Siemens scalance WLC711, Reference Manual

Page 1: ...SCALANCE WLC711 CLI Reference Guide Release V9 21 14 C79000 G8976 C261 07 Published July 2015 ...

Page 2: ...g with these products systems Proper use of Siemens Products Note the following Warning Siemens products may only be used for the applications described in the catalog and in the relevant technical documentation If products and components from other manufacturers are used these must be recommended or approved by Siemens Proper transport storage installation assembly commissioning operation and mai...

Page 3: ...it 17 help 17 logout 19 no 20 show 20 Chapter 4 root Commands 22 audit 25 availability 25 backup 28 no backup 28 copy 28 host attributes 31 export 33 no export 35 flash 35 no flash 36 healthpoll 36 import 36 key 37 loglevel 38 ping 39 radtest 39 radtest_mba 40 reset 41 restart 41 restore 42 secureconnection 42 show 43 shutdown 75 tech_support 75 traceroute 76 upgrade ac 77 upgrade apup 78 upgrade_...

Page 4: ... 173 show 174 Chapter 9 Radar Commands 175 mitigator Context 175 Common Scan Group Profile Commands 187 Chapter 10 mobility Commands 198 backupmanagerip 198 mrole 199 mport 199 mheartbeat 199 slpreg 200 agent 200 secmode 201 mdismethod 201 mmanagerip 202 Chapter 11 schedule_backup Commands 203 destination 204 dir 204 freq 204 password 205 protocol 206 server 206 starttime 206 type 207 user 207 Cha...

Page 5: ...y 221 stationevents 221 svcmsg 222 syslogip 222 Chapter 15 time Commands 224 clock 224 date 225 ntp 225 ntpip 226 tz 226 Chapter 16 traffic_capture Commands 227 file_name 227 size 228 interface 228 delete 229 list 229 start 230 stop 230 show 231 show interfaces 231 Chapter 17 users Commands 232 id 232 pwd 233 Chapter 18 VNS Commands vnsmode 234 adminctr 234 create 241 das 242 default role 243 dele...

Page 6: ...opology group 372 Chapter 21 Location Based Service lbs Commands 377 multicast 377 port 378 service 378 server ip 379 show 379 Related commands 380 Chapter 22 web Commands 381 guestportal admin timeout 381 timeout 382 showvns 382 show 383 Chapter 23 cos Commands 384 create 384 delete 385 show 385 named cos 386 Chapter 24 site Commands 392 create 392 delete 393 show site 393 named site 394 Chapter ...

Page 7: ...efault env mode 411 floor plan 411 on demand 413 publish 413 show 414 Chapter 26 Publish Commands 415 push 415 interval 416 unit 416 push list 416 Table of Contents SCALANCE WLC711 CLI Reference Guide 7 ...

Page 8: ... on a system using the Wireless Appliance l2ports Commands on page 158 describes commands to enable and disable L2 ports on the Wireless Controller ip Commands on page 161 describes commands to configure routing information login Commands on page 169 describes commands to configure the login authentication modes local authentication and RADIUS based authentication Radar Commands on page 175 descri...

Page 9: ...cribes commands for configuring Classes of Service that can be applied to policies site Commands on page 392 describes commands for configuring sites that have their own local authentication server defined RF Location Commands on page 409 describes commands used to enable and configure the Radio Frequency RF Location engine on a Wireless Appliance to determine location and perform tracking on wire...

Page 10: ... font Indicates mandatory keywords parameters or keyboard keys Italic font Indicates complete document titles Square brackets indicate an optional value Braces indicate required values One or more values may be required A vertical bar indicates a choice in values x y z Square brackets with a vertical bar indicates a choice of a value x y z Braces with a vertical bar indicate a choice of a required...

Page 11: ...tically when a user with administrative access logs into the controller for the first time or when the system has been reset to the factory default Instructions display when the wizard starts Each screen in the wizard presents the default response in square brackets You can exit the wizard by pressing CTRL C To complete the CLI wizard 1 Press Enter to begin configuring the controller in the CLI wi...

Page 12: ... V Z 19 Pacific A N 20 Pacific P W 21 Select a city within the continent and country to configure the correct time zone for the controller Enter the current date and time in the mm dd yyyy hh mm format where y year m month d day h hour m minute Enter the NTP server s IP address You can designate up to three NTP servers The Current SNMP Settings screen appears 5 Enter the SNMP mode and press Enter ...

Page 13: ...rn to the Current SNMP Settings screen from which you can change the SNMP settings for the controller 5 Return to the Current Data Pkane Settings screen from which you can change the settings for individual ports on the controller 6 Save your changes and exit the wizard 7 Exit the wizard without saving your changes The wizard is complete For additional information about individual commands availab...

Page 14: ...controller and an external server cos Configure Controller cos settings end Return to the base mode exit Return to the previous mode export Export Controller data to a file flash Mount Unmount flash drive healthpoll Set healthpoll timeout host attributes Configure Controller host attributes settings import Restore Controller data configuration from file ip Modify controller route key Modify Licens...

Page 15: ...reboot the controller site Configure site settings snmp Configure SNMP settings syslog Change syslog settings tech_support Collect tech support data time Configure network time for the Controller topology Configure Controller topology settings traceroute Traceroute a host or gateway traffic_capture Traffic capture on interface upgrade Utility for upgrading AC software AC or AP software APUP upgrad...

Page 16: ...he configuration of the Wireless Appliance to take affect Unless otherwise noted run the apply command for configuration changes to take effect apply Parameters None Examples The following example disables the DNS server configuration WLC siemens com com dns no dns 192 1 1 3 WLC siemens com dns apply end Use the end command to return to the base context end Parameters None SCALANCE WLC711 CLI Refe...

Page 17: ...e following example exits the shell from the base context WLC siemens com exit help Use the help command to display available commands in a context or obtain usage information for a specified command help help command Parameters command Specifies the command for which you need usage information Examples The following example displays the available commands in the ap defaults context WLC siemens co...

Page 18: ...rnal AP2660 1 Wireless AP2660 1 External AP2660 2 Wireless AP2660 2 External AP3605 Wireless AP3605 Internal AP3610 Wireless AP3610 Internal AP3610 1 Wireless AP3610 1 Internal AP3620 Wireless AP3620 External AP3620 1 Wireless AP3620 1 External AP3630 NAM Wireless AP3630 NAM Internal AP3630 ROW Wireless AP3630 ROW Internal AP3630 ROW 1 Wireless AP3630 ROW 1 Internal AP3640 NAM Wireless AP3640 NAM ...

Page 19: ... P1 BP200e_4_P2 Chantry BP200 R2 1 External P2 BP200i_3_P2 Chantry BP200 R2 0 6 Internal P2 BP200i_4_P2 Chantry BP200 R2 1 Internal P2 W786 2PROe Scalance W786 2HPW External W786 2PROe 1 Scalance W786 2HPW External 1 W786 2PROe 2 Scalance W786 2HPW External 2 W786 2PROe_FO Scalance W786 2HPW External FO W786 2PROe_FO 1 Scalance W786 2HPW External FO 1 W786 2PROe_FO 2 Scalance W786 2HPW External FO...

Page 20: ...ample configures and displays a gateway IP address then disables it with the no command and displays the change WLC siemens com topology Admin l3 gateway 192 176 3 4 WLC siemens com topology Admin l3 show gateway gateway 192 176 3 4 WLC siemens com topology Admin l3 no gateway WLC siemens com topology Admin l3 show gateway no gateway show Use the show command to display the current configuration w...

Page 21: ...dns 2 192 1 2 3 dns 3 192 1 3 3 Common Commands show SCALANCE WLC711 CLI Reference Guide 21 ...

Page 22: ...est upgrade_image_src The root context of the CLI displays available commands relating to the Wireless Appliance s configuration as well as available sub contexts All CLI commands cache changes For this reason sometimes when you make a change in a particular context the change may not be visible immediately If this happens you must exit and re enter the context in order to ensure that the database...

Page 23: ...on page 41 secureconnection on page 42 show on page 43 shutdown on page 75 tech_support on page 75 traceroute on page 76 upgrade ac on page 77 upgrade apup on page 78 upgrade_backup_dest on page 79 upgrade_image_src on page 79 Table 2 Root Commands Documented in Feature Chapters Command Description ap The ap command moves you to the ap context of the CLI providing access to commands required to ma...

Page 24: ... and configuring of policy for the SCALANCEWLC711 See role commands schedule_backup The schedule_backup command moves you to the schedule_backup context of the CLI providing commands for backup scheduling of software configurations CDR log and audit See schedule_backup Commands on page 203 schedule_upgrade The schedule_upgrade command moves you to the schedule_upgrade context of the CLI providing ...

Page 25: ...of the CLI providing for commands to configure the web settings See web Commands on page 381 wlans The wlans command moves you to the wlans context of the CLI providing for commands used to define and configure WLAN services for the network See wlans Commands on page 275 audit The audit command is deprecated availability Move to the availability context from the root context to access the followin...

Page 26: ... WLC siemens com availability pairip 123 321 24 54 pairrole Use the pairrole command to designate the Wireless Appliance as the primary connection point for availability Link Exchange or as the secondary point When a Wireless Appliance is set as the secondary connection point Wireless AP registration requests will be set to pending until the other Wireless Appliance is set up as the primary connec...

Page 27: ...rameters seconds Specifies time period in seconds before link failure is detected Valid values are 2 to 30 seconds Examples The following example sets the time for link failure detection to 10 seconds WLC siemens com availability link_timeout 10 sync config Use the sync config command to enable or disable synchronization of the configuration elements sync config enable disable Parameters enable En...

Page 28: ...re information see show on page 43 copy ap_certreq server user dir file copy apup server user dir file platform copy cdrs server user dir cdr_dir file copy configuration to local to flash to remote server user dir ftp password scp password from local file file from flash file file from remote server user dir file ftp password scp password copy export server user dir file scp scp password copy floo...

Page 29: ...ration is copied to the specified device or server from local Specifies the configuration to be copied is located on the local drive from flash Specifies the configuration to be copied is located on the flash drive from remote Specifies the configuration to be copied is located on the specified remote device or server flash This option is available only when a flash device is plugged in floor plan...

Page 30: ...grade 192 168 4 10 test system images AC MV 08 21 01 2222 1 rue flash scp TestPassword In the following example the CLI command states that the upgrade file will be downloaded from the SCP server to the Wireless Appliance local drive WLC siemens com copy upgrade 192 168 4 10 test system images AC MV 08 21 01 2222 1 rue scp TestPassword The following example copies the TCPDump file to the FTP serve...

Page 31: ...e on page 31 domain on page 31 dns on page 32 hostname Use the hostname command to configure a hostname for the controller After you have run the hostname command run the apply command to implement the changes hostname name none Parameters name Specifies the hostname of the controller none Removes the configured hostname Examples The following example specifies that the host name of the controller...

Page 32: ...esolve RADIUS server host names to their corresponding IP addresses Use the no form of the command to remove a DNS server configuration After you have run the dns command run the apply command to implement the changes dns 1 3 ip address no dns 1 3 ip address Parameters 1 3 Specifies the position of the DNS server in the DNS servers list ip address Specifies the IP address of the DNS server The IP ...

Page 33: ...xport the controller s configuration CDRs logs and audit information or all of them in a zip file to either the local or flash drive During the export process the zip file containing the controller s data is zipped The exported file displays zip extension If you want to upload the controller s data to the FTP or SCP server you must use the copy configuration command For more information see copy o...

Page 34: ...controller s logs WLC siemens com export logs Filename lab 91 f 16082010 110548 Comment Please wait Creating lab 91 f 16082010 110548 Backup Export complete The following example exports the controller s audit information WLC siemens com export audit Filename lab 91 f 16082010 110554 Comment Please wait Creating lab 91 f 16082010 110554 Backup Export complete The following example exports all of t...

Page 35: ...xport 2 WLC siemens com The following command removes the export_lab213_V4R1 7 10_NAMO_ENT zip export file from the export list WLC siemens com no export export_lab213_V4R1 7 10_NAMO_ENT zip WLC siemens com flash Use the flash command to mount or dismount the flash device on the Wireless Appliance flash mount unmount Parameters mount Specifies to mount the flash device unmount Specifies to dismoun...

Page 36: ...sable Disables the poll timer Example The following command enables the poll timer WLC siemens com healthpoll enable WLC siemens com show healthpoll healthpoll enable import Use the import command to import the controller s configuration from a file that was earlier exported from a previous platform or an old software release If you want to import the controller s data from a remote FTP or SCP ser...

Page 37: ... configuration CDRS logs audit information file WLC siemens com no import lab 213 g 11042008 141154 zip key Move to the key context to configure license key information for the Wireless Appliance The key context has the following commands activate on page 37 ecap on page 38 activate Use the activate command to apply a license key on the Wireless Appliance The activate command is accessible from th...

Page 38: ...rmat is RADCAPnnn XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX nnn is the capacity increment X is an upper case alpha numeric character RADCAP100 ABCD1234 7G8V9XYT MVB1G7XA QVR4UXDT RADCAP001 ABCD1235 7G8V9XYT MVB1G7XA QVR4UXTD Example The following example applies a capacity enhancement license key on the Wireless Appliance WLC siemens com ecap CAPCTL 12345678 22345678 32345678 42345678 loglevel Use the l...

Page 39: ... specifies the source ip address to be used by the command If this optional source is provided ping uses the IP address of the specified interface as the source IP address ping source interface name name number id ip address Parameters source interface name name number id Specifies the address of the source interface you want to send pings from either by interface name or ID IP Address Specifies t...

Page 40: ... by the Wireless Appliance for Mac based authorization radtest_mba vns_name MAC Address ap_bss_mac_addr ap_eth_mac_addr Parameters vns_name Specifies the VNS assignment ID of the virtual interface WLAN Service configured on the controller MAC Address Specifies a MAC address ap_bss_mac_addr Specifies the Wireless AP s Basic Service Set Identifier BSSID ap_eth_mac_addr Specifies the Wireless AP s et...

Page 41: ...ation including the management port configuration It will disconnect any clients currently using the system Following the reset the system will be rebooted Do you wish to continue y n The following example removes installed licenses and resets all configuration settings on the Wireless Appliance including the management port configuration You are prompted to confirm if you want to continue to rese...

Page 42: ...secret Use the secret command to configure a shared secret for a Wireless Appliance and NetSight Wireless Manager Use the no command to disable the shared secret The secret command is available from the secureconnection context of the CLI secret A B C D secret_string no secret Parameters A B C D Specifies the NetSight Wireless Manager s IP address secret_string Specifies the shared secret string 1...

Page 43: ... 45 show ap_certreq on page 46 show ap_inventory on page 46 show apup on page 48 show audits on page 48 show availability on page 48 show bootrom on page 49 show cdrs on page 49 show clients apserial on page 50 show clients vns on page 51 show run config on page 52 show dns on page 52 show export on page 52 show flash on page 53 show healthpoll on page 53 show import on page 54 show import_status ...

Page 44: ...upgrade_backup_dest on page 72 show upgrade_history on page 72 show upgrade_image_src on page 73 show users on page 73 show vnsmode on page 73 show vnsmode radius on page 74 show web on page 74 show ac version Use the show ac version command to display the software version software build and hardware platform versions of the Wireless Appliance show ac version Parameters None Examples Example code ...

Page 45: ...P2610 AP2620 11n Displays the configured values of the 802 11n Wireless APs AP3610 AP3620 dualband Displays the configured values of dualband ap38xx Displays the configured values of the 38xx access point ap3801 Displays the configured values of the 3801 access point ap_serial Specifies the serial number of a specific Wireless AP clients Displays the clients connected to the Wireless AP static_con...

Page 46: ...ap_certreq Use the show ap_certreq command to display the available certificate signing request for the 802 1x EAP TLS Proxy mode configuration show ap_certreq Parameters None Examples WLC siemens com show ap_certreq 1 0409920201203894 CSR show ap_inventory A report of Wireless APs connected to the Wireless Appliance can be displayed This includes information about the Wireless AP s hardware softw...

Page 47: ... 10 208 2 2 AC Search List 10 208 2 67 Radio Settings Radio a Radio b g 802 11a on 802 11b _ on 802 11g _ on 802 11n off on DTIM Period 5 5 Beacon Period 100 100 RTS CTS Threshold 2346 2346 Frag Threshold 2346 2346 Channel 5500 2452 Power Level 23 10 ATPC disabled disabled TX Power Adjust 0 0 TX Min Power 5 5 TX Max Power 23 10 ATT 2 1 Max Operational Rate 54 54 Preamble Long N Channel Width 40 N ...

Page 48: ...ot currently available show audits The show audits command has been deprecated show availability Use the show availability command to display availability settings for the Wireless Appliance show availability Parameters None Examples The following example displays availability settings for the Wireless Appliance WLC siemens com show availability pair paired pairrole secondary pairip 192 168 4 207 ...

Page 49: ...otrom AP2600 1 bootrom2_2_0 sys AP3600 No bootrom image upgrade files available on system show cdrs Use the show cdrs command to display a directory listing of the user s call detail records Use the parameters to display the contents of the records show cdrs dir filename 1 9600 Parameters dir Specifies the name of the directory you want to view filename Specifies the name of the file you want to v...

Page 50: ...d Station ID 00 50 C2 23 A0 59 Calling Station ID 00 0E 35 CA EC 4E Siemens AP Serial 0122003880188006 Siemens AP Name 0122003880188006 Siemens VNS Name zone_qua Siemens SSID lab7_zone Acct Session Time 574 Acct Output Packets 54 Acct Input Packets 558 Acct Output Octets 9814 Acct Input Octets 64865 Acct Terminate Cause 6 Authenticated_time Sep 21 2005 19 30 42 Disassociation_time Dec 31 1969 19 0...

Page 51: ...y all clients connected to a specified VNS Use show vnsmode to list the VNS names used on the Wireless Appliance For more information see show vnsmode on page 73 show clients vns vns_name Parameters vns_name Specifies the name of a Virtual Network Service on the Wireless Appliance Examples The following example lists the clients connected to the VNS using the name CNL 205 CPn WLC siemens com show ...

