Manuale d’uso / di manutenzione del prodotto 2300 Series del fabbricante Nortel Networks
Vai alla pagina of 622
Part No. NN47250-100 June 2008 4655 Great America Parkway Santa Clara, CA 95054 Nor tel WLAN Security Switc h 2300 Series Command Line Ref erence.
2 NN47250-100 (Version 02 .51) Copyright © 2007-2008 Nortel Ne tworks. All rights reser ved. The information in this document is subj ect to change without notice.
3 Nortel WLAN—Security Switch 2300 Series Command Line Reference SUCH POR TION S OF THE SOFTW ARE ARE PRO VIDED “ AS IS” AND WITHOUT ANY EXPRESS OR IM PLIED W ARRANTIES, INCLUDING, WITHO UT LIMIT A TION, THE IMPLIED W ARRANTIES OF MERCHANT ABILITY AND FITNESS FOR A P AR TICULAR PURPOSE.
4 NN47250-100 (Version 02 .51) de veloper and/or supplier is an intended be nef iciary of this Section. Some jurisd ictions do not allo w th ese limitations or exclusions and, in such e vent, they may n ot apply .
5 Nortel WLAN—Security Switch 2300 Series Command Line Reference Exclusive Remed y Your sole remedy under the limited warranty described above is, at Nort el’s sole option and expense, the repair or replacement of the non-conforming Product or refund of the purchase price o f the non-conforming Products.
6 NN47250-100 (Version 02 .51) END CUSTOMER MAY ALSO HAVE OTHER RIGHTS, WHICH VA RY FROM STATE/JURISDICTION TO STATE/JURISDICTION. TO THE MAXIMUM EXTENT PERMITTED BY APPL ICABLE LAW, IN NO EVENT SHALL.
7 Nortel WLAN—Security Switch 2300 Series Command Line Reference (d) Nortel may provide update s, corrections, e nhancements, modifications or bug fixes for the Licensed Materials (“Updates”) to Licensee .
8 NN47250-100 (Version 02 .51) that is not covered by the above provisions shall be deemed “technical dat a-commercial item s” pursuant to DFAR section 227.7015(a). Any use, modification, reproduction, release, performance, display or disclosure of such technical data sh all be governed by the terms of DFAR section 227.
9 Nortel WLAN—Security Switch 2300 Series Command Line Reference THIS SOFTWARE IS PROV IDED BY THE AUTH OR ``AS IS'' A ND ANY EXPR ESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANT ABILITY AND F I T NESS FOR A PART ICULAR PURPOSE ARE DISCLAIMED.
10 NN47250-100 (Version 02 .51).
11 Nortel WLAN— Management So ftware 230 0 Series Refe rence Guide How to get help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Introducing the Nortel WLAN 2300 System . . . . . . . . . . . . . . . . . .
12 NN47250-102 (Version 02 .51) IP Services Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 AAA Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 Mobility Domain Commands .
13 Nortel WLAN—Security Switch 2300 Series Command Line Reference Ho w to get help This section explains how to get help for Nortel products and services. Getting help from the Nortel web site The best way to get technical suppor t for Nortel products is from the Nortel Technical Support Web site: http://www .
14 How to get help NN47250-100 (Version 02 .51).
15 Nortel WLAN—Security Switch 2300 Series Command Line Reference Intr oducing the Nor tel WLAN 2300 System This command reference expl ains WLAN Security Switch 2300 Series (W SS Software) command line interface (CLI) commands that you enter on a WLAN—Security Switch to configure and manage the Nortel WLAN 2300 System wireless LAN (WLAN).
16 Introduci ng the Nortel WLAN 2300 System NN47250-100 (Version 02 .51) Documentation Consult the following documents to plan, install, configure, and manage a Nortel WLAN 2300 System. Planning, Conf iguration, and Deployment • Nortel WLAN Management Softwar e 2300 Series User Guide .
Introduci ng the Nortel WLAN 2300 System 17 Nortel WLAN—Security Switch 2300 Series Command Line Reference Safety and Advisory Notices The following kinds of safety and advisory notic es appear in this ma nual. Caution! This situation or con dition can lead to data lo ss or damage to the product or other proper ty .
18 Introduci ng the Nortel WLAN 2300 System NN47250-100 (Version 02 .51) T e xt and Syntax Con ventions Nortel manuals use the followi ng text and syntax conventions: Convention Use Monospace text Sets off command syntax or sample commands and system responses.
19 Nortel WLAN—Security Switch 2300 Series Command Line Reference Using the Command-Line Interface WLAN Security Switch 2300 Series (W SS Software) operates a No rtel WLAN 2300 System wireless LAN (WLAN) consisting of WLAN Management Software, WLAN—Security Sw itch (WSS), and Ac cess Points (APs).
20 Using the Command-Line Interface NN47250-100 (Version 02 .51) Command Pr ompts By default, the WSS Software CLI provides th e following prompt for re st ricted users. The mm por tion shows the WSS model number (for example, 2360 ) and the nnnnnn portion shows the last 6 digits of the switch’s media ac cess control (MAC) address.
Using the Co mmand-Li ne Interface 21 Nortel WLAN—Security Switch 2300 Series Command Line Reference Syntax Notation The WSS Software CLI uses standard syntax n otation: • Bold monospace font identifies the comma nd and keyw ords you must type. F or e xample: set enablepass • Italic monospace font indica tes a placeholder for a value.
22 Using the Command-Line Interface NN47250-100 (Version 02 .51) MA C Address Notation WSS Software displays MAC a ddresses in hexadecimal numb ers with a col on (:) delimiter betwee n bytes—for example, 00:01:02:1a:00:01. You can enter MAC addres ses with either hyphen (-) or colon (:) delimiters, but colons are preferred.
Using the Co mmand-Li ne Interface 23 Nortel WLAN—Security Switch 2300 Series Command Line Reference number of characters up to, but not includi ng, a delimiter characte r in the wildcard. Valid use r wildcard delimiter chara cters are the at (@) sign and the period (.
24 Using the Command-Line Interface NN47250-100 (Version 02 .51) To match all VLANs, use the double-asterisk (**) wildcard ch aracters with no delimiters. To match any number of char- acters up to, but not including, a delimit er character in the wildcard, use the sin gle-asterisk (*) wildcard.
Using the Co mmand-Li ne Interface 25 Nortel WLAN—Security Switch 2300 Series Command Line Reference Command-Line Editing WSS Software edi ting functions are si milar to those of many other ne twork operating systems.
26 Using the Command-Line Interface NN47250-100 (Version 02 .51) Tabs The WSS Softwa re CLI uses the Tab key for command completion. You can type th e first few characters of a command and press the Tab key to display the command(s) that begin with those charac ters.
Using the Co mmand-Li ne Interface 27 Nortel WLAN—Security Switch 2300 Series Command Line Reference To see a subset of the online help, type the command for which you want more in formation.
28 Using the Command-Line Interface NN47250-100 (Version 02 .51).
29 Nortel WLAN—Security Switch 2300 Series Command Line Reference Access Commands Use access commands to control access to the WLAN Security Switch 2300 Series (WSS Software) (CLI). This chapter presents access comma nds alphabetically . Use the following table to locate com mands in this chapter based on their use.
30 Access Commands NN47250-100 (Version 02 .51) See Also • set enablepass on page 20 • set conf irm on page 60 quit Exit from the CLI session. Syntax quit Defaults None.
Access Commands 31 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also • disable on page 19 • enable on page 19.
32 Access Commands NN47250-100 (Version 02 .51).
33 Nortel WLAN—Security Switch 2300 Series Command Line Reference P or t Commands Use port commands to configure and manage individual ports and load -sharing port groups. This chapter presents port commands alph abetically. Use the following table to locate c ommands in this chapter based on their use.
34 Port Commands NN47250-100 (Version 02 .51) clear ap Removes a AP. Syntax clear ap ap-num Defaults None. Access Enabled. Examples The follow ing command clears AP 1: WSS# clear ap 1 This will clear specified AP devices.
Port Commands 35 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also • monitor port counter s on page 28 • show port counters on page 46 clear port-group Removes a port group. Syntax clear port-group name name Defaults None. Access Enabled.
36 Port Commands NN47250-100 (Version 02 .51) See Also • set port media-type on page 36 • show port media-type on page 48 clear port mirror Removes a port mirroring configuration. Syntax clear port mirr or Defaults None. Access Enabled. History Introduced in WSS Software V ersion 4.
Port Commands 37 Nortel WLAN—Security Switch 2300 Series Command Line Reference clear port type Removes all configuration se ttings from a port and resets the port as a network port. Syntax clear port type port-list Defaults The cleared port becomes a network por t but is not placed in any VLANs.
38 Port Commands NN47250-100 (Version 02 .51) Examples The follow ing command clears port 5: WSS# clear port type 5 This may disrupt currently authenticat ed users.
Port Commands 39 Nortel WLAN—Security Switch 2300 Series Command Line Reference For error reporting, the cyclic redundancy check (CRC) errors include misa lignment errors. Jumbo packets with valid CRCs are not counted. A short packet can be reported as a short packet, a CRC e rror, or an overrun.
40 Port Commands NN47250-100 (Version 02 .51) Table 3 describes the port statistics displayed by each statisti cs option. The Port and St atus fields are displayed for each option. T able 3: Output for monitor port counters Statistics Option Field Description Displayed f or All Options Port Port the statistics are displayed for .
Port Commands 41 Nortel WLAN—Security Switch 2300 Series Command Line Reference transmit-errors Tx Cr c Number of frames transmitted by the port that had the correct length but contained an in v alid FCS va lu e . Tx Short Number of frames tran smitted by the port that were fewer than 64 bytes long.
42 Port Commands NN47250-100 (Version 02 .51) See Also show port counters on page 46 reset port Resets a port by toggling its link state a nd Power over Ethernet (PoE) state.
Port Commands 43 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also set port on page 35 set ap Configures a AP for an AP that is indirectly con nected to the WSS through an intermediate Layer 2 or Layer 3 network.
44 Port Commands NN47250-100 (Version 02 .51) Defaults The defau lt v ales are the same as the d efaults for th e set p ort type ap command. Access Enabled. History Examples The follow ing command configures apAP 1 for AP model AP-2330A with serial-ID 0322199999: WSS# set ap 1 serial-id 0322199999 model 2330A success: change accepted.
Port Commands 45 Nortel WLAN—Security Switch 2300 Series Command Line Reference The following command removes AP 1: WSS# clear ap 1 This will clear specified AP devices.
46 Port Commands NN47250-100 (Version 02 .51) Syntax set port-gr oup name gr oup-name po rt-list mode { on | off } Defaults Once configured, a group is enabled by default. Access Enabled. Usage Do not use dashes or hyphens in a port group name. If you do, WSS Software will not display or sav e the port group.
Port Commands 47 Nortel WLAN—Security Switch 2300 Series Command Line Reference Syntax set port media-type port-list rj45 Defaults The GBIC (f iber) interface is enabled, and the copper interface is disabled, by default. Access Enabled. History Introduced in WSS Software V ersion 4.
48 Port Commands NN47250-100 (Version 02 .51) Examples The follo wing command sets port 2 to monitor po rt 1’ s traffi c: WSS# set port 1 observ er 2 See Also • clear port mirror on page 26 • show port mirror on page 49 set port name Assigns a name to a port.
Port Commands 49 Nortel WLAN—Security Switch 2300 Series Command Line Reference set port negotia tion Disables or reenable s autonegotiation on gigabit Ethe rnet or 10/100 Ethernet ports. Syntax set port negotiation port-list { enable | disa ble } Defaults Autonegotiatio n is enabled on all Ethernet ports by def ault.
50 Port Commands NN47250-100 (Version 02 .51) Defaults PoE is disabled on network and wired auth entication ports. The state o n AP ports depends on whether yo u enabled or disabl ed Po E when setting the port type. See set port type ap on page 41 . Access Enabled.
Port Commands 51 Nortel WLAN—Security Switch 2300 Series Command Line Reference packets sent to a WSS port in such a conf igur ation can cause forw arding on the link to stop. Do not set the port speed of a gigabit port to auto . Although the CLI allo ws this setting, it is in valid.
52 Port Commands NN47250-100 (Version 02 .51) Syntax set port type ap port-list model { 2330 | 23 30A | 2330B | 2332-A1 | 2332-A 2 | 2332-A3 | 2332-A4 | 2332-A5 | 2332-A6 | 2332-E1 | 2332-E2 | 233 2-E3 | 2332-E4 | 2332-E5 |23 32-E6 | 2332-E7 | 2332-E8 | 233 2-E9 | 2332-J1 } poe { enable | disabl e } [ radiotyp e { 11a | 11b | 11g }] Note.
Port Commands 53 Nortel WLAN—Security Switch 2300 Series Command Line Reference Defaults All WSS ports are network ports by default. Model AP-2330, AP-2330A, AP-2330B, and Series 2332 APs have two radios. On two-radio models, one radio is always 802.
54 Port Commands NN47250-100 (Version 02 .51) To manage an AP on a switch model that d o es not have 10/100 Ethernet ports, use the set ap command to configure a AP connection on the switch. Examples The follo wing commands set port 2 for AP model 2330, enable PoE on the port, and specify external antenna model 2445 3 for the 802.
Port Commands 55 Nortel WLAN—Security Switch 2300 Series Command Line Reference Syntax set port type wired-auth port-list [ tag tag-list ] [ max-sessions num ] [ auth-fall -thru { last-r esort | none | web-portal }] Defaults The default tag-list is null (no tag v alues).
56 Port Commands NN47250-100 (Version 02 .51) For 802.1X clients, wired auth entication works only if the cl ients are directly attached to the wired authentica- tion port, or are attached through a hub that does not bloc k forwarding of packets from the client to the PAE group address (01:80:c2:00:00:03).
Port Commands 57 Nortel WLAN—Security Switch 2300 Series Command Line Reference Usage Y ou can specify one statistic type with the command. Examples The follow ing command shows octet st atistics fo.
58 Port Commands NN47250-100 (Version 02 .51) See Also • clear port-group on page 25 • set port-gr oup on page 35 show port media-type Displays the enabled interface types on a 2380 switch’s gigabit Ethernet ports. Syntax show port media-type [ port-list ] Defaults None.
Port Commands 59 Nortel WLAN—Security Switch 2300 Series Command Line Reference show port mirror Displays the port mirroring configuration. Syntax show port mirr or Defaults None.
60 Port Commands NN47250-100 (Version 02 .51) 9 9 up AP enabled 1.44 10 10 up - disabled off 1 1 1 1 down - disabled off 12 12 down - disa bled off 13 13 down - disa bled off 14 14 down - disa bled of.
Port Commands 61 Nortel WLAN—Security Switch 2300 Series Command Line Reference show port status Displays configuration and st atus information for ports.
62 Port Commands NN47250-100 (Version 02 .51) See Also • clear port type on page 27 • set port on page 35 • set port name on page 3 8 • set port negotiation on page 39 • set port speed on page 40 • set port type ap on page 41 • set port type wir ed-auth on page 44 Admin Administrative status of the port: • up—The port is enabled.
63 Nortel WLAN—Security Switch 2300 Series Command Line Reference System Services Commands Use system servic es commands to configure and moni tor system in formation for a W LAN—Security Switch (WSS). This chapter presen ts system services comma nds alphabetically.
64 System Services Commands NN47250-100 (Version 02 .51) clear banner motd Deletes the message-of-the-da y (MOTD) banner that is disp layed before the login prompt for each CLI session on the WSS. Syntax clear banner motd Defaults None. Access Enabled.
System Services Commands 65 Nortel WLAN—Security Switch 2300 Series Command Line Reference clear prompt Resets the system prompt to its previous ly configured value. If the pr ompt was not configured previously, this command resets the prompt to its default.
66 System Services Commands NN47250-100 (Version 02 .51) Examples T o clear the location of the W SS, type the following command: WSS# clear system location success: change accepted.
System Services Commands 67 Nortel WLAN—Security Switch 2300 Series Command Line Reference traceroute Prin t the r oute packets take to network host See Also “Using CLI Help” on page 16 history Displays the command history buffer for the current CLI session.
68 System Services Commands NN47250-100 (Version 02 .51) Syntax set auto-config { enable | disable } Defaults The auto-config option is automatically enable d on an unconf igured 2350 when the factory reset switch is pressed during power on. Ho we ver , auto -config is disabled by default on other models.
System Services Commands 69 Nortel WLAN—Security Switch 2300 Series Command Line Reference 1 Configure a VLAN: 2360# set vlan 1 port 7 success: change accepted. 2 Enable the DHCP client on VLAN 1: WSS# set interface 1 ip dhcp-client enable success: change accepted.
70 System Services Commands NN47250-100 (Version 02 .51) • Number sign (#) • Question mark (?) • Single quotation mark (') Examples T o create a banner that says Update meeting at 3 p.m. , type the following command: WSS# set banner motd ^Updat e meeting at 3 p.
System Services Commands 71 Nortel WLAN—Security Switch 2300 Series Command Line Reference Syntax set length number-of-lines Defaults WSS Software displays 24 lines by default. Access All. Usage Use this command if the output of a CLI comma nd is greater than the number of lines allowed by default for a terminal type.
72 System Services Commands NN47250-100 (Version 02 .51) See Also show licenses on page 67 set prompt Changes the CLI prompt for the WSS to a str ing you specify.
System Services Commands 73 Nortel WLAN—Security Switch 2300 Series Command Line Reference Examples The following command sets the system contact information to tamara@e xample.com : 23x0# set system contact tamara@example.com success: change accepted.
74 System Services Commands NN47250-100 (Version 02 .51) See Also show config on page 553 set system idle-timeout Specifies the maximum number of seconds a CLI management sessio n with the switch c an remain idle b efore WSS Software terminat es the session.
System Services Commands 75 Nortel WLAN—Security Switch 2300 Series Command Line Reference set system ip-address Sets the sy stem IP address so t hat it ca n be used by various services in the WSS. Syntax set system ip-address ip-addr Defaults None.
76 System Services Commands NN47250-100 (Version 02 .51) See Also • clear system on page 55 • set system contact on page 62 • set system name on page 66 • show system on page 68 set system name Changes the name of the WSS from th e default system na me and also provides content for the CLI prompt, if you do not specify a prompt.
System Services Commands 77 Nortel WLAN—Security Switch 2300 Series Command Line Reference show banner motd Shows the banner that was configured with the set banner motd command.
78 System Services Commands NN47250-100 (Version 02 .51) See Also show system on page 68 show system Displays system information. Syntax show system Defaults None.
System Services Commands 79 Nortel WLAN—Security Switch 2300 Series Command Line Reference T able 1: show system output Field Description Product Name WSS model number . System Name System name (factory defa ult, or optionally c onfigured with set system name ).
80 System Services Commands NN47250-100 (Version 02 .51) See Also • clear system on page 55 • set system contact on page 62 • set system countrycode on page 63 • set system idle-timeout on pag.
