Black Box CLI Guide for SmartPath OS (LWN602A Series)

The following is a complete list of commands available in the SmartPath OS for the LWN602A Series along with explanations of every keyword. Click a command to see its keyword explanations. Then click the Back Arrow in your browser to return to the list of commands. For an introduction to the SmartPath CLI, explaining different ways to access it, some keyboard shortcuts, and usage tips, click here.

aaa mac-format case-sensitivity {lower-case|upper-case}
aaa Set parameters for AAA (authentication, authorization, accounting)
mac-format Set the MAC address format to use when sending client MAC addresses to an external authentication server
case-sensitivity Set the letter case to use when formatting MAC addresses
lower-case Use lowercase formatting (Example: 01ab23cd45ef; Default: lower-case)
upper-case Use uppercase formatting (Example: 01AB23CD45EF; Default: upper-case)
aaa mac-format delimiter {dash|dot|colon}
aaa Set parameters for AAA (authentication, authorization, accounting)
mac-format Set the MAC address format to use when sending client MAC addresses to an external authentication server
delimiter Set the type of delimiter to use when formatting MAC addresses
dash Set a dash ( - ) as the MAC address delimiter (Default: colon)
dot Set a dot ( . ) as the MAC address delimiter (Default: colon)
colon Set a colon ( : ) as the MAC address delimiter (Default: colon)
aaa mac-format style {two-delimiter|five-delimiter|no-delimiter}
aaa Set parameters for AAA (authentication, authorization, accounting)
mac-format Set the MAC address format to use when sending client MAC addresses to an external authentication server
style Set the number of delimiters to use when grouping the hexadecimal digits in a MAC address
two-delimiter Set the number of delimiters in a MAC address as two (Example: 0123.4567.89ab; Default: no-delimiter)
five-delimiter Set the number of delimiters in a MAC address as five (Example: 01-23-45-67-89-ab; Default: no-delimiter)
no-delimiter Set the number of delimiters in a MAC address as none (Example: 0123456789ab; Default: no-delimiter)
aaa ppsk-server auto-save-interval <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
ppsk-server Set parameters for the local SmartPath AP when it is acting as a private PSK server
auto-save-interval Set the length of time to save the list of private PSK-to-client MAC address bindings to flash memory
<number> Enter the interval in seconds(Default: 600 sec; Range: 60-3600)
aaa ppsk-server radius-server {primary|backup1|backup2|backup3} <ip_addr|string> [ shared-secret <string> ] [ auth-port <number> ] [ via-vpn-tunnel ]
aaa Set parameters for AAA (authentication, authorization, accounting)
ppsk-server Set parameters for the local SmartPath AP when it is acting as a private PSK server
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
primary Set the RADIUS server that is first queried when authenticating users
backup1 Set the RADIUS server that is queried if the primary server stops responding
backup2 Set the RADIUS server that is queried if the backup1 server stops responding
backup3 Set the RADIUS server that is queried if the backup2 server stops responding
<ip_addr> Enter an IP address or a domain name for the RADIUS server (max 32 chars)
<string> Enter an IP address or a domain name for the RADIUS server (max 32 chars)
shared-secret Set the shared secret for authenticating communications with a RADIUS server
<string> Enter the shared secret for authenticating communications with a RADIUS server (1-64 chars)
auth-port Set the RADIUS authentication port number
<number> Enter the RADIUS authentication port number (Default: 1812; Range: 1-65535)
via-vpn-tunnel Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when the RADIUS server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
aaa radius-server <string> acct-port <port>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
<string> Enter the name of the RADIUS server (1-32 chars; Note: Use this name when assigning the server to a realm.)
acct-port Set the RADIUS accounting port number
<port> [1~65535]Enter the RADIUS accounting port number (Default: 1813; Range: 1-65535)
aaa radius-server <string> auth-port <port>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
<string> Enter the name of the RADIUS server (1-32 chars; Note: Use this name when assigning the server to a realm.)
auth-port Set the RADIUS authentication port number
<port> [1~65535]Enter the RADIUS authentication port number (Default: 1812; Range: 1-65535)
aaa radius-server <string> server <string> shared-secret <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
<string> Enter the name of the RADIUS server (1-32 chars; Note: Use this name when assigning the server to a realm.)
server Set the IP address or resolvable domain name for the RADIUS server
<string> Enter the IP address or domain name (max 32 chars) for the RADIUS server
shared-secret Set the shared secret for authenticating communications with a RADIUS server
<string> Enter the shared secret (1-64 chars; Note: The RADIUS shared secret is case sensitive and can contain spaces.)
aaa radius-server account-interim-interval <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
account-interim-interval Set the interval in seconds for sending RADIUS accounting updates
<number> Enter the interval in seconds for sending RADIUS accounting updates (Default: 20; Range: 10-100000000)
aaa radius-server accounting {primary|backup1|backup2|backup3} <ip_addr|string> [ shared-secret <string> ] [ acct-port <number> ] [ via-vpn-tunnel ]
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
accounting Set parameters for a RADIUS accounting server
primary Set the RADIUS accounting server to which the SmartPath AP sends Accounting-Request packets first
backup1 Set the RADIUS accounting server to which the SmartPath AP sends Accounting-Request packets if the primary server does not respond
backup2 Set the RADIUS accounting server to which the SmartPath AP sends Accounting-Request packets if the backup1 server does not respond
backup3 Set the RADIUS accounting server to which the SmartPath AP sends Accounting-Request packets if the backup2 server does not respond
<ip_addr> Enter the IP address or domain name for the RADIUS accounting server (max 32 chars)
<string> Enter the IP address or domain name for the RADIUS accounting server (max 32 chars)
shared-secret Set the shared secret for securing communications with RADIUS accounting servers
<string> Enter the shared secret (1-64 chars; Note: The RADIUS shared secret is case sensitive and can contain spaces.)
acct-port Set the RADIUS accounting port number
<number> Enter the RADIUS accounting port number (Default: 1813; Range: 1-65535)
via-vpn-tunnel Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when the RADIUS server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
aaa radius-server dynamic-auth-extension
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
dynamic-auth-extension Enable the SmartPath AP acting as a NAS to accept unsolicited messages from the RADIUS authentication server (Default: Disabled)
aaa radius-server keepalive enable
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
keepalive Set parameters for periodically checking network connectivity to RADIUS servers
enable Set parameters for periodically checking network connectivity to RADIUS servers
aaa radius-server keepalive interval <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
keepalive Set parameters for periodically checking network connectivity to RADIUS servers
interval Set the interval between periodic connectivity status checks
<number> Enter the interval in seconds (Default: 60; Range: 60-86400)
aaa radius-server keepalive retry <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
keepalive Set parameters for periodically checking network connectivity to RADIUS servers
retry Set the number of times to retry sending an Access-Request or Accounting-Request that does not elicit a response from a RADIUS authentication or accounting server
<number> Enter the retry value (Default: 3; Range: 1-10)
aaa radius-server keepalive retry-interval <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
keepalive Set parameters for periodically checking network connectivity to RADIUS servers
retry-interval Set the interval between retries if no response is received from the RADIUS server
<number> Enter the retry interval value in seconds (Default: 10; Range: 1-60)
aaa radius-server keepalive username <string> password <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
keepalive Set parameters for periodically checking network connectivity to RADIUS servers
username Set the user name to submit in Access-Request messages when checking the connectivity to RADIUS authentication servers
<string> Enter the user name (1-32 chars)
password Set the password to submit in Access-Request messages
<string> Enter the password (1-64 chars)
aaa radius-server local attr-map group-attr-name <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
attr-map Map an attribute defined on a remote LDAP server to an attribute on the local RADIUS server
group-attr-name Set the user group attribute name that is defined on the LDAP server
<string> Enter the attribute name (1-32 chars; Note: The attribute type must be "string". Default attribute in AD: memberOf; in OD: apple-group-realname; in LDAP server: radiusGroupName)
aaa radius-server local attr-map reauth-attr-name <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
attr-map Map an attribute defined on a remote LDAP server to an attribute on the local RADIUS server
reauth-attr-name Set the user reauthentication time attribute name that is defined on the LDAP server
<string> Enter the attribute name (1-32 chars; Note: The attribute type must be "integer". Default attribute in AD: msRADIUSServiceType; in LDAP server: radiusServiceType)
aaa radius-server local attr-map user-profile-attr-name <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
attr-map Map an attribute defined on a remote LDAP server to an attribute on the local RADIUS server
user-profile-attr-name Set the user group ID attribute name that is defined on the LDAP server
<string> Enter the attribute name (1-32 chars; Note: The attribute type must be "string". Default attribute in AD: msRADIUSCallbackNumber; in LDAP server: radiusCallbackNumber)
aaa radius-server local attr-map vlan-attr-name <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
attr-map Map an attribute defined on a remote LDAP server to an attribute on the local RADIUS server
vlan-attr-name Set the VLAN ID attribute that is defined on the LDAP server
<string> Enter the attribute name (1-32 chars; Note: The attribute type must be "string". Default attribute in AD: msRASSavedCallbackNumber; in LDAP server: radiusCallbackId)
aaa radius-server local cache lifetime <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
cache Set parameters for caching user-authentication responses from external LDAP servers
lifetime Set the lifetime for entries in the RADIUS server cache
<number> Enter the lifetime for keeping entries in the RADIUS server cache (Default: 86400 seconds; Range: 3600-2592000)
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} computer-ou <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
db-type Set the type and location of the user database
active-directory Set the user database on an AD (Active Directory) server
primary Set the AD server that is first queried when authenticating users
backup1 Set the AD server that is queried if the primary server stops responding
backup2 Set the AD server that is queried if the backup1 server stops responding
backup3 Set the AD server that is queried if the backup2 server stops responding
computer-ou Set the OU (organizational unit) used on the Active Directory server where the SmartPath AP RADIUS server admin has privileges to add the SmartPath AP as a computer in the domain
<string> Enter the OU (Max: 256 chars; Format: ou/sub-ou/sub-ou; Note: If there are any spaces, enclose the entire string in quotation marks.)
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} domain <string> binddn <string> password <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
db-type Set the type and location of the user database
active-directory Set the user database on an AD (Active Directory) server
primary Set the AD server that is first queried when authenticating users
backup1 Set the AD server that is queried if the primary server stops responding
backup2 Set the AD server that is queried if the backup1 server stops responding
backup3 Set the AD server that is queried if the backup2 server stops responding
domain Set the domain name of the AD domain controller
<string> Enter the NetBOIS name of the domain (1-64 chars; Note: The domain name cannot contain multiple-level domains delimited by dots.)
binddn Set the bindDN (distinguished name) under which LDAP searches are done (Note: bindDN must be set if want to get attributes from AD server or want to check TLS username against LDAP server.)
<string> Enter the bindDN name (1-256 chars)
password Set the password which authenticate the bindDN
<string> Enter the password (1-64 chars)
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} domain <string> fullname <string> [ default ]
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
db-type Set the type and location of the user database
active-directory Set the user database on an AD (Active Directory) server
primary Set the AD server that is first queried when authenticating users
backup1 Set the AD server that is queried if the primary server stops responding
backup2 Set the AD server that is queried if the backup1 server stops responding
backup3 Set the AD server that is queried if the backup2 server stops responding
domain Set the domain name of the AD domain controller
<string> Enter the NetBOIS name of the domain (1-64 chars; Note: The domain name cannot contain multiple-level domains delimited by dots.)
fullname Set the full DNS name of the domain to which the RADIUS server (local SmartPath AP) and AD server both belong
<string> Enter the full DNS name of the domain (1-64 chars)
default Set the domain as the default domain, which will be added to the RADIUS request if no domain name appears in the request
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} domain <string> server <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
db-type Set the type and location of the user database
active-directory Set the user database on an AD (Active Directory) server
primary Set the AD server that is first queried when authenticating users
backup1 Set the AD server that is queried if the primary server stops responding
backup2 Set the AD server that is queried if the backup1 server stops responding
backup3 Set the AD server that is queried if the backup2 server stops responding
domain Set the domain name of the AD domain controller
<string> Enter the NetBOIS name of the domain (1-64 chars; Note: The domain name cannot contain multiple-level domains delimited by dots.)
server Set the IP address or resolvable domain name for the AD server (Note: The AD server is the same as the domain controller.)
<string> Enter the IP address or domain name (1-64 chars)
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} login admin-user <string> password <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
db-type Set the type and location of the user database
active-directory Set the user database on an AD (Active Directory) server
primary Set the AD server that is first queried when authenticating users
backup1 Set the AD server that is queried if the primary server stops responding
backup2 Set the AD server that is queried if the backup1 server stops responding
backup3 Set the AD server that is queried if the backup2 server stops responding
login Set admin user name and password that the local SmartPath AP will use to access the AD server
admin-user Set the admin user name
<string> Enter the user name (1-32 chars)
password Set the password which authenticate the login user
<string> Enter the password (1-64 chars)
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} {server} <string> [ {via-vpn-tunnel} ]
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
db-type Set the type and location of the user database
active-directory Set the user database on an AD (Active Directory) server
primary Set the AD server that is first queried when authenticating users
backup1 Set the AD server that is queried if the primary server stops responding
backup2 Set the AD server that is queried if the backup1 server stops responding
backup3 Set the AD server that is queried if the backup2 server stops responding
server Set the IP address or resolvable domain name for the AD server
<string> Enter the IP address or domain name (1-64 chars)
via-vpn-tunnel Send all traffic from the SmartPath AP RADIUS authentication server to the AD server through a VPN tunnel (Note: Set this option on VPN clients when the AD server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} {tls-enable|global-catalog}
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
db-type Set the type and location of the user database
active-directory Set the user database on an AD (Active Directory) server
primary Set the AD server that is first queried when authenticating users
backup1 Set the AD server that is queried if the primary server stops responding
backup2 Set the AD server that is queried if the backup1 server stops responding
backup3 Set the AD server that is queried if the backup2 server stops responding
tls-enable Enable TLS authentication that the local SmartPath AP, as an LDAP client, uses with the AD server (Default: Disabled)
global-catalog Set the SmartPath AP to use TCP port 3268 when doing an LDAP search on an AD global catalog server (Default: Disabled)
aaa radius-server local db-type ldap-server sub-type edirectory
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
db-type Set the type and location of the user database
ldap-server Set the user database on an LDAP server
sub-type Set the type of LDAP server
edirectory Set the user database on an eDirectory LDAP server
aaa radius-server local db-type ldap-server sub-type edirectory acct-policy-check
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
db-type Set the type and location of the user database
ldap-server Set the user database on an LDAP server
sub-type Set the type of LDAP server
edirectory Set the user database on an eDirectory LDAP server
acct-policy-check Enable the Novell eDirectory account policy check and intruder detection for RADIUS users (Default: Disabled)
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} basedn <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
db-type Set the type and location of the user database
ldap-server Set the user database on an LDAP server
primary Set the LDAP server that is first queried when authenticating users
backup1 Set the LDAP server that is queried if the primary server stops responding
backup2 Set the LDAP server that is queried if the backup1 server stops responding
backup3 Set the LDAP server that is queried if the backup2 server stops responding
basedn Set the base DN (distinguished name) where the user profiles are located in the LDAP tree structure
<string> Enter the base DN (1-256 chars; Note: If there are any spaces, enclose the whole string in quotation marks.)
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} binddn <string> password <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
db-type Set the type and location of the user database
ldap-server Set the user database on an LDAP server
primary Set the LDAP server that is first queried when authenticating users
backup1 Set the LDAP server that is queried if the primary server stops responding
backup2 Set the LDAP server that is queried if the backup1 server stops responding
backup3 Set the LDAP server that is queried if the backup2 server stops responding
binddn Set the bind DN (distinguished name) under which LDAP searches are done
<string> Enter the bind DN (1-256 chars; Note: If there are any spaces, enclose the whole string in quotation marks.)
password Set the password which authenticate the bindDN
<string> Enter the password (1-64 chars)
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} filter-attr <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
db-type Set the type and location of the user database
ldap-server Set the user database on an LDAP server
primary Set the LDAP server that is first queried when authenticating users
backup1 Set the LDAP server that is queried if the primary server stops responding
backup2 Set the LDAP server that is queried if the backup1 server stops responding
backup3 Set the LDAP server that is queried if the backup2 server stops responding
filter-attr Set the LDAP search filter to locate user objects using the name the client supplies during RADIUS authentication
<string> Enter the filter attribute used to search for the user (Default: "cn"; 1-32 chars)
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} no-strip-filter
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
db-type Set the type and location of the user database
ldap-server Set the user database on an LDAP server
primary Set the LDAP server that is first queried when authenticating users
backup1 Set the LDAP server that is queried if the primary server stops responding
backup2 Set the LDAP server that is queried if the backup1 server stops responding
backup3 Set the LDAP server that is queried if the backup2 server stops responding
no-strip-filter Do not strip the realm name from the search filter that the Black Box RADIUS server includes in requests sent to the LDAP server
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} port <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
db-type Set the type and location of the user database
ldap-server Set the user database on an LDAP server
primary Set the LDAP server that is first queried when authenticating users
backup1 Set the LDAP server that is queried if the primary server stops responding
backup2 Set the LDAP server that is queried if the backup1 server stops responding
backup3 Set the LDAP server that is queried if the backup2 server stops responding
port Set the destination port number for communicating with the LDAP server
<number> [1~65535]Enter the destination port number (Default: 389, 636 for LDAPS; Range: 1-65535)
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} protocol {ldap|ldaps}
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
db-type Set the type and location of the user database
ldap-server Set the user database on an LDAP server
primary Set the LDAP server that is first queried when authenticating users
backup1 Set the LDAP server that is queried if the primary server stops responding
backup2 Set the LDAP server that is queried if the backup1 server stops responding
backup3 Set the LDAP server that is queried if the backup2 server stops responding
protocol Set the protocol for communicating with the LDAP server
ldap Set LDAP as the protocol for communicating with the LDAP server (Default: LDAP)
ldaps Set LDAPS (Secure LDAP) as the protocol for communicating with the LDAP server (Default: LDAP)
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} {server} <string> [ {via-vpn-tunnel} ]
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
db-type Set the type and location of the user database
ldap-server Set the user database on an LDAP server
primary Set the LDAP server that is first queried when authenticating users
backup1 Set the LDAP server that is queried if the primary server stops responding
backup2 Set the LDAP server that is queried if the backup1 server stops responding
backup3 Set the LDAP server that is queried if the backup2 server stops responding
server Set the IP address or resolvable domain name for the LDAP server
<string> Enter the IP address or domain name (1-32 chars)
via-vpn-tunnel Send all traffic from the SmartPath AP RADIUS authentication server to the LDAP server through a VPN tunnel(Note: Set this option on VPN clients when the LDAP server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
aaa radius-server local db-type library-sip-server {primary} institution-id <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
db-type Set the type and location of the user database
library-sip-server Set parameters for the local RADIUS server to communicate with a library SIP (Standard Interchange Protocol) server
primary Set the library SIP server that is first queried when authenticating users
institution-id Set institution ID that the local RADIUS server provides when exchanging messages with the library SIP server
<string> Enter the institution ID (1-64 chars)
aaa radius-server local db-type library-sip-server {primary} login-enable
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
db-type Set the type and location of the user database
library-sip-server Set parameters for the local RADIUS server to communicate with a library SIP (Standard Interchange Protocol) server
primary Set the library SIP server that is first queried when authenticating users
login-enable Enable the SmartPath AP, acting as a library SIP client, to log in when connecting to the library SIP server (Default: Disabled)
aaa radius-server local db-type library-sip-server {primary} login-user <string> password <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
db-type Set the type and location of the user database
library-sip-server Set parameters for the local RADIUS server to communicate with a library SIP (Standard Interchange Protocol) server
primary Set the library SIP server that is first queried when authenticating users
login-user Set the user name that the local RADIUS server submits when logging in to the library SIP server
<string> Enter the user name (1-32 chars)
password Set the password that the local SmartPath AP RADIUS server submits when logging in to the library SIP server
<string> Enter the password (1-32 chars)
aaa radius-server local db-type library-sip-server {primary} port <port>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
db-type Set the type and location of the user database
library-sip-server Set parameters for the local RADIUS server to communicate with a library SIP (Standard Interchange Protocol) server
primary Set the library SIP server that is first queried when authenticating users
port Set the library SIP server port number
<port> [1~65535]Enter the port number (Default: 6001; Range: 1-65535)
aaa radius-server local db-type library-sip-server {primary} separator <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
db-type Set the type and location of the user database
library-sip-server Set parameters for the local RADIUS server to communicate with a library SIP (Standard Interchange Protocol) server
primary Set the library SIP server that is first queried when authenticating users
separator Set the character that the library SIP server uses to separate multiple field name + value entries
<string> Enter the separator (1 char; Default: '|')
aaa radius-server local db-type library-sip-server {primary} {server} <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
db-type Set the type and location of the user database
library-sip-server Set parameters for the local RADIUS server to communicate with a library SIP (Standard Interchange Protocol) server
primary Set the library SIP server that is first queried when authenticating users
server Set IP address or domain name of the library SIP server
<string> Enter the IP address or domain name (Domain name: 1-32 chars)
aaa radius-server local db-type local
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
db-type Set the type and location of the user database
local Set the user database on the local SmartPath AP
aaa radius-server local db-type open-directory {primary|backup1|backup2|backup3} admin-user <string> password <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
db-type Set the type and location of the user database
open-directory Set the user database on an OD (Open Directory) server
primary Set the OD server that is first queried when authenticating users
backup1 Set the OD server that is queried if the primary server stops responding
backup2 Set the OD server that is queried if the backup1 server stops responding
backup3 Set the OD server that is queried if the backup2 server stops responding
admin-user Set the admin user name that the local SmartPath AP uses when logging in to the OD server
<string> Enter the user name (1-32 chars)
password Set the password that the local SmartPath AP uses when logging in to the OD server
<string> Enter the password (1-64 chars)
aaa radius-server local db-type open-directory {primary|backup1|backup2|backup3} domain <string> binddn <string> password <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
db-type Set the type and location of the user database
open-directory Set the user database on an OD (Open Directory) server
primary Set the OD server that is first queried when authenticating users
backup1 Set the OD server that is queried if the primary server stops responding
backup2 Set the OD server that is queried if the backup1 server stops responding
backup3 Set the OD server that is queried if the backup2 server stops responding
domain Set the domain name of the OD domain controller
<string> Enter the name of the domain (1-64 chars)
binddn Set the bindDN (distinguished name) under which LDAP searches are done
<string> Enter the bindDN name (1-256 chars)
password Set the password which authenticate the bindDN
<string> Enter the password (1-64 chars)
aaa radius-server local db-type open-directory {primary|backup1|backup2|backup3} domain <string> fullname <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
db-type Set the type and location of the user database
open-directory Set the user database on an OD (Open Directory) server
primary Set the OD server that is first queried when authenticating users
backup1 Set the OD server that is queried if the primary server stops responding
backup2 Set the OD server that is queried if the backup1 server stops responding
backup3 Set the OD server that is queried if the backup2 server stops responding
domain Set the domain name of the OD domain controller
<string> Enter the name of the domain (1-64 chars)
fullname Set the full DNS name of the OD domain server
<string> Enter the full DNS name of the domain (1-64 chars)
aaa radius-server local db-type open-directory {primary|backup1|backup2|backup3} filter-attr <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
db-type Set the type and location of the user database
open-directory Set the user database on an OD (Open Directory) server
primary Set the OD server that is first queried when authenticating users
backup1 Set the OD server that is queried if the primary server stops responding
backup2 Set the OD server that is queried if the backup1 server stops responding
backup3 Set the OD server that is queried if the backup2 server stops responding
filter-attr Set the LDAP search filter to locate user objects using the name the client supplies during RADIUS authentication
<string> Enter the filter attribute used to search for the user (Default: "uid"; 1-32 chars)
aaa radius-server local db-type open-directory {primary|backup1|backup2|backup3} no-strip-filter
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
db-type Set the type and location of the user database
open-directory Set the user database on an OD (Open Directory) server
primary Set the OD server that is first queried when authenticating users
backup1 Set the OD server that is queried if the primary server stops responding
backup2 Set the OD server that is queried if the backup1 server stops responding
backup3 Set the OD server that is queried if the backup2 server stops responding
no-strip-filter Do not strip the realm name from the search filter that the Black Box RADIUS server includes in requests sent to the OpenDirectory server
aaa radius-server local db-type open-directory {primary|backup1|backup2|backup3} tls-enable
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
db-type Set the type and location of the user database
open-directory Set the user database on an OD (Open Directory) server
primary Set the OD server that is first queried when authenticating users
backup1 Set the OD server that is queried if the primary server stops responding
backup2 Set the OD server that is queried if the backup1 server stops responding
backup3 Set the OD server that is queried if the backup2 server stops responding
tls-enable Enable TLS authentication that the local SmartPath AP, as an LDAP client, uses with the OD server (Default: Disabled)
aaa radius-server local ldap-auth {primary|backup1|backup2|backup3} type tls ca-cert <string> [ client-cert <string> private-key <string> [ private-key-password <string> ] ] [ verify-server {never|try|demand} ]
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
ldap-auth Set the authentication method that the local SmartPath AP, as an LDAP client, uses with the LDAP server
primary Set the authentication method for the first LDAP server
backup1 Set the authentication method for the second LDAP server
backup2 Set the authentication method for the third LDAP server
backup3 Set the authentication method for the fouth LDAP server
type Set the authentication type to use for LDAP communications
tls Set the authentication type as TLS (Transport Layer Security)
ca-cert Set the CA certificate that the local SmartPath AP uses when authenticating itself as an LDAP client to an LDAP server
<string> Enter the file name of the CA certificate (1-32 chars)
client-cert Set the client certificate that the local SmartPath AP uses when authenticating itself to an LDAP server
<string> Enter the file name of the client certificate (1-32 chars)
private-key Set the private key that the local SmartPath AP uses to authenticate itself to an LDAP server
<string> Enter the name of the private key file (1-32 chars)
private-key-password Set the password for the private key that is used when forming a TLS tunnel
<string> Enter the password (1-32 chars)
verify-server Set options for verifying the LDAP server (Default: LDAP server verification is try.)
never never verify the identity of the LDAP server (Default: try)
try try verify the identity of the LDAP server (Default: try)
demand demand verify the identity of the LDAP server (Default: try)
aaa radius-server local library-sip-policy <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
library-sip-policy Set a library SIP policy to enforce when the local RADIUS server acts as a library SIP client
<string> Enter the library SIP policy name (1-32 chars)
aaa radius-server local local-check-period <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
local-check-period Set the length of time that the local SmartPath AP RADIUS server checks just its cache of user-authentication responses and its own database before retrying previously unresponsive LDAP servers
<number> Enter the interval for checking the local RADIUS cache and database (Default: 300 secs; Min: 30; Max: 3600)
aaa radius-server local nas <string> shared-key <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
nas Set parameters for other cluster members acting as the RADIUS NAS (Network Access Server)
<string> Enter an IP address or a subnet for the RADIUS NAS, or a resolvable domain name (1-32 chars)
shared-key Set the shared secret for authenticating communications with the RADIUS NAS
<string> Enter the shared secret (1-31 chars)
aaa radius-server local port <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
port Set the local RADIUS port number
<number> Enter the RADIUS port number (Default: 1812; Range: 1-65535)
aaa radius-server local remote-check-period <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
remote-check-period Set the length of time that the local SmartPath AP RADIUS server will repeatedly try contacting an unresponsive LDAP server before giving up
<number> Enter the LDAP server retry interval (Default: 30 secs; Min: 10; Max: 3600)
aaa radius-server local retry-interval <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
retry-interval Set the interval after which the SmartPath AP RADIUS server tries to contact a previously unresponsive primary LDAP server (even if a backup server is currently responding)
<number> Enter the interval for retrying the primary LDAP server (Default: 600 secs; Min: 60; Max: 200000000)
aaa radius-server local shared-secret-auto-gen
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
shared-secret-auto-gen Enable the automatic generation of shared secrets when static entries are not found (Default: Enabled)
aaa radius-server local sta-auth ca-cert <string> server-cert <string> private-key <string> [ private-key-password <string> ]
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
sta-auth Set the authentication type and certificate parameters for authenticating users
ca-cert Set the CA certificate for a TLS (Transport Layer Security) tunnel
<string> Enter the file name of the CA certificate (1-32 chars)
server-cert Set the server certificate used when forming a TLS tunnel
<string> Enter the file name of the server certificate (1-32 chars)
private-key Set the private key used when forming a TLS tunnel
<string> Enter the name of the private key file (1-32 chars)
private-key-password Set the password for encrypting the private key used when forming a TLS tunnel
<string> Enter a password (1-64 chars)
aaa radius-server local sta-auth type tls {check-cert-cn|check-in-db}
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
sta-auth Set the authentication type and certificate parameters for authenticating users
type Set the RADIUS authentication type (Default: tls+peap+ttls+leap)
tls Set TLS (Transport Layer Security) as the RADIUS authentication type (Default: tls+peap+ttls+leap)
check-cert-cn Check the CN (common name) in the certificate against the user name (Default: Disabled)
check-in-db Query databases to check if the user exists (Default: Disabled)
aaa radius-server local sta-auth type {leap|peap|tls|ttls}
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
sta-auth Set the authentication type and certificate parameters for authenticating users
type Set the RADIUS authentication type (Default: tls+peap+ttls+leap)
leap Set LEAP (Lightweight Extensible Authentication Protocol) as the RADIUS authentication type (Default: tls+peap+ttls+leap)
peap Set PEAP (Protected Extensible Authentication Protocol) as the RADIUS authentication type (Default: tls+peap+ttls+leap)
tls Set TLS (Transport Layer Security) as the RADIUS authentication type (Default: tls+peap+ttls+leap)
ttls Set TTLS (Tunneled TLS) as the RADIUS authentication type (Default: tls+peap+ttls+leap)
aaa radius-server local sta-auth type {peap|ttls} check-in-db
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
sta-auth Set the authentication type and certificate parameters for authenticating users
type Set the RADIUS authentication type (Default: tls+peap+ttls+leap)
peap Set PEAP (Protected Extensible Authentication Protocol) as the RADIUS authentication type (Default: tls+peap+ttls+leap)
ttls Set TTLS (Tunneled TLS) as the RADIUS authentication type (Default: tls+peap+ttls+leap)
check-in-db Enable the local RADIUS server to query the Active Directory database to check that user accounts are stored under the proper baseDN before authenticating them (Default: Disabled)
aaa radius-server local user-group <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
user-group Add a user group on the local RADIUS server
<string> Enter the user group name (1-32 chars)
aaa radius-server local {enable|cache}
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
local Set the local SmartPath AP as a RADIUS server
enable Enable RADIUS server functionality on the local SmartPath AP
cache Set parameters for caching user-authentication responses from external LDAP servers
aaa radius-server proxy dead-time <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
proxy Set parameters for proxying RADIUS requests
dead-time Set the interval after which the SmartPath AP tries to contact a previously unresponsive RADIUS server
<number> Enter the interval in seconds (Default: 300; Range: 30-3600)
aaa radius-server proxy realm <string> no-strip
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
proxy Set parameters for proxying RADIUS requests
realm Set parameters for proxying requests to RADIUS servers based on the realm specified in submitted user names
<string> Enter the realm name (1-32 chars; Note: Assign a server to the "NULL" realm to proxy requests that do not include a realm name to that server. Assign a server to "DEFAULT" to send it requests containing an unconfigured realm.)
no-strip Do not strip the realm name from a submitted user name when proxying requests to the RADIUS server (Default: The realm name is stripped from proxied requests.)
aaa radius-server proxy realm <string> {primary|backup} <string>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
proxy Set parameters for proxying RADIUS requests
realm Set parameters for proxying requests to RADIUS servers based on the realm specified in submitted user names
<string> Enter the realm name (1-32 chars; Note: Assign a server to the "NULL" realm to proxy requests that do not include a realm name to that server. Assign a server to "DEFAULT" to send it requests containing an unconfigured realm.)
primary Assign a backup RADIUS server to the realm
backup Assign a backup RADIUS server to the realm
<string> Enter the RADIUS server name (1-32 chars)
aaa radius-server proxy realm format {nai|nt-domain}
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
proxy Set parameters for proxying RADIUS requests
realm Set parameters for proxying requests to RADIUS servers based on the realm specified in submitted user names
format Set the format in which a realm name is appended to a user's name in request packets
nai Set NAI (network access identifier) as the realm name format: user@realm (Default: NAI)
nt-domain Set Windows NT domain as the realm name format: realm\user (Default: NAI)
aaa radius-server proxy retry-delay <number> retry-count <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
proxy Set parameters for proxying RADIUS requests
retry-delay Set the interval to wait for a response from the RADIUS server before resending a proxied request
<number> Enter the interval between retries in seconds (Default: 5; Range: 3-10)
retry-count Set the number of times to retry proxying a request to the RADIUS server
<number> Enter the number of retries (Default: 3; Range: 1-10)
aaa radius-server retry-interval <number>
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
retry-interval Set RADIUS server retry interval
<number> Enter RADIUS server retry interval (Default: 600 secs; Range: 60-100000000)
aaa radius-server {primary|backup1|backup2|backup3} <ip_addr|string> [ shared-secret <string> ] [ auth-port <number> ] [ acct-port <number> ] [ via-vpn-tunnel ]
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
primary Set the RADIUS server that is first queried when authenticating users
backup1 Set the RADIUS server that is queried if the primary server stops responding
backup2 Set the RADIUS server that is queried if the backup1 server stops responding
backup3 Set the RADIUS server that is queried if the backup2 server stops responding
<ip_addr> Enter an IP address or a domain name for the RADIUS server (max 32 chars)
<string> Enter an IP address or a domain name for the RADIUS server (max 32 chars)
shared-secret Set the shared secret for authenticating communications with a RADIUS server
<string> Enter the shared secret for authenticating communications with a RADIUS server (1-64 chars)
auth-port Set the RADIUS authentication port number
<number> Enter the RADIUS authentication port number (Default: 1812; Range: 1-65535)
acct-port Set the RADIUS accounting port number
<number> Enter the RADIUS accounting port number (Default: 0; Range: 0-65535)
via-vpn-tunnel Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when the RADIUS server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
access-console custom-ssid <string>
access-console Set access console parameters
custom-ssid Set custom SSID profile name for the access console
<string> Enter an SSID profile name (1-32 chars)
access-console hide-ssid
access-console Set access console parameters
hide-ssid Hide the SSID in beacons and probe responses (Default: disabled)
access-console max-client <number>
access-console Set access console parameters
max-client Set the maximum number of clients that can associate with the access console SSID
<number> Enter the maximum number of clients that can associate (Default: 2; Range: 1-64)
access-console mode {auto|disable|enable}
access-console Set access console parameters
mode Set the mode for the access console (Note: 'auto' enables the access console only when there is no Ethernet or wireless backhaul connection. 'enable' and 'disable' set the mode manually.)
auto Set the mode as auto (Default: auto)
disable Set the mode as disable (Default: auto)
enable Set the mode as enable (Default: auto)
access-console security mac-filter <string>
access-console Set access console parameters
security Set the security parameters for the access console
mac-filter Assign a MAC filter to the access console to restrict access only to those MAC addresses and OUIs (organizational unique identifiers) specified in the filter
<string> Enter the filter name (1-32 chars)
access-console security protocol-suite open
access-console Set access console parameters
security Set the security parameters for the access console
protocol-suite Set the security protocol suite for the access console
open Set the security protocol suite as open
access-console security protocol-suite {wpa-aes-psk|wpa-tkip-psk|wpa2-aes-psk|wpa2-tkip-psk|wpa-auto-psk} ascii-key <string>
access-console Set access console parameters
security Set the security parameters for the access console
protocol-suite Set the security protocol suite for the access console
wpa-aes-psk Set the security protocol suite as wpa-aes-psk
wpa-tkip-psk Set the security protocol suite as wpa-tkip-psk
wpa2-aes-psk Set the security protocol suite as wpa2-aes-psk
wpa2-tkip-psk Set the security protocol suite as wpa2-tkip-psk
wpa-auto-psk Set the security protocol suite as wpa-auto-psk
ascii-key Set key type as an ASCII string
<string> Enter the ASCII key value (8-63 chars)
access-console telnet
access-console Set access console parameters
telnet Enable Telnet manageability of the access console (Default: enabled)
admin auth radius-method [ {pap|chap|ms-chap-v2} ]
admin Set the administrator parameters
auth Set the administrators authentication method
radius-method Authenticate admins by checking accounts stored on an external RADIUS server
pap Set PAP (Password Authentication Protocol) as the method for sending authentication requests between the SmartPath AP and RADIUS server (Default: PAP)
chap Set CHAP (Challenge-Handshake Authentication Protocol) as the method for sending authentication requests between the SmartPath AP and RADIUS server (Default: PAP)
ms-chap-v2 Set MS-CHAP-v2 (Microsoft CHAP Version 2) as the method for sending authentication requests between the SmartPath AP and RADIUS server (Default: PAP)
admin auth {local|radius|both}
admin Set the administrator parameters
auth Set the administrators authentication method
local Authenticate admins by checking accounts stored on the local database (Default: local)
radius Authenticate admins by checking accounts stored on an external RADIUS server
both Authenticate admins by checking accounts on an external RADIUS server first and the local database second
admin manager-ip <ip_addr/netmask>
admin Set the administrator parameters
manager-ip Allow administrative access from a host or subnet (By default, access from all addresses are allowed.)
<ip_addr/netmask> Enter an IP address and netmask
admin min-password-length <number>
admin Set the administrator parameters
min-password-length Set the minimum password length
<number> Enter the minimum password length (Default: 5; Range: 5-32)
admin root-admin <string> password <string>
admin Set the administrator parameters
root-admin The root-admin has complete privileges, including the ability to add, modify, and delete other admins
<string> Enter root-admin name (3-20 characters)
password Set password for the root-admin
<string> Set password for the root-admin (5-32 characters)
admin {read-write|read-only} <string> password <string>
admin Set the administrator parameters
read-write The read-write admin has the ability to view, set commands and modify his or her own password, but not the ability to reset the configuration or add, modify, and delete other admins
read-only The read-only admin has the ability to view settings
<string> Enter an admin user's name (3-20 characters)
password Set password for the user
<string> Set password for the user (5-32 characters)
alg {ftp|tftp|sip|dns|http} enable
alg Set ALG (Application Level Gateway) parameters
ftp Set an FTP (File Transfer Protocol) ALG
tftp Set a TFTP (Trivial File Transfer Protocol) ALG
sip Set a SIP (Session Initiation Protocol) ALG
dns Set a DNS (Domain Name System) ALG
http Set an HTTP ALG
enable Enable ALG functionality
alg {ftp|tftp|sip|dns} qos <number>
alg Set ALG (Application Level Gateway) parameters
ftp Set an FTP (File Transfer Protocol) ALG
tftp Set a TFTP (Trivial File Transfer Protocol) ALG
sip Set a SIP (Session Initiation Protocol) ALG
dns Set a DNS (Domain Name System) ALG
qos Set an Black Box QoS class for ALG data traffic
<number> Enter an Black Box QoS class (Default: 0 for FTP, 0 for TFTP, 6 for SIP, 0 for DNS; Range: 0-7)
alg {ftp|tftp|sip} inactive-data-timeout <number>
alg Set ALG (Application Level Gateway) parameters
ftp Set an FTP (File Transfer Protocol) ALG
tftp Set a TFTP (Trivial File Transfer Protocol) ALG
sip Set a SIP (Session Initiation Protocol) ALG
inactive-data-timeout Set a timeout to close an inactive gate
<number> Enter an inactive gateway timeout value in seconds (Default: 30 for FTP, 30 for TFTP, 60 for SIP; Range: 1-1800s)
alg {ftp|tftp|sip} max-duration <number>
alg Set ALG (Application Level Gateway) parameters
ftp Set an FTP (File Transfer Protocol) ALG
tftp Set a TFTP (Trivial File Transfer Protocol) ALG
sip Set a SIP (Session Initiation Protocol) ALG
max-duration Set the maximum duration for the ALG
<number> Enter the maximum duration in minutes (Default: 60 for FTP, 60 for TFTP, 720 for SIP; Range: 1-7200(min))
amrp interface <ethx> priority <number>
amrp Set AMRP (Advanced Mobility Routing Protocol) parameters
interface Set AMRP parameters per interface
<ethx> Enter the name of an Ethernet interface, where x = 0
priority Set a priority for the SmartPath AP to be elected as a DA (designated AP) on the Ethernet link to which the interface connects
<number> Enter the priority value (Range: 0-255; Default: 0; Note: The greater the number is, the higher its priority, and the more preferred the SmartPath AP will be during the DA election process. For example, 100 has a higher priority than 50.)
amrp metric poll-interval <number>
amrp Set AMRP (Advanced Mobility Routing Protocol) parameters
metric Set route metric parameters for the backhaul link (Ethernet and wireless)
poll-interval Set the interval for polling neighbors to determine current route metrics
<number> Enter the poll-interval value (Default: 60 secs; Range: 10-300)
amrp metric type {aggressive|conservative|normal}
amrp Set AMRP (Advanced Mobility Routing Protocol) parameters
metric Set route metric parameters for the backhaul link (Ethernet and wireless)
type Set the type of behavior governing dynamic changes to route metrics
aggressive Change route metrics to aggressive (Default: normal)
conservative Change route metrics to conservative (Default: normal)
normal Change route metrics to normal (Default: normal)
amrp neighbor <mac_addr> metric min <number> max <number>
amrp Set AMRP (Advanced Mobility Routing Protocol) parameters
neighbor Specify the neighbor to which you want to set AMRP parameters
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
metric Set route metric parameters for the backhaul link (Ethernet and wireless) to the neighbor
min Set the minimum metric value
<number> Enter the minimum metric value (Default: 67; Range: 8-1200)
max Set the maximum metric value equal to or greater than the minimum value
<number> Enter the maximum metric value (Default: 67; Range: 8-1200)
amrp vpn-tunnel heartbeat interval <number> retry <number>
amrp Set AMRP (Advanced Mobility Routing Protocol) parameters
vpn-tunnel Set parameters for VPN tunneling
heartbeat Set AMRP (Advanced Mobility Routing Protocol) heartbeat parameters for VPN tunnel
interval Set the interval for sending AMRP heartbeats through the tunnel
<number> Enter the heartbeat interval in seconds (Range: 0-65535; Default: 10; Note: 0 disables AMRP heartbeats.)
retry Set the number of times to retry sending a heartbeat when it does not elicit a response
<number> Enter the number of heartbeats to retry sending (Range: 1-255; Default: 10)
boot-param boot-file <string>
boot-param Set parameters for the boot loader
boot-file Set the file name of the SmartPath OS image that you want to load on the local SmartPath AP through a network connection to a TFTP server
<string> Enter the file name (1-127 characters)
boot-param boot-password <string>
boot-param Set parameters for the boot loader
boot-password Set the password that a root admin must enter to interrupt the auto-boot sequence
<string> Enter the password (8-32 chars)
boot-param country-code <number>
boot-param Set parameters for the boot loader
country-code Set the country code used to control radio channel and power selections
<number> Enter a country code value (Default: 0; Range: 1 - 10000)
boot-param device <ip_addr/netmask>
boot-param Set parameters for the boot loader
device Set the IP address and netmask of the local SmartPath AP device
<ip_addr/netmask> Enter the IP address and netmask
boot-param device <ip_addr> <netmask>
boot-param Set parameters for the boot loader
device Set the IP address and netmask of the local SmartPath AP device
<ip_addr> Enter the IP address
<netmask> Enter the IP netmask
boot-param gateway <ip_addr>
boot-param Set parameters for the boot loader
gateway Set the IP address of the gateway so that the local SmartPath AP can reach the TFTP server with the SmartPath OS image that you want to load
<ip_addr> Enter the IP address
boot-param native-vlan <number>
boot-param Set parameters for the boot loader
native-vlan Set the native VLAN ID of the local SmartPath AP
<number> Enter the VLAN ID (Default: 0; Range: 0-4094)
boot-param netboot enable
boot-param Set parameters for the boot loader
netboot Set the SmartPath AP to boot up automatically from an external TFTP server after an application crash occurs
enable Enable the ability to boot up automatically from an external TFTP server after an application crash occurs
boot-param netdump dump-file [ <string> ]
boot-param Set parameters for the boot loader
netdump Set parameters for saving a core dump to the TFTP server specified in the "boot-param server" command (Note: If the SmartPath AP crashes, it saves a core dump file to the TFTP server in its next rebooting phase)
dump-file Set the name of the core dump file to be saved to the TFTP server
<string> Enter the name of the core dump file(Default name: .netdump; 1-32 chars)
boot-param netdump enable
boot-param Set parameters for the boot loader
netdump Set parameters for saving a core dump to the TFTP server specified in the "boot-param server" command (Note: If the SmartPath AP crashes, it saves a core dump file to the TFTP server in its next rebooting phase)
enable Enable the netdump feature (Default: Disabled)
boot-param server <ip_addr>
boot-param Set parameters for the boot loader
server Set the IP address of the TFTP server that has the SmartPath OS image file that you want to load
<ip_addr> Enter the IP address
boot-param vlan <number>
boot-param Set parameters for the boot loader
vlan Set the VLAN that the local SmartPath AP must use to reach the TFTP server
<number> Enter the VLAN ID (Default: 0; Range: 0-4094)
cac airtime-per-second <number>
cac Set CAC (Call Admission Control) parameters for regulating the admission of new VoIP calls
airtime-per-second Set airtime reserved for VoIP calls
<number> Enter the airtime for VoIP calls (Default: 500ms; Range: 100ms-1000ms)
cac enable
cac Set CAC (Call Admission Control) parameters for regulating the admission of new VoIP calls
enable Enable CAC protection of VoIP traffic
cac roaming airtime-percentage <number>
cac Set CAC (Call Admission Control) parameters for regulating the admission of new VoIP calls
roaming Set parameters for VoIP calls when a client roams
airtime-percentage Set the percentage of airtime reserved for VoIP calls during roaming
<number> Enter the percentage of reserved airtime (Default: 20; Range: 0-100)
capture interface <wifix> [ count <number> ] [ filter <number> ] [ promiscuous ]
capture Set packet capture parameters
interface Enable packet capturing on a radio interface
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0 or 1
count Set the number of frames to capture
<number> Enter the number of frames to capture (Default: 2000; Range: 1-100000)
filter Set the packet capture filter
<number> Enter a filter ID (Range: 1-64)
promiscuous Enable the wifi interfaces to operate in promiscuous mode during packet capturing (Default: Disabled)
capture save interface <wifix> <string>
capture Set packet capture parameters
save Set the packet capture tool to save captured packets to a file
interface Set the packet capture tool to save captured packets to a file on a radio interface
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0 or 1
<string> Enter a local file name or the remote location, path, and file name (Format: filename or tftp://server:/path/filename; Default: wifix.dmp)
capwap client HTTP proxy name <string> port <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
HTTP Set HTTP as the application-level protocol using TCP as the transport mode
proxy Set parameters for the HTTP proxy server
name Set the HTTP proxy server name
<string> Enter the IP address or domain name of the HTTP proxy server (1-32 chars)
port Set the HTTP proxy server port number
<number> Enter the port number (Range: 1-65535)
capwap client HTTP proxy user <string> password <string>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
HTTP Set HTTP as the application-level protocol using TCP as the transport mode
proxy Set parameters for the HTTP proxy server
user Set the user name for authenticating the SmartPath AP with the HTTP proxy server
<string> Enter the authentication user name (1-32 chars)
password Set the user password for authenticating the SmartPath AP with the HTTP proxy server
<string> Enter the password (1-32 chars)
capwap client default-server-name <string>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
default-server-name Set the default IP address or domain name for the CAPWAP server
<string> Enter IP address or name for CAPWAP server (1-32 chars)
capwap client discovery interval <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
discovery Set CAPWAP client discovery parameters
interval Set CAPWAP discovery interval
<number> Enter the CAPWAP discovery interval (Default: 5 secs; Range:1-999)
capwap client discovery maximum interval <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
discovery Set CAPWAP client discovery parameters
maximum Set the max time in seconds to wait for a response to a Discovery Request message
interval Set the max time in seconds to wait for a response to a Discovery Request message
<number> Enter the max time to wait for a response to a Discovery Request message (Default: 10 secs; Range: 2-180)
capwap client dtls accept-bootstrap-passphrase
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
dtls Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
accept-bootstrap-passphrase Always accept the bootstrap passphrase proposed by SmartPath EMS
capwap client dtls bootstrap-passphrase <string>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
dtls Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
bootstrap-passphrase Set a passphrase for initial and recovery CAPWAP connections
<string> Enter the bootstrap passphrase (16-32 characters)
capwap client dtls enable
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
dtls Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
enable Enable CAPWAP client dtls feature
capwap client dtls handshake-wait-time <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
dtls Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
handshake-wait-time Set the maximum time to wait for a DTLS handshake message from the CAPWAP server
<number> Enter the maximum wait time in seconds (Default: 60; Range: 30-120)
capwap client dtls hm-defined-passphrase <string> key-id <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
dtls Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
hm-defined-passphrase Use the SmartPath EMS-defined passphrase to secure CAPWAP communications
<string> Enter a passphrase for the SmartPath AP to use when making a secure CAPWAP connection (16-32 characters)
key-id Set the key ID for the passphrase
<number> Enter the key ID (Range: 1-255)
capwap client dtls max-retries <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
dtls Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
max-retries Set the maximum number of times to retry making a DTLS connection
<number> Enter the maximum number of retries (Default: 3; Range: 1-65535)
capwap client dtls negotiation enable
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
dtls Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
negotiation Set the SmartPath AP to auto-negotiate the use of DTLS with SmartPath EMS
enable Enable DTLS auto-negotiation
capwap client dtls psk <string>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
dtls Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
psk Set the DTLS preshared key manually (instead of deriving it from a passphrase)
<string> Enter the DTLS preshared key in ASCII hex format (1-64 chars)
capwap client dtls session-delete-wait-time <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
dtls Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
session-delete-wait-time Set the minimum time to wait for DTLS session deletion
<number> Enter the wait time in seconds (Default: 5; Range: 1-65535)
capwap client enable
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
enable Enable CAPWAP client
capwap client event enable
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
event CAPWAP report event information
enable Enable CAPWAP send event information
capwap client join timeout <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
join Set the interval that the SmartPath AP waits for a CAPWAP Join Response message
timeout Set the interval that the SmartPath AP waits for a CAPWAP Join Response message
<number> Enter join interval in seconds to wait for Join Response message (Default: 60 secs; Range: 30-999)
capwap client neighbor dead interval <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
neighbor Set CAPWAP client neighbor parameters
dead Set the dead interval for CAPWAP neighbors
interval Set the interval in seconds to wait for ping responses before considering a CAPWAP neighbor dead
<number> Enter interval to wait for responses before considering a neighbor dead (Default: 105 secs; Range: 60-240)
capwap client neighbor heartbeat interval <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
neighbor Set CAPWAP client neighbor parameters
heartbeat Set the heartbeat parameters for a CAPWAP neighbor
interval Set the heartbeat interval for a CAPWAP neighbor
<number> Enter the heartbeat interval for a CAPWAP neighbor (Default: 30; Range: 30-120)
capwap client pci-alert enable
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
pci-alert Report PCI (Payment Card Infrastructure) compliance information to SmartPath EMS
enable Enable the reporting of PCI compliance information
capwap client server [ {backup} ] name <string> [ connect-delay <number> ] [ via-vpn-tunnel ]
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
server Set parameters for communicating with the CAPWAP server
backup Set the backup CAPWAP server
name Set the IP address or domain name of the CAPWAP server
<string> Enter IP address or name for CAPWAP server (1-32 chars)
connect-delay Schedule a connection to the specified CAPWAP server at a time relative to the moment the SmartPath AP receives the command
<number> Enter the interval in seconds after which the CAPWAP client connects (Range: 0-65535)
via-vpn-tunnel Send all CAPWAP traffic through a VPN tunnel (Note: Set this option on VPN clients when the CAPWAP server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
capwap client server port <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
server Set parameters for communicating with the CAPWAP server
port Set the destination port number for communicating with the CAPWAP server
<number> Enter the port number (Default: 12222; Range: 1-65535)
capwap client silent interval <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
silent Set an interval to wait after failing to receive Discovery Request responses before sending more requests
interval Set an interval to wait after failing to receive Discovery Request responses before sending more requests
<number> Enter an interval to wait after failing to receive Discovery Request responses (Default: 15 secs; Range: 1-999)
capwap client transport HTTP
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
transport Set the packet transport mode for CAPWAP communications
HTTP Set HTTP as the application-level protocol using TCP as the transport mode
capwap client vhm-name <string>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
client Set CAPWAP client parameters
vhm-name Set the name of the virtual SmartPath EMS system
<string> Enter the name of the virtual SmartPath EMS system (1-64 chars)
capwap max-discoveries counter <number>
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
max-discoveries Set the max number of CAPWAP Discovery Request messages
counter Set the max number of CAPWAP Discovery Request messages
<number> Enter the max number of CAPWAP Discovery Request messages (Default: 3; Range: 1-999)
capwap ping <string> [ port <number> ] [ count <number> ] [ size <number> ] [ timeout <number> ]
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
ping Perform a CAPWAP ping (Note: A CAPWAP ping does not use ICMP echo requests, but UDP packets similar to those used for CAPWAP heartbeats.)
<string> Enter the IP address or domain name of the CAPWAP server (1-32 characters)
port Set the destination UDP port number for communicating with the CAPWAP server
<number> Enter the destination UDP port number for communicating with the CAPWAP server (Default: 12222; Range: 1-65535)
count Set the number of CAPWAP UDP packets to send
<number> Enter the number of packets to send (Default: 5; Range: 1-65535)
size Set the size of the UDP packets
<number> Enter the packet size in bytes (Default: 56; Range:1-1300)
timeout Set the length of time to wait for a response
<number> Enter the timeout in seconds (Default: 5; Range: 1-60)
capwap ping <string> [ port <number> ] flood <number> [ size <number> ] [ timeout <number> ]
capwap Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
ping Perform a CAPWAP ping (Note: A CAPWAP ping does not use ICMP echo requests, but UDP packets similar to those used for CAPWAP heartbeats.)
<string> Enter the IP address or domain name of the CAPWAP server (1-32 characters)
port Set the destination UDP port number for communicating with the CAPWAP server
<number> Enter the destination UDP port number for communicating with the CAPWAP server (Default: 12222; Range: 1-65535)
flood Set the number of batches, each consisting of 100 CAPWAP UDP packets, to send at one time
<number> Enter the number of batches of packets(Default: 5; Range: 1-65535)
size Set the size of the UDP packets
<number> Enter the packet size in bytes (Default: 56; Range:1-1300)
timeout Set the length of time to wait for a response
<number> Enter the timeout in seconds (Default: 5; Range: 1-60)
clear aaa radius-server cache [ username <string> ]
clear Clear dynamic system information or remove all web directories
aaa Clear parameters for AAA (authentication, authorization, accounting)
radius-server Clear RADIUS server parameters
cache Clear all RADIUS server caches or one cache
username Clear the RADIUS server cache by username
<string> Enter the username (1-32 chars)
clear aaa radius-server-key [ {radius-server|ldap-client} ] [ <string> ]
clear Clear dynamic system information or remove all web directories
aaa Clear parameters for AAA (authentication, authorization, accounting)
radius-server-key Clear all certificates that the local SmartPath AP uses as a RADIUS server and LDAP client
radius-server Clear certificates that the local SmartPath AP uses as a RADIUS server
ldap-client Clear certificates that the local SmartPath AP uses as a LDAP client
<string> Enter the name of the certificate
clear arp-cache
clear Clear dynamic system information or remove all web directories
arp-cache Clear the ARP cache
clear auth roaming-cache mac <mac_addr> cluster-neighbors
clear Clear dynamic system information or remove all web directories
auth Clear dynamic authentication information
roaming-cache Clear all entries from the roaming cache, which contains authentication information for stations currently connected to neighboring cluster members
mac Set the MAC address of the station whose cached authentication information you want to clear
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
cluster-neighbors Clear the MAC address from the local roaming cache and from the roaming caches of neighboring cluster members
clear auth roaming-cache {cluster-neighbors}
clear Clear dynamic system information or remove all web directories
auth Clear dynamic authentication information
roaming-cache Clear all entries from the roaming cache, which contains authentication information for stations currently connected to neighboring cluster members
cluster-neighbors Clear all entries from the local roaming cache and from the roaming caches of all neighboring cluster members
clear auth username <string>
clear Clear dynamic system information or remove all web directories
auth Clear dynamic authentication information
username Clear dynamic authentication information by user name
<string> Enter a user name (1-32 chars)
clear auth {local-cache|roaming-cache|station} [ mac <mac_addr> ]
clear Clear dynamic system information or remove all web directories
auth Clear dynamic authentication information
local-cache Clear all entries from the local cache, which contains authentication information for stations currently connected to the local SmartPath AP
roaming-cache Clear all entries from the roaming cache, which contains authentication information for stations currently connected to neighboring cluster members