Page 52: ...dit are zipped for which the files display zip extension The configuration text files are displayed with cli extension show export filename number Parameters filename Specifies the file name of an export file on the list If the export file is located on a flash drive the string flash must be suffixed to the end of the specified file name number Specifies the index number of an export file on the l...

Page 53: ...mand is applicable only to the Wireless Appliances that support flash devices Examples The following example displays that the flash device is mounted WLC siemens com show flash status flash mounted The following example displays the following memory usage information of the flash device Size Total capacity of the flash device Used Space used so far Available Space available for use Use Space used...

Page 54: ...mported files that contain the controller s configuration cdrs logs audit WLC siemens com show import 1 Test_lab213_V5R3 10007 avail zip 2 export_lab213_V4R1 7 10_NAMO_ENT zip 3 lab 213 g 11042008 140940 zip 4 lab 213 g 11042008 141154 zip 5 lab 213 g 11042008 141200 zip 6 lab 213 g webdomain com 07032008 144403 zip show import_status Use the show import_status command to display the import status...

Page 55: ...current product registration key settings C25 smoketest show key Locking ID 00 1B 21 82 A0 AA Regulatory Domain North America Product Name C25 License mode Paired Number of Unused AP licenses 60 Number of Licensed APs 16 Number of Licensed APs Foreign 50 Number of Licensed APs Total 66 Number of Unused Radar licenses 28 Number of Licensed APs for Radar 2 Number of Licensed APs for Radar Foreign 27...

Page 56: ...liance show log log_name first last number Parameters log_name The log that you want to view ospf neighbor ospf linkstate dhcp ntp ac critical major minor info all ap ap_serial critical major minor info all mu_access log upgradeLog txt auditRecords log upgrade log configChanges log login log station first Indicates that the first records in the log will be displayed last Indicates that the last re...

Page 57: ...bor Neighbor RouterID Router Priority State IP Interface 192 168 12 7 1 Full DR 10 91 0 2 esa0 10 91 0 1 The following example displays the log entries for the OSPF linkstate database WLC siemens com show log ospf linkstate Router LSA Type 1 Link ID Advertising Router Age Sequence No Checksum Link Count 192 168 4 202 192 168 4 202 1460 0x80000085 0x8f18 3 The following example displays the log ent...

Page 58: ... 54 BSSID 00 0F BB 09 EC E9 SSID CNL 91 0 6 ssid User tester1 Msg 06 14 13 05 49 45 EventType Authentication MAC 00 24 D7 23 89 4C AP 0500006072051204 BSSID 00 0F BB 09 EC E9 SSID CNL 91 0 6 ssid User tester1 Details VNS CNL 91 0 6 AppliedRole CNL 91 0 6 default Msg 06 14 13 05 49 45 EventType State Change MAC 00 24 D7 23 89 4C BSSID 00 0F BB 09 EC E9 Details VNS CNL 91 0 6 Auth valid Msg 06 14 13...

Page 59: ...l Critical 1 show ospf Use the show ospf command to display the system s Open Shortest Path First OSPF interfaces and configuration show ospf interface neighbors config database Parameters interface Displays the details of all current OSPF interfaces neighbors Displays the OSPF neighbors with which the Wireless Appliance has adjacency config Displays the OSPF configuration details database Display...

Page 60: ...dvertising Router Age Sequence No Checksum 10 109 0 2 192 168 4 3 334 0x800000a8 0x781d 10 203 0 2 192 168 4 3 334 0x80000713 0xb73a Network Summary LSA Type 3 Link ID Advertising Router Age Sequence No Checksum Route 10 2 0 0 192 168 4 3 76 0x80000080 0xd36a 10 2 0 0 24 10 2 0 0 192 168 4 9 969 0x8000007f 0xb187 10 2 0 0 24 ASBR Summary LSA Type 4 Link ID Advertising Router Age Sequence No Checks...

Page 61: ... this system show role Parameters None Examples The following displays the current roles for this system WLC siemens com show role Role name Topology Class of Service Mode Filter defined CNL 218 0 0 default CNL 218 0 0 Authenticated CoS routed Yes CNL 218 0 0 non authenticated CNL 218 0 0 Non Authenticated CoS routed Yes CNL 218 0 1 default CNL 218 0 1 no change routed Yes CNL 218 0 1 non authenti...

Page 62: ...e or detailed information within an individual report show report report_name Parameters report_name Specifies the report name from the list of activity reports Examples The following example displays a list of activity reports available on the Wireless Appliance WLC siemens com show report reports active_clients active_clients_by_vns active_clients_by_wireless_apserial active_wireless_aps active_...

Page 63: ...l 1 Power 0 802 11a Channel 1 Power 0 The following example displays clients connected to the home Wireless Appliance WLC siemens com show report clients_by_home ac_ip 10 109 0 1 ac_ixp_addr 10 109 0 1 ac_desc C20 37 mu_ip 172 22 214 30 mu_mac 00 03 7F BF 16 9F mu_user home ip 10 109 0 1 Tunnel with 10 109 0 4 Disconnected Tunnel with 10 209 0 1 Disconnected ac_ip 10 109 0 4 ac_ixp_addr 10 109 0 4...

Page 64: ...2 1 ac_ixp_addr 10 209 2 1 ac_desc WLC Tunnel with 10 109 1 4 Connected Tunnel with 10 109 0 1 Connected Tunnel with 10 109 0 5 Connected Tunnel with 10 209 0 3 Connected ac_ip 10 109 0 5 ac_ixp_addr 10 109 0 5 ac_desc WLC Tunnel with 10 209 2 1 Connected Tunnel with 10 109 1 4 Connected Tunnel with 10 109 0 1 Connected Tunnel with 10 209 0 3 Connected WLC siemens com The following example display...

Page 65: ... scheduled backup settings show schedule_backup Parameters None Examples WLC siemens com show schedule_backup protocol ftp server 192 168 4 81 user admin password dir home user destdir type all freq daily everyday starttime 02 00 destination remote show schedule_upgrade Use show schedule_upgrade command to display the current scheduled upgrade settings show schedule_upgrade Parameters None Example...

Page 66: ...er v1v2 2 192 168 3 108 no SNMPv3 trap1 destination no SNMPv3 trap2 destination show stats Use show stats to display throughput related statistics for the Wireless APs and for the Wireless Appliance interfaces Use show ap to list the serial numbers of existing Wireless APs For more information see show ap on page 45 show stats ap ap_serial wired wireless radio1 radio2 interface interface_name Para...

Page 67: ...ats ap 0001000418800008 wired IP Address 10 222 0 126 Status approved Statistics Receive Transmit Discarded Packets 1661 0 Total Errors 0 0 Unicast Packets 645614 419231 Multicast Packets 201404 3 Broadcast Packets 90139 488 Total Packets 0 419722 Total Bytes 428661221 110236012 The following example displays the statistics for Wireless AP 0500006072051204 over the radio1 wireless connection WLC s...

Page 68: ... to CAC 0 DCS Channel Utilization by Adjacent AP s Average n a DCS Channel Utilization by Adjacent AP s Maximum n a DCS Tx Channel Utilization Average n a DCS Tx Channel Utilization Maximum n a DCS Rx Channel Utilization Average n a DCS Rx Channel Utilization Maximum n a DCS Noise dBm Average n a DCS Noise dBm Maximum n a The following example displays the statistics for the interface esa0 WLC sie...

Page 69: ...arameters process Displays the current CPU and memory usage of system processes cpu Displays the amount of CPU usage memory Displays the amount of memory being used on the system disk Displays the hard disk usage by folder mgmt Displays the system management settings uptime Displays the amount of time the system has been running continuously info Displays the information on various processes run b...

Page 70: ...ow time command to display the system time show time Parameters None Examples The following example displays the system time and time server settings WLC siemens com show time Fri Mar 14 11 49 24 EDT 2014 show time config Use the show time config command to display the system time and time server settings show time config Parameters None Examples The following example displays the system time and ...

Page 71: ...d Interface name is the name of any topology with L3 configuration Physical Admin B AC or Routed Examples Example code is not currently available show traffic_capture Use the show traffic_capture command to display the status of traffic capture show traffic_capture Parameters None Examples The following is the example of the status display when the traffic capture is running WLC siemens com show t...

Page 72: ... 0003 1 rue flash show upgrade_backup_dest Use the show upgrade_backup_dest command to display the settings of FTP server where the controller s existing image is backed up show upgrade_backup_dest Parameters None Examples WLC siemens com show upgrade_backup_dest upgrade_backup_dest 192 168 4 181 admin abc123 backupClone tgz show upgrade_history Use the show upgrade_history command to display the ...

Page 73: ... 4 10 admin abc123 rpms AC MV 07 41 03 0003 1 gxs show users Use the show uses command to display the user and administrator accounts defined on the Wireless Appliance show users Parameters None Examples The following example displays the users defined on the Wireless Appliance WLC siemens com show users ID Privilege admin admin test admin show vnsmode Use the show vnsmode command to display all V...

Page 74: ...iemens com show vnsmode radius Strict disable Radius MAC format 1 XXXXXXXXXXXX Name IP address Protocol Retries Timeout Ports Priority Auth Acct Auth Acct Auth Acct Auth Acct IAS 192 0 1 202 PAP 3 3 5 5 1812 1813 4 4 Lab 134 14 12 23 PAP 3 3 5 5 1812 1813 1 1 test radius 10 10 10 10 PAP 3 3 5 5 1812 1813 5 5 show web Use the show web command to display the web timeout time in minutes the time afte...

Page 75: ...boot tech_support Use the tech_support command to create compressed technical support files containing system information Use the no form of the command to delete them Use show tech_support to display a list of technical support files created on the system For more information see show tech_support on page 69 tech_support ap nostats ac log all filename no tech_support filename number Parameters ap...

Page 76: ...G commands Tech_support backup complete The following example deletes a tech support file by name WLC siemens com no tech_support tech_ap tar gz Successfully deleted file tech_ap tar gz traceroute Use the traceroute command to perform a traceroute to a specified IP address Optionally you can specify the source interface traceroute source interface name number id IP Address Parameters source interf...

Page 77: ...18 ms The following example performs a traceroute specifying the source interface by number WLC siemens com traceroute source interface number 2 192 168 3 12 traceroute to 192 168 3 12 192 168 3 12 from 10 1 0 1 30 hops max 38 byte pa ckets 1 ac_esa_port_0 10 1 0 1 3001 190 ms H 3000 825 ms H 3000 581 ms H upgrade ac Use the upgrade ac command to upgrade the controller software The upgrade ac comm...

Page 78: ... 0003 1 rue In the following example the rue image file for the WLC711 was downloaded prior to running the upgrade command and the existing os image is backed up to a remote ftp server WLC siemens com upgrade ac AC MV 09 12 01 0067 1 rue bckto ftp In the following example the upgrade image is downloaded from the remote ftp server WLC siemens com upgrade ac ftp In the following example the upgrade ...

Page 79: ...software image on the remote ftp server upgrade_backup_dest server user password dir file Parameters server The FTP server where the backup image will be created user The user name to access the FTP server password The password to access the FTP server dir The directory where the new software image is located file The file name that you want to assign to the backup image Example The following exam...

Page 80: ...er dir The directory where the new software image is located file The file name of the software image Example The following example locates the new software image on the remote server WLC siemens com upgrade_image_src 192 168 4 10 test abc123 ac rpm build09 12 01 0067 AC MV 09 12 01 0067 1 txe root Commands upgrade_image_src SCALANCE WLC711 CLI Reference Guide 80 ...

Page 81: ...ontext for AP configuration Commands for configuration of specific AP models such as 11n or 37xx are located in the defaults on page 86 context and commands for configuration of individual APs by serial number are located in the serial on page 105 context AP Common Commands on page 107 Commands that are common in multiple contexts are listed and described as AP Common Commands on page 107 Radio Co...

Page 82: ...s command to modify the registration status of Wireless APs on the system The access command is accessible from the ap context of the CLI access ap_serial release pending approved reboot foreign sensor force If rehoming is enabled the command to change a local AP to a Foreign AP is access ap_serial foreign The command to change a foreign AP to a Local AP is access ap_serial approved Parameters ap_...

Page 83: ... list are allowed to associate with the AP a whitelist The blacklist command is accessible from the ap context of the CLI The following commands are available in the ap blacklist context export on page 83 import on page 84 mac on page 84 mac list mode on page 85 export Use the export command to export the current MAC address list to a file The export command is accessible from the ap blacklist con...

Page 84: ...nd to add a new MAC address an IAB Individual Address Block or an OUI Organizationally Unique ID to the MAC address list Use the no form of the command to remove an address from the MAC address list The mac command is accessible from the ap blacklist context of the CLI mac MAC Address mask no mac MAC Address mask Parameters MAC Address Specifies the MAC address to be added to the MAC address list ...

Page 85: ...owing only clients on the list access to the AP Usage If you change the mode from blacklist to whitelist all existing MAC addresses on the list will be erased Use the show command to list the current mode and entries in the MAC address list Examples This example shows the system prompt printed when changing from black mode to white mode WLC siemens com ap blacklist mac list mode white Change addre...

Page 86: ...ts 11n context ap37xx on page 87 See for commands in the ap defaults ap37xx context ap38xx on page 87 See ap38xx for commands in the ap defaults ap38xx context ap3801 See ap3801 for commands in the ap defaults ap3801 context assign on page 88 See assign for commands in the ap defaults context dualband on page 89 See for commands in the ap defaults dualband context learnac on page 90 aclist on page...

Page 87: ...n page 109 lbs status on page 109 led mode on page 110 lldp on page 111 persistent on page 111 poll_timeout on page 112 radio1 on page 112 See Radio Commands on page 117 for commands in the radio1 contexts radio2 on page 114 See Radio Commands on page 117 for commands in the radio2 contexts secure tunnel on page 115 secure tunnel lifetime on page 115 ssh show on page 116 ap38xx The ap38xx command ...

Page 88: ...on page 108 client_session on page 108 country on page 109 ipmcast assembly on page 109 lbs status on page 109 led mode on page 110 lldp on page 111 persistent on page 111 poll_timeout on page 112 radio1 on page 112 See Radio Commands on page 117 for commands in the radio1 contexts radio2 on page 114 See Radio Commands on page 117 for commands in the radio2 contexts secure tunnel on page 115 secur...

Page 89: ... ap command to enable the application of default WLAN assignments to foreign APs The wlans list command is accessible from the ap defaults context of the CLI wlans foreign ap enable disable Parameters enable Specifies that default WLAN assignments are applied to foreign APs disable Specifies that default WLAN assignments are not applied to foreign APs Examples The following example enables the app...

Page 90: ...information see aclist on page 146 If you disallow the Wireless AP from providing its own WLC Search List and do not specify the controller s static IP address the Wireless AP uses the SLP to discover the controller After you run the learnac command run the apply command to implement the changes learnac no learnac Parameters None Examples The following example allows each Wireless AP to provide it...

Page 91: ...maximum power values are to be uploaded user The user name to access the FTP server dir The directory on the FTP server where the file containing the Wireless AP channel and maximum power values are to be stored file_name The name of the file that contains the Wireless AP channel and maximum power values Examples The following example exports the DRM settings to a FTP server WLC siemens com ap exp...

Page 92: ...name 0500006072051287 radio radio1 radio2 SN 0500006092051708 name 0500006092051708 radio radio1 radio2 SN 7000001222222222 name 7000001222222222 radio radio1 radio2 lab 112 f ap load groups The load groups command moves you to the load groups context which contains commands to configure Wireless AP load balancing groups The load groups command is accessible from the ap context of the CLI The foll...

Page 93: ...oup and only for the WLANs assigned to the group This is different from load control in the radio type group load control APs make decisions in isolation from each other The number of load groups you can create on the WLC711 is 8 Each load group can contain up to 32 Wireless APs For information about assigning a Wireless AP to a load group see assign radio on page 94 Examples The following example...

Page 94: ...ignment You are prompted to confirm the new assignment Examples Example code is not currently available assign radio Use the assign radio command to assign AP radios to the named client load group You can also use this command to unassign the AP radios from the named client load group The assign radio command is accessible from the ap load groups named load group context of the CLI for groups of t...

Page 95: ... named Lab45 WPA to the client load group named clientgroup1 WLC siemens com ap load groups clientgroup1 assign wlan add Lab45 WPA bandpreference Use this command to enable or disable the band preference feature for all APs in a radio type load group The bandpreference command is accessible from the ap load groups named load group context of the CLI for the radio type of load group bandpreference ...

Page 96: ...ands are create Create load group delete Delete load group end Return to the base mode exit Return to the previous mode if not in the base mode lg_lab Configure details for load group lg_lab logout Exit the shell show WLC siemens com ap load groups lg_lab WLC siemens com load groups lg_lab radio load Use this command to configure the maximum number of clients for each radio when the radio load con...

Page 97: ...vidually radio1 loadcontrol enable disable Parameters enable disable Enables or disables the load control function on Radio1 Usage For access to this command the load group must be defined as a radio type load group Example The following example enables load control on Radio1 WLC siemens com ap load groups radiogroup1 radio1 loadcontrol enable radio2 loadcontrol Use the radio2 loadcontrol command ...

Page 98: ...limits on Radio1 Usage Radio Load Control must be enabled for this radio before this command can take effect Example The following example enables strict load limiting on Radio1 WLC siemens com ap load groups radiogroup1 radio1 strictlimit enable radio2 strictlimit Use the radio2 strictlimit command to enable or disable strict enforcement of load limits on Radio2 when Radio Load Control is active ...

Page 99: ...load groups radiogroup1 show Load Group ID radiogroup1 Group Type radio WLAN Assignment WLAN Name Assigned aaaa x Band Preference disable Load Control disable Maximum clients for radio1 radio2 112 112 Radio Assignment Radio1 Radio2 AP Name 0500008043050236 show Use the show command to display a list of the load groups configured on the Wireless Appliance The show command is accessible from the ap ...

Page 100: ...o the previous mode frequency Configures AP log collection frequency per day logout Logs out show Displays settings Examples The following example enables AP log collection WLC siemens com ap logs collection enable maintenance The maintenance command allows for upgrading a Wireless AP s software image The maintenance command is accessible from the ap context of the CLI upgrd Use the upgrd command ...

