Commands for wireless authentication and access

Table of Contents

4.1 Commands for AC

4.1.1 agetime

Command: agetime {ad-hoc | ap-failure | rf-scan | detected-client} <0-168>
no agetime {ad-hoc | ap-failure | rf-scan | detected-client}
Function: Configure the length of time historical data is retained in the AC database. The no command recovers to default.
Parameters:

  • ad-hoc: client status timeout. This value determines how long an ad hoc client should be kept in the relevant ad hoc client status list after being disassociated. Every ad hoc client table entry in ad hoc client status list has a time; when the time reaches the client timeout threshold configured by the user, the ad hoc client table entry will be deleted from the ad hoc client status list.
  • ap-failure: AP failure status timeout. This value determines how long an AP will be kept in the AP authentication failure status list. Every AP table entry in AP authentication failure status list has a time. When the time achieves the AP failure status timeout configured by the user, the AP table entry will be deleted from AP authentication failure status list.
  • rf-scan: rf-scan status timeout. This value determines how long a table entry will be kept in the RF scan status list. Every table entry in the RF scan status list has a time. When the time achieves the RF scan status timeout configured by the user, the table entry will be deleted from the RF scan status list.
  • detected-client: detected client status timeout. This value determines how long a table entry will be kept in detected client status list. Every table entry in detected client status list has a time. When the time achieves the detected client status timeout configured by the user, the table entry will be deleted from the detected client status list.
  • Notice: The ranges of the above four timeouts are 0 to 168 hours. When the timeout is configured as 0, there is no timeout.

Command mode: Wireless Global Mode
Default: 24 hours.
Usage guide: Configure the length of time data in the AC database is retained through this command.
Example: Configure the keeping time of RF scan as 2 hours.

active500EM(config-wireless)#agetime rf-scan 2

 

4.1.2 client roam-time

Command: client roam-time <1-120>
no client roam-time
Function: Configure the length of time that the AC will keep a record related to a client in the associated client list after the client has disassociated. The no command resets to default.
Parameters:

  • <1-120>: the unit is second.

Command mode: Wireless Global Mode
Default: 30 seconds.
Usage guide: When the client roams, it will disassociate from the previous AP and connect to the new AP in roamtime. It is now considered to be roaming.
Example: Configure the client roam time as 100 seconds.

active500EM(config-wireless)#client roam-time 100

 

4.1.3 known-client

Command: known-client <macaddr> [action {global-action | grant | deny}] [name <name>] no known-client <macaddr>
Function: Configure client in the known client database. The no command deletes the appointed client.
Parameters:

  • <macaddr>: MAC address of client.
  • <name>: client name.
  • {global-action | grant | deny}: action of client. Action configures allowing, denying, or using MAC authentication configuration to determine client association.

Command mode: Wireless Global Mode
Default: None.
Usage guide: Add or delete the client in the known client database through this command.
Example: Add the client whose MAC address is e0-91-f5-42-f5-68. Its rule allows as default.

active500EM(config-wireless)#known-client e0-91-f5-42-f5-68 action grant

 

4.1.4 mac-authentication-mode

Command: mac-authentication-mode {white-list|black-list}
no mac-authentication-mode
Function: Configure MAC authentication mode of the AC. Client in known client database is allowed to associate or to be refused. The no command resets to default.
Parameters:

  • white-list: client in known client database is allowed to associate.
  • black-list: client in known client database cannot be associated.

Command mode: Wireless Global Mode
Default: white-list.
Usage guide: If a small part of the client is allowed to associate with the network through MAC authentication, it should be configured as white-list; if the default client can associate with the network through MAC authentication and only a small part of rogue clients cannot pass through, it should be configured as black-list.
Example: Configure MAC authentication mode as black-list mode.

active500EM(config-wireless)#mac-authentication-mode black-list

 

4.1.5 radius server-name

Command: radius server-name {auth | acct} <name>
no radius server-name {auth | acct}
Function: Configure radius groups used for client authentication or billing. The no command recovers to default.
Parameters:

  • <name>: appoint radius groups of authentication or billing.

Command mode: Wireless Global Mode
Default: Default-RADIUS-Server.
Usage guide: When the network does not use the radius server configured by this network, it will use the global configuration radius server to authenticate. Not using the radius server of the wireless global to authenticate or billing is the default. This command can configure the radius group of wireless global.
Example: Configure radius-server-1 as the radius server of wireless global for authentication; configure radiusserver-2 as the radius server of wireless global for billing.

active500EM(config-wireless)#radius server-name auth radius-server-1
active500EM(config-wireless)#radius server-name acct radius-server-2

 

4.1.6 show wireless agetime

Command: show wireless agetime
Function: Display the maximum time to retain the database configured by the AC.
Parameters: None.
Command mode: Admin Mode
Default: None.
Usage guide: Query the maximum time to retain the database configured by the AC through this command.
Example: Display the maximum time to retain database items.

active500EM#show wireless agetime
Ad Hoc Client Status Age (hours)............... 24
AP Failure Status Age (hours).................. 24
RF Scan Status Age (hours)..................... 24
Detected Clients Age (hours)................... 24
agetime client-failure......................... 24
AP Provisioning Database Age Time (hours)...... 72
Parameter Explanation
Ad Hoc Client Status Age The maximum time to retain adhoc client status list
AP Failure Status Age The maximum time to retain failed AP status
RF Scan Status Age The maximum time to retain RF scan status
Detected Clients Age The maximum time to retain detected clients database
AP Provisioning Database Age The maximum time to retain the AP provisioning database

 

4.1.7 show wireless mac-authentication

Command: show wireless mac-authentication
Function: Display MAC authentication mode configured for AC.
Parameters: None.
Command mode: Admin Mode
Default: None.
Usage guide: Query MAC authentication configured for the AC.
Example: Display MAC authentication mode.

active500EM#show wireless mac-authentication
mac-authentication-mode........................ black-list

 

4.1.8 show wireless known-client

Command: show wireless known-client
Function: Display information of all clients or the client identified by the MAC address parameter.
Parameters: None.
Command mode: Admin Mode
Default: None.
Usage guide: Query information of all clients or the client identified by the MAC address in the local known client database through this command.
Example: Display information of all clients in the local known client database.

active500EM#show wireless known-client
MAC Address        Name                           Action
------------------ ------------------------------ ----------------
5c-ac-4c-3b-73-73                                 global-action
74-ea-3a-10-bb-94                                 global-action
Parameter Explanation
Mac Address MAC address of client in local known client database.
Name Another name of the client; its length is less then 32 characters.
Action Identify the rule of this client in MAC authentication: allowing, refusing, or using the default rule of global configuration.

 

4.1.9 show wireless radius

Command: show wireless radius
Function: Display the wireless global radius server configured for the users.
Parameters: None.
Command mode: Admin Mode
Default: None.
Usage guide: Query the wireless global radius server configured for users.
Example: Display the wireless global radius server configured for users.

active500EM#show wireless radius
RADIUS Authentication Server Name.............. Default-RADIUS-Server
RADIUS Authentication Server Status............ Not Configured
RADIUS Accounting Server Name.................. Default-RADIUS-Server
RADIUS Accounting Server Status................ Not Configured
RADIUS Accounting.............................. Disable

 

4.2 Commands for wireless network

4.2.1 clear

Command: clear
Function: Recover the network configuration to default.
Parameters: None.
Command mode: Network Configuration Mode
Default: None.
Usage guide: Recover the network configuration to default through this command.
Example: Recover the network configuration to default.

active500EM(config-network)#clear

 

4.2.2 dot1x bcast-key-refresh-rate

Command: dot1x bcast-key-refresh-rate <0-86400>
no dot1x bcast-key-refresh-rate
Function: Configure the update rate of broadcast key; the no command resets to default.
Parameters:

  • <0-86400>: the unit is second, and 0 means it does not update.

Command mode: Network Configuration Mode
Default: 300 seconds.
Usage guide: Configure the update rate of broadcast key through this command.
Example: Configure the update rate as 1000 seconds.

active500EM(config-network)#dot1x bcast-key-refresh-rate 1000

 

4.2.3 dot1x session-key-refresh-rate

Command: dot1x session-key-refresh-rate <0-86400>
no dot1x session-key-refresh-rate
Function: Configure the update rate of unicast key. The no command recovers to default.
Parameters:

  • <0-86400>: the unit is second, and 0 means it does not update.