System Services Commands 81 Nortel WLAN—Security Switch 2300 Series Command Line Reference Usage Enter this command before calling the Nort el Enterprise T echni cal Support (NETS).
82 System Services Commands NN47250-100 (Version 02 .51).
83 Nortel WLAN—Security Switch 2300 Series Command Line Reference VLAN Commands Use virtual LAN (VLAN) commands to configure and manage para meters for individual por t VLANs on network ports, and to display information a bout clients roaming within a mobility domain.
84 VLAN Commands NN47250-100 (Version 02 .51) clear fdb Deletes an entry from the fo rwarding database (FDB). Syntax clear fdb { perm | static | dynamic | port port-list } [ vlan vlan-id ] [ tag tag-value ] Defaults None. Access Enabled. Usage Y ou can delete forwarding databa se entries based on entry type, port, or VLAN.
VLAN Commands 85 Nortel WLAN—Security Switch 2300 Series Command Line Reference clear security l2-restrict Removes one or more MAC addresses fro m the list of destination MAC addresses to which clients in a VLAN are allowed to send traffic at Lay er 2.
86 VLAN Commands NN47250-100 (Version 02 .51) Defaults If you do not specify a VLAN or all , counters for all VLANs are cleared. Access Enabled. History Introduced in WSS Software V ersion 4.1. Usage T o clear MA C addresses from the list of addresses to which clients are allowed to send d ata, use the clear security l2-restrict command instead.
VLAN Commands 87 Nortel WLAN—Security Switch 2300 Series Command Line Reference Examples The following command remo ves port 1 from VLAN gr een : WSS# clear vlan green port 1 This may disrupt user connectivity . Do you wish to continue? (y/n) [n] y success: change accepted.
88 VLAN Commands NN47250-100 (Version 02 .51) Examples The follo wing command adds a permanent entry f or MA C addres s 00:11:22:aa :bb:cc on ports 3 and 5 in VLAN blue : WSS# set fdb perm 00:11:22:aa:b b:cc port 3,5 vlan blue success: change accepted.
VLAN Commands 89 Nortel WLAN—Security Switch 2300 Series Command Line Reference Syntax set security l2-restrict vlan vlan-id [ mode { enable | disable }] [ permit-mac mac-addr [ mac-addr ]] Defaults Layer 2 restriction is disabled by def ault. Access Enabled.
90 VLAN Commands NN47250-100 (Version 02 .51) Nortel recommends that you do not use the name default . This name is already used for VLAN 1. Nortel also recommends that you do not ren ame the default VLAN. You cannot use numbers in the VLAN name. Nortel re commends that you do not use the same name with different capitalizations for VLANs.
VLAN Commands 91 Nortel WLAN—Security Switch 2300 Series Command Line Reference The following command adds port 16 to VLAN beige and assigns tag value 86 to the port: WSS# set vlan bei ge port 16 tag 86 success: change accepted.
92 VLAN Commands NN47250-100 (Version 02 .51) Defaults None. Access All. Usage T o display the entire forwarding database, enter the show fdb command without options. T o display only a portion of the data base, use optional parame ters to specify the types of entries you want to display .
VLAN Commands 93 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also • clear fdb on page 74 • set fdb on page 77 show fdb agingtime Displays the aging timeout period for forwarding database en tries. Syntax show fdb agingtime [ vlan vlan-id ] Defaults None.
94 VLAN Commands NN47250-100 (Version 02 .51) See Also set fdb agingtime on page 78 show fdb count Lists the number of entries in the forwarding database.
VLAN Commands 95 Nortel WLAN—Security Switch 2300 Series Command Line Reference Usage The output displays roaming stations within the previous 1 second.
96 VLAN Commands NN47250-100 (Version 02 .51) Syntax show r oamin g vlan Defaults None. Access Enabled. Examples The follo wing comma nd show s the current roami ng VLANs: WSS# show r oaming vlan.
VLAN Commands 97 Nortel WLAN—Security Switch 2300 Series Command Line Reference VLAN WSS Affinity ---------- ------ ------ --------- -- ------ vlan-cs 192.168.14.2 5 vlan-eng 192.168.14.4 5 vlan-fin 192.168.14.2 5 vlan-it 192. 168.14.4 5 vlan-it 192.
98 VLAN Commands NN47250-100 (Version 02 .51) Examples The follo wing command sho ws Layer 2 forw arding restriction information for all VLANs: WSS# show security l2-r estrict VLAN Name En Drops Permi.
VLAN Commands 99 Nortel WLAN—Security Switch 2300 Series Command Line Reference Examples T o display all tunnels from a WSS to other swit ches in the Mobility Domain, type the follo wing command.
100 VLAN Commands NN47250-100 (Version 02 .51) WSS# show vlan conf ig b urgundy Admin VLAN T unl Port VLAN Name S tatus S tate Af fin Port T ag S tate ---- ------- --------- --- --- ----- ---- - ---------- ------ --- -- ------------ ------ 2 bur gundy Up Up 5 2 none Up 3 none Up 4 none Up 6 none Up 1 1 none Up t:10.
VLAN Commands 101 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also • clear vlan on page 76 • set vlan name on page 79 • set vlan port on page 80 • set vlan tunnel-aff .
102 VLAN Commands NN47250-100 (Version 02 .51).
103 Nortel WLAN—Security Switch 2300 Series Command Line Reference Quality of Ser vice Commands Use Quality of Service (QoS) commands to configure packet prioritization in WSS Software. Pack et prioritization ensures that WSSs and APs give pr eferential treatment to high- priority traffic such as voice and video.
104 Quality of Service Commands NN47250-100 (Version 02 .51) Examples The follow ing command resets all QoS mappings: WSS# clear qos success: change accepted. The following command resets the mapping used to classify packets with DSCP value 44: WSS# clear qos dscp-to-qos-map 44 success: change accepted.
Quality of Service Commands 105 Nortel WLAN—Security Switch 2300 Series Command Line Reference set qos dscp-to-cos-map Changes the internal QoS value to whic h WSS Software maps a pa cket’s DSCP value when classifying inbound packets. Syntax set qos dscp-to-cos-map dscp-rang e cos level Defaults The defaults are listed by the show qos command.
106 Quality of Service Commands NN47250-100 (Version 02 .51) Ingress QoS Classification Map (dscp-to-cos) Ingress DSCP Co S Level ========== =========== ======== ========== ========== =========== ====.
107 Nortel WLAN—Security Switch 2300 Series Command Line Reference IP Ser vices Commands Use IP services commands to configur e and manage IP interface s, management servic es, the Domain Name Service (DNS), Network Time Protocol (NTP), and aliases, and to ping a host or trace a route.
108 IP Services Commands NN47250-100 (Version 02 .51) Time and Date set timedate on page 142 set timezone on page 143 set summertime on page 140 show timedate on page 161 show timezone on page 161 sho.
IP Services Commands 109 Nortel WLAN—Security Switch 2300 Series Command Line Reference clear interface Removes an IP interface. Syntax clear interface vlan-id ip Defaults None.
110 IP Services Commands NN47250-100 (Version 02 .51) clear ip alias Removes an alias, which is a string that repres ents an IP address. Syntax clear ip alias name Defaults None. Access Enabled. Examples The following command removes the alia s server1 : WSS# clear ip alias server1 success: change accepted.
IP Services Commands 111 Nortel WLAN—Security Switch 2300 Series Command Line Reference clear ip dns server Removes a DNS server from a WSS configuratio n. Syntax clear ip dns serv er ip-addr Defaults None. Access Enabled. Examples The follow ing command removes DNS serv er 10.
112 IP Services Commands NN47250-100 (Version 02 .51) See Also • set ip route on page 116 • show ip r oute on page 153 clear ip telnet Resets the Telnet server’s TCP port n umber to its default value. A W SS listens for Telnet management tr affic on the Telnet server port.
IP Services Commands 11 3 Nortel WLAN—Security Switch 2300 Series Command Line Reference • set ntp on page 121 • set ntp serv er on page 122 • set ntp update-interval on page 122 • show ntp on page 156 clear ntp update-interval Resets the NTP update interval to the default value.
114 IP Services Commands NN47250-100 (Version 02 .51) See Also • set snmp community on page 123 • show snmp co mmunity on page 15 8 clear snmp notify profile Clears an SNMP not ification profile. Syntax clear snmp notify prof ile pr of ile- name Defaults None.
IP Services Commands 11 5 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also • set snmp notify target on page 131 • show snmp notify target on page 159 clear snmp usm Clears an SNMPv3 user. Syntax clear snmp usm usm-user name Defaults None.
116 IP Services Commands NN47250-100 (Version 02 .51) • show timedate on page 161 • show timezone on page 161 clear system ip-address Clears the syst em IP address.
IP Services Commands 11 7 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also • clear summertime on page 105 • set summertime on page 140 • set timedate on page 142 • set.
118 IP Services Commands NN47250-100 (Version 02 .51) • interval —100 (one tenth of a second) • size —56. Access Enabled. Usage T o stop a ping command that is in progress, press Ctrl+C. A WSS cannot ping itself. WSS Soft ware d oes not support this.
IP Services Commands 11 9 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also • set arp agingtim e on page 109 • show arp on page 144 set arp agingtime Changes the aging timeout for dynamic ARP entries. Syntax set arp agingtime seconds Defaults The default aging tim eout is 1200 seconds.
120 IP Services Commands NN47250-100 (Version 02 .51) Defaults None. Access Enabled. Usage Y ou can assign one IP in terface to each VLAN . If an interface is already configured on the VLAN you specif y, this command replaces the interface.
IP Services Commands 121 Nortel WLAN—Security Switch 2300 Series Command Line Reference WSS Software also has a configura ble DHCP server. (See set interface dhcp-serv er on page 111 .) You can configure a DHCP client and DHCP server on the same VLAN, but only the client or the serv er can be enabled.
122 IP Services Commands NN47250-100 (Version 02 .51) Access Enabled. History Usage By default, a ll addresses e xcept the host address of the VLAN, th e network broadcast address, and the subnet broadcast addr ess are included in the range.
IP Services Commands 123 Nortel WLAN—Security Switch 2300 Series Command Line Reference Defaults IP interfac es are enabled by defaul t. Access Enabled.
124 IP Services Commands NN47250-100 (Version 02 .51) Access Enabled. Examples The follow ing command enables DNS on a WSS: WSS# set ip dn s enable St a r t D N S Cl i e n t See Also • clear ip dns .
IP Services Commands 125 Nortel WLAN—Security Switch 2300 Series Command Line Reference set ip dns server Specifies a DNS server to use for resolv ing hostnames you enter in CLI commands. Syntax set ip dns serv er ip-addr { primary | secondary } Defaults None.
126 IP Services Commands NN47250-100 (Version 02 .51) set ip https server Enables the HT TPS server on a WS S. The HTTPS s erver is required for We b View access t o the switch. Syntax set ip https serv er { enable | disab le } Defaults The HTTPS server is disabled by default.
IP Services Commands 127 Nortel WLAN—Security Switch 2300 Series Command Line Reference Defaults None. Access Enabled. Usage WSS Software can use a st atic route only if a direct route in the route table resolves the static route.
128 IP Services Commands NN47250-100 (Version 02 .51) • clear ip route on page 101 • show interface on page 149 • show ip r oute on page 153 set ip snmp server Enables or disables the SNMP service on the WSS. Syntax set ip snmp server { enable | disable } Defaults The SNMP service is disabled by default.
IP Services Commands 129 Nortel WLAN—Security Switch 2300 Series Command Line Reference Examples The follow ing command changes the SSH port number on a WSS to 6000: WSS# set ip ssh port 6000 success: change accepted.
130 IP Services Commands NN47250-100 (Version 02 .51) set ip telnet Changes the TCP port number on which a WSS listens for Te lnet management traffic .
IP Services Commands 131 Nortel WLAN—Security Switch 2300 Series Command Line Reference Usage The maximum number of T elnet sessions s upported on a WSS is eight. If SSH is also enabled, the switch can have up to eight T elnet or SSH sessions, in an y combination, and one console session.
132 IP Services Commands NN47250-100 (Version 02 .51) set ntp server Configures a WSS t o use an NTP server. Syntax set ntp serv er ip-addr Defaults None.
IP Services Commands 133 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also • clear ntp serv er on page 102 • clear ntp update-interv al on page 103 • set ntp on page 121 • set ntp serv er on page 122 • show ntp on page 156 set snmp community Configures a community string for SNMPv1 or SNMPv2c.
134 IP Services Commands NN47250-100 (Version 02 .51) History Usage SNMP community strings are passed as cle ar te xt in SNMPv1 and SNMPv2c . Nortel recommends that you use strings that cannot easily be guessed by unauthorized users. For example, do not use the well- known string s public and private .
IP Services Commands 135 Nortel WLAN—Security Switch 2300 Series Command Line Reference set snmp notify profile Configures an SNMP notification profile.
136 IP Services Commands NN47250-100 (Version 02 .51) notification-type Name of the notif ication type: • APBootT raps— Generated when an AP boots. • ApNonOperS tatus T raps —Generated to indicate an AP radio is nonoperational. • ApOperRadioS tatusT raps —Generated when the status of an AP radio changes.
IP Services Commands 137 Nortel WLAN—Security Switch 2300 Series Command Line Reference notification-type (cont.) • CounterMeasur eS topT raps— Generated when WSS Software stops counterm easures against a rogue access point.
138 IP Services Commands NN47250-100 (Version 02 .51) Defaults A default notif ication profile (named default ) is already configured in WSS Software. All notifi cations in the defaul t profile are dropped by def ault. Access Enabled. History Introduced in WSS Software V ersion 4.
IP Services Commands 139 Nortel WLAN—Security Switch 2300 Series Command Line Reference The following commands cr eate notification profile snmppr of_rfdetect , and change the action to send for all RF detection notific ation types: WSS# set snmp notify prof ile snmpprof_r fdetect send RFDetectAdhocUserT raps success: change accepted.
140 IP Services Commands NN47250-100 (Version 02 .51) • show snmp notify pr ofile on page 158.
IP Services Commands 141 Nortel WLAN—Security Switch 2300 Series Command Line Reference set snmp notify target Configures a notifi cation target f or notifications from SNMP. A notification targe t is a remote de vice to which W SS Software sends SNMP notif ications.
142 IP Services Commands NN47250-100 (Version 02 .51) SNMPv3 with T raps To configure a notification ta rget for traps from SNMPv3, use the following command: Syntax set snmp notify target tar get-num.
IP Services Commands 143 Nortel WLAN—Security Switch 2300 Series Command Line Reference SNMPv2c with Inf orms To configure a notification ta rget for informs from SNMPv2c , use the following command.
144 IP Services Commands NN47250-100 (Version 02 .51) SNMPv1 with T raps To configure a notification ta rget for traps from SNMPv1, use the following command: Syntax set snmp notify target tar get-num ip-a ddr [: udp-port-nu mber ] v1 community-str ing [ prof i le pr ofile-name ] Defaults The default UDP port number on the tar get is 162.
IP Services Commands 145 Nortel WLAN—Security Switch 2300 Series Command Line Reference • set ip snmp server on page 118 • set snmp community on page 123 • set snmp notify pr of ile on page 12.
146 IP Services Commands NN47250-100 (Version 02 .51) set snmp security Sets the minimum level of securi ty WSS So ftware requires for SN MP message exch anges. Syntax set snmp security { unsecured | authe nticated | encrypted | auth-req-unsec-notify } Defaults By default, WSS Software allo ws nonsecure ( unsecured ) SNMP message exchanges.
IP Services Commands 147 Nortel WLAN—Security Switch 2300 Series Command Line Reference Syntax set snmp usm usm-username snmp-engine-id { ip ip-addr | local | hex hex-string } access { read-only | r.
148 IP Services Commands NN47250-100 (Version 02 .51) access { read-o nly | r ead-notify | notify-only | rea d- wr it e | notify-read-write } Specifies the access level of the user: • rea d -o n ly —An SNMP management application using the string can get (read) obje ct values on the switch but cannot set (write) them.
IP Services Commands 149 Nortel WLAN—Security Switch 2300 Series Command Line Reference Defaults No SNMPv3 users are conf igured by default. Wh en you configure an SNMPv3 user , the default access is re ad -o nl y , and the def ault authentica tio n and encryption types are both none .
150 IP Services Commands NN47250-100 (Version 02 .51) Examples The follo wing command creates USM user snmpmgr1 , associat ed with the local SNMP engine ID. This user can se nd tra ps to notif ication re cei vers. WSS# set snmp usm sn mpmgr1 snmp-engine- id local success: change accepted.
IP Services Commands 151 Nortel WLAN—Security Switch 2300 Series Command Line Reference Defaults If you do not specify a start and end time, th e system implements the time change starting at 2:00 a.m. on the first Sunday in April and ending at 2:00 a.
152 IP Services Commands NN47250-100 (Version 02 .51) Access Enabled. Usage Y ou must use an address that is co nfigured on one o f the WSS’ s VLANs.
IP Services Commands 153 Nortel WLAN—Security Switch 2300 Series Command Line Reference • clear timezone on page 106 • set summertime on page 140 • set timezone on page 143 • show summertime.
154 IP Services Commands NN47250-100 (Version 02 .51) show arp Displays the ARP table. Syntax show arp [ ip-addr ] Defaults If you do not specify an IP address, the whole ARP table is displayed.
IP Services Commands 155 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also • set arp on page 108 • set arp agingtim e on page 109 show dhcp-client Displays DHCP client in formation for all VLANs. Syntax show dhcp-client Defaults None.
156 IP Services Commands NN47250-100 (Version 02 .51) Examples The follow ing command displa ys DHCP client information: WSS# show dhcp-client Interface: corpvlan(4) Configuration Status: Enabled DHCP S tate: IF_UP Lease Allocation: 65535 seconds Lease Remaining: 65532 seconds IP Address: 10.
IP Services Commands 157 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also set interface dhcp-client on page 1 10 show dhcp-server Displays WSS Software DHCP server information. Syntax show dhcp-serv er [ interface vlan-id ] [ verbose ] Defaults None.
158 IP Services Commands NN47250-100 (Version 02 .51) T able 3.Output f or show dhcp-ser ver Field Description VLAN VLAN number . Name VLAN name. Address IP address leased by the server . MA C Address MA C address of the device that holds the lease for the address.
IP Services Commands 159 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also set interface dhcp-server on page 1 1 1 show interface Displays the IP interface s configured on the WSS. Syntax show interface [ vlan-id ] Defaults If you do not specify a VLAN ID, interf aces for all VLANs are displayed.
160 IP Services Commands NN47250-100 (Version 02 .51) See Also • clear interface on page 99 • set interface on page 109 • set interface status on page 112 show ip alias Displays the IP aliase s configured on the WSS. Syntax show ip alias [ name ] Defaults If you do not specify an alias na me, all aliases are displayed.
IP Services Commands 161 Nortel WLAN—Security Switch 2300 Series Command Line Reference Table 22 describes the fields in this display. See Also • clear ip alias on page 100 • set ip alias on page 113 show ip dns Displays the DNS servers the WSS is configured to use.