Page 101: ...mens com ap maintenance upgrd control registration The registration command refers to context ap registration which describes commands to configure registration options for connected Wireless APs The registration command is accessible from the ap context of the CLI The following commands are available in the ap registration context cluster encryption on page 101 cluster shared secret on page 102 d...

Page 102: ...reless AP will wait for a predetermined amount of time between attempts to register with the Wireless Appliance The dinterval command is accessible from the ap registration context of the CLI dinterval 1 10 Parameters 1 10 Specifies the amount of time in seconds between attempts to register with the Wireless Appliance Examples The following example sets the time interval between registration attem...

Page 103: ...net password with the ssh password Examples The following example assigns password thisistelnetpassword WLC siemens com ap registration passwd thisistelnetpassword security Use the security command to allow only approved Wireless APs to connect to the Wireless Appliance Use the no form of the command to allow all Wireless APs to connect to it The security command is accessible from the ap registra...

Page 104: ...meters mac Indicates that a MAC address will be specified MAC Specifies the MAC address mip Indicates that an IP address will be specified MIP Specifies the IP address Examples The following example removes a client from the Wireless AP by specifying its MAC address WLC siemens com ap remove client mac 00 12 F0 81 A4 62 The following example removes a client from the Wireless AP by specifying its ...

Page 105: ...nt on the Wireless AP by specifying its User ID CNL205 ap search muser mschap 00 12 F0 81 A4 62 172 28 209 251 mschap serial Use the serial command to add a Wireless AP to the Wireless Appliance The serial command is accessible from the ap context of the CLI serial ap serial number name hardware type ap role description Parameters ap serial number Specifies the serial number of the Wireless AP nam...

Page 106: ...y on page 109 desc on page 149 ipmcast assembly on page 109 unique_224 lbs status on page 109 led mode on page 110 leftantenna radio1 leftantenna radio2 on page 150 lldp on page 111 location on page 150 middleantenna radio1 on page 151 middleantenna radio2 on page 152 move on page 152 name on page 153 persistent on page 111 poll_timeout on page 112 port setting on page 153 professional_antenna on ...

Page 107: ...o1 on page 112 See Radio Commands on page 117 for commands in the radio1 contexts radio2 on page 114 See Radio Commands on page 117 for commands in the radio2 contexts secure tunnel on page 115 secure tunnel lifetime on page 115 show on page 116 ssh telnet on page 117 balanced power Use the balanced power command to enable the power settings so they apply to all channels in the channel list balanc...

Page 108: ... bcast_disassoc no bcast_disassoc Parameters None Examples The following disassociates clients from the Wireless AP WLC siemens com ap defaults 11n bcast_disassoc client_session Use the client_session command to enable users to maintain client sessions in the event of a poll failure Use the no form of the command to disable the feature The client_session command is accessible from the ap serial an...

Page 109: ...sembly command to enable or disable AP IP multicast assembly IP multicast assembly is accessible from the ap serial ap defaults 11n ap37xx ap38xx and ap3801 contexts of the CLI ipmcast assembly enable disable Parameters enable Enables IP multicast assembly for the current AP context disable Disables IP multicast assembly for the current AP context Example The following example enables IP multicast...

Page 110: ...ormal Identifies the AP status at all times while the AP is powered on off Displays fault patterns only LEDs do not light when the AP is fault free and the discovery is complete wds signal Indicates the WDS signal strength as a bar graph This setting helps to align external antennas in WDS deployments by correlating the WDS link RSS with the LED pattern Use this setting only if the AP is participa...

Page 111: ...LDP for the default Wireless AP configuration with an announcement interval of 30 seconds and an announcement delay of 2 WLC siemens com ap defaults 11n lldp 30 2 If SNMP is enabled to publish on the Wireless Appliance and you enable LLDP the following message is displayed WARNING SNMP is set to publish How Do you wish to continue C Cancel P Proceed O Disable SNMP publishing and proceed Type one o...

Page 112: ...ts of the CLI After you run the poll_timeout command run the apply command to implement the change in poll timeout value poll_timeout value Parameters value Specifies the amount of time in seconds to wait for a response from the Wireless Appliance before rebooting The range for poll_timeout value is from 3 to 600 unless the controller is in an availability pair without fast failover enabled Exampl...

Page 113: ...on page 129 n_aggr_mpdu on page 130 n_aggr_mpdu_max on page 130 n_aggr_mpdu_max_subframes on page 131 n_aggr_msdu on page 131 n_chlwidth on page 131 n_guardinterval on page 132 n_pbthreshold on page 132 n_pmode on page 133 n_ptype on page 133 nonUnicastQuota on page 134 optimized mcast on page 134 pmode on page 134 prate on page 135 preamble on page 135 probe suppression on page 136 ptype on page ...

Page 114: ...2 domain on page 123 dtim on page 123 force disassociate frag on page 124 hwretries on page 124 ldpc on page 125 max distance on page 126 maxbrate on page 125 maxoprate on page 126 mcast adaptable on page 127 mcast2ucast on page 127 minbrate on page 127 mode on page 128 n_addba_support on page 129 n_aggr_mpdu on page 130 n_aggr_mpdu_max on page 130 n_aggr_mpdu_max_subframes on page 131 n_aggr_msdu...

Page 115: ...er debug Enables tunnel in debug mode which preserves keys without encryption Usage If enabling a secure tunnel specify the type of traffic this tunnel will encrypt and carry control traffic or control and data traffic Secure tunneling can also be used for debug mode keys are preserved without encryption Note For some AP models the data option is not available Example The following example enables...

Page 116: ...e tunnel lifetime 24 show Use the show command to display AP information The show command is accessible from the ap serial and ap defaults 11n ap37xx ap38xx ap3801 and professional antenna contexts of the CLI show Parameters None Examples The following example displays 802 11n AP information WLC siemens com ap defaults 11n show ssh enabled poll_timeout 22 client_session no persistent no bcast_disa...

Page 117: ...i Omni Radio 2 Middle Antenna Type PRO AI DX02360 AG 2dBi Omni Radio 2 Right Antenna Type PRO AI DX07025 AG 7dBi 27 30deg telnet Use the telnet command to enable telnet access to the Wireless AP Use the no form of the command to disable it The telnet command is accessible from the ap dualband std and ap serial contexts of the CLI telnet no telnet Parameters None Example The following example enabl...

Page 118: ...ge 127 mode on page 128 n_addba_support on page 129 n_aggr_mpdu on page 130 n_aggr_mpdu_max on page 130 n_aggr_mpdu_max_subframes on page 131 n_aggr_msdu on page 131 n_chlwidth on page 131 n_guardinterval on page 132 n_pbthreshold on page 132 n_pmode on page 133 n_ptype on page 133 nonUnicastQuota on page 134 optimized mcast on page 134 pmode on page 134 prate on page 135 preamble on page 135 prob...

Page 119: ...nge antsel left left middle left middle right Parameters left Specifies the use of the left antenna on the AP left middle Specifies the use of the left middle antenna combination on the AP left middle right Specifies the use of the left middle right antenna combination on the AP Usage The antenna options available depend on the type of AP and the radio Example The following example depicts Radio 2...

Page 120: ...s example sets the attenuation value to 10 for the AP 0409920201204003 radio2 context WLC siemens com ap 0409920201204003 radio2 att 10 WLC siemens com ap 0409920201204003 radio2 apply beaconp Use the beaconp command to set time units between beacon transmissions The beaconp command is accessible from all radio contexts of the CLI After you run the beaconp command run the apply command to implemen...

Page 121: ... ap 1313254259510000 radio1 ch Usage ch Auto 36 40 44 48 52 56 60 64 100 104 108 112 149 153 157 161 Auto 36 5180 5200 5220 5240 13 5dBm 40 5180 5200 5220 5240 13 5dBm 44 5180 5200 5220 5240 13 5dBm 48 5180 5200 5220 5240 13 5dBm 52 5260 5280 5300 5320 15 5dBm 56 5260 5280 5300 5320 15 5dBm 60 5260 5280 5300 5320 15 5dBm 64 5260 5280 5300 5320 15 5dBm 100 5500 5520 5540 5560 15 5dBm 104 5500 5520 ...

Page 122: ...l contexts of the CLI divrx best left right Parameters best left right Specifies the antenna for selection Example The following example selects the right antenna WLC siemens com ap defaults dualband radio1 divrx right divtx Use the divtx command to select the best signal from the pair of diversity antennas for the transmission of packets to client devices Select alternate to alternate between bot...

Page 123: ...IM period The dtim command is accessible from all radio contexts of the CLI dtim value Parameters value Specifies the DTIM period in beacon intervals The range for the dtim value is from 1 to 255 beacon intervals Example The following example sets the Delivery Traffic Indication Message period to 2 beacons WLC siemens com ap defaults 11n radio2 dtim 2 force disassociate Use the force disassociate ...

Page 124: ... siemens com ap defaults 11n radio2 frag 1500 hwretries Use the hwretries command to set the number of retries for background transmission queue best effort transmission queue video transmission queue voice transmission queue and turbo voice transmission queue The hwretries command is accessible from the defaults dualband ap defaults std and ap serial radio contexts of the CLI You can set each par...

Page 125: ...mmand is accessible from the ap defaults ap37xx ap38xx and ap3801 radio and ap serial radio contexts of the CLI ldpc enable disable Parameters enable Enables LDPC on this radio disable Disables LDPC on this radio Example The following example enables LDPC on Radio 2 WLC siemens com ap defaults ap37xx radio2 ldpc enable maxbrate Use the maxbrate command to configure the maximum basic rate The maxbr...

Page 126: ...Parameters value Specifies the maximum distance between APs in meters The default is 100 meters You can enter a value from 100 to 15000 meters Example The following example sets the maximum distance between APs to 1500 meters WLC siemens com ap defaults 11n radio2 max distance 1500 maxoprate Use the maxoprate command to set the maximum operational rate The maxoprate is accessible from the defaults...

Page 127: ...and to configure multicast to unicast delivery The mcast2ucast command is accessible from the ap defaults std 11n dualband and ap38xx and all radio1 and radio2 contexts of the CLI mcast2ucast disabled auto Parameters auto Multicast to unicast delivery is automatic on this radio disabled Multicast to unicast delivery is disabled on this radio Example The following example makes multicast to unicast...

Page 128: ...de for radio 2 to g then sets the minimum basic data rate to 12 Mbps WLC siemens com ap defaults 11n radio2 mode g WLC siemens com ap defaults 11n radio2 minbrate 12 mode Use the mode command to set the radio options for the radio context The mode command is accessible from all radio contexts of the CLI Depending on the radio mode you select some of the radio settings may not be available for conf...

Page 129: ...he associated clients depending on the radio The AP does not transmit or receive 11b rates bg Enables both the 802 11g mode and the 802 11b mode If enabled the AP uses 11b CCK and 11g specific OFDM rates with all of the associated clients The AP does not transmit or receive 11n rates bgn Enables b g n modes If enabled the AP uses all available 11b 11g and 11n rates Examples The following example e...

Page 130: ...lts 11n radio2 no n_aggr_mpdu n_aggr_mpdu_max Use the n_aggr_mpdu_max command to specify the maximum length of the aggregate MPDU The n_aggr_mpdu_max is accessible from the ap defaults 11n ap37xx ap38xx ap3801 and ap serial radio and ap38xx and serial contexts of the CLI for those APs that support it n_aggr_mpdu_max value Parameters value The maximum size in bytes for an aggregate MPDU The range o...

Page 131: ...ble the use of aggregate MSDUs Use the no command to disable the use of aggregate MSDUs The n_aggr_msdu command is accessible from the ap defaults 11n ap37xx ap38xx ap3801 and ap serial radio and ap38xx and serial contexts of the CLI for those APs that support it n_aggr_msdu no n_aggr_msdu Parameters None Example The following example disables the aggregate MSDU WLC siemens com ap defaults 11n rad...

Page 132: ...erial radio and ap38xx and serial contexts of the CLI for those APs that support it n_guardinterval short long Parameters short Specifies a short guard interval long Specifies a short guard interval Example The following example sets the long guard interval WLC siemens com ap defaults 11n radio2 n_guardinterval long n_pbthreshold Use the n_pbthreshold command to specify the extension channel thres...

Page 133: ...to selected Example The following example enables the protection mode with the always option WLC siemens com ap defaults 11n radio2 n_pmode always n_ptype Use the n_ptype command to specify the 40 MHz protection type whether CTS RTS or none The n_ptype command is accessible from the ap defaults 11n ap37xx ap38xx ap3801 and ap serial radio and ap38xx and serial contexts of the CLI for those APs tha...

Page 134: ...tQuota 50 optimized mcast Use the optimized mcast command to enable or disable the optimized multicast feature The optimized mcast command is accessible from the 11n ap37xx ap38xx ap3801 dualband std and serial radio1 and radio2 contexts of the CLI optimized mcast enable disable Parameters enable Enables the optimized multicast feature on this radio disable Disables the optimized multicast feature...

Page 135: ...xts of the CLI when radio mode includes g e g g b g b g n or n strict prate 1 2 5 5 11 Parameters 1 2 5 5 11 Specifies the Protection Rate in Mbps Example The following example adjusts the Protection Rate to 5 5 Mbps WLC siemens com ap defaults 11n radio2 prate 5 5 preamble Use the preamble command to set the preamble type The preamble command is accessible from all ap radio2 contexts of the CLI p...

Page 136: ...m clients that are associated are not responded to if the client s averaged RSS after including the Probe Request is less than the RSS threshold If force disassociate is enabled associated clients are sent Disassociate if the averaged RSS is less than RSS threshold minus 5dBm Example The following example enables probe suppression on radio 1 of AP 1111111111113705 WLC siemens com ap 11111111111137...

Page 137: ...the client s averaged RSS after including the Probe Request is less than the RSS threshold Example The following example sets the RSS threshold on radio 1 of AP 1111111111113705 to 80 dBm WLC siemens com ap 1111111111113705 radio1 rss threshold 80 rts Use the rts command to specify the size of the Request to Send RTS threshold The rts command is accessible from all radio contexts of the CLI rts va...

Page 138: ...command is accessible from all ap radio contexts of the CLI The tx_adjust_power command is available only when Auto Tx Power Ctrl ATPC is enabled tx_adjust_power value Parameters value Specifies the value in dB Example The following example sets the Tx power adjust level to 0 dB WLC siemens com ap defaults ap37xx radio1 tx_adjust_power 0 txbf Use the txbf command to enable or disable the 11n advan...

Page 139: ...le sets the maximum Tx power level to 18 dBm WLC siemens com ap defaults 11n radio2 tx_max_power 18 tx_min_power Use the tx_min_power command to specify the minimum Tx power level The tx_min_power command is accessible from the ap defaults 11n ap37xx ap38xx ap3801 dualband std and ap serial radio1 and radio2 contexts of the CLI The tx_min_power is available only when Auto Tx Power Ctrl ATPC is ena...

Page 140: ... of the CLI The parameters available in the channel_plan command are determined by the setting of the mode command in the same radio context Syntax 11n 4102 ap37xx ap38xx ap3801 dualband std and serial radio1 channel_plan all non dfs all channel channel Parameters all non dfs Radio 1 uses all non DFS channels all Radio 1 uses all channels channel channel Radio 1 uses the channels that are listed s...

Page 141: ...tes an alarm and changes the channel if the noise and interference levels on the current channel exceed their thresholds mode off monitor active Parameters off Disables DCS monitor Monitors the noise and interference on the current channel active Enables DCS Example The following example sets DCS to active mode WLC siemens com ap defaults ap37xx radio1 dcs mode active noise_threshold Use the noise...

Page 142: ...e following example sets the DCS Channel Occupancy Threshold to 10 per cent WLC siemens com ap defaults ap37xx radio1 dcs occupancy_threshold 10 radio_channels Use the radio_channels command to display the list of available radio channels for auto channel selection ACS The radio_channels command is accessible from all dcs contexts of the CLI radio_channels Parameters None Examples WLC siemens com ...

Page 143: ...ess AP triggers ACS The update_period command is accessible from 11n ap37xx ap38xx ap3801 dualband std and serial dcs contexts of the CLI update_period period Parameters period Specifies the time period measured in minutes during which the Wireless AP averages the DCS noise threshold and DCS channel occupancy threshold measurements If either one of these thresholds is exceeded then the Wireless AP...

Page 144: ... setting on page 153 professional_antenna on page 153 real_capture rightantenna radio1 on page 154 rightantenna radio2 on page 155 secure tunnel on page 115 secure tunnel lifetime on page 115 show on page 116 tunnel mtu usedhcp on page 155 vlanid on page 156 wlan on page 156 zone on page 156 802_1x The 802_1x command refers to 802_1x context that describes commands to configure 802 1x authenticati...

Page 145: ...de authentication configuration The gen_certreq command is accessible from the ap serial 802_1x context of the CLI gen_certreq cn location country state city organization name unit emailemail_addr key size 1024 2048 Parameters cn Common name that you want to assign to the Wireless AP location Keyword indicating that the next three parameters specify the location where the Wireless AP is operating ...

Page 146: ...d to remove any IPs either by address or by rank IP addresses removed from the Wireless Appliance list are replaced in rank by the next listed IP address Use the show function to list the added Wireless Appliance IPs by rank The aclist command is accessible from the ap serial context of the CLI It is also available from ap defaults if learnac is disabled no learnac in that context aclist IP Addres...

Page 147: ...ailable are dependent on the AP type antennaleft antenna_model Parameters antenna_model Model name of an antenna supported by the Wireless AP Examples This example lists the valid antenna models that can be entered with this command then executes the command with an appropriate model number WLC siemens com ap 0500010032150135 antennaleft Usage antennaleft antenna_model antenna_model list of valid ...

Page 148: ...t antenna To display a list of the available antenna models enter the command without arguments The antennaright command is accessible from the ap serial context of the CLI The antenna commands available are dependent on the AP type antennaright antenna_model Parameters antenna_model Model name of an antenna supported by the Wireless AP Examples This example lists the valid antenna models that can...