Command mode: Network Configuration Mode
Default: 300 seconds.
Usage guide: Configure the update rate of unicast key through this command.
Example: Configure the update rate as 1000 second.

active500EM(config-network)#dot1x session-key-refresh-rate 1000

 

4.2.4 hide-ssid

Command: hide-ssid
no hide-ssid
Function: Configure the SSID of the hidden network. If configured as hiding, the SSID does not appear in the AP beacon frame. The no command displays the SSID.
Parameters: None.
Command mode: Network Configuration Mode
Default: Disabled (does not hide the SSID).
Usage guide: Use this command to hide the SSID of the network.
Example: Hide the SSID of the network.

active500EM(config-network)#hide-ssid

 

4.2.5 network

Command: network <1-1024>
no network <1-1024>
Function: If this network does not exist, add a network configuration. Enter network configuration mode to modify its parameters. The no command deletes a network configuration. If this network is used by VAP, it cannot be deleted. The first 16 networks can never be deleted by default.
Parameters:

  • <1-1024>: number of network.

Command mode: Wireless Configuration Mode
Default: Network 1 to network 16 are created as default.
Usage guide: When users wants to enter network configuration mode to configure the network, use this command; when the existing network is not sufficient, add the new network configuration through this command.
Example: Add network with number 20.

active500EM(config-wireless)#network 20

 

4.2.6 mac authentication

Command: mac authentication {local | radius}
no mac authentication
Function: Enable client MAC authentication, and configure MAC authentication as local or radius authentication. The no command disables client MAC authentication.
Parameters:

  • local: local authentication.
  • radius: radius server authentication.

Command mode: Network Configuration Mode
Default: Disable MAC authentication.
Usage guide: Enable MAC authentication through this command, and configure MAC authentication.
Example: Enable MAC authentication, and configure as local authentication.

active500EM(config-network)#mac authentication local

 

4.2.7 radius server-name

Command: radius server-name {auth | acct} <name>
no radius server-name {auth | acct}
Function: Configure radius groups used for client authentication or billing in the network. The no command resets to default of Default-RADIUS-Server.
Parameters:

  • {auth | acct}: appoint radius groups recovered authentication or billing.
  • <name>: radius group name.

Command mode: Network Configuration Mode
Default: Default-RADIUS-Server.
Usage guide: Configure radius groups used for client authentication or billing in the network through this command.
Example: Configure radius groups used for client authentication and billing.

active500EM(config-network)#radius server-name auth authradius
active500EM(config-network)#radius server-name acct acctradius

 

4.2.8 radius use-network-configuration

Command: radius use-network-configuration
no radius use-network-configuration
Function: Configure if using radius server configuration. The no command configures the network to use the radius server of the wireless global configuration.
Parameters: None.
Command mode: Network Configuration Mode
Default: Use radius server configured by the network as default.
Usage guide: Configure the radius server for the network through this command.
Example: Configure the radius server for the network.

active500EM(config-network)#radius use-network-configuration

 

4.2.9 security mode

Command: security mode {none | static-wep | wep-dot1x | wapi certificate | wpa-enterprise | wpa-personal}
no security mode
Function: Configure authentication and encryption supported by the network. The no command resets to
default.

Parameters:

  • {none | static-wep | wep-dot1x | wapi certificate | wpa-enterprise | wpa- personal}: none means default; there is no wireless authentication encryption. Others are wireless safety access as defined by 802.11.

Command mode: Network Configuration Mode
Default: None.
Usage guide: Configure authentication and encryption.
Example: Configure authentication and encryption of the network as wpa-personal.

active500EM(config-network)#security mode wpa-personal

 

4.2.10 show wireless network

Command: show wireless network [<1-1024>] Function: Display the detailed configuration of the identified network. If it is not identified, display the configuration of the entire network.
Parameters:

  • <1-1024>: number of networks.

Command: mode Admin Mode
Default: None.
Usage guide: Query network configuration through this command and display parameters.
Example: Query configuration of network 1, and display parameters.

active500EM(config-network)#exit
active500EM(config-wireless)#exit
active500EM(config)#exit
active500EM#show wireless network 1
Network ID..................................... 1
SSID........................................... Guest Network
Interface ID................................... 11000
Default VLAN................................... 1
Hide SSID...................................... Disable
Deny Broadcast................................. Disable
Redirect Mode.................................. None
Redirect URL................................... -----
L2 Distributed Tunneling Mode.................. Disable
Bcast Key Refresh Rate......................... 300
Session Key Refresh Rate....................... 0
Wireless ARP Suppression....................... Disable
Security Mode.................................. None
MAC Authentication............................. Disable
RADIUS Authentication Server Name.............. Default-RADIUS-Server
RADIUS Authentication Server Status............ Not Configured
RADIUS Accounting Server Name.................. Default-RADIUS-Server
RADIUS Accounting Server Status................ Not Configured
RADIUS Use Network Configuration............... Enable
RADIUS Accounting.............................. Disable
WPA Versions................................... WPA/WPA2
WPA Ciphers.................................... TKIP/CCMP
WPA Key Type................................... ASCII
WPA Key........................................
WPA2 Pre-Authentication........................ Enable
WPA2 Pre-Authentication Limit.................. 0
WPA2 Key Caching Holdtime (minutes)............ 10
WEP Authentication Type........................ Open System
WEP Key Type................................... HEX
WEP Key Length (bits).......................... 128
WEP Transfer Key Index......................... 1
WEP Key 1......................................
WEP Key 2......................................
WEP Key 3......................................
WEP Key 4......................................
Client QoS Mode................................ Disable
Client QoS Bandwidth Limit Down................ 0
Client QoS Bandwidth Limit Up.................. 0
Client QoS Access Control Down................. -----
Client QoS Access Control Up................... -----
Client QoS Diffserv Policy Down................ -----
Client QoS Diffserv Policy Up.................. -----

 

4.2.11 ssid

Command: ssid <name>
Function: Configure SSID of the wireless network; a network must be configured with an SSID of more than one character. This SSID can be modified but not deleted.
Parameters:

  • <name>: network SSID shown by strings. The length is 1 to 32 strings.

Command mode: Network Configuration Mode
Default: The default of the Network1 is Guest Network; the default of others is Managed SSID ID. ID is network ID of SSID.
Usage guide: Configure a SSID through this command.
Note: the SSID can have spaces. If there is a space, quotation marks do not need to be used.
Example: Configure an SSID for network 20.

active500EM(config-network)#ssid ssidname 20

 

4.2.12 wep authentication

Command: wep authentication {open-system | share-key}
no wep authentication
Function: Configure the link authentication used by the network when it is using static wep authentication. The no command resets to the default of an open system.
Parameters:

  • {open-system | share-key}: link authentication ways defined by 802.11.

Command mode: Network Configuration Mode
Default: Open System.
Usage guide: Configure using open system and share key in the network that is using static wep authentication.
Example: Configure using share key in the network that is using static wep authentication.

active500EM(config-network)#wep authentication share-key

 

4.2.13 wep key

Command: wep key <1-4> [encrypted] <value>
no wep key <1-4>
Function: Configure share keys of the network that is using static wep; 4 is the most. The no command deletes the share keys.
Parameters:

  • <1-4> <value>: configure keys related to key sequence. The key characters number is affected by wep key type and wep length. The relationship is the following:
    • 64bit-ASCII: 5 characters
    • Hex: 10 characters
    • 128bit-ASCII: 13 characters
    • Hex: 26 characters
    • [encrypted]: optional. Configure the password as an encryption wep key; the maximum length is 128 characters.

Command mode: Network Configuration Mode
Default: None.
Usage guide: Configure share keys of the network using static wep.
Example: Configure 2 share keys for a network. Note: In this example, key type is ascii; the length is 64 bit. Configure the key characters as 5.

active500EM(config-network)#wep key 1 wepk1
active500EM(config-network)#wep key 2 wepk2

 

4.2.14 wep key length

Command: wep key length {64 | 128}
no wep key length
Function: Configure the key length of the network that is using static wep. The no command resets to default.
Parameters:

  • {64 | 128}: the length of WEP key.

