizes config wireless client list commands Table 20 2 Exclude List Configuration Command Command Description clrscr Clears the display screen end Ends the current mode and moves to the EXEC mode exit Ends the current mode and moves to the previous mode help Displays the interactive help system no Negates a command or sets ts defaults service Provides a means of troubleshooting and debugging show Displays running system information station Defines a MU s MAC configuration wlan Sets Wireless LAN related parameters Wireless Instance 20 13 station gt config wireless client list Adds a specified MAC entry into the client s exclude or include list Syntax config wireless client 1list station host name MU mac address MU mac mask Parameters host name Defines an index for this host entry in the client list The MU mac address MU host station name must be of size l
325. r sumi password 0 mypassword rad user test password 0 mypassword123 rad user vasavi password 0 mypassword123 group kumar2 rad user sumi policy wlan 2 policy vlan 44 policy wlan 10 group kumar3 4 16 WS5100 Series Switch CLI Reference Guide 4 1 13 dir Priv Exec Command View the list of files on a filesystem Syntax dir all recursive DIR all filesystems Parameters all Lists all files recursive Lists files recursively DIR Lists files in the named file path all filesystems Lists the files on all filesystems Example WS5100 dir Directory of flash drwx 1024 drwx 120 drwx 1024 rw 14271 rw 14271 drwx 1024 rw 3426 rw 13163 rw 80898 rw 65015 cli_commands txtli_commands txt rw 65154 WS5100 Wed Wed Thu Tue Wed Wed Wed Wed Thu Fri Thu Jul 19 19 14 05 2006 hotspot Aug 30 15 32 44 2006 log Aug 31 23 50 09 2006 crashinfo Jul 25 15 16 41 2006 Radius config Jul 26 15 42 08 2006 flash Aug 9 17 35 08 2006 radius Jul 26 16 08 02 2006 running config new Jul 26 16 08 42 2006 radius config Aug 17 14 59 39 2006 cli_commands txt Aug 11 19 57 37 2006 Aug 17 15 11 23 2006 cli_commands 180B txt 4 1 14 4 1 15 Privileged Exec Commands 4 17 disable Priv Exec Command Turns off the privileged mode command Syntax disable Parameters None Example WS5100 disable WS5100 gt edit Priv Exec Command Edits a text
326. r version 2 TestPeer provided Pleas nter a valid name Global Configuration Commands 5 41 5 1 25 prompt 5 1 26 Global Configuration Commands Configures and sets the systems prompt Syntax prompt LINE Parameters LINE Enter the new prompt displayed by the system Example WS5100 config prompt NobleMan NobleMan radius server Global Configuration Commands Enters the RADIUS server mode The system prompt changes from the default config mode to RADIUS server mode NOTE radius server local mode moves you to the RADIUS server J context For more details see Syntax radius server host key local retransmit timeout radius server host A B C D radius server key 0 2 LINE radius server local radius server retransmit lt 0 100 gt radius server timeout lt 1 1000 gt Parameters host Specifies a RADIUS server A B C D Defines the IP address of RADIUS server key Sets the Encryption key shared with the RADIUS servers 5 42 5 1 27 WS5100 Series Switch CLI Reference Guide 0 Password is specified UNENCRYPTED 2 Password is encrypted with password encryption secret LINE Text of shared key upto 127 characters local Configures local RADIUS server parameters This takes you to anew config radius server context Refer Radius Server Instance for more details retransmit Specifies the number of retries to active server lt 0 100 gt Number of retr
327. r which the switch waits for a reply to a RADIUS request before retransmitting the request 19 22 19 1 13 WS5100 Series Switch CLI Reference Guide Example WS5100 config radsrv proxy realm Test server 10 10 10 1 port 2220 secret Very Very Secret WS5100 config radsrv WS5100 config radsrv WS5100 config radsrv WS5100 config radsrv WS5100 config radsrv rad user proxy retry count 5 proxy retry delay 8 Radius Configuration Commands Sets RADIUS user parameters Syntax rad user WORD password 0 2 WORD Parameters WORD Enter a user name up to 64 characters in length password 0 2 WORD Sets the RADIUS user password 0 Defines the password as UNENCRYPTED 2 The password is encrypted with a password encryption secret WORD Sets a password up to 21 characters in length Usage Guidelines Use group guest expiry time expiry date start time and start date parameters to create a RADIUS guest user The RADIUS user group specified while creating a guest user must be a guest group 19 1 14 Radius Server Instance 19 23 Example WS5100 config radsrv rad user TestRadUser password I SPY U WS5100 config radsrv WS5100 config radsrv rad user guestl password 0 passwordl group guest group guest expiry time 12 12 expiry date 05 12 2007 start time 12 12 start date 05 11 2007 WS5100 config radsrv Server Radius Configuration Commands Conf
328. raps radius server snmp server enable traps redundancy adoptionExceeded grpAuthLevelChanged memberDown memberMisConfigure d memberUp snmp server enable traps snmp authenticationFail coldstart linkdown linkup snmp server enable traps wireless ap detection ids radio self healing station wlan snmp server enable traps wireless ap detection externalAPDetected externalAPRemoved 5 46 WS5100 Series Switch CLI Reference Guide snmp server enable traps wireless ids muExcessiveEvents radioExcessiveEvents switchExcessiveEvents snmp server enable traps wireless radio adoptedl detectedRadar unadopted snmp server enable traps wireless self healing activated snmp server enable traps wireless station associated deniedAssociationAsPortCapacityReached deniedAssociationOnCapability deniedAssociationOnErr deniedAssociationOnInvalidWPAWPA2 IE deniedAssociationO nRates deniedAssociationOnSSID deniedAssociationOnShor tPream deniedAssociationOnSpectrum deniedAuthenticatio n disassociated radiusAuthFailed tkipCounterMeasures snmp server enable traps wireless wlan vlanUserLimitReached snmp server enable traps wireless statistics mesh min packets mobile unit radio wireless switch wlan snmp server enable traps wireless statistics mesh avg bit speed less than avg retry greater than avg signal less than gave up percent greater than nu percent greater than num mobile units greater than pktsps
329. re and hardware version Common page 60 information wireless Displays wireless configuration Common page 62 commands wlan ach Displays WLAN ACL information Common page 70 2 26 WS5100 Series Switch CLI Reference Guide Display Parameters access list Description Displays the access list Internet Protocol IP configuration Mode Privilege Global Config Example page 71 aclstats Displays ACL statistics Privilege Global Config page 72 alarm log Displays all the alarms currently in the system Privilege Global Config page 72 boot Displays the boot configuration Privilege Global Config page 73 clock Displays the system clock Privilege Global Config page 73 debugging Displays the current debugging settings Privilege Global Config page 74 dhcp Displays DHCP server configurations Privilege Global Config page 74 file Displays filesystem information Privilege Global Config page 75 ftp Displays the FTP server configuration Privilege Global Config page 75 password encryption Displays password encryption data Privilege Global Config page 76 Common Commands 2 27 Display Parameters Description Mode Example running config Displays the current operating Privilege page 76 configuration Globa Config securitymgr Displays debug inform
330. recedence 10 no deny any rule precedence 20 no mark tos 4 192 168 2 0 24 rule permit A B C D M any host permit any log rule precedence wlan permit any log rule precedence lt 1 500 gt permit any rule precedence lt 1 500 gt permit any wlan lt 1 32 gt log rule precedence rule precedence lt 1 500 gt Standard ACL Instance 15 7 permit host A B C D Parameters A B C D M Defines the source IP address range to match any Any source IP address e log The log matches against this entry e rule precedence lt 7 500 gt Defines the access list entry precedence host Single host address e A B C D Defrines the exact source IP address to match Usage Guidelines Use this command to allow traffic based on the source IP address or network address The last ACE in the access list is an implicit deny statement Whenever the interface receives the packet its content is checked against all the ACEs in the ACL It is allowed based on the ACL configuration NOTE The log option is functional only for router ACLs The log option displays an informational logging message about the packet matching the entry sent to the console Example The example below permits all the traffic that comes to the interface WS5100 config std nacl permit any rule precedence 50 WS5100 config std nacl The example below permits traffic from the source network and provides a log message WS5100 config