Page 149: ... Use the bgway command when statically configuring a Wireless AP In order to statically configure a Wireless AP you must first run the no usedhcp command The bgway command is accessible from the ap serial context of the CLI bgway xxx xxx xxx xxx Parameters xxx xxx xxx xxx Specifies the default gateway of the network Example WLC siemens com ap 7000001222222222 bgway 10 205 3 2 desc Use the desc com...

Page 150: ...eftantenna radio2 antenna_model Parameters antenna_model Model name of an antenna supported by the Wireless AP Examples This example lists the valid antenna models that can be entered with this command then executes the command with an appropriate model number WLC siemens com ap 0500010032150135 leftantenna radio2 Usage leftantenna radio2 antenna_model antenna_model list of valid antenna models No...

Page 151: ...els that support the Professional Install feature middleantenna radio1 is also accessible from the ap serial professional_antenna context The antenna commands available are dependent on the AP type middleantenna radio1 antenna_model Parameters antenna_model Model name of an antenna supported by the Wireless AP Examples This example lists the valid antenna models that can be entered with this comma...

Page 152: ...lists the valid antenna models that can be entered with this command then executes the command with an appropriate model number WLC siemens com ap 0500010032150135 middleantenna radio2Usage middleantenna radio2 antenna_model antenna_model list of valid antenna models WS ANT01 AG 4dBi Omni Factory No Antenna WLC siemens com ap 0500010032150135 middleantenna radio2 WS ANT01 AG 4dBi Omni Factory This...

Page 153: ...rnet port The port setting command is accessible from the ap serial context of the CLI port setting auto half full 10 100 Parameters auto Auto negotiate speed and duplex mode half full Half or full duplex mode 10 100 10Mbps or 100Mbps Ethernet Example The following example sets the Ethernet port on the AP to auto WLC siemens com ap 0500008043050212 port setting auto professional_antenna The profes...

Page 154: ...1 command is accessible from the ap serial context of the CLI Additionally for AP models that support the Professional Install feature rightantenna radio1 is also accessible from the ap serial professional_antenna context The antenna commands available are dependent on the AP type rightantenna radio1 antenna_model Parameters antenna_model Model name of an antenna supported by the Wireless AP Examp...

Page 155: ... of an antenna supported by the Wireless AP Examples This example lists the valid antenna models that can be entered with this command then executes the command with an appropriate model number WLC siemens com ap 0500010032150135 rightantenna radio2 Usage rightantenna radio2 antenna_model antenna_model list of valid antenna models No Antenna WS AO 2S03360 G 3 5 dBi Omni WLC siemens com ap 05000100...

Page 156: ...N service You can also use this command to unassign the AP s radios from the specified WLAN service The wlan command is accessible from the ap serial context of the CLI wlan wlans name radio1 radio2 both none Parameters wlans name The WLAN service to which you want to assign the AP s radios or from which you want to unassign the AP s radios radio1 radio2 both none Specifies the radios that you wan...

Page 157: ... to Newbury WLC siemens com ap 0500008043050212 zone Newbury WLC siemens com ap 0500008043050212 show Policy Zone Newbury SW Version 08 11 01 0055 Hardware Type Wireless AP2620 1 External Tunnel Type unsecured Wired MAC Address 00 0F C8 F0 1B 3C Home LOCAL Static IP Address 10 201 0 172 Status APPROVED Port ap Commands zone SCALANCE WLC711 CLI Reference Guide 157 ...

Page 158: ...bo frames on page 158 show named LAG port on page 159 See for commands in the l2ports named LAG port context esaN The esaN command moves you into the context l2ports esaN where variable N refers to the physical data port number This context contains the port command which enables or disables ports jumbo frames Use the jumbo frames command to enable or disable jumbo frames on all Layer 2 ports on t...

Page 159: ...The following commands are available in the l2ports named LAG port context lag member on page 159 port on page 160 lag member Use the lag member command to attach or detach an L2 port to or from the link aggregation The lag member command is accessible from the l2ports named LAG port context lag member add delete L2 port name Parameters add Attaches the specified port to the link aggregation delet...

Page 160: ...t for this context disable Disables the administration status for the port for this context Examples The following example enables the administration status of lag member ports in an l2ports lag1 context WLC siemens com l2ports WLC siemens com l2ports lag1 WLC siemens com l2ports lag1 port enable WLC siemens com l2ports lag1 apply WLC siemens com l2ports lag1 show Admin enable WLC siemens com l2po...

Page 161: ...xt route Use the route command to add routing information Use the no forms of the command to disable the information Use show routes to display the routing table For more information see show routes on page 64 route IP Address netmask gateway float nofloat route IP Address netmask gateway float nofloat route default gateway float nofloat no route IP Address no route default no route routeId Parame...

Page 162: ...e from the routing table WLC siemens com ip no route default The following example removes an IP address from the routing table by its index number WLC siemens com ip no route 12 ospf The ospf command is associated with the context ip ospf which contains commands to configure global settings for the Open Shortest Path First OSPF protocol on a network The following commands are available in the ip ...

Page 163: ...mal OSPF area stub Selects the Stub area nssa Selects the Not So Stubby area Examples The following example sets the OSPF area type to a Stub area WLC siemens com ip ospf areatype stub routerid Use the routerid command to identify the IP address of the router originating Open Shortest Path First OSPF packets routerid IP Address Parameters IP Address Specifies the IP address of the router originati...

Page 164: ... command does not appear on the ip ospf context command list you must use the status command to enable OSPF The following commands are available in the ip ospf ospfinterface context add ospf interface on page 164 delete ospf interface on page 165 add ospf interface Use the add ospf interface command to create a named ospfinterface The add ospf interface command is available from the ip ospf ospfin...

Page 165: ...nterface command where named ospfinterface refers to the name of a given ospfinterface moves you into the ospfinterface named ospfinterface context which contains commands to configure the settings of the specified individual ospfinterface The following commands are available in the ip ospf ospfinterface named ospfinterface context authkey on page 165 authtype on page 166 deadinterval on page 166 ...

Page 166: ...LC siemens com ip ospf ospfinterface top1 authtype password deadinterval Use the deadinterval command to set the amount of time the OSPF protocol will wait for a response before assuming peer devices are unreachable deadinterval 1 65535 Parameters 1 65535 Specifies the time interval in seconds the OSPF protocol will wait for a response Examples The following example sets the time to wait for a pac...

Page 167: ... to 10 WLC siemens com ip ospf ospfinterface top1 linkcost 10 retransmitinterval Use the retransmitinterval command to set the amount of time the port waits before it attempts to retransmit outgoing packets retransmitinterval 1 65535 Parameters 1 65535 Specifies the time interval in seconds Examples The following example sets the retransmission time interval to five seconds WLC siemens com ip ospf...

Page 168: ...ospfinterface top1 status enable transmitdelay Use the transmitdelay command to set the delay time before initiating transmission transmitdelay 1 65535 Parameters 1 65535 Specifies the amount of time in seconds Examples The following example sets the delay time for transmission to one second WLC siemens com ip ospf ospfinterface top1 transmitdelay 1 ip Commands transmitdelay SCALANCE WLC711 CLI Re...

Page 169: ...authentication RADIUS based authentication first then local authentication Local authentication is enabled by default If the administrator chooses to use the RADIUS based login all password policy enforcement is delegated to the RADIUS server and the account management features on the CLI are disabled You must test the RADIUS server configuration before configuring a user profile User ID and Passw...

Page 170: ...r command to select a RADIUS server The server command is available from the login auth context server name no server name Parameters Specifies the index number of the RADIUS server to be used name Specifies the name of the RADIUS server to be used Examples The following example selects a radius server by name WLC siemens com login auth server rad2 primary Use the primary command to set the RADIUS...

Page 171: ..._value Specifies the number of times to attempt to access the RADIUS server time_out Specifies the time in seconds to wait for a response from the RADIUS server before trying again NAS_IP Specifies the NAS IP address nas_string Specifies the Network Access Server NAS Identifier PAP CHAP MS CHAP MS CHAP2 Specifies the Authentication Protocol Examples The following example specifies the authenticati...

Page 172: ...th context radtest_login user name password Parameters user name User Name required to log on the controller password Password required to log on the controller Examples The following example tests the RADIUS server s configuration WLC siemens com login auth radtest_login admin abc123 called pam_start 1 got success called pam_authenticate got Success RETURN VALUE 0 resp code 0 Test Result Success ...

Page 173: ...g example sets the login authentication to RADIUS based mode WLC siemens com login auth order add radius WLC siemens com login auth order delete local Changing login mode will cause CLI to terminate Do you want to proceed y n y Login mode has changed CLI will terminate in 5 seconds The following example sets the login authentication to the combination of local authentication first then RADIUS base...

Page 174: ...in move 2 1 WLC siemens com login show 1 authentication method radius 2 authentication method local WLC siemens com login apply Changing login mode will cause CLI to terminate Do you want to proceed y n y Login mode has changed CLI will terminate in 5 seconds show Use the show command to display the currently configured authentication modes and their priorities show Parameters None Examples WLC si...

Page 175: ...ptions for the controller These commands are located in the mitigator context of the CLI All CLI commands cache changes For this reason sometimes when you make a change in a particular context the change may not be visible immediately If this happens you must exit and re enter the context in order to ensure that the database is synchronized with the latest change mitigator Context The following co...

Page 176: ...address of a Remote Data Collection Engine run the apply command to implement the changes wcswip IP Address poll_interval 3 60 retries 0 20 no wcswip IP Address Parameters IP Address Specifies the IP address of the Remote Data Collection Engine poll_interval Specifies the time interval in seconds that the Analysis Engine will poll the Remote Data Collection Engine The values from 3 to 60 are accep...

Page 177: ...e context sgname Use the sgname command to create a scan group Use the no form of the command to delete the scan group The sgname command is accessible from the mitigator scgroup context of the CLI After you add the Wireless APs to the scan group run the apply command to implement the changes sgname scan group name 10 120 dtime 200 5000 radio1 radio2 both channel all current type active passive se...

Page 178: ...ge 188 channel on page 178 dtime on page 178 interval on page 179 name on page 194 radio on page 179 security scan on page 180 start on page 180 show on page 181 type on page 180 channel Use the channel command to modify the Channel List scanning on all channels or on the current channels After you run the channel command run the apply command to implement the change channel all current Parameters...

Page 179: ...ou run the interval command run the apply command to implement the change interval period Parameters period Specifies the scan time interval period in minutes Example The following example modifies the scan time interval to 30 minutes WLC siemens com mitigator scgroup South Block interval 30 WLC siemens com mitigator scgroup South Block apply radio Use the radio command to modify the radio mode to...

Page 180: ...mple enables security scanning WLC siemens com mitigator scgroup South Block security scan enable WLC siemens com mitigator scgroup South Block apply start Use the start command to start any enabled scanning After you run the start command run the apply command to start the scanning start Parameters None Example The following example starts the scanning WLC siemens com mitigator scgroup South Bloc...

Page 181: ...l 0500006072051354 0500006072051427 0500006062051048 0500006062051040 Security Scan enable scprof The scprof command moves you to the scprof context which contains commands to create and delete scan profiles Scan profiles define In service scans for AP37xx and AP38xx series APs The scprof command is accessible from the mitigator context of the CLI For Out of Service scanning of AP37xx and AP38xx s...

Page 182: ...le The following example deletes a scan profile named scp_name WLC siemens com mitigator scprof delete scp_name named scan profile Move to the named scan profile context which contains commands to modify the attributes for a specified scan profile The parameter named scan profile refers to the scan profile s name The named scan profile command is accessible from the mitigator scprof context of the...

Page 183: ... gsprof context create on page 183 delete on page 183 end on page 16 exit on page 17 logout on page 19 show on page 197 named guardian scan profile on page 184 See for commands in the mitigator gsprof named guardian scan profile context create Use the create command to create a guardian scan profile The create command is accessible from the mitigator gsprof context of the CLI create guardian scan ...

Page 184: ...rdian scan profile context adhoc on page 188 aplist on page 188 show on page 197 show on page 197 blacklist timer on page 189 show on page 197 dosa on page 192 drop faf on page 192 external friendly on page 193 external honeypot on page 193 internal honeypot on page 193 adhoc on page 188 name on page 194 spoofed ap on page 196 show on page 197 maintenance The maintenance command moves you to the m...

Page 185: ...tap1 WLC siemens com mitigator maintenance apply The following example deletes the AP with BSSID 11 11 22 22 33 33 from authorized status WLC siemens com mitigator maintenance authorized ap 11 11 22 22 33 33 delete WLC siemens com mitigator maintenance apply friendly ap Use the friendly ap command to add update or remove a friendly AP APs are identified in this context by their BSSID Basic Service...

Page 186: ...dress of the AP desc string An optional alphanumeric character string describing the AP category string The optional category defines the reason the AP is prohibited Valid values are prohibitedap internalhoneypot and externalhoneypot delete Removes the AP identified by the BSSID from prohibited AP status Example The following example makes testap1 with BSSID 11 11 22 22 33 33 prohibited due to the...

Page 187: ...d to display security states of APs managed on this controller This show command is accessible from the mitigator maintenance context of the CLI show authorized friendly prohibited unclassified Parameters authorized friendly prohibited unclassified Specifies the classification of APs you want to display No classification means all four categories are displayed Example The following example display...

Page 188: ...rdian scan profile context of the CLI After you run the adhoc command run the apply command to implement the change adhoc enable disable Parameters enable Enables removal of adhoc clients on this profile from network access disable Disables removal of adhoc clients on this profile from network access Example The following example enables ad hoc client removal WLC siemens com mitigator scprof scp_n...

Page 189: ...dd 500006072051354 WLC siemens com mitigator scprof scp_name apply The following example deletes a Wireless AP with the serial number 500006072051354 from the scan profile WLC siemens com mitigator scprof scp_name aplist delete 500006072051354 WLC siemens com mitigator scprof scp_name apply The following example replaces the Wireless APs in the scan profile with those with the following serial num...

Page 190: ...change channels all none channel channel Parameters all Specifies that all channels be added to the scan profile list none Specifies that no channels be listed in the scan profile channel channel Specifies the channel s by number that are to be added to the scan profile They can be added individually or listed as a comma separated list Usage To delete some channels from the list specify none then ...

Page 191: ...f scp_name classification enable WLC siemens com mitigator scprof scp_name apply concurrent number Use the concurrent number command to configure the maximum number of channels on which a Guardian AP can concurrently launch countermeasures The concurrent number command is accessible from the mitigator gsprof named guardian scan profile context of the CLI After you run the concurrent number command...

Page 192: ...network access Example The following example enables DoS attack client removal WLC siemens com mitigator scprof scp_name dosa enable WLC siemens com mitigator scprof scp_name apply drop faf Use the drop faf command to enable or disable dropping frames in a controlled manner during a flood attack The drop faf command is accessible from the mitigator scprof named scan profile context and the mitigat...

Page 193: ...command to enable or disable prevention of authorized stations from roaming to external honeypot APs The external honeypot command is accessible from the mitigator scprof named scan profile context and the mitigator gsprof named guardian scan profile context of the CLI After you run the external honeypot command run the apply command to implement the change external honeypot enable disable Paramet...

Page 194: ...gator scprof named scan profile context and the mitigator gsprof named guardian scan profile context of the CLI After you run the name command run the apply command to implement the change name profile name Parameters profile name Specifies a profile name in alphanumeric characters Example The following example renames the scp_name scan profile to test22 WLC siemens com mitigator scprof scp_name n...

Page 195: ...rity scan on page 196 rogue enable disable Parameters enable Enables rogue detection for this scan profile disable Disables rogue detection for this scan profile Example The following example enables rogue detection for the scp_name scan profile in service WLC siemens com mitigator scprof in service rogue enable WLC siemens com mitigator scprof in service rogue prevent Use the rogue prevent comman...

Page 196: ...able Enables security scans for rogue APs disable Disables security scans for rogue APs Example The following example enables security scans WLC siemens com mitigator scprof scp_name security scan enable WLC siemens com mitigator scprof scp_name apply spoofed ap Use the spoofed ap command to enable or disable prevention of any station using a spoofed AP The spoofed ap command is accessible from th...

Page 197: ... scan profile context of the CLI show Parameters None Example The following example displays the scan profile scp_name s settings WLC siemens com mitigator scprof scp_name show Profile Name scp_name Security Scan enable Interference Classification disable External Honeypot disable External Friendly enable Internal Honeypot disable Spoofed AP disable Drop Frames FAF disable Adhoc mode removal disab...

Page 198: ...e a change in a particular context the change may not be visible immediately If this happens exit and re enter the context so that the database is synchronized with the latest change The following commands are available in the mobility context backupmanagerip on page 198 mrole on page 199 mport on page 199 mheartbeat on page 199 slpreg on page 200 agent on page 200 secmode on page 201 mdismethod o...

Page 199: ...wing example sets the role of the Wireless Appliance as a Mobility Agent WLC siemens com mobility mrole agent mport Use the mport command to select the port to be used by the Mobility feature mport esaX Parameters esaX Specifies the ESA port where X refers to the port number Examples Example code is not currently available mheartbeat The Wireless Appliance that has the VNManager designation sends ...

Page 200: ...command to disable it slpreg no slpreg Parameters None Examples The following example enables SLP registration WLC siemens com mobility splreg agent Use the agent command to add remove or approve an agent on the network by its IP address when the current controller serves as a mobility manager The role of the Wireless Appliance must be set to Manager before this option becomes available For more i...

Page 201: ...gent on the network WLC siemens com mobility agent backupmgr 10 0 0 1 secmode Use the secmode command to set the Security Mode to allow only approved Agents to connect to the manager or allow all agents to connect secmode approved none Parameters approved Allows only approved agents to connect to the manager none Allows all agents to connect to the manager Examples The following example configures...

Page 202: ... the IP address of the Mobility Manager The role of the Wireless Appliance must be set to Agent before this option becomes available For more information see backupmanagerip on page 198 mmanagerip IP Address Parameters IP Address Specifies the IP address of the VN Manager Examples The following example changes the IP address of the Mobility Manager WLC siemens com mobility mmanagerip 195 160 1 39 ...

