Hewlett Packard Enterprise WL546 Wireless 8760 Dual Radio 11a/b/g PoE Access Point User Manual WA6102X 2 32 UG booK

Hewlett-Packard Company Wireless 8760 Dual Radio 11a/b/g PoE Access Point WA6102X 2 32 UG booK

UserManual.wiki >

Hewlett Packard Enterprise >

WL546 User Manual >

Users Manual2

1. Users Manual1
2. Users Manual2

Users Manual2

4-73SecurityHTTP Server: Shows if management access via HTTP is enabled.HTTP Server Port: Shows the TCP port used by the HTTP interface.Version: Shows the software version number.802.1X: Shows if IEEE 802.1X access control for wireless clients is enabled.AP Wireless Configuration – The AP Wireless Configuration tables display the radio and VAP interface settings listed below. Note that Interface Wireless A refers to the 802.11a radio and Interface Wireless G refers the 802.11b/g radio.VAP: Displays the VAP number.Radio Status: Displays if the radio is enabled or disabled for this VAP.SSID: The service set identifier for the VAP interface.Radio Channel: The radio channel through which the access point communicates with wireless clients.Radio Encryption: The key size used for data encryption.Radio Auth. Type: Shows the type of authentication used.Output Antenna: Displays which antenna/e are in use by the VAP.MAC: The physical layer address of the radio interface.Station StatusThe Station Status window shows the wireless clients currently associated with the access point.Figure 37 Station StatusThe Station Configuration page displays basic connection information for all associated stations as described below. Note that this page is automatically refreshed every five seconds. Station Address: The MAC address of the wireless client.Authenticated: Shows if the station has been authenticated. The two basic methods of authentication supported for 802.11 wireless networks are “open

4-74CHAPTER 4: SYSTEM CONFIGURATIONsystem” and “shared key.” Open-system authentication accepts any client attempting to connect to the access point without verifying its identity. The shared-key approach uses Wired Equivalent Privacy (WEP) to verify client identity by distributing a shared key to stations before attempting authentication.Associated: Shows if the station has been successfully associated with the access point. Once authentication is completed, stations can associate with the current access point, or reassociate with a new access point. The association procedure allows the wireless system to track the location of each mobile client, and ensure that frames destined for each client are forwarded to the appropriate access point.Forwarding Allowed: Shows if the station has passed 802.1X authentication and is now allowed to forward traffic to the access point.Key Type – Displays one of the following:• WEP Disabled – The client is not using Wired Equivalent Privacy (WEP) encryption keys.• Dynamic – The client is using Wi-Fi Protected Access (802.1X or pre-shared key mode) or using 802.1X authentication with dynamic keying.• Static – The client is using static WEP keys for encryption.Event LogsThe Event Logs window shows the log messages generated by the access point and stored in memory.Figure 38 Event LogsThe Event Logs table displays the following information:Log Time: The time the log message was generated.Event Level: The logging level associated with this message. For a description of the various levels, see “logging level” on page 4-46.Event Message: The content of the log message.Error Messages – An example of a logged error message is: “Station Failed to authenticate (unsupported algorithm).”This message may be caused by any of the following conditions:

4-75SecurityAccess point was set to “Open Authentication”, but a client sent an authentication request frame with a “Shared key.”Access point was set to “Shared Key Authentication,” but a client sent an authentication frame for “Open System.”WEP keys do not match: When the access point uses “Shared Key Authentication,” but the key used by client and access point are not the same, the frame will be decrypted incorrectly, using the wrong algorithm and sequence number.

5-775COMMAND LINE INTERFACEUSING THE COMMAND LINE INTERFACEACCESSING THE CLIWhen accessing the management interface for the over a direct connection to the console port, or via a Telnet connection, the access point can be managed by entering command keywords and parameters at the prompt. Using the access point’s command-line interface (CLI) is very similar to entering commands on a UNIX system.CONSOLE CONNECTIONTo access the access point through the console port, perform these steps:1. At the console prompt, enter the user name and password. (The default user name is “admin” and the default password is “password”) When the user name is entered, the CLI displays the “Enterprise AP#” prompt. 2. Enter the necessary commands to complete your desired tasks. 3. When finished, exit the session with the “exit” command.After connecting to the system through the console port, the login screen displays:Username: adminPassword: Enterprise AP#NOTE: Command examples shown later in this chapter abbreviate the console prompt to “AP” for simplicity.

5-78CHAPTER 5: COMMAND LINE INTERFACETelnet ConnectionTelnet operates over the IP transport protocol. In this environment, your management station and any network device you want to manage over the network must have a valid IP address. Valid IP addresses consist of four numbers, 0 to 255, separated by periods. Each address consists of a network portion and host portion. For example, if the access point cannot acquire an IP address from a DHCP server, the default IP address used by the access point, 168.254.2.1, consists of a network portion (168.254.2) and a host portion (1).To access the access point through a Telnet session, you must first set the IP address for the access point, and set the default gateway if you are managing the access point from a different IP subnet. For example:If your corporate network is connected to another network outside your office or to the Internet, you need to apply for a registered IP address. However, if you are attached to an isolated network, then you can use any IP address that matches the network segment to which you are attached.After you configure the access point with an IP address, you can open a Telnet session by performing these steps.1. From the remote host, enter the Telnet command and the IP address of the device you want to access. 2. At the prompt, enter the user name and system password. The CLI will display the “Enterprise AP#” prompt to show that you are using executive access mode (i.e., Exec). 3. Enter the necessary commands to complete your desired tasks. 4. When finished, exit the session with the “quit” or “exit” command. After entering the Telnet command, the login screen displays:Enterprise AP#configureEnterprise AP(config)#interface ethernetEnterprise AP(if-ethernet)#ip address 10.1.0.1 255.255.255.0 10.1.0.254Enterprise AP(if-ethernet)#Username: adminPassword: Enterprise AP#NOTE: You can open up to four sessions to the device via Telnet.

5-79Using the Command Line InterfaceENTERING COMMANDSThis section describes how to enter CLI commands.Keywords and ArgumentsA CLI command is a series of keywords and arguments. Keywords identify a command, and arguments specify configuration parameters. For example, in the command “show interfaces ethernet,” show and interfaces are keywords, and ethernet is an argument that specifies the interface type.You can enter commands as follows:• To enter a simple command, enter the command keyword. • To enter commands that require parameters, enter the required parameters after the command keyword. For example, to set a password for the administrator, enter:Enterprise AP(config)#username smithMinimum AbbreviationThe CLI will accept a minimum number of characters that uniquely identify a command. For example, the command “configure” can be entered as con. If an entry is ambiguous, the system will prompt for further input.Command CompletionIf you terminate input with a Tab key, the CLI will print the remaining characters of a partial keyword up to the point of ambiguity. In the “configure” example, typing con followed by a tab will result in printing the command up to “configure.”Getting Help on CommandsYou can display a brief description of the help system by entering the help command. You can also display command syntax by following a command with the “?” character to list keywords or parameters.

5-80CHAPTER 5: COMMAND LINE INTERFACEShowing CommandsIf you enter a “?” at the command prompt, the system will display the first level of keywords for the current configuration mode (Exec, Global Configuration, or Interface). You can also display a list of valid keywords for a specific command. For example, the command “show ?” displays a list of possible show commands:The command “show interface ?” will display the following information:Partial Keyword LookupIf you terminate a partial keyword with a question mark, alternatives that match the initial letters are provided. (Remember not to leave a space between the command and question mark.) For example “s?” shows all the keywords starting with “s.”Enterprise AP#show ? APmanagement Show management AP information. authentication Show Authentication parameters bootfile Show bootfile name bridge Show bridge config System snapshot for tech support dhcp-relay Show DHCP Relay Configuration event-log Show event log on console filters Show filters hardware Show hardware version history Display the session history interface Show interface information line TTY line information link-integrity Show link integrity information logging Show the logging buffers radius Show radius server rogue-ap Show Rogue ap Stations snmp Show snmp configuration sntp Show sntp configuration station Show 802.11 station table system Show system information version Show system versionEnterprise AP#showEnterprise AP#show interface ? ethernet Show Ethernet interface wireless Show wireless interface <cr>Enterprise AP#show interfaceEnterprise AP#show s?snmp sntp station systemEnterprise AP#show s