331. revious mode GLOBAL CONFIG The prompt changes to wS5100 config Syntax exit Parameters None Example WS5100 config if exit WS5100 config 12 1 7 help Interface Config Commands Displays the system s interactive help Syntax help Parameters None 12 6 12 1 8 WS5100 Series Switch CLI Reference Guide Example WS5100 config if help CLI provides advanced help feature When you need help anytime at the command line please press If nothing matches the help list will be empty and you must backup until entering a shows the available options Two styles of help are provided 1 Full help is available when you are ready to enter a command argument e g show and describes each possible argument 2 Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input e g show ve WS5100 config if ip Interface Config Commands Sets the IP address for the assigned ethernet VLAN or tunnel Syntax ip access group address helper address nat ip access group lt 1 99 gt lt 100 199 gt lt 1300 1999 gt lt 2000 2699 gt in ip address A B C D M dhcp secondary ip helper address A B C D ip nat inside outside Parameters access group Defines the access group lt 1 99 gt lt 100 199 gt Sets the IP extended access list e lt 1300 1999 gt lt 2000 2699 gt Sets the IP extended a
332. rtup configuration static channel group membership Display terminal configuration parameters Display timezone Display last image upgrade status Display information about currently logged in users Display software amp hardware version Wireless configuration commands wlan based acl IP nam WS5100 config crypto peer show crypto ipsec Use the config crypto ipsec instance to define the transform configuration for securing data e g esp 3des esp sha hmac etc The transform set is assigned to a crypto map using the map s transform set command For more details see crypto map transform set on 9 1 Crypto IPsec Config Commands summarizes the config crypto ipsec commands Table 9 1 Crypto IPsec Command Summary Command Description Ret Clears the display screen Ends the current mode and moves to the EXEC mode Ends the current mode and moves to the previous mode Describes the interactive help system Configures the IP Sec transportation mode Negates a command or set its defaults Invokes service commands to trobuleshoot or debug config crypto isakmp instance configurations Displays running system information 9 2 9 1 1 9 1 2 WS5100 Series Switch CLI Reference Guide mode gt Crypto IPsec Config Commands Use this command to configure IPSec mode of operation Syntax mode transport tunnel1 Parameters transport Transpor
333. rver HTTP server 2 36 WS5100 Series Switch CLI Reference Guide interface Use the show ip interface command to display the administrative and operational status of all Layer 3 interfaces or a specified Layer 3 interface e IF NAME Interface name e brief Brief summary of the IP status and its configuration e eth Ethernet interface e vlan VLAN Interface name server Displays static and dynamic name server entries route Display IP routing table entries e A B C D Network in the IP routing table e A B C D M Number of valid bits in the network prefix IP prefix lt network gt lt length gt e g 35 0 0 0 8 e detail IP routing table in detail routing IP routing status ssh Secured Shell SSH server telnet Telnet server Usage Guidelines 1 The interface and VLAN status is displayed as UP regardless of a disconnection In such a case shutdown the VLAN Follow the steps below a Check the status of an interface and VLAN using WS5100 config show ip interface brief Interface IP Address Status Protocol vlanl 157 235 208 69 DHCP up up vlan3 unassigned up up WS5100 config b If the stauts of the VLAN is UP even if eth1 eth2 is diconnected shutdown the VLAN associated with eth1 using WS5100 config 1f show ip interface vlan 3 brief Interface IP Address Status Protocol Common Commands 2 37 vlan3 unassigned up up WS5100 config if shutdown c Ch
334. s crypto map 10 11 p show Internet Protocol IP Display all alarms currently in the system autoinstall configuration Display Message of the Day Login banner Display boot configuration Display system clock Show command lists crypto Display debugging setting show environmental information Display filesystem information Display FTP Server configuration Display the session command history Interface status and configuration Internet Protocol IP ldap server Show any installed licenses Show logging configuration and buffer edia Access Control Display L3 Managment Interface nam Display Mobility Parameters Network time protocol password encryption Show current privilege level Radius configuration commands Display redundancy group parameters Display state transition history of the Display redundancy group members in detail Current Operating configuration Display debug info for ACL VPN and NAT Display current active open connections Display SNMP engine parameters Display SNMP engine parameters Contents of startup configuration Display terminal configuration parameters Display timezone Display last image upgrade status Display information about terminal lines Display software amp hardware version Wireless configuration commands WS5100 config crypto map show 10 12 WS5100 Series Switch CLI Reference Guide crypto trustpoint Instance config crypto trustpoint
335. s e basic24 basic 24 Mbps e basic36 basic 36 Mbps basic48 basic 48 Mbps e basicb4 basic 54 Mbps basicop5 basic 5 5 Mbps basic6 basic 6 Mbps e basic9 basic 9 Mbps default factory default rates based on radio type range all rates enabled the lowest one set to basic throughput all rates basic only 802 11g clients are allowed on 802 11bg radios 20 36 WS5100 Series Switch CLI Reference Guide tag_type aeroscout cricket newb ury listen addr lt MAC address gt Configures the WI FI tag type e aeroscout Aeroscout active tag e cricket Cricket Motorola Active tag newbury Newbury active tag e listen addr Configures a multicast listening address for active tags e AA BB CC DD EE FF Sets a multicast MAC address NOTE For Aeroscout tags the address is configurable Unless the address is configured on the radio the tag packet will not be forwarded to the switch from the AP wmm background best effort video voice aifsn lt 7 15 gt burst lt 0 65535 gt cw lt 0 15 gt wmm video voice acm enable max mus lt 1 64 gt Sets 802 11e Wireless Multi Media WMM parameters supported only on AP300 radio wmm background best effort video voice aifsn lt 7 15 gt burst lt 0 65535 gt cw lt 0 15 gt acm enable max mus lt 1 64 gt e background Prioritizes Background category traffic e best effort Prioritizes Best Effort category traffic e video Prioritizes Video categor
336. s e new Clear new alarms arp cache Clears the ARP cache counters all bridge interface rout erl thread Clears counters e all Clears all counters e bridge Clears bridge counters e interface lt INTF name gt all eth lt 1 2 gt vlan lt 1 4094 gt Clears interface counters e router Clears router counters e thread Clear sper thread counters crypto crypto e ike Clears the IKE e ipsec Clears ipsec e sa Displays the security association remote peer Remote Peer IP address Clears Internet Protocol IP DHCP NAT e dhcp DHCP server configuration e binding DHCP address bindings For more details see DHCP Server Instance on page 17 1 e Clears all bindings e A B C D Clears a specific binding e nat Network Address Translation NAT e translation Clears a specified translation logging Modifies message logging facilities Privileged Exec Commands 4 9 mac address table Clears entries in the forwarding database e dynamic Clears all dynamic entries e multicast Clears all multicast entries e static Clears all management configured entries e address Clears a specified MAC address e bridge lt 1 32 gt Clears bridge group commands e interface Clears all MAC addresses for the specified interface e vlan lt 1 4094 gt Clears all MAD addresses for the specified VLAN mobility Clears Mobility
337. s range low IP address high IP address Parameters range low IP address high IP Adds an address range for the DHCP server address e low IP address Defines the first IP address in the address range e high IP address Defines the last IP address in the address range Usage Guidelines Use the address comand to specify a range of addresses for the DHCP network pool The DHCP server assigns IP address to DHCP clients from the address range A high IP address is the upper limit for providing the IP address and a low IP address is the lower limit for providing the IP address Use the no address range command to remove the DHCP address range Example WS5100 config dhcp address range 2 2 2 2 2 2 2 50 WS5100 config dhcp 17 1 2 bootfile DHCP Config Commands Assigns a bootfile name for the DHCP configuration on the network pool Syntax bootfile lt filename gt 17 4 WS5100 Series Switch CLI Reference Guide 17 1 3 Parameters bootfile lt filename gt Sets the boot image for BOOTP clients The file name can contain letters numbers dots and hyphens Consecutive dots and hyphens are not permitted Usage Guidelines Use the boot file command to specify the boot image The boot file contains the boot image name used for booting the bootp clients DHCP clients Only one boot file is allowed per pool Use no boot f i1e command to remove the bootfile Do not use the lt file name g