Page 203: ...e_backup context of the CLI All CLI commands cache changes For this reason sometimes when you make a change in a particular context the change may not be visible immediately If this happens you must exit and re enter the context in order to ensure that the database is synchronized with the latest change After running the schedule_backup commands you must run the apply command to implement the chan...

Page 204: ...r Use the dir command to specify a directory to contain backup data on the FTP or SCP server dir path Parameters path Specifies the directory path Examples The following example specifies the directory path for backup data WLC siemens com schedule_backup dir home user destdir freq Use the freq command to specify the frequency of software backups freq daily everyday weekday weekly 0 1 2 3 4 5 6 mon...

Page 205: ...ample sets the software backups to occur from Monday to Friday WLC siemens com schedule_backup freq daily weekday The following example sets the software backups to occur every Tuesday and Thursday WLC siemens com schedule_backup freq weekly 2 4 The following example sets the software backups to occur on the 15th day of every month WLC siemens com schedule_backup freq monthly 15 The following exam...

Page 206: ...y the IP address of the destination server for backup data server IP Address Parameters IP Address Specifies the IP address of the FTP or SCP server The IP address can be either IPv4 A B C D or IPv6 A B C D E F G H format Examples The following example sets the IP address of the server receiving backup data WLC siemens com schedule_backup server 192 168 1 17 starttime Use the starttime command to ...

Page 207: ... files will be backed up cdrs Indicates that call detail records will be backed up all Indicates that all configuration call detail records log files audit files and rogue files will be backed up logs Indicates that log files will be backed up audit Indicates that audit files will be backed up Examples The following example indicates that audit files are to be backed up WLC siemens com schedule_ba...

Page 208: ...Examples The following example specifies a username for the server WLC siemens com schedule_backup user admin schedule_backup Commands user SCALANCE WLC711 CLI Reference Guide 208 ...

Page 209: ...ge The following commands are available in the schedule_upgrade context schld_upgrd on page 209 upgrade_backup on page 210 schld_upgrd Use the schld_upgrd command to schedule a local or remote upgrade of the Wireless Appliance s software Use the no form of the command to delete the scheduled upgrade This command is accessible from the schedule_upgrade context Before you schedule a local uprade dow...

Page 210: ...ore the remote upgrade syntax as shown in the following example WLC siemens com schedule_upgrade no schld_upgrd upgrade_backup Use the upgrade_backup command to create a rescue backup of the existing software of the Wireless Appliance on the remote FTP server Use the no form of the command to delete the remote rescue backup The upgrade_backup command is accessible from the schedule_upgrade context...

Page 211: ...d on the FTP server file The file name that you want to assign to the backup image Filename must end with rescue user tgz Examples In the following example the backup image is created on the ftp server WLC siemens com schedule_upgrade upgrade_backup remote 192 168 4 181 admin abc123 myDir backup rescue user tgz In the following example the backup image is created on the external flash WLC siemens ...

Page 212: ...e changes For this reason sometimes when you make a change in a particular context the change may not be visible immediately If this happens you must exit and re enter the context in order to ensure that the database is synchronized with the latest change The following commands are available in the snmp context contact on page 213 context on page 213 enable on page 213 engine id on page 214 locati...

Page 213: ...he context name Examples The following example specifies the SNMPv3 context WLC siemens com snmp context context1 enable Use the enable command to enable and configure SNMP enable none v1v2 v3 contact location rcommunity rwcommunity 1 2 3 4 5 1 65535 Parameters none Disables SNMP v1v2 v3 Enables either SNMPv1 V2 or SNMPv3 contact Specifies the name of the SNMP administrator location Specifies a de...

Page 214: ... id string auto gen Parameters string Specifies the SNMPv3 engine ID for the Wireless Appliance running the SNMP agent The string must be from 5 to 32 characters in length when auto gen is not selected and from 1 to 27 characters when auto gen is selected auto gen Automatically generates the SNMPv3 engine ID from the manually entered string Examples The following example specifies the SNMPv3 engin...

Page 215: ...mens com snmp port 163 publish ap Use the publish ap command to enable or disable SNMP publishing of the access point as an interface to the Wireless Appliance publish ap enable disable Parameters enable disable Enables or disables publishing of the access point as an interface to the controller Examples The following example enables SNMP publishing WLC siemens com snmp publish ap enable If you at...

Page 216: ...ity command to specify the name of the read write community This community allows the modification of stored data on the administrative system rwcommunity string Parameters string Specifies the name used for the read write community Examples The following example sets the name of the read write community WLC siemens com snmp rwcommunity private severity Use the severity command to configure the Wi...

Page 217: ...in the SNMP context WLC siemens com snmp show user User Authentication ProtocolAuth ProtocolPriv Enabled test1 noauthnopriv none none False Refer to user on page 218 for descriptions of the values in the various columns of this output trap manager v1v2 Use the trap manager v1v2 command to identify either the primary or secondary machine monitoring SNMPv1 v2 traps by IP address trap manager v1v2 1 ...

Page 218: ... the machine monitoring SNMPv3 traps The IP address can be either IPv4 A B C D or IPv6 A B C D E F G H format delete Removes the SNMPv3 machine monitoring SNMPv3 traps Examples The following example specifies the IP address of the primary machine monitoring SNMPv3 traps and the SNMPv3 user admin WLC siemens com snmp trap manager v3 1 192 168 1 5 The following example deletes the primary trap manag...

Page 219: ...o use when security level is set to authNoPriv or authPriv DES must be used when the security level is set to authPriv privpassword Specifies the privacy password to use when security level is set to authPriv enable disable Enables or disables an existing user delete Deletes an existing user Examples The following example creates an SNMPv3 user named test with an authPriv security level using MD5 ...

Page 220: ...ppens you must exit and re enter the context in order to ensure that the database is synchronized with the latest change The following commands are available in the syslog context audmsg on page 220 facility on page 221 stationevents on page 221 svcmsg on page 222 syslogip on page 222 audmsg Use the audmsg command to enable service messages Use the no form of the command to disable them audmsg no ...

Page 221: ...erity level to the syslog server 4 Sends the log with the Warning severity level to the syslog server 5 Sends the log with the Notice severity level to the syslog server 6 Sends the log with the Info severity level to the syslog server Example The following example sets the application log level 3 to be sent to the syslog server WLC siemens com syslog facility application 3 Successfully updated ap...

Page 222: ...vice messages WLC siemens com syslog no svcmsg Successfully turned off service messages syslogip Use the syslogip command to configure up to three syslog servers Use the no form of the command to delete a server Use show syslog to display system log levels For more information see show syslog on page 68 syslogip IP Address enable disable no syslogip Parameters Specifies the index number of the sys...

Page 223: ... enables it WLC siemens com syslog syslogip 1 143 23 34 52 enable Successfully updated syslogip 1 The following example deletes the syslog server WLC siemens com syslog no syslogip 1 Successfully removed syslogip 1 syslog Commands syslogip SCALANCE WLC711 CLI Reference Guide 223 ...

Page 224: ...exit and re enter the context in order to ensure that the database is synchronized with the latest change After you run any of the time commands run the apply command to implement the changes The following commands are available in the time context clock on page 224 date on page 225 ntp on page 225 ntpip on page 226 tz on page 226 clock Use the clock command to set the system time The Network Time...

Page 225: ...17 01 2099 ntp Use the ntp command to use the Network Time Protocol NTP Use the no form of the command to disable it If you want to use the external NTP Server configure the NTP Server s IP address by running the ntpip command For more information see ntpip on page 226 ntp 2 3 no ntp 1 2 3 Parameters 2 Specifies to use the external NTP Server to synchronize the network time 3 Specifies to use the ...

Page 226: ...NTP time server Example The following example configures the IP address of an NTP time server and assigns it an index value of 2 WLC siemens com time ntpip 2 192 168 4 89 tz Use the tz command to set time zone information for the Wireless Appliance The Wireless Appliance reboots when the time zone is changed tz continent continent country country region region Parameters continent Specifies the co...

Page 227: ... in order to ensure that the database is synchronized with the latest change The following commands are available in the traffic_capture context file_name on page 227 size on page 228 interface on page 228 delete on page 229 list on page 229 start on page 230 stop on page 230 show on page 231 show interfaces on page 231 file_name Use the file_name command to specify a file name for the TCPDump If ...

Page 228: ...filesize Parameters filesize Specifies the file size of TCPDump file File size can range from 10 MB minimum to a maximum of 1 GB Example The following example specifies the file size of the TCPDump file as 15MB WLC siemens com traffic_capture size 15 interface Use the interface command to specify the interface on which the exception traffic is to be captured interface interfacename Parameters inte...

Page 229: ...following example specifies the file 1 in the TCPDump file capture list to be deleted WLC siemens com traffic_capture delete 1 list Use the list command to display the TCPDump file capture list The list command is accessible from the traffic_capture context of the CLI The files that are stored on the CF card have flash suffixed to their file names For example mgmt_traffic_dump cap flash The files ...

Page 230: ... ports and defined VNS The start command is accessible from the traffic_capture context of the CLI start Parameters None Example The following example specifies to start capturing the exception traffic WLC siemens com traffic_capture start stop Use the stop command to stop capturing the exception traffic to and from the management plane The stop command is accessible from the traffic_capture conte...

Page 231: ...Example Example code is not currently available show interfaces Use the show interfaces command to display the physical and virtual ports for which the exception traffic can be captured The show interfaces command is accessible from the traffic_capture context of the CLI show interfaces Parameters None Example Example code is not currently available traffic_capture Commands show SCALANCE WLC711 CL...

Page 232: ...te user or administrator accounts on the system In conjunction with the id command you must specify and confirm a password for the account The password must be 8 24 alphanumeric characters long id userid admin guestportal readonly Parameters userid Specifies a name for the account admin Sets account type to administrator guestportal Sets account type to guestportal administrator A guest administra...

Page 233: ...ester guestportal Please input password Please confirm password Successfully created user tester pwd Use the pwd command to change the password for a specified account The password must be 8 24 alphanumeric characters long pwd userid Parameters userid Specifies the name of the account Examples The following example changes the password for the account named fred WLC siemens com users pwd fred Plea...

Page 234: ...r commands in the vnsmode adminctr context create on page 241 das on page 242 See for commands in the vnsmode das context default role on page 243 See for commands in the vnsmode default role context delete on page 246 nac on page 246 See for commands in the vnsmode nac context radius on page 249 See for commands in the vnsmode radius context rateprofile on page 262 See for commands in the vnsmode...

Page 235: ...ith the captive portal auto login redirect drop hide Parameters redirect Redirect detection messages to the Captive Portal This option allows client autologin to detect the captive portal and prompt the user to login This option may cause post authentication redirection to fail drop Drop detection messages hide Hides the captive portal from Autologin detector This is the default option This option...

Page 236: ...fairness using this command This command is available in the vnsmode adminctr context flex client access 100 packet mostly packet mixed mostly airtime 100 airtime Parameters 100 packet Specifies 100 packet access to the wireless medium mostly packet Specifies mostly packet access to the wireless medium mixed Specifies mixed access to the wireless medium mostly airtime Specifies mostly airtime acce...

Page 237: ...beffort assoc command is accessible from the vnsmode adminctr context of the CLI max beffort assoc 1 100 Parameters 1 100 Specifies the percentage configured for the Maximum Best Effor BE BW for new streams Examples The following example sets the Maximum Best Effort BE BW for new streams to 50 percent WLC siemens com vnsmode adminctr max beffort assoc 50 max beffort reassoc Use the max beffort rea...

Page 238: ...und reassoc Use the max bground reassoc command to set the Maximum Background BK BW for roaming streams in percent of total The max bground reassoc command is accessible from the vnsmode adminctr context of the CLI max bground reassoc 1 100 Parameters 1 100 Specifies the percentage configured for the Maximum Background BK BW for roaming streams Examples The following example sets the Maximum Backg...

Page 239: ...lement the changes max video reassoc 0 100 Parameters 0 100 Specifies the maximum allowable bandwidth as a percentage of total bandwidth Examples The following example sets the maximum video bandwidth for roaming streams to 60 of total bandwidth WLC siemens com vnsmode adminctr max video reassoc 60 max voice assoc Use the max_voice_assoc command to set the maximum allowed overall bandwidth on an A...

Page 240: ...om vnsmode adminctr max voice reassoc 80 policy invalid action Use the policy invalid action command to configure the global invalid policy action The policy invalid action command is accessible from the vnsmode adminctr context of the CLI policy invalid action default allow deny Parameters default Sets the global invalid policy action to the default allow Sets the global invalid policy action to ...

Page 241: ... vlan id Parameters add update Adds or updates the mapping of the specified vlan id to the specified policy remove Removes the vlan id mapping from the policy vlan id Specifies a VLAN to map to or remove from the specified policy policy name Specifies a policy to which a VLAN is mapped Examples The following example updates the VLAN mapping vlan id 102 to the test2 policy WLC siemens com vnsmode a...

Page 242: ...named WLC 1 and a role named NonAuth WLC siemens com vnsmode create testvns wlans WLC 1 pol NonAuth das Use the das command to configure DAS Dynamic Authorization Server settings Executing the das command puts you in the vnsmode das context where the following commands are available The following commands are available in the vnsmode das context port on page 242 replay_interval on page 243 port Us...

Page 243: ... A topology to use when a VNS is created using a role non auth role that does not specify a topology The default assigned topology is the Bridge Traffic Locally at AP topology An inbound and outbound rate control profile The default rate control profile is Unlimited A set of filters The default filter set is a single deny all rule After you complete configuration changes for the default role run t...

Page 244: ...n the vnsmode default role context sync enable disable Parameters enable disable Enables or disables synchronization of the default role across controllers Examples The following example enables the synchronization of the default role across controllers WLC siemens com vnsmode default role sync enable WLC siemens com vnsmode default role apply WLC siemens com vnsmode default role show Assigned top...

Page 245: ...ault role context AC filter rules are applied at the controller Default role AC filter configuration is applied when no AC filters are configured for role applied at the controller AC filtering is not available when the associated topology is configured for Bridge at AP AC filtering is available when the associated topology is set to either Bridge at AC or Routed The following commands are availab...

Page 246: ...following commands to manage NAC configuration The following commands are available in the vnsmode nac context create on page 246 delete on page 247 show on page 247 create Use the create command to create an NAC server configuration The NAC server accepts DHCP messages The create command is accessible from the vnsmode nac context of the CLI After you create an NAC server configuration you can fur...

Page 247: ...xt of the CLI delete NAC_server Parameters NAC_server Specifies the name of the NAC server to delete Examples The following example deletes the NAC server named test nac server WLC siemens com vnsmode nac delete test nac server show Use the show command to display NAC server configuration information The show command is accessible from the vnsmode nac context of the CLI show NAC_server Parameters ...

Page 248: ...low export dest ip address Parameters ip address Specifies the IP address that receives the NetFlow records Example The following example sets the NetFlow export IP destination address to 1 1 1 1 WLC siemens com vnsmode netflow mirror netflow export dest 1 1 1 1 netflow export interval Use the netflow export interval command to set the NetFlow export interval The netflow export interval command is...

Page 249: ...sa0 esa1 Parameters none esa0 esa1 Configures the L2 mirror port and the controller to none esa0 or esa1 Example The following example sets the mirror L2 port to esa0 WLC siemens com vnsmode netflow mirror traffic mirror l2port esa0 radius Executing the radius command moves you into the vnsmode radius context which contains the following commands to manage RADIUS server configuration After you cre...

Page 250: ...med test radius server with an IP address of 10 10 10 10 and a shared secret of test WLC siemens com vnsmode radius create test radius server 10 10 10 10 test WLC siemens com vnsmode radius test radius server WLC siemens com vnsmode radius test radius server show Authentication port 1812 Accounting port 1813 Authentication priority 5 Accounting priority 5 Authentication total number of tries 3 Acc...

Page 251: ...s if a topology change occurs during athentication The delay client msg command is accessible from the vnsmode radius context of the CLI delay client msg 1 60 Parameters 1 60 The time in seconds that the client message displays if a topology change occurs during athentication Examples The following example sets the delay to 40 seconds WLC siemens com vnsmode radius delay client msg 40 delete Use t...

Page 252: ...e attribute from the client Access Request message Examples WLC siemens com vnsmode radius include service type enable polling interval Use this command to configure the RADIUS test request timeout This command is available from the vnsmode radius named_RADIUS_server context polling interval 30 300 Parameters none Examples This example sets the RADIUS server polling interval to 43 WLC siemens com ...

Page 253: ...n WLC siemens com vnsmode radius show Strict disable Radius MAC format 1 XXXXXXXXXXXX Client Access Request includes Service Type Attribute disable Name IP address Protocol Retries Auth Acct Timeout Auth Acct Ports Auth Acct Priority Auth Acct RADIUS_1 192 0 1 202 PAP 3 3 5 5 1812 1813 1 1 The following example displays configuration information for the RADIUS server named RADIUS_1 WLC siemens com...

Page 254: ...12 Parameters 1 Specifies a MAC address format of XXXXXXXXXXXX for use with the RADIUS server 2 Specifies a MAC address format of XX XX XX XX XX XX for use with the RADIUS server 3 Specifies a MAC address format of XX XX XX XX XX XX for use with the RADIUS server 4 Specifies a MAC address format of XXXX XXXX XXXX for use with the RADIUS server 5 Specifies a MAC address format of XXXXXX XXXXXX for ...

Page 255: ...renames the RADIUS server ADV to IAV WLC siemens com vnsmode radius rename ADV new name IAV service type login Use the service type login command to enable or disable setting the service type attribute to login The service type login command is accessible from the vnsmode radius context of the CLI service type login enable disable Parameters enable Enables the defer accounting start feature disabl...

Page 256: ... configure the RADIUS server usage mode This command is available from the vnsmode radius context usage mode exclusive primary backup Parameters exclusive Sets the RADIUS server usage mode to exclusive primary backup Sets the RADIUS server usage mode to primary backup Examples This example sets the RADIUS server usage mode to primary backup WLC siemens com vnsmode radius usage mode primary backup ...