5-81Using the Command Line InterfaceNegating the Effect of CommandsFor many configuration commands you can enter the prefix keyword “no” to cancel the effect of a command or reset the configuration to the default value. For example, the logging command will log system messages to a host server. To disable logging, specify the no logging command. This guide describes the negation effect for all applicable commands.Using Command HistoryThe CLI maintains a history of commands that have been entered. You can scroll back through the history of commands by pressing the up arrow key. Any command displayed in the history list can be executed again, or first modified and then executed. Using the show history command displays a longer list of recently executed commands. Understanding Command ModesThe command set is divided into Exec and Configuration classes. Exec commands generally display information on system status or clear statistical counters. Configuration commands, on the other hand, modify interface parameters or enable certain functions. These classes are further divided into different modes. Available commands depend on the selected mode. You can always enter a question mark “?” at the prompt to display a list of the commands available for the current mode. The command classes and associated modes are displayed in the following table:Table 7 Command ModesExec CommandsWhen you open a new console session on an access point, the system enters Exec command mode. Only a limited number of the commands are available in this mode. You can access all other commands only from the configuration mode. To access Exec mode, open a new console session with the user name “admin.” The command prompt displays as “Enterprise AP#” for Exec mode. Class ModeExec PrivilegedConfiguration GlobalInterface-ethernetInterface-wirelessInterface-wireless-vapUsername: adminPassword: [system login password]Enterprise AP#

5-82CHAPTER 5: COMMAND LINE INTERFACEConfiguration CommandsConfiguration commands are used to modify access point settings. These commands modify the running configuration and are saved in memory. The configuration commands are organized into four different modes:• Global Configuration (GC) - These commands modify the system level configuration, and include commands such as username and password. • Interface-Ethernet Configuration (IC-E) - These commands modify the Ethernet port configuration, and include command such as dns and ip.• Interface-Wireless Configuration (IC-W) - These commands modify the wireless port configuration of global parameters for the radio, and include commands such as channel and transmit-power.• Interface-Wireless Virtual Access Point Configuration (IC-W-VAP) - These commands modify the wireless port configuration for each VAP, and include commands such as ssid and authentication.To enter the Global Configuration mode, enter the command configure in Exec mode. The system prompt will change to “Enterprise AP(config)#” which gives you access privilege to all Global Configuration commands.To enter Interface mode, you must enter the “interface ethernet,” or “interface wireless a,” or “interface wireless g” command while in Global Configuration mode. The system prompt will change to “Enterprise AP(if-ethernet)#,” or Enterprise AP(if-wireless)” indicating that you have access privileges to the associated commands. You can use the end command to return to the Exec mode.Command Line ProcessingCommands are not case sensitive. You can abbreviate commands and parameters as long as they contain enough letters to differentiate them from any other currently available commands or parameters. You can use the Tab key to complete partial commands, or enter a partial command followed by the “?” character to display a list of possible matches. You can also use the following editing keystrokes for command-line processing:Enterprise AP#configureEnterprise AP(config)#Enterprise AP(config)#interface ethernetEnterprise AP(if-ethernet)#

5-83Using the Command Line InterfaceTable 8 Keystroke CommandsCOMMAND GROUPSThe system commands can be broken down into the functional groups shown below.Table 9 Command GroupsKeystroke FunctionCtrl-A Shifts cursor to start of command line. Ctrl-B Shifts cursor to the left one character.Ctrl-C Terminates a task and displays the command prompt.Ctrl-E Shifts cursor to end of command line.Ctrl-F Shifts cursor to the right one character.Ctrl-K Deletes from cursor to the end of the command line.Ctrl-L Repeats current command line on a new line.Ctrl-N Enters the next command line in the history buffer.Ctrl-P Shows the last command.Ctrl-R Repeats current command line on a new line.Ctrl-U Deletes the entire line.Ctrl-W Deletes the last word typed.Esc-B Moves the cursor backward one word.Esc-D Deletes from the cursor to the end of the word.Esc-F Moves the cursor forward one word.Delete key or backspace key Erases a mistake when entering a command.Command Group Description PageGeneral Basic commands for entering configuration mode, restarting the system, or quitting the CLI 5-84System Management Controls user name, password, web browser management options, and a variety of other system information 5-89System Logging Configures system logging parameters 5-108System Clock Configures SNTP and system clock settings 5-113DHCP Relay Configures the access point to send DHCP requests from clients to specified servers5-118SNMP Configures community access strings and trap managers 5-120Flash/File Manages code image or access point configuration files 5-136RADIUS Configures the RADIUS client used with 802.1X authentication 5-140802.1X Authentication Configures 802.1X authentication 5-146MAC Address Authentication Configures MAC address authentication 5-152Filtering Filters communications between wireless clients, controls access to the management interface from wireless clients, and filters traffic using specific Ethernet protocol types5-155

5-84CHAPTER 5: COMMAND LINE INTERFACEThe access mode shown in the following tables is indicated by these abbreviations: Exec (Executive Mode), GC (Global Configuration), IC-E (Interface-Ethernet Configuration), IC-W (Interface-Wireless Configuration), and IC-W-VAP (Interface-Wireless VAP Configuration).General CommandsTable 10 General CommandsconfigureThis command activates Global Configuration mode. You must enter this mode to modify most of the settings on the access point. You must also enter Global Configuration mode prior to enabling the context modes for Interface Configuration. See “Using the Command Line Interface” on page 77.WDS Bridge Configures WDS forwarding table settings 5-160Spanning Tree Configures spanning tree parameters 5-167Ethernet Interface Configures connection parameters for the Ethernet interface 5-173Wireless Interface Configures radio interface settings 5-179Wireless Security Configures radio interface security and encryption settings 5-201Rogue AP Detection Configures settings for the detection of rogue access points in the network5-201Link Integrity Configures a link check to a host device on the wired network 5-217IAPP Enables roaming between multi-vendor access points 5-220VLANs Configures VLAN membership 5-221WMM Configures WMM quality of service parameters 5-224Command Function Mode Pageconfigure Activates global configuration mode Exec 5-84end Returns to previous configuration mode GC, IC 5-85exit Returns to the previous configuration mode, or exits the CLI any 5-86ping Sends ICMP echo request packets to another node on the network Exec 5-86reset Restarts the system Exec 5-87show history Shows the command history buffer Exec 5-88show line Shows the configuration settings for the console port Exec 5-88Command Group Description Page

5-85Using the Command Line InterfaceDefault Setting NoneCommand Mode ExecExample Related Commands end (5-85)endThis command returns to the previous configuration mode.Default Setting NoneCommand Mode Global Configuration, Interface ConfigurationExample This example shows how to return to the Configuration mode from the Interface Configuration mode:Enterprise AP#configureEnterprise AP(config)#Enterprise AP(if-ethernet)#endEnterprise AP(config)#

5-86CHAPTER 5: COMMAND LINE INTERFACEexitThis command returns to the Exec mode or exits the configuration program.Default Setting NoneCommand Mode AnyExample This example shows how to return to the Exec mode from the Interface Configuration mode, and then quit the CLI session:pingThis command sends ICMP echo request packets to another node on the network.Syntax ping <host_name | ip_address> •host_name - Alias of the host. •ip_address - IP address of the host.Default Setting NoneCommand Mode ExecCommand Usage • Use the ping command to see if another site on the network can be reached. • The following are some results of the ping command: -Normal response - The normal response occurs in one to ten seconds, depending on network traffic. -Destination does not respond - If the host does not respond, a “timeout” appears in ten seconds. Enterprise AP(if-ethernet)#exitEnterprise AP#exitCLI session with the Access Point is now closedUsername:

5-87Using the Command Line Interface-Destination unreachable - The gateway for this destination indicates that the destination is unreachable. -Network or host unreachable - The gateway found no corresponding entry in the route table. • Press <Esc> to stop pinging.Example resetThis command restarts the system or restores the factory default settings.Syntax reset <board | configuration> •board - Reboots the system. •configuration - Resets the configuration settings to the factory defaults, and then reboots the system.Default Setting NoneCommand Mode ExecCommand Usage When the system is restarted, it will always run the Power-On Self-Test. Example This example shows how to reset the system:Enterprise AP#ping 10.1.0.19192.254.2.19 is aliveEnterprise AP#Enterprise AP#reset boardReboot system now? <y/n>: y

5-88CHAPTER 5: COMMAND LINE INTERFACEshow historyThis command shows the contents of the command history buffer.Default Setting NoneCommand Mode ExecCommand Usage • The history buffer size is fixed at 10 commands.• Use the up or down arrow keys to scroll through the commands in the history buffer.Example In this example, the show history command lists the contents of the command history buffer:show lineThis command displays the console port’s configuration settings.Command Mode ExecExampleThe console port settings are fixed at the values shown below.Enterprise AP#show history config exit show historyEnterprise AP#Enterprise AP#show lineConsole Line Information====================================================== databits : 8 parity : none speed : 9600 stop bits : 1======================================================Enterprise AP#