338. s an IP to match any protocol source source mask host source any The source is the source IP address of the network or host in dotted decimal format Source mask is the network mask For example 10 1 1 10 24 indicates the first 24 bits of the source IP are used for matching e anyis an abbreviation for source IP of 0 0 0 0 and source mask bits equal to 0 e host is an abbreviation for the exact source A B C D and source mask bits equal to 32 destination destination mask host destination any Defines the destination host IP address or destination network address log Generates log messages when the packet coming from the interface matches the ACL entry Log messages are generated only for router ACLs rule precedence access list entry precedence Sets an integer value between 1 5000 This value sets the rule precedence in the ACL 14 10 WS5100 Series Switch CLI Reference Guide mark dot1p lt D 7 gt tos lt 0 255 gt icmp source source mask host source any destination destination mask host destination any icmp type icmp type icmp code log rule precedence access list entry precedence Use with the mark command to specify ICMP packets as marked mark dot1p lt 0 7 gt tos lt 0 255 gt Action types on an ACL The action type mark is functional only over a Port ACL icmp Specifies ICMP as the protocol source source mask host so
339. s greater than disabled tput greater than disabled avg bit speed less than disabled avg signal less than disabled nu percent greater than disabled gave up percent greater than disabled avg retry greater than disabled undecrypt percent greater than disabled num stations greater than disabled WS5100 gt WS5100 gt show snmp server traps wireless statistics wireless switch pktsps greater than disabled tput greater than disabled num stations greater than disabled WS5100 gt WS5100 gt show snmp server traps wireless statistics wlan pktsps greater than disabled tput greater than disabled avg bit speed less than disabled avg signal less than disabled nu percent greater than disabled gave up percent greater than disabled avg retry greater than disabled undecrypt percent greater than disabled num stations greater than disabled WS5100 gt 2 2 25 sole Common to all modes Syntax show sole config stats status show sole config stats adapter ADAPTER NAME show sole status adapter engine ADAPTE 2 56 WS5100 Series Switch CLI Reference Guide Parameters config adapter ADAPTER NAME Shows the switch SOLE adapter configuration e adapter Show the existing configuration of the SOLE adapters stats adapter ADAPTER NAME status adapter engine ADAPTER Displays SOLE adapter statstics e adapter Displays SOLE adapter statstics Displays the current SOLE adapt
340. s on IP routing ssh Secured Shell SSH server e port lt 0 65535 gt Listening port Set between 0 65536 e rsa keypair name RSA encryption key used for confiuring RSA keypair telnet port lt 0 65535 gt Telnet server e port lt 0 65535 gt Defines the listening port ID The value can be anything between 0 65535 Global Configuration Commands 5 31 Usage Guidelines 1 if 2 Use the no command along with ip to undo any IP based configuration no ip access list default gateway dhcp domain lookup domain name http local name server nat route routing ssh telnet When using the ip access list parameter enter the following contexts e ext nacl extended ACL For more information see Extended ACL Instance on page 14 1 e std nacl Standard ACL For more information see Standard ACL Instance on page 15 1 dhcp DHCP Server instance For more information see DHCP Server Instance on page 17 1 e dhcpclass DHCP User Class instance For more information see DHCP Class Instance on page 18 1 Clear the ip dhcp binding using the clear command NOTE To delete Standard Extended and MAC ACL use no access list lt access list name gt under the Global Config mode Usage Guidelines 2 Follow the steps below to create a DHCP User Class 1 N ow Create a DHCP class named ws5100DHCPclass WS5100 supports a maximum of 32 DHCP classes WS5100 config ip dhc
341. send from a client to a WLAN index of an access port it becomes an inbound traffic to the wireless LAN When a packet goes out of a access port it becomes a outbound traffic to the wireless LAN index Apply an ACL to a WLAN index in outbound direction to filter traffic from both wired and wireless interfaces wlan acl can be attached both in the inbound and outbound directions NOTE Most of the Wireless LAN related configuration are performed using the Wireless Instance on page 20 1 Use wlan acl in the global configuration mode to apply an ACL on a wireless LAN index The last ACE in the access list is an implict deny statement Whenever the interface receives the packet its content is checked against all the ACE s in the ACL It is allowed denied based on the ACL configuration Usage Guidelines 2 Follow the procedure mentioned below to upgrade Wireless LAN ACL from 3 0 3 0 1 to 3 0 2 WLAN index in ACL rules are configurable in WS5100 3 0 3 0 1 In WS5100 3 0 2 WLAN is treated as a virtual port and the user has to create ACL rules without WLAN index and attach ACLs to WLAN port While upgrading from WS5100 3 0 3 0 1 to 3 0 2 the ACLs having WLAN index as selectors are replaced with ACLs without having any WLAN index selectors After the completion of the upgrade user has to apply those ACLs to WLAN port manually Asample ACL configuration in 3 0 3 0 1 e Standard IP access list 10 permit host 1 2 3 4 wlan
342. ssword encryption Show current privilege level Radius configuration commands anagment Interfac nam play redundancy group parameters Display state transition history of the Display redundancy group members in detail Current Operating configuration Display debug info for ACL VPN and NAT Display current active open connections Display SNMP engine parameters Display SNMP engine parameters Contents of startup configuration play terminal configuration parameters play timezone lay last image upgrade status play software amp hardware version Wireless configuration commands WS5100 config crypto ipsec show 9 4 WS5100 Series Switch CLI Reference Guide 10 1 crypto map The config crypto map commands define a Certificate Authority CA trustpoint This is a seperate instance but belongs to the crypto pki trustpoint mode under the config instance Crypto Map Config Commands summarizes config crypto map commands T Table 10 1 Crypto Map Command Summary Command Description Clears the display screen Ref Ends the current mode and moves to the EXEC mode Ends the current mode and moves to the previous mode Describes the interactive help system Assigns an IP access list to a crypto map definition Negates a command or set its defaults Invoke the service commands to trobuleshoot or debug the instance configurations Sets values for encryption decrypti
343. switched from wireless to the wired side radio Radio related commands e lt 1 1000 gt Defines a single radio s index e beacon table Displays the radio to radio beacon table e config lt 1 1000 gt Numerical index for the radio s configuration default 11a Default 11a configuration template default 11b Default 11b configuration template default 11bg Default 11bg configuration template monitor table Displays the radio to radio monitoring table e statistics Radio statistics regulatory Regulatory allowed channel power information for a particular country self heal config Sets self healing configuration parameters lt 1 1000 gt all e lt 1 1000 gt Defines a single radio s index e all Defines the self healing configuration for all radios sensor Wireless Intrusion Protection System parameters e lt 1 48 gt Specifies the index of a particular sensor to view detailed information about that sensor e default config Default configuration parameters for sensors 2 66 WS5700 Series Switch CLI Reference Guide unapproved aps Defines unapproved APs seen by an access port or a mobile unit s scan wireless switch Wireless switch statistics Statistics e detail Displays detailed wireless switch statistics wlan Displays wireless LAN parameters config WLAN configuration lt 1 32 A WLAN index lt 1 32 gt e all All WLAN in configuration e enabled