station Clear authentication information for a specific station
mac Set the MAC address of the station whose cached authentication information you want to clear
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
clear auth {local-cache|roaming-cache|station} ssid <string>
clear Clear dynamic system information or remove all web directories
auth Clear dynamic authentication information
local-cache Clear all entries from the local cache, which contains authentication information for stations currently connected to the local SmartPath AP
roaming-cache Clear all entries from the roaming cache, which contains authentication information for stations currently connected to neighboring cluster members
station Clear authentication information for a specific station
ssid Clear cached authentication information based on the SSID with which stations associated
<string> Enter a user name (1-32 chars)
clear cac station-airtime [ mac <mac_addr> ]
clear Clear dynamic system information or remove all web directories
cac Clear CAC (Call Admission Control) statistics
station-airtime Clear airtime statistics for a specific station
mac Set the specific destination MAC
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
clear capture local [ <string> ]
clear Clear dynamic system information or remove all web directories
capture Clear packet capture parameters
local Clear one or all locally stored packet capture files
<string> Enter the file name to clear
clear capwap client counter
clear Clear dynamic system information or remove all web directories
capwap Clear CAPWAP (Control and Provisioning of Wireless Access Points) statistics
client Clear CAPWAP client statistics
counter Clear CAPWAP client keepalive packet counters
clear cluster <string> counter neighbor [ <mac_addr> ]
clear Clear dynamic system information or remove all web directories
cluster Clear cluster info
<string> Enter a cluster profile name (1-32 chars)
counter Clear counters for neighboring cluster members
neighbor Clear counters for all neighbors or a specific neighbor in this cluster
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
clear config rollback
clear Clear dynamic system information or remove all web directories
config Clear the configuration rollback settings
rollback Clear the current configuration rollback point and related settings
clear forwarding-engine counters [ interface <wifix|wifix.y|ethx|mgtx> ] [ station <mac_addr> ] [ drop ] [ tunnel ] [ policy ]
clear Clear dynamic system information or remove all web directories
forwarding-engine Clear dynamically generated data from the forwarding engine
counters Clear forwarding engine counter statistics
interface Clear forwarding engine counter by interface
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0 or 1
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
<ethx> Enter the name of an Ethernet interface, where x = 0
<mgtx> Enter the name of the management interface, where x = 0
station Clear forwarding engine counter by station MAC
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
drop Clear the drop packet counter
tunnel Clear the counter on tunnels
policy Clear the counter on policies
clear forwarding-engine ip-sessions [ src-ip <ip_addr> ] [ dst-ip <ip_addr> ] [ src-port <number> ] [ dst-port <number> ] [ protocol <number> ]
clear Clear dynamic system information or remove all web directories
forwarding-engine Clear dynamically generated data from the forwarding engine
ip-sessions Clear IP sessions
src-ip Clear IP sessions by source IP address
<ip_addr> Source IP address
dst-ip Clear IP sessions by destination IP address
<ip_addr> Destination IP address
src-port Clear IP essions by source port number
<number> source IP port (Range: 1-65535)
dst-port Clear IP sessions by destination port number
<number> destination IP port (Range: 1-65535)
protocol Clear IP sessions by protocol type
<number> source IP port (Range: 1-255)
clear forwarding-engine ip-sessions id <number>
clear Clear dynamic system information or remove all web directories
forwarding-engine Clear dynamically generated data from the forwarding engine
ip-sessions Clear IP sessions
id Clear IP sessions by session ID number
<number> Enter the IP session ID (Range: 1-9999)
clear forwarding-engine mac-sessions [ src-mac <mac_addr> ] [ dst-mac <mac_addr> ]
clear Clear dynamic system information or remove all web directories
forwarding-engine Clear dynamically generated data from the forwarding engine
mac-sessions Clear MAC sessions
src-mac Clear MAC sessions by source MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
dst-mac Clear MAC sessions by destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
clear forwarding-engine mac-sessions id <number>
clear Clear dynamic system information or remove all web directories
forwarding-engine Clear dynamically generated data from the forwarding engine
mac-sessions Clear MAC sessions
id Clear MAC sessions by session ID number
<number> Enter the MAC session ID (Range: 1-9999)
clear gre-tunnel counters tunnel
clear Clear dynamic system information or remove all web directories
gre-tunnel Clear GRE (Generic Routing Encapsulation) tunnel information
counters Clear GRE tunnel counter statistics
tunnel Clear the counter on tunnels
clear interface <ethx> mac-learning dynamic <mac_addr>
clear Clear dynamic system information or remove all web directories
interface Clear interface info
<ethx> Enter the name of an Ethernet interface, where x = 0
mac-learning Clear entries in the MAC address learning table
dynamic Clear dynamically learned MAC address entries
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
clear interface <ethx> mac-learning dynamic all
clear Clear dynamic system information or remove all web directories
interface Clear interface info
<ethx> Enter the name of an Ethernet interface, where x = 0
mac-learning Clear entries in the MAC address learning table
dynamic Clear dynamically learned MAC address entries
all Clear all dynamically learned MAC address entries
clear interface <ethx|wifix|wifix.y> counter
clear Clear dynamic system information or remove all web directories
interface Clear interface info
<ethx> Enter the name of an Ethernet interface, where x = 0
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0 or 1
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
counter Clear all counters for the interface
clear interface <mgtx|mgtx.y> dhcp-server lease all
clear Clear dynamic system information or remove all web directories
interface Clear interface info
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Clear the DHCP server lease
lease Clear a specific DHCP lease or all leases
all Clear all DHCP leases
clear interface <mgtx|mgtx.y> dhcp-server lease ip <ip_addr>
clear Clear dynamic system information or remove all web directories
interface Clear interface info
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Clear the DHCP server lease
lease Clear a specific DHCP lease or all leases
ip Clear the DHCP lease that uses a specific IP address
<ip_addr> Enter the IP address
clear interface <mgtx|mgtx.y> dhcp-server lease mac <mac_addr>
clear Clear dynamic system information or remove all web directories
interface Clear interface info
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Clear the DHCP server lease
lease Clear a specific DHCP lease or all leases
mac Clear the DHCP lease assigned to a client with a specific MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
clear interface <wifix> wlan-idp mitigate rogue-ap [ <mac_addr> ]
clear Clear dynamic system information or remove all web directories
interface Clear interface info
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0 or 1
wlan-idp Clear rogue AP entries from the WLAN IDP (intrusion detection and prevention) table
mitigate Clear mitigated rogue APs
rogue-ap Clear all mitigated rogue APs or a specific rogue AP
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
clear lldp [ {cdp} ] table
clear Clear dynamic system information or remove all web directories
lldp Set LLDP (Link Layer Discovery Protocol) parameters
cdp Set CDP (Cisco Discovery Protocol) parameters
table Clear LLDP or CDP neighbor table
clear location {aeroscout|tzsp} counter
clear Clear dynamic system information or remove all web directories
location Clear parameters for location tracking
aeroscout Clear parameters for the aeroscout location processing engine
tzsp Clear parameters for the tzsp location processing engine
counter Clear statistics for location reports sent to the location processing engine
clear log [ {buffered|debug|flash|all} ]
clear Clear dynamic system information or remove all web directories
log Clear logging messages
buffered Clear buffered log messages
debug Clear debug log messages
flash Clear flash log messages
all Clear all log messages
clear qos counter
clear Clear dynamic system information or remove all web directories
qos Clear dynamic QoS information
counter Clear dynamic QoS statistics counters
clear service [ <string> ] counter
clear Clear dynamic system information or remove all web directories
service Clear dynamically generated information for all services or for a specific service
<string> Enter the name of the service whose counters you want to clear
counter Clear the counter statistics for all services or for a specific service
clear ssid <string> counter station [ <mac_addr> ]
clear Clear dynamic system information or remove all web directories
ssid Clear SSID info
<string> Enter an SSID profile name (1-32 chars)
counter Clear counters for stations (wireless clients) associated with the SSID
station Clear counters for all stations or a specific station associated with the SSID
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
clear user-and-group all
clear Clear dynamic system information or remove all web directories
user-and-group Clear all users and user-groups
all Clear all users and user-groups
clear vpn certificate-key
clear Clear dynamic system information or remove all web directories
vpn Clear VPN information
certificate-key Clear all certificates that the local SmartPath AP uses when authenticating its identity to a VPN peer and when verifying the identity of a VPN peer
clear vpn {ike|ipsec} sa
clear Clear dynamic system information or remove all web directories
vpn Clear VPN information
ike Clear IKE SA information established during IKE phase 1 negotiations
ipsec Clear IPsec SA information established during IKE phase 2 negotiations
sa Clear SA (security association) information
clear web-directory [ {ppsk-self-reg} ]
clear Clear dynamic system information or remove all web directories
web-directory Remove all web directories
ppsk-self-reg Remove all self-registration web directories from the private PSK server
clear wlan-idp mitigate [ <mac_addr> ]
clear Clear dynamic system information or remove all web directories
wlan-idp Clear rogue AP entries from the WLAN IDP (intrusion detection and prevention) table
mitigate Clear one or a list of the rogue APs against which mitigation was performed and the SmartPath APs that reported them
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
client-tracing <mac_addr>
client-tracing Test client tracing
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
clock date-time <date> <time>
clock Set the internal clock
date-time Set the date and time for the internal clock
<date> Enter the date for the internal clock, (Format: YYYY-MM-DD, Range: 1970-01-01 to 2035-12-31)
<time> Enter the time for the internal clock, (Format: hh:mm:ss, Range: hh(00-23), mm(00-59), ss(00-59)
clock time-zone <number> [ {30|45} ]
clock Set the internal clock
time-zone Set the time zone for the internal clock
<number> Enter the time zone for the internal clock (Default: 0; Range: from -12 to 12)
30 Add 30 minutes to the specified time zone
45 Add 45 minutes to the specified time zone
clock time-zone daylight-saving-time <date> <time> <date> <time>
clock Set the internal clock
time-zone Set the time zone for the internal clock
daylight-saving-time Set the daylight saving time parameters
<date> Enter the start date for the daylight saving time (Format: MM-DD, Range: 01-01 to 12-31)
<time> Enter the start time for the daylight saving time (Format: hh:mm:ss, Range: hh(00-23), mm(00-59), ss(00-59)
<date> Enter the end date for the daylight saving time (Format: MM-DD, Range: 01-01 to 12-31)
<time> Enter the end time for the daylight saving time (Format: hh:mm:ss, Range: hh(00-23), mm(00-59), ss(00-59)
cluster <string>
cluster Create a cluster or set cluster parameters
<string> Enter a cluster profile name (1-32 chars)
cluster <string> frag-threshold <number>
cluster Create a cluster or set cluster parameters
<string> Enter a cluster profile name (1-32 chars)
frag-threshold Set fragment threshold parameters for the cluster
<number> Enter the fragment threshold in bytes for the cluster (Default: 2346; Range: 256-2346)
cluster <string> manage all
cluster Create a cluster or set cluster parameters
<string> Enter a cluster profile name (1-32 chars)
manage Set management service parameters
all Enable all manageability options (ping, SNMP, SSH, and Telnet) for mgt0 through wireless backhaul interfaces in this cluster (Defaults: ping enabled, SNMP disabled, SSH enabled, Telnet disabled)
cluster <string> manage {Telnet|SSH|SNMP|ping}
cluster Create a cluster or set cluster parameters
<string> Enter a cluster profile name (1-32 chars)
manage Set management service parameters
Telnet Enable Telnet manageability of mgt0 through wireless backhaul interfaces in this cluster (Default: Disabled)
SSH nable SSH manageability of mgt0 through wireless backhaul interfaces in this cluster (Default: Enabled)
SNMP Enable SNMP manageability of mgt0 through wireless backhaul interfaces in this cluster (Default: Disabled)
ping Enable mgt0 to respond to pings through subinterfaces bound to this SSID (Default: Enabled)
cluster <string> neighbor connecting-threshold <number> polling-interval <number>
cluster Create a cluster or set cluster parameters
<string> Enter a cluster profile name (1-32 chars)
neighbor Set the threshold parameters for connecting wirelessly with neighboring cluster members
connecting-threshold Set the minimum signal strength threshold required for connecting with a neighboring cluster member
<number> Enter a minimum signal strength value in dBm (Default: -80; Range: -90~-55)
polling-interval Set the time interval in minutes for polling the signal strength of neighboring cluster members
<number> Enter the polling time interval (Default: 1 minute; range: 1-60)
cluster <string> neighbor connecting-threshold {low|medium|high} polling-interval <number>
cluster Create a cluster or set cluster parameters
<string> Enter a cluster profile name (1-32 chars)
neighbor Set the threshold parameters for connecting wirelessly with neighboring cluster members
connecting-threshold Set the minimum signal strength threshold required for connecting with a neighboring cluster member
low Set a relatively low minimum signal strength threshold (-85dBm)
medium Set a relatively moderate minimum signal strength threshold (-80dBm)
high Set a relatively high minimum signal strength threshold (-75dBm)
polling-interval Set the time interval in minutes for polling the signal strength of neighboring cluster members
<number> Enter the polling time interval (Default: 1 minute; range: 1-60)
cluster <string> password <string>
cluster Create a cluster or set cluster parameters
<string> Enter a cluster profile name (1-32 chars)
password Set a key for cluster member authentication
<string> Enter a string (8-63 chars) for cluster member authentication (Default: a default password is derived from the cluster name)
cluster <string> rts-threshold <number>
cluster Create a cluster or set cluster parameters
<string> Enter a cluster profile name (1-32 chars)
rts-threshold Set the RTS (request to send) threshold for the cluster
<number> Enter the packet size for the RTS threshold for the cluster (Default: 2346 bytes; Range: 1-2346)
cluster <string> security mac-filter <string>
cluster Create a cluster or set cluster parameters
<string> Enter a cluster profile name (1-32 chars)
security Set cluster security parameters
mac-filter Assign a filter for MAC addresses or OUIs (organizational unique identifiers)
<string> Enter the filter name for MAC addresses or OUIs (organizational unique identifiers)
cluster <string> security wlan dos station-level frame-type {assoc-req|auth|eapol} ban <number>
cluster Create a cluster or set cluster parameters
<string> Enter a cluster profile name (1-32 chars)
security Set cluster security parameters
wlan Set WLAN parameters
dos Set WLAN DoS (Denial of Service) parameters
station-level Set DoS parameters at station-level
frame-type Set WLAN DoS (Denial of Service) frame type
assoc-req Specify WLAN DoS frame type assoc-req
auth Specify WLAN DoS frame type auth
eapol Specify WLAN DoS frame type eapol
ban Set the period of time to ignore frames after a theshold has been crossed
<number> Enter the period of time in seconds to ignore frames after a theshold has been crossed (Default: 60; Min: 0 Max: None)
cluster <string> security wlan dos station-level frame-type {assoc-req|auth|eapol} ban forever
cluster Create a cluster or set cluster parameters
<string> Enter a cluster profile name (1-32 chars)
security Set cluster security parameters
wlan Set WLAN parameters
dos Set WLAN DoS (Denial of Service) parameters
station-level Set DoS parameters at station-level
frame-type Set WLAN DoS (Denial of Service) frame type
assoc-req Specify WLAN DoS frame type assoc-req
auth Specify WLAN DoS frame type auth
eapol Specify WLAN DoS frame type eapol
ban Set the period of time to ignore frames after a theshold has been crossed
forever Set ban forever
cluster <string> security wlan dos {cluster-level|station-level} frame-type {probe-req|probe-resp|assoc-req|assoc-resp|disassoc|auth|deauth|eapol|all}
cluster Create a cluster or set cluster parameters
<string> Enter a cluster profile name (1-32 chars)
security Set cluster security parameters
wlan Set WLAN parameters
dos Set WLAN DoS (Denial of Service) parameters
cluster-level Set DoS parameters at cluster-level
station-level Set DoS parameters at station-level
frame-type Set WLAN DoS (Denial of Service) frame type
probe-req Specify WLAN DoS frame type probe-req
probe-resp Specify WLAN DoS frame type probe-resp
assoc-req Specify WLAN DoS frame type assoc-req
assoc-resp Specify WLAN DoS frame type assoc-resp
disassoc Specify WLAN DoS frame type disassoc
auth Specify WLAN DoS frame type auth
deauth Specify WLAN DoS frame type deauth
eapol Specify WLAN DoS frame type eapol
all Specify WLAN DoS frame type all
cluster <string> security wlan dos {cluster-level|station-level} frame-type {probe-req|probe-resp|assoc-req|assoc-resp|disassoc|auth|deauth|eapol|all} alarm <number>
cluster Create a cluster or set cluster parameters
<string> Enter a cluster profile name (1-32 chars)
security Set cluster security parameters
wlan Set WLAN parameters
dos Set WLAN DoS (Denial of Service) parameters
cluster-level Set DoS parameters at cluster-level
station-level Set DoS parameters at station-level
frame-type Set WLAN DoS (Denial of Service) frame type
probe-req Specify WLAN DoS frame type probe-req
probe-resp Specify WLAN DoS frame type probe-resp
assoc-req Specify WLAN DoS frame type assoc-req
assoc-resp Specify WLAN DoS frame type assoc-resp
disassoc Specify WLAN DoS frame type disassoc
auth Specify WLAN DoS frame type auth
deauth Specify WLAN DoS frame type deauth
eapol Specify WLAN DoS frame type eapol
all Specify WLAN DoS frame type all
alarm Set the interval in seconds between alarms to indicate continuous DoS conditions
<number> Enter the interval in seconds between alarms to indicate continuous DoS conditions (Default: 60 secs; Min: 0 Max: None)
cluster <string> security wlan dos {cluster-level|station-level} frame-type {probe-req|probe-resp|assoc-req|assoc-resp|disassoc|auth|deauth|eapol|all} threshold <number>
cluster Create a cluster or set cluster parameters
<string> Enter a cluster profile name (1-32 chars)
security Set cluster security parameters
wlan Set WLAN parameters
dos Set WLAN DoS (Denial of Service) parameters
cluster-level Set DoS parameters at cluster-level
station-level Set DoS parameters at station-level
frame-type Set WLAN DoS (Denial of Service) frame type
probe-req Specify WLAN DoS frame type probe-req
probe-resp Specify WLAN DoS frame type probe-resp
assoc-req Specify WLAN DoS frame type assoc-req
assoc-resp Specify WLAN DoS frame type assoc-resp
disassoc Specify WLAN DoS frame type disassoc
auth Specify WLAN DoS frame type auth
deauth Specify WLAN DoS frame type deauth
eapol Specify WLAN DoS frame type eapol
all Specify WLAN DoS frame type all
threshold Set the frame threshold in ppm (packets per minute) that must be crossed to trigger an alarm
<number> Enter threshold in ppm (Default: cluster-level probe-req 12000, probe-resp 24000, eapol 6000, auth 6000, assoc-req 6000, assoc-resp 2400, all others 1200; sta-level probe-req 1200 ppm, probe-resp 2400, eapol 600, auth 600, assoc-req 600, assoc-resp 240, all others 120; Min: 0 Max: None)
cluster <string> wlan-idp in-net-ap
cluster Create a cluster or set cluster parameters
<string> Enter a cluster profile name (1-32 chars)
wlan-idp Set WLAN IDP (intrusion detection and prevention) parameters
in-net-ap Mitigate rogue APs and their clients only if the rogues are in the same backhaul network as the SmartPath APs that detected them (Default: Mitigate all rogue APs and their clients)
cluster <string> wlan-idp max-mitigator-num <number>
cluster Create a cluster or set cluster parameters
<string> Enter a cluster profile name (1-32 chars)
wlan-idp Set WLAN IDP (intrusion detection and prevention) parameters
max-mitigator-num Set the maximum number of detector APs that can be assigned as mitigator APs to perform mitigation on a rogue and its clients
<number> Enter the maximum number of mitigator APs (Default: 1; Range: 0-1024; 0 means all detector APs can be assigned to perform rogue mitigation))
cluster <string> wlan-idp mitigation-mode {automatic|semi-automatic|manual}
cluster Create a cluster or set cluster parameters
<string> Enter a cluster profile name (1-32 chars)
wlan-idp Set WLAN IDP (intrusion detection and prevention) parameters
mitigation-mode Set the mode for mitigating rogue APs and their clients
automatic Set the arbitrator AP to appoint a mitigator AP and start the mitigation process automatically (Default: semi-automatic)
semi-automatic Set the arbitrator AP to appoint a mitigator AP automatically but start the mitigation process manually (Default: semi-automatic)
manual Set the mitigator AP and start the mitigation process manually (Default: semi-automatic)
cluster <string> wlan-idp mitigation-mode {automatic|semi-automatic} action {mitigate|report}
cluster Create a cluster or set cluster parameters
<string> Enter a cluster profile name (1-32 chars)
wlan-idp Set WLAN IDP (intrusion detection and prevention) parameters
mitigation-mode Set the mode for mitigating rogue APs and their clients
automatic Set the arbitrator AP to appoint a mitigator AP and start the mitigation process automatically (Default: semi-automatic)
semi-automatic Set the arbitrator AP to appoint a mitigator AP automatically but start the mitigation process manually (Default: semi-automatic)
action Set the action that you want detector APs to take after discovering rogue APs and their clients
mitigate Mitigate rogue APs and their clients (Default: Rogue mitigation)
report Report rogue APs and their clients (Default: Rogue mitigation)
cluster <string> wlan-idp mitigator-reeval-period <number>
cluster Create a cluster or set cluster parameters
<string> Enter a cluster profile name (1-32 chars)
wlan-idp Set WLAN IDP (intrusion detection and prevention) parameters
mitigator-reeval-period Set the recurring period of time after which the arbitrator AP reevaluates which SmartPath APs to make mitigator APs
<number> Enter the period of time in minutes (Default: 5 mins; Range: 1-1440)
clusterui cas client server name <string>
clusterui Enable the clusterUI for defining SmartPath AP network settings, configuring settings to connect to SmartPath EMS, and uploading a new SmartPath OS image
cas Set client and server parameters for CAS (Central Authentication Service) to authenticate users such as teachers accessing Teacher View
client Set parameters for the local SmartPath AP to act as a CAS client
server Set parameters for communicating with the CAS server
name Set the IP address or resolvable domain name for the CAS server
<string> Enter the IP address or domain name (max 32 chars) of the CAS server
clusterui cas client server port <number>
clusterui Enable the clusterUI for defining SmartPath AP network settings, configuring settings to connect to SmartPath EMS, and uploading a new SmartPath OS image
cas Set client and server parameters for CAS (Central Authentication Service) to authenticate users such as teachers accessing Teacher View
client Set parameters for the local SmartPath AP to act as a CAS client
server Set parameters for communicating with the CAS server
port Set the destination TCP port number for the CAS server
<number> [1~65535]Enter the TCP port number (Default: 443; Range: 1-65535)
config rollback enable
config Set parameters for the current configuration file, which is a flash file containing default and admin-defined settings
rollback Set the current config as a rollback point to which the SmartPath AP can return after a length of time elapses or if it becomes disconnected from the CAPWAP server, or return the config to a previously set rollback point immediately
enable Enable the configuration rollback feature
config rollback manual [ wait-time <number> ]
config Set parameters for the current configuration file, which is a flash file containing default and admin-defined settings
rollback Set the current config as a rollback point to which the SmartPath AP can return after a length of time elapses or if it becomes disconnected from the CAPWAP server, or return the config to a previously set rollback point immediately
manual Perform the configuration rollback after the defined length of time elapses regardless of its CAPWAP connectivity (Note: This option is useful when accessing the CLI remotely and you are concerned that some commands might cause the SmartPath AP to lose its network connection.)
wait-time Set the length of time that the SmartPath AP must be disconnected from the CAPWAP server before rolling back the configuration
<number> Enter the length of time in minutes to wait before rolling back the configuration (Default: 10 minutes; Range: 0-60000: Note: 0 means that the rollback point persists indefinitely until the 'config rollback now' command is entered.)
config rollback now
config Set parameters for the current configuration file, which is a flash file containing default and admin-defined settings
rollback Set the current config as a rollback point to which the SmartPath AP can return after a length of time elapses or if it becomes disconnected from the CAPWAP server, or return the config to a previously set rollback point immediately
now Return the configuration to a previously set rollback point immediately
config rollback {capwap-disconnect|next-reboot} [ wait-time <number> ]
config Set parameters for the current configuration file, which is a flash file containing default and admin-defined settings
rollback Set the current config as a rollback point to which the SmartPath AP can return after a length of time elapses or if it becomes disconnected from the CAPWAP server, or return the config to a previously set rollback point immediately
capwap-disconnect Perform the configuration rollback if a CAPWAP disconnection occurs for the defined length of time (Note: This is useful when uploading a delta configuration, which does not require the SmartPath AP to reboot, and you are concerned that some changes might disrupt network connectivity for the SmartPath AP.)
next-reboot Perform the configuration rollback if a CAPWAP disconnection occurs for the defined length of time after the SmartPath AP reboots (Note: This is useful when uploading a full configuration, which requires the SmartPath AP to reboot, and you are concerned that the new config might disrupt network connectivity for the SmartPath AP.)
wait-time Set the length of time that the SmartPath AP must be disconnected from the CAPWAP server before rolling back the configuration
<number> Enter the length of time in minutes to wait before rolling back the configuration (Default: 10 minutes; Range: 2-60000)
config version <number>
config Set parameters for the current configuration file, which is a flash file containing default and admin-defined settings
version Set the version number for the current configuration file
<number> Enter the version number (Range: 1-4294967295)
console echo obscure-passwords
console Set console parameters
echo Set parameters for the echo
obscure-passwords Display passwords and sensitive networking keys as asterisks (***) in the CLI (Default: Passwords and keys are replaced by asterisks instead of displaying original text)
console page <number>
console Set console parameters
page Set console page parameter
<number> Set console page lines (Default: 22, Range: 10-100, Disable: 0)
console serial-port enable
console Set console parameters
serial-port Set serial port parameters
enable Enable access to the console serial port
console timeout <number>
console Set console parameters
timeout Set console timeout parameter
<number> Set console timeout value in minutes (Default: 10, Range: 0-60, Disable: 0)
data-collection collect interval <number>
data-collection Set parameters for collecting data about the types and capabilities of devices on the network and the types of applications and IP protocols they use
collect Set parameters for collecting data
interval Set the interval for collecting data about devices and their network usage
<number> Enter the amount of time in hours during which the SmartPath AP collects data (Default: 1; Range: 1-48)
data-collection enable
data-collection Set parameters for collecting data about the types and capabilities of devices on the network and the types of applications and IP protocols they use
enable Enable the local SmartPath AP to collect data about types and capabilities of devices on the network and their network usage (Default: Disabled)
data-collection report interval <number>
data-collection Set parameters for collecting data about the types and capabilities of devices on the network and the types of applications and IP protocols they use
report Set parameters for reporting data to SmartPath EMS
interval Set the interval for reporting data to SmartPath EMS
<number> Enter the amount of time in hours between data reports to SmartPath EMS (Default: 6; Range: 0-48; Note: 0 disables sending reports to SmartPath EMS.)
data-collection {max-collect} <number>
data-collection Set parameters for collecting data about the types and capabilities of devices on the network and the types of applications and IP protocols they use
max-collect Set the maximum number of collection times that must elapse before clearing data that cannot be reported to SmartPath EMS (Note: The default collection interval is 1 hour and the default report interval is 6 hours.)
<number> Enter the maximum number of times to collect data before clearing it if it cannot be reported to SmartPath EMS (Default: 24; Range: Range:1-48)
debug console [ {all} ]
debug Enable debug messages
console Show debug messages on console
all Show all messages on console
debug console level {emergency|alert|critical|error|warning|notification|info|debug}
debug Enable debug messages
console Show debug messages on console
level Specify a logging level
emergency Show emergency-level log entries (Default: debug)
alert Show log entries from alert to emergency levels (Default: debug)
critical Show log entries from critical to emergency levels (Default: debug)
error Show log entries from error to emergency levels (Default: debug)
warning Show log entries from warning to emergency levels (Default: debug)
notification Show log entries from notification to emergency levels (Default: debug)
info Show log entries from info to emergency levels (Default: debug)
debug Show log entries for all severity levels (Default: debug)
debug console timestamp
debug Enable debug messages
console Show debug messages on console
timestamp Show debug messages timestamp
device-group <string> [ mac-object <string> ] [ domain-object <string> ] [ os-object <string> ]
device-group Set a device group containing various objects that the SmartPath AP can use to classify client devices (Max: 64 groups)
<string> Enter a device group name (1-32 chars)
mac-object Add a MAC object to the device group
<string> Enter the MAC object name (1-32 chars)
domain-object Add a domain object to the device group
<string> Enter the domain object name (1-32 chars)
os-object Add an OS object to the device group
<string> Enter the OS object name (1-32 chars)
dns domain-name <string>
dns Set DNS (Domain Name System) parameters
domain-name Set the domain name suffix for the local SmartPath AP
<string> Enter the domain name suffix for the local SmartPath AP (1-32 characters)
dns server-ip <ip_addr> [ {second|third} ]
dns Set DNS (Domain Name System) parameters
server-ip Set the IP address of the primary, secondary, or tertiary DNS server
<ip_addr> Enter the IP address of the primary, secondary, or tertiary DNS server
second Assign the IP address to a secondary DNS server
third Assign the IP address to a tertiary DNS server
domain-object <string> domain <string>
domain-object Set parameters for a domain object that the SmartPath AP can use to assign a client that belongs to a matching device domain to a user profile (Max: 64 domain objects per SmartPath AP)
<string> Enter a domain object name (1-32 chars; Note: The object name is an admin-defined name and does not have to be the name of a device domain.)
domain Add a device domain to the domain object (Note: Specify the domain to which devices in an LDAP-structured database belong.)
<string> Enter an domain name (1-64 chars)
exec aaa ldap-search server-type {active-directory|ldap-server|open-directory} server <string> basedn <string> binddn <string> password <string> [ {attributes} [ <string> ] ]
exec Execute a command to initiate a task immediately
aaa Set parameters for AAA (authentication, authorization, accounting)
ldap-search Execute a search of the LDAP database
server-type Set the type of LDAP server whose database you want to search
active-directory Set the server type as an Active Directory server
ldap-server Set the server type as an OpenLDAP server
open-directory Set the server type as an Open Directory server
server Set the IP address or resolvable domain name of the LDAP server
<string> Enter the IP address or domain name (up to 32 chars)
basedn Set a node in the LDAP tree structure as the baseDN (distinguished name) from which to search for nodes one level below it or for information about one or all of its attributes
<string> Enter the baseDN (up to 256 chars) (Note: If there are any spaces, enclose the whole string in quotation marks.)
binddn Set the bindDN name and password for the user that has permission to search the LDAP directory
<string> Enter the bindDN name (up to 256 chars)
password Set the bindDN password
<string> Enter the password (1-64 chars)
attributes Search for attributes of the node specified as the baseDN
<string> Enter the name of a specific attribute for which to search (Note: To see the user group attribute of the baseDN node when the default group attribute name is being used, do not enter anything.)
exec aaa ldap-search username <string> [ basedn <string> ] [ domain <string> ]
exec Execute a command to initiate a task immediately
aaa Set parameters for AAA (authentication, authorization, accounting)
ldap-search Execute a search of the LDAP database
username Set the user name to search for in the LDAP database
<string> Enter a user name (1-32 chars)
basedn Set the baseDN (distinguished name) where the user profiles are located in the LDAP tree structure
<string> Enter the baseDN (1-256 chars; Note: If there are any spaces, enclose the whole string in quotation marks.)
domain Set the domain name of the domain controller
<string> Enter a NT domain name (1-64 chars)
exec aaa library-sip-test primary username <string> password <string>
exec Execute a command to initiate a task immediately
aaa Set parameters for AAA (authentication, authorization, accounting)
library-sip-test Test a simulated authentication process for a library patron on a library SIP (Standard Interchange Protocol) server
primary Test the authentication process on the primary library SIP server
username Set the library patron's user name to submit to the library SIP server
<string> Enter the user name (1-32 chars)
password Set the library patron's password to submit to the library SIP server
<string> Enter the password (1-64 chars)
exec aaa net-ads-info <string>
exec Execute a command to initiate a task immediately
aaa Set parameters for AAA (authentication, authorization, accounting)
net-ads-info Retrieve information from the Active Directory server such as its IP address, Active Directory domain name, root BaseDN, and realm name
<string> Enter the name of the realm to which the Active Directory server belongs (Example: corp123.com; Note: The realm name is not case sensitive; Range: 1-64 chars)
exec aaa net-join [ {primary|backup1|backup2|backup3} username <string> password <string> ]
exec Execute a command to initiate a task immediately
aaa Set parameters for AAA (authentication, authorization, accounting)
net-join Join the local SmartPath AP RADIUS server to the domain controller
primary Join the local SmartPath AP RADIUS server to the primary domain controller
backup1 Join the local SmartPath AP RADIUS server to the backup1 domain controller
backup2 Join the local SmartPath AP RADIUS server to the backup2 domain controller
backup3 Join the local SmartPath AP RADIUS server to the backup3 domain controller
username Set the admin user name for the local SmartPath AP RADIUS server (Note: For the SmartPath AP RADIUS server to join the domain, its user account must have domain admin privileges or higher.)
<string> Enter a user name (1-32 chars)
password Set the password for the user name
<string> Enter a password (1-64 chars)
exec aaa net-join domain <string> fullname <string> server <string> username <string> password <string> [ computer-ou <string> ]
exec Execute a command to initiate a task immediately
aaa Set parameters for AAA (authentication, authorization, accounting)
net-join Join the local SmartPath AP RADIUS server to the domain controller
domain Set the domain name of the AD domain controller
<string> Enter the NetBIOS name of the domain (1-64 chars; Note: The domain name cannot contain multiple-level domains delimited by dots.)
fullname Set the full name of the domain to which the RADIUS server (local SmartPath AP) and AD server both belong
<string> Enter the full domain name (1-64 chars)
server Set the IP address or resolvable domain name for the AD server (Note: The AD server is the same as the domain controller.)
<string> Enter the IP address or domain name (up to 32 chars)
username Set the admin user name that the local SmartPath AP RADIUS server submits to the AD server (Note: For the SmartPath AP RADIUS server to join the domain, its user account must have domain admin privileges or higher.)
<string> Enter a user name (1-32 chars)
password Set the password for the user name
<string> Enter a password (1-64 chars)
computer-ou Set the OU (organizational unit) used on the Active Directory server where the SmartPath AP RADIUS server admin has privileges to add the SmartPath AP as a computer in the domain
<string> Enter the OU (Max: 256 chars; Format: ou/sub-ou/sub-ou; Note: If there are any spaces, enclose the entire string in quotation marks.)
exec aaa ntlm-auth username <string> password <string> [ domain <string> ]
exec Execute a command to initiate a task immediately
aaa Set parameters for AAA (authentication, authorization, accounting)
ntlm-auth Initiate NTLM (NT LAN Manager) authentication between the SmartPath AP RADIUS server and the domain controller
username Set the user name that the SmartPath AP RADIUS server uses when authenticating itself to the domain controller
<string> Enter a user name (1-32 chars)
password Set the password that the SmartPath AP RADIUS server uses when authenticating itself to the domain controller
<string> Enter a password (1-64 chars)
domain Set the domain name of the domain controller
<string> Enter a NT domain name (1-64 chars)
exec aaa radius-test <string> accounting
exec Execute a command to initiate a task immediately
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-test Send a RADIUS Access-Request message from the SmartPath AP to a RADIUS authentication server or an Accounting-Request message to a RADIUS accounting server
<string> Enter the IP address or domain name of the RADIUS server (1-32 chars)
accounting Check the network connectivity status of a RADIUS accounting server (Default: Check the status of a RADIUS authentication server.)
exec aaa radius-test <string> username <string> password <string>
exec Execute a command to initiate a task immediately
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-test Send a RADIUS Access-Request message from the SmartPath AP to a RADIUS authentication server or an Accounting-Request message to a RADIUS accounting server
<string> Enter the IP address or domain name of the RADIUS server (1-32 chars)
username Set the user name belonging to an account on the RADIUS server
<string> Enter the user name (1-32 chars)
password Set the password that belongs to the same account as the user name on the RADIUS server
<string> Enter the password (1-64 chars)
exec antenna-alignment interface <wifix> peer <mac_addr> [ count <number> ] [ interval <number> ] [ text-size <number> ]
exec Execute a command to initiate a task immediately
antenna-alignment Set parameters for aligning a directional or sectional antenna connected to a radio in backhaul or dual (access and backhaul) mode with a specified peer
interface Set the interface bound to the radio whose antenna you want to align with that of a peer
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0 or 1
peer Set the MAC address of the peer to which the SmartPath AP sends antenna alignment request frames
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
count Set the total number of request frames to send to the peer
<number> Enter the total number of request frames (Default: 60; Range: 1-1000)
interval Set the interval between each request frame transmission
<number> Enter the interval in seconds (Default: 1; Range: 1-30)
text-size Set the amount of filler text in each request frame
<number> Enter the amount of filler text in bytes (Default: 16; Range: 16-2048)
exec capture remote-sniffer [ user <string> <string> ] [ host-allowed <string> ] [ local-port <number> ] [ promiscuous ]
exec Execute a command to initiate a task immediately
capture Initiate packet capturing
remote-sniffer Set parameters for a remote packet sniffer
user Set user name and password that the remote sniffer uses when authenticating itself to the SmartPath AP
<string> Enter the user name (1-32 chars)
<string> Enter the password (1-32 chars)
host-allowed Set the IP address or domain name of the remote packet sniffer that is allowed to connect to the SmartPath AP
<string> Enter the IP address or domain name (1-32 chars)
local-port Set the port number on which the SmartPath AP listens for connection requests from the remote sniffer
<number> Enter the port number (Default: 2002; Range: 1024-65535)
promiscuous Enable the wifi interfaces to operate in promiscuous mode during packet capturing (Default: Disabled)
exec client-monitor <mac_addr>
exec Execute a command to initiate a task immediately
client-monitor Monitor the activities of a client
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
exec data-collection {push|clear}
exec Execute a command to initiate a task immediately
data-collection Perform an action on the data collected about the types and capabilities of devices on the network and the types of applications and IP protocols they use
push Push all collected data to SmartPath EMS
clear Clear all collected data that is currently stored in the local SmartPath AP
exec interface <wifix> spectral-scan channel <number>
exec Execute a command to initiate a task immediately
interface Execute the command through a specific interface
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0 or 1
spectral-scan Execute a spectral scan of all the channels specified in the channel scan list and report signal frequency and amplitude, channel utilization, and types of interference to SmartPath EMS
channel Set the channel to be scanned
<number> Enter the channel number (Note: To create a list of multiple channels, repeatedly enter this command with a different channel number for each one that you want to scan.) (Range: 1-165)
exec interface <wifix> spectral-scan report-interval <number>
exec Execute a command to initiate a task immediately
interface Execute the command through a specific interface
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0 or 1
spectral-scan Execute a spectral scan of all the channels specified in the channel scan list and report signal frequency and amplitude, channel utilization, and types of interference to SmartPath EMS
report-interval Set the length of time to collect spectral data and then report it to SmartPath EMS
<number> Enter the report interval in seconds (Default: 1; Range: 1-30)
exec interface <wifix> spectral-scan {start|stop}
exec Execute a command to initiate a task immediately
interface Execute the command through a specific interface
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0 or 1
spectral-scan Execute a spectral scan of all the channels specified in the channel scan list and report signal frequency and amplitude, channel utilization, and types of interference to SmartPath EMS
start Start a spectral scan
stop Stop a spectral scan that is currently in progress
exec user-group <string> psk-to-pmk
exec Execute a command to initiate a task immediately
user-group Execute a user-group command
<string> Enter the user group name (1-32 chars)
psk-to-pmk Regenerate all users' PMKs (pairwise master keys) based on their PSKs (preshared keys)
exec wlan-idp ap-classify {rogue|friendly} <mac_addr> [ - <mac_addr> ]
exec Execute a command to initiate a task immediately
wlan-idp Execute a command relating to WLAN IDP (intrusion detection and prevention)
ap-classify Classify one or more APs as rogue or friendly by MAC address
rogue Classify APs as rogue
friendly Classify APs as friendly
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
- Set a range of MAC addresses
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
exec wlan-idp mitigate {rogue-ap} <mac_addr>
exec Execute a command to initiate a task immediately
wlan-idp Execute a command relating to WLAN IDP (intrusion detection and prevention)
mitigate Mitigate a specific rogue AP and its clients by sending a deauth DoS attack against them
rogue-ap Mitigate a specific rogue AP
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
exec wlan-idp mitigate {rogue-ap} <mac_addr> interface <wifix>
exec Execute a command to initiate a task immediately
wlan-idp Execute a command relating to WLAN IDP (intrusion detection and prevention)
mitigate Mitigate a specific rogue AP and its clients by sending a deauth DoS attack against them
rogue-ap Mitigate a specific rogue AP
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
interface Execute the command through a specific interface
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0 or 1
exit
exit Exit from the current mode
filter <number> l2 [ {data|ctl|mgmt} ] [ subtype <hex> ] [ src-mac <mac_addr> ] [ dst-mac <mac_addr> ] [ bssid <mac_addr> ] [ tx-mac <mac_addr> ] [ rx-mac <mac_addr> ] [ error {crc|decrypt|mic|all|no} ] [ etype <hex> ]
filter Set packet capture filter parameters
<number> Enter a filter ID (Range: 1-64)
l2 Set packet capture filter for layer 2 parameters
data Filter by data traffic
ctl Filter by ctl traffic
mgmt Filter by mgmt traffic
subtype Filter by frame subtype
<hex> Enter frame subtype value
src-mac Filter by source MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
dst-mac Filter by destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
bssid Filter by BSSID
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
tx-mac Filter by transmitter MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
rx-mac Filter by receiver MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
error Filter by error condition
crc Filter by crc error
decrypt Filter by decrypt error
mic Filter by mic error
all Filter by all error
no Filter by no error
etype Filter by Ethernet value
<hex> Enter the value indicating an ethernet type (ARP:0806; IP:0800; IPX:8137; RARP:8035)
filter <number> l3 [ src-ip <ip_addr> ] [ dst-ip <ip_addr> ] [ protocol <number> ] [ src-port <number> ] [ dst-port <number> ]
filter Set packet capture filter parameters
<number> Enter a filter ID (Range: 1-64)
l3 Set packet capture filter for layer 3 parameters
src-ip Filter by source IP address
<ip_addr> Enter a source IP address
dst-ip Filter by destination IP address
<ip_addr> Enter a destination IP address
protocol Filter by protocol number in IP header
<number> Enter a protocol value (UDP:17; TCP:6 ICMP:1)
src-port Filter by source port filter
<number> Enter a source port number
dst-port Filter by destination port
<number> Enter a destination port number (HTTP:80; FTP:21; TELNET:23; DHCP:67; TFTP:79)
filter [ <number> ] [ direction bidirectional ]
filter Set packet capture filter parameters
<number> Enter a filter ID (Range: 1-64)
direction Set filter traffic flowing direction
bidirectional Filter traffic flowing in both directions
forwarding-engine drop {ip-fragmented-packets|to-self-non-management-traffic}
forwarding-engine Set parameters to shape the behavior of the forwarding engine
drop Set parameters for dropping packets
ip-fragmented-packets Drop fragmented IP packets
to-self-non-management-traffic Drop all non-management traffic destined to the SmartPath AP itself
forwarding-engine inter-ssid-flood enable
forwarding-engine Set parameters to shape the behavior of the forwarding engine
inter-ssid-flood Forward multicast and broadcast traffic between access interfaces to protect SSIDs from flooding (Default: Enabled)
enable Enable the protection of SSIDs from multicast and broadcast flooding
forwarding-engine log {firewall-dropped-packets|to-self-sessions}
forwarding-engine Set parameters to shape the behavior of the forwarding engine
log Set logging parameters for packets
firewall-dropped-packets Log dropped packets that are denied by IP or MAC firewall policies (Default: Do not log dropped packets)
to-self-sessions Log the first packets of sessions destined for the SmartPath AP itself (Default: Do not log first packets)
forwarding-engine max-ip-sessions-per-station <number>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
max-ip-sessions-per-station Set the maximum number of IP sessions that can be created to or from a station
<number> Enter the maximum IP sessions number per station (Range: 1-8000; Note: By default, IP session limiting is disabled.)
forwarding-engine max-mac-sessions-per-station <number>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
max-mac-sessions-per-station Set the maximum number of MAC sessions that can be created to or from a station
<number> Enter the maximum MAC sessions number per station (Range: 1-8000; Note: By default, MAC session limiting is disabled.)
forwarding-engine proxy-arp enable
forwarding-engine Set parameters to shape the behavior of the forwarding engine
proxy-arp Set ARP proxying parameters
enable Enable learning MAC addresses and proxy replies to ARP requests
forwarding-engine static-rule <string> action drop in-if <ethx|aggx|redx> dst-mac <mac_addr>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
static-rule Add a static packet-forwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packet-forwarding rule (1-32 chars)
action Set the action to apply to packets matching the static packet-forwarding rule
drop Drop packets that match the rule
in-if Set the inbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
dst-mac Set the destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
forwarding-engine static-rule <string> action drop in-if <ethx|aggx|redx> src-mac <mac_addr> dst-mac <mac_addr>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
static-rule Add a static packet-forwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packet-forwarding rule (1-32 chars)
action Set the action to apply to packets matching the static packet-forwarding rule
drop Drop packets that match the rule
in-if Set the inbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
src-mac Set the source MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
dst-mac Set the destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
forwarding-engine static-rule <string> action drop in-if <ethx|aggx|redx> src-oui <oui> dst-mac <mac_addr>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
static-rule Add a static packet-forwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packet-forwarding rule (1-32 chars)
action Set the action to apply to packets matching the static packet-forwarding rule
drop Drop packets that match the rule
in-if Set the inbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
src-oui Set the source OUI, apply the rule to any MAC address sharing the same OUI as the MAC address
<oui> Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
dst-mac Set the destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
forwarding-engine static-rule <string> action drop in-if <wifix.y> dst-mac <mac_addr> tx-mac <mac_addr>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
static-rule Add a static packet-forwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packet-forwarding rule (1-32 chars)
action Set the action to apply to packets matching the static packet-forwarding rule
drop Drop packets that match the rule
in-if Set the inbound interface
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
dst-mac Set the destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
tx-mac Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the SmartPath AP
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
forwarding-engine static-rule <string> action drop in-if <wifix.y> src-mac <mac_addr> dst-mac <mac_addr> tx-mac <mac_addr>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
static-rule Add a static packet-forwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packet-forwarding rule (1-32 chars)
action Set the action to apply to packets matching the static packet-forwarding rule
drop Drop packets that match the rule
in-if Set the inbound interface
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
src-mac Set the source MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
dst-mac Set the destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
tx-mac Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the SmartPath AP
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
forwarding-engine static-rule <string> action drop in-if <wifix.y> src-oui <oui> dst-mac <mac_addr> tx-mac <mac_addr>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
static-rule Add a static packet-forwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packet-forwarding rule (1-32 chars)
action Set the action to apply to packets matching the static packet-forwarding rule
drop Drop packets that match the rule
in-if Set the inbound interface
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
src-oui Set the source OUI, apply the rule to any MAC address sharing the same OUI as the MAC address
<oui> Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
dst-mac Set the destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
tx-mac Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the SmartPath AP
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
forwarding-engine static-rule <string> action pass in-if <ethx|aggx|redx> dst-mac <mac_addr> out-if <ethx|aggx|redx>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
static-rule Add a static packet-forwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packet-forwarding rule (1-32 chars)
action Set the action to apply to packets matching the static packet-forwarding rule
pass Pass packets that match the rule
in-if Set the inbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
dst-mac Set the destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
out-if Set the outbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
forwarding-engine static-rule <string> action pass in-if <ethx|aggx|redx> dst-mac <mac_addr> out-if <wifix.y> rx-mac <mac_addr>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
static-rule Add a static packet-forwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packet-forwarding rule (1-32 chars)
action Set the action to apply to packets matching the static packet-forwarding rule
pass Pass packets that match the rule
in-if Set the inbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
dst-mac Set the destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
out-if Set the outbound interface
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
rx-mac Set the MAC address of the receiver; that is the MAC address of the device on the network to which the SmartPath AP forwards the frame
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
forwarding-engine static-rule <string> action pass in-if <ethx|aggx|redx> src-mac <mac_addr> dst-mac <mac_addr> out-if <ethx|aggx|redx>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
static-rule Add a static packet-forwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packet-forwarding rule (1-32 chars)
action Set the action to apply to packets matching the static packet-forwarding rule
pass Pass packets that match the rule
in-if Set the inbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
src-mac Set the source MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
dst-mac Set the destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
out-if Set the outbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
forwarding-engine static-rule <string> action pass in-if <ethx|aggx|redx> src-mac <mac_addr> dst-mac <mac_addr> out-if <wifix.y> rx-mac <mac_addr>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
static-rule Add a static packet-forwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packet-forwarding rule (1-32 chars)
action Set the action to apply to packets matching the static packet-forwarding rule
pass Pass packets that match the rule
in-if Set the inbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
src-mac Set the source MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
dst-mac Set the destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
out-if Set the outbound interface
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
rx-mac Set the MAC address of the receiver; that is the MAC address of the device on the network to which the SmartPath AP forwards the frame
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
forwarding-engine static-rule <string> action pass in-if <ethx|aggx|redx> src-oui <oui> dst-mac <mac_addr> out-if <ethx|aggx|redx>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
static-rule Add a static packet-forwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packet-forwarding rule (1-32 chars)
action Set the action to apply to packets matching the static packet-forwarding rule
pass Pass packets that match the rule
in-if Set the inbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
src-oui Set the source OUI, apply the rule to any MAC address sharing the same OUI as the MAC address
<oui> Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
dst-mac Set the destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
out-if Set the outbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
forwarding-engine static-rule <string> action pass in-if <ethx|aggx|redx> src-oui <oui> dst-mac <mac_addr> out-if <wifix.y> rx-mac <mac_addr>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
static-rule Add a static packet-forwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packet-forwarding rule (1-32 chars)
action Set the action to apply to packets matching the static packet-forwarding rule
pass Pass packets that match the rule
in-if Set the inbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
src-oui Set the source OUI, apply the rule to any MAC address sharing the same OUI as the MAC address
<oui> Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
dst-mac Set the destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
out-if Set the outbound interface
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
rx-mac Set the MAC address of the receiver; that is the MAC address of the device on the network to which the SmartPath AP forwards the frame
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
forwarding-engine static-rule <string> action pass in-if <wifix.y> dst-mac <mac_addr> tx-mac <mac_addr> out-if <ethx|aggx|redx>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
static-rule Add a static packet-forwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packet-forwarding rule (1-32 chars)
action Set the action to apply to packets matching the static packet-forwarding rule
pass Pass packets that match the rule
in-if Set the inbound interface
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
dst-mac Set the destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
tx-mac Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the SmartPath AP
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
out-if Set the outbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
forwarding-engine static-rule <string> action pass in-if <wifix.y> dst-mac <mac_addr> tx-mac <mac_addr> out-if <wifix.y> rx-mac <mac_addr>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
static-rule Add a static packet-forwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packet-forwarding rule (1-32 chars)
action Set the action to apply to packets matching the static packet-forwarding rule
pass Pass packets that match the rule
in-if Set the inbound interface
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
dst-mac Set the destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
tx-mac Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the SmartPath AP
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
out-if Set the outbound interface
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
rx-mac Set the MAC address of the receiver; that is the MAC address of the device on the network to which the SmartPath AP forwards the frame
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
forwarding-engine static-rule <string> action pass in-if <wifix.y> src-mac <mac_addr> dst-mac <mac_addr> tx-mac <mac_addr> out-if <ethx|aggx|redx>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
static-rule Add a static packet-forwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packet-forwarding rule (1-32 chars)
action Set the action to apply to packets matching the static packet-forwarding rule
pass Pass packets that match the rule
in-if Set the inbound interface
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
src-mac Set the source MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
dst-mac Set the destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
tx-mac Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the SmartPath AP
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
out-if Set the outbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
forwarding-engine static-rule <string> action pass in-if <wifix.y> src-mac <mac_addr> dst-mac <mac_addr> tx-mac <mac_addr> out-if <wifix.y> rx-mac <mac_addr>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
static-rule Add a static packet-forwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packet-forwarding rule (1-32 chars)
action Set the action to apply to packets matching the static packet-forwarding rule
pass Pass packets that match the rule
in-if Set the inbound interface
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
src-mac Set the source MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
dst-mac Set the destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
tx-mac Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the SmartPath AP
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
out-if Set the outbound interface
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
rx-mac Set the MAC address of the receiver; that is the MAC address of the device on the network to which the SmartPath AP forwards the frame
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
forwarding-engine static-rule <string> action pass in-if <wifix.y> src-oui <oui> dst-mac <mac_addr> tx-mac <mac_addr> out-if <ethx|aggx|redx>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
static-rule Add a static packet-forwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packet-forwarding rule (1-32 chars)
action Set the action to apply to packets matching the static packet-forwarding rule
pass Pass packets that match the rule
in-if Set the inbound interface
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
src-oui Set the source OUI, apply the rule to any MAC address sharing the same OUI as the MAC address
<oui> Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
dst-mac Set the destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
tx-mac Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the SmartPath AP
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
out-if Set the outbound interface
<ethx> Enter the name of an Ethernet interface, where x = 0
<aggx> Enter the name of the aggregate interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
forwarding-engine static-rule <string> action pass in-if <wifix.y> src-oui <oui> dst-mac <mac_addr> tx-mac <mac_addr> out-if <wifix.y> rx-mac <mac_addr>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
static-rule Add a static packet-forwarding rule that preempts dynamic forwarding decisions
<string> Enter the name of the packet-forwarding rule (1-32 chars)
action Set the action to apply to packets matching the static packet-forwarding rule
pass Pass packets that match the rule
in-if Set the inbound interface
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
src-oui Set the source OUI, apply the rule to any MAC address sharing the same OUI as the MAC address
<oui> Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
dst-mac Set the destination MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
tx-mac Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the SmartPath AP
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
out-if Set the outbound interface
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
rx-mac Set the MAC address of the receiver; that is the MAC address of the device on the network to which the SmartPath AP forwards the frame
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
forwarding-engine tunnel selective-multicast-forward allow-all except <ip_addr|ip_addr/mask>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
tunnel Set tunnel (GRE tunnel or GRE-over-IPsec tunnel) parameters
selective-multicast-forward Selective multicast forwarding through GRE tunnels
allow-all Allow the forwarding of all IP multicast traffic through tunnels except for specified IP multicast groups
except Block specific IP multicast traffic through tunnels
<ip_addr> Enter the IP address and netmask of the multicast group to block (Example: 224.1.1.1 or 224.1.1.0/24)
<ip_addr/netmask> Enter the IP address and netmask of the multicast group to block (Example: 224.1.1.1 or 224.1.1.0/24)
forwarding-engine tunnel selective-multicast-forward block-all
forwarding-engine Set parameters to shape the behavior of the forwarding engine
tunnel Set tunnel (GRE tunnel or GRE-over-IPsec tunnel) parameters
selective-multicast-forward Selective multicast forwarding through GRE tunnels
block-all Block the forwarding of all IP multicast traffic through tunnels except for specified IP multicast groups
forwarding-engine tunnel selective-multicast-forward block-all except <ip_addr|ip_addr/mask>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
tunnel Set tunnel (GRE tunnel or GRE-over-IPsec tunnel) parameters
selective-multicast-forward Selective multicast forwarding through GRE tunnels
block-all Block the forwarding of all IP multicast traffic through tunnels except for specified IP multicast groups
except Allow specific IP multicast traffic through tunnels
<ip_addr> Enter the IP address and netmask of the multicast group to allow (Example: 224.1.1.1 or 224.1.1.0/24)
<ip_addr/netmask> Enter the IP address and netmask of the multicast group to allow (Example: 224.1.1.1 or 224.1.1.0/24)
forwarding-engine tunnel tcp-mss-threshold enable
forwarding-engine Set parameters to shape the behavior of the forwarding engine
tunnel Set tunnel (GRE tunnel or GRE-over-IPsec tunnel) parameters
tcp-mss-threshold Set TCP MSS (Maximum Segment Size) parameters
enable Enable the TCP MSS threshold feature
forwarding-engine tunnel tcp-mss-threshold threshold-size <number>
forwarding-engine Set parameters to shape the behavior of the forwarding engine
tunnel Set tunnel (GRE tunnel or GRE-over-IPsec tunnel) parameters
tcp-mss-threshold Set TCP MSS (Maximum Segment Size) parameters
threshold-size Set the TCP MSS threshold size
<number> Enter the TCP MSS size in bytes(GRE Tunnel Range: 64-1414; GRE-over-IPSec Tunnel Range: 64-1336)
history <number>
history Set the capacity for command history
<number> Enter the max number of commands to store in command history (Default: 20; Range: 1-50)
hostname <string>
hostname Set the hostname of the SmartPath AP
<string> Enter the hostname of the SmartPath AP (1-32 chars)
interface <ethx> allowed-vlan <number> [ - <number> ]
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0
allowed-vlan Set a list of VLAN IDs by which traffic allowed to cross the interface can be filtered
<number> Enter the VLAN ID to be allowed (Range: 1-4094)
- Set a range of allowed VLAN IDs
<number> Enter the last VLAN ID in the range (Range: 1-4094)
interface <ethx> allowed-vlan {all|auto}
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0
allowed-vlan Set a list of VLAN IDs by which traffic allowed to cross the interface can be filtered
all Allow traffic tagged with any VLAN ID
auto Allow traffic whose VLAN ID matches that of mgt0, the native vlan, or the default VLAN configured in user profiles
interface <ethx> duplex {full|half|auto}
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0
duplex Set the duplex for the interface
full Set the duplex of ethernet interface to full (Default: auto)
half Set the duplex of ethernet interface to half (Default: auto)
auto Set the duplex of ethernet interface to auto (Default: auto)
