Aerohive CLI Guide for HiveOS 6.2r1 (AP120 and AP170)
The following is a complete list of commands available in the HiveOS 6.2r1 release for the AP120 and AP170 along with explanations of every keyword. Click a command to see its keyword explanations. Then click the Back Arrow in your browser to return to the list of commands. For an introduction to the Aerohive CLI, explaining different ways to access it, some keyboard shortcuts, and usage tips, click here.
aaa attribute NAS-Identifier <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
attribute |
Set attribute parameters for RADIUS Access-Request and Accounting-Request packets
|
NAS-Identifier |
Set the RADIUS Access-Request and Accounting-Request packets NAS-Identifier parameter (Note: The NAS identifier contains a string that identifies the NAS that is originating the access or accounting request.)
|
<string> |
Enter the custom NAS-Identifier (Default: HiveAP host name; 1-64 chars)
|
aaa attribute Operator-Name namespace-id <number>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
attribute |
Set attribute parameters for RADIUS Access-Request and Accounting-Request packets
|
Operator-Name |
Set the operator name of the RADIUS Access-Request and Accounting-Request packets (Note: The operator name contains the operator namespace ID and the operator name. The operator name is combined with the namespace ID to uniquely identify the owner of the access network.)
|
namespace-id |
Set the namespace ID parameter of the Operator-Name (Default: realm)
|
<number> |
Enter a number used for namespace ID (Range: 4-206; Note: These namespace ID values anticipate future additions to the list of namespaces as defined by IANA and reference in RFC 5580.)
|
aaa attribute Operator-Name namespace-id {TADIG|REALM|E212|ICC}
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
attribute |
Set attribute parameters for RADIUS Access-Request and Accounting-Request packets
|
Operator-Name |
Set the operator name of the RADIUS Access-Request and Accounting-Request packets (Note: The operator name contains the operator namespace ID and the operator name. The operator name is combined with the namespace ID to uniquely identify the owner of the access network.)
|
namespace-id |
Set the namespace ID parameter of the Operator-Name (Default: realm)
|
TADIG |
Set the Namespace-ID parameter to TADIG (Transferred Account Data Interchange Group; Note: TADIG namespaces include a country code and a company code, and are used in cellular telephone networks.)
|
REALM |
Set the Namespace-ID parameter to REALM (Note: Realm namespaces must be globally unique, so administrators commonly use device fully qualified domain name.)
|
E212 |
Set the Namespace-ID parameter to E212 (Note: The E.212 standard is defined in the ITU (International Telecommunication Union) standard. E.212 namespaces include a mobile country code and a mobile network code, and are used in cellular telephone networks.)
|
ICC |
Set the Namespace-ID parameter to ICC (ITU carrier code; Note: ICC namespaces consist of a country code and the carrier code, and are used in cellular telephone networks.)
|
aaa attribute Operator-Name value <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
attribute |
Set attribute parameters for RADIUS Access-Request and Accounting-Request packets
|
Operator-Name |
Set the operator name of the RADIUS Access-Request and Accounting-Request packets (Note: The operator name contains the operator namespace ID and the operator name. The operator name is combined with the namespace ID to uniquely identify the owner of the access network.)
|
value |
Set the value for the operator name attribute
|
<string> |
Enter a string for Operator-Name(1-64 chars)
|
aaa attribute user-profile-attribute vendor-id <number> attribute-id <number>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
attribute |
Set attribute parameters for RADIUS Access-Request and Accounting-Request packets
|
user-profile-attribute |
Map a RADIUS attribute to the user profile
|
vendor-id |
Set a vendor ID RADIUS attribute
|
<number> |
Enter the vendor ID number (Range: 1-65535; Note: Aerohive recommends a vendor ID of 26928, which identifies Aerohive as the vendor.)
|
attribute-id |
Set an ID for a private RADIUS attribute
|
<number> |
Enter the private RADIUS attribute ID number to be combined with the vendor ID number(Range: 1-255; Note: Aerohive recommends an attribute ID of 6, which corresponds to the user profile attribute.)
|
aaa mac-format case-sensitivity {lower-case|upper-case}
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
mac-format |
Set the MAC address format to use when sending client MAC addresses to an external authentication server
|
case-sensitivity |
Set the letter case to use when formatting MAC addresses
|
lower-case |
Use lowercase formatting (Example: 01ab23cd45ef; Default: lower-case)
|
upper-case |
Use uppercase formatting (Example: 01AB23CD45EF; Default: lower-case)
|
aaa mac-format delimiter {dash|dot|colon}
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
mac-format |
Set the MAC address format to use when sending client MAC addresses to an external authentication server
|
delimiter |
Set the type of delimiter to use when formatting MAC addresses
|
dash |
Set a dash ( - ) as the MAC address delimiter (Default: colon)
|
dot |
Set a dot ( . ) as the MAC address delimiter (Default: colon)
|
colon |
Set a colon ( : ) as the MAC address delimiter (Default: colon)
|
aaa mac-format style {two-delimiter|five-delimiter|no-delimiter}
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
mac-format |
Set the MAC address format to use when sending client MAC addresses to an external authentication server
|
style |
Set the number of delimiters to use when grouping the hexadecimal digits in a MAC address
|
two-delimiter |
Set the number of delimiters in a MAC address as two (Example: 0123.4567.89ab; Default: no-delimiter)
|
five-delimiter |
Set the number of delimiters in a MAC address as five (Example: 01-23-45-67-89-ab; Default: no-delimiter)
|
no-delimiter |
Set the number of delimiters in a MAC address as none (Example: 0123456789ab; Default: no-delimiter)
|
aaa ppsk-server auto-save-interval <number>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
ppsk-server |
Set parameters for the local HiveAP when it is acting as a private PSK server
|
auto-save-interval |
Set the length of time to save the list of private PSK-to-client MAC address bindings to flash memory
|
<number> |
Enter the interval in seconds(Default: 600 sec; Range: 60-3600)
|
aaa ppsk-server radius-server {primary|backup1|backup2|backup3} <ip_addr|string> [ shared-secret <string> ] [ auth-port <number> ] [ via-vpn-tunnel ]
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
ppsk-server |
Set parameters for the local HiveAP when it is acting as a private PSK server
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
primary |
Set the RADIUS server that is first queried when authenticating users
|
backup1 |
Set the RADIUS server that is queried if the primary server stops responding
|
backup2 |
Set the RADIUS server that is queried if the backup1 server stops responding
|
backup3 |
Set the RADIUS server that is queried if the backup2 server stops responding
|
<ip_addr> |
Enter an IP address or a domain name for the RADIUS server (max 32 chars)
|
<string> |
Enter an IP address or a domain name for the RADIUS server (max 32 chars)
|
shared-secret |
Set the shared secret for authenticating communications with a RADIUS server
|
<string> |
Enter the shared secret for authenticating communications with a RADIUS server (1-64 chars)
|
auth-port |
Set the RADIUS authentication port number
|
<number> |
Enter the RADIUS authentication port number (Default: 1812; Range: 1-65535)
|
via-vpn-tunnel |
Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when the RADIUS server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
|
aaa radius-server account-interim-interval <number>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
account-interim-interval |
Set the interval in seconds for sending RADIUS accounting updates
|
<number> |
Enter the interval in seconds for sending RADIUS accounting updates (Default: 20; Range: 10-100000000)
|
aaa radius-server accounting {primary|backup1|backup2|backup3} <ip_addr|string> [ shared-secret <string> ] [ acct-port <number> ] [ via-vpn-tunnel ]
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
accounting |
Set parameters for a RADIUS accounting server
|
primary |
Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets first
|
backup1 |
Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the primary server does not respond
|
backup2 |
Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the backup1 server does not respond
|
backup3 |
Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the backup2 server does not respond
|
<ip_addr> |
Enter the IP address or domain name for the RADIUS accounting server (max 32 chars)
|
<string> |
Enter the IP address or domain name for the RADIUS accounting server (max 32 chars)
|
shared-secret |
Set the shared secret for securing communications with RADIUS accounting servers
|
<string> |
Enter the shared secret (1-64 chars; Note: The RADIUS shared secret is case sensitive and can contain spaces.)
|
acct-port |
Set the RADIUS accounting port number
|
<number> |
Enter the RADIUS accounting port number (Default: 1813; Range: 1-65535)
|
via-vpn-tunnel |
Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when the RADIUS server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
|
aaa radius-server dynamic-auth-extension
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
dynamic-auth-extension |
Enable the HiveAP acting as a NAS to accept unsolicited messages from the RADIUS authentication server (Default: Disabled)
|
aaa radius-server inject Operator-Name
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
inject |
Set injection parameters for RADIUS Access-Request and Accounting-Request packets
|
Operator-Name |
Set the operator name of the RADIUS Access-Request and Accounting-Request packets (Note: The operator name contains the operator namespace ID and the operator name. The operator name is combined with the namespace ID to uniquely identify the owner of the access network.)
|
aaa radius-server keepalive enable
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
keepalive |
Set parameters for periodically checking network connectivity to RADIUS servers
|
enable |
Set parameters for periodically checking network connectivity to RADIUS servers
|
aaa radius-server keepalive interval <number>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
keepalive |
Set parameters for periodically checking network connectivity to RADIUS servers
|
interval |
Set the interval between periodic connectivity status checks
|
<number> |
Enter the interval in seconds (Default: 60; Range: 60-86400)
|
aaa radius-server keepalive retry <number>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
keepalive |
Set parameters for periodically checking network connectivity to RADIUS servers
|
retry |
Set the number of times to retry sending an Access-Request or Accounting-Request that does not elicit a response from a RADIUS authentication or accounting server
|
<number> |
Enter the retry value (Default: 3; Range: 1-10)
|
aaa radius-server keepalive retry-interval <number>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
keepalive |
Set parameters for periodically checking network connectivity to RADIUS servers
|
retry-interval |
Set the interval between retries if no response is received from the RADIUS server
|
<number> |
Enter the retry interval value in seconds (Default: 10; Range: 1-60)
|
aaa radius-server keepalive username <string> password <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
keepalive |
Set parameters for periodically checking network connectivity to RADIUS servers
|
username |
Set the user name to submit in Access-Request messages when checking the connectivity to RADIUS authentication servers
|
<string> |
Enter the user name (1-32 chars)
|
password |
Set the password to submit in Access-Request messages
|
<string> |
Enter the password (1-64 chars)
|
aaa radius-server local attr-map group-attr-name <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
attr-map |
Map an attribute defined on a remote LDAP server to an attribute on the local RADIUS server
|
group-attr-name |
Set the user group attribute name that is defined on the LDAP server
|
<string> |
Enter the attribute name (1-32 chars; Note: The attribute type must be "string". Default attribute in AD: memberOf; in OD: apple-group-realname; in LDAP server: radiusGroupName)
|
aaa radius-server local attr-map reauth-attr-name <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
attr-map |
Map an attribute defined on a remote LDAP server to an attribute on the local RADIUS server
|
reauth-attr-name |
Set the user reauthentication time attribute name that is defined on the LDAP server
|
<string> |
Enter the attribute name (1-32 chars; Note: The attribute type must be "integer". Default attribute in AD: msRADIUSServiceType; in LDAP server: radiusServiceType)
|
aaa radius-server local attr-map user-profile-attr-name <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
attr-map |
Map an attribute defined on a remote LDAP server to an attribute on the local RADIUS server
|
user-profile-attr-name |
Set the user group ID attribute name that is defined on the LDAP server
|
<string> |
Enter the attribute name (1-32 chars; Note: The attribute type must be "string". Default attribute in AD: msRADIUSCallbackNumber; in LDAP server: radiusCallbackNumber)
|
aaa radius-server local attr-map vlan-attr-name <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
attr-map |
Map an attribute defined on a remote LDAP server to an attribute on the local RADIUS server
|
vlan-attr-name |
Set the VLAN ID attribute that is defined on the LDAP server
|
<string> |
Enter the attribute name (1-32 chars; Note: The attribute type must be "string". Default attribute in AD: msRASSavedCallbackNumber; in LDAP server: radiusCallbackId)
|
aaa radius-server local cache lifetime <number>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
cache |
Set parameters for caching user-authentication responses from external LDAP servers
|
lifetime |
Set the lifetime for entries in the RADIUS server cache
|
<number> |
Enter the lifetime for keeping entries in the RADIUS server cache (Default: 86400 seconds; Range: 3600-2592000)
|
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} computer-ou <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
active-directory |
Set the user database on an AD (Active Directory) server
|
primary |
Set the AD server that is first queried when authenticating users
|
backup1 |
Set the AD server that is queried if the primary server stops responding
|
backup2 |
Set the AD server that is queried if the backup1 server stops responding
|
backup3 |
Set the AD server that is queried if the backup2 server stops responding
|
computer-ou |
Set the OU (organizational unit) used on the Active Directory server where the AP RADIUS server admin has privileges to add the AP as a computer in the domain
|
<string> |
Enter the OU (Max: 256 chars; Format: ou/sub-ou/sub-ou; Note: If there are any spaces, enclose the entire string in quotation marks.)
|
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} domain <string> binddn <string> password <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
active-directory |
Set the user database on an AD (Active Directory) server
|
primary |
Set the AD server that is first queried when authenticating users
|
backup1 |
Set the AD server that is queried if the primary server stops responding
|
backup2 |
Set the AD server that is queried if the backup1 server stops responding
|
backup3 |
Set the AD server that is queried if the backup2 server stops responding
|
domain |
Set the domain name of the AD domain controller
|
<string> |
Enter the NetBOIS name of the domain (1-64 chars; Note: The domain name cannot contain multiple-level domains delimited by dots.)
|
binddn |
Set the bindDN (distinguished name) under which LDAP searches are done (Note: bindDN must be set if want to get attributes from AD server or want to check TLS username against LDAP server.)
|
<string> |
Enter the bindDN name (1-256 chars)
|
password |
Set the password which authenticate the bindDN
|
<string> |
Enter the password (1-64 chars)
|
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} domain <string> fullname <string> [ default ]
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
active-directory |
Set the user database on an AD (Active Directory) server
|
primary |
Set the AD server that is first queried when authenticating users
|
backup1 |
Set the AD server that is queried if the primary server stops responding
|
backup2 |
Set the AD server that is queried if the backup1 server stops responding
|
backup3 |
Set the AD server that is queried if the backup2 server stops responding
|
domain |
Set the domain name of the AD domain controller
|
<string> |
Enter the NetBOIS name of the domain (1-64 chars; Note: The domain name cannot contain multiple-level domains delimited by dots.)
|
fullname |
Set the full DNS name of the domain to which the RADIUS server (local AP) and AD server both belong
|
<string> |
Enter the full DNS name of the domain (1-64 chars)
|
default |
Set the domain as the default domain, which will be added to the RADIUS request if no domain name appears in the request
|
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} domain <string> server <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
active-directory |
Set the user database on an AD (Active Directory) server
|
primary |
Set the AD server that is first queried when authenticating users
|
backup1 |
Set the AD server that is queried if the primary server stops responding
|
backup2 |
Set the AD server that is queried if the backup1 server stops responding
|
backup3 |
Set the AD server that is queried if the backup2 server stops responding
|
domain |
Set the domain name of the AD domain controller
|
<string> |
Enter the NetBOIS name of the domain (1-64 chars; Note: The domain name cannot contain multiple-level domains delimited by dots.)
|
server |
Set the IP address or resolvable domain name for the AD server (Note: The AD server is the same as the domain controller.)
|
<string> |
Enter the IP address or domain name (1-64 chars)
|
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} login admin-user <string> password <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
active-directory |
Set the user database on an AD (Active Directory) server
|
primary |
Set the AD server that is first queried when authenticating users
|
backup1 |
Set the AD server that is queried if the primary server stops responding
|
backup2 |
Set the AD server that is queried if the backup1 server stops responding
|
backup3 |
Set the AD server that is queried if the backup2 server stops responding
|
login |
Set admin user name and password that the local AP will use to access the AD server
|
admin-user |
Set the admin user name
|
<string> |
Enter the user name (1-32 chars)
|
password |
Set the password which authenticate the login user
|
<string> |
Enter the password (1-64 chars)
|
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} {server} <string> [ {via-vpn-tunnel} ]
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
active-directory |
Set the user database on an AD (Active Directory) server
|
primary |
Set the AD server that is first queried when authenticating users
|
backup1 |
Set the AD server that is queried if the primary server stops responding
|
backup2 |
Set the AD server that is queried if the backup1 server stops responding
|
backup3 |
Set the AD server that is queried if the backup2 server stops responding
|
server |
Set the IP address or resolvable domain name for the AD server
|
<string> |
Enter the IP address or domain name (1-64 chars)
|
via-vpn-tunnel |
Send all traffic from the AP RADIUS authentication server to the AD server through a VPN tunnel (Note: Set this option on VPN clients when the AD server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
|
aaa radius-server local db-type active-directory {primary|backup1|backup2|backup3} {tls-enable|global-catalog}
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
active-directory |
Set the user database on an AD (Active Directory) server
|
primary |
Set the AD server that is first queried when authenticating users
|
backup1 |
Set the AD server that is queried if the primary server stops responding
|
backup2 |
Set the AD server that is queried if the backup1 server stops responding
|
backup3 |
Set the AD server that is queried if the backup2 server stops responding
|
tls-enable |
Enable TLS authentication that the local AP, as an LDAP client, uses with the AD server (Default: Disabled)
|
global-catalog |
Set the AP to use TCP port 3268 when doing an LDAP search on an AD global catalog server (Default: Disabled)
|
aaa radius-server local db-type ldap-server sub-type edirectory
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
ldap-server |
Set the user database on an LDAP server
|
sub-type |
Set the type of LDAP server
|
edirectory |
Set the user database on an eDirectory LDAP server
|
aaa radius-server local db-type ldap-server sub-type edirectory acct-policy-check
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
ldap-server |
Set the user database on an LDAP server
|
sub-type |
Set the type of LDAP server
|
edirectory |
Set the user database on an eDirectory LDAP server
|
acct-policy-check |
Enable the Novell eDirectory account policy check and intruder detection for RADIUS users (Default: Disabled)
|
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} basedn <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
ldap-server |
Set the user database on an LDAP server
|
primary |
Set the LDAP server that is first queried when authenticating users
|
backup1 |
Set the LDAP server that is queried if the primary server stops responding
|
backup2 |
Set the LDAP server that is queried if the backup1 server stops responding
|
backup3 |
Set the LDAP server that is queried if the backup2 server stops responding
|
basedn |
Set the base DN (distinguished name) where the user profiles are located in the LDAP tree structure
|
<string> |
Enter the base DN (1-256 chars; Note: If there are any spaces, enclose the whole string in quotation marks.)
|
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} binddn <string> password <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
ldap-server |
Set the user database on an LDAP server
|
primary |
Set the LDAP server that is first queried when authenticating users
|
backup1 |
Set the LDAP server that is queried if the primary server stops responding
|
backup2 |
Set the LDAP server that is queried if the backup1 server stops responding
|
backup3 |
Set the LDAP server that is queried if the backup2 server stops responding
|
binddn |
Set the bind DN (distinguished name) under which LDAP searches are done
|
<string> |
Enter the bind DN (1-256 chars; Note: If there are any spaces, enclose the whole string in quotation marks.)
|
password |
Set the password which authenticate the bindDN
|
<string> |
Enter the password (1-64 chars)
|
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} filter-attr <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
ldap-server |
Set the user database on an LDAP server
|
primary |
Set the LDAP server that is first queried when authenticating users
|
backup1 |
Set the LDAP server that is queried if the primary server stops responding
|
backup2 |
Set the LDAP server that is queried if the backup1 server stops responding
|
backup3 |
Set the LDAP server that is queried if the backup2 server stops responding
|
filter-attr |
Set the LDAP search filter to locate user objects using the name the client supplies during RADIUS authentication
|
<string> |
Enter the filter attribute used to search for the user (Default: "cn"; 1-32 chars)
|
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} no-strip-filter
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
ldap-server |
Set the user database on an LDAP server
|
primary |
Set the LDAP server that is first queried when authenticating users
|
backup1 |
Set the LDAP server that is queried if the primary server stops responding
|
backup2 |
Set the LDAP server that is queried if the backup1 server stops responding
|
backup3 |
Set the LDAP server that is queried if the backup2 server stops responding
|
no-strip-filter |
Do not strip the realm name
|
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} port <number>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
ldap-server |
Set the user database on an LDAP server
|
primary |
Set the LDAP server that is first queried when authenticating users
|
backup1 |
Set the LDAP server that is queried if the primary server stops responding
|
backup2 |
Set the LDAP server that is queried if the backup1 server stops responding
|
backup3 |
Set the LDAP server that is queried if the backup2 server stops responding
|
port |
Set the destination port number for communicating with the LDAP server
|
<number> |
Enter the destination port number (Default: 389, 636 for LDAPS; Range: 1-65535)
|
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} protocol {ldap|ldaps}
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
ldap-server |
Set the user database on an LDAP server
|
primary |
Set the LDAP server that is first queried when authenticating users
|
backup1 |
Set the LDAP server that is queried if the primary server stops responding
|
backup2 |
Set the LDAP server that is queried if the backup1 server stops responding
|
backup3 |
Set the LDAP server that is queried if the backup2 server stops responding
|
protocol |
Set the protocol for communicating with the LDAP server
|
ldap |
Set LDAP as the protocol for communicating with the LDAP server (Default: LDAP)
|
ldaps |
Set LDAPS (Secure LDAP) as the protocol for communicating with the LDAP server (Default: LDAP)
|
aaa radius-server local db-type ldap-server {primary|backup1|backup2|backup3} {server} <string> [ {via-vpn-tunnel} ]
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
ldap-server |
Set the user database on an LDAP server
|
primary |
Set the LDAP server that is first queried when authenticating users
|
backup1 |
Set the LDAP server that is queried if the primary server stops responding
|
backup2 |
Set the LDAP server that is queried if the backup1 server stops responding
|
backup3 |
Set the LDAP server that is queried if the backup2 server stops responding
|
server |
Set the IP address or resolvable domain name for the LDAP server
|
<string> |
Enter the IP address or domain name (1-32 chars)
|
via-vpn-tunnel |
Send all traffic from the AP RADIUS authentication server to the LDAP server through a VPN tunnel(Note: Set this option on VPN clients when the LDAP server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
|
aaa radius-server local db-type library-sip-server {primary} institution-id <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
library-sip-server |
Set parameters for the local RADIUS server to communicate with a library SIP (Standard Interchange Protocol) server
|
primary |
Set the library SIP server that is first queried when authenticating users
|
institution-id |
Set institution ID that the local RADIUS server provides when exchanging messages with the library SIP server
|
<string> |
Enter the institution ID (1-64 chars)
|
aaa radius-server local db-type library-sip-server {primary} login-enable
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
library-sip-server |
Set parameters for the local RADIUS server to communicate with a library SIP (Standard Interchange Protocol) server
|
primary |
Set the library SIP server that is first queried when authenticating users
|
login-enable |
Enable the AP, acting as a library SIP client, to log in when connecting to the library SIP server (Default: Disabled)
|
aaa radius-server local db-type library-sip-server {primary} login-user <string> password <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
library-sip-server |
Set parameters for the local RADIUS server to communicate with a library SIP (Standard Interchange Protocol) server
|
primary |
Set the library SIP server that is first queried when authenticating users
|
login-user |
Set the user name that the local RADIUS server submits when logging in to the library SIP server
|
<string> |
Enter the user name (1-32 chars)
|
password |
Set the password that the local AP RADIUS server submits when logging in to the library SIP server
|
<string> |
Enter the password (1-32 chars)
|
aaa radius-server local db-type library-sip-server {primary} port <port>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
library-sip-server |
Set parameters for the local RADIUS server to communicate with a library SIP (Standard Interchange Protocol) server
|
primary |
Set the library SIP server that is first queried when authenticating users
|
port |
Set the library SIP server port number
|
<port> |
[1~65535]Enter the port number (Default: 6001; Range: 1-65535)
|
aaa radius-server local db-type library-sip-server {primary} separator <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
library-sip-server |
Set parameters for the local RADIUS server to communicate with a library SIP (Standard Interchange Protocol) server
|
primary |
Set the library SIP server that is first queried when authenticating users
|
separator |
Set the character that the library SIP server uses to separate multiple field name + value entries
|
<string> |
Enter the separator (1 char; Default: '|')
|
aaa radius-server local db-type library-sip-server {primary} {server} <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
library-sip-server |
Set parameters for the local RADIUS server to communicate with a library SIP (Standard Interchange Protocol) server
|
primary |
Set the library SIP server that is first queried when authenticating users
|
server |
Set IP address or domain name of the library SIP server
|
<string> |
Enter the IP address or domain name (Domain name: 1-32 chars)
|
aaa radius-server local db-type local
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
local |
Set the user database on the local AP
|
aaa radius-server local db-type open-directory {primary|backup1|backup2|backup3} admin-user <string> password <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
open-directory |
Set the user database on an OD (Open Directory) server
|
primary |
Set the OD server that is first queried when authenticating users
|
backup1 |
Set the OD server that is queried if the primary server stops responding
|
backup2 |
Set the OD server that is queried if the backup1 server stops responding
|
backup3 |
Set the OD server that is queried if the backup2 server stops responding
|
admin-user |
Set the admin user name that the local AP uses when logging in to the OD server
|
<string> |
Enter the user name (1-32 chars)
|
password |
Set the password that the local AP uses when logging in to the OD server
|
<string> |
Enter the password (1-64 chars)
|
aaa radius-server local db-type open-directory {primary|backup1|backup2|backup3} domain <string> binddn <string> password <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
open-directory |
Set the user database on an OD (Open Directory) server
|
primary |
Set the OD server that is first queried when authenticating users
|
backup1 |
Set the OD server that is queried if the primary server stops responding
|
backup2 |
Set the OD server that is queried if the backup1 server stops responding
|
backup3 |
Set the OD server that is queried if the backup2 server stops responding
|
domain |
Set the domain name of the OD domain controller
|
<string> |
Enter the name of the domain (1-64 chars)
|
binddn |
Set the bindDN (distinguished name) under which LDAP searches are done
|
<string> |
Enter the bindDN name (1-256 chars)
|
password |
Set the password which authenticate the bindDN
|
<string> |
Enter the password (1-64 chars)
|
aaa radius-server local db-type open-directory {primary|backup1|backup2|backup3} domain <string> fullname <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
open-directory |
Set the user database on an OD (Open Directory) server
|
primary |
Set the OD server that is first queried when authenticating users
|
backup1 |
Set the OD server that is queried if the primary server stops responding
|
backup2 |
Set the OD server that is queried if the backup1 server stops responding
|
backup3 |
Set the OD server that is queried if the backup2 server stops responding
|
domain |
Set the domain name of the OD domain controller
|
<string> |
Enter the name of the domain (1-64 chars)
|
fullname |
Set the full DNS name of the OD domain server
|
<string> |
Enter the full DNS name of the domain (1-64 chars)
|
aaa radius-server local db-type open-directory {primary|backup1|backup2|backup3} filter-attr <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
open-directory |
Set the user database on an OD (Open Directory) server
|
primary |
Set the OD server that is first queried when authenticating users
|
backup1 |
Set the OD server that is queried if the primary server stops responding
|
backup2 |
Set the OD server that is queried if the backup1 server stops responding
|
backup3 |
Set the OD server that is queried if the backup2 server stops responding
|
filter-attr |
Set the LDAP search filter to locate user objects using the name the client supplies during RADIUS authentication
|
<string> |
Enter the filter attribute used to search for the user (Default: "uid"; 1-32 chars)
|
aaa radius-server local db-type open-directory {primary|backup1|backup2|backup3} no-strip-filter
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
open-directory |
Set the user database on an OD (Open Directory) server
|
primary |
Set the OD server that is first queried when authenticating users
|
backup1 |
Set the OD server that is queried if the primary server stops responding
|
backup2 |
Set the OD server that is queried if the backup1 server stops responding
|
backup3 |
Set the OD server that is queried if the backup2 server stops responding
|
no-strip-filter |
Do not strip the realm name
|
aaa radius-server local db-type open-directory {primary|backup1|backup2|backup3} tls-enable
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
db-type |
Set the type and location of the user database
|
open-directory |
Set the user database on an OD (Open Directory) server
|
primary |
Set the OD server that is first queried when authenticating users
|
backup1 |
Set the OD server that is queried if the primary server stops responding
|
backup2 |
Set the OD server that is queried if the backup1 server stops responding
|
backup3 |
Set the OD server that is queried if the backup2 server stops responding
|
tls-enable |
Enable TLS authentication that the local AP, as an LDAP client, uses with the OD server (Default: Disabled)
|
aaa radius-server local ldap-auth {primary|backup1|backup2|backup3} type tls ca-cert <string> [ client-cert <string> private-key <string> [ private-key-password <string> ] ] [ verify-server {never|try|demand} ]
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
ldap-auth |
Set the authentication method that the local AP, as an LDAP client, uses with the LDAP server
|
primary |
Set the authentication method for the first LDAP server
|
backup1 |
Set the authentication method for the second LDAP server
|
backup2 |
Set the authentication method for the third LDAP server
|
backup3 |
Set the authentication method for the fouth LDAP server
|
type |
Set the authentication type to use for LDAP communications
|
tls |
Set the authentication type as TLS (Transport Layer Security)
|
ca-cert |
Set the CA certificate that the local AP uses when authenticating itself as an LDAP client to an LDAP server
|
<string> |
Enter the file name of the CA certificate (1-32 chars)
|
client-cert |
Set the client certificate that the local AP uses when authenticating itself to an LDAP server
|
<string> |
Enter the file name of the client certificate (1-32 chars)
|
private-key |
Set the private key that the local AP uses to authenticate itself to an LDAP server
|
<string> |
Enter the name of the private key file (1-32 chars)
|
private-key-password |
Set the password for the private key that is used when forming a TLS tunnel
|
<string> |
Enter the password (1-32 chars)
|
verify-server |
Set options for verifying the LDAP server (Default: LDAP server verification is try.)
|
never |
never verify the identity of the LDAP server (Default: try)
|
try |
try verify the identity of the LDAP server (Default: try)
|
demand |
demand verify the identity of the LDAP server (Default: try)
|
aaa radius-server local library-sip-policy <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
library-sip-policy |
Set a library SIP policy to enforce when the local RADIUS server acts as a library SIP client
|
<string> |
Enter the library SIP policy name (1-32 chars)
|
aaa radius-server local local-check-period <number>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
local-check-period |
Set the length of time that the local AP RADIUS server checks just its cache of user-authentication responses and its own database before retrying previously unresponsive LDAP servers
|
<number> |
Enter the interval for checking the local RADIUS cache and database (Default: 300 secs; Min: 30; Max: 3600)
|
aaa radius-server local nas <string> shared-key <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
nas |
Set parameters for communicating with other hive members acting as the RADIUS NAS (Network Access Server) devices
|
<string> |
Enter the IP address or resolvable domain name (1-32 chars) for a single NAS device or the subnet for multiple devices
|
shared-key |
Set the shared secret for authenticating communications with the RADIUS NAS
|
<string> |
Enter the shared secret (1-31 chars)
|
aaa radius-server local nas <string> tls
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
nas |
Set parameters for communicating with other hive members acting as the RADIUS NAS (Network Access Server) devices
|
<string> |
Enter the IP address or resolvable domain name (1-32 chars) for a single NAS device or the subnet for multiple devices
|
tls |
Set TLS (Transport Layer Security) encryption for securing communications with the RADIUS NAS devices
|
aaa radius-server local port <number>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
port |
Set the local RADIUS port number
|
<number> |
Enter the RADIUS port number (Default: 1812; Range: 1-65535)
|
aaa radius-server local remote-check-period <number>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
remote-check-period |
Set the length of time that the local AP RADIUS server will repeatedly try contacting an unresponsive LDAP server before giving up
|
<number> |
Enter the LDAP server retry interval (Default: 30 secs; Min: 10; Max: 3600)
|
aaa radius-server local retry-interval <number>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
retry-interval |
Set the interval after which the AP RADIUS server tries to contact a previously unresponsive primary LDAP server (even if a backup server is currently responding)
|
<number> |
Enter the interval for retrying the primary LDAP server (Default: 600 secs; Min: 60; Max: 200000000)
|
aaa radius-server local shared-secret-auto-gen
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
shared-secret-auto-gen |
Enable the automatic generation of shared secrets when static entries are not found (Default: Enabled)
|
aaa radius-server local sta-auth ca-cert <string> server-cert <string> private-key <string> [ private-key-password <string> ]
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
sta-auth |
Set the authentication type and certificate parameters for authenticating users
|
ca-cert |
Set the CA certificate for a TLS (Transport Layer Security) tunnel
|
<string> |
Enter the file name of the CA certificate (1-32 chars)
|
server-cert |
Set the server certificate used when forming a TLS tunnel
|
<string> |
Enter the file name of the server certificate (1-32 chars)
|
private-key |
Set the private key used when forming a TLS tunnel
|
<string> |
Enter the name of the private key file (1-32 chars)
|
private-key-password |
Set the password for encrypting the private key used when forming a TLS tunnel
|
<string> |
Enter a password (1-64 chars)
|
aaa radius-server local sta-auth default-type {leap|peap|tls|ttls|md5}
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
sta-auth |
Set the authentication type and certificate parameters for authenticating users
|
default-type |
Set the default RADIUS authentication type
|
leap |
Set LEAP (Lightweight Extensible Authentication Protocol) as the default RADIUS authentication type (Default: peap)
|
peap |
Set PEAP (Protected Extensible Authentication Protocol) as the default RADIUS authentication type (Default: peap)
|
tls |
Set TLS (Transport Layer Security) as the default RADIUS authentication type (Default: peap)
|
ttls |
Set TTLS (Tunneled TLS) as the default RADIUS authentication type (Default: peap)
|
md5 |
Set MD5 as the default RADIUS authentication type (Default: peap)
|
aaa radius-server local sta-auth type tls {check-cert-cn|check-in-db}
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
sta-auth |
Set the authentication type and certificate parameters for authenticating users
|
type |
Set the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
|
tls |
Set TLS (Transport Layer Security) as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
|
check-cert-cn |
Check the CN (common name) in the certificate against the user name (Default: Disabled)
|
check-in-db |
Query databases to check if the user exists (Default: Disabled)
|
aaa radius-server local sta-auth type {leap|peap|tls|ttls|md5}
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
sta-auth |
Set the authentication type and certificate parameters for authenticating users
|
type |
Set the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
|
leap |
Set LEAP (Lightweight Extensible Authentication Protocol) as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
|
peap |
Set PEAP (Protected Extensible Authentication Protocol) as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
|
tls |
Set TLS (Transport Layer Security) as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
|
ttls |
Set TTLS (Tunneled TLS) as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
|
md5 |
Set MD5 as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
|
aaa radius-server local sta-auth type {peap|ttls} check-in-db
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
sta-auth |
Set the authentication type and certificate parameters for authenticating users
|
type |
Set the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
|
peap |
Set PEAP (Protected Extensible Authentication Protocol) as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
|
ttls |
Set TTLS (Tunneled TLS) as the RADIUS authentication type (Default: tls+peap+ttls+leap+md5)
|
check-in-db |
Enable the local RADIUS server to query the Active Directory database to check that user accounts are stored under the proper baseDN before authenticating them (Default: Disabled)
|
aaa radius-server local user-group <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
user-group |
Add a user group on the local RADIUS server
|
<string> |
Enter the user group name (1-32 chars)
|
aaa radius-server local {enable|cache}
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
local |
Set the local Aerohive device as a RADIUS server
|
enable |
Enable RADIUS server functionality on the local AP
|
cache |
Set parameters for caching user-authentication responses from external LDAP servers
|
aaa radius-server name <string> acct-port <port>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
name |
Set the name for the RADIUS server
|
<string> |
Enter the name of the RADIUS server (1-32 chars; Note: Use this name when assigning the server to a realm.)
|
acct-port |
Set the RADIUS accounting port number
|
<port> |
[1~65535]Enter the RADIUS accounting port number (Default: 1813; Range: 1-65535)
|
aaa radius-server name <string> auth-port <port>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
name |
Set the name for the RADIUS server
|
<string> |
Enter the name of the RADIUS server (1-32 chars; Note: Use this name when assigning the server to a realm.)
|
auth-port |
Set the RADIUS authentication port number
|
<port> |
[1~65535]Enter the RADIUS authentication port number (Default: 1812; Range: 1-65535)
|
aaa radius-server name <string> server <string> shared-secret <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
name |
Set the name for the RADIUS server
|
<string> |
Enter the name of the RADIUS server (1-32 chars; Note: Use this name when assigning the server to a realm.)
|
server |
Set the IP address or resolvable domain name for the RADIUS server
|
<string> |
Enter the IP address or domain name (max 32 chars)
|
shared-secret |
Set the shared secret for authenticating communications with a RADIUS server
|
<string> |
Enter the shared secret (1-64 chars; Note: The RADIUS shared secret is case sensitive and can contain spaces.)
|
aaa radius-server name <string> server <string> tls
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
name |
Set the name for the RADIUS server
|
<string> |
Enter the name of the RADIUS server (1-32 chars; Note: Use this name when assigning the server to a realm.)
|
server |
Set the IP address or resolvable domain name for the RADIUS server
|
<string> |
Enter the IP address or domain name (max 32 chars)
|
tls |
Set TLS (Transport Layer Security) encryption for authenticating communications with the RADIUS server
|
aaa radius-server name <string> tls-port <port>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
name |
Set the name for the RADIUS server
|
<string> |
Enter the name of the RADIUS server (1-32 chars; Note: Use this name when assigning the server to a realm.)
|
tls-port |
Set the TLS (Transport Layer Security) port number
|
<port> |
[1~65535]Enter the TLS port number (Range: 1-65535; Default: 2083)
|
aaa radius-server proxy dead-time <number>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
proxy |
Set parameters for proxying RADIUS requests
|
dead-time |
Set the interval after which the AP tries to contact a previously unresponsive RADIUS server
|
<number> |
Enter the interval in seconds (Default: 300; Range: 30-3600)
|
aaa radius-server proxy inject operator-name
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
proxy |
Set parameters for proxying RADIUS requests
|
inject |
Set injection parameters for RADIUS Access-Request and Accounting-Request packets
|
operator-name |
Set the operator name of the RADIUS Access-Request and Accounting-Request packets (Note: The operator name contains the operator namespace ID and the operator name. The operator name is combined with the namespace ID to uniquely identify the owner of the access network.)
|
aaa radius-server proxy radsec acct-port <port>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
proxy |
Set parameters for proxying RADIUS requests
|
radsec |
Set parameters to proxy RADIUS requests over a secure TLS tunnel between the local device and a RADIUS server
|
acct-port |
Set the RadSec proxy accounting port number
|
<port> |
[1~65535]Enter the RadSec proxy accounting port number (Range: 1-65535; Default: 1813)
|
aaa radius-server proxy radsec auth-port <port>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
proxy |
Set parameters for proxying RADIUS requests
|
radsec |
Set parameters to proxy RADIUS requests over a secure TLS tunnel between the local device and a RADIUS server
|
auth-port |
Set the RadSec proxy authentication port number
|
<port> |
[1~65535]Enter the RadSec proxy authentication port number (Range: 1-65535; Default: 1812)
|
aaa radius-server proxy radsec dynamic-auth-extension
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
proxy |
Set parameters for proxying RADIUS requests
|
radsec |
Set parameters to proxy RADIUS requests over a secure TLS tunnel between the local device and a RADIUS server
|
dynamic-auth-extension |
Enable the RadSec proxy to accept unsolicited messages from the RADIUS authentication server (Default: Disabled)
|
aaa radius-server proxy radsec enable
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
proxy |
Set parameters for proxying RADIUS requests
|
radsec |
Set parameters to proxy RADIUS requests over a secure TLS tunnel between the local device and a RADIUS server
|
enable |
Enable RadSec proxy functionality on the Aerohive device
|
aaa radius-server proxy radsec realm <string> {primary|backup} <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
proxy |
Set parameters for proxying RADIUS requests
|
radsec |
Set parameters to proxy RADIUS requests over a secure TLS tunnel between the local device and a RADIUS server
|
realm |
Set parameters for proxying requests to RADIUS servers based on the realm specified in submitted user names
|
<string> |
Enter the realm name (1-32 chars; Note: Assign a server to the "NULL" realm to proxy requests that do not include a realm name to that server. Assign a server to "DEFAULT" to send it requests containing an unconfigured realm.)
|
primary |
Assign a primary RADIUS server to the realm
|
backup |
Assign a backup RADIUS server to the realm
|
<string> |
Enter the RADIUS server name (1-32 chars)
|
aaa radius-server proxy radsec tls-port <port>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
proxy |
Set parameters for proxying RADIUS requests
|
radsec |
Set parameters to proxy RADIUS requests over a secure TLS tunnel between the local device and a RADIUS server
|
tls-port |
Set the auth proxy TLS port number (Max: 8 ports per Aerohive device)
|
<port> |
[1~65535]Enter the auth proxy TLS port number (Range: 1-65535; Default: 80,443)
|
aaa radius-server proxy realm <string> no-strip
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
proxy |
Set parameters for proxying RADIUS requests
|
realm |
Set parameters for proxying requests to RADIUS servers based on the realm specified in submitted user names
|
<string> |
Enter the realm name (1-32 chars; Note: Assign a server to the "NULL" realm to proxy requests that do not include a realm name to that server. Assign a server to "DEFAULT" to send it requests containing an unconfigured realm.)
|
no-strip |
Do not strip the realm name from a submitted user name when proxying requests to the RADIUS server (Default: The realm name is stripped from proxied requests.)
|
aaa radius-server proxy realm <string> {primary|backup} <string>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
proxy |
Set parameters for proxying RADIUS requests
|
realm |
Set parameters for proxying requests to RADIUS servers based on the realm specified in submitted user names
|
<string> |
Enter the realm name (1-32 chars; Note: Assign a server to the "NULL" realm to proxy requests that do not include a realm name to that server. Assign a server to "DEFAULT" to send it requests containing an unconfigured realm.)
|
primary |
Assign a primary RADIUS server to the realm
|
backup |
Assign a backup RADIUS server to the realm
|
<string> |
Enter the RADIUS server name (1-32 chars)
|
aaa radius-server proxy realm format {nai|nt-domain}
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
proxy |
Set parameters for proxying RADIUS requests
|
realm |
Set parameters for proxying requests to RADIUS servers based on the realm specified in submitted user names
|
format |
Set the format in which a realm name is appended to a user's name in request packets
|
nai |
Set NAI (network access identifier) as the realm name format: user@realm (Default: NAI)
|
nt-domain |
Set Windows NT domain as the realm name format: realm\user (Default: NAI)
|
aaa radius-server proxy retry-delay <number> retry-count <number>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
proxy |
Set parameters for proxying RADIUS requests
|
retry-delay |
Set the interval to wait for a response from the RADIUS server before resending a proxied request
|
<number> |
Enter the interval between retries in seconds (Default: 5; Range: 3-10)
|
retry-count |
Set the number of times to retry proxying a request to the RADIUS server
|
<number> |
Enter the number of retries (Default: 3; Range: 1-10)
|
aaa radius-server retry-interval <number>
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
retry-interval |
Set RADIUS server retry interval
|
<number> |
Enter RADIUS server retry interval (Default: 600 secs; Range: 60-100000000)
|
aaa radius-server {primary|backup1|backup2|backup3} <ip_addr|string> [ shared-secret <string> ] [ auth-port <number> ] [ acct-port <number> ] [ via-vpn-tunnel ]
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
primary |
Set the RADIUS server that is first queried when authenticating users
|
backup1 |
Set the RADIUS server that is queried if the primary server stops responding
|
backup2 |
Set the RADIUS server that is queried if the backup1 server stops responding
|
backup3 |
Set the RADIUS server that is queried if the backup2 server stops responding
|
<ip_addr> |
Enter an IP address or a domain name for the RADIUS server (max 32 chars)
|
<string> |
Enter an IP address or a domain name for the RADIUS server (max 32 chars)
|
shared-secret |
Set the shared secret for authenticating communications with a RADIUS server
|
<string> |
Enter the shared secret for authenticating communications with a RADIUS server (1-64 chars)
|
auth-port |
Set the RADIUS authentication port number
|
<number> |
Enter the RADIUS authentication port number (Default: 1812; Range: 1-65535)
|
acct-port |
Set the RADIUS accounting port number
|
<number> |
Enter the RADIUS accounting port number (Default: 0; Range: 0-65535)
|
via-vpn-tunnel |
Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when the RADIUS server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
|
access-console custom-ssid <string>
|
access-console |
Set access console parameters
|
custom-ssid |
Set custom SSID profile name for the access console
|
<string> |
Enter an SSID profile name (1-32 chars)
|
access-console hide-ssid
|
access-console |
Set access console parameters
|
hide-ssid |
Hide the SSID in beacons and ignore broadcast probe requests(Default: disabled)
|
access-console max-client <number>
|
access-console |
Set access console parameters
|
max-client |
Set the maximum number of clients that can associate with the access console SSID
|
<number> |
Enter the maximum number of clients that can associate (Default: 2; Range: 1-64)
|
access-console mode {auto|disable|enable}
|
access-console |
Set access console parameters
|
mode |
Set the mode for the access console (Note: 'auto' enables the access console only when there is no Ethernet or wireless backhaul connection. 'enable' and 'disable' set the mode manually.)
|
auto |
Set the mode as auto (Default: auto)
|
disable |
Set the mode as disable (Default: auto)
|
enable |
Set the mode as enable (Default: auto)
|
access-console security mac-filter <string>
|
access-console |
Set access console parameters
|
security |
Set the security parameters for the access console
|
mac-filter |
Assign a MAC filter to the access console to restrict access only to those MAC addresses and OUIs (organizational unique identifiers) specified in the filter
|
<string> |
Enter the filter name (1-32 chars)
|
access-console security protocol-suite open
|
access-console |
Set access console parameters
|
security |
Set the security parameters for the access console
|
protocol-suite |
Set the security protocol suite for the access console
|
open |
Set the security protocol suite as open
|
access-console security protocol-suite {wpa-aes-psk|wpa-tkip-psk|wpa2-aes-psk|wpa2-tkip-psk|wpa-auto-psk} ascii-key <string>
|
access-console |
Set access console parameters
|
security |
Set the security parameters for the access console
|
protocol-suite |
Set the security protocol suite for the access console
|
wpa-aes-psk |
Set the security protocol suite as wpa-aes-psk
|
wpa-tkip-psk |
Set the security protocol suite as wpa-tkip-psk
|
wpa2-aes-psk |
Set the security protocol suite as wpa2-aes-psk
|
wpa2-tkip-psk |
Set the security protocol suite as wpa2-tkip-psk
|
wpa-auto-psk |
Set the security protocol suite as wpa-auto-psk
|
ascii-key |
Set key type as an ASCII string
|
<string> |
Enter the ASCII key value (8-63 chars)
|
access-console telnet
|
access-console |
Set access console parameters
|
telnet |
Enable Telnet manageability of the access console (Default: enabled)
|
admin auth radius-method [ {pap|chap|ms-chap-v2} ]
|
admin |
Set the administrator parameters
|
auth |
Set the administrators authentication method
|
radius-method |
Authenticate admins by checking accounts stored on an external RADIUS server
|
pap |
Set PAP (Password Authentication Protocol) as the method for sending authentication requests between the AP and RADIUS server (Default: PAP)
|
chap |
Set CHAP (Challenge-Handshake Authentication Protocol) as the method for sending authentication requests between the AP and RADIUS server (Default: PAP)
|
ms-chap-v2 |
Set MS-CHAP-v2 (Microsoft CHAP Version 2) as the method for sending authentication requests between the AP and RADIUS server (Default: PAP)
|
admin auth {local|radius|both}
|
admin |
Set the administrator parameters
|
auth |
Set the administrators authentication method
|
local |
Authenticate admins by checking accounts stored on the local database (Default: local)
|
radius |
Authenticate admins by checking accounts stored on an external RADIUS server
|
both |
Authenticate admins by checking accounts on an external RADIUS server first and the local database second
|
admin manager-ip <ip_addr/netmask>
|
admin |
Set the administrator parameters
|
manager-ip |
Allow administrative access from a host or subnet (By default, access from all addresses are allowed.)
|
<ip_addr/netmask> |
Enter an IP address and netmask
|
admin min-password-length <number>
|
admin |
Set the administrator parameters
|
min-password-length |
Set the minimum password length
|
<number> |
Enter the minimum password length (Default: 8; Range: 8-32)
|
admin root-admin <string> password <string>
|
admin |
Set the administrator parameters
|
root-admin |
The root-admin has complete privileges, including the ability to add, modify, and delete other admins
|
<string> |
Enter root-admin name (3-20 chars)
|
password |
Set password for the root-admin
|
<string> |
Set password for the root-admin ([min-password-length]-32 chars, use CLI "show min-password-length" to get value of min-password-length, default: 8)
|
admin {read-write|read-only} <string> password <string>
|
admin |
Set the administrator parameters
|
read-write |
The read-write admin has the ability to view, set commands and modify his or her own password, but not the ability to reset the configuration or add, modify, and delete other admins
|
read-only |
The read-only admin has the ability to view settings
|
<string> |
Enter an admin user's name (3-20 chars)
|
password |
Set password for the user
|
<string> |
Set password for the user ([min-password-length]-32 chars, use CLI "show min-password-length" to get value of min-password-length, default: 8)
|
alg {ftp|tftp|sip|dns|http} enable
|
alg |
Set ALG (Application Level Gateway) parameters
|
ftp |
Set an FTP (File Transfer Protocol) ALG
|
tftp |
Set a TFTP (Trivial File Transfer Protocol) ALG
|
sip |
Set a SIP (Session Initiation Protocol) ALG
|
dns |
Set a DNS (Domain Name System) ALG
|
http |
Set an HTTP ALG
|
enable |
Enable ALG functionality
|
alg {ftp|tftp|sip|dns} qos <number>
|
alg |
Set ALG (Application Level Gateway) parameters
|
ftp |
Set an FTP (File Transfer Protocol) ALG
|
tftp |
Set a TFTP (Trivial File Transfer Protocol) ALG
|
sip |
Set a SIP (Session Initiation Protocol) ALG
|
dns |
Set a DNS (Domain Name System) ALG
|
qos |
Set an Aerohive QoS class for ALG data traffic
|
<number> |
Enter an Aerohive QoS class (Default: 0 for FTP, 0 for TFTP, 6 for SIP, 0 for DNS; Range: 0-7)
|
alg {ftp|tftp|sip} inactive-data-timeout <number>
|
alg |
Set ALG (Application Level Gateway) parameters
|
ftp |
Set an FTP (File Transfer Protocol) ALG
|
tftp |
Set a TFTP (Trivial File Transfer Protocol) ALG
|
sip |
Set a SIP (Session Initiation Protocol) ALG
|
inactive-data-timeout |
Set a timeout to close an inactive gate
|
<number> |
Enter an inactive gateway timeout value in seconds (Default: 30 for FTP, 30 for TFTP, 60 for SIP; Range: 1-1800s)
|
alg {ftp|tftp|sip} max-duration <number>
|
alg |
Set ALG (Application Level Gateway) parameters
|
ftp |
Set an FTP (File Transfer Protocol) ALG
|
tftp |
Set a TFTP (Trivial File Transfer Protocol) ALG
|
sip |
Set a SIP (Session Initiation Protocol) ALG
|
max-duration |
Set the maximum duration for the ALG
|
<number> |
Enter the maximum duration in minutes (Default: 60 for FTP, 60 for TFTP, 720 for SIP; Range: 1-7200(min))
|
amrp interface <ethx> priority <number>
|
amrp |
Set AMRP (Advanced Mobility Routing Protocol) parameters
|
interface |
Set AMRP parameters per interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
priority |
Set a priority for the AP to be elected as a DA (designated AP) on the Ethernet link to which the interface connects
|
<number> |
Enter the priority value (Range: 0-255; Default: 0; Note: The greater the number is, the higher its priority, and the more preferred the AP will be during the DA election process. For example, 100 has a higher priority than 50.)
|
amrp metric poll-interval <number>
|
amrp |
Set AMRP (Advanced Mobility Routing Protocol) parameters
|
metric |
Set route metric parameters for the backhaul link (Ethernet and wireless)
|
poll-interval |
Set the interval for polling neighbors to determine current route metrics
|
<number> |
Enter the poll-interval value (Default: 60 secs; Range: 10-300)
|
amrp metric type {aggressive|conservative|normal}
|
amrp |
Set AMRP (Advanced Mobility Routing Protocol) parameters
|
metric |
Set route metric parameters for the backhaul link (Ethernet and wireless)
|
type |
Set the type of behavior governing dynamic changes to route metrics
|
aggressive |
Change route metrics to aggressive (Default: normal)
|
conservative |
Change route metrics to conservative (Default: normal)
|
normal |
Change route metrics to normal (Default: normal)
|
amrp neighbor <mac_addr> metric min <number> max <number>
|
amrp |
Set AMRP (Advanced Mobility Routing Protocol) parameters
|
neighbor |
Specify the neighbor to which you want to set AMRP parameters
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
metric |
Set route metric parameters for the backhaul link (Ethernet and wireless) to the neighbor
|
min |
Set the minimum metric value
|
<number> |
Enter the minimum metric value (Default: 67; Range: 8-1200)
|
max |
Set the maximum metric value equal to or greater than the minimum value
|
<number> |
Enter the maximum metric value (Default: 67; Range: 8-1200)
|
amrp vpn-tunnel heartbeat interval <number> retry <number>
|
amrp |
Set AMRP (Advanced Mobility Routing Protocol) parameters
|
vpn-tunnel |
Set parameters for VPN tunneling
|
heartbeat |
Set AMRP (Advanced Mobility Routing Protocol) heartbeat parameters for VPN tunnel
|
interval |
Set the interval for sending AMRP heartbeats through the tunnel
|
<number> |
Enter the heartbeat interval in seconds (Range: 0-65535; Default: 10; Note: 0 disables AMRP heartbeats.)
|
retry |
Set the number of times to retry sending a heartbeat when it does not elicit a response
|
<number> |
Enter the number of heartbeats to retry sending (Range: 1-255; Default: 10)
|
application identification cdp-index <number> cdp-name <string>
|
application |
Set L7 related parameters
|
identification |
Set L7 identification related parameters
|
cdp-index |
Set index for custom defined application
|
<number> |
Enter the index for custom defined application (Range: 19000-19099)
|
cdp-name |
Specify name for custom defined application
|
<string> |
Enter the name of the custom defined application (1 to 8 characters)
|
application identification cdp-index <number> cdp-rule <string> cdp-module {TCP|UDP|HTTP|TLS}
|
application |
Set L7 related parameters
|
identification |
Set L7 identification related parameters
|
cdp-index |
Set index for custom defined application
|
<number> |
Enter the index for custom defined application (Range: 19000-19099)
|
cdp-rule |
Specify the rule for custom defined application
|
<string> |
Enter the rule for custom defined application (1 to 255 characaters)
|
cdp-module |
Specify the module for custom defined application rule
|
TCP |
Enter the module for custom defined application rule TCP
|
UDP |
Enter the module for custom defined application rule UDP
|
HTTP |
Enter the module for custom defined application rule HTTP
|
TLS |
Enter the module for custom defined application rule TLS
|
application identification name <string> value <string>
|
application |
Set L7 related parameters
|
identification |
Set L7 identification related parameters
|
name |
Enter the name of L7 identification parameter
|
<string> |
Enter the name of L7 identification parameter
|
value |
Enter the value of L7 identification parameter
|
<string> |
Enter the value of L7 identification parameter
|
application reporting app-id <string>
|
application |
Set L7 related parameters
|
reporting |
Set L7 application reporting related parameters
|
app-id |
Set L7 app-id related parameters
|
<string> |
Enter an app-ids' list seperated by comma
|
application reporting app-id <string> enable
|
application |
Set L7 related parameters
|
reporting |
Set L7 application reporting related parameters
|
app-id |
Set L7 app-id related parameters
|
<string> |
Enter an app-ids' list seperated by comma
|
enable |
Enable L7 application reporting for the specified app-id
|
application reporting collection-period <number> report-period <number>
|
application |
Set L7 related parameters
|
reporting |
Set L7 application reporting related parameters
|
collection-period |
Set L7 collection-period related parameters
|
<number> |
Enter a number in increments of 60 between 60~3600 (Default: 3600)
|
report-period |
Set L7 report-period related parameters
|
<number> |
Enter a number in increments of 60 between 60~3600 (Default: 3600)
|
application reporting watch-list <string>
|
application |
Set L7 related parameters
|
reporting |
Set L7 application reporting related parameters
|
watch-list |
Set L7 a watch list related parameters
|
<string> |
Enter watch list composed of app-ids and separated by comma
|
application reporting watch-list <string> enable
|
application |
Set L7 related parameters
|
reporting |
Set L7 application reporting related parameters
|
watch-list |
Set L7 a watch list related parameters
|
<string> |
Enter watch list composed of app-ids and separated by comma
|
enable |
Enable L7 application reporting for the specified app-id forcibly
|
application reporting {enable|disable|auto}
|
application |
Set L7 related parameters
|
reporting |
Set L7 application reporting related parameters
|
enable |
Enable L7 application reporting
|
disable |
Disable L7 application reporting
|
auto |
Automate L7 application reporting
|
bonjour-gateway enable
|
bonjour-gateway |
Set parameters for the device to act as a Bonjour Gateway, collecting, filtering, and sharing Bonjour services across subnets/VLANs
|
enable |
Enable Bonjour gateway functionality (Default: Enabled)
|
bonjour-gateway filter rule <number> [ from <string> ] <string> [ to <string> ] [ metric <number> ]
|
bonjour-gateway |
Set parameters for the device to act as a Bonjour Gateway, collecting, filtering, and sharing Bonjour services across subnets/VLANs
|
filter |
Set a filter to control which Bonjour services the local gateway transmits to remote gateways
|
rule |
Set a Bonjour gateway filter rule to determine which services get advertised to Bonjour gateways in other subnets
|
<number> |
Enter the ID for the rule (Range 1-128)
|
from |
Set the source from which services are advertised
|
<string> |
Enter the source VLAN group name (1-32 chars)
|
<string> |
Enter the text string to filter which services are advertised (1-64 chars; Note: A service is advertised if its name matches the string in a rule. You can use asterisks as wildcards)
|
to |
Set the VLAN group to which services are advertised
|
<string> |
Enter the destination VLAN group name (1-32 chars)
|
metric |
Set the maximum number of hops away from the local BDD to accept service advertisements (Note: An immediately neighboring BDD is one hop away, a neighbor of that neighbor is two hops away, and so on.)
|
<number> |
Enter the maximum distance from which service advertisements are acceptable (Range: 0-100; Default: 0; Note: A value of 0 means that there is no maximum distance.)
|
bonjour-gateway filter rule <number> {before|after} rule <number>
|
bonjour-gateway |
Set parameters for the device to act as a Bonjour Gateway, collecting, filtering, and sharing Bonjour services across subnets/VLANs
|
filter |
Set a filter to control which Bonjour services the local gateway transmits to remote gateways
|
rule |
Set a Bonjour gateway filter rule to determine which services get advertised to Bonjour gateways in other subnets
|
<number> |
Enter the ID for the rule (Range 1-128)
|
before |
Move the rule before another rule in the Bonjour Gateway filter
|
after |
Move the rule after another rule in the Bonjour Gateway filter
|
rule |
Set a Bonjour gateway filter rule to determine which services get advertised to Bonjour gateways in other subnets
|
<number> |
Enter the ID for the rule (Range 1-128)
|
bonjour-gateway neighbor <ip_addr|string>
|
bonjour-gateway |
Set parameters for the device to act as a Bonjour Gateway, collecting, filtering, and sharing Bonjour services across subnets/VLANs
|
neighbor |
Set an AP or CVG as a remote BDD (Bonjour Dedicated Device)
|
<ip_addr> |
Enter the IP address or resolvable domain name (1-32 chars) of the remote BDD
|
<string> |
Enter the IP address or resolvable domain name (1-32 chars) of the remote BDD
|
bonjour-gateway priority <number>
|
bonjour-gateway |
Set parameters for the device to act as a Bonjour Gateway, collecting, filtering, and sharing Bonjour services across subnets/VLANs
|
priority |
Set the priority of the local device to be elected as the BDD (Bonjour Designated Device)
|
<number> |
Enter the BDD election priority (Range: 0-255; Defaults: SR platform=50, BR200 series=40, VG-VA/VG-1U=25, AP230=21, AP330/AP350=20, AP320/AP340=15, AP120/AP121/AP141/AP170=10, AP110=5; Note: Values closer to 255 have higher priority.)
|
bonjour-gateway realm <string>
|
bonjour-gateway |
Set parameters for the device to act as a Bonjour Gateway, collecting, filtering, and sharing Bonjour services across subnets/VLANs
|
realm |
Set the name of the Bonjour realm to which the local device belongs
|
<string> |
Enter the Bonjour realm name (1-128 chars)
|
bonjour-gateway vlan <number> [ <number> ]
|
bonjour-gateway |
Set parameters for the device to act as a Bonjour Gateway, collecting, filtering, and sharing Bonjour services across subnets/VLANs
|
vlan |
Set the VLAN or range of VLANs in which to probe for DHCP servers
|
<number> |
Enter the VLAN ID to be probed (Range: 1-4094; Note: If you are defining a range of VLANs, this is the starting point of that range.)
|
<number> |
Enter the last VLAN ID in the range (Range: 1-4094)
|
boot-param boot-file <string>
|
boot-param |
Set parameters for the boot loader
|
boot-file |
Set the file name of the HiveOS image that you want to load on the local HiveAP through a network connection to a TFTP server
|
<string> |
Enter the file name (1-127 chars)
|
boot-param boot-password <string>
|
boot-param |
Set parameters for the boot loader
|
boot-password |
Set the password that a root admin must enter to interrupt the auto-boot sequence
|
<string> |
Enter the password (8-32 chars)
|
boot-param country-code <number>
|
boot-param |
Set parameters for the boot loader
|
country-code |
Set the country code used to control radio channel and power selections
|
<number> |
Enter a country code value (Default: 0; Range: 1-10000)
|
boot-param device <ip_addr/netmask>
|
boot-param |
Set parameters for the boot loader
|
device |
Set the IP address and netmask of the local HiveAP device
|
<ip_addr/netmask> |
Enter the IP address and netmask
|
boot-param device <ip_addr> <netmask>
|
boot-param |
Set parameters for the boot loader
|
device |
Set the IP address and netmask of the local HiveAP device
|
<ip_addr> |
Enter the IP address
|
<netmask> |
Enter the IP netmask
|
boot-param gateway <ip_addr>
|
boot-param |
Set parameters for the boot loader
|
gateway |
Set the IP address of the gateway so that the local HiveAP can reach the TFTP server with the HiveOS image that you want to load
|
<ip_addr> |
Enter the IP address
|
boot-param image-download enable
|
boot-param |
Set parameters for the boot loader
|
image-download |
Set the ability of the local HiveAP to download a HiveOS image from an external TFTP server during the bootup process (Default: Enabled; Note: Only a root-admin can enable and disable image loading from an external source during bootup.)