162 IP Services Commands NN47250-100 (Version 02 .51) See Also • clear ip dns domain on page 100 • clear ip dns server on page 101 • set ip dns on pa ge 113 • set ip dns domain on page 114 • set ip dns serv er on page 115 show ip https Displays information about the HTTPS management port.
IP Services Commands 163 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also • clear ip telnet on page 1 02 • set ip https server on page 116 • set ip telnet on page 120 • set ip telnet server on page 120 • show ip telnet on page 1 55 show ip route Displays the IP route table.
164 IP Services Commands NN47250-100 (Version 02 .51) Usage When you add an IP interface to a VLAN that is up, WSS Software adds direct and local routes for the interface to the route table. If the VLAN is do wn, WSS So ftware does not add the routes.
IP Services Commands 165 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also • clear ip route on page 101 • set interface on page 109 • set ip route on page 116 • show interface on page 149 • show vlan config on page 89 show ip telnet Displays information about the Telnet management port.
166 IP Services Commands NN47250-100 (Version 02 .51) See Also • clear ip telnet on page 1 02 • set ip https server on page 116 • set ip telnet on page 120 • set ip telnet server on page 120 • show ip https on page 152 show ntp Displays NTP client infor mation.
IP Services Commands 167 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also • clear ntp serv er on page 102 • clear summertime on page 105 • clear timezone on page 106 • set ntp on page 121 T able 11: Output for sho w ntp Field Description NTP client State of the NTP clie nt.
168 IP Services Commands NN47250-100 (Version 02 .51) • set ntp serv er on page 122 • set summertime on page 140 • set timezone on page 143 • show timezone on page 161 show snmp community Displays the configured SNMP community strings. Syntax show snmp community Defaults None.
IP Services Commands 169 Nortel WLAN—Security Switch 2300 Series Command Line Reference show snmp notify target Displays SNMP notification targets. Syntax show snmp notify target Defaults None. Access Enabled. History Introduced in WSS Software V ersion 4.
170 IP Services Commands NN47250-100 (Version 02 .51) show snmp usm Displays information about SNMPv3 users. Defaults None. Access Enabled. History Introduced in WSS Software V ersion 4.0. See Also • clear snmp usm on page 105 • show snmp usm on page 160 show summertime Shows a WSS’s offset from its real-time clock.
IP Services Commands 171 Nortel WLAN—Security Switch 2300 Series Command Line Reference show timedate Shows the date and time of day curre ntly set on a WSS’s real-time clock.
172 IP Services Commands NN47250-100 (Version 02 .51) telnet Opens a Telnet client sess ion with a remote device. Syntax telnet { ip-addr | hostname } [ port port-num ] Defaults WSS Software att empts to estab lish T eln et connections with TCP port 23 by default.
IP Services Commands 173 Nortel WLAN—Security Switch 2300 Series Command Line Reference When the administrator presses Ctrl+t to end the Telnet connection, the management session returns to the local WSS prompt: WSS-remote> Session 0 pty tty2. d terminated tt name tty2.
174 IP Services Commands NN47250-100 (Version 02 .51) WSS # traceroute serv er1 traceroute to server1.example.com (192. 168.22.7), 30 hops max, 38 byte packets 1 engineering-1.example.com ( 192.168.192.206) 2 ms 1 ms 1 ms 2 engineering-2.example.com ( 192.
175 Nortel WLAN—Security Switch 2300 Series Command Line Reference AAA Commands Use authentication, authoriz ation, and accounting (AAA) commands to provide a secure network connection and a record of user activity.
176 AAA Commands NN47250-100 (Version 02 .51) clear accounting Removes accounting services for spec ified wireless users with administ rative access or network access.
AAA Commands 177 Nortel WLAN—Security Switch 2300 Series Command Line Reference Defaults None. Access Enabled. History Examples The follow ing command removes acco unting se rvices for authorized n etwork user Nin: WSS# clear accounting dot1x Nin success: change accepted.
178 AAA Commands NN47250-100 (Version 02 .51) Access Enabled. Examples The following command clears auth enticati on for administrator Jose: WSS# clear authentication admin Jose success: change accepted.
AAA Commands 179 Nortel WLAN—Security Switch 2300 Series Command Line Reference success: change accepted. See Also • clear authentication admin on page 167 • clear authentication dot1x on page 1.
180 AAA Commands NN47250-100 (Version 02 .51) clear authentication mac Removes a MAC authentication rule. Syntax clear authentication mac { ssid ssid-name | wired } mac-addr -wildcar d Defaults None.
AAA Commands 181 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also • set authentication proxy on page 190 • show aaa on page 210 clear authentication web Removes a Web-based AAA rule. Syntax clear authentication web { ssid ssid-name | wir ed } user -wildcar d Defaults None.
182 AAA Commands NN47250-100 (Version 02 .51) Usage T o determine the index numbers of location policy r ules, use t he sho w location p olicy command.
AAA Commands 183 Nortel WLAN—Security Switch 2300 Series Command Line Reference Syntax clear mac-user mac-addr attr attribute-name Defaults None. Access Enabled.
184 AAA Commands NN47250-100 (Version 02 .51) clear mac-usergroup Removes a user group from the loca l database on the WSS, for a group of users who are authenticated by a MAC address. (To delete a MAC user group in RADIUS, se e the documentation for your RADIUS server.
AAA Commands 185 Nortel WLAN—Security Switch 2300 Series Command Line Reference WSS# clear mac-usergr oup eastc oasters attr vlan-name success: change accepted. See Also • clear mac-usergr oup on page 174 • set mac-usergr oup attr on page 203 • show aaa on page 210 clear mobility-profile Removes a Mobility Profile entirely.
186 AAA Commands NN47250-100 (Version 02 .51) Examples The follo wing command dele tes th e user prof ile for user Nin: WSS# clear user Nin success: change accepted.
AAA Commands 187 Nortel WLAN—Security Switch 2300 Series Command Line Reference clear user group Removes a user with a password from membersh ip in a user group in the local database on the WSS. (To remove a user from a user group in RADIUS , see the documentation for your RADIUS server.
188 AAA Commands NN47250-100 (Version 02 .51) • set usergr oup on page 208 • show aaa on page 210 clear usergroup attr Removes an authorization attribute from a us er group in the local database on the WSS. (To remove an authorization attribute in RADI US, see the documentation for your RADIUS server.
AAA Commands 189 Nortel WLAN—Security Switch 2300 Series Command Line Reference Defaults Accounting is disabled for all users by default. Access Enabled. Usage For netw ork users with start-st op accounting whose records are se nt to a RADIUS serv er , WSS Software sends interim updates to the RADIUS server when the user roams.
190 AAA Commands NN47250-100 (Version 02 .51) Syntax set accounting { dot1x | mac | web | last-resort } { ssid ssid-n ame | wired } { user - wildcar d | mac-addr -wildcar d } { start-stop | stop-only } method1 [ metho d2 ] [ method3 ] [ method4 ] Defaults Accounting is disabled for all users by default.
AAA Commands 191 Nortel WLAN—Security Switch 2300 Series Command Line Reference Usage For netw ork users with start- stop accounting whose records ar e sent to a RADIUS server , WSS Software sends interim updates to the RADIUS server when the user roams.
192 AAA Commands NN47250-100 (Version 02 .51) See Also • clear accounting on page 166 • show accounting statistics on page 212 set authentication admin Configures authenticat ion and defines where it is perfo rmed for specifie d users wi th a dministrative ac cess through Telnet or Web View.
AAA Commands 193 Nortel WLAN—Security Switch 2300 Series Command Line Reference Defaults By default, aut hentication is dea cti v ated for all admin users. The def ault authentica tion method in an admin authe ntication rule is local . WSS Software checks the loca l WSS database for authenticati on.
194 AAA Commands NN47250-100 (Version 02 .51) Syntax set authentication console user- wildcar d method1 [ metho d2 ] [ method3 ] [ method4 ] Defaults By default, authentica tion is deacti vated for all console users, and the default authentication method in a cons ole authentication rule is none .
AAA Commands 195 Nortel WLAN—Security Switch 2300 Series Command Line Reference Access Enabled.. Usage Y ou can configure different auth en tication methods for dif ferent groups o f users. (For details, see “User W ildcards, MA C Address W ildca rds, and VLAN W ildcards” on page 12 .
196 AAA Commands NN47250-100 (Version 02 .51) user-wildcar d A single user or a set of users with 802.1X netw ork access. Specify a username, use the double-asterisk wildcard character (**) to specify.
AAA Commands 197 Nortel WLAN—Security Switch 2300 Series Command Line Reference pr otocol Protocol used for authentication. Specify one of the follo wing: • eap-md5 —Extensible Authentication Pr otocol (EAP) with message-digest algorithm 5.
198 AAA Commands NN47250-100 (Version 02 .51) Defaults By default, auth entication is unconfigur ed for all clients with network access through AP ports or wired authentication ports on the WSS. Connection, authorization, and accounting are also disabled for these users.
AAA Commands 199 Nortel WLAN—Security Switch 2300 Series Command Line Reference • set service-pr of ile auth-fallthru on page 308 • show aaa on page 210 set authentication last-resort Deprecated in WSS Software Version 5.0. The last-r esort user is not required or supported in WSS Software Version 5.
200 AAA Commands NN47250-100 (Version 02 .51) Usage Y ou can configure different au thentication methods for dif fer ent groups of MA C addresses by “wildcarding. ” (For details, see “User W ildcards, MA C Address W i ldcards, and VLAN W ildcards” on page 12 .
AAA Commands 201 Nortel WLAN—Security Switch 2300 Series Command Line Reference Defaults None. Access Enabled. History Introduced in WSS Software 4.0.
202 AAA Commands NN47250-100 (Version 02 .51) Defaults By default, auth entication is unconfigur ed for all clients with network access through AP ports or wired authentication ports on the WSS. Connection, authorization, and accounting are also disabled for these users.
AAA Commands 203 Nortel WLAN—Security Switch 2300 Series Command Line Reference • set authentication admin on page 182 • set authentication console on page 183 • set authentication dot1x on page 185 • show aaa on page 210 set location policy Creates and enables a location policy on a WSS.
204 AAA Commands NN47250-100 (Version 02 .51) Defaults By default, users are per mitted VLAN access and assign ed security A CLs according to the VLAN-Name and Filter-Id attributes applied to the users during norma l authentic ation and authori zation.
AAA Commands 205 Nortel WLAN—Security Switch 2300 Series Command Line Reference •U s e inacl inacl-name to fil ter traf f ic that enters the switc h from users via an AP access port or wired authentication port, or from the network via a network port.
206 AAA Commands NN47250-100 (Version 02 .51) Syntax set mac-user mac-addr [ group gr oup-name ] Defaults None. Access Enabled. Usage WSS Software does not require MA C users to belong to user groups. Users authenticated by MAC address can be authenticate d only for network access thr ough the WSS.
AAA Commands 207 Nortel WLAN—Security Switch 2300 Series Command Line Reference set mac-user attr Assigns an authorization attribute in th e local database on the WSS to a user w ho is authenticated by a MAC address. (To assign authorization at tributes through RADIUS, see the do cumentation for your RADIUS server.
208 AAA Commands NN47250-100 (Version 02 .51) T able 1: A uthentication Attributes f or Local Users Attribute Description Valid Value(s) encryption-type T ype of encryption required for access by the client. Clients who attempt to use an unauthorized encryption method are rejected.
AAA Commands 209 Nortel WLAN—Security Switch 2300 Series Command Line Reference fi lt e r-i d (network access mode only) Security access control li st (A CL), to permit or deny traff ic recei ved (input) or sent (output) by the WSS. (For more information about security A CLs, see “Security A CL Commands” on page 449 .
210 AAA Commands NN47250-100 (Version 02 .51) service-type T ype of access the user is requesting. One of the following numbers: • 2 —Framed; for network user access • 6 —Administrative; for administrative access to the WSS, with authorization to access the enabled (configuration) mode.
AAA Commands 21 1 Nortel WLAN—Security Switch 2300 Series Command Line Reference time-of-day (network access mode only) Day(s) and time(s) during which the user is permitted to log into the networ k.
212 AAA Commands NN47250-100 (Version 02 .51) Examples The following command assigns i nput access cont rol list (A CL) acl-03 to filt er the packets from a user at MA C address 01:02:03:04:05:06: WSS# set mac-us er 01:02:03:04: 05:06 attr f il ter -id acl -03.
AAA Commands 213 Nortel WLAN—Security Switch 2300 Series Command Line Reference The following command restri cts a user at MAC address 06:05:04:03:02:01 to networ k access between 7 p.
214 AAA Commands NN47250-100 (Version 02 .51) • show aaa on page 210 set mobility-profile Creates a Mobility Pr ofile and specifies the AP and/ or wired authentication ports on the WSS through which any user assigned to the pr ofile is allowed ac cess.
AAA Commands 215 Nortel WLAN—Security Switch 2300 Series Command Line Reference Examples The follow ing commands crea te the Mobility Prof ile ma gnolia , which restricts user ac cess to port 12; enable the Mobility Prof ile feature on the WSS; and as sign the magnolia Mobility Prof ile to user Jos e .
216 AAA Commands NN47250-100 (Version 02 .51) See Also • clear mobility-prof ile on page 175 • set mobility-pro file on page 204 • show mobility-prof ile on page 215 set user Configures a user profile in the local data base on the WSS for a user with a password.
AAA Commands 217 Nortel WLAN—Security Switch 2300 Series Command Line Reference The following command cha nges Nin’s password from goody to 29J an04: WSS# set user Nin passw ord 29Jan0 4 See Also .
218 AAA Commands NN47250-100 (Version 02 .51) See Also • clear user attr on page 176 • show aaa on page 210 set user group Adds a user to a user group. The user must have a passw ord and a profile that exists in the local database on the WSS. (To configure a user in RADIUS, see the documentation for your RADIUS server.
AAA Commands 219 Nortel WLAN—Security Switch 2300 Series Command Line Reference Syntax set usergr oup gr oup-na me attr attribute-name value Defaults None. Access Enabled. Usage T o change the value of an attribute, enter set usergr oup attr with the new v alue.
220 AAA Commands NN47250-100 (Version 02 .51) History Usage This command disables or reenables support fo r W eb-based AAA. Ho we ver , W eb-based AAA has additional configuration requirements. F or information, see the “Configuring AAA fo r Netw ork Users” chapter in the Nortel WLAN Security Switch 2300 Series C onfigur ation Guide .
AAA Commands 221 Nortel WLAN—Security Switch 2300 Series Command Line Reference sg3: rs-5 W eb Portal: enabled set authentication admin Jose sg3 set authentication console * none set authentication .
222 AAA Commands NN47250-100 (Version 02 .51) See Also • set accounting {admin | console} on page 178 • set authentication admin on page 182 • set authentication console on page 183 • set auth.
AAA Commands 223 Nortel WLAN—Security Switch 2300 Series Command Line Reference Syntax show accounting statistics Defaults None. Access Enabled. History Examples T o display the locally st ored acco.
224 AAA Commands NN47250-100 (Version 02 .51) See Also • clear accounting on page 166 • set accounting {admin | console} on page 178 • show aaa on page 210 T able 3: show accounting statistics Output Field Description Date and time Date and time of the acco unting record.
AAA Commands 225 Nortel WLAN—Security Switch 2300 Series Command Line Reference show location policy Displays the list of locati on policy rules that make up the location policy on a WSS.
226 AAA Commands NN47250-100 (Version 02 .51).
227 Nortel WLAN—Security Switch 2300 Series Command Line Reference Mobility Domain Commands Use Mobility Domain commands to confi gure and manage Mobility Domain groups. A Mobility Domain is a system of WSSs and APs working together to sup port a ro aming user (client) .
228 Mobility Domain Commands NN47250-100 (Version 02 .51) clear mobility-domain Clears all Mobility Domain con figurat ion and information from a WSS, regardle ss of whether the WSS is a seed or a member of a Mobility Domain. Syntax clear mobility-domain Defaults None.
Mobility Domain Commands 229 Nortel WLAN—Security Switch 2300 Series Command Line Reference Syntax set domain security { none | req ui re d } Defaults The defau lt is none . ( WSS - WSS security is disabled.) Access Enabled. History Introduced in WSS Software 5.
230 Mobility Domain Commands NN47250-100 (Version 02 .51) success: change accepted. WSS# set mobility-domain member 192.168.1.10 success: change accepted. See Also • clear mobility-domain member on page 218 • show mobility-domain conf ig on page 222 set mobility-domain mode member seed-ip On a nonseed WSS, sets the IP address of the seed WSS.
Mobility Domain Commands 231 Nortel WLAN—Security Switch 2300 Series Command Line Reference Syntax set mobility-domain mode member secondary-seed-ip secondary-seed-ip-addr Defaults None. Access Enabled. History Introduced in WSS Software V ersion 6.
232 Mobility Domain Commands NN47250-100 (Version 02 .51) set mobility-domain mode secondary-seed domain- name seed-ip Creates a Mobility Domain by setting th e current WSS as the secondary seed device and naming th e Mobility Domain. Syntax set mobility-domain mode se condary-seed domain-name domain-name seed-ip seed- ip Defaults None.
Mobility Domain Commands 233 Nortel WLAN—Security Switch 2300 Series Command Line Reference Syntax show mobility-domain Defaults None. Access Enabled.
234 Mobility Domain Commands NN47250-100 (Version 02 .51).
235 Nortel WLAN—Security Switch 2300 Series Command Line Reference Netw ork Domain Commands Use Network Domain commands to confi gure and manage Network Domain groups. A Network Domain is a group of geographically dispersed Mo bility Domains that share information among themselves over a WAN link.
236 Network Do main Commands NN47250-100 (Version 02 .51) See Also • set network-domain mode member seed-ip on page 227 • set network-domain peer on page 228 • set network-domain mode se ed domain-name on page 229 clear network-domain mode Removes the Network Domain seed or member configurat ion from the WSS.
Network Domain Commands 237 Nortel WLAN—Security Switch 2300 Series Command Line Reference Defaults None. Access Enabled. History Introduced in WSS Software 4.1. Usage This command has no ef fect if the WSS is no t configured as a Network Domain seed.
238 Network Do main Commands NN47250-100 (Version 02 .51) Syntax set network-domain mo de member seed-ip ip-ad dr [ aff init y num ] Defaults The default af finity for a Network Domain see d is 5. Access Enabled. History Introduced in WSS Software 4.1.
Network Domain Commands 239 Nortel WLAN—Security Switch 2300 Series Command Line Reference History Introduced in WSS Software 4.1. Usage This command must be entered on a WSS c onfigured as a Netw ork Domain seed. Examples The follow ing command sets the WSS with IP ad dress 192.