Page 257: ... radius named_RADIUS _server context of the CLI If you do not change the port with this command the default port 1813 is used acct port 0 65535 Parameters 0 65535 Specifies the RADIUS accounting port Example The following example sets the RADIUS accounting port to 1646 for the RADIUS server named RAD1 WLC siemens com vnsmode radius RAD1 acct port 1646 acct prio Use the acct prio command to set the...

Page 258: ...timeout Use the acct timeout command to set the timeout for RADIUS accounting The acct timeout command is accessible from the vnsmode radius named_ RADIUS_server context of the CLI acct timeout 1 360 Parameters 1 360 Specifies the RADIUS accounting timeout in seconds Examples The following example sets the RADIUS accounting timeout to 10 seconds for the RADIUS server named RAD1 WLC siemens com vns...

Page 259: ...med RAD1 WLC siemens com vnsmode radius RAD1 auth prio 5 auth retries Use the auth retries command to set the the total number of RADIUS authentication attempts The auth retries command is accessible from the vnsmode radius named_RADIUS_server context of the CLI auth retries 1 32 Parameters 1 32 Specifies the total number of RADIUS authentication attempts Examples The following example sets the nu...

Page 260: ...s enable Enables the sending of interim account records to RADIUS for fast failover disable Disables the sending of interim account records to RADIUS for fast failover Usage This command is available only when this controller has been enabled for fast failover see the wlans WLAN service name auth RADIUS server configuration context page 298 command Examples This example disables fast failover WLC ...

Page 261: ... siemens com vnsmode radius RAD1 ip 222 224 1 23 name Use the name command to modify the RADIUS server name The name command is accessible from the vnsmode radius named_RADIUS_server context of the CLI name new_RADIUS_server_name Parameters new_RADIUS_server_name Specifies the name of the RADIUS server Examples The following example renames the RADIUS server RAD1 to RAD2 WLC siemens com vnsmode ra...

Page 262: ... server named RAD1 WLC siemens com vnsmode radius RAD1 shared secret ebc rateprofile Executing the rateprofile command moves you into the vnsmode rateprofile context which contains the following commands to manage bandwidth rate control profiles The following commands are available in the vnsmode rateprofile context create on page 262 delete on page 263 show on page 263 create Use the create comma...

Page 263: ...ate high speed 700 delete Use the delete command to delete a bandwidth rate control profile The delete command is accessible from the vnsmode rateprofile context of the CLI If the rate control profile that you are attempting to delete is being used by any other VNS the system returns the following message You can not delete this profile because it is used by other VNS delete profile_name Parameter...

Page 264: ... command to assign a default role for authenticated clients This command is available from the vnsmode named VNS context After you run the auth command run the apply command to implement the changes auth non auth role name Parameters non auth Use the default role for non authenticated clients for authenticated clients role name Specifies the name of the role to use as the default role for authenti...

Page 265: ...me Specifies the name of the role to use as the default role for non authenticated clients Usage When you change the default non authenticated role for this VNS the same rules apply as when a VNS is created That is if the VNS s WLAN Service has a mode of std then the referenced role must have a topology of mode b ap b ac or routed 3pap then the referenced role must have a physical topology mode Ex...

Page 266: ... VNS context to enable or disable the current VNS After you run the status command run the apply command to implement the changes status enable disable Parameters enable Enables the VNS disable Disables the VNS Examples This example disables the current VNS named VNS1 WLC siemens com vnsmode VNS1 status disable WLC siemens com vnsmode VNS1 apply sync Use the sync command in the vnsmode named VNS c...

Page 267: ...he current VNS Only one WLAN Service can be associated with a VNS at a time After you run the wlans name command run the apply command to implement the changes wlans name WLAN Service name Parameters WLAN Service name Specifies the name of the WLAN Service to associate with this VNS Example This example changes the associated WLAN Service to wlan4 for the VNS named VNS1 WLC siemens com vnsmode VNS...

Page 268: ...fault role acfilters and vnsmode default role apfilters contexts create pos proto protocol eth ether type mac MAC address ipaddress mask interface subnet interface ip any port port port type code type type in none src dst both out none src dst both allow deny none contain2vlan vlan id priority 0 7 none tos dscp 0 FF FF FE FC F8 F0 E0 C0 80 none cos named cos none traffic mirror none enable prohibi...

Page 269: ...re from 0 255 in none src dst both Specifies the direction of packet flow in specifies a packet flow from the AP to the AC none specifies that the in direction will not be used as matching criteria in the filter rule dst specifies that the IP address for this filter rule is the destination of the packet flow src specifies that the IP address for this filter rule is the source of the packet flow bo...

Page 270: ...ple creates a basic mode filter rule 1 that allows UDP traffic in both directions from IP address 192 168 10 0 24 for ports 10 through 2000 WLC siemens com vnsmode Auth acfilters create 1 proto udp 192 168 10 0 24 port 10 2000 in dst out src allow WLC siemens com vnsmode Auth acfilters apply WLC siemens com vnsmode Auth acfilters show Enable AP filtering disable filter 1 proto udp 192 168 10 0 255...

Page 271: ...urity Payload protocol any Any protocol icmp ICMP protocol gre Generic Route Encapsulation protocol 0 255 number value of protocol eth ether type ether type 4 hex digits from 0001 FFFF or any The following well known values are converted into hex values IPv4 ARP RARP DECnet Phase IV AppleTalk EtherTalk AppleTalk Address Resolution Protocol AARP Novell IPX alt Novell Profinet and IPv6 On the contro...

Page 272: ...ainment VLAN you must specify the VLAN by its ID when meeting the criteria specified in the filter rule priority 0 7 none Specifies the packet priority Valid values are 0 7 the highest priority is 7 Specifying none means priority level will not be used as matching criteria in this CoS tos dscp tos dscp value mask value none Specifies the type of service in the filter rule Valid values are 0 FF for...

Page 273: ...nd vnsmode default role apfilters contexts delete pos Parameters pos Specifies the filter rule list position of the filter to be deleted Valid values are 0 255 Examples The following example deletes filter rule 1 and displays the remaining default deny all rule WLC siemens com vnsmode p1 acfilters delete 1 WLC siemens com vnsmode p1 acfilters show Enable AP filtering disable filter 1 default proto...

Page 274: ... siemens com vnsmode p1 acfilters show Enable AP filtering disable filter 1 proto udp 192 168 10 0 255 255 255 0 port 10 2000 both allow filter 2 proto tcp 192 168 10 0 255 255 255 0 port 10 2000 both allow filter 3 default proto none 0 0 0 0 all_ports both deny WLC siemens com vnsmode p1 acfilters VNS Commands vnsmode move SCALANCE WLC711 CLI Reference Guide 274 ...

Page 275: ...5 for commands in the wlan clients context create on page 279 delete on page 280 remote ssid on page 280 show on page 281 WLAN service name on page 281 See for commands in the wlan WLAN service name context clients The clients context provides commands which are used to configure guest access features on the Wireless Appliance Switch to the clients context from the wlans context to access the foll...

Page 276: ... will remain viable Examples The following example configures a client guest access account named Lobby WLC siemens com wlans clients client Guest lobby Lobby 1234abcd 2009 12 01 12 00 00 12 12 WLC siemens com wlans clients show Guest lobby Lobby 1234abcd 2009 12 01 12 00 00 12 12 00 00 00 00 disabled descr Use the descr command to add a description to the specified guest portal client access acco...

Page 277: ... Examples The following example enables the guest access account WLC siemens com wlans clients enable Guest lobby WLC siemens com wlans clients show Guest lobby Lobby 1234abcd 2009 12 01 12 00 00 12 12 00 00 08 00 enabled The following example disables the guest access account WLC siemens com wlans clients no enable Guest lobby WLC siemens com wlans clients show Guest lobby Lobby 1234abcd 2009 12 ...

Page 278: ...lients export file file Specifies the clients export file name Example The following example exports all current client information from the system to a file named clients_export WLC siemens com wlans clients export_clients 192 168 4 1 admin support clients_export_file Please input password Attempting to upload file using ncftp import_clients Use the import_clients command to import client informa...

Page 279: ...is 00 00 Example The following example sets the account activation time of the guest access account to 07 00 hours WLC siemens com wlans clients startofday Guest lobby 07 00 WLC siemens com wlans clients show Guest lobby Lobby 1234abcd 2009 12 01 12 00 00 12 12 07 00 07 00 disabled create Use the create command to create a WLAN service configuration The create command is accessible from the wlans ...

Page 280: ...ommand is accessible from the wlans context of the CLI delete WLANS name Parameters WLANS name Specifies the name of the WLAN service to delete Example The following example deletes the WLAN service named test wlan WLC siemens com wlans delete test wlan remote ssid Use the remote ssid command to display the available remote SSIDs within the Wireless Appliance s mobility domain remote ssid Paramete...

Page 281: ...n WLAN service moves you into the wlan WLAN service name context which contains commands to configure the settings of the specified individual WLAN service The following commands are available in the wlan WLAN service name context Different commands are available depending on the type of WLAN server being configured 3pap on page 282 aplist on page 282 aplist wds WDS on page 283 aplist wds Mesh on ...

Page 282: ...p command run the apply command to implement the changes no 3pap A B C D HH HH HH HH HH HH Parameters A B C D Specifies the IPv4 address of the third party AP to add to or remove from the WLAN service HH HH HH HH HH HH Specifies the MAC address of the third party AP to add to or remove from the WLAN service Usage This command is only available when the WLAN service type is third party AP 3pap Exam...

Page 283: ...ess AP 0500000000000000 both aplist wds WDS Use the aplist wds command to add or remove an AP to or from a WDS type WLAN service configuration The aplist wds command is accessible from the wlans WLAN service name context of the CLI when the WLAN service type is WDS aplist wds Mesh on page 284 for information about using the command to configure a dynamic mesh WLAN service Use this command to confi...

Page 284: ...t Auberon wkgbridge off WLC siemens com wlans shopfloor_WDS_wlan apply aplist wds Mesh Use the aplist wds command to add an AP to a dynamic mesh type WLAN service configuration The aplist wds command is accessible from the wlans WLAN service name context of the CLI when the WLAN service type is mesh aplist wds WDS on page 283 for information about using the command to configure a WDS type of WLAN ...

Page 285: ...th context supports the following authentication types MAC 802 1X mode Captive Portal Authentication modes internal external guest portal and guest splash When you first enter the auth context MAC 802 1x and Captive Portal Authentication modes default to disabled MAC authentication can be configured in any authentication mode The availability of non MAC authentication commands depends upon the cur...

Page 286: ...ply command to implement the changes aaa redir enable disable Parameters enable disable Specify to enable or disable AAA redirect Usage The 8021x authentication mode must be set for this command to be available For more information see mode on page 302 Example The following example enables AAA redirect WLC siemens com wlans cnl AAA auth aaa redir enable WLC siemens com wlans cnl AAA auth apply acc...

Page 287: ...nauthenticated users to a web page The captiveportal command moves you to context wlan WLAN service name auth captiveportal which contains commands used to configure Captive Portal support The wlan WLAN service name auth mode command mode on page 302 determines which commands are available in the captiveportal context The following commands are available in the wlan WLAN service name auth captivep...

Page 288: ...P server user The user name to log in to the server password The password for file transfer protocol dir The directory on the server where the file is located file The name of the file containing the web pages Example This example uses FTP to copy the file cpcustom zip located in the tmp directory on FTP server 192 168 3 10 using log in credentials root and mypasswd WLC siemens com wlans Lab126 12...

Page 289: ...content was previously downloaded to the controller using the copy custom command custom can only be successfully set to local The internal or splash authentication mode must be set for this command to be available For more information see mode on page 302 Example The following example sets the captive portal communications options to web WLC siemens com wlans new wlans auth captiveportal custom w...

Page 290: ...direction URL After you run the extredir command run the apply command to implement the changes extredir value_string none Parameters value_string Specifies a URL beginning with http none Specifies that no external redirection URL is configured Usage The external authentication mode must be set for this command to be available For more information see mode on page 302 Example The following example...

Page 291: ...t the changes fqdn value_string none Parameters value_string Specifies a domain name none Specifies that the Gateway IP address is not replaced with a FQDN Usage The guestportal internal or splash authentication mode must be set for this command to be available For more information see mode on page 302 Example The following example replaces the Gateway IP address with a domain name WLC siemens com...

Page 292: ...e name auth captiveportal to configure the user ID prefix for the guest portal access account After you run the guestportalprefix command you must run the apply command to implement the changes guestportalprefix prefix Parameters prefix Specifies the maximum number of hours for the session time of the guestportal access account Usage The guestportal authentication mode must be set for this command...

Page 293: ...om wlans CNL CP auth captiveportal maxsessionlifetime 1 WLC siemens com wlans CNL CP auth captiveportal apply WLC siemens com wlans CNL CP auth captiveportal show maxsessionlifetime maxsessionlifetime 1 minpasswdlength Use the minpasswdlength command within context wlan WLAN service name auth captiveportal to set the minimum acceptable character length for the password for the guest portal access ...

Page 294: ...uthentication mode must be set for this command to be available For more information see mode on page 302 Example The following example specifies the internal network URL to which to redirect connecting users WLC siemens com vnsmode CNL 7 CP auth captiveportal redirect http 192 168 1 38 WLC siemens com vnsmode CNL 7 CP auth captiveportal apply send login Use this command to specify the type of cap...

Page 295: ...trator logs in the Account Lifetime field will be enabled when updating accounts or adding new guest accounts Example This example enables the ability of the Guest Administrator to set account lifetimes WLC siemens com wlans Lab126 12 GuestP auth captiveportal set acct lifetime enable tos override Use the tos override command within context wlan WLAN service name auth captiveportal to enable or di...

Page 296: ...e auth context of the CLI After you run the cdr command run the apply command to implement the changes cdr enable disable Parameters enable disable Specifies to enable or disable the collection of Wireless Controller accounting information Usage The cdr command is available in all authentication modes For more information see mode on page 302 Example The following example enables the collection of...

Page 297: ... finished configuring RADIUS server attributes use the exit command to return to the wlans WLAN service name context Example The following example configures the RADIUS server radius1 as an authentication server WLC siemens com wlans cnl AAA auth config radius1 role auth prot PAP WLC siemens com wlans cnl AAA auth show Current selected Radius server radius1 role auth Priority Name Role NAS IP NAS ...

Page 298: ...ver Usage This command overwrites the global RADIUS fast failover command To get to the RADIUS server configuration enter the config on page 296 named radius role acct command After applying changes exit the RADIUS server configuration context by the page 297 command Examples This example disables fast failover WLC siemens com wlans cnl AAA auth fast failover disable WLC siemens com wlans cnl AAA ...

Page 299: ... be available For authentication mode command information see mode on page 302 For mac command information see mac on page 299 Example The following example sets the interim value to 40 minutes WLC siemens com wlans test auth interim 40 mac Use the mac command to enable or disable MAC based authentication The mac command is accessible from the wlan WLAN service name auth context of the CLI mac ena...

Page 300: ...thentication WLC siemens com wlans cnl AAA auth mac acct disable WLC siemens com wlans cnl AAA auth apply mac auto authenticate Use the mac auto authenticate command to automatically authenticate authorized users The mac auto authenticate command is accessible from the wlans WLAN service name auth context of the CLI After you run the mac auto authenticate command run the apply command to implement...

Page 301: ...entication is enabled using the mac enable command For authentication mode command information see mode on page 302 For mac command information see mac on page 299 Example The following example enables the authentication of unauthorized users for the cnl mac WLANS service WLC siemens com wlans cnl mac auth mac allow unauthorized enable WLC siemens com wlans cnl mac auth apply mac roam Use the mac ...

Page 302: ...y firewall Parameters disabled Disables authentication modes 8021x Enters the 802 1x authentication mode internal Enters the internal captive portal authentication mode external Enters the external captive portal authentication mode guestportal Enters the guestportal captive portal authentication mode splash Specifies the guest splash captive portal authentication mode external by firewall Enters ...

Page 303: ...m wlans test auth show mode Authentication mode external move Use the move command from within the RADIUS server configuration command mode to change the position of a RADIUS server in the RADIUS server list The move command is accessible from the wlans WLAN service name auth context of the CLI After you run the move command run the apply command to implement the changes move current position new ...

Page 304: ...mmand is not used to specify a NAS ID You must be in RADIUS server configuration mode for the nasid command to be available Use the config command to enter RADIUS server configuration mode For more information see config on page 296 Example The following example sets the NAS ID for this RADIUS server configuration to the VNS name for the cnl AAA WLANS auth context WLC siemens com wlans cnl AAA aut...

Page 305: ... nasip NAS identifier Use VNS IP address password Use the password command to specify the MAC authentication password to be used with the RADIUS server being configured The password command is accessible from within the RADIUS server configuration mode from the wlans WLAN service name auth context of the CLI After you run the password command run the apply command to implement the changes password...

Page 306: ...n mode For more information see config on page 296 Example The following example configures the CHAP protocol as the authentication protocol for this RADIUS server WLC siemens com wlans cnl AAA auth protocol CHAP WLC siemens com wlans cnl AAA auth apply radius timeout policy The radius timeout policy command within context wlan WLAN service name auth sets the specified policy from the list of conf...

Page 307: ...from the list of RADIUS servers to be used with the new wlans WLAN WLC siemens com wlans new wlans auth remove radius1 show Use the show command to display the current authentication settings of the specified individual WLAN service The show command is accessible from the wlan WLAN service name auth context of the CLI The following example displays the current authentication settings for the WLAN ...

Page 308: ...e test WLAN WLC siemens com wlans test auth use policy zone enable WLC siemens com wlans test auth apply WLC siemens com wlans test auth show use policy zone Use policy zone name in Called Station Id enable vsa ap Use the vsa ap command to include AP Identification in the message to the RADIUS server The vsa ap command is accessible from the wlan WLAN service name auth context of the CLI After you...

Page 309: ...S server Usage The vsa egress command is not available when the authentication mode is guestportal When the authentication mode is disabled MAC must be enabled for this command to be available For more information see mode on page 302 Example The following example enables the inclusion of egress rate control information in messages to the RADIUS server WLC siemens com wlans test auth vsa egress en...