|
enable |
Enable the ability to download a HiveOS image from a TFTP server to the local HiveAP
|
boot-param native-vlan <number>
|
boot-param |
Set parameters for the boot loader
|
native-vlan |
Set the native VLAN ID of the local HiveAP
|
<number> |
Enter the VLAN ID (Default: 0; Range: 0-4094)
|
boot-param netboot enable
|
boot-param |
Set parameters for the boot loader
|
netboot |
Set the HiveAP to boot up automatically from an external TFTP server after an application crash occurs
|
enable |
Enable the ability to boot up automatically from an external TFTP server after an application crash occurs
|
boot-param netdump dump-file [ <string> ]
|
boot-param |
Set parameters for the boot loader
|
netdump |
Set parameters for saving a core dump to the TFTP server specified in the "boot-param server" command (Note: If the HiveAP crashes, it saves a core dump file to the TFTP server in its next rebooting phase)
|
dump-file |
Set the name of the core dump file to be saved to the TFTP server
|
<string> |
Enter the name of the core dump file (Default name: .netdump; 1-32 chars)
|
boot-param netdump enable
|
boot-param |
Set parameters for the boot loader
|
netdump |
Set parameters for saving a core dump to the TFTP server specified in the "boot-param server" command (Note: If the HiveAP crashes, it saves a core dump file to the TFTP server in its next rebooting phase)
|
enable |
Enable the netdump feature (Default: Disabled)
|
boot-param server <ip_addr>
|
boot-param |
Set parameters for the boot loader
|
server |
Set the IP address of the TFTP server that has the HiveOS image file that you want to load
|
<ip_addr> |
Enter the IP address
|
boot-param vlan <number>
|
boot-param |
Set parameters for the boot loader
|
vlan |
Set the VLAN that the local HiveAP must use to reach the TFTP server
|
<number> |
Enter the VLAN ID (Default: 0; Range: 0-4094)
|
cac airtime-per-second <number>
|
cac |
Set CAC (Call Admission Control) parameters for regulating the admission of new VoIP calls
|
airtime-per-second |
Set airtime reserved for VoIP calls
|
<number> |
Enter the airtime for VoIP calls (Default: 500ms; Range: 100ms-1000ms)
|
cac enable
|
cac |
Set CAC (Call Admission Control) parameters for regulating the admission of new VoIP calls
|
enable |
Enable CAC protection of VoIP traffic
|
cac roaming airtime-percentage <number>
|
cac |
Set CAC (Call Admission Control) parameters for regulating the admission of new VoIP calls
|
roaming |
Set parameters for VoIP calls when a client roams
|
airtime-percentage |
Set the percentage of airtime reserved for VoIP calls during roaming
|
<number> |
Enter the percentage of reserved airtime (Default: 20; Range: 0-100)
|
capture interface <wifix> [ count <number> ] [ filter <number> ] [ promiscuous ]
|
capture |
Set packet capture parameters
|
interface |
Enable packet capturing on a radio interface
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
count |
Set the number of frames to capture
|
<number> |
Enter the number of frames to capture (Default: 2000; Range: 1-100000)
|
filter |
Set the packet capture filter
|
<number> |
Enter a filter ID (Range: 1-64)
|
promiscuous |
Enable the wifi interfaces to operate in promiscuous mode during packet capturing (Default: Disabled)
|
capture save interface <wifix> <string>
|
capture |
Set packet capture parameters
|
save |
Set the packet capture tool to save captured packets to a file
|
interface |
Set the packet capture tool to save captured packets to a file on a radio interface
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
<string> |
Enter a local file name or the remote location, path, and file name (Format: filename or tftp://server:/path/filename; Default: wifix.dmp)
|
capwap client HTTP proxy name <string> port <number>
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
client |
Set CAPWAP client parameters
|
HTTP |
Set HTTP as the application-level protocol using TCP as the transport mode
|
proxy |
Set parameters for the HTTP proxy server
|
name |
Set the HTTP proxy server name
|
<string> |
Enter the IP address or domain name of the HTTP proxy server (1-32 chars)
|
port |
Set the HTTP proxy server port number
|
<number> |
Enter the port number (Range: 1-65535)
|
capwap client HTTP proxy user <string> password <string>
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
client |
Set CAPWAP client parameters
|
HTTP |
Set HTTP as the application-level protocol using TCP as the transport mode
|
proxy |
Set parameters for the HTTP proxy server
|
user |
Set the user name for authenticating the HiveAP with the HTTP proxy server
|
<string> |
Enter the authentication user name (1-32 chars)
|
password |
Set the user password for authenticating the HiveAP with the HTTP proxy server
|
<string> |
Enter the password (1-32 chars)
|
capwap client default-server-name <string>
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
client |
Set CAPWAP client parameters
|
default-server-name |
Set the default IP address or domain name for the CAPWAP server
|
<string> |
Enter IP address or name for CAPWAP server (1-32 chars)
|
capwap client discovery interval <number>
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
client |
Set CAPWAP client parameters
|
discovery |
Set CAPWAP client discovery parameters
|
interval |
Set CAPWAP discovery interval
|
<number> |
Enter the CAPWAP discovery interval (Default: 5 secs; Range:1-999)
|
capwap client discovery maximum interval <number>
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
client |
Set CAPWAP client parameters
|
discovery |
Set CAPWAP client discovery parameters
|
maximum |
Set the max time in seconds to wait for a response to a Discovery Request message
|
interval |
Set the max time in seconds to wait for a response to a Discovery Request message
|
<number> |
Enter the max time to wait for a response to a Discovery Request message (Default: 10 secs; Range: 2-180)
|
capwap client discovery method {broadcast}
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
client |
Set CAPWAP client parameters
|
discovery |
Set CAPWAP client discovery parameters
|
method |
Set the CAPWAP discovery method
|
broadcast |
Enable the broadcast of CAPWAP Discovery Request messages in the local Layer 2 domain as part of the CAPWAP server discovery process (Default: Enabled)
|
capwap client dtls accept-bootstrap-passphrase
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
client |
Set CAPWAP client parameters
|
dtls |
Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
|
accept-bootstrap-passphrase |
Always accept the bootstrap passphrase proposed by HiveManager
|
capwap client dtls bootstrap-passphrase <string>
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
client |
Set CAPWAP client parameters
|
dtls |
Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
|
bootstrap-passphrase |
Set a passphrase for initial and recovery CAPWAP connections
|
<string> |
Enter the bootstrap passphrase (16-32 chars)
|
capwap client dtls enable
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
client |
Set CAPWAP client parameters
|
dtls |
Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
|
enable |
Enable CAPWAP client dtls feature
|
capwap client dtls handshake-wait-time <number>
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
client |
Set CAPWAP client parameters
|
dtls |
Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
|
handshake-wait-time |
Set the maximum time to wait for a DTLS handshake message from the CAPWAP server
|
<number> |
Enter the maximum wait time in seconds (Default: 60; Range: 30-120)
|
capwap client dtls hm-defined-passphrase <string> key-id <number>
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
client |
Set CAPWAP client parameters
|
dtls |
Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
|
hm-defined-passphrase |
Use the HiveManager-defined passphrase to secure CAPWAP communications
|
<string> |
Enter a passphrase for the HiveAP to use when making a secure CAPWAP connection (16-32 chars)
|
key-id |
Set the key ID for the passphrase
|
<number> |
Enter the key ID (Range: 1-255)
|
capwap client dtls max-retries <number>
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
client |
Set CAPWAP client parameters
|
dtls |
Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
|
max-retries |
Set the maximum number of times to retry making a DTLS connection
|
<number> |
Enter the maximum number of retries (Default: 3; Range: 1-65535)
|
capwap client dtls negotiation enable
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
client |
Set CAPWAP client parameters
|
dtls |
Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
|
negotiation |
Set the HiveAP to auto-negotiate the use of DTLS with HiveManager
|
enable |
Enable DTLS auto-negotiation
|
capwap client dtls psk <string>
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
client |
Set CAPWAP client parameters
|
dtls |
Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
|
psk |
Set the DTLS preshared key manually (instead of deriving it from a passphrase)
|
<string> |
Enter the DTLS preshared key in ASCII hex format (1-64 chars)
|
capwap client dtls session-delete-wait-time <number>
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
client |
Set CAPWAP client parameters
|
dtls |
Set DTLS (Datagram Transport Layer Security) parameters for securing the CAPWAP connection
|
session-delete-wait-time |
Set the minimum time to wait for DTLS session deletion
|
<number> |
Enter the wait time in seconds (Default: 5; Range: 1-65535)
|
capwap client enable
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
client |
Set CAPWAP client parameters
|
enable |
Enable CAPWAP client
|
capwap client join timeout <number>
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
client |
Set CAPWAP client parameters
|
join |
Set the interval that the HiveAP waits for a CAPWAP Join Response message
|
timeout |
Set the interval that the HiveAP waits for a CAPWAP Join Response message
|
<number> |
Enter join interval in seconds to wait for Join Response message (Default: 60 secs; Range: 30-999)
|
capwap client neighbor dead interval <number>
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
client |
Set CAPWAP client parameters
|
neighbor |
Set CAPWAP client neighbor parameters
|
dead |
Set the dead interval for CAPWAP neighbors
|
interval |
Set the interval in seconds to wait for ping responses before considering a CAPWAP neighbor dead
|
<number> |
Enter interval to wait for responses before considering a neighbor dead (Default: 105 secs; Range: 60-240)
|
capwap client neighbor heartbeat interval <number>
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
client |
Set CAPWAP client parameters
|
neighbor |
Set CAPWAP client neighbor parameters
|
heartbeat |
Set the heartbeat parameters for a CAPWAP neighbor
|
interval |
Set the heartbeat interval for a CAPWAP neighbor
|
<number> |
Enter the heartbeat interval for a CAPWAP neighbor (Default: 30; Range: 30-120)
|
capwap client pci-alert enable
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
client |
Set CAPWAP client parameters
|
pci-alert |
Report PCI (Payment Card Infrastructure) compliance information to HiveManager
|
enable |
Enable the reporting of PCI compliance information
|
capwap client server [ {backup} ] name <string> [ connect-delay <number> ] [ via-vpn-tunnel ]
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
client |
Set CAPWAP client parameters
|
server |
Set parameters for communicating with the CAPWAP server
|
backup |
Set the backup CAPWAP server
|
name |
Set the IP address or domain name of the CAPWAP server
|
<string> |
Enter IP address or name for CAPWAP server (1-32 chars)
|
connect-delay |
Schedule a connection to the specified CAPWAP server at a time relative to the moment the HiveAP receives the command
|
<number> |
Enter the interval in seconds after which the CAPWAP client connects (Range: 0-65535)
|
via-vpn-tunnel |
Send all CAPWAP traffic through a VPN tunnel (Note: Set this option on VPN clients when the CAPWAP server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
|
capwap client server port <number>
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
client |
Set CAPWAP client parameters
|
server |
Set parameters for communicating with the CAPWAP server
|
port |
Set the destination port number for communicating with the CAPWAP server
|
<number> |
Enter the port number (Default: 12222; Range: 1-65535)
|
capwap client silent interval <number>
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
client |
Set CAPWAP client parameters
|
silent |
Set an interval to wait after failing to receive Discovery Request responses before sending more requests
|
interval |
Set an interval to wait after failing to receive Discovery Request responses before sending more requests
|
<number> |
Enter an interval to wait after failing to receive Discovery Request responses (Default: 15 secs; Range: 1-999)
|
capwap client transport HTTP
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
client |
Set CAPWAP client parameters
|
transport |
Set the packet transport mode for CAPWAP communications
|
HTTP |
Set HTTP as the application-level protocol using TCP as the transport mode
|
capwap client vhm-name <string>
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
client |
Set CAPWAP client parameters
|
vhm-name |
Set the name of the virtual HiveManager system
|
<string> |
Enter the name of the virtual HiveManager system (1-64 chars)
|
capwap max-discoveries counter <number>
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
max-discoveries |
Set the max number of CAPWAP Discovery Request messages
|
counter |
Set the max number of CAPWAP Discovery Request messages
|
<number> |
Enter the max number of CAPWAP Discovery Request messages (Default: 3; Range: 1-999)
|
capwap ping <string> [ port <number> ] [ count <number> ] [ size <number> ] [ timeout <number> ]
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
ping |
Perform a CAPWAP ping (Note: A CAPWAP ping does not use ICMP echo requests, but UDP packets similar to those used for CAPWAP heartbeats.)
|
<string> |
Enter the IP address or domain name of the CAPWAP server (1-32 chars)
|
port |
Set the destination UDP port number for communicating with the CAPWAP server
|
<number> |
Enter the destination UDP port number for communicating with the CAPWAP server (Default: 12222; Range: 1-65535)
|
count |
Set the number of CAPWAP UDP packets to send
|
<number> |
Enter the number of packets to send (Default: 5; Range: 1-65535)
|
size |
Set the size of the UDP packets
|
<number> |
Enter the packet size in bytes (Default: 56; Range:1-1300)
|
timeout |
Set the length of time to wait for a response
|
<number> |
Enter the timeout in seconds (Default: 5; Range: 1-60)
|
capwap ping <string> [ port <number> ] flood <number> [ size <number> ] [ timeout <number> ]
|
capwap |
Set parameters for CAPWAP (Control and Provisioning of Wireless Access Points)
|
ping |
Perform a CAPWAP ping (Note: A CAPWAP ping does not use ICMP echo requests, but UDP packets similar to those used for CAPWAP heartbeats.)
|
<string> |
Enter the IP address or domain name of the CAPWAP server (1-32 chars)
|
port |
Set the destination UDP port number for communicating with the CAPWAP server
|
<number> |
Enter the destination UDP port number for communicating with the CAPWAP server (Default: 12222; Range: 1-65535)
|
flood |
Set the number of batches, each consisting of 100 CAPWAP UDP packets, to send at one time
|
<number> |
Enter the number of batches of packets(Range: 1-65535)
|
size |
Set the size of the UDP packets
|
<number> |
Enter the packet size in bytes (Default: 56; Range:1-1300)
|
timeout |
Set the length of time to wait for a response
|
<number> |
Enter the timeout in seconds (Default: 5; Range: 1-60)
|
clear aaa radius-server cache [ username <string> ]
|
clear |
Clear dynamic system information or remove all web directories
|
aaa |
Clear parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Clear RADIUS server parameters
|
cache |
Clear all RADIUS server caches or one cache
|
username |
Clear the RADIUS server cache by username
|
<string> |
Enter the username (1-32 chars)
|
clear aaa radius-server-key [ {radius-server|ldap-client} ] [ <string> ]
|
clear |
Clear dynamic system information or remove all web directories
|
aaa |
Clear parameters for AAA (authentication, authorization, accounting)
|
radius-server-key |
Clear all certificates that the local Aerohive device uses as a RADIUS server and LDAP client
|
radius-server |
Clear certificates that the local AP uses as a RADIUS server
|
ldap-client |
Clear certificates that the local AP uses as a LDAP client
|
<string> |
Enter the name of the certificate
|
clear aaa radius-server-key radsec ca
|
clear |
Clear dynamic system information or remove all web directories
|
aaa |
Clear parameters for AAA (authentication, authorization, accounting)
|
radius-server-key |
Clear all certificates that the local Aerohive device uses as a RADIUS server and LDAP client
|
radsec |
Clear certificates that the local Aerohive device uses as a RadSec proxy server (Note: A RadSec proxy server can forward RADIUS requests over a secure TLS tunnel between RadSec peers.)
|
ca |
Clear the CA (certificate authority) certificate that the local Aerohive device uses as a RadSec proxy server
|
clear application reporting app-stats
|
clear |
Clear dynamic system information or remove all web directories
|
application |
Clear L7 related parameters
|
reporting |
Clear L7 application reporting related parameters
|
app-stats |
Clear L7 application reporting applicaton statistics
|
clear application reporting statistics
|
clear |
Clear dynamic system information or remove all web directories
|
application |
Clear L7 related parameters
|
reporting |
Clear L7 application reporting related parameters
|
statistics |
Clear L7 application reporting statistics
|
clear arp-cache
|
clear |
Clear dynamic system information or remove all web directories
|
arp-cache |
Clear the ARP cache
|
clear auth roaming-cache mac <mac_addr> {hive-neighbors|hive-all}
|
clear |
Clear dynamic system information or remove all web directories
|
auth |
Clear dynamic authentication information
|
roaming-cache |
Clear all entries from the roaming cache, which contains authentication information for stations currently connected to neighboring hive members
|
mac |
Set the MAC address of the station whose cached authentication information you want to clear
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
hive-neighbors |
Clear all entries from the local roaming cache and from the roaming caches of all neighboring hive members
|
hive-all |
Clear the MAC address from the local roaming cache and from the roaming caches of all hive members
|
clear auth roaming-cache {hive-neighbors}
|
clear |
Clear dynamic system information or remove all web directories
|
auth |
Clear dynamic authentication information
|
roaming-cache |
Clear all entries from the roaming cache, which contains authentication information for stations currently connected to neighboring hive members
|
hive-neighbors |
Clear all entries from the local roaming cache and from the roaming caches of all neighboring hive members
|
clear auth username <string>
|
clear |
Clear dynamic system information or remove all web directories
|
auth |
Clear dynamic authentication information
|
username |
Clear dynamic authentication information by user name
|
<string> |
Enter a user name (1-32 chars)
|
clear auth {local-cache|roaming-cache|station} [ mac <mac_addr> ]
|
clear |
Clear dynamic system information or remove all web directories
|
auth |
Clear dynamic authentication information
|
local-cache |
Clear all entries from the local cache, which contains authentication information for stations currently connected to the local HiveAP
|
roaming-cache |
Clear all entries from the roaming cache, which contains authentication information for stations currently connected to neighboring hive members
|
station |
Clear authentication information for a specific station
|
mac |
Set the MAC address of the station whose cached authentication information you want to clear
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
clear auth {local-cache|roaming-cache|station} ssid <string>
|
clear |
Clear dynamic system information or remove all web directories
|
auth |
Clear dynamic authentication information
|
local-cache |
Clear all entries from the local cache, which contains authentication information for stations currently connected to the local HiveAP
|
roaming-cache |
Clear all entries from the roaming cache, which contains authentication information for stations currently connected to neighboring hive members
|
station |
Clear authentication information for a specific station
|
ssid |
Clear cached authentication information based on the SSID with which stations associated
|
<string> |
Enter a user name (1-32 chars)
|
clear cac station-airtime [ mac <mac_addr> ]
|
clear |
Clear dynamic system information or remove all web directories
|
cac |
Clear CAC (Call Admission Control) statistics
|
station-airtime |
Clear airtime statistics for a specific station
|
mac |
Set the specific destination MAC
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
clear capture local [ <string> ]
|
clear |
Clear dynamic system information or remove all web directories
|
capture |
Clear packet capture parameters
|
local |
Clear one or all locally stored packet capture files
|
<string> |
Enter the file name to clear
|
clear capwap client counter
|
clear |
Clear dynamic system information or remove all web directories
|
capwap |
Clear CAPWAP (Control and Provisioning of Wireless Access Points) statistics
|
client |
Clear CAPWAP client statistics
|
counter |
Clear CAPWAP client keepalive packet counters
|
clear config rollback
|
clear |
Clear dynamic system information or remove all web directories
|
config |
Clear the configuration rollback settings
|
rollback |
Clear the current configuration rollback point and related settings
|
clear forwarding-engine counters [ interface <wifix|wifix.y|ethx|mgtx> ] [ station <mac_addr> ] [ drop ] [ tunnel ] [ policy ]
|
clear |
Clear dynamic system information or remove all web directories
|
forwarding-engine |
Clear dynamically generated data from the forwarding engine
|
counters |
Clear forwarding engine counter statistics
|
interface |
Clear forwarding engine counter by interface
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
station |
Clear forwarding engine counter by station MAC
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
drop |
Clear the drop packet counter
|
tunnel |
Clear the counter on tunnels
|
policy |
Clear the counter on policies
|
clear forwarding-engine ip-sessions [ src-ip <ip_addr> ] [ dst-ip <ip_addr> ] [ src-port <number> ] [ dst-port <number> ] [ protocol <number> ]
|
clear |
Clear dynamic system information or remove all web directories
|
forwarding-engine |
Clear dynamically generated data from the forwarding engine
|
ip-sessions |
Clear IP sessions
|
src-ip |
Clear IP sessions by source IP address
|
<ip_addr> |
Source IP address
|
dst-ip |
Clear IP sessions by destination IP address
|
<ip_addr> |
Destination IP address
|
src-port |
Clear IP essions by source port number
|
<number> |
source IP port (Range: 1-65535)
|
dst-port |
Clear IP sessions by destination port number
|
<number> |
destination IP port (Range: 1-65535)
|
protocol |
Clear IP sessions by protocol type
|
<number> |
source IP port (Range: 1-255)
|
clear forwarding-engine ip-sessions id <number>
|
clear |
Clear dynamic system information or remove all web directories
|
forwarding-engine |
Clear dynamically generated data from the forwarding engine
|
ip-sessions |
Clear IP sessions
|
id |
Clear IP sessions by session ID number
|
<number> |
Enter the IP session ID (Range: 1-9999)
|
clear forwarding-engine mac-sessions [ src-mac <mac_addr> ] [ dst-mac <mac_addr> ]
|
clear |
Clear dynamic system information or remove all web directories
|
forwarding-engine |
Clear dynamically generated data from the forwarding engine
|
mac-sessions |
Clear MAC sessions
|
src-mac |
Clear MAC sessions by source MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
dst-mac |
Clear MAC sessions by destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
clear forwarding-engine mac-sessions id <number>
|
clear |
Clear dynamic system information or remove all web directories
|
forwarding-engine |
Clear dynamically generated data from the forwarding engine
|
mac-sessions |
Clear MAC sessions
|
id |
Clear MAC sessions by session ID number
|
<number> |
Enter the MAC session ID (Range: 1-9999)
|
clear gre-tunnel counters tunnel
|
clear |
Clear dynamic system information or remove all web directories
|
gre-tunnel |
Clear GRE (Generic Routing Encapsulation) tunnel information
|
counters |
Clear GRE tunnel counter statistics
|
tunnel |
Clear the counter on tunnels
|
clear hive <string> counter neighbor [ <mac_addr> ]
|
clear |
Clear dynamic system information or remove all web directories
|
hive |
Clear hive info
|
<string> |
Enter a hive profile name (1-32 chars)
|
counter |
Clear counters for neighboring hive members
|
neighbor |
Clear counters for all neighbors or a specific neighbor in this hive
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
clear interface <ethx> mac-learning dynamic <mac_addr>
|
clear |
Clear dynamic system information or remove all web directories
|
interface |
Clear interface info
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
mac-learning |
Clear entries in the MAC address learning table
|
dynamic |
Clear dynamically learned MAC address entries
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
clear interface <ethx> mac-learning dynamic all
|
clear |
Clear dynamic system information or remove all web directories
|
interface |
Clear interface info
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
mac-learning |
Clear entries in the MAC address learning table
|
dynamic |
Clear dynamically learned MAC address entries
|
all |
Clear all dynamically learned MAC address entries
|
clear interface <ethx|wifix|wifix.y> counter
|
clear |
Clear dynamic system information or remove all web directories
|
interface |
Clear interface info
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
counter |
Clear all counters for the interface
|
clear interface <mgtx|mgtx.y> dhcp-server lease all
|
clear |
Clear dynamic system information or remove all web directories
|
interface |
Clear interface info
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Clear the DHCP server lease
|
lease |
Clear a specific DHCP lease or all leases
|
all |
Clear all DHCP leases
|
clear interface <mgtx|mgtx.y> dhcp-server lease ip <ip_addr>
|
clear |
Clear dynamic system information or remove all web directories
|
interface |
Clear interface info
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Clear the DHCP server lease
|
lease |
Clear a specific DHCP lease or all leases
|
ip |
Clear the DHCP lease that uses a specific IP address
|
<ip_addr> |
Enter the IP address
|
clear interface <mgtx|mgtx.y> dhcp-server lease mac <mac_addr>
|
clear |
Clear dynamic system information or remove all web directories
|
interface |
Clear interface info
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Clear the DHCP server lease
|
lease |
Clear a specific DHCP lease or all leases
|
mac |
Clear the DHCP lease assigned to a client with a specific MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
clear interface <wifix> wlan-idp mitigate rogue-ap [ <mac_addr> ]
|
clear |
Clear dynamic system information or remove all web directories
|
interface |
Clear interface info
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
wlan-idp |
Clear rogue AP entries from the WLAN IDP (intrusion detection and prevention) table
|
mitigate |
Clear mitigated rogue APs
|
rogue-ap |
Clear all mitigated rogue APs or a specific rogue AP
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
clear lldp [ {cdp} ] table
|
clear |
Clear dynamic system information or remove all web directories
|
lldp |
Set LLDP (Link Layer Discovery Protocol) parameters
|
cdp |
Set CDP (Cisco Discovery Protocol) parameters
|
table |
Clear LLDP or CDP neighbor table
|
clear location {aeroscout|tzsp} counter
|
clear |
Clear dynamic system information or remove all web directories
|
location |
Clear parameters for location tracking
|
aeroscout |
Clear parameters for the aeroscout location processing engine
|
tzsp |
Clear parameters for the tzsp location processing engine
|
counter |
Clear statistics for location reports sent to the location processing engine
|
clear log [ {buffered|debug|flash|all} ]
|
clear |
Clear dynamic system information or remove all web directories
|
log |
Clear logging messages
|
buffered |
Clear buffered log messages
|
debug |
Clear debug log messages
|
flash |
Clear flash log messages
|
all |
Clear all log messages
|
clear qos counter
|
clear |
Clear dynamic system information or remove all web directories
|
qos |
Clear dynamic QoS information
|
counter |
Clear dynamic QoS statistics counters
|
clear service [ <string> ] counter
|
clear |
Clear dynamic system information or remove all web directories
|
service |
Clear dynamically generated information for all services or for a specific service
|
<string> |
Enter the name of the service whose counters you want to clear
|
counter |
Clear the counter statistics for all services or for a specific service
|
clear ssh known_host <string>
|
clear |
Clear dynamic system information or remove all web directories
|
ssh |
Secure Shell
|
known_host |
List of known saved hosts
|
<string> |
Enter the domain name (1-64 chars) or IP address
|
clear ssid <string> counter station [ <mac_addr> ]
|
clear |
Clear dynamic system information or remove all web directories
|
ssid |
Clear SSID info
|
<string> |
Enter an SSID profile name (1-32 chars)
|
counter |
Clear counters for stations (wireless clients) associated with the SSID
|
station |
Clear counters for all stations or a specific station associated with the SSID
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
clear user-and-group all
|
clear |
Clear dynamic system information or remove all web directories
|
user-and-group |
Clear all users and user-groups
|
all |
Clear all users and user-groups
|
clear vpn certificate-key
|
clear |
Clear dynamic system information or remove all web directories
|
vpn |
Clear VPN information
|
certificate-key |
Clear all certificates that the local HiveAP uses when authenticating its identity to a VPN peer and when verifying the identity of a VPN peer
|
clear vpn {ike|ipsec} sa
|
clear |
Clear dynamic system information or remove all web directories
|
vpn |
Clear VPN information
|
ike |
Clear IKE SA information established during IKE phase 1 negotiations
|
ipsec |
Clear IPsec SA information established during IKE phase 2 negotiations
|
sa |
Clear SA (security association) information
|
clear web-directory [ {ppsk-self-reg} ]
|
clear |
Clear dynamic system information or remove all web directories
|
web-directory |
Remove all web directories
|
ppsk-self-reg |
Remove all self-registration web directories from the private PSK server
|
clear wlan-idp mitigate [ <mac_addr> ]
|
clear |
Clear dynamic system information or remove all web directories
|
wlan-idp |
Clear rogue AP entries from the WLAN IDP (intrusion detection and prevention) table
|
mitigate |
Clear one or a list of the rogue APs against which mitigation was performed and the HiveAPs that reported them
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
client-monitor policy <string> problem-type {association|authentication} [ trigger-times <number> ] [ report-interval <number> ] [ quiet-time <number> ]
|
client-monitor |
Set parameters for Client Monitor
|
policy |
Set parameters for a Client Monitor policy
|
<string> |
Enter the Client Monitor policy name (1-32 chars)
|
problem-type |
Set the problem type which specifies a category of client-centric problems
|
association |
Detect, analyze and report the client association problem
|
authentication |
Detect, analyze and report the client authentication problem
|
trigger-times |
Set how many times the problem type is detected to trigger reporting the problem and related logs
|
<number> |
Enter trigger times for the problem type (Range: 1-10; Default: 1)
|
report-interval |
Set the interval to report the problem and related logs
|
<number> |
Enter report interval in seconds for the problem type (Range: 0 or 30-3600; Default: 0, report every instance of the problem)
|
quiet-time |
Set the period of time after which the problem elapses
|
<number> |
Enter quiet time in seconds for the problem type (Range: 60-86400; Default: 300)
|
client-tracing <mac_addr>
|
client-tracing |
Test client tracing
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
clock date-time <date> <time>
|
clock |
Set the internal clock
|
date-time |
Set the date and time for the internal clock
|
<date> |
Enter the date for the internal clock, (Format: YYYY-MM-DD, Range: 1970-01-01 to 2035-12-31)
|
<time> |
Enter the time for the internal clock, (Format: hh:mm:ss, Range: hh(00-23), mm(00-59), ss(00-59)
|
clock time-zone <number> [ {30|45} ]
|
clock |
Set the internal clock
|
time-zone |
Set the time zone for the internal clock
|
<number> |
Enter the time zone for the internal clock (Default: 0; Range: from -12 to 12)
|
30 |
Add 30 minutes to the specified time zone
|
45 |
Add 45 minutes to the specified time zone
|
clock time-zone daylight-saving-time <date> <time> <date> <time>
|
clock |
Set the internal clock
|
time-zone |
Set the time zone for the internal clock
|
daylight-saving-time |
Set the daylight saving time parameters
|
<date> |
Enter the start date for the daylight saving time (Format: MM-DD, Range: 01-01 to 12-31)
|
<time> |
Enter the start time for the daylight saving time (Format: hh:mm:ss, Range: hh(00-23), mm(00-59), ss(00-59)
|
<date> |
Enter the end date for the daylight saving time (Format: MM-DD, Range: 01-01 to 12-31)
|
<time> |
Enter the end time for the daylight saving time (Format: hh:mm:ss, Range: hh(00-23), mm(00-59), ss(00-59)
|
config rollback enable
|
config |
Set parameters for the current configuration file, which is a flash file containing default and admin-defined settings
|
rollback |
Set the current config as a rollback point to which the AP can return after a length of time elapses or if it becomes disconnected from the CAPWAP server, or return the config to a previously set rollback point immediately
|
enable |
Enable the configuration rollback feature
|
config rollback manual [ wait-time <number> ]
|
config |
Set parameters for the current configuration file, which is a flash file containing default and admin-defined settings
|
rollback |
Set the current config as a rollback point to which the AP can return after a length of time elapses or if it becomes disconnected from the CAPWAP server, or return the config to a previously set rollback point immediately
|
manual |
Perform the configuration rollback after the defined length of time elapses regardless of its CAPWAP connectivity (Note: This option is useful when accessing the CLI remotely and you are concerned that some commands might cause the AP to lose its network connection.)
|
wait-time |
Set the length of time that the AP must be disconnected from the CAPWAP server before rolling back the configuration
|
<number> |
Enter the length of time in minutes to wait before rolling back the configuration (Default: 10 minutes; Range: 0-60000: Note: 0 means that the rollback point persists indefinitely until the 'config rollback now' command is entered.)
|
config rollback now
|
config |
Set parameters for the current configuration file, which is a flash file containing default and admin-defined settings
|
rollback |
Set the current config as a rollback point to which the AP can return after a length of time elapses or if it becomes disconnected from the CAPWAP server, or return the config to a previously set rollback point immediately
|
now |
Return the configuration to a previously set rollback point immediately
|
config rollback {capwap-disconnect|next-reboot} [ wait-time <number> ]
|
config |
Set parameters for the current configuration file, which is a flash file containing default and admin-defined settings
|
rollback |
Set the current config as a rollback point to which the AP can return after a length of time elapses or if it becomes disconnected from the CAPWAP server, or return the config to a previously set rollback point immediately
|
capwap-disconnect |
Perform the configuration rollback if a CAPWAP disconnection occurs for the defined length of time (Note: This is useful when uploading a delta configuration, which does not require the AP to reboot, and you are concerned that some changes might disrupt network connectivity for the AP.)
|
next-reboot |
Perform the configuration rollback if a CAPWAP disconnection occurs for the defined length of time after the AP reboots (Note: This is useful when uploading a full configuration, which requires the AP to reboot, and you are concerned that the new config might disrupt network connectivity for the AP.)
|
wait-time |
Set the length of time that the AP must be disconnected from the CAPWAP server before rolling back the configuration
|
<number> |
Enter the length of time in minutes to wait before rolling back the configuration (Default: 10 minutes; Range: 2-60000)
|
config version <number>
|
config |
Set parameters for the current configuration file, which is a flash file containing default and admin-defined settings
|
version |
Set the version number for the current configuration file
|
<number> |
Enter the version number (Range: 1-4294967295)
|
console echo obscure-passwords
|
console |
Set console parameters
|
echo |
Set parameters for the display of data in the terminal window
|
obscure-passwords |
Display passwords and sensitive networking keys as asterisks (***) in the CLI (Default: Passwords and keys are replaced by asterisks instead of displaying original text)
|
console page <number>
|
console |
Set console parameters
|
page |
Set the maximum number of lines of data displayed as a batch when retrieved from a device (Note: If the number of retrieved lines exceeds the maximum, press TAB to return the next batch or ENTER to retrieve the next single line. Press the Q key to cancel the display of all further requested data and return to the command prompt.)
|
<number> |
Set the maximum number of lines to display at a time (Default: 22, Range: 10-100, Disable: 0, which means that there is no maximum limit)
|
console serial-port enable
|
console |
Set console parameters
|
serial-port |
Set administrative access to the serial port
|
enable |
Enable access to the console serial port
|
console timeout <number>
|
console |
Set console parameters
|
timeout |
Set the amount of time required to close a console connection due to inactivity
|
<number> |
Set the console timeout value in minutes (Default: 10, Range: 0-60, Disable: 0)
|
data-collection collect interval <number>
|
data-collection |
Set parameters for collecting data about the types and capabilities of devices on the network and the types of applications and IP protocols they use
|
collect |
Set parameters for collecting data
|
interval |
Set the interval for collecting data about devices and their network usage
|
<number> |
Enter the amount of time in hours during which the HiveAP collects data (Default: 1; Range: 1-48)
|
data-collection enable
|
data-collection |
Set parameters for collecting data about the types and capabilities of devices on the network and the types of applications and IP protocols they use
|
enable |
Enable the local HiveAP to collect data about types and capabilities of devices on the network and their network usage (Default: Disabled)
|
data-collection report interval <number>
|
data-collection |
Set parameters for collecting data about the types and capabilities of devices on the network and the types of applications and IP protocols they use
|
report |
Set parameters for reporting data to HiveManager
|
interval |
Set the interval for reporting data to HiveManager
|
<number> |
Enter the amount of time in hours between data reports to HiveManager (Default: 6; Range: 0-48; Note: 0 disables sending reports to HiveManager.)
|
data-collection {max-collect} <number>
|
data-collection |
Set parameters for collecting data about the types and capabilities of devices on the network and the types of applications and IP protocols they use
|
max-collect |
Set the maximum number of collection times that must elapse before clearing data that cannot be reported to HiveManager (Note: The default collection interval is 1 hour and the default report interval is 6 hours.)
|
<number> |
Enter the maximum number of times to collect data before clearing it if it cannot be reported to HiveManager (Default: 24; Range: Range:1-48)
|
debug console [ {all} ]
|
debug |
Enable debug messages
|
console |
Show debug messages on the console
|
all |
Show all messages on the console
|
debug console level {emergency|alert|critical|error|warning|notification|info|debug}
|
debug |
Enable debug messages
|
console |
Show debug messages on the console
|
level |
Specify a logging level
|
emergency |
Show emergency-level log entries (Default: debug)
|
alert |
Show log entries from alert to emergency levels (Default: debug)
|
critical |
Show log entries from critical to emergency levels (Default: debug)
|
error |
Show log entries from error to emergency levels (Default: debug)
|
warning |
Show log entries from warning to emergency levels (Default: debug)
|
notification |
Show log entries from notification to emergency levels (Default: debug)
|
info |
Show log entries from info to emergency levels (Default: debug)
|
debug |
Show log entries for all severity levels (Default: debug)
|
debug console timestamp
|
debug |
Enable debug messages
|
console |
Show debug messages on the console
|
timestamp |
Show debug messages timestamp
|
designated-server idm-proxy announce
|
designated-server |
Set parameters for a dynamic server
|
idm-proxy |
Set parameters for a dynamic proxy server to forward RADIUS requests over a secure TLS tunnel between the local device and ID Manager
|
announce |
Enable the designated proxy server on the Aerohive device and announce the server information to all devices in a DA domain (Default: Disabled)
|
designated-server idm-proxy dynamic
|
designated-server |
Set parameters for a dynamic server
|
idm-proxy |
Set parameters for a dynamic proxy server to forward RADIUS requests over a secure TLS tunnel between the local device and ID Manager
|
dynamic |
Enable the Aerohive device acting as a NAS to send RADIUS requests to the designated proxy server (Default: Disabled)
|
device-group <string> [ mac-object <string> ] [ domain-object <string> ] [ os-object <string> ]
|
device-group |
Set a device group containing various objects that the HiveAP can use to classify client devices (Max: 64 groups)
|
<string> |
Enter a device group name (1-32 chars)
|
mac-object |
Add a MAC object to the device group
|
<string> |
Enter the MAC object name (1-32 chars)
|
domain-object |
Add a domain object to the device group
|
<string> |
Enter the domain object name (1-32 chars)
|
os-object |
Add an OS object to the device group
|
<string> |
Enter the OS object name (1-32 chars)
|
device-group <string> ownership {cid|byod}
|
device-group |
Set a device group containing various objects that the HiveAP can use to classify client devices (Max: 64 groups)
|
<string> |
Enter a device group name (1-32 chars)
|
ownership |
Set an attribute for the client device group identifying its devices as user-owned (BYOD=bring your own device) or company-issued (CID=company-issued device)
|
cid |
Set the devices in the device group as company-issued
|
byod |
Set the devices in the device group as user-owned
|
dns domain-name <string>
|
dns |
Set DNS (Domain Name System) parameters
|
domain-name |
Set the domain name suffix for the local AP
|
<string> |
Enter the domain name suffix for the local AP (1-32 chars)
|
dns server-ip <ip_addr> [ {second|third} ]
|
dns |
Set DNS (Domain Name System) parameters
|
server-ip |
Set the IP address of the primary, secondary, or tertiary DNS server
|
<ip_addr> |
Enter the IP address of the primary, secondary, or tertiary DNS server
|
second |
Assign the IP address to a secondary DNS server
|
third |
Assign the IP address to a tertiary DNS server
|
domain-object <string> domain <string>
|
domain-object |
Set parameters for a domain object that the HiveAP can use to assign a client that belongs to a matching device domain to a user profile (Max: 64 domain objects per HiveAP)
|
<string> |
Enter a domain object name (1-32 chars; Note: The object name is an admin-defined name and does not have to be the name of a device domain.)
|
domain |
Add a device domain to the domain object (Note: Specify the domain to which devices in an LDAP-structured database belong.)
|
<string> |
Enter an domain name (1-64 chars)
|
exec aaa idm-test auth username <string> password <string> [ {pap|ms-chap-v2} ] [ proxy <string> ] [ bind-ssid <string> ]
|
exec |
Execute a command to initiate a task immediately
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
idm-test |
Test TLS connectivity from the Aerohive device acting as the RadSec or AUTH proxy to the ID Manager gateway
|
auth |
Send a RADIUS Access-Request message from the Aerohive device to the ID Manager
|
username |
Set the user name belonging to an account on the ID Manager
|
<string> |
Enter the user name (1-32 chars)
|
password |
Set the password that belongs to the same account as the user name on the ID Manager
|
<string> |
Enter the password (1-64 chars)
|
pap |
Set PAP (Password Authentication Protocol) as the method for sending authentication requests between the Aerohive device and ID Manager (Default: MS-CHAP-v2)
|
ms-chap-v2 |
Set MS-CHAP-v2 (Microsoft CHAP Version 2) as the method for sending authentication requests between the Aerohive device and ID Manager (Default: MS-CHAP-v2)
|
proxy |
Set parameters for connecting to an ID Manager proxy server
|
<string> |
Enter the IP address or domain name of the ID Manager proxy server (1-32 chars)
|
bind-ssid |
Set the SSID to which the user name binds for ID Manager testing (Note: By default, wired links use the user name-password pair for testing ID Manager accounts, so the user name does not need to bind to an SSID.)
|
<string> |
Enter the name of the SSID to which you want to bind the user name (1-32 chars)
|
exec aaa idm-test {radsec-proxy|auth-proxy}
|
exec |
Execute a command to initiate a task immediately
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
idm-test |
Test TLS connectivity from the Aerohive device acting as the RadSec or AUTH proxy to the ID Manager gateway
|
radsec-proxy |
Test TLS connectivity from the RadSec proxy to the ID Manager gateway
|
auth-proxy |
Test TLS connectivity from the AUTH proxy to the ID Manager gateway
|
exec aaa ldap-search server-type {active-directory|ldap-server|open-directory} server <string> basedn <string> binddn <string> password <string> [ {attributes} [ <string> ] ]
|
exec |
Execute a command to initiate a task immediately
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
ldap-search |
Execute a search of the LDAP database
|
server-type |
Set the type of LDAP server whose database you want to search
|
active-directory |
Set the server type as an Active Directory server
|
ldap-server |
Set the server type as an OpenLDAP server
|
open-directory |
Set the server type as an Open Directory server
|
server |
Set the IP address or resolvable domain name of the LDAP server
|
<string> |
Enter the IP address or domain name (up to 32 chars)
|
basedn |
Set a node in the LDAP tree structure as the baseDN (distinguished name) from which to search for nodes one level below it or for information about one or all of its attributes
|
<string> |
Enter the baseDN (up to 256 chars) (Note: If there are any spaces, enclose the whole string in quotation marks.)
|
binddn |
Set the bindDN name and password for the user that has permission to search the LDAP directory
|
<string> |
Enter the bindDN name (up to 256 chars)
|
password |
Set the bindDN password
|
<string> |
Enter the password (1-64 chars)
|
attributes |
Search for attributes of the node specified as the baseDN
|
<string> |
Enter the name of a specific attribute for which to search (Note: To see the user group attribute of the baseDN node when the default group attribute name is being used, do not enter anything.)
|
exec aaa ldap-search username <string> [ basedn <string> ] [ domain <string> ]
|
exec |
Execute a command to initiate a task immediately
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
ldap-search |
Execute a search of the LDAP database
|
username |
Set the user name to search for in the LDAP database
|
<string> |
Enter a user name (1-32 chars)
|
basedn |
Set the baseDN (distinguished name) where the user profiles are located in the LDAP tree structure
|
<string> |
Enter the baseDN (1-256 chars; Note: If there are any spaces, enclose the whole string in quotation marks.)
|
domain |
Set the domain name of the domain controller
|
<string> |
Enter a NT domain name (1-64 chars)
|
exec aaa library-sip-test primary username <string> password <string>
|
exec |
Execute a command to initiate a task immediately
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
library-sip-test |
Test a simulated authentication process for a library patron on a library SIP (Standard Interchange Protocol) server
|
primary |
Test the authentication process on the primary library SIP server
|
username |
Set the library patron's user name to submit to the library SIP server
|
<string> |
Enter the user name (1-32 chars)
|
password |
Set the library patron's password to submit to the library SIP server
|
<string> |
Enter the password (1-64 chars)
|
exec aaa net-ads-info <string>
|
exec |
Execute a command to initiate a task immediately
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
net-ads-info |
Retrieve information from the Active Directory server such as its IP address, Active Directory domain name, root BaseDN, and realm name
|
<string> |
Enter the name of the realm to which the Active Directory server belongs (Example: corp123.com; Note: The realm name is not case sensitive; Range: 1-64 chars)
|
exec aaa net-join [ {primary|backup1|backup2|backup3} username <string> password <string> ]
|
exec |
Execute a command to initiate a task immediately
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
net-join |
Join the local AP RADIUS server to the domain controller
|
primary |
Join the local AP RADIUS server to the primary domain controller
|
backup1 |
Join the local AP RADIUS server to the backup1 domain controller
|
backup2 |
Join the local AP RADIUS server to the backup2 domain controller
|
backup3 |
Join the local AP RADIUS server to the backup3 domain controller
|
username |
Set the admin user name for the local AP RADIUS server (Note: For the AP RADIUS server to join the domain, its user account must have domain admin privileges or higher.)
|
<string> |
Enter a user name (1-32 chars)
|
password |
Set the password for the user name
|
<string> |
Enter a password (1-64 chars)
|
exec aaa net-join domain <string> fullname <string> server <string> username <string> password <string> [ computer-ou <string> ]
|
exec |
Execute a command to initiate a task immediately
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
net-join |
Join the local AP RADIUS server to the domain controller
|
domain |
Set the domain name of the AD domain controller
|
<string> |
Enter the NetBIOS name of the domain (1-64 chars; Note: The domain name cannot contain multiple-level domains delimited by dots.)
|
fullname |
Set the full name of the domain to which the RADIUS server (local AP) and AD server both belong
|
<string> |
Enter the full domain name (1-64 chars)
|
server |
Set the IP address or resolvable domain name for the AD server (Note: The AD server is the same as the domain controller.)
|
<string> |
Enter the IP address or domain name (up to 32 chars)
|
username |
Set the admin user name that the local AP RADIUS server submits to the AD server (Note: For the AP RADIUS server to join the domain, its user account must have domain admin privileges or higher.)
|
<string> |
Enter a user name (1-32 chars)
|
password |
Set the password for the user name
|
<string> |
Enter a password (1-64 chars)
|
computer-ou |
Set the OU (organizational unit) used on the Active Directory server where the AP RADIUS server admin has privileges to add the AP as a computer in the domain
|
<string> |
Enter the OU (Max: 256 chars; Format: ou/sub-ou/sub-ou; Note: If there are any spaces, enclose the entire string in quotation marks.)
|
exec aaa ntlm-auth username <string> password <string> [ domain <string> ]
|
exec |
Execute a command to initiate a task immediately
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
ntlm-auth |
Initiate NTLM (NT LAN Manager) authentication between the AP RADIUS server and the domain controller
|
username |
Set the user name that the AP RADIUS server uses when authenticating itself to the domain controller
|
<string> |
Enter a user name (1-32 chars)
|
password |
Set the password that the AP RADIUS server uses when authenticating itself to the domain controller
|
<string> |
Enter a password (1-64 chars)
|
domain |
Set the domain name of the domain controller
|
<string> |
Enter a NT domain name (1-64 chars)
|
exec aaa radius-test <string> accounting
|
exec |
Execute a command to initiate a task immediately
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-test |
Send a RADIUS Access-Request message from the HiveAP to a RADIUS authentication server or an Accounting-Request message to a RADIUS accounting server
|
<string> |
Enter the IP address or domain name of the RADIUS server (1-32 chars)
|
accounting |
Check the network connectivity status of a RADIUS accounting server (Default: Check the status of a RADIUS authentication server.)
|
exec aaa radius-test <string> username <string> password <string> [ {pap|chap|ms-chap-v2} ]
|
exec |
Execute a command to initiate a task immediately
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-test |
Send a RADIUS Access-Request message from the HiveAP to a RADIUS authentication server or an Accounting-Request message to a RADIUS accounting server
|
<string> |
Enter the IP address or domain name of the RADIUS server (1-32 chars)
|
username |
Set the user name belonging to an account on the RADIUS server
|
<string> |
Enter the user name (1-32 chars)
|
password |
Set the password that belongs to the same account as the user name on the RADIUS server
|
<string> |
Enter the password (1-64 chars)
|
pap |
Set PAP (Password Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: MS-CHAP-v2)
|
chap |
Set CHAP (Challenge-Handshake Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: MS-CHAP-v2)
|
ms-chap-v2 |
Set MS-CHAP-v2 (Microsoft CHAP Version 2) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: MS-CHAP-v2)
|
exec active-alarms-resending
|
exec |
Execute a command to initiate a task immediately
|
active-alarms-resending |
Make device resend all active alarms to HiveManager
|
exec antenna-alignment interface <wifix> peer <mac_addr> [ count <number> ] [ interval <number> ] [ text-size <number> ]
|
exec |
Execute a command to initiate a task immediately
|
antenna-alignment |
Set parameters for aligning a directional or sectional antenna connected to a radio in backhaul or dual (access and backhaul) mode with a specified peer
|
interface |
Set the interface bound to the radio whose antenna you want to align with that of a peer
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
peer |
Set the MAC address of the peer to which the HiveAP sends antenna alignment request frames
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
count |
Set the total number of request frames to send to the peer
|
<number> |
Enter the total number of request frames (Default: 60; Range: 1-1000)
|
interval |
Set the interval between each request frame transmission
|
<number> |
Enter the interval in seconds (Default: 1; Range: 1-30)
|
text-size |
Set the amount of filler text in each request frame
|
<number> |
Enter the amount of filler text in bytes (Default: 16; Range: 16-2048)
|
exec capture remote-sniffer [ user <string> <string> ] [ host-allowed <string> ] [ local-port <number> ] [ promiscuous ]
|
exec |
Execute a command to initiate a task immediately
|
capture |
Initiate packet capturing
|
remote-sniffer |
Set parameters for a remote packet sniffer
|
user |
Set user name and password that the remote sniffer uses when authenticating itself to the HiveAP
|
<string> |
Enter the user name (1-32 chars)
|
<string> |
Enter the password (1-32 chars)
|
host-allowed |
Set the IP address or domain name of the remote packet sniffer that is allowed to connect to the HiveAP
|
<string> |
Enter the IP address or domain name (1-32 chars)
|
local-port |
Set the port number on which the HiveAP listens for connection requests from the remote sniffer
|
<number> |
Enter the port number (Default: 2002; Range: 1024-65535)
|
promiscuous |
Enable the wifi interfaces to operate in promiscuous mode during packet capturing (Default: Disabled)
|
exec client-monitor <mac_addr>
|
exec |
Execute a command to initiate a task immediately
|
client-monitor |
Monitor the activities of a client
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
exec data-collection {push|clear}
|
exec |
Execute a command to initiate a task immediately
|
data-collection |
Perform an action on the data collected about the types and capabilities of devices on the network and the types of applications and IP protocols they use
|
push |
Push all collected data to HiveManager
|
clear |
Clear all collected data that is currently stored in the local HiveAP
|
exec delay-execute [ <number> ]
|
exec |
Execute a command to initiate a task immediately
|
delay-execute |
Delay the execution of commands for a period of time (Note: The delay period starts the moment you enter this command and ends when you enter the "no exec delay-execute" command. This does not affect "show" commands.)
|
<number> |
Enter an interval in seconds to wait after the delay period ends before executing the submitted commands (Default: 5; Range: 1-60)
|
exec interface <wifix> spectral-scan channel <number>
|
exec |
Execute a command to initiate a task immediately
|
interface |
Execute the command through a specific interface
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
spectral-scan |
Execute a spectral scan of all the channels specified in the channel scan list and report signal frequency and amplitude, channel utilization, and types of interference to HiveManager
|
channel |
Set the channel to be scanned
|
<number> |
Enter the channel number (Note: To create a list of multiple channels, repeatedly enter this command with a different channel number for each one that you want to scan.) (Range: 1-165)
|
exec interface <wifix> spectral-scan report-interval <number>
|
exec |
Execute a command to initiate a task immediately
|
interface |
Execute the command through a specific interface
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
spectral-scan |
Execute a spectral scan of all the channels specified in the channel scan list and report signal frequency and amplitude, channel utilization, and types of interference to HiveManager
|
report-interval |
Set the length of time to collect spectral data and then report it to HiveManager
|
<number> |
Enter the report interval in seconds (Default: 1; Range: 1-30)
|
exec interface <wifix> spectral-scan {start|stop}
|
exec |
Execute a command to initiate a task immediately
|
interface |
Execute the command through a specific interface
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
spectral-scan |
Execute a spectral scan of all the channels specified in the channel scan list and report signal frequency and amplitude, channel utilization, and types of interference to HiveManager
|
start |
Start a spectral scan
|
stop |
Stop a spectral scan that is currently in progress
|
exec mobile-device-manager aerohive status-change <string>
|
exec |
Execute a command to initiate a task immediately
|
mobile-device-manager |
Set the mobile device manager parameters
|
aerohive |
Aerohive MDM notifies client status change to AP
|
status-change |
Set status notification body as parameter
|
<string> |
MDM status notification body(1-256 chars)
|
exec ssh-client server <string> user <string>
|
exec |
Execute a command to initiate a task immediately
|
ssh-client |
Secure Shell client
|
server |
Set the domain name or IP address of the SSH server and, optionally, its port number
|
<string> |
Enter the domain name (1-64 chars) or IP address and, optionally, the port number (Default port: 22; Range: 1024-65535; Format: name:port or ip:port)
|
user |
Set the user name for logging in to the SSH server
|
<string> |
Enter the user name (1-32 chars)
|
exec user-group <string> psk-to-pmk
|
exec |
Execute a command to initiate a task immediately
|
user-group |
Execute a user-group command
|
<string> |
Enter the user group name (1-32 chars)
|
psk-to-pmk |
Regenerate all users' PMKs (pairwise master keys) based on their PSKs (preshared keys)
|
exec wlan-idp ap-classify {rogue|friendly} <mac_addr> [ - <mac_addr> ]
|
exec |
Execute a command to initiate a task immediately
|
wlan-idp |
Execute a command relating to WLAN IDP (intrusion detection and prevention)
|
ap-classify |
Classify one or more APs as rogue or friendly by MAC address
|
rogue |
Classify APs as rogue
|
friendly |
Classify APs as friendly
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
- |
Set a range of MAC addresses
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
exec wlan-idp mitigate {rogue-ap} <mac_addr>
|
exec |
Execute a command to initiate a task immediately
|
wlan-idp |
Execute a command relating to WLAN IDP (intrusion detection and prevention)
|
mitigate |
Mitigate a specific rogue AP and its clients by sending a deauth DoS attack against them
|
rogue-ap |
Mitigate a specific rogue AP
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
exec wlan-idp mitigate {rogue-ap} <mac_addr> interface <wifix>
|
exec |
Execute a command to initiate a task immediately
|
wlan-idp |
Execute a command relating to WLAN IDP (intrusion detection and prevention)
|
mitigate |
Mitigate a specific rogue AP and its clients by sending a deauth DoS attack against them
|
rogue-ap |
Mitigate a specific rogue AP
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
interface |
Execute the command through a specific interface
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
exec {jss-check|airwatch-check|aerohive-check} mobile-device <mac_addr> enroll-status
|
exec |
Execute a command to initiate a task immediately
|
jss-check |
Check the enrollment status of a mobile device on the JSS (JAMF software server)
|
airwatch-check |
Check the enrollment status of a mobile device on the AirWatch
|
aerohive-check |
Check the enrollment status of a mobile device on the Aerohive MDM server
|
mobile-device |
Set the MAC address or ID of a mobile device
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
enroll-status |
Retrieve the enrollment status of the mobile device
|
exit
|
exit |
Exit from the current mode
|
filter <number> l2 [ {data|ctl|mgmt} ] [ subtype <hex> ] [ src-mac <mac_addr> ] [ dst-mac <mac_addr> ] [ bssid <mac_addr> ] [ tx-mac <mac_addr> ] [ rx-mac <mac_addr> ] [ error {crc|decrypt|mic|all|no} ] [ etype <hex> ]
|
filter |
Set packet capture filter parameters
|
<number> |
Enter a filter ID (Range: 1-64)
|
l2 |
Set packet capture filter for layer 2 parameters
|
data |
Filter by data traffic
|
ctl |
Filter by ctl traffic
|
mgmt |
Filter by mgmt traffic
|
subtype |
Filter by frame subtype
|
<hex> |
Enter frame subtype value
|
src-mac |
Filter by source MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
dst-mac |
Filter by destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
bssid |
Filter by BSSID
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
tx-mac |
Filter by transmitter MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
rx-mac |
Filter by receiver MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
error |
Filter by error condition
|
crc |
Filter by crc error
|
decrypt |
Filter by decrypt error
|
mic |
Filter by mic error
|
all |
Filter by all error
|
no |
Filter by no error
|
etype |
Filter by Ethernet value
|
<hex> |
Enter the value indicating an ethernet type (ARP:0806; IP:0800; IPX:8137; RARP:8035)
|
filter <number> l3 [ src-ip <ip_addr> ] [ dst-ip <ip_addr> ] [ protocol <number> ] [ src-port <number> ] [ dst-port <number> ]
|
filter |
Set packet capture filter parameters
|
<number> |
Enter a filter ID (Range: 1-64)
|
l3 |
Set packet capture filter for layer 3 parameters
|
src-ip |
Filter by source IP address
|
<ip_addr> |
Enter a source IP address
|
dst-ip |
Filter by destination IP address
|
<ip_addr> |
Enter a destination IP address
|
protocol |
Filter by protocol number in IP header
|
<number> |
Enter a protocol value (UDP:17; TCP:6 ICMP:1)
|
src-port |
Filter by source port filter
|
<number> |
Enter a source port number
|
dst-port |
Filter by destination port
|
<number> |
Enter a destination port number (HTTP:80; FTP:21; TELNET:23; DHCP:67; TFTP:79)
|
filter [ <number> ] [ direction bidirectional ]
|
filter |
Set packet capture filter parameters
|
<number> |
Enter a filter ID (Range: 1-64)
|
direction |
Set filter traffic flowing direction
|
bidirectional |
Filter traffic flowing in both directions
|
forwarding-engine inter-ssid-flood enable
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
inter-ssid-flood |
Forward multicast and broadcast traffic between access interfaces to protect SSIDs from flooding (Default: Enabled)
|
enable |
Enable the protection of SSIDs from multicast and broadcast flooding
|
forwarding-engine log {firewall-dropped-packets|to-self-sessions}
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
log |
Set logging parameters for packets
|
firewall-dropped-packets |
Log dropped packets that are denied by IP or MAC firewall policies (Default: Do not log dropped packets)
|
to-self-sessions |
Log the first packets of sessions destined for the HiveAP itself (Default: Do not log first packets)
|
forwarding-engine mac-sessions sync-vlan
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
mac-sessions |
Set MAC session parameters
|
sync-vlan |
Enable the local AP to inform its neighbors of the VLAN ID assigned to a client that initially connected it (Default: Disabled; Note: Enabling this option allows neighbors to do a Layer 2 default route lookup based on VLAN.)
|
forwarding-engine max-ip-sessions-per-station <number>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
max-ip-sessions-per-station |
Set the maximum number of IP sessions that can be created to or from a station
|
<number> |
Enter the maximum IP sessions number per station (Range: 1-8000; Note: By default, IP session limiting is disabled.)
|
forwarding-engine max-mac-sessions-per-station <number>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
max-mac-sessions-per-station |
Set the maximum number of MAC sessions that can be created to or from a station
|
<number> |
Enter the maximum MAC sessions number per station (Range: 1-8000; Note: By default, MAC session limiting is disabled.)