Command mode: Network Configuration Mode
Default: 128.
Usage guide: Configure the key length of the network that is using static wep through this command.
Example: Configure the key length as 64 bit.

active500EM(config-network)#wep key length 64

 

4.2.15 wep key type

Command: wep key type {ascii | hex}
no wep key type
Function: Configure the key encoding type that is using static wep. The no command resets to default.
Parameters:

  • {ascii | hex}: the key encoding type of wep key. They are shown by ASCII and Hexadecimal.

Command mode: Network Configuration Mode
Default: HEX.
Usage guide: Configure the key encoding type of the network that is using static wep through this command.
Example: Configure the key encoding type as ASCII.

active500EM(config-network)#wep key type ascii

 

4.2.16 wep tx-key

Command: wep tx-key <1-4>
no wep tx-key
Function: Configure which wep-key is used for data transmission encryption when the network is using static wep. The no command recovers to default of 1.
Parameters:

  • <1-4>: configure 4 wep keys. Choose any key to use for data transmission encryption between the client and AP.

Command mode: Network Configuration Mode
Default: 1; means the first wep-key is the key using encryption between the client and AP for data transmission.
Usage guide: Configure which wep-key is used for data transmission encryption when the network is using static wep through this command. Note: The appointed wep key must be configured and not free.
Example: Configure share key 2 as the key for data transmission encryption.

active500EM(config-network)#wep tx-key 2

 

4.2.17 wpa ciphers

Command: wpa ciphers {ccmp [tkip] | tkip }
no wpa ciphers
Function: Configure the encryption algorithm used by the network. The no command resets to default.
Parameters:

  • {ccmp [tkip] | tkip }: it can be free or ccmp tkip. Ccmp and tkip can exist at the same time. Ccmp and tkip are encryption algorithms of 802.11i standard. When they exist at the same time, users who have TKIP key and AES-CCMP key can associate with the AP.

Command mode: Network Configuration Mode
Default: tkip and ccmp exist at the same time as default.
Usage guide: Configure wpa encryption algorithm supported by the network through this command. The encryption algorithm of WPA or WPA2 can choose ccmp or tkip. They can also exist at the same time.
Example: Configure wap encryption algorithm of WAP2.

active500EM(config-network)#wpa ciphers ccmp

 

4.2.18 wpa key

Command: wpa key <value>
Function: Configure the WPA key of the network.
Parameters:

  • <value>: a string with 8 to 84 characters.

Command mode: Network Configuration Mode
Default: None.
Usage guide: Configure the WPA key of the network through this command.
Example: Configure the WPA key of the network.

active500EM(config-network)#wpa key wpakey110

 

4.2.19 wpa versions

Command: wpa versions {wpa [wpa2] | wpa2}
no wpa versions
Function: Configure the WPA version used by the network. The no command resets to the default of WPA/WPA2.
Parameters:

  • {wpa [wpa2] | wpa2}: can be free or WPA, WPA2. WPA and WPA2. For example, for the client that supports WPA2, the system uses WPA2 authentication; for the client that does not support WPA2, the system uses WPA authentication.

Command mode: Network Configuration Mode
Default: WPA/WPA2.
Usage guide: When using WPA-enterprise or WPA-personal safety authentication mode, the WPA version should be checked and configured as needed. This command can configure the WPA version.
Example: Configure the WPA version as WPA2.

active500EM(config-network)#wpa versions wpa2

 

4.2.20 wpa2 pre-authentication

Command: wpa2 pre-authentication
no wpa2 pre-authentication
Function: Enable WPA2 pre-authentication function of client roaming. The no command disables this function.
Parameters: None.
Command mode: Network Configuration Mode
Default: Enabled.
Usage guide: When the client connected to AP1 discovers that AP2′??s signal is stronger, the client will disassociate from AP1 and roam to AP2. If enabling the WPA2 pre-authentication function, the client can pass by AP1 and request to check the identity of AP2 in advance. When the client associates to AP2, it disassociates from AP1. This improves the roaming speed and achieves seamless roaming.
Example: Enable WPA2 pre-authentication.

active500EM(config-network)#wpa2 pre-authentication

 

4.2.21 wpa2 pre-authentication limit

Command: wpa2 pre-authentication limit <0-192>
no wpa2 pre-authentication limit
Function: Limits the number of clients for pre-authentication. The no command resets to the default.
Parameters:

  • <0-192>: identifies the max number of clients for pre-authentication

Command mode: Network Configuration Mode
Default: 0 (no limitation).
Usage guide: If enabling WPA2 pre-authentication function, configure the limit for pre-authentication.
Example: Configure the maximum number as 100.

active500EM(config-network)#wpa2 pre-authentication limit 100

 

4.3 Commands for VAP

4.3.1 enable

Command: enable
no enable
Function: Enable VAP of the radio. The no command disables VAP of the radio. VAP0 cannot be disabled. If the user wants to disable VAP0, radio power must be disabled.
Parameters: None.
Command mode: VAP Configuration Mode
Default: Enables for VAP0 and disables for VAP 1 to 5.
Usage guide: Enable VAP of the radio through this command.
Example: Enable VAP2 of radio1.

active500EM(config-ap-profile)#radio 1
active500EM(config-ap-profile-radio)#vap 2
active500EM(config-ap-profile-vap)#enable

 

4.3.2 network

Command: network <1-1024>
Function: Configure network configuration applied to VAP. A VAP must be identified to a network. If the VAP is applied, this network cannot be deleted.
Parameters:

  • <1-1024>: network ID.

Command mode: VAP Configuration Mode
Default: Networks 1 to 16 are applied to VAP0 to VAP15 in order.
Usage guide: A VAP must be identified to the network to which it belongs. Configure the VAP belonging to a network through this command.
Example: Appoint VAP 2 to belong to network 3.

active500EM(config-ap-profile-radio)#vap 2
active500EM(config-ap-profile-vap)#network 3

 

4.3.3 vap

Command: vap <0-15>
Function: Entering VAP configuration mode can modify VAP parameters.
Parameters:

  • <0-15>: VAP ID.

Command mode: Radio Configuration Mode
Default: None.
Usage guide: If modifying VAP parameters, it is necessary to enter the AP profile VAP configuration mode. Enter this mode through this command.
Example: Enter VAP configuration mode and configure VAP2 parameters.

active500EM(config-ap-profile-radio)#vap 2

 

4.4 Commands for load-balance

4.4.1 load-balance

Command: load-balance [utilization <1-100>] no load-balance [utilization]
Function: Enable load-balance. Configuring load balancing can help to fully utilize every radio. The no command disables this function. Do not disable the load-balance function with utilization; reset to default.
Parameters:

  • [utilization <1-100>]: defines the maximum load balancing percentage for every radio.

Command mode: Radio Configuration Mode
Default: Disabled; it is 60% with utilization.
Usage guide: Enable load-balancing and load balance percentage parameters through this command for loadbalance
flexibility.
Example: Enable load-balance function and configure the percentage as 70%.

active500EM(config-ap-profile-radio)#load-balance utilization 70

 

4.4.2 max-client

Command: max-client <0-200>
no max-client
Function: Configure the max number of clients allowed to simultaneously associate with every radio interface. The no command resets to default.
Parameters:

  • <0-200>: the max number of clients.

Command mode: Radio Configuration Mode
Default: 200.
Usage guide: Configure the max number of clients that are allowed to simultaneously associate with every radio interface through this command.
Example: Configure the max number of clients as 200.

active500EM(config-ap-profile-radio)#max-client 200

 

4.5 Commands for client disassociation and viewing

4.5.1 show wireless client neighbor ap status

Command: show wireless client <macaddr> neighbor ap status
Function: Display all APs scanned by the client whose MAC address is found in the RF area.
Parameters:

  • <macaddr>: MAC address of client.