344. system information 16 2 16 1 1 16 1 2 WS5100 Series Switch CLI Reference Guide Table 16 1 MAC Extended ACL Config Command Summary Continued Sets terminal line parameters Command terminal page 16 14 clrscr MAC Extended ACL Config Commands Clears the display screens Syntax clrscr Parameters None Example WS5100 config ext macl clrscr WS5100 config ext macl deny MAC Extended ACL Config Commands Specifies packets to reject NOTE Use a decimal value representation of ethertypes to implement a permit deny marx designation for a packet The command set for Extended MAC ACLs provide the hexadecimal values for each listed ethertype The switch supports all ethertypes Use the decimal equvilant of the ethertype listed or for any other type of ethertype Syntax deny fany host source MAC address source MAC source MAC address mask any host destination MAC address destination MAC destination MAC address mask vlan vlan id dotlp dotlp value type valueliplipv6larp vlan wisp 0 65535 log rule precedence access list entry precedence Parameters Extended MAC ACL Instance 16 3 Source Mask Define a source mask specifying the bits to match The source wildcard can be any one of the following O XX XXIXXIXXIXXIXX XXIXX1XK1XX xXx xx Source MAC address and mask e any Any source host e host Exact source MAC address to match Destination Mask
345. t with the bootfile command as only one bootfile exists per pool The command no bootfile removes the exisitng command from the pool Example WS5100 config dhcp bootfile bootexample txt WS5100 config dhcp class DHCP Config Commands Associates a DHCP class with a pool This command is used in Step 4 in the usage guidelines that follow The CLI prompt moves to a sub instance config dhcp class The configuration mode changes from config dhcp class t0 config dhcp class Refer to config dhcp class on page 17 5 for config dhcp class a command summary Syntax class class name Parameters class class name Associates a class with a pool and enters the DHCP pool class configuration mode 17 1 3 1 DHCP Server Instance 17 5 Usage Guidelines Follow the steps mentioned below to create a DHCP User Class 1 Create a DHCP class named ws5100DHCPclass The switch supports a maximum of 32 DHCP classes WS5100 config ip dhcp class WS5100DHCPclass WS5100 config dhcpclass 2 Create a USER class named mcsoo The privilege mode changes to config dhcpclass The switch supports a maximum of 8 users classes per DHCP class WS5100 config dhcpclass option user class MC800 WS5100 config dhcpclass 3 Create a Pool named wap using config mode WS5100 config ip dhcp pool WID WS5100 config dhcp 4 Associate the DHCP class created in Step 1 with the pool created in Step 3 The switch
346. t 1 21 gt mac mask e MU mac address Sets the MU mac address in AA BB CC DD EE FF or AA BB CC DD EE FF or AABB CCDD EEFF format e MU mac mask Sets the MU mac mask in AA BB CC DD EE FF or AA BB CC DD EE FF or AABB CCDD EEFF format Example WS5100 config wireless client list station ExcludeListl AA BB CC DD EE FF WS5100 config wireless client list wlan config wireless client list Adds a client exclude list name into from the WLAN Syntax wlan lt 1 32 gt WLAN name Parameters wlan lt 1 32 gt WLAN e lt 1 32 gt Sets a single WLAN index name e WLAN name A list 1 3 7 or range 3 7 of WLAN indices 20 14 WS5100 Series Switch CLI Reference Guide 20 1 11 20 1 12 Example WS5100 config wireless client list wlan 1 WS5100 config wireless client list clrscr Wireless Configuration Commands Clears the display screen Syntax clrser Parameters None Example WS5100 config wireless clrscr WS5100 config wireless convert ap Wireless Configuration Commands Changes the mode of operation of an AP to either sensor or standalone Syntax convert ap lt 1 48 gt default sensor standalone Parameters lt 1 48 gt Sets the indices of the APs to be converted from the show wireless ap command default Does not force conversion Lets the AP negotiate its normal mode of operation with the switch sensor Converts an AP300 to operate as
347. t 2000 2699 gt deny permit mark dot1p lt 0 7 gt tos lt 0 255 gt ip source source mask host source any destination destination mask host destination any log rule precedence access list entry precedence Adds an extended IP access list entry using IP keyword e lt 100 199 gt lt 2000 2699 gt For IP type of extended ACL the ACL number must be between 100 199 e deny permit mark dot1p lt 0 7 gt tos lt 0 255 gt Defines the action type for an ACL The action type mark is functional only over a Port ACL 8021p lt 0 7 gt Use only with the action type mark to specify 8021p priority values tos lt 0 255 gt Use only with action type mark to specify type Of service tos values e ip Specif an IP to match any protocol e source source mask host source any The source is the address of the network or host in dotted decimal Source mask is the network mask For example 10 1 1 10 24 indicates the first 24 bits of the source IP are used for matching The keyword any is an abbreviation for source IP of 0 0 0 0 and source mask bits equal to 0 The keyword host is an abbreviation for exact source A B C D and source mask bits equal to 32 e destination destination mask host destination any Sets the destination host IP address or destination network address log Generates log messages when the packet coming from the interface matches the
348. t after the specified interval edgeport Enables an interface as an edgeport force version lt 0 3 gt Specifies the spanning tree force version A version identifier of less than 2 enforces the spanning tree protocol Select from the following versions e 0 SIP e 1 Not supported e 2 RSTP e 3 MSTP The default value for forcing the version is MSTP guard root Enables the Root Guard feature for the port The root guard disables the reception of superior BPDUs The Root Guard ensures the enabled port is a designated port If the Root Guard enabled port receives a superior BPDU it moves to a discarding state Use the no parameter with this command to disable the root guard feature link type point to point shared Enables or disables point to point or shared link types e point to point Enables rapid transition e shared Disables rapid transition interface Instance 12 17 mst lt 0 15 gt cost lt 1 200000000 gt port priority lt 0 240 gt port cisco interoperability disable enable Configures MST values on a spanning tree e lt 0 15 gt Defines the Instance ID e cost lt 1 200000000 gt Defines the path cost for a port e port priority lt 0 240 gt Defines the port priority for a bridge e port cisco interoperability disable enable Enables or disables interoperability with Cisco s version of MSTP which is incompatible with standard MSTP
349. t is an implicit deny statement Whenever the interface receives the packet its content is checked against all the ACEs in the ACL It is allowed based on the ACL configuration e Filtering on TCP UDP allows the user to specify port numbers as filtering criteria e Select ICMP to allow deny packets Selecting ICMP allows to filter ICMP packets based on type and code NOTE The log option is functional only for router ACL s The log option displays an informational logging message about the packet matching the entry sent to the console Example The example below allows IP traffic from the source subnet to the destination subnet and denies all other traffic over an interface WS5100 config ext nacl permit ip 192 168 1 10 24 192 168 2 0 24 rule precedence 40 WS5100 config ext nacl The example below permits Telnet traffic from the source subnet and the destination subnet and denies all other traffic over an interface WS5100 config ext nacl permit tcp 192 168 4 0 24 192 168 5 0 24 eq 23 rule pre cedence 10 WS5100 config ext nacl The example below permits ICMP traffic and denies all other traffic over an interface WS5100 config ext nacl permit icmp any any rule precedence 30 WS5100 config ext nacl 14 18 WS5100 Series Switch CLI Reference Guide 14 1 9 service Extended ACL Config Commands Invokes service commands to troubleshoot or debug the config if instance
350. t mode tunnel Tunnel mode Example WS5100 config crypto ipsec mode transport WS5100 config crypto ipsec show gt Crypto IPsec Config Commands Syntax clrser Parameters Displays the parameters for which information can be viewed using the show command Example WS5100 config crypto ipsec show access list Internet Protocol IP alarm log Display all alarms currently in the system autoinstall autoinstall configuration banner Display Message of the Day Login banner boot Display boot configuration clock Display system clock commands Show command lists crypto crypto debugging Display debugging setting environment show environmental information file Display filesystem information ftp Display FTP Server configuration history interfaces ip ldap licenses logging mac management mobility ntp password encryption privilege radius redundancy group redundancy history switch redundancy members running config securitymgr sessions snmp snmp server startup config terminal timezone upgrade status users version wireless crypto ipsec 9 3 Display the session command history Interface status and configuration Internet Protocol IP ldap server Show any installed licenses Show logging configuration and buffer Dis Dis Dis Dis Disp Display information about terminal lines edia Access Control Display L3 Display Mobility Parameters Network time protocol pa