interface <ethx> inter-station-traffic
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0
inter-station-traffic Set the SmartPath AP to permit traffic between stations connected to one or more of its access interfaces (Default: Enabled)
interface <ethx> ip <ip_addr/netmask>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0
ip Set an IP address and netmask for the interface
<ip_addr/netmask> Enter the interface IP address and netmask
interface <ethx> link-discovery {lldp|cdp}
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0
link-discovery Enable the communication of network-related information with neighboring network devices through the interface (Default: LLDP enabled; CDP enabled)
lldp Set LLDP (Link Layer Discovery Protocol) parameters on the interface
cdp Set CDP (Cisco Discovery Protocol) parameters on the interface
interface <ethx> mac-learning enable
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0
mac-learning Set parameters for MAC address learning
enable Enable MAC address learning on the Ethernet interface
interface <ethx> mac-learning idle-timeout <number>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0
mac-learning Set parameters for MAC address learning
idle-timeout Set the timeout for automatically clearing an inactive dynamically learned MAC address from the MAC learning table
<number> Enter the timeout value in seconds (Default: 180; Range: 10-3600)
interface <ethx> mac-learning static <mac_addr>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0
mac-learning Set parameters for MAC address learning
static Set statically defined MAC address entries
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
interface <ethx> manage {Telnet|SSH|SNMP|ping|all}
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0
manage Set management service parameters
Telnet Enable Telnet manageability of mgt0 through this interface (Default: Disabled)
SSH Enable SSH manageability of mgt0 through this interface (Default: Enabled)
SNMP Enable SNMP manageability of mgt0 through this interface (Default: Disabled)
ping Enable mgt0 to respond to pings through this interface (Default: Enabled)
all Enable all manageability options (ping, SNMP, SSH, and Telnet) for mgt0 through this interface
interface <ethx> mode bridge-802.1q user-profile-attribute <number>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0
mode Set the operation mode for the interface
bridge-802.1q Set the operation mode to bridge-802.1q for the interface (Default: backhaul)
user-profile-attribute Map a RADIUS attribute to the user profile
<number> Enter a numeric value for a single RADIUS attribute (Default:0; Range: 0-4095)
interface <ethx> mode bridge-access [ user-profile-attribute <number> ]
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0
mode Set the operation mode for the interface
bridge-access Set the operation mode to bridge-access for the interface (Default: backhaul)
user-profile-attribute Map a RADIUS attribute to the user profile
<number> Enter a numeric value for a single RADIUS attribute (Default:0; Range: 0-4095)
interface <ethx> mode {bridge-802.1q|backhaul}
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0
mode Set the operation mode for the interface
bridge-802.1q Set the operation mode to bridge-802.1q for the interface (Default: backhaul)
backhaul Set the operation mode to backhaul for the interface (Default: backhaul)
interface <ethx> native-vlan <number>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0
native-vlan Set the native (untagged) VLAN used by the switch infrastructure in the surrounding Ethernet network
<number> Enter the native (untagged) VLAN (Range: 1-4094)
interface <ethx> qos-classifier <string>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0
qos-classifier Assign a QoS classification profile (classifier) to the interface
<string> Enter the QoS classifier profile name (1 to 32 chars)
interface <ethx> qos-marker <string>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0
qos-marker Assign a QoS marker profile to the interface
<string> Enter the QoS marker profile name (1 to 32 chars)
interface <ethx> rate-limit broadcast <number>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0
rate-limit Set parameter for interface-based rate limiting
broadcast Set broadcast traffic rate limiting
<number> Enter the maximum rate for incoming broadcast traffic for the interface (Default: 2000 Kbps; Range: 0-20000)
interface <ethx> rate-limit multicast <number>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0
rate-limit Set parameter for interface-based rate limiting
multicast Set multicast traffic rate limiting
<number> Enter the maximum rate for incoming multicast traffic for the interface (Default: 4000 Kbps; Range: 0-20000)
interface <ethx> rate-limit unicast <number>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0
rate-limit Set parameter for interface-based rate limiting
unicast Set unicast traffic rate limiting
<number> Enter the maximum rate for incoming unicast traffic for the interface (Default: 100000 Kbps; Range: 0-1000000)
interface <ethx> rate-limit {multicast|broadcast|unicast} enable
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0
rate-limit Set parameter for interface-based rate limiting
multicast Set multicast traffic rate limiting
broadcast Set broadcast traffic rate limiting
unicast Set unicast traffic rate limiting
enable Enable rate limiting on the interface for this type of traffic (Default: multicast/broadcast Enable,unicast Disable)
interface <ethx> security-object <string>
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0
security-object Assign a security object to control network access through this interface
<string> Enter the security object name (1-32 chars)
interface <ethx> shutdown
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0
shutdown Disable the interface
interface <ethx> speed {10|100|1000|auto}
interface Set interface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0
speed Set the speed for the interface
10 Set the speed of ethernet interface to 10 Mbps (Default: auto)
100 Set the speed of ethernet interface to 100 Mbps (Default: auto)
1000 Set the speed of ethernet interface to 1000 Mbps (Default: auto)
auto Set the speed of ethernet interface to auto Mbps (Default: auto)
interface <mgtx.y> ip <ip_addr/netmask>
interface Set interface parameters
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
ip Set IP address for the virtual management interface
<ip_addr/netmask> Enter the virtual management interface IP address and netmask
interface <mgtx.y> manage ping
interface Set interface parameters
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
manage Set management service parameters
ping Enable the virtual management interface to respond to pings (Default: Enabled)
interface <mgtx.y> vlan <number>
interface Set interface parameters
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
vlan Set the VLAN ID for the interface
<number> Enter the VLAN ID (Default: 1; Range: 1-4094)
interface <mgtx> cluster <string>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
cluster Set the cluster profile to the mgt0 interface or enable/disable the wifi interface used for cluster communications
<string> Enter a cluster profile name (1-32 chars)
interface <mgtx> default-ip-prefix <ip_addr/netmask>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
default-ip-prefix Set the network address to combine with the automatically generated host IP address to make a complete IP address (The netmask for the default IP address is 255.255.0.0)
<ip_addr/netmask> Enter the network address/netmask (Default: 192.168.0.0/16; Note: Only 8, 16, and 24-bit netmasks are supported.)
interface <mgtx> default-ip-prefix <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
default-ip-prefix Set the network address to combine with the automatically generated host IP address to make a complete IP address (The netmask for the default IP address is 255.255.0.0)
<ip_addr> Enter the network address (Default: 192.168.0.0)
interface <mgtx> dhcp client
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp Set DHCP parameters
client Set DHCP client parameters
interface <mgtx> dhcp client address-only
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp Set DHCP parameters
client Set DHCP client parameters
address-only Set the SmartPath AP to use only the IP address, netmask, and gateway received through DHCP instead of all TCP/IP settings (Default: Use all TCP/IP settings received through DHCP)
interface <mgtx> dhcp client fallback-to-static-ip
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp Set DHCP parameters
client Set DHCP client parameters
fallback-to-static-ip Assign the static IP address to mgt0 when it does not receive an address through DHCP by the end of the timeout interval
interface <mgtx> dhcp client option custom ppsk-server <number> ip
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp Set DHCP parameters
client Set DHCP client parameters
option Set DHCP client options
custom Set DHCP client custom options
ppsk-server Set a custom DHCP option ID and ID type for a private PSK server
<number> Enter the custom DHCP option ID (ID Range: 128-254; Default ID numbers and types: SmartPath EMS: 225 string, 226 IP; syslog 227 string, 228 IP; private PSK: 229 IP; RADIUS authentication: 230 IP; RADIUS accounting: 231, IP)
ip Set the type of the custom DHCP option as IP
interface <mgtx> dhcp client option custom radius-server <number> ip
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp Set DHCP parameters
client Set DHCP client parameters
option Set DHCP client options
custom Set DHCP client custom options
radius-server Set a custom DHCP option ID and ID type for a RADIUS authentication or accounting server
<number> Enter the custom DHCP option ID for a RADIUS authentication server (ID Range: 128-254; Default ID numbers and types: SmartPath EMS: 225 string, 226 IP; syslog 227 string, 228 IP; private PSK: 229 IP; RADIUS authentication: 230 IP; RADIUS accounting: 231, IP)
ip Set the type of the custom DHCP option as IP
interface <mgtx> dhcp client option custom radius-server accounting <number> ip
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp Set DHCP parameters
client Set DHCP client parameters
option Set DHCP client options
custom Set DHCP client custom options
radius-server Set a custom DHCP option ID and ID type for a RADIUS authentication or accounting server
accounting Set a custom DHCP option ID and ID type for a RADIUS accounting server
<number> Enter the custom DHCP option ID for a RADIUS accounting server (ID Range: 128-254; Default ID numbers and types: SmartPath EMS: 225 string, 226 IP; syslog 227 string, 228 IP; private PSK: 229 IP; RADIUS authentication: 230 IP; RADIUS accounting: 231, IP)
ip Set the type of the custom DHCP option as IP
interface <mgtx> dhcp client option custom {syslog-server|smartpath-ems} <number> {string|ip}
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp Set DHCP parameters
client Set DHCP client parameters
option Set DHCP client options
custom Set DHCP client custom options
syslog-server Set a custom DHCP option ID and ID type for a syslog server
smartpath-ems Set a custom DHCP option ID and ID type for SmartPath EMS
<number> Enter the custom DHCP option ID (Default ID numbers and types: SmartPath EMS = 225 string, 226 IP; Syslog server = 227 string, 228 IP)
string Set the type of the custom DHCP option as a string
ip Set the type of the custom DHCP option as an IP address
interface <mgtx> dhcp client prefer-subnet <ip_addr/netmask>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp Set DHCP parameters
client Set DHCP client parameters
prefer-subnet Set prefer subnet for DHCP client
<ip_addr/netmask> Enter prefer subnet for DHCP client
interface <mgtx> dhcp client timeout <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp Set DHCP parameters
client Set DHCP client parameters
timeout Set the interval to wait for a response from the DHCP server before applying the admin-defined or default network settings
<number> Enter the timeout value in seconds (Default: 20; Range: 0-3600)
interface <mgtx> dhcp keepalive enable
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp Set DHCP parameters
keepalive Set parameters for periodically checking network connectivity to DHCP servers
enable Enable the checking of network connectivity to DHCP servers in the specified VLAN range and also in VLANs set in user profile definitions or assigned by RADIUS servers, the native VLAN, and the management interface VLAN (Default: Disabled)
interface <mgtx> dhcp keepalive interval <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp Set DHCP parameters
keepalive Set parameters for periodically checking network connectivity to DHCP servers
interval Set the interval between periodic connectivity status checks
<number> Enter the interval in seconds (Default: 300; Range: 60-3600)
interface <mgtx> dhcp keepalive retry <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp Set DHCP parameters
keepalive Set parameters for periodically checking network connectivity to DHCP servers
retry Set the number of times to retry sending a probe that does not elicit a response from a DHCP server
<number> Enter the retry value (Default: 1; Range: 1-10)
interface <mgtx> dhcp keepalive timeout <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp Set DHCP parameters
keepalive Set parameters for periodically checking network connectivity to DHCP servers
timeout Set the timeout for waiting for a response to a DHCP probe
<number> Enter the timeout value (Default: 5 secs; Range: 1-60)
interface <mgtx> dhcp keepalive vlan <number> [ <number> ]
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp Set DHCP parameters
keepalive Set parameters for periodically checking network connectivity to DHCP servers
vlan Set the range of VLANs in which to probe for DHCP servers
<number> Enter the start of the VLAN range (Range: 1-4094)
<number> Enter the end of the VLAN range (Range: 1-4094)
interface <mgtx> dhcp-probe vlan-range <number> <number> [ timeout <number> ] [ retries <number> ]
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp-probe Probe for DHCP servers in one or more VLANs
vlan-range Set the range of VLANs in which to probe for a DHCP server
<number> Enter the start of the VLAN range (Range: 1-4094)
<number> Enter the end of the VLAN range (Range: 1-4094)
timeout Set the timeout for waiting for a response to a probe
<number> Enter the timeout value (Default: 3 secs; Range: 1-60)
retries Set the number of times to retry sending a probe that does not elicit a response from a DHCP server
<number> Enter the retry value (Default: 1; Range: 1-10)
interface <mgtx> ip <ip_addr/netmask>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
ip Set mgt0 IP address
<ip_addr/netmask> Enter mgt0 IP address/netmask
interface <mgtx> ip <ip_addr> <netmask>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
ip Set mgt0 IP address
<ip_addr> Enter mgt0 IP address
<netmask> Enter mgt0 netmask
interface <mgtx> mtu <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
mtu Set the MTU (maximum transmission unit) to determine when to start fragmenting packets
<number> Enter the MTU value in bytes (Default: 1500; Range: 100-1500)
interface <mgtx> native-vlan <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
native-vlan Set the native (untagged) VLAN that the switch infrastructure in the surrounding wired and wireless backhaul network uses
<number> Enter the native (untagged) VLAN (Default: 1; Range: 1-4094)
interface <mgtx> vlan <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
vlan Set the VLAN for administrative access to the SmartPath AP, management traffic between SmartPath APs and SmartPath EMS, and control traffic among cluster members
<number> Enter the VLAN ID for the interface (Default: 1; Range: 1-4094)
interface <mgtx|mgtx.y> dhcp-server enable
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Set DHCP-server parameters
enable Enable the DHCP server on the interface
interface <mgtx|mgtx.y> dhcp-server ip-pool <ip_addr> <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Set DHCP-server parameters
ip-pool Set the IP address pool from which the DHCP server draws addresses when making assignments
<ip_addr> Enter the first address in the range that makes up the IP address pool
<ip_addr> Enter the last address in the range that makes up the IP address pool
interface <mgtx|mgtx.y> dhcp-server options custom <number> hex <string>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Set DHCP-server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
custom Set a custom DHCP option
<number> Enter the custom option number (Ranges: 1-224, 227-254; Note: Numbers 1-179 are standard DHCP options; use with caution. Numbers 225 and 226 are reserved for SmartPath EMS.)
hex Set the custom option data type as a hexadecimal digit
<string> Enter the hexadecimal digit (1-32 chars; Note: For option 46, which sets the NetBIOS over TCP/IP node type, the string must be 1, 2, 4, or 8.)
interface <mgtx|mgtx.y> dhcp-server options custom <number> integer <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Set DHCP-server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
custom Set a custom DHCP option
<number> Enter the custom option number (Ranges: 1-224, 227-254; Note: Numbers 1-179 are standard DHCP options; use with caution. Numbers 225 and 226 are reserved for SmartPath EMS.)
integer Set the custom option data type as an integer
<number> Enter the integer (Range: 0-2147483647)
interface <mgtx|mgtx.y> dhcp-server options custom <number> ip <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Set DHCP-server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
custom Set a custom DHCP option
<number> Enter the custom option number (Ranges: 1-224, 227-254; Note: Numbers 1-179 are standard DHCP options; use with caution. Numbers 225 and 226 are reserved for SmartPath EMS.)
ip Set the custom option data type as an IP address
<ip_addr> Enter the IP address
interface <mgtx|mgtx.y> dhcp-server options custom <number> string <string>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Set DHCP-server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
custom Set a custom DHCP option
<number> Enter the custom option number (Ranges: 1-224, 227-254; Note: Numbers 1-179 are standard DHCP options; use with caution. Numbers 225 and 226 are reserved for SmartPath EMS.)
string Set the custom option data type as a string
<string> Enter the string (1-128 chars)
interface <mgtx|mgtx.y> dhcp-server options default-gateway <ip_addr> [ {nat-support} ]
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Set DHCP-server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
default-gateway Set the default gateway for DHCP clients
<ip_addr> Enter the default gateway (Note: The gateway IP address cannot be the same as that of the interface.)
nat-support Enable NAT support(Note: SmartPath AP will automatically generates ARP response for default gateway specified in DHCP server options.)
interface <mgtx|mgtx.y> dhcp-server options domain-name <string>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Set DHCP-server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
domain-name Set the domain name for DHCP clients
<string> Enter the domain name (1-32 chars)
interface <mgtx|mgtx.y> dhcp-server options lease-time <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Set DHCP-server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
lease-time Set the length of the DHCP lease
<number> Enter the lease time in seconds (Default: 86400; Range: 60-86400000)
interface <mgtx|mgtx.y> dhcp-server options mtu <number>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Set DHCP-server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
mtu Set the path MTU (maximum transmission unit) aging timeout option
<number> Enter the MTU value (Range: 68-8192)
interface <mgtx|mgtx.y> dhcp-server options netmask <netmask>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Set DHCP-server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
netmask Set the netmask for DHCP clients
<netmask> Enter the netmask (Default: The same as the interface netmask.)
interface <mgtx|mgtx.y> dhcp-server options smartpath-ems <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Set DHCP-server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
smartpath-ems Set the IP address or domain name of the SmartPath EMS that you want SmartPath APs to contact
<ip_addr> Enter the IP address (Note: Use DHCP option 226.)
interface <mgtx|mgtx.y> dhcp-server options smartpath-ems <string>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Set DHCP-server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
smartpath-ems Set the IP address or domain name of the SmartPath EMS that you want SmartPath APs to contact
<string> Enter the domain name (Length: 1-64 chars; Note: Use DHCP option 225.)
interface <mgtx|mgtx.y> dhcp-server options {dns1|dns2|dns3} <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Set DHCP-server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
dns1 Set the IP address of the primary DNS (Domain Name System) server that you want DHCP clients to use
dns2 Set the IP address of the secondary DNS server
dns3 Set the IP address of the tertiary DNS server
<ip_addr> Enter the IP address (Note: The DNS server IP address cannot be the same as that of the interface.)
interface <mgtx|mgtx.y> dhcp-server options {logsrv|pop3|smtp} <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Set DHCP-server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
logsrv Set the IP address of the log server that is available for DHCP clients
pop3 Set the IP address of the POP3 (Post Office Protocol v3) server that you want DHCP clients to use
smtp Set the IP address of the SMTP (Simple Mail Transfer Protocol) server that you want DHCP clients to use
<ip_addr> Enter the IP address
interface <mgtx|mgtx.y> dhcp-server options {ntp1|ntp2} <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Set DHCP-server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
ntp1 Set the IP address of the primary NTP (Network Time Protocol) server with which DHCP clients can synchronize their clocks
ntp2 Set the IP address of the secondary NTP (Network Time Protocol) server with which DHCP clients can synchronize their clocks
<ip_addr> Enter the IP address
interface <mgtx|mgtx.y> dhcp-server options {wins1|wins2} <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Set DHCP-server parameters
options Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
wins1 Set the IP address of the primary WINS (Windows Internet Name Service) server for NetBIOS name-to-address resolution
wins2 Set the IP address of the secondary WINS (Windows Internet Name Service) server for NetBIOS name-to-address resolution
<ip_addr> Enter the IP address
interface <mgtx|mgtx.y> dhcp-server {arp-check|authoritative-flag}
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Set DHCP-server parameters
arp-check Use ARP to check that an IP address is not already in use on the network before assigning it to a DHCP client (Default: Enabled)
authoritative-flag Set the DHCP server as authoritative (Default: Authoritative; Note: An authoritative DHCP server can send NAKs in response to DHCP requests for addresses in a different subnet from those in the configured IP pool.)
interface <mgtx|mgtx.y> ip-helper address <ip_addr>
interface Set interface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
ip-helper Forward DHCP broadcast packets to a DHCP server
address Set the DHCP server IP address
<ip_addr> Enter the IP address
interface <wifix> cluster <string> shutdown
interface Set interface parameters
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0 or 1
cluster Set the cluster profile to the mgt0 interface or enable/disable the wifi interface used for cluster communications
<string> Enter a cluster profile name (1-32 chars)
shutdown Disable the wifi subinterface used for cluster communications
interface <wifix> link-discovery {lldp|cdp}
interface Set interface parameters
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0 or 1
link-discovery Enable the communication of network-related information with neighboring network devices through the interface (Default: LLDP enabled; CDP enabled)
lldp Set LLDP (Link Layer Discovery Protocol) on the interface in backhaul mode
cdp Set CDP (Cisco Discovery Protocol) on the interface in backhaul mode
interface <wifix> mode {access|backhaul|dual}
interface Set interface parameters
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0 or 1
mode Set the operation mode for the interface
access Set the operational mode of the interface to access (Default: access (wifi0), dual (wifi1))
backhaul Set the operational mode of the interface to backhaul (Default: access (wifi0), dual (wifi1))
dual Set the operational mode of the interface to dual so that it can provide both access and backhaul services (Default: access (wifi0), dual (wifi1))
interface <wifix> radio adaptive-cca default-cca <number>
interface Set interface parameters
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0 or 1
radio Set parameters for the wifi radio interface
adaptive-cca Set adaptive CCA (Clear Channel Assessment) parameters to help select clear (available) channels and reduce channel interference
default-cca Set default CCA value to add to the default noise floor (-95 dBm) to calculate the CCA threshold (Note: The threshold indicates when a radio signal is weak enough for the SmartPath AP to use its channel. If the RF environment becomes noiser, the SmartPath AP dynamically raises the threshold.)
<number> Enter the default CCA value in dB (Range: 15 - 65, Default: 33; Note: -95 dBm + dB = dBm. -95 dbm is the default noise floor.)
interface <wifix> radio adaptive-cca enable
interface Set interface parameters
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0 or 1
radio Set parameters for the wifi radio interface
adaptive-cca Set adaptive CCA (Clear Channel Assessment) parameters to help select clear (available) channels and reduce channel interference
enable Enable adaptive CCA (Default: Enabled)
interface <wifix> radio adaptive-cca max-cca <number>
interface Set interface parameters
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0 or 1
radio Set parameters for the wifi radio interface
adaptive-cca Set adaptive CCA (Clear Channel Assessment) parameters to help select clear (available) channels and reduce channel interference
max-cca Set maximum CCA value to add to the noise floor to calculate the CCA threshold
<number> Enter the maximum CCA value in dB (Range: 15 - 65; Default: 55; Note: -95 dBm + dB = dBm. -95 dbm is the default noise floor.)
interface <wifix> radio antenna diversity
interface Set interface parameters
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0 or 1
radio Set parameters for the wifi radio interface
antenna Set the antenna parameters for the interface
diversity Set radio antenna diversity
interface <wifix> radio channel <string>
interface Set interface parameters
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0 or 1
radio Set parameters for the wifi radio interface
channel Set the radio channel for the interface
<string> Enter the frequency with an optional suffix (G: GHz; M: MHz; K: KHz;), or the channel number, or "auto" to allow ACSP (Advanced Channel Selection Protocol) to select a channel automatically (Default: auto)
interface <wifix> radio power <number>
interface Set interface parameters
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0 or 1
radio Set parameters for the wifi radio interface
power Set the radio power for an interface
<number> Enter the radio power (in dBm) for an interface (Default: auto; Range: 1-20 dBm)
interface <wifix> radio power auto
interface Set interface parameters
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0 or 1
radio Set parameters for the wifi radio interface
power Set the radio power for an interface
auto Set the radio power (in dBm) for an interface (Default: auto; Range: 1-20 dBm)
interface <wifix> radio profile <string>
interface Set interface parameters
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0 or 1
radio Set parameters for the wifi radio interface
profile Set radio profile parameters for an interface
<string> Enter a radio profile name (1-32 characters)
interface <wifix> radio range <number>
interface Set interface parameters
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0 or 1
radio Set parameters for the wifi radio interface
range Set the transmission range for the radio linked to the interface
<number> Enter the range value in meters (Default: 300; Range: 300-10000)
interface <wifix> ssid <string>
interface Set interface parameters
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0 or 1
ssid Set SSID (Service Set Identifier) profile for the interface
<string> Enter an SSID profile name (1-32 chars)
interface <wifix> ssid <string> ip <ip_addr/netmask>
interface Set interface parameters
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0 or 1
ssid Set SSID (Service Set Identifier) profile for the interface
<string> Enter an SSID profile name (1-32 chars)
ip Set IP address for the SSID
<ip_addr/netmask> Enter the SSID IP address
interface <wifix> ssid <string> shutdown
interface Set interface parameters
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0 or 1
ssid Set SSID (Service Set Identifier) profile for the interface
<string> Enter an SSID profile name (1-32 chars)
shutdown Disable the subinterface to which the SSID is bound
interface <wifix> wlan-idp profile <string>
interface Set interface parameters
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0 or 1
wlan-idp Set WLAN IDP (intrusion detection and prevention) parameters
profile Bind an IDP profile to the interface
<string> Enter an IDP profile name (1-32 chars)
ip route default gateway <ip_addr> [ metric <number> ]
ip Set IP parameters
route Set a routing entry
default Set a default route entry
gateway Set the network gateway
<ip_addr> Enter the gateway IP address
metric Set metric parameter
<number> Enter a metric for an IP route (Default: 0; Range: 0-32766)
ip route host <ip_addr> [ gateway <ip_addr> ] [ metric <number> ]
ip Set IP parameters
route Set a routing entry
host Set a route to a host
<ip_addr> Enter target IP address
gateway Set the network gateway
<ip_addr> Enter the gateway IP address
metric Set metric parameter
<number> Enter a metric for an IP route (Default: 0; Range: 0-32766)
ip route net <ip_addr> <netmask> [ gateway <ip_addr> ] [ metric <number> ]
ip Set IP parameters
route Set a routing entry
net Set a route to a net
<ip_addr> Enter target IP address
<netmask> Enter target netmask
gateway Set the network gateway
<ip_addr> Enter the gateway IP address
metric Set metric parameter
<number> Enter a metric for an IP route (Default: 0; Range: 0-32766)
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string> [ <mask> ] ] [ to <ip_addr|string> [ <mask> ] ] [ service <string> ] [ action {permit|deny|nat|inter-station-traffic-drop} ]
ip-policy Set IP policy parameters
<string> Enter an IP policy name (1-32 chars)
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
before Set the before parameters for an IP policy
after Set the after parameters for an IP policy
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
from Set the source IP (Default: any)
<ip_addr> Enter an IP or domain name (1-32 chars)
<string> Enter an IP or domain name (1-32 chars)
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
to Set the destination IP (Default: any)
<ip_addr> Enter an IP or domain name (1-32 chars)
<string> Enter an IP or domain name (1-32 chars)
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
service Set the service (Default: any)
<string> Enter the service (1-32 chars)
action Set action for an IP policy (Default: deny)
permit Set the action to permit (Default: deny)
deny Set the action to deny (Default: deny)
nat Set the action to translate clients' source IP address to that of mgt0 and source port number to a dynamically chosen number (Default: deny; Note: NAT is applied only to TCP and UDP traffic.)
inter-station-traffic-drop Set the action to drop traffic between stations if they are both associated with one or more members of the same cluster (Default: deny)
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string> [ <mask> ] ] [ to <ip_addr|string> [ <mask> ] ] [ service <string> ] action deny log packet-drop
ip-policy Set IP policy parameters
<string> Enter an IP policy name (1-32 chars)
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
before Set the before parameters for an IP policy
after Set the after parameters for an IP policy
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
from Set the source IP (Default: any)
<ip_addr> Enter an IP or domain name (1-32 chars)
<string> Enter an IP or domain name (1-32 chars)
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
to Set the destination IP (Default: any)
<ip_addr> Enter an IP or domain name (1-32 chars)
<string> Enter an IP or domain name (1-32 chars)
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
service Set the service (Default: any)
<string> Enter the service (1-32 chars)
action Set action for an IP policy (Default: deny)
deny Set the action to deny (Default: deny)
log Set logging options for packets and sessions that match the IP firewall policy
packet-drop Log dropped packets that the IP firewall policy denies
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string> [ <mask> ] ] [ to <ip_addr|string> [ <mask> ] ] [ service <string> ] action inter-station-traffic-drop log [ {initiate-session|terminate-session|packet-drop} ]
ip-policy Set IP policy parameters
<string> Enter an IP policy name (1-32 chars)
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
before Set the before parameters for an IP policy
after Set the after parameters for an IP policy
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
from Set the source IP (Default: any)
<ip_addr> Enter an IP or domain name (1-32 chars)
<string> Enter an IP or domain name (1-32 chars)
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
to Set the destination IP (Default: any)
<ip_addr> Enter an IP or domain name (1-32 chars)
<string> Enter an IP or domain name (1-32 chars)
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
service Set the service (Default: any)
<string> Enter the service (1-32 chars)
action Set action for an IP policy (Default: deny)
inter-station-traffic-drop Set the action to drop traffic between stations if they are both associated with one or more members of the same cluster (Default: deny)
log Set logging options for packets and sessions that match IP FW policy
initiate-session Log the creation of sessions that are permitted by the policy
terminate-session Log the termination of sessions that are permitted by the policy
packet-drop Log dropped packets that are denied by the policy
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string> [ <mask> ] ] [ to <ip_addr|string> [ <mask> ] ] [ service <string> ] action permit log [ {initiate-session|terminate-session} ]
ip-policy Set IP policy parameters
<string> Enter an IP policy name (1-32 chars)
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
before Set the before parameters for an IP policy
after Set the after parameters for an IP policy
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
from Set the source IP (Default: any)
<ip_addr> Enter an IP or domain name (1-32 chars)
<string> Enter an IP or domain name (1-32 chars)
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
to Set the destination IP (Default: any)
<ip_addr> Enter an IP or domain name (1-32 chars)
<string> Enter an IP or domain name (1-32 chars)
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
service Set the service (Default: any)
<string> Enter the service (1-32 chars)
action Set action for an IP policy (Default: deny)
permit Set the action to permit (Default: deny)
log Set logging options for packets and sessions that match the IP firewall policy
initiate-session Log session details when a session is created after passing a IP firewall policy lookup
terminate-session Log session details when a session matching a IP firewall policy is terminated
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string> [ <mask> ] ] to local-subnet [ service <string> ] [ action {permit|deny|nat|inter-station-traffic-drop} ]
ip-policy Set IP policy parameters
<string> Enter an IP policy name (1-32 chars)
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
before Set the before parameters for an IP policy
after Set the after parameters for an IP policy
id Assign an IP policy ID
<number> Enter the IP policy ID (Range: 1-1023)
from Set the source IP (Default: any)
<ip_addr> Enter an IP or domain name (1-32 chars)
<string> Enter an IP or domain name (1-32 chars)
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
to Set the destination IP (Default: any)
local-subnet Set the subnet of the mgt0 interface as the destination
service Set the service (Default: any)
<string> Enter the service (1-32 chars)
action Set action for an IP policy (Default: deny)
permit Set the action to permit (Default: deny)
deny Set the action to deny (Default: deny)
nat Set the action to translate clients' source IP address to that of mgt0 and source port number to a dynamically chosen number (Default: deny; Note: NAT is applied only to TCP and UDP traffic.)
inter-station-traffic-drop Set the action to drop traffic between stations if they are both associated with one or more members of the same cluster (Default: deny)
iperf client <ip_addr> [ {port} <number> ] [ {udp} ] [ {interval} <number> ] [ {no-delay} ] [ {dual-test} ] [ {tradeoff} ] [ {listen-port} <number> ] [ {window} <number> ] [ {mss} <number> ] [ {bandwidth} <number> ] [ {time} <number> ] [ {parallel} <number> ]
iperf Set parameters for Iperf, a tool for testing and measuring network performance
client Set Iperf to run in client mode
<ip_addr> Enter the server IP address with which the SmartPath AP connects as an Iperf client
port Set the port on which the client connects to the server
<number> Enter the port number (Default: 5001; Range: 1024-65535)
udp Set the transport protocol as UDP (Default: TCP)
interval Set the interval between periodic bandwidth, jitter, and loss reports
<number> Enter the interval in seconds (Default: 0; Range: 1-60; Note: 0 means that the report is not made periodically.)
no-delay Transmit small logical packets individually without the delay incurred by putting them in batches within a single larger physical packet (Default: Smaller packets are transmitted without delay)
dual-test Set the Iperf tool to do bidirectional upstream and downstream performance testing between the client and server concurrently
tradeoff Set the Iperf tool to do bidirectional upstream and downstream performance testing at different times so downstream testing only begins after upstream testing is complete
listen-port Set the port on which the server connects to the client
<number> Enter the port number (Default: Same port on which the client connects to the server; Range: 1024-65535)
window Set the TCP window size (socket buffer size)
<number> Enter the TCP window size in kilobytes (Default: 83.5; Range: 2-65535)
mss Set the maximum TCP segment size (MTU - 40 bytes)
<number> Enter the maximum TCP segment size in bytes (Default: 4160; Range: 40-65535)
bandwidth Set the amount of UDP bandwidth to send
<number> Enter the bandwidth in megabits per second (Default: 1 Mb/sec; Range: 1-1000)
time Set the length of transmission time
<number> Enter the time in seconds (Default: 10 seconds; Range: 1-65535)
parallel Set the client to make multiple connections to the server concurrently (Note: This option requires multiple thread support on both the client and server.)
<number> Enter the number of parallel client threads to run (Default: 1; Range: 1-10)
iperf server [ {port} <number> ] [ {udp} ] [ {single-udp} ] [ {interval} <number> ] [ {no-delay} ] [ {window} <number> ] [ {mss} <number> ] [ {bind} <ip_addr> ]
iperf Set parameters for Iperf, a tool for testing and measuring network performance
server Set Iperf to run in server mode
port Set the port on which the server listen on
<number> Enter the port number (Default: 5001; Range: 1024-65535)
udp Set the transport protocol as UDP (Default: TCP)
single-udp Set the Iperf tool to run in single-threaded UDP mode
interval Set the interval between periodic bandwidth, jitter, and loss reports
<number> Enter the interval in seconds (Default: 0; Range: 1-60; Note: 0 means that the report is not made periodically.)
no-delay Transmit small logical packets individually without the delay incurred by putting them in batches within a single larger physical packet (Default: Smaller packets are transmitted without delay)
window Set the TCP window size (socket buffer size)
<number> Enter the TCP window size in kilobytes (Default: 83.5; Range: 2-65535)
mss Set the maximum TCP segment size (MTU - 40 bytes)
<number> Enter the maximum TCP segment size in bytes (Default: 4160; Range: 40-65535)
bind Bind and join the SmartPath AP to a multicast group
<ip_addr> Enter the IP address of the multicast group (Range: 224.0.0.0-239.255.255.255)
library-sip-policy <string> default user-group <string> [ action {permit|restricted|deny} ] [ additional-display-message <string> ]
library-sip-policy Set a SIP (Standard Interchange Protocol) policy to apply a user profile, VLAN, and session length to library patrons accessing the wireless network (Note: Set policies on a SmartPath AP RADIUS server. Max policies: 16; Max rules per policy: 64.)
<string> Enter a library SIP policy name (1-32 chars)
default Set the default rule to apply to unregistered library patrons
user-group Set the user group to which the SmartPath AP RADIUS authenticator assigns the user (Note: The user group includes user profile, VLAN, and session timeout assignments.)
<string> Enter the user group name (1-32 chars)
action Set the action that the library SIP policy rule applies
permit Notify users assigned to the user group that they are permitted network access
restricted Notify users assigned to the user group that they are given restricted network access
deny Notify users assigned to the user group that they are denied network access except to websites defined in a walled garden
additional-display-message Set a message to display when a user attempts to access the network
<string> Enter a message string (up to 256 chars)
library-sip-policy <string> id <number> field <string> {equal|greater-than|less-than} <number> user-group <string> [ action {permit|restricted|deny} ] [ additional-display-message <string> ]
library-sip-policy Set a SIP (Standard Interchange Protocol) policy to apply a user profile, VLAN, and session length to library patrons accessing the wireless network (Note: Set policies on a SmartPath AP RADIUS server. Max policies: 16; Max rules per policy: 64.)
<string> Enter a library SIP policy name (1-32 chars)
id Set an ID number for a rule to add it to the library SIP policy
<number> Enter an ID number (Range: 1-64)
field Set the two-letter character code that identifies the field name of a specific library SIP value
<string> Enter the two-letter character code(2 char)
equal Check if the field value that the SIP server returns equals the number entered in the local SmartPath AP RADIUS server
greater-than Check if the field value that the SIP server returns is greater than the number entered in the local SmartPath AP RADIUS server
less-than Check if the field value that the SIP server returns is less than the number entered in the local SmartPath AP RADIUS server
<number> Enter the number that the SmartPath AP RADIUS server uses when checking the field values that the SIP server returns (Range: 0-65535)
user-group Set the user group to which the SmartPath AP RADIUS authenticator assigns the user (Note: The user group includes user profile, VLAN, and session timeout assignments.)
<string> Enter the user group name (1-32 chars)
action Set the action that the library SIP policy rule applies
permit Notify users assigned to the user group that they are permitted network access
restricted Notify users assigned to the user group that they are given restricted network access
deny Notify users assigned to the user group that they are denied network access except to websites defined in a walled garden
additional-display-message Set a message to display when a user attempts to access the network
<string> Enter a message string (up to 256 chars)
library-sip-policy <string> id <number> field <string> {matches|differs-from|starts-with|occurs-after|occurs-before|contains} <string> user-group <string> [ action {permit|restricted|deny} ] [ additional-display-message <string> ]
library-sip-policy Set a SIP (Standard Interchange Protocol) policy to apply a user profile, VLAN, and session length to library patrons accessing the wireless network (Note: Set policies on a SmartPath AP RADIUS server. Max policies: 16; Max rules per policy: 64.)
<string> Enter a library SIP policy name (1-32 chars)
id Set an ID number for a rule to add it to the library SIP policy
<number> Enter an ID number (Range: 1-64)
field Set the two-letter character code that identifies the field name of a specific library SIP value
<string> Enter the two-letter character code(2 char)
matches Check if the field value that the SIP server returns matches the string entered in the local SmartPath AP RADIUS server
differs-from Check if the field value that the SIP server returns differs-from the string entered in the local SmartPath AP RADIUS server
starts-with Check if the field value that the SIP server returns starts-with the string entered in the local SmartPath AP RADIUS server
occurs-after Check if the field value that the SIP server returns occurs-after the string entered in the local SmartPath AP RADIUS server
occurs-before Check if the field value that the SIP server returns occurs-before the string entered in the local SmartPath AP RADIUS server
contains Check if the field value that the SIP server returns contains the string entered in the local SmartPath AP RADIUS server
<string> Enter the string that the SmartPath AP RADIUS server uses when checking the field values that the SIP server returns (1-32 chars; Note: Date format must be YYYY-MM-DD; Example: 2010-01-01.)
user-group Set the user group to which the SmartPath AP RADIUS authenticator assigns the user (Note: The user group includes user profile, VLAN, and session timeout assignments.)
<string> Enter the user group name (1-32 chars)
action Set the action that the library SIP policy rule applies
permit Notify users assigned to the user group that they are permitted network access
restricted Notify users assigned to the user group that they are given restricted network access
deny Notify users assigned to the user group that they are denied network access except to websites defined in a walled garden
additional-display-message Set a message to display when a user attempts to access the network
<string> Enter a message string (up to 256 chars)
library-sip-policy <string> id <number> {after|before} id <number>
library-sip-policy Set a SIP (Standard Interchange Protocol) policy to apply a user profile, VLAN, and session length to library patrons accessing the wireless network (Note: Set policies on a SmartPath AP RADIUS server. Max policies: 16; Max rules per policy: 64.)
<string> Enter a library SIP policy name (1-32 chars)
id Set an ID number for a rule to add it to the library SIP policy
<number> Enter an ID number (Range: 1-64)
after Move the library SIP rule after another rule in the policy
before Move the library SIP rule before another rule in the policy
id Set an ID number for a rule to add it to the library SIP policy
<number> Enter an ID number (Range: 1-64)
license <string> <string>
license Set license parameters
<string> Enter registration license
<string> Enter registration key
lldp [ {cdp|receive-only} ]
lldp Set LLDP (Link Layer Discovery Protocol) parameters
cdp Set CDP (Cisco Discovery Protocol) parameters
receive-only Enable the SmartPath AP to receive and cache LLDP advertisements from neighboring network devices but not send them
lldp [ {cdp} ] max-entries <number>
lldp Set LLDP (Link Layer Discovery Protocol) parameters
cdp Set CDP (Cisco Discovery Protocol) parameters
max-entries Set the maximum number of entries to cache in the LLDP or CDP neighbor table
<number> Enter the maximum number of entries to cache (Default: 64; Range: 1-128)
lldp holdtime <number>
lldp Set LLDP (Link Layer Discovery Protocol) parameters
holdtime Set the length of time that the SmartPath AP instructs neighboring devices to retain the LLDP advertisements it sends them
<number> Enter the length of time that the SmartPath AP instructs neighboring devices to hold LLDP advertisements (Default: 90 seconds; Range: 10-255)
lldp max-power <number>
lldp Set LLDP (Link Layer Discovery Protocol) parameters
max-power Set the maximum power that can be requested when transmitting LLDP advertisements
<number> Enter the maximum power in watts to be requested (Default: 154; Range: 1-250; Note: 154 = 15.4 watts)
lldp timer <number>
lldp Set LLDP (Link Layer Discovery Protocol) parameters
timer Set the interval for sending LLDP advertisements to neighboring network devices
<number> Enter the interval for sending LLDP advertisements (Default: 30 seconds; Range: 5-250)
load config {current|backup|bootstrap|default}
load Load a configuration file
config Specify which configuration file to load after rebooting
current Load the current configuration file after rebooting
backup Load the backup configuration file after rebooting
bootstrap Load the bootstrap configuration file after rebooting
default Load the default configuration file after rebooting
location black-box enable
location Set parameters for location tracking
black-box Set parameters for the Black Box location processing engine
enable Enable client location tracking (Default: Disabled)
location black-box list-match enable
location Set parameters for location tracking
black-box Set parameters for the Black Box location processing engine
list-match Track a station if its MAC address is in the track list
enable Enable track list checking before tracking a station (Default: Enabled)
location black-box mac <mac_addr>
location Set parameters for location tracking
black-box Set parameters for the Black Box location processing engine
mac Add a MAC entry to the track list
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
location black-box oui <oui>
location Set parameters for location tracking
black-box Set parameters for the Black Box location processing engine
oui Add an OUI (organizationally unique identifier) entry to the track list
<oui> Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
location black-box report-interval <number>
location Set parameters for location tracking
black-box Set parameters for the Black Box location processing engine
report-interval Set the interval between reports of RSSI readings
<number> Enter the report interval in seconds (Default: 60; Range: 15-1200)
location black-box rssi-hold-time <number>
location Set parameters for location tracking
black-box Set parameters for the Black Box location processing engine
rssi-hold-time Set the number of times that the local SmartPath AP, as an owner AP, can include the same client RSSI report from another SmartPath AP in its aggregate report to SmartPath EMS before determining the data to be stale and omitting it from future reports (Note: The owner AP is the one to which the client is associated)
<number> Enter the number of times to reuse a client RSSI report that has not been updated (Default: 0; Range: 0-10)
location black-box rssi-update-threshold <number>
location Set parameters for location tracking
black-box Set parameters for the Black Box location processing engine
rssi-update-threshold Set the change in RSSI required to trigger an update
<number> Enter the update threshold in dB (Default: 3; Range: 1-5)
location black-box rssi-valid-period <number>
location Set parameters for location tracking
black-box Set parameters for the Black Box location processing engine
rssi-valid-period Set the period of time that an RSSI reading remains valid (Note: After this period elapses, an updated report is generated even if the RSSI value has not crossed the update threshold)
<number> Enter the validity period in seconds (Default: 60; Range: 15-1200)
location black-box suppress-report <number>
location Set parameters for location tracking
black-box Set parameters for the Black Box location processing engine
suppress-report Set the number of consecutive reports that can be suppressed when a client's RSSI has not changed significantly
<number> Enter the number of consecutive RSSI reports to suppress (Default: 0; Range: 0-80)
location rate-threshold {tag|station|rogue-ap} <number>
location Set parameters for location tracking
rate-threshold Set the rate limit threshold for location tracking
tag Set the rate limit threshold for tags
station Set the rate limit threshold for stations
rogue-ap Set the rate limit threshold for rogue-aps
<number> Enter the rate limit threshold in packets per second (Default: 1000 for tags, 200 for stations, 50 for rogue APs; Range: 1-100000)
location {aeroscout|tzsp} enable
location Set parameters for location tracking
aeroscout Set parameters for the aeroscout location processing engine
tzsp Set parameters for the location processing engine that supports TZSP (Tazmen Sniffer Protocol) for packet encapsulation
enable Enable location tracking and reporting to the location processing engine
location {aeroscout} server <string>
location Set parameters for location tracking
aeroscout Set parameters for the aeroscout location processing engine
server Set the IP address or domain name of the location processing engine to which the SmartPath AP sends tracking reports
<string> Enter the IP address or domain name of the location processing engine (1-64 chars)
location {aeroscout} {tag|station|rogue-ap}
location Set parameters for location tracking
aeroscout Set parameters for the aeroscout location processing engine
tag rack and report the location of tags to the location processing engine
station rack and report the location of stations to the location processing engine
rogue-ap Track and report the location of rogue APs to the location processing engine
location {tzsp} mcast-mac <mac_addr>
location Set parameters for location tracking
tzsp Set parameters for the location processing engine that supports TZSP (Tazmen Sniffer Protocol) for packet encapsulation
mcast-mac Set the multicast MAC address to which the SmartPath AP transmits captured multicast frames encapsulated with TZSP (Default: 01:18:8e:00:00:00)
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
location {tzsp} server-config server <string> port <number>
location Set parameters for location tracking
tzsp Set parameters for the location processing engine that supports TZSP (Tazmen Sniffer Protocol) for packet encapsulation
server-config Set the IP address or domain name and port number of the location server to which the SmartPath AP sends TZSP-encapsulated multicast frames captured from RFID tags
server Set the IP address or domain name of the location server
<string> Enter the IP address or domain name (1-64 chars)
port Set the port number on which the location server listens for tracking reports
<number> Enter the port number (Range: 1-65535)
logging buffered level {emergency|alert|critical|error|warning|notification|info|debug}
logging Set logging parameters
buffered Set logging buffer
level Set logging level
emergency Send emergency-level log entries (Default: debug)
alert Send log entries from alert to emergency levels (Default: debug)
critical Send log entries from critical to emergency levels (Default: debug)
error Send log entries from error to emergency levels (Default: debug)
warning Send log entries from warning to emergency levels (Default: debug)
notification Send log entries from notification to emergency levels (Default: debug)
info Send log entries from info to emergency levels (Default: debug)
debug Send log entries for all severity levels (Default: debug)
logging debug
logging Set logging parameters
debug Enable debug messages
logging facility {local0|local1|local2|local3|local4|local5|local6|local7|auth|authpriv|security|user}
logging Set logging parameters
facility Set logging facility
local0 Set log facility to local0 (Default: local6)
local1 Set log facility to local1 (Default: local6)
local2 Set log facility to local2 (Default: local6)
local3 Set log facility to local3 (Default: local6)
local4 Set log facility to local4 (Default: local6)
local5 Set log facility to local5 (Default: local6)
local6 Set log facility to local6 (Default: local6)
local7 Set log facility to local7 (Default: local6)
auth Set log facility to auth (Default: local6)
authpriv Set log facility to authpriv (Default: local6)
security Set log facility to security (Default: local6)
user Set log facility to user (Default: local6)
logging flash level {emergency|alert|critical|error|warning|notification|info|debug}
logging Set logging parameters
flash Set logging flash
level Set logging level
emergency Send emergency-level log entries (Default: error)
alert Send log entries from alert to emergency levels (Default: error)
critical Send log entries from critical to emergency levels (Default: error)
error Send log entries from error to emergency levels (Default: error)
warning Send log entries from warning to emergency levels (Default: error)
notification Send log entries from notification to emergency levels (Default: error)
info Send log entries from info to emergency levels (Default: error)
debug Send log entries for all severity levels (Default: error)
logging server <string> [ level {emergency|alert|critical|error|warning|notification|info|debug} ] [ {via-vpn-tunnel} ]
logging Set logging parameters
server Set parameters for a syslog server
<string> Set the IP address or domain name (1-32 characters) for the syslog server
level Set the severity level for the log messages you want to send
emergency Send emergency-level log entries
alert Send log entries from alert to emergency levels
critical Send log entries from critical to emergency levels
error Send log entries from error to emergency levels
warning Send log entries from warning to emergency levels
notification Send log entries from notification to emergency levels
info Send log entries from info to emergency levels
debug Send log entries for all severity levels
via-vpn-tunnel Send all logging traffic through a VPN tunnel (Note: Set this option on VPN clients when the logging server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
logging trap level [ {emerg|alert|crit|err|warning|notice|info} ]
logging Set logging parameters
trap Set logging trap parameters
level Set logging trap level
emerg Set logging trap level to emerg (Default: info)
alert Set logging trap level to alert (Default: info)
crit Set logging trap level to crit (Default: info)
err Set logging trap level to err (Default: info)
warning Set logging trap level to warning (Default: info)
notice Set logging trap level to notice (Default: info)
info Set logging trap level to info (Default: info)
login banner <string>
login Set parameters fot the CLI login
banner Set the banner that appears after logging in to the CLI
<string> Enter the banner text (Default: 'Black Box Networks Inc.\n Copyright (C) 2006-2010\n'; Max: 256 chars; Notes: Use '\n' to indicate a line break.)
mac-object <string> mac-range <mac_addr> - <mac_addr>
mac-object Set parameters for an MAC object that the SmartPath AP can use to assign a client with a matching MAC address to a user profile (Max: 128 MAC objects per SmartPath AP.)
<string> Enter the MAC object name (1-32 chars)
mac-range Set a range of MAC addresses for the MAC object (Max: 255 MAC address ranges per MAC object)
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
- Set a range of MAC addresses
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
mac-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <mac_addr> [ <number> ] ] [ to <mac_addr> [ <number> ] ] [ action {permit|deny} ]
mac-policy Set MAC policy parameters
<string> Enter a MAC policy name (1-32 chars)
id Assign a MAC policy ID
<number> Enter the MAC policy ID (Range: 1-1023)
before Set the before parameters for a MAC policy
after Set the after parameters for a MAC policy
id Assign a MAC policy ID
<number> Enter the MAC policy ID (Range: 1-1023)
from Set the source MAC (Default: any)
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
<number> Enter a MAC mask length (value: 0, 24, 48)
to Set the destination MAC (Default: any)
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
<number> Enter a MAC mask length (value: 0, 24, 48)
action Set action for a MAC policy (Default: deny)
permit Set the action to permit (Default: deny)
deny Set the action to deny (Default: deny)
mac-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <mac_addr> [ <number> ] ] [ to <mac_addr> [ <number> ] ] action deny log packet-drop
mac-policy Set MAC policy parameters
<string> Enter a MAC policy name (1-32 chars)
id Assign a MAC policy ID
<number> Enter the MAC policy ID (Range: 1-1023)
before Set the before parameters for a MAC policy
after Set the after parameters for a MAC policy
id Assign a MAC policy ID
<number> Enter the MAC policy ID (Range: 1-1023)
from Set the source MAC (Default: any)
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
<number> Enter a MAC mask length (value: 0, 24, 48)
to Set the destination MAC (Default: any)
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
<number> Enter a MAC mask length (value: 0, 24, 48)
action Set action for a MAC policy (Default: deny)
deny Set the action to deny (Default: deny)
log Set logging options for packets and sessions that match the MAC firewall policy
packet-drop Log dropped packets that the MAC firewall policy denies
mac-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <mac_addr> [ <number> ] ] [ to <mac_addr> [ <number> ] ] action permit log [ {initiate-session|terminate-session} ]
mac-policy Set MAC policy parameters
<string> Enter a MAC policy name (1-32 chars)
id Assign a MAC policy ID
<number> Enter the MAC policy ID (Range: 1-1023)
before Set the before parameters for a MAC policy
after Set the after parameters for a MAC policy
id Assign a MAC policy ID
<number> Enter the MAC policy ID (Range: 1-1023)
from Set the source MAC (Default: any)
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
<number> Enter a MAC mask length (value: 0, 24, 48)
to Set the destination MAC (Default: any)
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
<number> Enter a MAC mask length (value: 0, 24, 48)
action Set action for a MAC policy (Default: deny)
permit Set the action to permit (Default: deny)
log Set logging options for packets and sessions that match the MAC firewall policy
initiate-session Log session details when a session is created after passing a MAC firewall policy lookup
terminate-session Log session details when a session matching a MAC firewall policy is terminated
mobile-device-policy <string> [ rule <number> ] [ original-user-profile <string> ] device-group <string> reassigned-user-profile-attr <number>
mobile-device-policy Set a policy that assigns a user profile to traffic from a client based on the originally assigned user profile or the MAC address, device domain, and OS of the user's client
<string> Enter the mobile device policy name (1-32 chars)
rule Add a rule to the mobile device policy
<number> Enter a number for the rule ID (Range: 1-65535; Note: If you do not specify a rule ID, the SmartPath AP automatically assigns one.)
original-user-profile Specify the user profile that the SmartPath AP first assigns to traffic before it completes the device classification process
<string> Enter the original user profile (1-32 chars)
device-group Set the device group that the policy rule references to classify the type of client device in use
<string> Enter a device group name (1-32 chars)
reassigned-user-profile-attr Reassign the client to a different user profile if it belongs to the specified device group or was initially assigned to the specified original user profile
<number> Enter the attribute of the user profile to assign in place of the originally assigned one (Range: 0-4095)
mobile-device-policy <string> apply {once|multiple-times}
mobile-device-policy Set a policy that assigns a user profile to traffic from a client based on the originally assigned user profile or the MAC address, device domain, and OS of the user's client
<string> Enter the mobile device policy name (1-32 chars)
apply Set the method for applying mobile device policy rules
once Apply a policy rule once if a client match is found after finishing the complete device type classification process(Default: Once)
multiple-times Apply a policy rule if a client match is found at any point during the device type detection process (Default: Once)(Note: Different rules might be applied at different times as the SmartPath AP collects more information about a client.)
mobile-device-policy <string> client-classification [ {mac} ] [ {domain} ] [ {os} ]
mobile-device-policy Set a policy that assigns a user profile to traffic from a client based on the originally assigned user profile or the MAC address, device domain, and OS of the user's client
<string> Enter the mobile device policy name (1-32 chars)
client-classification Set the client device classification methods that you want to use
mac Use the client classification method that is based on the MAC address of the device
domain Use the client classification method that is based on the computer domain to which a client belongs in the database
os Use the client classification method that is based on the OS running on the device
mobile-device-policy <string> rule <number> {before|after} rule <number>
mobile-device-policy Set a policy that assigns a user profile to traffic from a client based on the originally assigned user profile or the MAC address, device domain, and OS of the user's client
<string> Enter the mobile device policy name (1-32 chars)
rule Add a rule to the mobile device policy
<number> Enter a number for the rule ID (Range: 1-65535; Note: If you do not specify a rule ID, the SmartPath AP automatically assigns one.)
before Move the mobile device policy rule before another rule in the policy
after Move the mobile device policy rule after another rule in the policy
rule Set a rule before or after another rule in the mobile device policy
<number> Enter a rule ID number (Range: 1-65535)
mobility-policy <string> dnxp
mobility-policy Set parameters for a mobility policy
<string> Enter a mobility policy name (1 - 32 chars)
dnxp Assign DNXP (Dynamic Network eXtension Protocol) for the mobility policy (Default: predictive roaming support among neighboring cluster members)
mobility-policy <string> dnxp nomadic-roaming
mobility-policy Set parameters for a mobility policy
<string> Enter a mobility policy name (1 - 32 chars)
dnxp Assign DNXP (Dynamic Network eXtension Protocol) for the mobility policy (Default: predictive roaming support among neighboring cluster members)
nomadic-roaming Enable fast roaming support on nonneighboring cluster members in different subnets (Default: predictive-roaming)
mobility-policy <string> dnxp unroam-threshold <number> <number>
mobility-policy Set parameters for a mobility policy
<string> Enter a mobility policy name (1 - 32 chars)
dnxp Assign DNXP (Dynamic Network eXtension Protocol) for the mobility policy (Default: predictive roaming support among neighboring cluster members)
unroam-threshold Set the minimum traffic level required to continue tunneling traffic back to the original subnet of a L3 roaming client. (Note: If the volume of client traffic dips below the threshold, it is disassociated.)
<number> Enter the minimum number of packets/minute to and from the client required to continue tunneling its traffic back to its original subnet (Default: 0; Range: 0-2147483647; Note: The value "0" disables the unroaming feature.)
<number> Enter the interval in seconds for polling traffic statistics (Default: 60 seconds; Range: 10-600)
mobility-policy <string> inxp gre-tunnel from <ip_addr/netmask> password <string>
mobility-policy Set parameters for a mobility policy
<string> Enter a mobility policy name (1 - 32 chars)
inxp Assign INXP (Identity Network eXtension Protocol) for the mobility policy
gre-tunnel Set the INXP gre-tunnel parameters
from Set the INXP gre-tunnel source parameters
<ip_addr/netmask> Enter subnet for INXP gre-tunnel source
password Set password for INXP gre-tunnel
<string> Enter password for INXP gre-tunnel (1 - 64 chars)
mobility-policy <string> inxp gre-tunnel to <ip_addr> <ip_addr> password <string>
mobility-policy Set parameters for a mobility policy
<string> Enter a mobility policy name (1 - 32 chars)
inxp Assign INXP (Identity Network eXtension Protocol) for the mobility policy
gre-tunnel Set the INXP gre-tunnel parameters
to Set the INXP gre-tunnel destination parameters
<ip_addr> Enter start IP address for INXP gre-tunnel destination
<ip_addr> Enter end IP address for INXP gre-tunnel destination
password Set password for INXP gre-tunnel
<string> Enter password for INXP gre-tunnel (1 - 64 chars)
mobility-policy <string> inxp gre-tunnel to <ip_addr> password <string>
mobility-policy Set parameters for a mobility policy
<string> Enter a mobility policy name (1 - 32 chars)
inxp Assign INXP (Identity Network eXtension Protocol) for the mobility policy
gre-tunnel Set the INXP gre-tunnel parameters
to Set the INXP gre-tunnel destination parameters
<ip_addr> Enter start IP address for INXP gre-tunnel destination
password Set password for INXP gre-tunnel
<string> Enter password for INXP gre-tunnel (1 - 64 chars)
mobility-threshold gre-tunnel permitted-load {low|medium|high}
mobility-threshold Set parameters for tunneling mobile user traffic
gre-tunnel Set the volume of traffic that the local SmartPath AP will accept through GRE (Generic Routing Encapsulation) tunnels (Note: Only set this option on portals.)
permitted-load Set a level determining the amount of traffic the local SmartPath AP will accept through GRE tunnels
low Accept a relatively low number of tunnels (Default: high)
medium Accept a relatively moderate number of tunnels (Default: high)
high Accept a relatively high number of tunnels (Default: high)
ntp enable
ntp Set NTP (Network Time Protocol) parameters
enable Enable the local SmartPath AP to act as an NTP client
ntp interval <number>
ntp Set NTP (Network Time Protocol) parameters
interval Set the interval for synchronizing the internal clock with an NTP server
<number> Enter the interval in minutes (Default: 1440; Range: 60-10080)
ntp server <string> [ {second|third|fourth} ] [ {via-vpn-tunnel} ]
ntp Set NTP (Network Time Protocol) parameters
server Set NTP server parameters
<string> Enter the IP address or domain name of an NTP server (1-32 chars)
second Set the priority of the NTP server as second
third Set its priority as third
fourth Set its priority as fourth