240 Network Do main Commands NN47250-100 (Version 02 .51) Syntax show network- domain Defaults None. Access Enabled. History Introduced in WSS Software 4.1. Examples T o display Network Domain status, type the follo wing command. The output of th e command differs based on whether the WSS is a member of a Network Domain or a Netw ork Domain seed.
Network Domain Commands 241 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also • clear network-domain on page 225 • set network-domain mode member seed-ip on page 227 • se.
242 Network Do main Commands NN47250-100 (Version 02 .51).
243 Nortel WLAN—Security Switch 2300 Series Command Line Reference AP Commands Use AP commands to configure and ma nage APs. Be s ure to do t he fo llowing before using the commands: • Define the country-specific IEEE 802.11 re gulations on the WSS.
244 AP Commands NN47250-100 (Version 02 .51) AP-WSS security set ap fingerprint on page 257 set ap security on page 274 Static IP Address Assignment for A P s set ap boot-config uration ip on page 251.
AP Commands 245 Nortel WLAN—Security Switch 2300 Series Command Line Reference set service-prof ile ci pher-wep104 on page 314 set servic e-prof ile ci pher -wep40 on page 315 set service-pr of ile .
246 AP Commands NN47250-100 (Version 02 .51) set radio-prof ile rate-enf or cement on page 295 T ransmission retri es set s ervice-p r of ile long-r etry-count on page 319 set service-pr of ile shor t.
AP Commands 247 Nortel WLAN—Security Switch 2300 Series Command Line Reference clear ap image Clears an AirDefense sens or software image file from an AP’s configuration .
248 AP Commands NN47250-100 (Version 02 .51) History Usage Use this command to configur e an AP that had been con verted to an AirDefense sensor to re vert b ack to an AP . to load the softw are. Whe n you do this, the next time the AP is booted, it becomes a Nortel Mobility Poi nt.
AP Commands 249 Nortel WLAN—Security Switch 2300 Series Command Line Reference • set ap local-switching vlan-pr of ile on page 260 • set vlan-prof ile clear ap radio Disables an AP radio and resets it to its factory default settings.
250 AP Commands NN47250-100 (Version 02 .51) Access Enabled History Usage When you clear a radio, WSS Software performs the following actions: • Clears the transmit power , channel, and external antenna setting from the radio. • Removes the radio from its radio profile and places the radio in the default radio profile.
AP Commands 251 Nortel WLAN—Security Switch 2300 Series Command Line Reference clear ap boot-configuration Removes the st atic IP address configuratio n for a AP. Syntax clear ap boot-configuration ap-num Defaults None. Access Enabled. History Introduced in WSS Software 4.
252 AP Commands NN47250-100 (Version 02 .51) Examples The follow ing command clears radio 1 on AP 7 from the load balancing group to which it had been assigned: WSS# clear ap 7 radio 1 load-balancing group success : change accepted.
AP Commands 253 Nortel WLAN—Security Switch 2300 Series Command Line Reference History Usage If you specify a parameter , the settin g for the parameter is reset to its default v alue. The settings of the other parameters are unchanged and the radio prof il e remains in the conf iguration.
254 AP Commands NN47250-100 (Version 02 .51) Defaults None. Access Enabled. History Usage If the service profile is mapped to a radio profile, you must remov e it from the radio prof ile first. (After disabling all radios that use the radio prof ile, use the clear radio-prof ile name service- prof ile name command.
AP Commands 255 Nortel WLAN—Security Switch 2300 Series Command Line Reference reset ap Restarts an AP. Syntax res e t { ap port-list | ap ap-num } Defaults None. Access Enabled. Usage When you enter this command, the AP drops all sessions and reboots.
256 AP Commands NN47250-100 (Version 02 .51) Usage T able 35 lists the configurable pr of ile parameters and their defaults. The only parameter that requires configuration is the prof ile mode. The profile is disabl ed by default. T o use the profile to configure APs, you must en able the profile u sing the set ap auto mode enable command.
AP Commands 257 Nortel WLAN—Security Switch 2300 Series Command Line Reference • set ap radio auto-tune max-power on page 265 • set ap radio mode on page 270 • set ap radio radio-pr of ile on page 271 • set ap upgrade-f irmware on page 275 set ap auto mode Enables a WSS’s profile for automatic AP configuration.
258 AP Commands NN47250-100 (Version 02 .51) Syntax set ap auto persistent [ ap-num | all ] Defaults None. Access Enabled. History Introduced in WSS Software 4.0. Option dap remov ed in 6.0. Usage T o display the AP numbers assigned to Auto-APs, use the show ap status auto command.
AP Commands 259 Nortel WLAN—Security Switch 2300 Series Command Line Reference History Usage If you set the radiotype to 11a and the AP configuration profile is used to conf igure a two-radio AP model, radio 1 is configured as an 802.11b/g radio and radio 2 is configured as the 80 2.
260 AP Commands NN47250-100 (Version 02 .51) Usage High bias is preferred ov er lo w bias . Bias applies only to WSSs that ar e indirectly attache d to the AP through an intermediate Layer 2 or Laye r 3 network. An AP al ways attempts to boot on AP port 1 first, and if a WSS is directly attached on AP port 1, the AP alw ays boots from it.
AP Commands 261 Nortel WLAN—Security Switch 2300 Series Command Line Reference Usage Changing the LED blink mode does no t alter operation of the AP. Onl y the behavi or of the LEDs is affected. Examples The follow ing command enables LED blink mode on the AP connected to ports 3 and 4: WSS# set ap 3-4 blink enable success: change accepted.
262 AP Commands NN47250-100 (Version 02 .51) • show ap boot-conf iguration on page 370 set ap boot-configuration mesh mode Enables WLAN mesh services on the AP. Syntax set ap ap-number boot-configuration mesh mode {enable | disable} Defaults Disabled.
AP Commands 263 Nortel WLAN—Security Switch 2300 Series Command Line Reference Usage Use this command to conf igure the preshared ke y that a Mesh AP uses to a uthenticate to a Mesh Portal AP .
264 AP Commands NN47250-100 (Version 02 .51) Examples The follo wing command conf igures AP7 to use a ra w PSK to authenticate with a Mesh Por tal AP: WSS# set ap 7 boot-configuration mesh psk-raw c25d3fe4483e867d1df96eaacdf8b 024 51fa0836162e758100f5 f6b87965e59d success: change accepted.
AP Commands 265 Nortel WLAN—Security Switch 2300 Series Command Line Reference • set ap boot-conf iguration m esh mode on page 252 • set service-pr of ile mesh on page 320 • show ap mesh-links on page 357 set ap boot-configuration switch Specifies the WSS a AP contacts and attempts to use as its boot device.
266 AP Commands NN47250-100 (Version 02 .51) See Also • clear ap boot-configuration on page 241 • set ap boot-conf iguration ip on page 251 • set ap boot-conf igura tion vlan on page 256 • show ap boot-conf iguration on page 370 set ap boot-configuration vlan Specifies 802.
AP Commands 267 Nortel WLAN—Security Switch 2300 Series Command Line Reference set ap fingerprint Verifies an AP’s fingerprint on a WSS. If AP-WSS security is required by a WSS, an AP can es tablish a management session with the switch only if you have verified the AP’s identity by verifying its fingerprint on the switch.
268 AP Commands NN47250-100 (Version 02 .51) Defaults Forced image do wnload is disabled by default. Access Enabled. History Introduced in WSS Software 5.0. Optional dap removed 6.0 . Usage A change to the forced image d ownload option ta k es place the next time the AP is restarted.
AP Commands 269 Nortel WLAN—Security Switch 2300 Series Command Line Reference History Usage Y ou can assign any subset or all of the APs connected to a WSS to a group on that switch.
270 AP Commands NN47250-100 (Version 02 .51) Examples The follow ing command causes AP 1 to load the adcon vert.bin f ile, then reboot as an AirDefense sensor: WSS# set ap 1 image adconvert.bin This will change the file a AP will boot. W ould you like to continue? (y/n) [n] y set ap local-switching mode Enables local switching for a spec ified AP.
AP Commands 271 Nortel WLAN—Security Switch 2300 Series Command Line Reference Syntax set ap ap-number local-swit ching vlan-profile pr ofile-name Defaults If local switching is enabled on an AP , but no VL AN prof ile is configured, then a defa ult VLAN profile is used.
272 AP Commands NN47250-100 (Version 02 .51) History Examples The follo wing command changes the name of the AP on port 1 to techpubs : WSS# set ap 1 name tech pubs success: change accepted. See Also show ap config on page 344 set ap radio antenna-location Specifies the location (indoors or outdoors) of an external antenna.
AP Commands 273 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also set ap radio antennatype on page 263 set ap radio antenn atype Sets the model number for the antenna to be used.
274 AP Commands NN47250-100 (Version 02 .51) ap port-list List of ports connected to the APs on which to set the channel. ap ap-num Number of a AP on which to set the channel. radio 1 Radio 1 of the AP. radio 2 Radio 2 of the AP. (This option does not apply to single-radio models.
AP Commands 275 Nortel WLAN—Security Switch 2300 Series Command Line Reference Defaults All radios use the internal anten na by default, if the AP model has an internal antenna. Access Enabled. History Usage This command applies only to th e 802.1 1b/g radio on model 2330.
276 AP Commands NN47250-100 (Version 02 .51) Syntax set { ap port-list | auto }} radio { 1 | 2 } auto-tune max-po wer power -level Defaults The default ma ximum po wer setting that RF Auto-T uning can set on a radio is the highest setting allowed for the country of op eratio n or highest setting supported on the hardw are, whichev er is lo wer .
AP Commands 277 Nortel WLAN—Security Switch 2300 Series Command Line Reference set ap radio channel Sets an AP radio’s channel. Syntax set { ap port-list | ap ap-num } radio { 1 | 2 } channel channel-number Defaults The default channel depends on the radio ty pe: • The default channel number for 802.
278 AP Commands NN47250-100 (Version 02 .51) set ap radio min-tx-datarate To specify the mini mum rate at which a radi o is allowed to transm it traffic to cl ients, see Deprecated in WSS Software V ersion 5.
AP Commands 279 Nortel WLAN—Security Switch 2300 Series Command Line Reference Syntax set ap ap-num radio { 1 | 2 } load-balancing { enable | disable } Defaults RF load balancing is enabled by default for all AP radios. Access Enabled. History Introduced in WSS Software V ersion 6.
280 AP Commands NN47250-100 (Version 02 .51) Defaults By default, AP radios are not pa rt of an RF load balancing group. Access Enabled. History Introduced in WSS Software V ersion 6.0. Usage Assigning radios to specif ic load balanc ing groups is optional.
AP Commands 281 Nortel WLAN—Security Switch 2300 Series Command Line Reference Access Enabled. History Usage T o enable or disable one or more radios to which a prof ile is assigned, use the set ap radio radio- prof ile command. T o enable or disable all radios that use a specif ic radio prof ile, use the set radio-prof ile command.
282 AP Commands NN47250-100 (Version 02 .51) Access Enabled. History Usage When you create a ne w prof ile, the radio parameters in the prof ile are set to their factory default val u e s . To enable or disable all radios th at use a specific radio pro file, use set radio-pr of ile .
AP Commands 283 Nortel WLAN—Security Switch 2300 Series Command Line Reference Access Enabled. Usage Y ou also can configure a radio’ s cha nnel on the same command line. Use the channel option. This command is not valid if dynamic pow er tuning (RF Auto-Tuning) is en abled.
284 AP Commands NN47250-100 (Version 02 .51) set ap security Sets security requirements for management sessions be tween a WSS and its APs. This feature applies to APs only, not to directly connected APs configured on AP access ports. Syntax set ap security { requ i re | optional | none } Defaults The default sett ing is optional .
AP Commands 285 Nortel WLAN—Security Switch 2300 Series Command Line Reference set ap sticky-bit This command is deprec ated in WSS Software Version 4.0. WSS assignment is alwa ys sticky. If an AP fails over to another WSS connection, the AP stays on that connection until the c onnection goes down or the WSS or AP is restarted.
286 AP Commands NN47250-100 (Version 02 .51) Syntax set band-prefer ence {none | 11bg | 11a} Defaults By default, clients are not steered to sp ecif ic AP radios for RF load balancing. Access Enabled. History Introduced in WSS Software V ersion 6.0. Usage Use this command to steer cl ients that support both the 802.
AP Commands 287 Nortel WLAN—Security Switch 2300 Series Command Line Reference History Introduced in WSS V ersion 6.0. Usage By default, RF lo ad balancing is enabled on all AP radios. Us e this command to disable or re-enable RF load balancing globally for all AP radios managed by the WSS switch.
288 AP Commands NN47250-100 (Version 02 .51) across the AP radios in the load-balancing group. When low st rictness is specif ied (t he def ault), WSS Software makes hea vily lo aded AP radios le ss v.
AP Commands 289 Nortel WLAN—Security Switch 2300 Series Command Line Reference Usage Y ou can enter this command on any WSS in the Mobility Doma in. The command tak es ef fect only on that switch.
290 AP Commands NN47250-100 (Version 02 .51) Even when RF Auto-Tuning for channels is enabled, WSS Software does not chan ge the channel on radios that have active client sessi ons, unless you use the no-client option. RF Auto-Tuning of channels on 802.
AP Commands 291 Nortel WLAN—Security Switch 2300 Series Command Line Reference • set radio-prof ile aut o-tune channel-interval on pag e 281 • set radio-prof ile aut o-tune ch annel-lockdown on .
292 AP Commands NN47250-100 (Version 02 .51) set radio-profile auto-tune channel-lockdown Locks down the current channel settings on all radios in a radio profile. The channel se tti ngs that are in effect when the command is entered ar e changed into statica lly configured channel assi gnments on the radios.
AP Commands 293 Nortel WLAN—Security Switch 2300 Series Command Line Reference Syntax set radio-pr of ile name auto-tune power -conf ig { enable | disable } Defaults Dynamic power assignment is disabled by def ault. Access Enabled. History Introduced in WSS Software V e rsion 3.
294 AP Commands NN47250-100 (Version 02 .51) History Introduced in WSS Software V e rsion 3.0. Examples The follow ing command sets the power in terv al for radios in radio prof ile rp2 to 240 seconds: WSS# set radio-prof ile rp2 auto-tune po wer -interval 240 success: change accepted.
AP Commands 295 Nortel WLAN—Security Switch 2300 Series Command Line Reference set radio-profile auto-tune power-ramp-interval Changes the interval at which power is in creased or dec reased, in 1 dBm incremen ts, on radios in a radio profile until the optimum power level calculated by RF Auto-Tuning is reached.
296 AP Commands NN47250-100 (Version 02 .51) Examples The follow ing command changes the beacon interval for radio prof ile rp1 to 200 ms: WSS# set radio-prof ile rp1 beacon-interval 200 success: change accepted.
AP Commands 297 Nortel WLAN—Security Switch 2300 Series Command Line Reference set radio-profile countermeasures Enables or disables countermeasur es on the AP radios managed by a radio profile. Countermeasu res are packets sent by a radio to prevent clients from being able to use rogue access points.
298 AP Commands NN47250-100 (Version 02 .51) The following command disables c ountermeasures in radio profile radp rof3 : WSS# clear radio-prof ile ra dpr of3 countermeasur es success: change accepted.
AP Commands 299 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also • set radio-prof ile mode on page 291 • show radio-pr ofile on page 376 set radio-profile frag-threshold Changes the fragmentation th reshold for the AP radios in a radio pr ofile.
300 AP Commands NN47250-100 (Version 02 .51) set radio-profile long-retry Deprecated in WSS Software Ver sion 4.1. In 4.1, this parameter is associated with service profiles instead of radio profiles. See set service-prof ile long-r etry-count on page 319 .
AP Commands 301 Nortel WLAN—Security Switch 2300 Series Command Line Reference Defaults The default maximum transmit threshold for AP radios is 20 00 ms (2 seconds). Access Enabled. Usage Y ou must disable all radios that are using a radio profile before you can change parameters in the prof ile.
302 AP Commands NN47250-100 (Version 02 .51) Access Enabled. countermeasur es Not configur ed Does not issu e countermeasures against any d evice. dtim-interval 1 Sends the deli v ery traf fic indication map (DTIM) after ev ery beacon.
AP Commands 303 Nortel WLAN—Security Switch 2300 Series Command Line Reference History Usage Use the command without any optional par ameters to create new prof ile. If th e radio prof ile does not already ex ist, WSS Soft ware crea tes a ne w radio prof ile.
304 AP Commands NN47250-100 (Version 02 .51) set radio-profile preamble-length Changes the preamble length for wh ich an 802.11b/g AP radio advertises sup port. This command does not apply to 802.11a. Syntax set radio-pr of ile nam e pr eamble-l ength { long | short } Defaults The defau lt is short .
AP Commands 305 Nortel WLAN—Security Switch 2300 Series Command Line Reference set radio-profile qos-mode Sets the prioritization mod e for forwarding queu es on AP radios manage d by the radio profile. Syntax set radio-pr of ile nam e qos-mode { svp | wmm } Defaults The defau lt QoS mode is wmm .
306 AP Commands NN47250-100 (Version 02 .51) Syntax set radio-pr of ile nam e rate-enf or cement {enable | disable} Defaults Data rate en forcement is disabled by default. Access Enabled. History Introduced in WSS Software V e rsion 6.0. Usage Each type of radio (802.
AP Commands 307 Nortel WLAN—Security Switch 2300 Series Command Line Reference Syntax set radio-pr of ile nam e rf id-mode { enable | disable } Defaults The defau lt is disable .
308 AP Commands NN47250-100 (Version 02 .51) set radio-profile service-profile Maps a service profile to a radio pro file. All radios that use the radio p rof ile also use the pa rameter settings, including SSID and encryption sett ings, in the service profile.
AP Commands 309 Nortel WLAN—Security Switch 2300 Series Command Line Reference cipher-ccmp disable Does not use Counter with Cipher Block Chaining Message Authentication Code Protocol (CCMP) to encrypt traff ic sent to WP A clients.
310 AP Commands NN47250-100 (Version 02 .51) no-br oadcast disabl e Does not reduce wireless broadcast traff ic by sending unicasts to clients for ARP requests and DHCP Offers and Acks instead of forwarding them as multicasts. proxy-ar p disable Does not reply on behalf of wireless client s to ARP requests for client IP addr esses.
AP Commands 31 1 Nortel WLAN—Security Switch 2300 Series Command Line Reference tkip-mc-time 60000 Uses Michael countermeasures for 60,000 ms (60 seconds) follow ing detection of a second MIC failure within 60 seconds. transmit-rates 802.11a: • mandatory: 6.
312 AP Commands NN47250-100 (Version 02 .51) Access Enabled. History Introduced in WSS Software V e rsion 3.0. Usage Y ou must configure the service profile before you can map it to a radio profile. Y ou can map the same service prof ile to more than one radio prof ile.
AP Commands 313 Nortel WLAN—Security Switch 2300 Series Command Line Reference Examples The follow ing command maps service-profile wpa_clients to radio prof ile rp2 : WSS# set radio-profile r p2 service-prof ile wpa_clients success: change accepted.