5-89Using the Command Line InterfaceSystem Management CommandsThese commands are used to configure the user name, password, system logs, browser management options, clock settings, and a variety of other system information.Table 11 System Management CommandsCommand Function Mode PageCountry Settingcountry Sets the access point country code Exec 5--90Device Designationprompt Customizes the command line prompt GC 5--91system name Specifies the host name for the access point GC 5-92snmp-server contact Sets the system contact string GC 5-121snmp-server location Sets the system location string GC 5-122Management Access username Configures the user name for management access GC 5-92password Specifies the password for management access GC 5-93ip ssh-server enable Enables the Secure Shell server IC-E 5-93ip ssh-server port Sets the Secure Shell port IC-E 5-94ip telnet-server enable Enables the Telnet server IC-E 5-94APmgmtIP Specifies an IP address or range of addresses allowed access to the management interfaceGC 5-99APmgmtUI Enables or disables SNMP, Telnet or web management access GC 5-100show APmanagement Shows the AP management configuration Exec 5-101Web Serverip http port Specifies the port to be used by the web browser interface GC 5-95ip http server Allows the access point to be monitored or configured from a browser GC 5-95ip https port Specifies the UDP port number used for a secure HTTP connection to the access point’s Web interfaceGC 5-96ip https server Enables the secure HTTP server on the access point GC 5-97web-redirect Enables web authentication of clients using a public access Internet service GC 5-98System Statusshow system Displays system information Exec 5-102show version Displays version information for the system Exec 5-103show config Displays detailed configuration information for the system Exec 5-103show hardware Displays the access point’s hardware version Exec 5-108

5-90CHAPTER 5: COMMAND LINE INTERFACEcountryThis command configures the access point’s country code, which identifies the country of operation and sets the authorized radio channels. Syntax country <country_code>country_code - A two character code that identifies the country of operation. See the following table for a full list of codes.Table 12 Country CodesCountry Code Country Code Country Code Country CodeAlbania AL Dominican RepublicDO Kuwait KW Romania ROAlgeria DZ Ecuador EC Latvia LV Russia RUArgentina AR Egypt EG Lebanon LB Saudi Arabia SAArmenia AM Estonia EE Liechtenstein LI Singapore SGAustralia AU Finland FI Lithuania LT Slovak Republic SKAustria AT France FR Macao MO Spain ESAzerbaijan AZ Georgia GE Macedonia MK Sweden SEBahrain BH Germany DE Malaysia MY Switzerland CHBelarus BY Greece GR Malta MT Syria SYBelgium BE Guatemala GT Mexico MX Ta iw an TWHonduras HN Monaco MC Thailand THBelize BZ Hong Kong HK Morocco MA Trinidad & TobagoTTBolivia BO Hungary HU Netherlands NL Tunisia TNBrazil BR Iceland IS New Zealand NZ Turkey TRBrunei Darussalam BN India IN Norway NO Ukraine UABulgaria BG Indonesia ID Qatar QA United Arab EmiratesAECanada CA Iran IR Oman OM United Kingdom GBChile CL Ireland IE Pakistan PK United States USChina CN Israel IL Panama PA Uruguay UYColombia CO Italy IT Peru PE Uzbekistan UZ

5-91Using the Command Line InterfaceDefault Setting US - for units sold in the United States 99 (no country set) - for units sold in other countriesCommand Mode ExecCommand Usage• If you purchased an access point outside of the United States, the country code must be set before radio functions are enabled.• The available Country Code settings can be displayed by using the country ? command.Example promptThis command customizes the CLI prompt. Use the no form to restore the default prompt.Syntax prompt <string> no promptstring - Any alphanumeric string to use for the CLI prompt. (Maximum length: 32 characters)Costa Rica CR Japan JP Philippines PH Yemen YECroatia HR Jordan JO Poland PL Venezuela VECyprus CY Kazakhstan KZ Portugal PT Vietnam VNCzech Republic CZ North Korea KP Puerto Rico PR Zimbabwe ZWDenmark DK Korea Republic KR Slovenia SIElsalvador SV Luxembourg LU South Africa ZAEnterprise AP#country twEnterprise AP#Country Code Country Code Country Code Country Code

5-92CHAPTER 5: COMMAND LINE INTERFACEDefault Setting Enterprise APCommand Mode Global ConfigurationExample system nameThis command specifies or modifies the system name for this device. Use the no form to restore the default system name.Syntax system name <name> no system namename - The name of this host. (Maximum length: 32 characters)Default Setting Enterprise APCommand Mode Global ConfigurationExample usernameThis command configures the user name for management access.Syntax username <name>name - The name of the user. (Length: 3-16 characters, case sensitive)Enterprise AP(config)#prompt RD2RD2(config)#Enterprise AP(config)#system name APEnterprise AP(config)#

5-93Using the Command Line InterfaceDefault Setting adminCommand Mode Global ConfigurationExamplepasswordAfter initially logging onto the system, you should set the password. Remember to record it in a safe place. Use the no form to reset the default password.Syntax password <password> no passwordpassword - Password for management access. (Length: 3-16 characters, case sensitive) Default Setting nullCommand Mode Global ConfigurationExample ip ssh-server enable This command enables the Secure Shell server. Use the no form to disable the server.Syntax ip ssh-server enable no ip ssh-serverDefault Setting DisabledEnterprise AP(config)#username bobEnterprise AP(config)#Enterprise AP(config)#password Enterprise AP(config)#

5-94CHAPTER 5: COMMAND LINE INTERFACECommand Mode Interface Configuration (Ethernet)Command Usage • The access point supports Secure Shell version 2.0 only.• After boot up, the SSH server needs about two minutes to generate host encryption keys. The SSH server is disabled while the keys are being generated. The show system command displays the status of the SSH server.Exampleip ssh-server port This command sets the Secure Shell server port. Use the no form to disable the server.Syntax ip ssh-server port <port-number>•port-number - The UDP port used by the SSH server. (Range: 1-65535)Default Setting 22Command Mode Interface Configuration (Ethernet)Exampleip telnet-server enable This command enables the Telnet server. Use the no form to disable the server.Syntax ip telnet-server enable no ip telnet-serverDefault Setting Interface enabledEnterprise AP(if-ethernet)#ip ssh-server enableEnterprise AP(if-ethernet)#Enterprise AP(if-ethernet)#ip ssh-server port 1124Enterprise AP(if-ethernet)#

5-95Using the Command Line InterfaceCommand Mode Interface Configuration (Ethernet)Exampleip http portThis command specifies the TCP port number used by the web browser interface. Use the no form to use the default port.Syntax ip http port <port-number> no ip http portport-number - The TCP port to be used by the browser interface. (Range: 1024-65535)Default Setting 80Command Mode Global ConfigurationExampleRelated Commandsip http server (5-95)ip http serverThis command allows this device to be monitored or configured from a browser. Use the no form to disable this function.Syntax [no] ip http serverDefault Setting EnabledEnterprise AP(if-ethernet)#ip telnet-server enableEnterprise AP(if-ethernet)#Enterprise AP(config)#ip http port 769Enterprise AP(config)#

5-96CHAPTER 5: COMMAND LINE INTERFACECommand Mode Global ConfigurationExample Related Commandsip http port (5-95)ip https portUse this command to specify the UDP port number used for HTTPS/SSL connection to the access point’s Web interface. Use the no form to restore the default port.Syntax ip https port <port_number> no ip https portport_number – The UDP port used for HTTPS/SSL. (Range: 80, 1024-65535)Default Setting 443Command Mode Global ConfigurationCommand Usage • You cannot configure the HTTP and HTTPS servers to use the same port.• To avoid using common reserved TCP port numbers below 1024, the configurable range is restricted to 443 and between 1024 and 65535. • If you change the HTTPS port number, clients attempting to connect to the HTTPS server must specify the port number in the URL, in this format: https://device:port_numberExample Enterprise AP(config)#ip http serverEnterprise AP(config)#Enterprise AP(config)#ip https port 1234Enterprise AP(config)#

5-97Using the Command Line Interfaceip https serverUse this command to enable the secure hypertext transfer protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an encrypted connection) to the access point’s Web interface. Use the no form to disable this function.Syntax [no] ip https serverDefault Setting DisabledCommand Mode Global ConfigurationCommand Usage • Both HTTP and HTTPS service can be enabled independently.• If you enable HTTPS, you must indicate this in the URL: https://device:port_number]• When you start HTTPS, the connection is established in this way:- The client authenticates the server using the server’s digital certificate.- The client and server negotiate a set of security protocols to use for the connection.- The client and server generate session keys for encrypting and decrypting data.• The client and server establish a secure encrypted connection. A padlock icon should appear in the status bar for Internet Explorer 5.x.Example Enterprise AP(config)#ip https serverEnterprise AP(config)#