via-vpn-tunnel Send all NTP traffic through a VPN tunnel (Note: Set this option on VPN clients when the NTP server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
os-object <string> os-version <string>
os-object Set parameters for an OS object that the SmartPath AP can use to assign a client running a matching OS to a user profile (Max: 64 OS objects per SmartPath AP.)
<string> Enter an OS object name (1-32 chars; Note: The object name is an admin-defined name and does not have to be the name of an operating system.)
os-version Set the name and version of an operating system version (Max: 32 OS versions per OS object)
<string> Enter the exact text string that identifies an operating system as it appears in the user agent ID field in HTTP headers (1-32 chars; Note: Use quotation marks if spaces are required. Examples: "Windows NT 5.1", "Mac OS X", "Linux i686")
performance-sentinel notification-interval <number>
performance-sentinel Set performance sentinel parameters to moderate client throughput
notification-interval Set the interval for sending SNMP traps to SmartPath EMS to update the performance sentinel log
<number> Enter the performance sentinel log update interval in seconds (Default: 600; Range: 30-1800)
ping <ip_addr> [ count <number> ] [ size <number> ] [ ttl <number> ] [ timeout <number> ]
ping Perform a ping
<ip_addr> Enter the destination IP address
count Stop pinging after sending the specified number of ICMP echo requests
<number> Enter a number after sending the number of ICMP echo requests the pinging stop (Default: 5, Range: 1-65535)
size Set the size of the ICMP packets
<number> Enter the packet size in bytes (Default: 56, Range: 1-1024)
ttl Set the TTL (time to live)
<number> Enter the TTL (Range: 1-255)
timeout Set the length of time to wait for a response
<number> Enter the timeout in seconds (Default: 10; Range: 1-60)
ping <string> [ count <number> ] [ size <number> ] [ ttl <number> ] [ timeout <number> ]
ping Perform a ping
<string> Enter the destination domain name (1-32 chars)
count Set the number of ICMP echo requests to send
<number> Enter the number of ICMP echo requests (Default: 5, Range: 1-65535)
size Set the size of the ICMP packets
<number> Enter the packet size in bytes (Default: 56, Range: 1-1024)
ttl Set the TTL (time to live)
<number> Enter the TTL (Range: 1-255)
timeout Set the length of time to wait for a response
<number> Enter the timeout in seconds (Default: 10; Range: 1-60)
probe <ip_addr|mac_addr> [ size <number> ] [ src-mac <mac_addr> ] [ wait-time <number> ] [ ttl <number> ] [ count <number> ]
probe Set the probe parameters
<ip_addr> Enter the target IP or MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
size Set the probe request packet size (default: 256 bytes)
<number> Enter a packet size (range: 256-1400 bytes)
src-mac Set the Source MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
wait-time Set the timeout value (default: 1 second)
<number> Enter an timeout value (range: 1-30 seconds)
ttl Set the TTL value (default 32)
<number> Enter an TTL value (range: 1-255)
count Set probe request count (default: 5)
<number> Enter the probe request count (range: 1-64)
probe portal [ size <number> ] [ src-mac <mac_addr> ] [ wait-time <number> ] [ ttl <number> ] [ count <number> ]
probe Set the probe parameters
portal Set the target of the probe as the MAC address of the SmartPath AP acting as portal
size Set the probe request packet size (default: 256 bytes)
<number> Enter a packet size (range: 256-1400 bytes)
src-mac Set the Source MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
wait-time Set the timeout value (default: 1 second)
<number> Enter an timeout value (range: 1-30 seconds)
ttl Set the TTL value (default 32)
<number> Enter an TTL value (range: 1-255)
count Set probe request count (default: 5)
<number> Enter the probe request count (range: 1-64)
qos airtime enable
qos Set QoS (Quality of Service) parameters
airtime Set QoS parameters based on the amount of airtime that wireless client traffic uses
enable Enable dynamic airtime scheduling
qos airtime rate-preference-weight {none|moderate|high}
qos Set QoS (Quality of Service) parameters
airtime Set QoS parameters based on the amount of airtime that wireless client traffic uses
rate-preference-weight Set a preference for forwarding traffic to and from wireless clients that are capable of fast data transfer rates
none Set no preference for clients with a fast data rate (Default: high)
moderate Set a moderate preference for clients with a fast data rate (Default: high)
high Set a high preference for clients with a fast data rate (Default: high)
qos classifier-map 80211e <number> <number>
qos Set QoS (Quality of Service) parameters
classifier-map Map QoS priority markers on incoming packets to Black Box QoS classes
80211e Map IEEE 802.11e user priority markers on incoming packets to Black Box QoS classes
<number> Enter IEEE 802.11e user priority (Range: 0-7)
<number> Enter Black Box QoS class (Range: 0-7)
qos classifier-map 8021p <number> <number>
qos Set QoS (Quality of Service) parameters
classifier-map Map QoS priority markers on incoming packets to Black Box QoS classes
8021p Map IEEE 802.1p priority markers on incoming packets to Black Box QoS classes
<number> Enter IEEE 802.1p Priority (Range: 0-7)
<number> Enter Black Box QoS class (Range: 0-7)
qos classifier-map diffserv <number> <number>
qos Set QoS (Quality of Service) parameters
classifier-map Map QoS priority markers on incoming packets to Black Box QoS classes
diffserv Map diffserv DSCP (Differentiated Services Code Point) values on incoming packets to Black Box QoS classes
<number> Enter the DSCP class (Range: 0-63)
<number> Enter the Black Box QoS class (Range: 0-7)
qos classifier-map interface <ethx> <number>
qos Set QoS (Quality of Service) parameters
classifier-map Map QoS priority markers on incoming packets to Black Box QoS classes
interface Map incoming Ethernet traffic to Black Box QoS classes by its ingress interface (eth0)
<ethx> Enter the name of an Ethernet interface, where x = 0
<number> Enter the Black Box QoS class (Range: 0-7)
qos classifier-map oui <oui> [ qos <number> ] [ action {permit|deny|log} ] [ comment <string> ]
qos Set QoS (Quality of Service) parameters
classifier-map Map QoS priority markers on incoming packets to Black Box QoS classes
oui Set a MAC OUI (Organizational Unique Identifier) classification table
<oui> Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
qos Set an Black Box QoS class to the MAC
<number> Enter Black Box QoS class (Range: 0-7)
action Set an action to the MAC OUI
permit permit the packet
deny deny the packet
log log the packet
comment Add a comment to the MAC OUI
<string> Enter a comment (Maximum:32 characters) to the MAC
qos classifier-map service <string> [ qos <number> ] [ action {permit|deny|log} ]
qos Set QoS (Quality of Service) parameters
classifier-map Map QoS priority markers on incoming packets to Black Box QoS classes
service Set service-based classification table
<string> Enter service name (1 - 32 chars)
qos Set an Black Box QoS class to the service
<number> Enter the Black Box QoS class (Range: 0-7)
action Set the action to take when receiving a packet for this service
permit permit the packet
deny deny the packet
log log the packet
qos classifier-map ssid <string> <number>
qos Set QoS (Quality of Service) parameters
classifier-map Map QoS priority markers on incoming packets to Black Box QoS classes
ssid Map incoming wireless traffic to Black Box QoS classes by SSID
<string> Enter an SSID name
<number> Enter the Black Box QoS class (Range: 0-7)
qos classifier-profile <string> [ {interface/ssid-only|8021p|80211e|diffserv|interface/ssid|mac|service} ]
qos Set QoS (Quality of Service) parameters
classifier-profile Set a QoS classification profile
<string> Enter a classifier profile name (1 - 32 chars)
interface/ssid-only Classify all incoming and outgoing packets using the interface or SSID bound to this classifier profile (Note: The interface/ssid-only method cannot be combined with other methods in the same classifier profile or applied to more than one profile. This profile has precedence over all others.)
8021p Classify incoming packets by 802.1p priority markers present in layer-2 frame headers
80211e Classify incoming packets by 802.11e priority markers present in wireless frame headers
diffserv Classify incoming packets by DiffServ DSCP values present in layer-3 packet headers
interface/ssid Classify packets by the interface or SSID that they traverse (Note: If two interface/SSID classifier profiles apply to the same session, the one providing better QoS is used.)
mac Classify packets by the OUI (organizationally unique identifier) of the session participants (Note: If two OUI classifier profiles apply to the same session, the one providing better QoS is used.)
service Classify incoming packets by network service type
qos enable
qos Set QoS (Quality of Service) parameters
enable Enable QoS (Quality of Service)
qos marker-map 80211e <number> <number>
qos Set QoS (Quality of Service) parameters
marker-map Map Black Box QoS classes to QoS priority markers on outgoing packets
80211e Map Black Box QoS classes to IEEE 802.11e user priority markers on outgoing packets
<number> Enter the Black Box QoS class (Range: 0-7)
<number> Enter the IEEE 802.11e user priority (Range: 0-7)
qos marker-map 8021p <number> <number>
qos Set QoS (Quality of Service) parameters
marker-map Map Black Box QoS classes to QoS priority markers on outgoing packets
8021p Map Black Box QoS classes to IEEE 802.1p priority markers on outgoing packets
<number> Enter Black Box QoS class (Range: 0-7)
<number> Enter IEEE 802.1p Priority (Range: 0-7)
qos marker-map diffserv <number> <number>
qos Set QoS (Quality of Service) parameters
marker-map Map Black Box QoS classes to QoS priority markers on outgoing packets
diffserv Map Black Box QoS classes to diffserv DSCP (Differentiated Services Code Point) values on outgoing packets
<number> Enter the Black Box QoS class (Range: 0-7)
<number> Enter the DSCP class (Range: 0-63)
qos marker-profile <string> [ {8021p|80211e|diffserv} ]
qos Set QoS (Quality of Service) parameters
marker-profile Set a QoS marker profile
<string> Enter the marker profile name (1 - 32 chars)
8021p Set 8021p marking method
80211e Set 80211e marking method
diffserv Set diffserv marking method
qos policy <string> [ user-profile <number> <number> ] [ user <number> ] [ qos <number> {strict|wrr} <number> <number> ]
qos Set QoS (Quality of Service) parameters
policy Set a QoS (Quality of Service) policy
<string> Enter the policy name (1 - 32 chars)
user-profile Set QoS policy parameters at the user profile level
<number> Enter the user profile rate limit in kbps (Range: 0-2000000)
<number> Enter user profile's scheduling weight (Range: 0-1000)
user Set QoS parameters at user level
<number> Enter the user rate limit in kbps (Range: 0-2000000)
qos Set QoS parameters at class level
<number> Enter the Black Box QoS class (Range: 0-7)
strict Set scheduling mode to strict
wrr Set scheduling mode to wrr
<number> Enter the class rate limit in kbps (Range: 0-2000000)
<number> Enter the scheduling weight (Range: 0-1000; Note: If scheduling mode is strict, its weight must be zero.)
quit
quit Quit CLI (Command Line Interface)
radio profile <string>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
radio profile <string> acsp access channel-auto-select time-range <time> <time> [ station <number> ]
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
acsp Set parameters for ACSP (Advanced Channel Selection Protocol)
access Set access point interface parameters
channel-auto-select Set conditions for automatically selecting radio channels
time-range Set the time range when a new radio channel can be selected (Note: During this time, the radio re-evaluates the channel in use. It might switch to a different channel or continue using the same channel.)
<time> Enter the start time (Format: hh:mm; Hour Range: 00-23; Minute Range: 0-59)
<time> Enter the end time (Format: hh:mm; Hour Range: 00-23; Minute Range: 0-59)
station Set the maximum number of stations that can be connected to the SmartPath AP when selecting a channel (If more are connected during the time range, no channel selection occurs.)
<number> Enter the station maximum (Default: 0; Range: 0-100)
radio profile <string> acsp all-channels-model enable
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
acsp Set parameters for ACSP (Advanced Channel Selection Protocol)
all-channels-model Set all channels from which the radio can select the optimal channel
enable Enable all channels selection
radio profile <string> acsp channel-model 4-channels [ <channel_g4> ]
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
acsp Set parameters for ACSP (Advanced Channel Selection Protocol)
channel-model Set the pool of channels from which the radio can select the optimal channel
4-channels Set 4-channel model (Defaults: USA: 3 channels, 01-06-11, 01-04-08-11; Europe: 4 channels, 01-05-09-13, 01-06-11; Japan: 4 channels, 01-05-09-14, 01-06-11)
<channel_g4> Enter the pool of channels from which the radio can select one to use (Format: xx-xx-xx-xx;)
radio profile <string> acsp channel-model {3-channels} [ <channel_g3> ]
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
acsp Set parameters for ACSP (Advanced Channel Selection Protocol)
channel-model Set the pool of channels from which the radio can select the optimal channel
3-channels Set 3-channel model (Defaults: USA: 3 channels, 01-06-11, 01-04-08-11; Europe: 4 channels, 01-05-09-13, 01-06-11; Japan: 4 channels, 01-05-09-14, 01-06-11)
<channel_g3> Enter the pool of channels from which the radio can select one to use (Format: xx-xx-xx;)
radio profile <string> acsp interference-switch crc-err-threshold <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
acsp Set parameters for ACSP (Advanced Channel Selection Protocol)
interference-switch Set parameters for the collection of RF interference-related data and switch channels if the threshold is reached
crc-err-threshold Set an RF interference threshold based on the rate of CRC (cyclic redundancy check) errors (Note: If the rate of CRC errors exceeds this threshold, the SmartPath AP switches channels)
<number> Enter the threshold as a percent (Default: 25; Range: 10-80)
radio profile <string> acsp interference-switch iu-threshold <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
acsp Set parameters for ACSP (Advanced Channel Selection Protocol)
interference-switch Set parameters for the collection of RF interference-related data and switch channels if the threshold is reached
iu-threshold Set an RF interference threshold based on interference utilization (Note: If the percent of interference utilization exceeds this value, the SmartPath AP switches channels)
<number> Enter the threshold as a percent (Default: 25; Range: 10-80)
radio profile <string> acsp interference-switch {enable|no-station-enable|disable}
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
acsp Set parameters for ACSP (Advanced Channel Selection Protocol)
interference-switch Set parameters for the collection of RF interference-related data and switch channels if the threshold is reached
enable Enable the radio to switch channels if the RF interference threshold is reached (Default setting: no-station-enable)
no-station-enable Enable the radio to switch channels only if the RF interference threshold is reached and no stations are connected (Default setting: no-station-enable)
disable Disable the radio from switching channels because of RF interference-related data (Default setting: no-station-enable)
radio profile <string> acsp max-tx-power <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
acsp Set parameters for ACSP (Advanced Channel Selection Protocol)
max-tx-power Set radio max transmit power
<number> Enter the max transmit power (Default: 20 dBm; Range: 10-20 dBm)
radio profile <string> ampdu
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
ampdu Enable AMPDU (Aggregate MAC Protocol Data Unit) transmissions to reduce overhead when the transmission channel is busy
radio profile <string> backhaul failover [ trigger-time <number> ] [ hold-time <number> ]
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
backhaul Set parameters for failing over the backhaul link from Ethernet to wireless (Note: Only set this command on a SmartPath AP that acts as a portal.)
failover Enable backhaul communications to fail over to the wireless link if the Ethernet link goes down (Default: enabled)
trigger-time Set how long the Ethernet link must be down to trigger a failover to the wireless link
<number> Enter the failover trigger time in seconds (Default: 2; Range: 1-5)
hold-time Set how long the Ethernet link must be up to revert backhaul communications from wireless to Ethernet
<number> Enter the hold time in seconds (Default: 30; Range: 1-300)
radio profile <string> band-steering balance-band threshold <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
band-steering Distribute wireless clients that support both 2.4 and 5 GHz bands evenly across the two bands when an SSID is available on both bands
balance-band Balance clients according to an approximate ratio between 2.4 GHz and 5 GHz channels (Default: Allow four 5 GHz clients for every one 2.4 GHz client, or 80%.)
threshold Set the minimum ratio of 5 GHz clients to 2.4 GHz clients, expressed as a percentage (Example: Four 5-GHz stations to five total stations is 80%.)
<number> Enter the threshold to begin balancing band usage as a percentage (Range: 0-100; Default: 80)
radio profile <string> band-steering enable
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
band-steering Distribute wireless clients that support both 2.4 and 5 GHz bands evenly across the two bands when an SSID is available on both bands
enable Enable band steering (Default: Disabled)
radio profile <string> band-steering mode {balance-band|prefer-5g|force-5g}
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
band-steering Distribute wireless clients that support both 2.4 and 5 GHz bands evenly across the two bands when an SSID is available on both bands
mode Set the mode for band steering (Default: prefer-5g)
balance-band Balance clients according to an approximate ratio between 2.4 GHz and 5 GHz channels (Default: Allow four 5 GHz clients for every one 2.4 GHz client, or 80%.)
prefer-5g Encourage clients that are 5-GHz capable to move to the 5 GHz band by ignoring requests from them on the 2.4 GHz band (Note: If a client continues to attempt using 2.4 GHz even when offered a 5 GHz connection, the system allows it to connect at 2.4 GHz after a specified number of attempts. The default is 5.)
force-5g Answer probe requests from 5 GHz-capable clients only on 5 GHz interfaces
radio profile <string> band-steering prefer-5g suppression-limit <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
band-steering Distribute wireless clients that support both 2.4 and 5 GHz bands evenly across the two bands when an SSID is available on both bands
prefer-5g Encourage clients that are 5-GHz capable to move to the 5 GHz band by ignoring requests from them on the 2.4 GHz band (Note: If a client continues to attempt using 2.4 GHz even when offered a 5 GHz connection, the system allows it to connect at 2.4 GHz after a specified number of attempts. The default is 5.)
suppression-limit Set a limit number to the number of probe responses the system suppresses before accepting a client on the 2.4 GHz band
<number> Enter the number of probe responses the system suppresses before accepting client in the 2.4 GHz band (Default: 5; Range: 1-100)
radio profile <string> beacon-period <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
beacon-period Set the period of time between beacon broadcasts
<number> Enter the beacon period in TUs (time units, a measurement of time equal to 1024 microseconds) for the radio profile (Default: 100, Range: 40-3500)
radio profile <string> benchmark phymode 11a rate {6|9|12|18|24|36|48|54} success <number> usage <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
benchmark Set benchmark parameters for gauging the health of client connectivity
phymode Set the physical mode for which you want to measure client connectivity
11a Set benchmark parameters for 11a mode
rate Set the transmission rate that you expect clients with healthy connectivity to use (Note: You can set up to 3 rates for the same phymode)
6 Enter the transmission rate
9 Enter the transmission rate
12 Enter the transmission rate
18 Enter the transmission rate
24 Enter the transmission rate
36 Enter the transmission rate
48 Enter the transmission rate
54 Enter the transmission rate
success Set the percent of packets that you expect clients with healthy connectivity to transmit successfully
<number> Enter the percent for successfully transmitted packets (Range: 1-100)
usage Set the percent of time that you expect clients with healthy connectivity to transmit at the defined rate
<number> Enter the percent of time that clients transmit at the defined rate (Range: 1-100)
radio profile <string> benchmark phymode 11b rate {1|2|5.5|11} success <number> usage <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
benchmark Set benchmark parameters for gauging the health of client connectivity
phymode Set the physical mode for which you want to measure client connectivity
11b Set benchmark parameters for 11b mode
rate Set the transmission rate that you expect clients with healthy connectivity to use (Note: You can set up to 3 rates for the same phymode)
1 Enter the transmission rate
2 Enter the transmission rate
5.5 Enter the transmission rate
11 Enter the transmission rate
success Set the percent of packets that you expect clients with healthy connectivity to transmit successfully
<number> Enter the percent for successfully transmitted packets (Range: 1-100)
usage Set the percent of time that you expect clients with healthy connectivity to transmit at the defined rate
<number> Enter the percent of time that clients transmit at the defined rate (Range: 1-100)
radio profile <string> benchmark phymode 11g rate {1|2|5.5|11|6|9|12|18|24|36|48|54} success <number> usage <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
benchmark Set benchmark parameters for gauging the health of client connectivity
phymode Set the physical mode for which you want to measure client connectivity
11g Set benchmark parameters for 11g mode
rate Set the transmission rate that you expect clients with healthy connectivity to use (Note: You can set up to 3 rates for the same phymode)
1 Enter the transmission rate
2 Enter the transmission rate
5.5 Enter the transmission rate
11 Enter the transmission rate
6 Enter the transmission rate
9 Enter the transmission rate
12 Enter the transmission rate
18 Enter the transmission rate
24 Enter the transmission rate
36 Enter the transmission rate
48 Enter the transmission rate
54 Enter the transmission rate
success Set the percent of packets that you expect clients with healthy connectivity to transmit successfully
<number> Enter the percent for successfully transmitted packets (Range: 1-100)
usage Set the percent of time that you expect clients with healthy connectivity to transmit at the defined rate
<number> Enter the percent of time that clients transmit at the defined rate (Range: 1-100)
radio profile <string> benchmark phymode 11n rate {6|9|12|18|24|36|48|54|mcs0|mcs1|mcs2|mcs3|mcs4|mcs5|mcs6|mcs7|mcs8|mcs9|mcs10|mcs11|mcs12|mcs13|mcs14|mcs15} success <number> usage <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
benchmark Set benchmark parameters for gauging the health of client connectivity
phymode Set the physical mode for which you want to measure client connectivity
11n Set benchmark parameters for 11n mode
rate Set the transmission rate that you expect clients with healthy connectivity to use (Note: You can set up to 3 rates for the same phymode)
6 Enter the transmission rate
9 Enter the transmission rate
12 Enter the transmission rate
18 Enter the transmission rate
24 Enter the transmission rate
36 Enter the transmission rate
48 Enter the transmission rate
54 Enter the transmission rate
mcs0 Enter the transmission rate
mcs1 Enter the transmission rate
mcs2 Enter the transmission rate
mcs3 Enter the transmission rate
mcs4 Enter the transmission rate
mcs5 Enter the transmission rate
mcs6 Enter the transmission rate
mcs7 Enter the transmission rate
mcs8 Enter the transmission rate
mcs9 Enter the transmission rate
mcs10 Enter the transmission rate
mcs11 Enter the transmission rate
mcs12 Enter the transmission rate
mcs13 Enter the transmission rate
mcs14 Enter the transmission rate
mcs15 Enter the transmission rate
success Set the percent of packets that you expect clients with healthy connectivity to transmit successfully
<number> Enter the percent for successfully transmitted packets (Range: 1-100)
usage Set the percent of time that you expect clients with healthy connectivity to transmit at the defined rate
<number> Enter the percent of time that clients transmit at the defined rate (Range: 1-100)
radio profile <string> channel-width {20|40-above|40-below}
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
channel-width Set the channel width and the extensive channel offset when channel width is 40 MHz
20 Enter the channel width and extensive channel offset (Default: 20 Mhz)
40-above Enter the channel width and extensive channel offset (Default: 20 Mhz)
40-below Enter the channel width and extensive channel offset (Default: 20 Mhz)
radio profile <string> client-load-balance crc-error-limit <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
client-load-balance Enable the SmartPath AP to engage in client load balancing with neighboring cluster members and set client load balancing parameters
crc-error-limit Set the maximum CRC (cyclic redundancy check) error rate that the SmartPath AP will tolerate before ignoring probes and association requests
<number> Enter the maximum CRC error rate as a percent (Default: 30; Range: 1-99)
radio profile <string> client-load-balance enable
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
client-load-balance Enable the SmartPath AP to engage in client load balancing with neighboring cluster members and set client load balancing parameters
enable Enable client load balancing (Default: Disabled)
radio profile <string> client-load-balance hold-time <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
client-load-balance Enable the SmartPath AP to engage in client load balancing with neighboring cluster members and set client load balancing parameters
hold-time Set the amount of time that a client must be associated with a SmartPath AP before it can roam (Note: Roaming before the hold time elapses is allowed if the client SNR is below the SNR threshold, the owner SmartPath AP is overloaded, or the client is experiencing a high level of interference.)
<number> Enter the hold time for clients in seconds (Default: 60; Range: 10-600)
radio profile <string> client-load-balance interference-limit <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
client-load-balance Enable the SmartPath AP to engage in client load balancing with neighboring cluster members and set client load balancing parameters
interference-limit Set the maximum amount of RF interference that the SmartPath AP will tolerate before ignoring probes and association requests
<number> Enter the maximum interference limit as a percent (Default: 40; Range: 1-99)
radio profile <string> client-load-balance mode {airtime|sta-num}
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
client-load-balance Enable the SmartPath AP to engage in client load balancing with neighboring cluster members and set client load balancing parameters
mode Set the mode for balancing client load with neighboring cluster members (Default: airtime)
airtime Enable load balancing based on airtime; that is, on the amount of the wireless medium being used
sta-num Enable load balancing based on the total number of clients associated with the device
radio profile <string> client-load-balance neighbor-load-query-interval <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
client-load-balance Enable the SmartPath AP to engage in client load balancing with neighboring cluster members and set client load balancing parameters
neighbor-load-query-interval Set the time interval to query neighboring SmartPath APs for load information
<number> Enter the load query time interval in seconds (Range: 1-600; Default: 60)
radio profile <string> client-load-balance sta-mini-airtime <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
client-load-balance Enable the SmartPath AP to engage in client load balancing with neighboring cluster members and set client load balancing parameters
sta-mini-airtime Set the minimum average percent of airtime consumed by all clients associated with the SmartPath AP before it begins ignoring probes and association requests from new client
<number> Enter the minimum station airtime as a percent (Default: 4; Range: 1-5)
radio profile <string> deny-client {11b|11abg}
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
deny-client Deny connections from wireless clients using the specified standards
11b Deny connections from wireless clients using the 802.11b standard (Default: All connections are accepted)
11abg Deny connections from wireless clients using the 802.11a/b/g standard (Default: All connections are accepted; Note: This option is only allowed for radio profiles supporting 802.11n)
radio profile <string> detect-bssid-spoofing
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
detect-bssid-spoofing Enable the detection of spoofed BSSIDs (Default: Disabled)
radio profile <string> dfs
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
dfs Enable DFS (Dynamic Frequency Selection) so the radio can switch channels automatically when detecting a radar signal (Default: Disabled)
radio profile <string> dfs radar-detect-only
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
dfs Enable DFS (Dynamic Frequency Selection) so the radio can switch channels automatically when detecting a radar signal (Default: Disabled)
radar-detect-only Enable radar signal detection but do not change channels if it is detected (Default: Disabled)
radio profile <string> high-density broadcast-probe-suppress enable
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
high-density Set parameters to reduce management traffic and improve the processing of client traffic in a high-density RF environment
broadcast-probe-suppress Suppress the broadcast of probe responses
enable Enable the suppression of broadcast probe responses (Default: Disabled)
radio profile <string> high-density continuous-probe-suppress enable
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
high-density Set parameters to reduce management traffic and improve the processing of client traffic in a high-density RF environment
continuous-probe-suppress Suppress subsequent transmissions of probe responses to clients that send multiple probe requests within the same beacon interval
enable Enable the suppression of subsequent probe responses (Default: Disabled)
radio profile <string> high-density enable
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
high-density Set parameters to reduce management traffic and improve the processing of client traffic in a high-density RF environment
enable Enable high-density settings (Default: Disabled)
radio profile <string> high-density mgmt-frame-tx-rate {low|high}
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
high-density Set parameters to reduce management traffic and improve the processing of client traffic in a high-density RF environment
mgmt-frame-tx-rate Set the management frame transmit bit rate as low or high (Note: This setting also applies to broadcast and multicast data frame bit rates and unicast data frame retry bit rates.)
low Set the basic transmit rate for a high density deployment as low (Default: Low)
high Set the basic transmit rate for a high density deployment as high (Default: Low)
radio profile <string> interference-map crc-err-threshold <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
interference-map Set parameters for the collection of RF interference-related data and the reporting of this data to SmartPath EMS
crc-err-threshold Set an RF interference threshold based on the rate of CRC (cyclic redundancy check) errors (Note: If the rate of CRC errors exceeds this threshold, the SmartPath AP alerts SmartPath EMS to switch from its regular polling interval to a shorter one)
<number> Enter the threshold as a percent (Default: 20; Range: 15-60)
radio profile <string> interference-map cu-threshold <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
interference-map Set parameters for the collection of RF interference-related data and the reporting of this data to SmartPath EMS
cu-threshold Set an RF interference threshold based on channel utilization (Note: If the percent of channel utilization exceeds this value, the SmartPath AP alerts SmartPath EMS to switch from its regular polling interval to a shorter one)
<number> Enter the threshold as a percent (Default: 20; Range: 15-60)
radio profile <string> interference-map enable
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
interference-map Set parameters for the collection of RF interference-related data and the reporting of this data to SmartPath EMS
enable Enable the collection and reporting of RF interference-related data to SmartPath EMS
radio profile <string> interference-map short-term-interval <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
interference-map Set parameters for the collection of RF interference-related data and the reporting of this data to SmartPath EMS
short-term-interval Set the interval during which the SmartPath AP calculates a short-term average of channel utilization and CRC errors (Note: The SmartPath AP calculates three averages: a running average, a configurable short-term average, and a 60-second snapshot average)
<number> Enter the short-term interval in minutes (Default: 5; Range: 5-30)
radio profile <string> max-client <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
max-client Set radio profile's max number of clients/neighbors
<number> Enter the maximum number of clients (Range: 1-100)
radio profile <string> phymode {11a|11b/g|11na|11ng}
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
phymode Set the physical mode of the radio profile
11a Set the physical mode to 11a (Default: 11b/g)
11b/g Set the physical mode to 11b/g (Default: 11b/g)
11na Set the physical mode to 11na (Default: 11b/g)
11ng Set the physical mode to 11ng (Default: 11b/g)
radio profile <string> receive-chain <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
receive-chain Set the number of receive chains for frame reception
<number> Enter the number of receive chains (Default: 2; Range: 1-2)
radio profile <string> safety-net enable
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
safety-net Enable the SmartPath AP, when it is in an overloaded state or if the client's SNR is low, to respond to a client making association requests after the timeout period elapses
enable Enable safety net checking (Default: Enabled)
radio profile <string> safety-net timeout <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
safety-net Enable the SmartPath AP, when it is in an overloaded state or if the client's SNR is low, to respond to a client making association requests after the timeout period elapses
timeout Set the maximum length of time to ignore association requests from a client when the SmartPath AP is in an overloaded state or if the client's SNR is low
<number> Enter the timeout in seconds (Default: 60; Range: 5-300)
radio profile <string> scan access
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
scan Enable scanning to detect neighboring APs
access Enable scanning for interfaces in access mode (Default: Enabled)
radio profile <string> scan access client
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
scan Enable scanning to detect neighboring APs
access Enable scanning for interfaces in access mode (Default: Enabled)
client Allow scanning to occur when clients are connected (Default: Allowed)
radio profile <string> scan access client power-save
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
scan Enable scanning to detect neighboring APs
access Enable scanning for interfaces in access mode (Default: Enabled)
client Allow scanning to occur when clients are connected (Default: Allowed)
power-save Allow scanning to occur when connected clients are in a power save state (Default: Disallowed)
radio profile <string> scan access interval <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
scan Enable scanning to detect neighboring APs
access Enable scanning for interfaces in access mode (Default: Enabled)
interval Set the scan interval
<number> Enter the scan interval in minutes (Default: 10 minutes; Range: 1-1440)
radio profile <string> scan access voice
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
scan Enable scanning to detect neighboring APs
access Enable scanning for interfaces in access mode (Default: Enabled)
voice Allow scanning to occur while processing voice traffic (Default: Disallowed)
radio profile <string> short-guard-interval
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
short-guard-interval Enable the short guard interval option (400ns) to avoid inter-symbol interference and improve media throughput (Note: This is only valid in 40-MHz channel mode.)
radio profile <string> short-preamble
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
short-preamble Set short preamble mode of radio profile
radio profile <string> transmit-chain <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
transmit-chain Set the number of transmit chains for frame transmission or configure the SmartPath AP to determine them automatically
<number> Enter the number of transmit chains (Default: 2; Range: 1-2)
radio profile <string> tx-rate {auto|1Mbps|2Mbps|5.5Mbps|6Mbps|9Mbps|11Mbps|12Mbps|18Mbps|24Mbps|36Mbps|48Mbps|54Mbps|MCS0|MCS1|MCS2|MCS3|
MCS4|MCS5|MCS6|MCS7|MCS8|MCS9|MCS10|MCS11|MCS12|MCS13|MCS14|MCS15|MCS16|MCS17|MCS18|MCS19|MCS20|MCS21|MCS22|MCS23}
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
tx-rate Set the Tx (transmission) rate for the radio profile
auto Set the radio to determine its transmission rate automatically (Default: auto; Range: 1-54 Mbps)
1Mbps Set the transmit rate as 1Mbps (Only for 802.11bg and 802.11ng)
2Mbps Set the transmit rate as 2Mbps (Only for 802.11bg and 802.11ng)
5.5Mbps Set the transmit rate as 5.5Mbps (Only for 802.11bg and 802.11ng)
6Mbps Set the transmit rate as 6Mbps
9Mbps Set the transmit rate as 9Mbps
11Mbps Set the transmit rate as 11Mbps (Only for 802.11bg and 802.11ng)
12Mbps Set the transmit rate as 12Mbps
18Mbps Set the transmit rate as 18Mbps
24Mbps Set the transmit rate as 24Mbps
36Mbps Set the transmit rate as 36Mbps
48Mbps Set the transmit rate as 48Mbps
54Mbps Set the transmit rate as 54Mbps
MCS0 Set the transmit rate as MCS0
MCS1 Set the transmit rate as MCS1
MCS2 Set the transmit rate as MCS2
MCS3 Set the transmit rate as MCS3
MCS4 Set the transmit rate as MCS4
MCS5 Set the transmit rate as MCS5
MCS6 Set the transmit rate as MCS6
MCS7 Set the transmit rate as MCS7
MCS8 Set the transmit rate as MCS8
MCS9 Set the transmit rate as MCS9
MCS10 Set the transmit rate as MCS10
MCS11 Set the transmit rate as MCS11
MCS12 Set the transmit rate as MCS12
MCS13 Set the transmit rate as MCS13
MCS14 Set the transmit rate as MCS14
MCS15 Set the transmit rate as MCS15
MCS16 Set the transmit rate as MCS16 (Only for the SmartPath AP 330 and 350)
MCS17 Set the transmit rate as MCS17 (Only for the SmartPath AP 330 and 350)
MCS18 Set the transmit rate as MCS18 (Only for the SmartPath AP 330 and 350)
MCS19 Set the transmit rate as MCS19 (Only for the SmartPath AP 330 and 350)
MCS20 Set the transmit rate as MCS20 (Only for the SmartPath AP 330 and 350)
MCS21 Set the transmit rate as MCS21 (Only for the SmartPath AP 330 and 350)
MCS22 Set the transmit rate as MCS22 (Only for the SmartPath AP 330 and 350)
MCS23 Set the transmit rate as MCS23 (Only for the SmartPath AP 330 and 350)
radio profile <string> weak-snr-suppress enable
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
weak-snr-suppress Set parameters to determine when the SNR (signal-to-noise ratio) for a client is weak, and enable the SmartPath AP to ignore probes and association requests from clients with weak SNRs
enable Enable the suppression of probe responses when the client SNR is weak (Default: Disabled)
radio profile <string> weak-snr-suppress threshold <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
weak-snr-suppress Set parameters to determine when the SNR (signal-to-noise ratio) for a client is weak, and enable the SmartPath AP to ignore probes and association requests from clients with weak SNRs
threshold Set the minium amount of SNR(signal-to-noise ratio) that the SmartPath AP will accepting probes and association requests
<number> Enter threshold of weak snr suppress in dB (Default: 15, Range: 1-100)
radio profile <string> wmm ac {background|best-effort|video|voice} aifs <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
wmm Set Wi-Fi Multimedia parameters
ac Set Access Category parameters
background Set background access category parameters
best-effort Set best-effort access category parameters
video Set video access category parameters
voice Set voice access category parameters
aifs Set AIFS (arbitration interframe space) parameters
<number> Set the AIFS value (Range: 0-15)
radio profile <string> wmm ac {background|best-effort|video|voice} cwmax <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
wmm Set Wi-Fi Multimedia parameters
ac Set Access Category parameters
background Set background access category parameters
best-effort Set best-effort access category parameters
video Set video access category parameters
voice Set voice access category parameters
cwmax Set maximal contention window parameters
<number> contention window maximal value (Range: 1-15)
radio profile <string> wmm ac {background|best-effort|video|voice} cwmin <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
wmm Set Wi-Fi Multimedia parameters
ac Set Access Category parameters
background Set background access category parameters
best-effort Set best-effort access category parameters
video Set video access category parameters
voice Set voice access category parameters
cwmin Set minimal contention window parameters
<number> Set contention window minimal value (Range: 1-15)
radio profile <string> wmm ac {background|best-effort|video|voice} noack
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
wmm Set Wi-Fi Multimedia parameters
ac Set Access Category parameters
background Set background access category parameters
best-effort Set best-effort access category parameters
video Set video access category parameters
voice Set voice access category parameters
noack Set no acknowledgments
radio profile <string> wmm ac {background|best-effort|video|voice} txoplimit <number>
radio Set radio profile parameters
profile Set radio profile parameters
<string> Enter a radio profile name (1-32 characters)
wmm Set Wi-Fi Multimedia parameters
ac Set Access Category parameters
background Set background access category parameters
best-effort Set best-effort access category parameters
video Set video access category parameters
voice Set voice access category parameters
txoplimit Set transmission opportunity limit parameters
<number> Set transmission opportunity limit value (Range: 0-8192; Note: Your input must be multiples of 64)
reboot
reboot Reboot the system
reboot date <date> time <time>
reboot Reboot the system
date Schedule the system to reboot at a specific date and time
<date> Enter the date when you want the system to reboot (Format: yyyy-mm-dd; Default: The current date provided by SmartPath OS)
time Set the time when you want the system to reboot
<time> Enter the time (Format: hh:mm:ss; Default: 00:00:00)
reboot offset <time>
reboot Reboot the system
offset Schedule the system to reboot at a time relative to the moment you enter the command
<time> Enter the length of time after which the system will reboot (Maximum: 24 hours from the time you enter the command; Format: hh:mm:ss; Default:00:00:00)
reboot {backup|current}
reboot Reboot the system
backup Load the backup SmartPath OS image when rebooting (Default image to load when rebooting after saving a new image: backup; Default image to load when rebooting at all other times: current)
current Load the currently running SmartPath OS image when rebooting
reboot {backup|current} date <date> time <time>
reboot Reboot the system
backup Load the backup SmartPath OS image when rebooting (Default image to load when rebooting after saving a new image: backup; Default image to load when rebooting at all other times: current)
current Load the currently running SmartPath OS image when rebooting
date Schedule the system to reboot at a specific date and time
<date> Enter the date when you want the system to reboot (Format: yyyy-mm-dd; Default: The current date provided by SmartPath OS)
time Set the time when you want the system to reboot
<time> Enter the time (Format: hh:mm:ss; Default: 00:00:00)
reboot {backup|current} offset <time>
reboot Reboot the system
backup Load the backup SmartPath OS image when rebooting (Default image to load when rebooting after saving a new image: backup; Default image to load when rebooting at all other times: current)
current Load the currently running SmartPath OS image when rebooting
offset Schedule the system to reboot at a time relative to the moment you enter the command
<time> Enter the length of time after which the system will reboot (Maximum: 24 hours from the time you enter the command; Format: hh:mm:ss; Default:00:00:00)
report statistic alarm-threshold client {tx-drop-rate|rx-drop-rate|tx-retry-rate|airtime-consumption} <number>
report Set the parameters for gathering traffic statistics and reporting them to SmartPath EMS
statistic Set the periodic reporting of interface-level and client-level traffic statistics
alarm-threshold Set the alarm threshold for the CRC error rate, Tx/Rx drop rate, and Tx retry rate(Note: If the rate exceeds the threshold, the SmartPath AP sends an alarm to SmartPath EMS.)
client Set the Tx/Rx drop rate, Tx retry rate, and airtime consumption alarm threshold of clients
tx-drop-rate Set the Tx drop rate alarm threshold for clients (Default: 40%)
rx-drop-rate Set the Rx drop rate alarm threshold for clients (Default: 40%)
tx-retry-rate Set the Tx retry rate alarm threshold for clients (Default: 40%)
airtime-consumption Set the airtime consumption (Tx airtime percentage + Rx airtime percentage) alarm threshold for clients (Default: 30%)
<number> Enter the alarm threshold (Range: 1-100)
report statistic alarm-threshold interface {crc-error-rate|tx-drop-rate|rx-drop-rate|tx-retry-rate|airtime-consumption} <number>
report Set the parameters for gathering traffic statistics and reporting them to SmartPath EMS
statistic Set the periodic reporting of interface-level and client-level traffic statistics
alarm-threshold Set the alarm threshold for the CRC error rate, Tx/Rx drop rate, and Tx retry rate(Note: If the rate exceeds the threshold, the SmartPath AP sends an alarm to SmartPath EMS.)
interface Set the CRC error rate, Tx/Rx drop rate, Tx retry rate, and airtime consumption alarm threshold of wifi interfaces
crc-error-rate Set CRC error rate alarm threshold for the wifi interfaces (Default: 30%)
tx-drop-rate Set the Tx drop rate alarm threshold for the wifi interfaces (Default: 40%)
rx-drop-rate Set the Rx drop rate alarm threshold for the wifi interfaces (Default: 40%)
tx-retry-rate Set the Tx retry rate alarm threshold for the wifi interfaces (Default: 40%)
airtime-consumption Set the airtime consumption (Tx airtime percentage + Rx airtime percentage) alarm threshold for the wifi interfaces (Default: 50%)
<number> Enter the alarm threshold (Range: 1-100)
report statistic enable
report Set the parameters for gathering traffic statistics and reporting them to SmartPath EMS
statistic Set the periodic reporting of interface-level and client-level traffic statistics
enable Enable the creation of traffic statistics reports
report statistic period <number>
report Set the parameters for gathering traffic statistics and reporting them to SmartPath EMS
statistic Set the periodic reporting of interface-level and client-level traffic statistics
period Set the time interval for gathering traffic statistics and calculating percentages
<number> Enter the time interval (Default: 10 minutes; Range: 1-60)
reset config [ {bootstrap} ]
reset Return the configuration to its default settings or the files in a web directory to the default file set
config Reset the configuration to the factory default settings and reboot
bootstrap Clear bootstrap configuration
reset web-directory [ <string> [ {save-to-flash} ] ]
reset Return the configuration to its default settings or the files in a web directory to the default file set
web-directory Reset the files in all web directories, in a specific directory, or in directories referenced by SSIDs to the default file set
<string> Enter the web directory name to reset files in the directory to the default file set (1-32 characters)
save-to-flash Save the default set of files in the specified directory to flash memory
reset web-directory all-running-ssid
reset Return the configuration to its default settings or the files in a web directory to the default file set
web-directory Reset the files in all web directories, in a specific directory, or in directories referenced by SSIDs to the default file set
all-running-ssid Reset the web directories for all SSIDs to the default file set
reset-button reset-config-enable
reset-button Enable the reset button on the SmartPath AP chassis to reset the SmartPath AP config
reset-config-enable Enable the reset button to reset the SmartPath AP to its factory default settings or, if set, to a bootstrap config (Default: enabled)
roaming cache update-interval <number> ageout <number>
roaming Set roaming parameter
cache Set the interval between updates and the number of times to update station's roaming cache
update-interval Set the interval for sending roaming cache updates to neighbors
<number> Enter the roaming cache update interval in seconds (Default: 60; Range: 10-36000)
ageout Set how many times an entry must be absent from a neighbors updates before removing it from the roaming cache
<number> Enter the number of absences required to remove an entry (Default:60; Range: 1-1000)
roaming cache-broadcast neighbor-type access enable
roaming Set roaming parameter
cache-broadcast Set parameters for broadcasting roaming cache data to cluster neighbors
neighbor-type Set the type of neighbor to which you want to broadcast roaming cache data
access Broadcast roaming cache data to cluster neighbors discovered through wireless access links
enable Enable the broadcasting of roaming cache data to cluster neighbors over wireless access links (Default: Enabled)
roaming cache-broadcast neighbor-type backhaul enable
roaming Set roaming parameter
cache-broadcast Set parameters for broadcasting roaming cache data to cluster neighbors
neighbor-type Set the type of neighbor to which you want to broadcast roaming cache data
backhaul Broadcast roaming cache data to cluster neighbors discovered through Ethernet and wireless backhaul links
enable Enable the broadcasting of roaming cache data to cluster neighbors over backhaul links (Default: Enabled)
roaming hop <number>
roaming Set roaming parameter
hop Set the number of SmartPath APs away from the source SmartPath AP to which it sends station authentication information
<number> Set roaming hop value (Defaule: 1, Range: 0-16)
roaming neighbor exclude ip <ip_addr>
roaming Set roaming parameter
neighbor Set which SmartPath APs to include or exclude as neighbors (Maximum number of neighbors is 32) or roaming neighbor querying parameters
exclude Exclude dynamic roaming neighbor
ip Set IP address parameter for static roaming neighbor
<ip_addr> Enter IP address for static roaming neighbor
roaming neighbor include ip <ip_addr> <netmask>
roaming Set roaming parameter
neighbor Set which SmartPath APs to include or exclude as neighbors (Maximum number of neighbors is 32) or roaming neighbor querying parameters
include Include dynamic roaming neighbor
ip Set IP address parameter for static roaming neighbor
<ip_addr> Enter IP address for static roaming neighbor
<netmask> Enter netmask for static roaming neighbor
roaming neighbor query-interval <number> query-times <number>
roaming Set roaming parameter
neighbor Set which SmartPath APs to include or exclude as neighbors (Maximum number of neighbors is 32) or roaming neighbor querying parameters
query-interval Set roaming neighbor query interval
<number> Enter roaming neighbor query interval (Default: 10 secs; Min: 5; Max: 360000)
query-times Set roaming neighbor query times
<number> Enter roaming neighbor query times (Default: 5; Min: 2; Max: 1000)
roaming port <number>
roaming Set roaming parameter
port Set the port number that cluster members use when sending roaming control data to each other
<number> Enter the port number for L3 roaming control traffic (Default: 3000; Range: 1500-65000; Note: The new setting must be at least 50 more or 50 less than the current setting.)
route <mac_addr> outgoing-interface <string> next-hop <mac_addr>
route Set a MAC address route
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
outgoing-interface Set outgoing interface
<string> Enter interface name
next-hop Set the MAC address of the next hop in the L2 forwarding route
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
save config <location> bootstrap
save Save a configuration, SmartPath OS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the SmartPath AP to a remote server, from a remote server to the SmartPath AP, or from DRAM to flash as the current or bootstrap config
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
bootstrap Save a configuration to the bootstrap configuration
save config <location> current
save Save a configuration, SmartPath OS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the SmartPath AP to a remote server, from a remote server to the SmartPath AP, or from DRAM to flash as the current or bootstrap config
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
current Save a configuration to the current configuration
save config <location> current <time> [ <date> ]
save Save a configuration, SmartPath OS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the SmartPath AP to a remote server, from a remote server to the SmartPath AP, or from DRAM to flash as the current or bootstrap config
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
current Save a configuration to the current configuration
<time> Enter the time that you want the system to reboot (Format: hh:mm:ss)
<date> Enter the date that you want the system to reboot (Format: yyyy-mm-dd)
save config <location> current now
save Save a configuration, SmartPath OS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the SmartPath AP to a remote server, from a remote server to the SmartPath AP, or from DRAM to flash as the current or bootstrap config
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
current Save a configuration to the current configuration
now Save the configuration and reboot the system immediately
save config <location> current offset <time>
save Save a configuration, SmartPath OS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the SmartPath AP to a remote server, from a remote server to the SmartPath AP, or from DRAM to flash as the current or bootstrap config
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
current Save a configuration to the current configuration
offset Set a relative time for the system to reboot
<time> Schedule the system to reboot at a relative time (Maximum: 24 hours from the time you enter the command; Format: hh:mm:ss)
save config <url> bootstrap [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, SmartPath OS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the SmartPath AP to a remote server, from a remote server to the SmartPath AP, or from DRAM to flash as the current or bootstrap config
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
bootstrap Save the config file for the SmartPath AP to use as its bootstrap configuration, which is the one it loads if it fails to load the current and backup config files or if you enter the 'reset config' command
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save config <url> current <time> [ <date> ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, SmartPath OS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the SmartPath AP to a remote server, from a remote server to the SmartPath AP, or from DRAM to flash as the current or bootstrap config
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
current Save the config file for the SmartPath AP to use as its current configuration, which is the one it loads when booting u
<time> Enter the time that you want the system to reboot (Format: hh:mm:ss)
<date> Enter the date that you want the system to reboot (Format: yyyy-mm-dd)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save config <url> current [ {now} ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, SmartPath OS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the SmartPath AP to a remote server, from a remote server to the SmartPath AP, or from DRAM to flash as the current or bootstrap config
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
current Save the config file for the SmartPath AP to use as its current configuration, which is the one it loads when booting u
now Save the configuration and reboot the system immediately
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save config <url> current offset <time> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, SmartPath OS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the SmartPath AP to a remote server, from a remote server to the SmartPath AP, or from DRAM to flash as the current or bootstrap config
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
current Save the config file for the SmartPath AP to use as its current configuration, which is the one it loads when booting u
offset Set a relative time for the system to reboot
<time> Schedule the system to reboot at a relative time (Maximum: 24 hours from the time you enter the command; Format: hh:mm:ss)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save config [ running current ]
save Save a configuration, SmartPath OS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the SmartPath AP to a remote server, from a remote server to the SmartPath AP, or from DRAM to flash as the current or bootstrap config
running Save a configuration from the running configuration
current Save a configuration to the current configuration
save config bootstrap <location>
save Save a configuration, SmartPath OS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the SmartPath AP to a remote server, from a remote server to the SmartPath AP, or from DRAM to flash as the current or bootstrap config
bootstrap Save the bootstrap configuration to a remote server
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
save config current <location>
save Save a configuration, SmartPath OS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the SmartPath AP to a remote server, from a remote server to the SmartPath AP, or from DRAM to flash as the current or bootstrap config
current Save the current configuration to a remote server or to the bootstrap config
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
save config current bootstrap
save Save a configuration, SmartPath OS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the SmartPath AP to a remote server, from a remote server to the SmartPath AP, or from DRAM to flash as the current or bootstrap config
current Save the current configuration to a remote server or to the bootstrap config
bootstrap Save a configuration to the bootstrap configuration
save config running bootstrap
save Save a configuration, SmartPath OS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the SmartPath AP to a remote server, from a remote server to the SmartPath AP, or from DRAM to flash as the current or bootstrap config
running Save a configuration from the running configuration
bootstrap Save a configuration to the bootstrap configuration
save config users [ bootstrap ]
save Save a configuration, SmartPath OS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the SmartPath AP to a remote server, from a remote server to the SmartPath AP, or from DRAM to flash as the current or bootstrap config
users Save private PSK user accounts to the current or bootstrap configuration
bootstrap Save private PSK user accounts to the bootstrap configuration
save config {current|bootstrap} <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, SmartPath OS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
config Save a configuration from the SmartPath AP to a remote server, from a remote server to the SmartPath AP, or from DRAM to flash as the current or bootstrap config
current Save the current configuration to a remote server or to the bootstrap config
bootstrap Save the bootstrap configuration to a remote server
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save image <location> <time> [ <date> ] [ limit <number> ]
save Save a configuration, SmartPath OS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
image Save a SmartPath OS image to the SmartPath AP
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
<time> Enter the time that you want the system to reboot (Format: hh:mm:ss)
<date> Enter the date that you want the system to reboot (Format: yyyy-mm-dd)
limit Limit the amount of bandwidth used for uploading the image file
<number> Enter the bandwidth limit in Kbps (Default: maximum available bandwidth; Range:10 - 1000000)
save image <location> [ {now} ] [ limit <number> ]
save Save a configuration, SmartPath OS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
image Save a SmartPath OS image to the SmartPath AP
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
now Save the image and reboot the system immediately
limit Limit the amount of bandwidth used for uploading the image file
<number> Enter the bandwidth limit in Kbps (Default: maximum available bandwidth; Range:10 - 1000000)
save image <location> offset <time> [ limit <number> ]
save Save a configuration, SmartPath OS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
image Save a SmartPath OS image to the SmartPath AP
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
offset Set a relative time for the system to reboot
<time> Schedule the system to reboot at a relative time (Maximum: 24 hours from the time you enter the command; Format: hh:mm:ss)
limit Limit the amount of bandwidth used for uploading the image file
<number> Enter the bandwidth limit in Kbps (Default: maximum available bandwidth; Range:10 - 1000000)
save image <url> <time> [ <date> ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, SmartPath OS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
image Save a SmartPath OS image to the SmartPath AP
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
<time> Enter the time that you want the system to reboot (Format: hh:mm:ss)
<date> Enter the date that you want the system to reboot (Format: yyyy-mm-dd)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save image <url> [ {now} ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, SmartPath OS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
image Save a SmartPath OS image to the SmartPath AP
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
now Save the image and reboot the system immediately
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save image <url> offset <time> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, SmartPath OS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
image Save a SmartPath OS image to the SmartPath AP
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
offset Set a relative time for the system to reboot
<time> Schedule the system to reboot at a relative time (Maximum: 24 hours from the time you enter the command; Format: hh:mm:ss)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save radius-server-key {radius-server|ldap-client} <location>
save Save a configuration, SmartPath OS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
radius-server-key Save certificate files for the local SmartPath AP RADIUS server to use
radius-server Save certificates that the local SmartPath AP uses when functioning as a RADIUS server
ldap-client Save certificates that the local SmartPath AP uses when functioning as an LDAP client
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
save radius-server-key {radius-server|ldap-client} <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, SmartPath OS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
radius-server-key Save certificate files for the local SmartPath AP RADIUS server to use
radius-server Save certificates that the local SmartPath AP uses when functioning as a RADIUS server
ldap-client Save certificates that the local SmartPath AP uses when functioning as an LDAP client
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save server-files
save Save a configuration, SmartPath OS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
server-files Save certificate and private key files used by the internal web and RADIUS servers and VPN from DRAM to flash memory for persistent storage after reboots (Note: For security reasons, these files are saved only in DRAM by default.)
save users <location>
save Save a configuration, SmartPath OS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
users Save private PSK (preshared key) configurations
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
save users <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, SmartPath OS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
users Save private PSK (preshared key) configurations
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save vpn {ca-cert|ee-cert|private-key} <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, SmartPath OS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
vpn Save a VPN certificate or private key file
ca-cert Save a CA (certificate authority) certificate for the SmartPath AP to verify its IKE peer's certificate
ee-cert Save an end-entity certificate for the SmartPath AP to use when authenticating itself to an IKE peer
private-key Save the private key for the SmartPath AP to use when creating its RSA signature
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save vpn {ee-cert|private-key|ca-cert} <location>
save Save a configuration, SmartPath OS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
vpn Save a VPN certificate or private key file
ee-cert Save an end-entity certificate for the SmartPath AP to use when authenticating itself to an IKE peer
private-key Save the private key for the SmartPath AP to use when creating its RSA signature
ca-cert Save a CA (certificate authority) certificate for the SmartPath AP to verify its IKE peer's certificate
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
save web-page [ ppsk-self-reg ] web-directory <string> <location>
save Save a configuration, SmartPath OS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
web-page Save a file for use with the internal web server
ppsk-self-reg Save a file to the private PSK self-registration web directory (Note: The SmartPath AP, as a private PSK server, uses these files to respond to self-registration requests.)
web-directory Save a file to a specific web directory
<string> Enter the web directory name
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
save web-page [ ppsk-self-reg ] web-directory <string> <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, SmartPath OS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
web-page Save a file for use with the internal web server
ppsk-self-reg Save a file to the private PSK self-registration web directory (Note: The SmartPath AP, as a private PSK server, uses these files to respond to self-registration requests.)
web-directory Save a file to a specific web directory
<string> Enter the web directory name
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save web-server-key <number> <location> [ comment <string> ]
save Save a configuration, SmartPath OS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
web-server-key Save certificate files for the internal web server to use
<number> Enter key file index for the internal web server (Range : 0-15)
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
comment Enter a comment
<string> Enter a comment (max 64 characters)
save web-server-key <number> <url> [ comment <string> ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, SmartPath OS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
web-server-key Save certificate files for the internal web server to use
<number> Enter key file index for the internal web server (Range : 0-15)
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
comment Set a comment about the certificate file
<string> Enter the comment (1-64 chars)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
save {capture} local <string> <location>
save Save a configuration, SmartPath OS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
capture ave a packet capture file stored locally to a remote server
local Save a locally stored packet capture file to a remote server
<string> Enter the file name to upload to a remote server
<location> Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
save {capture} local <string> <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
save Save a configuration, SmartPath OS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
capture ave a packet capture file stored locally to a remote server
local Save a locally stored packet capture file to a remote server
<string> Enter the file name to upload to a remote server
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
schedule <string> once <date> <time> to <date> <time> [ time-zone <number> ] [ comment <string> ]
schedule Set a schedule to control the application of user profiles and the availability of SSIDs
<string> Enter a schedule name (1-32 characters)
once Set a one-time schedule
<date> Enter a start date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
<time> Enter a start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 0-59)
to Set a date and time range
<date> Enter an end date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
<time> Enter an end time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 0-59)
time-zone Set the time zone for the schedule (Note: If you do not specify a time zone, the time zone for the local system will be used.)
<number> Enter the time zone for the schedule (Default: 0; Range: -12 to 12)
comment Write a comment about the schedule for future reference
<string> Enter a comment about the schedule (max 128 characters)