351. t or debug the config crypto isakmp instance configuration Shows running system information Defines a Windows Name Server WINS 7 2 WS5100 Series Switch CLI Reference Guide 7 1 1 clrser Crypto Group Config Commands Clears the display screen Syntax clrscr Parameters None Example WS5100 config crypto group clr WS5100 config crypto group 7 1 2 dns Crypto Group Config Commands Specifies the DNS server address es to assign to a client Syntax dns lt IP Address gt Parameters lt IP Address gt The first DNS server address to assign lt IP Address gt optional Assign a second optional DNS server address Example WS5100 config crypto group dns server 172 1 17 1 172 1 17 3 WS5100 config crypto group 7 1 3 7 1 4 crypto group 7 3 end Crypto Group Config Commands Ends and exits the current mode and changes to the PRIV EXEC mode The prompt changes to wS5100 Syntax end Parameters None Example WS5100 config crypto group end WS5100 exit gt Crypto Group Config Commands Ends the current mode and moves to theprevious mode GLOBAL CONFIG The prompt changes to wS5100 config Syntax exit Parameters None Example WS5100 config crypto group exit WS5100 config 7 4 WS5100 Series Switch CLI Reference Guide 7 1 5 help Crypto Group Config Commands Accesses the system s interactive help system Syntax help Paramet
352. tax shutdown Parameters None Example WS5100 config if shutdown WS5100 config if 12 1 16 spanning tree Interface Config Commands Configures spanning tree parameters Syntax spanning tree bpdufilter enable disable bpduguard enable disable edgeport force version lt 0 3 gt guard root link type point topoint shared mst lt 0 15 gt port cisco interoperability portfast spanning tree mst lt 0 15 gt cost lt 1 200000000 gt port priority lt 0 240 gt port cisco interoperability disable enable Parameters bpdufilter disablejenable Use this command to set a portfast BPDU filter for the port Use the no parameter with this command to revert the port BPDU filter to default The spanning tree protocol sends BPDUs from all ports Enabling the BPDU filter ensures PortFastenabled ports do not transmit or receive BPDUs 12 16 WS5100 Series Switch CLI Reference Guide bpduguard disable enable Use this command to enable or disable the BPDU guard feature on a port Use the no parameter with this command to set the BPDU guard feature to default values When the BPDU guard is set for a bridge all portfast enabled ports that have the BPDU guard set to default shut down the port upon receiving a BPDU If this occurs the BPDU is not processed The port can be brought back either manually using the no shutdown command or by configuring the errdisable timeout to enable the por
353. ted automatically on the switch 20 56 WS5100 Series Switch CLI Reference Guide inactivity timeout lt 60 86400 gt Sets an inactivity timeout in seconds If a frame is not received from a mobile unit for this amount of time the mobile unit is disassociated kde password 0 LINE realm LINE server primary secondary timeout auth port lt 1 65535 gt Modifies KDC related parameters e password 0 2 LINE Create a KDC server password up to 127 characters e 0 Password is specified UNENCRYPTED e 2 Password is encrypted with a password encryption secret e LINE Defines a KDC server password up to 127 characters e realm LINE Defines a KDC realm up to 127 characters e LINE Defines KDC realm up to 127 characters e server primary secondary IP address auth port lt 1 65535 gt Modifies KDC server parameters e primary Defines the pPrimary KDC server e secondary Defines the secondary KDC server e P address Sets the KDC server IP address e auth port lt 1 65535 gt Sets the KDC server authentication port Default is 88 e server timeout lt 1 60 gt Modifies KDC server parameters e timeout Defiens the time the switch waits for a response from the KDC Server before retrying mobility enable Enables L3 Mobility on WLAN s Wireless Instance 20 57 mu mu disallow switch to wired Disallows frames from one mob
354. tended IP access list 110 192 168 1 0 24 192 168 100 0 24 rule precedence 5 192 168 63 0 24 192 168 100 0 24 rule precedence 63 192 168 157 0 24 192 168 100 0 24 rule precedence 157 2 72 2 2 35 2 2 36 WS5100 Series Switch CLI Reference Guide aclstats Priviledge Global Config Displays the statisitcs of configured access lists Syntax aclstats lt name gt vlan lt 1 4094 gt Parameters IFNAME Displays the interface name vlan lt 1 4092 gt Defines the VLAN interface Select from an index value between 1 4092 Example WS5100 config interface vlan 400 WS5100 config if alarm log Priviledge Global Config Syntax show alarm log lt 1 65535 gt acknowledged all count new severity to limit critical informational major normal warning Parameters lt 1 65535 gt Displays the details of a specific alarm ID acknowledged Displays information for acknowledged alarms currently in the system all Displays all the alarms currently in the system count Displays the number count of the alarms currently in the system new Displays those new alarms currently in the system 2 2 37 2 2 38 Common Commands 2 73 severity to limit Displays the alarms having specified a severity as well as those alarms with a severity higher than the specified value critical Displays all critical alarms informational Displays all informational or higher severity
355. ters None ping User Exec Commands Sends ICMP echo messages to a user specified location Syntax ping IP address hostname Parameters IP address hostname Pings the specified destination address or hostname Example WS5100 gt ping 192 168 2 100 PING 192 168 2 100 192 168 2 100 100 data bytes 3 8 3 1 9 3 1 10 WS5100 Series Switch CLI Reference Guide 128 bytes from 192 168 2 100 icmp seq 0 ttl 128 time 2 7 ms 128 bytes from 192 168 2 100 icmp seq 1 ttl1 128 time 38 4 ms 128 bytes from 192 168 2 100 icmp seq 2 ttl 128 time 4 6 ms 192 168 2 100 ping statistics 3 packets transmitted 3 packets received 0 packet loss round trip min avg max 2 7 15 2 38 4 ms WS5100 gt quit User Exec Commands Use this command to exit the current mode and move to the previous mode Syntax quit Parameters None Example The switch logs off upon execution of the command telnet User Exec Commands Opens a telnet session Syntax telnet IP address hostname Parameters IP address hostname Defines the IP address or hostname of a remote system Example WS5100 telnet 157 111 222 33 Entering character mode Escape character is Red Hat Linux release 9 Shrike Kernel 2 4 20 6bigmem on an i686 login cli Password 3 1 11 3 1 12 User Exec Commands 3 9 terminal gt User Exec Commands Sets the length number of lines displayed within the terminal window
356. thentication key transformset lt name gt Use the set transform set command to assign a transform set to a crypto map Usage Guidelines WS5100 config crypto map set peer name If no peer IP address is configured the manual crypto map is not valid and not complete A peer IP address is required for manual crypto maps To change the peer IP address the no set peer command must be issued first then the new peer IP address can be configured WS5100 config crypto map set pfs If left at the default setting no perfect forward secrecy PFS is used during IPSec SA key generation If PFS is specified the specified Diffie Hellman Group exchange is used for the initial and all subsequent key generation This means no data linkage between prior keys and future keys WS5100 config crypto map set security association lifetime kilobytes seconds Values can be entered in both kilobytes and seconds Whichever limit is reached first ends the security association WS5100 config crypto map set session key inbound outbound ah esp WS5100 config crypto map set session key inbound outbound ah lt hexkey data gt WS5100 config crypto map set session key inbound outbound esp lt SPI gt cipher lt hexdata key gt authenticator lt hexkey data gt 10 10 10 1 9 WS5100 Series Switch CLI Reference Guide The inbound local SPI security parameter index must equal the outbound remote SPI The outbound loca
357. tocol IP Display L3 Managment Interfac Display Mobility parameters Network time protocol password encryption Portchannel commands Show current privilege level RADIUS configuration commands Display redundancy group parameters Display state transition history of the IP nam Display redundancy group members in detail Current Operating configuration Securitymgr parameters Display current active open connections Display SNMP engine parameters Display SNMP engine parameters Smart Opportunistic Location Engine Contents of startup configuration static channel group membership Display Display Display Display Display spanning tree information terminal configuration parameters timezone last image upgrade status information about currently logged Display software amp hardware version Wireless configuration commands wlan based acl Extended ACL Instance Use the config ext nac1 instance to configure the ip access list extended ACLs associated with the switch 14 1 Extended ACL Config Commands summarizes config ext nacl commands Table 14 1 Extended ACL Config Command Summary Command Description Ret Clears the display screen Specifies packets to reject end Ends the current mode and moves to the EXEC mode Ends the current mode and moves to the previous mode Displays the interactive help system Specifies packets to mark Negates a command or s