|
forwarding-engine proxy-arp enable
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
proxy-arp |
Set ARP proxying parameters
|
enable |
Enable learning MAC addresses and proxy replies to ARP requests
|
forwarding-engine static-rule <string> action drop in-if <ethx|aggx|redx> dst-mac <mac_addr>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
drop |
Drop packets that match the rule
|
in-if |
Set the inbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
forwarding-engine static-rule <string> action drop in-if <ethx|aggx|redx> src-mac <mac_addr> dst-mac <mac_addr>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
drop |
Drop packets that match the rule
|
in-if |
Set the inbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
src-mac |
Set the source MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
forwarding-engine static-rule <string> action drop in-if <ethx|aggx|redx> src-oui <oui> dst-mac <mac_addr>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
drop |
Drop packets that match the rule
|
in-if |
Set the inbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
src-oui |
Set the source OUI, apply the rule to any MAC address sharing the same OUI as the MAC address
|
<oui> |
Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
forwarding-engine static-rule <string> action drop in-if <wifix.y> dst-mac <mac_addr> tx-mac <mac_addr>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
drop |
Drop packets that match the rule
|
in-if |
Set the inbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
tx-mac |
Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the HiveAP
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
forwarding-engine static-rule <string> action drop in-if <wifix.y> src-mac <mac_addr> dst-mac <mac_addr> tx-mac <mac_addr>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
drop |
Drop packets that match the rule
|
in-if |
Set the inbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
src-mac |
Set the source MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
tx-mac |
Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the HiveAP
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
forwarding-engine static-rule <string> action drop in-if <wifix.y> src-oui <oui> dst-mac <mac_addr> tx-mac <mac_addr>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
drop |
Drop packets that match the rule
|
in-if |
Set the inbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
src-oui |
Set the source OUI, apply the rule to any MAC address sharing the same OUI as the MAC address
|
<oui> |
Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
tx-mac |
Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the HiveAP
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
forwarding-engine static-rule <string> action pass in-if <ethx|aggx|redx> dst-mac <mac_addr> out-if <ethx|aggx|redx>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
pass |
Pass packets that match the rule
|
in-if |
Set the inbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
out-if |
Set the outbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
forwarding-engine static-rule <string> action pass in-if <ethx|aggx|redx> dst-mac <mac_addr> out-if <wifix.y> rx-mac <mac_addr>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
pass |
Pass packets that match the rule
|
in-if |
Set the inbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
out-if |
Set the outbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
rx-mac |
Set the MAC address of the receiver; that is the MAC address of the device on the network to which the HiveAP forwards the frame
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
forwarding-engine static-rule <string> action pass in-if <ethx|aggx|redx> src-mac <mac_addr> dst-mac <mac_addr> out-if <ethx|aggx|redx>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
pass |
Pass packets that match the rule
|
in-if |
Set the inbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
src-mac |
Set the source MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
out-if |
Set the outbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
forwarding-engine static-rule <string> action pass in-if <ethx|aggx|redx> src-mac <mac_addr> dst-mac <mac_addr> out-if <wifix.y> rx-mac <mac_addr>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
pass |
Pass packets that match the rule
|
in-if |
Set the inbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
src-mac |
Set the source MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
out-if |
Set the outbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
rx-mac |
Set the MAC address of the receiver; that is the MAC address of the device on the network to which the HiveAP forwards the frame
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
forwarding-engine static-rule <string> action pass in-if <ethx|aggx|redx> src-oui <oui> dst-mac <mac_addr> out-if <ethx|aggx|redx>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
pass |
Pass packets that match the rule
|
in-if |
Set the inbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
src-oui |
Set the source OUI, apply the rule to any MAC address sharing the same OUI as the MAC address
|
<oui> |
Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
out-if |
Set the outbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
forwarding-engine static-rule <string> action pass in-if <ethx|aggx|redx> src-oui <oui> dst-mac <mac_addr> out-if <wifix.y> rx-mac <mac_addr>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
pass |
Pass packets that match the rule
|
in-if |
Set the inbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
src-oui |
Set the source OUI, apply the rule to any MAC address sharing the same OUI as the MAC address
|
<oui> |
Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
out-if |
Set the outbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
rx-mac |
Set the MAC address of the receiver; that is the MAC address of the device on the network to which the HiveAP forwards the frame
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
forwarding-engine static-rule <string> action pass in-if <wifix.y> dst-mac <mac_addr> tx-mac <mac_addr> out-if <ethx|aggx|redx>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
pass |
Pass packets that match the rule
|
in-if |
Set the inbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
tx-mac |
Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the HiveAP
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
out-if |
Set the outbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
forwarding-engine static-rule <string> action pass in-if <wifix.y> dst-mac <mac_addr> tx-mac <mac_addr> out-if <wifix.y> rx-mac <mac_addr>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
pass |
Pass packets that match the rule
|
in-if |
Set the inbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
tx-mac |
Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the HiveAP
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
out-if |
Set the outbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
rx-mac |
Set the MAC address of the receiver; that is the MAC address of the device on the network to which the HiveAP forwards the frame
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
forwarding-engine static-rule <string> action pass in-if <wifix.y> src-mac <mac_addr> dst-mac <mac_addr> tx-mac <mac_addr> out-if <ethx|aggx|redx>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
pass |
Pass packets that match the rule
|
in-if |
Set the inbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
src-mac |
Set the source MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
tx-mac |
Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the HiveAP
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
out-if |
Set the outbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
forwarding-engine static-rule <string> action pass in-if <wifix.y> src-mac <mac_addr> dst-mac <mac_addr> tx-mac <mac_addr> out-if <wifix.y> rx-mac <mac_addr>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
pass |
Pass packets that match the rule
|
in-if |
Set the inbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
src-mac |
Set the source MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
tx-mac |
Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the HiveAP
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
out-if |
Set the outbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
rx-mac |
Set the MAC address of the receiver; that is the MAC address of the device on the network to which the HiveAP forwards the frame
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
forwarding-engine static-rule <string> action pass in-if <wifix.y> src-oui <oui> dst-mac <mac_addr> tx-mac <mac_addr> out-if <ethx|aggx|redx>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
pass |
Pass packets that match the rule
|
in-if |
Set the inbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
src-oui |
Set the source OUI, apply the rule to any MAC address sharing the same OUI as the MAC address
|
<oui> |
Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
tx-mac |
Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the HiveAP
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
out-if |
Set the outbound interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
forwarding-engine static-rule <string> action pass in-if <wifix.y> src-oui <oui> dst-mac <mac_addr> tx-mac <mac_addr> out-if <wifix.y> rx-mac <mac_addr>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
static-rule |
Add a static packet-forwarding rule that preempts dynamic forwarding decisions
|
<string> |
Enter the name of the packet-forwarding rule (1-32 chars)
|
action |
Set the action to apply to packets matching the static packet-forwarding rule
|
pass |
Pass packets that match the rule
|
in-if |
Set the inbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
src-oui |
Set the source OUI, apply the rule to any MAC address sharing the same OUI as the MAC address
|
<oui> |
Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
|
dst-mac |
Set the destination MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
tx-mac |
Set the MAC address of the transmitter; that is the MAC address of the device on the network that forwarded the frame to the HiveAP
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
out-if |
Set the outbound interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
rx-mac |
Set the MAC address of the receiver; that is the MAC address of the device on the network to which the HiveAP forwards the frame
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
forwarding-engine tunnel selective-multicast-forward allow-all except <ip_addr|ip_addr/mask>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
tunnel |
Set tunnel (GRE tunnel or GRE-over-IPsec tunnel) parameters
|
selective-multicast-forward |
Selective multicast forwarding through GRE tunnels
|
allow-all |
Allow the forwarding of all IP multicast traffic through tunnels except for specified IP multicast groups
|
except |
Block specific IP multicast traffic through tunnels
|
<ip_addr> |
Enter the IP address and netmask of the multicast group to block (Example: 224.1.1.1 or 224.1.1.0/24)
|
<ip_addr/netmask> |
Enter the IP address and netmask of the multicast group to block (Example: 224.1.1.1 or 224.1.1.0/24)
|
forwarding-engine tunnel selective-multicast-forward block-all
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
tunnel |
Set tunnel (GRE tunnel or GRE-over-IPsec tunnel) parameters
|
selective-multicast-forward |
Selective multicast forwarding through GRE tunnels
|
block-all |
Block the forwarding of all IP multicast traffic through tunnels except for specified IP multicast groups
|
forwarding-engine tunnel selective-multicast-forward block-all except <ip_addr|ip_addr/mask>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
tunnel |
Set tunnel (GRE tunnel or GRE-over-IPsec tunnel) parameters
|
selective-multicast-forward |
Selective multicast forwarding through GRE tunnels
|
block-all |
Block the forwarding of all IP multicast traffic through tunnels except for specified IP multicast groups
|
except |
Allow specific IP multicast traffic through tunnels
|
<ip_addr> |
Enter the IP address and netmask of the multicast group to allow (Example: 224.1.1.1 or 224.1.1.0/24)
|
<ip_addr/netmask> |
Enter the IP address and netmask of the multicast group to allow (Example: 224.1.1.1 or 224.1.1.0/24)
|
forwarding-engine tunnel tcp-mss-threshold enable
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
tunnel |
Set tunnel (GRE tunnel or GRE-over-IPsec tunnel) parameters
|
tcp-mss-threshold |
Set TCP MSS (Maximum Segment Size) parameters
|
enable |
Enable the TCP MSS threshold feature
|
forwarding-engine tunnel tcp-mss-threshold threshold-size <number>
|
forwarding-engine |
Set parameters to shape the behavior of the forwarding engine
|
tunnel |
Set tunnel (GRE tunnel or GRE-over-IPsec tunnel) parameters
|
tcp-mss-threshold |
Set TCP MSS (Maximum Segment Size) parameters
|
threshold-size |
Set the TCP MSS threshold size
|
<number> |
Enter the TCP MSS size in bytes(GRE Tunnel Range: 64-1414; GRE-over-IPSec Tunnel Range: 64-1336)
|
history <number>
|
history |
Set the capacity for command history
|
<number> |
Enter the max number of commands to store in command history (Default: 20; Range: 1-50)
|
hive <string>
|
hive |
Create a hive or set hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
hive <string> frag-threshold <number>
|
hive |
Create a hive or set hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
frag-threshold |
Set fragment threshold parameters for the hive
|
<number> |
Enter the fragment threshold in bytes for the hive (Default: 2346; Range: 256-2346)
|
hive <string> manage all
|
hive |
Create a hive or set hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
manage |
Set management service parameters
|
all |
Enable all manageability options (ping, SNMP, SSH, and Telnet) for mgt0 through wireless backhaul interfaces in this hive (Defaults: ping enabled, SNMP disabled, SSH enabled, Telnet disabled)
|
hive <string> manage {Telnet|SSH|SNMP|ping}
|
hive |
Create a hive or set hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
manage |
Set management service parameters
|
Telnet |
Enable Telnet manageability of mgt0 through wireless backhaul interfaces in this hive (Default: Disabled)
|
SSH |
Enable SSH manageability of mgt0 through wireless backhaul interfaces in this hive (Default: Enabled)
|
SNMP |
Enable SNMP manageability of mgt0 through wireless backhaul interfaces in this hive (Default: Disabled)
|
ping |
Enable mgt0 to respond to pings through subinterfaces bound to this SSID (Default: Enabled)
|
hive <string> neighbor connecting-threshold <number> polling-interval <number>
|
hive |
Create a hive or set hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
neighbor |
Set the threshold parameters for connecting wirelessly with neighboring hive members
|
connecting-threshold |
Set the minimum signal strength threshold required for connecting with a neighboring hive member
|
<number> |
Enter a minimum signal strength value in dBm (Default: -80; Range: -90~-55)
|
polling-interval |
Set the time interval in minutes for polling the signal strength of neighboring hive members
|
<number> |
Enter the polling time interval (Default: 1 minute; range: 1-60)
|
hive <string> neighbor connecting-threshold {low|medium|high} polling-interval <number>
|
hive |
Create a hive or set hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
neighbor |
Set the threshold parameters for connecting wirelessly with neighboring hive members
|
connecting-threshold |
Set the minimum signal strength threshold required for connecting with a neighboring hive member
|
low |
Set a relatively low minimum signal strength threshold (-85dBm)
|
medium |
Set a relatively moderate minimum signal strength threshold (-80dBm)
|
high |
Set a relatively high minimum signal strength threshold (-75dBm)
|
polling-interval |
Set the time interval in minutes for polling the signal strength of neighboring hive members
|
<number> |
Enter the polling time interval (Default: 1 minute; range: 1-60)
|
hive <string> password <string>
|
hive |
Create a hive or set hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
password |
Set a key for hive member authentication
|
<string> |
Enter a string (8-63 chars) for hive member authentication (Default: a default password is derived from the hive name)
|
hive <string> rts-threshold <number>
|
hive |
Create a hive or set hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
rts-threshold |
Set the RTS (request to send) threshold for the hive
|
<number> |
Enter the packet size for the RTS threshold for the hive (Default: 2346 bytes; Range: 1-2346)
|
hive <string> security mac-filter <string>
|
hive |
Create a hive or set hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
security |
Set hive security parameters
|
mac-filter |
Assign a filter for MAC addresses or OUIs (organizational unique identifiers)
|
<string> |
Enter the filter name for MAC addresses or OUIs (organizational unique identifiers)
|
hive <string> security wlan dos station-level frame-type {assoc-req|auth|eapol} ban <number>
|
hive |
Create a hive or set hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
security |
Set hive security parameters
|
wlan |
Set WLAN parameters
|
dos |
Set WLAN DoS (Denial of Service) parameters
|
station-level |
Set DoS parameters at station-level
|
frame-type |
Set WLAN DoS (Denial of Service) frame type
|
assoc-req |
Specify WLAN DoS frame type assoc-req
|
auth |
Specify WLAN DoS frame type auth
|
eapol |
Specify WLAN DoS frame type eapol
|
ban |
Set the period of time to ignore frames after a theshold has been crossed
|
<number> |
Enter the period of time in seconds to ignore frames after a theshold has been crossed (Default: 60; Min: 0 Max: None)
|
hive <string> security wlan dos station-level frame-type {assoc-req|auth|eapol} ban forever
|
hive |
Create a hive or set hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
security |
Set hive security parameters
|
wlan |
Set WLAN parameters
|
dos |
Set WLAN DoS (Denial of Service) parameters
|
station-level |
Set DoS parameters at station-level
|
frame-type |
Set WLAN DoS (Denial of Service) frame type
|
assoc-req |
Specify WLAN DoS frame type assoc-req
|
auth |
Specify WLAN DoS frame type auth
|
eapol |
Specify WLAN DoS frame type eapol
|
ban |
Set the period of time to ignore frames after a theshold has been crossed
|
forever |
Set ban forever
|
hive <string> security wlan dos {hive-level|station-level} frame-type {probe-req|probe-resp|assoc-req|assoc-resp|disassoc|auth|deauth|eapol|all}
|
hive |
Create a hive or set hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
security |
Set hive security parameters
|
wlan |
Set WLAN parameters
|
dos |
Set WLAN DoS (Denial of Service) parameters
|
hive-level |
Set DoS parameters at hive-level
|
station-level |
Set DoS parameters at station-level
|
frame-type |
Set WLAN DoS (Denial of Service) frame type
|
probe-req |
Specify WLAN DoS frame type probe-req
|
probe-resp |
Specify WLAN DoS frame type probe-resp
|
assoc-req |
Specify WLAN DoS frame type assoc-req
|
assoc-resp |
Specify WLAN DoS frame type assoc-resp
|
disassoc |
Specify WLAN DoS frame type disassoc
|
auth |
Specify WLAN DoS frame type auth
|
deauth |
Specify WLAN DoS frame type deauth
|
eapol |
Specify WLAN DoS frame type eapol
|
all |
Specify WLAN DoS frame type all
|
hive <string> security wlan dos {hive-level|station-level} frame-type {probe-req|probe-resp|assoc-req|assoc-resp|disassoc|auth|deauth|eapol|all} alarm <number>
|
hive |
Create a hive or set hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
security |
Set hive security parameters
|
wlan |
Set WLAN parameters
|
dos |
Set WLAN DoS (Denial of Service) parameters
|
hive-level |
Set DoS parameters at hive-level
|
station-level |
Set DoS parameters at station-level
|
frame-type |
Set WLAN DoS (Denial of Service) frame type
|
probe-req |
Specify WLAN DoS frame type probe-req
|
probe-resp |
Specify WLAN DoS frame type probe-resp
|
assoc-req |
Specify WLAN DoS frame type assoc-req
|
assoc-resp |
Specify WLAN DoS frame type assoc-resp
|
disassoc |
Specify WLAN DoS frame type disassoc
|
auth |
Specify WLAN DoS frame type auth
|
deauth |
Specify WLAN DoS frame type deauth
|
eapol |
Specify WLAN DoS frame type eapol
|
all |
Specify WLAN DoS frame type all
|
alarm |
Set the interval in seconds between alarms to indicate continuous DoS conditions
|
<number> |
Enter the interval in seconds between alarms to indicate continuous DoS conditions (Default: 60 secs; Min: 0 Max: None)
|
hive <string> security wlan dos {hive-level|station-level} frame-type {probe-req|probe-resp|assoc-req|assoc-resp|disassoc|auth|deauth|eapol|all} threshold <number>
|
hive |
Create a hive or set hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
security |
Set hive security parameters
|
wlan |
Set WLAN parameters
|
dos |
Set WLAN DoS (Denial of Service) parameters
|
hive-level |
Set DoS parameters at hive-level
|
station-level |
Set DoS parameters at station-level
|
frame-type |
Set WLAN DoS (Denial of Service) frame type
|
probe-req |
Specify WLAN DoS frame type probe-req
|
probe-resp |
Specify WLAN DoS frame type probe-resp
|
assoc-req |
Specify WLAN DoS frame type assoc-req
|
assoc-resp |
Specify WLAN DoS frame type assoc-resp
|
disassoc |
Specify WLAN DoS frame type disassoc
|
auth |
Specify WLAN DoS frame type auth
|
deauth |
Specify WLAN DoS frame type deauth
|
eapol |
Specify WLAN DoS frame type eapol
|
all |
Specify WLAN DoS frame type all
|
threshold |
Set the frame threshold in ppm (packets per minute) that must be crossed to trigger an alarm
|
<number> |
Enter threshold in ppm (Default: hive-level probe-req 12000, probe-resp 24000, eapol 6000, auth 6000, assoc-req 6000, assoc-resp 2400, all others 1200; sta-level probe-req 1200 ppm, probe-resp 2400, eapol 600, auth 600, assoc-req 600, assoc-resp 240, all others 120; Min: 0 Max: None)
|
hive <string> wlan-idp in-net-ap
|
hive |
Create a hive or set hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
wlan-idp |
Set WLAN IDP (intrusion detection and prevention) parameters
|
in-net-ap |
Mitigate rogue APs and their clients only if the rogues are in the same backhaul network as the HiveAPs that detected them (Default: Mitigate all rogue APs and their clients)
|
hive <string> wlan-idp max-mitigator-num <number>
|
hive |
Create a hive or set hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
wlan-idp |
Set WLAN IDP (intrusion detection and prevention) parameters
|
max-mitigator-num |
Set the maximum number of detector APs that can be assigned as mitigator APs to perform mitigation on a rogue and its clients
|
<number> |
Enter the maximum number of mitigator APs (Default: 1; Range: 0-1024; 0 means all detector APs can be assigned to perform rogue mitigation))
|
hive <string> wlan-idp mitigation-mode {automatic|semi-automatic|manual}
|
hive |
Create a hive or set hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
wlan-idp |
Set WLAN IDP (intrusion detection and prevention) parameters
|
mitigation-mode |
Set the mode for mitigating rogue APs and their clients
|
automatic |
Set the arbitrator AP to appoint a mitigator AP and start the mitigation process automatically (Default: semi-automatic)
|
semi-automatic |
Set the arbitrator AP to appoint a mitigator AP automatically but start the mitigation process manually (Default: semi-automatic)
|
manual |
Set the mitigator AP and start the mitigation process manually (Default: semi-automatic)
|
hive <string> wlan-idp mitigation-mode {automatic|semi-automatic} action {mitigate|report}
|
hive |
Create a hive or set hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
wlan-idp |
Set WLAN IDP (intrusion detection and prevention) parameters
|
mitigation-mode |
Set the mode for mitigating rogue APs and their clients
|
automatic |
Set the arbitrator AP to appoint a mitigator AP and start the mitigation process automatically (Default: semi-automatic)
|
semi-automatic |
Set the arbitrator AP to appoint a mitigator AP automatically but start the mitigation process manually (Default: semi-automatic)
|
action |
Set the action that you want detector APs to take after discovering rogue APs and their clients
|
mitigate |
Mitigate rogue APs and their clients (Default: Rogue mitigation)
|
report |
Report rogue APs and their clients (Default: Rogue mitigation)
|
hive <string> wlan-idp mitigator-reeval-period <number>
|
hive |
Create a hive or set hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
wlan-idp |
Set WLAN IDP (intrusion detection and prevention) parameters
|
mitigator-reeval-period |
Set the recurring period of time after which the arbitrator AP reevaluates which HiveAPs to make mitigator APs
|
<number> |
Enter the period of time in minutes (Default: 5 mins; Range: 1-1440)
|
hive <string> wlan-idp query-interval <number>
|
hive |
Create a hive or set hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
wlan-idp |
Set WLAN IDP (intrusion detection and prevention) parameters
|
query-interval |
Set a period of time in minutes for DA to query ap-classify info from HiveManager
|
<number> |
Enter the period of time in minutes (Default: 60 mins; Range: 60-43200; Note: 43200 minutes is 30 days)
|
hive <string> wlan-idp wait-interval <number>
|
hive |
Create a hive or set hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
wlan-idp |
Set WLAN IDP (intrusion detection and prevention) parameters
|
wait-interval |
Set a time interval for a newly promoted arbitrator AP to wait for AP classification information from HiveManager or the previous arbitrator, or to wait for the previous arbitrator to come back online, before taking over arbitration responsibilities
|
<number> |
Enter the time interval in minutes (Default: 1 minute; Range: 1-10)
|
hiveui cas client server name <string>
|
hiveui |
Enable the NetConfig UI for defining network settings, configuring settings to connect to HiveManager, and uploading a new HiveOS image
|
cas |
Set client and server parameters for CAS (Central Authentication Service) to authenticate users such as teachers accessing TeacherView
|
client |
Set parameters for the local AP to act as a CAS client
|
server |
Set parameters for communicating with the CAS server
|
name |
Set the IP address or resolvable domain name for the CAS server
|
<string> |
Enter the IP address or domain name (max 32 chars) of the CAS server
|
hiveui cas client server port <number>
|
hiveui |
Enable the NetConfig UI for defining network settings, configuring settings to connect to HiveManager, and uploading a new HiveOS image
|
cas |
Set client and server parameters for CAS (Central Authentication Service) to authenticate users such as teachers accessing TeacherView
|
client |
Set parameters for the local AP to act as a CAS client
|
server |
Set parameters for communicating with the CAS server
|
port |
Set the destination TCP port number for the CAS server
|
<number> |
[1~65535]Enter the TCP port number (Default: 443; Range: 1-65535)
|
hiveui enable
|
hiveui |
Enable the NetConfig UI for defining network settings, configuring settings to connect to HiveManager, and uploading a new HiveOS image
|
enable |
Enable the HiveUI
|
hostname <string>
|
hostname |
Set the hostname of the AP
|
<string> |
Enter the hostname of the AP (1-32 chars)
|
interface <ethx> allowed-vlan <number> [ - <number> ]
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
allowed-vlan |
Set a list of VLAN IDs by which traffic allowed to cross the interface can be filtered
|
<number> |
Enter the VLAN ID to be allowed (Range: 1-4094)
|
- |
Set a range of allowed VLAN IDs
|
<number> |
Enter the last VLAN ID in the range (Range: 1-4094)
|
interface <ethx> allowed-vlan {all|auto}
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
allowed-vlan |
Set a list of VLAN IDs by which traffic allowed to cross the interface can be filtered
|
all |
Allow traffic tagged with any VLAN ID
|
auto |
Allow traffic whose VLAN ID matches that of mgt0, the native vlan, or the default VLAN configured in user profiles
|
interface <ethx> client-monitor-policy <string>
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
client-monitor-policy |
Assign a Client Monitor policy to automatically detect, analyze and report problems about the client which access network through this Ethernet interface
|
<string> |
Enter the Client Monitor policy name (1-32 chars)
|
interface <ethx> duplex {full|half|auto}
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
duplex |
Set the duplex for the interface
|
full |
Set the duplex of ethernet interface to full (Default: auto)
|
half |
Set the duplex of ethernet interface to half (Default: auto)
|
auto |
Set the duplex of ethernet interface to auto (Default: auto)
|
interface <ethx> inter-station-traffic
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
inter-station-traffic |
Set the HiveAP to permit traffic between stations connected to one or more of its access interfaces (Default: Enabled)
|
interface <ethx> ip <ip_addr/netmask>
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
ip |
Set an IP address and netmask for the interface
|
<ip_addr/netmask> |
Enter the interface IP address and netmask
|
interface <ethx> link-discovery {lldp|cdp}
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
link-discovery |
Enable the communication of network-related information with neighboring network devices through the interface (Default: LLDP enabled; CDP enabled)
|
lldp |
Set LLDP (Link Layer Discovery Protocol) parameters on the interface
|
cdp |
Set CDP (Cisco Discovery Protocol) parameters on the interface
|
interface <ethx> mac-learning enable
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
mac-learning |
Set parameters for MAC address learning
|
enable |
Enable MAC address learning on the Ethernet interface
|
interface <ethx> mac-learning idle-timeout <number>
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
mac-learning |
Set parameters for MAC address learning
|
idle-timeout |
Set the timeout for automatically clearing an inactive dynamically learned MAC address from the MAC learning table
|
<number> |
Enter the timeout value in seconds (Default: 180; Range: 10-3600)
|
interface <ethx> mac-learning static <mac_addr>
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
mac-learning |
Set parameters for MAC address learning
|
static |
Set statically defined MAC address entries
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
interface <ethx> manage {Telnet|SSH|SNMP|ping|all}
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
manage |
Set management service parameters
|
Telnet |
Enable Telnet manageability of mgt0 through this interface (Default: Disabled)
|
SSH |
Enable SSH manageability of mgt0 through this interface (Default: Enabled)
|
SNMP |
Enable SNMP manageability of mgt0 through this interface (Default: Disabled)
|
ping |
Enable mgt0 to respond to pings through this interface (Default: Enabled)
|
all |
Enable all manageability options (ping, SNMP, SSH, and Telnet) for mgt0 through this interface
|
interface <ethx> mode bridge-802.1q user-profile-attribute <number>
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
mode |
Set the operational mode for the interface (Default: backhaul except wan in case of usbnet)
|
bridge-802.1q |
Set the interface in bridge-802.1Q mode, making it a VLAN-aware layer 2 interface to enable the bridging of traffic between 802.1Q VLAN-capable devices in a wired LAN segment and the wireless LAN (Note: The default MAC route is never on an interface in this mode.)
|
user-profile-attribute |
Map a RADIUS attribute to the user profile
|
<number> |
Enter a numeric value for a single RADIUS attribute (Default:0; Range: 0-4095)
|
interface <ethx> mode bridge-access [ user-profile-attribute <number> ]
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
mode |
Set the operational mode for the interface (Default: backhaul except wan in case of usbnet)
|
bridge-access |
Set the interface in bridge-access mode, making it a layer 2 interface to enable the bridging of traffic between devices in a single VLAN in a wired LAN segment and the wireless LAN (Note: The default MAC route is never on an interface in this mode.)
|
user-profile-attribute |
Map a RADIUS attribute to the user profile
|
<number> |
Enter a numeric value for a single RADIUS attribute (Default:0; Range: 0-4095)
|
interface <ethx> mode wan
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
mode |
Set the operational mode for the interface (Default: backhaul except wan in case of usbnet)
|
wan |
Set the interface in WAN mode, making it a layer 3 interface through which the default IP route for traffic to and from the main LAN passes
|
interface <ethx> mode wan nat
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
mode |
Set the operational mode for the interface (Default: backhaul)
|
wan |
Set the interface in WAN mode, making it a layer 3 interface through which the default IP route for traffic to and from the main LAN passes
|
nat |
Enable NAT (network address translation) on the interface to translate the source IP address and port number in from-access packets to the IP address of the Ethernet interface and a randomly chosen port number (Default: Enabled)
|
interface <ethx> mode {bridge-802.1q|backhaul}
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
mode |
Set the operational mode for the interface (Default: backhaul except wan in case of usbnet)
|
bridge-802.1q |
Set the interface in bridge-802.1Q mode, making it a VLAN-aware layer 2 interface to enable the bridging of traffic between 802.1Q VLAN-capable devices in a wired LAN segment and the wireless LAN (Note: The default MAC route is never on an interface in this mode.)
|
backhaul |
Set the interface in backhaul mode, making it a VLAN-aware layer 2 interface through which the default MAC route for traffic to and from the main LAN passes
|
interface <ethx> native-vlan <number>
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
native-vlan |
Set the native (untagged) VLAN used by the switch infrastructure in the surrounding Ethernet network
|
<number> |
Enter the native (untagged) VLAN (Range: 1-4094)
|
interface <ethx> qos-classifier <string>
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
qos-classifier |
Assign a QoS classification profile (classifier) to the interface
|
<string> |
Enter the QoS classifier profile name (1 to 32 chars)
|
interface <ethx> qos-marker <string>
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
qos-marker |
Assign a QoS marker profile to the interface
|
<string> |
Enter the QoS marker profile name (1 to 32 chars)
|
interface <ethx> rate-limit broadcast <number>
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
rate-limit |
Set parameter for interface-based rate limiting
|
broadcast |
Set broadcast traffic rate limiting
|
<number> |
Enter the maximum rate for incoming broadcast traffic for the interface (Default: 10000 Kbps; Range: 0-20000)
|
interface <ethx> rate-limit multicast <number>
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
rate-limit |
Set parameter for interface-based rate limiting
|
multicast |
Set multicast traffic rate limiting
|
<number> |
Enter the maximum rate for incoming multicast traffic for the interface (Default: 20000 Kbps; Range: 0-20000)
|
interface <ethx> rate-limit unicast <number>
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
rate-limit |
Set parameter for interface-based rate limiting
|
unicast |
Set unicast traffic rate limiting
|
<number> |
Enter the maximum rate for incoming unicast traffic for the interface (Default: 1000000 Kbps; Range: 0-1000000)
|
interface <ethx> rate-limit {multicast|broadcast|unicast} enable
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
rate-limit |
Set parameter for interface-based rate limiting
|
multicast |
Set multicast traffic rate limiting
|
broadcast |
Set broadcast traffic rate limiting
|
unicast |
Set unicast traffic rate limiting
|
enable |
Enable rate limiting on the interface for this type of traffic (Default: multicast/broadcast Enable,unicast Disable)
|
interface <ethx> security-object <string>
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
security-object |
Assign a security object to control network access through this interface
|
<string> |
Enter the security object name (1-32 chars)
|
interface <ethx> shutdown
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
shutdown |
Disable the interface
|
interface <ethx> speed {10|100|1000|auto}
|
interface |
Set interface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
speed |
Set the speed for the interface
|
10 |
Set the speed of ethernet interface to 10 Mbps (Default: auto)
|
100 |
Set the speed of ethernet interface to 100 Mbps (Default: auto)
|
1000 |
Set the speed of ethernet interface to 1000 Mbps (Default: auto)
|
auto |
Set the speed of ethernet interface to auto Mbps (Default: auto)
|
interface <mgtx.y> ip <ip_addr/netmask>
|
interface |
Set interface parameters
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
ip |
Set IP address for the virtual management interface
|
<ip_addr/netmask> |
Enter the virtual management interface IP address and netmask
|
interface <mgtx.y> manage ping
|
interface |
Set interface parameters
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
manage |
Set management service parameters
|
ping |
Enable the virtual management interface to respond to pings (Default: Enabled)
|
interface <mgtx.y> vlan <number>
|
interface |
Set interface parameters
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
vlan |
Set the VLAN ID for the interface
|
<number> |
Enter the VLAN ID (Default: 1; Range: 1-4094)
|
interface <mgtx> default-ip-prefix <ip_addr/netmask>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
default-ip-prefix |
Set the network address to combine with the automatically generated host IP address to make a complete IP address (The netmask for the default IP address is 255.255.0.0)
|
<ip_addr/netmask> |
Enter the network address/netmask (Default: 192.168.0.0/16; Note: Only 8, 16, and 24-bit netmasks are supported.)
|
interface <mgtx> default-ip-prefix <ip_addr>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
default-ip-prefix |
Set the network address to combine with the automatically generated host IP address to make a complete IP address (The netmask for the default IP address is 255.255.0.0)
|
<ip_addr> |
Enter the network address (Default: 192.168.0.0)
|
interface <mgtx> dhcp client fallback-to-static-ip
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
dhcp |
Set DHCP parameters
|
client |
Set DHCP client parameters
|
fallback-to-static-ip |
Assign the static IP address to mgt0 when it does not receive an address through DHCP by the end of the timeout interval
|
interface <mgtx> dhcp keepalive enable
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
dhcp |
Set DHCP parameters
|
keepalive |
Set parameters for periodically checking network connectivity to DHCP servers on different VLANs
|
enable |
Enable the checking of network connectivity to DHCP servers in the specified VLAN range and also in VLANs set in user profile definitions or assigned by RADIUS servers, the native VLAN, and the management interface VLAN (Default: Disabled)
|
interface <mgtx> dhcp keepalive interval <number>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
dhcp |
Set DHCP parameters
|
keepalive |
Set parameters for periodically checking network connectivity to DHCP servers on different VLANs
|
interval |
Set the interval between periodic connectivity status checks
|
<number> |
Enter the interval in seconds (Range: 60-86400; Default: 3600)
|
interface <mgtx> dhcp keepalive retry <number>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
dhcp |
Set DHCP parameters
|
keepalive |
Set parameters for periodically checking network connectivity to DHCP servers on different VLANs
|
retry |
Set the number of times to retry sending a probe that does not elicit a response from a DHCP server
|
<number> |
Enter the retry value (Range: 1-10; Default: 2)
|
interface <mgtx> dhcp keepalive timeout <number>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
dhcp |
Set DHCP parameters
|
keepalive |
Set parameters for periodically checking network connectivity to DHCP servers on different VLANs
|
timeout |
Set the timeout for waiting for a response to a DHCP probe
|
<number> |
Enter the timeout value in seconds (Range: 1-60; Default:10)
|
interface <mgtx> dhcp keepalive vlan <number> [ <number> ]
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
dhcp |
Set DHCP parameters
|
keepalive |
Set parameters for periodically checking network connectivity to DHCP servers on different VLANs
|
vlan |
Set the range of VLANs in which to probe for DHCP servers
|
<number> |
Enter the start of the VLAN range (Range: 1-4094)
|
<number> |
Enter the end of the VLAN range (Range: 1-4094)
|
interface <mgtx> dhcp-probe vlan-range <number> <number> [ timeout <number> ] [ retries <number> ]
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
dhcp-probe |
Probe for DHCP servers in one or more VLANs
|
vlan-range |
Set the range of VLANs in which to probe for a DHCP server
|
<number> |
Enter the start of the VLAN range (Range: 1-4094)
|
<number> |
Enter the end of the VLAN range (Range: 1-4094)
|
timeout |
Set the timeout for waiting for a response to a probe
|
<number> |
Enter the timeout value (Default: 10 secs; Range: 1-60)
|
retries |
Set the number of times to retry sending a probe that does not elicit a response from a DHCP server
|
<number> |
Enter the retry value (Default: 1; Range: 1-10)
|
interface <mgtx> hive <string>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
hive |
Set the hive profile to the mgt0 interface or enable/disable the wifi interface used for hive communications
|
<string> |
Enter a hive profile name (1-32 chars)
|
interface <mgtx> ip <ip_addr/netmask>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
ip |
Set mgt0 IP address
|
<ip_addr/netmask> |
Enter mgt0 IP address/netmask
|
interface <mgtx> ip <ip_addr> <netmask>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
ip |
Set mgt0 IP address
|
<ip_addr> |
Enter mgt0 IP address
|
<netmask> |
Enter mgt0 netmask
|
interface <mgtx> mtu <number>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
mtu |
Set the MTU (maximum transmission unit) to determine when to start fragmenting packets
|
<number> |
Enter the MTU value in bytes (Default: 1500; Range: 100-1500)
|
interface <mgtx> native-vlan <number>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
native-vlan |
Set the native (untagged) VLAN that the switch infrastructure in the surrounding wired and wireless backhaul network uses
|
<number> |
Enter the native (untagged) VLAN (Default: 1; Range: 1-4094)
|
interface <mgtx> vlan <number>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
vlan |
Set the VLAN for administrative access to the HiveAP, management traffic between HiveAPs and HiveManager, and control traffic among hive members
|
<number> |
Enter the VLAN ID for the interface (Default: 1; Range: 1-4094)
|
interface <mgtx|ethx> dhcp client
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
dhcp |
Set DHCP parameters
|
client |
Set DHCP client parameters
|
interface <mgtx|ethx> dhcp client address-only
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
dhcp |
Set DHCP parameters
|
client |
Set DHCP client parameters
|
address-only |
Set the AP to use only the IP address, netmask, and gateway received through DHCP instead of all TCP/IP settings (Default: Use all TCP/IP settings received through DHCP)
|
interface <mgtx|ethx> dhcp client option custom ppsk-server <number> ip
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
dhcp |
Set DHCP parameters
|
client |
Set DHCP client parameters
|
option |
Set DHCP client options
|
custom |
Set DHCP client custom options
|
ppsk-server |
Set a custom DHCP option ID and ID type for a private PSK server
|
<number> |
Enter the custom DHCP option ID (ID Range: 128-254; Default ID numbers and types: HiveManager: 225 string, 226 IP; syslog 227 string, 228 IP; private PSK: 229 IP; RADIUS authentication: 230 IP; RADIUS accounting: 231, IP)
|
ip |
Set the type of the custom DHCP option as IP
|
interface <mgtx|ethx> dhcp client option custom radius-server <number> ip
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
dhcp |
Set DHCP parameters
|
client |
Set DHCP client parameters
|
option |
Set DHCP client options
|
custom |
Set DHCP client custom options
|
radius-server |
Set a custom DHCP option ID and ID type for a RADIUS authentication or accounting server
|
<number> |
Enter the custom DHCP option ID for a RADIUS authentication server (ID Range: 128-254; Default ID numbers and types: HiveManager: 225 string, 226 IP; syslog 227 string, 228 IP; private PSK: 229 IP; RADIUS authentication: 230 IP; RADIUS accounting: 231, IP)
|
ip |
Set the type of the custom DHCP option as IP
|
interface <mgtx|ethx> dhcp client option custom radius-server accounting <number> ip
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
dhcp |
Set DHCP parameters
|
client |
Set DHCP client parameters
|
option |
Set DHCP client options
|
custom |
Set DHCP client custom options
|
radius-server |
Set a custom DHCP option ID and ID type for a RADIUS authentication or accounting server
|
accounting |
Set a custom DHCP option ID and ID type for a RADIUS accounting server
|
<number> |
Enter the custom DHCP option ID for a RADIUS accounting server (ID Range: 128-254; Default ID numbers and types: HiveManager: 225 string, 226 IP; syslog 227 string, 228 IP; private PSK: 229 IP; RADIUS authentication: 230 IP; RADIUS accounting: 231, IP)
|
ip |
Set the type of the custom DHCP option as IP
|
interface <mgtx|ethx> dhcp client option custom {syslog-server|hivemanager} <number> {string|ip}
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
dhcp |
Set DHCP parameters
|
client |
Set DHCP client parameters
|
option |
Set DHCP client options
|
custom |
Set DHCP client custom options
|
syslog-server |
Set a custom DHCP option ID and ID type for a syslog server
|
hivemanager |
Set a custom DHCP option ID and ID type for HiveManager
|
<number> |
Enter the custom DHCP option ID (Default ID numbers and types: HiveManager = 225 string, 226 IP; Syslog server = 227 string, 228 IP)
|
string |
Set the type of the custom DHCP option as a string
|
ip |
Set the type of the custom DHCP option as an IP address
|
interface <mgtx|ethx> dhcp client prefer-subnet <ip_addr/netmask>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
dhcp |
Set DHCP parameters
|
client |
Set DHCP client parameters
|
prefer-subnet |
Set prefer subnet for DHCP client
|
<ip_addr/netmask> |
Enter prefer subnet for DHCP client
|
interface <mgtx|ethx> dhcp client timeout <number>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
dhcp |
Set DHCP parameters
|
client |
Set DHCP client parameters
|
timeout |
Set the interval to wait for a response from the DHCP server before applying the admin-defined or default network settings
|
<number> |
Enter the timeout value in seconds (Default: 20; Range: 0-3600)
|
interface <mgtx|mgtx.y> dhcp-server enable
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Set DHCP server parameters
|
enable |
Enable the DHCP server on the interface
|
interface <mgtx|mgtx.y> dhcp-server ip-pool <ip_addr> <ip_addr>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Set DHCP server parameters
|
ip-pool |
Set the IP address pool from which the DHCP server draws addresses when making assignments
|
<ip_addr> |
Enter the first address in the range that makes up the IP address pool
|
<ip_addr> |
Enter the last address in the range that makes up the IP address pool
|
interface <mgtx|mgtx.y> dhcp-server options custom <number> hex <string>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Set DHCP server parameters
|
options |
Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
|
custom |
Set a custom DHCP option
|
<number> |
Enter the custom option number (Ranges: 1-224, 227-254; Note: Numbers 1-179 are standard DHCP options; use with caution. Numbers 225 and 226 are reserved for HiveManager.)
|
hex |
Set the custom option data type as a hexadecimal digit
|
<string> |
Enter the hexadecimal digit (1-254 chars; Note: For option 46, which sets the NetBIOS over TCP/IP node type, the string must be 1, 2, 4, or 8.)
|
interface <mgtx|mgtx.y> dhcp-server options custom <number> integer <number>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Set DHCP server parameters
|
options |
Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
|
custom |
Set a custom DHCP option
|
<number> |
Enter the custom option number (Ranges: 1-224, 227-254; Note: Numbers 1-179 are standard DHCP options; use with caution. Numbers 225 and 226 are reserved for HiveManager.)
|
integer |
Set the custom option data type as an integer
|
<number> |
Enter the integer (Range: 0-2147483647)
|
interface <mgtx|mgtx.y> dhcp-server options custom <number> ip <ip_addr>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Set DHCP server parameters
|
options |
Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
|
custom |
Set a custom DHCP option
|
<number> |
Enter the custom option number (Ranges: 1-224, 227-254; Note: Numbers 1-179 are standard DHCP options; use with caution. Numbers 225 and 226 are reserved for HiveManager.)
|
ip |
Set the custom option data type as an IP address
|
<ip_addr> |
Enter the IP address
|
interface <mgtx|mgtx.y> dhcp-server options custom <number> string <string>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Set DHCP server parameters
|
options |
Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
|
custom |
Set a custom DHCP option
|
<number> |
Enter the custom option number (Ranges: 1-224, 227-254; Note: Numbers 1-179 are standard DHCP options; use with caution. Numbers 225 and 226 are reserved for HiveManager.)
|
string |
Set the custom option data type as a string
|
<string> |
Enter the string (1-255 chars)
|
interface <mgtx|mgtx.y> dhcp-server options default-gateway <ip_addr> [ {nat-support} ]
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Set DHCP server parameters
|
options |
Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
|
default-gateway |
Set the default gateway for DHCP clients
|
<ip_addr> |
Enter the default gateway (Note: The gateway IP address cannot be the same as that of the interface.)
|
nat-support |
Enable NAT support(Note: AP will automatically generates ARP response for default gateway specified in DHCP server options.)
|
interface <mgtx|mgtx.y> dhcp-server options domain-name <string>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Set DHCP server parameters
|
options |
Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
|
domain-name |
Set the domain name for DHCP clients
|
<string> |
Enter the domain name (1-32 chars)
|
interface <mgtx|mgtx.y> dhcp-server options hivemanager <ip_addr>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Set DHCP server parameters
|
options |
Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
|
hivemanager |
Set the IP address or domain name of the HiveManager that you want APs to contact
|
<ip_addr> |
Enter the IP address (Note: Use DHCP option 226.)
|
interface <mgtx|mgtx.y> dhcp-server options hivemanager <string>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Set DHCP server parameters
|
options |
Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
|
hivemanager |
Set the IP address or domain name of the HiveManager that you want APs to contact
|
<string> |
Enter the domain name (Length: 1-64 chars; Note: Use DHCP option 225.)
|
interface <mgtx|mgtx.y> dhcp-server options lease-time <number>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Set DHCP server parameters
|
options |
Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
|
lease-time |
Set the length of the DHCP lease
|
<number> |
Enter the lease time in seconds (Default: 86400; Range: 60-86400000)
|
interface <mgtx|mgtx.y> dhcp-server options mtu <number>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Set DHCP server parameters
|
options |
Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
|
mtu |
Set the path MTU (maximum transmission unit)
|
<number> |
Enter the MTU value (Range: 68-8192)
|
interface <mgtx|mgtx.y> dhcp-server options netmask <netmask>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Set DHCP server parameters
|
options |
Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
|
netmask |
Set the netmask for DHCP clients
|
<netmask> |
Enter the netmask (Default: The same as the interface netmask.)
|
interface <mgtx|mgtx.y> dhcp-server options {dns1|dns2|dns3} <ip_addr>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Set DHCP server parameters
|
options |
Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
|
dns1 |
Set the IP address of the primary DNS (Domain Name System) server that you want DHCP clients to use
|
dns2 |
Set the IP address of the secondary DNS server
|
dns3 |
Set the IP address of the tertiary DNS server
|
<ip_addr> |
Enter the IP address (Note: The DNS server IP address cannot be the same as that of the interface.)
|
interface <mgtx|mgtx.y> dhcp-server options {logsrv|pop3|smtp} <ip_addr>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Set DHCP server parameters
|
options |
Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
|
logsrv |
Set the IP address of the log server that is available for DHCP clients
|
pop3 |
Set the IP address of the POP3 (Post Office Protocol v3) server that you want DHCP clients to use
|
smtp |
Set the IP address of the SMTP (Simple Mail Transfer Protocol) server that you want DHCP clients to use
|
<ip_addr> |
Enter the IP address
|
interface <mgtx|mgtx.y> dhcp-server options {ntp1|ntp2} <ip_addr>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Set DHCP server parameters
|
options |
Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
|
ntp1 |
Set the IP address of the primary NTP (Network Time Protocol) server with which DHCP clients can synchronize their clocks
|
ntp2 |
Set the IP address of the secondary NTP (Network Time Protocol) server with which DHCP clients can synchronize their clocks
|
<ip_addr> |
Enter the IP address
|
interface <mgtx|mgtx.y> dhcp-server options {wins1|wins2} <ip_addr>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Set DHCP server parameters
|
options |
Set the DHCP options to be included in DHCPOFFER and DHCPACK messages
|
wins1 |
Set the IP address of the primary WINS (Windows Internet Name Service) server for NetBIOS name-to-address resolution
|
wins2 |
Set the IP address of the secondary WINS (Windows Internet Name Service) server for NetBIOS name-to-address resolution
|
<ip_addr> |
Enter the IP address
|
interface <mgtx|mgtx.y> dhcp-server {arp-check|authoritative-flag}
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Set DHCP server parameters
|
arp-check |
Use ARP to check that an IP address is not already in use on the network before assigning it to a DHCP client (Default: Enabled)
|
authoritative-flag |
Set the DHCP server as authoritative (Default: Authoritative; Note: An authoritative DHCP server can send NAKs in response to DHCP requests for addresses in a different subnet from those in the configured IP pool.)
|
interface <mgtx|mgtx.y> dns-server enable
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dns-server |
Set DNS server parameters
|
enable |
Enable the DNS server on the interface
|
interface <mgtx|mgtx.y> dns-server ext-resolve {dns1|dns2|dns3} <ip_addr>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dns-server |
Set DNS server parameters
|
ext-resolve |
Set the external DNS servers used to resolve all domain names not specified for resolution by internal DNS servers
|
dns1 |
Set the IP address of the primary external DNS server
|
dns2 |
Set the IP address of the secondary external DNS server
|
dns3 |
Set the IP address of the tertiary external DNS server dns3
|
<ip_addr> |
Enter the IP address of the external DNS server
|
interface <mgtx|mgtx.y> dns-server int-domain-name <string> [ <ip_addr> ]
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dns-server |
Set DNS server parameters
|
int-domain-name |
Set a domain name for resolution by internal DNS servers
|
<string> |
Enter the domain name (Max 32 chars; Note: Domain names are matched with implicit wildcards at the left end of the string; for example, both "www.aerohive.com" and "www.my-hive.com" match the domain name string "hive.com".)
|
<ip_addr> |
Enter the IP address of the internal DNS server to use for this domain name
|
interface <mgtx|mgtx.y> dns-server int-resolve {dns1|dns2|dns3} <ip_addr>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dns-server |
Set DNS server parameters
|
int-resolve |
Set the DNS servers on the internal network used to resolve domain names in the match list
|
dns1 |
Set the IP address of the primary internal DNS server
|
dns2 |
Set the IP address of the secondary internal DNS server
|
dns3 |
Set the IP address of the tertiary internal DNS server dns3
|
<ip_addr> |
Enter the IP address of the internal DNS server
|
interface <mgtx|mgtx.y> dns-server mode {split|nonsplit}
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dns-server |
Set DNS server parameters
|
mode |
Set the mode for responding to domain name resolution queries (Default: split)
|
split |
Forward queries only for domain names in a match list to internal DNS servers and forward queries for everything else to external DNS servers
|
nonsplit |
Forward all queries to internal DNS servers
|
interface <mgtx|mgtx.y> dns-server opendns-device-id <string>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dns-server |
Set DNS server parameters
|
opendns-device-id |
Set the device ID to use with OpenDNS
|
<string> |
Enter the device ID (16-char hex string)
|
interface <mgtx|mgtx.y> ip-helper address <ip_addr>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
ip-helper |
Forward DHCP broadcast packets to a DHCP server
|
address |
Set the DHCP server IP address
|
<ip_addr> |
Enter the IP address
|
interface <mgtx|mgtx.y> ip-helper max-hops <number>
|
interface |
Set interface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
ip-helper |
Forward DHCP broadcast packets to a DHCP server
|
max-hops |
Set the DHCP relay max Hops, default hops is 4
|
<number> |
Enter the integer (Range: 1-16)
|
interface <wifix> hive <string> shutdown
|
interface |
Set interface parameters
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
hive |
Set the hive profile to the mgt0 interface or enable/disable the wifi interface used for hive communications
|
<string> |
Enter a hive profile name (1-32 chars)
|
shutdown |
Disable the wifi subinterface used for hive communications
|
interface <wifix> link-discovery {lldp|cdp}
|
interface |
Set interface parameters
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
link-discovery |
Enable the communication of network-related information with neighboring network devices through the interface (Default: LLDP enabled; CDP enabled)
|
lldp |
Set LLDP (Link Layer Discovery Protocol) on the interface in backhaul mode
|
cdp |
Set CDP (Cisco Discovery Protocol) on the interface in backhaul mode
|
interface <wifix> mode {access|backhaul|dual|sensor}
|
interface |
Set interface parameters
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
mode |
Set the operational mode for the interface
|
access |
Set the operational mode of the interface to access (Default: access (wifi0), dual (wifi1))
|
backhaul |
Set the operational mode of the interface to backhaul (Default: access (wifi0), dual (wifi1))
|
dual |
Set the operational mode of the interface to dual so that it can provide both access and backhaul services (Default: access (wifi0), dual (wifi1))
|
sensor |
Set the operational mode of the interface to sensor (Default: access (wifi0), dual (wifi1))
|
interface <wifix> radio antenna diversity
|
interface |
Set interface parameters
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
radio |
Set parameters for the wifi radio interface
|
antenna |
Set the antenna parameters for the interface
|
diversity |
Set radio antenna diversity
|
interface <wifix> radio channel <string>
|
interface |
Set interface parameters
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
radio |
Set parameters for the wifi radio interface
|
channel |
Set the radio channel for the interface
|
<string> |
Enter the frequency with an optional suffix (G: GHz; M: MHz; K: KHz;), or the channel number, or "auto" to allow ACSP (Advanced Channel Selection Protocol) to select a channel automatically (Default: auto)
|
interface <wifix> radio power <number>
|
interface |
Set interface parameters
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
radio |
Set parameters for the wifi radio interface
|
power |
Set the radio power for an interface
|
<number> |
Enter the radio power (in dBm) for an interface (Default: auto; Range: 1-20 dBm)
|
interface <wifix> radio power auto
|
interface |
Set interface parameters
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
radio |
Set parameters for the wifi radio interface
|
power |
Set the radio power for an interface
|
auto |
Set the radio power to be adjusted automatically
|
interface <wifix> radio profile <string>
|
interface |
Set interface parameters
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
radio |
Set parameters for the wifi radio interface
|
profile |
Set radio profile parameters for an interface
|
<string> |
Enter a radio profile name (1-32 chars)
|
interface <wifix> radio range <number>
|
interface |
Set interface parameters
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
radio |
Set parameters for the wifi radio interface
|
range |
Set the transmission range for the radio linked to the interface
|
<number> |
Enter the range value in meters (Default: 300; Range: 300-10000)
|
interface <wifix> ssid <string>
|
interface |
Set interface parameters
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
ssid |
Set the SSID (Service Set Identifier) profile for the interface
|
<string> |
Enter an SSID profile name (1-32 chars)
|
interface <wifix> ssid <string> ip <ip_addr/netmask>
|
interface |
Set interface parameters
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
ssid |
Set the SSID (Service Set Identifier) profile for the interface
|
<string> |
Enter an SSID profile name (1-32 chars)
|
ip |
Set IP address for the SSID
|
<ip_addr/netmask> |
Enter the SSID IP address
|
interface <wifix> ssid <string> shutdown
|
interface |
Set interface parameters
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
ssid |
Set the SSID (Service Set Identifier) profile for the interface
|
<string> |
Enter an SSID profile name (1-32 chars)
|
shutdown |
Disable the subinterface to which the SSID is bound
|
interface <wifix> wlan-idp profile <string>
|
interface |
Set interface parameters
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
wlan-idp |
Set WLAN IDP (intrusion detection and prevention) parameters
|
profile |
Bind an IDP profile to the interface
|
<string> |
Enter an IDP profile name (1-32 chars)
|
ip path-mtu-discovery enable
|
ip |
Set IP parameters
|
path-mtu-discovery |
Set Path MTU (Maximum Transmission Unit) Discovery parameters on a device functioning as a router or VPN gateway
|
enable |
Enable Path MTU Discovery to learn the maximum packet size that can be sent across the network between two hosts without fragmentation (Default: Enabled)
|
ip route default gateway <ip_addr> [ metric <number> ]
|
ip |
Set IP parameters
|
route |
Set a routing entry
|
default |
Set a default route entry
|
gateway |
Set the network gateway
|
<ip_addr> |
Enter the gateway IP address
|
metric |
Set metric parameter
|
<number> |
Enter a metric for an IP route (Default: 0; Range: 0-32766)
|
ip route host <ip_addr> [ gateway <ip_addr> ] [ metric <number> ]
|
ip |
Set IP parameters
|
route |
Set a routing entry
|
host |
Set a route to a host
|
<ip_addr> |
Enter target IP address
|
gateway |
Set the network gateway
|
<ip_addr> |
Enter the gateway IP address
|
metric |
Set metric parameter
|
<number> |
Enter a metric for an IP route (Default: 0; Range: 0-32766)
|
ip route net <ip_addr> <netmask> [ gateway <ip_addr> ] [ metric <number> ]
|
ip |
Set IP parameters
|
route |
Set a routing entry
|
net |
Set a route to a net
|
<ip_addr> |
Enter target IP address
|
<netmask> |
Enter target netmask
|
gateway |
Set the network gateway
|
<ip_addr> |
Enter the gateway IP address
|
metric |
Set metric parameter
|
<number> |
Enter a metric for an IP route (Default: 0; Range: 0-32766)
|
ip tcp-mss-threshold enable
|
ip |
Set IP parameters
|
tcp-mss-threshold |
Set TCP Maximum Segment Size parameters (Note: This setting only applies to a device functioning as a router or VPN gateway.)
|
enable |
Enable the monitoring of the MSS option in TCP SYN and SYN-ACK messagesand, if necessary, reduce the MSS value as determined by the TCP MSS threshold (Default: Enabled; Note: If no TCP MSS threshold value is specified, TCP MSS clamping uses the Path MTU- 40 bytes for the IP and TCP headers.)
|
ip tcp-mss-threshold l3-vpn-threshold-size <number>
|
ip |
Set IP parameters
|
tcp-mss-threshold |
Set TCP Maximum Segment Size parameters (Note: This setting only applies to a device functioning as a router or VPN gateway.)
|
l3-vpn-threshold-size |
Set the TCP MSS threshold for TCP connections that pass through a Layer 3 VPN tunnel
|
<number> |
Enter the TCP MSS threshold in bytes for tunneled traffic (Range: 64-1460; Note: If not set, the device uses the TCP MSS threshold.)
|
ip tcp-mss-threshold threshold-size <number>
|
ip |
Set IP parameters
|
tcp-mss-threshold |
Set TCP Maximum Segment Size parameters (Note: This setting only applies to a device functioning as a router or VPN gateway.)
|
threshold-size |
Set the TCP MSS threshold for all TCP connections passing through the device
|
<number> |
Enter the TCP MSS threshold in bytes (Range: 64-1460; Default: Path MTU - 40 bytes for the IP and TCP headers)
|
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string_64> [ <mask> ] ] [ to <ip_addr|string_64> [ <mask> ] ] [ service <string> ] [ action {permit|deny|nat|inter-station-traffic-drop} ]
|
ip-policy |
Set IP policy parameters
|
<string> |
Enter an IP policy name (1-32 chars)
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
before |
Set the before parameters for an IP policy
|
after |
Set the after parameters for an IP policy
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
from |
Set the source IP (Default: any)
|
<ip_addr> |
Enter an IP or domain name (1-64 chars)
|
<string> |
Enter an IP or domain name (1-64 chars)
|
<mask> |
Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
|
to |
Set the destination IP (Default: any)
|
<ip_addr> |
Enter an IP or domain name (1-64 chars)
|
<string> |
Enter an IP or domain name (1-64 chars)
|
<mask> |
Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
|
service |
Set the service (Default: any)
|
<string> |
Enter the service (1-32 chars)
|
action |
Set action for an IP policy (Default: deny)
|
permit |
Set the action to permit (Default: deny)
|
deny |
Set the action to deny (Default: deny)
|
nat |
Set the action to translate clients' source IP address to that of mgt0 and source port number to a dynamically chosen number (Default: deny; Note: NAT is applied only to TCP and UDP traffic.)
|
inter-station-traffic-drop |
Set the action to drop traffic between stations if they are both associated with one or more members of the same hive (Default: deny)
|
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string_64> [ <mask> ] ] [ to <ip_addr|string_64> [ <mask> ] ] [ service <string> ] action deny log packet-drop
|
ip-policy |
Set IP policy parameters
|
<string> |
Enter an IP policy name (1-32 chars)
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
before |
Set the before parameters for an IP policy
|
after |
Set the after parameters for an IP policy
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
from |
Set the source IP (Default: any)
|
<ip_addr> |
Enter an IP or domain name (1-64 chars)
|
<string> |
Enter an IP or domain name (1-64 chars)
|
<mask> |
Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
|
to |
Set the destination IP (Default: any)
|
<ip_addr> |
Enter an IP or domain name (1-64 chars)
|
<string> |
Enter an IP or domain name (1-64 chars)
|
<mask> |
Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
|
service |
Set the service (Default: any)
|
<string> |
Enter the service (1-32 chars)
|
action |
Set action for an IP policy (Default: deny)
|
deny |
Set the action to deny (Default: deny)
|
log |
Set logging options for packets and sessions that match the IP firewall policy
|
packet-drop |
Log dropped packets that the IP firewall policy denies
|
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string_64> [ <mask> ] ] [ to <ip_addr|string_64> [ <mask> ] ] [ service <string> ] action inter-station-traffic-drop log [ {initiate-session|terminate-session|packet-drop} ]
|
ip-policy |
Set IP policy parameters
|
<string> |
Enter an IP policy name (1-32 chars)
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
before |
Set the before parameters for an IP policy
|
after |
Set the after parameters for an IP policy
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
from |
Set the source IP (Default: any)
|
<ip_addr> |
Enter an IP or domain name (1-64 chars)
|
<string> |
Enter an IP or domain name (1-64 chars)
|
<mask> |
Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
|
to |
Set the destination IP (Default: any)
|
<ip_addr> |
Enter an IP or domain name (1-64 chars)
|
<string> |
Enter an IP or domain name (1-64 chars)
|
<mask> |
Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
|
service |
Set the service (Default: any)
|
<string> |
Enter the service (1-32 chars)
|
action |
Set action for an IP policy (Default: deny)
|
inter-station-traffic-drop |
Set the action to drop traffic between stations if they are both associated with one or more members of the same hive (Default: deny)
|
log |
Set logging options for packets and sessions that match IP FW policy
|
initiate-session |
Log the creation of sessions that are permitted by the policy
|
terminate-session |
Log the termination of sessions that are permitted by the policy
|
packet-drop |
Log dropped packets that are denied by the policy
|
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string_64> [ <mask> ] ] [ to <ip_addr|string_64> [ <mask> ] ] [ service <string> ] action permit log [ {initiate-session|terminate-session} ]
|
ip-policy |
Set IP policy parameters
|
<string> |
Enter an IP policy name (1-32 chars)
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
before |
Set the before parameters for an IP policy
|
after |
Set the after parameters for an IP policy
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
from |
Set the source IP (Default: any)
|
<ip_addr> |
Enter an IP or domain name (1-64 chars)
|
<string> |
Enter an IP or domain name (1-64 chars)
|
<mask> |
Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
|
to |
Set the destination IP (Default: any)
|
<ip_addr> |
Enter an IP or domain name (1-64 chars)
|
<string> |
Enter an IP or domain name (1-64 chars)
|
<mask> |
Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
|
service |
Set the service (Default: any)
|
<string> |
Enter the service (1-32 chars)
|
action |
Set action for an IP policy (Default: deny)
|
permit |
Set the action to permit (Default: deny)
|
log |
Set logging options for packets and sessions that match the IP firewall policy
|
initiate-session |
Log session details when a session is created after passing a IP firewall policy lookup
|
terminate-session |
Log session details when a session matching a IP firewall policy is terminated
|
ip-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <ip_addr|string_64> [ <mask> ] ] to local-subnet [ service <string> ] [ action {permit|deny|nat|inter-station-traffic-drop} ]
|
ip-policy |
Set IP policy parameters
|
<string> |
Enter an IP policy name (1-32 chars)
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
before |
Set the before parameters for an IP policy
|
after |
Set the after parameters for an IP policy
|
id |
Assign an IP policy ID
|
<number> |
Enter the IP policy ID (Range: 1-1023)
|
from |
Set the source IP (Default: any)
|
<ip_addr> |
Enter an IP or domain name (1-64 chars)
|
<string> |
Enter an IP or domain name (1-64 chars)
|
<mask> |
Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
|
to |
Set the destination IP (Default: any)
|
local-subnet |
Set the subnet of the mgt0 interface as the destination
|
service |
Set the service (Default: any)
|
<string> |
Enter the service (1-32 chars)
|
action |
Set action for an IP policy (Default: deny)
|
permit |
Set the action to permit (Default: deny)
|
deny |
Set the action to deny (Default: deny)
|
nat |
Set the action to translate clients' source IP address to that of mgt0 and source port number to a dynamically chosen number (Default: deny; Note: NAT is applied only to TCP and UDP traffic.)
|
inter-station-traffic-drop |
Set the action to drop traffic between stations if they are both associated with one or more members of the same hive (Default: deny)
|
iperf client <ip_addr> [ {port} <number> ] [ {udp} ] [ {interval} <number> ] [ {no-delay} ] [ {dual-test} ] [ {tradeoff} ] [ {listen-port} <number> ] [ {window} <number> ] [ {mss} <number> ] [ {bandwidth} <number> ] [ {time} <number> ] [ {parallel} <number> ]
|
iperf |
Set parameters for Iperf, a tool for testing and measuring network performance
|
client |
Set Iperf to run in client mode
|
<ip_addr> |
Enter the server IP address with which the HiveAP connects as an Iperf client
|
port |
Set the port on which the client connects to the server
|
<number> |
Enter the port number (Range: 1024-65535; Default: 5001)
|
udp |
Set the transport protocol as UDP (Default: TCP)
|
interval |
Set the interval between periodic bandwidth, jitter, and loss reports
|
<number> |
Enter the interval in seconds (Range: 1-60; Default: 0, which means that the report is not made periodically)
|
no-delay |
Transmit small logical packets individually without the delay incurred by putting them in batches within a single larger physical packet (Default: Smaller packets are transmitted without delay)
|
dual-test |
Set the Iperf tool to do bidirectional upstream and downstream performance testing between the client and server concurrently
|
tradeoff |
Set the Iperf tool to do bidirectional upstream and downstream performance testing at different times so downstream testing only begins after upstream testing is complete
|
listen-port |
Set the port on which the server connects to the client
|
<number> |
Enter the port number (Range: 1024-65535; Default: The same port on which the client connects to the server)
|
window |
Set the TCP window size (socket buffer size)
|
<number> |
Enter the TCP window size in kilobytes (Range: 2-65535; Default: 83.5)
|
mss |
Set the maximum TCP segment size (MTU: 40 bytes)
|
<number> |
Enter the maximum TCP segment size in bytes (Range: 40-65535; Default: 4160)
|
bandwidth |
Set the amount of UDP bandwidth to send
|
<number> |
Enter the bandwidth in megabits per second (Range: 1-1000; Default: 1)
|
time |
Set the length of transmission time
|
<number> |
Enter the time in seconds (Range: 1-65535; Default: 10)
|
parallel |
Set the client to make multiple connections to the server concurrently (Note: This option requires multiple thread support on both the client and server.)
|
<number> |
Enter the number of parallel client threads to run (Range: 1-10; Default: 1)
|
iperf server [ {port} <number> ] [ {udp} ] [ {single-udp} ] [ {interval} <number> ] [ {no-delay} ] [ {window} <number> ] [ {mss} <number> ] [ {bind} <ip_addr> ]
|
iperf |
Set parameters for Iperf, a tool for testing and measuring network performance
|
server |
Set Iperf to run in server mode
|
port |
Set the port on which the server listen on
|
<number> |
Enter the port number (Range: 1024-65535; Default: 5001)
|
udp |
Set the transport protocol as UDP (Default: TCP)
|
single-udp |
Set the Iperf tool to run in single-threaded UDP mode
|
interval |
Set the interval between periodic bandwidth, jitter, and loss reports
|
<number> |
Enter the interval in seconds (Range: 1-60; Default: 0, which means that the report is not made periodically)
|
no-delay |
Transmit small logical packets individually without the delay incurred by putting them in batches within a single larger physical packet (Default: Smaller packets are transmitted without delay)
|
window |
Set the TCP window size (socket buffer size)
|
<number> |
Enter the TCP window size in kilobytes (Range: 2-65535; Default: 83.5)
|
mss |
Set the maximum TCP segment size (MTU: 40 bytes)
|
<number> |
Enter the maximum TCP segment size in bytes (Range: 40-65535; Default: 4160)
|
bind |
Bind and join the HiveAP to a multicast group
|
<ip_addr> |
Enter the IP address of the multicast group (Range: 224.0.0.0-239.255.255.255)
|
ipv6 dhcpv6-shield enable
|
ipv6 |
Set IPv6 parameters
|
dhcpv6-shield |
Set the DHCPv6 shield to block the forwarding of DHCPv6 server messages received on any access interface
|
enable |
Enable the DHCPv6 shield on access interfaces
|
ipv6 ra-guard stateless enable
|
ipv6 |
Set IPv6 parameters
|
ra-guard |
Set the IPv6 RA guard (router advertisement guard) to block router advertisements on access interfaces
|
stateless |
Set the IPv6 RA guard as stateless, meaning that incoming router advertisements are examined and then either blocked or forwarded based only on the information of the received frame; specifically, the port on which the frame was received
|
enable |
Enable the IPv6 RA guard on access interfaces
|
kddr enable
|
kddr |
Enable/disable the kddr report to HM
|
enable |
Enable the kddr feature
|
library-sip-policy <string> default user-group <string> [ action {permit|restricted|deny} ] [ additional-display-message <string> ]
|
library-sip-policy |
Set a SIP (Standard Interchange Protocol) policy to apply a user profile, VLAN, and session length to library patrons accessing the wireless network (Note: Set policies on a AP RADIUS server. Max policies: 16; Max rules per policy: 64.)
|
<string> |
Enter a library SIP policy name (1-32 chars)
|
default |
Set the default rule to apply to unregistered library patrons
|
user-group |
Set the user group to which the AP RADIUS authenticator assigns the user (Note: The user group includes user profile, VLAN, and session timeout assignments.)
|
<string> |
Enter the user group name (1-32 chars)
|
action |
Set the action that the library SIP policy rule applies
|
permit |
Notify users assigned to the user group that they are permitted network access
|
restricted |
Notify users assigned to the user group that they are given restricted network access
|
deny |
Notify users assigned to the user group that they are denied network access except to websites defined in a walled garden
|
additional-display-message |
Set a message to display when a user attempts to access the network
|
<string> |
Enter a message string (up to 256 chars)
|
library-sip-policy <string> id <number> field <string> {equal|greater-than|less-than} <number> user-group <string> [ action {permit|restricted|deny} ] [ additional-display-message <string> ]
|
library-sip-policy |
Set a SIP (Standard Interchange Protocol) policy to apply a user profile, VLAN, and session length to library patrons accessing the wireless network (Note: Set policies on a AP RADIUS server. Max policies: 16; Max rules per policy: 64.)
|
<string> |
Enter a library SIP policy name (1-32 chars)
|
id |
Set an ID number for a rule to add it to the library SIP policy
|
<number> |
Enter an ID number (Range: 1-64)
|
field |
Set the two-letter character code that identifies the field name of a specific library SIP value
|
<string> |
Enter the two-letter character code(2 char)
|
equal |
Check if the field value that the SIP server returns equals the number entered in the local AP RADIUS server
|
greater-than |
Check if the field value that the SIP server returns is greater than the number entered in the local AP RADIUS server
|
less-than |
Check if the field value that the SIP server returns is less than the number entered in the local AP RADIUS server
|
<number> |
Enter the number that the AP RADIUS server uses when checking the field values that the SIP server returns (Range: 0-65535)
|
user-group |
Set the user group to which the AP RADIUS authenticator assigns the user (Note: The user group includes user profile, VLAN, and session timeout assignments.)
|
<string> |
Enter the user group name (1-32 chars)
|
action |
Set the action that the library SIP policy rule applies
|
permit |
Notify users assigned to the user group that they are permitted network access
|
restricted |
Notify users assigned to the user group that they are given restricted network access
|
deny |
Notify users assigned to the user group that they are denied network access except to websites defined in a walled garden
|
additional-display-message |
Set a message to display when a user attempts to access the network
|
<string> |
Enter a message string (up to 256 chars)
|
library-sip-policy <string> id <number> field <string> {matches|differs-from|starts-with|occurs-after|occurs-before|contains} <string> user-group <string> [ action {permit|restricted|deny} ] [ additional-display-message <string> ]
|
library-sip-policy |
Set a SIP (Standard Interchange Protocol) policy to apply a user profile, VLAN, and session length to library patrons accessing the wireless network (Note: Set policies on a AP RADIUS server. Max policies: 16; Max rules per policy: 64.)
|
<string> |
Enter a library SIP policy name (1-32 chars)
|
id |
Set an ID number for a rule to add it to the library SIP policy
|
<number> |
Enter an ID number (Range: 1-64)
|
field |
Set the two-letter character code that identifies the field name of a specific library SIP value
|
<string> |
Enter the two-letter character code(2 char)
|
matches |
Check if the field value that the SIP server returns matches the string entered in the local AP RADIUS server
|
differs-from |
Check if the field value that the SIP server returns differs-from the string entered in the local AP RADIUS server
|
starts-with |
Check if the field value that the SIP server returns starts-with the string entered in the local AP RADIUS server
|
occurs-after |
Check if the field value that the SIP server returns occurs-after the string entered in the local AP RADIUS server
|
occurs-before |
Check if the field value that the SIP server returns occurs-before the string entered in the local AP RADIUS server
|
contains |
Check if the field value that the SIP server returns contains the string entered in the local AP RADIUS server
|
<string> |
Enter the string that the AP RADIUS server uses when checking the field values that the SIP server returns (1-32 chars; Note: Date format must be YYYY-MM-DD; Example: 2010-01-01.)
|
user-group |
Set the user group to which the AP RADIUS authenticator assigns the user (Note: The user group includes user profile, VLAN, and session timeout assignments.)
|
<string> |
Enter the user group name (1-32 chars)
|
action |
Set the action that the library SIP policy rule applies
|
permit |
Notify users assigned to the user group that they are permitted network access
|
restricted |
Notify users assigned to the user group that they are given restricted network access
|
deny |
Notify users assigned to the user group that they are denied network access except to websites defined in a walled garden
|
additional-display-message |
Set a message to display when a user attempts to access the network
|
<string> |
Enter a message string (up to 256 chars)
|
library-sip-policy <string> id <number> {after|before} id <number>
|
library-sip-policy |
Set a SIP (Standard Interchange Protocol) policy to apply a user profile, VLAN, and session length to library patrons accessing the wireless network (Note: Set policies on a AP RADIUS server. Max policies: 16; Max rules per policy: 64.)