Command mode: Admin Mode
Default: None.
Usage guide: Query the local client neighbor AP table through this command.
Example: Display the AP table scanned by the client whose MAC address is e0-91-f5-42-f5-68.

active500EM#show wireless client e0-91-f5-42-f5-68 neighbor ap status

 

4.5.2 show wireless client statistics

Command: show wireless client <macaddr> statistics [{association | session}] Function: Display client association or session statistic information associated with the managed AP. If the client roams, session statistic information will show the cumulative statistic information with which the client associates. When the optional parameter is not configured, session statistic information will display as default.
Parameters:

  • <macaddr>: MAC address of client
  • {association | session}: identifies the association or session.

Command mode: Admin Mode
Default: None.
Usage guide: Query client statistic information in the associated client table through this command.
Example: Show the session statistic information of the client whose MAC address is b0-48-7a- 1e-dd-16.

active500EM#show wireless client b0-48-7a-1e-dd-16 statistics
MAC address.................................... b0-48-7a-1e-dd-16
Packets Received............................... 41
Packets Transmitted............................ 0
Bytes Received................................. 6556
Bytes Transmitted.............................. 0
Packets Receive Dropped........................ 0
Packets Transmit Dropped....................... 0
Bytes Receive Dropped.......................... 0
Bytes Transmit Dropped......................... 0
Duplicate Packets Received..................... 1
Packet Fragments Received...................... 463
Packet Fragments Transmitted................... 5
Transmit Retry Count........................... 1
Failed Retry Count............................. 0
TS Violate Packets Received.................... 0
TS Violate Packets Transmitted................. 0
Parameter Explanation
MAC Address MAC address of the client
Packets Received Sum of packets received
Bytes Received Number of bytes received
Packets Transmitted Sum of packets transmitted
Bytes Transmitted Number of bytes transmitted
Packets Received Dropped Dropped packets received
Bytes Received Dropped Number of bytes received dropped
Packets Transmitted Dropped Sum of packets transmitted dropped
Bytes Transmitted Dropped Number of bytes transmitted dropped
Duplicate Packets Received Sum of duplicate packets received
Packets Fragments Received Sum of packet fragments received
Packets Fragments Transmitted Sum of packet fragments transmitted
Transmitted Retry Count Count of successful transmitted retries
Transmitted Retry Failed Count Count of transmitted retry failures
TS Violate Packets Received Sum of illegal packets received in traffic stream
TS Violate Packets Transmitted Sum of illegal packets transmitted in traffic stream

 

4.5.3 show wireless client status

Command: show wireless client [<macaddr>] status
Function: Show the detailed information of the client that is associated with the managed AP. If the AC is the controller, show all associated client information of the peer-group only.
Parameters:

  • <macaddr>: MAC address of the client.

Command mode: Admin Mode
Default: None.
Usage guide: Query the detailed information of the client-appointed MAC address or all associated client information of the peer-group through this command.
Example: Show all associated client information of the peer-group.
Notice: When the AC is the controller, the client information associated with other ACs will have an asterisk (*).

active500EM#show wireless client status
MAC Address
(*) Peer Managed   VAP MAC Address   SSID              Status    Network Time
------------------ ----------------- ----------------- --------- --------------
*b0-48-7a-1e-dd-16 f8-f7-d3-00-03-a0 Guest Network     Auth      0d:00:04:54
Total Clients Associated with Local Switch..... 0
Total Clients Associated with Peer Switches.... 1
active500EM#show wireless client b0-48-7a-1e-dd-16 status
Parameter Explanation
MAC Address MAC address of the client
Detected IP Address IP address of the client
Tunnel IP Address Tunnel IP of tunneled clients
Associating Switch AC that is associated with the AP
Switch MAC Address MAC address of the associated AC
Switch IP Address IP address of the AC associated with the client
SSID SSID of the network connected to the client
NETBIOS Name NETBIOS of the client
VAP MAC Address MAC address of the VAP associated with the client
Channel Channel of the associated client
Status Set client status: associate, authenticate, or disassociate
AP MAC Address MAC address of the managed AP
Location Location of the managed AP
Radio Radio of the managed AP associated with the client
VLAN VLAN distributed by the VAP associated with the client
Transmit Data Rate Rate of the client sending the data
802.11n-Capable Identifies if the client supports 802.11n
STBC Capable Identifies if the client supports STBC (Time and Space Grouping Code)
Inactive Period Non-active period
Age The time interval since the last client status update. The unit is seconds.
Network Time Online time of the client

 

4.5.4 show wireless client summary

Command: show wireless client summary
Function: In the local AC, show the information of the client associated with the managed AP. If the AC is the controller, show the main information of all associated clients in peer-group.
Parameters: None.
Command mode: Admin Mode
Default: None.
Usage guide: Query the information of the client associated with the locally managed AP, AC, or the information of associated clients in the peer-group through this command.
Example: Show the information of all associated clients in the peer-group.
Note: When the AC is the controller, the client information associated with the other AC will have an asterisk (*).

active500EM#show wireless client summary
   MAC Address
(*) Peer Managed   IP Address        VAP MAC Address   NetBIOS Name
------------------ ----------------- ----------------- -----------------
*b0-48-7a-1e-dd-16 192.168.1.25      f8-f7-d3-00-03-a0 SHIXF
Parameter Explanation
MAC Address MAC address of client
IP Address IP address of client
NETBIOS Name NETBIOS of client

 

4.5.5 show wireless client status ssid

Command: show wireless client status ssid [<ssid>] Function: Display the SSID information of the associated client. When the SSID is entered, it will display the client information of the identified SSID only.
Parameters:

  • <ssid>: SSID with string; it is optional.

Command mode: Admin Mode
Default: None.
Usage guide: Query the local SSID-Client mapping table and associated client table through this command.
Example: Display the SSID information of associated clients.

active500EM#show wireless client status ssid
                                 Client
SSID                             MAC Address
-------------------------------- -----------------
Guest Network                    b0-48-7a-1e-dd-16
Parameter Explanation
MAC Address MAC address of the client
SSID SSID of the network connected to the client

 

4.5.6 show wireless client status switch

Command: show wireless client status switch [<ipaddr>] Function: Display the information of associated clients in all ACs. When the AC is the controller, show all associated client information in the peer-group. Other ACs show the relevant client information of the appointed AC only.
Parameters:

  • <ipaddr>: IP address of the AC.

Command mode: Admin Mode
Default: None.
Usage guide: Query the local Switch-Client mapping table and associated client table through this command.
Example: Show the client information of the AC whose IP address is 192.168.1.1.

active500EM#show wireless client status switch 192.168.1.1
Switch IP Address Client MAC Address
----------------- ------------------
192.168.1.200     b0-48-7a-1e-dd-16
Parameter Explanation
Switch IP Address IP address of the AC or AC groups in the wireless system
Client MAC Address MAC address of the client

 

4.5.7 show wireless client status vap

Command: show wireless client status vap [<macaddr>] Function: Display the associated clients for all managed VAPs. When the MAC address of the VAP is entered, show client information for only that VAP.
Parameters:

  • <macaddr>: MAC address of the VAP.

Command mode: Admin Mode
Default: None.
Usage guide: Query local VAP-Client Mapping table through this command.
Example: Show the relevant client information in the VAP whose MAC address is f8-f7-d3-00- 03-a0.

active500EM#show wireless client status vap f8-f7-d3-00-03-a0
VAP MAC Address   AP MAC Address    Location           Radio Client MAC Address
----------------- ----------------- ------------------ ----- ------------------
f8-f7-d3-00-03-a0 f8-f7-d3-00-03-a0                    1     b0-48-7a-1e-dd-16
Parameter Explanation
VAP MAC Address MAC address of VAP associated with client
MAC Address MAC address of client

 

4.5.8 wireless client disassociate

Command: wireless client disassociate [<macaddr>] Function: Disassociate AC and the client appointed MAC address. This client is associated with the managed AP. When the MAC address is not appointed, disassociate all clients managed locally. If the local AC is the controller, disassociate all clients in the system.
Parameters:

  • <macaddr>: MAC address of the client.

Command mode: Admin Mode
Default: None.
Usage guide: Disassociate the client with the identified MAC address, or all clients managed locally through this command.
Example: Disassociate the AC and the client whose MAC address is e0-91-f5-42-f5-68.

active500EM#wireless client disassociate e0-91-f5-42-f5-68

 

4.5.9 wireless client disassociate ap

Command: wireless client disassociate ap <macaddr>
Function: Disassociate all clients from the AP with a specified MAC address.
Parameters:

  • <macaddr>: MAC address of the AP.