358. tp stats service show cli command history crash info diag info last passwd memory pm history name all process reboot history securitymgr startup log upgrade history watchdog wireless service show securitymgr flows details source A B C D any destination A B C D any protocol any icmp tcp udp service start shell service test service watchdog service wireless ap history buffer counters clear ap log dump core enhanced beacon table enhanced probe table idle radio send multicast legacy load balance radio misc cfg rate scale request ap log save ap log snmp trap throttle vlan cache 2 12 WS5100 Series Switch CLI Reference Guide Parameters Priv Exec clear Performs a variety of reset functions e all Removes all core dump and panic files e aplogs Removes all AP log files e clitree Removes clitree html created by the save cli command e cores Removes all core files dumps Removes all dump files e panics Removes all kernel panic files securitymgr Securitymgr parameters e flows Sessions established e lt 0 349 gt Flow Index e WORD Interface name e all All established sessions e eth Ethernet interface e vlan VLAN copy Copies from one file to another e tech support Copies extensive system information useful to technical support for troubleshooting e URL Target URLfrom which to copy e tftp lt hostname p
359. tpoint service start shell Last password used password with MAC 00 a0 f8 65 ea 8e Password WS5100 config trustpoint service tethereal LINE tethereal options in the format V print detailed packet x hex dump of packet 11 1 13 p no promis n disable n help m E to captur crypto trustpoint Instance 11 9 cuous mode for interface ame resolution c lt count gt h detailed e ESPD e capture nonEspd packets J f lt capture f i lt interface packet only s lt snaplen gt file w lt savefile gt X for examp ilter expression in format xx xx xx gt on which to capture packets gt W wisp r lt filename gt read contents of specified save capture in specified file show les on tethereal capture filter gt Trustpoint PKI Config Commands Displays current system information running on the switch Syntax show lt parameter gt Parameters Displays the parameters for which the information can be viewed using the show command Example WS5100 config trustpoi access list alarm log autoinstall banner boot clock commands crypto debugging environment file ftp history interfaces ip ldap licenses logging mac nt show Internet Protocol IP Display all alarms currently in the system autoinstall configuration Display Message of the Day Login banner Display boot configuration Dis
360. ts not already wep128 keyguard mac auth MAC authentication RADIUS lookup of MAC address e none None client bridge backhaul enable Enables the client bridge backhaul capability on this wlan description Displays the description of this WLAN dot11i handshake key key rotation key rotationinterval opp pmk caching phrase pmk caching preauthentication secondkey tkip cntrmeas hold time Modifies tkip ccmp 802 111 related parameters e handshake timeout lt 100 5000 gt retransmit lt 1 10 gt Sets a handshake for the timeout and retransmission intervals e timeout lt 100 5000 gt Sets the timeout in milliseconds between retries e retransmit lt 1 10 gt Sets the number of retransmission attempts Wireless Instance 20 53 key 0 2 WORD Configure the key PMK e 0 Password is specified UNENCRYPTED e 2 Password is encrypted with password encryption secret e WORD The 256bit 64 hex characters long key key rotation enable Controls the periodic update of the broadcast keys for associated mobile units key rotation interval lt 1800 86400 gt Configures the broadcast key rotation interval opp pmk caching Enables the opportunistic use of cached pairwise master keys fast roaming with eap 802 1X phrase 0 2 LINE Configures the passphrase e 0 Password is specified UNENCRYPTED e 2 Password is encrypted with password
361. ts the RADIUS user configuration server Configures server certificate parameters service Invokes service commands for troubleshooting and debugging Example WS5100 config radsrv Hno authentication data source WS5100 config radsrv WS5100 config radsrv Hno ca trust point WS5100 config radsrv 19 1 12 proxy Radius Server Instance 19 21 Radius Configuration Commands Configures a proxy RADIUS server based on the realm suffix Syntax proxy realm retry count retry delay proxy relam WORD server A B C D port lt 1024 65535 gt secret 0 2 WORD Parameters realm WORD The realm name is a string of up to 50 characters e server A B C D Sets the proxy server IP address e port lt 1024 65535 gt Sets the proxy server port number e secret 0 2 WORD Sets the proxy server secret string e 0 Password is specified UNENCRYPTED e 2 Password is encrypted with a password encryption secret e WORD Sets the proxy server shared secret up to 32 characters retry count lt 3 6 gt Defineds the proxy server retry count value retry delay lt 5 10 gt Defines the proxy server retry delay time in seconds Usage Guidelines Only five RADIUS proxy servers can be configured The proxy server attempts six retries before it times out The retry count defines the number of times the switch transmits each RADIUS request before giving up The timeout value defines the duration fo
362. ture When you need help anytime at the command line please press If nothing matches the help list will be empty and you must backup until entering a shows the available options Two styles of help are provided 1 Full help is available when you are ready to enter a command argument e g show and describes each possible argument 2 Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input e g show ve WS5100 config dhcp DHCP Server Instance 17 13 17 1 15 host DHCP Config Commands Defines a fixed IP address for the host in dotted decimal format Use the no host command to remove the host from the DHCP pool Syntax host lt IP address gt Parameters host lt IP address gt Sets a fixed address for the host e P address Sets an IP address in dotted decimal format Usage Guidelines The DHCP host pool used to manually assign an IP address based on hardware address client identifier configuration must contain a host IP address client name and hardware address client identifier The host IP address must belong to a subnet on the switch There must be a DHCP network pool corresponding to that host IP address There is no limit to the number of manual bindings However you can configure only one manual binding per host pool Example WS5100 config dhcp host 2 2 2 111 WS5100 config dhcp 17 1 16 lease DHC
363. uired to use the Diffie Hellman Group 1 768 bit modulus exchange during IPSec SA key generation e group 2 IPSec is required to use the Diffie Hellman Group 2 1024 bit modulus exchange during IPSec SA key generation e group 5 PSec is required to use Diffie Hellman Group 5 remote type Sets the remote VPN client type e ipsec I2tp Specify the remote VPN client as using IPSEC L2TP e xauth Specify the remote VPN client as using XAUTH with mode config security association Defines the lifetime in kilobytes and or seconds of the IPSec SAs created by this crypto map e evel perhost Specify a security association granularity level for identities e ifetime kilobyte seconds Security an association lifetime session key Use the set session key command to define the encryption and authentication keys for this crypto map e inbound Defines encryption keys for inbound traffic e outbound Defines encryption keys for outbound traffic crypto map 10 9 inbound outbound Defines encryption keys for inbound outbound traffic ahlesp e ah Authentication header protocol e lt 256 4294967295 gt Security Parameter Index SPI for the security association e esp Encapsulating security payload protocol e lt 256 4294967295 gt Derfines the security parameter Index e cipher Specify encryption decryption key e authenticator lt hex key data gt Specify an au
364. urce any The source is the source IP address of the network or host in dotted decimal format The source mask is the network mask For example 10 1 1 10 24 indicates the first 24 bits of the source IP is used for matching e any is an abbreviation for source IP of 0 0 0 0 and source mask bits equal to 0 e hostis an abbreviation for exact source A B C D and source mask bits equal to 32 destination destination mask host destination any Sets the destination host IP address or destination network address icmp type icmp type icmp code Defines the ICMP value from 0 to 255 The value is valid only for ICMP Define an ICMP code value from 0 to 255 valid for ICMP only log Generates log messages when the packet coming from the interface matches the ACL entry Log messages are generated only for router ACLs rule precedence access list entry precedence Sets an integer value between 1 5000 This value sets the rule precedence in the ACL Extended ACL Instance 14 11 Usage Guidelines This command marks traffic between networks hosts based on the protocol type selected in the access list configuration Use the mark option to specify the type of service tos and priority value The tos value is marked in the IP header and the 802 1p priority value is marked in the dot1q frame e The following types of protocols are supported e ip e icmp e tcp e udp Whenever the interface receives the pack