Page 310: ...the message to the RADIUS server The vsa policy command is accessible from the wlan WLAN service name auth context of the CLI After you run the vsa policy command run the apply command to implement the changes vsa policy enable disable Parameters enable disable Specifies to enable or disable the inclusion of policy information in messages to the RADIUS server Usage The vsa policy command is not av...

Page 311: ...ges to the RADIUS server WLC siemens com wlans test auth vsa ssid enable WLC siemens com wlans test auth apply WLC siemens com wlans test auth show vsa ssid SSID as VSA attribute enable vsa topology Use the vsa topology command to include topology information in the message to the RADIUS server The vsa topology command is accessible from the wlan WLAN service name auth context of the CLI After you...

Page 312: ...DIUS server Usage The vsa vns command is not available when the authentication mode is guestportal When the authentication mode is disabled MAC must be enabled for this command to be available For more information see mode on page 302 Example The following example enables the inclusion of VNS information in messages to the RADIUS server WLC siemens com wlans test auth vsa vns enable WLC siemens co...

Page 313: ...re authentication mode information see mode on page 302 Example The following example enables HTTP support for the Lab126 12 GuestSpl WLAN service WLC siemens com wlans Lab126 12 GuestSpl auth captiveportal cp http enable default cos Use the default cos command to assign an existing Class of Service CoS as the default CoS for the specified WLAN service You can also use the default cos command to u...

Page 314: ...he default topology from the WLAN service Example The following example assigns the topology FS REMOTE to the WLAN service WLC siemens com wlans gp1 default topology FS REMOTE default traffic mirror Use the default traffic mirror command to configure the default traffic mirror The default traffic mirror command is accessible from the wlans named wlan context of the CLI default traffic mirror prohi...

Page 315: ...c enable WLC siemens com wlans test apply WLC siemens com wlans test show direct client traffic Block MU to MU traffic enable egress filtering Use the egress filtering command to enable or disable egress filtering on this WLAN service The egress filtering command is accessible from the wlans WLAN service name context of the CLI After you run the egress filtering command run the apply command to im...

Page 316: ...le from the wlan WLAN service name context of the CLI when the WLAN service type is STD After you run the name command run the apply command to implement the name change name WLAN service name Parameters WLAN service name Specifies the name to use for this WLAN service Example The following example changes the name of the test WLAN serve to not test WLC siemens com wlans test name not test WLC sie...

Page 317: ... accessible from the wlan WLAN service name priv context of the CLI fast transition enable disable Parameters enable disable Enables or disables 802 11r Fast Transition Example The following example enables 802 11k Fast Transition support on the WLAN service WLC siemens com wlans AZ 723 WLAN1 priv fast transition enable group key ps Use the group key ps command to enable or disable the group key p...

Page 318: ... service The mode command is accessible from the wlan WLAN service name priv context of the CLI when the WLAN service type is STD After you run the mode command yrun the apply command to implement the name change mode none wep wpa wpa psk dynwep Parameters none Disables privacy mode wep Specifies the WEP privacy mode wpa Specifies the WPA privacy mode wpa psk Specifies the WPA PSK privacy mode dyn...

Page 319: ...key as a plain text string key idx 1 2 3 4 Specifies the WEP key index Usage The wep command is available when the privacy mode on page 318 is set to wep For more information see mode on page 318 Example The following example sets the WEP key to 64 bits in length with a pass phrase string of Sl p WLC siemens com wlans test priv wep key length 64 pass phrase Sl p WLC siemens com wlans test priv app...

Page 320: ...CLI After yourun the wpa v1 command run the apply command to implement the name change wpa v1 auto tkip none Parameters auto tkip none Specifies the WPA v1 encryption protocol Usage The wpa v1 command is available when the privacy mode on page 318 is set to wpa or wpa psk For more information see mode on page 318 Example The following example displays the WPA v1 encryption protocol sets the WPA v1...

Page 321: ...A v2 key management options The wpa v2 key mgmt command is accessible from the wlan WLAN service name priv context of the CLI After you run the wpa v2 key mgmt command run the apply command to implement the name change wpa v2 key mgmt none both pre auth okc Parameters none both pre auth okc Specifies WPA v2 key management from these options respectively none both pre authorization and Opportunisti...

Page 322: ...le Example The following example configures the pre shared key for the WDS WLAN service wds test as testsecret WLC siemens com wlans WLC siemens com wlans wds test WLC siemens com wlans wds test psk testsecret WLC siemens com wlans wds test apply WLC siemens com wlans wds test show Service type wds Pre shared Key testsecret Name wds test Enable status enable Pre shared Key testsecret SSID wdstest ...

Page 323: ...lobal Admission Control for Best Effort BE Examples The following example enables Global Admission Control for Best Effort BE WLC siemens com wlans v1WLAN qos policy beffort admission control enable bground admission control Use the bground admission control command to enable or disable Global Admission Control for Background BK The bground admission control command is accessible from the wlans na...

Page 324: ... is accessible from the wlan WLAN service name qos policy context of the CLI After you run the downlink command run the apply command to implement the changes downlink downgrade drop do nothing Parameters downgrade Specifies that the transmission s data packets are forced to be downgraded to the next priority when a TSPEC violation is discovered drop Specifies that the transmission s data packets ...

Page 325: ...om wlans test qos policy show flex client access Flex client access enable legacy Use the legacy command to enable or disable the legacy solution which gives all packets on the VNS high priority The legacy command is accessible from the wlan WLAN service name qos policy context of the CLI After you run the legacy command run the apply command to implement the changes legacy enable disable Paramete...

Page 326: ...r priority 7 WLC siemens com wlans CNL 7 CP qos policy apply WLC siemens com wlans CNL 7 CP qos policy show priority map DSCP CLASSIFICATION dscp marking service class 0 02 1 00 23 00 24 07 25 00 priority override Use the priority override command to override the priority for all packets in the WLANS The priority override command is accessible from the wlan WLAN service name qos policy context of ...

Page 327: ...SCP codepoint assignments and uses DSCP codepoint 2 for the CNL 7 CP WLANS WLC siemens com wlans CNL 7 CP qos policy priority override dscp 2 WLC siemens com wlans CNL 7 CP qos policy apply WLC siemens com wlans CNL 7 CP qos policy show priority override dscp DSCP marking 2 priority override up Use the priority override up command to override existing Service Class settings for priority processing...

Page 328: ...n either the wmm 802 11e or legacy commands have been enabled Example The following example enables Turbo Voice on the CNL 7 CP WLANS WLC siemens com wlans CNL 7 CP qos policy turbo voice enable WLC siemens com wlans CNL 7 CP qos policy apply WLC siemens com wlans CNL 7 CP qos policy show turbo voice Turbo voice enable uapsd Use the uapsd command to enable Unscheduled Automatic Power Save Delivery...

Page 329: ...transmissions will continue and no action is taken against the violating transmissions Usage This command is only active if the Video and Voice Admission Control is set to enable See video admission control on page 330 and voice admission control on page 330 Example The following example defines the uplink policer action to end TSPEC violations by deleting the TSPEC for the CNL 7 CP WLANS WLC siem...

Page 330: ...ables voice admission control Disabling video admission control automatically disables voice admission control Example The following example enables global admission control for video WLC siemens com wlans CNL 7 CP qos policy video admission control enable WLC siemens com wlans CNL 7 CP qos policy apply WLC siemens com wlans CNL 7 CP qos policy show video admission control Use Global Admission Con...

Page 331: ...he CLI After you run the remoteable command run the apply command to implement the changes remoteable enable disable Parameters enable disable Enables or disables the SSID advertisement to the mobility domain Example The following example enables the SSID advertisement for the CNL 7 CP WLANS WLC siemens com wlans CNL 7 CP remoteable enable WLC siemens com wlans CNL 7 CP apply WLC siemens com wlans...

Page 332: ...WLC siemens com wlans test rf show 11h power reduction Apply power reduction to 11h clients enable 11h support 802 11h support on the Wireless Appliance will allow clients to operate with the maximum available transmission power in 5Ghz bands The 11h support command is accessible from the wlan WLAN service name rf context of the CLI Use the 11h support command to enable 802 11h support on the WLAN...

Page 333: ...E on AP 37xx and 38xx appliances The 11k quiet ie command is accessible from the wlan WLAN service name rf context of the CLI Note The 11k quiet ie command is only available after the 11k support command is enabled 11k quiet ie enable disable Parameters enable disable Enables or disables 802 11k Quiet IE on AP 37xx and 38xx appliances Example The following example enables 802 11k Quiet IE on the W...

Page 334: ...to enable or disable the processing of Information Element 10 IE 10 The process client ie command is accessible from the wlan WLAN service name rf context of the CLI After you run the process client ie command run the apply command to implement the changes process client ie enable disable Parameters enable disable Enables or disables the processing of Information Element 10 IE 10 on the Wireless A...

Page 335: ...les or disables the suppression of broadcast of the SSID Example The following example prevents SSID broadcasts WLC siemens com wlans CNL6 AAA ssid suppress enable WLC siemens com wlans CNL6 AAA apply show Use the wlan WLAN service name show command to display the current settings of the specified individual WLAN service The show command is accessible from the wlan WLAN service name context of the...

Page 336: ...f the CLI After you run the ssid command run the apply command to implement the changes ssid string Parameters string Specifies a string for the SSID The SSID string can range in length from 1 to 32 characters Example The following example specifies and then displays the SSID WLC siemens com wlans test ssid testssid WLC siemens com wlans test apply WLC siemens com wlans test show ssid SSID testssi...

Page 337: ...c synchronization of this WLAN service across paired Wireless Appliances Example The following example enables synchronization for this WLAN service WLC siemens com wlans test sync enable WLC siemens com wlans test apply WLC siemens com wlans test show sync Synchronize enable timeout post Use the timeout post command to set the post authentication timeout value in minutes for this WLAN service The...

Page 338: ...n timeout value to 10 minutes for this WLAN service WLC siemens com wlans test timeout pre 10 WLC siemens com wlans test apply WLC siemens com wlans test show timeout pre pre authentication timeout minutes 10 timeout session Use the timeout session command to set the session timeout value in minutes for this WLAN service The timeout session command is accessible from the wlan WLAN service name con...

Page 339: ...ervice without 1x or MAC authentication the default non authentication policy is applied After you run the unauth behaviour command run the apply command to implement the changes unauth behaviour nonauth policy discard unauth traffic Parameters nonauth policy Specifies that the non authentication policy is applied to unauthenticated traffic discard unauth traffic Specifies that unauthenticated tra...

Page 340: ...he following commands are available in the topology context create on page 340 delete on page 341 internal vlanid on page 342 multicast support on page 342 show on page 343 named topology on page 343 See named topology on page 343 for commands in the topology named topology context create Use the create command to create a topology object The create command is accessible from the topology context ...

Page 341: ...ayer 2 configuration Does not require Layer 3 configuration Bridge Traffic at the AP topologies do not require the definition of a corresponding IP address since all traffic for users in that topology will be directly bridged by the Wireless AP at the local network point of attachment VLAN at AP port Routed Routed topology Routed topologies do not need any Layer 2 configuration but do require Laye...

Page 342: ... internal management VLAN ID of the topology WLC siemens com topology internal vlanid 2 multicast support Use the multicast support command to configure multicast support for a physical topology The multicast support command is accessible from the topology context of the CLI multicast support physical topology name none Parameters physical topology name Specifies the name of the physical topology ...

Page 343: ...e Port4 10 0 3 1 none none Seg1_Routed routed N A N A N A 172 16 209 1 none local Seg2_Routed routed N A N A N A 172 16 210 1 none local ACTT_Seg1_Routed routed N A N A N A 10 13 16 1 none local ACTT_Seg2_Routed routed N A N A N A 10 13 32 1 none local route1 routed N A N A N A 5 5 5 5 none local TopoFor313 b ap 553 enable N A Topology global info Internal VLAN ID 1 Multicast support disabled name...

Page 344: ... show Name esa0 3rd party enable l2 Use the l2 command to enter the topology named topology l2 context of the CLI for b ac b ap physical and routed topologies The l2 context allows you to configure the Layer 2 functions of the topology The following commands are available in the topology named topology l2 context arp proxy on page 344 multicast on page 345 See multicast on page 345 for commands in...

Page 345: ...reate a multicast filter use the create command See create on page 346 The config command is available from the topology named topology l2 multicast context of the CLI for b ac b ap and routed topologies config pos default A B C D 0 32 vocera svp mdns on off Parameters pos default Specifies the priority of filter rule 0 255 or default filter rule A B C D 0 32 vocera svp mdns Specifies the IP addre...

Page 346: ...ple This example creates a multicast filter rule WLC siemens com topology techpubs_test_ac l2 multicast create 1 225 1 1 0 32 on delete Use the delete command to delete a multicast filter rule The delete command is available from the topology named topology l2 multicast context of the CLI for b ac b ap and routed topologies delete pos Parameters pos The position of the multicast filter rule Positi...

Page 347: ...to move a rule to the bottom of the list Possible values are 0 255 Example This example moves multicast rule 2 to the bottom of the list after position 4 WLC siemens com topology test l2 multicast move 2 5 show Use the show command to show multicast support for the specified topology The show command is available from the topology named topology l2 multicast context of the CLI for b ac b ap and ro...

Page 348: ... b ac topology named briAC_test WLC siemens com topology briAC_test l2 show Port esa0 VLAN tagging enable VLAN ID 333 Foreign Port esa0 tagged Use the tagged command to enable or disable 802 1Q VLAN tagging The tagged command is available from the topology named topology l2 context of the CLI for b ap b ac and physical topologies tagged enable disable Parameters enable Indicates that 802 1Q VLAN t...

Page 349: ...3 context is now available in b ac mode when l3presence is set to disable For more information see l3presence on page 370 The following commands are available in the topology named topology l3 context ap register on page 350 cert on page 350 copy csr on page 352 dhcp on page 352 See dhcp on page 352 for commands in the topology named topology l3 dhcp context exceptions on page 360 See exceptions o...

Page 350: ...nfile ipv6 csr cert scp ftp server user password dir filename chainfile ipv6 permanent permanent chain ipv6 default ipv6 Parameters pkcs12 Indicates that filename certificate file is in the PKCS 12 format pem der Indicates that the filename certificate file and keyfile key file are PEM DER encoded csr cert Indicates that the filename is a certificate signing request file scp ftp Indicates that eit...

Page 351: ... topology named topology l3 context of the CLI for Admin b ac physical and routed topologies When you use the cert command to assign a PKCS 12 file CSR file or PEM DER files to an interface you must select either SCP or FTP as the file transfer mechanism and specify the PKCS 12 file CSR file or PEM DER files The command then attempts to download the specified PKCS 12 file CSR file or PEM DER files...

Page 352: ... topology named topology l3 context copy csr scp ftp server user password dir ipv6 Parameters scp ftp Specifies the type of server FTP or SCP to which the file will be uploaded server IP address of the FTP or SCP server user User name to login to the server password User password dir Directory on server to put the certificate signing request file ipv6 Specifies that the certificate is IPv6 Example...

Page 353: ...IPv4 address of DHCP relay servers none Clears DHCP relay servers Example The following example sets the IP address of the DHCP relay server as 10 0 1 10 WLC siemens com topology test l3 dhcp mode relay WLC siemens com topology test l3 dhcp dhcp servers 10 0 1 10 dls Use the dls command to enable or disable DLS HiPath Deployment Services The dls command is available from the topology named topolog...

Page 354: ...ss or name port 0 65535 Specifies the DLS port number This is an optional parameter The default port is 18433 Example The following example sets the DLS address as 10 10 0 10 WLC siemens com topology test l3 dhcp mode local WLC siemens com topology test l3 dhcp dls enable WLC siemens com topology test l3 dhcp dls address 10 10 0 10 dns Use the dns command to specify the IP addresses for one or mor...

Page 355: ...y test l3 dhcp mode local WLC siemens com topology test l3 dhcp domain my domain exclude Use the exclude command to exclude an IP address or a range of IP addresses from the DHCP Address Range The exclude command is available from the topology named topology l3 dhcp context of the CLI for b ac physical and routed topologies This command is visible only when mode is set to local See mode on page 35...

Page 356: ...s Appliance in a paired controller configuration The foreign range command is available from the topology named topology l3 dhcp context of the CLI for b ac and routed topologies This command is visible only when mode is set to local See mode on page 358 foreign range A B C D A B C D Parameters A B C D Specifies the first IP address in the IP address range A B C D Specifies the last IP address in ...

Page 357: ...rameters int Specifies the time limit in seconds Example The following example sets the default lease time to 34000 seconds WLC siemens com topology routed2 l3 dhcp mode local WLC siemens com topology routed2 l3 dhcp lease 34000 WLC siemens com topology routed2 l3 dhcp apply lease max Use the lease max command to set the maximum time limit in seconds that an IP address would be assigned by the DHC...

Page 358: ...er relay Indicates that a DHCP relay server will be used none Indicates that the Wireless Appliance will not treat the DHCP messages specially Example The following example configures the routed topology named routed2 to use a local DHCP server on the controller WLC siemens com topology routed2 l3 dhcp mode local WLC siemens com topology routed2 l3 dhcp apply range Use the range command to configu...

Page 359: ...dress for the Windows Internet Naming Service WINS server The wins command is available from the topology named topology l3 dhcp context of the CLI for b ac physical and routed topologies This command is visible only when mode is set to local See mode on page 358 After you run the wins command run the apply command to implement the changes wins WINS server WINS server none Parameters WINS server W...

Page 360: ...Valid values are from 0 255 proto udp tcp ah esp none icmp gre 0 255 Specifies the protocol for this filter rule by number or name Valid number values are from 0 255 Valid name values are udp UDP protocol tcp TCP protocol ah Authentication Header protocol esp Encapsulating Security Payload protocol none No protocols icmp ICMP protocol gre Generic Route Encapsulation protocol A B C D 0 32 Specifies...

Page 361: ...following example modifies an existing filter WLC siemens com topology r1 l3 exceptions config 2 proto tcp 1 1 1 1 32 port 80 in dst allow create Use the create command to create an exception filter The create command is available from the topology named topology l3 exception context of the CLI for b ac physical and routed topologies create pos proto udp tcp ah esp none icmp gre 0 255 A B C D 0 32...