Command mode: Admin Mode
Default: None.
Usage guide: Disassociate all clients of the managed AP that are appointed to the MAC address.
Example: Disassociate all clients of the managed AP whose MAC address is f8-f7-d3-00- 03-a0.

active500EM#wireless client disassociate ap f8-f7-d3-00-03-a0

 

4.5.10 wireless client disassociate ssid

Command: wireless client disassociate ssid<name>
Function: Disassociate all clients of the network that are appointed to the SSID.
Parameters:

  • <name>: SSID of the network.

Command mode: Admin Mode
Default: None.
Usage guide: Disassociate all clients of the network that have the appointed SSID.
Example: Disassociate all clients with the SSID-1.

active500EM#wireless client disassociate ssid ssid-1

 

4.5.11 wireless client disassociate vap

Command: wireless client disassociate vap <macaddr>
Function: Disassociate all clients of the VAP that are appointed with the MAC address.
Parameters:

  • <macaddr>: MAC address of VAP.

Command mode: Admin Mode
Default: None.
Usage guide: Disassociate all clients of the VAP that are appointed with the MAC address.
Example: Disassociate all clients of the VAP with the MAC address of f8-f7-d3-00-03-a0.

active500EM#wireless client disassociate vap f8-f7-d3-00-03-a0

 

4.6 Commands for ad hoc client list

4.6.1 clear wireless client ad hoc list

Command: clear wireless client ad hoc list
Function: Delete all records in adhoc client list.
Parameters: None.
Command mode: Admin Mode
Default: None.
Usage guide: Delete all records in the adhoc client list.
Example: Delete all records in the adhoc client list.

active500EM#clear wireless client ad hoc list

 

4.6.2 show wireless client adhoc status

Command: show wireless client [<macaddr>] adhoc status
Function: Show the information of all adhoc clients discovered by the managed AP or the information of the appointed client.
Parameters:

  • <macaddr>: MAC address of the client.

Command mode: Admin Mode
Default: None.
Usage guide: Query the client information in the adhoc client list.
Example: Query the client information in the adhoc client list.

active500EM#show wireless client adhoc status
MAC Address       Address           Location Radio Det. Mode Age
----------------- ----------------- -------- ----- --------- -----------
00-1b-77-05-11-71 f8-f7-d3-00-03-a0 right_ap 1     Beacon    0d:00:19:14
00-1b-77-22-75-27 f8-f7-d3-00-03-a0 right_ap 1     Beacon    0d:00:20:14
00-22-fa-25-dc-a0 f8-f7-d3-00-03-a0 right_ap 1     Beacon    0d:00:45:14
00-24-2c-3c-88-5b f8-f7-d3-00-03-a0 right_ap 1     Beacon    0d:00:20:14
00-26-37-7f-a6-10 f8-f7-d3-00-03-a0 right_ap 1     Beacon    0d:00:19:14
00-26-c7-32-90-9c f8-f7-d3-00-03-a0 right_ap 1     Beacon    0d:00:19:14
00-26-c7-33-6f-fa f8-f7-d3-00-03-a0 right_ap 1     Beacon    0d:00:46:15
00-26-c7-6f-7c-7a f8-f7-d3-00-03-a0 right_ap 1     Beacon    0d:00:19:14
e8-39-df-6e-19-8f f8-f7-d3-00-03-a0 right_ap 1     Beacon    0d:00:45:14
Parameter Explanation
MAC Address MAC address of the client
AP Mac Address MAC address of the AP that discovers this client
Location Location of this managed AP
Radio Radio of the AP that discovers this client
Det. Mode Detection mode: beacon frame, data frame
Age The elapsed time from discovering this ad hoc network to current. The unit is second.

 

4.7 Commands for detected client database

4.7.1 clear wireless detected-client non-auth

Command: clear wireless detected-client [<macaddr>] non-auth
Function: Delete all authentication failure records in the detected client or client with the identified MAC address.
Parameters:

  • <macaddr>: MAC address of the client.

Command mode: Admin Mode
Default: None.
Usage guide: Delete all authentication failure records in the detected client or client of the identified MAC address.
Example: Delete client information with the MAC address of 00-24-2c-3c-88-5b.

active500EM#clear wireless detected-client 00-24-2c-3c-88-5b non-auth

 

4.7.2 clear wireless detected-client preauth-history

Command: clear wireless detected-client [<macaddr>] preauth-history
Function: Delete the identity authentication history of all clients or the appointed client from the Detected Clients Pre-Auth History list.
Parameters:

  • <macaddr>: MAC address of the client.

Command mode: Admin Mode
Default: None.
Usage guide: Delete information from the Detected Clients Pre-Auth History list.
Example: Delete client information with the MAC address of 00-24-2c-3c-88-5b from the Detected Clients Pre-Auth History list.

active500EM#clear wireless detected-client 00-24-2c-3c-88-5b preauth- history

 

4.7.3 clear wireless detected-client roam-history

Command: clear wireless detected-client [<macaddr>] roam-history
Function: Delete roaming history of all clients or the appointed clients from the Detected Clients Roam History list.
Parameters:

  • <macaddr>: MAC address of the client.

Command mode: Admin Mode
Default: None.
Usage guide: Delete information from the Detected Clients Roam History list.
Example: Delete client information with the MAC address of 00-24-2c-3c-88-5b from the Detected Clients Roam History list.

active500EM#clear wireless detected-client 00-24-2c-3c-88-5b roam-history

 

4.7.4 show wireless client detected-client preauth-history

Command: show wireless client [<macaddr>] detected-client preauth-history
Function: Display the identity authentication history of all clients in Detected Clients Pre-Auth History list or the appointed client; 10 is max.
Parameters:

  • <macaddr>: MAC address of the client.

Command mode: Admin Mode
Default: None.
Usage guide: Query identity authentication history of all failed authentication clients or the clients with the appointed MAC address in Detected Clients Pre-Auth History list.
Example: Displays advance identity authentication history of all clients in the Detected Clients Pre-Auth History list.

active500EM#show wireless client detected-client preauth-history
No preauthentication-history entries to display.

 

4.7.5 show wireless client detected-client status

Command: show wireless client [<macaddr>] detected-client status
Function: Display status information of clients in the Detected Client list. If the MAC address is not appointed, display the information of all clients. Otherwise, it displays the status information of the appointed client.
Parameters:

  • <macaddr>: MAC address of the client.

Command mode: Admin Mode
Default: None.
Usage guide: Query the status of all clients, or the clients appointed MAC address, in the Detected Client list.
Example: Display the information of all clients in the Detected Client list.
Note: If the MAC address of the client is not appointed, display the client MAC, name, status, age, and create time only.