schedule <string> ppsk once <date> <time> to <date> <time> [ time-zone <number> ] [ comment <string> ]
schedule Set a schedule to control the application of user profiles and the availability of SSIDs
<string> Enter a schedule name (1-32 characters)
ppsk Set a schedule to determine the validity period for the private PSK users to which the schedule is applied
once Set a one-time schedule
<date> Enter a start date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
<time> Enter a start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 0-59)
to Set a date and time range
<date> Enter an end date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
<time> Enter an end time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 0-59)
time-zone Set the time zone for the schedule (Note: If you do not specify a time zone, the time zone for the local system will be used.)
<number> Enter the time zone for the schedule (Default: 0; Range: -12 to 12)
comment Write a comment about the schedule for future reference
<string> Enter a comment about the schedule (max 128 characters)
schedule <string> ppsk recurrent [ date-range <date> [ to <date> ] ] [ weekday <string> ] time-range <time> to <time> [ time-range <time> to <time> ] [ time-zone <number> ] [ comment <string> ]
schedule Set a schedule to control the application of user profiles and the availability of SSIDs
<string> Enter a schedule name (1-32 characters)
ppsk Set a schedule to determine the validity period for the private PSK users to which the schedule is applied
recurrent Set a recurrent schedule
date-range Set dates to mark the start and end of the schedule (If you do not want to set start and end dates, do not use this option.)
<date> Enter a start date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
to Set a date range (If you do not want to set an end date, do not use this option.)
<date> Enter a end date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
weekday Set the weekdays during which private PSK users are valid
<string> Enter one or more numbers to indicate which days the schedule is applied (1=Sunday, 2=Monday, ... 7=Saturday; Examples: 246=Monday, Wednesday, Friday; 23456=Monday-Friday; 1234567=everyday)
time-range Set a time range during which the schedule will be applied on each scheduled day
<time> Enter a start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 0-59)
to Set a time range
<time> Enter a end time for the schedule,(Format: hh:mm; Hour Range: 00-23; Minute Range: 0-59)
time-range Set a second time range for the schedule
<time> Enter a second start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 0-59)
to Set a time range
<time> Enter a second end time for the schedule,(Format: hh:mm; Hour Range: 00-23; Minute Range: 0-59)
time-zone Set the time zone for the schedule (Note: If you do not specify a time zone, the time zone for the local system will be used.)
<number> Enter the time zone for the schedule (Default: 0; Range: -12 to 12)
comment Write a comment about the schedule for future reference
<string> Enter a comment about the schedule (max 128 characters)
schedule <string> recurrent [ date-range <date> [ to <date> ] ] [ weekday-range {Monday|Tuesday|Wednesday|Thursday|Friday|Saturday|Sunday} [ to {Monday|Tuesday|Wednesday|Thursday|Friday|Saturday|Sunday} ] ] time-range <time> to <time> [ time-range <time> to <time> ] [ time-zone <number> ] [ comment <string> ]
schedule Set a schedule to control the application of user profiles and the availability of SSIDs
<string> Enter a schedule name (1-32 characters)
recurrent Set a recurrent schedule
date-range Set dates to mark the start and end of the schedule (If you do not want to set start and end dates, do not use this option.)
<date> Enter a start date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
to Set a date range (If you do not want to set an end date, do not use this option.)
<date> Enter a end date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
weekday-range Apply the schedule on specific days of the week (To apply the schedule everyday, do not use this option.)
Monday Apply the schedule on every Monday within the date range
Tuesday Apply the schedule on every Tuesday within the date range
Wednesday Apply the schedule on every Wednesday within the date range
Thursday Apply the schedule on every Thursday within the date range
Friday Apply the schedule on every Friday within the date range
Saturday Apply the schedule on every Saturday within the date range
Sunday Apply the schedule on every Sunday within the date range
to Set a range of weekdays during which the schedule will be applied (Example: monday to friday)
Monday Apply the schedule on every Monday within the date range
Tuesday Apply the schedule on every Tuesday within the date range
Wednesday Apply the schedule on every Wednesday within the date range
Thursday Apply the schedule on every Thursday within the date range
Friday Apply the schedule on every Friday within the date range
Saturday Apply the schedule on every Saturday within the date range
Sunday Apply the schedule on every Sunday within the date range
time-range Set a time range during which the schedule will be applied on each scheduled day
<time> Enter a start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 0-59)
to Set a time range
<time> Enter a end time for the schedule,(Format: hh:mm; Hour Range: 00-23; Minute Range: 0-59)
time-range Set a second time range for the schedule
<time> Enter a second start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 0-59)
to Set a time range
<time> Enter a second end time for the schedule,(Format: hh:mm; Hour Range: 00-23; Minute Range: 0-59)
time-zone Set the time zone for the schedule (Note: If you do not specify a time zone, the time zone for the local system will be used.)
<number> Enter the time zone for the schedule (Default: 0; Range: -12 to 12)
comment Write a comment about the schedule for future reference
<string> Enter a comment about the schedule (max 128 characters)
security mac-filter <string> address <mac_addr> {permit|deny} [ comment <string> ]
security Set the security parameters
mac-filter Set a filter for MAC addresses or OUIs (organizationally unique identifiers)
<string> Enter the filter name for MAC addresses or OUIs (1-32 chars)
address Set MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
permit Set the action of the specified MAC to permit
deny Set the action of the specified MAC to deny
comment Enter a comment
<string> Enter a comment (max 64 characters)
security mac-filter <string> default {permit|deny}
security Set the security parameters
mac-filter Set a filter for MAC addresses or OUIs (organizationally unique identifiers)
<string> Enter the filter name for MAC addresses or OUIs (1-32 chars)
default Set MAC-filter default action
permit Set MAC-filter default action to permit (Default: permit)
deny Set MAC-filter default action to deny (Default: permit)
security mac-filter <string> oui <oui> {permit|deny} [ comment <string> ]
security Set the security parameters
mac-filter Set a filter for MAC addresses or OUIs (organizationally unique identifiers)
<string> Enter the filter name for MAC addresses or OUIs (1-32 chars)
oui Set the OUI used to identify a vendor
<oui> Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
permit Set the action of the specified OUI to permit
deny Set the action of the specified OUI to deny
comment Enter a comment
<string> Enter a comment (max 64 characters)
security wlan-idp profile <string>
security Set the security parameters
wlan-idp Set WLAN IDP (intrusion detection and prevention) parameters
profile Set an IDP profile
<string> Enter an IDP profile name (1-32 chars)
security wlan-idp profile <string> adhoc
security Set the security parameters
wlan-idp Set WLAN IDP (intrusion detection and prevention) parameters
profile Set an IDP profile
<string> Enter an IDP profile name (1-32 chars)
adhoc Detect adhoc networks
security wlan-idp profile <string> ap-detection connected
security Set the security parameters
wlan-idp Set WLAN IDP (intrusion detection and prevention) parameters
profile Set an IDP profile
<string> Enter an IDP profile name (1-32 chars)
ap-detection Set attributes to note when detecting APs
connected Determine that a rogue AP is in the same backhaul network as the local device if any MAC address within a 64-address range of the BSSID used by the detected rogue AP appears in the MAC learning table
security wlan-idp profile <string> ap-policy
security Set the security parameters
wlan-idp Set WLAN IDP (intrusion detection and prevention) parameters
profile Set an IDP profile
<string> Enter an IDP profile name (1-32 chars)
ap-policy Set an AP policy for the IDP profile
security wlan-idp profile <string> ap-policy ap-oui
security Set the security parameters
wlan-idp Set WLAN IDP (intrusion detection and prevention) parameters
profile Set an IDP profile
<string> Enter an IDP profile name (1-32 chars)
ap-policy Set an AP policy for the IDP profile
ap-oui Categorize neighboring APs as compliant by OUI (organizationally unique identifier)
security wlan-idp profile <string> ap-policy ap-oui entry <oui>
security Set the security parameters
wlan-idp Set WLAN IDP (intrusion detection and prevention) parameters
profile Set an IDP profile
<string> Enter an IDP profile name (1-32 chars)
ap-policy Set an AP policy for the IDP profile
ap-oui Categorize neighboring APs as compliant by OUI (organizationally unique identifier)
entry Add an OUI entry
<oui> Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
security wlan-idp profile <string> ap-policy short-beacon
security Set the security parameters
wlan-idp Set WLAN IDP (intrusion detection and prevention) parameters
profile Set an IDP profile
<string> Enter an IDP profile name (1-32 chars)
ap-policy Set an AP policy for the IDP profile
short-beacon Categorize neighboring APs as non-compliant if their beacon transmissions are at shorter intervals than stated in their beacon frames
security wlan-idp profile <string> ap-policy short-preamble
security Set the security parameters
wlan-idp Set WLAN IDP (intrusion detection and prevention) parameters
profile Set an IDP profile
<string> Enter an IDP profile name (1-32 chars)
ap-policy Set an AP policy for the IDP profile
short-preamble Categorize neighboring APs as compliant if they use short preambles
security wlan-idp profile <string> ap-policy ssid
security Set the security parameters
wlan-idp Set WLAN IDP (intrusion detection and prevention) parameters
profile Set an IDP profile
<string> Enter an IDP profile name (1-32 chars)
ap-policy Set an AP policy for the IDP profile
ssid Categorize neighboring APs as compliant by SSID (service set identifier)
security wlan-idp profile <string> ap-policy ssid entry <string>
security Set the security parameters
wlan-idp Set WLAN IDP (intrusion detection and prevention) parameters
profile Set an IDP profile
<string> Enter an IDP profile name (1-32 chars)
ap-policy Set an AP policy for the IDP profile
ssid Categorize neighboring APs as compliant by SSID (service set identifier)
entry Add an SSID entry
<string> Enter an SSID name
security wlan-idp profile <string> ap-policy ssid entry <string> encryption
security Set the security parameters
wlan-idp Set WLAN IDP (intrusion detection and prevention) parameters
profile Set an IDP profile
<string> Enter an IDP profile name (1-32 chars)
ap-policy Set an AP policy for the IDP profile
ssid Categorize neighboring APs as compliant by SSID (service set identifier)
entry Add an SSID entry
<string> Enter an SSID name
encryption Set approved encryption types for the SSID
security wlan-idp profile <string> ap-policy ssid entry <string> encryption {open|wep|wpa}
security Set the security parameters
wlan-idp Set WLAN IDP (intrusion detection and prevention) parameters
profile Set an IDP profile
<string> Enter an IDP profile name (1-32 chars)
ap-policy Set an AP policy for the IDP profile
ssid Categorize neighboring APs as compliant by SSID (service set identifier)
entry Add an SSID entry
<string> Enter an SSID name
encryption Set approved encryption types for the SSID
open Categorize a neighboring AP as compliant if its SSID uses open (Default: open)
wep Categorize a neighboring AP as compliant if its SSID uses wep (Default: open)
wpa Categorize a neighboring AP as compliant if its SSID uses wpa (Default: open)
security wlan-idp profile <string> ap-policy wmm
security Set the security parameters
wlan-idp Set WLAN IDP (intrusion detection and prevention) parameters
profile Set an IDP profile
<string> Enter an IDP profile name (1-32 chars)
ap-policy Set an AP policy for the IDP profile
wmm Categorize neighboring APs as compliant if they apply WMM (Wi-Fi Multimedia) classifications
security wlan-idp profile <string> mitigate deauth-time <number>
security Set the security parameters
wlan-idp Set WLAN IDP (intrusion detection and prevention) parameters
profile Set an IDP profile
<string> Enter an IDP profile name (1-32 chars)
mitigate Set rogue AP and client mitigation parameters for the IDP profile
deauth-time Set the number of consecutive periods that the SmartPath AP sends deauth frames to mitigate clients of a rogue AP after detecting client activity
<number> Enter the number of consecutive rogue AP and client mitigation periods (Default: 60; Range: 0-2592000; 0 means to send deauth frames for the entire mitigation duration)
security wlan-idp profile <string> mitigate duration <number> quiet-time <number>
security Set the security parameters
wlan-idp Set WLAN IDP (intrusion detection and prevention) parameters
profile Set an IDP profile
<string> Enter an IDP profile name (1-32 chars)
mitigate Set rogue AP and client mitigation parameters for the IDP profile
duration Set the overall duration for detecting clients of a rogue AP and performing deauth DoS attacks against the AP and its clients
<number> Enter the duration in seconds (Default: 14400 secs; Range: 0 or 60-2592000; 0 secs means infinite)
quiet-time Set the period of time after which the mitigation process stops if no clients are connected to the rogue AP
<number> Enter the quiet time in seconds (Default: 3600 secs; Range: 0 or 60-2592000; 0 means that the quiet time is the same length as the mitigation duration)
security wlan-idp profile <string> mitigate period <number>
security Set the security parameters
wlan-idp Set WLAN IDP (intrusion detection and prevention) parameters
profile Set an IDP profile
<string> Enter an IDP profile name (1-32 chars)
mitigate Set rogue AP and client mitigation parameters for the IDP profile
period Set the interval to check periodically for clients of a rogue AP and--if found--send deauth DoS attacks against the AP and clients
<number> Enter the period in seconds (Default: 1 secs; Range: 1-600)
security-object <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security-object <string> default-user-profile-attr <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
default-user-profile-attr Set the attribute of the user profile to apply to user traffic by default
<number> Enter the default user profile attribute for the security object (Default: 0; Range: 0-4095)
security-object <string> dhcp-server lease-time <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
dhcp-server Set DHCP-server parameters
lease-time Set the lease time
<number> Enter the lease time in seconds (Default: 10; Range: 5-36000)
security-object <string> dhcp-server renewal-response {renew-nak-unicast|keep-silent}
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
dhcp-server Set DHCP-server parameters
renewal-response Set the response to a DHCP lease renewal request for a nonexistent lease
renew-nak-unicast Respond to a DHCP lease renewal request for a nonexistent lease with a unicast DHCP-NAK message (Default: Broadcast a DHCP-NAK message)
keep-silent Do not respond to a DHCP lease renewal request for a nonexistent lease (Default: Broadcast a DHCP-NAK message)
security-object <string> mobile-device-policy <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
mobile-device-policy Set a policy that assigns a user profile to traffic from a client based on the originally assigned user profile and the MAC OUI, domain, and OS of the user's client
<string> Enter a mobile device policy name (1-32 chars)
security-object <string> ppsk-web-server auth-user
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
ppsk-web-server Set parameters for redirecting HTTP or HTTPS traffic to the SmartPath AP hosting a private PSK web server
auth-user Send credentials submitted by users during private PSK self-registration to a RADIUS server for authentication before issuing private PSKs to them
security-object <string> ppsk-web-server bind-to-ppsk-ssid <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
ppsk-web-server Set parameters for redirecting HTTP or HTTPS traffic to the SmartPath AP hosting a private PSK web server
bind-to-ppsk-ssid Bind the SSID referencing this security object, which must be set with open authentication and an external captive web portal, to an SSID using private PSKs so the PSKs can be assigned to users automatically
<string> Enter the name of the SSID using private PSK authentication (1-32 chars)
security-object <string> ppsk-web-server https
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
ppsk-web-server Set parameters for redirecting HTTP or HTTPS traffic to the SmartPath AP hosting a private PSK web server
https Use HTTPS for redirection from the private PSK authenticator to the private PSK server (Default: HTTP)
security-object <string> ppsk-web-server login-page <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
ppsk-web-server Set parameters for redirecting HTTP or HTTPS traffic to the SmartPath AP hosting a private PSK web server
login-page Specify the .cgi file on the private PSK web server through which the user registers (Default: ppsk-index.cgi)
<string> Enter the .cgi file name for the registration page (1-32 chars; Note: The file name cannot be index.cgi.)
security-object <string> ppsk-web-server login-script <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
ppsk-web-server Set parameters for redirecting HTTP or HTTPS traffic to the SmartPath AP hosting a private PSK web server
login-script Specify the .cgi file that the private PSK web server uses for processing user registration requests (Default: ppsk-login.cgi)
<string> Enter the script name (1-32 chars)
security-object <string> ppsk-web-server web-directory <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
ppsk-web-server Set parameters for redirecting HTTP or HTTPS traffic to the SmartPath AP hosting a private PSK web server
web-directory Set the name of the web directory containing the login page and script files that the private PSK web server uses
<string> Enter the web directory name (1-32 chars)
security-object <string> security aaa radius-server account-interim-interval <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
account-interim-interval Set the interval in seconds for sending RADIUS accounting updates
<number> Enter the interval in seconds for sending RADIUS accounting updates (Default: 20 secs; Range: 10-100000000)
security-object <string> security aaa radius-server accounting {primary|backup1|backup2|backup3} <ip_addr|string> [ shared-secret <string> ] [ acct-port <number> ] [ via-vpn-tunnel ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
accounting Set parameters for a RADIUS accounting server
primary Set the RADIUS accounting server to which the SmartPath AP sends Accounting-Request packets first
backup1 Set the RADIUS accounting server to which the SmartPath AP sends Accounting-Request packets if the primary server does not respond
backup2 Set the RADIUS accounting server to which the SmartPath AP sends Accounting-Request packets if the backup1 server does not respond
backup3 Set the RADIUS accounting server to which the SmartPath AP sends Accounting-Request packets if the backup2 server does not respond
<ip_addr> Enter the IP address or domain name for the RADIUS accounting server (max 32 chars)
<string> Enter the IP address or domain name for the RADIUS accounting server (max 32 chars)
shared-secret Set the shared secret for securing communications with RADIUS accounting servers
<string> Enter the shared secret (1-64 chars)
acct-port Set the RADIUS accounting port number
<number> Enter the RADIUS accounting port number (Default: 1813; Range: 1-65535)
via-vpn-tunnel Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when the RADIUS server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
security-object <string> security aaa radius-server dynamic-auth-extension
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
dynamic-auth-extension Enable the SmartPath AP acting as a NAS to accept unsolicited messages from the RADIUS authentication server (Default: Disabled)
security-object <string> security aaa radius-server retry-interval <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
retry-interval Set RADIUS server retry interval
<number> Enter RADIUS server retry interval (Default: 600 secs; Range: 60-100000000)
security-object <string> security aaa radius-server {primary|backup1|backup2|backup3} <ip_addr|string> [ shared-secret <string> ] [ auth-port <number> ] [ acct-port <number> ] [ via-vpn-tunnel ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
aaa Set parameters for AAA (authentication, authorization, accounting)
radius-server Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
primary Set the RADIUS server that is first queried when authenticating users
backup1 Set the RADIUS server that is queried if the primary server stops responding
backup2 Set the RADIUS server that is queried if the backup1 server stops responding
backup3 Set the RADIUS server that is queried if the backup2 server stops responding
<ip_addr> Enter an IP address or a domain name for the RADIUS server (max 32 chars)
<string> Enter an IP address or a domain name for the RADIUS server (max 32 chars)
shared-secret Set the shared secret for authenticating communications with a RADIUS server
<string> Enter the shared secret for authenticating communications with a RADIUS server (1-64 chars)
auth-port Set the RADIUS authentication port number
<number> Enter the RADIUS authentication port number (Default: 1812; Range: 1-65535)
acct-port Set the RADIUS accounting port number
<number> Enter the RADIUS accounting port number (Default: 0; Range: 0-65535)
via-vpn-tunnel Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when the RADIUS server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
security-object <string> security additional-auth-method captive-web-portal [ reg-user-profile-attr <number> ] [ auth-user-profile-attr <number> ] [ timeout <number> ] [ timer-display ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
reg-user-profile-attr Set the registered user profile attribute
<number> Enter the registered user profile attribute (Default: 0; Range: 0-4095)
auth-user-profile-attr Set the default authenticated user profile
<number> Enter the default authenticated user profile (Default: 0; Range: 0-4095)
timeout Set the default timeout for a registered user's session (Note: A timeout provided by an external authentication server overrides this setting.)
<number> Enter the timeout in minutes (Default: 720 mins; Range: 1-120960)
timer-display Enable timer-display windows to communicate login and session information
security-object <string> security additional-auth-method captive-web-portal auth-method [ {pap|chap|ms-chap-v2} ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
auth-method Set the CWP (captive web portal) user authentication method
pap Set PAP (Password Authentication Protocol) as the method for sending authentication requests between the SmartPath AP and RADIUS server (Default: PAP)
chap Set CHAP (Challenge-Handshake Authentication Protocol) as the method for sending authentication requests between the SmartPath AP and RADIUS server (Default: PAP)
ms-chap-v2 Set MS-CHAP-v2 (Microsoft CHAP Version 2) as the method for sending authentication requests between the SmartPath AP and RADIUS server (Default: PAP)
security-object <string> security additional-auth-method captive-web-portal external-server {primary} login-page <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
external-server Set parameters for the primary or backup external captive web portal server
primary Set parameters for the primary external captive web portal server
login-page Set the login page to which the SmartPath AP redirects traffic from unregistered users
<string> Enter the login page URL (1-256 chars; Format: http:///.php/; Example: http://10.1.1.20/weblogin.php/5)
security-object <string> security additional-auth-method captive-web-portal external-server {primary} password-encryption uam-basic
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
external-server Set parameters for the primary or backup external captive web portal server
primary Set parameters for the primary external captive web portal server
password-encryption Set the method for encrypting the user password that the SmartPath AP forwards to the RADIUS server
uam-basic Set the encryption method as UAM (User Authentication Module)-Basic (Note: The SmartPath AP uses XOR to recover the password encrypted by the external CWP and sends it to the RADIUS server. PAP, CHAP, or MSCHAPv2 can be used. Default: No encryption)
security-object <string> security additional-auth-method captive-web-portal external-server {primary} password-encryption uam-shared <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
external-server Set parameters for the primary or backup external captive web portal server
primary Set parameters for the primary external captive web portal server
password-encryption Set the method for encrypting the user password that the SmartPath AP forwards to the RADIUS server
uam-shared Set the encryption method as UAM-Shared (Note: The SmartPath AP sends the user password encrypted by the external CWP and the means for the RADIUS server to perform the same operation and validate the user's password by comparing results. CHAP must be used. Default: No encryption)
<string> Enter the shared secret (1-128 chars)
security-object <string> security additional-auth-method captive-web-portal external-server {primary} {success-register|no-roaming-at-login|no-radius-auth}
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
external-server Set parameters for the primary or backup external captive web portal server
primary Set parameters for the primary external captive web portal server
success-register Permit network access without first disconnecting the client after it registers on the external captive web portal (Default: Permit network access only after an initial client disconnection)
no-roaming-at-login Disable roaming support for clients while they log in (Default: Enabled)
no-radius-auth Disable RADIUS authentication when the external captive web portal returns an attribute indicating that the user has already been authenticated
security-object <string> security additional-auth-method captive-web-portal failure-redirect external-page <string> [ delay <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
failure-redirect Set options for the page shown to a user after an unsuccessful registration attempt
external-page Display a page stored on an external web server that indicates the login attempt was unsuccessful
<string> Enter the URL for the page on the external web server (1-256 chars; Format: http:///.html or https: ///.html)
delay Set the length of time to display a message that the registration succeeded before redirecting the user to an external web page
<number> Enter the length of time in seconds that the SmartPath AP displays the message (Default: 5; Range: 5-60)
security-object <string> security additional-auth-method captive-web-portal failure-redirect login-page [ delay <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
failure-redirect Set options for the page shown to a user after an unsuccessful registration attempt
login-page Display the login page again
delay Set the length of time to display a message that the registration succeeded before redirecting the user to an external web page
<number> Enter the length of time that the SmartPath AP displays the message (Default: 5 seconds; Range: 5-60 seconds)
security-object <string> security additional-auth-method captive-web-portal internal-pages {no-success-page|no-failure-page}
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
internal-pages Set options for showing pages stored internally on the SmartPath AP
no-success-page Do not display the success page stored on the SmartPath AP when a registration attempt is successful (Default: Display)
no-failure-page Do not display the failure page stored on the SmartPath AP when a registration attempt is unsuccessful (Default: Display)
security-object <string> security additional-auth-method captive-web-portal internal-servers
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
internal-servers Enable internal servers to process unregistered users' DHCP and DNS traffic
security-object <string> security additional-auth-method captive-web-portal login-page-method http302
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
login-page-method Set the method to redirect the user to the login page
http302 Use HTTP 302 redirect code as the redirection method (Default: JavaScript)
security-object <string> security additional-auth-method captive-web-portal pass-through vlan <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
pass-through Set the captive web portal to pass DHCP, DNS, and ICMP traffic from unregistered users to external servers
vlan Set the VLAN ID to assign users before and after registration (Note: This setting overrides any VLAN ID set locally or received from a RADIUS server.)
<number> Enter a CWP VLAN ID (Range: 1-4094)
security-object <string> security additional-auth-method captive-web-portal process-sip-info
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
process-sip-info Enable the captive web portal to process library SIP information (Default: Enabled)
security-object <string> security additional-auth-method captive-web-portal process-sip-info block-redirect <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
process-sip-info Enable the captive web portal to process library SIP information (Default: Enabled)
block-redirect Set the page that appears when a library patron logs in but is denied network access because of overdue fines
<string> Enter the URL for the page to which the patron is redirected to submit payment (Max 256 chars; Format: http:///.html or https: ///.html)
security-object <string> security additional-auth-method captive-web-portal server-name <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
server-name Set a domain name for the local web server (Default server name: IP address of the interface on which the captive web portal will operate; Note: The authoritative DNS server must be configured to resolve this domain name to the interface IP address.)
<string> Enter the domain name for the web server (1-32 chars)
security-object <string> security additional-auth-method captive-web-portal server-name cert-dn
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
server-name Set a domain name for the local web server (Default server name: IP address of the interface on which the captive web portal will operate; Note: The authoritative DNS server must be configured to resolve this domain name to the interface IP address.)
cert-dn Set the same domain name as the CN value in the certificate that the captive web portal uses for HTTPS (Note: The CN must be a valid domain name that can be resolved to the IP address of the interface hosting the portal. The CN max length is 32 chars.)
security-object <string> security additional-auth-method captive-web-portal success-redirect external-page <string> [ delay <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
success-redirect Set options for displaying the page shown to a user after a successful registration
external-page Display a page stored on an external web server
<string> Enter the URL for the page on the external web server (1-256 chars; Format: http:///.html or https: ///.html)
delay Set the length of time to display a message that the registration succeeded before redirecting the user to an external web page
<number> Enter the length of time in seconds that the SmartPath AP displays the message (Default: 5; Range: 5-60)
security-object <string> security additional-auth-method captive-web-portal success-redirect original-page [ delay <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
success-redirect Set options for displaying the page shown to a user after a successful registration
original-page Display the original page that the user requested
delay Set the length of time to display a message that the registration succeeded before redirecting the user to an external web page
<number> Enter the length of time that the SmartPath AP displays the message (Default: 5 seconds; Range: 5-60 seconds)
security-object <string> security additional-auth-method captive-web-portal timer-display alert <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
captive-web-portal Set a captive web portal for additional user authentication or registration
timer-display Enable timer-display windows to communicate login and session information
alert Notify users when their session is about to expire
<number> Enter the interval before the session expires in minutes (Default: 5 mins; Range: 1-30)
security-object <string> security additional-auth-method mac-based-auth [ {auth-method} {pap|chap|ms-chap-v2} ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
mac-based-auth Use client MAC addresses as user names and passwords for RADIUS authentication (Default: Disabled)
auth-method Set user authentication method
pap Set PAP (Password Authentication Protocol) as the method for sending authentication requests between the SmartPath AP and RADIUS server (Default: PAP)
chap Set CHAP (Challenge-Handshake Authentication Protocol) as the method for sending authentication requests between the SmartPath AP and RADIUS server (Default: PAP)
ms-chap-v2 Set MS-CHAP-v2 (Microsoft CHAP Version 2) as the method for sending authentication requests between the SmartPath AP and RADIUS server (Default: PAP)
security-object <string> security additional-auth-method mac-based-auth fallback-to-ecwp
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
additional-auth-method Set an additional authentication method in addition to the one in the security protocol suite
mac-based-auth Use client MAC addresses as user names and passwords for RADIUS authentication (Default: Disabled)
fallback-to-ecwp Redirect HTTP/HTTPS traffic to an external captive web portal if MAC-based authentication fails on the RADIUS server
security-object <string> security eap retries <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
eap Set parameters for exchanging EAP packets during 802.1X authentication
retries Set the number of times that the SmartPath AP will resend an EAP packet when it receives no response from a client
<number> Enter the number of retries (Default: 3; Range: 1-5)
security-object <string> security eap timeout <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
eap Set parameters for exchanging EAP packets during 802.1X authentication
timeout Set the interval that the SmartPath AP waits for a client to respond before resending an EAP packet
<number> Enter the EAP timeout in seconds (Default: 30; Range: 5-300)
security-object <string> security local-cache timeout <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
local-cache Set parameters for storing PMK (pairwise master key) entries in the local cache
timeout Set the length of time to keep PMK entries before deleting them
<number> Enter the timeout in seconds (Default: 86400; that is, 1 day; Range: 60-604800; that is, 1 minute to 7 days)
security-object <string> security preauth [ interface <ethx|wifix.y> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
preauth Set an interface to accept pre-authenticated 802.1X frames for fast roaming
interface Set an interface to accept pre-authenticated 802.1X frames for fast roaming
<ethx> Enter the name of an Ethernet interface, where x = 0
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
security-object <string> security private-psk
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
private-psk Set the parameters for creating individual user PSKs (preshared keys)
security-object <string> security private-psk default-psk-disabled
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
private-psk Set the parameters for creating individual user PSKs (preshared keys)
default-psk-disabled Disable the default PSK (Default: Enabled)
security-object <string> security private-psk mac-binding-enable
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
private-psk Set the parameters for creating individual user PSKs (preshared keys)
mac-binding-enable Enable the automatic binding of a private PSK to a MAC address (Default: Disabled)
security-object <string> security private-psk ppsk-server <ip_addr>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
private-psk Set the parameters for creating individual user PSKs (preshared keys)
ppsk-server Set the SmartPath AP private PSK server to which other cluster members redirect users to self-register and receive private PSK assignments automatically
<ip_addr> Enter the mgt0 IP address of the SmartPath AP private PSK server
security-object <string> security private-psk radius-auth [ {pap|chap|ms-chap-v2} ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
private-psk Set the parameters for creating individual user PSKs (preshared keys)
radius-auth Enable the SmartPath AP to forward authentication checks for private PSKs to an external RADIUS server and set the method for authenticating communications with it (Default: disabled)
pap Set PAP (Password Authentication Protocol) as the method for sending authentication requests between the SmartPath AP and RADIUS server (Default: PAP)
chap Set CHAP (Challenge-Handshake Authentication Protocol) as the method for sending authentication requests between the SmartPath AP and RADIUS server (Default: PAP)
ms-chap-v2 Set MS-CHAP-v2 (Microsoft CHAP Version 2) as the method for sending authentication requests between the SmartPath AP and RADIUS server (Default: PAP)
security-object <string> security private-psk same-user-limit <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
private-psk Set the parameters for creating individual user PSKs (preshared keys)
same-user-limit Set a limit for the number of private PSK users that can be authenticated with the same user name and PSK concurrently
<number> Enter the maximum number of private PSK users that can use the same user name and PSK concurrently (Default: 0, which means there is no limit; Range: 0-15)
security-object <string> security protocol-suite open
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
open Set network access as 'open', meaning that user traffic is neither authenticated nor encrypted
security-object <string> security protocol-suite wep-open <number> {hex-key|ascii-key} <string> [ default ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wep-open Set the security protocol suite as preshared-key key management, WEP40/WEP104 encryption, and open authentication
<number> Enter the index to identify one of 4 possible WEP keys (Default: 0; Range: 0-3)
hex-key Set key type to hex-key
ascii-key Set key type to ascii-key
<string> Enter key value (ascii-key: a 5(WEP40)/13(WEP104) characters key; hex-key: a 10(WEP40)/26(WEP104) digit hex key)
default Set the current key as the default WEP key
security-object <string> security protocol-suite wep-shared <number> {hex-key|ascii-key} <string> [ default ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wep-shared Set the security protocol suite as preshared-key key management, WEP40/WEP104 encryption, and preshared-key authentication
<number> Enter the index to identify one of 4 possible WEP keys (Range: 0-3)
hex-key Set key type to hex-key
ascii-key Set key type to ascii-key
<string> Enter key value (ascii-key: a 5(WEP40)/13(WEP104) characters key; hex-key: a 10(WEP40)/26(WEP104) digit hex key)
default Set the current key as the default WEP key
security-object <string> security protocol-suite wep104-8021x [ rekey-period <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wep104-8021x Set the security protocol suite as 104-bit WEP encryption and EAP (802.1x) authentication
rekey-period Set the period after which a new group temporary key replaces the current one
<number> Enter the period after which a new group temporary key replaces current one (Default: 600secs; Min: 600; Max: 50000000)
security-object <string> security protocol-suite wep40-8021x [ rekey-period <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wep40-8021x Set the security protocol suite as 40-bit WEP encryption and EAP (802.1x) authentication
rekey-period Set the period after which a new group temporary key replaces the current one
<number> Enter the period after which a new group temporary key replaces current one (Default: 600secs; Min: 600; Max: 50000000)
security-object <string> security protocol-suite wpa-aes-8021x [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ ptk-rekey-period <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wpa-aes-8021x Set the security protocol suite as WPA-EAP (802.1x) key management, AES-CCMP encryption, and EAP (802.1x) authentication
rekey-period Set the period after which a new group temporary key replaces the current one
<number> Enter the period in seconds after which a new group temporary key replaces the current one (Default: 0; Range: 0 or 600-50000000, where 0 means disabled)
non-strict Refresh the GTK whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
strict Refresh the GTK whenever a client to which the security object settings are applied disconnects from the SmartPath AP (Default: non-strict)
gmk-rekey-period Set GMK (Group Master Key) rekey period
<number> Enter the interval in seconds for rekeying GMK (Group Master Key; Default: 0; Range: 0 or 600-50000000, where 0 means disabled)
ptk-timeout Set the interval that the SmartPath AP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
<number> Enter the timeout in milliseconds (Default: 4000 milliseconds; Range: 100-8000)
ptk-retry Set the maximum number of times the SmartPath AP will retry sending PTK messages
<number> Enter the maximum number of retries (Default: 3; Range: 1-10)
gtk-timeout Set the interval that the SmartPath AP waits for client replies during the 2-way handshake in which the SmartPath AP sends a GTK (group transient key) to the client for encrypting and decrypting multicast traffic
<number> Enter the timeout in milliseconds (Default: 4000 milliseconds; Range: 100-8000)
gtk-retry Set the maximum number of times the SmartPath AP will retry sending GTK messages
<number> Enter the maximum number of retries (Default: 3; Range: 1-10)
ptk-rekey-period Set the period after which a new PTK (pairwise transient key) replaces the current one
<number> Enter the period in seconds after which a new PTK (pairwise transient key) replaces the current one (Default: 0; Range: 0 or 10-50000000, where 0 means disabled)
security-object <string> security protocol-suite wpa-aes-psk {hex-key|ascii-key} <string> [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ ptk-rekey-period <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wpa-aes-psk Set the security protocol suite as WPA-PSK (preshared key) key management, AES-CCMP encryption, and open authentication
hex-key Set key type to hex-key
ascii-key Set key type to ascii-key
<string> Enter key value (ascii-key (8-63 chars); hex-key (64 hex digits))
rekey-period Set the period after which a new group temporary key replaces the current one
<number> Enter the period in seconds after which a new group temporary key replaces the current one (Default: 0; Range: 0 or 600-50000000, where 0 means disabled)
non-strict Refresh the GTK whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
strict Refresh the GTK whenever a client to which the security object settings are applied disconnects from the SmartPath AP (Default: non-strict)
gmk-rekey-period Set GMK (Group Master Key) rekey period
<number> Enter the interval for rekeying GMK (Group Master Key; Default: Disabled; Range: 0 or 600-50000000 Seconds, where 0 means disabled)
ptk-timeout Set the interval that the SmartPath AP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
<number> Enter the timeout in milliseconds (Default: 4000 milliseconds; Range: 100-8000)
ptk-retry Set the maximum number of times the SmartPath AP will retry sending PTK messages
<number> Enter the maximum number of retries (Default: 3; Range: 1-10)
gtk-timeout Set the interval that the SmartPath AP waits for client replies during the 2-way handshake in which the SmartPath AP sends a GTK (group transient key) to the client for encrypting and decrypting multicast traffic
<number> Enter the timeout in milliseconds (Default: 4000 milliseconds; Range: 100-8000)
gtk-retry Set the maximum number of times the SmartPath AP will retry sending GTK messages
<number> Enter the maximum number of retries (Default: 3; Range: 1-10)
ptk-rekey-period Set the period after which a new PTK (pairwise transient key) replaces the current one
<number> Enter the period in seconds after which a new PTK (pairwise transient key) replaces the current one (Default: 0; Range: 0 or 10-50000000, where 0 means disabled)
security-object <string> security protocol-suite wpa-auto-8021x [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ roaming proactive-pmkid-response ] [ ptk-rekey-period <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wpa-auto-8021x Set security protocol suite as WPA-/WPA2-EAP (802.1x) key management, TKIP/AES-CCMP encryption, and EAP (802.1x) authentication
rekey-period Set the period after which a new group temporary key replaces the current one
<number> Enter the period in seconds after which a new group temporary key replaces the current one (Default: 0; Range: 0 or 600-50000000, where 0 means disabled)
non-strict Refresh the GTK whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
strict Refresh the GTK whenever a client to which the security object settings are applied disconnects from the SmartPath AP (Default: non-strict)
gmk-rekey-period Set GMK (Group Master Key) rekey period
<number> Enter the interval in seconds for rekeying GMK (Group Master Key; Default: 0; Range: 0 or 600-50000000, where 0 means disabled)
ptk-timeout Set the interval that the SmartPath AP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
<number> Enter the timeout in milliseconds (Default: 4000 milliseconds; Range: 100-8000)
ptk-retry Set the maximum number of times the SmartPath AP will retry sending PTK messages
<number> Enter the maximum number of retries (Default: 3; Range: 1-10)
gtk-timeout Set the interval that the SmartPath AP waits for client replies during the 2-way handshake in which the SmartPath AP sends a GTK (group transient key) to the client for encrypting and decrypting multicast traffic
<number> Enter the timeout in milliseconds (Default: 4000 milliseconds; Range: 100-8000)
gtk-retry Set the maximum number of times the SmartPath AP will retry sending GTK messages
<number> Enter the maximum number of retries (Default: 3; Range: 1-10)
roaming Set roaming parameters for the protocol suite
proactive-pmkid-response Respond to a client sending an empty PMK (Pairwise Master Key) ID list with a cached PMK ID (Default: Disabled)
ptk-rekey-period Set the period after which a new PTK (pairwise transient key) replaces the current one
<number> Enter the period in seconds after which a new PTK (pairwise transient key) replaces the current one (Default: 0; Range: 0 or 10-50000000, where 0 means disabled)
security-object <string> security protocol-suite wpa-auto-psk {hex-key|ascii-key} <string> [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ ptk-rekey-period <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wpa-auto-psk Set security protocol suite as WPA-/WPA2-PSK (preshared key) key management, TKIP or AES-CCMP encryption, open authentication
hex-key Set key type to hex-key
ascii-key Set key type to ascii-key
<string> Enter key value (ascii-key (8-63 chars); hex-key (64 hex digits))
rekey-period Set the period after which a new group temporary key replaces the current one
<number> Enter the period in seconds after which a new group temporary key replaces the current one (Default: 0; Range: 0 or 600-50000000, where 0 means disabled)
non-strict Refresh the GTK whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
strict Refresh the GTK whenever a client to which the security object settings are applied disconnects from the SmartPath AP (Default: non-strict)
gmk-rekey-period Set GMK (Group Master Key) rekey period
<number> Enter the interval for rekeying GMK (Group Master Key; Default: 0; Range: 0 or 600-50000000 Seconds, where 0 means disabled)
ptk-timeout Set the interval that the SmartPath AP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
<number> Enter the timeout in milliseconds (Default: 4000 milliseconds; Range: 100-8000)
ptk-retry Set the maximum number of times the SmartPath AP will retry sending PTK messages
<number> Enter the maximum number of retries (Default: 3; Range: 1-10)
gtk-timeout Set the interval that the SmartPath AP waits for client replies during the 2-way handshake in which the SmartPath AP sends a GTK (group transient key) to the client for encrypting and decrypting multicast traffic
<number> Enter the timeout in milliseconds (Default: 4000 milliseconds; Range: 100-8000)
gtk-retry Set the maximum number of times the SmartPath AP will retry sending GTK messages
<number> Enter the maximum number of retries (Default: 3; Range: 1-10)
ptk-rekey-period Set the period after which a new PTK (pairwise transient key) replaces the current one
<number> Enter the period in seconds after which a new PTK (pairwise transient key) replaces the current one (Default: 0; Range: 0 or 10-50000000, where 0 means disabled)
security-object <string> security protocol-suite wpa-tkip-8021x [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ ptk-rekey-period <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wpa-tkip-8021x Set the security protocol suite as WPA-EAP (802.1x) key management, TKIP encryption, and EAP (802.1x) authentication
rekey-period Set the period after which a new group temporarey key replaces the current one
<number> Enter the period in seconds after which a new group temporary key replaces the current one (Default: 0; Range: 0 or 600-50000000, where 0 means disabled)
non-strict Refresh the GTK whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
strict Refresh the GTK whenever a client to which the security object settings are applied disconnects from the SmartPath AP (Default: non-strict)
gmk-rekey-period Set GMK (Group Master Key) rekey period
<number> Enter the interval for rekeying GMK (Group Master Key; Default: 0; Range: 0 or 600-50000000 Seconds, where 0 means disabled)
ptk-timeout Set the interval that the SmartPath AP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
<number> Enter the timeout in milliseconds (Default: 4000 milliseconds; Range: 100-8000)
ptk-retry Set the maximum number of times the SmartPath AP will retry sending PTK messages
<number> Enter the maximum number of retries (Default: 3; Range: 1-10)
gtk-timeout Set the interval that the SmartPath AP waits for client replies during the 2-way handshake in which the SmartPath AP sends a GTK (group transient key) to the client for encrypting and decrypting multicast traffic
<number> Enter the timeout in milliseconds (Default: 4000 milliseconds; Range: 100-8000)
gtk-retry Set the maximum number of times the SmartPath AP will retry sending GTK messages
<number> Enter the maximum number of retries (Default: 3; Range: 1-10)
ptk-rekey-period Set the period after which a new PTK (pairwise transient key) replaces the current one
<number> Enter the period in seconds after which a new PTK (pairwise transient key) replaces the current one (Default: 0; Range: 0 or 10-50000000, where 0 means disabled)
security-object <string> security protocol-suite wpa-tkip-psk {hex-key|ascii-key} <string> [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ ptk-rekey-period <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wpa-tkip-psk Set the security protocol suite as WPA-PSK (preshared key) key management, TKIP encryption, and open authentication
hex-key Set key type to hex-key
ascii-key Set key type to ascii-key
<string> Enter key value (ascii-key (8-63 chars); hex-key (64 hex digits))
rekey-period Set the period after which a new group temporary key replaces the current one
<number> Enter the period in seconds after which a new group temporary key replaces the current one (Default: 0; Range: 0 or 600-50000000, where 0 means disabled)
non-strict Refresh the GTK whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
strict Refresh the GTK whenever a client to which the security object settings are applied disconnects from the SmartPath AP (Default: non-strict)
gmk-rekey-period Set GMK (Group Master Key) rekey period
<number> Enter the interval in seconds for rekeying GMK (Group Master Key; Default: 0; Range: 0 or 600-50000000, where 0 means disabled)
ptk-timeout Set the interval that the SmartPath AP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
<number> Enter the timeout in milliseconds (Default: 4000 milliseconds; Range: 100-8000)
ptk-retry Set the maximum number of times the SmartPath AP will retry sending PTK messages
<number> Enter the maximum number of retries (Default: 3; Range: 1-10)
gtk-timeout Set the interval that the SmartPath AP waits for client replies during the 2-way handshake in which the SmartPath AP sends a GTK (group transient key) to the client for encrypting and decrypting multicast traffic
<number> Enter the timeout in milliseconds (Default: 4000 milliseconds; Range: 100-8000)
gtk-retry Set the maximum number of times the SmartPath AP will retry sending GTK messages
<number> Enter the maximum number of retries (Default: 3; Range: 1-10)
ptk-rekey-period Set the period after which a new PTK (pairwise transient key) replaces the current one
<number> Enter the period in seconds after which a new PTK (pairwise transient key) replaces the current one (Default: 0; Range: 0 or 10-50000000, where 0 means disabled)
security-object <string> security protocol-suite wpa2-aes-8021x [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ roaming proactive-pmkid-response ] [ ptk-rekey-period <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wpa2-aes-8021x Set the security protocol suite as WPA2-EAP (802.1x) key management, AES-CCMP encryption, and EAP (802.1x) authentication
rekey-period Set the period after which a new group temporary key replaces the current one
<number> Enter the period in seconds after which a new group temporary key replaces the current one (Default: 0; Range: 0 or 600-50000000, where 0 means disabled)
non-strict Refresh the GTK whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
strict Refresh the GTK whenever a client to which the security object settings are applied disconnects from the SmartPath AP (Default: non-strict)
gmk-rekey-period Set GMK (Group Master Key) rekey period
<number> Enter the interval in seconds for rekeying GMK (Group Master Key; Default: 0; Range: 0 or 600-Seconds, where 0 means disabled)
ptk-timeout Set the interval that the SmartPath AP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
<number> Enter the timeout in milliseconds (Default: 4000 milliseconds; Range: 100-8000)
ptk-retry Set the maximum number of times the SmartPath AP will retry sending PTK messages
<number> Enter the maximum number of retries (Default: 3; Range: 1-10)
gtk-timeout Set the interval that the SmartPath AP waits for client replies during the 2-way handshake in which the SmartPath AP sends a GTK (group transient key) to the client for encrypting and decrypting multicast traffic
<number> Enter the timeout in milliseconds (Default: 4000 milliseconds; Range: 100-8000)
gtk-retry Set the maximum number of times the SmartPath AP will retry sending GTK messages
<number> Enter the maximum number of retries (Default: 3; Range: 1-10)
roaming Set roaming parameters for the protocol suite
proactive-pmkid-response Respond to a client sending an empty PMK (Pairwise Master Key) ID list with a cached PMK ID (Default: disabled)
ptk-rekey-period Set the period after which a new PTK (pairwise transient key) replaces the current one
<number> Enter the period in seconds after which a new PTK (pairwise transient key) replaces the current one (Default: 0; Range: 0 or 10-50000000, where 0 means disabled)
security-object <string> security protocol-suite wpa2-aes-psk {hex-key|ascii-key} <string> [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ ptk-rekey-period <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wpa2-aes-psk Set the security protocol suite as WPA2-PSK (preshared key) key management, AES-CCMP encryption, and open authentication
hex-key Set key type to hex-key
ascii-key Set key type to ascii-key
<string> Enter key value (ascii-key (8-63 chars); hex-key (64 hex digits))
rekey-period Set the period after which a new group temporary key replaces the current one
<number> Enter the period after which a new group temporary key replaces the current one (Default: 0; Range: 0 or 600-50000000 Seconds, where 0 means disabled)
non-strict Refresh the GTK whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
strict Refresh the GTK whenever a client to which the security object settings are applied disconnects from the SmartPath AP (Default: non-strict)
gmk-rekey-period Set GMK (Group Master Key) rekey period
<number> Enter the interval for rekeying GMK (Group Master Key; Default: 0; Range: 0 or 600-50000000 Seconds, where 0 means disabled)
ptk-timeout Set the interval that the SmartPath AP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
<number> Enter the timeout in milliseconds (Default: 4000 milliseconds; Range: 100-8000)
ptk-retry Set the maximum number of times the SmartPath AP will retry sending PTK messages
<number> Enter the maximum number of retries (Default: 3; Range: 1-10)
gtk-timeout Set the interval that the SmartPath AP waits for client replies during the 2-way handshake in which the SmartPath AP sends a GTK (group transient key) to the client for encrypting and decrypting multicast traffic
<number> Enter the timeout in milliseconds (Default: 4000 milliseconds; Range: 100-8000)
gtk-retry Set the maximum number of times the SmartPath AP will retry sending GTK messages
<number> Enter the maximum number of retries (Default: 3; Range: 1-10)
ptk-rekey-period Set the period after which a new PTK (pairwise transient key) replaces the current one
<number> Enter the period in seconds after which a new PTK (pairwise transient key) replaces the current one (Default: 0; Range: 0 or 10-50000000, where 0 means disabled)
security-object <string> security protocol-suite wpa2-tkip-8021x [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ roaming proactive-pmkid-response ] [ ptk-rekey-period <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wpa2-tkip-8021x Set the security protocol suite as WPA2-EAP (802.1x) key management, TKIP encryption, and EAP (802.1x) authentication
rekey-period Set the period after which a new group temporary key replaces the current one
<number> Enter the period in seconds after which a new group temporary key replaces the current one (Default: 0; Range: 0 or 600-50000000, where 0 means disabled)
non-strict Refresh the GTK whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
strict Refresh the GTK whenever a client to which the security object settings are applied disconnects from the SmartPath AP (Default: non-strict)
gmk-rekey-period Set GMK (Group Master Key) rekey period
<number> Enter the interval for rekeying GMK (Group Master Key; Default: 0; Range: 0 or 600-50000000 Seconds, where 0 means disabled)
ptk-timeout Set the interval that the SmartPath AP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
<number> Enter the timeout in milliseconds (Default: 4000 milliseconds; Range: 100-8000)
ptk-retry Set the maximum number of times the SmartPath AP will retry sending PTK messages
<number> Enter the maximum number of retries (Default: 3; Range: 1-10)
gtk-timeout Set the interval that the SmartPath AP waits for client replies during the 2-way handshake in which the SmartPath AP sends a GTK (group transient key) to the client for encrypting and decrypting multicast traffic
<number> Enter the timeout in milliseconds (Default: 4000 milliseconds; Range: 100-8000)
gtk-retry Set the maximum number of times the SmartPath AP will retry sending GTK messages
<number> Enter the maximum number of retries (Default: 3; Range: 1-10)
roaming Set roaming parameters for the protocol suite
proactive-pmkid-response Respond to a client sending an empty PMK (Pairwise Master Key) ID list with a cached PMK ID (Default: Disabled)
ptk-rekey-period Set the period after which a new PTK (pairwise transient key) replaces the current one
<number> Enter the period in seconds after which a new PTK (pairwise transient key) replaces the current one (Default: 0; Range: 0 or 10-50000000, where 0 means disabled)
security-object <string> security protocol-suite wpa2-tkip-psk {hex-key|ascii-key} <string> [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ ptk-rekey-period <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wpa2-tkip-psk Set the security protocol suite as WPA2-PSK (preshared key) key management, TKIP encryption, and open authentication
hex-key Enter key type hex-key
ascii-key Enter key type ascii-key
<string> Enter key value (ascii-key (8-63 chars); hex-key (64 hex digits))
rekey-period Set the period after which a new group temporary key replaces the current one
<number> Enter the period in seconds after which a new group temporary key replaces the current one (Default: 0; Range: 0 or 600-50000000, where 0 means disabled)
non-strict Refresh the GTK whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
strict Refresh the GTK whenever a client to which the security object settings are applied disconnects from the SmartPath AP (Default: non-strict)
gmk-rekey-period Set GMK (Group Master Key) rekey period
<number> Enter the interval for rekeying GMK (Group Master Key; Default: 0; Range: 0 or 600-50000000 Seconds, where 0 means disabled)
ptk-timeout Set the interval that the SmartPath AP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
<number> Enter the timeout in milliseconds (Default: 4000 milliseconds; Range: 100-8000)
ptk-retry Set the maximum number of times the SmartPath AP will retry sending PTK messages
<number> Enter the maximum number of retries (Default: 3; Range: 1-10)
gtk-timeout Set the interval that the SmartPath AP waits for client replies during the 2-way handshake in which the SmartPath AP sends a GTK (group transient key) to the client for encrypting and decrypting multicast traffic
<number> Enter the timeout in milliseconds (Default: 4000 milliseconds; Range: 100-8000)
gtk-retry Set the maximum number of times the SmartPath AP will retry sending GTK messages
<number> Enter the maximum number of retries (Default: 3; Range: 1-10)
ptk-rekey-period Set the period after which a new PTK (pairwise transient key) replaces the current one
<number> Enter the period in seconds after which a new PTK (pairwise transient key) replaces the current one (Default: 0; Range: 0 or 10-50000000, where 0 means disabled)
security-object <string> security protocol-suite {wpa-auto-8021x|wpa-tkip-8021x|wpa2-tkip-8021x|wpa-aes-8021x|wpa2-aes-8021x} reauth-interval <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wpa-auto-8021x Set security protocol suite as WPA-/WPA2-EAP (802.1x) key management, TKIP/AES-CCMP encryption, and EAP (802.1x) authentication
wpa-tkip-8021x Set the security protocol suite as WPA-EAP (802.1x) key management, TKIP encryption, and EAP (802.1x) authentication
wpa2-tkip-8021x Set the security protocol suite as WPA2-EAP (802.1x) key management, TKIP encryption, and EAP (802.1x) authentication
wpa-aes-8021x Set the security protocol suite as WPA-EAP (802.1x) key management, AES-CCMP encryption, and EAP (802.1x) authentication
wpa2-aes-8021x Set the security protocol suite as WPA2-EAP (802.1x) key management, AES-CCMP encryption, and EAP (802.1x) authentication
reauth-interval Set the default interval for reauthenticating users
<number> Enter the default reauth interval in seconds (Default: Disabled; Range: 600-86400)
security-object <string> security protocol-suite {wpa-auto-8021x|wpa-tkip-8021x|wpa2-tkip-8021x|wpa-auto-psk|wpa-tkip-psk|wpa2-tkip-psk|wpa-aes-psk|wpa2-aes-psk|wpa-aes-8021x|wpa2-aes-8021x} replay-window <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wpa-auto-8021x Set security protocol suite as WPA-/WPA2-EAP (802.1x) key management, TKIP/AES-CCMP encryption, and EAP (802.1x) authentication
wpa-tkip-8021x Set the security protocol suite as WPA-EAP (802.1x) key management, TKIP encryption, and EAP (802.1x) authentication
wpa2-tkip-8021x Set the security protocol suite as WPA2-EAP (802.1x) key management, TKIP encryption, and EAP (802.1x) authentication
wpa-auto-psk Set security protocol suite as WPA-/WPA2-PSK (preshared key) key management, TKIP or AES-CCMP encryption, open authentication
wpa-tkip-psk Set the security protocol suite as WPA-PSK (preshared key) key management, TKIP encryption, and open authentication
wpa2-tkip-psk Set the security protocol suite as WPA2-PSK (preshared key) key management, TKIP encryption, and open authentication
wpa-aes-psk Set the security protocol suite as WPA-PSK (preshared key) key management, AES-CCMP encryption, and open authentication
wpa2-aes-psk Set the security protocol suite as WPA2-PSK (preshared key) key management, AES-CCMP encryption, and open authentication
wpa-aes-8021x Set the security protocol suite as WPA-EAP (802.1x) key management, AES-CCMP encryption, and EAP (802.1x) authentication
wpa2-aes-8021x Set the security protocol suite as WPA2-EAP (802.1x) key management, AES-CCMP encryption, and EAP (802.1x) authentication
replay-window Set a window size within which the SmartPath AP accepts replies to previously sent messages during 4-way handshakes
<number> Enter the number of packets prior to the one most recently sent to which the SmartPath AP will accept a reply (Default: 0; Range: 0-10)
security-object <string> security protocol-suite {wpa-auto-8021x|wpa-tkip-8021x|wpa2-tkip-8021x|wpa-auto-psk|wpa-tkip-psk|wpa2-tkip-psk} local-tkip-counter-measure
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wpa-auto-8021x Set security protocol suite as WPA-/WPA2-EAP (802.1x) key management, TKIP/AES-CCMP encryption, and EAP (802.1x) authentication
wpa-tkip-8021x Set the security protocol suite as WPA-EAP (802.1x) key management, TKIP encryption, and EAP (802.1x) authentication
wpa2-tkip-8021x Set the security protocol suite as WPA2-EAP (802.1x) key management, TKIP encryption, and EAP (802.1x) authentication
wpa-auto-psk Set security protocol suite as WPA-/WPA2-PSK (preshared key) key management, TKIP or AES-CCMP encryption, open authentication
wpa-tkip-psk Set the security protocol suite as WPA-PSK (preshared key) key management, TKIP encryption, and open authentication
wpa2-tkip-psk Set the security protocol suite as WPA2-PSK (preshared key) key management, TKIP encryption, and open authentication
local-tkip-counter-measure Enable the deauthentication of all previously authenticated clients when the local SmartPath AP detects MIC (message integrity check) failures during TKIP operations (Default: enabled)
security-object <string> security protocol-suite {wpa-auto-8021x|wpa-tkip-8021x|wpa2-tkip-8021x|wpa-auto-psk|wpa-tkip-psk|wpa2-tkip-psk} remote-tkip-counter-measure
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
protocol-suite Set the security protocol suite for the security object
wpa-auto-8021x Set security protocol suite as WPA-/WPA2-EAP (802.1x) key management, TKIP/AES-CCMP encryption, and EAP (802.1x) authentication
wpa-tkip-8021x Set the security protocol suite as WPA-EAP (802.1x) key management, TKIP encryption, and EAP (802.1x) authentication
wpa2-tkip-8021x Set the security protocol suite as WPA2-EAP (802.1x) key management, TKIP encryption, and EAP (802.1x) authentication
wpa-auto-psk Set security protocol suite as WPA-/WPA2-PSK (preshared key) key management, TKIP or AES-CCMP encryption, open authentication
wpa-tkip-psk Set the security protocol suite as WPA-PSK (preshared key) key management, TKIP encryption, and open authentication
wpa2-tkip-psk Set the security protocol suite as WPA2-PSK (preshared key) key management, TKIP encryption, and open authentication
remote-tkip-counter-measure Enable the deauthentication of all previously authenticated clients when a client reports MIC (message integrity check) failures during TKIP operations (Default: enabled)]
security-object <string> security roaming cache update-interval <number> ageout <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
security Set security parameters for the security object
roaming Set roaming parameters for clients to which the security object is applied
cache Set the interval between updates and the number of times to update a station's roaming cache
update-interval Set the interval for sending roaming cache updates to neighbors
<number> Enter the roaming cache update interval in seconds (Default: 60; Range: 10-36000)
ageout Set how many times an entry must be absent from a neighbor's updates before removing it from the roaming cache
<number> Enter the number of absences required to remove an entry (Default: 60; Range: 1-1000)
security-object <string> user-profile-allowed <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
user-profile-allowed Allow network access for members of all or specified user profiles bound to the security object
<string> Enter the user profile name (1 - 32 chars)
security-object <string> user-profile-allowed {all}
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
user-profile-allowed Allow network access for members of all or specified user profiles bound to the security object
all Allow network access to members of all user profiles
security-object <string> user-profile-deny action ban [ <number> ] [ strict ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
user-profile-deny Set parameters for denying network access to users if they do not belong to an allowed user profile
action Set an action which will be taken if a user profile is not allowed to access this SSID
ban Set the action to ban network access for a specified length of time
<number> Enter the action time in seconds (Default: 60; Range: 1-100000000)
strict Set the behavior to deauthenticate all connected stations whenever a user profile bound to the security object changes (Note: When stations reauthenticate, the user profile changes take effect.)
security-object <string> user-profile-deny action {ban-forever|disconnect} [ strict ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