|
<string> |
Enter a library SIP policy name (1-32 chars)
|
id |
Set an ID number for a rule to add it to the library SIP policy
|
<number> |
Enter an ID number (Range: 1-64)
|
after |
Move the library SIP rule after another rule in the policy
|
before |
Move the library SIP rule before another rule in the policy
|
id |
Set an ID number for a rule to add it to the library SIP policy
|
<number> |
Enter an ID number (Range: 1-64)
|
lldp [ {cdp|receive-only} ]
|
lldp |
Set LLDP (Link Layer Discovery Protocol) parameters
|
cdp |
Set CDP (Cisco Discovery Protocol) parameters
|
receive-only |
Enable the HiveAP to receive and cache LLDP advertisements from neighboring network devices but not send them
|
lldp [ {cdp} ] max-entries <number>
|
lldp |
Set LLDP (Link Layer Discovery Protocol) parameters
|
cdp |
Set CDP (Cisco Discovery Protocol) parameters
|
max-entries |
Set the maximum number of entries to cache in the LLDP or CDP neighbor table
|
<number> |
Enter the maximum number of entries to cache (Default: 64; Range: 1-128)
|
lldp holdtime <number>
|
lldp |
Set LLDP (Link Layer Discovery Protocol) parameters
|
holdtime |
Set the length of time that the neighboring network devices to retain the LLDP advertisements that it sends to them
|
<number> |
Enter the length of time in seconds that the neighboring network devices to hold LLDP advertisements (Default: 90; Range: 0-65535)
|
lldp max-power <number>
|
lldp |
Set LLDP (Link Layer Discovery Protocol) parameters
|
max-power |
Set the maximum power that can be requested when transmitting LLDP advertisements
|
<number> |
Enter the maximum power in watts to be requested (Default: 154; Range: 1-250; Note: 154 = 15.4 watts)
|
lldp timer <number>
|
lldp |
Set LLDP (Link Layer Discovery Protocol) parameters
|
timer |
Set the interval between LLDP advertisements to neighboring network device
|
<number> |
Enter the interval in seconds between LLDP advertisements (Default: 30; Range: 5-65534)
|
load config {current|backup|bootstrap|default}
|
load |
Load a configuration file
|
config |
Specify which configuration file to load after rebooting
|
current |
Load the current configuration file after rebooting
|
backup |
Load the backup configuration file after rebooting
|
bootstrap |
Load the bootstrap configuration file after rebooting
|
default |
Load the default configuration file after rebooting
|
location aerohive enable
|
location |
Set parameters for location tracking
|
aerohive |
Set parameters for the Aerohive location processing engine
|
enable |
Enable client location tracking (Default: Disabled)
|
location aerohive list-match enable
|
location |
Set parameters for location tracking
|
aerohive |
Set parameters for the Aerohive location processing engine
|
list-match |
Track a station if its MAC address is in the track list
|
enable |
Enable track list checking before tracking a station (Default: Enabled)
|
location aerohive mac <mac_addr>
|
location |
Set parameters for location tracking
|
aerohive |
Set parameters for the Aerohive location processing engine
|
mac |
Add a MAC entry to the track list
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
location aerohive oui <oui>
|
location |
Set parameters for location tracking
|
aerohive |
Set parameters for the Aerohive location processing engine
|
oui |
Add an OUI (organizationally unique identifier) entry to the track list
|
<oui> |
Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
|
location aerohive report-interval <number>
|
location |
Set parameters for location tracking
|
aerohive |
Set parameters for the Aerohive location processing engine
|
report-interval |
Set the interval between reports of RSSI readings
|
<number> |
Enter the report interval in seconds (Default: 60; Range: 15-1200)
|
location aerohive rssi-hold-time <number>
|
location |
Set parameters for location tracking
|
aerohive |
Set parameters for the Aerohive location processing engine
|
rssi-hold-time |
Set the number of times that the local HiveAP, as an owner AP, can include the same client RSSI report from another HiveAP in its aggregate report to HiveManager before determining the data to be stale and omitting it from future reports (Note: The owner AP is the one to which the client is associated)
|
<number> |
Enter the number of times to reuse a client RSSI report that has not been updated (Default: 0; Range: 0-10)
|
location aerohive rssi-update-threshold <number>
|
location |
Set parameters for location tracking
|
aerohive |
Set parameters for the Aerohive location processing engine
|
rssi-update-threshold |
Set the change in RSSI required to trigger an update
|
<number> |
Enter the update threshold in dB (Default: 3; Range: 1-5)
|
location aerohive rssi-valid-period <number>
|
location |
Set parameters for location tracking
|
aerohive |
Set parameters for the Aerohive location processing engine
|
rssi-valid-period |
Set the period of time that an RSSI reading remains valid (Note: After this period elapses, an updated report is generated even if the RSSI value has not crossed the update threshold)
|
<number> |
Enter the validity period in seconds (Default: 60; Range: 15-1200)
|
location aerohive suppress-report <number>
|
location |
Set parameters for location tracking
|
aerohive |
Set parameters for the Aerohive location processing engine
|
suppress-report |
Set the number of consecutive reports that can be suppressed when a client's RSSI has not changed significantly
|
<number> |
Enter the number of consecutive RSSI reports to suppress (Default: 0; Range: 0-80)
|
location rate-threshold {tag|station|rogue-ap} <number>
|
location |
Set parameters for location tracking
|
rate-threshold |
Set the rate limit threshold for location tracking
|
tag |
Set the rate limit threshold for tags
|
station |
Set the rate limit threshold for stations
|
rogue-ap |
Set the rate limit threshold for rogue-aps
|
<number> |
Enter the rate limit threshold in packets per second (Default: 1000 for tags, 200 for stations, 50 for rogue APs; Range: 1-100000)
|
location {aeroscout|tzsp} enable
|
location |
Set parameters for location tracking
|
aeroscout |
Set parameters for the aeroscout location processing engine
|
tzsp |
Set parameters for the location processing engine that supports TZSP (Tazmen Sniffer Protocol) for packet encapsulation
|
enable |
Enable location tracking and reporting to the location processing engine
|
location {aeroscout} server <string>
|
location |
Set parameters for location tracking
|
aeroscout |
Set parameters for the aeroscout location processing engine
|
server |
Set the IP address or domain name of the location processing engine to which the HiveAP sends tracking reports
|
<string> |
Enter the IP address or domain name of the location processing engine (1-64 chars)
|
location {aeroscout} {tag|station|rogue-ap}
|
location |
Set parameters for location tracking
|
aeroscout |
Set parameters for the aeroscout location processing engine
|
tag |
Track and report the location of tags to the location processing engine
|
station |
Track and report the location of stations to the location processing engine
|
rogue-ap |
Track and report the location of rogue APs to the location processing engine
|
location {tzsp} mcast-mac <mac_addr>
|
location |
Set parameters for location tracking
|
tzsp |
Set parameters for the location processing engine that supports TZSP (Tazmen Sniffer Protocol) for packet encapsulation
|
mcast-mac |
Set the multicast MAC address to which the HiveAP transmits captured multicast frames encapsulated with TZSP (Default: 01:18:8e:00:00:00)
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
location {tzsp} server-config server <string> port <number>
|
location |
Set parameters for location tracking
|
tzsp |
Set parameters for the location processing engine that supports TZSP (Tazmen Sniffer Protocol) for packet encapsulation
|
server-config |
Set the IP address or domain name and port number of the location server to which the HiveAP sends TZSP-encapsulated multicast frames captured from RFID tags
|
server |
Set the IP address or domain name of the location server
|
<string> |
Enter the IP address or domain name (1-64 chars)
|
port |
Set the port number on which the location server listens for tracking reports
|
<number> |
Enter the port number (Range: 1-65535)
|
logging buffered level {emergency|alert|critical|error|warning|notification|info|debug}
|
logging |
Set logging parameters
|
buffered |
Set logging buffer
|
level |
Set logging level
|
emergency |
Send emergency-level log entries (Default: debug)
|
alert |
Send log entries from alert to emergency levels (Default: debug)
|
critical |
Send log entries from critical to emergency levels (Default: debug)
|
error |
Send log entries from error to emergency levels (Default: debug)
|
warning |
Send log entries from warning to emergency levels (Default: debug)
|
notification |
Send log entries from notification to emergency levels (Default: debug)
|
info |
Send log entries from info to emergency levels (Default: debug)
|
debug |
Send log entries for all severity levels (Default: debug)
|
logging debug
|
logging |
Set logging parameters
|
debug |
Enable debug messages
|
logging facility {local0|local1|local2|local3|local4|local5|local6|local7|auth|authpriv|security|user}
|
logging |
Set logging parameters
|
facility |
Set logging facility
|
local0 |
Set log facility to local0 (Default: local6)
|
local1 |
Set log facility to local1 (Default: local6)
|
local2 |
Set log facility to local2 (Default: local6)
|
local3 |
Set log facility to local3 (Default: local6)
|
local4 |
Set log facility to local4 (Default: local6)
|
local5 |
Set log facility to local5 (Default: local6)
|
local6 |
Set log facility to local6 (Default: local6)
|
local7 |
Set log facility to local7 (Default: local6)
|
auth |
Set log facility to auth (Default: local6)
|
authpriv |
Set log facility to authpriv (Default: local6)
|
security |
Set log facility to security (Default: local6)
|
user |
Set log facility to user (Default: local6)
|
logging flash level {emergency|alert|critical|error|warning|notification|info|debug}
|
logging |
Set logging parameters
|
flash |
Set logging flash
|
level |
Set logging level
|
emergency |
Send emergency-level log entries (Default: error)
|
alert |
Send log entries from alert to emergency levels (Default: error)
|
critical |
Send log entries from critical to emergency levels (Default: error)
|
error |
Send log entries from error to emergency levels (Default: error)
|
warning |
Send log entries from warning to emergency levels (Default: error)
|
notification |
Send log entries from notification to emergency levels (Default: error)
|
info |
Send log entries from info to emergency levels (Default: error)
|
debug |
Send log entries for all severity levels (Default: error)
|
logging server <string> [ level {emergency|alert|critical|error|warning|notification|info|debug} ] [ {via-vpn-tunnel} ]
|
logging |
Set logging parameters
|
server |
Set parameters for a syslog server
|
<string> |
Set the IP address or domain name (1-32 chars) for the syslog server
|
level |
Set the severity level for the log messages you want to send
|
emergency |
Send emergency-level log entries
|
alert |
Send log entries from alert to emergency levels
|
critical |
Send log entries from critical to emergency levels
|
error |
Send log entries from error to emergency levels
|
warning |
Send log entries from warning to emergency levels
|
notification |
Send log entries from notification to emergency levels
|
info |
Send log entries from info to emergency levels
|
debug |
Send log entries for all severity levels
|
via-vpn-tunnel |
Send all logging traffic through a VPN tunnel (Note: Set this option on VPN clients when the logging server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
|
logging trap level [ {emerg|alert|crit|err|warning|notice|info} ]
|
logging |
Set logging parameters
|
trap |
Set logging trap parameters
|
level |
Set logging trap level
|
emerg |
Set logging trap level to emerg (Default: info)
|
alert |
Set logging trap level to alert (Default: info)
|
crit |
Set logging trap level to crit (Default: info)
|
err |
Set logging trap level to err (Default: info)
|
warning |
Set logging trap level to warning (Default: info)
|
notice |
Set logging trap level to notice (Default: info)
|
info |
Set logging trap level to info (Default: info)
|
login banner <string>
|
login |
Set parameters fot the CLI login
|
banner |
Set the banner that appears after logging in to the CLI
|
<string> |
Enter the banner text (Default: 'Aerohive Networks Inc.\n Copyright (C) 2006-2010\n'; Max: 256 chars; Notes: Use '\n' to indicate a line break.)
|
mac-object <string> mac-range <mac_addr> - <mac_addr>
|
mac-object |
Set parameters for an MAC object that the HiveAP can use to assign a client with a matching MAC address to a user profile (Max: 128 MAC objects per HiveAP.)
|
<string> |
Enter the MAC object name (1-32 chars)
|
mac-range |
Set a range of MAC addresses for the MAC object (Max: 255 MAC address ranges per MAC object)
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
- |
Set a range of MAC addresses
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
mac-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <mac_addr> [ <number> ] ] [ to <mac_addr> [ <number> ] ] [ action {permit|deny} ]
|
mac-policy |
Set MAC policy parameters
|
<string> |
Enter a MAC policy name (1-32 chars)
|
id |
Assign a MAC policy ID
|
<number> |
Enter the MAC policy ID (Range: 1-1023)
|
before |
Set the before parameters for a MAC policy
|
after |
Set the after parameters for a MAC policy
|
id |
Assign a MAC policy ID
|
<number> |
Enter the MAC policy ID (Range: 1-1023)
|
from |
Set the source MAC (Default: any)
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
<number> |
Enter a MAC mask length (value: 0, 24, 48)
|
to |
Set the destination MAC (Default: any)
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
<number> |
Enter a MAC mask length (value: 0, 24, 48)
|
action |
Set action for a MAC policy (Default: deny)
|
permit |
Set the action to permit (Default: deny)
|
deny |
Set the action to deny (Default: deny)
|
mac-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <mac_addr> [ <number> ] ] [ to <mac_addr> [ <number> ] ] action deny log packet-drop
|
mac-policy |
Set MAC policy parameters
|
<string> |
Enter a MAC policy name (1-32 chars)
|
id |
Assign a MAC policy ID
|
<number> |
Enter the MAC policy ID (Range: 1-1023)
|
before |
Set the before parameters for a MAC policy
|
after |
Set the after parameters for a MAC policy
|
id |
Assign a MAC policy ID
|
<number> |
Enter the MAC policy ID (Range: 1-1023)
|
from |
Set the source MAC (Default: any)
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
<number> |
Enter a MAC mask length (value: 0, 24, 48)
|
to |
Set the destination MAC (Default: any)
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
<number> |
Enter a MAC mask length (value: 0, 24, 48)
|
action |
Set action for a MAC policy (Default: deny)
|
deny |
Set the action to deny (Default: deny)
|
log |
Set logging options for packets and sessions that match the MAC firewall policy
|
packet-drop |
Log dropped packets that the MAC firewall policy denies
|
mac-policy <string> [ id <number> ] [ {before|after} id <number> ] [ from <mac_addr> [ <number> ] ] [ to <mac_addr> [ <number> ] ] action permit log [ {initiate-session|terminate-session} ]
|
mac-policy |
Set MAC policy parameters
|
<string> |
Enter a MAC policy name (1-32 chars)
|
id |
Assign a MAC policy ID
|
<number> |
Enter the MAC policy ID (Range: 1-1023)
|
before |
Set the before parameters for a MAC policy
|
after |
Set the after parameters for a MAC policy
|
id |
Assign a MAC policy ID
|
<number> |
Enter the MAC policy ID (Range: 1-1023)
|
from |
Set the source MAC (Default: any)
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
<number> |
Enter a MAC mask length (value: 0, 24, 48)
|
to |
Set the destination MAC (Default: any)
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
<number> |
Enter a MAC mask length (value: 0, 24, 48)
|
action |
Set action for a MAC policy (Default: deny)
|
permit |
Set the action to permit (Default: deny)
|
log |
Set logging options for packets and sessions that match the MAC firewall policy
|
initiate-session |
Log session details when a session is created after passing a MAC firewall policy lookup
|
terminate-session |
Log session details when a session matching a MAC firewall policy is terminated
|
mdm-object <string> [ enroll-status {enrolled|non-enrolled|unknown} ] [ compliance-status {compliant|non-compliant|unknown} ] [ client-tag <string> ]
|
mdm-object |
Set the MDM (mobile device management) object
|
<string> |
Enter an MDM object name (1-32 chars)
|
enroll-status |
Set the enrollment status of the managed mobile device
|
enrolled |
Set the MDM enrollment status of the device as enrolled
|
non-enrolled |
Set the MDM enrollment status of the device as non-enrolled
|
unknown |
Set the MDM enrollment status of the device as unknown
|
compliance-status |
Set a compliance status
|
compliant |
Set the compliance status as compliant
|
non-compliant |
Set the compliance status as non-compliant
|
unknown |
Set the compliance status as unknown
|
client-tag |
Set an MDM client tag name to indicate the ownership of the managed mobile device (Note: BYOD and CID are common ownership tags that describe bring-your-own-device and corporate-issues-device situations.)
|
<string> |
Enter a tag name (1-32 chars)
|
mobile-device-policy <string> [ rule <number> ] [ original-user-profile <string> ] device-group <string> reassigned-user-profile-attr <number>
|
mobile-device-policy |
Set a policy that assigns a user profile to traffic from a client based on the originally assigned user profile or the MAC address, device domain, and OS of the user's client
|
<string> |
Enter the mobile device policy name (1-32 chars)
|
rule |
Add a rule to the mobile device policy
|
<number> |
Enter a number for the rule ID (Range: 1-65535; Note: If you do not specify a rule ID, the HiveAP automatically assigns one.)
|
original-user-profile |
Specify the user profile that the HiveAP first assigns to traffic before it completes the device classification process
|
<string> |
Enter the original user profile (1-32 chars)
|
device-group |
Set the device group that the policy rule references to classify the type of client device in use
|
<string> |
Enter a device group name (1-32 chars)
|
reassigned-user-profile-attr |
Reassign the client to a different user profile if it belongs to the specified device group or was initially assigned to the specified original user profile
|
<number> |
Enter the attribute of the user profile to assign in place of the originally assigned one (Range: 0-4095)
|
mobile-device-policy <string> apply {once|multiple-times}
|
mobile-device-policy |
Set a policy that assigns a user profile to traffic from a client based on the originally assigned user profile or the MAC address, device domain, and OS of the user's client
|
<string> |
Enter the mobile device policy name (1-32 chars)
|
apply |
Set the method for applying mobile device policy rules
|
once |
Apply a policy rule once if a client match is found after finishing the complete device type classification process(Default: Once)
|
multiple-times |
Apply a policy rule if a client match is found at any point during the device type detection process (Default: Once)(Note: Different rules might be applied at different times as the HiveAP collects more information about a client.)
|
mobile-device-policy <string> client-classification [ {mac} ] [ {domain} ] [ {os} ]
|
mobile-device-policy |
Set a policy that assigns a user profile to traffic from a client based on the originally assigned user profile or the MAC address, device domain, and OS of the user's client
|
<string> |
Enter the mobile device policy name (1-32 chars)
|
client-classification |
Set the client device classification methods that you want to use
|
mac |
Use the client classification method that is based on the MAC address of the device
|
domain |
Use the client classification method that is based on the computer domain to which a client belongs in the database
|
os |
Use the client classification method that is based on the OS running on the device
|
mobile-device-policy <string> rule <number> {before|after} rule <number>
|
mobile-device-policy |
Set a policy that assigns a user profile to traffic from a client based on the originally assigned user profile or the MAC address, device domain, and OS of the user's client
|
<string> |
Enter the mobile device policy name (1-32 chars)
|
rule |
Add a rule to the mobile device policy
|
<number> |
Enter a number for the rule ID (Range: 1-65535; Note: If you do not specify a rule ID, the HiveAP automatically assigns one.)
|
before |
Move the mobile device policy rule before another rule in the policy
|
after |
Move the mobile device policy rule after another rule in the policy
|
rule |
Set a rule before or after another rule in the mobile device policy
|
<number> |
Enter a rule ID number (Range: 1-65535)
|
mobility-policy <string> dnxp
|
mobility-policy |
Set parameters for a mobility policy
|
<string> |
Enter a mobility policy name (1-32 chars)
|
dnxp |
Assign DNXP (Dynamic Network eXtension Protocol) for the mobility policy (Default: predictive roaming support among neighboring hive members)
|
mobility-policy <string> dnxp nomadic-roaming
|
mobility-policy |
Set parameters for a mobility policy
|
<string> |
Enter a mobility policy name (1-32 chars)
|
dnxp |
Assign DNXP (Dynamic Network eXtension Protocol) for the mobility policy (Default: predictive roaming support among neighboring hive members)
|
nomadic-roaming |
Enable fast roaming support on nonneighboring hive members in different subnets (Default: predictive-roaming)
|
mobility-policy <string> dnxp unroam-threshold <number> <number>
|
mobility-policy |
Set parameters for a mobility policy
|
<string> |
Enter a mobility policy name (1-32 chars)
|
dnxp |
Assign DNXP (Dynamic Network eXtension Protocol) for the mobility policy (Default: predictive roaming support among neighboring hive members)
|
unroam-threshold |
Set the minimum traffic level required to continue tunneling traffic back to the original subnet of a L3 roaming client. (Note: If the volume of client traffic dips below the threshold, it is disassociated.)
|
<number> |
Enter the minimum number of packets/minute to and from the client required to continue tunneling its traffic back to its original subnet (Default: 0; Range: 0-2147483647; Note: The value "0" disables the unroaming feature.)
|
<number> |
Enter the interval in seconds for polling traffic statistics (Default: 60 seconds; Range: 10-600)
|
mobility-policy <string> inxp gre-tunnel from <ip_addr/netmask> password <string>
|
mobility-policy |
Set parameters for a mobility policy
|
<string> |
Enter a mobility policy name (1-32 chars)
|
inxp |
Assign INXP (Identity Network eXtension Protocol) for the mobility policy
|
gre-tunnel |
Set the INXP gre-tunnel parameters
|
from |
Set the INXP gre-tunnel source parameters
|
<ip_addr/netmask> |
Enter subnet for INXP gre-tunnel source
|
password |
Set password for INXP gre-tunnel
|
<string> |
Enter password for INXP gre-tunnel (1-64 chars)
|
mobility-policy <string> inxp gre-tunnel to <ip_addr> <ip_addr> password <string>
|
mobility-policy |
Set parameters for a mobility policy
|
<string> |
Enter a mobility policy name (1-32 chars)
|
inxp |
Assign INXP (Identity Network eXtension Protocol) for the mobility policy
|
gre-tunnel |
Set the INXP gre-tunnel parameters
|
to |
Set the INXP gre-tunnel destination parameters
|
<ip_addr> |
Enter start IP address for INXP gre-tunnel destination
|
<ip_addr> |
Enter end IP address for INXP gre-tunnel destination
|
password |
Set password for INXP gre-tunnel
|
<string> |
Enter password for INXP gre-tunnel (1-64 chars)
|
mobility-policy <string> inxp gre-tunnel to <ip_addr> password <string>
|
mobility-policy |
Set parameters for a mobility policy
|
<string> |
Enter a mobility policy name (1-32 chars)
|
inxp |
Assign INXP (Identity Network eXtension Protocol) for the mobility policy
|
gre-tunnel |
Set the INXP gre-tunnel parameters
|
to |
Set the INXP gre-tunnel destination parameters
|
<ip_addr> |
Enter start IP address for INXP gre-tunnel destination
|
password |
Set password for INXP gre-tunnel
|
<string> |
Enter password for INXP gre-tunnel (1-64 chars)
|
mobility-threshold gre-tunnel permitted-load {low|medium|high}
|
mobility-threshold |
Set parameters for tunneling mobile user traffic
|
gre-tunnel |
Set the volume of traffic that the local AP will accept through GRE (Generic Routing Encapsulation) tunnels (Note: Only set this option on portals.)
|
permitted-load |
Set a level determining the amount of traffic the local AP will accept through GRE tunnels
|
low |
Accept a relatively low number of tunnels (Default: high)
|
medium |
Accept a relatively moderate number of tunnels (Default: high)
|
high |
Accept a relatively high number of tunnels (Default: high)
|
ntp enable
|
ntp |
Set NTP (Network Time Protocol) parameters
|
enable |
Enable the local AP to act as an NTP client
|
ntp interval <number>
|
ntp |
Set NTP (Network Time Protocol) parameters
|
interval |
Set the interval for synchronizing the internal clock with an NTP server
|
<number> |
Enter the interval in minutes (Default: 1440; Range: 60-10080)
|
ntp server <string> [ {second|third|fourth} ] [ {via-vpn-tunnel} ]
|
ntp |
Set NTP (Network Time Protocol) parameters
|
server |
Set NTP server parameters
|
<string> |
Enter the IP address or domain name of an NTP server (1-32 chars)
|
second |
Set the priority of the NTP server as second
|
third |
Set its priority as third
|
fourth |
Set its priority as fourth
|
via-vpn-tunnel |
Send all NTP traffic through a VPN tunnel (Note: Set this option on VPN clients when the NTP server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
|
os-detection enable
|
os-detection |
Set the OS (Operating System) detection parameters
|
enable |
Enable OS detection to learn client station operating systems (Default: Enabled)
|
os-detection method dhcp-option55
|
os-detection |
Set the OS (Operating System) detection parameters
|
method |
Set the OS detection method (Note: HiveAPs can detect the OS of client stations using option 55 in the DHCP packets or by parsing the HTTP headers to find the User-Agent field.)
|
dhcp-option55 |
Detect client station operating systems by parsing option 55 in DHCP messages from clients (Default: Enabled)
|
os-detection method user-agent
|
os-detection |
Set the OS (Operating System) detection parameters
|
method |
Set the OS detection method (Note: HiveAPs can detect the OS of client stations using option 55 in the DHCP packets or by parsing the HTTP headers to find the User-Agent field.)
|
user-agent |
Detect client station operating systems by parsing the User-Agent field in HTTP packets (Default: Disabled)
|
os-object <string> os-version <string>
|
os-object |
Set parameters for an OS object that the HiveAP can use to assign a client running a matching OS to a user profile (Max: 64 OS objects per HiveAP.)
|
<string> |
Enter an OS object name (1-32 chars; Note: The object name is an admin-defined name and does not have to be the name of an operating system.)
|
os-version |
Set the name and version of an operating system version (Max: 32 OS versions per OS object)
|
<string> |
Enter the exact text string that identifies an operating system as it appears in the user agent ID field in HTTP headers (1-32 chars; Note: Use quotation marks if spaces are required. Examples: "Windows NT 5.1", "Mac OS X", "Linux i686")
|
os-version <string> option55 <string>
|
os-version |
Set the OS (operating system) version you want to detect in the DHCP packets
|
<string> |
Enter the OS version name (1-32 chars; Note: The OS version name can be in any form you choose; for example, "Windows XP" or "WinXP".)
|
option55 |
Set the option 55 string for the type of operating system you want to detect
|
<string> |
Enter the DHCP option 55 string (1-256 chars)
|
performance-sentinel notification-interval <number>
|
performance-sentinel |
Set performance sentinel parameters to moderate client throughput
|
notification-interval |
Set the interval for sending SNMP traps to HiveManager to update the performance sentinel log
|
<number> |
Enter the performance sentinel log update interval in seconds (Default: 600; Range: 30-1800)
|
ping <ip_addr> [ count <number> ] [ size <number> ] [ ttl <number> ] [ timeout <number> ]
|
ping |
Perform a ping
|
<ip_addr> |
Enter the destination IP address
|
count |
Stop pinging after sending the specified number of ICMP echo requests
|
<number> |
Enter a number after sending the number of ICMP echo requests the pinging stop (Default: 5, Range: 1-65535)
|
size |
Set the size of the ICMP packets
|
<number> |
Enter the packet size in bytes (Default: 56, Range: 1-1024)
|
ttl |
Set the TTL (time to live)
|
<number> |
Enter the TTL (Range: 1-255)
|
timeout |
Set the length of time to wait for a response
|
<number> |
Enter the timeout in seconds (Default: 10; Range: 1-60)
|
ping <string> [ count <number> ] [ size <number> ] [ ttl <number> ] [ timeout <number> ]
|
ping |
Perform a ping
|
<string> |
Enter the destination domain name (1-32 chars)
|
count |
Set the number of ICMP echo requests to send
|
<number> |
Enter the number of ICMP echo requests (Default: 5, Range: 1-65535)
|
size |
Set the size of the ICMP packets
|
<number> |
Enter the packet size in bytes (Default: 56, Range: 1-1024)
|
ttl |
Set the TTL (time to live)
|
<number> |
Enter the TTL (Range: 1-255)
|
timeout |
Set the length of time to wait for a response
|
<number> |
Enter the timeout in seconds (Default: 10; Range: 1-60)
|
probe <ip_addr|mac_addr> [ size <number> ] [ src-mac <mac_addr> ] [ wait-time <number> ] [ ttl <number> ] [ count <number> ]
|
probe |
Set the probe parameters
|
<ip_addr> |
Enter the target IP or MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
size |
Set the probe request packet size (default: 512 bytes)
|
<number> |
Enter a packet size (range: 256-1400 bytes)
|
src-mac |
Set the Source MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
wait-time |
Set the timeout value (default: 1 second)
|
<number> |
Enter an timeout value (range: 1-30 seconds)
|
ttl |
Set the TTL value (default 32)
|
<number> |
Enter an TTL value (range: 1-255)
|
count |
Set probe request count (default: 5)
|
<number> |
Enter the probe request count (range: 1-64)
|
probe portal [ size <number> ] [ src-mac <mac_addr> ] [ wait-time <number> ] [ ttl <number> ] [ count <number> ]
|
probe |
Set the probe parameters
|
portal |
Set the target of the probe as the MAC address of the HiveAP acting as portal
|
size |
Set the probe request packet size (default: 512 bytes)
|
<number> |
Enter a packet size (range: 256-1400 bytes)
|
src-mac |
Set the Source MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
wait-time |
Set the timeout value (default: 1 second)
|
<number> |
Enter an timeout value (range: 1-30 seconds)
|
ttl |
Set the TTL value (default 32)
|
<number> |
Enter an TTL value (range: 1-255)
|
count |
Set probe request count (default: 5)
|
<number> |
Enter the probe request count (range: 1-64)
|
qos airtime enable
|
qos |
Set QoS (Quality of Service) parameters
|
airtime |
Set QoS parameters based on the amount of airtime that wireless client traffic uses
|
enable |
Enable dynamic airtime scheduling
|
qos airtime rate-preference-weight {none|moderate|high}
|
qos |
Set QoS (Quality of Service) parameters
|
airtime |
Set QoS parameters based on the amount of airtime that wireless client traffic uses
|
rate-preference-weight |
Set a preference for forwarding traffic to and from wireless clients that are capable of fast data transfer rates
|
none |
Set no preference for clients with a fast data rate (Default: high)
|
moderate |
Set a moderate preference for clients with a fast data rate (Default: high)
|
high |
Set a high preference for clients with a fast data rate (Default: high)
|
qos classifier-map 80211e <number> <number>
|
qos |
Set QoS (Quality of Service) parameters
|
classifier-map |
Map QoS priority markers on incoming packets to Aerohive QoS classes
|
80211e |
Map IEEE 802.11e user priority markers on incoming packets to Aerohive QoS classes
|
<number> |
Enter IEEE 802.11e user priority (Range: 0-7)
|
<number> |
Enter Aerohive QoS class (Range: 0-7)
|
qos classifier-map 8021p <number> <number>
|
qos |
Set QoS (Quality of Service) parameters
|
classifier-map |
Map QoS priority markers on incoming packets to Aerohive QoS classes
|
8021p |
Map IEEE 802.1p priority markers on incoming packets to Aerohive QoS classes
|
<number> |
Enter IEEE 802.1p Priority (Range: 0-7)
|
<number> |
Enter Aerohive QoS class (Range: 0-7)
|
qos classifier-map diffserv <number> <number>
|
qos |
Set QoS (Quality of Service) parameters
|
classifier-map |
Map QoS priority markers on incoming packets to Aerohive QoS classes
|
diffserv |
Map diffserv DSCP (Differentiated Services Code Point) values on incoming packets to Aerohive QoS classes
|
<number> |
Enter the DSCP class (Range: 0-63)
|
<number> |
Enter the Aerohive QoS class (Range: 0-7)
|
qos classifier-map interface <ethx> <number>
|
qos |
Set QoS (Quality of Service) parameters
|
classifier-map |
Map QoS priority markers on incoming packets to Aerohive QoS classes
|
interface |
Map incoming Ethernet traffic to Aerohive QoS classes by its ingress interface
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<number> |
Enter the Aerohive QoS class (Range: 0-7)
|
qos classifier-map oui <oui> [ qos <number> ] [ action {permit|deny|log} ] [ comment <string> ]
|
qos |
Set QoS (Quality of Service) parameters
|
classifier-map |
Map QoS priority markers on incoming packets to Aerohive QoS classes
|
oui |
Set a MAC OUI (Organizational Unique Identifier) classification table
|
<oui> |
Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
|
qos |
Set an Aerohive QoS class to the MAC
|
<number> |
Enter Aerohive QoS class (Range: 0-7)
|
action |
Set an action to the MAC OUI
|
permit |
permit the packet
|
deny |
deny the packet
|
log |
log the packet
|
comment |
Add a comment to the MAC OUI
|
<string> |
Enter a comment (Maximum:32 chars) to the MAC
|
qos classifier-map service <string> [ qos <number> ] [ action {permit|deny|log} ]
|
qos |
Set QoS (Quality of Service) parameters
|
classifier-map |
Map QoS priority markers on incoming packets to Aerohive QoS classes
|
service |
Set service-based classification table
|
<string> |
Enter service name (1-32 chars)
|
qos |
Set an Aerohive QoS class to the service
|
<number> |
Enter the Aerohive QoS class (Range: 0-7)
|
action |
Set the action to take when receiving a packet for this service
|
permit |
permit the packet
|
deny |
deny the packet
|
log |
log the packet
|
qos classifier-map ssid <string> <number>
|
qos |
Set QoS (Quality of Service) parameters
|
classifier-map |
Map QoS priority markers on incoming packets to Aerohive QoS classes
|
ssid |
Map incoming wireless traffic to Aerohive QoS classes by SSID
|
<string> |
Enter an SSID name
|
<number> |
Enter the Aerohive QoS class (Range: 0-7)
|
qos classifier-profile <string> [ {interface/ssid-only|8021p|80211e|diffserv|interface/ssid|mac|service} ]
|
qos |
Set QoS (Quality of Service) parameters
|
classifier-profile |
Set a QoS classification profile
|
<string> |
Enter a classifier profile name (1-32 chars)
|
interface/ssid-only |
Classify all incoming and outgoing packets using the interface or SSID bound to this classifier profile (Note: The interface/ssid-only method cannot be combined with other methods in the same classifier profile or applied to more than one profile. This profile has precedence over all others.)
|
8021p |
Classify incoming packets by 802.1p priority markers present in Layer2 frame headers
|
80211e |
Classify incoming packets by 802.11e priority markers present in wireless frame headers
|
diffserv |
Classify incoming packets by DiffServ DSCP values present in Layer3 packet headers
|
interface/ssid |
Classify packets by the interface or SSID that they traverse (Note: If two interface/SSID classifier profiles apply to the same session, the one providing better QoS is used.)
|
mac |
Classify packets by the OUI (organizationally unique identifier) of the session participants (Note: If two OUI classifier profiles apply to the same session, the one providing better QoS is used.)
|
service |
Classify incoming packets by network service type
|
qos enable
|
qos |
Set QoS (Quality of Service) parameters
|
enable |
Enable QoS (Quality of Service)
|
qos marker-map 80211e <number> <number>
|
qos |
Set QoS (Quality of Service) parameters
|
marker-map |
Map Aerohive QoS classes to QoS priority markers on outgoing packets
|
80211e |
Map Aerohive QoS classes to IEEE 802.11e user priority markers on outgoing packets
|
<number> |
Enter the Aerohive QoS class (Range: 0-7)
|
<number> |
Enter the IEEE 802.11e user priority (Range: 0-7)
|
qos marker-map 8021p <number> <number>
|
qos |
Set QoS (Quality of Service) parameters
|
marker-map |
Map Aerohive QoS classes to QoS priority markers on outgoing packets
|
8021p |
Map Aerohive QoS classes to IEEE 802.1p priority markers on outgoing packets
|
<number> |
Enter Aerohive QoS class (Range: 0-7)
|
<number> |
Enter IEEE 802.1p Priority (Range: 0-7)
|
qos marker-map 8021p <string> [ <number> <number> ]
|
qos |
Set QoS (Quality of Service) parameters
|
marker-map |
Map Aerohive QoS classes to QoS priority markers on outgoing packets
|
8021p |
Map Aerohive QoS classes to IEEE 802.1p priority markers on outgoing packets
|
<string> |
Enter marker name (1-32 chars)
|
<number> |
Enter Aerohive QoS class (Range: 0-7)
|
<number> |
Enter IEEE 802.1p Priority (Range: 0-7)
|
qos marker-map diffserv <number> <number>
|
qos |
Set QoS (Quality of Service) parameters
|
marker-map |
Map Aerohive QoS classes to QoS priority markers on outgoing packets
|
diffserv |
Map Aerohive QoS classes to diffserv DSCP (Differentiated Services Code Point) values on outgoing packets
|
<number> |
Enter the Aerohive QoS class (Range: 0-7)
|
<number> |
Enter the DSCP class (Range: 0-63)
|
qos marker-map diffserv <string> [ <number> <number> ]
|
qos |
Set QoS (Quality of Service) parameters
|
marker-map |
Map Aerohive QoS classes to QoS priority markers on outgoing packets
|
diffserv |
Map Aerohive QoS classes to diffserv DSCP (Differentiated Services Code Point) values on outgoing packets
|
<string> |
Enter marker name (1-32 chars)
|
<number> |
Enter the Aerohive QoS class (Range: 0-7)
|
<number> |
Enter the DSCP class (Range: 0-63)
|
qos marker-profile <string> [ {8021p|80211e|diffserv} ]
|
qos |
Set QoS (Quality of Service) parameters
|
marker-profile |
Set a QoS marker profile
|
<string> |
Enter the marker profile name (1-32 chars)
|
8021p |
Use 802.1p priority markers in Layer 2 frame headers as the marking method
|
80211e |
Use 802.11e priority markers in wireless frame headers as the marking method
|
diffserv |
Use DiffServ DSCP values in Layer 3 packet headers as the marking method
|
qos policy <string> [ user-profile <number> <number> ] [ user <number> ] [ qos <number> {strict|wrr} <number> <number> ]
|
qos |
Set QoS (Quality of Service) parameters
|
policy |
Set a QoS policy to control traffic forwarding
|
<string> |
Enter the policy name (1-32 chars)
|
user-profile |
Set QoS policy parameters at the user profile level
|
<number> |
Enter the user profile rate limit in kbps (Range: 0-2000000)
|
<number> |
Enter the scheduling weight for the user profile (Range: 0-1000)
|
user |
Set QoS parameters at the user level
|
<number> |
Enter the user rate limit in kbps (Range: 0-2000000)
|
qos |
Set QoS parameters at the Aerohive QoS class level
|
<number> |
Enter the Aerohive QoS class (Range: 0-7)
|
strict |
Set the scheduling mode as strict to forward traffic without queuing it
|
wrr |
Set the scheduling mode as WRR (weighted round robin) to queue traffic and use rate limits and weights to prioritize forwarding
|
<number> |
Enter the class rate limit in kbps (Range: 0-2000000)
|
<number> |
Enter the scheduling weight (Range: 0-1000; Note: If the scheduling mode is strict, its weight must be zero.)
|
quit
|
quit |
Quit CLI (Command Line Interface)
|
radio profile <string>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
radio profile <string> acsp access channel-auto-select time-range <time> <time> [ station <number> ]
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
acsp |
Set parameters for ACSP (Advanced Channel Selection Protocol)
|
access |
Set access point interface parameters
|
channel-auto-select |
Set conditions for automatically selecting radio channels
|
time-range |
Set the time range when a new radio channel can be selected (Note: During this time, the radio re-evaluates the channel in use. It might switch to a different channel or continue using the same channel.)
|
<time> |
Enter the start time (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
<time> |
Enter the end time (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
station |
Set the maximum number of stations that can be connected to the HiveAP when selecting a channel (If more are connected during the time range, no channel selection occurs.)
|
<number> |
Enter the station maximum (Range: 0-100; Default: 0)
|
radio profile <string> acsp all-channels-model enable
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
acsp |
Set parameters for ACSP (Advanced Channel Selection Protocol)
|
all-channels-model |
Set all channels from which the radio can select the optimal channel
|
enable |
Enable all channels selection
|
radio profile <string> acsp channel-model 4-channels [ <channel_g4> ]
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
acsp |
Set parameters for ACSP (Advanced Channel Selection Protocol)
|
channel-model |
Set the pool of channels from which the radio can select the optimal channel
|
4-channels |
Set 4-channel model (Defaults: USA: 3 channels, 01-06-11, 01-04-08-11; Europe: 4 channels, 01-05-09-13, 01-06-11; Japan: 4 channels, 01-05-09-14, 01-06-11)
|
<channel_g4> |
Enter the pool of channels from which the radio can select one to use (Format: xx-xx-xx-xx;)
|
radio profile <string> acsp channel-model {3-channels} [ <channel_g3> ]
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
acsp |
Set parameters for ACSP (Advanced Channel Selection Protocol)
|
channel-model |
Set the pool of channels from which the radio can select the optimal channel
|
3-channels |
Set 3-channel model (Defaults: USA: 3 channels, 01-06-11, 01-04-08-11; Europe: 4 channels, 01-05-09-13, 01-06-11; Japan: 4 channels, 01-05-09-14, 01-06-11)
|
<channel_g3> |
Enter the pool of channels from which the radio can select one to use (Format: xx-xx-xx;)
|
radio profile <string> acsp interference-switch crc-err-threshold <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
acsp |
Set parameters for ACSP (Advanced Channel Selection Protocol)
|
interference-switch |
Set parameters for the collection of RF interference-related data and switch channels if the threshold is reached
|
crc-err-threshold |
Set an RF interference threshold based on the rate of CRC (cyclic redundancy check) errors (Note: If the rate of CRC errors exceeds this threshold, the HiveAP switches channels)
|
<number> |
Enter the threshold as a percent (Default: 25; Range: 10-80)
|
radio profile <string> acsp interference-switch iu-threshold <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
acsp |
Set parameters for ACSP (Advanced Channel Selection Protocol)
|
interference-switch |
Set parameters for the collection of RF interference-related data and switch channels if the threshold is reached
|
iu-threshold |
Set an RF interference threshold based on interference utilization (Note: If the percent of interference utilization exceeds this value, the HiveAP switches channels)
|
<number> |
Enter the threshold as a percent (Default: 25; Range: 10-80)
|
radio profile <string> acsp interference-switch {enable|no-station-enable|disable}
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
acsp |
Set parameters for ACSP (Advanced Channel Selection Protocol)
|
interference-switch |
Set parameters for the collection of RF interference-related data and switch channels if the threshold is reached
|
enable |
Enable the radio to switch channels if the RF interference threshold is reached (Default setting: no-station-enable)
|
no-station-enable |
Enable the radio to switch channels only if the RF interference threshold is reached and no stations are connected (Default setting: no-station-enable)
|
disable |
Disable the radio from switching channels because of RF interference-related data (Default setting: no-station-enable)
|
radio profile <string> acsp max-tx-power <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
acsp |
Set parameters for ACSP (Advanced Channel Selection Protocol)
|
max-tx-power |
Set radio max transmit power
|
<number> |
Enter the max transmit power (Default: 20 dBm; Range: 10-20 dBm)
|
radio profile <string> ampdu
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
ampdu |
Enable AMPDU (Aggregate MAC Protocol Data Unit) transmissions to reduce overhead when the transmission channel is busy
|
radio profile <string> amsdu
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
amsdu |
Enable AMSDU (Aggregate MAC Service Data Unit) transmissions to reduce overhead when the transmission channel is busy
|
radio profile <string> backhaul failover [ trigger-time <number> ] [ hold-time <number> ]
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
backhaul |
Set parameters for failing over the backhaul link from Ethernet to wireless (Note: Only set this command on a HiveAP that acts as a portal.)
|
failover |
Enable backhaul communications to fail over to the wireless link if the Ethernet link goes down (Default: enabled)
|
trigger-time |
Set how long the Ethernet link must be down to trigger a failover to the wireless link
|
<number> |
Enter the failover trigger time in seconds (Default: 2; Range: 1-5)
|
hold-time |
Set how long the Ethernet link must be up to revert backhaul communications from wireless to Ethernet
|
<number> |
Enter the hold time in seconds (Default: 30; Range: 1-300)
|
radio profile <string> band-steering balance-band threshold <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
band-steering |
Distribute wireless clients that support both 2.4 and 5 GHz bands evenly across the two bands when an SSID is available on both bands
|
balance-band |
Balance clients according to an approximate ratio between 2.4 GHz and 5 GHz channels (Default: Allow four 5 GHz clients for every one 2.4 GHz client, or 80%.)
|
threshold |
Set the minimum ratio of 5 GHz clients to 2.4 GHz clients, expressed as a percentage (Example: Four 5-GHz stations to five total stations is 80%.)
|
<number> |
Enter the threshold to begin balancing band usage as a percentage (Range: 0-100; Default: 80)
|
radio profile <string> band-steering enable
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
band-steering |
Distribute wireless clients that support both 2.4 and 5 GHz bands evenly across the two bands when an SSID is available on both bands
|
enable |
Enable band steering (Default: Disabled)
|
radio profile <string> band-steering mode {balance-band|prefer-5g|force-5g}
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
band-steering |
Distribute wireless clients that support both 2.4 and 5 GHz bands evenly across the two bands when an SSID is available on both bands
|
mode |
Set the mode for band steering (Default: balance-band)
|
balance-band |
Balance clients according to an approximate ratio between 2.4 GHz and 5 GHz channels (Default: Allow four 5 GHz clients for every one 2.4 GHz client, or 80%.)
|
prefer-5g |
Encourage clients that are 5-GHz capable to move to the 5 GHz band by ignoring requests from them on the 2.4 GHz band (Note: If a client continues to attempt using 2.4 GHz even when offered a 5 GHz connection, the system allows it to connect at 2.4 GHz after a specified number of attempts. The default is 5.)
|
force-5g |
Answer probe requests from 5 GHz-capable clients only on 5 GHz interfaces
|
radio profile <string> band-steering prefer-5g suppression-limit <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
band-steering |
Distribute wireless clients that support both 2.4 and 5 GHz bands evenly across the two bands when an SSID is available on both bands
|
prefer-5g |
Encourage clients that are 5-GHz capable to move to the 5 GHz band by ignoring requests from them on the 2.4 GHz band (Note: If a client continues to attempt using 2.4 GHz even when offered a 5 GHz connection, the system allows it to connect at 2.4 GHz after a specified number of attempts. The default is 5.)
|
suppression-limit |
Set a limit number to the number of probe responses the system suppresses before accepting a client on the 2.4 GHz band
|
<number> |
Enter the number of probe responses the system suppresses before accepting client in the 2.4 GHz band (Default: 5; Range: 1-100)
|
radio profile <string> beacon-period <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
beacon-period |
Set the period of time between beacon broadcasts
|
<number> |
Enter the beacon period in TUs (time units, a measurement of time equal to 1024 microseconds) for the radio profile (Default: 100, Range: 40-3500)
|
radio profile <string> benchmark phymode 11a rate {6|9|12|18|24|36|48|54} success <number> usage <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
benchmark |
Set benchmark parameters for gauging the health of client connectivity
|
phymode |
Set the physical mode for which you want to measure client connectivity
|
11a |
Set benchmark parameters for 11a mode
|
rate |
Set the transmission rate that you expect clients with healthy connectivity to use (Note: You can set up to 3 rates for the same phymode)
|
6 |
Enter the transmission rate
|
9 |
Enter the transmission rate
|
12 |
Enter the transmission rate
|
18 |
Enter the transmission rate
|
24 |
Enter the transmission rate
|
36 |
Enter the transmission rate
|
48 |
Enter the transmission rate
|
54 |
Enter the transmission rate
|
success |
Set the percent of packets that you expect clients with healthy connectivity to transmit successfully
|
<number> |
Enter the percent for successfully transmitted packets (Range: 1-100)
|
usage |
Set the percent of time that you expect clients with healthy connectivity to transmit at the defined rate
|
<number> |
Enter the percent of time that clients transmit at the defined rate (Range: 1-100)
|
radio profile <string> benchmark phymode 11b rate {1|2|5.5|11} success <number> usage <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
benchmark |
Set benchmark parameters for gauging the health of client connectivity
|
phymode |
Set the physical mode for which you want to measure client connectivity
|
11b |
Set benchmark parameters for 11b mode
|
rate |
Set the transmission rate that you expect clients with healthy connectivity to use (Note: You can set up to 3 rates for the same phymode)
|
1 |
Enter the transmission rate
|
2 |
Enter the transmission rate
|
5.5 |
Enter the transmission rate
|
11 |
Enter the transmission rate
|
success |
Set the percent of packets that you expect clients with healthy connectivity to transmit successfully
|
<number> |
Enter the percent for successfully transmitted packets (Range: 1-100)
|
usage |
Set the percent of time that you expect clients with healthy connectivity to transmit at the defined rate
|
<number> |
Enter the percent of time that clients transmit at the defined rate (Range: 1-100)
|
radio profile <string> benchmark phymode 11g rate {1|2|5.5|11|6|9|12|18|24|36|48|54} success <number> usage <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
benchmark |
Set benchmark parameters for gauging the health of client connectivity
|
phymode |
Set the physical mode for which you want to measure client connectivity
|
11g |
Set benchmark parameters for 11g mode
|
rate |
Set the transmission rate that you expect clients with healthy connectivity to use (Note: You can set up to 3 rates for the same phymode)
|
1 |
Enter the transmission rate
|
2 |
Enter the transmission rate
|
5.5 |
Enter the transmission rate
|
11 |
Enter the transmission rate
|
6 |
Enter the transmission rate
|
9 |
Enter the transmission rate
|
12 |
Enter the transmission rate
|
18 |
Enter the transmission rate
|
24 |
Enter the transmission rate
|
36 |
Enter the transmission rate
|
48 |
Enter the transmission rate
|
54 |
Enter the transmission rate
|
success |
Set the percent of packets that you expect clients with healthy connectivity to transmit successfully
|
<number> |
Enter the percent for successfully transmitted packets (Range: 1-100)
|
usage |
Set the percent of time that you expect clients with healthy connectivity to transmit at the defined rate
|
<number> |
Enter the percent of time that clients transmit at the defined rate (Range: 1-100)
|
radio profile <string> benchmark phymode 11n rate {6|9|12|18|24|36|48|54|mcs0|mcs1|mcs2|mcs3|mcs4|mcs5|mcs6|mcs7|mcs8|mcs9|mcs10|mcs11|mcs12|mcs13|mcs14|mcs15|mcs0/1|mcs1/1|mcs2/1|mcs3/1|mcs4/1|mcs5/1|mcs6/1|mcs7/1|mcs0/2|mcs1/2|mcs2/2|mcs3/2|mcs4/2|mcs5/2|mcs6/2|mcs7/2} success <number> usage <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
benchmark |
Set benchmark parameters for gauging the health of client connectivity
|
phymode |
Set the physical mode for which you want to measure client connectivity
|
11n |
Set benchmark parameters for 11n mode
|
rate |
Set the transmission rate that you expect clients with healthy connectivity to use (Note: You can set up to 3 rates for the same phymode)
|
6 |
Enter the transmission rate
|
9 |
Enter the transmission rate
|
12 |
Enter the transmission rate
|
18 |
Enter the transmission rate
|
24 |
Enter the transmission rate
|
36 |
Enter the transmission rate
|
48 |
Enter the transmission rate
|
54 |
Enter the transmission rate
|
mcs0 |
Enter the transmission rate
|
mcs1 |
Enter the transmission rate
|
mcs2 |
Enter the transmission rate
|
mcs3 |
Enter the transmission rate
|
mcs4 |
Enter the transmission rate
|
mcs5 |
Enter the transmission rate
|
mcs6 |
Enter the transmission rate
|
mcs7 |
Enter the transmission rate
|
mcs8 |
Enter the transmission rate
|
mcs9 |
Enter the transmission rate
|
mcs10 |
Enter the transmission rate
|
mcs11 |
Enter the transmission rate
|
mcs12 |
Enter the transmission rate
|
mcs13 |
Enter the transmission rate
|
mcs14 |
Enter the transmission rate
|
mcs15 |
Enter the transmission rate
|
mcs0/1 |
Enter the transmission rate
|
mcs1/1 |
Enter the transmission rate
|
mcs2/1 |
Enter the transmission rate
|
mcs3/1 |
Enter the transmission rate
|
mcs4/1 |
Enter the transmission rate
|
mcs5/1 |
Enter the transmission rate
|
mcs6/1 |
Enter the transmission rate
|
mcs7/1 |
Enter the transmission rate
|
mcs0/2 |
Enter the transmission rate
|
mcs1/2 |
Enter the transmission rate
|
mcs2/2 |
Enter the transmission rate
|
mcs3/2 |
Enter the transmission rate
|
mcs4/2 |
Enter the transmission rate
|
mcs5/2 |
Enter the transmission rate
|
mcs6/2 |
Enter the transmission rate
|
mcs7/2 |
Enter the transmission rate
|
success |
Set the percent of packets that you expect clients with healthy connectivity to transmit successfully
|
<number> |
Enter the percent for successfully transmitted packets (Range: 1-100)
|
usage |
Set the percent of time that you expect clients with healthy connectivity to transmit at the defined rate
|
<number> |
Enter the percent of time that clients transmit at the defined rate (Range: 1-100)
|
radio profile <string> channel-width {20|40|40-above|40-below}
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
channel-width |
Set the channel width or the extensive channel offset when channel width is 40 MHz
|
20 |
Enter the channel width and extensive channel offset (Default: 20 Mhz)
|
40 |
Enter the channel width and extensive channel offset (Default: 20 Mhz)
|
40-above |
Enter the channel width and extensive channel offset (Default: 20 Mhz)
|
40-below |
Enter the channel width and extensive channel offset (Default: 20 Mhz)
|
radio profile <string> client-load-balance crc-error-limit <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
client-load-balance |
Enable the HiveAP to engage in client load balancing with neighboring hive members and set client load balancing parameters
|
crc-error-limit |
Set the maximum CRC (cyclic redundancy check) error rate that the HiveAP will tolerate before ignoring probes and association requests
|
<number> |
Enter the maximum CRC error rate as a percent (Default: 30; Range: 1-99)
|
radio profile <string> client-load-balance enable
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
client-load-balance |
Enable the HiveAP to engage in client load balancing with neighboring hive members and set client load balancing parameters
|
enable |
Enable client load balancing (Default: Disabled)
|
radio profile <string> client-load-balance hold-time <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
client-load-balance |
Enable the HiveAP to engage in client load balancing with neighboring hive members and set client load balancing parameters
|
hold-time |
Set the amount of time that a client must be associated with a HiveAP before it can roam (Note: Roaming before the hold time elapses is allowed if the client SNR is below the SNR threshold, the owner HiveAP is overloaded, or the client is experiencing a high level of interference.)
|
<number> |
Enter the hold time for clients in seconds (Default: 60; Range: 10-600)
|
radio profile <string> client-load-balance interference-limit <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
client-load-balance |
Enable the HiveAP to engage in client load balancing with neighboring hive members and set client load balancing parameters
|
interference-limit |
Set the maximum amount of RF interference that the HiveAP will tolerate before ignoring probes and association requests
|
<number> |
Enter the maximum interference limit as a percent (Default: 40; Range: 1-99)
|
radio profile <string> client-load-balance mode {airtime|sta-num}
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
client-load-balance |
Enable the HiveAP to engage in client load balancing with neighboring hive members and set client load balancing parameters
|
mode |
Set the mode for balancing client load with neighboring hive members (Default: airtime)
|
airtime |
Enable load balancing based on airtime; that is, on the amount of the wireless medium being used
|
sta-num |
Enable load balancing based on the total number of clients associated with the device
|
radio profile <string> client-load-balance neighbor-load-query-interval <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
client-load-balance |
Enable the HiveAP to engage in client load balancing with neighboring hive members and set client load balancing parameters
|
neighbor-load-query-interval |
Set the time interval to query neighboring HiveAPs for load information
|
<number> |
Enter the load query time interval in seconds (Range: 1-600; Default: 60)
|
radio profile <string> client-load-balance sta-mini-airtime <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
client-load-balance |
Enable the HiveAP to engage in client load balancing with neighboring hive members and set client load balancing parameters
|
sta-mini-airtime |
Set the minimum average percent of airtime consumed by all clients associated with the HiveAP before it begins ignoring probes and association requests from new client
|
<number> |
Enter the minimum station airtime as a percent (Default: 4; Range: 1-5)
|
radio profile <string> deny-client {11b|11abg}
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
deny-client |
Deny connections from wireless clients using the specified standards
|
11b |
Deny connections from wireless clients using the 802.11b standard (Default: All connections are accepted)
|
11abg |
Deny connections from wireless clients using the 802.11a/b/g standard (Default: All connections are accepted; Note: This option is only allowed for radio profiles supporting 802.11n)
|
radio profile <string> detect-bssid-spoofing
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
detect-bssid-spoofing |
Enable the detection of spoofed BSSIDs (Default: Disabled)
|
radio profile <string> dfs
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
dfs |
Enable DFS (Dynamic Frequency Selection) so the radio can switch channels automatically when detecting a radar signal (Default: Disabled)
|
radio profile <string> dfs radar-detect-only
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
dfs |
Enable DFS (Dynamic Frequency Selection) so the radio can switch channels automatically when detecting a radar signal (Default: Disabled)
|
radar-detect-only |
Enable radar signal detection but do not change channels if it is detected (Default: Disabled)
|
radio profile <string> high-density broadcast-probe-suppress enable
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
high-density |
Set parameters to reduce management traffic and improve the processing of client traffic in a high-density RF environment
|
broadcast-probe-suppress |
Suppress responses to broadcast probe requests
|
enable |
Enable the suppression of broadcast probe responses (Default: Disabled)
|
radio profile <string> high-density broadcast-probe-suppress oui <oui>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
high-density |
Set parameters to reduce management traffic and improve the processing of client traffic in a high-density RF environment
|
broadcast-probe-suppress |
Suppress responses to broadcast probe requests that are broadcast by specified clients
|
oui |
Set the OUI (Organizationally Unique Identifier) portion of client MAC addresses to which you want to suppress probe responses
|
<oui> |
Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
|
radio profile <string> high-density continuous-probe-suppress enable
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
high-density |
Set parameters to reduce management traffic and improve the processing of client traffic in a high-density RF environment
|
continuous-probe-suppress |
Suppress subsequent transmissions of probe responses to clients that send multiple probe requests within the same beacon interval
|
enable |
Enable the suppression of subsequent probe responses (Default: Disabled)
|
radio profile <string> high-density enable
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
high-density |
Set parameters to reduce management traffic and improve the processing of client traffic in a high-density RF environment
|
enable |
Enable high-density settings (Default: Disabled)
|
radio profile <string> high-density mgmt-frame-tx-rate {low|high}
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
high-density |
Set parameters to reduce management traffic and improve the processing of client traffic in a high-density RF environment
|
mgmt-frame-tx-rate |
Set the management frame transmit bit rate as low or high (Note: This setting also applies to broadcast and multicast data frame bit rates and unicast data frame retry bit rates.)
|
low |
Set the basic transmit rate for a high density deployment as low (Default: Low)
|
high |
Set the basic transmit rate for a high density deployment as high (Default: Low)
|
radio profile <string> interference-map crc-err-threshold <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
interference-map |
Set parameters for the collection of RF interference-related data and the reporting of this data to HiveManager
|
crc-err-threshold |
Set an RF interference threshold based on the rate of CRC (cyclic redundancy check) errors (Note: If the rate of CRC errors exceeds this threshold, the HiveAP alerts HiveManager to switch from its regular polling interval to a shorter one)
|
<number> |
Enter the threshold as a percent (Default: 20; Range: 15-60)
|
radio profile <string> interference-map cu-threshold <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
interference-map |
Set parameters for the collection of RF interference-related data and the reporting of this data to HiveManager
|
cu-threshold |
Set an RF interference threshold based on channel utilization (Note: If the percent of channel utilization exceeds this value, the HiveAP alerts HiveManager to switch from its regular polling interval to a shorter one)
|
<number> |
Enter the threshold as a percent (Default: 20; Range: 15-60)
|
radio profile <string> interference-map enable
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
interference-map |
Set parameters for the collection of RF interference-related data and the reporting of this data to HiveManager
|
enable |
Enable the collection and reporting of RF interference-related data to HiveManager
|
radio profile <string> interference-map short-term-interval <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
interference-map |
Set parameters for the collection of RF interference-related data and the reporting of this data to HiveManager
|
short-term-interval |
Set the interval during which the HiveAP calculates a short-term average of channel utilization and CRC errors (Note: The HiveAP calculates three averages: a running average, a configurable short-term average, and a 60-second snapshot average)
|
<number> |
Enter the short-term interval in minutes (Default: 5; Range: 5-30)
|
radio profile <string> max-client <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
max-client |
Set radio profile's max number of clients/neighbors
|
<number> |
Enter the maximum number of clients (Range: 1-100)
|
radio profile <string> phymode {11a|11b/g|11na|11ng}
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
phymode |
Set the physical mode of the radio profile
|
11a |
Set the physical mode to 11a (Default: 11b/g)
|
11b/g |
Set the physical mode to 11b/g (Default: 11b/g)
|
11na |
Set the physical mode to 11na (Default: 11b/g)
|
11ng |
Set the physical mode to 11ng (Default: 11b/g)
|
radio profile <string> presence aggr-interval <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
presence |
Set precense parameters for the radio profile
|
aggr-interval |
Set the precense aggr interval of the radio profile
|
<number> |
Enter a interval number to which the aggregation will be done (Default: 120 sec;Range: 15 - 600)
|
radio profile <string> presence aging-time <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
presence |
Set precense parameters for the radio profile
|
aging-time |
Set the precense aging time of the radio profile
|
<number> |
Enter an aging time for presence client (Default: 120 sec; Range: 15 - 600)
|
radio profile <string> presence enable
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
presence |
Set precense parameters for the radio profile
|
enable |
Enable presence setting (Default: Disabled)
|
radio profile <string> presence trap-interval <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
presence |
Set precense parameters for the radio profile
|
trap-interval |
Set the precense trap interval of the radio profile
|
<number> |
Enter a interval number to which the trap was sent (Default: 120 sec;Range: 15 - 600)
|
radio profile <string> primary-channel-offset {auto|0|1|2|3}
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
primary-channel-offset |
Set the primary channel offset of the radio profile
|
auto |
Set primary channel offset to auto (Default: auto)
|
0 |
Set primary channel offset to 0 (Default: auto)
|
1 |
Set primary channel offset to 1 (Default: auto)
|
2 |
Set primary channel offset to 2 (Default: auto)
|
3 |
Set primary channel offset to 3 (Default: auto)
|
radio profile <string> receive-chain <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
receive-chain |
Set the number of receive chains for frame reception
|
<number> |
Enter the number of receive chains (Default: 2; Range: 1-2)
|
radio profile <string> safety-net enable
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
safety-net |
Enable the HiveAP, when it is in an overloaded state or if the client's SNR is low, to respond to a client making association requests after the timeout period elapses
|
enable |
Enable safety net checking (Default: Enabled)
|
radio profile <string> safety-net timeout <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
safety-net |
Enable the HiveAP, when it is in an overloaded state or if the client's SNR is low, to respond to a client making association requests after the timeout period elapses
|
timeout |
Set the maximum length of time to ignore association requests from a client when the HiveAP is in an overloaded state or if the client's SNR is low
|
<number> |
Enter the timeout in seconds (Default: 15; Range: 5-300)
|
radio profile <string> scan access
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
scan |
Enable scanning to detect neighboring APs
|
access |
Enable scanning for interfaces in access mode (Default: Enabled)
|
radio profile <string> scan access client
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
scan |
Enable scanning to detect neighboring APs
|
access |
Enable scanning for interfaces in access mode (Default: Enabled)
|
client |
Allow scanning to occur when clients are connected (Default: Allowed)
|
radio profile <string> scan access client power-save
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
scan |
Enable scanning to detect neighboring APs
|
access |
Enable scanning for interfaces in access mode (Default: Enabled)
|
client |
Allow scanning to occur when clients are connected (Default: Allowed)
|
power-save |
Allow scanning to occur when connected clients are in a power save state (Default: Disallowed)
|
radio profile <string> scan access interval <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
scan |
Enable scanning to detect neighboring APs
|
access |
Enable scanning for interfaces in access mode (Default: Enabled)
|
interval |
Set the scan interval
|
<number> |
Enter the scan interval in minutes (Default: 10 minutes; Range: 1-1440)
|
radio profile <string> scan access voice
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
scan |
Enable scanning to detect neighboring APs
|
access |
Enable scanning for interfaces in access mode (Default: Enabled)
|
voice |
Allow scanning to occur while processing voice traffic (Default: Disallowed)
|
radio profile <string> sensor channel-list <string>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
sensor |
Set sensor parameters for the radio profile
|
channel-list |
Set the channel list to sensor mode of the radio profile
|
<string> |
Enter a string comprised of channel list. channel number and separated by ','(e.g. 1,6,11).or "all" (Default: all)(1-64 chars)
|
radio profile <string> sensor dwell-time <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
sensor |
Set sensor parameters for the radio profile
|
dwell-time |
Set the dwell time to sensor mode of the radio profile
|
<number> |
Enter a numeric value for sensor dwell time (Default:1200 millisecond; Range: 10-30000)
|
radio profile <string> short-guard-interval
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
short-guard-interval |
Enable the short guard interval option (400ns) to avoid inter-symbol interference and improve media throughput (Note: This is only valid in 40-MHz channel mode.)