5-98CHAPTER 5: COMMAND LINE INTERFACEweb-redirectUse this command to enable web-based authentication of clients. Use the no form to disable this function.Syntax [no] web-redirectDefault Setting DisabledCommand Mode Global ConfigurationCommand Usage • The web redirect feature is used to support billing for a public access wireless network. After successful association to an access point, a client is “redirected” to an access point login web page as soon as Internet access is attempted. The client is then authenticated by entering a user name and password on the web page. This process allows controlled access for clients without requiring 802.1X or MAC authentication.• Web redirect requires a RADIUS server on the wired network with configured user names and passwords for authentication. The RADIUS server details must also be configured on the access point. (See “show bootfile” on page 140.)•Use the show system command to display the current web redirect status.Example Enterprise AP(config)#web-redirectEnterprise AP(config)#

5-99Using the Command Line InterfaceAPmgmtIPThis command specifies the client IP addresses that are allowed management access to the access point through various protocols.SyntaxAPmgmtIP <multiple IP_address subnet_mask | single IP_address | any> •multiple - Adds IP addresses within a specifiable range to the SNMP, web and Telnet groups.•single - Adds an IP address to the SNMP, web and Telnet groups.•any - Allows any IP address access through SNMP, web and Telnet groups.•IP_address - Adds IP addresses to the SNMP, web and Telnet groups.•subnet_mask - Specifies a range of IP addresses allowed management access.Default SettingAll addressesCommand ModeGlobal ConfigurationCommand Usage• If anyone tries to access a management interface on the access point from an invalid address, the unit will reject the connection, enter an event message in the system log, and send a trap message to the trap manager.• IP address can be configured for SNMP, web and Telnet access respectively. Each of these groups can include up to five different sets of addresses, either individual addresses or address ranges.• When entering addresses for the same group (i.e., SNMP, web or Telnet), the access point will not accept overlapping address ranges. When entering addresses for different groups, the access point will accept overlapping address ranges.• You cannot delete an individual address from a specified range. You must delete the entire range, and reenter the addresses.• You can delete an address range just by specifying the start address, or by specifying both the start address and end address.NOTE: Secure Web (HTTPS) connections are not affected by the UI Management or IP Management settings.

5-100CHAPTER 5: COMMAND LINE INTERFACEExampleThis example restricts management access to the indicated addresses.APmgmtUIThis command enables and disables management access to the access point through SNMP, Telnet and web interfaces.SyntaxAPmgmtUI <[SNMP | Te l net | Web] enable | disable>•SNMP - Specifies SNMP management access.•Telnet - Specifies Telnet management access.•Web - Specifies web based management access.-enable/disable - Enables or disables the selected management access method.Default SettingAll enabledCommand ModeGlobal ConfigurationExampleThis example restricts management access to the indicated addresses.Enterprise AP(config)#apmgmtip multiple 192.254.1.50 255.255.255.0Enterprise AP(config)#NOTE: Secure Web (HTTPS) connections are not affected by the UI Management or IP Management settings.Enterprise AP(config)#apmgmtui SNMP enableEnterprise AP(config)#

5-101Using the Command Line Interfaceshow apmanagementThis command shows the AP management configuration, including the IP addresses of management stations allowed to access the access point, as well as the interface protocols which are open to management access.Command Mode ExecExampleEnterprise AP#show apmanagementManagement AP Information=================================AP Management IP Mode: Any IPTelnet UI: EnableWEB UI : EnableSNMP UI : Enable==================================Enterprise AP#

5-102CHAPTER 5: COMMAND LINE INTERFACEshow systemThis command displays basic system configuration settings.Default SettingNoneCommand Mode ExecExampleEnterprise AP#show systemSystem Information==========================================================Serial Number : A123456789System Up time : 0 days, 4 hours, 33 minutes, 29 secondsSystem Name : Enterprise Wireless APSystem Location :System Contact :System Country Code : US - UNITED STATESMAC Address : 00-30-F1-F0-9A-9CIP Address : 192.254.2.1Subnet Mask : 255.255.255.0Default Gateway : 0.0.0.0VLAN State : DISABLEDManagement VLAN ID(AP): 1IAPP State : ENABLEDDHCP Client : ENABLEDHTTP Server : ENABLEDHTTP Server Port : 80HTTPS Server : ENABLEDHTTPS Server Port : 443Slot Status : Dual band(a/g)Boot Rom Version : v3.0.3Software Version : v4.3.1.9SSH Server : ENABLEDSSH Server Port : 22Telnet Server : ENABLEDWEB Redirect : DISABLEDDHCP Relay : DISABLEDProxy ARP : DISABLED==========================================================Enterprise AP#

5-103Using the Command Line Interfaceshow versionThis command displays the software version for the system.Command Mode ExecExample show configThis command displays detailed configuration information for the system.Command Mode ExecExample Enterprise AP#show versionVersion Information=========================================Version: v4.3.2.2Date : Dec 20 2005, 18:38:12=========================================Enterprise AP#Enterprise AP#show configAuthentication Information===========================================================MAC Authentication Server : DISABLEDMAC Auth Session Timeout Value : 0 min802.1x supplicant : DISABLED802.1x supplicant user : EMPTY802.1x supplicant password : EMPTYAddress Filtering : ALLOWEDSystem Default : ALLOW addresses not found in filter table.Filter Table-----------------------------------------------------------No Filter Entries.Bootfile Information===================================Bootfile : ec-img.bin===================================

5-104CHAPTER 5: COMMAND LINE INTERFACEProtocol Filter Information===========================================================Local Bridge :DISABLEDAP Management :ENABLEDEthernet Type Filter :DISABLEDEnabled Protocol Filters-----------------------------------------------------------No protocol filters are enabled===========================================================Hardware Version Information===========================================Hardware version R01A===========================================Ethernet Interface Information========================================IP Address : 192.254.0.151Subnet Mask : 255.255.255.0Default Gateway : 192.254.0.1Primary DNS : 210.200.211.225Secondary DNS : 210.200.211.193Speed-duplex : 100Base-TX Full DuplexAdmin status : UpOperational status : Up========================================Wireless Interface 802.11a Information===========================================================----------------Identification-----------------------------Description : 802.11a Access PointSSID : A 0Channel : 0 (AUTO)Status : Disable----------------802.11 Parameters--------------------------Transmit Power : 100% (5 dBm)Data Rate : 54MbpsFragmentation Threshold : 2346 bytesRTS Threshold : 2347 bytesBeacon Interval : 100 TUsDTIM Interval : 1 beaconMaximum Association : 64 stationsNative VLAN ID : 1

5-105Using the Command Line Interface----------------Security-----------------------------------Closed System : DISABLEDMulticast cipher : WEPUnicast cipher : TKIP and AESWPA clients : REQUIREDWPA Key Mgmt Mode : PRE SHARED KEYWPA PSK Key Type : ALPHANUMERICEncryption : DISABLEDDefault Transmit Key : 1Static Keys : Key 1: EMPTY Key 2: EMPTY Key 3: EMPTY Key 4: EMPTY Key Length : Key 1: ZERO Key 2: ZERO Key 3: ZERO Key 4: ZERO Authentication Type : OPENRogue AP Detection : DisabledRogue AP Scan Interval : 720 minutesRogue AP Scan Duration : 350 milliseconds===========================================================Console Line Information=========================================================== databits : 8 parity : none speed : 9600 stop bits : 1===========================================================Logging Information=====================================================Syslog State : DisabledLogging Console State : DisabledLogging Level : InformationalLogging Facility Type : 16Servers 1: 0.0.0.0 , UDP Port: 514, State: Disabled 2: 0.0.0.0 , UDP Port: 514, State: Disabled 3: 0.0.0.0 , UDP Port: 514, State: Disabled 4: 0.0.0.0 , UDP Port: 514, State: Disabled====================================================== Radius Server Information========================================IP : 0.0.0.0Port : 1812Key : *****Retransmit : 3Timeout : 5Radius MAC format : no-delimiterRadius VLAN format : HEX========================================