314 AP Commands NN47250-100 (Version 02 .51) • set service-pr ofile wep k ey-index on page 342 • set service-pr ofile wpa-ie on page 342 • show radio-pr ofile on page 376 • show service-pr of ile on page 380 set radio-profile shared-key-auth See set service-prof ile shar ed-key-auth on page 324 .
AP Commands 315 Nortel WLAN—Security Switch 2300 Series Command Line Reference set radio-profile wmm-powersave Enables Unsche duled Automatic Powe rsave Delivery (U-APSD) on AP ra dios managed by the radio profile. U-APSD enables WMM clients that use powersave mode to more eff i ciently request buffered unica st packets from AP radios.
316 AP Commands NN47250-100 (Version 02 .51) set service-profile attr Configures authorization attributes that are applied by default to us ers accessing the SSI D managed by the service profile. These SSID de fault attributes are applied in addition to any supplied by the RADIUS server or from the lo cal database.
AP Commands 317 Nortel WLAN—Security Switch 2300 Series Command Line Reference The following command assigns users accessing the SSID managed by service profile sp2 to the Mobility Profile tulip. WSS# set service-prof sp2 attr mobility-profile tulip success: change accepted.
318 AP Commands NN47250-100 (Version 02 .51) See Also • set service-pr of ile auth-psk on page 309 • set service-pr ofile psk-phrase on page 322 • set service-pr ofile wpa-ie on page 342 • show service-pr of ile on page 380 set service-profile auth-fallthru Specifies the authentication type for users who do not ma tch an 802.
AP Commands 319 Nortel WLAN—Security Switch 2300 Series Command Line Reference The web-portal authentication type al so requires additional c onfiguration items. (See the “Configuring AAA for Network Users” chapter of the Nortel WLAN Security Switch 2300 Series Configuration Guide .
320 AP Commands NN47250-100 (Version 02 .51) set service-profile beacon Disables or reenab les beaconing of the SSID mana ged by the service profile. An AP radio responds to an 802.1 1 pr obe any request with only the beaconed SS ID(s). For a nonbeaconed SSID, radios respond only to directed 802.
AP Commands 321 Nortel WLAN—Security Switch 2300 Series Command Line Reference Usage WLAN mesh services can be used in a wi reless br idge configuration, implementing APs as bridge endpoints in a transparent Layer 2 bri dge.
322 AP Commands NN47250-100 (Version 02 .51) set service-profile cac-session Specifies the maximum number of active sessions a radio can have when se ssion-based CAC is enabled. When an AP radio has reached the maximu m allowed number of acti ve sessions, the radio refuses connections from additional clients.
AP Commands 323 Nortel WLAN—Security Switch 2300 Series Command Line Reference Examples The follow ing command conf igures service prof ile sp2 to use CCMP encryption: WSS# set service-pr ofile sp2 cipher -ccmp enable success: change accepted.
324 AP Commands NN47250-100 (Version 02 .51) set service-profile cipher-wep104 Enables dynamic Wired Equivalent Privacy (WEP) with 104-bit keys, in a service profile. Syntax set service-pr of ile name cipher -wep104 { enable | disabl e } Defaults 104-bit WEP encryption is disabled by defau lt.
AP Commands 325 Nortel WLAN—Security Switch 2300 Series Command Line Reference set service-profile cipher-wep40 Enables dynamic Wired Equivalent Privacy (WEP) with 40-bit keys, in a service profile. Syntax set service-pr of ile name cipher - wep40 { enable | disable } Defaults 40-bit WEP encryption is disabled by default.
326 AP Commands NN47250-100 (Version 02 .51) Syntax set service-pr of ile name cos level Defaults The default stat ic CoS lev el is 0. Access Enabled. History Introduced in WSS Software V e rsion 4.1. Usage This command applie s only when static CoS is enabled.
AP Commands 327 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also • set service-pr of ile no-broadcast on page 320 • set service-pr ofile pr oxy-ar p on page 321 • show s.
328 AP Commands NN47250-100 (Version 02 .51) Syntax set service-pr of ile name keep-initial-vlan { enable | disa ble } Defaults This option is disabled by default.
AP Commands 329 Nortel WLAN—Security Switch 2300 Series Command Line Reference Usage Use this command to exempt a service prof ile from RF load bala ncing.
330 AP Commands NN47250-100 (Version 02 .51) set service-profile mesh Creates a service profile for use with WLAN mesh servic es. Syntax set service-pr of ile name mesh mode {enable | disable} Defaults None. Access Enabled. History Introduced in WSS Software version 6.
AP Commands 331 Nortel WLAN—Security Switch 2300 Series Command Line Reference Syntax set service-pr of ile name no-bro adcast { enable | disable } Defaults The no-broadcast mode is disabled by defa ult. (Broadcast traf fic not disabl ed.) Access Enabled.
332 AP Commands NN47250-100 (Version 02 .51) Usage T o further reduce broadcast traf f ic on a service prof ile, use the set service-prof ile no-broadcast command to disable DHCP a nd ARP request broadcasts.
AP Commands 333 Nortel WLAN—Security Switch 2300 Series Command Line Reference set service-profile psk-raw Configures a raw hexadecima l preshared key (PSK) to use for authenti cating WPA clients, in a servi ce profile. Radios use the PSK as a pairwise ma ster key (PMK) to derive unique pairwise session keys for individual WPA clients.
334 AP Commands NN47250-100 (Version 02 .51) Syntax set service-pr of ile name rsn-ie { enable | disable } Defaults The RSN IE is disabled by default. Access Enabled. History Introduced in WSS Software V e rsion 3.0. Usage When the RSN IE is enabled, the defau lt authentication method is 802.
AP Commands 335 Nortel WLAN—Security Switch 2300 Series Command Line Reference Defaults Shared-ke y authentica tion is disabled by default. Access Enabled. History Introduced in WSS Software V e rsion 3.0. Usage Shared-ke y authentication is supported only for encrypted SSI Ds.
336 AP Commands NN47250-100 (Version 02 .51) set service-profile soda agent-directory Specifies the directory on the WSS whe re the SODA agent files for a service profil e are locate d.
AP Commands 337 Nortel WLAN—Security Switch 2300 Series Command Line Reference Access Enabled History Introduced in WSS Software V e rsion 4.1. Usage When the SOD A agen t is enabled in a service prof ile, by default the SOD A agent che cks are downloaded to a client and run bef ore the c lient is allowed on the network.
338 AP Commands NN47250-100 (Version 02 .51) This functionality occurs only when the enforce checks option is enabled for th e service profile . The enforce checks option is enabled by default. The page is assumed to reside in the root directory on th e WSS.
AP Commands 339 Nortel WLAN—Security Switch 2300 Series Command Line Reference Examples The follo wing command specif ies logout.html as the page to load when a clie nt closes the SODA virtual desktop: WSS# set service-pr ofile sp1 soda logout-page logout.
340 AP Commands NN47250-100 (Version 02 .51) set service-profile soda remediation-acl Specifies an ACL to be applied to a client if it fails the ch ecks performed by the SODA agent. Syntax set service-pr of ile name soda rem ediation-acl acl-name Defaults None.
AP Commands 341 Nortel WLAN—Security Switch 2300 Series Command Line Reference Access Enabled. History Introduced in WSS Software V e rsion 4.1. Usage Use this command to sp ecify a custom page th at is loaded by the clie nt when it passes the checks performed by the SOD A agent.
342 AP Commands NN47250-100 (Version 02 .51) Examples The following command applies the name guest to the SSID managed by service prof ile clear_wlan : WSS# set service-pr of ile clear_wlan ssid-name guest success: change accepted.
AP Commands 343 Nortel WLAN—Security Switch 2300 Series Command Line Reference any ACLs that mark CoS. This option pr ovides a simple way to configure an SSID for priority traffic such as VoIP traffic. When static CoS is enabled, the standard WSS Software prio ritization mechanism is not used .
344 AP Commands NN47250-100 (Version 02 .51) History Introduced in WSS Software V e rsion 3.0. Usage Countermeasures apply only to TK IP and WEP clients. This in cludes WP A WEP clien ts and non- WP A WEP clients. CCMP cli ents are not affected. The TKIP cipher suite must be enabled.
AP Commands 345 Nortel WLAN—Security Switch 2300 Series Command Line Reference Defaults This command has the follo wing defaults: • mandatory : ● 11a— 6.0,12.0,24.0 ● 11b— 1.0,2.0 ● 11g— 1.0,2.0,5.5,11.0 • disabled —None. All rates applicable to the radio type are supported by default.
346 AP Commands NN47250-100 (Version 02 .51) See Also show service-profile on page 380 set service-profile user-idle-timeout Changes the number of seconds WSS Soft ware will leave a session up for a client that is not sendin g data and is not responding to keepalives (idle- client probe s).
AP Commands 347 Nortel WLAN—Security Switch 2300 Series Command Line Reference Syntax set service-pr of ile name web-portal-acl aclname Defaults By default, a service prof ile’ s we b-portal-acl option is unset.
348 AP Commands NN47250-100 (Version 02 .51) History Usage Nortel recommends that you create a subdirectory for the custom page and place all the page’ s f iles in that subdirectory . Do not place the custom page in the root directory of th e switch’ s user file area.
AP Commands 349 Nortel WLAN—Security Switch 2300 Series Command Line Reference set service-profile web-portal-logout Changes the web po rtal logout mode. Syntax set service-pr of ile name web-portal-logout mode {enable | disable} Access Enabled. History Introduced in WSS Software V ersion 6.
350 AP Commands NN47250-100 (Version 02 .51) Syntax set service-pr of ile name web-portal-session-timeout seconds Defaults The default W eb Portal W eb-base d AAA session timeout is 5 seconds. Access Enabled. History Introduced in WSS Software V e rsion 4.
AP Commands 351 Nortel WLAN—Security Switch 2300 Series Command Line Reference Usage Before using this command, you must configure v a lues for the WEP ke ys you plan to use.
352 AP Commands NN47250-100 (Version 02 .51) set service-profile wep key-index Sets the value of on e of four static Wired-Equiva lent Privacy (WEP) keys for static WEP encryption. Syntax set service-pr of ile name wep key -i nd ex num key value Defaults By default, no static WEP ke ys are defined.
AP Commands 353 Nortel WLAN—Security Switch 2300 Series Command Line Reference Defaults The WP A IE is disabled by default. Access Enabled. History Introduced in WSS Software V e rsion 3.0. Usage When the WP A IE is enabled, the default authenti catio n method is 802.
354 AP Commands NN47250-100 (Version 02 .51) See Also • set ap local-switching mode on page 26 0 • set vlan-prof ile show ap config Displays global and radio-spec ific settings for an AP. Syntax show ap conf ig [ port-list [ radio { 1 | 2 }]] Defaults None.
AP Commands 355 Nortel WLAN—Security Switch 2300 Series Command Line Reference Access Enabled. History Usage WSS Software lists informati on separately for each AP.
356 AP Commands NN47250-100 (Version 02 .51) T able 7: Output f or show ap conf ig Field Description Port WSS port number . Note: This f ield is applicable only if the AP is directly connected to the WSS a nd the WSS’ s port is configured as an AP acc ess port.
AP Commands 357 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also • set ap on page 33 • set port type ap on page 41 • set ap bias on page 249 • set ap f ingerprint on p.
358 AP Commands NN47250-100 (Version 02 .51) • show ap unconf igured on page 374 • show radio-pr ofile on page 376 show ap counters Displays AP and radio statistics counters. Syntax show ap counters [ port-list [ radio { 1 | 2 }]] Defaults None. Access Enabled.
AP Commands 359 Nortel WLAN—Security Switch 2300 Series Command Line Reference TKIP Pkt Replays 0 TKIP Decrypt Err 0 CCMP Pkt Decrypt Err 0 CCMP Pkt Replays 0 CCMP Pkt T r ansfer Ct 0 RadioResets 0 Radio Recv Phy Er r Ct 0 T ransmit Retries 60501 Radio Adjusted Tx Pwr 15 Noise Floor -93 802.
360 AP Commands NN47250-100 (Version 02 .51) TKIP Pkt Replays N umber of TKIP packets th at were resent to the AP by a client. A low v alue (under ab out one hundred) does not necessarily indicate a problem.
AP Commands 361 Nortel WLAN—Security Switch 2300 Series Command Line Reference User Sessions Number of clients curre ntly associ ated with the radio. Generally , this counter is equal to the numbe r of sessions listed for the radio in show sessions output.
362 AP Commands NN47250-100 (Version 02 .51) See Also show sessions network on page 439 show ap dual-home To display connection information fo r APs configured on a WSS, use the show ap global command on one of the switches where the AP is configured.
AP Commands 363 Nortel WLAN—Security Switch 2300 Series Command Line Reference show ap fdb Displays the entries in a spec ified AP’s forwarding database. Syntax show ap fdb ap-number Defaults None. Access All. History Introduced in WSS V ersion 6.
364 AP Commands NN47250-100 (Version 02 .51) show ap qos-stats Displays statis tics fo r AP forwarding queues. Syntax show ap qos-stats [ ap-num ] [ clear ] Syntax show ap qos-stats [ port-list ] [ clear ] Defaults None.
AP Commands 365 Nortel WLAN—Security Switch 2300 Series Command Line Reference show ap etherstats Displays Ethernet statistics for an AP’s Ethernet ports. Syntax show ap etherstats [ port-list | ap-num ] Defaults None. Access Enabled. History Introduced in WSS Software V e rsion 3.
366 AP Commands NN47250-100 (Version 02 .51) RxShortFrames: 0 TxUnderruns: 0 RxCrcErrors: 0 TxCarrierLoss: 0 RxOverruns: 0 TxDeferred: 150 RxDiscards: 0 AP: 1 ether: 2 ================================.
AP Commands 367 Nortel WLAN—Security Switch 2300 Series Command Line Reference show ap group Deprecated in WSS Software Version 6.0. To display info rmation about RF load balanc ing, see show load-balancing group show ap mesh-links Displays information about th e links an AP has to Mesh APs and Mesh Portal APs.
368 AP Commands NN47250-100 (Version 02 .51) TX: 307 44279 RX: 315 215046 Table 45 on page 358 describes the fields in the show ap mesh-links output. T able 12: Output for sho w ap mesh-links See Also.
AP Commands 369 Nortel WLAN—Security Switch 2300 Series Command Line Reference Defaults None. Access Enabled. History Examples The follow ing command displays the status of a AP: WSS# show ap status 1 ap: 1, IP-addr: 10.
370 AP Commands NN47250-100 (Version 02 .51) Radio 1 type: 802.1 1g, state: config ure succeed [Enabled] (802.1 1b protect) operational channel: 1 operational power: 14 base mac: 00:0b:0e:00:d2:c0 bssid1: 00:0b:0e:00:d2:c0, ssid: public bssid2: 00:0b:0e:00:d2:c2, ssid: employee-n et bssid3: 00:0b:0e:00:d2:c4, ssid: mycorp-tkip Radio 2 type: 802.
AP Commands 371 Nortel WLAN—Security Switch 2300 Series Command Line Reference ap100 oa- 10.8.255.1 1 AP-122 00:0b:0e:da:da: 82 E 1/17 E36/1 1 0d 0h 0m17s Table 46 and Table 46 describe the fields in these displays. T able 13: Output fo r show ap status Field Description AP Connection ID for the AP.
372 AP Commands NN47250-100 (Version 02 .51) State State of the AP : • init—The AP has been recognized by the WSS but has not yet begun b ooting. • booting—The AP has asked the WSS for a boot image. • image do wnloading—The AP is receiving a bo ot image from the WSS.
AP Commands 373 Nortel WLAN—Security Switch 2300 Series Command Line Reference Radio 1 type Radio 2 type 802.11 type and configurat ion state o f the radio. •T h e configure succeed state indicates that the AP has received configuration p arameters for the radio and the radio is ready to accept client connections .
374 AP Commands NN47250-100 (Version 02 .51) Radio 1 type Radio 2 type (cont.) • Radar Detected indicates that DFS has detected radar on the channel.
AP Commands 375 Nortel WLAN—Security Switch 2300 Series Command Line Reference show ap vlan Displays information about the VLANs that are either locally switched by the specified AP or tunneled from the AP to an WSS switch. bssid, ssid SSIDs configured on the radio and th eir BSSIDs.
376 AP Commands NN47250-100 (Version 02 .51) Syntax show ap vlan ap-number Defaults None. Access All. History Introduced in WSS V ersion 6.0. Examples The follow ing command displays informa tion abou.
AP Commands 377 Nortel WLAN—Security Switch 2300 Series Command Line Reference show auto-tun e attributes Displays the current values of the RF attributes RF Auto-Tuning uses to decide whether to change ch annel or power settings.
378 AP Commands NN47250-100 (Version 02 .51) See Also • set ap radio auto-tune max-power on page 265 • set radio-prof ile aut o-tune channel-conf ig on page 279 • set radio-prof ile aut o-tune c.
AP Commands 379 Nortel WLAN—Security Switch 2300 Series Command Line Reference Usage For simplici ty , this command displays a single entry for each Nortel radio, e v en if the radio is supporting multiple BSSIDs. Howe ve r , BSSIDs for third-party 802.
380 AP Commands NN47250-100 (Version 02 .51) show ap boot-configuration Displays information about the static IP address conf iguration (if any) on a AP. Syntax show ap boot-conf iguration ap-num Defaults None. Access Enabled. History V ersion 4.1 Command introduced in WSS Software.
AP Commands 381 Nortel WLAN—Security Switch 2300 Series Command Line Reference show ap connection Displays the system IP addre ss of the WSS that booted a AP.
382 AP Commands NN47250-100 (Version 02 .51) If a AP is configured on this WSS (or another WSS in the same Mobility Domain) but does not hav e an acti ve connection, the command does not disp lay information fo r the AP. T o sho w connection information for APs, use the show ap global comma nd on one of t he switches where the APs are co nfigured.
AP Commands 383 Nortel WLAN—Security Switch 2300 Series Command Line Reference show ap global Displays connection information for APs configured on a WSS.
384 AP Commands NN47250-100 (Version 02 .51) See Also • set ap on page 33 • set ap bias on page 249 • show ap conf ig on page 344 • show ap connection on page 371 • show ap unconf igured on page 374 show ap unconfigured Displays APs that are physically c onnected to the network but that are not conf igured on any WSSs.
AP Commands 385 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also • show ap connection on page 371 • show ap global on page 373 show load-balancing group Displays an RF load balanc ing group’s member radios and current load for each radio.
386 AP Commands NN47250-100 (Version 02 .51) Examples The follow ing command displays information about the AP radios that are in the same group as radio 1 on AP 3: WSS# show load-balancing group ap 3.
AP Commands 387 Nortel WLAN—Security Switch 2300 Series Command Line Reference Defaults None. Access Enabled. History Usage WSS Software contains a defa ult radio profile. Nortel recomme nds that you do not change this profile b ut instead keep the prof ile for reference.