|
radio profile <string> short-preamble
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
short-preamble |
Set short preamble mode of radio profile
|
radio profile <string> transmit-chain <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
transmit-chain |
Set the number of transmit chains for frame transmission or configure the HiveAP to determine them automatically
|
<number> |
Enter the number of transmit chains (Default: 2; Range: 1-2)
|
radio profile <string> tx-rate {auto|1Mbps|2Mbps|5.5Mbps|6Mbps|9Mbps|11Mbps|12Mbps|18Mbps|24Mbps|36Mbps|48Mbps|54Mbps|MCS0|MCS1|MCS2|MCS3| MCS4|MCS5|MCS6|MCS7|MCS8|MCS9|MCS10|MCS11|MCS12|MCS13|MCS14|MCS15|MCS16|MCS17|MCS18|MCS19|MCS20|MCS21|MCS22|MCS23}
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
tx-rate |
Set the Tx (transmission) rate for the radio profile
|
auto |
Set the radio to determine its transmission rate automatically (Default: auto; Range: 1-54 Mbps)
|
1Mbps |
Set the transmit rate as 1Mbps (Only for 802.11bg and 802.11ng)
|
2Mbps |
Set the transmit rate as 2Mbps (Only for 802.11bg and 802.11ng)
|
5.5Mbps |
Set the transmit rate as 5.5Mbps (Only for 802.11bg and 802.11ng)
|
6Mbps |
Set the transmit rate as 6Mbps
|
9Mbps |
Set the transmit rate as 9Mbps
|
11Mbps |
Set the transmit rate as 11Mbps (Only for 802.11bg and 802.11ng)
|
12Mbps |
Set the transmit rate as 12Mbps
|
18Mbps |
Set the transmit rate as 18Mbps
|
24Mbps |
Set the transmit rate as 24Mbps
|
36Mbps |
Set the transmit rate as 36Mbps
|
48Mbps |
Set the transmit rate as 48Mbps
|
54Mbps |
Set the transmit rate as 54Mbps
|
MCS0 |
Set the transmit rate as MCS0
|
MCS1 |
Set the transmit rate as MCS1
|
MCS2 |
Set the transmit rate as MCS2
|
MCS3 |
Set the transmit rate as MCS3
|
MCS4 |
Set the transmit rate as MCS4
|
MCS5 |
Set the transmit rate as MCS5
|
MCS6 |
Set the transmit rate as MCS6
|
MCS7 |
Set the transmit rate as MCS7
|
MCS8 |
Set the transmit rate as MCS8
|
MCS9 |
Set the transmit rate as MCS9
|
MCS10 |
Set the transmit rate as MCS10
|
MCS11 |
Set the transmit rate as MCS11
|
MCS12 |
Set the transmit rate as MCS12
|
MCS13 |
Set the transmit rate as MCS13
|
MCS14 |
Set the transmit rate as MCS14
|
MCS15 |
Set the transmit rate as MCS15
|
MCS16 |
Set the transmit rate as MCS16 (Only for the HiveAP 330, 350, 370 and 390)
|
MCS17 |
Set the transmit rate as MCS17 (Only for the HiveAP 330, 350, 370 and 390)
|
MCS18 |
Set the transmit rate as MCS18 (Only for the HiveAP 330, 350, 370 and 390)
|
MCS19 |
Set the transmit rate as MCS19 (Only for the HiveAP 330, 350, 370 and 390)
|
MCS20 |
Set the transmit rate as MCS20 (Only for the HiveAP 330, 350, 370 and 390)
|
MCS21 |
Set the transmit rate as MCS21 (Only for the HiveAP 330, 350, 370 and 390)
|
MCS22 |
Set the transmit rate as MCS22 (Only for the HiveAP 330, 350, 370 and 390)
|
MCS23 |
Set the transmit rate as MCS23 (Only for the HiveAP 330, 350, 370 and 390)
|
radio profile <string> weak-snr-suppress enable
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
weak-snr-suppress |
Set parameters to determine when the SNR (signal-to-noise ratio) for a client is weak, and enable the HiveAP to ignore probes and association requests from clients with weak SNRs
|
enable |
Enable the suppression of probe responses when the client SNR is weak (Default: Disabled)
|
radio profile <string> weak-snr-suppress threshold <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
weak-snr-suppress |
Set parameters to determine when the SNR (signal-to-noise ratio) for a client is weak, and enable the HiveAP to ignore probes and association requests from clients with weak SNRs
|
threshold |
Set the minium amount of SNR(signal-to-noise ratio) that the HiveAP will accepting probes and association requests
|
<number> |
Enter threshold of weak snr suppress in dB (Default: 15, Range: 1-100)
|
radio profile <string> wmm ac {background|best-effort|video|voice} aifs <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
wmm |
Set Wi-Fi Multimedia parameters
|
ac |
Set Access Category parameters
|
background |
Set background access category parameters
|
best-effort |
Set best-effort access category parameters
|
video |
Set video access category parameters
|
voice |
Set voice access category parameters
|
aifs |
Set AIFS (arbitration interframe space) parameters
|
<number> |
Set the AIFS value (Range: 0-15)
|
radio profile <string> wmm ac {background|best-effort|video|voice} cwmax <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
wmm |
Set Wi-Fi Multimedia parameters
|
ac |
Set Access Category parameters
|
background |
Set background access category parameters
|
best-effort |
Set best-effort access category parameters
|
video |
Set video access category parameters
|
voice |
Set voice access category parameters
|
cwmax |
Set maximal contention window parameters
|
<number> |
contention window maximal value (Range: 1-15)
|
radio profile <string> wmm ac {background|best-effort|video|voice} cwmin <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
wmm |
Set Wi-Fi Multimedia parameters
|
ac |
Set Access Category parameters
|
background |
Set background access category parameters
|
best-effort |
Set best-effort access category parameters
|
video |
Set video access category parameters
|
voice |
Set voice access category parameters
|
cwmin |
Set minimal contention window parameters
|
<number> |
Set contention window minimal value (Range: 1-15)
|
radio profile <string> wmm ac {background|best-effort|video|voice} noack
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
wmm |
Set Wi-Fi Multimedia parameters
|
ac |
Set Access Category parameters
|
background |
Set background access category parameters
|
best-effort |
Set best-effort access category parameters
|
video |
Set video access category parameters
|
voice |
Set voice access category parameters
|
noack |
Set no acknowledgments
|
radio profile <string> wmm ac {background|best-effort|video|voice} txoplimit <number>
|
radio |
Set radio profile parameters
|
profile |
Set radio profile parameters
|
<string> |
Enter a radio profile name (1-32 chars)
|
wmm |
Set Wi-Fi Multimedia parameters
|
ac |
Set Access Category parameters
|
background |
Set background access category parameters
|
best-effort |
Set best-effort access category parameters
|
video |
Set video access category parameters
|
voice |
Set voice access category parameters
|
txoplimit |
Set transmission opportunity limit parameters
|
<number> |
Set transmission opportunity limit value (Range: 0-8192; Note: Your input must be multiples of 32)
|
reboot
|
reboot |
Reboot the system
|
reboot date <date> time <time>
|
reboot |
Reboot the system
|
date |
Schedule the system to reboot at a specific date and time
|
<date> |
Enter the date when you want the system to reboot (Format: yyyy-mm-dd; Default: The current date provided by HiveOS)
|
time |
Set the time when you want the system to reboot
|
<time> |
Enter the time (Format: hh:mm:ss; Default: 00:00:00)
|
reboot offset <time>
|
reboot |
Reboot the system
|
offset |
Schedule the system to reboot at a time relative to the moment you enter the command
|
<time> |
Enter the length of time after which the system will reboot (Maximum: 24 hours from the time you enter the command; Format: hh:mm:ss; Default:00:00:00)
|
report statistic alarm-threshold client {tx-drop-rate|rx-drop-rate|tx-retry-rate|airtime-consumption} <number>
|
report |
Set the parameters for gathering traffic statistics and reporting them to HiveManager
|
statistic |
Set the periodic reporting of interface-level and client-level traffic statistics
|
alarm-threshold |
Set the alarm threshold for the CRC error rate, Tx/Rx drop rate, and Tx retry rate(Note: If the rate exceeds the threshold, the HiveAP sends an alarm to HiveManager.)
|
client |
Set the Tx/Rx drop rate, Tx retry rate, and airtime consumption alarm threshold of clients
|
tx-drop-rate |
Set the Tx drop rate alarm threshold for clients (Default: 40%)
|
rx-drop-rate |
Set the Rx drop rate alarm threshold for clients (Default: 40%)
|
tx-retry-rate |
Set the Tx retry rate alarm threshold for clients (Default: 40%)
|
airtime-consumption |
Set the airtime consumption (Tx airtime percentage + Rx airtime percentage) alarm threshold for clients (Default: 30%)
|
<number> |
Enter the alarm threshold (Range: 1-100)
|
report statistic alarm-threshold interface {crc-error-rate|tx-drop-rate|rx-drop-rate|tx-retry-rate|airtime-consumption} <number>
|
report |
Set the parameters for gathering traffic statistics and reporting them to HiveManager
|
statistic |
Set the periodic reporting of interface-level and client-level traffic statistics
|
alarm-threshold |
Set the alarm threshold for the CRC error rate, Tx/Rx drop rate, and Tx retry rate(Note: If the rate exceeds the threshold, the HiveAP sends an alarm to HiveManager.)
|
interface |
Set the CRC error rate, Tx/Rx drop rate, Tx retry rate, and airtime consumption alarm threshold of wifi interfaces
|
crc-error-rate |
Set CRC error rate alarm threshold for the wifi interfaces (Default: 30%)
|
tx-drop-rate |
Set the Tx drop rate alarm threshold for the wifi interfaces (Default: 40%)
|
rx-drop-rate |
Set the Rx drop rate alarm threshold for the wifi interfaces (Default: 40%)
|
tx-retry-rate |
Set the Tx retry rate alarm threshold for the wifi interfaces (Default: 40%)
|
airtime-consumption |
Set the airtime consumption (Tx airtime percentage + Rx airtime percentage) alarm threshold for the wifi interfaces (Default: 50%)
|
<number> |
Enter the alarm threshold (Range: 1-100)
|
report statistic enable
|
report |
Set the parameters for gathering traffic statistics and reporting them to HiveManager
|
statistic |
Set the periodic reporting of interface-level and client-level traffic statistics
|
enable |
Enable the creation of traffic statistics reports
|
report statistic period <number>
|
report |
Set the parameters for gathering traffic statistics and reporting them to HiveManager
|
statistic |
Set the periodic reporting of interface-level and client-level traffic statistics
|
period |
Set the time interval for gathering traffic statistics and calculating percentages
|
<number> |
Enter the time interval (Default: 10 minutes; Supported: 1, 5, 10, 30 or 60 minutes)
|
reset config [ {bootstrap} ]
|
reset |
Return the configuration to its default settings or the files in a web directory to the default file set
|
config |
Reset the configuration to the factory default settings and reboot
|
bootstrap |
Clear bootstrap configuration
|
reset web-directory [ <string> [ {save-to-flash} ] ]
|
reset |
Return the configuration to its default settings or the files in a web directory to the default file set
|
web-directory |
Reset the files in all web directories, in a specific directory, or in directories referenced by SSIDs to the default file set
|
<string> |
Enter the web directory name to reset files in the directory to the default file set (1-32 chars)
|
save-to-flash |
Save the default set of files in the specified directory to flash memory
|
reset web-directory all-running-ssid
|
reset |
Return the configuration to its default settings or the files in a web directory to the default file set
|
web-directory |
Reset the files in all web directories, in a specific directory, or in directories referenced by SSIDs to the default file set
|
all-running-ssid |
Reset the web directories for all SSIDs to the default file set
|
reset-button reset-config-enable
|
reset-button |
Enable the reset button on the AP chassis to reset the AP config
|
reset-config-enable |
Enable the reset button to reset the AP to its factory default settings or, if set, to a bootstrap config (Default: enabled)
|
roaming cache update-interval <number> ageout <number>
|
roaming |
Set roaming parameter
|
cache |
Set the interval between updates and the number of times to update station's roaming cache
|
update-interval |
Set the interval for sending roaming cache updates to neighbors
|
<number> |
Enter the roaming cache update interval in seconds (Default: 60; Range: 10-36000)
|
ageout |
Set how many times an entry must be absent from a neighbors updates before removing it from the roaming cache
|
<number> |
Enter the number of absences required to remove an entry (Default:60; Range: 1-1000)
|
roaming cache-broadcast neighbor-type access enable
|
roaming |
Set roaming parameter
|
cache-broadcast |
Set parameters for broadcasting roaming cache data to hive neighbors
|
neighbor-type |
Set the type of neighbor to which you want to broadcast roaming cache data
|
access |
Broadcast roaming cache data to hive neighbors discovered through wireless access links
|
enable |
Enable the broadcasting of roaming cache data to hive neighbors over wireless access links (Default: Enabled)
|
roaming cache-broadcast neighbor-type backhaul enable
|
roaming |
Set roaming parameter
|
cache-broadcast |
Set parameters for broadcasting roaming cache data to hive neighbors
|
neighbor-type |
Set the type of neighbor to which you want to broadcast roaming cache data
|
backhaul |
Broadcast roaming cache data to hive neighbors discovered through Ethernet and wireless backhaul links
|
enable |
Enable the broadcasting of roaming cache data to hive neighbors over backhaul links (Default: Enabled)
|
roaming hop <number>
|
roaming |
Set roaming parameter
|
hop |
Set the number of HiveAPs away from the source HiveAP to which it sends station authentication information
|
<number> |
Set roaming hop value (Defaule: 1, Range: 0-16)
|
roaming neighbor exclude ip <ip_addr>
|
roaming |
Set roaming parameter
|
neighbor |
Set which HiveAPs to include or exclude as neighbors (Maximum number of neighbors is 32) or roaming neighbor querying parameters
|
exclude |
Exclude dynamic roaming neighbor
|
ip |
Set IP address parameter for static roaming neighbor
|
<ip_addr> |
Enter IP address for static roaming neighbor
|
roaming neighbor include ip <ip_addr> <netmask>
|
roaming |
Set roaming parameter
|
neighbor |
Set which HiveAPs to include or exclude as neighbors (Maximum number of neighbors is 32) or roaming neighbor querying parameters
|
include |
Include dynamic roaming neighbor
|
ip |
Set IP address parameter for static roaming neighbor
|
<ip_addr> |
Enter IP address for static roaming neighbor
|
<netmask> |
Enter netmask for static roaming neighbor
|
roaming neighbor query-interval <number> query-times <number>
|
roaming |
Set roaming parameter
|
neighbor |
Set which HiveAPs to include or exclude as neighbors (Maximum number of neighbors is 32) or roaming neighbor querying parameters
|
query-interval |
Set roaming neighbor query interval
|
<number> |
Enter roaming neighbor query interval (Default: 10 secs; Min: 5; Max: 360000)
|
query-times |
Set roaming neighbor query times
|
<number> |
Enter roaming neighbor query times (Default: 5; Min: 2; Max: 1000)
|
roaming port <number>
|
roaming |
Set roaming parameter
|
port |
Set the port number that hive members use when sending roaming control data to each other
|
<number> |
Enter the port number for L3 roaming control traffic (Default: 3000; Range: 1500-65000; Note: The new setting must be at least 50 more or 50 less than the current setting.)
|
route <mac_addr> outgoing-interface <string> next-hop <mac_addr>
|
route |
Set a MAC address route
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
outgoing-interface |
Set outgoing interface
|
<string> |
Enter interface name
|
next-hop |
Set the MAC address of the next hop in the L2 forwarding route
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
save config <location> bootstrap
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
bootstrap |
Save a configuration to the bootstrap configuration
|
save config <location> current
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
current |
Save a configuration to the current configuration
|
save config <location> current <time> [ <date> ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
current |
Save a configuration to the current configuration
|
<time> |
Enter the time that you want the system to reboot (Format: hh:mm:ss)
|
<date> |
Enter the date that you want the system to reboot (Format: yyyy-mm-dd)
|
save config <location> current now
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
current |
Save a configuration to the current configuration
|
now |
Save the configuration and reboot the system immediately
|
save config <location> current offset <time>
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
current |
Save a configuration to the current configuration
|
offset |
Set a relative time for the system to reboot
|
<time> |
Schedule the system to reboot at a relative time (Maximum: 24 hours from the time you enter the command; Format: hh:mm:ss)
|
save config <url> bootstrap [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
bootstrap |
Save the config file for the HiveAP to use as its bootstrap configuration, which is the one it loads if it fails to load the current and backup config files or if you enter the 'reset config' command
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save config <url> current <time> [ <date> ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
current |
Save the config file for the HiveAP to use as its current configuration, which is the one it loads when booting u
|
<time> |
Enter the time that you want the system to reboot (Format: hh:mm:ss)
|
<date> |
Enter the date that you want the system to reboot (Format: yyyy-mm-dd)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save config <url> current [ {now} ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
current |
Save the config file for the HiveAP to use as its current configuration, which is the one it loads when booting u
|
now |
Save the configuration and reboot the system immediately
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save config <url> current offset <time> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
current |
Save the config file for the HiveAP to use as its current configuration, which is the one it loads when booting u
|
offset |
Set a relative time for the system to reboot
|
<time> |
Schedule the system to reboot at a relative time (Maximum: 24 hours from the time you enter the command; Format: hh:mm:ss)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save config [ running current ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
running |
Save a configuration from the running configuration
|
current |
Save a configuration to the current configuration
|
save config bootstrap <location>
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
bootstrap |
Save the bootstrap configuration to a remote server
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
save config current <location>
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
current |
Save the current configuration to a remote server or to the bootstrap config
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
save config current bootstrap
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
current |
Save the current configuration to a remote server or to the bootstrap config
|
bootstrap |
Save a configuration to the bootstrap configuration
|
save config running bootstrap
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
running |
Save a configuration from the running configuration
|
bootstrap |
Save a configuration to the bootstrap configuration
|
save config users [ bootstrap ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
users |
Save private PSK user accounts to the current or bootstrap configuration
|
bootstrap |
Save private PSK user accounts to the bootstrap configuration
|
save config {current|bootstrap} <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
config |
Save a configuration from the HiveAP to a remote server, from a remote server to the HiveAP, or from DRAM to flash as the current or bootstrap config
|
current |
Save the current configuration to a remote server or to the bootstrap config
|
bootstrap |
Save the bootstrap configuration to a remote server
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save dhcp-fingerprint {option55} <location>
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
dhcp-fingerprint |
Save a fingerprint file of DHCP options for client OS detection
|
option55 |
Save a fingerprint file of various parameter request lists mapped to client operating systems (Note: DHCP clients include unique lists in DHCP option 55 when sending DHCPDISCOVER messages. By comparing those lists with the fingerprints in the file, client operating systems can be detected.)
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
save dhcp-fingerprint {option55} <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
dhcp-fingerprint |
Save a fingerprint file of DHCP options for client OS detection
|
option55 |
Save a fingerprint file of various parameter request lists mapped to client operating systems (Note: DHCP clients include unique lists in DHCP option 55 when sending DHCPDISCOVER messages. By comparing those lists with the fingerprints in the file, client operating systems can be detected.)
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save image <location> <time> [ <date> ] [ limit <number> ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
image |
Save a HiveOS image to the HiveAP
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
<time> |
Enter the time that you want the system to reboot (Format: hh:mm:ss)
|
<date> |
Enter the date that you want the system to reboot (Format: yyyy-mm-dd)
|
limit |
Limit the amount of bandwidth used for uploading the image file
|
<number> |
Enter the bandwidth limit in Kbps (Range:10-1000000; Default: Maximum available bandwidth)
|
save image <location> [ {now} ] [ limit <number> ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
image |
Save a HiveOS image to the HiveAP
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
now |
Save the image and reboot the system immediately
|
limit |
Limit the amount of bandwidth used for uploading the image file
|
<number> |
Enter the bandwidth limit in Kbps (Range:10-1000000; Default: Maximum available bandwidth)
|
save image <location> offset <time> [ limit <number> ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
image |
Save a HiveOS image to the HiveAP
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
offset |
Set a relative time for the system to reboot
|
<time> |
Schedule the system to reboot at a relative time (Maximum: 24 hours from the time you enter the command; Format: hh:mm:ss)
|
limit |
Limit the amount of bandwidth used for uploading the image file
|
<number> |
Enter the bandwidth limit in Kbps (Range:10-1000000; Default: Maximum available bandwidth)
|
save image <url> <time> [ <date> ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
image |
Save a HiveOS image to the HiveAP
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
<time> |
Enter the time that you want the system to reboot (Format: hh:mm:ss)
|
<date> |
Enter the date that you want the system to reboot (Format: yyyy-mm-dd)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save image <url> [ {now} ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
image |
Save a HiveOS image to the HiveAP
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
now |
Save the image and reboot the system immediately
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save image <url> offset <time> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
image |
Save a HiveOS image to the HiveAP
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
offset |
Set a relative time for the system to reboot
|
<time> |
Schedule the system to reboot at a relative time (Maximum: 24 hours from the time you enter the command; Format: hh:mm:ss)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save radius-server-key radsec {cert|ca} <location>
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
radius-server-key |
Save certificate files for the local Aerohive RADIUS server to use
|
radsec |
Save certificates that the local Aerohive device uses when functioning as a RadSec proxy server (Note: A RadSec proxy server can forward RADIUS requests over a secure TLS tunnel between RadSec peers.)
|
cert |
Save an end-entity certificate for the Aerohive device to use when authenticating itself to a RadSec peer
|
ca |
Save a CA (certificate authority) certificate for the Aerohive device to verify the certificate of its RadSec peer
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
save radius-server-key radsec {cert|ca} <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
radius-server-key |
Save certificate files for the local Aerohive RADIUS server to use
|
radsec |
Save certificates that the local Aerohive device uses when functioning as a RadSec proxy server (Note: A RadSec proxy server can forward RADIUS requests over a secure TLS tunnel between RadSec peers.)
|
cert |
Save an end-entity certificate for the Aerohive device to use when authenticating itself to a RadSec peer
|
ca |
Save a CA (certificate authority) certificate for the Aerohive device to verify the certificate of its RadSec peer
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
admin |
Set the name that the local device uses to log in to the HTTP server
|
<string> |
Enter the login name (1-32 chars)
|
password |
Set the password to enter during the login process
|
<string> |
Enter the password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for connecting to an HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domain_name, ip_addr, domain_name:port, or ip_addr:port)
|
proxy-admin |
Set the name that the local device uses to log in to the HTTP proxy server
|
<string> |
Enter the login name (1-32 chars)
|
password |
Set the password to enter during the login process
|
<string> |
Enter the password (1-64 chars)
|
save radius-server-key {radius-server|ldap-client} <location>
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
radius-server-key |
Save certificate files for the local Aerohive RADIUS server to use
|
radius-server |
Save certificates that the local HiveAP uses when functioning as a RADIUS server
|
ldap-client |
Save certificates that the local HiveAP uses when functioning as an LDAP client
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
save radius-server-key {radius-server|ldap-client} <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
radius-server-key |
Save certificate files for the local Aerohive RADIUS server to use
|
radius-server |
Save certificates that the local HiveAP uses when functioning as a RADIUS server
|
ldap-client |
Save certificates that the local HiveAP uses when functioning as an LDAP client
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save server-files
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
server-files |
Save certificate and private key files used by the internal web and RADIUS servers and VPN from DRAM to flash memory for persistent storage after reboots (Note: For security reasons, these files are saved only in DRAM by default.)
|
save signature-file <location> [ limit <number> ]
|
save |
Save remote file
|
signature-file |
Remote image used for L7 application
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
limit |
Limit the amount of bandwidth used for uploading the image file
|
<number> |
Enter the bandwidth limit in Kbps (Range:10-1000000; Default: Maximum available bandwidth)
|
save signature-file <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
signature-file |
Remote image used for L7 application
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save users <location>
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
users |
Save private PSK (preshared key) configurations
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
save users <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
users |
Save private PSK (preshared key) configurations
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save vpn {ca-cert|ee-cert|private-key} <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
vpn |
Save a VPN certificate or private key file
|
ca-cert |
Save a CA (certificate authority) certificate for the HiveAP to verify its IKE peer's certificate
|
ee-cert |
Save an end-entity certificate for the HiveAP to use when authenticating itself to an IKE peer
|
private-key |
Save the private key for the HiveAP to use when creating its RSA signature
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save vpn {ee-cert|private-key|ca-cert} <location>
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
vpn |
Save a VPN certificate or private key file
|
ee-cert |
Save an end-entity certificate for the HiveAP to use when authenticating itself to an IKE peer
|
private-key |
Save the private key for the HiveAP to use when creating its RSA signature
|
ca-cert |
Save a CA (certificate authority) certificate for the HiveAP to verify its IKE peer's certificate
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
save web-page [ ppsk-self-reg ] web-directory <string> <location>
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
web-page |
Save a file for use with the internal web server
|
ppsk-self-reg |
Save a file to the private PSK self-registration web directory (Note: The HiveAP, as a private PSK server, uses these files to respond to self-registration requests.)
|
web-directory |
Save a file to a specific web directory
|
<string> |
Enter the web directory name
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
save web-page [ ppsk-self-reg ] web-directory <string> <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
web-page |
Save a file for use with the internal web server
|
ppsk-self-reg |
Save a file to the private PSK self-registration web directory (Note: The HiveAP, as a private PSK server, uses these files to respond to self-registration requests.)
|
web-directory |
Save a file to a specific web directory
|
<string> |
Enter the web directory name
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save web-server-key <number> <location> [ comment <string> ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
web-server-key |
Save certificate files for the internal web server to use
|
<number> |
Enter key file index for the internal web server (Range : 0-15)
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
comment |
Enter a comment
|
<string> |
Enter a comment (max 64 chars)
|
save web-server-key <number> <url> [ comment <string> ] [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
web-server-key |
Save certificate files for the internal web server to use
|
<number> |
Enter key file index for the internal web server (Range : 0-15)
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
comment |
Set a comment about the certificate file
|
<string> |
Enter the comment (1-64 chars)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
save {capture} local <string> <location>
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
capture |
Save a packet capture file stored locally to a remote server
|
local |
Save a locally stored packet capture file to a remote server
|
<string> |
Enter the file name to upload to a remote server
|
<location> |
Enter the protocol, SCP user name, location, path, file name, and SCP port number (Range: 1-256 chars; Default SCP port number: 22; Format: tftp://location:path/filename, scp://username@location:path/filename or scp://username@location:port:path/filename)
|
save {capture} local <string> <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
save |
Save a configuration, HiveOS image, RADIUS database, or files used by the internal web, RADIUS servers, or packet capture tool
|
capture |
Save a packet capture file stored locally to a remote server
|
local |
Save a locally stored packet capture file to a remote server
|
<string> |
Enter the file name to upload to a remote server
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
schedule <string> once <date> <time> to <date> <time> [ time-zone <number> ] [ comment <string> ]
|
schedule |
Set a schedule to control the application of user profiles and the availability of SSIDs
|
<string> |
Enter a schedule name (1-32 chars)
|
once |
Set a one-time schedule
|
<date> |
Enter a start date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
|
<time> |
Enter a start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
to |
Set a date and time range
|
<date> |
Enter an end date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
|
<time> |
Enter an end time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
time-zone |
Set the time zone for the schedule (Note: If you do not specify a time zone, the time zone for the local system will be used.)
|
<number> |
Enter the time zone for the schedule (Default: 0; Range: -12 to 12)
|
comment |
Write a comment about the schedule for future reference
|
<string> |
Enter a comment about the schedule (max 128 chars)
|
schedule <string> ppsk once <date> <time> to <date> <time> [ time-zone <number> ] [ comment <string> ]
|
schedule |
Set a schedule to control the application of user profiles and the availability of SSIDs
|
<string> |
Enter a schedule name (1-32 chars)
|
ppsk |
Set a schedule to determine the validity period for the private PSK users to which the schedule is applied
|
once |
Set a one-time schedule
|
<date> |
Enter a start date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
|
<time> |
Enter a start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
to |
Set a date and time range
|
<date> |
Enter an end date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
|
<time> |
Enter an end time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
time-zone |
Set the time zone for the schedule (Note: If you do not specify a time zone, the time zone for the local system will be used.)
|
<number> |
Enter the time zone for the schedule (Default: 0; Range: -12 to 12)
|
comment |
Write a comment about the schedule for future reference
|
<string> |
Enter a comment about the schedule (max 128 chars)
|
schedule <string> ppsk recurrent [ date-range <date> [ to <date> ] ] [ weekday <string> ] time-range <time> to <time> [ time-range <time> to <time> ] [ time-zone <number> ] [ comment <string> ]
|
schedule |
Set a schedule to control the application of user profiles and the availability of SSIDs
|
<string> |
Enter a schedule name (1-32 chars)
|
ppsk |
Set a schedule to determine the validity period for the private PSK users to which the schedule is applied
|
recurrent |
Set a recurrent schedule
|
date-range |
Set dates to mark the start and end of the schedule (If you do not want to set start and end dates, do not use this option.)
|
<date> |
Enter a start date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
|
to |
Set a date range (If you do not want to set an end date, do not use this option.)
|
<date> |
Enter a end date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
|
weekday |
Set the weekdays during which private PSK users are valid
|
<string> |
Enter one or more numbers to indicate which days the schedule is applied (1=Sunday, 2=Monday, ... 7=Saturday; Examples: 246=Monday, Wednesday, Friday; 23456=Monday-Friday; 1234567=everyday)
|
time-range |
Set a time range during which the schedule will be applied on each scheduled day
|
<time> |
Enter a start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
to |
Set a time range
|
<time> |
Enter a end time for the schedule,(Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
time-range |
Set a second time range for the schedule
|
<time> |
Enter a second start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
to |
Set a time range
|
<time> |
Enter a second end time for the schedule,(Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
time-zone |
Set the time zone for the schedule (Note: If you do not specify a time zone, the time zone for the local system will be used.)
|
<number> |
Enter the time zone for the schedule (Default: 0; Range: -12 to 12)
|
comment |
Write a comment about the schedule for future reference
|
<string> |
Enter a comment about the schedule (max 128 chars)
|
schedule <string> recurrent [ date-range <date> [ to <date> ] ] [ weekday-range {Monday|Tuesday|Wednesday|Thursday|Friday|Saturday|Sunday} [ to {Monday|Tuesday|Wednesday|Thursday|Friday|Saturday|Sunday} ] ] time-range <time> to <time> [ time-range <time> to <time> ] [ time-zone <number> ] [ comment <string> ]
|
schedule |
Set a schedule to control the application of user profiles and the availability of SSIDs
|
<string> |
Enter a schedule name (1-32 chars)
|
recurrent |
Set a recurrent schedule
|
date-range |
Set dates to mark the start and end of the schedule (If you do not want to set start and end dates, do not use this option.)
|
<date> |
Enter a start date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
|
to |
Set a date range (If you do not want to set an end date, do not use this option.)
|
<date> |
Enter a end date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
|
weekday-range |
Apply the schedule on specific days of the week (To apply the schedule everyday, do not use this option.)
|
Monday |
Apply the schedule on every Monday within the date range
|
Tuesday |
Apply the schedule on every Tuesday within the date range
|
Wednesday |
Apply the schedule on every Wednesday within the date range
|
Thursday |
Apply the schedule on every Thursday within the date range
|
Friday |
Apply the schedule on every Friday within the date range
|
Saturday |
Apply the schedule on every Saturday within the date range
|
Sunday |
Apply the schedule on every Sunday within the date range
|
to |
Set a range of weekdays during which the schedule will be applied (Example: monday to friday)
|
Monday |
Apply the schedule on every Monday within the date range
|
Tuesday |
Apply the schedule on every Tuesday within the date range
|
Wednesday |
Apply the schedule on every Wednesday within the date range
|
Thursday |
Apply the schedule on every Thursday within the date range
|
Friday |
Apply the schedule on every Friday within the date range
|
Saturday |
Apply the schedule on every Saturday within the date range
|
Sunday |
Apply the schedule on every Sunday within the date range
|
time-range |
Set a time range during which the schedule will be applied on each scheduled day
|
<time> |
Enter a start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
to |
Set a time range
|
<time> |
Enter a end time for the schedule,(Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
time-range |
Set a second time range for the schedule
|
<time> |
Enter a second start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
to |
Set a time range
|
<time> |
Enter a second end time for the schedule,(Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
time-zone |
Set the time zone for the schedule (Note: If you do not specify a time zone, the time zone for the local system will be used.)
|
<number> |
Enter the time zone for the schedule (Default: 0; Range: -12 to 12)
|
comment |
Write a comment about the schedule for future reference
|
<string> |
Enter a comment about the schedule (max 128 chars)
|
security mac-filter <string> address <mac_addr> {permit|deny} [ comment <string> ]
|
security |
Set the security parameters
|
mac-filter |
Set a filter for MAC addresses or OUIs (organizationally unique identifiers)
|
<string> |
Enter the filter name for MAC addresses or OUIs (1-32 chars)
|
address |
Set MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
permit |
Set the action of the specified MAC to permit
|
deny |
Set the action of the specified MAC to deny
|
comment |
Enter a comment
|
<string> |
Enter a comment (max 64 chars)
|
security mac-filter <string> default {permit|deny}
|
security |
Set the security parameters
|
mac-filter |
Set a filter for MAC addresses or OUIs (organizationally unique identifiers)
|
<string> |
Enter the filter name for MAC addresses or OUIs (1-32 chars)
|
default |
Set MAC-filter default action
|
permit |
Set MAC-filter default action to permit (Default: permit)
|
deny |
Set MAC-filter default action to deny (Default: permit)
|
security mac-filter <string> oui <oui> {permit|deny} [ comment <string> ]
|
security |
Set the security parameters
|
mac-filter |
Set a filter for MAC addresses or OUIs (organizationally unique identifiers)
|
<string> |
Enter the filter name for MAC addresses or OUIs (1-32 chars)
|
oui |
Set the OUI used to identify a vendor
|
<oui> |
Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
|
permit |
Set the action of the specified OUI to permit
|
deny |
Set the action of the specified OUI to deny
|
comment |
Enter a comment
|
<string> |
Enter a comment (max 64 chars)
|
security wlan-idp profile <string>
|
security |
Set the security parameters
|
wlan-idp |
Set WLAN IDP (intrusion detection and prevention) parameters
|
profile |
Set an IDP profile
|
<string> |
Enter an IDP profile name (1-32 chars)
|
security wlan-idp profile <string> adhoc
|
security |
Set the security parameters
|
wlan-idp |
Set WLAN IDP (intrusion detection and prevention) parameters
|
profile |
Set an IDP profile
|
<string> |
Enter an IDP profile name (1-32 chars)
|
adhoc |
Detect adhoc networks
|
security wlan-idp profile <string> ap-detection client-mac-in-net
|
security |
Set the security parameters
|
wlan-idp |
Set WLAN IDP (intrusion detection and prevention) parameters
|
profile |
Set an IDP profile
|
<string> |
Enter an IDP profile name (1-32 chars)
|
ap-detection |
Set attributes to note when detecting APs
|
client-mac-in-net |
Determine that a detected rogue AP is in the same backhaul network as the local device if any of its client MAC addresses appear in the MAC learning table
|
security wlan-idp profile <string> ap-detection connected
|
security |
Set the security parameters
|
wlan-idp |
Set WLAN IDP (intrusion detection and prevention) parameters
|
profile |
Set an IDP profile
|
<string> |
Enter an IDP profile name (1-32 chars)
|
ap-detection |
Set attributes to note when detecting APs
|
connected |
Determine that a rogue AP is in the same backhaul network as the local device if any MAC address within a 64-address range of the BSSID used by the detected rogue AP appears in the MAC learning table
|
security wlan-idp profile <string> ap-policy
|
security |
Set the security parameters
|
wlan-idp |
Set WLAN IDP (intrusion detection and prevention) parameters
|
profile |
Set an IDP profile
|
<string> |
Enter an IDP profile name (1-32 chars)
|
ap-policy |
Set an AP policy for the IDP profile
|
security wlan-idp profile <string> ap-policy ap-oui
|
security |
Set the security parameters
|
wlan-idp |
Set WLAN IDP (intrusion detection and prevention) parameters
|
profile |
Set an IDP profile
|
<string> |
Enter an IDP profile name (1-32 chars)
|
ap-policy |
Set an AP policy for the IDP profile
|
ap-oui |
Categorize neighboring APs as compliant by OUI (organizationally unique identifier)
|
security wlan-idp profile <string> ap-policy ap-oui entry <oui>
|
security |
Set the security parameters
|
wlan-idp |
Set WLAN IDP (intrusion detection and prevention) parameters
|
profile |
Set an IDP profile
|
<string> |
Enter an IDP profile name (1-32 chars)
|
ap-policy |
Set an AP policy for the IDP profile
|
ap-oui |
Categorize neighboring APs as compliant by OUI (organizationally unique identifier)
|
entry |
Add an OUI entry
|
<oui> |
Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
|
security wlan-idp profile <string> ap-policy short-beacon
|
security |
Set the security parameters
|
wlan-idp |
Set WLAN IDP (intrusion detection and prevention) parameters
|
profile |
Set an IDP profile
|
<string> |
Enter an IDP profile name (1-32 chars)
|
ap-policy |
Set an AP policy for the IDP profile
|
short-beacon |
Categorize neighboring APs as non-compliant if their beacon transmissions are at shorter intervals than stated in their beacon frames
|
security wlan-idp profile <string> ap-policy short-preamble
|
security |
Set the security parameters
|
wlan-idp |
Set WLAN IDP (intrusion detection and prevention) parameters
|
profile |
Set an IDP profile
|
<string> |
Enter an IDP profile name (1-32 chars)
|
ap-policy |
Set an AP policy for the IDP profile
|
short-preamble |
Categorize neighboring APs as compliant if they use short preambles
|
security wlan-idp profile <string> ap-policy ssid
|
security |
Set the security parameters
|
wlan-idp |
Set WLAN IDP (intrusion detection and prevention) parameters
|
profile |
Set an IDP profile
|
<string> |
Enter an IDP profile name (1-32 chars)
|
ap-policy |
Set an AP policy for the IDP profile
|
ssid |
Categorize neighboring APs as compliant by SSID (service set identifier)
|
security wlan-idp profile <string> ap-policy ssid entry <string>
|
security |
Set the security parameters
|
wlan-idp |
Set WLAN IDP (intrusion detection and prevention) parameters
|
profile |
Set an IDP profile
|
<string> |
Enter an IDP profile name (1-32 chars)
|
ap-policy |
Set an AP policy for the IDP profile
|
ssid |
Categorize neighboring APs as compliant by SSID (service set identifier)
|
entry |
Add an SSID entry
|
<string> |
Enter an SSID name
|
security wlan-idp profile <string> ap-policy ssid entry <string> encryption
|
security |
Set the security parameters
|
wlan-idp |
Set WLAN IDP (intrusion detection and prevention) parameters
|
profile |
Set an IDP profile
|
<string> |
Enter an IDP profile name (1-32 chars)
|
ap-policy |
Set an AP policy for the IDP profile
|
ssid |
Categorize neighboring APs as compliant by SSID (service set identifier)
|
entry |
Add an SSID entry
|
<string> |
Enter an SSID name
|
encryption |
Set approved encryption types for the SSID
|
security wlan-idp profile <string> ap-policy ssid entry <string> encryption {open|wep|wpa}
|
security |
Set the security parameters
|
wlan-idp |
Set WLAN IDP (intrusion detection and prevention) parameters
|
profile |
Set an IDP profile
|
<string> |
Enter an IDP profile name (1-32 chars)
|
ap-policy |
Set an AP policy for the IDP profile
|
ssid |
Categorize neighboring APs as compliant by SSID (service set identifier)
|
entry |
Add an SSID entry
|
<string> |
Enter an SSID name
|
encryption |
Set approved encryption types for the SSID
|
open |
Categorize a neighboring AP as compliant if its SSID uses open (Default: open)
|
wep |
Categorize a neighboring AP as compliant if its SSID uses wep (Default: open)
|
wpa |
Categorize a neighboring AP as compliant if its SSID uses wpa (Default: open)
|
security wlan-idp profile <string> ap-policy wmm
|
security |
Set the security parameters
|
wlan-idp |
Set WLAN IDP (intrusion detection and prevention) parameters
|
profile |
Set an IDP profile
|
<string> |
Enter an IDP profile name (1-32 chars)
|
ap-policy |
Set an AP policy for the IDP profile
|
wmm |
Categorize neighboring APs as compliant if they apply WMM (Wi-Fi Multimedia) classifications
|
security wlan-idp profile <string> mitigate deauth-time <number>
|
security |
Set the security parameters
|
wlan-idp |
Set WLAN IDP (intrusion detection and prevention) parameters
|
profile |
Set an IDP profile
|
<string> |
Enter an IDP profile name (1-32 chars)
|
mitigate |
Set rogue AP and client mitigation parameters for the IDP profile
|
deauth-time |
Set the number of consecutive periods that the HiveAP sends deauth frames to mitigate clients of a rogue AP after detecting client activity
|
<number> |
Enter the number of consecutive rogue AP and client mitigation periods (Default: 60; Range: 0-2592000; 0 means to send deauth frames for the entire mitigation duration)
|
security wlan-idp profile <string> mitigate duration <number> quiet-time <number>
|
security |
Set the security parameters
|
wlan-idp |
Set WLAN IDP (intrusion detection and prevention) parameters
|
profile |
Set an IDP profile
|
<string> |
Enter an IDP profile name (1-32 chars)
|
mitigate |
Set rogue AP and client mitigation parameters for the IDP profile
|
duration |
Set the overall duration for detecting clients of a rogue AP and performing deauth DoS attacks against the AP and its clients
|
<number> |
Enter the duration in seconds (Default: 14400 secs; Range: 0 or 60-2592000; 0 secs means infinite)
|
quiet-time |
Set the period of time after which the mitigation process stops if no clients are connected to the rogue AP
|
<number> |
Enter the quiet time in seconds (Default: 3600 secs; Range: 0 or 60-2592000; 0 means that the quiet time is the same length as the mitigation duration)
|
security wlan-idp profile <string> mitigate period <number>
|
security |
Set the security parameters
|
wlan-idp |
Set WLAN IDP (intrusion detection and prevention) parameters
|
profile |
Set an IDP profile
|
<string> |
Enter an IDP profile name (1-32 chars)
|
mitigate |
Set rogue AP and client mitigation parameters for the IDP profile
|
period |
Set the interval to check periodically for clients of a rogue AP and--if found--send deauth DoS attacks against the AP and clients
|
<number> |
Enter the period in seconds (Default: 1 secs; Range: 1-600)
|
security wlan-idp profile <string> sta-report
|
security |
Set the security parameters
|
wlan-idp |
Set WLAN IDP (intrusion detection and prevention) parameters
|
profile |
Set an IDP profile
|
<string> |
Enter an IDP profile name (1-32 chars)
|
sta-report |
Set rogue client report parameters for the IDP profile (Default: Disabled)
|
security wlan-idp profile <string> sta-report age-time <number>
|
security |
Set the security parameters
|
wlan-idp |
Set WLAN IDP (intrusion detection and prevention) parameters
|
profile |
Set an IDP profile
|
<string> |
Enter an IDP profile name (1-32 chars)
|
sta-report |
Set rogue client report parameters for the IDP profile (Default: Disabled)
|
age-time |
Set age time a rogue client must be disconnected from a rogue AP before removing it from the report
|
<number> |
Enter the age time in seconds (Default: 3600 secs; Range: 60-86400)
|
security-object <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security-object <string> default-user-profile-attr <number>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
default-user-profile-attr |
Set the attribute of the user profile to apply to user traffic by default
|
<number> |
Enter the default user profile attribute for the security object (Default: 0; Range: 0-4095)
|
security-object <string> dhcp-server lease-time <number>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
dhcp-server |
Set DHCP-server parameters
|
lease-time |
Set the lease time
|
<number> |
Enter the lease time in seconds (Default: 10; Range: 5-36000)
|
security-object <string> dhcp-server renewal-response {renew-nak-unicast|keep-silent}
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
dhcp-server |
Set DHCP-server parameters
|
renewal-response |
Set the response to a DHCP lease renewal request for a nonexistent lease
|
renew-nak-unicast |
Respond to a DHCP lease renewal request for a nonexistent lease with a unicast DHCP-NAK message (Default: Broadcast a DHCP-NAK message)
|
keep-silent |
Do not respond to a DHCP lease renewal request for a nonexistent lease (Default: Broadcast a DHCP-NAK message)
|
security-object <string> mobile-device-policy <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
mobile-device-policy |
Set a policy that assigns a user profile to traffic from a client based on the originally assigned user profile and the MAC OUI, domain, and OS of the user's client
|
<string> |
Enter a mobile device policy name (1-32 chars)
|
security-object <string> ppsk-web-server auth-user
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
ppsk-web-server |
Set parameters for redirecting HTTP or HTTPS traffic to the HiveAP hosting a private PSK web server
|
auth-user |
Send credentials submitted by users during private PSK self-registration to a RADIUS server for authentication before issuing private PSKs to them
|
security-object <string> ppsk-web-server bind-to-ppsk-ssid <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
ppsk-web-server |
Set parameters for redirecting HTTP or HTTPS traffic to the HiveAP hosting a private PSK web server
|
bind-to-ppsk-ssid |
Bind the SSID referencing this security object, which must be set with open authentication and an external captive web portal, to an SSID using private PSKs so the PSKs can be assigned to users automatically
|
<string> |
Enter the name of the SSID using private PSK authentication (1-32 chars)
|
security-object <string> ppsk-web-server https
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
ppsk-web-server |
Set parameters for redirecting HTTP or HTTPS traffic to the HiveAP hosting a private PSK web server
|
https |
Use HTTPS for redirection from the private PSK authenticator to the private PSK server (Default: HTTP)
|
security-object <string> ppsk-web-server login-page <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
ppsk-web-server |
Set parameters for redirecting HTTP or HTTPS traffic to the HiveAP hosting a private PSK web server
|
login-page |
Specify the .cgi file on the private PSK web server through which the user registers (Default: ppsk-index.cgi)
|
<string> |
Enter the .cgi file name for the registration page (1-32 chars; Note: The file name cannot be index.cgi.)
|
security-object <string> ppsk-web-server login-script <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
ppsk-web-server |
Set parameters for redirecting HTTP or HTTPS traffic to the HiveAP hosting a private PSK web server
|
login-script |
Specify the .cgi file that the private PSK web server uses for processing user registration requests (Default: ppsk-login.cgi)
|
<string> |
Enter the script name (1-32 chars)
|
security-object <string> ppsk-web-server web-directory <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
ppsk-web-server |
Set parameters for redirecting HTTP or HTTPS traffic to the HiveAP hosting a private PSK web server
|
web-directory |
Set the name of the web directory containing the login page and script files that the private PSK web server uses
|
<string> |
Enter the web directory name (1-32 chars)
|
security-object <string> security aaa radius-server account-interim-interval <number>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
account-interim-interval |
Set the interval in seconds for sending RADIUS accounting updates
|
<number> |
Enter the interval in seconds for sending RADIUS accounting updates (Default: 20 secs; Range: 10-100000000)
|
security-object <string> security aaa radius-server accounting {primary|backup1|backup2|backup3} <ip_addr|string> [ shared-secret <string> ] [ acct-port <number> ] [ via-vpn-tunnel ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
accounting |
Set parameters for a RADIUS accounting server
|
primary |
Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets first
|
backup1 |
Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the primary server does not respond
|
backup2 |
Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the backup1 server does not respond
|
backup3 |
Set the RADIUS accounting server to which the HiveAP sends Accounting-Request packets if the backup2 server does not respond
|
<ip_addr> |
Enter the IP address or domain name for the RADIUS accounting server (max 32 chars)
|
<string> |
Enter the IP address or domain name for the RADIUS accounting server (max 32 chars)
|
shared-secret |
Set the shared secret for securing communications with RADIUS accounting servers
|
<string> |
Enter the shared secret (1-64 chars)
|
acct-port |
Set the RADIUS accounting port number
|
<number> |
Enter the RADIUS accounting port number (Default: 1813; Range: 1-65535)
|
via-vpn-tunnel |
Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when the RADIUS server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
|
security-object <string> security aaa radius-server dynamic-auth-extension
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
dynamic-auth-extension |
Enable the HiveAP acting as a NAS to accept unsolicited messages from the RADIUS authentication server (Default: Disabled)
|
security-object <string> security aaa radius-server idm
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
idm |
Set ID Manager as RADIUS server
|
security-object <string> security aaa radius-server inject Operator-Name
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
inject |
Set injection parameters for RADIUS Access-Request and Accounting-Request packets
|
Operator-Name |
Set the operator name of the RADIUS Access-Request and Accounting-Request packets (Note: The operator name contains the operator namespace ID and the operator name. The operator name is combined with the namespace ID to uniquely identify the owner of the access network.)
|
security-object <string> security aaa radius-server retry-interval <number>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
retry-interval |
Set RADIUS server retry interval
|
<number> |
Enter RADIUS server retry interval (Default: 600 secs; Range: 60-100000000)
|
security-object <string> security aaa radius-server {primary|backup1|backup2|backup3} <ip_addr|string> [ shared-secret <string> ] [ auth-port <number> ] [ acct-port <number> ] [ via-vpn-tunnel ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Set parameters for a RADIUS (Remote Authentication Dial In User Service) server
|
primary |
Set the RADIUS server that is first queried when authenticating users
|
backup1 |
Set the RADIUS server that is queried if the primary server stops responding
|
backup2 |
Set the RADIUS server that is queried if the backup1 server stops responding
|
backup3 |
Set the RADIUS server that is queried if the backup2 server stops responding
|
<ip_addr> |
Enter an IP address or a domain name for the RADIUS server (max 32 chars)
|
<string> |
Enter an IP address or a domain name for the RADIUS server (max 32 chars)
|
shared-secret |
Set the shared secret for authenticating communications with a RADIUS server
|
<string> |
Enter the shared secret for authenticating communications with a RADIUS server (1-64 chars)
|
auth-port |
Set the RADIUS authentication port number
|
<number> |
Enter the RADIUS authentication port number (Default: 1812; Range: 1-65535)
|
acct-port |
Set the RADIUS accounting port number
|
<number> |
Enter the RADIUS accounting port number (Default: 0; Range: 0-65535)
|
via-vpn-tunnel |
Send all RADIUS traffic through a VPN tunnel (Note: Set this option on VPN clients when the RADIUS server is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
|
security-object <string> security aaa user-profile-mapping attribute-id <number>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
user-profile-mapping |
Map an attribute value returned in RADIUS-Accept messages to a user profile attribute
|
attribute-id |
Set an ID for a RADIUS attribute that contains the text that maps to the user profile (Default: 11; Note: Attribute ID 11 corresponds to the Filter-ID RADIUS attribute.)
|
<number> |
Enter the RADIUS attribute ID number (Range: 1-255)
|
security-object <string> security aaa user-profile-mapping enable
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
user-profile-mapping |
Map an attribute value returned in RADIUS-Accept messages to a user profile attribute
|
enable |
Enable the mapping of attribute values to user profile attributes (Default: Disabled)
|
security-object <string> security aaa user-profile-mapping vendor-id <number> attribute-id <number>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
aaa |
Set parameters for AAA (authentication, authorization, accounting)
|
user-profile-mapping |
Map an attribute value returned in RADIUS-Accept messages to a user profile attribute
|
vendor-id |
Set a vendor ID RADIUS attribute
|
<number> |
Enter the vendor ID number (Range: 1-65535)
|
attribute-id |
Set an ID for a private RADIUS attribute
|
<number> |
Enter the private RADIUS attribute ID number to be combined with the vendor ID number (Range: 1-255)
|
security-object <string> security additional-auth-method captive-web-portal [ reg-user-profile-attr <number> ] [ auth-user-profile-attr <number> ] [ timeout <number> ] [ timer-display ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
reg-user-profile-attr |
Set the registered user profile attribute
|
<number> |
Enter the registered user profile attribute (Default: 0; Range: 0-4095)
|
auth-user-profile-attr |
Set the default authenticated user profile
|
<number> |
Enter the default authenticated user profile (Default: 0; Range: 0-4095)
|
timeout |
Set the default timeout for a registered user's session (Note: A timeout provided by an external authentication server overrides this setting.)
|
<number> |
Enter the timeout in minutes (Default: 720 mins; Range: 1-120960)
|
timer-display |
Enable timer-display windows to communicate login and session information
|
security-object <string> security additional-auth-method captive-web-portal anonymous-access
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
anonymous-access |
Enable anonymous access which will indicate users to read and accept the network use policy and apply a time and data usage limit to the client (Default: Disabled)
|
security-object <string> security additional-auth-method captive-web-portal auth-method [ {pap|chap|ms-chap-v2} ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
auth-method |
Set the CWP (captive web portal) user authentication method
|
pap |
Set PAP (Password Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
|
chap |
Set CHAP (Challenge-Handshake Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
|
ms-chap-v2 |
Set MS-CHAP-v2 (Microsoft CHAP Version 2) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
|
security-object <string> security additional-auth-method captive-web-portal check-use-policy
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
check-use-policy |
Check if users select the check box on the login page to indicate they have read and accepted the network use policy (Note: This option only applies to captive web portals that require user authentication and use policy acceptance.)
|
security-object <string> security additional-auth-method captive-web-portal cloud-cwp api-key <string> api-nonce <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
cloud-cwp |
Set a cloud captive web portal for additional user authentication or registration
|
api-key |
Set the API key used to encrypt traffic between the Aerohive device and the cloud services
|
<string> |
Enter the API key (16 chars)
|
api-nonce |
Set the API nonce
|
<string> |
Enter the API nonce (1-64 chars)
|
security-object <string> security additional-auth-method captive-web-portal cloud-cwp customer-id <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
cloud-cwp |
Set a cloud captive web portal for additional user authentication or registration
|
customer-id |
Set customer ID for cloud captive web portal
|
<string> |
Enter the customer ID (1-16 chars)
|
security-object <string> security additional-auth-method captive-web-portal cloud-cwp enable
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
cloud-cwp |
Set a cloud captive web portal for additional user authentication or registration
|
enable |
Enable cloud captive web portal
|
security-object <string> security additional-auth-method captive-web-portal cloud-cwp service-id <number>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
cloud-cwp |
Set a cloud captive web portal for additional user authentication or registration
|
service-id |
Set the service ID for cloud captive web portal
|
<number> |
Enter service ID number(Range: 1-255)
|
security-object <string> security additional-auth-method captive-web-portal cloud-cwp url-root-path <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
cloud-cwp |
Set a cloud captive web portal for additional user authentication or registration
|
url-root-path |
Set the root URL path to register CWP portal service
|
<string> |
Enter the HTTP protocol, remote server domain name, port, directory path(Range: 1-256 chars, Format: https://domain/path)
|
security-object <string> security additional-auth-method captive-web-portal default-language {chinese-simple|chinese-traditional|dutch|english|french|german|italian|korean|spanish}
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
default-language |
Set the default language for the captive web portal web pages
|
chinese-simple |
Set Simple Chinese as the default language
|
chinese-traditional |
Set Traditional Chinese as the default language
|
dutch |
Set Dutch as the default language
|
english |
Set English as the default language
|
french |
Set French as default language
|
german |
Set German as the default language
|
italian |
Set Italian as the default language
|
korean |
Set Korean as the default language
|
spanish |
Set Spanish as the default language
|
security-object <string> security additional-auth-method captive-web-portal external-server {primary} login-page <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
external-server |
Set parameters for the primary or backup external captive web portal server
|
primary |
Set parameters for the primary external captive web portal server
|
login-page |
Set the login page to which the HiveAP redirects traffic from unregistered users
|
<string> |
Enter the login page URL (1-256 chars; Format: http:///.php/; Example: http://10.1.1.20/weblogin.php/5)
|
security-object <string> security additional-auth-method captive-web-portal external-server {primary} password-encryption uam-basic
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
external-server |
Set parameters for the primary or backup external captive web portal server
|
primary |
Set parameters for the primary external captive web portal server
|
password-encryption |
Set the method for encrypting the user password that the HiveAP forwards to the RADIUS server
|
uam-basic |
Set the encryption method as UAM (User Authentication Module)-Basic (Note: The HiveAP uses XOR to recover the password encrypted by the external CWP and sends it to the RADIUS server. PAP, CHAP, or MSCHAPv2 can be used. Default: No encryption)
|
security-object <string> security additional-auth-method captive-web-portal external-server {primary} password-encryption uam-shared <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
external-server |
Set parameters for the primary or backup external captive web portal server
|
primary |
Set parameters for the primary external captive web portal server
|
password-encryption |
Set the method for encrypting the user password that the HiveAP forwards to the RADIUS server
|
uam-shared |
Set the encryption method as UAM-Shared (Note: The HiveAP sends the user password encrypted by the external CWP and the means for the RADIUS server to perform the same operation and validate the user's password by comparing results. CHAP must be used. Default: No encryption)
|
<string> |
Enter the shared secret (1-128 chars)
|
security-object <string> security additional-auth-method captive-web-portal external-server {primary} {success-register|no-roaming-at-login|no-radius-auth}
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
external-server |
Set parameters for the primary or backup external captive web portal server
|
primary |
Set parameters for the primary external captive web portal server
|
success-register |
Permit network access without first disconnecting the client after it registers on the external captive web portal (Default: Permit network access only after an initial client disconnection)
|
no-roaming-at-login |
Disable roaming support for clients while they log in (Default: Enabled)
|
no-radius-auth |
Disable RADIUS authentication when the external captive web portal returns an attribute indicating that the user has already been authenticated
|
security-object <string> security additional-auth-method captive-web-portal failure-redirect external-page <string> [ delay <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
failure-redirect |
Set options for the page shown to a user after an unsuccessful registration attempt
|
external-page |
Display a page stored on an external web server that indicates the login attempt was unsuccessful
|
<string> |
Enter the URL for the page on the external web server (1-256 chars; Format: http:///.html or https: ///.html)
|
delay |
Set the length of time to display a message that the registration succeeded before redirecting the user to an external web page
|
<number> |
Enter the length of time in seconds that the HiveAP displays the message (Default: 5; Range: 5-60)
|
security-object <string> security additional-auth-method captive-web-portal failure-redirect login-page [ delay <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
failure-redirect |
Set options for the page shown to a user after an unsuccessful registration attempt
|
login-page |
Display the login page again
|
delay |
Set the length of time to display a message that the registration succeeded before redirecting the user to an external web page
|
<number> |
Enter the length of time that the HiveAP displays the message (Default: 5 seconds; Range: 5-60 seconds)
|
security-object <string> security additional-auth-method captive-web-portal internal-pages {no-success-page|no-failure-page}
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
internal-pages |
Set options for showing pages stored internally on the HiveAP
|
no-success-page |
Do not display the success page stored on the HiveAP when a registration attempt is successful (Default: Display)
|
no-failure-page |
Do not display the failure page stored on the HiveAP when a registration attempt is unsuccessful (Default: Display)
|
security-object <string> security additional-auth-method captive-web-portal internal-servers
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
internal-servers |
Enable internal servers to process unregistered users' DHCP and DNS traffic
|
security-object <string> security additional-auth-method captive-web-portal login-page-method http302
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
login-page-method |
Set the method to redirect the user to the login page
|
http302 |
Use HTTP 302 redirect code as the redirection method (Default: JavaScript)
|
security-object <string> security additional-auth-method captive-web-portal pass-through vlan <number>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
pass-through |
Set the captive web portal to pass DHCP, DNS, and ICMP traffic from unregistered users to external servers
|
vlan |
Set the VLAN ID to assign users before and after registration (Note: This setting overrides any VLAN ID set locally or received from a RADIUS server.)
|
<number> |
Enter a CWP VLAN ID (Range: 1-4094)
|
security-object <string> security additional-auth-method captive-web-portal process-sip-info
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
process-sip-info |
Enable the captive web portal to process library SIP information (Default: Enabled)
|
security-object <string> security additional-auth-method captive-web-portal process-sip-info block-redirect <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
process-sip-info |
Enable the captive web portal to process library SIP information (Default: Enabled)
|
block-redirect |
Set the page that appears when a library patron logs in but is denied network access because of overdue fines
|
<string> |
Enter the URL for the page to which the patron is redirected to submit payment (Max 256 chars; Format: http:///.html or https: ///.html)
|
security-object <string> security additional-auth-method captive-web-portal report-guest-info
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
report-guest-info |
Enable the reporting to HiveManager of information that guests enter during registration, such as their first and last names, email address, the person they are visiting, and so on (Default: Disabled)
|
security-object <string> security additional-auth-method captive-web-portal self-reg-via-idm
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
self-reg-via-idm |
Enable self register via ID Mananger (Default: Disabled)
|
security-object <string> security additional-auth-method captive-web-portal self-reg-via-idm api <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
self-reg-via-idm |
Enable self register via ID Mananger (Default: Disabled)
|
api |
Set the URL of the API for register via ID Mananger
|
<string> |
Enter the URL of API (1-256 chars)
|
security-object <string> security additional-auth-method captive-web-portal self-reg-via-idm crl-file <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
self-reg-via-idm |
Enable self register via ID Mananger (Default: Disabled)
|
crl-file |
Set the URL of the CRL file for validate the ID Manager server certificate
|
<string> |
Enter the URL of CRL file (1-256 chars)
|
security-object <string> security additional-auth-method captive-web-portal server-name <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
server-name |
Set a domain name for the local web server (Default server name: IP address of the interface on which the captive web portal will operate; Note: The authoritative DNS server must be configured to resolve this domain name to the interface IP address.)
|
<string> |
Enter the domain name for the web server (1-32 chars)
|
security-object <string> security additional-auth-method captive-web-portal server-name cert-dn
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
server-name |
Set a domain name for the local web server (Default server name: IP address of the interface on which the captive web portal will operate; Note: The authoritative DNS server must be configured to resolve this domain name to the interface IP address.)
|
cert-dn |
Set the same domain name as the CN value in the certificate that the captive web portal uses for HTTPS (Note: The CN must be a valid domain name that can be resolved to the IP address of the interface hosting the portal. The CN max length is 32 chars.)
|
security-object <string> security additional-auth-method captive-web-portal success-redirect external-page <string> [ delay <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
success-redirect |
Set options for displaying the page shown to a user after a successful registration
|
external-page |
Display a page stored on an external web server
|
<string> |
Enter the URL for the page on the external web server (1-256 chars; Format: http:///.html or https: ///.html)
|
delay |
Set the length of time to display a message that the registration succeeded before redirecting the user to an external web page
|
<number> |
Enter the length of time in seconds that the HiveAP displays the message (Default: 5; Range: 5-60)
|
security-object <string> security additional-auth-method captive-web-portal success-redirect original-page [ delay <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
success-redirect |
Set options for displaying the page shown to a user after a successful registration
|
original-page |
Display the original page that the user requested
|
delay |
Set the length of time to display a message that the registration succeeded before redirecting the user to an external web page
|
<number> |
Enter the length of time that the HiveAP displays the message (Default: 5 seconds; Range: 5-60 seconds)
|
security-object <string> security additional-auth-method captive-web-portal timer-display alert <number>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
captive-web-portal |
Set a captive web portal for additional user authentication or registration
|
timer-display |
Enable timer-display windows to communicate login and session information
|
alert |
Notify users when their session is about to expire
|
<number> |
Enter the interval before the session expires in minutes (Default: 5 mins; Range: 1-30)
|
security-object <string> security additional-auth-method mac-based-auth [ {auth-method} {pap|chap|ms-chap-v2} ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
mac-based-auth |
Use client MAC addresses as user names and passwords for RADIUS authentication (Default: Disabled)
|
auth-method |
Set user authentication method
|
pap |
Set PAP (Password Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
|
chap |
Set CHAP (Challenge-Handshake Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
|
ms-chap-v2 |
Set MS-CHAP-v2 (Microsoft CHAP Version 2) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
|
security-object <string> security additional-auth-method mac-based-auth fallback-to-ecwp
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
mac-based-auth |
Use client MAC addresses as user names and passwords for RADIUS authentication (Default: Disabled)
|
fallback-to-ecwp |
Redirect HTTP/HTTPS traffic to an external captive web portal if MAC-based authentication fails on the RADIUS server
|
security-object <string> security additional-auth-method mobile-device-manager aerohive api-key <string> api-instance-id <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
mobile-device-manager |
Set the mobile device manager parameters
|
aerohive |
Set connection and access parameters for the aerohive MDM (Aerohive MDM server) to enforce client management such as mobile device enrollment
|
api-key |
Set the API key for location group to enable API access on the aerohive MDM
|
<string> |
Enter the API key (16 chars)
|
api-instance-id |
Set the API instance ID
|
<string> |
Enter the instance ID (1-64 chars)
|
security-object <string> security additional-auth-method mobile-device-manager aerohive onboard access-ssid <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
mobile-device-manager |
Set the mobile device manager parameters
|
aerohive |
Set connection and access parameters for the aerohive MDM (Aerohive MDM server) to enforce client management such as mobile device enrollment
|
onboard |
Enable onboard procedures
|
access-ssid |
Set SSID for onboard accessing
|
<string> |
Enter an SSID profile name (1-32 chars)
|
security-object <string> security additional-auth-method mobile-device-manager airwatch api-key <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
mobile-device-manager |
Set the mobile device manager parameters
|
airwatch |
Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce client management such as mobile device enrollment
|
api-key |
Set the API key for location group to enable API access on the AirWatch
|
<string> |
Enter the API key for location group
|
security-object <string> security additional-auth-method mobile-device-manager airwatch non-compliant disconnect-for-vlan-change
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
mobile-device-manager |
Set the mobile device manager parameters
|
airwatch |
Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce client management such as mobile device enrollment
|
non-compliant |
Set the non-compliant parameters
|
disconnect-for-vlan-change |
Disconnect the station when the VLAN is changed
|
security-object <string> security additional-auth-method mobile-device-manager airwatch non-compliant guest-upid <number>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
mobile-device-manager |
Set the mobile device manager parameters
|
airwatch |
Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce client management such as mobile device enrollment
|
non-compliant |
Set the non-compliant parameters
|
guest-upid |
Set the user profile attribute number for non-compliant device
|
<number> |
Enter the default user profile attribute number (Range: 0-4095)
|
security-object <string> security additional-auth-method mobile-device-manager airwatch non-compliant send-message content <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
mobile-device-manager |
Set the mobile device manager parameters
|
airwatch |
Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce client management such as mobile device enrollment
|
non-compliant |
Set the non-compliant parameters
|
send-message |
Set the send message parameters
|
content |
Set the content of message
|
<string> |
Enter the content of the message (1-140 chars)
|
security-object <string> security additional-auth-method mobile-device-manager airwatch non-compliant send-message title <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
mobile-device-manager |
Set the mobile device manager parameters
|
airwatch |
Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce client management such as mobile device enrollment
|
non-compliant |
Set the non-compliant parameters
|
send-message |
Set the send message parameters
|
title |
Set Set the subject of the message (Note: The title only takes effect when message type is email.)
|
<string> |
Enter the subject of the message (1-32 chars)
|
security-object <string> security additional-auth-method mobile-device-manager airwatch non-compliant send-message type {email|sms|push|all}
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
mobile-device-manager |
Set the mobile device manager parameters
|
airwatch |
Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce client management such as mobile device enrollment
|
non-compliant |
Set the non-compliant parameters
|
send-message |
Set the send message parameters
|
type |
Set the message type
|
email |
Send message using email
|
sms |
Send message using SMS (Short Message Service)
|
push |
Send message using push
|
all |
Send message using all of push, email and SMS
|
security-object <string> security additional-auth-method mobile-device-manager airwatch url-enrollment <url>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
mobile-device-manager |
Set the mobile device manager parameters
|
airwatch |
Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce client management such as mobile device enrollment
|
url-enrollment |
Set the enrollment URL path on the AirWatch
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path or http://domain:port/path; Note: You can substitute "https" for "http".)
|
security-object <string> security additional-auth-method mobile-device-manager airwatch url-rest-api <url>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
mobile-device-manager |
Set the mobile device manager parameters
|
airwatch |
Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce client management such as mobile device enrollment
|
url-rest-api |
Set the REST API URL path on the AirWatch
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path or http://domain:port/path; Note: You can substitute "https" for "http".)
|
security-object <string> security additional-auth-method mobile-device-manager {jss|aerohive} url-root-path <url>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
mobile-device-manager |
Set the mobile device manager parameters
|
jss |
Set connection and access parameters for the JSS (JAMF software server) to enforce client management such as mobile device enrollment
|
aerohive |
Set connection and access parameters for the aerohive MDM (Aerohive MDM server) to enforce client management such as mobile device enrollment
|
url-root-path |
Set the root URL path to the "/enroll" page on the JSS (Note: A JSS always displays the device enrollment page at "/enroll", so enter just the root URL path that precedes "/enroll".)