active500EM#show wireless client detected-client status
MAC Address       Client Name     Client Status   Age          Create Time
----------------- --------------  --------------  ------------ -----------
00-24-2c-3c-88-5b                 Detected        0d:00:00:38  0d:16:08:14
00-24-2c-35-88-56                 Detected        0d:00:00:38  0d:16:08:14
00-12-f0-db-9f-98                 Detected        0d:00:01:07  0d:16:07:13
f8-db-7f-4d-f6-61                 Detected        0d:00:17:21  0d:01:50:58
Total Detected Clients......................... 4
active500EM#show wireless client f8-db-7f-4d-f6-61 detected-client status
MAC address.................................... f8-db-7f-4d-f6-61
OUI............................................ ouiname
Client Status.................................. Detected
Auth Status.................................... Not Authenticated
Time Since Last Updated........................ 0d:00:20:09
Threat Detection............................... Not Detected
Threat Mitigation.............................. Not Done
Client Name....................................
Time Since Created............................. 0d:01:53:46
Channel........................................ 11
Auth RSSI...................................... 18
Auth Signal.................................... -78
Auth Noise..................................... -71
Probe Req...................................... 0
Probe Collection Interval...................... 0d:00:00:14
Highest Num Probes............................. 0
Auth Req....................................... 0
Auth Collection Interval....................... 0d:00:00:14
Highest Num Auth Msgs.......................... 0
DeAuth Req..................................... 0
DeAuth Collection Interval..................... 0d:00:00:14
Highest Num DeAuth Msgs........................ 0
Num Auth Failures.............................. 0
Total Probe Msgs............................... 2
Broadcast BSSID Probes......................... 1
Broadcast SSID Probes.......................... 1
Specific BSSID Probes.......................... 0
Specific SSID Probes........................... 0
Last Non-Broadcast BSSID....................... 00-00-00-00-00-00
Last Non-Broadcast SSID........................
Threat Mitigation Sent......................... 0d:00:00:00
Parameter Explanation
MAC Address MAC address of the client
OUI OUI of client
Client Status Status of the client
Auth Status Shows if client is authenticated
Time Since Last Updated The time interval from last update of table to current
Threat Detection Shows if threat detection is enabled
Threat Mitigation Shows if threat is mitigated
Client Name Shows name of client
Time Since Created The time of creation for the table entry
Channel The work channel of the client
Auth RSSI RSSI of the client that is scanned by the AP
Auth Signal The RF signal strength of the client that is scanned by the AP; the range is dBm
Auth Noise The noise strength of the client that is scanned by the AP; the range is dBm
Probe Req The number of times scanned for the probing requisition frame
Probe Collection interval The time remaining for scanning
Highest Num Probes The threshold of scanning the probing requisition frame
Auth Req The number of 802.11 authentication records when scanning
Auth Collection Interval Scanning is complete and the remaining time before client is authenticated
Highest Num Auth Msgs The authentication threshold that is conducted by the AC when scanning
DeAuth Req The number of 802.11 records de-authenticating when scanning
DeAuth Collection Interval Scanning is complete and the remaining time before client is authenticated
Highest Num DeAuth Msgs The maximum number of ACs de-authenticating in the interval of the statistic set
Num Auth Failures The number of client 802.1X authentication failures
Total Probe Messages The total number of probes for the last RF scan
Broadcast BSSID Probes The number of broadcast BSSIDs probes for the last RF scan
Broadcast SSID Probes The number of broadcast SSIDs probes for the last RF scan
Specific BSSID Probes The number of unicast BSSIDs probes for the last RF scan
Specific SSID Probes The number of unicast SSIDs probes for the last RF scan
Last Non-Broadcast BSSID The last non-broadcast BSSID during the RF scan
Last Non-Broadcast SSID The last non-broadcast SSID during the RF scan
Threat Mitigation Sent The elapsed time since the last mitigation message to the client was sent

 

4.7.6 show wireless client detected-client triangulation

Command: show wireless client <macaddr> detected-client triangulation
Function: Displays the signal triangulation status of the appointed client.
Parameters:

  • <macaddr>: MAC address of the client.

Command mode: Admin Mode
Default: None.
Usage guide: Query the appointed client information in Detected Clients list and display the signal triangulation status of client.
Example: Display the signal triangulation status of the client whose MAC address is f8-db-7f-4d-f6-61 in the Detected Client list.

active500EM#show wireless client f8-db-7f-4d-f6-61 detected-client triangulation
                                    RSSI  Signal Noise
AP Function AP MAC Address    Radio (%)   (dBm)  (dBm) Age
----------- ----------------- ----- ----- ------ ----- -----------
Non-Sentry  f8-f7-d3-00-03-a0 1     18    -78    -71   0d:00:22:23
Non-Sentry  f8-f7-d3-00-03-a0 1     16    -79    -88   0d:00:28:23
Parameter Explanation
AP Function Identifies if this AP works in sentry mode
AP Mac Address MAC address of this AP
RSSI The RSSI value of client receiving signal
Signal The RF signal strength of the AP scanning client; the range is dBm
Noise The noise strength of the AP scanning client; the range is dBm
Detected Time The time the AP discovered this client signal; the range is second

 

4.7.7 show wireless detected-client roam-history

Command: show wireless detected-client [<macaddr>] roam-history
Function: Displays the roaming history of the appointed clients or all clients in the detected client list. Max for one client is 10.
Parameters:

  • <macaddr>: the MAC address of the client. If the MAC address is not identified, show client MAC and AP MAC only.

Command mode: Admin Mode
Default: None.
Usage guide: Query the roaming history of the identified clients or all clients in the Detected Clients Roam History list through this command.
Example: Display the roaming history of all clients in the Detected Clients Roam History list.

active500EM#show wireless client detected-client roam-history
MAC Address       AP MAC Address
----------------- ---------------------
e0-05-c5-90-1c-54 <- f8-f7-d3-00-03-a0
active500EM#show wireless client e0-05-c5-90-1c-54 detected-client roam-history
Client MAC Address............................. e0-05-c5-90-1c-54
AP MAC Addr(Radio)   VAP MAC Address   SSID                 Auth     Time since
                                                            Status   Event
-------------------- ----------------- -------------------- -------- -----------
f8-f7-d3-00-03-a0(1) f8-f7-d3-00-03-a0 xuwf1                Roam     0d:00:01:39
Parameter Explanation
Mac Address The MAC address of the client
AP MAC Address The MAC address of the AP
Radio Radio of the AP
VAP MAC Address The MAC address of the client roaming to the new VAP
SSID RF noise of the AP scanning client
Auth Status Shows the client authentication status as new or roaming
Time since Event The elapsed time since the last roam

 

4.8 Commands for debug

4.8.1 debug wireless auth wdm

Command: debug wireless auth wdm <macaddr>
no debug wireless auth wdm <macaddr>
Function: Enable client authentication in wireless module or the WDM debug information in AP authentication.
Parameters:

  • <macaddr>: the MAC address of the client or the AP. Examine the WDM information of a user or AP authentication.

Command mode: Admin Mode
Default: Disabled.
Usage guide: Enable/disable WDM debug information of the client or AP authentication.
Example: Enable WDM debug information of client authentication whose MAC address is f8-f7-d3-00-03-a0.

active500EM#debug wireless auth wdm f8-f7-d3-00-03-a0

 

4.8.2 debug wireless client-association packet

Command: debug wireless client-association packet {all| receive | dump} <macaddr>
no debug wireless client-association packet {all | receive | dump} <macaddr>
Function: Enable receiving and sending packets debugging information for all clients associating the request for the identified AP. Examine the packet debugging information that is sent by the AC.
Parameters:

  • receive: enable the debugging of the receiving packets from the AP in client association.
  • dump: enable the debugging of the client association and load balancing packet dumps.
  • all: enable the debugging of the receiving and sending packets in the client association.
  • <macaddr>: the MAC address of the AP that the AC receives and sends packets. One AP can be chosen to debug.

Command mode: Admin Mode
Default: Disabled.
Usage guide: Enable/disable the packet debugging information in client association.
Example: Enable the receiving and sending of packet debugging information for all clients associated in the request for the appointed AP whose MAC address is f8-f7-d3-00- 03-a0.

active500EM#debug wireless client-association packet all f8-f7-d3-00-03-a0

 

4.8.3 debug wireless client-association internal-info

Command: debug wireless client-association internal-info <macaddr>
no debug wireless client-association internal-info <macaddr>
Function: Enable internal debugging for all client associations requested under the appointed AP. Examine the internal debugging information.
Parameters:

  • <macaddr>: the MAC address of the AP associated with the client. One AP can be chosen to debug.

Command mode: Admin Mode
Default: Disabled.
Usage guide: Enable/disable internal debugging in the client association.
Example: Enable the internal debugging information for all client associations requesting the AP whose MAC address is f8-f7-d3-00-03-a0.

active500EM#debug wireless client-association internal-info f8-f7-d3-00- 03-a0

 

4.8.4 debug wireless client-auth error

Command: debug wireless client-auth error
no debug wireless client-auth error
Function: Enable error debugging in wireless module. Review the error debugging information when the AC participates in client association, authentication, advance identity test, disassociation, and load balance.
Parameters: None.
Command mode: Admin Mode
Default: Disabled.
Usage guide: Enable/disable error debugging information in the wireless module.
Example: Enable error debugging information in the wireless module.

active500EM#debug wireless client-auth error

 

4.8.5 debug wireless client-auth radius-info

Command: debug wireless client-auth radius-info <macaddr>
no debug wireless client-auth radius-info <macaddr>
Function: Enable radius debuging of the client authentication in wireless module.
Parameters:

  • <macaddr>: the MAC address of the client. Examine the radius user authentication debugging information.