user-profile-deny Set parameters for denying network access to users if they do not belong to an allowed user profile
action Set an action which will be taken if a user profile is not allowed to access this SSID
ban-forever Set the action to ban network access indefinitely
disconnect Set the action to disconnect the station from the SmartPath AP
strict Set the behavior to deauthenticate all connected stations whenever a user profile bound to the security object changes (Note: When stations reauthenticate, the user profile changes take effect.)
security-object <string> user-profile-sequence {cwp-ssid-mac|cwp-mac-ssid|ssid-cwp-mac|ssid-mac-cwp|mac-ssid-cwp|mac-cwp-ssid}
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
user-profile-sequence Set the sequential order to apply user profiles when the authentication process involves multiple components referencing different profiles (Default: mac-ssid-cwp; Note: The user profile applied last is the one that is ultimately used.)
cwp-ssid-mac Apply the user profile for a captive web portal first, SSID second, and MAC authentication last
cwp-mac-ssid Apply the user profile for a captive web portal first, MAC authentication second, and SSID last
ssid-cwp-mac Apply the user profile for an SSID first, captive web portal second, and MAC authentication last
ssid-mac-cwp Apply the user profile for an SSID first, MAC authentication second, and captive web portal last
mac-ssid-cwp Apply the user profile for MAC authentication first, SSID second, and captive web portal last
mac-cwp-ssid Apply the user profile for MAC authentication first, captive web portal second, and SSID last
security-object <string> walled-garden hostname <string> [ service {all|web} ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
walled-garden Set the parameters for a walled garden in which unregistered users can access specified servers (Maximum: 64 IP address and host name entries combined)
hostname Set the host name of a server in the walled garden
<string> Enter the domain name (max 32 chars)
service Set the service permitted to reach the server (Maximum: 8 services per IP address or host name entry)
all Permit all services
web Permit HTTP and HTTPS
security-object <string> walled-garden hostname <string> service protocol <number> port <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
walled-garden Set the parameters for a walled garden in which unregistered users can access specified servers (Maximum: 64 IP address and host name entries combined)
hostname Set the host name of a server in the walled garden
<string> Enter the domain name (max 32 chars)
service Set the service permitted to reach the server (Maximum: 8 services per IP address or host name entry)
protocol Set the protocol of the service that you want to permit
<number> Enter the protocol number (Note: UDP: 17; TCP: 6; All: 0; Range: 0-255)
port Set the port number
<number> Enter the port number (Range: 1-65535)
security-object <string> walled-garden ip-address <ip_addr|ip_addr/mask> [ service {all|web} ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
walled-garden Set the parameters for a walled garden in which unregistered users can access specified servers (Maximum: 64 IP address and host name entries combined)
ip-address Set the IP address of a server or a subnet in the walled garden
<ip_addr> Enter the IP address or subnet (Note: To define a subnet, enter the first address in the subnet, followed by a slash, and then the routing prefix bit length. Example: 10.1.1.0/24)
<ip_addr/netmask> Enter the IP address or subnet (Note: To define a subnet, enter the first address in the subnet, followed by a slash, and then the routing prefix bit length. Example: 10.1.1.0/24)
service Set the service permitted to reach the server (Maximum: 8 services per IP address or host name entry)
all Permit all services
web Permit HTTP and HTTPS
security-object <string> walled-garden ip-address <ip_addr|ip_addr/mask> service protocol <number> port <number>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
walled-garden Set the parameters for a walled garden in which unregistered users can access specified servers (Maximum: 64 IP address and host name entries combined)
ip-address Set the IP address of a server or a subnet in the walled garden
<ip_addr> Enter the IP address or subnet (Note: To define a subnet, enter the first address in the subnet, followed by a slash, and then the routing prefix bit length. Example: 10.1.1.0/24)
<ip_addr/netmask> Enter the IP address or subnet (Note: To define a subnet, enter the first address in the subnet, followed by a slash, and then the routing prefix bit length. Example: 10.1.1.0/24)
service Set the service permitted to reach the server (Maximum: 8 services per IP address or host name entry)
protocol Set the protocol of the service that you want to permit
<number> Enter the protocol number (Note: UDP: 17; TCP: 6; ICMP: 1; All: 0; Range: 0-255)
port Set the port number
<number> Enter the port number (Range: 1-65535)
security-object <string> web-directory <string>
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
web-directory Enter the web directory name for the captive web portal specified in the security object
<string> Enter the web directory name for the security object
security-object <string> web-server [ port <number> ] [ index-file <string> ] [ success-file <string> ] [ failure-file <string> ] [ ssl server-key <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
web-server Enable the internal web server
port Set the HTTP port number for the web server
<number> Enter the HTTP port number for the web server. Set the port number to 0 is disable the HTTP method (Default: 80; Range: 0-65535)
index-file Specify the .html file as the default index page
<string> Enter the .html file name (Default: success.html; Range: 1-32 chars)
success-file Specify the .html file that you want to appear after a user successfully registers through the captive web portal
<string> Enter the .html file name (Default: success.html; Range: 1-32 chars)
failure-file Specify the .html file that you want to appear after a user failed registers through the captive web portal
<string> Enter the .html file name (Default: failure.html; Range: 1-32 chars)
ssl Enable the SSL (Secure Socket Layer) method
server-key Set the server key (a X509 certificate) for SSL
<number> Enter the server key index (Default: 0; Range: 0-15)
security-object <string> web-server web-page {mandatory-field} <number> [ optional-field <number> ]
security-object Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
<string> Enter the security object name (1-32 chars)
web-server Enable the internal web server
web-page Set the web pages parameters
mandatory-field Set the mandatory field numbers in login web page
<number> Enter the mandatory field numbers in login web page (Default: 4; Range: 0-8)
optional-field Set the optional field numbers in login web page
<number> Enter the optional field numbers in login web page (Default: 2; Range: 0-8)
service <string> alg {ftp|tftp|sip|dns|http}
service Set a custom service
<string> Enter service name (1 - 32 chars)
alg Assign an ALG (Application Level Gateway) to the service
ftp Assign an FTP (File Transfer Protocol) ALG to the service
tftp Assign a TFTP (Trivial File Transfer Protocol) ALG to the service
sip Assign a SIP (Session Initiation Protocol) ALG to the service
dns Assign a DNS (Domain Name System) ALG to the service
http Assign an HTTP ALG to the service
service <string> protocol <number> [ port <number> ] [ timeout <number> ]
service Set a custom service
<string> Enter service name (1 - 32 chars)
protocol Set the protocol used by the custom service
<number> Enter the protocol number (Range: 1-255)
port Set the destination port number for the transport protocol
<number> Enter the port number (Range: 0-65535)
timeout Set the service session timeout
<number> Set the session timeout value in seconds (Default TCP: 300; UDP: 100; Other: 100; Range: 0-65535)
service <string> protocol {tcp|udp|svp} [ port <number> ] [ timeout <number> ]
service Set a custom service
<string> Enter service name (1 - 32 chars)
protocol Set the protocol used by the custom service
tcp Enter the transport protocol as tcp
udp Enter the transport protocol as udp
svp Enter the transport protocol as svp
port Set the destination port number for the transport protocol
<number> Enter the port number (Range: 0-65535)
timeout Set the service session timeout
<number> Set the session timeout value in seconds (Default TCP: 300; UDP: 100; Other: 100; Range: 0-65535)
show aaa
show Show settings, parameters, or dynamically generated information
aaa Show parameters for AAA (authentication, authorization, accounting)
show aaa radius-server
show Show settings, parameters, or dynamically generated information
aaa Show parameters for AAA (authentication, authorization, accounting)
radius-server Show RADIUS server parameters
show aaa radius-server NAS [ <string> ]
show Show settings, parameters, or dynamically generated information
aaa Show parameters for AAA (authentication, authorization, accounting)
radius-server Show RADIUS server parameters
NAS Show the shared keys for all RADIUS NASs
<string> Enter a RADIUS NAS name
show aaa radius-server cache
show Show settings, parameters, or dynamically generated information
aaa Show parameters for AAA (authentication, authorization, accounting)
radius-server Show RADIUS server parameters
cache Show RADIUS server cache entries
show aaa radius-server domain
show Show settings, parameters, or dynamically generated information
aaa Show parameters for AAA (authentication, authorization, accounting)
radius-server Show RADIUS server parameters
domain Show which Active Directory domain the SmartPath AP has joined
show aaa radius-server proxy [ server ]
show Show settings, parameters, or dynamically generated information
aaa Show parameters for AAA (authentication, authorization, accounting)
radius-server Show RADIUS server parameters
proxy Show all realms parameters
server Show all RADIUS servers parameters
show aaa radius-server-key {radius-server|ldap-client}
show Show settings, parameters, or dynamically generated information
aaa Show parameters for AAA (authentication, authorization, accounting)
radius-server-key Show all certificates that the local SmartPath AP uses as a RADIUS server and LDAP client
radius-server Show certificates that the local SmartPath AP uses as a RADIUS server
ldap-client Show certificates that the local SmartPath AP uses as a LDAP client
show access-console
show Show settings, parameters, or dynamically generated information
access-console Show access console status and parameters
show acsp
show Show settings, parameters, or dynamically generated information
acsp Show parameters for ACSP (Advanced Channel Selection Protocol)
show acsp channel-info [ {detail|arbiter} ]
show Show settings, parameters, or dynamically generated information
acsp Show parameters for ACSP (Advanced Channel Selection Protocol)
channel-info Show channel information for ACSP
detail Show detailed channel information about the calculated cost of each channel and the factors used to determine that cost
arbiter Show information regarding the assignment of channels to cluster members
show acsp neighbor
show Show settings, parameters, or dynamically generated information
acsp Show parameters for ACSP (Advanced Channel Selection Protocol)
neighbor Show acsp neighbor list
show admin [ active ]
show Show settings, parameters, or dynamically generated information
admin Show admin parameters
active Show currently connected admin users
show admin auth
show Show settings, parameters, or dynamically generated information
admin Show admin parameters
auth Show admin authentication method
show admin manager-ip
show Show settings, parameters, or dynamically generated information
admin Show admin parameters
manager-ip Show IP addresses from which administrative traffic is accepted
show alg [ {ftp|tftp|sip|dns|http} ]
show Show settings, parameters, or dynamically generated information
alg Show ALG (Application Level Gateway) information
ftp Show FTP (File Transfer Protocol) information
tftp Show TFTP (Trivial File Transfer Protocol) information
sip Show SIP (Session Initiation Protocol) information
dns Show DNS (Domain Name System) information
http Show settings for the HTTP ALG
show alg sip calls [ <string> ]
show Show settings, parameters, or dynamically generated information
alg Show ALG (Application Level Gateway) information
sip Show SIP (Session Initiation Protocol) information
calls Show information for all currently active SIP calls
<string> Enter a call ID to show information for a specific SIP call (up to 128 chars)
show amrp
show Show settings, parameters, or dynamically generated information
amrp Show AMRP (Advanced Mobility Routing Protocol) parameters
show amrp Ethlink
show Show settings, parameters, or dynamically generated information
amrp Show AMRP (Advanced Mobility Routing Protocol) parameters
Ethlink Show the number of AMRP Ethernet links, and the number of cluster members and interfaces on each link
show amrp Ethlink <mac_addr>
show Show settings, parameters, or dynamically generated information
amrp Show AMRP (Advanced Mobility Routing Protocol) parameters
Ethlink Show the number of AMRP Ethernet links, and the number of cluster members and interfaces on each link
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
show amrp client [ <mac_addr> ]
show Show settings, parameters, or dynamically generated information
amrp Show AMRP (Advanced Mobility Routing Protocol) parameters
client Show information about currently active clients associated with all cluster members
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
show amrp dnxp cache [ <mac_addr> ]
show Show settings, parameters, or dynamically generated information
amrp Show AMRP (Advanced Mobility Routing Protocol) parameters
dnxp Show DNXP (Dynamic Network Extension Protocol) information
cache Show the entire DNXP cache or the cached entry for a specific client
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
show amrp dnxp neighbor [ <mac_addr> ]
show Show settings, parameters, or dynamically generated information
amrp Show AMRP (Advanced Mobility Routing Protocol) parameters
dnxp Show DNXP (Dynamic Network Extension Protocol) information
neighbor Show information about all DNXP neighbors or a specific neighbor to which the local SmartPath AP can tunnel the traffic of roaming clients
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
show amrp interface
show Show settings, parameters, or dynamically generated information
amrp Show AMRP (Advanced Mobility Routing Protocol) parameters
interface Show AMRP statistics for access interfaces reporting client associations and backhaul interfaces exchanging route information with other AMRP nodes
show amrp interface <ethx|redx|aggx> bmt-table
show Show settings, parameters, or dynamically generated information
amrp Show AMRP (Advanced Mobility Routing Protocol) parameters
interface Show AMRP statistics for access interfaces reporting client associations and backhaul interfaces exchanging route information with other AMRP nodes
<ethx> Enter the name of an Ethernet interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
<aggx> Enter the name of the aggregate interface, where x = 0
bmt-table Broadcast Master Table
show amrp interface <ethx|redx|aggx> mac-learning
show Show settings, parameters, or dynamically generated information
amrp Show AMRP (Advanced Mobility Routing Protocol) parameters
interface Show AMRP statistics for access interfaces reporting client associations and backhaul interfaces exchanging route information with other AMRP nodes
<ethx> Enter the name of an Ethernet interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
<aggx> Enter the name of the aggregate interface, where x = 0
mac-learning Show the MAC addresses learned on this interface
show amrp interface <ethx|redx|aggx|mgtx|wifix.y>
show Show settings, parameters, or dynamically generated information
amrp Show AMRP (Advanced Mobility Routing Protocol) parameters
interface Show AMRP statistics for access interfaces reporting client associations and backhaul interfaces exchanging route information with other AMRP nodes
<ethx> Enter the name of an Ethernet interface, where x = 0
<redx> Enter the name of the redundant interface, where x = 0
<aggx> Enter the name of the aggregate interface, where x = 0
<mgtx> Enter the name of the management interface, where x = 0
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
show amrp neighbor [ {Ethernet|WiFi} ]
show Show settings, parameters, or dynamically generated information
amrp Show AMRP (Advanced Mobility Routing Protocol) parameters
neighbor Show AMRP neighbor information (Note: An AMRP neighbor is another cluster member that is one hop away.)
Ethernet Show AMRP neighbors that connect to the local SmartPath AP through its Ethernet interfaces
WiFi Show AMRP neighbors that connect to the local SmartPath AP through its WiFi interfaces
show amrp node <ip_addr|mac_addr>
show Show settings, parameters, or dynamically generated information
amrp Show AMRP (Advanced Mobility Routing Protocol) parameters
node Show information about all AMRP nodes or a specific node (Note: An AMRP node is another cluster member in the same layer-2 domain.)
<ip_addr> Enter node address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
show amrp node [ all ]
show Show settings, parameters, or dynamically generated information
amrp Show AMRP (Advanced Mobility Routing Protocol) parameters
node Show information about all AMRP nodes or a specific node (Note: An AMRP node is another cluster member in the same layer-2 domain.)
all Show amrp all node detail
show amrp static-neighbor
show Show settings, parameters, or dynamically generated information
amrp Show AMRP (Advanced Mobility Routing Protocol) parameters
static-neighbor Show AMRP information for neighbors with statically defined route metrics
show amrp tunnel [ <ip_addr> ]
show Show settings, parameters, or dynamically generated information
amrp Show AMRP (Advanced Mobility Routing Protocol) parameters
tunnel Show a information about all DNXP, INXP (Identity Network Extension Protocol), and VPN tunnels or about a tunnel to a specific peer
<ip_addr> Enter the tunnel peer IPv4 address
show amrp tunnel route [ <ip_addr> ]
show Show settings, parameters, or dynamically generated information
amrp Show AMRP (Advanced Mobility Routing Protocol) parameters
tunnel Show a information about all DNXP, INXP (Identity Network Extension Protocol), and VPN tunnels or about a tunnel to a specific peer
route Show tunneled route
<ip_addr> Enter the tunneled route IPv4 address
show arp-cache
show Show settings, parameters, or dynamically generated information
arp-cache Show arp cache table
show auth [ interface <wifix.y> ]
show Show settings, parameters, or dynamically generated information
auth Show authentication parameters per interface
interface Show authentication parameters for special interface
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
show auth private-psk
show Show settings, parameters, or dynamically generated information
auth Show authentication parameters per interface
private-psk Show private PSK (preshared key) entries
show band-steering status
show Show settings, parameters, or dynamically generated information
band-steering Show settings, parameters, or dynamically generated information
status Show parameters for band steering in the WLAN
show boot-param
show Show settings, parameters, or dynamically generated information
boot-param Show boot parameter information
show boot-param country-code
show Show settings, parameters, or dynamically generated information
boot-param Show boot parameter information
country-code Show the country code to control channel and power selections
show cac summary
show Show settings, parameters, or dynamically generated information
cac Show CAC (Call Admission Control) parameters
summary Show a summary of CAC settings and statistics
show capture interface <wifix>
show Show settings, parameters, or dynamically generated information
capture Show packet capture parameters
interface Show the status of packet capturing on a radio interface
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0 or 1
show capture local
show Show settings, parameters, or dynamically generated information
capture Show packet capture parameters
local Show local captured files
show capture remote-sniffer
show Show settings, parameters, or dynamically generated information
capture Show packet capture parameters
remote-sniffer Show the status and connection settings for the remote packet sniffer
show capwap client
show Show settings, parameters, or dynamically generated information
capwap Show the settings and current status for CAPWAP (Control and Provisioning of Wireless Access Points)
client Show CAPWAP client settings and current status
show client-load-balance status
show Show settings, parameters, or dynamically generated information
client-load-balance Show settings, parameters, or dynamically generated information
status Show parameters for client load balancing in the WLAN
show clock
show Show settings, parameters, or dynamically generated information
clock Show the date, time of the internal clock
show cluster <string> connecting-threshold
show Show settings, parameters, or dynamically generated information
cluster Show cluster parameters
<string> Enter a cluster profile name (1-32 chars)
connecting-threshold Show cluster neighbor connecting threshold parameters
show cluster <string> counter neighbor [ <mac_addr> ]
show Show settings, parameters, or dynamically generated information
cluster Show cluster parameters
<string> Enter a cluster profile name (1-32 chars)
counter Show detailed statistics (counters) for neighboring cluster members
neighbor Show statistics for all neighbors or a single neighbor in this cluster
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
show cluster <string> manage
show Show settings, parameters, or dynamically generated information
cluster Show cluster parameters
<string> Enter a cluster profile name (1-32 chars)
manage Show management options enabled on wireless backhaul interfaces in this cluster
show cluster <string> neighbor [ mac <mac_addr> ]
show Show settings, parameters, or dynamically generated information
cluster Show cluster parameters
<string> Enter a cluster profile name (1-32 chars)
neighbor Show information about all neighbors currently associated with the cluster or about the ongoing wireless activity of a specific neighbor
mac Show the ongoing wireless activity of a neighbor that is currently associated with the cluster (Note: To stop the display of output, press CTRL+C.)
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
show cluster <string> security wlan dos
show Show settings, parameters, or dynamically generated information
cluster Show cluster parameters
<string> Enter a cluster profile name (1-32 chars)
security Show cluster security parameters
wlan Show WLAN parameters
dos Show WLAN Dos parameters
show cluster [ <string> ]
show Show settings, parameters, or dynamically generated information
cluster Show cluster parameters
<string> Enter a cluster profile name (1-32 chars)
show clusterui cas client
show Show settings, parameters, or dynamically generated information
clusterui Show settings of the clusterUI on the SmartPath AP for defining SmartPath AP network settings, configuring settings to connect to SmartPath EMS, and uploading a new SmartPath OS image
cas Show client and server parameters for CAS (Central Authentication Service), a protocol for authenticating users such as teachers accessing Teacher View
client Show parameters for the local SmartPath AP to act as a CAS client
show cmds
show Show settings, parameters, or dynamically generated information
cmds Show CLI (Command Line Interface) commands including ones derived from optional keywords
show config rollback
show Show settings, parameters, or dynamically generated information
config Show parameters for the current configuration file, which is a flash file containing default and admin-defined settings
rollback Show the configuration rollback status, the mechanism for triggering it, and the length of time to wait before performing a rollback operation
show config running
show Show settings, parameters, or dynamically generated information
config Show parameters for the current configuration file, which is a flash file containing default and admin-defined settings
running Show the running configuration
show config running password
show Show settings, parameters, or dynamically generated information
config Show parameters for the current configuration file, which is a flash file containing default and admin-defined settings
running Show the running configuration
password Show passwords and sensitive networking keys as obscured text strings in the output (Default: Passwords and keys are represented by asterisks; Note: A SmartPath AP can recover an original string from an obscured one, but not if the string is replaced with asterisks.)
show config version
show Show settings, parameters, or dynamically generated information
config Show parameters for the current configuration file, which is a flash file containing default and admin-defined settings
version Show the version number of the current configuration file
show config {current|backup|bootstrap|default|failed}
show Show settings, parameters, or dynamically generated information
config Show parameters for the current configuration file, which is a flash file containing default and admin-defined settings
current Show the current configuration
backup Show the backup configuration
bootstrap Show the bootstrap configuration
default Show the default configuration
failed Show the failed configuration
show console
show Show settings, parameters, or dynamically generated information
console Show console parameter
show cpu [ {detail} ]
show Show settings, parameters, or dynamically generated information
cpu Show the percentage of the CPU used in total, for system operations, and for processing user traffic
detail Show CPU utilization in detail
show data-collection
show Show settings, parameters, or dynamically generated information
data-collection Show parameters for collecting data about the types and capabilities of devices on the network and their network usage
show device-group [ <string> ]
show Show settings, parameters, or dynamically generated information
device-group Show all device group names or the settings of an individual device group
<string> Enter a device group name (1-32 chars)
show dns
show Show settings, parameters, or dynamically generated information
dns Show DNS (Domain Name System) parameters
show domain-object [ <string> ]
show Show settings, parameters, or dynamically generated information
domain-object Show all domain object names or the device domains assigned to an individual domain object
<string> Enter an domain object name (1-32 chars)
show filter [ <number> ]
show Show settings, parameters, or dynamically generated information
filter Show capture filter parameters
<number> Enter a filter ID (Range: 1-64)
show forwarding-engine counters [ interface <wifix|wifix.y|ethx|mgtx> ] [ station <mac_addr> ] [ drop ]
show Show settings, parameters, or dynamically generated information
forwarding-engine Show forwarding engine parameters
counters Show forwarding engine counter statistics
interface Show forwarding engine counter by interface
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0 or 1
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
<ethx> Enter the name of an Ethernet interface, where x = 0
<mgtx> Enter the name of the management interface, where x = 0
station Show forwarding engine counter by station MAC
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
drop Show the drop packet counter
show forwarding-engine inter-ssid-flood
show Show settings, parameters, or dynamically generated information
forwarding-engine Show forwarding engine parameters
inter-ssid-flood Show status of flooding multicast or broadcast packets between access interfaces
show forwarding-engine ip-gates
show Show settings, parameters, or dynamically generated information
forwarding-engine Show forwarding engine parameters
ip-gates Show IP gates information
show forwarding-engine ip-sessions [ src-ip <ip_addr> ] [ dst-ip <ip_addr> ] [ src-port <number> ] [ dst-port <number> ] [ protocol <number> ] [ qos <number> ]
show Show settings, parameters, or dynamically generated information
forwarding-engine Show forwarding engine parameters
ip-sessions Show IP session information
src-ip Filter by source IP
<ip_addr> Source IP address
dst-ip Filter by destination IP
<ip_addr> Destination IP address
src-port Filter by source port
<number> source IP port (Range: 1-65535)
dst-port Filter by destination port
<number> destination IP port (Range: 1-65535)
protocol Filter by protocol
<number> protocol (Range: 1-255)
qos Filter by QoS value
<number> QoS value (Range: 0-7)
show forwarding-engine ip-sessions id <number>
show Show settings, parameters, or dynamically generated information
forwarding-engine Show forwarding engine parameters
ip-sessions Show IP session information
id Show a IP session by ID
<number> Enter the flow ID (Range: 1-9999)
show forwarding-engine mac-sessions [ src-mac <mac_addr> ] [ dst-mac <mac_addr> ] [ vlan <number> ]
show Show settings, parameters, or dynamically generated information
forwarding-engine Show forwarding engine parameters
mac-sessions Show MAC session information
src-mac Filter by source MAC
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
dst-mac Filter by destination MAC
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
vlan Filter by VLAN ID of station
<number> VLAN ID (Range: 1-4094)
show forwarding-engine mac-sessions id <number>
show Show settings, parameters, or dynamically generated information
forwarding-engine Show forwarding engine parameters
mac-sessions Show MAC session information
id Show a MAC session by ID
<number> Enter the flow ID (Range: 1-9999)
show forwarding-engine max-ip-sess-per-station
show Show settings, parameters, or dynamically generated information
forwarding-engine Show forwarding engine parameters
max-ip-sess-per-station Show the maximum number of IP sessions that can be created to or from a station
show forwarding-engine max-mac-sess-per-station
show Show settings, parameters, or dynamically generated information
forwarding-engine Show forwarding engine parameters
max-mac-sess-per-station Show the maximum number of MAC sessions that can be created to or from a station
show forwarding-engine open-ports-to-self
show Show settings, parameters, or dynamically generated information
forwarding-engine Show forwarding engine parameters
open-ports-to-self Show permitted services destined for the SmartPath AP itself when it is set to drop all non-management traffic
show forwarding-engine policy
show Show settings, parameters, or dynamically generated information
forwarding-engine Show forwarding engine parameters
policy Show policy information
show forwarding-engine static-rule
show Show settings, parameters, or dynamically generated information
forwarding-engine Show forwarding engine parameters
static-rule Show static packet-forwarding rules that preempts dynamic forwarding decisions
show forwarding-engine tunnel selective-multicast-forward
show Show settings, parameters, or dynamically generated information
forwarding-engine Show forwarding engine parameters
tunnel Show tunnel (GRE tunnel or GRE-over-IPsec tunnel) parameters
selective-multicast-forward Show the settings for selective multicast forwarding through GRE tunnels
show forwarding-engine tunnel tcp-mss-threshold
show Show settings, parameters, or dynamically generated information
forwarding-engine Show forwarding engine parameters
tunnel Show tunnel (GRE tunnel or GRE-over-IPsec tunnel) parameters
tcp-mss-threshold Show TCP MSS threshold parameters
show gre-tunnel
show Show settings, parameters, or dynamically generated information
gre-tunnel Show GRE (Generic Routing Encapsulation) tunnel information
show high-density status
show Show settings, parameters, or dynamically generated information
high-density Show parameters for optimizing performance in a high-density WLAN
status Show high-density settings and the running status of operations pertaining to them on both the 2.4 and 5 GHz radio bands
show history
show Show settings, parameters, or dynamically generated information
history Show command history
show hw-info
show Show settings, parameters, or dynamically generated information
hw-info Show hardware information
show icsa
show Show settings, parameters, or dynamically generated information
icsa Show ICSA (International Computer Security Association) parameters
show interface <ethx> allowed-vlan
show Show settings, parameters, or dynamically generated information
interface Show interface and subinterface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0
allowed-vlan Show all allowed VLAN IDs on the interface
show interface <ethx> mac-learning {static|dynamic|all}
show Show settings, parameters, or dynamically generated information
interface Show interface and subinterface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0
mac-learning Show entries in the MAC address learning table
static Show statically defined MAC address entries
dynamic Show dynamically learned MAC address entries
all Show statically defined and dynamically learned MAC address entries
show interface <ethx> manage
show Show settings, parameters, or dynamically generated information
interface Show interface and subinterface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0
manage Show management options enabled on this interface
show interface <ethx> qos-classifier
show Show settings, parameters, or dynamically generated information
interface Show interface and subinterface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0
qos-classifier Show the QoS classification profile (classifier) assigned to the interface
show interface <ethx> qos-marker
show Show settings, parameters, or dynamically generated information
interface Show interface and subinterface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0
qos-marker Show the QoS marker profile assigned to the interface
show interface <ethx> rate-limit
show Show settings, parameters, or dynamically generated information
interface Show interface and subinterface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0
rate-limit Show the settings for interface-based rate limiting
show interface <mgtx.y> manage
show Show settings, parameters, or dynamically generated information
interface Show interface and subinterface parameters
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
manage Show management options enabled on this interface
show interface <mgtx> dhcp client
show Show settings, parameters, or dynamically generated information
interface Show interface and subinterface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp Show DHCP parameters
client Show DHCP client parameters
show interface <mgtx> dhcp keepalive
show Show settings, parameters, or dynamically generated information
interface Show interface and subinterface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp Show DHCP parameters
keepalive Show the status for keepalives to DHCP servers in the native VLAN, management interface VLAN, and all VLANs set in the DHCP keepalive range
show interface <mgtx> dhcp-probe results-summary
show Show settings, parameters, or dynamically generated information
interface Show interface and subinterface parameters
<mgtx> Enter the name of the management interface, where x = 0
dhcp-probe Show DHCP probe parameters
results-summary Show a summary of DHCP probe results
show interface <mgtx|mgtx.y> dhcp-server [ detail ]
show Show settings, parameters, or dynamically generated information
interface Show interface and subinterface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
dhcp-server Show the DHCP server parameters
detail Show details about the DHCP leases for currently active clients
show interface <mgtx|mgtx.y> ip-helper
show Show settings, parameters, or dynamically generated information
interface Show interface and subinterface parameters
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
ip-helper Show IP helper address information
show interface <wifix.y> multicast
show Show settings, parameters, or dynamically generated information
interface Show interface and subinterface parameters
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
multicast Show multicast settings, statistics, groups, and group members
show interface <wifix> channel
show Show settings, parameters, or dynamically generated information
interface Show interface and subinterface parameters
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0 or 1
channel Show channel list of the radio interface
show interface <wifix> dfs
show Show settings, parameters, or dynamically generated information
interface Show interface and subinterface parameters
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0 or 1
dfs Show DFS (Dynamic Frequency Selection) status
show interface <wifix> multicast
show Show settings, parameters, or dynamically generated information
interface Show interface and subinterface parameters
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0 or 1
multicast Show multicast settings, statistics, groups, and group members
show interface <wifix> wlan-idp ap-info
show Show settings, parameters, or dynamically generated information
interface Show interface and subinterface parameters
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0 or 1
wlan-idp Show WLAN IDP (intrusion detection and prevention) parameters
ap-info Show IDP AP statistics for the radio interface
show interface <wifix> wlan-idp ap-info compliance {compliant|non-compliant}
show Show settings, parameters, or dynamically generated information
interface Show interface and subinterface parameters
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0 or 1
wlan-idp Show WLAN IDP (intrusion detection and prevention) parameters
ap-info Show IDP AP statistics for the radio interface
compliance Show one compliance type of IDP AP statistics for the radio interface
compliant Show compliant type of IDP AP statistics for the radio interface
non-compliant Show non-compliant type of IDP AP statistics for the radio interface
show interface <wifix> wlan-idp ap-info type {rogue|valid|external}
show Show settings, parameters, or dynamically generated information
interface Show interface and subinterface parameters
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0 or 1
wlan-idp Show WLAN IDP (intrusion detection and prevention) parameters
ap-info Show IDP AP statistics for the radio interface
type Show one type of IDP AP statistics for the radio interface
rogue Show rogue type of IDP AP statistics for the radio interface
valid Show valid type of IDP AP statistics for the radio interface
external Show external type of IDP AP statistics for the radio interface
show interface <wifix> wlan-idp client-info
show Show settings, parameters, or dynamically generated information
interface Show interface and subinterface parameters
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0 or 1
wlan-idp Show WLAN IDP (intrusion detection and prevention) parameters
client-info Show IDP client statistics for the radio interface
show interface <wifix> wlan-idp mitigate rogue-ap [ <mac_addr> ]
show Show settings, parameters, or dynamically generated information
interface Show interface and subinterface parameters
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0 or 1
wlan-idp Show WLAN IDP (intrusion detection and prevention) parameters
mitigate Show mitigated rogue APs and their clients
rogue-ap Show rogue APs currently being mitigated or clients connected to a specific rogue AP
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
show interface <wifix|wifix.y> counter
show Show settings, parameters, or dynamically generated information
interface Show interface and subinterface parameters
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0 or 1
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
counter Show detailed statistics (counters) for traffic traversing the interface
show interface [ <ethx|mgtx|mgtx.y|wifix|wifix.y|tunnelx> ]
show Show settings, parameters, or dynamically generated information
interface Show interface and subinterface parameters
<ethx> Enter the name of an Ethernet interface, where x = 0
<mgtx> Enter the name of the management interface, where x = 0
<mgtx.y> Enter the name of the virtual management interface (Ranges x: 0; y: 1-16)
<wifix> Enter the name of a Wi-Fi radio interface, where x = 0 or 1
<wifix.y> Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
<tunnelx> Enter the name of the tunnel interface, where x = 0 or 1
show ip route
show Show settings, parameters, or dynamically generated information
ip Show IP parameters
route Show IP routing table
show ip-policy
show Show settings, parameters, or dynamically generated information
ip-policy Show parameters for IP policy
show ip-policy <string>
show Show settings, parameters, or dynamically generated information
ip-policy Show parameters for IP policy
<string> Enter an IP policy name (1-32 chars)
show ip-policy user-profile <number|string> [ {from-access|to-access} ] [ from <ip_addr|string> <mask> ] [ to <ip_addr|string> <mask> ] [ service <string> ] [ action {permit|deny|inter-station-traffic-drop} ] [ lines <number> ]
show Show settings, parameters, or dynamically generated information
ip-policy Show parameters for IP policy
user-profile Show parameters for a user profile
<number> Enter the user profile name or ID
<string> Enter the user profile name or ID
from-access Show IP policy for data sent from this station
to-access how IP policy for data arriving at this station
from Show the specific source IP (Default: any)
<ip_addr> Enable an IP or net address
<string> Enable an IP or net address
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
to Show the specific destination IP (Default: any)
<ip_addr> Enter an IP or net address
<string> Enter an IP or net address
<mask> Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
service Show the specific service (Default: any)
<string> Enter the service (1-32 chars)
action Show the action (Default:any)
permit Set the action
deny Set the action
inter-station-traffic-drop Set the action
lines Set the most number of IP policy to show
<number> Enter a num (Range: 1-32)
show library-sip-policy [ <string> ]
show Show settings, parameters, or dynamically generated information
library-sip-policy Display library SIP policy settings
<string> Enter a library SIP policy name (1-32 chars)
show license
show Show settings, parameters, or dynamically generated information
license Show license infomation
show lldp [ {cdp} ] [ {neighbor} ]
show Show settings, parameters, or dynamically generated information
lldp Set LLDP (Link Layer Discovery Protocol) parameters
cdp Set CDP (Cisco Discovery Protocol) parameters
neighbor Show the LLDP or CDP neighbor table
show location [ {aeroscout|tzsp} ]
show Show settings, parameters, or dynamically generated information
location Show parameters for location tracking
aeroscout Show parameters for the location processing engine
tzsp Show parameters for the location processing engine
show location black-box
show Show settings, parameters, or dynamically generated information
location Show parameters for location tracking
black-box Show parameters for the Black Box location processing engine
show location black-box list
show Show settings, parameters, or dynamically generated information
location Show parameters for location tracking
black-box Show parameters for the Black Box location processing engine
list Show the entries in the track list
show location black-box rssi
show Show settings, parameters, or dynamically generated information
location Show parameters for location tracking
black-box Show parameters for the Black Box location processing engine
rssi Show the RSSI readings of tracked stations
show location black-box rssi mac <mac_addr>
show Show settings, parameters, or dynamically generated information
location Show parameters for location tracking
black-box Show parameters for the Black Box location processing engine
rssi Show the RSSI readings of tracked stations
mac Show the RSSI readings of a specific tracked station as determined by its MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
show location black-box rssi oui <oui>
show Show settings, parameters, or dynamically generated information
location Show parameters for location tracking
black-box Show parameters for the Black Box location processing engine
rssi Show the RSSI readings of tracked stations
oui Show the RSSI readings of specific tracked stations as determined by the OUI (organizationally unique identifier) portion of their MAC addresses
<oui> Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
show location {aeroscout|tzsp} counter
show Show settings, parameters, or dynamically generated information
location Show parameters for location tracking
aeroscout Show parameters for the location processing engine
tzsp Show parameters for the location processing engine
counter Show statistics for location reports sent to the location processing engine
show logging
show Show settings, parameters, or dynamically generated information
logging Show logging information
show logging {buffered|flash|debug} [ level {emergency|alert|critical|error|warning|notification|info|debug} ] [ tail <number> ] [ date <date> ] [ time <time> ]
show Show settings, parameters, or dynamically generated information
logging Show logging information
buffered Show buffered messages
flash Show flash messages
debug Show debug messages
level Specify a logging level
emergency Show emergency-level log entries (Default: debug)
alert Show log entries from alert to emergency levels (Default: debug)
critical Show log entries from critical to emergency levels (Default: debug)
error Show log entries from error to emergency levels (Default: debug)
warning Show log entries from warning to emergency levels (Default: debug)
notification Show log entries from notification to emergency levels (Default: debug)
info Show log entries from info to emergency levels (Default: debug)
debug Show log entries for all severity levels (Default: debug)
tail Show log number
<number> Show log number (Range: 1-65535)
date Show messages start date
<date> Show messages date (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
time Show messages start time
<time> Show messages time (Format: hh:mm:ss)
show mac-object [ <string> ]
show Show settings, parameters, or dynamically generated information
mac-object Show all MAC object names or the parameters of an individual MAC object
<string> Enter an MAC object name (1-32 chars)
show mac-policy
show Show settings, parameters, or dynamically generated information
mac-policy Show parameters for MAC policy
show mac-policy <string> [ from <mac_addr> [ <number> ] ] [ to <mac_addr> [ <number> ] ] [ action {permit|deny} ] [ lines <number> ]
show Show settings, parameters, or dynamically generated information
mac-policy Show parameters for MAC policy
<string> Enter a MAC policy name (1-32 chars)
from Show the specific source MAC (Default: any)
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
<number> Enter a MAC mask length (value: 0, 24, 48)
to Show the specific destination MAC (Default: any)
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
<number> Enter a MAC mask length (value: 0, 24, 48)
action Show the specific action (Default:any)
permit Set the action
deny Set the action
lines Set the most number of MAC policy to show
<number> Enter a num (Range: 1-32)
show mac-policy user-profile <number|string> [ {from-access|to-access} ] [ from <mac_addr> [ <number> ] ] [ to <mac_addr> [ <number> ] ] [ action {permit|deny} ] [ lines <number> ]
show Show settings, parameters, or dynamically generated information
mac-policy Show parameters for MAC policy
user-profile Show parameters for a user profile
<number> Enter the user profile name or ID
<string> Enter the user profile name or ID
from-access Show MAC policy for data sent from this station
to-access how IP policy for data arriving at this station
from Show the specific source MAC (Default: any)
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
<number> Enter a MAC mask length (value: 0, 24, 48)
to Show the specific destination MAC (Default: any)
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
<number> Enter a MAC mask length (value: 0, 24, 48)
action Show the specific action (Default:any)
permit Set the action
deny Set the action
lines Set the most number of MAC policy to show
<number> Enter a num (Range: 1-32)
show memory [ {detail} ]
show Show settings, parameters, or dynamically generated information
memory Show total, free, and used system memory statistics
detail Show system memory statistics in detail
show min-password-length
show Show settings, parameters, or dynamically generated information
min-password-length Show the minimum password length
show mobile-device-policy [ <string> ]
show Show settings, parameters, or dynamically generated information
mobile-device-policy Show all mobile device policy names or the settings of an individual policy
<string> Enter a mobile device policy name (1-32 chars)
show mobility-policy [ <string> ]
show Show settings, parameters, or dynamically generated information
mobility-policy Show mobility policy parameters
<string> Enter a mobility policy name (1 - 32 chars)
show mobility-threshold gre-tunnel permitted-load
show Show settings, parameters, or dynamically generated information
mobility-threshold Show the settings for tunneling mobile user traffic
gre-tunnel Show the settings for the volume of traffic that the local SmartPath AP accepts through GRE tunnels (Note: This only applies to portals in a L3 roaming environment.)
permitted-load Show the level determining how much tunneled traffic from mobile users the local SmartPath AP accepts
show ntp
show Show settings, parameters, or dynamically generated information
ntp Show NTP (Network Time Protocol) parameters
show os-object [ <string> ]
show Show settings, parameters, or dynamically generated information
os-object Show all OS object names or the operating systems assigned to an individual OS object
<string> Enter an OS object name (1-32 chars)
show performance-sentinel
show Show settings, parameters, or dynamically generated information
performance-sentinel Show performance sentinel parameters
show ppsk schedule [ <string> ]
show Show settings, parameters, or dynamically generated information
ppsk Show parameters of private-PSK
schedule Show information about previously defined private-PSK schedules
<string> Enter a name to see information about a specific schedule (1-32 characters)
show proxy
show Show settings, parameters, or dynamically generated information
proxy Show proxy parameters
show qos
show Show settings, parameters, or dynamically generated information
qos Show QoS (Quality of Service) parameters
show qos classifier-map 80211e [ <number> ]
show Show settings, parameters, or dynamically generated information
qos Show QoS (Quality of Service) parameters
classifier-map Show the mapping of QoS priority markers on incoming packets to Black Box QoS classes
80211e Show mapping of IEEE 802.11e priority markers on incoming packets to Black Box QoS classes
<number> Enter the IEEE 802.11e user priority (Range: 0-7)
show qos classifier-map 8021p [ <number> ]
show Show settings, parameters, or dynamically generated information
qos Show QoS (Quality of Service) parameters
classifier-map Show the mapping of QoS priority markers on incoming packets to Black Box QoS classes
8021p Show mapping of IEEE 802.1p priority markers on incoming packets to Black Box QoS classes
<number> Enter IEEE 802.1p priority (Range: 0-7)
show qos classifier-map diffserv [ <number> ]
show Show settings, parameters, or dynamically generated information
qos Show QoS (Quality of Service) parameters
classifier-map Show the mapping of QoS priority markers on incoming packets to Black Box QoS classes
diffserv Show mapping of diffserv DSCP (Differentiated Services Code Point) values on incoming packets to Black Box QoS classes
<number> Enter The DSCP class (Range: 0-63)
show qos classifier-map interface <ethx>
show Show settings, parameters, or dynamically generated information
qos Show QoS (Quality of Service) parameters
classifier-map Show the mapping of QoS priority markers on incoming packets to Black Box QoS classes
interface Show interface-based classification table
<ethx> Enter the name of an Ethernet interface, where x = 0
show qos classifier-map oui [ <oui> ]
show Show settings, parameters, or dynamically generated information
qos Show QoS (Quality of Service) parameters
classifier-map Show the mapping of QoS priority markers on incoming packets to Black Box QoS classes
oui Show the MAC OUI (Organizational Unique Identifier) classification table
<oui> Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
show qos classifier-map service [ <string> ]
show Show settings, parameters, or dynamically generated information
qos Show QoS (Quality of Service) parameters
classifier-map Show the mapping of QoS priority markers on incoming packets to Black Box QoS classes
service Show service-based classification table
<string> Enter service name (1 - 32 chars)
show qos classifier-map ssid <string>
show Show settings, parameters, or dynamically generated information
qos Show QoS (Quality of Service) parameters
classifier-map Show the mapping of QoS priority markers on incoming packets to Black Box QoS classes
ssid Show SSID (Service Set Identifier) profile names and individual profile parameters
<string> Enter an SSID name
show qos classifier-profile [ <string> ]
show Show settings, parameters, or dynamically generated information
qos Show QoS (Quality of Service) parameters
classifier-profile Show a QoS classification profile
<string> Show QoS classifier profile by name (1 - 32 chars)
show qos counter user [ <mac_addr> ]
show Show settings, parameters, or dynamically generated information
qos Show QoS (Quality of Service) parameters
counter Show QoS statistics counters
user Show station QoS statistics counters
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
show qos counter user-profile [ <string> ]
show Show settings, parameters, or dynamically generated information
qos Show QoS (Quality of Service) parameters
counter Show QoS statistics counters
user-profile Show user profile QoS statistics counters
<string> Enter the user profile name (1 - 32 chars)
show qos marker-map 80211e [ <number> ]
show Show settings, parameters, or dynamically generated information
qos Show QoS (Quality of Service) parameters
marker-map Show the mapping of Black Box QoS classes to QoS priority markers on outgoing packets
80211e Show mapping of Black Box QoS classes to IEEE 802.11e priority markers on outgoing packets
<number> Enter the Black Box QoS class (Range: 0-7)
show qos marker-map 8021p [ <number> ]
show Show settings, parameters, or dynamically generated information
qos Show QoS (Quality of Service) parameters
marker-map Show the mapping of Black Box QoS classes to QoS priority markers on outgoing packets
8021p Show mapping of Black Box QoS classes to IEEE 802.1p priority markers on outgoing packets
<number> Enter the Black Box QoS class (Range: 0-7)
show qos marker-map diffserv [ <number> ]
show Show settings, parameters, or dynamically generated information
qos Show QoS (Quality of Service) parameters
marker-map Show the mapping of Black Box QoS classes to QoS priority markers on outgoing packets
diffserv Show map of Black Box QoS classes to diffserv DSCP (Differentiated Services Code Point) values on outgoing packets
<number> Enter the Black Box QoS class (Range: 0-7)
show qos marker-profile [ <string> ]
show Show settings, parameters, or dynamically generated information
qos Show QoS (Quality of Service) parameters
marker-profile Show a QoS marker profile
<string> Enter the marker profile name (1 - 32 chars)
show qos policy [ <string> ]
show Show settings, parameters, or dynamically generated information
qos Show QoS (Quality of Service) parameters
policy Show a QoS (Quality of Service) policy
<string> Show a QoS (Quality of Service) policy by policy name (1 - 32 chars)
show radio profile [ <string> ]
show Show settings, parameters, or dynamically generated information
radio Show radio profile parameters
profile Show radio profile parameters for an interface
<string> Enter a radio profile name
show reboot schedule
show Show settings, parameters, or dynamically generated information
reboot Show if the system is scheduled to reboot
schedule Show the next scheduled reboot time, if set
show report statistic
show Show settings, parameters, or dynamically generated information
report Show report parameters for traffic statistics
statistic Show parameters for reporting interface-level and client-level traffic statistics
show reset-button
show Show settings, parameters, or dynamically generated information
reset-button Show the state of reset button to reset the SmartPath AP to its factory default settings or, if set, to a bootstrap config
show roaming cache
show Show settings, parameters, or dynamically generated information
roaming Show the roaming cache and neighbors
cache Show the roaming cache containing MAC addresses and PMKs (Pairwise Master Keys)
show roaming cache mac <mac_addr>
show Show settings, parameters, or dynamically generated information
roaming Show the roaming cache and neighbors
cache Show the roaming cache containing MAC addresses and PMKs (Pairwise Master Keys)
mac Specify a station MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
show roaming neighbor [ mac <mac_addr> ] [ ip <ip_addr> ]
show Show settings, parameters, or dynamically generated information
roaming Show the roaming cache and neighbors
neighbor Show the neighbors to which associated stations can roam
mac Specify a station MAC address
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
ip Specify station IP
<ip_addr> Specify IP address
show route
show Show settings, parameters, or dynamically generated information
route Show route parameters
show running-config
show Show settings, parameters, or dynamically generated information
running-config Show Currently running configurations
show running-config password
show Show settings, parameters, or dynamically generated information
running-config Show Currently running configurations
password Show passwords and sensitive networking keys as obscured text strings in the output (Default: Passwords and keys are represented by asterisks; Note: A SmartPath AP can recover an original string from an obscured one, but not if the string is replaced with asterisks.)
show running-config users [ password ] [ all ]
show Show settings, parameters, or dynamically generated information
running-config Show Currently running configurations
users Show users configurations
password Show passwords and sensitive networking keys as obscured text strings in the output (Default: Passwords and keys are represented by asterisks; Note: A SmartPath AP can recover an original string from an obscured one, but not if the string is replaced with asterisks.)
all Show all the user configurations including temporary users
show schedule [ <string> ]
show Show settings, parameters, or dynamically generated information
schedule Show information about previously defined schedules
<string> Enter a name to see information about a specific schedule (1-32 characters)
show schedule-in-detail
show Show settings, parameters, or dynamically generated information
schedule-in-detail Show detailed information about all previously defined schedules
show security mac-filter [ <string> ]
show Show settings, parameters, or dynamically generated information
security Show security parameters
mac-filter Show MAC-filter parameters
<string> Specify MAC-filter name
show security protocol-suite
show Show settings, parameters, or dynamically generated information
security Show security parameters
protocol-suite Show predefine security protocol suites
show security-object <string> dhcp-server
show Show settings, parameters, or dynamically generated information
security-object Show security object names and individual parameters
<string> Enter a security object name (1-32 chars)
dhcp-server Show DHCP-server parameters
show security-object <string> dns-server
show Show settings, parameters, or dynamically generated information
security-object Show security object names and individual parameters
<string> Enter a security object name (1-32 chars)
dns-server Show DNS-server parameters
show security-object <string> mobile-device-policy
show Show settings, parameters, or dynamically generated information
security-object Show security object names and individual parameters
<string> Enter a security object name (1-32 chars)
mobile-device-policy Show the mobile device policy to which the security object is bound
show security-object <string> security aaa
show Show settings, parameters, or dynamically generated information
security-object Show security object names and individual parameters
<string> Enter a security object name (1-32 chars)
security Show security settings
aaa Show AAA (authentication, authorization, and accounting) settings
show security-object <string> security protocol-suite
show Show settings, parameters, or dynamically generated information
security-object Show security object names and individual parameters
<string> Enter a security object name (1-32 chars)
security Show security settings
protocol-suite Show the security protocol suite
show security-object <string> walled-garden
show Show settings, parameters, or dynamically generated information
security-object Show security object names and individual parameters
<string> Enter a security object name (1-32 chars)
walled-garden Show the list of walled gardens
show security-object <string> web-server
show Show settings, parameters, or dynamically generated information
security-object Show security object names and individual parameters
<string> Enter a security object name (1-32 chars)
web-server Show the internal web server configuration in the interface
show security-object [ <string> ]
show Show settings, parameters, or dynamically generated information
security-object Show security object names and individual parameters
<string> Enter a security object name (1-32 chars)
show service [ <string> ]
show Show settings, parameters, or dynamically generated information
service Show details or counters about predefined and custom services
<string> Show the transport protocol, port, and timeout for a specific service
show service [ <string> ] counter
show Show settings, parameters, or dynamically generated information
service Show details or counters about predefined and custom services
<string> Show the transport protocol, port, and timeout for a specific service
counter Show counter statistics for all services or for a specific service
show smartpath-ems
show Show settings, parameters, or dynamically generated information
smartpath-ems Show SmartPath EMS parameters
show snmp [ {v3-admin} ]
show Show settings, parameters, or dynamically generated information
snmp Show SNMP (Simple Network Management Protocol) parameters
v3-admin Show parameters for SNMP v3 administrators
show snmp community [ {read-only} ]
show Show settings, parameters, or dynamically generated information
snmp Show SNMP (Simple Network Management Protocol) parameters
community Show previously defined SNMP communities and their parameters
read-only Enter a community privilege to show previously defined SNMP communities parameters
show snmp contact
show Show settings, parameters, or dynamically generated information
snmp Show SNMP (Simple Network Management Protocol) parameters
contact Show SNMP contact information
show snmp location
show Show settings, parameters, or dynamically generated information
snmp Show SNMP (Simple Network Management Protocol) parameters
location Show the SmartPath AP location for SNMP
show snmp trap-host
show Show settings, parameters, or dynamically generated information
snmp Show SNMP (Simple Network Management Protocol) parameters
trap-host Show parameters for SNMP trap host
show ssh-tunnel
show Show settings, parameters, or dynamically generated information
ssh-tunnel Show SSH (Secure Shell) tunnel parameters
show ssid <string> counter station [ <mac_addr> ]
show Show settings, parameters, or dynamically generated information
ssid Show SSID (Service Set Identifier) profile names and individual profile parameters
<string> Enter an SSID profile name (1-32 chars)
counter Show detailed statistics (counters) for stations (wireless clients) associated with the SSID
station Show statistics for all stations or a specific station associated with the SSID
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
show ssid <string> manage
show Show settings, parameters, or dynamically generated information
ssid Show SSID (Service Set Identifier) profile names and individual profile parameters
<string> Enter an SSID profile name (1-32 chars)
manage Show management options enabled on subinterfaces bound to the SSID
show ssid <string> multicast
show Show settings, parameters, or dynamically generated information
ssid Show SSID (Service Set Identifier) profile names
<string> Enter an SSID profile name (1-32 chars)
multicast Show multicast settings
show ssid <string> qos-classifier
show Show settings, parameters, or dynamically generated information
ssid Show SSID (Service Set Identifier) profile names and individual profile parameters
<string> Enter an SSID profile name (1-32 chars)
qos-classifier Show the QoS classification profile (classifier) assigned to the interface
show ssid <string> qos-marker
show Show settings, parameters, or dynamically generated information
ssid Show SSID (Service Set Identifier) profile names and individual profile parameters
<string> Enter an SSID profile name (1-32 chars)
qos-marker Show the QoS marker profile assigned to the interface
show ssid <string> schedule [ detail ]
show Show settings, parameters, or dynamically generated information
ssid Show SSID (Service Set Identifier) profile names and individual profile parameters
<string> Enter an SSID profile name (1-32 chars)
schedule Show all schedules bound to the SSID
detail Show detailed information about all schedules bound to the SSID
show ssid <string> security screening [ detail ]
show Show settings, parameters, or dynamically generated information
ssid Show SSID (Service Set Identifier) profile names and individual profile parameters
<string> Enter an SSID profile name (1-32 chars)
security Show SSID security parameters
screening Show SSID security screening parameters
detail Show more information
show ssid <string> security wlan dos
show Show settings, parameters, or dynamically generated information
ssid Show SSID (Service Set Identifier) profile names and individual profile parameters
<string> Enter an SSID profile name (1-32 chars)
security Show SSID security parameters
wlan Show SSID WLAN parameters
dos Show SSID DoS parameters
show ssid <string> station [ mac <mac_addr> ]
show Show settings, parameters, or dynamically generated information
ssid Show SSID (Service Set Identifier) profile names and individual profile parameters
<string> Enter an SSID profile name (1-32 chars)
station Show information about all stations currently associated with the SSID or about the ongoing wireless activity of a specific station
mac Show the ongoing wireless activity of a station that is currently associated with the SSID (Note: To stop the display of output, press CTRL+C.)
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
show ssid <string> user-group
show Show settings, parameters, or dynamically generated information
ssid Show SSID (Service Set Identifier) profile names and individual profile parameters
<string> Enter an SSID profile name (1-32 chars)
user-group Show SSID bind user-groups
show ssid [ <string> ]
show Show settings, parameters, or dynamically generated information
ssid Show SSID (Service Set Identifier) profile names and individual profile parameters
<string> Enter an SSID profile name (1-32 chars)
show ssid-schedule
show Show settings, parameters, or dynamically generated information
ssid-schedule Show the status of all SSID schedules
show station [ <mac_addr> ]
show Show settings, parameters, or dynamically generated information
station Show information about all stations or about the ongoing wireless activity of a specific station
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
show station [ <mac_addr> ] counter
show Show settings, parameters, or dynamically generated information
station Show information about all stations or about the ongoing wireless activity of a specific station
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
counter Show detailed statistics (counters) for stations (wireless clients) associated with the SmartPath AP
show system
show Show settings, parameters, or dynamically generated information
system Show system information
show system disk-info
show Show settings, parameters, or dynamically generated information
system Show system information
disk-info Show disk information
show system led
show Show settings, parameters, or dynamically generated information
system Show system information
led Show LED configuration parameters and current status
show system processes [ state ]
show Show settings, parameters, or dynamically generated information
system Show system information
processes Show processes information
state Show processes running state
show teacher-view resource-map
show Show settings, parameters, or dynamically generated information
teacher-view Show parameters for Teacher View, a tool for controlling student access to the network and monitoring their activity
resource-map Show all previously defined mappings of network resources to IP addresses and port numbers
show tech
show Show settings, parameters, or dynamically generated information
tech Show the output of many "show" commands that display all the important SmartPath AP settings (cluster, interface, ssid...) and runtime data (amrp neighbor, capwap client, roaming cache...)
show tech <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
show Show settings, parameters, or dynamically generated information
tech Show the output of many "show" commands that display all the important SmartPath AP settings (cluster, interface, ssid...) and runtime data (amrp neighbor, capwap client, roaming cache...)
<url> Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
admin Set the name of the server administrator
<string> Enter the administrator name (1-32 chars)
password Set the password for the server administrator
<string> Enter the server password (1-64 chars)
basic Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
digest Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
proxy Set parameters for the HTTP proxy server
<string> Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
proxy-admin Set the name of the proxy administrator