5-106CHAPTER 5: COMMAND LINE INTERFACERadius Secondary Server Information========================================IP : 0.0.0.0Port : 1812Key : *****Retransmit : 3Timeout : 5Radius MAC format : no-delimiterRadius VLAN format : HEX========================================SNMP Information==============================================Service State : DisableCommunity (ro) : ********Community (rw) : ********Location : Contact : ContactEngineId :80:00:07:e5:80:00:00:29:f6:00:00:00:0cEngineBoots:2Trap Destinations: 1: 0.0.0.0, Community: *****, State: Disabled 2: 0.0.0.0, Community: *****, State: Disabled 3: 0.0.0.0, Community: *****, State: Disabled 4: 0.0.0.0, Community: *****, State: Disableddot11InterfaceAGFail Enabled dot11InterfaceBFail Enabled dot11StationAssociation Enabled dot11StationAuthentication Enabled dot11StationReAssociation Enabled dot11StationRequestFail Enabled dot1xAuthFail Enabled dot1xAuthNotInitiated Enabled dot1xAuthSuccess Enabled dot1xMacAddrAuthFail Enabled dot1xMacAddrAuthSuccess Enabled iappContextDataSent Enabled iappStationRoamedFrom Enabled iappStationRoamedTo Enabled localMacAddrAuthFail Enabled localMacAddrAuthSuccess Enabled pppLogonFail Enabled sntpServerFail Enabled configFileVersionChanged Enabled radiusServerChanged Enabled systemDown Enabled systemUp Enabled=============================================

5-107Using the Command Line InterfaceSNTP Information===========================================================Service State : DisabledSNTP (server 1) IP : 137.92.140.80SNTP (server 2) IP : 192.43.244.18Current Time : 00 : 14, Jan 1st, 1970Time Zone : -5 (BOGOTA, EASTERN, INDIANA)Daylight Saving : Disabled===========================================================Station Table Information===========================================================if-wireless A VAP [0] : 802.11a Channel : AutoNo 802.11a Channel Stations....if-wireless G VAP [0] : 802.11g Channel : AutoNo 802.11g Channel Stations....System Information==============================================================Serial Number : System Up time : 0 days, 0 hours, 16 minutes, 51 secondsSystem Name : Enterprise Wireless APSystem Location : System Contact : ContactSystem Country Code : 99 - NO_COUNTRY_SET MAC Address : 00-12-CF-05-B7-84IP Address : 192.254.0.151Subnet Mask : 255.255.255.0Default Gateway : 192.254.0.1VLAN State : DISABLEDManagement VLAN ID(AP): 1IAPP State : ENABLEDDHCP Client : ENABLEDHTTP Server : ENABLEDHTTP Server Port : 80HTTPS Server : ENABLEDHTTPS Server Port : 443Slot Status : Dual band(a/g)Boot Rom Version : v3.0.7Software Version : v4.3.2.2

5-108CHAPTER 5: COMMAND LINE INTERFACEshow hardwareThis command displays the hardware version of the system.Command Mode ExecExample System Logging CommandsThese commands are used to configure system logging on the access point.Tabl e 13 System Loggign CommandsSSH Server : ENABLEDSSH Server Port : 22Telnet Server : ENABLEDWEB Redirect : DISABLEDDHCP Relay : DISABLED==============================================================Version Information=========================================Version: v4.3.2.2Date : Dec 20 2005, 18:38:12=========================================Enterprise AP#Enterprise AP#show hardwareHardware Version Information===========================================Hardware version R01===========================================Enterprise AP#Command Function Mode Pagelogging on Controls logging of error messages GC 5-109logging host Adds a syslog server host IP address that will receive logging messages GC 5-109logging console Initiates logging of error messages to the console GC 5-110logging level Defines the minimum severity level for event logging GC 5-110logging facility-type Sets the facility type for remote logging of syslog messages GC 5-111logging clear Clears all log entries in access point memory GC 5-112show logging Displays the state of logging Exec 5-112show event-log Displays all log entries in access point memory Exec 5-113

5-109Using the Command Line Interfacelogging onThis command controls logging of error messages; i.e., sending debug or error messages to memory. The no form disables the logging process.Syntax[no] logging onDefault SettingDisabledCommand Mode Global ConfigurationCommand Usage The logging process controls error messages saved to memory. You can use the logging level command to control the type of error messages that are stored in memory. Example logging hostThis command specifies syslog servers host that will receive logging messages. Use the no form to remove syslog server host.Syntaxlogging host <1 | 2 | 3 | 4> <host_name | host_ip_address> [udp_port] no logging host <1 | 2 | 3 | 4>•1 - First syslog server.•2 - Second syslog server.•3 - Third syslog server.•4 - Fourth syslog server.•host_name - The name of a syslog server. (Range: 1-20 characters)•host_ip_address - The IP address of a syslog server.•udp_port - The UDP port used by the syslog server.Enterprise AP(config)#logging onEnterprise AP(config)#

5-110CHAPTER 5: COMMAND LINE INTERFACEDefault Setting NoneCommand Mode Global ConfigurationExample logging consoleThis command initiates logging of error messages to the console. Use the no form to disable logging to the console.Syntax[no] logging consoleDefault Setting DisabledCommand Mode Global ConfigurationExample logging levelThis command sets the minimum severity level for event logging.Syntaxlogging level <Emergency | Alert | Critical | Error | Warning | Notice | Informational | Debug>Default Setting InformationalCommand Mode Global ConfigurationEnterprise AP(config)#logging host 1 10.1.0.3Enterprise AP(config)#Enterprise AP(config)#logging consoleEnterprise AP(config)#

5-111Using the Command Line InterfaceCommand Usage Messages sent include the selected level down to Emergency level.Example logging facility-typeThis command sets the facility type for remote logging of syslog messages.Syntaxlogging facility-type <type>type - A number that indicates the facility used by the syslog server to dispatch log messages to an appropriate service. (Range: 16-23)Default Setting 16Command Mode Global ConfigurationCommand Usage The command specifies the facility type tag sent in syslog messages. (See RFC 3164.) This type has no effect on the kind of messages reported by the access point. However, it may be used by the syslog server to sort messages or to store messages in the corresponding database.Level Argument DescriptionEmergency System unusableAlert Immediate action neededCritical Critical conditions (e.g., memory allocation, or free memory error - resource exhausted)Error Error conditions (e.g., invalid input, default used)Warning Warning conditions (e.g., return false, unexpected return)Notice Normal but significant condition, such as cold start Informational Informational messages onlyDebug Debugging messagesEnterprise AP(config)#logging level alertEnterprise AP(config)#

5-112CHAPTER 5: COMMAND LINE INTERFACEExample logging clearThis command clears all log messages stored in the access point’s memory.Syntaxlogging clearCommand Mode Global ConfigurationExample show loggingThis command displays the logging configuration.Syntaxshow loggingCommand Mode ExecExampleEnterprise AP(config)#logging facility 19Enterprise AP(config)#Enterprise AP(config)#logging clearEnterprise AP(config)#Enterprise AP#show loggingLogging Information============================================Syslog State : EnabledLogging Console State : EnabledLogging Level : AlertLogging Facility Type : 16Servers 1: 192.254.2.19, UDP Port: 514, State: Enabled 2: 0.0.0.0, UDP Port: 514, State: Disabled 3: 0.0.0.0, UDP Port: 514, State: Disabled 4: 0.0.0.0, UDP Port: 514, State: Disabled=============================================Enterprise AP#

5-113Using the Command Line Interfaceshow event-logThis command displays log messages stored in the access point’s memory.Syntaxshow event-logCommand Mode ExecExampleSystem Clock CommandsThese commands are used to configure SNTP and system clock settings on the access point.Tabl e 14 System Clock CommandsEnterprise AP#show event-logMar 09 11:57:55 Information: 802.11g:11g Radio Interface EnabledMar 09 11:57:55 Information: 802.11g:Radio channel updated to 8Mar 09 11:57:34 Information: 802.11g:11g Radio Interface EnabledMar 09 11:57:18 Information: 802.11g:11g Radio Interface EnabledMar 09 11:56:35 Information: 802.11a:11a Radio Interface EnabledMar 09 11:55:52 Information: SSH task: Set SSH server port to 22Mar 09 11:55:52 Information: SSH task: Enable SSH server.Mar 09 11:55:52 Information: Enable Telnet.Mar 09 11:55:40 Information: 802.11a:11a Radio Interface DisabledMar 09 11:55:40 Information: 802.11a:Transmit Power set to QUARTERPress <n> next. <p> previous. <a> abort. <y> continue to end :Enterprise AP#configureEnter configuration commands, one per line. End with CTRL/ZEnterprise AP(config)#logging clearCommand Function Mode Pagesntp-server ip Specifies one or more time servers GC 5-114sntp-server enable Accepts time from the specified time servers GC 5-114sntp-server date-time Manually sets the system date and time GC 5-115sntp-server daylight-savingSets the start and end dates for daylight savings time GC 5-116sntp-server timezone Sets the time zone for the access point’s internal clock GC 5-116show sntp Shows current SNTP configuration settings Exec 5-117