388 AP Commands NN47250-100 (Version 02 .51) T able 23: Output f or show radio-pr of ile Field Description Beacon Interv al Rate (in milli seconds) at which each AP radio in the prof ile advertis es the beaconed SSID.
AP Commands 389 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also • set radio-prof ile activ e-scan on page 278 • set radio-prof ile aut o-tune channel-conf ig on page 279 .
390 AP Commands NN47250-100 (Version 02 .51) • set radio-prof ile mode on page 291 • set radio-prof ile pr eamb le-length on page 294 • set radio-prof ile qos-mo de on page 295 • set radio-pro.
AP Commands 391 Nortel WLAN—Security Switch 2300 Series Command Line Reference Examples The follo wing command displays inf ormation for service prof ile sp1 : WSS # show service- prof ile sp1 ssid-.
392 AP Commands NN47250-100 (Version 02 .51) Enforce SODA checks: yes SODA remediation ACL: Custom success web-page: Custom failure web-page: Custom logout web-page: Custom agent-directory: Static COS.
AP Commands 393 Nortel WLAN—Security Switch 2300 Series Command Line Reference No broadcast Indicate s whether broadcast restriction is ena bled. When this feature is en abled, WSS Soft ware sends ARP requests and DHCP Of fers and Acks as uni casts to their tar get clients inste ad of forwarding them as broadcasts.
394 AP Commands NN47250-100 (Version 02 .51) Custom agent-directory The name of the dire ctory for SOD A agent files on the WSS, if different from the default. By defaul t, SOD A agent files are stored in a directory with the sa me name as the service prof ile.
AP Commands 395 Nortel WLAN—Security Switch 2300 Series Command Line Reference WEP Ke y 3 value State of static WEP key number 3: • none—The key is not configu red. • preset—The key is configured. WEP Ke y 4 value State of static WEP key number 4: • none—The key is not configu red.
396 AP Commands NN47250-100 (Version 02 .51) • set service-pr of ile attr on page 306 • set service-pr of ile auth-dot1x on page 307 • set service-pr of ile auth-fallthru on page 308 • set ser.
AP Commands 397 Nortel WLAN—Security Switch 2300 Series Command Line Reference • set service-pr of ile psk-raw on page 323 • set service-pr of ile rsn-ie on page 323 • set service-pr of ile sh.
398 AP Commands NN47250-100 (Version 02 .51).
399 Nortel WLAN—Security Switch 2300 Series Command Line Reference STP Commands Use Spanning Tree Protocol (STP) co mmands to configure and manage sp anning trees on the virtual LANs (VLANs) configured on a WSS, to ma intain a loop-free network. This ch apter presents STP commands alpha- betically.
400 STP Commands NN47250-100 (Version 02 .51) clear spantree portcost Resets to the default value the cost of a network port or ports on paths to the STP root bridge in all VLANs on a WSS. Syntax clear spantree portcost port-list Defaults None. Access Enabled.
STP Commands 401 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also • clear spantree portvlanpri on page 391 • set spantr ee portpri on page 397 • set spantr ee portvlanpr.
402 STP Commands NN47250-100 (Version 02 .51) Syntax clear spantree portvlanpri port-l ist { all | vlan vlan-id } Defaults None. Access Enabled. Usage WSS Software does not change a port’ s priority for VLANs other than the one(s) you specify .
STP Commands 403 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also show spantree statistics on page 407 set spantree Enables or disables STP on one VLAN or all VLANs configured on a WSS. Syntax set spantree { enable | disable } [{ all | vlan vlan-id | port port-list vlan-id }] Defaults Disabled.
404 STP Commands NN47250-100 (Version 02 .51) Usage If you plan to use the backbone fast con vergence feat ure, you must enable it on all the bridges in the spanning tree. Examples The follow ing command enable s backbone fast con ver gence: WSS# set spantree backbonefast enable success: change accepted.
STP Commands 405 Nortel WLAN—Security Switch 2300 Series Command Line Reference Examples The follow ing command changes the hello interval for all VLANs to 4 seconds: WSS# set spantree hello 4 all success: change accepted.
406 STP Commands NN47250-100 (Version 02 .51) Defaults The default port cost depends on the port speed and link type. T able 58 list s the defaults for STP port path c ost. Access Enabled. Usage This command ap plies only to the default VLAN (VLAN 1).
STP Commands 407 Nortel WLAN—Security Switch 2300 Series Command Line Reference Defaults STP port fast con v er gence is disabled by default. Access Enabled. Usage Use port fast con ver gence on ports that are direc tly connected to servers, hosts, or other MA C stations.
408 STP Commands NN47250-100 (Version 02 .51) Syntax set spantree portvlancos t port-list cost cost { all | vlan vlan-id } Defaults The default port cost depends on th e port speed and link type.
STP Commands 409 Nortel WLAN—Security Switch 2300 Series Command Line Reference Examples The follow ing command sets the priority of ports 3 and 4 to 48 on VLAN mauve : WSS# set spantree portvlanpri 3-4 priority 48 vlan mauve success: change accepted.
410 STP Commands NN47250-100 (Version 02 .51) Defaults Disabled. Access Enabled. Usage The uplink fast con verge nce feature is applicable to bridges th at are acting as access swi tches to the network co re (distrib ution layer) b ut are not in the core t hemselv es.
STP Commands 41 1 Nortel WLAN—Security Switch 2300 Series Command Line Reference Bridge Max Age 20 sec Hello T ime 2 sec Forward Delay 15 sec.
412 STP Commands NN47250-100 (Version 02 .51) Port V lan STP-S tate Cost Prio Portfast ------------------------------------- ---------------------------------- ------- 1 1 Forwarding 19 128 Dis abled .
STP Commands 413 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also show spantree blockedports on page 404 show spantree backbonefast Indicates whether the STP backbone fast conv ergence fe ature is enabled or disabled. Syntax show spantr ee backbonefast Defaults None.
414 STP Commands NN47250-100 (Version 02 .51) Access All. Examples The follo wing ex ample sho ws the comman d output on a WSS with backb one fast con ver gence enabled: WSS# show spantree bac kbonefa.
STP Commands 415 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also show spantree on page 400 show spantree portfast Displays STP uplink fast convergenc e information for all network ports or for one or more network ports. Syntax show spantr ee portfast [ port-li st ] Defaults None.
416 STP Commands NN47250-100 (Version 02 .51) See Also set spantree portfast on page 396 show spantree portvlancost Displays the cost of a port on a path to the ST P root bridge, for each of the port’s VLANs. Syntax show spantr ee portvlancost port-list Defaults None.
STP Commands 417 Nortel WLAN—Security Switch 2300 Series Command Line Reference show spantree statistics Displays STP statistics f or on e or more WSS netwo rk ports. Syntax show spantree statistics [ port -list [ vlan vlan-id ]] Defaults None. Access All.
418 STP Commands NN47250-100 (Version 02 .51) scp failure count 0 root inc trans count (port/VLAN) 1 (1) inhibit loopguard F ALSE loop inc trans count 0 (0) S tatus of Port T imers forward delay timer.
STP Commands 419 Nortel WLAN—Security Switch 2300 Series Command Line Reference next state 0 src MAC count 21807 total src MAC count 21825 curr_src_mac 00-0b-0e-00-04-30 next_src_mac 00-0b-0e-02-76-f6 Table 61 describes the fields in this display. T able 4: Output for sho w spantree statistics Field Description Port Port number .
420 STP Commands NN47250-100 (Version 02 .51) designated cost T otal path cost to reach the root bridge. designated_bridge Bridge to which this switch forwards t raf fic aw ay from the root bridge. designated_port STP port through which this switch forwar ds traf fic away from the root bridge.
STP Commands 421 Nortel WLAN—Security Switch 2300 Series Command Line Reference hold timer Status of the hold timer . Th is timer ensures that conf igured BPDUs are not transmitted too frequently through any bridge port. hold timer value Current value of the hold timer , in seconds.
422 STP Commands NN47250-100 (Version 02 .51) See Also clear spantree statistics on page 392 show spantree uplinkfast Displays uplink fast convergence info rmation for one VLAN or all VLANs. Syntax show spantr ee uplinkfast [ vla n vlan-id ] Defaults None.
STP Commands 423 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also set spantr ee uplinkfast on page 399.
424 STP Commands NN47250-100 (Version 02 .51).
425 Nortel WLAN—Security Switch 2300 Series Command Line Reference IGMP Snooping Commands Use Internet Group Management Protoc ol (IGMP) snooping commands to conf igure and manage multicast traffic reduction on a WSS. This chapter presents IGMP snooping commands alphabetically.
426 IGMP Snooping Commands NN47250-100 (Version 02 .51) Examples The follo wing command clears IGMP statistic s for all VLANs: WSS# clear igmp statistics IGMP statistics cleared for all vlans See Also show igmp s tatistics on page 431 set igmp Disables or reenables IGMP snoopi ng on one VLAN or all VLANs on a WSS.
IGMP Snooping Command s 427 Nortel WLAN—Security Switch 2300 Series Command Line Reference Examples The following co mmand changes the last member query interval on VLAN or ange to 5 tenths of a second: WSS# set igmp lmqi 5 vlan orange success: change accepted.
428 IGMP Snooping Commands NN47250-100 (Version 02 .51) Syntax set igmp mrsol { enable | disable } [ vlan vlan-id ] Defaults Multicast router solicita tion is disabled on all VLANs by default.
IGMP Snooping Command s 429 Nortel WLAN—Security Switch 2300 Series Command Line Reference Syntax set igmp oqi seconds [ vlan vlan-id ] Defaults The default other -querier-present in terv al is 255 seconds (4.25 minutes). Access Enabled. Usage A WSS cannot become the querier unless the pseudo-querier feature is enabled on the switch.
430 IGMP Snooping Commands NN47250-100 (Version 02 .51) Usage Proxy reporting reduces multicast ov erhead by sendi ng only one membership report for a group to the multicast routers and discardi ng other membership reports for the same group.
IGMP Snooping Command s 431 Nortel WLAN—Security Switch 2300 Series Command Line Reference Syntax set igmp qri tenth-seconds [ vlan vlan-id ] Defaults The default query response interv al is 100 tenths of a second (10 seconds). Access Enabled. Usage The query response interval is applicable only when the WSS is querier for the subnet.
432 IGMP Snooping Commands NN47250-100 (Version 02 .51) Examples The follow ing example en ables the pseudo-querier on the orange VLAN: WSS# set igmp querier enable vlan orange success: change accepted.
IGMP Snooping Command s 433 Nortel WLAN—Security Switch 2300 Series Command Line Reference Defaults The default rob ustness v alue for all VLANs is 2. Access Enabled. Examples The follo wing ex ample changes th e robustne ss value on VLAN orang e to 4: WSS# set igmp r v 4 vlan orange success: change accepted.
434 IGMP Snooping Commands NN47250-100 (Version 02 .51) Port Querier-IP Querier-MAC TTL ---- ------- -------- ---- ---------- --- ----- 1 193.122.135.178 00: 0b:cc:d2:e9:b4 23 IGMP vlan mem ber po rts.
IGMP Snooping Command s 435 Nortel WLAN—Security Switch 2300 Series Command Line Reference Multicast router information Lis t of multicast router s and acti ve multicast groups. The f ields containing this information ar e described separately . The show igmp mrouter command show s the same in formation.
436 IGMP Snooping Commands NN47250-100 (Version 02 .51) See Also • show igmp mrouter on page 426 • show igmp querier on page 427 • show igmp recei ver -table on page 429 • show igmp statistics on page 431 show igmp mrouter Displays the multicast routers in a WSS’ s subnet, on one VLAN or al l VLANs.
IGMP Snooping Command s 437 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also • set igmp mro uter on page 417 • show igmp mrouter on page 426 show igmp querier Displays information about th e active multicas t querier, on one VLAN or all VLANs.
438 IGMP Snooping Commands NN47250-100 (Version 02 .51) Examples The follow ing command displays querier information for VLAN or ange : WSS# show igmp querier vlan orange Querier for vlan orange.
IGMP Snooping Command s 439 Nortel WLAN—Security Switch 2300 Series Command Line Reference Port Querier -IP Querier-MAC TTL ---- ------- -------- ---- ---------- --- -------- --------- - 1 193.
440 IGMP Snooping Commands NN47250-100 (Version 02 .51) Syntax show igmp recei ver -table [ vlan vlan-id ] [ group gr oup-ip -addr / mask-length ] Defaults None.
IGMP Snooping Command s 441 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also set igmp r eceiver on page 422 show igmp statistics Displays IGMP statistics. Syntax show igmp statistics [ vlan vlan-id ] Defaults None. Access All.
442 IGMP Snooping Commands NN47250-100 (Version 02 .51) DVMRP 4 4 0 PIM V1 0 0 0 PIM V2 0 0 0 T opology notification s: 0 Packets with unknown IGMP ty pe: 0 Packets with bad l ength: 0 Packets with bad checksum: 0 Packets dropped: 4 Table 67 describes the fields in this display.
IGMP Snooping Command s 443 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also clear igmp statistics on page 415 IGMP message type T ype of IGMP message, continued: • Mrouter-T erm—Multicast router termination messages.
444 IGMP Snooping Commands NN47250-100 (Version 02 .51).
445 Nortel WLAN—Security Switch 2300 Series Command Line Reference Session Mana g ement Commands Use session management commands to di splay and clear administ rative and network user se ssions. This cha pter presents session management co mmands alphabeticall y.
446 Session Management Commands NN47250-100 (Version 02 .51) To clear Telne t client session 0, type the f ollowing command: WSS# clear sessions telnet client 0 See Also show sessions on page 437 clea.
Session Manage ment Commands 447 Nortel WLAN—Security Switch 2300 Series Command Line Reference To clear the session of user Natasha , type the following command: 23x0# clear sessions network user N.
448 Session Management Commands NN47250-100 (Version 02 .51) To view information about console users’ sessions, type the following command: WSS> show sessions console Tty Username T ime (s) -----.
Session Manage ment Commands 449 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also clear sessions on page 435 show sessions network Displays summary or verbose information abou.
450 Session Management Commands NN47250-100 (Version 02 .51) Defaults None. Access All. History Usage WSS Software displays informat ion about network sessions in th ree types of displays. See the follow ing tables for field descriptions. Authorization attribu te values ca n be changed during authorizati on.
Session Manage ment Commands 451 Nortel WLAN—Security Switch 2300 Series Command Line Reference WSS > show sessions network User Sess IP or MAC VLAN Port / Name ID Address Name Ra dio ------------------------------ -- -- ----------------- - -------------- ----- EXAMPLENatasha 4* 10.
452 Session Management Commands NN47250-100 (Version 02 .51) The following command displays in formation about network session 88: WSS# show sessions netw ork session-id 88 Local Id: 88 Global Id: SES.
Session Manage ment Commands 453 Nortel WLAN—Security Switch 2300 Series Command Line Reference IP or MA C Address IP address of the session user , or the user’ s MAC addr ess if the user has not yet receiv ed an IP address. VLAN Name Name of the VLAN a ssociated with the session.
454 Session Management Commands NN47250-100 (Version 02 .51) now on Shows the follo wing information about the AP and radio the session is currently on: • IP address and port number of th e WSS mana.
Session Manage ment Commands 455 Nortel WLAN—Security Switch 2300 Series Command Line Reference T able 5: show sessions network session-id Output Field Description Local Id Identifier for the session on this part icular switch. (This is the session ID you specify when entering the show sessions network session-i d command.
456 Session Management Commands NN47250-100 (Version 02 .51) T ag System-wide suppor ted VLAN tag type. Session Start Indicat es when the session started. Last Auth T ime Indicates when the most re cent authenticati on of the session occurred. Last Acti vity Indicates when the last acti vity (transmission) occurred on the session.
Session Manage ment Commands 457 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also clear sessions networ k on page 436.
458 Session Management Commands NN47250-100 (Version 02 .51).
459 Nortel WLAN—Security Switch 2300 Series Command Line Reference Security A CL Commands Use security ACL commands to configure and monitor securi ty access control lists (ACLs).
460 Security ACL Commands NN47250-100 (Version 02 .51) Defaults None. Access Enabled. Usage This command deletes secur ity A CLs only in the edit buf fer . Y ou must use the co mmit security acl command with this command to de lete the A CL or A CE from the running configuration and non v olatile storage.
Security ACL Comm ands 461 Nortel WLAN—Security Switch 2300 Series Command Line Reference clear security acl map Deletes the mapping between a se curity ACL an d a virtual LAN (VLAN), one or more physical ports, or a virtual port. Or deletes all ACL maps to VLANs, ports, and virtual ports on a WSS.
462 Security ACL Commands NN47250-100 (Version 02 .51) To clear all physic al ports, virtual ports, and VLANs on a WSS of the ACLs mapped for incoming and outgoing traffic, type the followi ng command: WSS# clear security acl map all success: change accepted.
Security ACL Comm ands 463 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also • clear security acl on page 449 • rollback security acl on page 453 • set security acl on pa.
464 Security ACL Commands NN47250-100 (Version 02 .51) set security acl In the edit bu ffer, creates a sec urity access cont rol list (ACL ), adds one access co ntrol en try (ACE) to a security ACL, and/or reorders ACEs in the ACL.
Security ACL Comm ands 465 Nortel WLAN—Security Switch 2300 Series Command Line Reference By UDP packets set security acl ip acl-name { permit [ cos cos ] | deny } udp { sour ce-ip-addr mask | any [.
466 Security ACL Commands NN47250-100 (Version 02 .51) pr otocol IP protocol by which to f ilter packets: •i p •t c p •u d p •i c m p • A protocol num ber b etwee n 0 and 255. (For a complete list of IP protocol names and numbers, see www .iana.
Security ACL Comm ands 467 Nortel WLAN—Security Switch 2300 Series Command Line Reference Defaults By default, permitted pa ckets are classified ba sed on DSCP v alue, which is con v erted into an internal CoS v alue in the switc h’ s CoS map. The pac ket is then mark ed with a DSCP v alue based on the internal CoS value.
468 Security ACL Commands NN47250-100 (Version 02 .51) History Usage The WSS does not apply security A CLs until you acti vate them with the commit security acl command and map them to a VLAN, port, or virtual port, or to a user . If the WSS is reset or restarted , any A CLs in the edi t buf fer are lost.
Security ACL Comm ands 469 Nortel WLAN—Security Switch 2300 Series Command Line Reference set security acl map Assigns a committed security ACL to a VLAN, physical port or ports, vi rtual port, or AP on the WSS. Syntax set security acl map acl-name { vlan vlan-id | port port-list [ tag tag-list ] | ap ap-num } { in | out } Defaults None.
470 Security ACL Commands NN47250-100 (Version 02 .51) • commit security acl on page 452 • set mac-user attr on page 197 • set mac-usergr oup attr on page 203 • set security acl on page 454 .