Command mode: Admin Mode
Default: Disabled.
Usage guide: Enable/disable radius client authentication debugging information.
Example: Enable radius client authentication debugging information for the access module with a MAC address of 00-1b-77-22-75-27.

active500EM#debug wireless client-auth radius-info 00-1b-77-22-75-27

 

4.8.6 debug wireless client-auth internal-info

Command: debug wireless client-auth internal-info <macaddr>
no debug wireless client-auth internal-info <macaddr>
Function: Enable internal debugging information for all client authentication requests under the appointed AP. Review the internal debugging information.
Parameters:

  • <macaddr>: the MAC address of the AP that is authenticated by the AC. One AP can be chosen to debug.

Command mode: Admin Mode
Default: Disabled.
Usage guide: Enable/disable internal debugging information of the client association.
Example: Enable the internal debugging information of all client authentication requests associated with the AC with an AP MAC address is f8-f7-d3-00-03-a0.

active500EM#debug wireless client-auth internal-info f8-f7-d3-00-03-a0

 

4.8.7 debug wireless client-auth packet

Command: debug wireless client-auth packet {all | receive | send | dump} <macaddr>
no debug wireless client-auth packet {all | receive | send | dump} <macaddr>
Function: Enable the receiving and sending of client authentication packet debugging information under the appointed AP. Examine the packet debugging information.
Parameters:

  • send: enable sending client authentication packet debugging information.
  • receive: enable receiving client authentication packet debugging information.
  • dump: enable client authentication packet dump.
  • all: enable all debugging information of the client authentication packets.
  • <macaddr>: the MAC address of the AP that sends or receives packets. One AP can be chosen to debug.

Command mode: Admin Mode
Default: Disabled.
Usage guide: Enable/disable sending and receiving client authentication packet debugging information identified with the AC through this command.
Example: Enable sending and receiving client authentication packet debugging information identified with the AC and the AP MAC address of f8-f7-d3- 00-03-a0.

active500EM#debug wireless client-auth packet all f8-f7-d3-00-03-a0

 

4.8.8 debug wireless client-disasso packet

Command: debug wireless client-disasso packet {all | receive | send dump } <macaddr>
no debug wireless client-disasso packet {all | receive | send } <macaddr>
Function: Enable the receiving and sending client disassociation packet debugging information for the appointed AP. Review the packet debugging information.
Parameters:

  • send: enable the sending client disassociation packet debugging information that the AC sends.
  • receive: enable the receiving client disassociation packet debugging information that the AC receives.
  • all: enable all sending and receiving client disassociation packet debugging information.
  • add dump parameter as it is available along with the other parameters.
  • <macaddr>: the MAC address of the AP that sends or receives packets. One AP can be chosen to debug.

Command mode: Admin Mode
Default: Disabled.
Usage guide: Enable/disable the client disassociation packet debugging information identified with the AC through this command.
Example: Enable the receiving and sending client disassociation packet debugging information identified with the AP whose MAC address is f8-f7-d3-00- 03-a0.

active500EM#debug wireless client-disasso packet all f8-f7-d3-00-03-a0

 

4.8.9 debug wireless client-pmk

Command: debug wireless client-pmk <macaddr>
no debug wireless client-pmk <macaddr>
Function: Enable client PMK authentication debugging information. Review the client PMK authentication packet debugging information when the AC handles PMK authentication with the client.
Parameters:

  • <macaddr>: the MAC address of the client. One PMK authentication of the user can be chosen to debug.

Command mode: Admin Mode
Default: Disabled.
Usage guide: Enable/disable the client PMK authentication debugging information handled by the AC.
Example: Enable the client PMK authentication debugging information whose MAC address is 00-22-fa-25-dc-a0.

active500EM#debug wireless client-pmk 00-22-fa-25-dc-a0

 

4.8.10 debug wireless client-preauth

Command: debug wireless client-preauth <macaddr>
no debug wireless client-preauth <macaddr>
Function: Enable client pre-authorization debugging information of the identified client associated with the AC.
Parameters:

  • <macaddr>: MAC address of the client; identified for client pre-authorization debugging.

Command mode: Admin Mode
Default: Disabled.
Usage guide: Enable/disable client pre-authorization debugging information that is associated with the AC.
Example: Enable client pre-authorization debugging information associated with the AC with a MAC
address of 00-22-fa-25-dc-a0.

active500EM#debug wireless client-preauth 00-22-fa-25-dc-a0

 

4.9 Radius configuration

4.9.1 aaa enable

Command: aaa enable
no aaa enable
Function: This command configures and enables the global authentication function. The no command disables this function.
Parameters: None.
Command mode: Global Configuration Mode
Default: Disabled.
Usage guide: When configuring this command, the controller will send authentication packets to the radius authentication server.
Example: Enable global authentication function.

active500EM(config)#aaa enable

 

4.9.2 aaa-accounting enable

Command: aaa-accounting enable
no aaa-accounting enable
Function: This command is used to configure and enable global accounting. The no command disables this function.
Parameters: None.
Command mode: Global Configuration Mode
Default: Disabled.
Usage guide: When configuring this command, the controller will send accounting request packets to the radius accounting server.
Example: Enable global accounting.

active500EM(config)#aaa-accounting enable

 

4.9.3 aaa group server radius

Command: aaa group server radius WORD
no aaa group server radius WORD
Function: Use this command to configure an aaa radius server group name, and enter aaa radius server group configuration mode. The no command deletes this aaa radius server group.
Parameters:

  • WORD: the name of the aaa group server radius; a string with 32 characters max.

Command mode: Global Configuration Mode
Default: None.
Usage guide: Use this command to configure an aaa radius server group.
Example: Use this command to configure an aaa radius server group with name group1.

active500EM(config)#aaa group server radius group1

 

4.9.4 deadtime

Command: deadtime <1-255>
no deadtime
Function: Use this command to configure deadtime of the aaa radius server group. The no command restores to default.
Parameters:

  • <1-255>: deadtime value; range is 1 to 225, and the unit is minute.

Command mode: aaa Radius Server Group Configuration Mode
Default: 5 minutes.
Usage guide: Use this command to configure deadtime of the aaa radius server group.
Example: Use this command to configure deadtime of the aaa radius server group1.

active500EM(config-sg-radius)#deadtime 100

 

4.9.5 nas-identifier

Command: nas-identifier<string>
no nas-identifier
Function: Configure nas device to send the nas-identifier to the radius server. This command is used to support roaming accounting, settlement, and position server. The no command restores to default.
Parameters:

  • <string>: the max range is 32 characters. The format is HST.CTY.PRO. OPE.NAT (the period [.] is not required for the actual parameter configuration; 16 numbers are required).

Command mode: Radius Group Configuration Mode
Default: The CPU MAC address of the switch plus 1, the MAC address is broke up by ?-?.
Usage guide: This command is used to mark the switch position and range that the nas device belongs to. This value can be configured according to different requirements; it can be configured as numbers or a string.
Example: Configure nas-identifier as a number or a string.

active500EM(config-sg-radius)#nas-identifier 1234001010000460
active500EM(config-sg-radius)#nas-identifier abcdgethfgshtrjhfdf

 

4.9.6 nas-port-type

Command: nas-port-type {virtual | ethernet | wireless-other | wireless-802-11 | wireless-802-16 | pppoa | pppoeoa | pppoeoe | pppoeovlan | pppoeoqinq | value <int-value>}
no nas-port-type
Function: This command is used to configure the access port types of the interface. The no command deletes the interface type.
Parameters:

  • virtual | ethernet | wireless-other | wireless-802-11 | wireless-802-16 | pppoa | pppoeoa | pppoeoe | pppoeovlan |pppoeoqinq |value <int-value>: it is used to mark different interface types:
    • virtual: virtual interface type; the associated number is 5.
    • ethernet: Ethernet interface type; the associated number is 15.
    • wireless-other: wireless-other interface type; the associated number is 18.
    • wireless-802-11: meets the interface type of Wireless-IEEE 802.11 standard; the associated number is 19.
    • wireless-IEEE-802-16: air interface for fixed and mobile broadband wireless access systems; the associated number is 27.
    • pppoa: PPP over ATM; the associated number is 30.
    • pppoeoa: PPP over Ethernet over ATM; the associated number is 31.
    • pppoeoe: PPP over Ethernet over Ethernet; the associated number is 32.
    • pppoeovlan: PPP over Ethernet over VLAN; the associated number is 33.
    • pppoeoqinq: PPP over Ethernet over IEEE 802.1QinQ; the associated number is 34.
    • Value <int-value>: values other than the above parameters; the range is 1 to 128, for example, if the value of int-value is 17, then the interface type is Cable.