5-114CHAPTER 5: COMMAND LINE INTERFACEsntp-server ipThis command sets the IP address of the servers to which SNTP time requests are issued. Use the this command with no arguments to clear all time servers from the current list.Syntaxsntp-server ip <1 | 2> <ip>•1 - First time server.•2 - Second time server.•ip - IP address of an time server (NTP or SNTP). Default Setting 137.92.140.80 192.43.244.18Command Mode Global ConfigurationCommand Usage When SNTP client mode is enabled using the sntp-server enable command, the sntp-server ip command specifies the time servers from which the access point polls for time updates. The access point will poll the time servers in the order specified until a response is received. Example Related Commandssntp-server enable (5-114) show sntp (5-117)sntp-server enableThis command enables SNTP client requests for time synchronization with NTP or SNTP time servers specified by the sntp-server ip command. Use the no form to disable SNTP client requests.Syntax[no] sntp-server enable Enterprise AP(config)#sntp-server ip 10.1.0.19Enterprise AP#

5-115Using the Command Line InterfaceDefault Setting EnabledCommand Mode Global ConfigurationCommand Usage The time acquired from time servers is used to record accurate dates and times for log events. Without SNTP, the access point only records the time starting from the factory default set at the last bootup (i.e., 00:14:00, January 1, 1970).Example Related Commandssntp-server ip (5-114) show sntp (5-117)sntp-server date-timeThis command sets the system clock.Default Setting 00:14:00, January 1, 1970Command Mode Global ConfigurationExample This example sets the system clock to 17:37 June 19, 2003.Enterprise AP(config)#sntp-server enableEnterprise AP(config)#Enterprise AP#sntp-server date-timeEnter Year<1970-2100>: 2003Enter Month<1-12>: 6Enter Day<1-31>: 19Enter Hour<0-23>: 17Enter Min<0-59>: 37Enterprise AP#

5-116CHAPTER 5: COMMAND LINE INTERFACERelated Commandssntp-server enable (5-114)sntp-server daylight-savingThis command sets the start and end dates for daylight savings time. Use the no form to disable daylight savings time.Syntax[no] sntp-server daylight-saving Default Setting DisabledCommand Mode Global ConfigurationCommand Usage The command sets the system clock back one hour during the specified period.Example This sets daylight savings time to be used from July 1st to September 1st.sntp-server timezoneThis command sets the time zone for the access point’s internal clock.Syntaxsntp-server timezone <hours>hours - Number of hours before/after UTC. (Range: -12 to +12 hours)Default Setting -5 (BOGOTA, EASTERN, INDIANA)Enterprise AP(config)#sntp-server daylight-savingEnter Daylight saving from which month<1-12>: 6and which day<1-31>: 1Enter Daylight saving end to which month<1-12>: 9and which day<1-31>: 1Enterprise AP(config)#

5-117Using the Command Line InterfaceCommand Mode Global ConfigurationCommand Usage This command sets the local time zone relative to the Coordinated Universal Time (UTC, formerly Greenwich Mean Time or GMT), based on the earth’s prime meridian, zero degrees longitude. To display a time corresponding to your local time, you must indicate the number of hours and minutes your time zone is east (before) or west (after) of UTC.Example show sntpThis command displays the current time and configuration settings for the SNTP client.Command ModeExecExample Enterprise AP(config)#sntp-server timezone +8Enterprise AP(config)#Enterprise AP#show sntpSNTP Information=========================================================Service State : EnabledSNTP (server 1) IP : 137.92.140.80SNTP (server 2) IP : 192.43.244.18Current Time : 08 : 04, Jun 20th, 2003Time Zone : +8 (TAIPEI, BEIJING)Daylight Saving : Enabled, from Jun, 1st to Sep, 1st=========================================================Enterprise AP#

5-118CHAPTER 5: COMMAND LINE INTERFACEDHCP Relay CommandsDynamic Host Configuration Protocol (DHCP) can dynamically allocate an IP address and other configuration information to network clients that broadcast a request. To receive the broadcast request, the DHCP server would normally have to be on the same subnet as the client. However, when the access point’s DHCP relay agent is enabled, received client requests can be forwarded directly by the access point to a known DHCP server on another subnet. Responses from the DHCP server are returned to the access point, which then broadcasts them back to clients.Tabl e 15 DHCP Relay Commandsdhcp-relay enableThis command enables the access point’s DHCP relay agent. Use the no form to disable the agent.Syntax[no] dhcp-relay enableDefault Setting DisabledCommand Mode Global ConfigurationCommand Usage • For the DHCP relay agent to function, the primary DHCP server must be configured using the dhcp-relay primary command. A secondary DHCP server does not need to be configured, but it is recommended.• If there is no response from the primary DHCP server, and a secondary server has been configured, the agent will then attempt to send DHCP requests to the secondary server.Example Command Function Mode Pagedhcp-relay enable Enables the DHCP relay agent GC 5-118dhcp-relay Sets the primary and secondary DHCP server addressGC 5-119show dhcp-relay Shows current DHCP relay configuration settingsExec 5-119Enterprise AP(config)#dhcp-relay enableEnterprise AP(config)#

5-119Using the Command Line Interfacedhcp-relayThis command configures the primary and secondary DHCP server addresses.Syntaxdhcp-relay <primary | secondary> <ip_address>•primary - The primary DHCP server.•secondary - The secondary DHCP server.•ip_address - IP address of the server.Default Setting Primary and secondary: 0.0.0.0Command Mode Global ConfigurationExample show dhcp-relayThis command displays the current DHCP relay configuration.Command Mode ExecExample Enterprise AP(config)#dhcp-relay primary 192.254.2.10Enterprise AP(config)#Enterprise AP#show dhcp-relayDHCP Relay : ENABLEDPrimary DHCP Server : 192.254.2.10Secondary DHCP Server : 0.0.0.0Enterprise AP#

5-120CHAPTER 5: COMMAND LINE INTERFACESNMP CommandsControls access to this access point from management stations using the Simple Network Management Protocol (SNMP), as well as the hosts that will receive trap messages.Tabl e 16 SNMP CommandsCommand Function Mode Pagesnmp-server community Sets up the community access string to permit access to SNMP commands GC 5-121snmp-server contact Sets the system contact string GC 5-121snmp-server location Sets the system location string GC 5-122snmp-server enable server Enables SNMP service and traps GC 5-123snmp-server host Specifies the recipient of an SNMP notification operation GC 5-123snmp-server trap Enables specific SNMP notifications GC 5-124snmp-server engine id Sets the engine ID for SNMP v3 GC 5-126snmp-server user Sets the name of the SNMP v3 user GC 5-127snmp-server targets Configures SNMP v3 notification targets GC 5-128snmp-server filter Configures SNMP v3 notification filters GC 5-129snmp-server filter-assignmentsAssigns SNMP v3 notification filters to targets GC 5-130show snmp groups Displays the pre-defined SNMP v3 groups Exec 5-131show snmp users Displays SNMP v3 user settings Exec 5-132show snmp group-assignments Displays the assignment of users to SNMP v3 groups Exec 5-132show snmp target Displays the SNMP v3 notification targets Exec 5-133show snmp filter Displays the SNMP v3 notification filters Exec 5-133show snmp filter-assignmentsDisplays the SNMP v3 notification filter assignments Exec 5-134show snmp Displays the status of SNMP communications Exec 5-135

5-121Using the Command Line Interfacesnmp-server communityThis command defines the community access string for the Simple Network Management Protocol. Use the no form to remove the specified community string.Syntaxsnmp-server community string [ro | rw] no snmp-server community string•string - Community string that acts like a password and permits access to the SNMP protocol. (Maximum length: 23 characters, case sensitive)•ro - Specifies read-only access. Authorized management stations are only able to retrieve MIB objects. •rw - Specifies read/write access. Authorized management stations are able to both retrieve and modify MIB objects.Default Setting • public - Read-only access. Authorized management stations are only able to retrieve MIB objects.• private - Read/write access. Authorized management stations are able to both retrieve and modify MIB objects.Command Mode Global ConfigurationCommand Usage If you enter a community string without the ro or rw option, the default is read only.Example snmp-server contactThis command sets the system contact string. Use the no form to remove the system contact information.Syntaxsnmp-server contact string no snmp-server contactstring - String that describes the system contact. (Maximum length: 255 characters)Enterprise AP(config)#snmp-server community alpha rwEnterprise AP(config)#