365. urce any destination destination mask host destination any log rule precedence access list entry precedence Use the permit command to allow IP packets permit Allows IP packets ip Specifies the IP to match to any protocol source source mask host source any The source is the source IP address of the network or host in dotted decimal format The source mask is the network mask For example 10 1 1 10 24 indicates the first 24 bits of the source IP are used for matching e anyis an abbreviation for source IP of 0 0 0 0 and source mask bits equal to 0 e hostis an abbreviation for exact source A B C D and source mask bits equal to 32 destination destination mask host destination any Sets the destination host IP address or destination network address log Generates log messages when the packet coming from the interface matches the ACL entry Log messages are generated only for router ACLs rule precedence access list entry precedence Sets an integer value between 1 5000 This value sets the rule precedence in the ACL Extended ACL Instance 14 15 permit icmp source source mask host source any destination destination mask host destination any icmp type icmp type icmp code log rule precedence access list entry precedence Use with the permit command to allow ICMP packets permit Allows ICMP packets on an ACL icmp
366. username manager privilege superuser Privileged Exec Commands 4 31 Ino country code logging console 7 no logging on fallback enable ftp password 1 810a25d76c31e495cc070bdf42e076f7c9b0alcd lp http server lp http secure trustpoint local lp http secure server ip ssh ip telnet snmp server manager v2 snmp server manager v3 crypto isakmp identity address crypto isakmp keepalive 10 crypto ipsec security association lifetime kilobytes 4608000 4 32 WS5100 Series Switch CLI Reference Guide Global Configuration Commands The term global is used to indicate characteristics or features effecting the system as a whole Use the Global configuration mode to configure the system globally or enter specific configuration modes to configure specific elements such as interfaces or protocols Use the configure terminal command under PRIV EXEC to enter the global configuration mode The example below describes the process of entering global configuration mode from privileged EXEC mode WS5100 configure terminal WS5100 config NOTE The system prompt changes to indicate you are now in global configuration mode The prompt for global configuration mode consists of the device host name followed by config and the pound sign Commands entered in the global configuration mode update the running configuration file as soon as they are entered However these changes are not saved in the startup configuration f
367. ve a Tab key press Ctrl l The CLI recognizes a command once you have entered enough characters to make the command unique If you enter conf within the privileged EXEC mode the CLI associates the entry with the configure command since only the configure command begins with conf In the following example the CLI recognizes a unique string in the privileged EXEC mode when the Tab key is pressed WLAN Module conf lt Tab gt WLAN Module configure When you use the command completion feature the CLI displays the full command name The command is not executed until you use the Return or Enter key This way you can modify the command if the full command was not what you intended in the abbreviation If entering a set of characters indicating more than one command the system lists all commands that begin with that set of characters Alternatively enter a question mark to obtain a list of commands that begin with that set of characters Do not leave a space between the last letter and the question mark For example entering co lists all commands available in the current command mode WLAN Module co copy commit WLAN Module co NOTE The characters you enter before the question mark are reprinted mY to the screen to allow you to complete the command entry 1 10 WS5100 Series Switch CLI Reference Guide 1 4 3 Deleting Entries f Use any of the following keys or key combinations to delete comman
368. verts an IDS sensor back to an access port that can service mobile units 20 1 34 Wireless Instance 20 41 default config ip mode wips server ip Invokes the default configuration sent to sensors when configured e ip mode Configures the IP address of the sensors e dhcp Sensors use DHCP to obtain an IP address e static A B C D M A B C D Sensors use the specific static IP address A B C D M Sets the sensor IP address and network mask A B C D Specifies the gateway IP address for sensors e wips server ip Specifies the IP addresses of the WIPS server e primary A B C D Specifies the primary IP address of the WIPS server e secondary A B C D Specifies the secondary IP address of the WIPS server ping interval lt 2 60 gt Sets the ping interval in seconds between successive pings to sensors on the network vlan lt 1 4094 gt Configures VLANs where sensors are discovered Example WS5100 config wireless sensor vlan 268 500 WS5100 config wireless service Wireless Configuration Commands Invokes service commands to troubleshoot or debug config wireless instance configurations Syntax service show wireless service show cli wireless 20 42 WS5100 Series Switch CLI Reference Guide service show wireless ap history ap list buffer counters enhanced beacon table enhanced probe table legacy load balance mu cache buckets mu cache entr
369. ves to the previous mode Sets RADIUS user group parameters Note This command creates another sub instance called config radsrv group with its own command summary 19 2 WS5100 Series Switch CLI Reference Guide Table 19 1 RADIUS Server Command Summary Command Description Ref help Displays the interactive help system page 19 16 Idap server Sets LDAP server parameters page 19 17 nas Sets RADIUS client parameters page 19 19 no Negates a command or sets its defaults page 19 20 proxy Defines the RADIUS proxy server configuration page 19 21 rad user Sets the RADIUS user configuration page 19 22 server Configures server certificate parameters page 19 23 service Invokes service commands to troubleshoot or debug page 19 24 config radsrv instance configurations show Displays running system information page 19 25 19 1 1 authentication Radius Configuration Commands Configures the authentication scheme used with the RADIUS server Syntax authentication data source eap auth type authentication data source ldap local authentication eap auth type all peap gtc peap mschapv2 tls ttls md5 ttls mschapv2 ttls pap Parameters data source Sets the RADIUS data source for user authentication eap auth type Defines RADIUS EAP and default authentication configurations all Enables TTLS and PEAP settings peap gtc Defines the EAP and PEAP settings used with the default authenticati
370. voice acm enable max mus lt 1 64 gt radio add lt 1 4096 gt MAC Address 11a ap300 ap5131 11b ap100 ap4131 11bg ap300 ap5131 Parameters lt 1 1000 gt Defines a single radio index RADIO Creates a list 1 3 7 or range 3 7 of radio indices all 11a All 11a radios currently in configuration all 11b Al 11b radios currently in configuration all 11bg All 11bg radios currently in configuration configure 8021X Configures the 802 1X username and password on adopted access ports default 11a Adopts the default 11a configuration template Wireless Instance 20 31 default 11b Adopts the default 11b configuration template default 11bg Adopts the default 11bg configuration template adoption pref id lt 0 65535 gt Employs a preference identifier for this radio port The radio port is more likely to be adopted by a wireless switch that is a preferred switch antenna mode lt diversity primary secon dary gt Defines the antenna diversity mode Select from the following options e diversity Full diversity both antennas primary Primary antenna only e secondary Secondary antenna only Note Before executing this command ensure the radio is present and is a AP300 base bridge enable max clients lt 1 12 gt Sets base bridge values e enable Allows the given radio to act as a base bridge and accept connections from client bridges e max clients lt 1 12 gt Con