Command mode: Radius Group Configuration Mode
Default: The interface type is Ethernet.
Usage guide: This command is used to mark the authentication type interface adopted by the client. The value can be configured as characters and can also be configured as numbers; some numbers and strings correspond.
Example: Configure the interface type of the client as wireless-other and configure the value as 12.

active500EM(config-sg-radius)#nas-port-type wireless-other
active500EM(config-sg-radius)#nas-port-type value 12

 

4.9.7 nas-port

Command: nas-port <int-value>
no nas-port
Function: This command is used to mark the physical port connected between the client and the switch.
Parameters:

  • <int-value>: nas-port value; the range is 1 to 65535.

Command mode: Radius Group Configuration Mode
Default: 1.
Usage guide: This command is used to mark the physical port between the client and the switch.
Example: Configure the physical port between the client and the switch as 17.

active500EM(config-wireless)#nas-port 17

 

4.9.8 radius-attribute vlan-id format

Command: radius-attribute vlan-id format {integer | string}
Function: Use this command to configure the VLAM-ID type issued by the AC radius.
Parameters:

  • integer: integer type.
  • string: string type.

Command mode: aaa Radius Server Group Configuration Mode
Default: integer.
Usage guide: Use this command to configure the VLAN-ID type issued by the AC radius. Make the VLAN-ID type of the radius match to the AC VLAN-ID.
Example: Configure the VLAN-ID issued by the AC radius as a string.

active500EM(config-sg-radius)#radius-attribute vlan-id format string

 

4.9.9 radius nas-ipv4

Command: radius nas-ipv4 <A.B.C.D>
no radius nas-ipv4
Function: Set the address of the radius packets. The no command deletes the address of the radius packets.
Parameters:

  • <A.B.C.D>: the radius packet IP address.

Command mode: Global Configuration Mode
Default: Do not appoint the address as default.
Usage guide: Use this command to configure a radius address.
Example: Set the radius packet IP address to 192.168.1.20

active500EM(Config)#radius nas-ipv4 192.168.1.20

 

4.9.10 radius-server accounting host

Command: radius-server accounting host <A.B.C.D> [port <0-65535>] [key WORD] [primary] no radius-server accounting host <A.B.C.D>
Function: This command is used to configure the radius accounting server host. The no command deletes the radius accounting server host.
Parameters:

  • <A.B.C.D>: IP address of the radius accounting server host.
  • port <0-65535>: port number of the radius accounting server host. The range is 0 to 65535.
  • WORD: the radius accounting server key; a string with a max of 16 characters.
  • primary: if this server is the master server, configure this parameter; otherwise, it is the backup server.

Command mode: Global Configuration Mode
Default: The default of the port value is 1813, and default value of the key is free.
Usage guide: Use this command to configure a radius accounting server.
Example: Configure radius accounting server with an IP address of 192.168.1.101; the port is 19, the key is test, and it is the master server.

active500EM(config)#radius-server accounting host 192.168.1.101 port 19 test primary

 

4.9.11 radius-server authentication host

Command: radius-server authentication host <A.B.C.D> [port <0-65535>] [key WORD] [primary] [access-mode; escape-server] no radius-server authentication host <A.B.C.D>
Function: This command is used to configure the radius authentication server host. The no command deletes the radius authentication server host.
Parameters:

  • <A.B.C.D>: the IP address of the radius authentication server.
  • port <0-65535>: the UDP port number of the radius authentication server; the range is 0 to 65535.
  • WORD: define the shared password of the controller communicating with the radius authentication server. It is a string with a max of 16 characters.
  • primary: configure this parameter if it is the master server; otherwise, it is set as the backup server.

Command mode: Global Configuration Mode
Default: The port value default is 1812, the default value of the key is free, and for primary the value is false.
Usage guide: Use this command to set the radius authentication server host. The no command deletes the radius authentication server host. In order to achieve AAA authentication through radius, radius authentication server must be configured. The radius-server authentication host command can be used to define one or more radius authentication servers.
Example: Configure radius authentication server with the IP address of 192.168.1.101, the port number of 18, the key as test, and as master server.

active500EM(Config)#radius-server authentication host 192.168.1.101 port 18 test primary

 
.

4.9.12 radius-server dead-time

Command: radius-server dead-time <1-255>
no radius-server dead-time
Function: The server is considered dead if after the user sends packets, there is no response. This is called deadtime. Use this command to configure radius dead-time. The no command resets to default.
Parameters:

  • <1-255>: dead-time value; the range is 1 to 255, and the unit is minute.

Command mode: Global Configuration Mode
Default: 5 minutes.
Usage guide: Use this command to configure radius dead-time.
Example: Configure radius dead-time as 8 minutes.

active500EM(config)#radius-server dead-time 8

 

4.9.13 radius-server key

Command: radius-server key WORD
no radius-server key
Function: This command is used to configure the global shared password of the controller communicating to the radius authentication server. The no command resets to default of free.
Parameters:

  • WORD: the shared password of the controller communicating to the radius authentication server. It is a string with a max of 16 characters.

Command mode: Global Configuration Mode
Default: Free.
Usage guide: If the radius server is not configured with the shared password, use this command to configure the global shared password.
Example: Configure the global shared password of the controller communicating to the radius authentication server as a test.

active500EM(config)#radius-server key test

 

4.9.14 radius-server retransmit

Command: radius-server retransmit <0-100>
no radius-server retransmit
Function: Use this command to configure the retransmitting packet times before the radius safety server takes action. The no command resets to default.
Parameters:

  • <0-100>: times of timeout retransmission. The range is 0 to 100.

Command mode: Global Configuration Mode
Default: 3 times.
Usage guide: The premise of AAA authentication with retransmit option is to provide redundancy for the current authentication server in case there is timeout between retransmission after sending radius packets.
Example: Configure radius timeout retransmission time as 5.

active500EM(config)#radius-server retransmit 5

 

4.9.15 radius-server timeout

Command: radius-server timeout <1-1000>
no radius-server timeout
Function: Use this command to configure timeout of retransmission of radius packets. The no command resets to default.
Parameters:

  • <1-1000>: timeout. The range is 1 to 1000, and the unit is seconds.

Command mode: Global Configuration Mode
Default: 3 seconds.
Usage: Use this command to configure timeout of retransmission of radius packets.
Example: Configure radius timeout as 2 seconds.

active500EM(config)#radius-server timeout 2

 

4.9.16 server

Command: server <A.B.C.D> [auth-port <0-65535> | acct-port <0-65535>] no server <A.B.C.D> [auth-port <0-65535> | acct-port <0-65535>]
Function: Use this command to add the server of aaa radius server group. The no command deletes this server.
Parameters:

  • <A.B.C.D>: IP address of server.
  • auth-port <0-65535>: port number of the authentication server; the range is 0 to 65535.
  • acct-port <0-65535>: port number of the accounting server; the range is 0 to 65535.

Command mode: aaa Radius Server Group Configuration Mode
Default: The default of the auth-port value is 1812 and the acct-port value is 1813.
Usage guide: Use this command to add radius server to the aaa radius server group. The authentication server and the accounting server in this radius server must exist in the global configuration.
Example: Use this command to add a radius server to the aaa radius server group1. The IP address is 192.168.1.101, the authentication UDP port is 123, and the accounting UDP port is 456.

active500EM(config)#aaa group server radius group1
active500EM (config-sg-radius)#server 192.168.1.20 auth-port 123 acct-port 456