5-122CHAPTER 5: COMMAND LINE INTERFACEDefault Setting NoneCommand Mode Global ConfigurationExample Related Commandssnmp-server location (5-122)snmp-server locationThis command sets the system location string. Use the no form to remove the location string.Syntaxsnmp-server location <text> no snmp-server locationtext - String that describes the system location. (Maximum length: 255 characters)Default Setting NoneCommand Mode Global ConfigurationExample Related Commandssnmp-server contact (5-121)Enterprise AP(config)#snmp-server contact PaulEnterprise AP(config)#Enterprise AP(config)#snmp-server location WC-19Enterprise AP(config)#

5-123Using the Command Line Interfacesnmp-server enable serverThis command enables SNMP management access and also enables this device to send SNMP traps (i.e., notifications). Use the no form to disable SNMP service and trap messages.Syntax snmp-server enable server no snmp-server enable serverDefault Setting EnabledCommand Mode Global ConfigurationCommand Usage • This command enables both authentication failure notifications and link-up-down notifications. •The snmp-server host command specifies the host device that will receive SNMP notifications. Example Related Commandssnmp-server host (5-123)snmp-server host This command specifies the recipient of an SNMP notification. Use the no form to remove the specified host.Syntaxsnmp-server host <1 | 2 | 3 | 4> <host_ip_address | host_name> <community-string>no snmp-server host•1 - First SNMP host.•2 - Second SNMP host.•3 - Third SNMP host.•4 - Fourth SNMP host.•host_ip_address - IP of the host (the targeted recipient). Enterprise AP(config)#snmp-server enable serverEnterprise AP(config)#

5-124CHAPTER 5: COMMAND LINE INTERFACE•host_name - Name of the host. (Range: 1-63 characters)•community-string - Password-like community string sent with the notification operation. Although you can set this string using the snmp-server host command by itself, we recommend that you define this string using the snmp-server community command prior to using the snmp-server host command. (Maximum length: 23 characters)Default Setting Host Address: None Community String: publicCommand Mode Global ConfigurationCommand Usage The snmp-server host command is used in conjunction with the snmp-server enable server command to enable SNMP notifications. Example Related Commandssnmp-server enable server (5-123)snmp-server trapThis command enables the access point to send specific SNMP traps (i.e., notifications). Use the no form to disable specific trap messages.Syntaxsnmp-server trap <trap> no snmp-server trap <trap>•trap - One of the following SNMP trap messages:-dot11InterfaceAFail - The 802.11a or 802.11g interface has failed.-dot11Interface BGFail - The 802.11b/g interface has failed.-dot11StationAssociation - A client station has successfully associated with the access point.-dot11StationAuthentication - A client station has been successfully authenticated.-dot11StationReAssociation - A client station has successfully re-associated with the access point.Enterprise AP(config)#snmp-server host 1 10.1.19.23 batmanEnterprise AP(config)#

5-125Using the Command Line Interface-dot11StationRequestFail - A client station has failed association, re-association, or authentication.-dot1xAuthFail - A 802.1X client station has failed RADIUS authentication.-dot1xAuthNotInitiated - A client station did not initiate 802.1X authentication.-dot1xAuthSuccess - A 802.1X client station has been successfully authenticated by the RADIUS server.-dot1xMacAddrAuthFail - A client station has failed MAC address authentication with the RADIUS server.-dot1xMacAddrAuthSuccess - A client station has successfully authenticated its MAC address with the RADIUS server.-iappContextDataSent - A client station’s Context Data has been sent to another access point with which the station has associated.-iappStationRoamedFrom - A client station has roamed from another access point (identified by its IP address).-iappStationRoamedTo - A client station has roamed to another access point (identified by its IP address).-localMacAddrAuthFail - A client station has failed authentication with the local MAC address database on the access point.-localMacAddrAuthSuccess - A client station has successfully authenticated its MAC address with the local database on the access point.-pppLogonFail - The access point has failed to log onto the PPPoE server using the configured user name and password.-sntpServerFail - The access point has failed to set the time from the configured SNTP server.-sysConfigFileVersionChanged - The access point’s configuration file has been changed.-sysRadiusServerChanged - The access point has changed from the primary RADIUS server to the secondary, or from the secondary to the primary.-sysSystemDown - The access point is about to shutdown and reboot.-sysSystemUp - The access point is up and running.

5-126CHAPTER 5: COMMAND LINE INTERFACEDefault Setting All traps enabledCommand Mode Global ConfigurationCommand Usage This command is used in conjunction with the snmp-server host and snmp-server enable server commands to enable SNMP notifications.Example snmp-server engine-idThis command is used for SNMP v3. It is used to uniquely identify the access point among all access points in the network. Use the no form to delete the engine ID.Syntax snmp-server engine-id <engine-id> no snmp-server engine-id engine-id - Enter engine-id in hexadecimal (5-32 characters). Default Setting EnabledCommand Mode Global ConfigurationCommand Usage • This command is used in conjunction with the snmp-server user command. • Entering this command invalidates all engine IDs that have been previously configured. • If the engineID is deleted or changed, all SNMP users will be cleared. You will need to reconfigure all existing usersExample Enterprise AP(config)#no snmp-server trap dot11StationAssociationEnterprise AP(config)#Enterprise AP(config)#snmp-server engine-id 1a:2b:3c:4d:00:ffEnterprise AP(config)#

5-127Using the Command Line Interfacesnmp-server userThis command configures the SNMP v3 users that are allowed to manage the access point. Use the no form to delete an SNMP v3 user.Syntaxsnmp-server user <user-name>user-name - A user-defined string for the SNMP user. (32 characters maximum)Default Setting NoneCommand Mode Global ConfigurationCommand Usage • Up to 10 SNMPv3 users can be configured on the access point.• The SNMP engine ID is used to compute the authentication/privacy digests from the pass phrase. You should therefore configure the engine ID with the snmp-server engine-id command before using this configuration command.• The access point enables SNMP v3 users to be assigned to three pre-defined groups. Other groups cannot be defined. The available groups are:- RO - A read-only group using no authentication and no data encryption. Users in this group use no security, either authentication or encryption, in SNMP messages they send to the agent. This is the same as SNMP v1 or SNMP v2c.- RWAuth - A read/write group using authentication, but no data encryption. Users in this group send SNMP messages that use an MD5 key/password for authentication, but not a DES key/password for encryption.- RWPriv - A read/write group using authentication and data encryption. Users in this group send SNMP messages that use an MD5 key/password for authentication and a DES key/password for encryption. Both the MD5 and DES key/passwords must be defined.• The command prompts for the following information to configure an SNMP v3 user:-user-name - A user-defined string for the SNMP user. (32 characters maximum)

5-128CHAPTER 5: COMMAND LINE INTERFACE-group-name - The name of the SNMP group to which the user is assigned (32 characters maximum). There are three pre-defined groups: RO, RWAuth, or RWPriv.-auth-proto - The authentication type used for user authentication: md5 or none.-auth-passphrase - The user password required when authentication is used (8 – 32 characters).-priv-proto - The encryption type used for SNMP data encryption: des or none.-priv-passphrase - The user password required when data encryption is used (8 – 32 characters).• Users must be assigned to groups that have the same security levels. If a user who has “AuthPriv” security (uses authentication and encryption) is assigned to a read-only (RO) group, the user will not be able to access the database. An AuthPriv user must be assigned to the RWPriv group with the AuthPriv security level.• To configure a user for the RWAuth group, you must include the auth-proto and auth-passphrase keywords.• To configure a user for the RWPriv group, you must include the auth-proto, auth-passphrase, priv-proto, and priv-passphrase keywords.Example snmp-server targetsThis command configures SNMP v3 notification targets. Use the no form to delete an SNMP v3 target.Syntaxsnmp-server targets <target-id> <ip-addr> <sec-name> [version {3}] [udp-port {port-number}] [notification-type {TRAP}] no snmp-server targets <target-id>•target-id - A user-defined name that identifies a receiver of SNMP notifications. (Maximum length: 32 characters)Enterprise AP(config)#snmp-server user User Name<1-32> :chrisGroup Name<1-32> :RWPrivAuthtype(md5,<cr>none):md5Passphrase<8-32>:a good secretPrivacy(des,<cr>none) :desPassphrase<8-32>:a very good secretEnterprise AP(config)#