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path or http://domain:port/path; Note: You can substitute "https" for "http".)
|
security-object <string> security additional-auth-method mobile-device-manager {jss|airwatch|aerohive} enable
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
mobile-device-manager |
Set the mobile device manager parameters
|
jss |
Set connection and access parameters for the JSS (JAMF software server) to enforce client management such as mobile device enrollment
|
airwatch |
Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce client management such as mobile device enrollment
|
aerohive |
Set connection and access parameters for the aerohive MDM (Aerohive MDM server) to enforce client management such as mobile device enrollment
|
enable |
Enable client management through MDM
|
security-object <string> security additional-auth-method mobile-device-manager {jss|airwatch|aerohive} os-object <string> [ {ios|mac-os} ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
mobile-device-manager |
Set the mobile device manager parameters
|
jss |
Set connection and access parameters for the JSS (JAMF software server) to enforce client management such as mobile device enrollment
|
airwatch |
Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce client management such as mobile device enrollment
|
aerohive |
Set connection and access parameters for the aerohive MDM (Aerohive MDM server) to enforce client management such as mobile device enrollment
|
os-object |
Set the name of an OS of clients whose network traffic you want the Aerohive device to redirect to the MDM server for enrollment
|
<string> |
Enter the OS object name (1-32 chars)
|
ios |
Define the type of OS object as Apple iOS (Default client OS type: iOS; Note: JSS only supports iOSv4 or later.)
|
mac-os |
Define the type of OS object as Apple Mac OS (Default client OS type: iOS)
|
security-object <string> security additional-auth-method mobile-device-manager {jss|airwatch} http-auth user <string> password <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
mobile-device-manager |
Set the mobile device manager parameters
|
jss |
Set connection and access parameters for the JSS (JAMF software server) to enforce client management such as mobile device enrollment
|
airwatch |
Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce client management such as mobile device enrollment
|
http-auth |
Set parameters for HTTP authentication when the HiveAP connects to the MDM server
|
user |
Set the user name for HTTP authentication
|
<string> |
Enter the user name (1-32 chars)
|
password |
Set the password for HTTP authentication
|
<string> |
Enter the password (1-32 chars)
|
security-object <string> security additional-auth-method mobile-device-manager {jss|airwatch} poll-status [ interval <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
additional-auth-method |
Set an additional authentication method in addition to the one in the security protocol suite
|
mobile-device-manager |
Set the mobile device manager parameters
|
jss |
Set connection and access parameters for the JSS (JAMF software server) to enforce client management such as mobile device enrollment
|
airwatch |
Set connection and access parameters for the AirWatch (AirWatch MDM server) to enforce client management such as mobile device enrollment
|
poll-status |
Query the station for enrollment and compliance status periodically
|
interval |
Set the query interval
|
<number> |
Enter the query interval in seconds (Default: 60; Range: 30-600)
|
security-object <string> security eap retries <number>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
eap |
Set parameters for exchanging EAP packets during 802.1X authentication
|
retries |
Set the number of times that the HiveAP will resend an EAP packet when it receives no response from a client
|
<number> |
Enter the number of retries (Default: 3; Range: 1-5)
|
security-object <string> security eap timeout <number>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
eap |
Set parameters for exchanging EAP packets during 802.1X authentication
|
timeout |
Set the interval that the HiveAP waits for a client to respond before resending an EAP packet
|
<number> |
Enter the EAP timeout in seconds (Default: 30; Range: 5-300)
|
security-object <string> security local-cache timeout <number>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
local-cache |
Set parameters for storing PMK (pairwise master key) entries in the local cache
|
timeout |
Set the length of time to keep PMK entries before deleting them
|
<number> |
Enter the timeout in seconds (Default: 86400; that is, 1 day; Range: 60-604800; that is, 1 minute to 7 days)
|
security-object <string> security preauth [ interface <ethx|wifix.y> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
preauth |
Set an interface to accept pre-authenticated 802.1X frames for fast roaming
|
interface |
Set an interface to accept pre-authenticated 802.1X frames for fast roaming
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
security-object <string> security private-psk
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
private-psk |
Set the parameters for creating individual user PSKs (preshared keys)
|
security-object <string> security private-psk default-psk-disabled
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
private-psk |
Set the parameters for creating individual user PSKs (preshared keys)
|
default-psk-disabled |
Disable the default PSK (Default: Enabled)
|
security-object <string> security private-psk external-server
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
private-psk |
Set the parameters for creating individual user PSKs (preshared keys)
|
external-server |
Look up private PSKs that users submit on an external private PSK server
|
security-object <string> security private-psk mac-binding-enable
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
private-psk |
Set the parameters for creating individual user PSKs (preshared keys)
|
mac-binding-enable |
Enable the automatic binding of a private PSK to a MAC address (Default: Disabled)
|
security-object <string> security private-psk ppsk-server <ip_addr>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
private-psk |
Set the parameters for creating individual user PSKs (preshared keys)
|
ppsk-server |
Set the HiveAP private PSK server to which other hive members redirect users to self-register and receive private PSK assignments automatically
|
<ip_addr> |
Enter the mgt0 IP address of the HiveAP private PSK server
|
security-object <string> security private-psk radius-auth [ {pap|chap|ms-chap-v2} ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
private-psk |
Set the parameters for creating individual user PSKs (preshared keys)
|
radius-auth |
Enable the HiveAP to forward authentication checks for private PSKs to an external RADIUS server and set the method for authenticating communications with it (Default: disabled)
|
pap |
Set PAP (Password Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
|
chap |
Set CHAP (Challenge-Handshake Authentication Protocol) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
|
ms-chap-v2 |
Set MS-CHAP-v2 (Microsoft CHAP Version 2) as the method for sending authentication requests between the HiveAP and RADIUS server (Default: PAP)
|
security-object <string> security private-psk same-user-limit <number>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
private-psk |
Set the parameters for creating individual user PSKs (preshared keys)
|
same-user-limit |
Set a limit for the number of private PSK users that can be authenticated with the same user name and PSK concurrently
|
<number> |
Enter the maximum number of private PSK users that can use the same user name and PSK concurrently (Default: 0, which means there is no limit; Range: 0-15)
|
security-object <string> security private-psk self-reg-enable
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
private-psk |
Set the parameters for creating individual user PSKs (preshared keys)
|
self-reg-enable |
Enable support of user self-registration (Default: Enabled)
|
security-object <string> security protocol-suite open
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
open |
Set network access as 'open', meaning that user traffic is neither authenticated nor encrypted
|
security-object <string> security protocol-suite wep-open <number> {hex-key|ascii-key} <string> [ default ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wep-open |
Set the security protocol suite as preshared-key key management, WEP40/WEP104 encryption, and open authentication
|
<number> |
Enter the index to identify one of 4 possible WEP keys (Default: 0; Range: 0-3)
|
hex-key |
Set key type as hexadecimal
|
ascii-key |
Set key type as ASCII (American Standard Code for Information Interchange)
|
<string> |
Enter key value (ascii-key: a 5(WEP40)/13(WEP104) characters key; hex-key: a 10(WEP40)/26(WEP104) digit hex key)
|
default |
Set the current key as the default WEP key
|
security-object <string> security protocol-suite wep-shared <number> {hex-key|ascii-key} <string> [ default ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wep-shared |
Set the security protocol suite as preshared-key key management, WEP40/WEP104 encryption, and preshared-key authentication
|
<number> |
Enter the index to identify one of 4 possible WEP keys (Range: 0-3)
|
hex-key |
Set key type as hexadecimal
|
ascii-key |
Set key type as ASCII (American Standard Code for Information Interchange)
|
<string> |
Enter key value (ascii-key: a 5(WEP40)/13(WEP104) characters key; hex-key: a 10(WEP40)/26(WEP104) digit hex key)
|
default |
Set the current key as the default WEP key
|
security-object <string> security protocol-suite wep104-8021x [ rekey-period <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wep104-8021x |
Set the security protocol suite as 104-bit WEP encryption and EAP (802.1x) authentication
|
rekey-period |
Set the period after which a new group temporal key replaces the current one
|
<number> |
Enter the period after which a new group temporal key replaces current one (Default: 600secs; Min: 600; Max: 50000000)
|
security-object <string> security protocol-suite wep40-8021x [ rekey-period <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wep40-8021x |
Set the security protocol suite as 40-bit WEP encryption and EAP (802.1x) authentication
|
rekey-period |
Set the period after which a new group temporal key replaces the current one
|
<number> |
Enter the period after which a new group temporal key replaces current one (Default: 600secs; Min: 600; Max: 50000000)
|
security-object <string> security protocol-suite wpa-aes-8021x [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ ptk-rekey-period <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wpa-aes-8021x |
Set the security protocol suite as WPA-EAP (802.1X) key management, AES-CCMP encryption, and EAP (802.1X) authentication
|
rekey-period |
Set the period after which a new group temporal key replaces the current one
|
<number> |
Enter the period in seconds after which a new group temporal key replaces the current one (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
|
non-strict |
Refresh the GTK (group temporal key) whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
|
strict |
Refresh the GTK whenever a client to which the security object settings are applied disconnects from the HiveAP (Default: non-strict)
|
gmk-rekey-period |
Set the GMK (group master key) rekey periodDefault: 0)
|
<number> |
Enter the interval in seconds for rekeying the GMK (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
|
ptk-timeout |
Set the interval that the HiveAP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
ptk-retry |
Set the maximum number of times the HiveAP will retry sending PTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
gtk-timeout |
Set the interval that the HiveAP waits for client replies during the 2-way handshake in which the HiveAP sends a GTK (group temporal key) to the client for encrypting and decrypting multicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
gtk-retry |
Set the maximum number of times the HiveAP will retry sending GTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
ptk-rekey-period |
Set the period after which a new PTK (pairwise transient key) replaces the current one
|
<number> |
Enter the period in seconds after which a new PTK replaces the current one (Range: 0 or 10-50000000, where 0 means disabled; Default: 0)
|
security-object <string> security protocol-suite wpa-aes-psk {hex-key|ascii-key} <string> [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ ptk-rekey-period <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wpa-aes-psk |
Set the security protocol suite as WPA-PSK (preshared key) key management, AES-CCMP encryption, and open authentication
|
hex-key |
Set key type as hexadecimal
|
ascii-key |
Set key type as ASCII (American Standard Code for Information Interchange)
|
<string> |
Enter key value (ASCII key length: 8-63 chars; hexadecimal key length: 64 hex digits)
|
rekey-period |
Set the period after which a new group temporal key replaces the current one
|
<number> |
Enter the period in seconds after which a new group temporal key replaces the current one (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
|
non-strict |
Refresh the GTK (group temporal key) whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
|
strict |
Refresh the GTK whenever a client to which the security object settings are applied disconnects from the HiveAP (Default: non-strict)
|
gmk-rekey-period |
Set the GMK (group master key) rekey periodDefault: 0)
|
<number> |
Enter the interval in seconds for rekeying the GMK (Range: 0 or 600-50000000, where 0 means disabled; Default: Disabled)
|
ptk-timeout |
Set the interval that the HiveAP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
ptk-retry |
Set the maximum number of times the HiveAP will retry sending PTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
gtk-timeout |
Set the interval that the HiveAP waits for client replies during the 2-way handshake in which the HiveAP sends a GTK (group temporal key) to the client for encrypting and decrypting multicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
gtk-retry |
Set the maximum number of times the HiveAP will retry sending GTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
ptk-rekey-period |
Set the period after which a new PTK (pairwise transient key) replaces the current one
|
<number> |
Enter the period in seconds after which a new PTK replaces the current one (Range: 0 or 10-50000000, where 0 means disabled; Default: 0)
|
security-object <string> security protocol-suite wpa-auto-8021x [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ roaming proactive-pmkid-response ] [ ptk-rekey-period <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wpa-auto-8021x |
Set security protocol suite as WPA-/WPA2-EAP (802.1X) key management, TKIP/AES-CCMP encryption, and EAP (802.1X) authentication
|
rekey-period |
Set the period after which a new group temporal key replaces the current one
|
<number> |
Enter the period in seconds after which a new group temporal key replaces the current one (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
|
non-strict |
Refresh the GTK (group temporal key) whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
|
strict |
Refresh the GTK whenever a client to which the security object settings are applied disconnects from the HiveAP (Default: non-strict)
|
gmk-rekey-period |
Set the GMK (group master key) rekey periodDefault: 0)
|
<number> |
Enter the interval in seconds for rekeying the GMK (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
|
ptk-timeout |
Set the interval that the HiveAP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
ptk-retry |
Set the maximum number of times the HiveAP will retry sending PTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
gtk-timeout |
Set the interval that the HiveAP waits for client replies during the 2-way handshake in which the HiveAP sends a GTK (group temporal key) to the client for encrypting and decrypting multicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
gtk-retry |
Set the maximum number of times the HiveAP will retry sending GTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
roaming |
Set roaming parameters for the protocol suite
|
proactive-pmkid-response |
Respond to a client sending an empty PMK (pairwise master key) ID list with a cached PMK ID (Default: Disabled)
|
ptk-rekey-period |
Set the period after which a new PTK (pairwise transient key) replaces the current one
|
<number> |
Enter the period in seconds after which a new PTK replaces the current one (Range: 0 or 10-50000000, where 0 means disabled; Default: 0)
|
security-object <string> security protocol-suite wpa-auto-psk {hex-key|ascii-key} <string> [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ ptk-rekey-period <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wpa-auto-psk |
Set security protocol suite as WPA-/WPA2-PSK (preshared key) key management, TKIP or AES-CCMP encryption, open authentication
|
hex-key |
Set key type as hexadecimal
|
ascii-key |
Set key type as ASCII (American Standard Code for Information Interchange)
|
<string> |
Enter key value (ASCII key length: 8-63 chars; hexadecimal key length: 64 hex digits)
|
rekey-period |
Set the period after which a new group temporal key replaces the current one
|
<number> |
Enter the period in seconds after which a new group temporal key replaces the current one (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
|
non-strict |
Refresh the GTK (group temporal key) whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
|
strict |
Refresh the GTK whenever a client to which the security object settings are applied disconnects from the HiveAP (Default: non-strict)
|
gmk-rekey-period |
Set the GMK (group master key) rekey periodDefault: 0)
|
<number> |
Enter the interval for rekeying GMK (Group Master Key; Default: 0; Range: 0 or 600-50000000 Seconds, where 0 means disabled)
|
ptk-timeout |
Set the interval that the HiveAP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
ptk-retry |
Set the maximum number of times the HiveAP will retry sending PTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
gtk-timeout |
Set the interval that the HiveAP waits for client replies during the 2-way handshake in which the HiveAP sends a GTK (group temporal key) to the client for encrypting and decrypting multicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
gtk-retry |
Set the maximum number of times the HiveAP will retry sending GTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
ptk-rekey-period |
Set the period after which a new PTK (pairwise transient key) replaces the current one
|
<number> |
Enter the period in seconds after which a new PTK replaces the current one (Range: 0 or 10-50000000, where 0 means disabled; Default: 0)
|
security-object <string> security protocol-suite wpa-tkip-8021x [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ ptk-rekey-period <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wpa-tkip-8021x |
Set the security protocol suite as WPA-EAP (802.1X) key management, TKIP encryption, and EAP (802.1X) authentication
|
rekey-period |
Set the period after which a new group temporarey key replaces the current one
|
<number> |
Enter the period in seconds after which a new group temporal key replaces the current one (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
|
non-strict |
Refresh the GTK (group temporal key) whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
|
strict |
Refresh the GTK whenever a client to which the security object settings are applied disconnects from the HiveAP (Default: non-strict)
|
gmk-rekey-period |
Set the GMK (group master key) rekey periodDefault: 0)
|
<number> |
Enter the interval for rekeying GMK (Group Master Key; Default: 0; Range: 0 or 600-50000000 Seconds, where 0 means disabled)
|
ptk-timeout |
Set the interval that the HiveAP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
ptk-retry |
Set the maximum number of times the HiveAP will retry sending PTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
gtk-timeout |
Set the interval that the HiveAP waits for client replies during the 2-way handshake in which the HiveAP sends a GTK (group temporal key) to the client for encrypting and decrypting multicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
gtk-retry |
Set the maximum number of times the HiveAP will retry sending GTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
ptk-rekey-period |
Set the period after which a new PTK (pairwise transient key) replaces the current one
|
<number> |
Enter the period in seconds after which a new PTK replaces the current one (Range: 0 or 10-50000000, where 0 means disabled; Default: 0)
|
security-object <string> security protocol-suite wpa-tkip-psk {hex-key|ascii-key} <string> [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ ptk-rekey-period <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wpa-tkip-psk |
Set the security protocol suite as WPA-PSK (preshared key) key management, TKIP encryption, and open authentication
|
hex-key |
Set key type as hexadecimal
|
ascii-key |
Set key type as ASCII (American Standard Code for Information Interchange)
|
<string> |
Enter key value (ASCII key length: 8-63 chars; hexadecimal key length: 64 hex digits)
|
rekey-period |
Set the period after which a new group temporal key replaces the current one
|
<number> |
Enter the period in seconds after which a new group temporal key replaces the current one (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
|
non-strict |
Refresh the GTK (group temporal key) whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
|
strict |
Refresh the GTK whenever a client to which the security object settings are applied disconnects from the HiveAP (Default: non-strict)
|
gmk-rekey-period |
Set the GMK (group master key) rekey periodDefault: 0)
|
<number> |
Enter the interval in seconds for rekeying the GMK (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
|
ptk-timeout |
Set the interval that the HiveAP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
ptk-retry |
Set the maximum number of times the HiveAP will retry sending PTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
gtk-timeout |
Set the interval that the HiveAP waits for client replies during the 2-way handshake in which the HiveAP sends a GTK (group temporal key) to the client for encrypting and decrypting multicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
gtk-retry |
Set the maximum number of times the HiveAP will retry sending GTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
ptk-rekey-period |
Set the period after which a new PTK (pairwise transient key) replaces the current one
|
<number> |
Enter the period in seconds after which a new PTK replaces the current one (Range: 0 or 10-50000000, where 0 means disabled; Default: 0)
|
security-object <string> security protocol-suite wpa2-aes-8021x [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ roaming proactive-pmkid-response ] [ ptk-rekey-period <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wpa2-aes-8021x |
Set the security protocol suite as WPA2-EAP (802.1X) key management, AES-CCMP encryption, and EAP (802.1X) authentication
|
rekey-period |
Set the period after which a new group temporal key replaces the current one
|
<number> |
Enter the period in seconds after which a new group temporal key replaces the current one (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
|
non-strict |
Refresh the GTK (group temporal key) whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
|
strict |
Refresh the GTK whenever a client to which the security object settings are applied disconnects from the HiveAP (Default: non-strict)
|
gmk-rekey-period |
Set the GMK (group master key) rekey periodDefault: 0)
|
<number> |
Enter the interval in seconds for rekeying GMK (Group Master Key; Default: 0; Range: 0 or 600-Seconds, where 0 means disabled)
|
ptk-timeout |
Set the interval that the HiveAP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
ptk-retry |
Set the maximum number of times the HiveAP will retry sending PTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
gtk-timeout |
Set the interval that the HiveAP waits for client replies during the 2-way handshake in which the HiveAP sends a GTK (group temporal key) to the client for encrypting and decrypting multicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
gtk-retry |
Set the maximum number of times the HiveAP will retry sending GTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
roaming |
Set roaming parameters for the protocol suite
|
proactive-pmkid-response |
Respond to a client sending an empty PMK (Pairwise Master Key) ID list with a cached PMK ID (Default: disabled)
|
ptk-rekey-period |
Set the period after which a new PTK (pairwise transient key) replaces the current one
|
<number> |
Enter the period in seconds after which a new PTK replaces the current one (Range: 0 or 10-50000000, where 0 means disabled; Default: 0)
|
security-object <string> security protocol-suite wpa2-aes-psk {hex-key|ascii-key} <string> [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ ptk-rekey-period <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wpa2-aes-psk |
Set the security protocol suite as WPA2-PSK (preshared key) key management, AES-CCMP encryption, and open authentication
|
hex-key |
Set key type as hexadecimal
|
ascii-key |
Set key type as ASCII (American Standard Code for Information Interchange)
|
<string> |
Enter key value (ASCII key length: 8-63 chars; hexadecimal key length: 64 hex digits)
|
rekey-period |
Set the period after which a new group temporal key replaces the current one
|
<number> |
Enter the period after which a new group temporal key replaces the current one (Default: 0; Range: 0 or 600-50000000 Seconds, where 0 means disabled)
|
non-strict |
Refresh the GTK (group temporal key) whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
|
strict |
Refresh the GTK whenever a client to which the security object settings are applied disconnects from the HiveAP (Default: non-strict)
|
gmk-rekey-period |
Set the GMK (group master key) rekey periodDefault: 0)
|
<number> |
Enter the interval for rekeying GMK (Group Master Key; Default: 0; Range: 0 or 600-50000000 Seconds, where 0 means disabled)
|
ptk-timeout |
Set the interval that the HiveAP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
ptk-retry |
Set the maximum number of times the HiveAP will retry sending PTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
gtk-timeout |
Set the interval that the HiveAP waits for client replies during the 2-way handshake in which the HiveAP sends a GTK (group temporal key) to the client for encrypting and decrypting multicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
gtk-retry |
Set the maximum number of times the HiveAP will retry sending GTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
ptk-rekey-period |
Set the period after which a new PTK (pairwise transient key) replaces the current one
|
<number> |
Enter the period in seconds after which a new PTK replaces the current one (Range: 0 or 10-50000000, where 0 means disabled; Default: 0)
|
security-object <string> security protocol-suite wpa2-tkip-8021x [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ roaming proactive-pmkid-response ] [ ptk-rekey-period <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wpa2-tkip-8021x |
Set the security protocol suite as WPA2-EAP (802.1X) key management, TKIP encryption, and EAP (802.1X) authentication
|
rekey-period |
Set the period after which a new group temporal key replaces the current one
|
<number> |
Enter the period in seconds after which a new group temporal key replaces the current one (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
|
non-strict |
Refresh the GTK (group temporal key) whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
|
strict |
Refresh the GTK whenever a client to which the security object settings are applied disconnects from the HiveAP (Default: non-strict)
|
gmk-rekey-period |
Set the GMK (group master key) rekey periodDefault: 0)
|
<number> |
Enter the interval for rekeying GMK (Group Master Key; Default: 0; Range: 0 or 600-50000000 Seconds, where 0 means disabled)
|
ptk-timeout |
Set the interval that the HiveAP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
ptk-retry |
Set the maximum number of times the HiveAP will retry sending PTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
gtk-timeout |
Set the interval that the HiveAP waits for client replies during the 2-way handshake in which the HiveAP sends a GTK (group temporal key) to the client for encrypting and decrypting multicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
gtk-retry |
Set the maximum number of times the HiveAP will retry sending GTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
roaming |
Set roaming parameters for the protocol suite
|
proactive-pmkid-response |
Respond to a client sending an empty PMK (pairwise master key) ID list with a cached PMK ID (Default: Disabled)
|
ptk-rekey-period |
Set the period after which a new PTK (pairwise transient key) replaces the current one
|
<number> |
Enter the period in seconds after which a new PTK replaces the current one (Range: 0 or 10-50000000, where 0 means disabled; Default: 0)
|
security-object <string> security protocol-suite wpa2-tkip-psk {hex-key|ascii-key} <string> [ rekey-period <number> ] [ {non-strict|strict} ] [ gmk-rekey-period <number> ] [ ptk-timeout <number> ] [ ptk-retry <number> ] [ gtk-timeout <number> ] [ gtk-retry <number> ] [ ptk-rekey-period <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wpa2-tkip-psk |
Set the security protocol suite as WPA2-PSK (preshared key) key management, TKIP encryption, and open authentication
|
hex-key |
Set key type as hexadecimal
|
ascii-key |
Set key type as ASCII (American Standard Code for Information Interchange)
|
<string> |
Enter key value (ASCII key length: 8-63 chars; hexadecimal key length: 64 hex digits)
|
rekey-period |
Set the period after which a new group temporal key replaces the current one
|
<number> |
Enter the period in seconds after which a new group temporal key replaces the current one (Range: 0 or 600-50000000, where 0 means disabled; Default: 0)
|
non-strict |
Refresh the GTK (group temporal key) whenever the rekey period elapses, regardless of whether any clients disassociate (Default: non-strict)
|
strict |
Refresh the GTK whenever a client to which the security object settings are applied disconnects from the HiveAP (Default: non-strict)
|
gmk-rekey-period |
Set the GMK (group master key) rekey periodDefault: 0)
|
<number> |
Enter the interval for rekeying GMK (Group Master Key; Default: 0; Range: 0 or 600-50000000 Seconds, where 0 means disabled)
|
ptk-timeout |
Set the interval that the HiveAP waits for client replies during the 4-way handshake in which they derive a PTK (pairwise transient key) for encrypting and decrypting unicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
ptk-retry |
Set the maximum number of times the HiveAP will retry sending PTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
gtk-timeout |
Set the interval that the HiveAP waits for client replies during the 2-way handshake in which the HiveAP sends a GTK (group temporal key) to the client for encrypting and decrypting multicast traffic
|
<number> |
Enter the timeout in milliseconds (Range: 100-8000; Default: 4000 milliseconds)
|
gtk-retry |
Set the maximum number of times the HiveAP will retry sending GTK messages
|
<number> |
Enter the maximum number of retries (Range: 1-10; Default: 3)
|
ptk-rekey-period |
Set the period after which a new PTK (pairwise transient key) replaces the current one
|
<number> |
Enter the period in seconds after which a new PTK replaces the current one (Range: 0 or 10-50000000, where 0 means disabled; Default: 0)
|
security-object <string> security protocol-suite {wpa-auto-8021x|wpa-tkip-8021x|wpa2-tkip-8021x|wpa-aes-8021x|wpa2-aes-8021x} reauth-interval <number>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wpa-auto-8021x |
Set security protocol suite as WPA-/WPA2-EAP (802.1X) key management, TKIP/AES-CCMP encryption, and EAP (802.1X) authentication
|
wpa-tkip-8021x |
Set the security protocol suite as WPA-EAP (802.1X) key management, TKIP encryption, and EAP (802.1X) authentication
|
wpa2-tkip-8021x |
Set the security protocol suite as WPA2-EAP (802.1X) key management, TKIP encryption, and EAP (802.1X) authentication
|
wpa-aes-8021x |
Set the security protocol suite as WPA-EAP (802.1X) key management, AES-CCMP encryption, and EAP (802.1X) authentication
|
wpa2-aes-8021x |
Set the security protocol suite as WPA2-EAP (802.1X) key management, AES-CCMP encryption, and EAP (802.1X) authentication
|
reauth-interval |
Set the default interval for reauthenticating users
|
<number> |
Enter the default reauth interval in seconds (Range: 600-86400; Default: Disabled)
|
security-object <string> security protocol-suite {wpa-auto-8021x|wpa-tkip-8021x|wpa2-tkip-8021x|wpa-auto-psk|wpa-tkip-psk|wpa2-tkip-psk|wpa-aes-psk|wpa2-aes-psk|wpa-aes-8021x|wpa2-aes-8021x} replay-window <number>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wpa-auto-8021x |
Set security protocol suite as WPA-/WPA2-EAP (802.1X) key management, TKIP/AES-CCMP encryption, and EAP (802.1X) authentication
|
wpa-tkip-8021x |
Set the security protocol suite as WPA-EAP (802.1X) key management, TKIP encryption, and EAP (802.1X) authentication
|
wpa2-tkip-8021x |
Set the security protocol suite as WPA2-EAP (802.1X) key management, TKIP encryption, and EAP (802.1X) authentication
|
wpa-auto-psk |
Set security protocol suite as WPA-/WPA2-PSK (preshared key) key management, TKIP or AES-CCMP encryption, open authentication
|
wpa-tkip-psk |
Set the security protocol suite as WPA-PSK (preshared key) key management, TKIP encryption, and open authentication
|
wpa2-tkip-psk |
Set the security protocol suite as WPA2-PSK (preshared key) key management, TKIP encryption, and open authentication
|
wpa-aes-psk |
Set the security protocol suite as WPA-PSK (preshared key) key management, AES-CCMP encryption, and open authentication
|
wpa2-aes-psk |
Set the security protocol suite as WPA2-PSK (preshared key) key management, AES-CCMP encryption, and open authentication
|
wpa-aes-8021x |
Set the security protocol suite as WPA-EAP (802.1X) key management, AES-CCMP encryption, and EAP (802.1X) authentication
|
wpa2-aes-8021x |
Set the security protocol suite as WPA2-EAP (802.1X) key management, AES-CCMP encryption, and EAP (802.1X) authentication
|
replay-window |
Set a window size within which the HiveAP accepts replies to previously sent messages during 4-way handshakes
|
<number> |
Enter the number of packets prior to the one most recently sent to which the HiveAP will accept a reply (Default: 0; Range: 0-10)
|
security-object <string> security protocol-suite {wpa-auto-8021x|wpa-tkip-8021x|wpa2-tkip-8021x|wpa-auto-psk|wpa-tkip-psk|wpa2-tkip-psk} local-tkip-counter-measure
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wpa-auto-8021x |
Set security protocol suite as WPA-/WPA2-EAP (802.1X) key management, TKIP/AES-CCMP encryption, and EAP (802.1X) authentication
|
wpa-tkip-8021x |
Set the security protocol suite as WPA-EAP (802.1X) key management, TKIP encryption, and EAP (802.1X) authentication
|
wpa2-tkip-8021x |
Set the security protocol suite as WPA2-EAP (802.1X) key management, TKIP encryption, and EAP (802.1X) authentication
|
wpa-auto-psk |
Set security protocol suite as WPA-/WPA2-PSK (preshared key) key management, TKIP or AES-CCMP encryption, open authentication
|
wpa-tkip-psk |
Set the security protocol suite as WPA-PSK (preshared key) key management, TKIP encryption, and open authentication
|
wpa2-tkip-psk |
Set the security protocol suite as WPA2-PSK (preshared key) key management, TKIP encryption, and open authentication
|
local-tkip-counter-measure |
Enable the deauthentication of all previously authenticated clients when the local HiveAP detects MIC (message integrity check) failures during TKIP operations (Default: enabled)
|
security-object <string> security protocol-suite {wpa-auto-8021x|wpa-tkip-8021x|wpa2-tkip-8021x|wpa-auto-psk|wpa-tkip-psk|wpa2-tkip-psk} remote-tkip-counter-measure
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
protocol-suite |
Set the security protocol suite for the security object
|
wpa-auto-8021x |
Set security protocol suite as WPA-/WPA2-EAP (802.1X) key management, TKIP/AES-CCMP encryption, and EAP (802.1X) authentication
|
wpa-tkip-8021x |
Set the security protocol suite as WPA-EAP (802.1X) key management, TKIP encryption, and EAP (802.1X) authentication
|
wpa2-tkip-8021x |
Set the security protocol suite as WPA2-EAP (802.1X) key management, TKIP encryption, and EAP (802.1X) authentication
|
wpa-auto-psk |
Set security protocol suite as WPA-/WPA2-PSK (preshared key) key management, TKIP or AES-CCMP encryption, open authentication
|
wpa-tkip-psk |
Set the security protocol suite as WPA-PSK (preshared key) key management, TKIP encryption, and open authentication
|
wpa2-tkip-psk |
Set the security protocol suite as WPA2-PSK (preshared key) key management, TKIP encryption, and open authentication
|
remote-tkip-counter-measure |
Enable the deauthentication of all previously authenticated clients when a client reports MIC (message integrity check) failures during TKIP operations (Default: enabled)]
|
security-object <string> security roaming cache update-interval <number> ageout <number>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
security |
Set security parameters for the security object
|
roaming |
Set roaming parameters for clients to which the security object is applied
|
cache |
Set the interval between updates and the number of times to update a station's roaming cache
|
update-interval |
Set the interval for sending roaming cache updates to neighbors
|
<number> |
Enter the roaming cache update interval in seconds (Default: 60; Range: 10-36000)
|
ageout |
Set how many times an entry must be absent from a neighbor's updates before removing it from the roaming cache
|
<number> |
Enter the number of absences required to remove an entry (Default: 60; Range: 1-1000)
|
security-object <string> user-profile-allowed <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
user-profile-allowed |
Allow network access for members of all or specified user profiles bound to the security object
|
<string> |
Enter the user profile name (1-32 chars)
|
security-object <string> user-profile-allowed {all}
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
user-profile-allowed |
Allow network access for members of all or specified user profiles bound to the security object
|
all |
Allow network access to members of all user profiles
|
security-object <string> user-profile-deny action ban [ <number> ] [ strict ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
user-profile-deny |
Set parameters for denying network access to users if they do not belong to an allowed user profile
|
action |
Set an action which will be taken if a user profile is not allowed to access this SSID
|
ban |
Set the action to ban network access for a specified length of time
|
<number> |
Enter the amount of time in seconds to perform the action (Default: 60; Range: 1-100000000)
|
strict |
Set the behavior to deauthenticate all connected stations whenever a user profile bound to the security object changes (Note: When stations reauthenticate, the user profile changes take effect.)
|
security-object <string> user-profile-deny action {ban-forever|disconnect} [ strict ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
user-profile-deny |
Set parameters for denying network access to users if they do not belong to an allowed user profile
|
action |
Set an action which will be taken if a user profile is not allowed to access this SSID
|
ban-forever |
Set the action to ban network access indefinitely
|
disconnect |
Set the action to disconnect the station from the HiveAP
|
strict |
Set the behavior to deauthenticate all connected stations whenever a user profile bound to the security object changes (Note: When stations reauthenticate, the user profile changes take effect.)
|
security-object <string> user-profile-policy <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
user-profile-policy |
Set the user profile mapping policy
|
<string> |
Enter a policy name (1-32 chars)
|
security-object <string> user-profile-sequence {cwp-ssid-mac|cwp-mac-ssid|ssid-cwp-mac|ssid-mac-cwp|mac-ssid-cwp|mac-cwp-ssid}
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
user-profile-sequence |
Set the sequential order to apply user profiles when the authentication process involves multiple components referencing different profiles (Default: mac-ssid-cwp; Note: The user profile applied last is the one that is ultimately used.)
|
cwp-ssid-mac |
Apply the user profile for a captive web portal first, SSID second, and MAC authentication last
|
cwp-mac-ssid |
Apply the user profile for a captive web portal first, MAC authentication second, and SSID last
|
ssid-cwp-mac |
Apply the user profile for an SSID first, captive web portal second, and MAC authentication last
|
ssid-mac-cwp |
Apply the user profile for an SSID first, MAC authentication second, and captive web portal last
|
mac-ssid-cwp |
Apply the user profile for MAC authentication first, SSID second, and captive web portal last
|
mac-cwp-ssid |
Apply the user profile for MAC authentication first, captive web portal second, and SSID last
|
security-object <string> walled-garden hostname <string> [ service {all|web} ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
walled-garden |
Set the parameters for a walled garden in which unregistered users can access specified servers (Maximum: 64 IP address and host name entries combined)
|
hostname |
Set the host name of a server in the walled garden
|
<string> |
Enter the domain name (1-64 chars)
|
service |
Set the service permitted to reach the server (Maximum: 8 services per IP address or host name entry)
|
all |
Permit all services
|
web |
Permit HTTP and HTTPS
|
security-object <string> walled-garden hostname <string> service protocol <number> port <number>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
walled-garden |
Set the parameters for a walled garden in which unregistered users can access specified servers (Maximum: 64 IP address and host name entries combined)
|
hostname |
Set the host name of a server in the walled garden
|
<string> |
Enter the domain name (1-64 chars)
|
service |
Set the service permitted to reach the server (Maximum: 8 services per IP address or host name entry)
|
protocol |
Set the protocol of the service that you want to permit
|
<number> |
Enter the protocol number (Note: UDP: 17; TCP: 6; All: 0; Range: 0-255)
|
port |
Set the port number
|
<number> |
Enter the port number (Range: 1-65535)
|
security-object <string> walled-garden ip-address <ip_addr|ip_addr/mask> [ service {all|web} ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
walled-garden |
Set the parameters for a walled garden in which unregistered users can access specified servers (Maximum: 64 IP address and host name entries combined)
|
ip-address |
Set the IP address of a server or a subnet in the walled garden
|
<ip_addr> |
Enter the IP address or subnet (Note: To define a subnet, enter the first address in the subnet, followed by a slash, and then the routing prefix bit length. Example: 10.1.1.0/24)
|
<ip_addr/netmask> |
Enter the IP address or subnet (Note: To define a subnet, enter the first address in the subnet, followed by a slash, and then the routing prefix bit length. Example: 10.1.1.0/24)
|
service |
Set the service permitted to reach the server (Maximum: 8 services per IP address or host name entry)
|
all |
Permit all services
|
web |
Permit HTTP and HTTPS
|
security-object <string> walled-garden ip-address <ip_addr|ip_addr/mask> service protocol <number> port <number>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
walled-garden |
Set the parameters for a walled garden in which unregistered users can access specified servers (Maximum: 64 IP address and host name entries combined)
|
ip-address |
Set the IP address of a server or a subnet in the walled garden
|
<ip_addr> |
Enter the IP address or subnet (Note: To define a subnet, enter the first address in the subnet, followed by a slash, and then the routing prefix bit length. Example: 10.1.1.0/24)
|
<ip_addr/netmask> |
Enter the IP address or subnet (Note: To define a subnet, enter the first address in the subnet, followed by a slash, and then the routing prefix bit length. Example: 10.1.1.0/24)
|
service |
Set the service permitted to reach the server (Maximum: 8 services per IP address or host name entry)
|
protocol |
Set the protocol of the service that you want to permit
|
<number> |
Enter the protocol number (Note: UDP: 17; TCP: 6; ICMP: 1; All: 0; Range: 0-255)
|
port |
Set the port number
|
<number> |
Enter the port number (Range: 1-65535)
|
security-object <string> web-directory <string>
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
web-directory |
Enter the web directory name for the captive web portal specified in the security object
|
<string> |
Enter the web directory name for the security object
|
security-object <string> web-server [ port <number> ] [ index-file <string> ] [ success-file <string> ] [ failure-file <string> ] [ ssl server-key <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
web-server |
Enable the internal web server
|
port |
Set the HTTP port number for the web server
|
<number> |
Enter the HTTP port number for the web server. Set the port number to 0 is disable the HTTP method (Default: 80; Range: 0-65535)
|
index-file |
Specify the .html file as the default index page
|
<string> |
Enter the .html file name (Default: success.html; Range: 1-32 chars)
|
success-file |
Specify the .html file that you want to appear after a user successfully registers through the captive web portal
|
<string> |
Enter the .html file name (Default: success.html; Range: 1-32 chars)
|
failure-file |
Specify the .html file that you want to appear after a user failed registers through the captive web portal
|
<string> |
Enter the .html file name (Default: failure.html; Range: 1-32 chars)
|
ssl |
Enable the SSL (Secure Socket Layer) method
|
server-key |
Set the server key (a X509 certificate) for SSL
|
<number> |
Enter the server key index (Default: 0; Range: 0-15)
|
security-object <string> web-server web-page {mandatory-field} <number> [ optional-field <number> ]
|
security-object |
Set parameters for a security object controlling network access through the SSIDs and Ethernet interfaces to which it is applied
|
<string> |
Enter the security object name (1-32 chars)
|
web-server |
Enable the internal web server
|
web-page |
Set the web pages parameters
|
mandatory-field |
Set the mandatory field numbers in login web page
|
<number> |
Enter the mandatory field numbers in login web page (Default: 4; Range: 0-8)
|
optional-field |
Set the optional field numbers in login web page
|
<number> |
Enter the optional field numbers in login web page (Default: 2; Range: 0-8)
|
service <string> alg {ftp|tftp|sip|dns|http}
|
service |
Set a custom service
|
<string> |
Enter service name (1-32 chars)
|
alg |
Assign an ALG (Application Level Gateway) to the service
|
ftp |
Assign an FTP (File Transfer Protocol) ALG to the service
|
tftp |
Assign a TFTP (Trivial File Transfer Protocol) ALG to the service
|
sip |
Assign a SIP (Session Initiation Protocol) ALG to the service
|
dns |
Assign a DNS (Domain Name System) ALG to the service
|
http |
Assign an HTTP (Hypertext Transfer Protocol) ALG to the service
|
service <string> app-id <number> [ timeout <number> ]
|
service |
Set a custom service
|
<string> |
Enter service name (1-32 chars)
|
app-id |
Assign an L7 application ID to the service
|
<number> |
Assign an L7 application ID to the service
|
timeout |
Set the service session timeout
|
<number> |
Set the session timeout value in seconds (Range: 0-65535; Default 300)
|
service <string> protocol <number> [ port <number> ] [ timeout <number> ]
|
service |
Set a custom service
|
<string> |
Enter service name (1-32 chars)
|
protocol |
Set the protocol used by the custom service
|
<number> |
Enter the protocol number (Range: 1-255)
|
port |
Set the destination port number for the transport protocol
|
<number> |
Enter the port number (Range: 0-65535)
|
timeout |
Set the service session timeout
|
<number> |
Set the session timeout value in seconds (Range: 0-65535; Default TCP: 300; UDP: 100; Other: 100)
|
service <string> protocol {tcp|udp|svp} [ port <number> ] [ timeout <number> ]
|
service |
Set a custom service
|
<string> |
Enter service name (1-32 chars)
|
protocol |
Set the protocol used by the custom service
|
tcp |
Enter the transport protocol as TCP (Transmission Control Protocol)
|
udp |
Enter the transport protocol as UDP (User Datagram Protocol)
|
svp |
Enter the transport protocol as SVP (SpectraLink Voice Priority)
|
port |
Set the destination port number for the transport protocol
|
<number> |
Enter the port number (Range: 0-65535)
|
timeout |
Set the service session timeout
|
<number> |
Set the session timeout value in seconds (Range: 0-65535; Default TCP: 300; UDP: 100; Other: 100)
|
show aaa
|
show |
Show settings, parameters, or dynamically generated information
|
aaa |
Show parameters for AAA (authentication, authorization, accounting)
|
show aaa radius-server
|
show |
Show settings, parameters, or dynamically generated information
|
aaa |
Show parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Show RADIUS server parameters
|
show aaa radius-server NAS [ <string> ]
|
show |
Show settings, parameters, or dynamically generated information
|
aaa |
Show parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Show RADIUS server parameters
|
NAS |
Show the shared keys for all RADIUS NASs
|
<string> |
Enter a RADIUS NAS name
|
show aaa radius-server cache
|
show |
Show settings, parameters, or dynamically generated information
|
aaa |
Show parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Show RADIUS server parameters
|
cache |
Show RADIUS server cache entries
|
show aaa radius-server domain
|
show |
Show settings, parameters, or dynamically generated information
|
aaa |
Show parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Show RADIUS server parameters
|
domain |
Show which Active Directory domain the AP has joined
|
show aaa radius-server proxy [ server ]
|
show |
Show settings, parameters, or dynamically generated information
|
aaa |
Show parameters for AAA (authentication, authorization, accounting)
|
radius-server |
Show RADIUS server parameters
|
proxy |
Show all realms parameters
|
server |
Show all RADIUS servers parameters
|
show aaa radius-server-key {radius-server|ldap-client}
|
show |
Show settings, parameters, or dynamically generated information
|
aaa |
Show parameters for AAA (authentication, authorization, accounting)
|
radius-server-key |
Show all certificates that the local AP uses as a RADIUS server and LDAP client
|
radius-server |
Show certificates that the local AP uses as a RADIUS server
|
ldap-client |
Show certificates that the local AP uses as a LDAP client
|
show access-console
|
show |
Show settings, parameters, or dynamically generated information
|
access-console |
Show access console status and parameters
|
show acsp
|
show |
Show settings, parameters, or dynamically generated information
|
acsp |
Show parameters for ACSP (Advanced Channel Selection Protocol)
|
show acsp channel-info [ {detail|arbiter} ]
|
show |
Show settings, parameters, or dynamically generated information
|
acsp |
Show parameters for ACSP (Advanced Channel Selection Protocol)
|
channel-info |
Show channel information for ACSP
|
detail |
Show detailed channel information about the calculated cost of each channel and the factors used to determine that cost
|
arbiter |
Show information regarding the assignment of channels to hive members
|
show acsp neighbor
|
show |
Show settings, parameters, or dynamically generated information
|
acsp |
Show parameters for ACSP (Advanced Channel Selection Protocol)
|
neighbor |
Show acsp neighbor list
|
show admin [ active ]
|
show |
Show settings, parameters, or dynamically generated information
|
admin |
Show admin parameters
|
active |
Show currently connected admin users
|
show admin auth
|
show |
Show settings, parameters, or dynamically generated information
|
admin |
Show admin parameters
|
auth |
Show admin authentication method
|
show admin manager-ip
|
show |
Show settings, parameters, or dynamically generated information
|
admin |
Show admin parameters
|
manager-ip |
Show IP addresses from which administrative traffic is accepted
|
show alg [ {ftp|tftp|sip|dns|http} ]
|
show |
Show settings, parameters, or dynamically generated information
|
alg |
Show ALG (Application Level Gateway) information
|
ftp |
Show FTP (File Transfer Protocol) information
|
tftp |
Show TFTP (Trivial File Transfer Protocol) information
|
sip |
Show SIP (Session Initiation Protocol) information
|
dns |
Show DNS (Domain Name System) information
|
http |
Show settings for the HTTP ALG
|
show alg sip calls [ <string> ]
|
show |
Show settings, parameters, or dynamically generated information
|
alg |
Show ALG (Application Level Gateway) information
|
sip |
Show SIP (Session Initiation Protocol) information
|
calls |
Show information for all currently active SIP calls
|
<string> |
Enter a call ID to show information for a specific SIP call (up to 128 chars)
|
show amrp
|
show |
Show settings, parameters, or dynamically generated information
|
amrp |
Show AMRP (Advanced Mobility Routing Protocol) parameters
|
show amrp Ethlink
|
show |
Show settings, parameters, or dynamically generated information
|
amrp |
Show AMRP (Advanced Mobility Routing Protocol) parameters
|
Ethlink |
Show the number of AMRP Ethernet links, and the number of hive members and interfaces on each link
|
show amrp Ethlink <mac_addr>
|
show |
Show settings, parameters, or dynamically generated information
|
amrp |
Show AMRP (Advanced Mobility Routing Protocol) parameters
|
Ethlink |
Show the number of AMRP Ethernet links, and the number of hive members and interfaces on each link
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
show amrp bonjour [ <ip_addr> ]
|
show |
Show settings, parameters, or dynamically generated information
|
amrp |
Show AMRP (Advanced Mobility Routing Protocol) parameters
|
bonjour |
Show Bonjour information
|
<ip_addr> |
Enter the BDD IPv4-address
|
show amrp client [ <mac_addr> ]
|
show |
Show settings, parameters, or dynamically generated information
|
amrp |
Show AMRP (Advanced Mobility Routing Protocol) parameters
|
client |
Show information about currently active clients associated with all hive members
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
show amrp dnxp cache [ <mac_addr> ]
|
show |
Show settings, parameters, or dynamically generated information
|
amrp |
Show AMRP (Advanced Mobility Routing Protocol) parameters
|
dnxp |
Show DNXP (Dynamic Network Extension Protocol) information
|
cache |
Show the entire DNXP cache or the cached entry for a specific client
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
show amrp dnxp neighbor [ <mac_addr> ]
|
show |
Show settings, parameters, or dynamically generated information
|
amrp |
Show AMRP (Advanced Mobility Routing Protocol) parameters
|
dnxp |
Show DNXP (Dynamic Network Extension Protocol) information
|
neighbor |
Show information about all DNXP neighbors or a specific neighbor to which the local HiveAP can tunnel the traffic of roaming clients
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
show amrp interface
|
show |
Show settings, parameters, or dynamically generated information
|
amrp |
Show AMRP (Advanced Mobility Routing Protocol) parameters
|
interface |
Show AMRP statistics for access interfaces reporting client associations and backhaul interfaces exchanging route information with other AMRP nodes
|
show amrp interface <ethx|redx|aggx> bmt-table
|
show |
Show settings, parameters, or dynamically generated information
|
amrp |
Show AMRP (Advanced Mobility Routing Protocol) parameters
|
interface |
Show AMRP statistics for access interfaces reporting client associations and backhaul interfaces exchanging route information with other AMRP nodes
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
bmt-table |
Broadcast Master Table
|
show amrp interface <ethx|redx|aggx> mac-learning
|
show |
Show settings, parameters, or dynamically generated information
|
amrp |
Show AMRP (Advanced Mobility Routing Protocol) parameters
|
interface |
Show AMRP statistics for access interfaces reporting client associations and backhaul interfaces exchanging route information with other AMRP nodes
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
mac-learning |
Show the MAC addresses learned on this interface
|
show amrp interface <ethx|redx|aggx|mgtx|wifix.y>
|
show |
Show settings, parameters, or dynamically generated information
|
amrp |
Show AMRP (Advanced Mobility Routing Protocol) parameters
|
interface |
Show AMRP statistics for access interfaces reporting client associations and backhaul interfaces exchanging route information with other AMRP nodes
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<redx> |
Enter the name of the redundant interface, where x = 0
|
<aggx> |
Enter the name of the aggregate interface, where x = 0
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
show amrp neighbor [ {Ethernet|WiFi} ]
|
show |
Show settings, parameters, or dynamically generated information
|
amrp |
Show AMRP (Advanced Mobility Routing Protocol) parameters
|
neighbor |
Show AMRP neighbor information (Note: An AMRP neighbor is another hive member that is one hop away.)
|
Ethernet |
Show AMRP neighbors that connect to the local HiveAP through its Ethernet interfaces
|
WiFi |
Show AMRP neighbors that connect to the local HiveAP through its WiFi interfaces
|
show amrp node <ip_addr|mac_addr>
|
show |
Show settings, parameters, or dynamically generated information
|
amrp |
Show AMRP (Advanced Mobility Routing Protocol) parameters
|
node |
Show information about all AMRP nodes or a specific node (Note: An AMRP node is another hive member in the same layer-2 domain.)
|
<ip_addr> |
Enter node address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
show amrp node [ all ]
|
show |
Show settings, parameters, or dynamically generated information
|
amrp |
Show AMRP (Advanced Mobility Routing Protocol) parameters
|
node |
Show information about all AMRP nodes or a specific node (Note: An AMRP node is another hive member in the same layer-2 domain.)
|
all |
Show amrp all node detail
|
show amrp static-neighbor
|
show |
Show settings, parameters, or dynamically generated information
|
amrp |
Show AMRP (Advanced Mobility Routing Protocol) parameters
|
static-neighbor |
Show AMRP information for neighbors with statically defined route metrics
|
show amrp tunnel [ <ip_addr> ]
|
show |
Show settings, parameters, or dynamically generated information
|
amrp |
Show AMRP (Advanced Mobility Routing Protocol) parameters
|
tunnel |
Show a information about all DNXP, INXP (Identity Network Extension Protocol), and VPN tunnels or about a tunnel to a specific peer
|
<ip_addr> |
Enter the tunnel peer IPv4 address
|
show amrp tunnel route [ <ip_addr> ]
|
show |
Show settings, parameters, or dynamically generated information
|
amrp |
Show AMRP (Advanced Mobility Routing Protocol) parameters
|
tunnel |
Show a information about all DNXP, INXP (Identity Network Extension Protocol), and VPN tunnels or about a tunnel to a specific peer
|
route |
Show tunneled route
|
<ip_addr> |
Enter the tunneled route IPv4 address
|
show application identification [ cdp-index <number> ] [ cdp-name <string> ]
|
show |
Show settings, parameters, or dynamically generated information
|
application |
Show L7 information
|
identification |
Show L7 identification related parameters
|
cdp-index |
Set index for custom defined application
|
<number> |
Enter the index for custom defined application (Range: 19000-19099)
|
cdp-name |
Show L7 custom applications
|
<string> |
Enter the name of the custom defined application (1 to 8 characters)
|
show application reporting app-stats
|
show |
Show settings, parameters, or dynamically generated information
|
application |
Show L7 information
|
reporting |
Show L7 application reporting information
|
app-stats |
Show L7 application reporting application statistics
|
show application reporting applications
|
show |
Show settings, parameters, or dynamically generated information
|
application |
Show L7 information
|
reporting |
Show L7 application reporting information
|
applications |
Show L7 application reporting application information
|
show application reporting configuration
|
show |
Show settings, parameters, or dynamically generated information
|
application |
Show L7 information
|
reporting |
Show L7 application reporting information
|
configuration |
Show L7 application reporting configuration
|
show application reporting statistics
|
show |
Show settings, parameters, or dynamically generated information
|
application |
Show L7 information
|
reporting |
Show L7 application reporting information
|
statistics |
Show L7 application reporting statistics
|
show arp-cache
|
show |
Show settings, parameters, or dynamically generated information
|
arp-cache |
Show arp cache table
|
show auth [ interface <wifix.y|ethx> ]
|
show |
Show settings, parameters, or dynamically generated information
|
auth |
Show authentication parameters per interface
|
interface |
Show authentication parameters for special interface
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
show auth private-psk
|
show |
Show settings, parameters, or dynamically generated information
|
auth |
Show authentication parameters per interface
|
private-psk |
Show private PSK (preshared key) entries
|
show band-steering status
|
show |
Show settings, parameters, or dynamically generated information
|
band-steering |
Show settings, parameters, or dynamically generated information
|
status |
Show parameters for band steering in the WLAN
|
show bonjour-gateway filter
|
show |
Show settings, parameters, or dynamically generated information
|
bonjour-gateway |
Show the settings and status of the Bonjour gateway
|
filter |
Show the rules that filter which services the local Bonjour gateway transmits to Bonjour gateways in other subnets
|
show bonjour-gateway service local [ vlan <number> ] [ detail ]
|
show |
Show settings, parameters, or dynamically generated information
|
bonjour-gateway |
Show the settings and status of the Bonjour gateway
|
service |
Show the Bonjour services that the local gateway discovered locally and those it learned from other gateways
|
local |
Show all the services that the local Bonjour gateway collected from hosts onits immediate subnet
|
vlan |
Show the services that the local Bonjour gateway knows are available on a specific VLAN
|
<number> |
Enter the VLAN ID number (Range 1-4094)
|
detail |
Show detailed information about Bonjour services
|
show bonjour-gateway service remote [ vlan <number> ] [ detail ]
|
show |
Show settings, parameters, or dynamically generated information
|
bonjour-gateway |
Show the settings and status of the Bonjour gateway
|
service |
Show the Bonjour services that the local gateway discovered locally and those it learned from other gateways
|
remote |
Show the services that the local Bonjour gateway learned about through communications with remote gateways on different subnets
|
vlan |
Show the services that the local Bonjour gateway knows are available on a specific VLAN
|
<number> |
Enter the VLAN ID number (Range 1-4094)
|
detail |
Show detailed information about Bonjour services
|
show bonjour-gateway status
|
show |
Show settings, parameters, or dynamically generated information
|
bonjour-gateway |
Show the settings and status of the Bonjour gateway
|
status |
Show the status of the local Bonjour gateway
|
show bonjour-gateway vlan
|
show |
Show settings, parameters, or dynamically generated information
|
bonjour-gateway |
Show the settings and status of the Bonjour gateway
|
vlan |
Show Bonjour Gateway VLANs status
|
show boot-param
|
show |
Show settings, parameters, or dynamically generated information
|
boot-param |
Show boot parameter information
|
show boot-param country-code
|
show |
Show settings, parameters, or dynamically generated information
|
boot-param |
Show boot parameter information
|
country-code |
Show the country code to control channel and power selections
|
show cac summary
|
show |
Show settings, parameters, or dynamically generated information
|
cac |
Show CAC (Call Admission Control) parameters
|
summary |
Show a summary of CAC settings and statistics
|
show capture interface <wifix>
|
show |
Show settings, parameters, or dynamically generated information
|
capture |
Show packet capture parameters
|
interface |
Show the status of packet capturing on a radio interface
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
show capture local
|
show |
Show settings, parameters, or dynamically generated information
|
capture |
Show packet capture parameters
|
local |
Show local captured files
|
show capture remote-sniffer
|
show |
Show settings, parameters, or dynamically generated information
|
capture |
Show packet capture parameters
|
remote-sniffer |
Show the status and connection settings for the remote packet sniffer
|
show capwap client
|
show |
Show settings, parameters, or dynamically generated information
|
capwap |
Show the settings and current status for CAPWAP (Control and Provisioning of Wireless Access Points)
|
client |
Show CAPWAP client settings and current status
|
show client-info-collection [ ip <ip_addr> ]
|
show |
Show settings, parameters, or dynamically generated information
|
client-info-collection |
Show client information collection result
|
ip |
Show client information by IP address
|
<ip_addr> |
Enter client IP address
|
show client-load-balance status
|
show |
Show settings, parameters, or dynamically generated information
|
client-load-balance |
Show settings, parameters, or dynamically generated information
|
status |
Show parameters for client load balancing in the WLAN
|
show client-monitor policy [ <string> ]
|
show |
Show settings, parameters, or dynamically generated information
|
client-monitor |
Show Client Monitor parameters
|
policy |
Show the parameters of all Client Monitor policies or one specific policy
|
<string> |
Enter the name of one specific Client Monitor policy (1-32 chars)
|
show clock
|
show |
Show settings, parameters, or dynamically generated information
|
clock |
Show the date, time of the internal clock
|
show cmds
|
show |
Show settings, parameters, or dynamically generated information
|
cmds |
Show CLI (Command Line Interface) commands including ones derived from optional keywords
|
show config rollback
|
show |
Show settings, parameters, or dynamically generated information
|
config |
Show parameters for the current configuration file, which is a flash file containing default and admin-defined settings
|
rollback |
Show the configuration rollback status, the mechanism for triggering it, and the length of time to wait before performing a rollback operation
|
show config running
|
show |
Show settings, parameters, or dynamically generated information
|
config |
Show parameters for the current configuration file, which is a flash file containing default and admin-defined settings
|
running |
Show the running configuration
|
show config running password
|
show |
Show settings, parameters, or dynamically generated information
|
config |
Show parameters for the current configuration file, which is a flash file containing default and admin-defined settings
|
running |
Show the running configuration
|
password |
Show passwords and sensitive networking keys as obscured text strings in the output (Default: Passwords and keys are represented by asterisks; Note: A HiveAP can recover an original string from an obscured one, but not if the string is replaced with asterisks.)
|
show config version
|
show |
Show settings, parameters, or dynamically generated information
|
config |
Show parameters for the current configuration file, which is a flash file containing default and admin-defined settings
|
version |
Show the version number of the current configuration file
|
show config {current|backup|bootstrap|default|failed}
|
show |
Show settings, parameters, or dynamically generated information
|
config |
Show parameters for the current configuration file, which is a flash file containing default and admin-defined settings
|
current |
Show the current configuration
|
backup |
Show the backup configuration
|
bootstrap |
Show the bootstrap configuration
|
default |
Show the default configuration
|
failed |
Show the failed configuration
|
show console
|
show |
Show settings, parameters, or dynamically generated information
|
console |
Show console parameter
|
show cpu [ {detail} ]
|
show |
Show settings, parameters, or dynamically generated information
|
cpu |
Show the percentage of the CPU used in total, for system operations, and for processing user traffic
|
detail |
Show CPU utilization in detail
|
show data-collection
|
show |
Show settings, parameters, or dynamically generated information
|
data-collection |
Show parameters for collecting data about the types and capabilities of devices on the network and their network usage
|
show device-group [ <string> ]
|
show |
Show settings, parameters, or dynamically generated information
|
device-group |
Show all device group names or the settings of an individual device group
|
<string> |
Enter a device group name (1-32 chars)
|
show dns
|
show |
Show settings, parameters, or dynamically generated information
|
dns |
Show DNS (Domain Name System) parameters
|
show domain-object [ <string> ]
|
show |
Show settings, parameters, or dynamically generated information
|
domain-object |
Show all domain object names or the device domains assigned to an individual domain object
|
<string> |
Enter an domain object name (1-32 chars)
|
show filter [ <number> ]
|
show |
Show settings, parameters, or dynamically generated information
|
filter |
Show capture filter parameters
|
<number> |
Enter a filter ID (Range: 1-64)
|
show forwarding-engine counters [ interface <wifix|wifix.y|ethx|mgtx> ] [ station <mac_addr> ] [ drop ]
|
show |
Show settings, parameters, or dynamically generated information
|
forwarding-engine |
Show forwarding engine parameters
|
counters |
Show forwarding engine counter statistics
|
interface |
Show forwarding engine counter by interface
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
station |
Show forwarding engine counter by station MAC
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
drop |
Show the drop packet counter
|
show forwarding-engine inter-ssid-flood
|
show |
Show settings, parameters, or dynamically generated information
|
forwarding-engine |
Show forwarding engine parameters
|
inter-ssid-flood |
Show status of flooding multicast or broadcast packets between access interfaces
|
show forwarding-engine ip-gates
|
show |
Show settings, parameters, or dynamically generated information
|
forwarding-engine |
Show forwarding engine parameters
|
ip-gates |
Show IP gates information
|
show forwarding-engine ip-sessions id <number>
|
show |
Show settings, parameters, or dynamically generated information
|
forwarding-engine |
Show forwarding engine parameters
|
ip-sessions |
Show IP session information
|
id |
Show a IP session by ID
|
<number> |
Enter the flow ID (Range: 1-9999)
|
show forwarding-engine mac-sessions [ src-mac <mac_addr> ] [ dst-mac <mac_addr> ] [ vlan <number> ]
|
show |
Show settings, parameters, or dynamically generated information
|
forwarding-engine |
Show forwarding engine parameters
|
mac-sessions |
Show MAC session information
|
src-mac |
Filter by source MAC
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
dst-mac |
Filter by destination MAC
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
vlan |
Filter by VLAN ID of station
|
<number> |
VLAN ID (Range: 1-4094)
|
show forwarding-engine mac-sessions id <number>
|
show |
Show settings, parameters, or dynamically generated information
|
forwarding-engine |
Show forwarding engine parameters
|
mac-sessions |
Show MAC session information
|
id |
Show a MAC session by ID
|
<number> |
Enter the flow ID (Range: 1-9999)
|
show forwarding-engine max-ip-sess-per-station
|
show |
Show settings, parameters, or dynamically generated information
|
forwarding-engine |
Show forwarding engine parameters
|
max-ip-sess-per-station |
Show the maximum number of IP sessions that can be created to or from a station
|
show forwarding-engine max-mac-sess-per-station
|
show |
Show settings, parameters, or dynamically generated information
|
forwarding-engine |
Show forwarding engine parameters
|
max-mac-sess-per-station |
Show the maximum number of MAC sessions that can be created to or from a station
|
show forwarding-engine open-ports-to-self
|
show |
Show settings, parameters, or dynamically generated information
|
forwarding-engine |
Show forwarding engine parameters
|
open-ports-to-self |
Show permitted services destined for the HiveAP itself when it is set to drop all non-management traffic
|
show forwarding-engine policy
|
show |
Show settings, parameters, or dynamically generated information
|
forwarding-engine |
Show forwarding engine parameters
|
policy |
Show policy information
|
show forwarding-engine static-rule
|
show |
Show settings, parameters, or dynamically generated information
|
forwarding-engine |
Show forwarding engine parameters
|
static-rule |
Show static packet-forwarding rules that preempts dynamic forwarding decisions
|
show forwarding-engine tunnel selective-multicast-forward
|
show |
Show settings, parameters, or dynamically generated information
|
forwarding-engine |
Show forwarding engine parameters
|
tunnel |
Show tunnel (GRE tunnel or GRE-over-IPsec tunnel) parameters
|
selective-multicast-forward |
Show the settings for selective multicast forwarding through GRE tunnels
|
show forwarding-engine tunnel tcp-mss-threshold
|
show |
Show settings, parameters, or dynamically generated information
|
forwarding-engine |
Show forwarding engine parameters
|
tunnel |
Show tunnel (GRE tunnel or GRE-over-IPsec tunnel) parameters
|
tcp-mss-threshold |
Show TCP MSS threshold parameters
|
show gre-tunnel
|
show |
Show settings, parameters, or dynamically generated information
|
gre-tunnel |
Show GRE (Generic Routing Encapsulation) tunnel information
|
show high-density status
|
show |
Show settings, parameters, or dynamically generated information
|
high-density |
Show parameters for optimizing performance in a high-density WLAN
|
status |
Show high-density settings and the running status of operations pertaining to them on both the 2.4 and 5 GHz radio bands
|
show history
|
show |
Show settings, parameters, or dynamically generated information
|
history |
Show command history
|
show hive <string> connecting-threshold
|
show |
Show settings, parameters, or dynamically generated information
|
hive |
Show hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
connecting-threshold |
Show hive neighbor connecting threshold parameters
|
show hive <string> counter neighbor [ <mac_addr> ]
|
show |
Show settings, parameters, or dynamically generated information
|
hive |
Show hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
counter |
Show detailed statistics (counters) for neighboring hive members
|
neighbor |
Show statistics for all neighbors or a single neighbor in this hive
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
show hive <string> manage
|
show |
Show settings, parameters, or dynamically generated information
|
hive |
Show hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
manage |
Show management options enabled on wireless backhaul interfaces in this hive
|
show hive <string> neighbor [ mac <mac_addr> ]
|
show |
Show settings, parameters, or dynamically generated information
|
hive |
Show hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
neighbor |
Show information about all neighbors currently associated with the Hive or about the ongoing wireless activity of a specific neighbor
|
mac |
Show the ongoing wireless activity of a neighbor that is currently associated with the Hive (Note: To stop the display of output, press CTRL+C.)