Security ACL Comm ands 471 Nortel WLAN—Security Switch 2300 Series Command Line Reference WSS# show security acl hits ACL hit counters Index Counter ACL-name ----- ------ ----------- --- -------- --.
472 Security ACL Commands NN47250-100 (Version 02 .51) show security acl editbuffer Displays a summ ary of the security ACLs t hat ha ve not yet been com mitte d to the configuration. Syntax show security acl [ inf o all ] editbuffer Defaults None. Access Enabled.
Security ACL Comm ands 473 Nortel WLAN—Security Switch 2300 Series Command Line Reference Syntax show security acl hits Defaults None. Access Enabled. Usage For WSS Softw are to count hits for a security A CL, you must specify hits in the set security acl commands that def ine A CE rules for the ACL .
474 Security ACL Commands NN47250-100 (Version 02 .51) set security acl ip acl_123 (hits #5 462) ---------- ----------- ----------- ---------- --------- ------ 1. permit IP source IP 192.168.1.11 0. 0.0.255 destination IP any enable-hits 2. deny IP source IP 192.
Security ACL Comm ands 475 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also • clear security acl map on page 451 • set security acl map on page 459 • show security acl on page 461 show security acl resource-usage Displays statisti cs about the resources used by secur ity ACL fi ltering on the W SS.
476 Security ACL Commands NN47250-100 (Version 02 .51) L4 global : T rue No rules : False Non-IP rules : False Root in first : T rue St atic default action : False No per-user (MAC) mapping : True Out.
Security ACL Comm ands 477 Nortel WLAN—Security Switch 2300 Series Command Line Reference Port number Control value for handl ing fr agmented IP pack ets. Note: The current WSS Software version filters only the first packet of a fragmented IP packet and passes the remaining fragments.
478 Security ACL Commands NN47250-100 (Version 02 .51) In mapping Application of security A CLs to incoming traff ic on the WSS: • T rue—Security A CLs are ma pped to incoming traffic. • False—No security ACLs ar e ma pped to incoming traf fic.
479 Nortel WLAN—Security Switch 2300 Series Command Line Reference Cr yptograph y Commands A digital certificate is a form of elec tronic identificati on for computers.
480 Cryptography Comma nds NN47250-100 (Version 02 .51) crypto ca-certificate Installs a certificate aut hority’s own PKCS #7 certific ate into the WSS certificate and key storage area. Syntax crypto ca-certif icate { admin | eap | web } PEM-formatted-certificate Defaults None.
Cryptography Command s 481 Nortel WLAN—Security Switch 2300 Series Command Line Reference mzerMClaweVQQTT ooewiwpoer0QWNFNkj9004 4mbdrl1277SWQ8G7DiwYUtrqoQplKJvxz .
482 Cryptography Comma nds NN47250-100 (Version 02 .51) -----BEGIN CE R TIFICA TE----- MIIBdTCP3wIBADA2MQswCQYDVQQGEwJVUzELMA kGA1UECBMCQOExGjA Y BgNVB AMU EXR1Y2hwdWJzQHRycHouY29tMIGfMAOGCSqGSIb3DQEBAQAA4GNADCBiQKBgQC4 .
Cryptography Command s 483 Nortel WLAN—Security Switch 2300 Series Command Line Reference SSH requires an SSH authentication key, but you can a llow WSS Software to gene rate it automatically. The first time an SSH clie nt attempts to access the SSH server on a WSS, the switch au tomatically genera tes a 1024-byte SSH key.
484 Cryptography Comma nds NN47250-100 (Version 02 .51) Defaults None. Access Enabled. History Usage T o use this command, you must already hav e generated a public-pri vate encryption k ey pair with the crypto generate key command. Enter crypto generate r equest admin , crypto generate request eap , or crypto ge nerate request web and press Enter.
Cryptography Command s 485 Nortel WLAN—Security Switch 2300 Series Command Line Reference -----END CER TIFICA TE REQU E ST ----- See Also • crypto certifica te on page 471 • crypto generate key .
486 Cryptography Comma nds NN47250-100 (Version 02 .51) Defaults None. Access Enabled. History Usage T o use this command, you must already hav e generated a public-priv ate encryption key pair with the crypto gene rate key command.
Cryptography Command s 487 Nortel WLAN—Security Switch 2300 Series Command Line Reference Defaults None. Access Enabled. History Usage The password allo ws the public -pri va te key pai r and certifi cate to be installed tog ether from the same PKCS #12 object file.
488 Cryptography Comma nds NN47250-100 (Version 02 .51) Defaults The password you enter with the crypto otp command must be the same as the one protecting the PKCS #12 file. Access Enabled. History Usage T o use this command, you must have already created a one-time password with the crypto otp command.
Cryptography Command s 489 Nortel WLAN—Security Switch 2300 Series Command Line Reference show crypto ca-certificate Displays information about th e certificate author ity’s PEM-encoded PKCS #7 certificate. Syntax show crypto ca-certif icate { admin | eap | web } Defaults None.
490 Cryptography Comma nds NN47250-100 (Version 02 .51) • show crypto certif icate on page 480 show crypto certificate Displays information about one of the cr ypt ographic certificates installed on the WSS. Syntax show crypto certif icate { admin | eap | web } Defaults None.
Cryptography Command s 491 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also • crypto generate se lf-signed on page 475 • show crypto ca-certif icate on page 479 show crypto key domain Displays the checksum (also ca lled a fingerprint ) of the public key used to authen ticate manag ement traffic between WSSs.
492 Cryptography Comma nds NN47250-100 (Version 02 .51).
493 Nortel WLAN—Security Switch 2300 Series Command Line Reference RADIUS and Ser ver Gr oups Commands Use RADIUS commands to set up communi cation between a WSS and groups of up to four RADIUS servers for remote authentication, authoriz ation, and accounting (A AA) of administrators and networ k users.
494 RADIUS and Server Groups Comman ds NN47250-100 (Version 02 .51) Defaults Global RADIUS parameters have the follo wing default v alues: • deadtime —0 (zero) minutes (The WSS does not designat e unresponsi v e RADIUS servers as una v ailable.
RADIUS and Server Groups Commands 495 Nortel WLAN—Security Switch 2300 Series Command Line Reference Examples T o clear the s ystem IP address as t he permanent source address for RADIUS client requests, type the following command: WSS# clear radius cl ient system-ip success: change accepted.
496 RADIUS and Server Groups Comman ds NN47250-100 (Version 02 .51) clear radius server Removes the named RADIUS serv er from the WSS configuration. Syntax clear radius server ser ver-name Defaults None. Access Enabled. History Introduced in WSS Software 1.
RADIUS and Server Groups Commands 497 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also set server group on page 492 set radius Configures global defaults for RADIUS se rvers that do not explicitly set these va lues themselve s.
498 RADIUS and Server Groups Comman ds NN47250-100 (Version 02 .51) History Usage Y ou can specify only one pa rameter per command line. Examples The follo wing commands sets the dead time to 5 minute.
RADIUS and Server Groups Commands 499 Nortel WLAN—Security Switch 2300 Series Command Line Reference set radius proxy client Adds a RADIUS proxy entry for a third-party AP. The proxy entr y specifies the IP address of the AP and the UDP ports on which the WSS listens for RADIUS traffic from the AP.
500 RADIUS and Server Groups Comman ds NN47250-100 (Version 02 .51) Defaults None. Access Enabled. History Introduced in WSS Software 4.0. Usage AAA for third-party AP users has additional conf igurati on requirements.
RADIUS and Server Groups Commands 501 Nortel WLAN—Security Switch 2300 Series Command Line Reference Defaults Default v a lues are listed belo w: • auth-port —UDP port 1812 • acct-port —UDP .
502 RADIUS and Server Groups Comman ds NN47250-100 (Version 02 .51) Examples T o set a RADIUS server named RS42 with IP address 198.162.1.1 to use the default accounting and authorization ports with a.
RADIUS and Server Groups Commands 503 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also • clear server gr oup on page 486 • set serv er group load-balance on page 493 • show aaa on page 210 set server group load-balance Enables or disables load balancing among the RADIUS servers in a server group.
504 RADIUS and Server Groups Comman ds NN47250-100 (Version 02 .51).
505 Nortel WLAN—Security Switch 2300 Series Command Line Reference 802.1X Mana gement Commands Use 802. IEEE X manage ment commands to modify the default se ttings for IEEE 802.1X sessions on a WSS. For best results, change the setti ngs only if you are aware of a problem with the WSS’s 802.
506 802.1X Management Command s NN47250-100 (Version 02 .51) clear dot1x bonded-period Resets the Bonded Auth period to its d efault value. Syntax clear dot1x max-req Defaults The default bonded authentica tio n period is 0 seconds. Access Enabled. History Introduced in WSS Software V e rsion 2.
802.1X Manage ment Commands 507 Nortel WLAN—Security Switch 2300 Series Command Line Reference clear dot1x port-control Resets all wired authentication ports on the WSS to default 802.
508 802.1X Management Command s NN47250-100 (Version 02 .51) Access Enabled. History Introduced in WSS Software 1.0. Examples T ype the follo wing command to reset the maximu m number of reauthorizat ion att empts to the default: WSS# clear dot1x reauth-max success: change accepted.
802.1X Manage ment Commands 509 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also • set dot1x timeout auth-server on page 505 • show dot1x on page 507 clear dot1x timeout s.
510 802.1X Management Command s NN47250-100 (Version 02 .51) set dot1x authcontro l Provides a global override mech anism for 802.1X authen tication configurat ion on wired authentication ports. Syntax set dot1x authcontrol { enable | di sable } Defaults By default, authenticati on control for i ndi vidual wired auth entication is enabled.
802.1X Manag ement Comman ds 51 1 Nortel WLAN—Security Switch 2300 Series Command Line Reference Nortel recommends that you try 60 seconds, and change the period to a longer value only if clients are unable to authen- ticate within 60 seconds. The bonded authentication period ap plies only to 802.
512 802.1X Management Command s NN47250-100 (Version 02 .51) History Introduced in WSS Software 1.0. Usage T o support SSIDs that ha ve both 802.1X and static WEP clients, WSS Softwa re sends a maximum of two ID requests, e ven if thi s parameter is set to a higher v alue.
802.1X Manage ment Commands 513 Nortel WLAN—Security Switch 2300 Series Command Line Reference set dot1x quiet-period Sets the number of seconds a WSS remains quiet and does not respond to a supplicant after a failed authentication. Syntax set dot1x quiet-period seconds Defaults The default is 60 seconds.
514 802.1X Management Command s NN47250-100 (Version 02 .51) set dot1x reauth-max Sets the number of reauthent ication attem pts that the WSS makes before the su pplicant (c lient) b ecomes unauthorized. Syntax set dot1x reauth-max number-of-attempts Defaults The defau lt number of reauthenticat ion attempts is 2.
802.1X Manage ment Commands 515 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also • clear dot1x r eauth-period on page 498 • show dot1x on page 507 set dot1x timeout auth-server Sets the number of seconds that must elapse before the WSS times out a reque st to a RADIUS authentication server.
516 802.1X Management Command s NN47250-100 (Version 02 .51) See Also • clear dot1x timeout auth-server on page 498 • show dot1x on page 507 set dot1x tx-period Sets the number of seconds that must elapse before the WSS retransmits an EAPoL packet.
802.1X Manage ment Commands 517 Nortel WLAN—Security Switch 2300 Series Command Line Reference Usage Reauthentication is not required for WEP k ey rotation to take place. Broadcast and multicast keys are alw ays rotated at the sam e time, so all member s of a gi ven radio, VLAN, or encryption type recei ve the ne w ke ys at the same time.
518 802.1X Management Command s NN47250-100 (Version 02 .51) Access Enabled. Examples T ype the follo wing command to display the 802.1X clients: WSS # show dot1x client s MAC Address State Vlan Ident.
802.1X Manage ment Commands 519 Nortel WLAN—Security Switch 2300 Series Command Line Reference port 10, authcontrol: auto, max-sessions: 1 port 1 1, auth control: auto, max-sessions: 1 port 12, auth.
520 802.1X Management Command s NN47250-100 (Version 02 .51) Reauths While Authen ticating Number of time s that the WSS state wildc ard transitions from A U THENTICA TING to ABOR TING, as a result of a reauthentication re quest (reAuthenticat e = TR UE).
521 Nortel WLAN—Security Switch 2300 Series Command Line Reference RF Detection Commands WSS Software automatically performs RF detection scans on enabled and di sabled radios to detect rogue access points.
522 RF Detection Commands NN47250-100 (Version 02 .51) clear rfdetect attack-list Removes a MAC address from the attack list. Syntax clear rfdetect attack-list mac-addr Defaults None.
RF Detection Commands 523 Nortel WLAN—Security Switch 2300 Series Command Line Reference clear rfdetect ignore Removes a device from the ignore list fo r RF scans. WSS Software does not ge nerate log messages or traps for the devices in the ignore list .
524 RF Detection Commands NN47250-100 (Version 02 .51) clear rfdetect vendor-list Removes an entry from th e permitted vendor list. Syntax clear rfdetect vendor -list { client | ap } mac-addr | all Defaults None. Access Enabled. History Introduced in WSS Software V e rsion 4.
RF Detection Commands 525 Nortel WLAN—Security Switch 2300 Series Command Line Reference Examples The follow ing command adds MAC addr ess aa:bb:cc:44:55:6 6 to the at tack list: WSS# set rfdetect atta ck-list 1 1:22:33:44:55:66 success: MAC 1 1:22:33:44:55:66 is now in attacklis t.
526 RF Detection Commands NN47250-100 (Version 02 .51) Defaults WSS Software reports all non-Nortel B SSIDs detected during an RF scan. Access Enabled.
RF Detection Commands 527 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also show log buffer on page 579 set rfdetect signature Enables AP signatures. An AP signature is a set of bits in a management frame sent by an AP that identifies that AP to WSS Software.
528 RF Detection Commands NN47250-100 (Version 02 .51) Access Enabled. History Introduced in WSS Software V e rsion 4.0. Usage The permitted SSID list applies only to the WSS on which the list is configured.
RF Detection Commands 529 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also • clear rfdetect vendor-list on page 514 • show rfdetect vendor -list on page 531 show rfdetect attack-list Displays information about the MA C addresses in the attack list.
530 RF Detection Commands NN47250-100 (Version 02 .51) • set rfdetect black-list on page 515 show rfdetect clients Displays the wirel ess cl ients detected by a WSS. Syntax show rfdetect clients [ mac mac-addr ] Defaults None. Access Enabled. History Introduced in WSS Software V e rsion 4.
RF Detection Commands 531 Nortel WLAN—Security Switch 2300 Series Command Line Reference AP V e ndor Company that manufactures or sells the AP with which the rogue client is associat ed. Port/Radio/Channel Port number , radio number, and channel number of the radio that detected the rogue.
532 RF Detection Commands NN47250-100 (Version 02 .51) show rfdetect countermeasures Displays the current status of countermeas ur es against rogues in the Mobility Domain. Syntax show rfdetect countermeasures Defaults None. Access Enabled. History Usage This command is v alid only on the seed swi tch of the Mobility Doma in.
RF Detection Commands 533 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also set radio-profile countermeasur es on page 287 show rfdetect counters Displays statistics for rogue and Intrusion Detection System (IDS) activity detected by th e APs managed by a WSS.
534 RF Detection Commands NN47250-100 (Version 02 .51) 802.1 1 probe request fl ood 0 0 802.1 1 authentication flood 0 0 802.1 1 null data fl ood 0 0 802.1 1 mgmt type 6 flood 0 0 802.1 1 mgmt type 7 flood 0 0 802.1 1 mgmt type d flood 0 0 802.1 1 mgmt type e fl ood 0 0 802.
RF Detection Commands 535 Nortel WLAN—Security Switch 2300 Series Command Line Reference WSS # show rfdetect data T otal number of entries: 197 Flags: i = infrastructure, a = ad-hoc c = CCMP , t = T.
536 RF Detection Commands NN47250-100 (Version 02 .51) See Also • show rfdetect m obility- domain on page 526 • show rfdetect vi sible on page 531 show rfdetect ignore Displays the BSSIDs of third-party devices that WSS Softwa re ignores during RF sc ans.
RF Detection Commands 537 Nortel WLAN—Security Switch 2300 Series Command Line Reference History Usage This command is va lid only on the seed switch of the Mobility Doma in. T o display rogue information for an indi vidual switch, use the sho w rfdetect data command on that switch.
538 RF Detection Commands NN47250-100 (Version 02 .51) Device-type: interfering Adhoc: no Crypto-t ypes: clear RSSI: -76 SSID: nr tl -webaaa Two types of information are s hown. The lines that are not indented show the BSSID, vendor, and information about the SSID.
RF Detection Commands 539 Nortel WLAN—Security Switch 2300 Series Command Line Reference SSID SSID us ed by the dete cted device. T able 6: show rfdetect mobilit y-domain ssid or bssid Output Field Description BSSID MA C address of the SSID used by the detected de vice.
540 RF Detection Commands NN47250-100 (Version 02 .51) See Also • show rfdetect data on page 524 • show rfdetect vi sible on page 531 show rfdetect ssid-list Displays the entrie s in the perm itted SSID li st. Syntax show rfdetect ssid-list Defaults None.
RF Detection Commands 541 Nortel WLAN—Security Switch 2300 Series Command Line Reference mycorp corporate guest See Also • clear rfdetect ssid-list on page 513 • set rfdetect ssid-list on page 517 show rfdetect vendor-list Displays the entries in the permitted vendor list.
542 RF Detection Commands NN47250-100 (Version 02 .51) Syntax show rfdetect visible mac-addr Syntax show rfdetect visible ap ap-num [ radio { 1 | 2 }] Syntax show rfdetect visible ap ap-num [ radio { 1 | 2 }] Defaults None.
RF Detection Commands 543 Nortel WLAN—Security Switch 2300 Series Command Line Reference Table 83 describes the fields in this display. See Also • show rfdetect data on page 524 • show rfdetect .
544 RF Detection Commands NN47250-100 (Version 02 .51) Defaults None. Access Enabled. History Introduced in WSS Software V e rsion 5.0. Name of the command chan ged from test rflink to rfping in WSS Software V ersion 6.0. Usage Use this command to send test packets to a specified client.
545 Nortel WLAN—Security Switch 2300 Series Command Line Reference File Mana gement Commands Use file management commands to mana ge system files and to disp lay softwa re and boot information. This chapter presents file management comma nds alphabetically.
546 File Management Comma nds NN47250-100 (Version 02 .51) Syntax backup system [ tftp:/ ip-add r / ] fi lename [ all | critical ] Defaults The defau lt is all . Access Enabled. Usage Y ou can create an archive located on a TFTP server or in the switch’ s nonv olatile storage.
File Managemen t Commands 547 Nortel WLAN—Security Switch 2300 Series Command Line Reference clear boot backup-configuration Clears the filename specified as the ba ckup configuration file. In the event that WSS Software cannot read the configu- ration file at boot time, a backup configuration file is not used.