Page 362: ...this filter rule can be either source or destination allow deny Specifies whether packets will be allowed or denied when meeting the criteria specified in the filter rule Usage If the specified exception filter position already contains an exception filter specifying an exception filter using this command inserts the exception filter in the specified position in the list and resequences all filter...

Page 363: ... the exception filter is an internal read only filter that has been pre defined show Parameters None Examples The following example displays the exception filters for the r1 topology WLC siemens com topology r1 l3 exceptions show Exception filter I 1027 proto tcp 11 11 11 17 255 255 255 255 port 60606 both deny Exception filter I 1028 proto tcp 0 0 0 0 255 255 255 255 port 50200 both deny Exceptio...

Page 364: ...oller WLC siemens com topology r1 sync enable WLC siemens com topology r1 l3 WLC siemens com topology r1 l3 foreign ip gateway Use the gateway command to specify the gateway IP address The gateway command is available from the topology named topology l3 context of the CLI for the Admin topology gateway A B C D none Parameters A B C D Specifies the gateway IP address none Clears the gateway IP addr...

Page 365: ...e of the country where the controller is located You must use the two letter ISO abbreviation for the country state The name of the state or province where the controller is located city The name of the city where the controller is located organization Keyword indicating that the next two parameters specify the name of the organization to which the controller belongs name Organization name unit Or...

Page 366: ...xample specifies an IP address and subnet mask WLC siemens com topology r1 l3 ip 10 109 0 1 30 ipv6 Use the ipv6 command to specify a management IPv6 address and subnet mask for the Wireless Appliance The ipv6 command is available from the topology named topology l3 context of the CLI for the Admin topology only ipv6 A B C D E F G H 0 64 none Parameters A B C D E F G H 0 64 Specifies the IPv6 addr...

Page 367: ...e The following example sets the size of the MTU to 1500 bytes WLC siemens com topology r1 l3 mtu 1500 netmask Use the netmask command to optionally configure a netmask for a B AC or B AP topology The netmask command is available from the topology named topology context of the CLI for b ap or b ac topologies with disabled l3presence If configured the netmask will be used in the RADIUS Accounting F...

Page 368: ...rs the IP address of the next hop router Example The following example sets the IP address of the next hop router 169 232 75 1 WLC siemens com topology r1 l3 nexthop 169 232 75 1 ospf advert Use the ospf advert command to enable or disable OSPF advertisements on the topology The ospf advert command is available from the topology named topology l3 context of the CLI for routed topologies After you ...

Page 369: ... available from the topology named topology l3 context of the CLI for Admin b ac physical and routed topologies show Parameters None Examples The following example displays Layer 3 information for a physical topology WLC siemens com topology esa0 l3 show Interface IP 10 109 0 1 255 255 255 0 AP Registration enable Allow management traffic disable Factory default certificate key MTU 1500 The follow...

Page 370: ...de command to change the mode of an existing b ac b ap or routed topology You can configure the mode of a topology only if the topology is not associated with a policy The mode command is available from the topology named topology context of the CLI for b ac b ap and routed topologies mode b ap b ac routed Parameters b ap b ac routed Specifies the mode of the topology Example The following example...

Page 371: ... The following example shows configuration information for a b ac topology WLC siemens com topology BridgedAC2 show Synchronize disable Name BridgedAC2 Layer 3 presence disable The following example shows configuration information for a b ap topology WLC siemens com topology BridgedAP2 show Synchronize enable Name BridgedAP2 The following example shows configuration information for a physical topo...

Page 372: ...Parameters enable Enables synchronization disable Disables synchronization Example The following example enables synchronization WLC siemens com topology r1 sync enable topology group Executing the topology group command moves you into the topology topology group context in which you can create or delete topology groups The topology group command is entered in the topology context A Topology Group...

Page 373: ...of the topology group first group member Specifies the first topology group member b ac Specifies a Bridge Traffic locally at Controller topology for this group routed Specifies a routed topology for this group vlanid VLAN ID assigned to this topology group Value can be in range 1 4094 Example delete Use the delete command to delete a topology group object The delete command is accessible from the...

Page 374: ...elete a topology group member name to change the topology group name show on page 375 vlanid members Use the members command to add update or delete a topology group member The members command is accessible from the topology group name context of the CLI members add update delete topology_name topology_name Parameters add Specifies that a new topology name is being added to the group update Specif...

Page 375: ... group top group name context of the CLI show Parameters None Example The following example shows topology group configuration information C5110 2 chantry topology topology group TG5 show Topology mode routed Name TG5 VLAN ID 105 Member List V801data Topology vlanid Use the vlanid command to change the VLAN ID of a topology group The vlanid command is accessible from the topology group name contex...

Page 376: ...Example topology Commands vlanid SCALANCE WLC711 CLI Reference Guide 376 ...

Page 377: ...ible immediately If this happens you must exit and re enter the context in order to ensure that the database is synchronized with the latest change The following commands are available in the lbs context multicast on page 377 port on page 378 service on page 378 server ip on page 379 show on page 379 For information on related commands that are available in other contexts see Related commands on p...

Page 378: ... 0 65535 Specifies the port address of the location based server Enter at least 2 digits for example 06 for port 6 Usage This command is visible only if a location based service has been enabled via the service command The default port address is 00 Examples The following example sets the port address of the Ekahau server to 06 WLC siemens com lbs service ekahau WLC siemens com lbs port 06 service...

Page 379: ... command is accessible from the lbs context of the CLI server ip A B C D Parameters A B C D Specifies the IP address of the location based server Usage This command is visible only if a location based service has been enabled via the service command The default IP address is 0 0 0 0 Examples The following example sets the IP address of the AeroScout server to 192 168 3 100 WLC siemens com lbs serv...

Page 380: ...is context to enable or disable the collection of AeroScout Ekahau tags on a specific 802 11n AP See location on page 150 ap defaults 11n Use the lbs status command in this context to enable or disable the collection of AeroScout Ekahau tags on all 802 11n APs See lbs status on page 109 show The show command allows you to display configuration information including lbs status for a specific 802 11...

Page 381: ... guest administrator users guestportal user type times out The guestportal admin timeout command is accessible from the web context of the CLI After you have run the guestportal admin timeout command run the apply command to implement the changes guestportal admin timeout hh mm mm Parameters hh mm Specifies time in hh mm format hours minutes range 1 minute to 7 days mm Specifies time in number of ...

Page 382: ...xample sets the web session timeout to two hours 120 minutes WLC siemens com web timeout 120 showvns Use the showvns command to display the VNS names in the Wireless AP SSID list on the controller s user interface Wireless AP screen Use the no form of the command to remove the VNS names in the Wireless AP SSID list The showvns command is accessible from the web context of the CLI After you have ru...

Page 383: ...r interface Wireless AP screen WLC siemens com web no showvns show Use the show command to display the web settings show Parameters None Examples The following example displays the web settings WLC siemens com web show timeout 34 0 showvns web Commands show SCALANCE WLC711 CLI Reference Guide 383 ...

Page 384: ...und rate control settings and filter rules All CLI commands cache changes For this reason sometimes when you make a change in a particular context the change may not be visible immediately If this happens you must exit and re enter the context in order to ensure that the database is synchronized with the latest change The cos context was introduced with V8 01 The following commands are available i...

Page 385: ...ifies the name of the CoS to delete Example The following example deletes the CoS named my cos WLC siemens com policy delete my cos show Use the show command to display a summary of all cos objects or a specific named cos The show command is accessible from within the cos context show Parameters cos name Specifies that information for the named cos be displayed Examples The following example displ...

Page 386: ...ement the changes The following commands are available in the cos named cos context show on page 386 name on page 387 sync on page 388 use wlan marking on page 388 priority on page 389 tos dscp mask on page 389 rateprf in on page 390 rateprf out on page 390 transmit queue on page 391 show Use the show command to display the named cos configuration information for the current cos named cos context ...

Page 387: ...amples The following example Renames the CoS your cos to my cos Applies the change Displays the my cos configuration Exits cos named cos context Re enters the cos named cos context as my cos WLC siemens com cos your cos WLC siemens com cos your cos name my cos WLC siemens com cos your cos apply WLC siemens com cos your cos show Name my cos Use Legacy Priority Override defined in the WLAN Service d...

Page 388: ...de defined in the WLAN Service disable 802 1p Priority none ToS DSCP Marking Mask Inbound Rate Limit Outbound Rate Limit Transmit Queue none Synchronize enable WLC siemens com cos my cos use wlan marking Use the use wlan marking command to enable or disable WLAN ToS DSCP marking in WLAN service The use wlan marking command is accessible from within the cos named cos context use wlan marking enable...

Page 389: ... The priority command is accessible from within the cos named cos context priority 0 7 none Parameters 0 7 Defines user priority level for this CoS 7 is highest priority none User priority level is not assigned for this CoS Usage WLAN marking must be disabled when you use this command Example The following example assigns a user priority value of 3 to the CoS WLC siemens com cos my cos priority 3 ...

Page 390: ...re for this wlans default cos context none Specifies that the ingress rate profile is used for this wlans default cos context Usage Refer to rateprofile on page 262 for rate profile configuration information Examples The following example configures the default policy with the DocRateIn ingress rate profile WLC siemens com cos my cos rateprf in DocRateIn WLC siemens com cos my cos apply WLC siemen...

Page 391: ...RateIn Egress rate profile DocRateOut Enable AP filtering disable Synchronize enable WLC siemens com cos my cos transmit queue Use the transmit queue command to configure a transmit queue for this CoS This transmit queue assignment is an override to the default transmit queue assignment specified in the 802 1p priority that is applied without remarking the original 802 1p field in the packet The t...

Page 392: ... in Bridged at AP topologies Sites are assigned to WLAN Services in the same manner as AP load groups When an AP is assigned to a site the controller pre loads the AP with the configured topologies policies CoS and RADIUS server configurations of the site The AP can then use these configurations independently of the controller All CLI commands cache changes For this reason sometimes when you make ...

Page 393: ...ame Specifies the name of the site to delete Example The following example deletes the site named site1 WLC siemens com policy delete site1 show site Use the show site command to display a summary of all site objects or a specific named site The show site command is accessible from within the site context show site Parameters site name Specifies that information for the named site be displayed Exa...

Page 394: ...e site named site context to implement the changes The following commands are available in the site named site context assign ap on page 395 assign policy on page 395 assign wlan on page 396 band preference on page 397 config on page 397 custom on page 398 dns on page 398 local radius on page 398 move on page 399 name on page 399 nasid on page 400 nasip on page 401 password on page 401 ping on pag...

Page 395: ...ign ap The available APs 0500009353050067 EWC 3640 050000829F737045 050000829F737045 0409920201204015 C25 AP3710 0500009203050048 C25 AP3705 50048 0500009203050013 C25 AP3705 10490066235A0000 AP 3660 Ext 0509920201203250 EWC AP 3620 3640 Ext 0002000819006723 C25 AP4102 0002010803508865 0002010803508865 10210066235A0000 C25 AP3705 This example shows AP added to the site1 site WLC siemens com site s...

Page 396: ...Use the assign wlan command to configure a WLAN assignment to the site The assign wlan command is accessible from the site named site context assign wlan wlan name none radio1 radio2 both Parameters wlan name Specifies the named WLAN service to assign to this site none radio1 radio2 both Specifies the radio s on the site to which the WLAN service is applied Usage You specify the WLAN by its name I...

Page 397: ...the config command to configure a RADIUS server as the local authentication server for APs assigned to this site The config command is accessible from the site named site context config radius name prot CHAP PAP MS CHAP MS CHAP2 exit Parameters radius name Specifies the RADIUS server to be assigned to this site and enters config mode for the named server prot CHAP PAP MS CHAP MS CHAP2 Specifies th...

Page 398: ...erver WLC siemens com site site1 custom enable dns Use the dns command to configure an IP address for a Domain Name Server for this site The dns command is accessible from the site named site context dns A B C D Parameters A B C D Specifies the IP address of the Domain Name Server for named site Usage You must enter the apply command for the DNS setting to take affect Example The following example...

Page 399: ...vers for this authentication server on this site Enter the first current position of the server then the new position of the server in the server order Usage The CLI named site context must be in config mode for a RADIUS server to execute the move command Use the config radius name command to enter config mode Use config exit to exit config mode You must enter the apply command before exiting the ...

Page 400: ...site9 WLC siemens com site site1 WLC siemens com site site1 name site9 WLC siemens com site site1 apply WLC siemens com site site1 show Name site9 WLC siemens com site site1 exit WLC siemens com site site9 WLC siemens com site site9 WLC siemens com site site9 show Name site9 WLC siemens com site site9 nasid Use the nasid command to configure an NAS identifier for this site The nasid command is acc...

Page 401: ...the IP address for this named site Usage The CLI named site context must be in config mode for a RADIUS server to execute the nasip command Use the config radius name command to enter config mode Example The following example configures a VNS IP address as the IP address for site1 WLC siemens com site site1 nasip vnsip password Use the password command to set the authentication password for this s...

Page 402: ...s the RADIUS server configured for site1 WLC siemens com site site1 ping source interface name james 192 168 77 7 protocol Use the protocol command to set the authentication password for this site The protocol command is accessible from the site named site context protocol CHAP PAP MS CHAP MS CHAP2 Parameters CHAP PAP MS CHAP MS CHAP2 Specifies an authentication protocol type Valid values are CHAP...

Page 403: ...ues are 5 60 Example The following example sets the maximum clients value for the Radio2 load balance group WLC siemens com site site1 radio2 load 55 radio1 loadcontrol Use the radio1 loadcontrol command to enable or disable load control soft load limits on Radio1 only The radio1 loadcontrol command is accessible from the site named site context Radio Load Control activates only when the number of...

Page 404: ... disable Parameters enable disable Enables or disables the load control function on Radio2 Example The following example disables load control on Radio2 WLC siemens com site site1 radio2 loadcontrol disable radio1 strictlimit Use the radio1 strictlimit command to enable or disable strict enforcement of hard load limits on Radio1 When enabled any clients in excess of the configured limits on the ra...

Page 405: ...te1 radio2 strictlimit disable remove Use the remove command to remove the named RADIUS server from this site The remove command is accessible from the site named site context remove radius name Parameters radius name Specifies the name of the RADIUS server used on this site Example The following example removes server R 1 as the RADIUS server from site1 WLC siemens com site site1 remove R 1 repla...

Page 406: ...ryption Usage If enabling a secure tunnel specify the type of traffic this tunnel will encrypt and carry control traffic or control and data traffic Secure tunneling can also be used for debug mode keys are preserved without encryption Example The following example enables a secure tunnel that encrypts control and data traffic on site1 WLC siemens com site site1 secure tunnel data secure tunnel ap...

Page 407: ... Example The following example enables secure tunnels between APs and controllers on site1 WLC siemens com site site1 secure tunnel enable WLC siemens com site site1 secure tunnel control enable secure tunnel lifetime Use the secure tunnel lifetime command to enable or configure the lifetime the number of hours the tunnel remains enabled of this tunnel The secure tunnel lifetime command is accessi...

Page 408: ...context WLC siemens com site site1 WLC siemens com site site1 show Name site1 Local Radius Authentication enable Band Preference disable Radio1 Load Control disable Radio2 Load Control disable DNS servers 0 0 0 0 policy assignment Unauth Auth SiteAuth WLAN service assignment wlan_east both No radius server has been selected Priority Name Role NAS IP NAS ID Auth Type 1 NPS_R2 auth Use VNS IP addres...

Page 409: ...ands cache changes For this reason sometimes when you make a change in a particular context the change may not be visible immediately If this happens you must exit and re enter the context in order to ensure that the database is synchronized with the latest change The following commands are available in the location context location engine on page 409 default height on page 410 auto tracking on pa...

Page 410: ...he floor plan specifies a height for AP placement that value will be used If there is no floor plan or the floor plan does not specify AP placement heights then this command applies The default value for the centimeters parameter is 3 Examples The following example sets the default height of APs to 06 centimeters WLC siemens com location default height 06 WLC siemens com location apply auto tracki...

Page 411: ...alls auditoriums 1 Office Environment with light divisions cubicles 2 Office Environment with dry walls divisions 3 Office Environment with hard divisions brick 4 Interior Walls need be defined in the floor plan Examples The following example sets the default environmental mode to indoor open space WLC siemens com location default env mode 0 floor plan Use the floor plan command to enter the locat...

Page 412: ...em second floor import Use the import command to create a floor plan from a locally stored file to an internal representation that can be used by the location engine The import command is accessible from the location floor plan context of the CLI import filename Parameters filename Specifies the name of the XML file from which the floor plan will be created Usage This command creates an internal f...

Page 413: ...d have current sessions with the controller s APs Clients are identified by their MAC or user name The on demand command is accessible from the location context of the CLI on demand add MAC remove MAC Parameters add remove Add or remove an on demand client from tracking MAC Specifies a client to be added or removed by MAC address Usage A maximum of 32 on demand users may be tracked at once Example...

Page 414: ...play location context settings the number of currently located users and the number of RSS readings per second The show command is accessible from the location context of the CLI Syntax show Parameters None Example The following example displays information for the location of users WLC siemens com location show RF Location Commands show SCALANCE WLC711 CLI Reference Guide 414 ...

Page 415: ...hange may not be visible immediately If this happens you must exit and re enter the context in order to ensure that the database is synchronized with the latest change The following commands are available in the publish context push on page 415 interval on page 416 unit on page 416 push list on page 416 push Use the push command to enable or disable the push operation on this controller This comma...

Page 416: ...e location push interval to 30 minutes WLC siemens com location publish interval 30 unit Use the unit command to set the location push unit to either meters or feet This command is available from the location publish context unit 0 1 Parameters 0 1 Specifies whether the push unit is in meters 0 or feet 1 Examples The following example sets the push unit to meters WLC siemens com location publish u...

Page 417: ...list url url Specifies one or more URLs delineated by a space to add to the location push list Examples The following example adds the www myurl com URL to the push list WLC siemens com location push list add www myurl com Publish Commands push list SCALANCE WLC711 CLI Reference Guide 417 ...