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
show hive <string> security wlan dos
|
show |
Show settings, parameters, or dynamically generated information
|
hive |
Show hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
security |
Show hive security parameters
|
wlan |
Show WLAN parameters
|
dos |
Show WLAN Dos parameters
|
show hive [ <string> ]
|
show |
Show settings, parameters, or dynamically generated information
|
hive |
Show hive parameters
|
<string> |
Enter a hive profile name (1-32 chars)
|
show hivemanager
|
show |
Show settings, parameters, or dynamically generated information
|
hivemanager |
Show HiveManager parameters
|
show hiveui cas client
|
show |
Show settings, parameters, or dynamically generated information
|
hiveui |
Show settings of the NetConfig UI for defining network settings, configuring settings to connect to HiveManager, and uploading a new HiveOS image
|
cas |
Show client and server parameters for CAS (Central Authentication Service), a protocol for authenticating users such as teachers accessing TeacherView
|
client |
Show parameters for the local AP to act as a CAS client
|
show hw-info
|
show |
Show settings, parameters, or dynamically generated information
|
hw-info |
Show hardware information
|
show icsa
|
show |
Show settings, parameters, or dynamically generated information
|
icsa |
Show ICSA (International Computer Security Association) parameters
|
show idm
|
show |
Show settings, parameters, or dynamically generated information
|
idm |
Show ID Manager information
|
show interface <ethx> allowed-vlan
|
show |
Show settings, parameters, or dynamically generated information
|
interface |
Show interface and subinterface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
allowed-vlan |
Show all allowed VLAN IDs on the interface
|
show interface <ethx> mac-learning {static|dynamic|all}
|
show |
Show settings, parameters, or dynamically generated information
|
interface |
Show interface and subinterface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
mac-learning |
Show entries in the MAC address learning table
|
static |
Show statically defined MAC address entries
|
dynamic |
Show dynamically learned MAC address entries
|
all |
Show statically defined and dynamically learned MAC address entries
|
show interface <ethx> manage
|
show |
Show settings, parameters, or dynamically generated information
|
interface |
Show interface and subinterface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
manage |
Show management options enabled on this interface
|
show interface <ethx> qos-classifier
|
show |
Show settings, parameters, or dynamically generated information
|
interface |
Show interface and subinterface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
qos-classifier |
Show the QoS classification profile (classifier) assigned to the interface
|
show interface <ethx> qos-marker
|
show |
Show settings, parameters, or dynamically generated information
|
interface |
Show interface and subinterface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
qos-marker |
Show the QoS marker profile assigned to the interface
|
show interface <ethx> rate-limit
|
show |
Show settings, parameters, or dynamically generated information
|
interface |
Show interface and subinterface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
rate-limit |
Show the settings for interface-based rate limiting
|
show interface <mgtx.y> manage
|
show |
Show settings, parameters, or dynamically generated information
|
interface |
Show interface and subinterface parameters
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
manage |
Show management options enabled on this interface
|
show interface <mgtx> dhcp keepalive
|
show |
Show settings, parameters, or dynamically generated information
|
interface |
Show interface and subinterface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
dhcp |
Show DHCP parameters
|
keepalive |
Show the status for keepalives to DHCP servers in the native VLAN, management interface VLAN, and all VLANs set in the DHCP keepalive range
|
show interface <mgtx> dhcp-probe results-summary
|
show |
Show settings, parameters, or dynamically generated information
|
interface |
Show interface and subinterface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
dhcp-probe |
Show DHCP probe parameters
|
results-summary |
Show a summary of DHCP probe results
|
show interface <mgtx|ethx|bgdx.y> dhcp client
|
show |
Show settings, parameters, or dynamically generated information
|
interface |
Show interface and subinterface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<bgdx.y> |
Enter the name of the BGD (Bonjour Gateway Daemon) interface (Ranges: x: 0; y: 1-16)
|
dhcp |
Show DHCP parameters
|
client |
Show DHCP client parameters
|
show interface <mgtx|mgtx.y> dhcp-server [ detail ]
|
show |
Show settings, parameters, or dynamically generated information
|
interface |
Show interface and subinterface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
dhcp-server |
Show the DHCP server parameters
|
detail |
Show details about the DHCP leases for currently active clients
|
show interface <mgtx|mgtx.y> ip-helper
|
show |
Show settings, parameters, or dynamically generated information
|
interface |
Show interface and subinterface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
ip-helper |
Show IP helper address information
|
show interface <mgtx|mgtx.y> ip-helper max-hops
|
show |
Show settings, parameters, or dynamically generated information
|
interface |
Show interface and subinterface parameters
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
ip-helper |
Show IP helper address information
|
max-hops |
Show max hops
|
show interface <wifix.y> multicast
|
show |
Show settings, parameters, or dynamically generated information
|
interface |
Show interface and subinterface parameters
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
multicast |
Show multicast settings, statistics, groups, and group members
|
show interface <wifix> channel
|
show |
Show settings, parameters, or dynamically generated information
|
interface |
Show interface and subinterface parameters
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
channel |
Show channel list of the radio interface
|
show interface <wifix> dfs
|
show |
Show settings, parameters, or dynamically generated information
|
interface |
Show interface and subinterface parameters
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
dfs |
Show DFS (Dynamic Frequency Selection) status
|
show interface <wifix> multicast
|
show |
Show settings, parameters, or dynamically generated information
|
interface |
Show interface and subinterface parameters
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
multicast |
Show multicast settings, statistics, groups, and group members
|
show interface <wifix> wlan-idp ap-info
|
show |
Show settings, parameters, or dynamically generated information
|
interface |
Show interface and subinterface parameters
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
wlan-idp |
Show WLAN IDP (intrusion detection and prevention) parameters
|
ap-info |
Show IDP AP statistics for the radio interface
|
show interface <wifix> wlan-idp ap-info compliance {compliant|non-compliant}
|
show |
Show settings, parameters, or dynamically generated information
|
interface |
Show interface and subinterface parameters
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
wlan-idp |
Show WLAN IDP (intrusion detection and prevention) parameters
|
ap-info |
Show IDP AP statistics for the radio interface
|
compliance |
Show one compliance type of IDP AP statistics for the radio interface
|
compliant |
Show compliant type of IDP AP statistics for the radio interface
|
non-compliant |
Show non-compliant type of IDP AP statistics for the radio interface
|
show interface <wifix> wlan-idp ap-info type {rogue|valid|external}
|
show |
Show settings, parameters, or dynamically generated information
|
interface |
Show interface and subinterface parameters
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
wlan-idp |
Show WLAN IDP (intrusion detection and prevention) parameters
|
ap-info |
Show IDP AP statistics for the radio interface
|
type |
Show one type of IDP AP statistics for the radio interface
|
rogue |
Show rogue type of IDP AP statistics for the radio interface
|
valid |
Show valid type of IDP AP statistics for the radio interface
|
external |
Show external type of IDP AP statistics for the radio interface
|
show interface <wifix> wlan-idp client-info
|
show |
Show settings, parameters, or dynamically generated information
|
interface |
Show interface and subinterface parameters
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
wlan-idp |
Show WLAN IDP (intrusion detection and prevention) parameters
|
client-info |
Show IDP client statistics for the radio interface
|
show interface <wifix> wlan-idp mitigate rogue-ap [ <mac_addr> ]
|
show |
Show settings, parameters, or dynamically generated information
|
interface |
Show interface and subinterface parameters
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
wlan-idp |
Show WLAN IDP (intrusion detection and prevention) parameters
|
mitigate |
Show mitigated rogue APs and their clients
|
rogue-ap |
Show rogue APs currently being mitigated or clients connected to a specific rogue AP
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
show interface <wifix|wifix.y> counter
|
show |
Show settings, parameters, or dynamically generated information
|
interface |
Show interface and subinterface parameters
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
counter |
Show detailed statistics (counters) for traffic traversing the interface
|
show interface [ <ethx|mgtx|mgtx.y|wifix|wifix.y|tunnelx|bgdx.y> ]
|
show |
Show settings, parameters, or dynamically generated information
|
interface |
Show interface and subinterface parameters
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
<mgtx> |
Enter the name of the management interface, where x = 0
|
<mgtx.y> |
Enter the name of the virtual management interface (Ranges: x: 0; y: 1-16)
|
<wifix> |
Enter the name of a Wi-Fi radio interface, where x = 0 or 1
|
<wifix.y> |
Enter the name of a Wi-Fi radio subinterface (Ranges: x: 0-1; y: 1-16)
|
<tunnelx> |
Enter the name of the tunnel interface, where x = 0 or 1
|
<bgdx.y> |
Enter the name of the BGD (Bonjour Gateway Daemon) interface (Ranges: x: 0; y: 1-16)
|
show ip path-mtu-discovery
|
show |
Show settings, parameters, or dynamically generated information
|
ip |
Show IP parameters
|
path-mtu-discovery |
Show the Path MTU Discovery status
|
show ip route
|
show |
Show settings, parameters, or dynamically generated information
|
ip |
Show IP parameters
|
route |
Show IP routing table
|
show ip tcp-mss-threshold
|
show |
Show settings, parameters, or dynamically generated information
|
ip |
Show IP parameters
|
tcp-mss-threshold |
Show the TCP MSS threshold parameters
|
show ip-policy
|
show |
Show settings, parameters, or dynamically generated information
|
ip-policy |
Show parameters for IP policy
|
show ip-policy <string>
|
show |
Show settings, parameters, or dynamically generated information
|
ip-policy |
Show parameters for IP policy
|
<string> |
Enter an IP policy name (1-32 chars)
|
show ip-policy user-profile <number|string> [ {from-access|to-access} ] [ from <ip_addr|string> <mask> ] [ to <ip_addr|string> <mask> ] [ service <string> ] [ action {permit|deny|inter-station-traffic-drop} ] [ lines <number> ]
|
show |
Show settings, parameters, or dynamically generated information
|
ip-policy |
Show parameters for IP policy
|
user-profile |
Show parameters for a user profile
|
<number> |
Enter the user profile name or ID
|
<string> |
Enter the user profile name or ID
|
from-access |
Show IP policy for data sent from this station
|
to-access |
how IP policy for data arriving at this station
|
from |
Show the specific source IP (Default: any)
|
<ip_addr> |
Enable an IP or net address
|
<string> |
Enable an IP or net address
|
<mask> |
Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
|
to |
Show the specific destination IP (Default: any)
|
<ip_addr> |
Enter an IP or net address
|
<string> |
Enter an IP or net address
|
<mask> |
Enter a netmask or IP wildcard mask in which 0 masks the octet where it appears (For example, the 0s in '255.0.0.255' mask the second and third octets, applying the IP policy to all addresses matching only the first and fourth octets.)
|
service |
Show the specific service (Default: any)
|
<string> |
Enter the service (1-32 chars)
|
action |
Show the action (Default:any)
|
permit |
Set the action
|
deny |
Set the action
|
inter-station-traffic-drop |
Set the action
|
lines |
Set the most number of IP policy to show
|
<number> |
Enter a num (Range: 1-32)
|
show l3 interface
|
show |
Show settings, parameters, or dynamically generated information
|
l3 |
Show Layer 3 information
|
interface |
Show all Layer 3 interfaces
|
show library-sip-policy [ <string> ]
|
show |
Show settings, parameters, or dynamically generated information
|
library-sip-policy |
Display library SIP policy settings
|
<string> |
Enter a library SIP policy name (1-32 chars)
|
show license
|
show |
Show settings, parameters, or dynamically generated information
|
license |
Show license infomation
|
show lldp [ {cdp} ] [ {neighbor} ]
|
show |
Show settings, parameters, or dynamically generated information
|
lldp |
Set LLDP (Link Layer Discovery Protocol) parameters
|
cdp |
Set CDP (Cisco Discovery Protocol) parameters
|
neighbor |
Show the LLDP or CDP neighbor table
|
show location [ {aeroscout|tzsp} ]
|
show |
Show settings, parameters, or dynamically generated information
|
location |
Show parameters for location tracking
|
aeroscout |
Show parameters for the location processing engine
|
tzsp |
Show parameters for the location processing engine
|
show location aerohive
|
show |
Show settings, parameters, or dynamically generated information
|
location |
Show parameters for location tracking
|
aerohive |
Show parameters for the Aerohive location processing engine
|
show location aerohive list
|
show |
Show settings, parameters, or dynamically generated information
|
location |
Show parameters for location tracking
|
aerohive |
Show parameters for the Aerohive location processing engine
|
list |
Show the entries in the track list
|
show location aerohive rssi
|
show |
Show settings, parameters, or dynamically generated information
|
location |
Show parameters for location tracking
|
aerohive |
Show parameters for the Aerohive location processing engine
|
rssi |
Show the RSSI readings of tracked stations
|
show location aerohive rssi mac <mac_addr>
|
show |
Show settings, parameters, or dynamically generated information
|
location |
Show parameters for location tracking
|
aerohive |
Show parameters for the Aerohive location processing engine
|
rssi |
Show the RSSI readings of tracked stations
|
mac |
Show the RSSI readings of a specific tracked station as determined by its MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
show location aerohive rssi oui <oui>
|
show |
Show settings, parameters, or dynamically generated information
|
location |
Show parameters for location tracking
|
aerohive |
Show parameters for the Aerohive location processing engine
|
rssi |
Show the RSSI readings of tracked stations
|
oui |
Show the RSSI readings of specific tracked stations as determined by the OUI (organizationally unique identifier) portion of their MAC addresses
|
<oui> |
Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
|
show location {aeroscout|tzsp} counter
|
show |
Show settings, parameters, or dynamically generated information
|
location |
Show parameters for location tracking
|
aeroscout |
Show parameters for the location processing engine
|
tzsp |
Show parameters for the location processing engine
|
counter |
Show statistics for location reports sent to the location processing engine
|
show logging
|
show |
Show settings, parameters, or dynamically generated information
|
logging |
Show logging information
|
show logging {buffered|flash|debug} [ level {emergency|alert|critical|error|warning|notification|info|debug} ] [ tail <number> ] [ date <date> ] [ time <time> ]
|
show |
Show settings, parameters, or dynamically generated information
|
logging |
Show logging information
|
buffered |
Show buffered messages
|
flash |
Show flash messages
|
debug |
Show debug messages
|
level |
Specify a logging level
|
emergency |
Show emergency-level log entries (Default: debug)
|
alert |
Show log entries from alert to emergency levels (Default: debug)
|
critical |
Show log entries from critical to emergency levels (Default: debug)
|
error |
Show log entries from error to emergency levels (Default: debug)
|
warning |
Show log entries from warning to emergency levels (Default: debug)
|
notification |
Show log entries from notification to emergency levels (Default: debug)
|
info |
Show log entries from info to emergency levels (Default: debug)
|
debug |
Show log entries for all severity levels (Default: debug)
|
tail |
Show log number
|
<number> |
Show log number (Range: 1-65535)
|
date |
Show messages start date
|
<date> |
Show messages date (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
|
time |
Show messages start time
|
<time> |
Show messages time (Format: hh:mm:ss)
|
show mac-object [ <string> ]
|
show |
Show settings, parameters, or dynamically generated information
|
mac-object |
Show all MAC object names or the parameters of an individual MAC object
|
<string> |
Enter an MAC object name (1-32 chars)
|
show mac-policy
|
show |
Show settings, parameters, or dynamically generated information
|
mac-policy |
Show parameters for MAC policy
|
show mac-policy <string> [ from <mac_addr> [ <number> ] ] [ to <mac_addr> [ <number> ] ] [ action {permit|deny} ] [ lines <number> ]
|
show |
Show settings, parameters, or dynamically generated information
|
mac-policy |
Show parameters for MAC policy
|
<string> |
Enter a MAC policy name (1-32 chars)
|
from |
Show the specific source MAC (Default: any)
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
<number> |
Enter a MAC mask length (value: 0, 24, 48)
|
to |
Show the specific destination MAC (Default: any)
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
<number> |
Enter a MAC mask length (value: 0, 24, 48)
|
action |
Show the specific action (Default:any)
|
permit |
Set the action
|
deny |
Set the action
|
lines |
Set the most number of MAC policy to show
|
<number> |
Enter a num (Range: 1-32)
|
show mac-policy user-profile <number|string> [ {from-access|to-access} ] [ from <mac_addr> [ <number> ] ] [ to <mac_addr> [ <number> ] ] [ action {permit|deny} ] [ lines <number> ]
|
show |
Show settings, parameters, or dynamically generated information
|
mac-policy |
Show parameters for MAC policy
|
user-profile |
Show parameters for a user profile
|
<number> |
Enter the user profile name or ID
|
<string> |
Enter the user profile name or ID
|
from-access |
Show MAC policy for data sent from this station
|
to-access |
how IP policy for data arriving at this station
|
from |
Show the specific source MAC (Default: any)
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
<number> |
Enter a MAC mask length (value: 0, 24, 48)
|
to |
Show the specific destination MAC (Default: any)
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
<number> |
Enter a MAC mask length (value: 0, 24, 48)
|
action |
Show the specific action (Default:any)
|
permit |
Set the action
|
deny |
Set the action
|
lines |
Set the most number of MAC policy to show
|
<number> |
Enter a num (Range: 1-32)
|
show mdnsd [ {cache|auth-record|duplicate-record|auth-record-proxied|duplicate-record-proxied|active-client-requests|interface|questions|memory|others} ]
|
show |
Show settings, parameters, or dynamically generated information
|
mdnsd |
Show MDNS daemon information
|
cache |
Show MDNS daemon cache information
|
auth-record |
Show MDNS daemon auth-record information
|
duplicate-record |
Show MDNS daemon duplicate-record information
|
auth-record-proxied |
Show MDNS daemon auth-record-proxied information
|
duplicate-record-proxied |
Show MDNS daemon duplicate-record-proxied information
|
active-client-requests |
Show MDNS daemon active-client-requests information
|
interface |
Show MDNS daemon interface information
|
questions |
Show MDNS daemon questions information
|
memory |
Show MDNS daemon memory information
|
others |
Show MDNS daemon others information
|
show memory [ {detail} ]
|
show |
Show settings, parameters, or dynamically generated information
|
memory |
Show total, free, and used system memory statistics
|
detail |
Show system memory statistics in detail
|
show min-password-length
|
show |
Show settings, parameters, or dynamically generated information
|
min-password-length |
Show the minimum password length
|
show mobile-device-policy [ <string> ]
|
show |
Show settings, parameters, or dynamically generated information
|
mobile-device-policy |
Show all mobile device policy names or the settings of an individual policy
|
<string> |
Enter a mobile device policy name (1-32 chars)
|
show mobility-policy [ <string> ]
|
show |
Show settings, parameters, or dynamically generated information
|
mobility-policy |
Show the parameters of all mobility policies or enter the name of a specific policy to see the parameters for just that one
|
<string> |
Enter the name of a specific mobility policy
|
show mobility-threshold gre-tunnel permitted-load
|
show |
Show settings, parameters, or dynamically generated information
|
mobility-threshold |
Show the settings for tunneling mobile user traffic
|
gre-tunnel |
Show the settings for the volume of traffic that the local AP accepts through GRE tunnels (Note: This only applies to portals in a L3 roaming environment.)
|
permitted-load |
Show the level determining how much tunneled traffic from mobile users the local AP accepts
|
show ntp
|
show |
Show settings, parameters, or dynamically generated information
|
ntp |
Show NTP (Network Time Protocol) parameters
|
show os-detection [ {option55-to-os-database|dhcp-fingerprint-version} ]
|
show |
Show settings, parameters, or dynamically generated information
|
os-detection |
Display the OS (Operating System) detection configuration
|
option55-to-os-database |
Display the contents of the database that contains the option55-to-database mapping (Note: The command displays user configuration database and default database contents.)
|
dhcp-fingerprint-version |
Display DHCP fingerprint file version
|
show os-object [ <string> ]
|
show |
Show settings, parameters, or dynamically generated information
|
os-object |
Show all OS object names or the operating systems assigned to an individual OS object
|
<string> |
Enter an OS object name (1-32 chars)
|
show performance-sentinel
|
show |
Show settings, parameters, or dynamically generated information
|
performance-sentinel |
Show performance sentinel parameters
|
show ppsk schedule [ <string> ]
|
show |
Show settings, parameters, or dynamically generated information
|
ppsk |
Show parameters of private-PSK
|
schedule |
Show information about previously defined private-PSK schedules
|
<string> |
Enter a name to see information about a specific schedule (1-32 chars)
|
show proxy
|
show |
Show settings, parameters, or dynamically generated information
|
proxy |
Show proxy parameters
|
show qos
|
show |
Show settings, parameters, or dynamically generated information
|
qos |
Show QoS (Quality of Service) parameters
|
show qos classifier-map 80211e [ <number> ]
|
show |
Show settings, parameters, or dynamically generated information
|
qos |
Show QoS (Quality of Service) parameters
|
classifier-map |
Show the mapping of QoS priority markers on incoming packets to Aerohive QoS classes
|
80211e |
Show mapping of IEEE 802.11e priority markers on incoming packets to Aerohive QoS classes
|
<number> |
Enter the IEEE 802.11e user priority (Range: 0-7)
|
show qos classifier-map 8021p [ <number> ]
|
show |
Show settings, parameters, or dynamically generated information
|
qos |
Show QoS (Quality of Service) parameters
|
classifier-map |
Show the mapping of QoS priority markers on incoming packets to Aerohive QoS classes
|
8021p |
Show mapping of IEEE 802.1p priority markers on incoming packets to Aerohive QoS classes
|
<number> |
Enter IEEE 802.1p priority (Range: 0-7)
|
show qos classifier-map diffserv [ <number> ]
|
show |
Show settings, parameters, or dynamically generated information
|
qos |
Show QoS (Quality of Service) parameters
|
classifier-map |
Show the mapping of QoS priority markers on incoming packets to Aerohive QoS classes
|
diffserv |
Show mapping of diffserv DSCP (Differentiated Services Code Point) values on incoming packets to Aerohive QoS classes
|
<number> |
Enter The DSCP class (Range: 0-63)
|
show qos classifier-map interface <ethx>
|
show |
Show settings, parameters, or dynamically generated information
|
qos |
Show QoS (Quality of Service) parameters
|
classifier-map |
Show the mapping of QoS priority markers on incoming packets to Aerohive QoS classes
|
interface |
Show interface-based classification table
|
<ethx> |
Enter the name of an Ethernet interface, where x = 0
|
show qos classifier-map oui [ <oui> ]
|
show |
Show settings, parameters, or dynamically generated information
|
qos |
Show QoS (Quality of Service) parameters
|
classifier-map |
Show the mapping of QoS priority markers on incoming packets to Aerohive QoS classes
|
oui |
Show the MAC OUI (Organizational Unique Identifier) classification table
|
<oui> |
Enter the OUI (Note: You can use colons, dashes, or periods to format the OUI. Examples: Apple iPhone=00:1b:63; D-Link Phone=00-17-9a; Vocera=00.09.ef.)
|
show qos classifier-map service [ <string> ]
|
show |
Show settings, parameters, or dynamically generated information
|
qos |
Show QoS (Quality of Service) parameters
|
classifier-map |
Show the mapping of QoS priority markers on incoming packets to Aerohive QoS classes
|
service |
Show the service-based classification table or enter the name of a specific service to see the QoS classification for just that one
|
<string> |
Enter the name of a specific service
|
show qos classifier-map ssid <string>
|
show |
Show settings, parameters, or dynamically generated information
|
qos |
Show QoS (Quality of Service) parameters
|
classifier-map |
Show the mapping of QoS priority markers on incoming packets to Aerohive QoS classes
|
ssid |
Show SSID (Service Set Identifier) profile names and individual profile parameters
|
<string> |
Enter an SSID name
|
show qos classifier-profile [ <string> ]
|
show |
Show settings, parameters, or dynamically generated information
|
qos |
Show QoS (Quality of Service) parameters
|
classifier-profile |
Show the parameters of all QoS classification profiles or enter the name of a specific profile to see the parameters of just that one
|
<string> |
Enter the name of a specific QoS classifier profile
|
show qos counter user [ <mac_addr> ]
|
show |
Show settings, parameters, or dynamically generated information
|
qos |
Show QoS (Quality of Service) parameters
|
counter |
Show QoS statistics counters
|
user |
Show station QoS statistics counters
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
show qos counter user-profile [ <string> ]
|
show |
Show settings, parameters, or dynamically generated information
|
qos |
Show QoS (Quality of Service) parameters
|
counter |
Show QoS statistics counters
|
user-profile |
Show QoS statistics counters for all user profiles or enter the name of a specific user profile to see counters for just that one
|
<string> |
Enter the name of a specific user profile
|
show qos marker-map 80211e [ <number> ]
|
show |
Show settings, parameters, or dynamically generated information
|
qos |
Show QoS (Quality of Service) parameters
|
marker-map |
Show the mapping of Aerohive QoS classes to QoS priority markers on outgoing packets
|
80211e |
Show mapping of Aerohive QoS classes to IEEE 802.11e priority markers on outgoing packets
|
<number> |
Enter the Aerohive QoS class (Range: 0-7)
|
show qos marker-map 8021p [ <number> ]
|
show |
Show settings, parameters, or dynamically generated information
|
qos |
Show QoS (Quality of Service) parameters
|
marker-map |
Show the mapping of Aerohive QoS classes to QoS priority markers on outgoing packets
|
8021p |
Show mapping of Aerohive QoS classes to IEEE 802.1p priority markers on outgoing packets
|
<number> |
Enter the Aerohive QoS class (Range: 0-7)
|
show qos marker-map diffserv [ <number> ]
|
show |
Show settings, parameters, or dynamically generated information
|
qos |
Show QoS (Quality of Service) parameters
|
marker-map |
Show the mapping of Aerohive QoS classes to QoS priority markers on outgoing packets
|
diffserv |
Show map of Aerohive QoS classes to diffserv DSCP (Differentiated Services Code Point) values on outgoing packets
|
<number> |
Enter the Aerohive QoS class (Range: 0-7)
|
show qos marker-map {diffserv|8021p} <string>
|
show |
Show settings, parameters, or dynamically generated information
|
qos |
Show QoS (Quality of Service) parameters
|
marker-map |
Show the mapping of Aerohive QoS classes to QoS priority markers on outgoing packets
|
diffserv |
Show map of Aerohive QoS classes to diffserv DSCP (Differentiated Services Code Point) values on outgoing packets
|
8021p |
Show mapping of Aerohive QoS classes to IEEE 802.1p priority markers on outgoing packets
|
<string> |
Enter marker name (1-32 chars)
|
show qos marker-profile [ <string> ]
|
show |
Show settings, parameters, or dynamically generated information
|
qos |
Show QoS (Quality of Service) parameters
|
marker-profile |
Show the parameters for all QoS marker profiles or enter a name to see those of a specific one
|
<string> |
Enter the name of a specific QoS marker profile
|
show qos policy [ <string> ]
|
show |
Show settings, parameters, or dynamically generated information
|
qos |
Show QoS (Quality of Service) parameters
|
policy |
Show the parameters for all QoS policies or enter a name to see those of a specific one
|
<string> |
Enter the name of a specific a QoS policy
|
show radio profile [ <string> ]
|
show |
Show settings, parameters, or dynamically generated information
|
radio |
Show radio profile parameters
|
profile |
Show radio profile parameters for an interface
|
<string> |
Enter a radio profile name
|
show reboot schedule
|
show |
Show settings, parameters, or dynamically generated information
|
reboot |
Show if the system is scheduled to reboot
|
schedule |
Show the next scheduled reboot time, if set
|
show report statistic
|
show |
Show settings, parameters, or dynamically generated information
|
report |
Show report parameters for traffic statistics
|
statistic |
Show parameters for reporting interface-level and client-level traffic statistics
|
show reset-button
|
show |
Show settings, parameters, or dynamically generated information
|
reset-button |
Show the state of reset button to reset the AP to its factory default settings or, if set, to a bootstrap config
|
show roaming cache
|
show |
Show settings, parameters, or dynamically generated information
|
roaming |
Show the roaming cache and neighbors
|
cache |
Show the roaming cache containing MAC addresses and PMKs (Pairwise Master Keys)
|
show roaming cache mac <mac_addr>
|
show |
Show settings, parameters, or dynamically generated information
|
roaming |
Show the roaming cache and neighbors
|
cache |
Show the roaming cache containing MAC addresses and PMKs (Pairwise Master Keys)
|
mac |
Specify a station MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
show roaming neighbor [ mac <mac_addr> ] [ ip <ip_addr> ]
|
show |
Show settings, parameters, or dynamically generated information
|
roaming |
Show the roaming cache and neighbors
|
neighbor |
Show the neighbors to which associated stations can roam
|
mac |
Specify a station MAC address
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
ip |
Specify station IP
|
<ip_addr> |
Specify IP address
|
show route
|
show |
Show settings, parameters, or dynamically generated information
|
route |
Show route parameters
|
show running-config
|
show |
Show settings, parameters, or dynamically generated information
|
running-config |
Show currently running configurations
|
show running-config password
|
show |
Show settings, parameters, or dynamically generated information
|
running-config |
Show currently running configurations
|
password |
Show passwords and sensitive networking keys as obscured text strings in the output (Default: Passwords and keys are represented by asterisks; Note: A HiveAP can recover an original string from an obscured one, but not if the string is replaced with asterisks.)
|
show running-config users [ password ] [ all ]
|
show |
Show settings, parameters, or dynamically generated information
|
running-config |
Show currently running configurations
|
users |
Show users configurations
|
password |
Show passwords and sensitive networking keys as obscured text strings in the output (Default: Passwords and keys are represented by asterisks; Note: A HiveAP can recover an original string from an obscured one, but not if the string is replaced with asterisks.)
|
all |
Show all the user configurations including temporary users
|
show running-config xauth-clients [ password ]
|
show |
Show settings, parameters, or dynamically generated information
|
running-config |
Show currently running configurations
|
xauth-clients |
Show the configuration of VPN clients and the passwords that they submit to the VPN server during the Xauth procedure between IKE phase 1 and phase 2 negotiations
|
password |
Show passwords and sensitive networking keys as obscured text strings in the output (Default: Passwords and keys are represented by asterisks; Note: A HiveAP can recover an original string from an obscured one, but not if the string is replaced with asterisks.)
|
show schedule [ <string> ]
|
show |
Show settings, parameters, or dynamically generated information
|
schedule |
Show information about previously defined schedules
|
<string> |
Enter a name to see information about a specific schedule (1-32 chars)
|
show schedule-in-detail
|
show |
Show settings, parameters, or dynamically generated information
|
schedule-in-detail |
Show detailed information about all previously defined schedules
|
show security mac-filter [ <string> ]
|
show |
Show settings, parameters, or dynamically generated information
|
security |
Show security parameters
|
mac-filter |
Show MAC-filter parameters
|
<string> |
Specify MAC-filter name
|
show security protocol-suite
|
show |
Show settings, parameters, or dynamically generated information
|
security |
Show security parameters
|
protocol-suite |
Show predefine security protocol suites
|
show security-object <string> dhcp-server
|
show |
Show settings, parameters, or dynamically generated information
|
security-object |
Show security object names and individual parameters
|
<string> |
Enter a security object name (1-32 chars)
|
dhcp-server |
Show DHCP-server parameters
|
show security-object <string> dns-server
|
show |
Show settings, parameters, or dynamically generated information
|
security-object |
Show security object names and individual parameters
|
<string> |
Enter a security object name (1-32 chars)
|
dns-server |
Show DNS-server parameters
|
show security-object <string> mobile-device-manager {jss|airwatch|aerohive}
|
show |
Show settings, parameters, or dynamically generated information
|
security-object |
Show security object names and individual parameters
|
<string> |
Enter a security object name (1-32 chars)
|
mobile-device-manager |
Show mobile device manager parameters
|
jss |
JAMP software server
|
airwatch |
AirWatch MDM server
|
aerohive |
Aerohive MDM server
|
show security-object <string> mobile-device-policy
|
show |
Show settings, parameters, or dynamically generated information
|
security-object |
Show security object names and individual parameters
|
<string> |
Enter a security object name (1-32 chars)
|
mobile-device-policy |
Show the mobile device policy to which the security object is bound
|
show security-object <string> security aaa
|
show |
Show settings, parameters, or dynamically generated information
|
security-object |
Show security object names and individual parameters
|
<string> |
Enter a security object name (1-32 chars)
|
security |
Show security settings
|
aaa |
Show AAA (authentication, authorization, and accounting) settings
|
show security-object <string> security protocol-suite
|
show |
Show settings, parameters, or dynamically generated information
|
security-object |
Show security object names and individual parameters
|
<string> |
Enter a security object name (1-32 chars)
|
security |
Show security settings
|
protocol-suite |
Show the security protocol suite
|
show security-object <string> walled-garden
|
show |
Show settings, parameters, or dynamically generated information
|
security-object |
Show security object names and individual parameters
|
<string> |
Enter a security object name (1-32 chars)
|
walled-garden |
Show the list of walled gardens
|
show security-object <string> web-server
|
show |
Show settings, parameters, or dynamically generated information
|
security-object |
Show security object names and individual parameters
|
<string> |
Enter a security object name (1-32 chars)
|
web-server |
Show the internal web server configuration in the interface
|
show security-object [ <string> ]
|
show |
Show settings, parameters, or dynamically generated information
|
security-object |
Show security object names and individual parameters
|
<string> |
Enter a security object name (1-32 chars)
|
show service [ <string> ]
|
show |
Show settings, parameters, or dynamically generated information
|
service |
Show details or counters about predefined and custom services
|
<string> |
Show the transport protocol, port, and timeout for a specific service
|
show service [ <string> ] counter
|
show |
Show settings, parameters, or dynamically generated information
|
service |
Show details or counters about predefined and custom services
|
<string> |
Show the transport protocol, port, and timeout for a specific service
|
counter |
Show counter statistics for all services or for a specific service
|
show snmp [ {v3-admin} ]
|
show |
Show settings, parameters, or dynamically generated information
|
snmp |
Show SNMP (Simple Network Management Protocol) parameters
|
v3-admin |
Show parameters for SNMP v3 administrators
|
show snmp community [ {read-only} ]
|
show |
Show settings, parameters, or dynamically generated information
|
snmp |
Show SNMP (Simple Network Management Protocol) parameters
|
community |
Show previously defined SNMP communities and their parameters
|
read-only |
Enter a community privilege to show previously defined SNMP communities parameters
|
show snmp contact
|
show |
Show settings, parameters, or dynamically generated information
|
snmp |
Show SNMP (Simple Network Management Protocol) parameters
|
contact |
Show SNMP contact information
|
show snmp location
|
show |
Show settings, parameters, or dynamically generated information
|
snmp |
Show SNMP (Simple Network Management Protocol) parameters
|
location |
Show the AP location for SNMP
|
show snmp trap-host
|
show |
Show settings, parameters, or dynamically generated information
|
snmp |
Show SNMP (Simple Network Management Protocol) parameters
|
trap-host |
Show parameters for SNMP trap host
|
show ssh-tunnel
|
show |
Show settings, parameters, or dynamically generated information
|
ssh-tunnel |
Show SSH (Secure Shell) tunnel parameters
|
show ssid <string> counter station [ <mac_addr> ]
|
show |
Show settings, parameters, or dynamically generated information
|
ssid |
Show SSID (Service Set Identifier) profile names and individual profile parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
counter |
Show detailed statistics (counters) for stations (wireless clients) associated with the SSID
|
station |
Show statistics for all stations or a specific station associated with the SSID
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
show ssid <string> manage
|
show |
Show settings, parameters, or dynamically generated information
|
ssid |
Show SSID (Service Set Identifier) profile names and individual profile parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
manage |
Show management options enabled on subinterfaces bound to the SSID
|
show ssid <string> multicast
|
show |
Show settings, parameters, or dynamically generated information
|
ssid |
Show SSID (Service Set Identifier) profile names and individual profile parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
multicast |
Show multicast settings
|
show ssid <string> qos-classifier
|
show |
Show settings, parameters, or dynamically generated information
|
ssid |
Show SSID (Service Set Identifier) profile names and individual profile parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
qos-classifier |
Show the QoS classification profile (classifier) assigned to the interface
|
show ssid <string> qos-marker
|
show |
Show settings, parameters, or dynamically generated information
|
ssid |
Show SSID (Service Set Identifier) profile names and individual profile parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
qos-marker |
Show the QoS marker profile assigned to the interface
|
show ssid <string> schedule [ detail ]
|
show |
Show settings, parameters, or dynamically generated information
|
ssid |
Show SSID (Service Set Identifier) profile names and individual profile parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
schedule |
Show all schedules bound to the SSID
|
detail |
Show detailed information about all schedules bound to the SSID
|
show ssid <string> security screening [ detail ]
|
show |
Show settings, parameters, or dynamically generated information
|
ssid |
Show SSID (Service Set Identifier) profile names and individual profile parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
security |
Show SSID security parameters
|
screening |
Show SSID security screening parameters
|
detail |
Show more information
|
show ssid <string> security wlan dos
|
show |
Show settings, parameters, or dynamically generated information
|
ssid |
Show SSID (Service Set Identifier) profile names and individual profile parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
security |
Show SSID security parameters
|
wlan |
Show SSID WLAN parameters
|
dos |
Show SSID DoS parameters
|
show ssid <string> station [ mac <mac_addr> ]
|
show |
Show settings, parameters, or dynamically generated information
|
ssid |
Show SSID (Service Set Identifier) profile names and individual profile parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
station |
Show information about all stations currently associated with the SSID or about the ongoing wireless activity of a specific station
|
mac |
Show the ongoing wireless activity of a station that is currently associated with the SSID (Note: To stop the display of output, press CTRL+C.)
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
show ssid <string> station ipv6
|
show |
Show settings, parameters, or dynamically generated information
|
ssid |
Show SSID (Service Set Identifier) profile names and individual profile parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
station |
Show information about all stations currently associated with the SSID or about the ongoing wireless activity of a specific station
|
ipv6 |
Show IPv6 related information
|
show ssid <string> user-group
|
show |
Show settings, parameters, or dynamically generated information
|
ssid |
Show SSID (Service Set Identifier) profile names and individual profile parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
user-group |
Show SSID bind user-groups
|
show ssid [ <string> ]
|
show |
Show settings, parameters, or dynamically generated information
|
ssid |
Show SSID (Service Set Identifier) profile names and individual profile parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
show ssid-schedule
|
show |
Show settings, parameters, or dynamically generated information
|
ssid-schedule |
Show the status of all SSID schedules
|
show station [ <mac_addr> ]
|
show |
Show settings, parameters, or dynamically generated information
|
station |
Show information about all stations or about the ongoing wireless activity of a specific station
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
show station [ <mac_addr> ] counter
|
show |
Show settings, parameters, or dynamically generated information
|
station |
Show information about all stations or about the ongoing wireless activity of a specific station
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
counter |
Show detailed statistics (counters) for stations (wireless clients) associated with the HiveAP
|
show station ipv6
|
show |
Show settings, parameters, or dynamically generated information
|
station |
Show information about all stations or about the ongoing wireless activity of a specific station
|
ipv6 |
Show IPv6 related information
|
show system
|
show |
Show settings, parameters, or dynamically generated information
|
system |
Show system information
|
show system disk-info
|
show |
Show settings, parameters, or dynamically generated information
|
system |
Show system information
|
disk-info |
Show disk information
|
show system led
|
show |
Show settings, parameters, or dynamically generated information
|
system |
Show system information
|
led |
Show LED configuration parameters and current status
|
show system processes [ state ]
|
show |
Show settings, parameters, or dynamically generated information
|
system |
Show system information
|
processes |
Show processes information
|
state |
Show processes running state
|
show teacher-view resource-map
|
show |
Show settings, parameters, or dynamically generated information
|
teacher-view |
Show parameters for TeacherView, a tool for controlling student access to the network and monitoring their activity
|
resource-map |
Show all previously defined mappings of network resources to IP addresses and port numbers
|
show tech
|
show |
Show settings, parameters, or dynamically generated information
|
tech |
Show the output of many "show" commands that display all the important settings and runtime data
|
show tech <url> [ admin <string> password <string> {basic|digest} ] [ proxy <string> [ proxy-admin <string> password <string> ] ]
|
show |
Show settings, parameters, or dynamically generated information
|
tech |
Show the output of many "show" commands that display all the important settings and runtime data
|
<url> |
Enter the HTTP protocol, remote server domain name, port, directory path, and file name (Default port: 80; 1-256 chars; Format: http://domain/path/file, http://domain:port/path/file; Note: You can substitute 'https' for 'http'.)
|
admin |
Set the name of the server administrator
|
<string> |
Enter the administrator name (1-32 chars)
|
password |
Set the password for the server administrator
|
<string> |
Enter the server password (1-64 chars)
|
basic |
Set the access authentication scheme as basic, which appends a user name and password encoded with the Base64 algorithm to the authorization header in HTTP requests
|
digest |
Set the access authentication scheme as digest, which appends an MD5 checksum of the username, password, and other values to the authorization header in HTTP requests
|
proxy |
Set parameters for the HTTP proxy server
|
<string> |
Enter the domain name or IP address and, optionally, the port number for the HTTP proxy server (Max length: 64 chars; Format: domainname, ip_addr, domainname:port, or ip_addr:port)
|
proxy-admin |
Set the name of the proxy administrator
|
<string> |
Enter the proxy administrator name (1-32 chars)
|
password |
Set the password for the proxy administrator
|
<string> |
Enter the proxy password (1-64 chars)
|
show time-zone
|
show |
Show settings, parameters, or dynamically generated information
|
time-zone |
Show time zone
|
show track [ <string> ]
|
show |
Show settings, parameters, or dynamically generated information
|
track |
Show IP tracking information
|
<string> |
Show IP tracking information for the group (1-32 chars)
|
show user
|
show |
Show settings, parameters, or dynamically generated information
|
user |
Show all user
|
show user-group <string> psk-digest [ <string> ]
|
show |
Show settings, parameters, or dynamically generated information
|
user-group |
Show a user group parameters
|
<string> |
Enter the user group name (1-32 chars)
|
psk-digest |
Show the digest string for the auto-PSK
|
<string> |
Enter the user name (1-32 chars)
|
show user-group [ <string> ]
|
show |
Show settings, parameters, or dynamically generated information
|
user-group |
Show a user group parameters
|
<string> |
Enter the user group name (1-32 chars)
|
show user-profile <string> cac airtime-percentage
|
show |
Show settings, parameters, or dynamically generated information
|
user-profile |
Show parameters for a user profile
|
<string> |
Enter the user profile name (1-32 chars)
|
cac |
Show CAC (Call Admission Control) parameters and statistics
|
airtime-percentage |
Show the percentage of airtime for VoIP calls
|
show user-profile <string> schedule [ detail ]
|
show |
Show settings, parameters, or dynamically generated information
|
user-profile |
Show parameters for a user profile
|
<string> |
Enter the user profile name (1-32 chars)
|
schedule |
Show all schedules bound to the user profile
|
detail |
Show detailed information about all schedules bound to the user profile
|
show user-profile [ <string> ]
|
show |
Show settings, parameters, or dynamically generated information
|
user-profile |
Show parameters for a user profile
|
<string> |
Enter the user profile name (1-32 chars)
|
show user-profile-policy [ <string> ]
|
show |
Show settings, parameters, or dynamically generated information
|
user-profile-policy |
Show parameters for a user profile mapping policy
|
<string> |
Enter a policy name
|
show user-profile-schedule
|
show |
Show settings, parameters, or dynamically generated information
|
user-profile-schedule |
Show the status of all user profile schedules
|
show version [ {detail} ]
|
show |
Show settings, parameters, or dynamically generated information
|
version |
Show information about the current and backup HiveOS versions on the HiveAP and the HiveAP platform type
|
detail |
Show detailed information about the current and backup HiveOS versions on the HiveAP and the HiveAP platform type
|
show video ip <ip_addr> <number>
|
show |
Show settings, parameters, or dynamically generated information
|
video |
Show information about streaming video traffic
|
ip |
Set the IP multicast group address that is the source of the video stream
|
<ip_addr> |
Enter the IP address
|
<number> |
Enter a destination port number to which the video traffic was sent (Range: 0 - 65535)
|
show video ip <ip_addr> dst-port-range <number> - <number>
|
show |
Show settings, parameters, or dynamically generated information
|
video |
Show information about streaming video traffic
|
ip |
Set the IP multicast group address that is the source of the video stream
|
<ip_addr> |
Enter the IP address
|
dst-port-range |
Set a range of destination port numbers
|
<number> |
Enter the first destination port number in the range (Range: 0 - 65535)
|
- |
Set a range of destination port numbers
|
<number> |
Enter the last destination port number in the range (Range: 0 - 65535)
|
show vlan-group
|
show |
Show settings, parameters, or dynamically generated information
|
vlan-group |
Show the settings and status of the Bonjour gateway
|
show vpn gre-tunnel
|
show |
Show settings, parameters, or dynamically generated information
|
vpn |
Show VPN information and VPN objects
|
gre-tunnel |
Show GRE (Generic Routing Encapsulation) tunnel information
|
show vpn ike configuration
|
show |
Show settings, parameters, or dynamically generated information
|
vpn |
Show VPN information and VPN objects
|
ike |
Show IKE information
|
configuration |
Show VPN configuration settings
|
show vpn ike {sa|event}
|
show |
Show settings, parameters, or dynamically generated information
|
vpn |
Show VPN information and VPN objects
|
ike |
Show IKE information
|
sa |
Show the cookies and creation times of IKE phase1 security associations
|
event |
Show the most recent IKE events (Note: You can see up to a maximum of 32 IKE events.)
|
show vpn ike {sp}
|
show |
Show settings, parameters, or dynamically generated information
|
vpn |
Show VPN information and VPN objects
|
ike |
Show IKE information
|
sp |
Show IPsec security policies
|
show vpn ipsec sa
|
show |
Show settings, parameters, or dynamically generated information
|
vpn |
Show VPN information and VPN objects
|
ipsec |
Show IPSec information
|
sa |
Show IKE phase 2 IPsec security associations
|
show vpn ipsec-tunnel
|
show |
Show settings, parameters, or dynamically generated information
|
vpn |
Show VPN information and VPN objects
|
ipsec-tunnel |
Show IPSec tunnel information
|
show vpn l3-tunnel-exception
|
show |
Show settings, parameters, or dynamically generated information
|
vpn |
Show VPN information and VPN objects
|
l3-tunnel-exception |
Show layer-3 tunnel exception list
|
show vpn layer-3-tunnel
|
show |
Show settings, parameters, or dynamically generated information
|
vpn |
Show VPN information and VPN objects
|
layer-3-tunnel |
Show layer-3 tunnel information
|
show vpn tunnel-id [ <number> ]
|
show |
Show settings, parameters, or dynamically generated information
|
vpn |
Show VPN information and VPN objects
|
tunnel-id |
Show VPN tunnel destination parameters and status, or show detailed information about a specific tunnel by entering its ID number
|
<number> |
Enter the tunnel ID number (Range: 1-2147483647)
|
show vpn tunnel-policy
|
show |
Show settings, parameters, or dynamically generated information
|
vpn |
Show VPN information and VPN objects
|
tunnel-policy |
Show tunnel policy information
|
show vpn {socket|timer|memory|queue|ph2|sp|rekey}
|
show |
Show settings, parameters, or dynamically generated information
|
vpn |
Show VPN information and VPN objects
|
socket |
#hidden
|
timer |
#hidden
|
memory |
#hidden
|
queue |
#hidden
|
ph2 |
#hidden
|
sp |
#hidden
|
rekey |
#hidden
|
show web-directory [ ppsk-self-reg ] [ <string> ]
|
show |
Show settings, parameters, or dynamically generated information
|
web-directory |
Show the files in a web directory
|
ppsk-self-reg |
Show the files in the private PSK self-registration web directory
|
<string> |
Enter the web directory name
|
show web-server-key
|
show |
Show settings, parameters, or dynamically generated information
|
web-server-key |
Show web server key files information
|
show wlan-idp mitigate [ <mac_addr> ]
|
show |
Show settings, parameters, or dynamically generated information
|
wlan-idp |
Show WLAN IDP (intrusion detection and prevention) parameters
|
mitigate |
Show one or a list of rogue APs against which mitigation was performed, the HiveAPs that reported them, and those that attacked them
|
<mac_addr> |
Enter a MAC address (Note: You can use colons, dashes, or periods to format the address. Examples: 1111:1111:1111, 11-11-11-11-11-11, 1111.1111.1111 ...)
|
show wlan-idp profile [ <string> ]
|
show |
Show settings, parameters, or dynamically generated information
|
wlan-idp |
Show WLAN IDP (intrusion detection and prevention) parameters
|
profile |
Show IDP profile parameters
|
<string> |
Enter an IDP profile name (1-32 chars)
|
snmp contact <string>
|
snmp |
Set SNMP (Simple Network Management Protocol) parameters
|
contact |
Set SNMP contact information
|
<string> |
Enter SNMP contact information (1-32 chars)
|
snmp location <string>
|
snmp |
Set SNMP (Simple Network Management Protocol) parameters
|
location |
Set the AP location for SNMP
|
<string> |
Enter the SNMP location string (1-255 chars; Default: change-me)
|
snmp reader version v3 admin <string> [ auth {md5|sha} password <string> ] [ encryption {aes|des} password <string> ]
|
snmp |
Set SNMP (Simple Network Management Protocol) parameters
|
reader |
Set the SNMP community mode as read-only (Note: This setting allows the NMS, or network management station, to read MIB data on the AP but not receive traps from it.)
|
version |
Set the SNMP community version
|
v3 |
Set the SNMP community version as SNMP v3
|
admin |
Set the admin with read-only privileges for viewing MIB data
|
<string> |
Enter the admin name (1-32 chars)
|
auth |
Set the algorithm for authenticating communications between the SNMP agent on the AP and the NMS
|
md5 |
Set the authentication algorithm as MD5 (Message Digest Algorithm 5)
|
sha |
Set the authentication algorithm as SHA-1 (Secure Hash Algorithm 1)
|
password |
Set the password used during the authentication process
|
<string> |
Enter the authentication password (8-64 chars)
|
encryption |
Set the algorithm for encrypting communications between the SNMP agent on the AP and the NMS
|
aes |
Set the encryption algorithm as AES (Advanced Encryption Standard)
|
des |
Set the encryption algorithm as DES (Data Encryption Standard)
|
password |
Set the password used during the encryption process
|
<string> |
Enter the password (8-64 chars)
|
snmp reader version {v1|v2c|any} community <string> [ <string> ]
|
snmp |
Set SNMP (Simple Network Management Protocol) parameters
|
reader |
Set the SNMP community mode as read-only (Note: This setting allows the NMS, or network management station, to read MIB data on the AP but not receive traps from it.)
|
version |
Set the SNMP community version
|
v1 |
Set the community version as SNMP v1
|
v2c |
Set the community version as SNMP v2c
|
any |
Set the community version to support both SNMP v1 and v2c
|
community |
Set SNMP community parameters
|
<string> |
Set the SNMP community string for authenticating communications between the SNMP agent on the AP and the NMS (Note: This string acts like a password or a shared secret.)
|
<string> |
Enter the domain name (1-32 chars) or the IP address and netmask for the NMS
|
snmp trap-host {v1|v2c} <ip_addr|string> [ port <number> ] [ {via-vpn-tunnel} ] [ community <string> ]
|
snmp |
Set SNMP (Simple Network Management Protocol) parameters
|
trap-host |
Set parameters for the SNMP trap host (Note: This is an NMS, or network management station, that can receive SNMP traps from the AP.)
|
v1 |
Set the trap format for SNMP v1
|
v2c |
Set the trap format for SNMP v2c
|
<ip_addr> |
Enter the domain name (1-32 chars) or the IP address for the NMS
|
<string> |
Enter the domain name (1-32 chars) or the IP address for the NMS
|
port |
Set the port number on which the NMS listens for traps that the AP sends it
|
<number> |
Enter the port number (Default: 162, Range: 1-65535)
|
via-vpn-tunnel |
Send all SNMP traps through a VPN tunnel (Note: Set this option on VPN clients when the NMS is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
|
community |
Set the community string for authenticating communications between the AP and NMS (Note: This string acts like a password or a shared secret.)
|
<string> |
Enter the community string (1-32 characters; Default: hivecommunity)
|
snmp trap-host {v3} <ip_addr|string> [ port <number> ] [ {via-vpn-tunnel} ] admin <string>
|
snmp |
Set SNMP (Simple Network Management Protocol) parameters
|
trap-host |
Set parameters for the SNMP trap host (Note: This is an NMS, or network management station, that can receive SNMP traps from the AP.)
|
v3 |
Set the trap format for SNMP v3
|
<ip_addr> |
Enter the domain name (1-32 chars) or the IP address for the NMS
|
<string> |
Enter the domain name (1-32 chars) or the IP address for the NMS
|
port |
Set the port number on which the NMS listens for traps that the AP sends it
|
<number> |
Enter the port number (Default: 162, Range: 1-65535)
|
via-vpn-tunnel |
Send all SNMP traps through a VPN tunnel (Note: Set this option on VPN clients when the NMS is in a different subnet from the tunnel interface. When they are in the same subnet, tunneling is automatic.)
|
admin |
Set the name of the SNMP admin that can receive traps from AP
|
<string> |
Enter the admin name (1-32 chars)
|
snmp trap-host {v3} admin <string> auth {md5|sha} password <string> [ encryption {aes|des} password <string> ]
|
snmp |
Set SNMP (Simple Network Management Protocol) parameters
|
trap-host |
Set parameters for the SNMP trap host (Note: This is an NMS, or network management station, that can receive SNMP traps from the AP.)
|
v3 |
Set the trap format for SNMP v3
|
admin |
Set the admin with privileges for receiving traps
|
<string> |
Enter the admin name (1-32 chars)
|
auth |
Set the algorithm for authenticating communications between the SNMP agent on the AP and the NMS
|
md5 |
Set the authentication algorithm as md5 (Message Digest Algorithm 5)
|
sha |
Set the authentication algorithm as SHA-1 (Secure Hash Algorithm 1)
|
password |
Set the password used during the authentication process
|
<string> |
Enter the authentication password (8-64 chars)
|
encryption |
Set the algorithm for encrypting communications between the SNMP agent on the AP and the NMS
|
aes |
Set the encryption algorithm as AES (Advanced Encryption Standard)
|
des |
Set the encryption algorithm as DES (Data Encryption Standard)
|
password |
Set the password used during the encryption process
|
<string> |
Enter the password (8-64 chars)
|
snmp trap-info {over-snmp|over-capwap}
|
snmp |
Set SNMP (Simple Network Management Protocol) parameters
|
trap-info |
Set parameters for the delivery of SNMP trap information
|
over-snmp |
Send trap inion over SNMP (Default: Disabled)
|
over-capwap |
Send trap information over CAPWAP (Default: Enabled)
|
ssh-tunnel server <string> tunnel-port <number> user <string> password <string> [ timeout <number> ]
|
ssh-tunnel |
Set SSH (Secure Shell) tunnel parameters so that Aerohive Technical Support can access the AP remotely
|
server |
Set the domain name or IP address of the Aerohive SSH server and, optionally, its port number
|
<string> |
Enter the domain name (1-64 chars) or IP address and, optionally, the port number (Default port: 22; Range: 1025-65535; Format: name:port or ip:port)
|
tunnel-port |
Set the port number that the SSH server uses to identify the tunnel
|
<number> |
Enter the port for identifying the SSH tunnel (Range: 1025-65535)
|
user |
Set the user name for logging in to the SSH server
|
<string> |
Enter the user name (1-32 chars)
|
password |
Set password for logging in to the SSH server
|
<string> |
Enter the password (1-32 chars)
|
timeout |
Set the length of time during which the tunnel between the AP and the Aerohive SSH server will be up
|
<number> |
Enter the tunnel timeout value in minutes (Range: 0-6000, Default: 0 (disable))
|
ssid <string>
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
ssid <string> 11a-rate-set [ {6|6-basic} ] [ {9|9-basic} ] [ {12|12-basic} ] [ {18|18-basic} ] [ {24|24-basic} ] [ {36|36-basic} ] [ {48|48-basic} ] [ {54|54-basic} ]
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
11a-rate-set |
Set the basic (mandatory) and optional 11a data rates for the radio (Default rates in Mbps: basic=6, 12, 24, opt=9, 18, 36, 48, 54)
|
6 |
Set 6 Mbps as a basic (mandatory) or optional data rate
|
6-basic |
Set 6 Mbps as a basic (mandatory) or optional data rate
|
9 |
Set 9 Mbps as a basic (mandatory) or optional data rate
|
9-basic |
Set 9 Mbps as a basic (mandatory) or optional data rate
|
12 |
Set 12 Mbps as a basic (mandatory) or optional data rate
|
12-basic |
Set 12 Mbps as a basic (mandatory) or optional data rate
|
18 |
Set 18 Mbps as a basic (mandatory) or optional data rate
|
18-basic |
Set 18 Mbps as a basic (mandatory) or optional data rate
|
24 |
Set 24 Mbps as a basic (mandatory) or optional data rate
|
24-basic |
Set 24 Mbps as a basic (mandatory) or optional data rate
|
36 |
Set 36 Mbps as a basic (mandatory) or optional data rate
|
36-basic |
Set 36 Mbps as a basic (mandatory) or optional data rate
|
48 |
Set 48 Mbps as a basic (mandatory) or optional data rate
|
48-basic |
Set 48 Mbps as a basic (mandatory) or optional data rate
|
54 |
Set 54 Mbps as a basic (mandatory) or optional data rate
|
54-basic |
Set 54 Mbps as a basic (mandatory) or optional data rate
|
ssid <string> 11g-rate-set [ {1|1-basic} ] [ {2|2-basic} ] [ {5.5|5.5-basic} ] [ {11|11-basic} ] [ {6|6-basic} ] [ {9|9-basic} ] [ {12|12-basic} ] [ {18|18-basic} ] [ {24|24-basic} ] [ {36|36-basic} ] [ {48|48-basic} ] [ {54|54-basic} ]
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
11g-rate-set |
Set the basic (mandatory) and optional 11g data rates for the radio (Default rates in Mbps: basic=1, 2, 5.5, 11, opt=6, 9, 12, 18, 24, 36, 48, 54)
|
1 |
Set 1 Mbps as a basic (mandatory) or optional data rate
|
1-basic |
Set 1 Mbps as a basic (mandatory) or optional data rate
|
2 |
Set 2 Mbps as a basic (mandatory) or optional data rate
|
2-basic |
Set 2 Mbps as a basic (mandatory) or optional data rate
|
5.5 |
Set 5.5 Mbps as a basic (mandatory) or optional data rate
|
5.5-basic |
Set 5.5 Mbps as a basic (mandatory) or optional data rate
|
11 |
Set 11 Mbps as a basic (mandatory) or optional data rate
|
11-basic |
Set 11 Mbps as a basic (mandatory) or optional data rate
|
6 |
Set 6 Mbps as a basic (mandatory) or optional data rate
|
6-basic |
Set 6 Mbps as a basic (mandatory) or optional data rate
|
9 |
Set 9 Mbps as a basic (mandatory) or optional data rate
|
9-basic |
Set 9 Mbps as a basic (mandatory) or optional data rate
|
12 |
Set 12 Mbps as a basic (mandatory) or optional data rate
|
12-basic |
Set 12 Mbps as a basic (mandatory) or optional data rate
|
18 |
Set 18 Mbps as a basic (mandatory) or optional data rate
|
18-basic |
Set 18 Mbps as a basic (mandatory) or optional data rate
|
24 |
Set 24 Mbps as a basic (mandatory) or optional data rate
|
24-basic |
Set 24 Mbps as a basic (mandatory) or optional data rate
|
36 |
Set 36 Mbps as a basic (mandatory) or optional data rate
|
36-basic |
Set 36 Mbps as a basic (mandatory) or optional data rate
|
48 |
Set 48 Mbps as a basic (mandatory) or optional data rate
|
48-basic |
Set 48 Mbps as a basic (mandatory) or optional data rate
|
54 |
Set 54 Mbps as a basic (mandatory) or optional data rate
|
54-basic |
Set 54 Mbps as a basic (mandatory) or optional data rate
|
ssid <string> 11n-mcs-expand-rate-set [ <string> ]
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
11n-mcs-expand-rate-set |
Set the 802.11n MCS rate indexes for which the SSID advertizes its support(By default, all MCS rates for three spatial streams on the HiveAP 330 and 350 are supported: 0-23. On the HiveAP 110, 120, 320, and 340, which support a maximum of two spatial streams, use the 11n-mcs-rate-set option instead.)
|
<string> |
Enter specific MCS rates (Range: 1-256 chars; Format: Use commas as separators. Example: mcs2/1,mcs5/1,mcs4/2,mcs3/3)
|
ssid <string> client-age-out <number>
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
client-age-out |
Set the length of time to age out inactive clients and automatically disassociate them
|
<number> |
Enter the client age-out time in minutes (Default: 5; Range: 1-30)
|
ssid <string> client-monitor-policy <string>
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
client-monitor-policy |
Assign a Client Monitor policy to automatically detect, analyze and report problems about the client which access network through this ssid
|
<string> |
Enter the Client Monitor policy name (1-32 chars)
|
ssid <string> dtim-period <number>
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
dtim-period |
Set the DTIM (delivery traffic indication message) period
|
<number> |
Set the number of beacons between DTIM frames (Default: 1; Range: 1-255)
|
ssid <string> frag-threshold <number>
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
frag-threshold |
Set the fragment threshold for the SSID
|
<number> |
Enter the fragment threshold in bytes for the SSID (Default: 2346; Range: 256-2346)
|
ssid <string> hide-ssid
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
hide-ssid |
Hide the SSID in beacons and ignore broadcast probe requests
|
ssid <string> ignore-broadcast-probe
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
ignore-broadcast-probe |
Ignore broadcasted probe requests
|
ssid <string> inter-station-traffic
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
inter-station-traffic |
Set the HiveAP to permit traffic between stations connected to one or more of its access interfaces (Default: Enabled)
|
ssid <string> manage all
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
manage |
Set management service parameters
|
all |
all_service::Enable all manageability options (ping, SNMP, SSH, and Telnet) for mgt0 through subinterfaces bound to the SSID (Defaults: ping enabled, SNMP disabled, SSH enabled, Telnet disabled)
|
ssid <string> manage {Telnet|SSH|SNMP|ping}
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
manage |
Set management service parameters
|
Telnet |
Enable Telnet manageability of mgt0 through subinterfaces bound to the SSID (Default: Disabled)
|
SSH |
Enable SSH manageability of mgt0 through subinterfaces bound to the SSID (Default: Enabled)
|
SNMP |
Enable SNMP manageability of mgt0 through subinterfaces bound to the SSID (Default: Disabled)
|
ping |
Enable mgt0 to respond to pings through subinterfaces bound to the SSID (Default: Enabled)
|
ssid <string> max-client <number>
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
max-client |
Set the maximum number of clients that can associate with the SSID
|
<number> |
Enter the maximum number of clients that can associate (Default: 100; Range: 1-100; Note: A radio profile can support a maximum of 100 clients by default, and there can be a maximum of 16 SSIDs per radio.)
|
ssid <string> mode compliance
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
mode |
Set SSID mode parameter
|
compliance |
Set SSID mode compliance with 11n standard
|
ssid <string> mode legacy
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
mode |
Set SSID mode parameter
|
legacy |
Set this mode to disable the advertisement of 802.11n capabilities when there are legacy 802.11a/b/g clients that cannot support 802.11n IEs (information elements) in management frames
|
ssid <string> multicast conversion-to-unicast {auto|always|disable}
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
multicast |
Set parameters for sending IP datagrams to a group of interested receivers in a single transmission
|
conversion-to-unicast |
Set the method for converting multicast frames to unicast frames (Default: Disabled)
|
auto |
Convert from multicast to unicast automatically whenever the channel utilization or multicast group membership count is below their respective thresholds
|
always |
Always convert from multicast to unicast regardless of channel utilization and group membership numbers
|
disable |
Disable convert from multicast to unicast
|
ssid <string> multicast cu-threshold <number>
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
multicast |
Set parameters for sending IP datagrams to a group of interested receivers in a single transmission
|
cu-threshold |
Set the channel utilization threshold that determines when to convert multicast to unicast frames
|
<number> |
Enter the channel utilization threshold as a percent (Default: 60; Range: 1-100; Note: Conversion from multicast to unicast frames occurs when the percent of channel utilization is below or equal to this value.)
|
ssid <string> multicast member-threshold <number>
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
multicast |
Set parameters for sending IP datagrams to a group of interested receivers in a single transmission
|
member-threshold |
Set the membership count threshold that determines when to convert multicast to unicast frames
|
<number> |
Enter the multicast group membership threshold (Default: 10; Range: 1-30; Note: Converting multicast frames to unicast frames occurs when the number of group members is below or equal to this value.)
|
ssid <string> qos-classifier <string>
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
qos-classifier |
Assign a QoS classification profile (classifier) to the interface
|
<string> |
Enter the QoS classifier profile name (1-32 chars)
|
ssid <string> qos-marker <string>
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
qos-marker |
Assign a QoS marker profile to the interface
|
<string> |
Enter the QoS marker profile name (1-32 chars)
|
ssid <string> rts-threshold <number>
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
rts-threshold |
Set the RTS (request to send) threshold for the SSID
|
<number> |
Enter the packet size for the RTS (request to send) threshold for the SSID (Default: 2346 bytes; Range: 1-2346)
|
ssid <string> schedule <string>
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
schedule |
Set a schedule during which the SSID will be available for use
|
<string> |
Enter a schedule name (1-32 chars)
|
ssid <string> security mac-filter <string>
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
security |
Set the security parameters for the SSID
|
mac-filter |
Assign a filter for MAC addresses or OUIs (organizational unique identifiers)
|
<string> |
Enter the filter name for MAC addresses or OUIs (organizational unique identifiers)
|
ssid <string> security screening radius-attack
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
security |
Set the security parameters for the SSID
|
screening |
Set the security screen parameters
|
radius-attack |
Enable the screening method of RADIUS attack procection (Default: Disabled)
|
ssid <string> security screening radius-attack action ban-forever
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
security |
Set the security parameters for the SSID
|
screening |
Set the security screen parameters
|
radius-attack |
Enable the screening method of RADIUS attack procection (Default: Disabled)
|
action |
Set the action to perform if an alarm is triggered (Default: alarm)
|
ban-forever |
Disconnect the station and ban it from reconnecting indefinitely
|
ssid <string> security screening radius-attack action {alarm|ban} [ [ <number> ] ]
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
security |
Set the security parameters for the SSID
|
screening |
Set the security screen parameters
|
radius-attack |
Enable the screening method of RADIUS attack procection (Default: Disabled)
|
action |
Set the action to perform if an alarm is triggered (Default: alarm)
|
alarm |
Send an alarm but continue to pass traffic
|
ban |
Disconnect the station and ban it from reconnecting for a period of time
|
<number> |
Enter the amount of time in seconds to perform the action (Range: 1-100000000; Default: 10 for an alarm, 3600 for a ban)
|
ssid <string> security screening radius-attack threshold <number> [ action {alarm|ban} [ <number> ] ]
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
security |
Set the security parameters for the SSID
|
screening |
Set the security screen parameters
|
radius-attack |
Enable the screening method of RADIUS attack procection (Default: Disabled)
|
threshold |
Set the length of time during which 10 RADIUS rejections for the same source MAC address is considered unacceptable
|
<number> |
Enter the length of time in seconds (Range: 1-3600; Default: 5)
|
action |
Set the action to perform if an alarm is triggered (Default: alarm)
|
alarm |
Send an alarm but continue to pass traffic
|
ban |
Disconnect the station and ban it from reconnecting for a period of time
|
<number> |
Enter the amount of time in seconds to perform the action (Range: 1-100000000; Default: 10 for an alarm, 3600 for a ban)
|
ssid <string> security screening radius-attack threshold <number> action ban-forever
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
security |
Set the security parameters for the SSID
|
screening |
Set the security screen parameters
|
radius-attack |
Enable the screening method of RADIUS attack procection (Default: Disabled)
|
threshold |
Set the length of time during which 10 RADIUS rejections for the same source MAC address is considered unacceptable
|
<number> |
Enter the length of time in seconds (Range: 1-3600; Default: 5)
|
action |
Set the action to perform if an alarm is triggered (Default: alarm)
|
ban-forever |
Disconnect the station and ban it from reconnecting indefinitely
|
ssid <string> security screening tcp-syn-check
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
security |
Set the security parameters for the SSID
|
screening |
Set the security screen parameters
|
tcp-syn-check |
Enable checking that the SYN flag is set in TCP segments before creating new IP sessions (Default: Disabled, Note: When enabled, the IP session idle timeout is 10 seconds until the TCP three-way handshake is complete.)