<string> Enter the proxy administrator name (1-32 chars)
password Set the password for the proxy administrator
<string> Enter the proxy password (1-64 chars)
show time-zone
show Show settings, parameters, or dynamically generated information
time-zone Show time zone
show track [ <string> ]
show Show settings, parameters, or dynamically generated information
track Show IP tracking information
<string> Show IP tracking information for the group (1-32 chars)
show user
show Show settings, parameters, or dynamically generated information
user Show all user
show user-group <string> psk-digest [ <string> ]
show Show settings, parameters, or dynamically generated information
user-group Show a user group parameters
<string> Enter the user group name (1-32 chars)
psk-digest Show the digest string for the auto-PSK
<string> Enter the user name (1-32 chars)
show user-group [ <string> ]
show Show settings, parameters, or dynamically generated information
user-group Show a user group parameters
<string> Enter the user group name (1-32 chars)
show user-profile <string> cac airtime-percentage
show Show settings, parameters, or dynamically generated information
user-profile Show parameters for a user profile
<string> Enter the user profile name (1 - 32 chars)
cac Show CAC (Call Admission Control) parameters and statistics
airtime-percentage Show the percentage of airtime for VoIP calls
show user-profile <string> schedule [ detail ]
show Show settings, parameters, or dynamically generated information
user-profile Show parameters for a user profile
<string> Enter the user profile name (1 - 32 chars)
schedule Show all schedules bound to the user profile
detail Show detailed information about all schedules bound to the user profile
show user-profile [ <string> ]
show Show settings, parameters, or dynamically generated information
user-profile Show parameters for a user profile
<string> Enter the user profile name (1 - 32 chars)
show user-profile-schedule
show Show settings, parameters, or dynamically generated information
user-profile-schedule Show the status of all user profile schedules
show version [ {detail} ]
show Show settings, parameters, or dynamically generated information
version Show information about the current and backup SmartPath OS versions on the SmartPath AP and the SmartPath AP platform type
detail Show detailed information about the current and backup SmartPath OS versions on the SmartPath AP and the SmartPath AP platform type
show vpn gre-tunnel
show Show settings, parameters, or dynamically generated information
vpn Show VPN information and VPN objects
gre-tunnel Show GRE (Generic Routing Encapsulation) tunnel information
show vpn ike configuration
show Show settings, parameters, or dynamically generated information
vpn Show VPN information and VPN objects
ike Show IKE information
configuration Show VPN configuration settings
show vpn ike {sa|event}
show Show settings, parameters, or dynamically generated information
vpn Show VPN information and VPN objects
ike Show IKE information
sa Show the cookies and creation times of IKE phase1 security associations
event Show the most recent IKE events (Note: You can see up to a maximum of 32 IKE events.)
show vpn ike {sp}
show Show settings, parameters, or dynamically generated information
vpn Show VPN information and VPN objects
ike Show IKE information
sp Show IPsec security policies
show vpn ipsec sa
show Show settings, parameters, or dynamically generated information
vpn Show VPN information and VPN objects
ipsec Show IPSec information
sa Show IKE phase 2 IPsec security associations
show vpn ipsec-tunnel
show Show settings, parameters, or dynamically generated information
vpn Show VPN information and VPN objects
ipsec-tunnel Show IPSec tunnel information
show vpn tunnel-id [ <number> ]
show Show settings, parameters, or dynamically generated information
vpn Show VPN information and VPN objects
tunnel-id Show VPN tunnel destination parameters and status, or show detailed information about a specific tunnel by entering its ID number
<number> Enter the tunnel ID number (Range: 1-2147483647)
show vpn tunnel-policy
show Show settings, parameters, or dynamically generated information
vpn Show VPN information and VPN objects
tunnel-policy Show tunnel policy information
show web-directory [ ppsk-self-reg ] [ <string> ]
show Show settings, parameters, or dynamically generated information
web-directory Show the files in a web directory
ppsk-self-reg Show the files in the private PSK self-registration web directory
<string> Enter the web directory name
show web-server-key
show Show settings, parameters, or dynamically generated information
web-server-key Show web server key files information
show wlan-idp mitigate [ <mac_addr> ]
show Show settings, parameters, or dynamically generated information
wlan-idp Show WLAN IDP (intrusion detection and prevention) parameters
mitigate Show one or a list of rogue APs against which mitigation was performed, the SmartPath APs that reported them, and those that attacked them
<mac_addr> Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
show wlan-idp profile [ <string> ]
show Show settings, parameters, or dynamically generated information
wlan-idp Show WLAN IDP (intrusion detection and prevention) parameters
profile Show IDP profile parameters
<string> Enter an IDP profile name (1-32 chars)
snmp contact <string>
snmp Set SNMP (Simple Network Management Protocol) parameters
contact Set SNMP contact information
<string> Enter SNMP contact information (1-32 characters)
snmp location <string>
snmp Set SNMP (Simple Network Management Protocol) parameters
location Set the SmartPath AP location for SNMP
<string> Enter the SNMP location string (1-255 chars; Default: change-me)
snmp reader version v3 admin <string> [ auth {md5|sha} password <string> ] [ encryption {aes|des} password <string> ]
snmp Set SNMP (Simple Network Management Protocol) parameters
reader Set the SNMP community mode as read-only (Note: This setting allows the NMS, or network management station, to read MIB data on the SmartPath AP but not receive traps from it.)
version Set the SNMP community version
v3 Set the SNMP community version as SNMP v3
admin Set the admin with read-only privileges for viewing MIB data
<string> Enter the admin name (1-32 chars)
auth Set the algorithm for authenticating communications between the SNMP agent on the SmartPath AP and the NMS
md5 Set the authentication algorithm as MD5 (Message Digest Algorithm 5)
sha Set the authentication algorithm as SHA-1 (Secure Hash Algorithm 1)
password Set the password used during the authentication process
<string> Enter the authentication password (8-64 chars)
encryption Set the algorithm for encrypting communications between the SNMP agent on the SmartPath AP and the NMS
aes Set the encryption algorithm as AES (Advanced Encryption Standard)
des Set the encryption algorithm as DES (Data Encryption Standard)
password Set the password used during the encryption process
<string> Enter the password (8-64 chars)
snmp reader version {v1|v2c|any} community <string> [ <string> ]
snmp Set SNMP (Simple Network Management Protocol) parameters
reader Set the SNMP community mode as read-only (Note: This setting allows the NMS, or network management station, to read MIB data on the SmartPath AP but not receive traps from it.)
version Set the SNMP community version
v1 Set the community version as SNMP v1
v2c Set the community version as SNMP v2c
any Set the community version to support both SNMP v1 and v2c
community Set SNMP community parameters
<string> Set the SNMP community string for authenticating communications between the SNMP agent on the SmartPath AP and the NMS (Note: This string acts like a password or a shared secret.)
<string> Enter the domain name (1-32 characters) or the IP address and netmask for the NMS
snmp trap-host {v1|v2c} <ip_addr|string> [ port <number> ] [ {via-vpn-tunnel} ] [ community <string> ]
snmp Set SNMP (Simple Network Management Protocol) parameters
trap-host Set parameters for the SNMP trap host (Note: This is an NMS, or network management station, that can receive SNMP traps from the SmartPath AP.)
v1 Set the trap format for SNMP v1
v2c Set the trap format for SNMP v2c
<ip_addr> Enter the domain name (1-32 characters) or the IP address for the NMS
<string> Enter the domain name (1-32 characters) or the IP address for the NMS
port Set the port number on which the NMS listens for traps that the SmartPath AP sends it
<number> Enter the port number (Default: 162, Range: 1-65535)
via-vpn-tunnel Send all SNMP traps through a VPN tunnel (Note: Set this option on VPN clients when the NMS is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
community Set the community string for authenticating communications between the SmartPath AP and NMS (Note: This string acts like a password or a shared secret.)
<string> Enter the community string (1-32 characters; Default: clustercommunity)
snmp trap-host {v3} <ip_addr|string> [ port <number> ] [ {via-vpn-tunnel} ] admin <string>
snmp Set SNMP (Simple Network Management Protocol) parameters
trap-host Set parameters for the SNMP trap host (Note: This is an NMS, or network management station, that can receive SNMP traps from the SmartPath AP.)
v3 Set the trap format for SNMP v3
<ip_addr> Enter the domain name (1-32 characters) or the IP address for the NMS
<string> Enter the domain name (1-32 characters) or the IP address for the NMS
port Set the port number on which the NMS listens for traps that the SmartPath AP sends it
<number> Enter the port number (Default: 162, Range: 1-65535)
via-vpn-tunnel Send all SNMP traps through a VPN tunnel (Note: Set this option on VPN clients when the NMS is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
admin Set the name of the SNMP admin that can receive traps from SmartPath AP
<string> Enter the admin name (1-32 chars)
snmp trap-host {v3} admin <string> auth {md5|sha} password <string> [ encryption {aes|des} password <string> ]
snmp Set SNMP (Simple Network Management Protocol) parameters
trap-host Set parameters for the SNMP trap host (Note: This is an NMS, or network management station, that can receive SNMP traps from the SmartPath AP.)
v3 Set the trap format for SNMP v3
admin Set the admin with privileges for receiving traps
<string> Enter the admin name (1-32 chars)
auth Set the algorithm for authenticating communications between the SNMP agent on the SmartPath AP and the NMS
md5 Set the authentication algorithm as md5 (Message Digest Algorithm 5)
sha Set the authentication algorithm as SHA-1 (Secure Hash Algorithm 1)
password Set the password used during the authentication process
<string> Enter the authentication password (8-64 chars)
encryption Set the algorithm for encrypting communications between the SNMP agent on the SmartPath AP and the NMS
aes Set the encryption algorithm as AES (Advanced Encryption Standard)
des Set the encryption algorithm as DES (Data Encryption Standard)
password Set the password used during the encryption process
<string> Enter the password (8-64 chars)
snmp trap-info {over-snmp|over-capwap}
snmp Set SNMP (Simple Network Management Protocol) parameters
trap-info Set parameters for the delivery of SNMP trap information
over-snmp Send trap inion over SNMP (Default: Disabled)
over-capwap Send trap information over CAPWAP (Default: Enabled)
ssh-tunnel server <string> tunnel-port <number> user <string> password <string> [ timeout <number> ]
ssh-tunnel Set SSH (Secure Shell) tunnel parameters so that Black Box Technical Support can access the SmartPath AP remotely
server Set the domain name or IP address of the Black Box SSH server and, optionally, its port number
<string> Enter the domain name (1-64 characters) or IP address and, optionally, the port number (Default port: 22; Range: 1025-65535; Format: name:port or ip:port)
tunnel-port Set the port number that the SSH server uses to identify the tunnel
<number> Enter the port for identifying the SSH tunnel (Range: 1025-65535)
user Set the user name for logging in to the SSH server
<string> Enter the user name (1-32 characters)
password Set password for logging in to the SSH server
<string> Enter the password (1-32 characters)
timeout Set the length of time during which the tunnel between the SmartPath AP and the Black Box SSH server will be up
<number> Enter the tunnel timeout value in minutes (Range: 0-6000, Default: 0 (disable))
ssid <string>
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
ssid <string> 11a-rate-set [ {6|6-basic} ] [ {9|9-basic} ] [ {12|12-basic} ] [ {18|18-basic} ] [ {24|24-basic} ] [ {36|36-basic} ] [ {48|48-basic} ] [ {54|54-basic} ]
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
11a-rate-set Set the basic (mandatory) and optional 11a data rates for the radio (Default rates in Mbps: basic=6, 12, 24, opt=9, 18, 36, 48, 54)
6 Set 6 Mbps as a basic (mandatory) or optional data rate
6-basic Set 6 Mbps as a basic (mandatory) or optional data rate
9 Set 9 Mbps as a basic (mandatory) or optional data rate
9-basic Set 9 Mbps as a basic (mandatory) or optional data rate
12 Set 12 Mbps as a basic (mandatory) or optional data rate
12-basic Set 12 Mbps as a basic (mandatory) or optional data rate
18 Set 18 Mbps as a basic (mandatory) or optional data rate
18-basic Set 18 Mbps as a basic (mandatory) or optional data rate
24 Set 24 Mbps as a basic (mandatory) or optional data rate
24-basic Set 24 Mbps as a basic (mandatory) or optional data rate
36 Set 36 Mbps as a basic (mandatory) or optional data rate
36-basic Set 36 Mbps as a basic (mandatory) or optional data rate
48 Set 48 Mbps as a basic (mandatory) or optional data rate
48-basic Set 48 Mbps as a basic (mandatory) or optional data rate
54 Set 54 Mbps as a basic (mandatory) or optional data rate
54-basic Set 54 Mbps as a basic (mandatory) or optional data rate
ssid <string> 11g-rate-set [ {1|1-basic} ] [ {2|2-basic} ] [ {5.5|5.5-basic} ] [ {11|11-basic} ] [ {6|6-basic} ] [ {9|9-basic} ] [ {12|12-basic} ] [ {18|18-basic} ] [ {24|24-basic} ] [ {36|36-basic} ] [ {48|48-basic} ] [ {54|54-basic} ]
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
11g-rate-set Set the basic (mandatory) and optional 11g data rates for the radio (Default rates in Mbps: basic=1, 2, 5.5, 11, opt=6, 9, 12, 18, 24, 36, 48, 54)
1 Set 1 Mbps as a basic (mandatory) or optional data rate
1-basic Set 1 Mbps as a basic (mandatory) or optional data rate
2 Set 2 Mbps as a basic (mandatory) or optional data rate
2-basic Set 2 Mbps as a basic (mandatory) or optional data rate
5.5 Set 5.5 Mbps as a basic (mandatory) or optional data rate
5.5-basic Set 5.5 Mbps as a basic (mandatory) or optional data rate
11 Set 11 Mbps as a basic (mandatory) or optional data rate
11-basic Set 11 Mbps as a basic (mandatory) or optional data rate
6 Set 6 Mbps as a basic (mandatory) or optional data rate
6-basic Set 6 Mbps as a basic (mandatory) or optional data rate
9 Set 9 Mbps as a basic (mandatory) or optional data rate
9-basic Set 9 Mbps as a basic (mandatory) or optional data rate
12 Set 12 Mbps as a basic (mandatory) or optional data rate
12-basic Set 12 Mbps as a basic (mandatory) or optional data rate
18 Set 18 Mbps as a basic (mandatory) or optional data rate
18-basic Set 18 Mbps as a basic (mandatory) or optional data rate
24 Set 24 Mbps as a basic (mandatory) or optional data rate
24-basic Set 24 Mbps as a basic (mandatory) or optional data rate
36 Set 36 Mbps as a basic (mandatory) or optional data rate
36-basic Set 36 Mbps as a basic (mandatory) or optional data rate
48 Set 48 Mbps as a basic (mandatory) or optional data rate
48-basic Set 48 Mbps as a basic (mandatory) or optional data rate
54 Set 54 Mbps as a basic (mandatory) or optional data rate
54-basic Set 54 Mbps as a basic (mandatory) or optional data rate
ssid <string> 11n-mcs-expand-rate-set [ <string> ]
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
11n-mcs-expand-rate-set Set the 802.11n MCS rate indexes for which the SSID advertizes its support(By default, all MCS rates for three spatial streams on the SmartPath AP 330 and 350 are supported: 0-23. On the SmartPath AP 110, 120, 320, and 340, which support a maximum of two spatial streams, use the 11n-mcs-rate-set option instead.)
<string> Enter specific MCS rates (Range: 1-64 chars; Format: Use commas as separators. Example: 2,5,17,20)
ssid <string> client-age-out <number>
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
client-age-out Set the length of time to age out inactive clients and automatically disassociate them
<number> Enter the client age-out time in minutes (Default: 5; Range: 1-30)
ssid <string> dtim-period <number>
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
dtim-period Set the DTIM (delivery traffic indication message) period
<number> Set the number of beacons between DTIM frames (Default: 1; Range: 1-255)
ssid <string> frag-threshold <number>
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
frag-threshold Set the fragment threshold for the SSID
<number> Enter the fragment threshold in bytes for the SSID (Default: 2346; Range: 256-2346)
ssid <string> hide-ssid
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
hide-ssid Hide the SSID in beacons and ignore broadcast probe requests
ssid <string> ignore-broadcast-probe
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
ignore-broadcast-probe Ignore broadcasted probe requests
ssid <string> inter-station-traffic
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
inter-station-traffic Set the SmartPath AP to permit traffic between stations connected to one or more of its access interfaces (Default: Enabled)
ssid <string> manage all
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
manage Set management service parameters
all all_service::Enable all manageability options (ping, SNMP, SSH, and Telnet) for mgt0 through subinterfaces bound to the SSID (Defaults: ping enabled, SNMP disabled, SSH enabled, Telnet disabled)
ssid <string> manage {Telnet|SSH|SNMP|ping}
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
manage Set management service parameters
Telnet Enable Telnet manageability of mgt0 through subinterfaces bound to the SSID (Default: Disabled)
SSH Enable SSH manageability of mgt0 through subinterfaces bound to the SSID (Default: Enabled)
SNMP Enable SNMP manageability of mgt0 through subinterfaces bound to the SSID (Default: Disabled)
ping Enable mgt0 to respond to pings through subinterfaces bound to the SSID (Default: Enabled)
ssid <string> max-client <number>
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
max-client Set the maximum number of clients that can associate with the SSID
<number> Enter the maximum number of clients that can associate (Default: 100; Range: 1-100; Note: A radio profile can support a maximum of 100 clients by default, and there can be a maximum of 16 SSIDs per radio.)
ssid <string> mode compliance
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
mode Set SSID mode parameter
compliance Set SSID mode compliance with 11n standard
ssid <string> mode legacy
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
mode Set SSID mode parameter
legacy Set this mode to disable the advertisement of 802.11n capabilities when there are legacy 802.11a/b/g clients that cannot support 802.11n IEs (information elements) in management frames
ssid <string> multicast conversion-to-unicast {auto|always|disable}
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
multicast Set parameters for sending IP datagrams to a group of interested receivers in a single transmission
conversion-to-unicast Set the method for converting multicast frames to unicast frames (Default: Disabled)
auto Convert from multicast to unicast automatically whenever the channel utilization or multicast group membership count is below their respective thresholds
always Always convert from multicast to unicast regardless of channel utilization and group membership numbers
disable Disable convert from multicast to unicast
ssid <string> multicast cu-threshold <number>
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
multicast Set parameters for sending IP datagrams to a group of interested receivers in a single transmission
cu-threshold Set the channel utilization threshold that determines when to convert multicast to unicast frames
<number> [1~100]Enter the channel utilization threshold as a percent (Default: 60; Range: 1-100; Note: Conversion from multicast to unicast frames occurs when the percent of channel utilization is below or equal to this value.)
ssid <string> multicast member-threshold <number>
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
multicast Set parameters for sending IP datagrams to a group of interested receivers in a single transmission
member-threshold Set the membership count threshold that determines when to convert multicast to unicast frames
<number> [1~30]Enter the multicast group membership threshold (Default: 10; Range: 1-30; Note: Converting multicast frames to unicast frames occurs when the number of group members is below or equal to this value.)
ssid <string> qos-classifier <string>
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
qos-classifier Assign a QoS classification profile (classifier) to the interface
<string> Enter the QoS classifier profile name (1-32 chars)
ssid <string> qos-marker <string>
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
qos-marker Assign a QoS marker profile to the interface
<string> Enter the QoS marker profile name (1-32 chars)
ssid <string> rts-threshold <number>
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
rts-threshold Set the RTS (request to send) threshold for the SSID
<number> Enter the packet size for the RTS (request to send) threshold for the SSID (Default: 2346 bytes; Range: 1-2346)
ssid <string> schedule <string>
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
schedule Set a schedule during which the SSID will be available for use
<string> Enter a schedule name (1-32 characters)
ssid <string> security mac-filter <string>
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
security Set the security parameters for the SSID
mac-filter Assign a filter for MAC addresses or OUIs (organizational unique identifiers)
<string> Enter the filter name for MAC addresses or OUIs (organizational unique identifiers)
ssid <string> security screening radius-attack
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
security Set the security parameters for the SSID
screening Set the security screen Parameters for the SSID
radius-attack Enable the screening method of RADIUS attack procection (Default: Disabled)
ssid <string> security screening radius-attack action ban-forever
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
security Set the security parameters for the SSID
screening Set the security screen Parameters for the SSID
radius-attack Enable the screening method of RADIUS attack procection (Default: Disabled)
action Set an action if an alarm is triggered (alarm - traffic can still pass; ban - the station is disconnected and banned for a certain time; ban-forever - the station is banned forever)
ban-forever Set an action to ban-forever if an alarm is triggered
ssid <string> security screening radius-attack action {alarm|ban} [ [ <number> ] ]
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
security Set the security parameters for the SSID
screening Set the security screen Parameters for the SSID
radius-attack Enable the screening method of RADIUS attack procection (Default: Disabled)
action Set an action if an alarm is triggered (alarm - traffic can still pass; ban - the station is disconnected and banned for a certain time; ban-forever - the station is banned forever)
alarm Set an action to alarm if an alarm is triggered
ban Set an action to ban if an alarm is triggered
<number> Enter the action time in seconds (Default: 10 for alarm, 3600 for ban; Range: 1-100000000)
ssid <string> security screening radius-attack threshold <number> [ action {alarm|ban} [ <number> ] ]
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
security Set the security parameters for the SSID
screening Set the security screen Parameters for the SSID
radius-attack Enable the screening method of RADIUS attack procection (Default: Disabled)
threshold Set the length of time during which 10 RADIUS rejections for the same source MAC address is considered unacceptable
<number> Enter the length of time in seconds (Default: 5; Range: 1-3600)
action Set an action if an alarm is triggered (alarm - traffic can still pass; ban - the station is disconnected and banned for a certain time; ban-forever - the station is banned forever)
alarm Set an action to alarm if an alarm is triggered
ban Set an action to ban if an alarm is triggered
<number> Enter the action time in seconds (Default: 10 seconds for alarm, 3600 second for ban; Range: 1-100000000)
ssid <string> security screening radius-attack threshold <number> action ban-forever
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
security Set the security parameters for the SSID
screening Set the security screen Parameters for the SSID
radius-attack Enable the screening method of RADIUS attack procection (Default: Disabled)
threshold Set the length of time during which 10 RADIUS rejections for the same source MAC address is considered unacceptable
<number> Enter the length of time in seconds (Default: 5; Range: 1-3600)
action Set an action if an alarm is triggered (alarm - traffic can still pass; ban - the station is disconnected and banned for a certain time; ban-forever - the station is banned forever)
ban-forever Set an action to ban-forever if an alarm is triggered
ssid <string> security screening tcp-syn-check
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
security Set the security parameters for the SSID
screening Set the security screen Parameters for the SSID
tcp-syn-check Enable checking that the SYN flag is set in TCP segments before creating new IP sessions (Default: Disabled, Note: When enabled, the IP session idle timeout is 10 seconds until the TCP three-way handshake is complete.)
ssid <string> security screening {icmp-flood|udp-flood|syn-flood|arp-flood|address-sweep|port-scan|ip-spoof} [ threshold <number> ]
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
security Set the security parameters for the SSID
screening Set the security screen Parameters for the SSID
icmp-flood Enable the screening method of icmp-flood (Default: Disabled)
udp-flood Enable the screening method of udp-flood (Default: Disabled)
syn-flood Enable the screening method of syn-flood (Default: Disabled)
arp-flood Enable the screening method of arp-flood (Default: Disabled)
address-sweep Enable the screening method of address-sweep (Default: Disabled)
port-scan Enable the screening method of port-scan (Default: Disabled)
ip-spoof Enable the screening method of ip-spoof (Default: Disabled)
threshold Set threshold: packets per second for syn-flood and arp-flood, air time for icmp-flood and udp-flood, milliseconds every 10 packets for address-sweep and port-scan, IP addresses for ip-spoof
<number> Enter the threshold value (Defaults and Ranges: ICMP flood: 20%, 1-100%; UDP flood 50%, 1-100%; SYN flood: 1000 pkts/sec, 1-1000000 pkts/sec; ARP flood 100 pkts/sec, 1-1000000 pkts/sec; address sweep and port scan: 100 ms/10 pkts, 1-10000 ms; IP spoof: 3 src IPs/src MAC, 2-10 IPs; RADIUS attack: 5 secs/10 rejects, 1-3600 secs)
ssid <string> security screening {icmp-flood|udp-flood|syn-flood|arp-flood|address-sweep|port-scan|ip-spoof} action ban-forever
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
security Set the security parameters for the SSID
screening Set the security screen Parameters for the SSID
icmp-flood Enable the screening method of icmp-flood (Default: Disabled)
udp-flood Enable the screening method of udp-flood (Default: Disabled)
syn-flood Enable the screening method of syn-flood (Default: Disabled)
arp-flood Enable the screening method of arp-flood (Default: Disabled)
address-sweep Enable the screening method of address-sweep (Default: Disabled)
port-scan Enable the screening method of port-scan (Default: Disabled)
ip-spoof Enable the screening method of ip-spoof (Default: Disabled)
action Set an action if an alarm is triggered (alarm - traffic can still pass; drop - the traffic is paused for a certain time; disconnect - the station is disconnected; ban - the station is disconnected and banned for a certain time; ban-forever - the station is banned forever)
ban-forever Set the action to ban-forever (Default: alarm)
ssid <string> security screening {icmp-flood|udp-flood|syn-flood|arp-flood|address-sweep|port-scan|ip-spoof} action disconnect
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
security Set the security parameters for the SSID
screening Set the security screen Parameters for the SSID
icmp-flood Enable the screening method of icmp-flood (Default: Disabled)
udp-flood Enable the screening method of udp-flood (Default: Disabled)
syn-flood Enable the screening method of syn-flood (Default: Disabled)
arp-flood Enable the screening method of arp-flood (Default: Disabled)
address-sweep Enable the screening method of address-sweep (Default: Disabled)
port-scan Enable the screening method of port-scan (Default: Disabled)
ip-spoof Enable the screening method of ip-spoof (Default: Disabled)
action Set an action if an alarm is triggered (alarm - traffic can still pass; drop - the traffic is paused for a certain time; disconnect - the station is disconnected; ban - the station is disconnected and banned for a certain time; ban-forever - the station is banned forever)
disconnect Set the action to disconnect (Default: alarm)
ssid <string> security screening {icmp-flood|udp-flood|syn-flood|arp-flood|address-sweep|port-scan|ip-spoof} action {alarm|drop|ban} <number>
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
security Set the security parameters for the SSID
screening Set the security screen Parameters for the SSID
icmp-flood Enable the screening method of icmp-flood (Default: Disabled)
udp-flood Enable the screening method of udp-flood (Default: Disabled)
syn-flood Enable the screening method of syn-flood (Default: Disabled)
arp-flood Enable the screening method of arp-flood (Default: Disabled)
address-sweep Enable the screening method of address-sweep (Default: Disabled)
port-scan Enable the screening method of port-scan (Default: Disabled)
ip-spoof Enable the screening method of ip-spoof (Default: Disabled)
action Set an action if an alarm is triggered (alarm - traffic can still pass; drop - the traffic is paused for a certain time; disconnect - the station is disconnected; ban - the station is disconnected and banned for a certain time; ban-forever - the station is banned forever)
alarm Set the action to alarm (Default: alarm)
drop Set the action to drop (Default: alarm)
ban Set the action to ban (Default: alarm)
<number> Enter the action time in seconds (Range: 1-1000000000; Default: 10 for alarm, 1 for drop, 3600 for ban)
ssid <string> security screening {icmp-flood|udp-flood|syn-flood|arp-flood|address-sweep|port-scan|ip-spoof} threshold <number> action ban-forever
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
security Set the security parameters for the SSID
screening Set the security screen Parameters for the SSID
icmp-flood Enable the screening method of icmp-flood (Default: Disabled)
udp-flood Enable the screening method of udp-flood (Default: Disabled)
syn-flood Enable the screening method of syn-flood (Default: Disabled)
arp-flood Enable the screening method of arp-flood (Default: Disabled)
address-sweep Enable the screening method of address-sweep (Default: Disabled)
port-scan Enable the screening method of port-scan (Default: Disabled)
ip-spoof Enable the screening method of ip-spoof (Default: Disabled)
threshold Set threshold: packets per second for syn-flood and arp-flood, air time for icmp-flood and udp-flood, milliseconds every 10 packets for address-sweep and port-scan, IP addresses for ip-spoof
<number> Enter the threshold value (Defaults and Ranges: ICMP flood: 20%, 1-100%; UDP flood 50%, 1-100%; SYN flood: 1000 pkts/sec, 1-1000000 pkts/sec; ARP flood 100 pkts/sec, 1-1000000 pkts/sec; address sweep and port scan: 100 ms/10 pkts, 1-10000 ms; IP spoof: 3 src IPs/src MAC, 2-10 IPs; RADIUS attack: 5 secs/10 rejects, 1-3600 secs)
action Set an action if an alarm is triggered (alarm - traffic can still pass; drop - the traffic is paused for a certain time; disconnect - the station is disconnected; ban - the station is disconnected and banned for a certain time; ban-forever - the station is banned forever)
ban-forever Set the action to ban-forever (Default: alarm)
ssid <string> security screening {icmp-flood|udp-flood|syn-flood|arp-flood|address-sweep|port-scan|ip-spoof} threshold <number> action disconnect
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
security Set the security parameters for the SSID
screening Set the security screen Parameters for the SSID
icmp-flood Enable the screening method of icmp-flood (Default: Disabled)
udp-flood Enable the screening method of udp-flood (Default: Disabled)
syn-flood Enable the screening method of syn-flood (Default: Disabled)
arp-flood Enable the screening method of arp-flood (Default: Disabled)
address-sweep Enable the screening method of address-sweep (Default: Disabled)
port-scan Enable the screening method of port-scan (Default: Disabled)
ip-spoof Enable the screening method of ip-spoof (Default: Disabled)
threshold Set threshold: packets per second for syn-flood and arp-flood, air time for icmp-flood and udp-flood, milliseconds every 10 packets for address-sweep and port-scan, IP addresses for ip-spoof
<number> Enter the threshold value (Defaults and Ranges: ICMP flood: 20%, 1-100%; UDP flood 50%, 1-100%; SYN flood: 1000 pkts/sec, 1-1000000 pkts/sec; ARP flood 100 pkts/sec, 1-1000000 pkts/sec; address sweep and port scan: 100 ms/10 pkts, 1-10000 ms; IP spoof: 3 src IPs/src MAC, 2-10 IPs; RADIUS attack: 5 secs/10 rejects, 1-3600 secs)
action Set an action if an alarm is triggered (alarm - traffic can still pass; drop - the traffic is paused for a certain time; disconnect - the station is disconnected; ban - the station is disconnected and banned for a certain time; ban-forever - the station is banned forever)
disconnect Set the action to disconnect (Default: alarm)
ssid <string> security screening {icmp-flood|udp-flood|syn-flood|arp-flood|address-sweep|port-scan|ip-spoof} threshold <number> action {alarm|drop|ban} <number>
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
security Set the security parameters for the SSID
screening Set the security screen Parameters for the SSID
icmp-flood Enable the screening method of icmp-flood (Default: Disabled)
udp-flood Enable the screening method of udp-flood (Default: Disabled)
syn-flood Enable the screening method of syn-flood (Default: Disabled)
arp-flood Enable the screening method of arp-flood (Default: Disabled)
address-sweep Enable the screening method of address-sweep (Default: Disabled)
port-scan Enable the screening method of port-scan (Default: Disabled)
ip-spoof Enable the screening method of ip-spoof (Default: Disabled)
threshold Set threshold: packets per second for syn-flood and arp-flood, air time for icmp-flood and udp-flood, milliseconds every 10 packets for address-sweep and port-scan, IP addresses for ip-spoof
<number> Enter the threshold value (Defaults and Ranges: ICMP flood: 20%, 1-100%; UDP flood 50%, 1-100%; SYN flood: 1000 pkts/sec, 1-1000000 pkts/sec; ARP flood 100 pkts/sec, 1-1000000 pkts/sec; address sweep and port scan: 100 ms/10 pkts, 1-10000 ms; IP spoof: 3 src IPs/src MAC, 2-10 IPs; RADIUS attack: 5 secs/10 rejects, 1-3600 secs)
action Set an action if an alarm is triggered (alarm - traffic can still pass; drop - the traffic is paused for a certain time; disconnect - the station is disconnected; ban - the station is disconnected and banned for a certain time; ban-forever - the station is banned forever)
alarm Set the action to alarm (Default: alarm)
drop Set the action to drop (Default: alarm)
ban Set the action to ban (Default: alarm)
<number> Enter the action time in seconds (Range: 1-1000000000; Default: 10 for alarm, 1 for drop, 3600 for ban)
ssid <string> security wlan dos station-level frame-type {assoc-req|auth|eapol} ban <number>
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
security Set the security parameters for the SSID
wlan Set WLAN parameters
dos Set WLAN DoS (Denial of Service) parameters
station-level Set DoS parameters at station-level
frame-type Set WLAN DoS (Denial of Service) frame type
assoc-req Specify WLAN DoS frame type assoc-req
auth Specify WLAN DoS frame type auth
eapol Specify WLAN DoS frame type eapol
ban Set the period of time to ignore frames after a theshold has been crossed
<number> Enter the period of time in seconds to ignore frames after a theshold has been crossed (Default: 60; Min: 0 Max: None)
ssid <string> security wlan dos station-level frame-type {assoc-req|auth|eapol} ban forever
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
security Set the security parameters for the SSID
wlan Set WLAN parameters
dos Set WLAN DoS (Denial of Service) parameters
station-level Set DoS parameters at station-level
frame-type Set WLAN DoS (Denial of Service) frame type
assoc-req Specify WLAN DoS frame type assoc-req
auth Specify WLAN DoS frame type auth
eapol Specify WLAN DoS frame type eapol
ban Set the period of time to ignore frames after a theshold has been crossed
forever Set ban forever
ssid <string> security wlan dos {ssid-level|station-level} frame-type {probe-req|probe-resp|assoc-req|assoc-resp|disassoc|auth|deauth|eapol|all}
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
security Set the security parameters for the SSID
wlan Set WLAN parameters
dos Set WLAN DoS (Denial of Service) parameters
ssid-level Set DoS parameters at ssid-level
station-level Set DoS parameters at station-level
frame-type Set WLAN DoS (Denial of Service) frame type
probe-req Specify WLAN DoS frame type probe-req
probe-resp Specify WLAN DoS frame type probe-resp
assoc-req Specify WLAN DoS frame type assoc-req
assoc-resp Specify WLAN DoS frame type assoc-resp
disassoc Specify WLAN DoS frame type disassoc
auth Specify WLAN DoS frame type auth
deauth Specify WLAN DoS frame type deauth
eapol Specify WLAN DoS frame type eapol
all Specify WLAN DoS frame type all
ssid <string> security wlan dos {ssid-level|station-level} frame-type {probe-req|probe-resp|assoc-req|assoc-resp|disassoc|auth|deauth|eapol|all} alarm <number>
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
security Set the security parameters for the SSID
wlan Set WLAN parameters
dos Set WLAN DoS (Denial of Service) parameters
ssid-level Set DoS parameters at ssid-level
station-level Set DoS parameters at station-level
frame-type Set WLAN DoS (Denial of Service) frame type
probe-req Specify WLAN DoS frame type probe-req
probe-resp Specify WLAN DoS frame type probe-resp
assoc-req Specify WLAN DoS frame type assoc-req
assoc-resp Specify WLAN DoS frame type assoc-resp
disassoc Specify WLAN DoS frame type disassoc
auth Specify WLAN DoS frame type auth
deauth Specify WLAN DoS frame type deauth
eapol Specify WLAN DoS frame type eapol
all Specify WLAN DoS frame type all
alarm Set the interval in seconds between alarms to indicate continuous DoS conditions
<number> Enter the interval in seconds between alarms to indicate continuous DoS conditions (Default: 60 secs; Min: 0 Max: None)
ssid <string> security wlan dos {ssid-level|station-level} frame-type {probe-req|probe-resp|assoc-req|assoc-resp|disassoc|auth|deauth|eapol|all} threshold <number>
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
security Set the security parameters for the SSID
wlan Set WLAN parameters
dos Set WLAN DoS (Denial of Service) parameters
ssid-level Set DoS parameters at ssid-level
station-level Set DoS parameters at station-level
frame-type Set WLAN DoS (Denial of Service) frame type
probe-req Specify WLAN DoS frame type probe-req
probe-resp Specify WLAN DoS frame type probe-resp
assoc-req Specify WLAN DoS frame type assoc-req
assoc-resp Specify WLAN DoS frame type assoc-resp
disassoc Specify WLAN DoS frame type disassoc
auth Specify WLAN DoS frame type auth
deauth Specify WLAN DoS frame type deauth
eapol Specify WLAN DoS frame type eapol
all Specify WLAN DoS frame type all
threshold Set the frame threshold in ppm (packets per minute) that must be crossed to trigger an alarm
<number> Enter threshold in ppm (Default: ssid-level probe-req 12000, probe-resp 24000, eapol 6000, auth 6000, assoc-req 6000, assoc-resp 2400, all others 1200; sta-level probe-req 1200 ppm, probe-resp 2400, eapol 600, auth 600, assoc-req 600, assoc-resp 240, all others 120; Min: 0 Max: None)
ssid <string> security-object <string>
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
security-object Assign a security object to control network access through this SSID
<string> Enter the security object name (1-32 chars)
ssid <string> uapsd
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
uapsd Enable UAPSD (Unscheduled Automatic Power Save Delivery) to support stations using WMM (Wi-Fi Multimedia) Power Save
ssid <string> user-group <string>
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
user-group Set the user-group for private-PSK on the SSID
<string> Enter the group name (1-32 chars)
ssid <string> wmm
ssid Set SSID (Service Set Identifier) parameters
<string> Enter an SSID profile name (1-32 chars)
wmm Enable the SSID to support WMM (Wi-Fi Multimedia) traffic prioritization
system disable-multicast-ping
system Set system parameters
disable-multicast-ping Disable responses to multicast pings (Default: Enabled)
system environment {outdoor}
system Set system parameters
environment Set the environment in which the system will operate
outdoor Set the system for outdoor operations
system icmp-redirect enable
system Set system parameters
icmp-redirect Accept ICMP redirect messages
enable Enable the accepting of ICMP redirect messages (Default: Disable)
system led brightness {soft|dim|off}
system Set system parameters
led Set status LED configuration parameters
brightness Set the brightness level for the status LEDs (Default: bright)
soft Set brightness level to soft
dim Set brightness level to dim
off Set brightness level to off
system web-server enable
system Set system parameters
web-server Set the web server parameters
enable Enable the web server (Default: Enabled)
teacher-view resource-map name <string> ip <ip_addr> port <port>
teacher-view Set parameters for Teacher View, a tool for controlling student access to the network and monitoring their activity
resource-map Map the name of a network resource to an IP address and port number
name Set the resource name
<string> Enter the resource name (max 32 chars)
ip Set the IP address where the resource is located
<ip_addr> Enter the IP address
port Set the port number associated with the resource
<port> [1~65535]Enter the port number (Range: 1-65535)
tracert <ip_addr> [ max-hops <number> ] [ timeout <number> ] [ no-resolve ]
tracert Perform a traceroute
<ip_addr> Enter a destination IP address
max-hops Set the maximum number of hops to cross when searching for a target
<number> Enter the maximum number of hops to cross when searching for a target (Default: 30, Range: 1-255)
timeout Set the timeout for a response to a probe
<number> Enter the timeout in seconds for a response to a probe (Range: 2-65535)
no-resolve Do not resolve addresses to domain names
tracert <string> [ max-hops <number> ] [ timeout <number> ] [ no-resolve ]
tracert Perform a traceroute
<string> Enter a destination hostname (1-32 characters)
max-hops Set the maximum number of hops to cross when searching for a target
<number> Enter the maximum number of hops to cross when searching for a target (Default: 30, Range: 1-255)
timeout Set the timeout for a response to a probe
<number> Enter the timeout in seconds for a response to a probe (Range: 2-65535)
no-resolve Do not resolve addresses to domain names
track <string> [ ip <ip_addr> ]
track Set parameters to track the reachability of one or more devices on the network
<string> Enter the name for a group of one or more targets to track (1-32 chars)
ip Set an IP address for tracking
<ip_addr> Enter an IP address for tracking
track <string> action start-mesh-failover
track Set parameters to track the reachability of one or more devices on the network
<string> Enter the name for a group of one or more targets to track (1-32 chars)
action Set the action to take when there are no longer responses from any tracked targets in a group
start-mesh-failover Start the mesh failover procedure
track <string> action {enable-access-console|disable-access-radio}
track Set parameters to track the reachability of one or more devices on the network
<string> Enter the name for a group of one or more targets to track (1-32 chars)
action Set the action to take when there are no longer responses from any tracked targets in a group
enable-access-console Enable the virtual access console
disable-access-radio Disable all radios in access mode
track <string> default-gateway
track Set parameters to track the reachability of one or more devices on the network
<string> Enter the name for a group of one or more targets to track (1-32 chars)
default-gateway Set the default gateway for tracking
track <string> enable
track Set parameters to track the reachability of one or more devices on the network
<string> Enter the name for a group of one or more targets to track (1-32 chars)
enable Enable the group name for tracking (Default: Enable)
track <string> interval <number>
track Set parameters to track the reachability of one or more devices on the network
<string> Enter the name for a group of one or more targets to track (1-32 chars)
interval Set the interval for sending probes to track the IP address of a target
<number> Enter the tracking interval (Default: 6 seconds; Range: 1-180; Note: The tracking interval must not be shorter than the probe timeout.)
track <string> multi-dst-logic {and|or}
track Set parameters to track the reachability of one or more devices on the network
<string> Enter the name for a group of one or more targets to track (1-32 chars)
multi-dst-logic Determine if one or all tracked targets within a group must become unresponsive before taking action
and Take action if none of the members in the group is responding (Default:or)
or Take action if any single member in the group is not responding (Default:or)
track <string> retry <number>
track Set parameters to track the reachability of one or more devices on the network
<string> Enter the name for a group of one or more targets to track (1-32 chars)
retry Set the number of times to retry probing an unresponsive target
<number> Enter the retry value (Default: 2 times; Range: 0-1024)
track <string> timeout <number>
track Set parameters to track the reachability of one or more devices on the network
<string> Enter the name for a group of one or more targets to track (1-32 chars)
timeout Set the length of time to wait for a response to a probe
<number> Enter the timeout value (Default: 2 seconds; Range: 1-180; Note: The timeout value must not be more than the interval value.)
user <string>
user Add one user or change user parameters
<string> Enter the user name (1-32 chars)
user <string> group <string>
user Add one user or change user parameters
<string> Enter the user name (1-32 chars)
group Attach the user to a user-group
<string> Enter the group name (1-32 chars)
user <string> password <string>
user Add one user or change user parameters
<string> Enter the user name (1-32 chars)
password Set the password for user
<string> Enter the secret string (8-63 chars)
user-group <string>
user-group Set user group parameters
<string> Enter the user group name (1-32 chars)
user-group <string> auto-generation bulk-number <number> bulk-interval <number> <time>
user-group Set user group parameters
<string> Enter the user group name (1-32 chars)
auto-generation Generate the password automatically
bulk-number Set the user number of the bulk group
<number> Enter the user number of the bulk group (Default: 1 ; Range: 1-9999)
bulk-interval Set the interval of the bulk group
<number> Enter the day interval of the bulk group (Default: 0 day; Range: 0-365)
<time> Enter the hour and minute interval of the bulk group(Format: hh:mm; Hour Range: 00-23; Minute Range: 0-59)
user-group <string> auto-generation index-range <number> [ <number> ]
user-group Set user group parameters
<string> Enter the user group name (1-32 chars)
auto-generation Generate the password automatically
index-range Set the index range for the users for whom you want to generate network access credentials (user name, password, and PSK)
<number> Enter the start of the index range (Range: 1-9999)
<number> Enter the end of the index range (Range: starting index number-9999)
user-group <string> auto-generation location <string>
user-group Set user group parameters
<string> Enter the user group name (1-32 chars)
auto-generation Generate the password automatically
location Set the user's physical location, which is combined with other factors (user name, shared secret, ...) when generating the password automatically
<string> Enter the location (1-32 characters)
user-group <string> auto-generation password-length <number>
user-group Set user group parameters
<string> Enter the user group name (1-32 chars)
auto-generation Generate the password automatically
password-length Set the length of the automatically generated password
<number> Enter the password length (Range: 8-63; Default: 8)
user-group <string> auto-generation prefix <string>
user-group Set user group parameters
<string> Enter the user group name (1-32 chars)
auto-generation Generate the password automatically
prefix Set the prefix username for automatically generate password
<string> Enter the prefix (1-28 characters)
user-group <string> auto-generation revoke-user <number> [ <number> ]
user-group Set user group parameters
<string> Enter the user group name (1-32 chars)
auto-generation Generate the password automatically
revoke-user Set the index range for the revoked users
<number> Enter the start of the index range (Range: 1-1024)
<number> Enter the end of the index range (Range: starting index number-1024)
user-group <string> auto-generation schedule <string>
user-group Set user group parameters
<string> Enter the user group name (1-32 chars)
auto-generation Generate the password automatically
schedule Bind a schedule to change password automatically by it
<string> Enter the name of the schedule (1-32 chars)
user-group <string> auto-generation shared-secret <string>
user-group Set user group parameters
<string> Enter the user group name (1-32 chars)
auto-generation Generate the password automatically
shared-secret Set the shared secret that is combined with other factors (user name, location, ...) when generating the password automatically
<string> Enter the shared secret (1-64 characters)
user-group <string> cache-mode {temporary|mandatory}
user-group Set user group parameters
<string> Enter the user group name (1-32 chars)
cache-mode Set user-group cache mode
temporary Set user-group cache mode to temporary
mandatory Set user-group cache mode to mandatory
user-group <string> expired-time <date/time>
user-group Set user group parameters
<string> Enter the user group name (1-32 chars)
expired-time Set the end of the time period during which the PSK is valid
<date/time> Enter the date and time when the PSK expires (Format: YYYY-MM-DD/hh:mm:ss; Range: 1970-01-01 to 2035-12-31/hh (00-23), mm (00-59), ss (00-59))
user-group <string> password-generation-method {manual|auto}
user-group Set user group parameters
<string> Enter the user group name (1-32 chars)
password-generation-method Set password generation method for the user group
manual Set password generation method to manual
auto Set password generation method to auto
user-group <string> pmk-auto-save
user-group Set user group parameters
<string> Enter the user group name (1-32 chars)
pmk-auto-save Enable automatically save PMK to flash
user-group <string> psk-format character-pattern {letters|digits|special-characters}
user-group Set user group parameters
<string> Enter the user group name (1-32 chars)
psk-format Set the format parameters for creating individual user PSKs (preshared keys)
character-pattern Set the types of characters that can be used in automatically generated and manually configured PSKs and how the character types can be combined
letters Use letters in PSKs
digits Use digits in PSKs
special-characters Use special characters in PSKs
user-group <string> psk-format combo-pattern {or|and|no}
user-group Set user group parameters
<string> Enter the user group name (1-32 chars)
psk-format Set the format parameters for creating individual user PSKs (preshared keys)
combo-pattern Set the way in which various types of characters can be combined in PSKs
or Include one character type or a combination of different types in the PSKs (Default)
and Include a combination of all specified character types in the PSKs
no Include one character type in the PSKs (Note: If you specify multiple character types and set this option, only letters are used, if specified. If not, then only digits are used.)
user-group <string> psk-generation-method username-and-password concatenated-characters <string>
user-group Set user group parameters
<string> Enter the user group name (1-32 chars)
psk-generation-method Set the elements from which the private PSK will be derived: password only or username and password
username-and-password Set private-PSK generation method to username-and-password
concatenated-characters Set format for concatenating the characters in the PSK that comprises a user name and password
<string> Enter the characters used to concatenate the user name and password (Default: None; Range: 1-8 chars)
user-group <string> psk-generation-method {password-only|username-and-password}
user-group Set user group parameters
<string> Enter the user group name (1-32 chars)
psk-generation-method Set the elements from which the private PSK will be derived: password only or username and password
password-only Set private-PSK generation method to password-only (Default)
username-and-password Set private-PSK generation method to username-and-password
user-group <string> reauth-interval <number>
user-group Set user group parameters
<string> Enter the user group name (1-32 chars)
reauth-interval Set an interval after which a user in an ongoing RADIUS session must reauthenticate
<number> Enter the length of time in seconds before reauthentication (Default: 1800; Range: 600-86400, or 0 to remove the user reauthentication requirement)
user-group <string> start-time <date/time>
user-group Set user group parameters
<string> Enter the user group name (1-32 chars)
start-time Set the start of the time period during which the PSK is valid
<date/time> Enter the start date and time of the date (Format: YYYY-MM-DD/hh:mm:ss; Range: 1970-01-01 to 2035-12-31/hh (00-23), mm (00-59), ss (00-59))
user-group <string> user-attribute <number>
user-group Set user group parameters
<string> Enter the user group name (1-32 chars)
user-attribute Set a RADIUS attribute or a range of attributes to the user group
<number> Enter a numeric value for a single RADIUS attribute (Default: none; Range: 0-4095)
user-group <string> vlan-id <number>
user-group Set user group parameters
<string> Enter the user group name (1-32 chars)
vlan-id Set a VLAN ID for the user group
<number> Enter the default VLAN ID for the user group (Default: none; Range: 1-4094)
user-profile <string> [ qos-policy <string> ] [ vlan-id <number> ] [ mobility-policy <string> ] [ attribute <number> [ - <number> ] ]
user-profile Set parameters for a user profile
<string> Enter the user profile name (1 - 32 chars)
qos-policy Assign QoS policy to the user profile
<string> Enter the QoS policy name (1 - 32 chars)
vlan-id Set the default VLAN ID for the user profile
<number> Enter the default VLAN ID for the user profile (Range: 1-4094)
mobility-policy Assign mobility policy to the user profile
<string> Enter the mobility policy name (1 - 32 chars)
attribute Map a RADIUS attribute or a range of attributes to the user profile
<number> Enter a numeric value for a single RADIUS attribute or the starting value for a range (Range: 0-4095)
- Set a range of RADIUS attributes
<number> Enter the ending value for a RADIUS attribute range (Range: 0-4095)
user-profile <string> cac airtime-percentage <number> [ share-time ]
user-profile Set parameters for a user profile
<string> Enter the user profile name (1 - 32 chars)
cac Set CAC (Call Admission Control) parameters for regulating the admission of new VoIP calls
airtime-percentage Set the percentage of airtime reserved for the VoIP calls of users belonging to the user profile
<number> Enter the percentage (Default: 0; Range: 0-100)
share-time Enable the user profile to share any unused airtime with other user profiles (Default: Disabled)
user-profile <string> ip-policy-default-action {permit|deny|inter-station-traffic-drop}
user-profile Set parameters for a user profile
<string> Enter the user profile name (1 - 32 chars)
ip-policy-default-action Set the IP policy default action for the user profile
permit Set the default action to permit
deny Set the default action to deny
inter-station-traffic-drop Set the action to drop traffic between stations if they are both associated with one or more members of the same cluster (Default: deny)
user-profile <string> mac-policy-default-action {permit|deny}
user-profile Set parameters for a user profile
<string> Enter the user profile name (1 - 32 chars)
mac-policy-default-action Set the MAC policy default action for the user profile
permit Set the default action to permit
deny Set the default action to deny
user-profile <string> schedule <string>
user-profile Set parameters for a user profile
<string> Enter the user profile name (1 - 32 chars)
schedule Set a schedule during which the SmartPath AP will apply the user profile
<string> Enter a schedule name (1-32 characters)
user-profile <string> security ip-policy [ from-access <string> ] [ to-access <string> ]
user-profile Set parameters for a user profile
<string> Enter the user profile name (1 - 32 chars)
security Set the security parameters for the user profile
ip-policy Set the security IP policy parameters for the user profile
from-access Set parameters for packets that source IP is station's
<string> Enter an IP policy name (1-32 chars)
to-access Set parameters for packets that destination IP is station's
<string> Enter an IP policy name (1-32 chars)
user-profile <string> security mac-policy [ from-access <string> ] [ to-access <string> ]
user-profile Set parameters for a user profile
<string> Enter the user profile name (1 - 32 chars)
security Set the security parameters for the user profile
mac-policy Set the security MAC policy parameters for a user profile
from-access Set parameters for packets that source MAC is station`s
<string> Enter a MAC policy name (1-32 chars)
to-access Set parameters for packets that destination MAC is station`s
<string> Enter a MAC policy name (1-32 chars)
user-profile <string> tunnel-policy <string>
user-profile Set parameters for a user profile
<string> Enter the user profile name (1 - 32 chars)
tunnel-policy Set the tunnel policy to apply to traffic belonging to members of the user profile
<string> Enter the name of the tunnel policy name (1-32 chars)
user-profile <string> {after|before} <string>
user-profile Set parameters for a user profile
<string> Enter the user profile name (1 - 32 chars)
after Move the user profile after another user profile
before Move the user profile before another user profile
<string> Enter the user profile name (1 - 32 chars)
user-profile <string> {performance-sentinel} action {log|boost}
user-profile Set parameters for a user profile
<string> Enter the user profile name (1 - 32 chars)
performance-sentinel Set performance sentinel parameters to moderate client throughput
action Set an action to take in response to a performance sentinel violation
log Generate a log entry about the performance sentinel violation (Default: Log)
boost Increase the performance available for clients so they can obtain their minimum guaranteed bandwidth (Default: Log)
user-profile <string> {performance-sentinel} enable
user-profile Set parameters for a user profile
<string> Enter the user profile name (1 - 32 chars)
performance-sentinel Set performance sentinel parameters to moderate client throughput
enable Enable performance sentinel (Default: Disabled)
user-profile <string> {performance-sentinel} guaranteed-bandwidth <number>
user-profile Set parameters for a user profile
<string> Enter the user profile name (1 - 32 chars)
performance-sentinel Set performance sentinel parameters to moderate client throughput
guaranteed-bandwidth Set the minimum guaranteed bandwidth per user
<number> Enter the minimum guaranteed bandwidth (Default: 1000 Kbps; Range: 100-500000)
vpn ipsec-tunnel <string> dpd idle-interval <number> retry <number> retry-interval <number>
vpn Set parameters for VPN (virtual private network) tunneling
ipsec-tunnel Set IPsec tunnel parameters
<string> Enter the name of the IPsec tunnel entry (1-32 chars)
dpd Set DPD (Dead Peer Detection) parameters for the IPsec tunnel
idle-interval Set the interval for sending DPD R-U-There messages
<number> Enter the interval in seconds (Range: 0-65535; Default: 10; Note: 0 disables DPD)
retry Set the number of times to retry sending a DPD R-U-There message when it does not elicit a response
<number> Enter the number of messages to retry sending (Range: 1-65535; Default: 5)
retry-interval Set the interval for resending DPD R-U-There messages
<number> Enter the retry interval in seconds (Range: 1-60; Default: 3)
vpn ipsec-tunnel <string> gateway <ip_addr> client-name <string> password <string>
vpn Set parameters for VPN (virtual private network) tunneling
ipsec-tunnel Set IPsec tunnel parameters
<string> Enter the name of the IPsec tunnel entry (1-32 chars)
gateway Set the address of the IKE gateway at the server end of the VPN tunnel (Note: Only define an IKE gateway on VPN clients.)
<ip_addr> Enter an IKE gateway address
client-name Set the name that the VPN client uses to authenticate itself to the VPN server using Xauth
<string> Enter the client name (8-32 chars)
password Set password that the VPN client uses to authenticate itself to the VPN server using Xauth
<string> Enter the password string (16-32 chars)
vpn ipsec-tunnel <string> ike phase1 auth-method {hybrid|rsa-sig|psk}
vpn Set parameters for VPN (virtual private network) tunneling
ipsec-tunnel Set IPsec tunnel parameters
<string> Enter the name of the IPsec tunnel entry (1-32 chars)
ike Set IKE (Internet Key Exchange) parameters
phase1 Set IKE phase 1 parameters
auth-method Set the authentication method for IKE phase 1 negotiations
hybrid Set peer authentication in hybrid mode (Default: Hybrid mode, in which the VPN server authenticates itself with an RSA signature and the client authenticates itself through Xauth.)
rsa-sig Set both VPN peers--server and client--to authenticate themselves with RSA signatures (Default: Hybrid mode)
psk Set both VPN peers--server and client--to authenticate themselves with a preshared key
vpn ipsec-tunnel <string> ike phase1 dh-group {group1|group2|group5}
vpn Set parameters for VPN (virtual private network) tunneling
ipsec-tunnel Set IPsec tunnel parameters
<string> Enter the name of the IPsec tunnel entry (1-32 chars)
ike Set IKE (Internet Key Exchange) parameters
phase1 Set IKE phase 1 parameters
dh-group Set the Diffie-Hellman group for generating a shared key during phase 1 negotiations
group1 Use Diffie-Hellman group 1 (Default: Diffie-Hellman group 2)
group2 Use Diffie-Hellman group 2 (Default: Diffie-Hellman group 2)
group5 Use Diffie-Hellman group 5 (Default: Diffie-Hellman group 2)
vpn ipsec-tunnel <string> ike phase1 psk <string>
vpn Set parameters for VPN (virtual private network) tunneling
ipsec-tunnel Set IPsec tunnel parameters
<string> Enter the name of the IPsec tunnel entry (1-32 chars)
ike Set IKE (Internet Key Exchange) parameters
phase1 Set IKE phase 1 parameters
psk Set the preshared key used for VPN peer authentication
<string> Enter the preshared key string (1-128 chars)
vpn ipsec-tunnel <string> ike phase2 pfs-group {no-pfs|group1|group2|group5}
vpn Set parameters for VPN (virtual private network) tunneling
ipsec-tunnel Set IPsec tunnel parameters
<string> Enter the name of the IPsec tunnel entry (1-32 chars)
ike Set IKE (Internet Key Exchange) parameters
phase2 Set IKE phase 2 parameters
pfs-group Set the PFS (perfect forward secrecy) parameters for phase 2 negotiations
no-pfs Do not perform a second Diffie-Hellman key exchange during phase 2 negotiations (Default: Diffie-Hellman group 2)
group1 Use Diffie-Hellman group 1 (Default: Diffie-Hellman group 2)
group2 Use Diffie-Hellman group 2 (Default: Diffie-Hellman group 2)
group5 Use Diffie-Hellman group 5 (Default: Diffie-Hellman group 2)
vpn ipsec-tunnel <string> ike {phase1|phase2} encryption-algorithm {3des|aes128|aes192|aes256}
vpn Set parameters for VPN (virtual private network) tunneling
ipsec-tunnel Set IPsec tunnel parameters
<string> Enter the name of the IPsec tunnel entry (1-32 chars)
ike Set IKE (Internet Key Exchange) parameters
phase1 Set IKE phase 1 parameters
phase2 Set IKE phase 2 parameters
encryption-algorithm Set the encryption algorithm
3des Use 3DES (Triple DES, Data Encryption Standard) as the encryption algorithm (Default: AES-128)
aes128 Use AES (Advanced Encryption Standard) with a 128-bit key as the encryption algorithm (Default: AES-128)
aes192 Use AES with a 192-bit key as the encryption algorithm (Default: AES-128)
aes256 Use AES with a 256-bit key as the encryption algorithm (Default: AES-128)
vpn ipsec-tunnel <string> ike {phase1|phase2} hash {md5|sha1}
vpn Set parameters for VPN (virtual private network) tunneling
ipsec-tunnel Set IPsec tunnel parameters
<string> Enter the name of the IPsec tunnel entry (1-32 chars)
ike Set IKE (Internet Key Exchange) parameters
phase1 Set IKE phase 1 parameters
phase2 Set IKE phase 2 parameters
hash Set the IKE hash algorithm
md5 Use MD-5 (Message Digest, version 5) as the hash algorithm (Default: SHA-1)
sha1 Use SHA-1 (Secure Hash Algorithm) as the hash algorithm (Default: SHA-1)
vpn ipsec-tunnel <string> ike {phase1|phase2} lifetime <number>
vpn Set parameters for VPN (virtual private network) tunneling
ipsec-tunnel Set IPsec tunnel parameters
<string> Enter the name of the IPsec tunnel entry (1-32 chars)
ike Set IKE (Internet Key Exchange) parameters
phase1 Set IKE phase 1 parameters
phase2 Set IKE phase 2 parameters
lifetime Set the SA (security association) lifetime (Note: Before the SA expires, the authentication and encryption keys are automatically refreshed with new ones.)
<number> Enter the SA expiration time in seconds (Range: 180-10000000;Phase 1 Default: 86400; Phase 2 Default: 3600 )
vpn ipsec-tunnel <string> local-ike-id {asn1dn|address|fqdn|ufqdn} <string>
vpn Set parameters for VPN (virtual private network) tunneling
ipsec-tunnel Set IPsec tunnel parameters
<string> Enter the name of the IPsec tunnel entry (1-32 chars)
local-ike-id Set the IKE identity for the local SmartPath AP
asn1dn Set the IKE identity type as an ASN.1 DN (Abstract Syntax Notation One Distinguished Name; Example: C=US, ST=CA, L=SF, O=Black Box, OU=Sales, CN=PaulSmith)
address Set the IKE identity type as an IP address (Example: 10.1.1.5)
fqdn Set the IKE identity type as an FQDN (fully qualified domain name; Example: www.oem_name_low.com)
ufqdn Set the IKE identity type as a user FQDN (Example: psmith@oem_name_low.com)
<string> Enter the IP address, or user FQDN (email address), or FQDN, or ASN.1 DN (1-128 chars)
vpn ipsec-tunnel <string> nat-traversal enable
vpn Set parameters for VPN (virtual private network) tunneling
ipsec-tunnel Set IPsec tunnel parameters
<string> Enter the name of the IPsec tunnel entry (1-32 chars)
nat-traversal Set the VPN to be able to traverse NAT devices encountered along its data path
enable Enable NAT traversal (Default: Enabled)
vpn ipsec-tunnel <string> peer-ike-id {asn1dn|address|fqdn|ufqdn} <string>
vpn Set parameters for VPN (virtual private network) tunneling
ipsec-tunnel Set IPsec tunnel parameters
<string> Enter the name of the IPsec tunnel entry (1-32 chars)
peer-ike-id Set IKE identity for the remote VPN peer
asn1dn Set the IKE identity type as an ASN.1 DN (Abstract Syntax Notation One Distinguished Name; Example: C=US, ST=CA, L=SF, O=Black Box, OU=Sales, CN=PaulSmith)
address Set the IKE identity type as an IP address (Example: 10.1.1.5)
fqdn Set the IKE identity type as an FQDN (fully qualified domain name; Example: www.oem_name_low.com)
ufqdn Set the IKE identity type as a user FQDN (Example: psmith@oem_name_low.com)
<string> Enter the IP address, or user FQDN (email address), or FQDN, or ASN.1 DN (1-128 chars)
vpn tunnel-policy <string> client ipsec-tunnel <string> [ primary ]
vpn Set parameters for VPN (virtual private network) tunneling
tunnel-policy Set the IPsec tunnel policy
<string> Enter a tunnel policy name (1-32 chars)
client Set the tunnel policy for a VPN client
ipsec-tunnel Set the IPsec tunnel entry to use in the tunnel policy
<string> Enter the IPsec tunnel entry name (1-32 chars)
primary Set the VPN entry as the primary VPN gateway
vpn tunnel-policy <string> password <string>
vpn Set parameters for VPN (virtual private network) tunneling
tunnel-policy Set the IPsec tunnel policy
<string> Enter a tunnel policy name (1-32 chars)
password Set the password for the GRE tunnel check (Note: The password on the server and client must match for the GRE tunnel check to succeed.)
<string> Enter a password (8-32 chars)
vpn {client-ipsec-tunnel} <string>
vpn Set parameters for VPN (virtual private network) tunneling
client-ipsec-tunnel Set the local SmartPath AP as a client that builds an IPsec tunnel to the VPN server
<string> Enter the name of a VPN tunnel entry (1-32 chars)
web-directory <string> link-to-resources <string> <string>
web-directory Create a web directory for the internal web server
<string> Enter the name of the web directory to store files used by a captive web portal or, when preceded by "ppsk-self-reg", for use with private PSK self-registration (1-32 chars)
link-to-resources Create a link to a web directory whose content can be shared by all captive web portals or to a specific file in that shared directory
<string> Enter the name of the link (Max: 32 chars; Note: Each web directory includes a default link called "shared" that points to a predefined directory named "shared".)
<string> Enter the name of the target directory (Max: 32 chars; Example: shared)
web-directory [ {ppsk-self-reg} ] <string>
web-directory Create a web directory for the internal web server
ppsk-self-reg Create a web directory for the private PSK server to use when receiving self-registration requests
<string> Enter the name of the web directory to store files used by a captive web portal or, when preceded by "ppsk-self-reg", for use with private PSK self-registration (1-32 chars)
wizard startup
wizard Cli wizard
startup Cli wizard
Accessing and Using the CLI