371. w the same cryptomap set to be attached to multiple interfaces description Interface Config Commands Creates an interface specific desciption Syntax description Parameters LINE Define the characters describing this interface Example WS5100 config if description interface for RetailKing WS5100 config if 12 4 WS5100 Series Switch CLI Reference Guide 12 1 4 duplex Interface Config Commands Specifies the duplex mode of operation NOTE e Duplexity can only be set for an Ethernet Interface Enter the config if instance using the eth parameter of the interface mode e The duplex can not be set until the speed is set to a non auto value Syntax duplex auto full half Parameters auto The port automatically detects whether it should run in full or half duplex mode full Sets the port in full duplex mode half Sets the port in half duplex mode Usage Guidelines The duplex defines the communication used by the port The switch by default is set in the auto duplexmode In auto mode the duplex is selected based on connected network hardware interface Instance 12 5 12 1 5 end Interface Config Commands Ends and exits the current mode and moves to the PRIV EXEC mode The prompt changes to WS5100 Syntax end Parameters None Example WS5100 config if end WS5100 12 1 6 exit Interface Config Commands Ends the current mode and moves to the p
372. x speed optimize for throughput smart scan lla channels smart scan llbg channels WS5100 gt WS5100 gt show wireless hotspot config WLAN 1 status disabled description WLAN1 ssid 101 Page Location simple Internal Pages Page type login Title Login Page Header Network Login Description Please enter your username and password Footer Contact the network administrator if you do not have an account Image URL main Image URL small Page type welcom Title Authentication success Header Authentication Success Description You now have network access lt BR gt Click the disconnect link below to end this session 2 68 WS5100 Series Switch CLI Reference Guide Footer Image URL main Image URL small Page type fail Title Unable to authenticate Header Authentication Failed Description Either the username and password are invalid or service is unavailable at this time Footer Contact the network administrator if you do not have an account Image URL main Image URL small ti xternal Pages Page Type login URL Page Type welcom m g R Page Type fail R wW list IP addresses WLAN 2 status disabled description WLAN2 ssid 102 Page Location simple Internal Pages Page type login Title Login Page MORE next page Space next line Enter quit Control C WS5100 gt show wireless ids detect window 10
373. xec Command Acknowledges alarms Syntax acknowledge alarm log lt 1 65535 gt all Parameters alarm log Acknowledges alarms e lt 1 65535 gt Acknowledges the specific alarm ID e all Acknowledges all alarms Example WS5100 acknowledge alarm log all No corresponding record found in the Alarm Log WS5100 acknowledge alarm log 200 No corresponding record found in the Alarm Log WS5100 archive Priv Exec Command Manages file archive operations Syntax archive tar table FILE URL archive tar create FILE URL FILE archive tar xtract FILE URL DIR Parameters tar Manipulates creates lists or extracts a tar file table Lists the files in a tar file create Creates a tar file xtract Extracts content from a tar file Privileged Exec Commands 4 5 FILE Defines a Tar filename URL Tar file URL Example How to zip the folder flash log WS5100 archive tar create flash out tar flash log tar Removing leading flash log flash log snmpd log flash log messages log flash log startup log flash log radius WS5100 dir flash Viewing the output tar file Directory of flash drwx 1024 drwx 120 drwx 1024 drwx 1024 rw 173056 Which files are tared Thu Apr Fri Apr Thu Apr Wed May Fri May from member names 12 16 14 20 27 233 230 39 50 20 34 19 48 2007 2007 2007 2007 2007
374. xt nacl service WS5100 config ext nacl service Display information about core panic and AP snapshot of available support information nter shell password used to Show reboot history log history show start shell Last password used password with MAC 00 a0 f8 65 ea 8e Password WS5100 config ext nacl service tethereal x hex dump of packet J c lt count gt h detailed capture nonEspd packets LINE tethereal options in the format V print detailed packet p no promiscuous mode for interface n disable name resolution help E to capture ESPD e f lt capture filter My E eS i lt interface on which packet only s lt snaplen gt file w lt savefile gt xpression in forma r lt filename gt save cap to capture packets gt W wisp read contents of specified ture in specified file X for xamples on tet hereal capture filter tethereal WS5100 config ext nacl servic 14 20 WS5100 Series Switch CLI Reference Guide 14 1 10 show gt Extended ACL Config Commands Displays current system information running on the switch Syntax show lt paramater gt Parameters Displays the parameters for which information can be viewed using the show command Example WS5100 config ext nacl access list alarm log autoinstall banner boot clock commands cry
375. y mvlan lt 1 32 gt radio lt 1 1000 gt description snmp trap throttle vlan cache buckets vlan cache entry service wireless ap history buffer counters clear ap log dump core enhanced beacon table enhanced probe table idle radio send multicast legacy load balance radio misc cfg rate scale request ap log save ap log snmp trap throttle vlan cache service wireless ap history clear enable service wireless buffer counters clear service wireless clear ap log lt 1 48 gt service wireless idle radio send multicast enable service wireless request ap log lt 1 48 gt Parameters ap history Displays the access port history ap list Listd AP configurations sorted by MAC address buffer counters Allocation counts for various buffers enhanced beacon table config report Displays details of the configuration and information gathered for AP locationing e config Displays the configuration of AP locationing e report Displays the information gathered for AP locationing enhanced probe table config report Displays the configuration and information gathered for MU locationing e contig Displays the configuration of MU locationing e report Displays the information gathered for MU locationing legacy load balance Sets the legacy load balance algorithm compatibility mode mu cache buckets Displays wireless mobile units cache buckets
376. y traffic e voice Prioritizes Voice category traffic e acm enable max mus lt 1 64 gt Admission control parameters Use enable to allow admission control Enabling ACM on video enables ACM on the Voice access category Use max mus to specify the number of mobile units that are allowed access on the specified categories aifsn lt 1 15 gt Arbitration Inter Frame Spacing Number Defines the wait time in milliseconds between data frames Derived using AIFSN and the slot time Wireless Instance 20 37 e burst lt 0 65535 gt transmit opportunity Sets an interval when a particular WMM STA has the right to initiate transmissions onto the wireless medium e cw lt 0 15 gt Contention Window parameters Wireless stations pick a number between 0 and the minimum contention window to wait before re trying transmissions Stations then double their wait time on a collision until it reaches the maximum contention window add lt 1 1000 gt MAC Address 11a ap300 ap5131 11b ap100 ap4131 11bg ap300 ap5131 Adds a new radio e lt 1 1000 gt Defines the index where this radio is added e MAC Sets a MAC address in AA BB CC DD EE FF format e 11a 802 11a type radio 11b 802 11b type radio e 11bg 802 11bg type radio e ap300 AP300 access port default for 11a and 11bg e ap5131 AP 5131 type access port e ap4131 AP 4131 type access port dns name WORD MAC Address Conf
377. ys the media access control IP Common page 42 configuration mac address table Displays the MAC address table Common page 42 management Displays L3 management interface name Common page 43 mobility Displays mobility parameters Common page 43 ntp Displays network time protocol Common page 46 information port channel Displays port channel commands Common page 47 privilege Displays the current privilege level Common page 47 Common Commands 2 25 Display Parameters Description Mode Example radius Displays RADIUS configuration Common page 48 commands redundancy group Displays redundancy group parameters Common page 49 redundancy history Displays the state transition history of Common page 57 the switch redundancy Displays redundancy group members in Common page 52 members detail snmp Displays SNMP engine parameters Common page 52 snmp server Displays SNMP engine parameters Common page 53 sole Displays the Smart Opportunistic Common page 55 Location Engine SOLE configuration spanning tree Displays the spanning tree information Common page 57 static channel group Displays static channel group Common page 58 membership information terminal Displays terminal configuration Common page 59 parameters timezone Displays the timezone Common page 59 users Displays information about terminal Common page 60 lines version Displays softwa
Download Pdf Manuals
Related Search