|
ssid <string> security screening {icmp-flood|udp-flood|syn-flood|arp-flood|address-sweep|port-scan|ip-spoof} [ threshold <number> ]
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
security |
Set the security parameters for the SSID
|
screening |
Set the security screen parameters
|
icmp-flood |
Enable the screening method for protection against ICMP floods (Default: Disabled)
|
udp-flood |
Enable the screening method for protection against UDP floods (Default: Disabled)
|
syn-flood |
Enable the screening method for protection against TCP SYN floods (Default: Disabled)
|
arp-flood |
Enable the screening method for protection against ARP floods (Default: Disabled)
|
address-sweep |
Enable the screening method for protection against IP address sweeps (Default: Disabled)
|
port-scan |
Enable the screening method for protection against port scans (Default: Disabled)
|
ip-spoof |
Enable the screening method for protection against IP spoofing (Default: Disabled)
|
threshold |
Set the threshold: packets per second for syn-flood and arp-flood, air time for icmp-flood and udp-flood, milliseconds every 10 packets for address-sweep and port-scan, IP addresses for ip-spoof
|
<number> |
Enter the threshold value (Defaults and Ranges: ICMP flood: 20%, 1-100%; UDP flood 50%, 1-100%; SYN flood: 1000 pkts/sec, 1-1000000 pkts/sec; ARP flood 100 pkts/sec, 1-1000000 pkts/sec; address sweep and port scan: 100 ms/10 pkts, 1-10000 ms; IP spoof: 3 src IPs/src MAC, 2-10 IPs; RADIUS attack: 5 secs/10 rejects, 1-3600 secs)
|
ssid <string> security screening {icmp-flood|udp-flood|syn-flood|arp-flood|address-sweep|port-scan|ip-spoof} action ban-forever
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
security |
Set the security parameters for the SSID
|
screening |
Set the security screen parameters
|
icmp-flood |
Enable the screening method for protection against ICMP floods (Default: Disabled)
|
udp-flood |
Enable the screening method for protection against UDP floods (Default: Disabled)
|
syn-flood |
Enable the screening method for protection against TCP SYN floods (Default: Disabled)
|
arp-flood |
Enable the screening method for protection against ARP floods (Default: Disabled)
|
address-sweep |
Enable the screening method for protection against IP address sweeps (Default: Disabled)
|
port-scan |
Enable the screening method for protection against port scans (Default: Disabled)
|
ip-spoof |
Enable the screening method for protection against IP spoofing (Default: Disabled)
|
action |
Set the action to perform if an alarm is triggered (Default: alarm)
|
ban-forever |
Disconnect the station and ban it from reconnecting indefinitely
|
ssid <string> security screening {icmp-flood|udp-flood|syn-flood|arp-flood|address-sweep|port-scan|ip-spoof} action disconnect
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
security |
Set the security parameters for the SSID
|
screening |
Set the security screen parameters
|
icmp-flood |
Enable the screening method for protection against ICMP floods (Default: Disabled)
|
udp-flood |
Enable the screening method for protection against UDP floods (Default: Disabled)
|
syn-flood |
Enable the screening method for protection against TCP SYN floods (Default: Disabled)
|
arp-flood |
Enable the screening method for protection against ARP floods (Default: Disabled)
|
address-sweep |
Enable the screening method for protection against IP address sweeps (Default: Disabled)
|
port-scan |
Enable the screening method for protection against port scans (Default: Disabled)
|
ip-spoof |
Enable the screening method for protection against IP spoofing (Default: Disabled)
|
action |
Set the action to perform if an alarm is triggered (Default: alarm)
|
disconnect |
Disconnect the station but do not ban it from reconnecting
|
ssid <string> security screening {icmp-flood|udp-flood|syn-flood|arp-flood|address-sweep|port-scan|ip-spoof} action {alarm|drop|ban} <number>
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
security |
Set the security parameters for the SSID
|
screening |
Set the security screen parameters
|
icmp-flood |
Enable the screening method for protection against ICMP floods (Default: Disabled)
|
udp-flood |
Enable the screening method for protection against UDP floods (Default: Disabled)
|
syn-flood |
Enable the screening method for protection against TCP SYN floods (Default: Disabled)
|
arp-flood |
Enable the screening method for protection against ARP floods (Default: Disabled)
|
address-sweep |
Enable the screening method for protection against IP address sweeps (Default: Disabled)
|
port-scan |
Enable the screening method for protection against port scans (Default: Disabled)
|
ip-spoof |
Enable the screening method for protection against IP spoofing (Default: Disabled)
|
action |
Set the action to perform if an alarm is triggered (Default: alarm)
|
alarm |
Send an alarm but continue to pass traffic
|
drop |
Drop traffic for a period of time
|
ban |
Disconnect the station and ban it from reconnecting for a period of time
|
<number> |
Enter the amount of time in seconds to perform the action (Range: 1-1000000000; Default: 10 for alarm, 1 for drop, 3600 for ban)
|
ssid <string> security screening {icmp-flood|udp-flood|syn-flood|arp-flood|address-sweep|port-scan|ip-spoof} threshold <number> action ban-forever
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
security |
Set the security parameters for the SSID
|
screening |
Set the security screen parameters
|
icmp-flood |
Enable the screening method for protection against ICMP floods (Default: Disabled)
|
udp-flood |
Enable the screening method for protection against UDP floods (Default: Disabled)
|
syn-flood |
Enable the screening method for protection against TCP SYN floods (Default: Disabled)
|
arp-flood |
Enable the screening method for protection against ARP floods (Default: Disabled)
|
address-sweep |
Enable the screening method for protection against IP address sweeps (Default: Disabled)
|
port-scan |
Enable the screening method for protection against port scans (Default: Disabled)
|
ip-spoof |
Enable the screening method for protection against IP spoofing (Default: Disabled)
|
threshold |
Set the threshold: packets per second for syn-flood and arp-flood, air time for icmp-flood and udp-flood, milliseconds every 10 packets for address-sweep and port-scan, IP addresses for ip-spoof
|
<number> |
Enter the threshold value (Defaults and Ranges: ICMP flood: 20%, 1-100%; UDP flood 50%, 1-100%; SYN flood: 1000 pkts/sec, 1-1000000 pkts/sec; ARP flood 100 pkts/sec, 1-1000000 pkts/sec; address sweep and port scan: 100 ms/10 pkts, 1-10000 ms; IP spoof: 3 src IPs/src MAC, 2-10 IPs; RADIUS attack: 5 secs/10 rejects, 1-3600 secs)
|
action |
Set the action to perform if an alarm is triggered (Default: alarm)
|
ban-forever |
Disconnect the station and ban it from reconnecting indefinitely
|
ssid <string> security screening {icmp-flood|udp-flood|syn-flood|arp-flood|address-sweep|port-scan|ip-spoof} threshold <number> action disconnect
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
security |
Set the security parameters for the SSID
|
screening |
Set the security screen parameters
|
icmp-flood |
Enable the screening method for protection against ICMP floods (Default: Disabled)
|
udp-flood |
Enable the screening method for protection against UDP floods (Default: Disabled)
|
syn-flood |
Enable the screening method for protection against TCP SYN floods (Default: Disabled)
|
arp-flood |
Enable the screening method for protection against ARP floods (Default: Disabled)
|
address-sweep |
Enable the screening method for protection against IP address sweeps (Default: Disabled)
|
port-scan |
Enable the screening method for protection against port scans (Default: Disabled)
|
ip-spoof |
Enable the screening method for protection against IP spoofing (Default: Disabled)
|
threshold |
Set the threshold: packets per second for syn-flood and arp-flood, air time for icmp-flood and udp-flood, milliseconds every 10 packets for address-sweep and port-scan, IP addresses for ip-spoof
|
<number> |
Enter the threshold value (Defaults and Ranges: ICMP flood: 20%, 1-100%; UDP flood 50%, 1-100%; SYN flood: 1000 pkts/sec, 1-1000000 pkts/sec; ARP flood 100 pkts/sec, 1-1000000 pkts/sec; address sweep and port scan: 100 ms/10 pkts, 1-10000 ms; IP spoof: 3 src IPs/src MAC, 2-10 IPs; RADIUS attack: 5 secs/10 rejects, 1-3600 secs)
|
action |
Set the action to perform if an alarm is triggered (Default: alarm)
|
disconnect |
Disconnect the station but do not ban it from reconnecting
|
ssid <string> security screening {icmp-flood|udp-flood|syn-flood|arp-flood|address-sweep|port-scan|ip-spoof} threshold <number> action {alarm|drop|ban} <number>
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
security |
Set the security parameters for the SSID
|
screening |
Set the security screen parameters
|
icmp-flood |
Enable the screening method for protection against ICMP floods (Default: Disabled)
|
udp-flood |
Enable the screening method for protection against UDP floods (Default: Disabled)
|
syn-flood |
Enable the screening method for protection against TCP SYN floods (Default: Disabled)
|
arp-flood |
Enable the screening method for protection against ARP floods (Default: Disabled)
|
address-sweep |
Enable the screening method for protection against IP address sweeps (Default: Disabled)
|
port-scan |
Enable the screening method for protection against port scans (Default: Disabled)
|
ip-spoof |
Enable the screening method for protection against IP spoofing (Default: Disabled)
|
threshold |
Set the threshold: packets per second for syn-flood and arp-flood, air time for icmp-flood and udp-flood, milliseconds every 10 packets for address-sweep and port-scan, IP addresses for ip-spoof
|
<number> |
Enter the threshold value (Defaults and Ranges: ICMP flood: 20%, 1-100%; UDP flood 50%, 1-100%; SYN flood: 1000 pkts/sec, 1-1000000 pkts/sec; ARP flood 100 pkts/sec, 1-1000000 pkts/sec; address sweep and port scan: 100 ms/10 pkts, 1-10000 ms; IP spoof: 3 src IPs/src MAC, 2-10 IPs; RADIUS attack: 5 secs/10 rejects, 1-3600 secs)
|
action |
Set the action to perform if an alarm is triggered (Default: alarm)
|
alarm |
Send an alarm but continue to pass traffic
|
drop |
Drop traffic for a period of time
|
ban |
Disconnect the station and ban it from reconnecting for a period of time
|
<number> |
Enter the amount of time in seconds to perform the action (Range: 1-1000000000; Default: 10 for alarm, 1 for drop, 3600 for ban)
|
ssid <string> security wlan dos station-level frame-type {assoc-req|auth|eapol} ban <number>
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
security |
Set the security parameters for the SSID
|
wlan |
Set WLAN parameters
|
dos |
Set WLAN DoS (Denial of Service) parameters
|
station-level |
Set DoS parameters at station-level
|
frame-type |
Set WLAN DoS (Denial of Service) frame type
|
assoc-req |
Specify WLAN DoS frame type assoc-req
|
auth |
Specify WLAN DoS frame type auth
|
eapol |
Specify WLAN DoS frame type eapol
|
ban |
Set the period of time to ignore frames after a theshold has been crossed
|
<number> |
Enter the period of time in seconds to ignore frames after a theshold has been crossed (Default: 60; Min: 0 Max: None)
|
ssid <string> security wlan dos station-level frame-type {assoc-req|auth|eapol} ban forever
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
security |
Set the security parameters for the SSID
|
wlan |
Set WLAN parameters
|
dos |
Set WLAN DoS (Denial of Service) parameters
|
station-level |
Set DoS parameters at station-level
|
frame-type |
Set WLAN DoS (Denial of Service) frame type
|
assoc-req |
Specify WLAN DoS frame type assoc-req
|
auth |
Specify WLAN DoS frame type auth
|
eapol |
Specify WLAN DoS frame type eapol
|
ban |
Set the period of time to ignore frames after a theshold has been crossed
|
forever |
Set ban forever
|
ssid <string> security wlan dos {ssid-level|station-level} frame-type {probe-req|probe-resp|assoc-req|assoc-resp|disassoc|auth|deauth|eapol|all}
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
security |
Set the security parameters for the SSID
|
wlan |
Set WLAN parameters
|
dos |
Set WLAN DoS (Denial of Service) parameters
|
ssid-level |
Set DoS parameters at ssid-level
|
station-level |
Set DoS parameters at station-level
|
frame-type |
Set WLAN DoS (Denial of Service) frame type
|
probe-req |
Specify WLAN DoS frame type probe-req
|
probe-resp |
Specify WLAN DoS frame type probe-resp
|
assoc-req |
Specify WLAN DoS frame type assoc-req
|
assoc-resp |
Specify WLAN DoS frame type assoc-resp
|
disassoc |
Specify WLAN DoS frame type disassoc
|
auth |
Specify WLAN DoS frame type auth
|
deauth |
Specify WLAN DoS frame type deauth
|
eapol |
Specify WLAN DoS frame type eapol
|
all |
Specify WLAN DoS frame type all
|
ssid <string> security wlan dos {ssid-level|station-level} frame-type {probe-req|probe-resp|assoc-req|assoc-resp|disassoc|auth|deauth|eapol|all} alarm <number>
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
security |
Set the security parameters for the SSID
|
wlan |
Set WLAN parameters
|
dos |
Set WLAN DoS (Denial of Service) parameters
|
ssid-level |
Set DoS parameters at ssid-level
|
station-level |
Set DoS parameters at station-level
|
frame-type |
Set WLAN DoS (Denial of Service) frame type
|
probe-req |
Specify WLAN DoS frame type probe-req
|
probe-resp |
Specify WLAN DoS frame type probe-resp
|
assoc-req |
Specify WLAN DoS frame type assoc-req
|
assoc-resp |
Specify WLAN DoS frame type assoc-resp
|
disassoc |
Specify WLAN DoS frame type disassoc
|
auth |
Specify WLAN DoS frame type auth
|
deauth |
Specify WLAN DoS frame type deauth
|
eapol |
Specify WLAN DoS frame type eapol
|
all |
Specify WLAN DoS frame type all
|
alarm |
Set the interval in seconds between alarms to indicate continuous DoS conditions
|
<number> |
Enter the interval in seconds between alarms to indicate continuous DoS conditions (Default: 60 secs; Min: 0 Max: None)
|
ssid <string> security wlan dos {ssid-level|station-level} frame-type {probe-req|probe-resp|assoc-req|assoc-resp|disassoc|auth|deauth|eapol|all} threshold <number>
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
security |
Set the security parameters for the SSID
|
wlan |
Set WLAN parameters
|
dos |
Set WLAN DoS (Denial of Service) parameters
|
ssid-level |
Set DoS parameters at ssid-level
|
station-level |
Set DoS parameters at station-level
|
frame-type |
Set WLAN DoS (Denial of Service) frame type
|
probe-req |
Specify WLAN DoS frame type probe-req
|
probe-resp |
Specify WLAN DoS frame type probe-resp
|
assoc-req |
Specify WLAN DoS frame type assoc-req
|
assoc-resp |
Specify WLAN DoS frame type assoc-resp
|
disassoc |
Specify WLAN DoS frame type disassoc
|
auth |
Specify WLAN DoS frame type auth
|
deauth |
Specify WLAN DoS frame type deauth
|
eapol |
Specify WLAN DoS frame type eapol
|
all |
Specify WLAN DoS frame type all
|
threshold |
Set the frame threshold in ppm (packets per minute) that must be crossed to trigger an alarm
|
<number> |
Enter threshold in ppm (Default: ssid-level probe-req 12000, probe-resp 24000, eapol 6000, auth 6000, assoc-req 6000, assoc-resp 2400, all others 1200; sta-level probe-req 1200 ppm, probe-resp 2400, eapol 600, auth 600, assoc-req 600, assoc-resp 240, all others 120; Min: 0 Max: None)
|
ssid <string> security-object <string>
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
security-object |
Assign a security object to control network access through this SSID
|
<string> |
Enter the security object name (1-32 chars)
|
ssid <string> uapsd
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
uapsd |
Enable UAPSD (Unscheduled Automatic Power Save Delivery) to support stations using WMM (Wi-Fi Multimedia) Power Save
|
ssid <string> user-group <string>
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
user-group |
Set the user-group for private-PSK on the SSID
|
<string> |
Enter the group name (1-32 chars)
|
ssid <string> wmm
|
ssid |
Set SSID (Service Set Identifier) parameters
|
<string> |
Enter an SSID profile name (1-32 chars)
|
wmm |
Enable the SSID to support WMM (Wi-Fi Multimedia) traffic prioritization
|
system environment {indoor|outdoor}
|
system |
Set system parameters
|
environment |
Set the environment in which the system will operate
|
indoor |
Set the system for indoor operations (Default: indoor)
|
outdoor |
Set the system for outdoor operations (Default: indoor)
|
system icmp-redirect enable
|
system |
Set system parameters
|
icmp-redirect |
Accept ICMP redirect messages
|
enable |
Enable the accepting of ICMP redirect messages (Default: Disable)
|
system led brightness {bright|soft|dim|off}
|
system |
Set system parameters
|
led |
Set status LED configuration parameters
|
brightness |
Set the brightness level for the status LEDs (Default: bright)
|
bright |
Set brightness level to bright
|
soft |
Set brightness level to soft
|
dim |
Set brightness level to dim
|
off |
Set brightness level to off
|
system web-server enable
|
system |
Set system parameters
|
web-server |
Set the web server parameters
|
enable |
Enable the web server (Default: Enabled)
|
teacher-view prompt-for-deny-url
|
teacher-view |
Set parameters for TeacherView, a tool for controlling student access to the network and monitoring their activity
|
prompt-for-deny-url |
Enable the use of an access denial notification, which the student receives when accessing a blocked URL (Default: Enabled; Note: When disabled, the student does not receive a denial of access. Instead, the connection simply times out.)
|
teacher-view resource-map name <string> ip <ip_addr> port <port>
|
teacher-view |
Set parameters for TeacherView, a tool for controlling student access to the network and monitoring their activity
|
resource-map |
Map the name of a network resource to an IP address and port number
|
name |
Set the resource name
|
<string> |
Enter the resource name (max 32 chars)
|
ip |
Set the IP address where the resource is located
|
<ip_addr> |
Enter the IP address
|
port |
Set the port number associated with the resource
|
<port> |
[1~65535]Enter the port number (Range: 1-65535)
|
time-object <string> recurrent [ date-range <date> [ to <date> ] ] [ weekday-range {Monday|Tuesday|Wednesday|Thursday|Friday|Saturday|Sunday} [ to {Monday|Tuesday|Wednesday|Thursday|Friday|Saturday|Sunday} ] ] time-range <time> to <time> [ time-range <time> to <time> ] [ time-zone <number> ]
|
time-object |
Set a time object
|
<string> |
Enter a time object name (1-32 chars)
|
recurrent |
Set a recurrent schedule
|
date-range |
Set dates to mark the start and end of the schedule (If you do not want to set start and end dates, do not use this option.)
|
<date> |
Enter a start date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
|
to |
Set a date range (If you do not want to set an end date, do not use this option.)
|
<date> |
Enter a end date for the schedule (Format: yyyy-mm-dd; Range: 1970-01-01 to 2035-12-31)
|
weekday-range |
Apply the schedule on specific days of the week (To apply the schedule everyday, do not use this option.)
|
Monday |
Apply the schedule on every Monday within the date range
|
Tuesday |
Apply the schedule on every Tuesday within the date range
|
Wednesday |
Apply the schedule on every Wednesday within the date range
|
Thursday |
Apply the schedule on every Thursday within the date range
|
Friday |
Apply the schedule on every Friday within the date range
|
Saturday |
Apply the schedule on every Saturday within the date range
|
Sunday |
Apply the schedule on every Sunday within the date range
|
to |
Set a range of weekdays during which the schedule will be applied (Example: monday to friday)
|
Monday |
Apply the schedule on every Monday within the date range
|
Tuesday |
Apply the schedule on every Tuesday within the date range
|
Wednesday |
Apply the schedule on every Wednesday within the date range
|
Thursday |
Apply the schedule on every Thursday within the date range
|
Friday |
Apply the schedule on every Friday within the date range
|
Saturday |
Apply the schedule on every Saturday within the date range
|
Sunday |
Apply the schedule on every Sunday within the date range
|
time-range |
Set a time range during which the schedule will be applied on each scheduled day
|
<time> |
Enter a start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
to |
Set a time range
|
<time> |
Enter a end time for the schedule,(Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
time-range |
Set a second time range for the schedule
|
<time> |
Enter a second start time for the schedule (Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
to |
Set a time range
|
<time> |
Enter a second end time for the schedule,(Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
time-zone |
Set the time zone for the schedule (Note: If you do not specify a time zone, the time zone for the local system will be used.)
|
<number> |
Enter the time zone for the schedule (Default: 0; Range: -12 to 12)
|
tracert <ip_addr> [ max-hops <number> ] [ timeout <number> ] [ no-resolve ]
|
tracert |
Perform a traceroute
|
<ip_addr> |
Enter a destination IP address
|
max-hops |
Set the maximum number of hops to cross when searching for a target
|
<number> |
Enter the maximum number of hops to cross when searching for a target (Default: 30, Range: 1-255)
|
timeout |
Set the timeout for a response to a probe
|
<number> |
Enter the timeout in seconds for a response to a probe (Range: 2-65535)
|
no-resolve |
Do not resolve addresses to domain names
|
tracert <string> [ max-hops <number> ] [ timeout <number> ] [ no-resolve ]
|
tracert |
Perform a traceroute
|
<string> |
Enter a destination hostname (1-32 chars)
|
max-hops |
Set the maximum number of hops to cross when searching for a target
|
<number> |
Enter the maximum number of hops to cross when searching for a target (Default: 30, Range: 1-255)
|
timeout |
Set the timeout for a response to a probe
|
<number> |
Enter the timeout in seconds for a response to a probe (Range: 2-65535)
|
no-resolve |
Do not resolve addresses to domain names
|
track <string> [ ip <ip_addr> ]
|
track |
Set parameters to track the reachability of one or more devices on the network
|
<string> |
Enter the name for a group of one or more targets to track (1-32 chars)
|
ip |
Set an IP address for tracking
|
<ip_addr> |
Enter an IP address for tracking
|
track <string> action start-mesh-failover
|
track |
Set parameters to track the reachability of one or more devices on the network
|
<string> |
Enter the name for a group of one or more targets to track (1-32 chars)
|
action |
Set the action to take when there are no longer responses from any tracked targets in a group
|
start-mesh-failover |
Start the mesh failover procedure
|
track <string> action {enable-access-console|disable-access-radio}
|
track |
Set parameters to track the reachability of one or more devices on the network
|
<string> |
Enter the name for a group of one or more targets to track (1-32 chars)
|
action |
Set the action to take when there are no longer responses from any tracked targets in a group
|
enable-access-console |
Enable the virtual access console
|
disable-access-radio |
Disable all radios in access mode
|
track <string> default-gateway
|
track |
Set parameters to track the reachability of one or more devices on the network
|
<string> |
Enter the name for a group of one or more targets to track (1-32 chars)
|
default-gateway |
Set the default gateway for tracking
|
track <string> enable
|
track |
Set parameters to track the reachability of one or more devices on the network
|
<string> |
Enter the name for a group of one or more targets to track (1-32 chars)
|
enable |
Enable the group name for tracking (Default: Enable)
|
track <string> interval <number>
|
track |
Set parameters to track the reachability of one or more devices on the network
|
<string> |
Enter the name for a group of one or more targets to track (1-32 chars)
|
interval |
Set the interval for sending probes to track the IP address of a target
|
<number> |
Enter the tracking interval (Default: 6 seconds; Range: 1-180; Note: The tracking interval must not be shorter than the probe timeout.)
|
track <string> multi-dst-logic {and|or}
|
track |
Set parameters to track the reachability of one or more devices on the network
|
<string> |
Enter the name for a group of one or more targets to track (1-32 chars)
|
multi-dst-logic |
Determine if one or all tracked targets within a group must become unresponsive before taking action
|
and |
Take action if none of the members in the group is responding (Default:or)
|
or |
Take action if any single member in the group is not responding (Default:or)
|
track <string> retry <number>
|
track |
Set parameters to track the reachability of one or more devices on the network
|
<string> |
Enter the name for a group of one or more targets to track (1-32 chars)
|
retry |
Set the number of times to retry probing an unresponsive target
|
<number> |
Enter the retry value (Default: 2 times; Range: 0-1024)
|
user <string>
|
user |
Add one user or change user parameters
|
<string> |
Enter the user name (1-32 chars)
|
user <string> group <string>
|
user |
Add one user or change user parameters
|
<string> |
Enter the user name (1-32 chars)
|
group |
Attach the user to a user-group
|
<string> |
Enter the group name (1-32 chars)
|
user <string> password <string>
|
user |
Add one user or change user parameters
|
<string> |
Enter the user name (1-32 chars)
|
password |
Set the password for user
|
<string> |
Enter the secret string (8-63 chars)
|
user-group <string>
|
user-group |
Set user group parameters
|
<string> |
Enter the user group name (1-32 chars)
|
user-group <string> auto-generation bulk-number <number> bulk-interval <number> <time>
|
user-group |
Set user group parameters
|
<string> |
Enter the user group name (1-32 chars)
|
auto-generation |
Generate the password automatically
|
bulk-number |
Set the user number of the bulk group
|
<number> |
Enter the user number of the bulk group (Default: 1 ; Range: 1-9999)
|
bulk-interval |
Set the interval of the bulk group
|
<number> |
Enter the day interval of the bulk group (Default: 0 day; Range: 0-365)
|
<time> |
Enter the hour and minute interval of the bulk group(Format: hh:mm; Hour Range: 00-23; Minute Range: 00-59)
|
user-group <string> auto-generation index-range <number> [ <number> ]
|
user-group |
Set user group parameters
|
<string> |
Enter the user group name (1-32 chars)
|
auto-generation |
Generate the password automatically
|
index-range |
Set the index range for the users for whom you want to generate network access credentials (user name, password, and PSK)
|
<number> |
Enter the start of the index range (Range: AP120/AP121/AP141/AP170/AP110=1-4096, Others Platforms=1-9999)
|
<number> |
Enter the end of the index range (Range: starting index number-4096 (AP120/AP121/AP141/AP170/AP110), starting index number-9999(Others Platforms))
|
user-group <string> auto-generation location <string>
|
user-group |
Set user group parameters
|
<string> |
Enter the user group name (1-32 chars)
|
auto-generation |
Generate the password automatically
|
location |
Set the user's physical location, which is combined with other factors (user name, shared secret, ...) when generating the password automatically
|
<string> |
Enter the location (1-32 chars)
|
user-group <string> auto-generation password-length <number>
|
user-group |
Set user group parameters
|
<string> |
Enter the user group name (1-32 chars)
|
auto-generation |
Generate the password automatically
|
password-length |
Set the length of the automatically generated password
|
<number> |
Enter the password length (Range: 8-63; Default: 8)
|
user-group <string> auto-generation prefix <string>
|
user-group |
Set user group parameters
|
<string> |
Enter the user group name (1-32 chars)
|
auto-generation |
Generate the password automatically
|
prefix |
Set the prefix username for automatically generate password
|
<string> |
Enter the prefix (1-28 chars)
|
user-group <string> auto-generation revoke-user <number> [ <number> ]
|
user-group |
Set user group parameters
|
<string> |
Enter the user group name (1-32 chars)
|
auto-generation |
Generate the password automatically
|
revoke-user |
Set the index range for the revoked users
|
<number> |
Enter the start of the index range (Range: 1-1024)
|
<number> |
Enter the end of the index range (Range: starting index number-1024)
|
user-group <string> auto-generation schedule <string>
|
user-group |
Set user group parameters
|
<string> |
Enter the user group name (1-32 chars)
|
auto-generation |
Generate the password automatically
|
schedule |
Bind a schedule to change password automatically by it
|
<string> |
Enter the name of the schedule (1-32 chars)
|
user-group <string> auto-generation shared-secret <string>
|
user-group |
Set user group parameters
|
<string> |
Enter the user group name (1-32 chars)
|
auto-generation |
Generate the password automatically
|
shared-secret |
Set the shared secret that is combined with other factors (user name, location, ...) when generating the password automatically
|
<string> |
Enter the shared secret (1-64 chars)
|
user-group <string> cache-mode {temporary|mandatory}
|
user-group |
Set user group parameters
|
<string> |
Enter the user group name (1-32 chars)
|
cache-mode |
Set user-group cache mode
|
temporary |
Set user-group cache mode to temporary
|
mandatory |
Set user-group cache mode to mandatory
|
user-group <string> expired-time <date/time>
|
user-group |
Set user group parameters
|
<string> |
Enter the user group name (1-32 chars)
|
expired-time |
Set the end of the time period during which the PSK is valid
|
<date/time> |
Enter the date and time when the PSK expires (Format: YYYY-MM-DD/hh:mm:ss; Range: 1970-01-01 to 2035-12-31/hh (00-23), mm (000-59), ss (000-59))
|
user-group <string> password-generation-method {manual|auto}
|
user-group |
Set user group parameters
|
<string> |
Enter the user group name (1-32 chars)
|
password-generation-method |
Set password generation method for the user group
|
manual |
Set password generation method to manual
|
auto |
Set password generation method to auto
|
user-group <string> pmk-auto-save
|
user-group |
Set user group parameters
|
<string> |
Enter the user group name (1-32 chars)
|
pmk-auto-save |
Enable automatically save PMK to flash
|
user-group <string> psk-format character-pattern {letters|digits|special-characters}
|
user-group |
Set user group parameters
|
<string> |
Enter the user group name (1-32 chars)
|
psk-format |
Set the format parameters for creating individual user PSKs (preshared keys)
|
character-pattern |
Set the types of characters that can be used in automatically generated and manually configured PSKs and how the character types can be combined
|
letters |
Use letters in PSKs
|
digits |
Use digits in PSKs
|
special-characters |
Use special characters in PSKs
|
user-group <string> psk-format combo-pattern {or|and|no}
|
user-group |
Set user group parameters
|
<string> |
Enter the user group name (1-32 chars)
|
psk-format |
Set the format parameters for creating individual user PSKs (preshared keys)
|
combo-pattern |
Set the way in which various types of characters can be combined in PSKs
|
or |
Include one character type or a combination of different types in the PSKs (Default)
|
and |
Include a combination of all specified character types in the PSKs
|
no |
Include one character type in the PSKs (Note: If you specify multiple character types and set this option, only letters are used, if specified. If not, then only digits are used.)
|
user-group <string> psk-generation-method username-and-password concatenated-characters <string>
|
user-group |
Set user group parameters
|
<string> |
Enter the user group name (1-32 chars)
|
psk-generation-method |
Set the elements from which the private PSK will be derived: password only or username and password
|
username-and-password |
Set private-PSK generation method to username-and-password
|
concatenated-characters |
Set format for concatenating the characters in the PSK that comprises a user name and password
|
<string> |
Enter the characters used to concatenate the user name and password (Default: None; Range: 1-8 chars)
|
user-group <string> psk-generation-method {password-only|username-and-password}
|
user-group |
Set user group parameters
|
<string> |
Enter the user group name (1-32 chars)
|
psk-generation-method |
Set the elements from which the private PSK will be derived: password only or username and password
|
password-only |
Set private-PSK generation method to password-only (Default)
|
username-and-password |
Set private-PSK generation method to username-and-password
|
user-group <string> reauth-interval <number>
|
user-group |
Set user group parameters
|
<string> |
Enter the user group name (1-32 chars)
|
reauth-interval |
Set an interval after which a user in an ongoing RADIUS session must reauthenticate
|
<number> |
Enter the length of time in seconds before reauthentication (Default: 1800; Range: 600-86400, or 0 to remove the user reauthentication requirement)
|
user-group <string> start-time <date/time>
|
user-group |
Set user group parameters
|
<string> |
Enter the user group name (1-32 chars)
|
start-time |
Set the start of the time period during which the PSK is valid
|
<date/time> |
Enter the start date and time of the date (Format: YYYY-MM-DD/hh:mm:ss; Range: 1970-01-01 to 2035-12-31/hh (00-23), mm (000-59), ss (000-59))
|
user-group <string> user-attribute <number>
|
user-group |
Set user group parameters
|
<string> |
Enter the user group name (1-32 chars)
|
user-attribute |
Set a RADIUS attribute or a range of attributes to the user group
|
<number> |
Enter a numeric value for a single RADIUS attribute (Default: none; Range: 0-4095)
|
user-group <string> vlan-id <number>
|
user-group |
Set user group parameters
|
<string> |
Enter the user group name (1-32 chars)
|
vlan-id |
Set a VLAN ID for the user group
|
<number> |
Enter the default VLAN ID for the user group (Default: none; Range: 1-4094)
|
user-group <string> voice-device
|
user-group |
Set user group parameters
|
<string> |
Enter the user group name (1-32 chars)
|
voice-device |
Set the local device, when functioning as a RADIUS server, to return the voice-device attribute when authenticating members of this user group (Note: This attribute is required to support certain IP phones.)
|
user-profile <string> [ qos-policy <string> ] [ vlan-id <number> ] [ mobility-policy <string> ] [ attribute <number> [ - <number> ] ]
|
user-profile |
Set parameters for a user profile
|
<string> |
Enter the user profile name (1-32 chars)
|
qos-policy |
Assign QoS policy to the user profile
|
<string> |
Enter the QoS policy name (1-32 chars)
|
vlan-id |
Set the default VLAN ID for the user profile
|
<number> |
Enter the default VLAN ID for the user profile (Range: 1-4094)
|
mobility-policy |
Assign mobility policy to the user profile
|
<string> |
Enter the mobility policy name (1-32 chars)
|
attribute |
Map a RADIUS attribute or a range of attributes to the user profile
|
<number> |
Enter a numeric value for a single RADIUS attribute or the starting value for a range (Range: 0-4095)
|
- |
Set a range of RADIUS attributes
|
<number> |
Enter the ending value for a RADIUS attribute range (Range: 0-4095)
|
user-profile <string> cac airtime-percentage <number> [ share-time ]
|
user-profile |
Set parameters for a user profile
|
<string> |
Enter the user profile name (1-32 chars)
|
cac |
Set CAC (Call Admission Control) parameters for regulating the admission of new VoIP calls
|
airtime-percentage |
Set the percentage of airtime reserved for the VoIP calls of users belonging to the user profile
|
<number> |
Enter the percentage (Range: 0-100; Default: 0)
|
share-time |
Enable the user profile to share any unused airtime with other user profiles (Default: Disabled)
|
user-profile <string> deny-action-for-schedule {ban|quarantine}
|
user-profile |
Set parameters for a user profile
|
<string> |
Enter the user profile name (1-32 chars)
|
deny-action-for-schedule |
Set the deny action for schedule (Default: ban)
|
ban |
Prevent the client from connecting to the AP permanently during the scheduled time frame if not in the schedule (Note: If you ban a client, then you cannot grant that client access to the AP afterward.)
|
quarantine |
Prevent the client from connecting to the network temporarily if not in the schedule (Note: When you quarantine a client, then you can allow client traffic afterward by changing the permissions from deny to permit.)
|
user-profile <string> ip-policy-default-action {permit|deny|inter-station-traffic-drop}
|
user-profile |
Set parameters for a user profile
|
<string> |
Enter the user profile name (1-32 chars)
|
ip-policy-default-action |
Set the IP policy default action for the user profile
|
permit |
Set the default action to permit
|
deny |
Set the default action to deny
|
inter-station-traffic-drop |
Set the action to drop traffic between stations if they are both associated with one or more members of the same hive (Default: deny)
|
user-profile <string> mac-policy-default-action {permit|deny}
|
user-profile |
Set parameters for a user profile
|
<string> |
Enter the user profile name (1-32 chars)
|
mac-policy-default-action |
Set the MAC policy default action for the user profile
|
permit |
Set the default action to permit
|
deny |
Set the default action to deny
|
user-profile <string> qos-marker-map {diffserv|8021p} <string>
|
user-profile |
Set parameters for a user profile
|
<string> |
Enter the user profile name (1-32 chars)
|
qos-marker-map |
Assign a QoS marker-map to the user profile
|
diffserv |
diffserv marker-map
|
8021p |
802.1p marker mapMap
|
<string> |
Enter the QoS marker-map name (1-32 chars)
|
user-profile <string> schedule <string>
|
user-profile |
Set parameters for a user profile
|
<string> |
Enter the user profile name (1-32 chars)
|
schedule |
Set a schedule during which the HiveAP will apply the user profile
|
<string> |
Enter a schedule name (1-32 chars)
|
user-profile <string> security deny {ipv4|ipv6}
|
user-profile |
Set parameters for a user profile
|
<string> |
Enter the user profile name (1-32 chars)
|
security |
Set the security parameters for the user profile
|
deny |
Set the deny action to block IPv4 or IPv6 traffic belonging to the user profile
|
ipv4 |
Choose IPv4 traffic to block
|
ipv6 |
Choose IPv6 traffic to block
|
user-profile <string> security ip-policy [ from-access <string> ] [ to-access <string> ]
|
user-profile |
Set parameters for a user profile
|
<string> |
Enter the user profile name (1-32 chars)
|
security |
Set the security parameters for the user profile
|
ip-policy |
Apply Layer 3 IP firewall policies to traffic belonging to the user profile that is received and transmitted on an access interface
|
from-access |
Set the IP policy for traffic from wired or wireless clients
|
<string> |
Enter the name of a previously defined IP firewall policy
|
to-access |
Set the IP policy for traffic transmitted to wired or wireless clients
|
<string> |
Enter the name of a previously defined IP firewall policy
|
user-profile <string> security mac-policy [ from-access <string> ] [ to-access <string> ]
|
user-profile |
Set parameters for a user profile
|
<string> |
Enter the user profile name (1-32 chars)
|
security |
Set the security parameters for the user profile
|
mac-policy |
Apply Layer 2 MAC firewall policies to traffic belonging to the user profile that is received and transmitted on an access interface
|
from-access |
Set the MAC policy for traffic from wired or wireless clients
|
<string> |
Enter the name of a previously defined MAC firewall policy
|
to-access |
Set the MAC policy for traffic transmitted to wired or wireless clients
|
<string> |
Enter the name of a previously defined MAC firewall policy
|
user-profile <string> tunnel-policy <string>
|
user-profile |
Set parameters for a user profile
|
<string> |
Enter the user profile name (1-32 chars)
|
tunnel-policy |
Set the tunnel policy to apply to traffic belonging to members of the user profile
|
<string> |
Enter the name of the tunnel policy name (1-32 chars)
|
user-profile <string> {after|before} <string>
|
user-profile |
Set parameters for a user profile
|
<string> |
Enter the user profile name (1-32 chars)
|
after |
Move the user profile after another user profile
|
before |
Move the user profile before another user profile
|
<string> |
Enter the user profile name (1-32 chars)
|
user-profile <string> {performance-sentinel} action {log|boost}
|
user-profile |
Set parameters for a user profile
|
<string> |
Enter the user profile name (1-32 chars)
|
performance-sentinel |
Set performance sentinel parameters to moderate client throughput
|
action |
Set an action to take in response to a performance sentinel violation
|
log |
Generate a log entry about the performance sentinel violation (Default: Log)
|
boost |
Increase the performance available for clients so they can obtain their minimum guaranteed bandwidth (Default: Log)
|
user-profile <string> {performance-sentinel} enable
|
user-profile |
Set parameters for a user profile
|
<string> |
Enter the user profile name (1-32 chars)
|
performance-sentinel |
Set performance sentinel parameters to moderate client throughput
|
enable |
Enable performance sentinel (Default: Disabled)
|
user-profile <string> {performance-sentinel} guaranteed-bandwidth <number>
|
user-profile |
Set parameters for a user profile
|
<string> |
Enter the user profile name (1-32 chars)
|
performance-sentinel |
Set performance sentinel parameters to moderate client throughput
|
guaranteed-bandwidth |
Set the minimum guaranteed bandwidth per user
|
<number> |
Enter the minimum guaranteed bandwidth (Default: 500 Kbps; Range: 100-500000)
|
user-profile-policy <string> action-for-upid-change {switch|sustain|ignore}
|
user-profile-policy |
Set the user profile mapping policy
|
<string> |
Enter a policy name (1-32 chars)
|
action-for-upid-change |
Set the process used to change the user profile attribute ID (Default: ignore)
|
switch |
Change the user profile ID immediately, and if the VLAN must be changed, then disconnect the station from the network
|
sustain |
Change the user profile ID immediately, but do not change the VLAN until the managed mobile device reconnects to the network
|
ignore |
Do not change the user profile ID nor the VLAN until the managed mobile device reconnects to the network
|
user-profile-policy <string> mdm-timeout <number>
|
user-profile-policy |
Set the user profile mapping policy
|
<string> |
Enter a policy name (1-32 chars)
|
mdm-timeout |
Set the time span during which an MDM query remains valid
|
<number> |
Enter the timeout in seconds (Range: 1-300; Default: 10)
|
user-profile-policy <string> rule <number> user-profile-attr-id <number> [ auth-attr-id <number> ] [ device-group <string> ] [ device-location <string> ] [ mdm-object <string> ] [ time-object <string> ]
|
user-profile-policy |
Set the user profile mapping policy
|
<string> |
Enter a policy name (1-32 chars)
|
rule |
Set a rule for user profile mapping policy
|
<number> |
Enter the rule number (Range: 1-64)
|
user-profile-attr-id |
Set the new attribute number to which the user profile changes if the tests of this rule match the actual network conditions
|
<number> |
Enter a user profile attribute ID (Range: 0-4095)
|
auth-attr-id |
Set the attribute value that the authentication process must return for this test condition to be true
|
<number> |
Enter a user profile attribute ID (Range: 0-4095)
|
device-group |
Set the device group name that must match this value for this test condition to be true
|
<string> |
Enter a device group name (1-32 chars)
|
device-location |
Set the device location value that must match the value contained in the location field of the device for this test condition to be true
|
<string> |
Enter the device location (1-32 chars)
|
mdm-object |
Set the value that must match the configured MDM object name
|
<string> |
Enter the MDM object name (1-32 chars)
|
time-object |
Set the time object name
|
<string> |
Enter the time object name (1-32 chars)
|
vlan-group <string> <number> [ <number> ]
|
vlan-group |
Set a VLAN group
|
<string> |
Enter the VLAN group name (1-32 chars)
|
<number> |
Add a VLAN ID to the group (Range: 1-4094; Note: If you are defining a range of VLANs, this is the starting point of that range.)
|
<number> |
Enter the last VLAN ID in the range (Range: 1-4094)
|
vpn ipsec-tunnel <string> dpd idle-interval <number> retry <number> retry-interval <number>
|
vpn |
Set parameters for VPN (virtual private network) tunneling
|
ipsec-tunnel |
Set IPsec tunnel parameters
|
<string> |
Enter the name of the IPsec tunnel entry (1-32 chars)
|
dpd |
Set DPD (Dead Peer Detection) parameters for the IPsec tunnel
|
idle-interval |
Set the interval for sending DPD R-U-There messages
|
<number> |
Enter the interval in seconds (Range: 0-65535; Default: 10; Note: 0 disables DPD)
|
retry |
Set the number of times to retry sending a DPD R-U-There message when it does not elicit a response
|
<number> |
Enter the number of messages to retry sending (Range: 1-65535; Default: 5)
|
retry-interval |
Set the interval for resending DPD R-U-There messages
|
<number> |
Enter the retry interval in seconds (Range: 1-60; Default: 3)
|
vpn ipsec-tunnel <string> gateway <ip_addr> client-name <string> password <string>
|
vpn |
Set parameters for VPN (virtual private network) tunneling
|
ipsec-tunnel |
Set IPsec tunnel parameters
|
<string> |
Enter the name of the IPsec tunnel entry (1-32 chars)
|
gateway |
Set the address of the IKE gateway at the server end of the VPN tunnel (Note: Only define an IKE gateway on VPN clients.)
|
<ip_addr> |
Enter an IKE gateway address
|
client-name |
Set the name that the VPN client uses to authenticate itself to the VPN server using Xauth
|
<string> |
Enter the client name (8-32 chars)
|
password |
Set password that the VPN client uses to authenticate itself to the VPN server using Xauth
|
<string> |
Enter the password string (16-32 chars)
|
vpn ipsec-tunnel <string> ike phase1 auth-method {hybrid|rsa-sig|psk}
|
vpn |
Set parameters for VPN (virtual private network) tunneling
|
ipsec-tunnel |
Set IPsec tunnel parameters
|
<string> |
Enter the name of the IPsec tunnel entry (1-32 chars)
|
ike |
Set IKE (Internet Key Exchange) parameters
|
phase1 |
Set IKE phase 1 parameters
|
auth-method |
Set the authentication method for IKE phase 1 negotiations
|
hybrid |
Set peer authentication in hybrid mode (Default: Hybrid mode, in which the VPN server authenticates itself with an RSA signature and the client authenticates itself through Xauth.)
|
rsa-sig |
Set both VPN peers--server and client--to authenticate themselves with RSA signatures (Default: Hybrid mode)
|
psk |
Set both VPN peers--server and client--to authenticate themselves with a preshared key
|
vpn ipsec-tunnel <string> ike phase1 dh-group {group1|group2|group5}
|
vpn |
Set parameters for VPN (virtual private network) tunneling
|
ipsec-tunnel |
Set IPsec tunnel parameters
|
<string> |
Enter the name of the IPsec tunnel entry (1-32 chars)
|
ike |
Set IKE (Internet Key Exchange) parameters
|
phase1 |
Set IKE phase 1 parameters
|
dh-group |
Set the Diffie-Hellman group for generating a shared key during phase 1 negotiations
|
group1 |
Use Diffie-Hellman group 1 (Default: Diffie-Hellman group 2)
|
group2 |
Use Diffie-Hellman group 2 (Default: Diffie-Hellman group 2)
|
group5 |
Use Diffie-Hellman group 5 (Default: Diffie-Hellman group 2)
|
vpn ipsec-tunnel <string> ike phase1 mode {main|aggressive}
|
vpn |
Set parameters for VPN (virtual private network) tunneling
|
ipsec-tunnel |
Set IPsec tunnel parameters
|
<string> |
Enter the name of the IPsec tunnel entry (1-32 chars)
|
ike |
Set IKE (Internet Key Exchange) parameters
|
phase1 |
Set IKE phase 1 parameters
|
mode |
Set the mode of IKE phase1
|
main |
Main mode performs three two-way exchanges totaling six packets
|
aggressive |
two exchanges take place totaling three packets
|
vpn ipsec-tunnel <string> ike phase1 psk <string>
|
vpn |
Set parameters for VPN (virtual private network) tunneling
|
ipsec-tunnel |
Set IPsec tunnel parameters
|
<string> |
Enter the name of the IPsec tunnel entry (1-32 chars)
|
ike |
Set IKE (Internet Key Exchange) parameters
|
phase1 |
Set IKE phase 1 parameters
|
psk |
Set the preshared key used for VPN peer authentication
|
<string> |
Enter the preshared key string (1-128 chars)
|
vpn ipsec-tunnel <string> ike phase2 pfs-group {no-pfs|group1|group2|group5}
|
vpn |
Set parameters for VPN (virtual private network) tunneling
|
ipsec-tunnel |
Set IPsec tunnel parameters
|
<string> |
Enter the name of the IPsec tunnel entry (1-32 chars)
|
ike |
Set IKE (Internet Key Exchange) parameters
|
phase2 |
Set IKE phase 2 parameters
|
pfs-group |
Set the PFS (perfect forward secrecy) parameters for phase 2 negotiations
|
no-pfs |
Do not perform a second Diffie-Hellman key exchange during phase 2 negotiations (Default: Diffie-Hellman group 2)
|
group1 |
Use Diffie-Hellman group 1 (Default: Diffie-Hellman group 2)
|
group2 |
Use Diffie-Hellman group 2 (Default: Diffie-Hellman group 2)
|
group5 |
Use Diffie-Hellman group 5 (Default: Diffie-Hellman group 2)
|
vpn ipsec-tunnel <string> ike {phase1|phase2} encryption-algorithm {3des|aes128|aes192|aes256}
|
vpn |
Set parameters for VPN (virtual private network) tunneling
|
ipsec-tunnel |
Set IPsec tunnel parameters
|
<string> |
Enter the name of the IPsec tunnel entry (1-32 chars)
|
ike |
Set IKE (Internet Key Exchange) parameters
|
phase1 |
Set IKE phase 1 parameters
|
phase2 |
Set IKE phase 2 parameters
|
encryption-algorithm |
Set the encryption algorithm
|
3des |
Use 3DES (Triple DES, Data Encryption Standard) as the encryption algorithm (Default: AES-128)
|
aes128 |
Use AES (Advanced Encryption Standard) with a 128-bit key as the encryption algorithm (Default: AES-128)
|
aes192 |
Use AES with a 192-bit key as the encryption algorithm (Default: AES-128)
|
aes256 |
Use AES with a 256-bit key as the encryption algorithm (Default: AES-128)
|
vpn ipsec-tunnel <string> ike {phase1|phase2} hash {md5|sha1}
|
vpn |
Set parameters for VPN (virtual private network) tunneling
|
ipsec-tunnel |
Set IPsec tunnel parameters
|
<string> |
Enter the name of the IPsec tunnel entry (1-32 chars)
|
ike |
Set IKE (Internet Key Exchange) parameters
|
phase1 |
Set IKE phase 1 parameters
|
phase2 |
Set IKE phase 2 parameters
|
hash |
Set the IKE hash algorithm
|
md5 |
Use MD-5 (Message Digest, version 5) as the hash algorithm (Default: SHA-1)
|
sha1 |
Use SHA-1 (Secure Hash Algorithm) as the hash algorithm (Default: SHA-1)
|
vpn ipsec-tunnel <string> ike {phase1|phase2} lifetime <number>
|
vpn |
Set parameters for VPN (virtual private network) tunneling
|
ipsec-tunnel |
Set IPsec tunnel parameters
|
<string> |
Enter the name of the IPsec tunnel entry (1-32 chars)
|
ike |
Set IKE (Internet Key Exchange) parameters
|
phase1 |
Set IKE phase 1 parameters
|
phase2 |
Set IKE phase 2 parameters
|
lifetime |
Set the SA (security association) lifetime (Note: Before the SA expires, the authentication and encryption keys are automatically refreshed with new ones.)
|
<number> |
Enter the SA expiration time in seconds (Range: 180-10000000;Phase 1 Default: 86400; Phase 2 Default: 3600 )
|
vpn ipsec-tunnel <string> local-ike-id {asn1dn|address|fqdn|ufqdn|keyid} <string>
|
vpn |
Set parameters for VPN (virtual private network) tunneling
|
ipsec-tunnel |
Set IPsec tunnel parameters
|
<string> |
Enter the name of the IPsec tunnel entry (1-32 chars)
|
local-ike-id |
Set the IKE identity for the local HiveAP
|
asn1dn |
Set the IKE identity type as an ASN.1 DN (Abstract Syntax Notation One Distinguished Name; Example: C=US, ST=CA, L=SF, O=Aerohive, OU=Sales, CN=PaulSmith)
|
address |
Set the IKE identity type as an IP address (Example: 10.1.1.5)
|
fqdn |
Set the IKE identity type as an FQDN (fully qualified domain name; Example: www.aerohive.com)
|
ufqdn |
Set the IKE identity type as a user FQDN (Example: psmith@aerohive.com)
|
keyid |
Set the IKE identity type as a keyid (Example: tunnel-group-name as test)
|
<string> |
Enter the IP address, or user FQDN (email address), or FQDN, or ASN.1 DN (1-128 chars) or KEYID (1-32 chars)
|
vpn ipsec-tunnel <string> nat-traversal enable
|
vpn |
Set parameters for VPN (virtual private network) tunneling
|
ipsec-tunnel |
Set IPsec tunnel parameters
|
<string> |
Enter the name of the IPsec tunnel entry (1-32 chars)
|
nat-traversal |
Set the VPN to be able to traverse NAT devices encountered along its data path
|
enable |
Enable NAT traversal (Default: Enabled)
|
vpn ipsec-tunnel <string> peer-ike-id {asn1dn|address|fqdn|ufqdn} <string>
|
vpn |
Set parameters for VPN (virtual private network) tunneling
|
ipsec-tunnel |
Set IPsec tunnel parameters
|
<string> |
Enter the name of the IPsec tunnel entry (1-32 chars)
|
peer-ike-id |
Set IKE identity for the remote VPN peer
|
asn1dn |
Set the IKE identity type as an ASN.1 DN (Abstract Syntax Notation One Distinguished Name; Example: C=US, ST=CA, L=SF, O=Aerohive, OU=Sales, CN=PaulSmith)
|
address |
Set the IKE identity type as an IP address (Example: 10.1.1.5)
|
fqdn |
Set the IKE identity type as an FQDN (fully qualified domain name; Example: www.aerohive.com)
|
ufqdn |
Set the IKE identity type as a user FQDN (Example: psmith@aerohive.com)
|
<string> |
Enter the IP address, or user FQDN (email address), or FQDN, or ASN.1 DN (1-128 chars)
|
vpn l3-tunnel-exception <ip_addr|ip_addr/mask|string>
|
vpn |
Set parameters for VPN (virtual private network) tunneling
|
l3-tunnel-exception |
Set a destination to which outbound traffic is forwarded to the default gateway on the branch router instead of being tunneled to the VPN gateway (Note: Only set a layer-3 tunnel exception if all outbound traffic is being tunneled but you want to forward traffic directly to just a few select locations.)
|
<ip_addr> |
Enter the domain name or host name (1-32 chars) or the IP address of the destination or the subnet of the destination
|
<ip_addr/netmask> |
Enter the domain name or host name (1-32 chars) or the IP address of the destination or the subnet of the destination
|
<string> |
Enter the domain name or host name (1-32 chars) or the IP address of the destination or the subnet of the destination
|
vpn tunnel-policy <string> client ipsec-tunnel <string> [ primary ]
|
vpn |
Set parameters for VPN (virtual private network) tunneling
|
tunnel-policy |
Set the IPsec tunnel policy
|
<string> |
Enter a tunnel policy name (1-32 chars)
|
client |
Set the tunnel policy for a VPN client
|
ipsec-tunnel |
Set the IPsec tunnel entry to use in the tunnel policy
|
<string> |
Enter the IPsec tunnel entry name (1-32 chars)
|
primary |
Set the VPN entry as the primary VPN gateway
|
vpn tunnel-policy <string> password <string>
|
vpn |
Set parameters for VPN (virtual private network) tunneling
|
tunnel-policy |
Set the IPsec tunnel policy
|
<string> |
Enter a tunnel policy name (1-32 chars)
|
password |
Set the password for the GRE tunnel check (Note: The password on the server and client must match for the GRE tunnel check to succeed.)
|
<string> |
Enter a password (8-32 chars)
|
vpn {client-ipsec-tunnel} <string> [ vpn-mode {layer-2|layer-3} ]
|
vpn |
Set parameters for VPN (virtual private network) tunneling
|
client-ipsec-tunnel |
Set the local HiveAP as a client that builds an IPsec tunnel to the VPN server
|
<string> |
Enter the name of a VPN tunnel entry (1-32 chars)
|
vpn-mode |
Set the packet-forwarding mode of the VPN tunnel (Default: Use a layer 2 packet-forwarding mechanism)
|
layer-2 |
Forward packets through the VPN tunnel based on MAC (layer 2) tunnel policies
|
layer-3 |
Forward packets through the VPN tunnel based on IP (layer 3) routing decisions
|
web-directory <string> link-to-resources <string> <string>
|
web-directory |
Create a web directory for the internal web server
|
<string> |
Enter the name of the web directory to store files used by a captive web portal or, when preceded by "ppsk-self-reg", for use with private PSK self-registration (1-32 chars)
|
link-to-resources |
Create a link to a web directory whose content can be shared by all captive web portals or to a specific file in that shared directory
|
<string> |
Enter the name of the link (Max: 32 chars; Note: Each web directory includes a default link called "shared" that points to a predefined directory named "shared".)
|
<string> |
Enter the name of the target directory (Max: 32 chars; Example: shared)
|
web-directory [ {ppsk-self-reg} ] <string>
|
web-directory |
Create a web directory for the internal web server
|
ppsk-self-reg |
Create a web directory for the private PSK server to use when receiving self-registration requests
|
<string> |
Enter the name of the web directory to store files used by a captive web portal or, when preceded by "ppsk-self-reg", for use with private PSK self-registration (1-32 chars)
|
web-security-proxy client-info-collection enable
|
web-security-proxy |
Proxy HTTP and HTTPS traffic bound for the Internet to a web security server for filtering
|
client-info-collection |
Collect client information and send it DNS server
|
enable |
Enable the client information collection function (Default: Disabled)
|
Through the Aerohive CLI, you can log in to a HiveAP and perform the following operations:
- Configure firmware features and hardware components
- View settings
- View and clear dynamically generated data
- Update firmware
- Save a configuration to and from the device
- Reset the device
To access the CLI, you can make a direct serial connection through the console port (on HiveAP models that have
one) or a Telnet or SSH connection over the network through the Ethernet interface or an SSID on a Wifi subinterface
to the mgt0 interface. Each method is described in the following sections:
For an introduction to the CLI and some useful tips, see the following sections:
You can make a direct serial connection from your management system to the HiveAP and log in to the CLI. For details and pin assignments, see the Aerohive Deployment Guide. Follow these steps:
- Connect the power cable to the HiveAP and turn on the power.
- Depending on the HiveAP model, connect one end of an RS-232 (or "null modem") serial cable or an RJ-45-to-DB-9 serial cable to the serial port (or Com port) on your management system.
- Connect the other end of the cable to the console port on the HiveAP.
- On your management system, run a VT100 terminal emulation program, such as Tera Term Pro (a free terminal
emulator) or Hilgraeve Hyperterminal (provided with Windows operating systems). Use the following settings:
- Bits per second (baud rate):9600
- Data bits: 8
- Parity: none
- Stop bits: 1
- Flow control: none
- Press the ENTER key to see the login prompt.
- Log in using the default user name admin and password aerohive.
You can make a Telnet connection from your management system to the HiveAP across an Ethernet or WiFi network
(or even just across an Ethernet cable between your management system and the HiveAP). Because Telnet uses a
client/server relationship, you need a Telnet client on your management system. (All Windows operating systems
include a Telnet client.) The client connects to the Telnet server on the HiveAP using TCP port 23.
Because a Telnet connection requires that the HiveAP already have an IP address, you must first make a serial
connection to the device and assign it an address using the interface command:
interface mgt0 ip_addr netmask
where ip_addr netmask define an address on the network that is accessible from your management system. See
"Using the Console Port".
By default, Telnet manageability is disabled on HiveAPs. You must first access the HiveAP by another means-
console, SSH, HiveManager, or a management AP-and enable it. Use the following commands to enable Telnet
through an Ethernet interface and through an SSID (for wireless Telnet access):
interface { eth0 | eth1 } manage telnet
ssid <string> manage telnet
1. With the HiveAP connected to a power source, connect an Ethernet cable from the Ethernet port on the HiveAP
to a switch that is on the same network as your management system. Optionally, you can connect the Ethernet
cable from the HiveAP directly to your management system.
Note: |
Because the Ethernet port on the HiveAP is autosensing,
the cable can have either straight-through or
cross-over wiring. For details, see the Aerohive Deployment Guide.
|
After you have created an SSID and enabled Telnet access to the mgt0 interface through that SSID, you can form
a wireless association with the HiveAP and use Telnet to access the CLI wirelessly.
2. On your management system, run the Telnet client and connect to the Telnet server on the HiveAP. In Windows,
for example, do the following:
2. In the command prompt, type telnet, and then click OK.
Welcome to Microsoft Telnet Client
Escape Character is 'CTRL+]'
3. At the Microsoft Telnet> prompt, enter the IP address of the mgt0 interface, and then press Enter.
The Telnet client on the management system connects to the Telnet server on the HiveAP. The login prompt
appears.
3. Log in using your user name and password. The default user name is admin and the default password is
aerohive.
You can make an SSH2 (Secure Shell version 2) connection from an SSH client on your management system to the SSH
server on the HiveAP across an Ethernet or WiFi network. SSH allows you to open a remote command shell securely
and run commands on the SSH server. You need an SSHv2 client, such as puTTY (a free SSHv2 client), on your
management system. The client connects to the SSHv2 server on the HiveAP using TCP port 22.
Because an SSH connection requires that the HiveAP already have an IP address, you must first make a serial
connection to the device and assign it an address using the interface command:
interface mgt0 ip_addr netmask
where ip_addr netmask define an address on the network that is accessible from your management system. See
"Using the Console Port".
By default, SSH manageability is enabled on Ethernet interfaces and SSIDs.
1. With the HiveAP connected to a power source, connect an Ethernet cable from the Ethernet port on the HiveAP
to a switch that is on the same network as your management system. Optionally, you can connect the Ethernet
cable from the HiveAP directly to your management system.
Note: |
Because the Ethernet port on the HiveAP is autosensing,
the cable can have either straight-through or
cross-over wiring. For details, see the Aerohive Deployment Guide.
|
After you have created an SSID, you can form a wireless association with the HiveAP and use SSH to access the
CLI wirelessly.
2. On your management system, run the SSHv2 client and connect to the SSHv2 server on the HiveAP. Using puTTY,
for example, do the following:
1. Launch puTTY, and then click Session in the Category menu tree.
2. In the Host Name (or IP address) field, enter the IP address of the mgt0 interface, and then select SSH.
3. Click SSH in the Category menu tree, and make sure that the Preferred SSH protocol version is 2 or 2 only.
4. To initiate an SSH connection to the HiveAP, click Open.
The SSH client on the management system connects to the SSH server on the HiveAP. The login prompt
appears.
3. Log in using your user name and password. The default user name is admin and the default password is
aerohive.
There are three main types of commands in the Aerohive CLI:
- keyword commands for setting various parameters. Examples are the admin and interface commands.
- show commands for displaying parameters or dynamically generated data. Examples are the show service
and show memory commands.
- action commands for executing some type of action. Examples are ping, save, and reboot commands.
To see a list of commands, and their accompanying CLI Help, type a question mark ( ? ). For example, to display all
the keyword and action commands, enter a question mark at the command prompt:
aerohive#?
aaa |
Set parameters for AAA (authentication, authorization, accounting) |
access-console |
Set access console parameters |
admin |
Set administrators and passwords |
... |
... |
To display all the show commands, enter the following:
aerohive#show ?
aaa |
Show parameters for AAA (authentication, authorization, accounting) |
access-console |
Show access console status and parameters |
acsp |
Show parameters for ACSP (Aerohive Channel Selection Protocol) |
... |
... |
To see all the commands beginning with a particular character or string of characters, enter the character or
character string followed immediately by a question mark; that is, do not include a space between the last
character and the question mark. For example, to see all the commands beginning with "a", enter the following:
aerohive#a?
aaa |
Set parameters for AAA (authentication, authorization, accounting) |
access-console |
Set access console parameters |
admin |
Set administrators and passwords |
Similar to the above methods for seeing lists of commands, you can use a question mark within commands to see
subsequent choices. For example, to see the options following clock, enter the following:
aerohive#clock ?
date-time |
Set the date and time for the internal clock |
time-zone |
Set the time zone for the internal clock |
If you want to find a command that uses a particular character or string of characters, you can do a search using the
following command:
show cmds | include string
where string is the word or string of characters you want to find. For example, if you want to see all the
commands in which the word "enable" appears, enter the following:
aerohive#show cmds | include enable
Searching for just the string of letters "ena" produces similar results:
aerohive#show cmds | include ena
Note: |
You can search for more than one word by enclosing them within quotation marks.
For example, you can do a search for "qos class" to see the commands containing "qos classifier".
|
You can filter the output of a show command to include or exclude certain text strings. To do this use the following
syntax: show cmd | { exclude | include } string. For example, to find the MAC address 0016:cf8d:56bc among a
number of associated stations in SSID "west", enter the following command:
aerohive#show ssid west stations | include 0016:cf8d:56bc
0016:cf8d:56bc 11 1M 68 8021x aes ccm00:21:17 1 Yes
If you want to filter a space-separated string, put the string within quotation marks. For example, to filter a MAC
address ending with "20" on the eth0 interface, enter the following:
aerohive#show route | include "0 4096"
0019:770e:55a0 0019:770e:5580 wifi1.1 0 4096 IL
The Aerohive CLI supports command line completion (or "tab completion"), which allows you to complete the
remainder of an unambiguous word by pressing the TAB key. For example:
aerohive#show qos co (Press TAB here.)
aerohive#show qos counter (The word "counter" is automatically completed.)
If the remainder of the word is ambiguous, pressing TAB twice shows the possibilities. For example:
aerohive#show qos c (Press TAB here.)
aerohive#show qos c (Press TAB again.)
aerohive#show qos c
classifier-map classifier-profile counter (The three subsequent choices appear.)
The following keyboard commands are useful to know and can make your work with the CLI more efficient. Note that the plus sign ( + ) indicates that both keys must be pressed simultaneously. For example, CTRL + s means "press the CTRL key and the s key at the same time". If there is no plus sign between adjacent key names, press them sequentially. For example, ESC b means "press the ESC key and then press the b key".
To perform this task |
Press this key or key combination |
Lock the console |
CTRL + s |
Unlock the console |
CTRL + q |
Stopping the display of output, such as the output of the show log buffered command |
q |
Advance the display of lengthy output, such as the
output from the show logging messages
command, by one line |
ENTER |
Advance the display of lengthy output by sets of multiple lines at a time |
TAB |
Autocomplete an unambiguous keyword when typing a command |
TAB |
Stopping the execution of a task, such as sending ICMP echo requests |
CTRL+c |
Moving backward or forward through command history |
UP ARROW or CTRL + p (to move backward) and DOWN ARROW or CTRL + n (to move forward) |
Moving backward or forward in a command |
LEFT ARROW or CTRL + b (to move backward) and RIGHT ARROW or CTRL + f (to move forward) |
Move the cursor backward or forward through a command word by word |
ESC b (to move backward) and ESC f (to move forward) |
Move the cursor to the beginning or end of a command |
CTRL + a (to move to the beginning) and CTRL + e (to move to the end) |
Erase the character under the cursor |
CTRL + d |
Erase the character to the left of the cursor |
BACKSPACE or CTRL + h |
Erase the previous word |
CTRL + w |
Erase everything on the line to the left of the cursor |
CTRL + u |
Erase everything on the line under and to the right of the cursor |
CTRL + k |
Reverse the last two characters in a command; for example, to change show ssdi to show ssid |
CTRL + t |
Execute a command |
ENTER or CTRL + j or CTRL + m |
Log out of the console session |
CTRL + \ |