5-129Using the Command Line Interface•ip-addr - Specifies the IP address of the management station to receive notifications.•sec-name - The defined SNMP v3 user name that is to receive notifications.•version - The SNMP version of notifications. Currently only version 3 is supported in this command.•udp-port - The UDP port that is used on the receiving management station for notifications.•notification-type - The type of notification that is sent. Currently only TRAP is supported.Default Setting NoneCommand Mode Global ConfigurationCommand Usage • The access point supports up to 10 SNMP v3 target IDs.• The SNMP v3 user name that is specified in the target must first be configured using the snmp-server user command.Example snmp-server filterThis command configures SNMP v3 notification filters. Use the no form to delete an SNMP v3 filter or remove a subtree from a filter.Syntaxsnmp-server filter <filter-id> <include | exclude> <subtree> [mask {mask}] no snmp-server filter <filter-id> [subtree]•filter-id - A user-defined name that identifies an SNMP v3 notification filter. (Maximum length: 32 characters)•include - Defines a filter type that includes objects in the MIB subtree.•exclude - Defines a filter type that excludes objects in the MIB subtree.•subtree - The part of the MIB subtree that is to be filtered.•mask - An optional hexadecimal value bit mask to define objects in the MIB subtree. Enterprise AP(config)#snmp-server targets mytraps 192.254.2.33 chrisEnterprise AP(config)#

5-130CHAPTER 5: COMMAND LINE INTERFACEDefault Setting NoneCommand Mode Global ConfigurationCommand Usage • The access point allows up to 10 notification filters to be created. Each filter can be defined by up to 20 MIB subtree ID entries.• Use the command more than once with the same filter ID to build a filter that includes or excludes multiple MIB objects. Note that the filter entries are applied in the sequence that they are defined.• The MIB subtree must be defined in the form “.1.3.6.1” and always start with a “.”.• The mask is a hexadecimal value with each bit masking the corresponding ID in the MIB subtree. A “1” in the mask indicates an exact match and a “0” indicates a “wild card.” For example, a mask value of 0xFFBF provides a bit mask “1111 1111 1011 1111.” If applied to the subtree 1.3.6.1.2.1.2.2.1.1.23, the zero corresponds to the 10th subtree ID. When there are more subtree IDs than bits in the mask, the mask is padded with ones.Example snmp-server filter-assignmentsThis command assigns SNMP v3 notification filters to targets. Use the no form to remove an SNMP v3 filter assignment.Syntaxsnmp-server filter-assignments <target-id> <filter-id> no snmp-server filter-assignments <target-id> •target-id - A user-defined name that identifies a receiver of SNMP notifications. (Maximum length: 32 characters)•filter-id - A user-defined name that identifies an SNMP v3 notification filter. (Maximum length: 32 characters)Enterprise AP(config)#snmp-server filter trapfilter include .1Enterprise AP(config)#snmp-server filter trapfilter exclude .1.3.6.1.2.1.2.2.1.1.23

5-131Using the Command Line InterfaceDefault Setting NoneCommand Mode Global ConfigurationExample show snmp groupsThis command displays the SNMP v3 pre-defined groups.Syntax show snmp groupsCommand ModeExecEnterprise AP(config)#snmp-server filter-assignments mytraps trapfilterEnterprise AP(config)#exitEnterprise AP#show snmp targetHost ID : mytrapsUser : chrisIP Address : 192.254.2.33UDP Port : 162=============================Enterprise AP#show snmp filter-assignments HostID FilterID mytraps trapfilterEnterprise AP(config)#

5-132CHAPTER 5: COMMAND LINE INTERFACEExample show snmp usersThis command displays the SNMP v3 users and settings.Syntax show snmp usersCommand ModeExecExample show snmp group-assignmentsThis command displays the SNMP v3 user group assignments.Syntax show snmp group-assignmentsCommand ModeExecEnterprise AP#show snmp groupsGroupName :ROSecurityModel :USMSecurityLevel :NoAuthNoPrivGroupName :RWAuthSecurityModel :USMSecurityLevel :AuthNoPrivGroupName :RWPrivSecurityModel :USMSecurityLevel :AuthPrivEnterprise AP#Enterprise AP#show snmp users=============================================UserName :chrisGroupName :RWPrivAuthType :MD5 Passphrase:****************PrivType :DES Passphrase:****************=============================================Enterprise AP#

5-133Using the Command Line InterfaceExample show snmp targetThis command displays the SNMP v3 notification target settings.Syntaxshow snmp targetCommand Mode ExecExample show snmp filterThis command displays the SNMP v3 notification filter settings.Syntaxshow snmp filter [filter-id] •filter-id - A user-defined name that identifies an SNMP v3 notification filter. (Maximum length: 32 characters)Command Mode ExecEnterprise AP#show snmp group-assignmentsGroupName :RWPrivUserName :chrisEnterprise AP#Enterprise AP#Enterprise AP#show snmp targetHost ID : mytrapsUser : chrisIP Address : 192.254.2.33UDP Port : 162=============================Enterprise AP#

5-134CHAPTER 5: COMMAND LINE INTERFACEExample show snmp filter-assignmentsThis command displays the SNMP v3 notification filter assignments.Syntaxshow snmp filter-assignmentsCommand Mode ExecExample Enterprise AP#show snmp filterFilter: trapfilter Type: include Subtree: iso.3.6.1.2.1.2.2.1 Type: exclude Subtree: iso.3.6.1.2.1.2.2.1.1.23=============================Enterprise AP#Enterprise AP#show snmp filter-assignments HostID FilterID mytraps trapfilterEnterprise AP#

5-135Using the Command Line Interfaceshow snmpThis command displays the SNMP configuration settings.Command Mode ExecExampleEnterprise AP#show snmpSNMP Information==============================================Service State : EnableCommunity (ro) : *****Community (rw) : *****Location : WC-19Contact : PaulEngineId :80:00:07:e5:80:00:00:2e:62:00:00:00:18EngineBoots:1Trap Destinations: 1: 192.254.2.9, Community: *****, State: Enabled 2: 0.0.0.0, Community: *****, State: Disabled 3: 0.0.0.0, Community: *****, State: Disabled 4: 0.0.0.0, Community: *****, State: Disabled dot11InterfaceAGFail Enabled dot11InterfaceBFail Enabled dot11StationAssociation Enabled dot11StationAuthentication Enabled dot11StationReAssociation Enabled dot11StationRequestFail Enabled dot1xAuthFail Enabled dot1xAuthNotInitiated Enabled dot1xAuthSuccess Enabled dot1xMacAddrAuthFail Enabled dot1xMacAddrAuthSuccess Enabled iappContextDataSent Enabled iappStationRoamedFrom Enabled iappStationRoamedTo Enabled localMacAddrAuthFail Enabled localMacAddrAuthSuccess Enabled pppLogonFail Enabled sntpServerFail Enabled configFileVersionChanged Enabled radiusServerChanged Enabled systemDown Enabled systemUp Enabled=============================================Enterprise AP#

$5-136CHAPTER 5: COMMAND LINE INTERFACEFlash/File CommandsThese commands are used to manage the system code or configuration files.Tabl e 17 Flash/File CommandsbootfileThis command specifies the image used to start up the system.Syntaxbootfile <filename>filename - Name of the image file.Default Setting NoneCommand Mode ExecCommand Usage • The file name should not contain slashes (\ or /), the leading letter of the file name should not be a period (.), and the maximum length for file names is 32 characters. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)• If the file contains an error, it cannot be set as the default file. ExampleCommand Function Mode Pagebootfile Specifies the file or image used to start up the system GC 5-136copy Copies a code image or configuration between flash memory and a FTP/TFTP serverExec 5-137delete Deletes a file or code image Exec 5-138dir Displays a list of files in flash memory Exec 5-139show bootfile Displays the name of the current operation code file thatbooted the systemExec 5-140Enterprise AP#bootfile -img.binEnterprise AP#$

$5-137Using the Command Line Interfacecopy This command copies a boot file, code image, or configuration file between the access point’s flash memory and a FTP/TFTP server. When you save the configuration settings to a file on a FTP/TFTP server, that file can later be downloaded to the access point to restore system operation. The success of the file transfer depends on the accessibility of the FTP/TFTP server and the quality of the network connection. Syntaxcopy <ftp | tftp> file copy config <ftp | tftp>•ftp - Keyword that allows you to copy to/from an FTP server.•tftp - Keyword that allows you to copy to/from a TFTP server.•file - Keyword that allows you to copy to/from a flash memory file. •config - Keyword that allows you to upload the configuration file from flash memory. Default Setting NoneCommand Mode ExecCommand Usage • The system prompts for data required to complete the copy command. • Only a configuration file can be uploaded to an FTP/TFTP server, but every type of file can be downloaded to the access point.•The destination file name should not contain slashes (\ or /), the leading letter of the file name should not be a period (.), and the maximum length for file names on the FTP/TFTP server is 255 characters or 32 characters for files on the access point. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)• Due to the size limit of the flash memory, the access point supports only two operation code files.• The system configuration file must be named “syscfg” in all copy commands.$