548 File Management Comma nds NN47250-100 (Version 02 .51) • Copies a file from a TFT P server to non volatile storage. • Copies a file from non volatile storage or temporary storage to a TFTP serv er . • Copies a file from one area in non v olatile storage to another .
File Managemen t Commands 549 Nortel WLAN—Security Switch 2300 Series Command Line Reference Examples The follo wing command copies a f ile called floorwss from non volatile s torage to a TFTP server: WSS# copy floorwss tftp://10.1.1.1/floorw ss success: sent 365 bytes in 0.
550 File Management Comma nds NN47250-100 (Version 02 .51) Syntax delete url Defaults None. Access Enabled. Usage Y ou might want to copy the file to a TFTP server as a backup befo re deleting the file.
File Managemen t Commands 551 Nortel WLAN—Security Switch 2300 Series Command Line Reference History Examples The follow ing command displays th e files in the root directory: WSS # dir ========== =.
552 File Management Comma nds NN47250-100 (Version 02 .51) The following command limits the output to the contents of the /tmp/cor e subdirectory: WSS # dir core: ========== =========== ======== ========== ========== =========== ========== ========= file: Filename Size Created core:command_audit.
File Managemen t Commands 553 Nortel WLAN—Security Switch 2300 Series Command Line Reference Syntax install soda agent agen t-f ile agent-dir ectory dir ectory Defaults None. Access Enabled. History Introduced in WSS Software V e rsion 4.1. Usage Use this comman d to instal l a .
554 File Management Comma nds NN47250-100 (Version 02 .51) Defaults The defau lt file loc ation is non v olatile st orage. If you do not specify a filename, WSS Softwa re uses the same configuration filena me that was used for the previous configuration load.
File Managemen t Commands 555 Nortel WLAN—Security Switch 2300 Series Command Line Reference Examples The follow ing command calculates the ch ecksum for image file WSS040003.020 in boot partition 0: pubs# md5 boot0:WSS040003.020 MD5 (boot0:WSS040003.
556 File Management Comma nds NN47250-100 (Version 02 .51) temporary files: Filename Si ze Creat ed T otal: 0 bytes used, 93537 Kbytes free See Also • dir on page 540 • rmdir on page 548 reset system Restarts a WSS and reboots the software. Syntax reset system [ force ] Defaults None.
File Managemen t Commands 557 Nortel WLAN—Security Switch 2300 Series Command Line Reference restore Unzips a system a rchive created by the backup command and copies the files from the archive onto the switch. Syntax res to re system [ tftp:/ ip-addr / ] filename [ all | critical ] [ forc e ] Defaults The defau lt is critical .
558 File Management Comma nds NN47250-100 (Version 02 .51) If the configuration running on the swit ch is different from the one in the archive or you renamed the configu- ration file, and you wa nt t.
File Managemen t Commands 559 Nortel WLAN—Security Switch 2300 Series Command Line Reference Syntax sav e config [ filename ] Defaults By default, WSS Software sav es the running conf iguration as the conf iguration filename used during the last reboot.
560 File Management Comma nds NN47250-100 (Version 02 .51) Examples The follo wing command sp ecif ies a f ile call ed backup.cfg as the backup conf iguration fi le on the WSS: WSS# set boot back up-conf igurati on backup.cfg success: backup boot config filename set.
File Managemen t Commands 561 Nortel WLAN—Security Switch 2300 Series Command Line Reference History Introduced in WSS Software V e rsion 1.1. Usage T o determine the boot partition th at was used to load the currently run ning software image, use the dir command.
562 File Management Comma nds NN47250-100 (Version 02 .51) See Also • clear boot config on page 537 • reset sy stem on page 546 • set boot configuration-f ile on page 550 • show version on pag.
File Managemen t Commands 563 Nortel WLAN—Security Switch 2300 Series Command Line Reference show config Displays the configuration running on the WSS.
564 File Management Comma nds NN47250-100 (Version 02 .51) Access Enabled. History Usage If you do not use one of the optiona l parameters, configuration comma nds that set nondef ault v alues are displayed for all conf iguration areas. If you specify an area, commands are displayed for that area only .
File Managemen t Commands 565 Nortel WLAN—Security Switch 2300 Series Command Line Reference Build Information : (build#67) TOP 2005-09-21 04:41:00 Model: WSS Hardware Mainboard: version 24 ; re vision 3 ; FPGA version 24 PoE board: version 1 ; FPGA v ersion 6 Serial number 0321300013 Flash: 5.
566 File Management Comma nds NN47250-100 (Version 02 .51) See Also show boot on page 551 uninstall soda agent Removes the contents of a dire ctory containing SODA agent files. Syntax uninstall soda agent agent-directory dir ectory Defaults None. Access Enabled.
File Managemen t Commands 567 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also • install soda agent on page 542 • set service-pr ofile soda mode on page 329.
568 File Management Comma nds NN47250-100 (Version 02 .51).
569 Nortel WLAN—Security Switch 2300 Series Command Line Reference T race Commands Use trace commands to perform diagnosti c routines. While WSS Software allows you to run many types of traces, this chapter describes commands for t hose traces you are most likely to use.
570 Trace Commands NN47250-100 (Version 02 .51) clear trace Deletes running trace commands and ends trace processes. Syntax clear trace { trace-ar ea | all } Defaults None.
Trace Commands 571 Nortel WLAN—Security Switch 2300 Series Command Line Reference History Introduced in WSS Software V e rsion 3.0. Examples T o sav e trace dat a into the file trace1 in the subdirectory tr aces , type the follo wing command: WSS# sa ve trace traces/trace1 set trace authentication Traces authentica tion information.
572 Trace Commands NN47250-100 (Version 02 .51) Syntax set trace auth orization [ mac-addr mac-addr ess ] [ port port-num ] [ user username ] [ lev el le vel ] Defaults The defau lt trace le vel is 5.
Trace Commands 573 Nortel WLAN—Security Switch 2300 Series Command Line Reference Defaults The defau lt trace le vel is 5. Access Enabled. Examples The follow ing command starts a trace for the 802.1X sessions for MA C address 00:01:02:03:04:05: WSS# set trace dot1x mac-addr 00 :01:02:03:04:05: success: change accepted.
574 Trace Commands NN47250-100 (Version 02 .51) show trace Displays information about traces that are currently configured on the WSS, or all possible trace options.
575 Nortel WLAN—Security Switch 2300 Series Command Line Reference Snoop Commands Use snoop commands to monitor wireless traffic, by using a AP as a sniffing device. The AP copies the sniffed 802.11 packets and sends the copies to an obser ver, which is typically a protocol anal yzer such as Ethereal or Tethere al.
576 Snoop Commands NN47250-100 (Version 02 .51) clear snoop map Removes a snoop filter from an AP radio. Examples clear snoop map filter -name ap ap-num radio { 1 | 2 } Defaults None.
Snoop Commands 577 Nortel WLAN—Security Switch 2300 Series Command Line Reference set snoop Configures a snoop filter. Syntax set snoop filter -name [ condition-li st ] [ observer ip-addr ] [ snap-length num ] Defaults No snoop filters are conf igured by default.
578 Snoop Commands NN47250-100 (Version 02 .51) History Usage T raf fic that matches a snoop filter is copied after it is decrypted. The decrypted (clear) version is sent to the observer . For best results: • Do not specify an observer that is associated wi th the AP where the snoop filter is running.
Snoop Commands 579 Nortel WLAN—Security Switch 2300 Series Command Line Reference Defaults Snoop filters are unmapped by def ault. Access Enabled. History Introduced in WSS Software V e rsion 4.0. Usage Y ou can map the same fi lter to more than one radio.
580 Snoop Commands NN47250-100 (Version 02 .51) Defaults Snoop filters are disabled by def ault. Access Enabled. History Introduced in WSS Software V e rsion 4.0. Usage The filter mode is not retained if you cha nge the filter conf iguration or disable and reenable the radio, or when the AP or the WSS is restart ed.
Snoop Commands 581 Nortel WLAN—Security Switch 2300 Series Command Line Reference show snoop info Shows the configured snoop filters. Syntax show snoop f ilter-name Defaults None.
582 Snoop Commands NN47250-100 (Version 02 .51) ap: 3 Radio: 2 See Also • clear snoop map on page 566 • set snoop map on page 568 • show snoop on page 570 show snoop stats Displays statis tics fo r enabled snoop filters. Examples show snoop stats [ f ilter-name [ ap-n um [ radio { 1 | 2 }]]] Defaults None.
Snoop Commands 583 Nortel WLAN—Security Switch 2300 Series Command Line Reference Table 88 describes the fields in this display. T able 1: show snoop stats Output Field Description Filter Name of the sno op fi lter . ap AP containing the radio to which the filter is mapped.
584 Snoop Commands NN47250-100 (Version 02 .51).
585 Nortel WLAN—Security Switch 2300 Series Command Line Reference System Log Commands Use the system log commands to record information for monitoring and tr oubleshooting. WSS Softwa re system logs are based on RFC 3164, which def ines the log protocol.
586 System Log Commands NN47250-100 (Version 02 .51) • set log on page 576 set log Enables or disables logging of WSS and AP events to the WSS log buffer or other logging destinati on and sets the level of the events logged. For logging to a syslog se rver only, you can also set the facility logged.
System Log Commands 587 Nortel WLAN—Security Switch 2300 Series Command Line Reference Defaults • Events at the error lev el and higher are logged to the WSS console. • Events at the error lev el and higher are logged to the WSS system b uffer .
588 System Log Commands NN47250-100 (Version 02 .51) Usage Using the command with only enable or disable turns logging on or off for the target at all le vels. For e xample, entering set log buffer enable with no other keyw ords turns on logging to the system buf fer of all fac ilities at all l ev els.
System Log Commands 589 Nortel WLAN—Security Switch 2300 Series Command Line Reference Examples The follow ing command enables mark messages: WSS# set log mark enable success: change accepted. See Also show log config on page 581 set log trace mbytes This comman d is deprecate d in WSS Software Version 4.
590 System Log Commands NN47250-100 (Version 02 .51) Defaults None. Access Enabled. History Usage The debug le v el produces a lot of messages, many of which can appear to be some what cryptic. Debug messages are used primarily by No rtel for troubleshooting and are no t intended for administrator use.
System Log Commands 591 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also • clear log on page 575 • show log conf ig on page 581 show log config Displays log configuration information. Syntax show log conf ig Defaults None.
592 System Log Commands NN47250-100 (Version 02 .51) Syntax show log trace [{ + | - | / } number -of-messages ] [ facili ty facility-name ] [ matching string ] [ sev erity severity-le vel ] Defaults None. Access Enabled. trace Displays the log messages in the trac e buf fer .
System Log Commands 593 Nortel WLAN—Security Switch 2300 Series Command Line Reference History Examples T ype the follo wing command to see the facilities for whic h you can view ev ent messages arc.
594 System Log Commands NN47250-100 (Version 02 .51).
595 Nortel WLAN—Security Switch 2300 Series Command Line Reference Boot Pr ompt Commands Boot prompt commands enable you to perform basic task s, including booting a sy stem image file, from the boot prompt (boot>). A CLI session enters the boot prom pt if WSS Software does not boot successfully or you intentionally interrupt the boot process.
596 Boot Prompt Commands NN47250-100 (Version 02 .51) autoboot Displays or changes the state of the autoboot option. The autoboot option controls whether a WSS automatically boots a system image after initial izing the hardware , following a system reset or power cycle.
Boot Prompt Commands 597 Nortel WLAN—Security Switch 2300 Series Command Line Reference boot Loads and executes a sy stem image file. Syntax boot [ BT= type ] [ DEV= device ] [ FN= fil en a me ] [ HA= ip-addr ] [ FL= num ] [ OPT= option ] [ OPT+= option ] Defaults The boot settings in the currently ac tive boot prof ile are used by default.
598 Boot Prompt Commands NN47250-100 (Version 02 .51) Usage If you use an optional parameter , the parameter setting overrides the settin g of the same parameter in the currently acti ve boot prof ile. Ho we ver , the boot prof il e itself is not changed.
Boot Prompt Commands 599 Nortel WLAN—Security Switch 2300 Series Command Line Reference Access Boot prompt. Usage After you type the change command , the system interac tiv ely di splays the c urrent setting of each parameter and prompts you for the ne w setti ng.
600 Boot Prompt Commands NN47250-100 (Version 02 .51) create Creates a new boot profile. (For in formation about boot profiles, see show on page 596 .) Syntax create Defaults The new boot prof ile has the same settings as the currently acti ve boot prof ile by default.
Boot Prompt Commands 601 Nortel WLAN—Security Switch 2300 Series Command Line Reference Examples T o remo ve t he currently acti ve bo ot prof ile, type the follo wing command: boot> delete BOOT .
602 Boot Prompt Commands NN47250-100 (Version 02 .51) diag Accesses the diagnostic mode. Syntax diag Defaults The diagnostic mode is disabled by def ault. Access Boot prompt. Usage Access to the diagnostic mode requi res a password, which is not user conf igurable.
Boot Prompt Commands 603 Nortel WLAN—Security Switch 2300 Series Command Line Reference fver Displays the version of a system image file installed in a specific loc ation on a WSS. Syntax fver { c: | d: | e: | f: | boot0: | boot1: } [ filename ] Defaults None.
604 Boot Prompt Commands NN47250-100 (Version 02 .51) Examples The follow ing command displays detailed information for the fver command: boot> help fver fver Display the vers ion of the specified de vice:filename.
Boot Prompt Commands 605 Nortel WLAN—Security Switch 2300 Series Command Line Reference See Also help on page 593 next Activates and displays the boot profile in the next boot profile slot. (For informati on about boot profiles, see show on page 596 .
606 Boot Prompt Commands NN47250-100 (Version 02 .51) boot> re se t Nortel WSS Bootstrap 1.17 Release T esting Low Memory 1 ............ T esting Low Memory 2 ............ CISTPL_VERS_ 1: 4.1 <SanDisk> <SDP> <5/3 0.6> Reset Cause (0x02) is COLD Nortel WSS Bootstrap/Bootloader V ersion 1.
Boot Prompt Commands 607 Nortel WLAN—Security Switch 2300 Series Command Line Reference Examples T o display the currently activ e boot prof il e, type the follo wing command at the boot prompt: boo.
608 Boot Prompt Commands NN47250-100 (Version 02 .51) See Also • change on page 588 • create on page 590 • delete on page 590 • dhcp on page 591 DEVICE Location of the system image f ile: • .
Boot Prompt Commands 609 Nortel WLAN—Security Switch 2300 Series Command Line Reference • next on page 595 test Displays or changes the state of the poweron test flag. The pow eron test flag controls whet her a WSS performs a set of self tests prior to the boot process.
610 Boot Prompt Commands NN47250-100 (Version 02 .51) Bootloader 1 version: 1.6.3 WSS Board Revision: 3. WSS Controller Revision: 24. POE Board Revision: 1 POE Controller Revision : 6 See Also • dir.
Nortel WLAN Se curity Switch 230 0 Series Comma nd Line Refere nce 611 Command Inde x Numerics 84100 CommandName clear ap radio 237 A access levels, command line 17 administrative access mode 9 advisory notices, explanations of 7 all access 17 asterisk s (*) in MAC addresses 12 in user globs 12 asterisks.
612 Command Index NN47250-100 (3 20658-G Version 0 2.51) clear port type 27 clear port-group 25 clear prompt 55 clear radio-profile 242 clear radius 483 clear radius client system-ip 484 clear radius .
Command Index 613 Nor tel WLAN Security Switch 2300 Series Command Line Ref erence D delete 539, 590 delimiter characters, for user globs 12 dhcp 591 diag 592 dir 540, 592 disable 19 documentation, pr.
614 Command Index NN47250-100 (3 20658-G Version 0 2.51) P password invalid for last-resort users 206 ping 107 port lists conventions for 14 product documentation 6 Q quickstart 57 quit 20 R reset 595.
Command Index 615 Nor tel WLAN Security Switch 2300 Series Command Line Ref erence set igmp 416 set igmp lmqi 416 set igmp mrouter 417 set igmp mrsol 417 set igmp mrsol mrsi 418 set igmp oqi 418 set i.
616 Command Index NN47250-100 (3 20658-G Version 0 2.51) set radio-profile max-t x-lifetime 290 set radio-profile mode 291 set radio-profile preamble-length 294 set radio-profile psk-phrase 294 set ra.
Command Index 617 Nor tel WLAN Security Switch 2300 Series Command Line Ref erence set spantree maxage 395 set spantree portcost 395 set spantree portfast 396 set spantree portpri 397 set spantree por.
618 Command Index NN47250-100 (3 20658-G Version 0 2.51) show rfdetect counters 523 show rfdetect data 524 show rfdetect ignore 526 show rfdetect mobility-domain 526 show rfdetect ssid-list 530 show r.
Command Index 619 Nor tel WLAN Security Switch 2300 Series Command Line Ref erence in MAC addresses 12 in user globs 12 in VLAN globs 14.
620 Command Index NN47250-100 (3 20658-G Version 0 2.51).
.
Nortel WLAN—Security Switch 2300 Series Command Line Reference Nortel WLAN—Security Switch 2300 Series Release 6.0.7 Document Number: NN47250-100 Document Stat us: Standar d Document V ersion: 02.
Un punto importante, dopo l’acquisto del dispositivo (o anche prima di acquisto) è quello di leggere il manuale. Dobbiamo farlo per diversi motivi semplici:
 
                Se non hai ancora comprato il Nortel Networks 2300 Series è un buon momento per familiarizzare con i dati di base del prodotto. Prime consultare le pagine iniziali del manuale d’uso, che si trova al di sopra. Dovresti trovare lì i dati tecnici più importanti del Nortel Networks 2300 Series - in questo modo è possibile verificare se l’apparecchio soddisfa le tue esigenze. Esplorando le pagine segenti del manuali d’uso Nortel Networks 2300 Series imparerai tutte le caratteristiche del prodotto e le informazioni sul suo funzionamento. Le informazioni sul Nortel Networks 2300 Series ti aiuteranno sicuramente a prendere una decisione relativa all’acquisto.
In una situazione in cui hai già il Nortel Networks 2300 Series, ma non hai ancora letto il manuale d’uso, dovresti farlo per le ragioni sopra descritte. Saprai quindi se hai correttamente usato le funzioni disponibili, e se hai commesso errori che possono ridurre la durata di vita del Nortel Networks 2300 Series.
Tuttavia, uno dei ruoli più importanti per l’utente svolti dal manuale d’uso è quello di aiutare a risolvere i problemi con il Nortel Networks 2300 Series. Quasi sempre, ci troverai Troubleshooting, cioè i guasti più frequenti e malfunzionamenti del dispositivo Nortel Networks 2300 Series insieme con le istruzioni su come risolverli. Anche se non si riesci a risolvere il problema, il manuale d’uso ti mostrerà il percorso di ulteriori procedimenti – il contatto con il centro servizio clienti o il servizio più vicino.