Through the SmartPath CLI, you can log in to a SmartPath AP and perform the following operations:

To access the CLI, you can make a direct serial connection through the console port (on SmartPath AP models that have one) or a Telnet or SSH connection over the network through the Ethernet interface or an SSID on a Wifi subinterface to the mgt0 interface. Each method is described in the following sections:

For an introduction to the CLI and some useful tips, see the following sections:

Using the Console Port

You can make a direct serial connection from your management system to the SmartPath AP and log in to the CLI. For details and pin assignments, see the SmartPath Deployment Guide. Follow these steps:

  1. Connect the power cable to the SmartPath AP and turn on the power.
  2. Depending on the SmartPath AP model, connect one end of an RS-232 (or "null modem") serial cable or an RJ-45-to-DB-9 serial cable to the serial port (or Com port) on your management system.
  3. Connect the other end of the cable to the console port on the SmartPath AP.
  4. On your management system, run a VT100 terminal emulation program, such as Tera Term Pro (a free terminal emulator) or Hilgraeve Hyperterminal (provided with Windows operating systems). Use the following settings:
  1. Press the ENTER key to see the login prompt.
  2. Log in using the default user name admin and password blackbox.
Using Telnet

You can make a Telnet connection from your management system to the SmartPath AP across an Ethernet or WiFi network (or even just across an Ethernet cable between your management system and the SmartPath AP). Because Telnet uses a client/server relationship, you need a Telnet client on your management system. (All Windows operating systems include a Telnet client.) The client connects to the Telnet server on the SmartPath AP using TCP port 23.

Because a Telnet connection requires that the SmartPath AP already have an IP address, you must first make a serial connection to the device and assign it an address using the interface command:

where ip_addr netmask define an address on the network that is accessible from your management system. See "Using the Console Port".

By default, Telnet manageability is disabled on SmartPath APs. You must first access the SmartPath AP by another means- console, SSH, or SmartPath EMS--and enable it. Use the following commands to enable Telnet through an Ethernet interface and through an SSID (for wireless Telnet access):

1. With the SmartPath AP connected to a power source, connect an Ethernet cable from the Ethernet port on the SmartPath AP to a switch that is on the same network as your management system. Optionally, you can connect the Ethernet cable from the SmartPath AP directly to your management system.

Note: Because the Ethernet port on the SmartPath AP is autosensing, the cable can have either straight-through or cross-over wiring. For details, see the SmartPath Deployment Guide.

After you have created an SSID and enabled Telnet access to the mgt0 interface through that SSID, you can form a wireless association with the SmartPath AP and use Telnet to access the CLI wirelessly.

2. On your management system, run the Telnet client and connect to the Telnet server on the SmartPath AP. In Windows, for example, do the following:

3. Log in using your user name and password. The default user name is admin and the default password is blackbox.

Using SSH

You can make an SSH2 (Secure Shell version 2) connection from an SSH client on your management system to the SSH server on the SmartPath AP across an Ethernet or WiFi network. SSH allows you to open a remote command shell securely and run commands on the SSH server. You need an SSHv2 client, such as puTTY (a free SSHv2 client), on your management system. The client connects to the SSHv2 server on the SmartPath AP using TCP port 22.

Because an SSH connection requires that the SmartPath AP already have an IP address, you must first make a serial connection to the device and assign it an address using the interface command:

where ip_addr netmask define an address on the network that is accessible from your management system. See "Using the Console Port". By default, SSH manageability is enabled on Ethernet interfaces and SSIDs.

1. With the SmartPath AP connected to a power source, connect an Ethernet cable from the Ethernet port on the SmartPath AP to a switch that is on the same network as your management system. Optionally, you can connect the Ethernet cable from the SmartPath AP directly to your management system.

Note: Because the Ethernet port on the SmartPath AP is autosensing, the cable can have either straight-through or cross-over wiring. For details, see the SmartPath Deployment Guide.

After you have created an SSID, you can form a wireless association with the SmartPath AP and use SSH to access the CLI wirelessly.

2. On your management system, run the SSHv2 client and connect to the SSHv2 server on the SmartPath AP. Using puTTY, for example, do the following:

3. Log in using your user name and password. The default user name is admin and the default password is blackbox.

Using the SmartPath CLI

There are three main types of commands in the SmartPath CLI:

Exploring the CLI

To see a list of commands, and their accompanying CLI Help, type a question mark ( ? ). For example, to display all the keyword and action commands, enter a question mark at the command prompt:

blackbox#?

aaa Set parameters for AAA (authentication, authorization, accounting)
access-console Set access console parameters
admin Set administrators and passwords
... ...

To display all the show commands, enter the following:

blackbox#show ?

aaa Show parameters for AAA (authentication, authorization, accounting)
access-console Show access console status and parameters
acsp Show parameters for ACSP (Black Box Channel Selection Protocol)
... ...

To see all the commands beginning with a particular character or string of characters, enter the character or character string followed immediately by a question mark; that is, do not include a space between the last character and the question mark. For example, to see all the commands beginning with "a", enter the following:

blackbox#a?

aaa Set parameters for AAA (authentication, authorization, accounting)
access-console Set access console parameters
admin Set administrators and passwords

Similar to the above methods for seeing lists of commands, you can use a question mark within commands to see subsequent choices. For example, to see the options following clock, enter the following:

blackbox#clock ?

date-time Set the date and time for the internal clock
time-zone Set the time zone for the internal clock

Searching for a Text String

If you want to find a command that uses a particular character or string of characters, you can do a search using the following command:

where string is the word or string of characters you want to find. For example, if you want to see all the commands in which the word "enable" appears, enter the following:

blackbox#show cmds | include enable

Searching for just the string of letters "ena" produces similar results:

blackbox#show cmds | include ena

Note: You can search for more than one word by enclosing them within quotation marks. For example, you can do a search for "qos class" to see the commands containing "qos classifier".

Filtering Command Output

You can filter the output of a show command to include or exclude certain text strings. To do this use the following syntax: show cmd | { exclude | include } string. For example, to find the MAC address 0016:cf8d:56bc among a number of associated stations in SSID "west", enter the following command:

blackbox#show ssid west stations | include 0016:cf8d:56bc
0016:cf8d:56bc 11 1M 68 8021x aes ccm00:21:17 1 Yes

If you want to filter a space-separated string, put the string within quotation marks. For example, to filter a MAC address ending with "20" on the eth0 interface, enter the following:

blackbox#show route | include "0 4096"
0019:770e:55a0 0019:770e:5580 wifi1.1 0 4096 IL

Using Command Line Completion

The SmartPath CLI supports command line completion (or "tab completion"), which allows you to complete the remainder of an unambiguous word by pressing the TAB key. For example:

blackbox#show qos co (Press TAB here.)

blackbox#show qos counter (The word "counter" is automatically completed.)

If the remainder of the word is ambiguous, pressing TAB twice shows the possibilities. For example:

blackbox#show qos c (Press TAB here.)

blackbox#show qos c (Press TAB again.)

blackbox#show qos c

classifier-map classifier-profile counter (The three subsequent choices appear.)

Useful Keyboard Shortcuts

The following keyboard commands are useful to know and can make your work with the CLI more efficient. Note that the plus sign ( + ) indicates that both keys must be pressed simultaneously. For example, CTRL + s means "press the CTRL key and the s key at the same time". If there is no plus sign between adjacent key names, press them sequentially. For example, ESC b means "press the ESC key and then press the b key".

To perform this task Press this key or key combination
Lock the console CTRL + s
Unlock the console CTRL + q
Stopping the display of output, such as the output of the show log buffered command q
Advance the display of lengthy output, such as the output from the show logging messages command, by one line ENTER
Advance the display of lengthy output by sets of multiple lines at a time TAB
Autocomplete an unambiguous keyword when typing a command TAB
Stopping the execution of a task, such as sending ICMP echo requests CTRL+c
Moving backward or forward through command history UP ARROW or CTRL + p (to move backward) and DOWN ARROW or CTRL + n (to move forward)
Moving backward or forward in a command LEFT ARROW or CTRL + b (to move backward) and RIGHT ARROW or CTRL + f (to move forward)
Move the cursor backward or forward through a command word by word ESC b (to move backward) and ESC f (to move forward)
Move the cursor to the beginning or end of a command CTRL + a (to move to the beginning) and CTRL + e (to move to the end)
Erase the character under the cursor CTRL + d
Erase the character to the left of the cursor BACKSPACE or CTRL + h
Erase the previous word CTRL + w
Erase everything on the line to the left of the cursor CTRL + u
Erase everything on the line under and to the right of the cursor CTRL + k
Reverse the last two characters in a command; for example, to change show ssdi to show ssid CTRL + t
Execute a command ENTER or CTRL + j or CTRL + m
Log out of the console session CTRL + \

Copyright © 2012 Black Box Networks, Inc.